From e8db7f6eea9b35527ddd4532affabd18a30549b5 Mon Sep 17 00:00:00 2001 From: Bdale Garbee Date: Tue, 13 Aug 2013 11:15:21 +0200 Subject: [PATCH] Imported Upstream version 1.8.7 --- ChangeLog | 2558 +++++++++++++- INSTALL | 1116 +++--- INSTALL.configure | 325 +- MANIFEST | 110 +- Makefile.in | 53 +- NEWS | 114 +- README | 26 +- aclocal.m4 | 76 +- common/Makefile.in | 73 +- common/aix.c | 10 +- common/alloc.c | 51 +- common/atobool.c | 3 +- common/error.c | 192 ++ common/fileops.c | 116 +- common/fmt_string.c | 3 +- common/lbuf.c | 97 +- common/list.c | 4 +- common/regress/sudo_conf/conf_test.c | 110 + common/regress/sudo_conf/test1.in | 72 + common/regress/sudo_conf/test1.out.ok | 6 + common/regress/sudo_conf/test2.in | 0 common/regress/sudo_conf/test2.out.ok | 3 + common/regress/sudo_conf/test3.in | 2 + common/regress/sudo_conf/test3.out.ok | 5 + common/regress/sudo_conf/test4.in | 1 + common/regress/sudo_conf/test4.out.ok | 3 + common/regress/sudo_parseln/parseln_test.c | 78 + common/regress/sudo_parseln/test1.in | 72 + common/regress/sudo_parseln/test1.out.ok | 72 + common/regress/sudo_parseln/test2.in | 8 + common/regress/sudo_parseln/test2.out.ok | 3 + common/regress/sudo_parseln/test3.in | 1 + common/regress/sudo_parseln/test3.out.ok | 1 + common/regress/sudo_parseln/test4.in | 4 + common/regress/sudo_parseln/test4.out.ok | 2 + common/regress/sudo_parseln/test5.in | 1 + common/regress/sudo_parseln/test5.out.ok | 0 common/regress/sudo_parseln/test6.in | 3 + common/regress/sudo_parseln/test6.out.ok | 2 + common/secure_path.c | 1 - common/setgroups.c | 2 +- common/sudo_conf.c | 238 +- common/sudo_debug.c | 90 +- common/sudo_printf.c | 70 + common/term.c | 3 +- common/ttysize.c | 2 +- compat/Makefile.in | 10 +- compat/closefrom.c | 57 +- compat/dlopen.c | 8 +- compat/endian.h | 72 + compat/fnmatch.c | 3 + compat/getaddrinfo.c | 3 + compat/getcwd.c | 5 +- compat/getgrouplist.c | 189 +- compat/getline.c | 7 +- compat/getprogname.c | 5 +- compat/glob.c | 7 +- compat/isblank.c | 6 +- compat/memrchr.c | 6 +- compat/mksiglist.c | 4 +- compat/mksigname.c | 2 + compat/mktemp.c | 5 +- compat/nanosleep.c | 5 +- compat/nss_dbdefs.h | 106 + compat/pw_dup.c | 6 +- compat/regress/fnmatch/fnm_test.c | 4 + compat/regress/glob/globtest.c | 1 + compat/sig2str.c | 5 +- compat/snprintf.c | 38 +- compat/strlcat.c | 5 +- compat/strlcpy.c | 5 +- compat/strsignal.c | 5 +- compat/utimes.c | 6 +- config.h.in | 103 +- configure | 1367 +++++--- configure.in | 506 +-- doc/CONTRIBUTORS | 52 +- doc/LICENSE | 2 +- doc/Makefile.in | 41 +- doc/TROUBLESHOOTING | 34 +- doc/UPGRADE | 34 +- doc/fixman.sh | 15 + doc/fixmdoc.sh | 17 +- doc/sample.sudo.conf | 19 +- doc/sample.sudoers | 4 +- doc/sudo.cat | 165 +- doc/sudo.conf.cat | 364 ++ doc/sudo.conf.man.in | 618 ++++ doc/sudo.conf.mdoc.in | 562 +++ doc/sudo.man.in | 282 +- doc/sudo.mdoc.in | 264 +- doc/sudo_plugin.cat | 603 ++-- doc/sudo_plugin.man.in | 870 ++--- doc/sudo_plugin.mdoc.in | 780 +++-- doc/sudoers.cat | 563 +-- doc/sudoers.ldap.cat | 86 +- doc/sudoers.ldap.man.in | 149 +- doc/sudoers.ldap.mdoc.in | 141 +- doc/sudoers.man.in | 820 +++-- doc/sudoers.mdoc.in | 711 ++-- doc/sudoreplay.cat | 4 +- doc/sudoreplay.man.in | 4 +- doc/sudoreplay.mdoc.in | 4 +- doc/visudo.cat | 12 +- doc/visudo.man.in | 26 +- doc/visudo.mdoc.in | 4 +- include/Makefile.in | 2 +- include/alloc.h | 17 +- include/error.h | 149 +- include/fileops.h | 4 +- include/gettext.h | 6 +- include/lbuf.h | 2 +- include/missing.h | 50 +- include/sudo_conf.h | 12 +- include/sudo_debug.h | 5 +- include/sudo_plugin.h | 4 +- mkdep.pl | 19 +- mkpkg | 23 +- pathnames.h.in | 2 +- .../{sample_group => group_file}/Makefile.in | 30 +- .../{sample_group => group_file}/getgrent.c | 3 +- .../group_file.c} | 11 +- .../group_file.exp} | 0 .../plugin_test.c | 9 +- plugins/sample/Makefile.in | 6 +- plugins/sample/sample_plugin.c | 6 +- plugins/sudoers/Makefile.in | 233 +- plugins/sudoers/alias.c | 35 +- plugins/sudoers/audit.c | 10 +- plugins/sudoers/auth/API | 3 +- plugins/sudoers/auth/afs.c | 3 +- plugins/sudoers/auth/aix_auth.c | 3 +- plugins/sudoers/auth/bsdauth.c | 17 +- plugins/sudoers/auth/dce.c | 3 +- plugins/sudoers/auth/fwtk.c | 3 +- plugins/sudoers/auth/kerb5.c | 47 +- plugins/sudoers/auth/pam.c | 80 +- plugins/sudoers/auth/passwd.c | 3 +- plugins/sudoers/auth/rfc1938.c | 3 +- plugins/sudoers/auth/secureware.c | 3 +- plugins/sudoers/auth/securid5.c | 3 +- plugins/sudoers/auth/sia.c | 7 +- plugins/sudoers/auth/sudo_auth.c | 35 +- plugins/sudoers/auth/sudo_auth.h | 2 +- plugins/sudoers/base64.c | 89 + plugins/sudoers/boottime.c | 23 +- plugins/sudoers/bsm_audit.c | 44 +- plugins/sudoers/bsm_audit.h | 8 +- plugins/sudoers/check.c | 679 +--- plugins/sudoers/check.h | 51 + plugins/sudoers/def_data.c | 12 + plugins/sudoers/def_data.h | 6 + plugins/sudoers/def_data.in | 9 + plugins/sudoers/defaults.c | 21 +- plugins/sudoers/defaults.h | 8 +- plugins/sudoers/env.c | 102 +- plugins/sudoers/find_path.c | 21 +- plugins/sudoers/getdate.c | 20 +- plugins/sudoers/getdate.y | 5 +- plugins/sudoers/getspwuid.c | 3 +- plugins/sudoers/goodpath.c | 3 +- plugins/sudoers/gram.c | 1100 +++--- plugins/sudoers/gram.h | 62 +- plugins/sudoers/gram.y | 132 +- plugins/sudoers/group_plugin.c | 9 +- plugins/sudoers/hexchar.c | 95 + plugins/sudoers/ins_2001.h | 6 +- plugins/sudoers/ins_classic.h | 6 +- plugins/sudoers/ins_csops.h | 6 +- plugins/sudoers/ins_goons.h | 6 +- plugins/sudoers/insults.h | 6 +- plugins/sudoers/interfaces.c | 11 +- plugins/sudoers/interfaces.h | 16 +- plugins/sudoers/iolog.c | 364 +- plugins/sudoers/iolog_path.c | 66 +- plugins/sudoers/ldap.c | 497 +-- plugins/sudoers/linux_audit.c | 6 +- plugins/sudoers/linux_audit.h | 8 +- plugins/sudoers/locale.c | 123 + plugins/sudoers/logging.c | 226 +- plugins/sudoers/logging.h | 21 +- plugins/sudoers/match.c | 334 +- plugins/sudoers/match_addr.c | 7 +- plugins/sudoers/parse.c | 255 +- plugins/sudoers/parse.h | 90 +- plugins/sudoers/plugin_error.c | 115 - plugins/sudoers/po/da.mo | Bin 34685 -> 35626 bytes plugins/sudoers/po/da.po | 989 +++--- plugins/sudoers/po/de.mo | Bin 0 -> 26280 bytes plugins/sudoers/po/de.po | 1717 ++++++++++ plugins/sudoers/po/eo.mo | Bin 34874 -> 35790 bytes plugins/sudoers/po/eo.po | 1106 +++--- plugins/sudoers/po/fi.mo | Bin 37085 -> 38432 bytes plugins/sudoers/po/fi.po | 1124 +++--- plugins/sudoers/po/hr.mo | Bin 35724 -> 36569 bytes plugins/sudoers/po/hr.po | 908 ++--- plugins/sudoers/po/it.mo | Bin 36309 -> 37363 bytes plugins/sudoers/po/it.po | 989 +++--- plugins/sudoers/po/nl.mo | Bin 0 -> 35763 bytes plugins/sudoers/po/nl.po | 1737 ++++++++++ plugins/sudoers/po/pl.mo | Bin 36751 -> 37987 bytes plugins/sudoers/po/pl.po | 956 +++--- plugins/sudoers/po/sl.mo | Bin 35611 -> 36390 bytes plugins/sudoers/po/sl.po | 886 +++-- plugins/sudoers/po/sudoers.pot | 924 +++-- plugins/sudoers/po/tr.mo | Bin 0 -> 13956 bytes plugins/sudoers/po/tr.po | 1720 ++++++++++ plugins/sudoers/po/uk.mo | Bin 48227 -> 49981 bytes plugins/sudoers/po/uk.po | 986 +++--- plugins/sudoers/po/vi.mo | Bin 39314 -> 40540 bytes plugins/sudoers/po/vi.po | 1177 +++---- plugins/sudoers/po/zh_CN.mo | Bin 33072 -> 34026 bytes plugins/sudoers/po/zh_CN.po | 986 +++--- plugins/sudoers/policy.c | 731 ++++ plugins/sudoers/prompt.c | 172 + plugins/sudoers/pwutil.c | 483 +-- plugins/sudoers/pwutil.h | 65 + plugins/sudoers/pwutil_impl.c | 343 ++ plugins/sudoers/redblack.c | 3 +- plugins/sudoers/redblack.h | 9 +- .../regress/check_symbols/check_symbols.c | 24 +- .../regress/iolog_path/check_iolog_path.c | 18 +- plugins/sudoers/regress/logging/check_wrap.c | 14 +- plugins/sudoers/regress/parser/check_addr.c | 45 +- plugins/sudoers/regress/parser/check_base64.c | 97 + plugins/sudoers/regress/parser/check_digest.c | 134 + .../regress/parser/check_digest.out.ok | 36 + plugins/sudoers/regress/parser/check_fill.c | 30 +- plugins/sudoers/regress/sudoers/test10.in | 1 + plugins/sudoers/regress/sudoers/test10.out.ok | 4 + .../sudoers/regress/sudoers/test10.toke.ok | 1 + plugins/sudoers/regress/sudoers/test11.in | 1 + plugins/sudoers/regress/sudoers/test11.out.ok | 4 + .../sudoers/regress/sudoers/test11.toke.ok | 2 + plugins/sudoers/regress/sudoers/test12.in | 1 + plugins/sudoers/regress/sudoers/test12.out.ok | 4 + .../sudoers/regress/sudoers/test12.toke.ok | 2 + plugins/sudoers/regress/sudoers/test13.in | 1 + plugins/sudoers/regress/sudoers/test13.out.ok | 4 + .../sudoers/regress/sudoers/test13.toke.ok | 1 + plugins/sudoers/regress/sudoers/test14.in | 4 + plugins/sudoers/regress/sudoers/test14.out.ok | 7 + .../sudoers/regress/sudoers/test14.toke.ok | 4 + plugins/sudoers/regress/sudoers/test9.in | 0 plugins/sudoers/regress/sudoers/test9.out.ok | 4 + plugins/sudoers/regress/sudoers/test9.toke.ok | 0 plugins/sudoers/regress/testsudoers/test1.sh | 2 + plugins/sudoers/regress/testsudoers/test2.inc | 1 + .../sudoers/regress/testsudoers/test2.out.ok | 10 + plugins/sudoers/regress/testsudoers/test2.sh | 13 + .../sudoers/regress/testsudoers/test3.d/root | 1 + .../sudoers/regress/testsudoers/test3.out.ok | 10 + plugins/sudoers/regress/testsudoers/test3.sh | 13 + .../sudoers/regress/testsudoers/test4.out.ok | 6 + plugins/sudoers/regress/testsudoers/test4.sh | 11 + .../sudoers/regress/testsudoers/test5.out.ok | 12 + plugins/sudoers/regress/testsudoers/test5.sh | 29 + plugins/sudoers/regress/visudo/test1.out.ok | 1 + plugins/sudoers/regress/visudo/test1.sh | 12 + plugins/sudoers/regress/visudo/test2.err.ok | 1 + plugins/sudoers/regress/visudo/test2.out.ok | 0 plugins/sudoers/regress/visudo/test2.sh | 15 + plugins/sudoers/regress/visudo/test3.err.ok | 2 + plugins/sudoers/regress/visudo/test3.out.ok | 1 + plugins/sudoers/regress/visudo/test3.sh | 35 + plugins/sudoers/regress/visudo/test4.out.ok | 1 + plugins/sudoers/regress/visudo/test4.sh | 14 + plugins/sudoers/set_perms.c | 139 +- plugins/sudoers/sha2.c | 527 +++ plugins/sudoers/sha2.h | 74 + plugins/sudoers/sssd.c | 90 +- plugins/sudoers/sudo_nss.c | 24 +- plugins/sudoers/sudo_nss.h | 8 +- plugins/sudoers/sudoers.c | 891 +---- plugins/sudoers/sudoers.h | 50 +- plugins/sudoers/sudoers2ldif | 20 +- plugins/sudoers/sudoers_version.h | 19 +- plugins/sudoers/sudoreplay.c | 105 +- plugins/sudoers/testsudoers.c | 82 +- plugins/sudoers/timestamp.c | 421 +++ plugins/sudoers/toke.c | 3048 ++++++++++------- plugins/sudoers/toke.h | 10 +- plugins/sudoers/toke.l | 191 +- plugins/sudoers/toke_util.c | 91 +- plugins/sudoers/tsgetgrpw.c | 60 +- plugins/sudoers/visudo.c | 253 +- plugins/system_group/Makefile.in | 6 +- plugins/system_group/system_group.c | 5 +- pp | 46 +- src/Makefile.in | 60 +- src/conversation.c | 33 +- src/error.c | 90 - src/exec.c | 270 +- src/exec_common.c | 6 +- src/exec_pty.c | 220 +- src/get_pty.c | 3 +- src/hooks.c | 8 +- src/load_plugins.c | 199 +- src/locale_stub.c | 38 + src/net_ifs.c | 5 +- src/openbsd.c | 52 + src/parse_args.c | 27 +- src/po/da.mo | Bin 15367 -> 16068 bytes src/po/da.po | 441 +-- src/po/de.mo | Bin 16798 -> 17754 bytes src/po/de.po | 415 ++- src/po/eo.mo | Bin 15322 -> 16064 bytes src/po/eo.po | 462 +-- src/po/es.mo | Bin 16089 -> 15971 bytes src/po/es.po | 378 +- src/po/fi.mo | Bin 16335 -> 17560 bytes src/po/fi.po | 506 +-- src/po/gl.mo | Bin 15178 -> 16197 bytes src/po/gl.po | 452 +-- src/po/hr.mo | Bin 15458 -> 16381 bytes src/po/hr.po | 421 ++- src/po/it.mo | Bin 16194 -> 17117 bytes src/po/it.po | 420 ++- src/po/nl.mo | Bin 0 -> 15526 bytes src/po/nl.po | 770 +++++ src/po/pl.mo | Bin 16127 -> 17035 bytes src/po/pl.po | 418 +-- src/po/ru.mo | Bin 20981 -> 22153 bytes src/po/ru.po | 415 ++- src/po/sl.mo | Bin 15495 -> 16440 bytes src/po/sl.po | 421 +-- src/po/sudo.pot | 373 +- src/po/tr.mo | Bin 0 -> 16424 bytes src/po/tr.po | 813 +++++ src/po/uk.mo | Bin 21580 -> 22748 bytes src/po/uk.po | 417 ++- src/po/vi.mo | Bin 17310 -> 18488 bytes src/po/vi.po | 463 +-- src/po/zh_CN.mo | Bin 14273 -> 15185 bytes src/po/zh_CN.po | 415 ++- src/preload.c | 2 +- src/regress/ttyname/check_ttyname.c | 81 + src/selinux.c | 14 +- src/sesh.c | 22 +- src/signal.c | 176 + src/solaris.c | 129 + src/sudo.c | 290 +- src/sudo.h | 30 +- src/sudo_edit.c | 19 +- src/sudo_exec.h | 23 +- src/sudo_noexec.c | 2 +- src/sudo_plugin_int.h | 4 +- src/tgetpass.c | 18 +- src/ttyname.c | 137 +- src/utmp.c | 9 +- sudo.pp | 6 +- 351 files changed, 37133 insertions(+), 18751 deletions(-) create mode 100644 common/error.c create mode 100644 common/regress/sudo_conf/conf_test.c create mode 100644 common/regress/sudo_conf/test1.in create mode 100644 common/regress/sudo_conf/test1.out.ok create mode 100644 common/regress/sudo_conf/test2.in create mode 100644 common/regress/sudo_conf/test2.out.ok create mode 100644 common/regress/sudo_conf/test3.in create mode 100644 common/regress/sudo_conf/test3.out.ok create mode 100644 common/regress/sudo_conf/test4.in create mode 100644 common/regress/sudo_conf/test4.out.ok create mode 100644 common/regress/sudo_parseln/parseln_test.c create mode 100644 common/regress/sudo_parseln/test1.in create mode 100644 common/regress/sudo_parseln/test1.out.ok create mode 100644 common/regress/sudo_parseln/test2.in create mode 100644 common/regress/sudo_parseln/test2.out.ok create mode 100644 common/regress/sudo_parseln/test3.in create mode 100644 common/regress/sudo_parseln/test3.out.ok create mode 100644 common/regress/sudo_parseln/test4.in create mode 100644 common/regress/sudo_parseln/test4.out.ok create mode 100644 common/regress/sudo_parseln/test5.in create mode 100644 common/regress/sudo_parseln/test5.out.ok create mode 100644 common/regress/sudo_parseln/test6.in create mode 100644 common/regress/sudo_parseln/test6.out.ok create mode 100644 common/sudo_printf.c create mode 100644 compat/endian.h create mode 100644 compat/nss_dbdefs.h create mode 100644 doc/sudo.conf.cat create mode 100644 doc/sudo.conf.man.in create mode 100644 doc/sudo.conf.mdoc.in rename plugins/{sample_group => group_file}/Makefile.in (81%) rename plugins/{sample_group => group_file}/getgrent.c (97%) rename plugins/{sample_group/sample_group.c => group_file/group_file.c} (90%) rename plugins/{sample_group/sample_group.exp => group_file/group_file.exp} (100%) rename plugins/{sample_group => group_file}/plugin_test.c (96%) create mode 100644 plugins/sudoers/base64.c create mode 100644 plugins/sudoers/check.h create mode 100644 plugins/sudoers/hexchar.c create mode 100644 plugins/sudoers/locale.c delete mode 100644 plugins/sudoers/plugin_error.c create mode 100644 plugins/sudoers/po/de.mo create mode 100644 plugins/sudoers/po/de.po create mode 100644 plugins/sudoers/po/nl.mo create mode 100644 plugins/sudoers/po/nl.po create mode 100644 plugins/sudoers/po/tr.mo create mode 100644 plugins/sudoers/po/tr.po create mode 100644 plugins/sudoers/policy.c create mode 100644 plugins/sudoers/prompt.c create mode 100644 plugins/sudoers/pwutil.h create mode 100644 plugins/sudoers/pwutil_impl.c create mode 100644 plugins/sudoers/regress/parser/check_base64.c create mode 100644 plugins/sudoers/regress/parser/check_digest.c create mode 100644 plugins/sudoers/regress/parser/check_digest.out.ok create mode 100644 plugins/sudoers/regress/sudoers/test10.in create mode 100644 plugins/sudoers/regress/sudoers/test10.out.ok create mode 100644 plugins/sudoers/regress/sudoers/test10.toke.ok create mode 100644 plugins/sudoers/regress/sudoers/test11.in create mode 100644 plugins/sudoers/regress/sudoers/test11.out.ok create mode 100644 plugins/sudoers/regress/sudoers/test11.toke.ok create mode 100644 plugins/sudoers/regress/sudoers/test12.in create mode 100644 plugins/sudoers/regress/sudoers/test12.out.ok create mode 100644 plugins/sudoers/regress/sudoers/test12.toke.ok create mode 100644 plugins/sudoers/regress/sudoers/test13.in create mode 100644 plugins/sudoers/regress/sudoers/test13.out.ok create mode 100644 plugins/sudoers/regress/sudoers/test13.toke.ok create mode 100644 plugins/sudoers/regress/sudoers/test14.in create mode 100644 plugins/sudoers/regress/sudoers/test14.out.ok create mode 100644 plugins/sudoers/regress/sudoers/test14.toke.ok create mode 100644 plugins/sudoers/regress/sudoers/test9.in create mode 100644 plugins/sudoers/regress/sudoers/test9.out.ok create mode 100644 plugins/sudoers/regress/sudoers/test9.toke.ok create mode 100644 plugins/sudoers/regress/testsudoers/test2.inc create mode 100644 plugins/sudoers/regress/testsudoers/test2.out.ok create mode 100755 plugins/sudoers/regress/testsudoers/test2.sh create mode 100644 plugins/sudoers/regress/testsudoers/test3.d/root create mode 100644 plugins/sudoers/regress/testsudoers/test3.out.ok create mode 100755 plugins/sudoers/regress/testsudoers/test3.sh create mode 100644 plugins/sudoers/regress/testsudoers/test4.out.ok create mode 100755 plugins/sudoers/regress/testsudoers/test4.sh create mode 100644 plugins/sudoers/regress/testsudoers/test5.out.ok create mode 100755 plugins/sudoers/regress/testsudoers/test5.sh create mode 100644 plugins/sudoers/regress/visudo/test1.out.ok create mode 100755 plugins/sudoers/regress/visudo/test1.sh create mode 100644 plugins/sudoers/regress/visudo/test2.err.ok create mode 100644 plugins/sudoers/regress/visudo/test2.out.ok create mode 100755 plugins/sudoers/regress/visudo/test2.sh create mode 100644 plugins/sudoers/regress/visudo/test3.err.ok create mode 100644 plugins/sudoers/regress/visudo/test3.out.ok create mode 100755 plugins/sudoers/regress/visudo/test3.sh create mode 100644 plugins/sudoers/regress/visudo/test4.out.ok create mode 100755 plugins/sudoers/regress/visudo/test4.sh create mode 100644 plugins/sudoers/sha2.c create mode 100644 plugins/sudoers/sha2.h create mode 100644 plugins/sudoers/timestamp.c delete mode 100644 src/error.c create mode 100644 src/locale_stub.c create mode 100644 src/openbsd.c create mode 100644 src/po/nl.mo create mode 100644 src/po/nl.po create mode 100644 src/po/tr.mo create mode 100644 src/po/tr.po create mode 100644 src/regress/ttyname/check_ttyname.c create mode 100644 src/signal.c create mode 100644 src/solaris.c diff --git a/ChangeLog b/ChangeLog index a359bb5..732fa25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,159 +1,2283 @@ +2013-06-12 Todd C. Miller + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix typo; bug 605 + [41f7b46a6e51] + +2013-06-04 Todd C. Miller + + * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo, + src/po/tr.mo: + Regen .mo files that were out of date. + [9e25a254f9db] + +2013-05-30 Todd C. Miller + + * NEWS, configure, configure.in: + On Solaris 11 and higher, tag binaries for ASLR if supported by the + linker. + [a2a6cafa3e60] + + * mkpkg: + No longer need to disable PIE on Solaris. + [cf90019ae67e] + +2013-05-28 Todd C. Miller + + * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: + Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. + OpenBSD also supports PIE but enables it by default so we don't need + to do anything. This fixes problems on systems with a version of + GNU ld that accepts -pie but where the run-time linker doesn't + actually support PIE. Also verify that a trivial PIE binary works + unless PIE is explicitly enabled. + [3c5f125efeb1] + +2013-05-24 Todd C. Miller + + * aclocal.m4, configure, configure.in: + Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld + where we can end up crashing due to malloc() failures. Sems OK when + Using Sun as and ld. + [b8ba412102ab] + + * NEWS: + Update with final changes. + [78ff6d2ed47a] + +2013-05-23 Todd C. Miller + + * configure, configure.in: + Add -fPIE to PIE_LDFLAGS as per gcc manual. + [fe900cbb0780] + +2013-05-22 Todd C. Miller + + * common/Makefile.in, compat/Makefile.in: + Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs + [f84bc7482b78] + + * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/visudo/test4.out.ok, + plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: + Replace sequence number-based cycle detection in visudo with a + "used" flag in struct alias. The caller is required to call + alias_put() when it is done with the alias. Inspired by a patch + from Daniel Kopecek. + [0bdbac1b3b39] + +2013-05-20 Todd C. Miller + + * plugins/sudoers/iolog.c: + Eliminate a few relocations related to sudoers_io. + [18e9e2cc3367] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po: + Sync with translationproject.org + [f38cc128a2ad] + +2013-05-18 Todd C. Miller + + * src/ttyname.c: + Clarify a comment. + [7a045ee06e95] + +2013-05-16 Todd C. Miller + + * src/ttyname.c: + Handle d_type == DT_UNKNOWN when resolving the device to a name and + sprinkle some more debugging. + [8774133747d9] + +2013-05-03 Todd C. Miller + + * doc/TROUBLESHOOTING: + Add message about disabling PIE if sudo gets SIGSEGV. + [c786af2a6751] + + * plugins/sudoers/check.h, plugins/sudoers/timestamp.c: + No longer store the ctime of a devpts tty. The handling of ctime on + devpts in Linux has been changed to conform to POSIX. As a result + we can no longer assume that the ctime will stay unchanged + throughout the life of the session. We store the session ID in the + time stamp file so there is a much smaller chance of the time stamp + file being reused by a new login. While here, store the uid/gid in + the timestamp file too for good measure. + [7028b21f7a9b] + + * configure, configure.in: + PIE is broken on FreeBSD/arm + [f232c60d6229] + + * mkpkg: + Add explicit sendmail path for Linux since we may not have sendmail + installed in the build chroot. + [1ba2f84f4ff0] + +2013-05-01 Todd C. Miller + + * common/sudo_debug.c, plugins/sudoers/iolog.c, + plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c: + Quiet a few -Wunused-result compiler warnings. + [ef12afb61423] + +2013-04-30 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention what SHA-2 formats are supported. + [bf298d0fdf8a] + + * doc/CONTRIBUTORS: + List code and translations separately. + [826547bc1295] + +2013-04-29 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: + Sync with translationproject.org + [9499a6f438b8] + + * plugins/sudoers/po/sudoers.pot: + regen + [cce449e284a6] + + * Makefile.in: + Fix c-format for fatal/fatalx + [4ad81d3faaeb] + +2013-04-26 Todd C. Miller + + * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h: + Change some error/errorx -> fatal/fatalx in comments and xgettext + flags. + [9d9b64fa2ec9] + + * NEWS: + There is now a Turkish translation of sudoers. + [701c5af6aa76] + + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Updated translations from translationproject.org including new + Turkish translation. + [9cedbb50d90f] + +2013-04-25 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that sudoers will re-use existing I/O log paths unless they + are mktemp-style with trailing X's. + [4f43bd13d9e7] + + * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: + Allow ldap_conf and ldap_secret to be specified as plugin arguments + in sudo.conf + [37c6c425b565] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + sudoers_debug is now deprecated in favor of the sudo debugging + framework. + [1195be1ec254] + + * plugins/sudoers/ldap.c: + Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use + SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the + debug file with the ldap subsystem. The sudoers_debug setting in + ldap.conf is still honored for now but will be removed in a future + release. + [cfa42b4b913e] + +2013-04-24 Todd C. Miller + + * plugins/sudoers/sudoers2ldif: + Add support for converting sudoers files with SHA-2 command digests. + [dc0d03485946] + + * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg, + plugins/sudoers/sudoers2ldif: + Add copyright notice to scripts + [5e8bd4e6083f] + + * MANIFEST, plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok: + Add regress for SHA-2 digests. + [0b258c2a2a95] + + * compat/getgrouplist.c: + Solaris maps negative gids to GID_NOBODY. + [57050e5c750f] + + * plugins/sudoers/visudo.c: + Clear up an llvm checker warning which appears to be a false + positive and fix an old XXX while I'm at it. + [9ee13133e596] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Correct last change date + [3bc1fa5b0f76] + + * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c: + No need to translate this error message. + [4d9941970a26] + + * doc/UPGRADE: + Mention .sl vs. .so extension handling on HP-UX Mention group + membership changes Fix typos + [40ac0efbdb2b] + + * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c, + common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c, + common/setgroups.c, common/term.c, common/ttysize.c, + compat/Makefile.in, compat/dlopen.c, compat/endian.h, + compat/getline.c, compat/getprogname.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c, + compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c, doc/Makefile.in, + include/Makefile.in, include/alloc.h, include/fileops.h, + include/gettext.h, include/lbuf.h, include/missing.h, + include/sudo_plugin.h, pathnames.h.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, + src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c, + src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c, + src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h, + src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c, + src/utmp.c: + Update copyright years. + [5c6d72661bad] + + * plugins/sudoers/mon_systrace.h: + Systrace support was removed long ago. + [10a038a2da77] + +2013-04-23 Todd C. Miller + + * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok, + plugins/sudoers/regress/sudoers/test9.toke.out.ok: + Remove some files that were mistakenly added. + [833502da26de] + + * common/sudo_debug.c, config.h.in, configure, configure.in, + plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c: + Use time(&now) instead of now = time(NULL) when storing the current + time in a time_t (better compiler error checking). Better parsing + and printing of 64-bit time_t on 32-bit platforms. + [c227dc72c04e] + +2013-04-21 Todd C. Miller + + * src/ttyname.c: + Don't check the tty of the parent process. Now that we get the + controlling tty device number from the kernel there is no need. If + the process has really disassociated from the tty then reporting + "unknown" is appropriate. + [62fb66e565db] + +2013-04-20 Todd C. Miller + + * common/error.c: + Use EXIT_FAILURE instead of 1 as the fatal() exit value. + [ed94c2c5e88a] + + * src/sesh.c: + Change remaining errorx -> fatalx + [3f6d70e19303] + +2013-04-19 Todd C. Miller + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an + error if the entry already exists in the cache. + [94d45970400a] + + * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot: + Change "foo: failed" to just "foo" since we print the string form of + errno. Gets rids of some useless translations. + [476f37349dbc] + +2013-04-18 Todd C. Miller + + * plugins/sudoers/match.c: + Fix pasto in debug_decl + [08650186a239] + + * plugins/sudoers/Makefile.in: + regen + [acf4c34fba2c] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Rename log_error() -> log_warning() for consistency with + warning()/fatal() + [474ed5a0e335] + + * plugins/sudoers/auth/API: + The NO_EXIT flag was removed a while ago. + [e0a4be270226] + + * common/aix.c, common/alloc.c, common/error.c, include/error.h, + plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, + src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/utmp.c: + Rename error/errorx -> fatal/fatalx and remove the exit value as it + was always 1. + [ea66f58c4da5] + + * NEWS: + digests are supported in sudoers ldap too + [77d6c25f7653] + + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Print test failures to stdout like the final count so the outputis + not displayed out of order. + [f541b78ecb93] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo, + src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po, + src/po/it.po, src/po/tr.po: + Sync with translationproject.org + [cbd70678b99f] + + * Makefile.in: + Check for any uncommitted changes in dist target and add force-dist + target that omit check-dist. + [78dc3f41e37e] + +2013-04-17 Todd C. Miller + + * src/regress/ttyname/check_ttyname.c: + Fix logic bug when checking tty via ttyname(). + [279aee076194] + + * compat/endian.h: + Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and + __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX) + [fe35e0b04502] + + * plugins/sudoers/po/sudoers.pot: + regen + [0ddebccd3045] + + * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document digest support. + [d794c7b9a7bc] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_base64.c: + Simple bas64 decode unit test. + [344b0df0fe50] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + Move base64_decode into its own source file. + [30497e7f88bc] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Only check year against 2038 if time_t is 32-bit. + [9c1f2e3fc3ba] + +2013-04-16 Todd C. Miller + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c: + Add digest support for sudoers in ldap and sss. + [314937b5e59e] + + * INSTALL, configure, configure.in: + Error out in configure if the compiler doesn't support "long long". + [d3645c1d50d1] + + * plugins/sudoers/match.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Include stdint.h or inttypes.h before sha2.h + [20ad1c20313d] + + * common/lbuf.c: + Simplify lbuf append functions by moving the realloc code into + lbuf_expand(). We now expand as needed each time bytes need to be + written to the lbuf. Also handle a NULL pointer being passed in for + paranoia's sake. + [6283ee562ef4] + + * plugins/sudoers/iolog.c: + Zero out struct iolog_details early to avoid a potential (though + unlikely) dereference of stack garbage if we hit a fatal error + before iolog_deserialize_info() is called. + [2eeca8be05fb] + +2013-04-15 Todd C. Miller + + * sudo.pp: + Update copyright year. + [b843c6a43238] + + * plugins/sudoers/sudoers_version.h: + Bump SUDOERS_GRAMMAR_VERSION for new digest support. + [188556fb8156] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Sanity check digest in parser so visudo can catch errors. Add base64 + support + [b8586d5cc7ed] + + * MANIFEST, compat/endian.h, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c: + For big endian architectures just use memcpy() instead of BE macros + in a loop. + [c71a0f4a8a8e] + +2013-04-14 Todd C. Miller + + * MANIFEST, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_digest.out.ok, + plugins/sudoers/sha2.h, plugins/sudoers/sssd.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Initial implementation of checksum support in sudoers. Currently + supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format + validation in parser and base64 support. checksum support for + ldap sudoers + [b8f196346eca] + +2013-04-13 Todd C. Miller + + * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h: + SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public + domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai + respectively. + [7511d07c0a83] + 2013-04-11 Todd C. Miller - * NEWS, configure, configure.in: - Update for sudo 1.8.6p8 - [1d2d78415eed] + * NEWS: + Add sudo 1.8.6p8 + [0666fd0321ae] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot: + Add missing "not" in error message when mixing standalone and non- + standalone authentication methods. + [7eba4439db73] + + * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: + Check for crypt() returning NULL. Traditionally, crypt() never + returned NULL but newer versions of eglibc have a crypt() that does. + Bug #598 + [887b9df243df] + + * plugins/sudoers/auth/pam.c: + Better PAM error messages + [fd7eda53cdd7] + + * plugins/sudoers/auth/kerb5.c: + Better error messages + [98142874a2f4] + + * plugins/sudoers/bsm_audit.c: + Use same error message for getauid() failure. + [07f0d88cb1df] + + * plugins/sudoers/sssd.c: + Start warning with a lower case letter for consistency and to match + existing translated strings. + [b719ac52c9e3] + +2013-04-10 Todd C. Miller + + * mkpkg: + Disable PIE on Solaris where it is not really supported. + [c36c84cdcc7a] + + * src/ttyname.c: + AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit + before we try to match it against st_rdev. + [5dab449fb962] + + * src/ttyname.c: + Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes + a problem finding the tty name when it is not in /dev/pts. + [6c205d087fa0] + + * compat/snprintf.c: + Support %lld and %llu + [feabfa06c954] + + * .hgignore, MANIFEST, src/Makefile.in, + src/regress/ttyname/check_ttyname.c: + Add ttyname test. + [e987038f8c07] + +2013-04-09 Todd C. Miller + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po, + src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, + src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + Sync with translationproject.org + [4d7b73b22079] + + * plugins/sudoers/timestamp.c: + Log timestampfile to debug file. + [e997281146c0] + + * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot: + Don't add the "Password: " string we look up in the PAM text domain + to the sudoers.pot file. + [771b52244abf] + +2013-04-08 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot: + Synce with regcomp() error message change. + [fc6d3dfb8eb8] + + * plugins/sudoers/sudoreplay.c: + Be consistent with error message when regcomp() fails. + [de6c69ba04e4] + +2013-04-05 Todd C. Miller + + * plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test5.sh: + Use group -1 instead of 1 as the invalid group since the running + user might have group 1 as their default group. + [71404a9fa75d] + + * plugins/sudoers/Makefile.in: + PWD may be a shell builtin, use CWD instead. + [c443105c5091] + +2013-04-04 Todd C. Miller + + * plugins/sudoers/check.c: + Split up check_user(). + [ce7cc0767589] + +2013-04-03 Todd C. Miller + + * config.h.in, configure.in: + Cosmetic fixes in the comments. + [640abee43c14] + +2013-04-02 Todd C. Miller + + * configure, configure.in: + Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status + message for visibility checks when the test fails. + [99665477ee55] + + * config.h.in: + regen + [00c22606719a] + + * configure, configure.in: + We no longer use mbr_check_membership() and setrlimit64() is AIX- + specific. + [43caf685a1f1] + + * Makefile.in: + The first (all) target must be by itself or some makes will choose + the run the entire target list. + [16cf3def49f5] + + * configure, configure.in: + Do exec_prefix expansion when enable_shared even if noexec is not + enabled. + [7ed28cb32d8d] + + * compat/getgrouplist.c: + Use free() not efree() since we don't include alloc.h here + [1a008737be24] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [b939f941346f] + + * plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + Pass in expected gid to testsudoers in addition to the uid that + matches the test sudoers files. + [6a1710e8cac1] + +2013-04-01 Todd C. Miller + + * include/missing.h: + Tru64 5.x does declare innetgr() and getdomainname(). + [c75598e69c7e] + + * plugins/sudoers/match.c: + Fix compilation when getdomainame() is not present. + [e831b017a962] + + * config.h.in, configure.in, include/missing.h: + Move SET/CLR/ISSET from config.h.in to missing.h + [3a3dd29fd7f0] + + * configure, configure.in: + Fix getgrouplist() check. + [12a2adf60e98] + + * MANIFEST: + No more timestamp.h + [5677e26afc0f] + + * plugins/sudoers/check.c: + Neded sys/time.h for struct timeval in struct sudo_tty_info. + [aceaadd8c400] + + * plugins/sudoers/Makefile.in: + regen depends + [21675a8b67e5] + + * NEWS: + Mention libibmldap on HP-UX + [75b4e4b22950] + + * NEWS, plugins/sudoers/match.c: + Instead of checking the domain name explicitly for "(none)", just + check for illegal characters. + [ce35dda811db] + + * plugins/sudoers/visudo.c: + Only warn once when we are unable to open the sudoers file. + [9e27e3aa5b10] + + * plugins/sudoers/sudoers.c: + Fall back to opening /dev/tty to determine whether there is a tty if + the system doesn't have kernel support for determing the tty. + [2775bcf9a9b5] + + * compat/getprogname.c: + Update guard to take __progname into account + [60eae3f20232] + + * compat/snprintf.c: + Some older systems have inttypes.h but not stdint.h + [ed1ef160015f] + + * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c, + compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c, + compat/getline.c, compat/getprogname.c, compat/glob.c, + compat/isblank.c, compat/memrchr.c, compat/mktemp.c, + compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c: + Add guards in compat source files. Not really needed since we only + include them in the Makefile if they are needed but should not hurt + either. + [8cbd3b4595b9] + +2013-03-31 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Don't include gram.h in gram.y, its contents are already included. + Move sudoerserror to the end of gram.y so COMMENT is declared when + we need to use it. + [7d72ebdd7222] + +2013-03-29 Todd C. Miller + + * config.h.in, configure.in: + Remove some pre-ANSI cruft. + [6a95704b2116] + + * plugins/sudoers/match.c: + Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h + when it is set. + [da40c550ffed] + + * NEWS, plugins/sudoers/iolog_path.c: + We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but + just leave it as-is. + [9a22de140d28] + +2013-03-28 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Add missing semicolon in rule. + [817d3f1b2a21] + + * plugins/sudoers/sudoers.c: + Now that we can determine the terminal even when file descriptors + are redirected we can check user_ttypath rather than opening + /dev/tty when enforcing requiretty. + [56a28bc09041] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Stash umask in struct sudo_user so we don't need to look it up + later. + [9f85749199dc] + + * plugins/sudoers/sudoers.c: + Minor cosmetic change + [c373e106ed49] + + * plugins/sudoers/regress/parser/check_addr.c: + No longer need to declare interfaces + [d7ff7e579557] + + * plugins/sudoers/logging.c: + Fix compilation in SUDOERS_NO_SEQ case + [9a6db9247534] + + * plugins/sudoers/regress/parser/check_addr.c: + No longer need to define sudo_printf + [578ad13c3546] + + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/timestamp.c: + Pass auth_pw to the timestamp functions. + [f603649177d6] + + * plugins/sudoers/iolog_path.c: + Fix SUDOERS_NO_SEQ + [17881f9bcd68] + + * plugins/sudoers/locale.c: + Don't need all of sudoers.h in here + [c518150c6483] + + * plugins/sudoers/sudoers.c: + Don't need to include sudoers_version.h here. + [8abb31102119] + +2013-03-27 Todd C. Miller + + * plugins/sudoers/check.c: + DEFAULT_LECTURE is no longer used. + [f565c00a68c1] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Move sudo_conv into policy.c + [f699aee7136b] + + * plugins/sudoers/pwutil.c: + cosmetic fixes + [930e60389ca8] + + * plugins/sudoers/match.c: + RHEL (and perhaps other Linux distros) use the string "(none)" + instead of an empty string when there is no actual NIS-style domain + name. Bug #596 + [11aec11489ac] + + * plugins/sudoers/match.c: + Fix return values when NAME_MATCH is defined. + [ce030be9ccef] + +2013-03-26 Todd C. Miller + + * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h: + Update copyright year. + [7e4b8d49addd] + + * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: + Add sudo_set_grlist(), currently unused by the back end. + [b37ac1d0e8fc] + + * plugins/sudoers/pwutil.c: + Remove unused macros, fix a debug_decl + [6136fb4a0d3b] + + * include/missing.h: + Tru64 Unix doesn't prototype innetgr() or getdomainname(). + [585ac1874dfe] + + * include/missing.h: + Whitespace fixes + [0bb28cd91d97] + + * common/error.c: + Don't need to include setjmp.h here, error.h already includes it. + [fd05ab00e186] + +2013-03-25 Todd C. Miller + + * compat/Makefile.in, plugins/sudoers/Makefile.in: + regen depends + [57991f5e16b4] + + * plugins/sudoers/check.h: + Rename guard define. + [ccf4dba241d6] + + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Move contents of timestamp.h into check.h. + [c139757a9283] + + * plugins/sudoers/sudoers.h: + expand_prompt() is now in prompt.c sudo_printf extern is now in + error.h + [219bd74ca62b] + + * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h, + plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, + plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, + plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, + plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h, + plugins/sudoers/toke.h: + Change multiple inclusion guards to be _SUDOERS_FOO_H + [faace6d55e78] + +2013-03-23 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po: + New Dutch translation for sudo and sudoers New Turkish translation + for sudo From translationproject.org + [bc918b7b23a4] + +2013-03-21 Todd C. Miller + + * config.h.in, configure, configure.in: + Fix a typo in a comment and make sure we don't mistakenly include + _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in + [694d12ac70ec] + +2013-03-19 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Don't build check_symbols if we are linking sudoers in statically. + [f6602723bab7] + + * configure, configure.in: + Use $host_os not $host when we only care about the os name and + version. + [05e4f4fcba06] + + * aclocal.m4, configure, configure.in: + Suppress duplicate -L and -I flags. + [228f2f581aed] + + * common/Makefile.in, compat/regress/fnmatch/fnm_test.c: + Fix regress tests on non-OpenBSD platforms. + [9d91bc859c50] + + * configure, configure.in: + If we find sasl/sasl.h there's no need to check for sasl.h too + [889efaa86012] + + * aclocal.m4, configure, configure.in: + Add -R flags at the very end after configure link tests are done + since we can only count on libtool to accept -R, the compiler front + end may not. Also unify the libldap and libibmldap tests using + AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by + libibmldap (but is not an explicit dependency). + [ab1451894351] + +2013-03-18 Todd C. Miller + + * configure, configure.in: + Back out changes that broke detection of skey, opie and ldap + libraries. + [ffa82b8f8641] + + * plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh, + plugins/sudoers/regress/visudo/test1.sh, + plugins/sudoers/regress/visudo/test2.sh, + plugins/sudoers/regress/visudo/test3.sh: + Add explicit "exit 0" to prevent the check target from ending + prematurely. + [cca411b492bd] + + * plugins/sudoers/Makefile.in: + Fix exit values in check target so we don't have to ignore errors. + [cbc429c409e9] + + * plugins/sudoers/Makefile.in: + Fail a test if there is unexpected stderr output. + [4fc24d536bec] + + * MANIFEST: + Fix path to sudo.conf manuals; remove non-existant test2.err.ok + [6b8bcd60dd85] + + * src/load_plugins.c: + Fix compilation in dynamic mode. + [679856fa0774] + + * configure, configure.in: + On HP-UX, libibmldap has a hidden dependency on libCsup + [22994709d77c] + + * compat/dlopen.c: + Pass BIND_VERBOSE to shl_load() + [0060b9cfa9ab] + + * configure, configure.in: + Only create static helper libs when --disable-shared is specified. + [1fcdb1a437e0] + + * src/load_plugins.c: + Ubreak static build. + [4ac9f96be285] + + * INSTALL, aclocal.m4, configure, configure.in: + Replace --with-rpath and --with-blibpath with --disable-rpath. Now + that we use libtool for linking we can just use the -R flag and have + libtool translate it to the proper linker flag. + [09798fad6888] + +2013-03-15 Todd C. Miller + + * src/exec_pty.c: + Bump I/O buffer size 32K + [4ef793225309] + +2013-03-14 Todd C. Miller + + * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in: + Document sesh Path setting. + [34b0b903b4f8] + + * src/exec.c, src/exec_common.c: + Move exec_cmnd to exec.c to fix a compilation issue with sesh.c + [06aa1956f38d] + + * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h, + src/selinux.c: + Make sesh path configurable in sudo.conf + [91d331f273b7] + + * configure, configure.in: + Use -fno-pie and -nopie if supported when --disable-pie is + specified. + [777138c04dcc] + +2013-03-13 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document direct execution of the command if the policy plugin has no + close function. + [6a14145c6e80] + +2013-03-07 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + Only delete creds if we actually established them. Print an error if + pam_setcred() fails and we actually authenticated. + [1e015314903b] + + * common/Makefile.in, plugins/group_file/Makefile.in: + regen + [dd8cee2a5e1b] + + * common/alloc.c, include/alloc.h: + Convert efree() to a macro that just casts to void * and does + free(). If the system free() can't handle free(NULL) this may crash + but C89 was a long time ago. + [efd0ff9270fb] + + * configure, configure.in: + Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. + Fixes a problem with errno sometimes not being set on error on HP- + UX. + [54b419d58320] + + * common/sudo_debug.c: + Fix debug logging from the plugin when there is no error number. + This was broken in the big debugging reorg for 1.8.7. + [2ea7e145e928] + +2013-03-06 Todd C. Miller + + * configure, configure.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/load_plugins.c: + Always install plugins with a .so extension regardless of what + extension the system uses for shared libraries. That way the + group_plugin sudoers setting can be shared between heterogenous + systems. + [a7e6ecff6fdf] + + * plugins/sudoers/match.c: + Mac OS X has netgroup functions in netdb.h. + [243881a974aa] + + * plugins/sudoers/parse.h: + Tags in struct cmndtag can be set to IMPLIED as well. + [cb6926988cc8] + + * plugins/sudoers/parse.c: + Quiet a compiler warning. + [14e608c2001d] + + * plugins/sudoers/testsudoers.c: + Quiet an llvm checker warning. + [2eeb9f3d08f3] + + * plugins/sudoers/parse.c: + Quiet gcc -Wuninitialized false positive + [643ad987503d] + +2013-03-05 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Document group_file and system_group plugins. + [b56511e79230] + + * NEWS: + Sudo 1.8.7 + [e95183b8fa27] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to clarify that sudoedit in sudoers should not include a leading + pathname. + [7b2beac92a9c] + + * plugins/sudoers/pwutil_impl.c: + Make sure groupname_len is at least 32 just to be on the safe side. + It is better to allocate a little extra and not need it than to have + to reallocate and start over. + [6d3e1ba47de9] + + * include/alloc.h, include/missing.h: + Add __malloc_like macro to apply __malloc__ attribute to emalloc, + ecalloc and estrdup. It cannot be applied to realloc since that may + return the same pointer. + [8d70cb81d1f1] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix potential double free in an error path. + [657573feb6a4] + + * src/exec_pty.c: + When running the command in a pty, defer the call to exec_setup() + until just before we exec the command. This is consistent with the + non-pty path. As a side effect, the monitor process runs as root + and not the runas user. + [e2a7f8c7ee4c] + +2013-03-02 Todd C. Miller + + * compat/closefrom.c: + Update copyright year. + [9b652af4dfc0] + +2013-03-01 Todd C. Miller + + * compat/closefrom.c: + Use pst_highestfd from pstat_getproc() on HP-UX. + [09f3fea46a3d] + +2013-02-28 Todd C. Miller + + * Makefile.in, common/Makefile.in, doc/Makefile.in, + plugins/sudoers/Makefile.in: + Clean up generated test files and other minor housekeeping. + [f5f4fdd908e1] + + * plugins/sudoers/iolog.c: + Add back gettimeofday() call inadvertantly removed in e1abb9810a83 + [675cce8401ae] + + * config.h.in, configure, configure.in, src/ttyname.c: + Use pstat() on HP-UX to determine the tty device. + [2884af22a9df] + + * plugins/sudoers/auth/pam.c: + Fix PAM compilation: def_pam_session, not just pam_session. + [5417d7acc6ea] + + * doc/fixmdoc.sh: + Don't remove the -S option description when trimming out selinux. + Bug #592 + [8a94f2cfa0a0] + +2013-02-25 Todd C. Miller + + * NEWS: + Update for Sudo 1.8.6p7 + [0858a73e9c40] + +2013-02-24 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document when sudo may exec the command directly instead of forking. + [da41951edc28] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document that close and version be NULL for plugin API >= 1.3 and + that sudo may execute the command directly if there is no close, or + pty or timeout needed. + [e5f929ddeaf8] + + * plugins/sudoers/auth/sudo_auth.c: + Fix debug_decl for sudo_auth_begin_session and + sudo_auth_end_session. + [58243392c0df] + + * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add pam_session sudoers option. + [d994465db9f1] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h: + Dummy out close function if there is no end_session for the auth + method and the front-end can handle a NULL close function. Avoids + the extra sudo process when we don't actually need it. + [74886d5b0fb6] + +2013-02-23 Todd C. Miller + + * Makefile.in, aclocal.m4: + Add m4/ to paths m4_include parameters so we don't need to use + autoconf's -I flag. + [4fd86e7a84f3] + + * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h, + src/sudo_plugin_int.h: + If the policy plugin does not provide a close function, there is no + command timeout and no pty is required, skip the event loop and just + exec the command directly. + [ad532f107170] + + * src/sudo.c: + Do not crash if the plugin close and version functions are not + defined. If there is no policy close function, simply print a + warning that the command was not found. + [c789a9dd54e8] + +2013-02-21 Todd C. Miller + + * plugins/sudoers/parse.c: + Fix typos in selinux/solaris privs specific code. + [9af3999361b4] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, src/parse_args.c: + Pass the default plugin directory to the plugin via the settings + list. Could be used by a stacking plugin. + [688e771fc145] + + * plugins/sudoers/timestamp.c: + Completely ignore time stamp file if it is set to the epoch, + regardless of what gettimeofday() returns. + [df58842af660] + + * doc/CONTRIBUTORS: + Add Nikolai Kondrashov + [df59791438f9] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Use userpw_matches() for username matching so #uid works for + sudoRunAsUser. + [a124062334df] + + * plugins/sudoers/sssd.c: + Avoid calling realloc3() with a zero size parameter when all + retrieved sssd rules fail. Otherwise we'll get a run-time error due + to malloc(0) checking. + [84dfcb73ebd7] + + * plugins/sudoers/sssd.c: + Do not send error mail if a user is not found in SSSD. Local users + can run sudo too. From Nikolai Kondrashov + [3d2ae99ee468] + +2013-02-20 Todd C. Miller + + * MANIFEST, common/regress/sudo_conf/test4.in, + common/regress/sudo_conf/test4.out.ok: + Test setting disable_coredump to illegal value. + [3c71c6c49027] + + * common/sudo_conf.c: + Fix atobool() usage. + [d40c9f4d06b0] + + * common/regress/sudo_conf/conf_test.c: + Remove unused variable. + [328b524b365b] + + * plugins/sudoers/sudoers.c: + Make "sudo -l non_existent_command" warn that non_existent_command + doesn't exist, not the "list" pseudo-command. + [9dc0388fc4f3] + + * plugins/sudoers/parse.c: + Make sudoers file long list output better match the format used by + ldap sudoers. Tags are now converted to options and there is a + single command per line. + [6e6dc3f20d84] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use the correct the sudoers policy symbol names and undo an editor + goof committed when adding max_groups to sudo.conf. + [2a6f7ddf5cc3] + + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: + For "sudo -l" start a new line if the runas list changes to make the + output easier to read. + [7dc3d724c924] + +2013-02-19 Todd C. Miller + + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: + For "sudo -l" and "sudo -ll" only print the runas info for + subsequent commands in a list if the runas info has changed. If we + have new runas info, print out the tags again so as to be less + confusing to the user. For "sudo -ll" set the line continuation + indent to 8. + [b5ec02fe7fc1] + +2013-02-18 Todd C. Miller + + * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/group_file/group_file.exp, + plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, + plugins/sample_group/sample_group.exp: + Rename sample_group plugin to group_file. Install group_file and + system_group plugins by default. + [951b3e446fae] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add maxseq sudoers option to limit the max number of I/O log files. + [e1abb9810a83] + +2013-02-16 Todd C. Miller + + * plugins/sudoers/iolog.c: + Log lines and columns in the iolog file. + [03adb6230e05] + +2013-02-15 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c, + common/regress/sudo_conf/test1.in, + common/regress/sudo_conf/test1.out.ok, + common/regress/sudo_conf/test2.in, + common/regress/sudo_conf/test2.out.ok, + common/regress/sudo_conf/test3.in, + common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c, + include/sudo_conf.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, + src/sudo.c: + Add simple regress tests for sudo.conf parsing. + [3c36b61bf61c] + + * src/sudo.c: + Always display the I/O plugin version as long as its open functions + doesn't return an error. Previously it was only displayed if the + plugin open returned 1. + [4b0277db3f8c] + + * plugins/sudoers/pwutil_impl.c: + Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead + of poking around in struct utmpx. + [2c0cc5c42958] + + * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c: + #include "sudo_usage.h" not so we get the one in the + build directory and not the src dir when using a separate build + directory. + [1fcb7ba13018] + +2013-02-14 Todd C. Miller + + * common/fileops.c: + If a line was longer that 0x80000000 the bit hack to round to the + next power of two would roll over to zero. + [f4f729cf6f0f] + + * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/sudoers.h, src/sudo.c: + Use max_groups in front-end and plugin. + [bf1e74166831] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, src/parse_args.c: + Pass max_groups to plugin in settings list. + [d7d76e8651f4] + + * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, include/sudo_conf.h: + Add max_groups setting to sudo.conf (currently unused) and remove + unused return value from setters. + [f6494f71e1f0] + +2013-02-12 Todd C. Miller + + * INSTALL: + Reorganize configure options + [23475de8039f] + +2013-02-11 Todd C. Miller + + * NEWS: + Add Sudo 1.8.6p7 + [5192fc511cbe] + +2013-02-10 Todd C. Miller + + * INSTALL.configure: + Sync with autoconf 2.68 + [985e5c8efa4e] + + * INSTALL, README: + Remove obsolete OS notes and move build requirements to INSTALL. + [bf0dd53ca164] + +2013-02-08 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Sort elements of the settings, user_info and command_info lists. + [663062ada5b7] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Remove trailing white space + [027916a6c8e7] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Store the session ID in the tty ticket file too. A tty may only be + in one session at a time so if the session ID doesn't match we + ignore the ticket. + [4eb2cb8df48b] + +2013-02-07 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move tzset() call from sudoers plugin to sudo front end. + [3c058dad8772] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Mention line continuation + [399873f8c805] + + * MANIFEST, common/Makefile.in, common/fileops.c, + common/regress/sudo_parseln/parseln_test.c, + common/regress/sudo_parseln/test1.in, + common/regress/sudo_parseln/test1.out.ok, + common/regress/sudo_parseln/test2.in, + common/regress/sudo_parseln/test2.out.ok, + common/regress/sudo_parseln/test3.in, + common/regress/sudo_parseln/test3.out.ok, + common/regress/sudo_parseln/test4.in, + common/regress/sudo_parseln/test4.out.ok, + common/regress/sudo_parseln/test5.in, + common/regress/sudo_parseln/test5.out.ok, + common/regress/sudo_parseln/test6.in, + common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c, + include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudo_nss.c: + Add line continuation support to sudo_parseln() and make it use + getline() instead of fgets() internally. + [d02bf3973fc5] + +2013-02-06 Todd C. Miller + + * plugins/sample/sample_plugin.c: + Fix memory leak in error path; found by llvm checker + [d090c26a5b00] + + * plugins/sudoers/sudoreplay.c: + Remove useless store detected by llvm checker. + [12a4db91651a] + + * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in, + src/load_plugins.c, sudo.pp: + Sudo now stores its libexec files in a "sudo" subdirectory instead + of in libexec itself. For backwards compatibility, if the plugin is + not found in the default plugin directory, sudo will check the + parent directory default directory ends in "/sudo". + [5de67de76489] + + * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c, + plugins/system_group/system_group.c: + Add missing __dso_public to plugin structs so they are exported. + [dde703577621] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Mention that sudoers has its own plugins too. + [0a6c6203b512] + +2013-02-05 Todd C. Miller + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Correct last change date. + [45894291d792] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Remove duplicated sudo.conf info in the sudo, sudoers and + sudo_plugin manuals and cross-reference the new sudo.conf manual. + [b808ba29cf3a] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Fix typos + [0e70964150c6] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix some typos. + [94ae045cfbc6] + + * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in: + Add standalone sudo.conf manual page. + [d64d949b700c] + + * doc/sample.sudo.conf: + add group_source example + [118c1ba1c014] + + * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in, + doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. + [f5bd6006dc1c] + + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo, + src/po/it.po: + Sync with translationproject.org + [a6f2b9aac371] + +2013-02-03 Todd C. Miller + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo, + src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo, + src/po/vi.po: + Sync with translationproject.org + [ba546666969d] + +2013-02-01 Todd C. Miller + + * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, + plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po, + src/po/es.po, src/po/gl.po: + Sync with translationproject.org + [cdc454e34c03] + +2013-01-31 Todd C. Miller + + * NEWS: + Clarify ttyname changes. + [cbf2f80fe582] + + * NEWS: + Add 1.8.6p6 + [3aa591e98b3b] + + * src/ttyname.c: + Remove ttyname() fall back code on systems where we can query the + kernel for the tty device via /proc or sysctl(). If there is no + controlling tty, it is better to just treat the tty as unknown + rather than to blindly use what is hooked up to std{in,out,err}. + [b2bd3005d2e4] + +2013-01-27 Todd C. Miller + + * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: + Add group_source setting in sudo.conf to allow the admin to specify + how a user's groups are looked up. Legal values are static (just + the kernel list from getgroups), dynamic (whatever the group + database includes) and adaptive (only use group db if kernel group + list is full). + [87a5b02e22ad] + + * plugins/sudoers/policy.c: + Pass back exec_background to front end if it is enabled in sudoers. + [8230e1cd0bbd] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention that exec_background is for 1.8.7 and higher only. + [fdf0d5a3e182] + +2013-01-24 Todd C. Miller + + * MANIFEST: + Add missing test files. + [1165389aa5e6] + + * plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/regress/visudo/test3.out.ok, + plugins/sudoers/regress/visudo/test3.sh: + Add regress test for bug 361 + [54c7fb61b82d] + + * plugins/sudoers/iolog.c: + Add __dso_public to extern declaration of declaration to match + actual definition. + [4695ded501e6] + + * NEWS: + Add 1.8.6p5 + [b07b28c5c4d7] + +2013-01-23 Todd C. Miller + + * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test2.out.ok, + plugins/sudoers/regress/visudo/test2.sh: + Add test for visudo cycle check core dump; test case from Daniel + Kopecek + [41074541147a] + + * plugins/sudoers/visudo.c: + Fix potential stack overflow due to infinite recursion in alias + cycle detection. From Daniel Kopecek. + [d7e018a87434] + + * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c: + Ignore duplicate entries in sudo.conf and report the line number + when there is an error. Warn, don't abort if there is more than one + policy plugin. + [dfcb5a698f0a] + + * plugins/sudoers/tsgetgrpw.c: + Use strtoul() not atoi(). + [58a52cf9b6b8] + +2013-01-22 Todd C. Miller + + * compat/Makefile.in: + regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo + [9b44e9d26d16] + + * compat/nss_dbdefs.h: + Fix typo that breaks the build on HP-UX. + [b9ab6ba23485] + + * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, + configure, configure.in: + Use nss_search() to implement getgrouplist() where available. + Tested on Solaris and HP-UX. We need to include a compatibility + header for HP-UX which uses the Solaris nsswitch implementation but + doesn't ship nss_dbdefs.h. + [d29dbc4dc06d] + +2013-01-19 Todd C. Miller + + * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h: + Remove extra flag to sudo_sigaction(). We want to trap the signal + regardless of whether or not it is ignored by the underlying command + since there's no way to know what signal handlers the command will + install. Now we just use sudo_sigaction() to set a flag in + saved_signals[] to indicate whether a signal needs to be restored + before exec. + [c042d52c7192] + +2013-01-18 Todd C. Miller + + * compat/getgrouplist.c, config.h.in, configure, configure.in: + Use _getgroupsbymember() on Solaris to get the groups list. Fixes + performance problems with the getgroupslist() compat on Solaris + systems with network-based group databases. + [287d3ae2ce8d] + +2013-01-17 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document signal handler behavior in plugin API 1.3 + [20dc9d1c105f] + + * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c, + src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h: + Move signal code into its own source file and add sudo_sigaction() + wrapper that has an extra flag to check the saved_signals list to + only install the handler if the signal is not already ignored. Bump + plugin API version for the new front-end signal behavior. + [5d2f27a1b404] + + * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h, + src/sudo_exec.h: + Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute + the command. If we get SIGINT or SIGQUIT, call the plugin close() + functions as if the command was interrupted. If we get SIGTSTP, + uninstall the handler and deliver SIGTSTP to ourselves. + [332baf3a81b7] + + * src/exec.c, src/exec_pty.c: + Rename handle_signals() to dispatch_signals(). Block other signals + in handler() so we don't have to worry about the write() being + interrupted. + [666e95c9a0f1] + +2013-01-16 Todd C. Miller + + * src/tgetpass.c: + Rename signal handler to avoid name clash with one in exec.c + [8913101a29b6] + +2013-01-13 Todd C. Miller + + * src/sudo.c: + Add missing call to save_signals(). + [47d075d7326b] + +2013-01-11 Todd C. Miller + + * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Fill in the comment block at the top of the .pot files and preserve + it when regenerating them. + [6449497b76db] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Add exec_background option in plugin command info and a sudoers + option to match. When set, commands are started in the background + and automatically foregrounded as needed. There are issues with + some ill-mannered programs (like Linux su) so this is not the + default. + [c0b32b0938f2] + + * common/Makefile.in: + regen + [2b2b220e7aea] + + * src/Makefile.in: + Add SESH_OBJS variable for sesh object files. + [d3e04ae8fd1f] + + * configure.in, doc/LICENSE, plugins/sudoers/redblack.c: + Update copyright year. + [61a0f0cedb13] + + * src/exec_pty.c: + Always resume the command in the foreground if sudo itself is the + foreground process. This helps work around poorly behaved programs + that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At + worst, sudo will go into the background but upon resume the command + will be runnable. Otherwise, we can get into a situation where the + command will immediately suspend itself. + [c368ac3eb2e4] + + * configure, configure.in: + Use -fstack-protector-all in preference to -fstack-protector where + supported. + [f930c95ceb51] + +2013-01-10 Todd C. Miller + + * configure, configure.in: + Only test for -fstack-protector and -fvisibility=hidden on GNU + compatible compilers. + [796f4696d863] + +2013-01-03 Todd C. Miller + + * NEWS: + Add Sudo 1.8.6p4 + [8a928de8e717] + + * common/Makefile.in, compat/Makefile.in, configure, configure.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Break out stack smashing protector options into SSP_CFLAGS and + SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). + [01be114fc9fb] + +2013-01-01 Todd C. Miller + + * doc/CONTRIBUTORS, plugins/sudoers/redblack.c: + In rbrepair(), make sure we never try to change the color of the + sentinel node, which is the first entry, not the root. From Michael + King + [3fc4dc4004ec] + +2012-12-28 Todd C. Miller + + * src/exec_pty.c: + No need to restore default signal handler for SIGSTOP as it is not + catchable. Attempting to do so is harmless but sigaction() will + fail and set errno to EINVAL which makes it looks like there is an + error. + [be7c0b759e9a] + + * src/exec.c: + Print SIGCONT_FG and SIGCONT_BG properly in debug output. + [93e59e301c8f] + +2012-12-27 Todd C. Miller + + * configure, configure.in: + Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. + [9ed48f696595] + +2012-12-20 Todd C. Miller + + * include/missing.h: + Add howmany() macro since some systems have this in sys/param.h + which we no longer include. + [2c5efaa16c45] + +2012-12-07 Todd C. Miller + + * plugins/sudoers/regress/sudoers/test11.toke.out.ok: + Remove errant file. + [a91699beffc6] + +2012-12-04 Todd C. Miller + + * plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Remove obsolete sudoers_cleanup() stubs. + [89153025a2ae] + + * common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/secure_path.c, + common/sudo_conf.c, common/sudo_debug.c, common/term.c, + compat/closefrom.c, compat/getcwd.c, compat/glob.c, + compat/snprintf.c, include/missing.h, + plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, + plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/get_pty.c, + src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c, + src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: + Don't include . We only needed it for MAXPATHLEN, + MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and + HOST_NAME_MAX throughout without falling back on MAXPATHLEN or + MAXHOSTNAMELEN and define our own MIN/MAX macros as needed. + [f4807d46f504] + + * include/missing.h, plugins/sudoers/match.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c: + Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN + (sys/param.h or netdb.h). + [2544f5e306dd] + +2012-11-30 Todd C. Miller + + * plugins/sudoers/logging.c: + Move debug_decl() in log_failure() to be after the variable + declarations for C89. + [f48d2035ab44] - * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: - Check for crypt() returning NULL. Traditionally, crypt() never - returned NULL but newer versions of eglibc have a crypt() that does. - Bug #598 - [887b9df243df] +2012-11-29 Todd C. Miller -2013-04-10 Todd C. Miller + * common/error.c, include/error.h, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Cannot wrap sigsetjmp() or we end up returning to the wrong place. + Use a macro instead. + [749ee6acdad8] - * src/ttyname.c: - AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit - before we try to match it against st_rdev. - [5dab449fb962] +2012-11-28 Todd C. Miller + + * plugins/sudoers/policy.c: + Fix return in sudoers_policy_open that should be debug_return. + [a78b795b6846] + +2012-11-27 Todd C. Miller * src/ttyname.c: - Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes - a problem finding the tty name when it is not in /dev/pts. - [6c205d087fa0] + Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case + too. + [acfa891c229e] -2013-02-25 Todd C. Miller + * src/solaris.c: + Quiet a gcc warning and add comment about needing to keep the handle + open. + [f954f228960f] - * plugins/sudoers/check.c: - Completely ignore time stamp file if it is set to the epoch, - regardless of what gettimeofday() returns. - [ebd6cc75020f] +2012-11-26 Todd C. Miller - * plugins/sudoers/check.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Store the session ID in the tty ticket file too. A tty may only be - in one session at a time so if the session ID doesn't match we - ignore the ticket. - [049a12a5cc14] + * INSTALL: + mention --disable-shared + [6954d39e2d0f] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Add missing command_info argument in I/O plugin open() prototype. + Bug #579 + [72beb07aba0e] + +2012-11-25 Todd C. Miller + + * plugins/sudoers/gram.c: + Regen for proper line numbers. + [6cf6e132e764] * configure, configure.in: - Sudo 1.8.6p7 - [3334bc872111] + Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. + [d604dc8ca38a] - * NEWS: - Update for Sudo 1.8.6p7 - [3b853ddc529c] + * common/sudo_printf.c: + Include missing.h for __printflike. + [a33640600faf] -2013-02-11 Todd C. Miller + * plugins/sudoers/iolog.c: + Saner loop invariant in io_mkdirs (cosmetic only). + [dc30274afe38] - * NEWS: - Add Sudo 1.8.6p7 - [77480be0f378] + * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c, + configure, configure.in, include/error.h, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c, + src/sesh.c: + Move warn/error into common and make static builds work. + [4d3f374f4e4c] -2013-01-31 Todd C. Miller + * MANIFEST, common/Makefile.in, common/sudo_debug.c, + common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/conversation.c, src/sesh.c: + Move _sudo_printf from src/conversation.c to common/sudo_printf.c. + Add sudo_printf function pointer that is initialized to + _sudo_printf() instead of requiring a sudo_conv function pointer + everywhere. The plugin will reset sudo_printf to point to the + version passed in via the plugin open function. Now plugin_error.c + can just call sudo_printf in all cases. The sudoers binaries no + longer need their own version of sudo_printf. + [9b09d3f63790] + + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't + need error_jmp to be extern. Also add plugin_clearjmp() that clears + a flag so error()/errorx() knows when to call exit() vs. longjmp(). + [5a4617148e70] - * NEWS: - Clarify ttyname changes. - [9963ed81732d] + * plugins/sudoers/set_perms.c: + Let warning() call gettext() for us. + [ab8d502ba4ac] - * NEWS: - Add 1.8.6p6 - [162ea7fae117] + * include/error.h, plugins/sudoers/plugin_error.c, src/error.c: + Do locale swapping in the warning()/error() macros themselves + instead of in the underlying functions. + [4cd205540e17] - * src/ttyname.c: - Remove ttyname() fall back code on systems where we can query the - kernel for the tty device via /proc or sysctl(). If there is no - controlling tty, it is better to just treat the tty as unknown - rather than to blindly use what is hooked up to std{in,out,err}. - [2f3225a2a4a4] + * common/alloc.c, common/list.c, include/error.h, + plugins/sudoers/env.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, + src/hooks.c: + Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). + [48346393634d] + + * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c, + src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: + Call gettext() on parameters for warning()/warningx() instead of + having warning() do it for us. + [c71088bc9d3e] + + * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: + Call gettext() in sudoerserror() in the user's locale and pass the + untranslated string to it. + [cdbfc231b848] + + * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Allow sudoers programs (visudo, sudoreplay, visudo) to use + plugin_error.c instead of the error.c from the front-end. This + means sudoers_setlocale() needs to be independent of the sudo_user + struct and the defaults table. The sudoers locale is now updated + via a callback. + [e356f5f8cd6a] + + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c + Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers + warning/error functions work when sudo_conv is NULL + [7365ee24a779] -2013-01-24 Todd C. Miller + * src/error.c: + No need to change locale in front-end warning()/error(). + [23dc1df7f93b] + + * plugins/sudoers/tsgetgrpw.c: + Ignore bad lines in passwd/group file instead if stopping processing + when we hit one. + [79b790559075] + + * plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + Bash doesn't let you set UID to use MYUID instead. + [5be56335f059] + + * plugins/sudoers/visudo.c: + Avoid NULL deref for unknown Defaults in strict mode. + [545c21c1e7d6] + + * common/sudo_conf.c, common/sudo_debug.c: + See DEFAULT_TEXT_DOMAIN + [3d723e1d27db] + +2012-11-13 Todd C. Miller + + * .hgignore: + Add signame.c and mksigname. + [d59bbf423f00] + + * plugins/sudoers/Makefile.in: + Fold preinstall into install-plugin and pass the path to the plugin + binary to the preinstall command. + [2c2205af8bb7] + + * pp: + sync with upstream + [a4b7336b3256] + + * src/sudo.h: + repair spacing + [f5c1255ce514] + +2012-11-12 Todd C. Miller + + * common/sudo_debug.c: + Set group on sudo_debug when creating it to gid 0 so systems without + BSD group semantics don't get the invoking user's group. + [7dda01196554] * plugins/sudoers/iolog.c: - Add __dso_public to extern declaration of declaration to match - actual definition. - [e16ecb5c6677] + Rename mkdir_parents() io_mkdirs() and add a flag to specify whether + path is a temporary, in which case the final component is created + via mkdtemp() instead of mkdir(). + [79c0c4e7ed58] - * configure, configure.in: - Sudo 1.8.6p5 - [8d7c8bd159c5] + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h: + For PERM_ROOT set egid to 0 so log files are not created with the + gid of the user. + [5b964ea43474] - * NEWS: - Add 1.8.6p5 - [1cb9b7c4f626] + * plugins/sudoers/logging.c: + Add calls to set_perms(PERM_ROOT) becore logging to a file. We + should already be root but since we cache the current permission + status it is basically free. That way, if more of sudoers runs as + non-root in the future logging will still work correctly. + [c591d4973f41] + + * common/sudo_conf.c, config.h.in, configure, configure.in, + include/gettext.h, plugins/sudoers/locale.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/error.c, src/exec.c, src/sesh.c, src/sudo.c: + #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. + [41f6bb4926f4] -2013-01-23 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Mention that sudo.conf is parsed in the C locale. + [f711c416e30c] - * plugins/sudoers/visudo.c: - Fix potential stack overflow due to infinite recursion in alias - cycle detection. From Daniel Kopecek. - [77f2228877bc] + * common/sudo_conf.c: + Parse sudo.conf in the "C" locale. + [776658f651ea] -2013-01-18 Todd C. Miller + * plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.h: + Fix compilation on systems w/o setlocale() + [6940d1c1c1ce] - * compat/getgrouplist.c, config.h.in, configure, configure.in: - Use _getgroupsbymember() on Solaris to get the groups list. Fixes - performance problems with the getgroupslist() compat on Solaris - systems with network-based group databases. - [6ab76bea5ea4] + * doc/TROUBLESHOOTING: + Sudo now includes a workaround for the Solaris 11 locale issue. + [ab93787a552c] -2013-01-13 Todd C. Miller +2012-11-11 Todd C. Miller - * src/sudo.c: - Add missing call to save_signals(). - [708b8db3b30e] + * include/gettext.h, plugins/sudoers/iolog_path.c, + plugins/sudoers/locale.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h: + Always include locale.h from gettext.h so we no longer need to + include locale.h from the .c files. + [93d39182ccfa] + + * MANIFEST, config.h.in, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c, + src/solaris.c, src/sudo.c, src/sudo.h: + Add os-specific initialization functions for solaris (workaround + setuid locale problem in Solaris 11) and openbsd (set malloc_options + if SUDO_DEVEL). Also move set_project() to solaris.c. + [1d6581afbaf4] + +2012-11-09 Todd C. Miller + + * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Avoid strerror() when possible and just rely on warning/error to + handle errno in the proper locale. + [bf612caae97c] -2013-01-11 Todd C. Miller + * plugins/sudoers/logging.c: + Set sudoers locale in log_allowed() + [2dd0ac704cae] - * configure, configure.in: - Use -fstack-protector-all in preference to -fstack-protector where - supported. - [52ac4eadf5c9] + * plugins/sudoers/check.c: + Make the sudo lecture translatable. + [3cdfc183d72d] -2013-01-10 Todd C. Miller + * Makefile.in: + Add the values of badpass_message, passprompt and mailsub to + sudoers.pot so they can be translated. + [51cbe8adcb94] - * configure, configure.in: - Only test for -fstack-protector and -fvisibility=hidden on GNU - compatible compilers. - [5f31c5b4edc9] + * plugins/sudoers/logging.c: + Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked + up by xgettext. + [c5b74115caf0] -2013-01-03 Todd C. Miller +2012-11-08 Todd C. Miller - * NEWS: - Add Sudo 1.8.6p4 - [88358d481baa] + * plugins/sudoers/check.c, plugins/sudoers/prompt.c, + plugins/sudoers/sudoers.h: + Make expand_prompt() args const and free the prompt when we are done + with it. + [995ef8519fe6] - * configure, configure.in: - Sudo 1.8.6p4 - [e8032237c4b1] + * plugins/sudoers/policy.c: + Fix cut and pasto + [e002921c1d15] - * common/Makefile.in, compat/Makefile.in, configure, configure.in, - plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Break out stack smashing protector options into SSP_CFLAGS and - SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). - [9c3662776afa] + * plugins/sudoers/defaults.c, plugins/sudoers/logging.c: + Expand def_mailsub in the sudoers locale, not the user's. + [a4775f2fb385] -2013-01-01 Todd C. Miller + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/iolog.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/timestamp.c: + Call gettext inside log_error et al instead of having the caller do + it. This way we can display any messages to the user in their own + locale but log in the sudoers local. + [286e0444f785] + + * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c, src/error.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c, src/tgetpass.c: + Display warning/error messages in the user's locale. + [00a04165c0cf] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + audit_failure() now calls gettext itself using the sudoers locale. + [d77f1d78799a] - * doc/CONTRIBUTORS, plugins/sudoers/redblack.c: - In rbrepair(), make sure we never try to change the color of the - sentinel node, which is the first entry, not the root. From Michael - King - [24ebb817e1ee] + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c: + Convert setlocale() to sudoers_setlocale() in the sudoers module. + This only converts existing uses, there are more places where we + need to sprinkle sudoers_setlocale() calls. + [8ee0cbf0d0a9] -2012-12-27 Todd C. Miller + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add simple locale switching to make it easy to switch from the + user's locale to the sudoers locale without making excessive + setlocale() calls when we don't need to. + [5c61582fdeee] - * configure, configure.in: - Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. - [ce07ef64d410] + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/plugin_error.c, src/error.c: + Add variants of warn/error and sudo_debug_printf that take a va_list + instead of a variable number of args. + [00392bdc063c] -2012-11-25 Todd C. Miller + * INSTALL, doc/TROUBLESHOOTING: + Document Solaris 11 locale issues and workarounds. + [05f7d34af3ae] - * plugins/sudoers/visudo.c: - Avoid NULL deref for unknown Defaults in strict mode. - [4c2d9717d91e] + * Makefile.in, configure, configure.in: + Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 + locales. Make links from localdir/lang -> localdir/lang.UTF-8 + [5ca9326480e2] 2012-11-06 Todd C. Miller @@ -162,18 +2286,153 @@ Do not inform the user that the command was not permitted by the policy if they do not successfully authenticate. This is a regression introduced in sudo 1.8.6. - [e5c1e760954e] + [c1279df08bfb] + + * plugins/sudoers/Makefile.in: + Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup + the rpath in HP-UX SOM shared libraries for the LDAP libs. + [b07185657b42] * src/parse_args.c: The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. - [4e112e7da105] + [22c73cbe3ff9] + +2012-10-28 Todd C. Miller + + * INSTALL, configure, configure.in: + Allow the user to specify and alternate libtool + [c9d6fc9521fd] 2012-10-26 Todd C. Miller * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: Allow sudo to be build with sss support without also including ldap support. From Stephane Graber. - [7e0bd9191589] + [b992a80ebea1] + +2012-10-25 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Refactor policy plugin interface code from sudoers.c into policy.c + [393e62910b8a] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Refactor command_info setting into its own function. + [a952b948324c] + + * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Make interfaces pointer private to interfaces.c and add + get_interfaces() accessor. + [b69b9334ed3c] + +2012-10-24 Todd C. Miller + + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.h: + Make user_cwd const since it is either a string literal or passed in + from the front-end. + [90751b81e8bc] + + * configure, configure.in: + sudo 1.8.7 + [bf727adb8af0] + + * plugins/sudoers/sudoers.c: + Avoid nested strtok() calls. + [9d9f22ab52a9] + +2012-10-23 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: + Move expand_prompt() into its own source file for easier unit + testing. + [b419b48a436f] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Make check.c independent of the underlying timestamp implementation. + [895071bd6065] + + * plugins/sudoers/iolog_path.c: + Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. + [8ac38f02dd6d] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use a list for the possible values of Tag_Spec with a minimal indent + to improve readability. In the pod version, these were =head3. Also + use .St -p1003.1 instead of just POSIX when talking about glob() and + fnmatch(). + [361a6f7a5c44] + +2012-10-02 Todd C. Miller + + * src/ttyname.c: + sudo_ttyname_dev() is unused if there is no /proc or sysctl(). + [6598dbf81e16] + + * compat/mksiglist.c, compat/mksigname.c, + compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c, + plugins/sample_group/plugin_test.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: + Explicitly mark main() as public in executables to avoid an HP-UX ld + warning. + [72a40ce218be] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Remove grep from SEE ALSO section. + [c7cafee1621f] + + * common/alloc.c: + If vasprintf() fails, just use the errno it sets instead of assuming + ENOMEM. + [1be5bfdc0cab] + +2012-09-28 Todd C. Miller + + * doc/TROUBLESHOOTING: + Mention HP-UX pam.conf settings. + [8b8e745b49fd] + +2012-09-27 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestamp.h: + Split off timestamp functions into their own source file. + [d5833332511d] + +2012-09-26 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention how !foo is not the same as ALL,!foo + [51f8e470757d] + +2012-09-25 Todd C. Miller + + * src/exec_pty.c: + Start commands in the background when I/O logging is enabled. We + can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2) + which returns EINTR on signal instead of restarting automatically. + [83b1d59146f7] + + * src/exec_pty.c: + Handle SIGCONT_FG and SIGCONT_BG when converting signal number to + string in deliver_signal(). + [2cefea7a976e] 2012-09-24 Todd C. Miller @@ -181,21 +2440,23 @@ Fix running commands that need the terminal in the background when I/O logging is enabled. E.g. "sudo vi &". When the command is foregrounded, it will now resume properly. - [c30ec73a5da8] + [0bc13a253429] -2012-11-13 Todd C. Miller + * plugins/sudoers/match.c: + Add rudimentary support for name-based matching as a compile-time + option. This unsafe when used in conjunction with the '!' operator. + [f93bc8e6db15] - * plugins/sudoers/Makefile.in: - Fold preinstall into install-plugin and pass the path to the plugin - binary to the preinstall command. - [994f8f58495e] +2012-09-21 Todd C. Miller -2012-11-06 Todd C. Miller + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c: + Split out implementation-specific back end code out of pwutil.c into + pwutil_impl.c. This will allow the main pwutil code to be used for + lookup methods other than getpw* and getgr*. + [999c2dde60e4] - * plugins/sudoers/Makefile.in: - Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup - the rpath in HP-UX SOM shared libraries for the LDAP libs. - [685796ea58fe] +2012-09-18 Todd C. Miller * NEWS, configure, configure.in: sudo 1.8.6p3 @@ -208,6 +2469,20 @@ at some point. Bug #573 [6652f834b8f5] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Rename yyerror() to sudoerserror() to match yacc prefix changes. Not + really needed due to the #defines that yacc makes but it is less + confusing this way as the lexer calls sudoerserror(). + [a0577be6527d] + + * common/alloc.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/env.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + src/exec_common.c, src/parse_args.c, src/sudo.c: + No need to translate "unable to allocate memory" when we can just + use the system translation via strerror(). + [377499e5827c] + * plugins/sudoers/sudoreplay.c: Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not all file systems support d_type. Bug #572 @@ -230,6 +2505,37 @@ after resume. [242628694e42] + * plugins/sudoers/env.c: + Replace the guts of sudo_setenv_nodebug() with our old setenv.c + which supports non-standard BSD and glibc semantics. sudo_setenv() + now simply calls sudo_setenv2(). + [57ffb6c9efaa] + +2012-09-15 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document non-Unix group support in LDAP sudoers. + [33c89f3aeee6] + + * plugins/sudoers/ldap.c: + Enable non-Unix group support for LDAP sudoers. We now check for + non-Unix groups and netgroups with the same query in the second + pass. Bug #571 + [eb98fdff54d9] + +2012-09-14 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/parse.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c: + Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. + [cb6c0d93215e] + 2012-09-12 Todd C. Miller * NEWS: diff --git a/INSTALL b/INSTALL index 964d75e..bd05979 100644 --- a/INSTALL +++ b/INSTALL @@ -7,6 +7,21 @@ more options than it did before. Please read this document fully before configuring and building sudo. You may also wish to read the file INSTALL.configure which explains more about the `configure' script. +System requirements +=================== + +To build sudo from the source distribution you need a POSIX-compliant +operating system (any modern version of BSD, Linux or Unix should work), +an ANSI/ISO C compiler that supports the "long long" type, variadic +macros (a C99 feature) as well as the ar, make and ranlib utilities. + +If you wish to modify the parser then you will need flex version +2.5.2 or later and either bison or byacc (sudo comes with a +pre-generated parser). You'll also have to run configure with the +--with-devel option or pass DEVEL=1 to make. You can get flex from +http://flex.sourceforge.net/. You can get GNU bison from +ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU mirror. + Simple sudo installation ======================== @@ -19,36 +34,31 @@ For most systems and configurations it is possible simply to: "gotchas" relating to your operating system. 2) `cd' to the source or build directory and type `./configure' - to generate a Makefile and config.h file suitable for - building sudo. Before you actually run configure you - should read the `Available configure options' section - to see if there are any special options you may want - or need. - - 3) Edit the configure-generated Makefile if you wish to - change any of the default paths (alternatively, you could - have changed the paths via options to `configure'. + to generate a Makefile and config.h file suitable for building + sudo. Before you actually run configure you should read the + `Available configure options' section to see if there are + any special options you may want or need. - 5) Type `make' to compile sudo. If you are building sudo + 4) Type `make' to compile sudo. If you are building sudo in a separate build tree (apart from the sudo source) GNU make will probably be required. If `configure' did its job properly (and you have a supported configuration) there won't be any problems. If this doesn't work, take a look at the - TROUBLESHOOTING file for tips on what might have gone wrong. - Please mail us if you have a fix or if you are unable to - come up with a fix (address at EOF). + doc/TROUBLESHOOTING file for tips on what might have gone + wrong. Please mail us if you have a fix or if you are unable + to come up with a fix (address at EOF). - 6) Type `make install' (as root) to install sudo, visudo, the + 5) Type `make install' (as root) to install sudo, visudo, the man pages, and a skeleton sudoers file. Note that the install will not overwrite an existing sudoers file. You can also install various pieces the package via the install-binaries, install-doc, and install-sudoers make targets. - 7) Edit the sudoers file with `visudo' as necessary for your + 6) Edit the sudoers file with `visudo' as necessary for your site. You will probably want to refer the sample.sudoers file and sudoers man page included with the sudo package. - 8) If you want to use syslogd(8) to do the logging, you'll need + 7) If you want to use syslogd(8) to do the logging, you'll need to update your /etc/syslog.conf file. See the sample.syslog.conf file included in the distribution for an example. @@ -74,118 +84,145 @@ Configuration: --quiet, --silent, -q Do not print `checking...' messages + --srcdir=DIR + Find the sources in DIR [configure dir or `..'] + Directory and file names: --prefix=PREFIX - Install architecture-independent files in PREFIX This really only - applies to man pages. [/usr/local] + Install architecture-independent files in PREFIX. [/usr/local] --exec-prefix=EPREFIX - Install architecture-dependent files in EPREFIX This includes the - sudo and visudo executables. [same as prefix] + Install architecture-dependent files in EPREFIX. + This includes the executables and plugins. [same as PREFIX] --bindir=DIR - Install `sudo' in DIR [EPREFIX/bin] + Install `sudo', `sudoedit' and `sudoreplay' in DIR. [EPREFIX/bin] --sbindir=DIR - Install `visudo' in DIR [EPREFIX/sbin] + Install `visudo' in DIR. [EPREFIX/sbin] + + --libexecdir=DIR + Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo] --sysconfdir=DIR - Install `sudoers' file in DIR [/etc] + Look for `sudo.conf' and `sudoers' files in DIR. [/etc] + + --includedir=DIR + Install sudo_plugin.h include file in DIR [PREFIX/include] + + --datarootdir=DIR + Root directory for platform-independent data files [PREFIX/share] + + --localedir=DIR + Install sudo and sudoers locale files in DIR [DATAROOTDIR/locale] --mandir=DIR Install man pages in DIR [PREFIX/man] - --srcdir=DIR - Find the sources in DIR [configure dir or ..] + --docdir=DIR + Install other sudo documentation in DIR [DATAROOTDIR/doc/sudo] + + --with-plugindir=PATH + Set the directory that sudo looks in to find the policy and I/O + logging plugins. Defaults to the LIBEXEC/sudo. + + --with-timedir=PATH + Use PATH to store the sudo time stamp files. By default, + the first existing directory in the following list is used: + /var/db, /var/lib, /var/adm, /usr/adm. + +Compilation options: + --disable-hardening + Disable the use of compiler/linker exploit mitigation options + which are enabled by default. This includes compiling with + _FORTIFY_SOURCE defined to 2, building with -fstack-protector + and linking with -zrelro, where supported. + + --enable-pie + Build sudo and related programs as as a position independent + executables (PIE). This improves the effectiveness of address + space layout randomization (ASLR) on systems that support it. + Sudo will create PIE binaries by default on Linux systems. + + --disable-pie + Disable the creation of position independent executables (PIE), + even if the compiler creates PIE binaries by default. This + option may be needed on some Linux systems where PIE binaries + are not fully supported. + + --disable-rpath + By default, configure will use -Rpath in addition to -Lpath + when passing library paths to the loader. This option will + disable the use of -Rpath. + + --disable-shared + Disable dynamic shared object support. By default, sudo + is built with a plugin API capable of loading arbitrary + policy and I/O logging plugins. If the --disable-shared + option is specified, this support is disabled and the default + sudoers policy and I/O plugins are embedded in the sudo + binary itself. This will also disable the noexec option + as it too relies on dynamic shared object support. + + --enable-zlib[=location] + Enable the use of the zlib compress library when storing + I/O log files. If specified, location is the base directory + containing the zlib include and lib directories. The special + values "system" and "builtin" can be used to indicate that + the system version of zlib should be used or that the version + of zlib shipped with sudo should be used instead. + If this option is not specified, configure will use the + system zlib if it is present. -Special features/options: --with-incpath=DIR Adds the specified directory (or directories) to CPPFLAGS so configure and the compiler will look there for include files. Multiple directories may be specified as long as they are space separated. - Eg: --with-incpath="/usr/local/include /opt/include" + E.g. --with-incpath="/usr/local/include /opt/include" --with-libpath=DIR Adds the specified directory (or directories) to LDFLAGS so configure and the compiler will look there for libraries. Multiple directories may be specified as with --with-incpath. - --with-rpath - Tells configure to use -Rpath in addition to -Lpath when - passing library paths to the loader. This option is on - by default for Solaris and SVR4. - - --with-blibpath[=PATH] - Tells configure to construct a -blibpath argument to the - loader. If a PATH is specified, it will be used as the - base. Otherwise, "/usr/lib:/lib:/usr/local/lib" will be - used for gcc and "/usr/lib:/lib" for non-gcc. Additional - library paths will be appended as needed by configure. - This option is only valid for AIX where it is on by default. - --with-libraries=LIBRARY - Adds the specified library (or libaries) to SUDO_LIBS and + Adds the specified library (or libraries) to SUDO_LIBS and and VISUDO_LIBS so sudo will link against them. If the library doesn't start with `-l' or end in `.a' or `.o' a - `-l' will be prepended to it. Multiple libraries may be + `-l' will be pre-pended to it. Multiple libraries may be specified as long as they are space separated. - --with-plugindir=PATH - Set the directory that sudo looks in to find the policy and I/O - logging plugins. Defaults to the libexec dir used by configure. - - --with-efence - Link with the "electric fence" debugging malloc. - - --with-bsm-audit - Enable support for sudo BSM audit logs on systems that support - it. Currently only supported under FreeBSD and Mac OS X. - - --with-csops - Add CSOps standard options. You probably aren't interested in this. - - --with-devel - Configure development options. This will enable compiler warnings - and set the Makefile to be able to regenerate the sudoers parser - as well as the manual pages. - - --with-linux-audit - Enable audit support for Linux systems. Audits attempts - to run a command as well as SELinux role changes. - - --with-skey[=DIR] - Enable S/Key OTP (One Time Password) support. If specified, - DIR should contain include and lib directories with skey.h - and libskey.a respectively. - - --with-opie[=DIR] - Enable NRL OPIE OTP (One Time Password) support. If specified, - DIR should contain include and lib directories with opie.h - and libopie.a respectively. - - --with-SecurID[=DIR] - Enable SecurID support. If specified, DIR is directory containing - libaceclnt.a, acexport.h, and sdacmvls.h. + --with-libtool=PATH + By default, sudo will use the included version of libtool + to build shared libraries. The --with-libtool option can + be used to specify a different version of libtool to use. + The special values "system" and "builtin" can be used in + place of a path to denote the default system libtool (obtained + via the user's PATH) and the default libtool that comes + with sudo. - --with-fwtk[=DIR] - Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified, - DIR is the base directory containing the compiled FWTK package - (or at least the library and header files). +Optional features: + --disable-root-mailer + By default sudo will run the mailer as root when tattling + on a user so as to prevent that user from killing the mailer. + With this option, sudo will run the mailer as the invoking + user which some people consider to be safer. - --with-kerb5[=DIR] - Enable Kerberos V support. If specified, DIR is the base - directory containing the Kerberos V include and lib dirs. - This This uses Kerberos passphrases for authentication but - does not use the Kerberos cookie scheme. Will not work for - Kerberos V older than version 1.1. + --enable-nls[=location] + Enable natural language support using the gettext() family + of functions. If specified, location is the base directory + containing the libintl include and lib directories. If + this option is not specified, configure will look for the + gettext() family of functions in the standard C library + first, then check for a standalone libintl (linking with + libiconv as needed). - --enable-kerb5-instance=string - By default, the user name is used as the principal name - when authenticating via Kerberos V. If this option is - enabled, the specified instance string will be appended to - the user name (separated by a slash) when creating the - principal name. + --disable-nls + Disable natural language support. By default, sudo will + use the gettext() family of functions, if available, to + implement messages in the invoking user's native language. + Note that translations do not exist for all languages. --with-ldap[=DIR] Enable LDAP support. If specified, DIR is the base directory @@ -201,25 +238,97 @@ Special features/options: this file instead of /etc/ldap.secret to read the secret password when rootbinddn is specified in the ldap config file. + --with-logincap + This adds support for login classes specified in /etc/login.conf. + It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and + NetBSD (where available). By default, a login class is not applied + unless the 'use_loginclass' option is defined in sudoers or the user + specifies a class on the command line. + + --with-interfaces=no, --without-interfaces + This option keeps sudo from trying to glean the ip address + from each attached Ethernet interface. It is only useful + on a machine where sudo's interface reading support does + not work, which may be the case on some SysV-based OS's + using STREAMS. + + --with-noexec[=PATH] + Enable support for the "noexec" functionality which prevents + a dynamically-linked program being run by sudo from executing + another program (think shell escapes). Please see the + "PREVENTING SHELL ESCAPES" section in the sudoers man page + for details. If specified, PATH should be a fully qualified + path name, e.g. /usr/local/libexec/sudo_noexec.so. If PATH + is "no", noexec support will not be compiled in. The default + is to compile noexec support if libtool supports building + shared objects on your OS. + + --with-selinux + Enable support for role based access control (RBAC) on + systems that support SELinux. + --with-sssd Enable support for using the System Security Services Daemon - (SSSD) as a sudoers data source. For more informaton on + (SSSD) as a sudoers data source. For more information on SSD, see http://fedorahosted.org/sssd/ --with-sssd-lib=PATH Specify the path to the SSSD shared library, which is loaded at run-time. - --with-nsswitch[=PATH] - Path to nsswitch.conf or "no" to disable nsswitch support. - If specified, sudo uses this file instead of /etc/nsswitch.conf. - If nsswitch is disabled but LDAP is enabled, sudo will check - LDAP first, then the sudoers file. +Operating system-specific options: + --disable-setreuid + Disable use of the setreuid() function for operating systems + where it is broken. For instance, 4.4BSD has setreuid() + that is not fully functional. + + --disable-setresuid + Disable use of the setresuid() function for operating systems + where it is broken (none currently known). + + --enable-admin-flag + Enable the creation of an Ubuntu-style admin flag file + the first time sudo is run. + + --with-bsm-audit + Enable support for sudo BSM audit logs on systems that support it. + This includes recent versions of FreeBSD, Mac OS X and Solaris. + + --with-linux-audit + Enable audit support for Linux systems. Audits attempts + to run a command as well as SELinux role changes. + + --with-man + Use the "man" macros for manual pages. By default, mdoc versions + of the manuals are installed if supported. This can be used to + override configure's test for "nroff -mdoc" support. + + --with-mdoc + Use the "mdoc" macros for manual pages. By default, mdoc versions + of the manuals are installed if supported. This can be used to + override configure's test for "nroff -mdoc" support. --with-netsvc[=PATH] Path to netsvc.conf or "no" to disable netsvc.conf support. If specified, sudo uses this file instead of /etc/netsvc.conf - on AIX systems. + on AIX systems. If netsvc support is disabled but LDAP is + enabled, sudo will check LDAP first, then the sudoers file. + + --with-nsswitch[=PATH] + Path to nsswitch.conf or "no" to disable nsswitch support. + If specified, sudo uses this file instead of /etc/nsswitch.conf. + If nsswitch support is disabled but LDAP is enabled, sudo will + check LDAP first, then the sudoers file. + + --with-project + Enable support for Solaris project resource limits. + This option is only available on Solaris 9 and above. + +Authentication options: + --with-AFS + Enable AFS support with Kerberos authentication. Should work under + AFS 3.3. If your AFS doesn't have -laudit you should be able to + link without it. --with-aixauth Enable support for the AIX 4.x general authentication function. @@ -227,6 +336,49 @@ Special features/options: on the machine. It is on by default for AIX systems that support it. + --with-bsdauth + Enable support for BSD authentication. This is the default + for BSD/OS and OpenBSD systems that support it. + It is not possible to mix BSD authentication with other + authentication methods (and there really should be no need + to do so). Note that only the newer BSD authentication API + is supported. If you don't have /usr/include/bsd_auth.h + then you cannot use this. + + --with-DCE + Enable DCE support for systems without PAM. Known to work on + HP-UX 9.X, 10.X, and 11.0; other systems may require source + code and/or `configure' changes. On systems with PAM support + (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the + DCE PAM module (usually libpam_dce) should be used instead. + + --with-fwtk[=DIR] + Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified, + DIR is the base directory containing the compiled FWTK package + (or at least the library and header files). + + --with-kerb5[=DIR] + Enable Kerberos V support. If specified, DIR is the base + directory containing the Kerberos V include and lib dirs. + This uses Kerberos pass phrases for authentication but + does not use the Kerberos cookie scheme. Will not work for + Kerberos V older than version 1.1. + + --enable-kerb5-instance=string + By default, the user name is used as the principal name + when authenticating via Kerberos V. If this option is + enabled, the specified instance string will be appended to + the user name (separated by a slash) when creating the + principal name. + + --with-opie[=DIR] + Enable NRL OPIE OTP (One Time Password) support. If specified, + DIR should contain include and lib directories with opie.h + and libopie.a respectively. + + --with-otp-only + This option is now just an alias for --without-passwd. + --with-pam Enable PAM support. This is on by default for Darwin, FreeBSD, Linux, Solaris and HP-UX (version 11 and higher). @@ -247,49 +399,6 @@ Special features/options: option from "sudo" to "sudo-i", allowing for a separate pam configuration for sudo's initial login mode. - --with-AFS - Enable AFS support with Kerberos authentication. Should work under - AFS 3.3. If your AFS doesn't have -laudit you should be able to - link without it. - - --with-DCE - Enable DCE support for systems without PAM. Known to work on - HP-UX 9.X, 10.X, and 11.0; other systems may require source - code and/or `configure' changes. On systems with PAM support - (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the - DCE PAM module (usually libpam_dce) should be used instead. - - --with-logincap - This adds support for login classes specified in /etc/login.conf. - It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and - NetBSD (where available). By default, a login class is not applied - unless the 'use_loginclass' option is defined in sudoers or the user - specifies a class on the command line. - - --with-bsdauth - Enable support for BSD authentication. This is the default - for BSD/OS and OpenBSD systems that support it. - It is not possible to mix BSD authentication with other - authentication methods (and there really should be no need - to do so). Note that only the newer BSD authentication API - is supported. If you don't have /usr/include/bsd_auth.h - then you cannot use this. - - --with-project - Enable support for Solaris project resource limits. - This option is only available on Solaris 9 and above. - - --with-noexec[=PATH] - Enable support for the "noexec" functionality which prevents - a dynamically-linked program being run by sudo from executing - another program (think shell escapes). Please see the - "PREVENTING SHELL ESCAPES" section in the sudoers man page - for details. If specified, PATH should be a fully qualified - path name, e.g. /usr/local/libexec/sudo_noexec.so. If PATH - is "no", noexec support will not be compiled in. The default - is to compile noexec support if libtool supports building - shared objects on your OS. - --disable-pam-session Disable sudo's PAM session support. This may be needed on older PAM implementations or on operating systems where @@ -297,20 +406,19 @@ Special features/options: PAM session support is disabled, resource limits may not be updated for the command being run. - --disable-root-mailer - By default sudo will run the mailer as root when tattling - on a user so as to prevent that user from killing the mailer. - With this option, sudo will run the mailer as the invoking - user which some people consider to be safer. + --with-passwd=no, --without-passwd + This option excludes authentication via the passwd (or + shadow) file. It should only be used when another, alternative, + authentication scheme is in use. - --disable-setreuid - Disable use of the setreuid() function for operating systems - where it is broken. Mac OS X has setreuid() but it doesn't - really work. + --with-SecurID[=DIR] + Enable SecurID support. If specified, DIR is directory containing + libaceclnt.a, acexport.h, and sdacmvls.h. - --disable-setresuid - Disable use of the setresuid() function for operating systems - where it is broken (none currently known). + --with-skey[=DIR] + Enable S/Key OTP (One Time Password) support. If specified, + DIR should contain include and lib directories with skey.h + and libskey.a respectively. --disable-sia Disable SIA support. This is the "Security Integration @@ -322,202 +430,107 @@ Special features/options: in shadow password support and use a shadow password if it exists. - --with-sudoers-mode=MODE - File mode for the sudoers file (octal). Note that if you - wish to NFS-mount the sudoers file this must be group - readable. Also note that this is actually set in the - Makefile. The default mode is 0440. - - --with-sudoers-uid=UID - User id that "owns" the sudoers file. Note that this is - the numeric id, *not* the symbolic name. Also note that - this is actually set in the Makefile. The default is 0. - - --with-sudoers-gid=GID - Group id that "owns" the sudoers file. Note that this is - the numeric id, *not* the symbolic name. Also note that - this is actually set in the Makefile. The default is 0. - - --without-interfaces - This option keeps sudo from trying to glean the ip address - from each attached ethernet interface. It is only useful - on a machine where sudo's interface reading support does - not work, which may be the case on some SysV-based OS's - using STREAMS. - - --without-passwd - This option excludes authentication via the passwd (or - shadow) file. It should only be used when another, alternative, - authentication scheme is in use. - - --with-otp-only - This option is now just an alias for --without-passwd. - - --with-selinux - Enable support for role based access control (RBAC) on - systems that support SELinux. - - --with-man - Use the "man" macros for manual pages. By default, mdoc - versions of the manuals are installed. This can be used - to override configure's test for "nroff -mdoc" support. - - --with-mdoc - Use the "mdoc" macros for manual pages. By default, mdoc - versions of the manuals are installed. This can be used - to override configure's test for "nroff -mdoc" support. + --enable-gss-krb5-ccache-name + Use the gss_krb5_ccache_name() function to set the Kerberos + V credential cache file name. By default, sudo will use + the KRB5CCNAME environment variable to set this. While + gss_krb5_ccache_name() provides a better API to do this it + is not supported by all Kerberos V and SASL combinations. -The following options are also configurable at runtime: +Development options: + --enable-env-debug + Enable debugging of the environment setting functions. This + enables extra checks to make sure the environment does not + become corrupted. - --with-long-otp-prompt - When validating with a One Time Password scheme (S/Key or - OPIE), a two-line prompt is used to make it easier to cut - and paste the challenge to a local window. It's not as - pretty as the default but some people find it more convenient. + --enable-warnings + Enable compiler warnings when building sudo with gcc. - --with-logging=TYPE - How you want to do your logging. You may choose "syslog", - "file", or "both". Setting this to "syslog" is nice because - you can keep all of your sudo logs in one place (see the - sample.syslog.conf file). The default is "syslog". + --enable-werror + Enable the -Werror compiler option when building sudo with gcc. - --with-logfac=FACILITY - Determines which syslog facility to log to. This requires - a 4.3BSD or later version of syslog. You can still set - this for ancient syslogs but it will have no effect. The - following facilities are supported: authpriv (if your OS - supports it), auth, daemon, user, local0, local1, local2, - local3, local4, local5, local6, and local7. + --with-devel + Configure development options. This will enable compiler warnings + and set up the Makefile to be able to regenerate the sudoers parser + as well as the manual pages. - --with-goodpri=PRIORITY - Determines which syslog priority to log successfully - authenticated commands. The following priorities are - supported: alert, crit, debug, emerg, err, info, notice, - and warning. + --with-efence + Link with the "electric fence" debugging malloc. - --with-badpri=PRIORITY - Determines which syslog priority to log unauthenticated - commands and errors. The following priorities are supported: - alert, crit, debug, emerg, err, info, notice, and warning. +Options that set runtime-changeable default values: + --disable-authentication + By default, sudo requires the user to authenticate via a + password or similar means. This options causes sudo to + *not* require authentication. It is possible to turn + authentication back on in sudoers via the PASSWD attribute. + Sudoers option: !authenticate - --with-logpath=PATH - Override the default location of the sudo log file and use - "path" instead. By default will use /var/log/sudo.log if - there is a /var/log dir, falling back to /var/adm/sudo.log - or /usr/adm/sudo.log if not. + --disable-env-reset + Disable environment resetting. This sets the default value + of the "env_reset" Defaults option in sudoers to false. + Sudoers option: !env_reset - --with-loglen=NUMBER - Number of characters per line for the file log. This is only used if - you are to "file" or "both". This value is used to decide when to wrap - lines for nicer log files. The default is 80. Setting this to 0 - will disable the wrapping. + --disable-path-info + Normally, sudo will tell the user when a command could not be found + in their $PATH. Some sites may wish to disable this as it could + be used to gather information on the location of executables that + the normal user does not have access to. The disadvantage is that + if the executable is simply not in the user's path, sudo will tell + the user that they are not allowed to run it, which can be confusing. + Sudoers option: path_info - --with-ignore-dot - If set, sudo will ignore '.' or '' (current dir) in $PATH. - The $PATH itself is not modified. + --disable-root-sudo + Don't let root run sudo. This can be used to prevent people from + "chaining" sudo commands to get a root shell by doing something + like "sudo sudo /bin/sh". + Sudoers option: !root_sudo - --with-mailto=USER|MAIL_ALIAS - User (or mail alias) that mail from sudo is sent to. - This should go to a sysadmin at your site. The default is "root". + --disable-zlib + Disable the use of the zlib compress library when storing + I/O log files. + Sudoers option: !compress_io - --with-mailsubject="SUBJECT OF MAIL" - Subject of the mail sent to the "mailto" user. The token "%h" - will expand to the hostname of the machine. - Default is "*** SECURITY information for %h ***". + --enable-log-host + Log the hostname in the log file. + Sudoers option: log_host - --without-mail-if-no-user - Normally, sudo will mail to the "alertmail" user if the user invoking - sudo is not in the sudoers file. This option disables that behavior. + --enable-noargs-shell + If sudo is invoked with no arguments it acts as if the "-s" flag had + been given. That is, it runs a shell as root (the shell is determined + by the SHELL environment variable, falling back on the shell listed + in the invoking user's /etc/passwd entry). + Sudoers option: shell_noargs - --with-mail-if-no-host - Send mail to the "alermail" user if the user exists in the sudoers - file, but is not allowed to run commands on the current host. + --enable-shell-sets-home + If sudo is invoked with the "-s" flag the HOME environment variable + will be set to the home directory of the target user (which is root + unless the "-u" option is used). This option effectively makes the + "-s" flag imply "-H". + Sudoers option: set_home - --with-mail-if-noperms - Send mail to the "alermail" user if the user is allowed to use sudo but - the command they are trying is not listed in their sudoers file entry. + --with-all-insults + Include all the insult sets listed below. You must either specify + --with-insults or enable insults in the sudoers file for this to + have any effect. - --with-passprompt="PASSWORD PROMPT" - Default prompt to use when asking for a password; can be overridden - via the -p option and the SUDO_PROMPT environment variable. Supports - the "%H", "%h", "%U" and "%u" escapes as documented in the sudo - manual page. The default value is "Password:". + --with-askpass=PATH + Set PATH as the "askpass" program to use when no tty is + available. Typically, this is a graphical password prompter, + similar to the one used by ssh. The program must take a + prompt as an argument and print the received password to + the standard output. This value may overridden at run-time + in the sudo.conf file. --with-badpass-message="BAD PASSWORD MESSAGE" Message that is displayed if a user enters an incorrect password. The default is "Sorry, try again." unless insults are turned on. + Sudoers option: badpass_message - --with-fqdn - Define this if you want to put fully qualified hostnames in the sudoers - file. Ie: instead of myhost you would use myhost.mydomain.edu. You may - still use the short form if you wish (and even mix the two). Beware - that turning FQDN on requires sudo to make DNS lookups which may make - sudo unusable if your DNS is totally hosed. Also note that you must - use the host's official name as DNS knows it. That is, you may not use - a host alias (CNAME entry) due to performance issues and the fact that - there is no way to get all aliases from DNS. - - --with-timedir=PATH - Override the default location of the sudo timestamp directory and - use "path" instead. - - --with-sendmail=PATH - Override configure's guess as to the location of sendmail. - - --without-sendmail - Do not use sendmail to mail messages to the "mailto" user. - Use only if don't run sendmail or the equivalent. - - --with-umask=MASK - Umask to use when running the root command. The default is 0022. - - --without-umask - Preserves the umask of the user invoking sudo. - - --with-umask-override - Use the umask specified in sudoers even if it is less restrictive - than the user's. The default is to use the intersection of the - user's umask and the umask specified in sudoers. - - --with-runas-default=USER - The default user to run commands as if the -u flag is not specified - on the command line. This defaults to "root". - - --with-exempt=GROUP - Users in the specified group don't need to enter a password when - running sudo. This may be useful for sites that don't want their - "core" sysadmins to have to enter a password but where Jr. sysadmins - need to. You should probably use NOPASSWD in sudoers instead. - - --with-passwd-tries=NUMBER - Number of tries a user gets to enter his/her password before sudo logs - the failure and exits. The default is 3. - - --with-timeout=NUMBER - Number of minutes that can elapse before sudo will ask for a passwd - again. The default is 5, set this to 0 to always prompt for a password. - - --with-password-timeout=NUMBER - Number of minutes before the sudo password prompt times out. - The default is 5, set this to 0 for no password timeout. - - --without-tty-tickets - By default, sudo uses a different ticket file for each user/tty combo. - With this option disabled, a single ticket will be used for all - of a user's login sessions. - - --with-insults - Define this if you want to be insulted for typing an incorrect password - just like the original sudo(8). This is off by default. - - --with-insults=disabled - Include support for insults but disable them unless explicitly - enabled in sudoers. - - --with-all-insults - Include all the insult sets listed below. You must either specify - --with-insults or enable insults in the sudoers file for this to - have any effect. + --with-badpri=PRIORITY + Determines which syslog priority to log unauthenticated + commands and errors. The following priorities are supported: + alert, crit, debug, emerg, err, info, notice, and warning. + Sudoers option: syslog_badpri --with-classic-insults Uses insults from sudo "classic." If you just specify --with-insults @@ -530,37 +543,13 @@ The following options are also configurable at runtime: --with-insults as well for this to have any effect. This is on by default if --with-insults is given. - --with-hal-insults - Uses 2001-like insults when an incorrect password is entered. - You must either specify --with-insults or enable insults in the - sudoers file for this to have any effect. - - --with-goons-insults - Insults the user with lines from the "Goon Show" when an incorrect - password is entered. You must either specify --with-insults or - enable insults in the sudoers file for this to have any effect. - - --with-pc-insults - Replace politically incorrect insults with less objectionable ones. - - --with-secure-path[=PATH] - Path used for every command run from sudo(8). If you don't trust the - people running sudo to have a sane PATH environment variable you may - want to use this. Another use is if you want to have the "root path" - be separate from the "user path." You will need to customize the path - for your site. NOTE: this is not applied to users in the group - specified by --with-exemptgroup. If you do not specify a path, - "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used. - - --without-lecture - Don't print the lecture the first time a user runs sudo. - --with-editor=PATH Specify the default editor path for use by visudo. This may be a single path name or a colon-separated list of editors. In the latter case, visudo will choose the editor that matches the user's VISUAL or EDITOR environment variables or the first editor in the list that exists. The default is the path to vi on your system. + Sudoers option: editor --with-env-editor Makes visudo consult the VISUAL and EDITOR environment variables before @@ -570,195 +559,221 @@ The following options are also configurable at runtime: is to use a colon-separated list of editors with the --with-editor option. visudo will then only use the VISUAL or EDITOR variables if they match a value specified via --with-editor. + Sudoers option: env_editor - --with-askpass=PATH - Set PATH as the "askpass" program to use when no tty is - available. Typically, this is a graphical password prompter, - similar to the one used by ssh. The program must take a - prompt as an argument and print the received password to - the standard output. + --with-exempt=GROUP + Users in the specified group don't need to enter a password when + running sudo. This may be useful for sites that don't want their + "core" sysadmins to have to enter a password but where Jr. sysadmins + need to. You should probably use NOPASSWD in sudoers instead. + Sudoers option: exempt_group + + --with-fqdn + Define this if you want to put fully qualified host names in the sudoers + file. Ie: instead of myhost you would use myhost.mydomain.edu. You may + still use the short form if you wish (and even mix the two). Beware + that turning FQDN on requires sudo to make DNS lookups which may make + sudo unusable if your DNS is totally hosed. Also note that you must + use the host's official name as DNS knows it. That is, you may not use + a host alias (CNAME entry) due to performance issues and the fact that + there is no way to get all aliases from DNS. + Sudoers option: fqdn + + --with-goodpri=PRIORITY + Determines which syslog priority to log successfully + authenticated commands. The following priorities are + supported: alert, crit, debug, emerg, err, info, notice, + and warning. + Sudoers option: syslog_goodpri + + --with-goons-insults + Insults the user with lines from the "Goon Show" when an incorrect + password is entered. You must either specify --with-insults or + enable insults in the sudoers file for this to have any effect. + + --with-hal-insults + Uses 2001-like insults when an incorrect password is entered. + You must either specify --with-insults or enable insults in the + sudoers file for this to have any effect. + + --with-ignore-dot + If set, sudo will ignore '.' or '' (current dir) in $PATH. + The $PATH itself is not modified. + Sudoers option: ignore_dot + + --with-insults + Define this if you want to be insulted for typing an incorrect password + just like the original sudo(8). This is off by default. + Sudoers option: insults + + --with-insults=disabled + Include support for insults but disable them unless explicitly + enabled in sudoers. + Sudoers option: !insults --with-iologdir[=DIR] By default, sudo stores I/O log files in either /var/log/sudo-io, /var/adm/sudo-io, or /usr/log/sudo-io. If this option is specified, I/O logs will be stored in the indicated directory instead. + Sudoers option: iolog_dir - --disable-authentication - By default, sudo requires the user to authenticate via a - password or similar means. This options causes sudo to - *not* require authentication. It is possible to turn - authentication back on in sudoers via the PASSWD attribute. + --with-lecture=no, --without-lecture + Don't print the lecture the first time a user runs sudo. + Sudoers option: !lecture - --disable-root-sudo - Don't let root run sudo. This can be used to prevent people from - "chaining" sudo commands to get a root shell by doing something - like "sudo sudo /bin/sh". + --with-logfac=FACILITY + Determines which syslog facility to log to. This requires + a 4.3BSD or later version of syslog. You can still set + this for ancient syslogs but it will have no effect. The + following facilities are supported: authpriv (if your OS + supports it), auth, daemon, user, local0, local1, local2, + local3, local4, local5, local6, and local7. + Sudoers option: syslog - --enable-gss-krb5-ccache-name - Use the gss_krb5_ccache_name() function to set the Kerberos - V credential cache file name. By default, sudo will use - the KRB5CCNAME environment variable to set this. While - gss_krb5_ccache_name() provides a better API to do this it - is not supported by all Kerberos V and SASL combinations. + --with-logging=TYPE + How you want to do your logging. You may choose "syslog", + "file", or "both". Setting this to "syslog" is nice because + you can keep all of your sudo logs in one place (see the + sample.syslog.conf file). The default is "syslog". + Sudoers options: syslog and logfile - --enable-log-host - Log the hostname in the log file. + --with-loglen=NUMBER + Number of characters per line for the file log. This is only used if + you are to "file" or "both". This value is used to decide when to wrap + lines for nicer log files. The default is 80. Setting this to 0 + will disable the wrapping. + Sudoers options: loglinelen - --enable-noargs-shell - If sudo is invoked with no arguments it acts as if the "-s" flag had - been given. That is, it runs a shell as root (the shell is determined - by the SHELL environment variable, falling back on the shell listed - in the invoking user's /etc/passwd entry). + --with-logpath=PATH + Override the default location of the sudo log file and use + "path" instead. By default will use /var/log/sudo.log if + there is a /var/log dir, falling back to /var/adm/sudo.log + or /usr/adm/sudo.log if not. + Sudoers option: logfile - --enable-shell-sets-home - If sudo is invoked with the "-s" flag the HOME environment variable - will be set to the home directory of the target user (which is root - unless the "-u" option is used). This option effectively makes the - "-s" flag imply "-H". + --with-long-otp-prompt + When validating with a One Time Password scheme (S/Key or + OPIE), a two-line prompt is used to make it easier to cut + and paste the challenge to a local window. It's not as + pretty as the default but some people find it more convenient. + Sudoers option: long_otp_prompt - --disable-path-info - Normally, sudo will tell the user when a command could not be found - in their $PATH. Some sites may wish to disable this as it could - be used to gather information on the location of executables that - the normal user does not have access to. The disadvantage is that - if the executable is simply not in the user's path, sudo will tell - the user that they are not allowed to run it, which can be confusing. + --with-mail-if-no-user=no, --without-mail-if-no-user + Normally, sudo will mail to the "alertmail" user if the user invoking + sudo is not in the sudoers file. This option disables that behavior. + Sudoers option: mail_no_user - --enable-zlib[=location] - Enable the use of the zlib compress library when storing - I/O log files. If specified, location is the base directory - containing the zlib include and lib directories. The special - values "system" and "builtin" can be used to indicate that - the system version of zlib should be used or that the version - of zlib shipped with sudo should be used instead. - If this option is not specified, configure will use the - system zlib if it is present. + --with-mail-if-no-host + Send mail to the "alermail" user if the user exists in the sudoers + file, but is not allowed to run commands on the current host. + Sudoers option: mail_no_host - --disable-zlib - Disable the use of the zlib compress library when storing - I/O log files. + --with-mail-if-noperms + Send mail to the "alermail" user if the user is allowed to use sudo but + the command they are trying is not listed in their sudoers file entry. + Sudoers option: mail_no_perms - --enable-warnings - Enable compiler warnings when building sudo with gcc. + --with-mailsubject="SUBJECT OF MAIL" + Subject of the mail sent to the "mailto" user. The token "%h" + will expand to the hostname of the machine. + Default is "*** SECURITY information for %h ***". + Sudoers option: mailsub - --enable-werror - Enable the -Werror compiler option when building sudo with gcc. + --with-mailto=USER|MAIL_ALIAS + User (or mail alias) that mail from sudo is sent to. + This should go to a sysadmin at your site. The default is "root". + Sudoers option: mailto - --disable-hardening - Disable the use of compiler/linker exploit mitigation options - which are enabled by default. This includes compiling with - _FORTIFY_SOURCE defined to 2, building with -fstack-protector - and linking with -zrelro, where supported. + --with-passprompt="PASSWORD PROMPT" + Default prompt to use when asking for a password; can be overridden + via the -p option and the SUDO_PROMPT environment variable. Supports + the "%H", "%h", "%U" and "%u" escapes as documented in the sudo + manual page. The default value is "Password:". + Sudoers option: passprompt - --disable-pie - Disable the creation of position independent executables (PIE) - even when the compiler and linker support them. - By default, sudo will be built as a PIE where possible. + --with-password-timeout=NUMBER + Number of minutes before the sudo password prompt times out. + The default is 5, set this to 0 for no password timeout. + Sudoers option: passwd_timeout - --enable-admin-flag - Enable the creation of an Ubuntu-style admin flag file - the first time sudo is run. + --with-passwd-tries=NUMBER + Number of tries a user gets to enter his/her password before sudo logs + the failure and exits. The default is 3. + Sudoers option: passwd_tries - --disable-env-reset - Disable environment resetting. This sets the default value - of the "env_reset" Defaults option in sudoers to false. + --with-pc-insults + Replace politically incorrect insults with less objectionable ones. - --enable-nls[=location] - Enable natural language support using the gettext() family - of functions. If specified, location is the base directory - containing the libintl include and lib directories. If - this option is not specified, configure will look for the - gettext() family of functions in the standard C library - first, then check for a standalone libintl (linking with - libiconv as needed). + --with-runas-default=USER + The default user to run commands as if the -u flag is not specified + on the command line. This defaults to "root". + Sudoers option: runas_default - --disable-nls - Disable natural language support. By default, sudo will - use the gettext() family of functions, if available, to - implement messages in the invoking user's native language. - Note that translations do not exist for all languages. + --with-secure-path[=PATH] + Path used for every command run from sudo(8). If you don't trust the + people running sudo to have a sane PATH environment variable you may + want to use this. Another use is if you want to have the "root path" + be separate from the "user path." You will need to customize the path + for your site. NOTE: this is not applied to users in the group + specified by --with-exemptgroup. If you do not specify a path, + "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used. + Sudoers option: secure_path -Shadow password and C2 support -============================== + --with-sendmail=PATH + Override configure's guess as to the location of sendmail. + Sudoers option: mailerpath -Shadow passwords (also included with most C2 security packages) are -supported on most major platforms for which they exist. The -`configure' script will attempt to determine if your system can use -shadow passwords and include support for them if so. Shadow password -support is now compiled in by default (it doesn't hurt anything if you -don't have them configured). To disable the shadow password support, -use the --disable-shadow option to configure. - -Shadow passwords are known to work on the following platforms: - - SunOS 4.x - Solaris 2.x - HP-UX >= 9.x - Ultrix 4.x - Digital UNIX - IRIX >= 5.x - AIX >= 3.2.x - Linux - SCO >= 3.2.2 - Pyramid DC/OSx - UnixWare - SVR4 (and variants using standard SVR4 shadow passwords) - 4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and Mac OS X) - Systems using SecureWare's C2 security. + --with-sendmail=no, --without-sendmail + Do not use sendmail to mail messages to the "mailto" user. + Use only if you don't run sendmail or the equivalent. + Sudoers options: !mailerpath or !mailto -OS dependent notes -================== + --with-sudoers-mode=MODE + File mode for the sudoers file (octal). Note that if you + wish to NFS-mount the sudoers file this must be group + readable. This value may overridden at run-time in the + sudo.conf file. The default mode is 0440. -Linux: - PAM and LDAP headers are not installed by default on most Linux - systems. You will need to install the "pam-dev" package if - /usr/include/security/pam_appl.h is not present on your system. - If you wish to build with LDAP support you will also need the - openldap-devel package. + --with-sudoers-uid=UID + User id that "owns" the sudoers file. Note that this is + the numeric id, *not* the symbolic name. This value may + overridden at run-time in the sudo.conf file. The default + is 0. - Versions of glibc 2.x previous to 2.0.7 have a broken lsearch(). - You will need to either upgrade to glibc-2.0.7 or use sudo's - version of lsearch(). To use sudo's lsearch(), comment out - the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o - to the LIBOBJS line in the Makefile. + --with-sudoers-gid=GID + Group id that "owns" the sudoers file. Note that this is + the numeric id, *not* the symbolic name. This value may + overridden at run-time in the sudo.conf file. The default + is 0. - If you are using a Linux kernel older than 2.4 it is not possible - to access the sudoers file via NFS. This is due to a bug in - the Linux client-side NFS implementation that has since been - fixed. There is a workaround on the sudo ftp site, linux_nfs.patch, - if you need to NFS-mount sudoers on older Linux kernels. + --with-timeout=NUMBER + Number of minutes that can elapse before sudo will ask for a passwd + again. The default is 5, set this to 0 to always prompt for a password. + Sudoers option: timestamp_timeout -Solaris 2.x: - You need to have a C compiler in order to build sudo. Since - Solaris 2.x does not come with one by default this means that - you either need to install the Sun Studio compiler suite, - available for free from www.sun.com, or have a copy of the GNU - C compiler (gcc) which is distributed on the Solaris Companion - CD. You can also get them from various places on the net, - including http://www.sunfreeware.com/ - NOTE: sudo will *not* build with the sun C compiler in BSD - compatibility mode (/usr/ucb/cc). Sudo is designed to - compile with the standard C compiler (or gcc) and will - not build correctly with /usr/ucb/cc. You can set the - CC environment variable to the non-ucb compiler when - running `configure' if it is not the first cc in your - path. Some sites link /usr/ucb/cc to gcc; configure will - not notice this and still refuse to use /usr/ucb/cc, so - make sure gcc is also in your path if your site is setup - this way. - Also: Older versions of Solaris come with a broken syslogd. - If you have having problems with sudo logging you should - make sure you have the latest syslogd patch installed. - This is a problem for Solaris 2.4 and 2.5 at least. + --with-tty-tickets=no, --without-tty-tickets + By default, sudo uses a different ticket file for each user/tty combo. + With this option disabled, a single ticket will be used for all + of a user's login sessions. + Sudoers option: tty_tickets -Mac OS X: - The pseudo-tty support in the Mac OS X kernel has bugs related - to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals. - It does not restart reads and writes when those signals are - delivered. This may cause problems for some commands when I/O - logging is enabled. The issue has been reported to Apple and - is bug id #7952709. + --with-umask=MASK + Umask to use when running the root command. The default is 0022. + Sudoers option: umask + + --with-umask=no, --without-umask + Preserves the umask of the user invoking sudo. + Sudoers option: !umask + + --with-umask-override + Use the umask specified in sudoers even if it is less restrictive + than the user's. The default is to use the intersection of the + user's umask and the umask specified in sudoers. + Sudoers option: umask_override + +OS dependent notes +================== HP-UX: The default C compiler shipped with HP-UX is not an ANSI compiler. @@ -776,33 +791,30 @@ HP-UX: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login -Digital UNIX: - By default, sudo will use SIA (Security Integration Architecture) - to validate a user. If you want to use an alternative authentication - method that does not go through SIA, you need to use the - --disable-sia option to configure. If you use gcc to compile - you will get warnings when building interfaces.c. These are - harmless but if they really bug you, you can edit - /usr/include/net/if.h around line 123, right after the comment: - /* forward decls for C++ */ - change the line: - #ifdef __cplusplus - to: - #if defined(__cplusplus) || defined(__GNUC__) - If you don't like the idea of editing the system header file - you can just make a copy in gcc's private include tree and - edit that. - -AIX 3.2.x: - I've had various problems with the AIX C compiler producing - incorrect code when the -O flag was used. When optimization - is not used, the problems go away. Gcc does not appear - to have this problem. - -SCO ODT: - You'll probably need libcrypt_i.a available via anonymous ftp - from sosco.sco.com. The necessary files are /SLS/lng225b.Z - and /SLS/lng225b.ltr.Z. +Linux: + PAM and LDAP headers are not installed by default on most Linux + systems. You will need to install the "pam-dev" package if + /usr/include/security/pam_appl.h is not present on your system. + If you wish to build with LDAP support you will also need the + openldap-devel package. + +Mac OS X: + The pseudo-tty support in the Mac OS X kernel has bugs related + to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals. + It does not restart reads and writes when those signals are + delivered. This may cause problems for some commands when I/O + logging is enabled. The issue has been reported to Apple and + is bug id #7952709. + +Solaris: + You need to have a C compiler in order to build sudo. Since + Solaris does not come with one by default this means that you + either need to either install the Solaris Studio compiler suite, + available for free from www.oracle.com, or install the GNU C + compiler (gcc) which is can be installed via the pkg utility + on Solaris 11 and higher and is distributed on the Solaris + Companion CD for older Solaris releases. You can also download + gcc packages from http://www.opencsw.org/packages/CSWgcc4core/ SunOS 4.x: SunOS does not ship with an ANSI C compiler. You will need to @@ -810,24 +822,4 @@ SunOS 4.x: The /bin/sh shipped with SunOS blows up while running configure. You can work around this by installing bash or zsh. If you - have bash or zsh in your path, configure will use it instead - automatically. - -ULTRIX 4.x: - ULTRIX does not ship with an ANSI C compiler. You will need to - install an ANSI compiler such as gcc to build sudo. - - The /bin/sh shipped with ULTRIX blows up while running configure. - You can work around this by installing bash or zsh. If you - have bash or zsh in your path, configure will use it instead - automatically. - - ULTRIX ships with the 4.2BSD syslog(3) which does not - allow things like logging different facilities to different - files, redirecting logs to a single loghost and other niceties. - You may want to just grab and install: - ftp://www.sudo.ws/pub/sudo/misc/jtkohl-syslog-complete.tar.gz - (available via anonymous ftp) which is a port if the 4.3BSD - syslog/syslogd that is backwards compatible with the Ultrix version. - I recommend it highly. If you do not do this you probably want - to run configure with --with-logging=file + have bash or zsh in your path, configure will use it automatically. diff --git a/INSTALL.configure b/INSTALL.configure index 9053561..81fd332 100644 --- a/INSTALL.configure +++ b/INSTALL.configure @@ -1,48 +1,80 @@ +Installation Instructions +************************* + +Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, +2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. + + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. + Basic Installation ================== - These are generic installation instructions. + Briefly, the shell commands `./configure; make; make install' should +configure, build, and install this package. The following +more-detailed instructions are generic; see the `README' file for +instructions specific to this package. Some packages provide this +`INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that -you can run in the future to recreate the current configuration, a file -`config.cache' that saves the results of its tests to speed up -reconfiguring, and a file `config.log' containing compiler output -(useful mainly for debugging `configure'). +you can run in the future to recreate the current configuration, and a +file `config.log' containing compiler output (useful mainly for +debugging `configure'). + + It can also use an optional file (typically called `config.cache' +and enabled with `--cache-file=config.cache' or simply `-C') that saves +the results of its tests to speed up reconfiguring. Caching is +disabled by default to prevent problems with accidental use of stale +cache files. If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can -be considered for the next release. If at some point `config.cache' -contains results you don't want to keep, you may remove or edit it. +be considered for the next release. If you are using the cache, and at +some point `config.cache' contains results you don't want to keep, you +may remove or edit it. - The file `configure.in' is used to create `configure' by a program -called `autoconf'. You only need `configure.in' if you want to change -it or regenerate `configure' using a newer version of `autoconf'. + The file `configure.ac' (or `configure.in') is used to create +`configure' by a program called `autoconf'. You need `configure.ac' if +you want to change it or regenerate `configure' using a newer version +of `autoconf'. -The simplest way to compile this package is: + The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. If you're - using `csh' on an old version of System V, you might need to type - `sh ./configure' instead to prevent `csh' from trying to execute - `configure' itself. + `./configure' to configure the package for your system. - Running `configure' takes awhile. While running, it prints some - messages telling which features it is checking for. + Running `configure' might take a while. While running, it prints + some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with - the package. + the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and - documentation. - - 5. You can remove the program binaries and object files from the + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the `make install' phase executed with root + privileges. + + 5. Optionally, type `make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior `make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is @@ -51,55 +83,119 @@ The simplest way to compile this package is: all sorts of other programs in order to regenerate files that came with the distribution. + 7. Often, you can also type `make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide `make + distcheck', which can by used by developers to test that all other + targets like `make install' and `make uninstall' work correctly. + This target is generally not run by end users. + Compilers and Options ===================== Some systems require unusual options for compilation or linking that -the `configure' script does not know about. You can give `configure' -initial values for variables by setting them in the environment. Using -a Bourne-compatible shell, you can do that on the command line like -this: - CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure +the `configure' script does not know about. Run `./configure --help' +for details on some of the pertinent environment variables. + + You can give `configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here +is an example: -Or on systems that have the `env' program, you can do it like this: - env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure + ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their -own directory. `cd' to the directory where you want the object files -and executables to go and run the `configure' script. `configure' -automatically checks for the source code in the directory that `configure' -is in and in `..'. +own directory. To do this, you can use GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. This +is known as a "VPATH" build. + + With a non-GNU `make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use `make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple `-arch' options to the +compiler but only a single `-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the `lipo' tool if you have problems. Installation Names ================== - By default, `make install' will install the package's files in -`/usr/local/bin', `/usr/local/man', etc. You can specify an -installation prefix other than `/usr/local' by giving `configure' the -option `--prefix=PATH'. + By default, `make install' installs the package's commands under +`/usr/local/bin', include files under `/usr/local/include', etc. You +can specify an installation prefix other than `/usr/local' by giving +`configure' the option `--prefix=PREFIX', where PREFIX must be an +absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you -give `configure' the option `--exec-prefix=PATH', the package will use -PATH as the prefix for installing programs and libraries. -Documentation and other data files will still use the regular prefix. +pass the option `--exec-prefix=PREFIX' to `configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give -options like `--bindir=PATH' to specify different values for particular +options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. +you can set and what kinds of files go in them. In general, the +default for these options is expressed in terms of `${prefix}', so that +specifying just `--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to `configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +`make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, `make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +`${prefix}'. Any directories that were specified during `configure', +but not in terms of `${prefix}', must each be overridden at install +time for the entire installation to be relocated. The approach of +makefile variable overrides for each directory variable is required by +the GNU Coding Standards, and ideally causes no recompilation. +However, some platforms have known limitations with the semantics of +shared libraries that end up requiring recompilation when using this +method, particularly noticeable in packages that use GNU Libtool. + + The second method involves providing the `DESTDIR' variable. For +example, `make install DESTDIR=/alternate/directory' will prepend +`/alternate/directory' before all installation names. The approach of +`DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of `${prefix}' +at `configure' time. + +Optional Features +================= If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. -Optional Features -================= - Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE @@ -112,25 +208,75 @@ find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. + Some packages offer the ability to configure how verbose the +execution of `make' will be. For these packages, running `./configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with `make V=1'; while running `./configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with `make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU +CC is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its `' header file. The option `-nodtk' can be used as +a workaround. If GNU CC is not installed, it is therefore recommended +to try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + Specifying the System Type ========================== - There may be some features `configure' can not figure out -automatically, but needs to determine by the type of host the package -will run on. Usually `configure' can figure that out, but if it prints -a message saying it can not guess the host type, give it the -`--host=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name with three fields: + There may be some features `configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, `configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the +`--build=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name which has the form: + CPU-COMPANY-SYSTEM -See the file `config.sub' for the possible values of each field. If +where SYSTEM can have one of these forms: + + OS + KERNEL-OS + + See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't -need to know the host type. +need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +use the option `--target=TYPE' to select the type of system they will +produce code for. - If you are building compiler tools for cross-compiling, you can also -use the `--target=TYPE' option to select the type of system they will -produce code for and the `--build=TYPE' option to select the type of -system on which you are compiling the package. + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the +"host" platform (i.e., that on which the generated programs will +eventually be run) with `--host=TYPE'. Sharing Defaults ================ @@ -143,32 +289,77 @@ default values for variables like `CC', `cache_file', and `prefix'. `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. -Operation Controls +Defining Variables ================== + Variables not defined in a site shell script can be set in the +environment passed to `configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the `configure' command line, using `VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +causes the specified `gcc' to be used as the C compiler (unless it is +overridden in the site shell script). + +Unfortunately, this technique does not work for `CONFIG_SHELL' due to +an Autoconf bug. Until the bug is fixed you can use this workaround: + + CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash + +`configure' Invocation +====================== + `configure' recognizes the following options to control how it operates. +`--help' +`-h' + Print a summary of all of the options to `configure', and exit. + +`--help=short' +`--help=recursive' + Print a summary of the options unique to this package's + `configure', and exit. The `short' variant lists options used + only in the top level, while the `recursive' variant lists options + also present in any nested packages. + +`--version' +`-V' + Print the version of Autoconf used to generate the `configure' + script, and exit. + `--cache-file=FILE' - Use and save the results of the tests in FILE instead of - `./config.cache'. Set FILE to `/dev/null' to disable caching, for - debugging `configure'. + Enable the cache: use and save the results of the tests in FILE, + traditionally `config.cache'. FILE defaults to `/dev/null' to + disable caching. -`--help' - Print a summary of the options to `configure', and exit. +`--config-cache' +`-C' + Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' - Do not print messages saying which checks are being made. + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to `/dev/null' (any error + messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. -`--version' - Print the version of Autoconf used to generate the `configure' - script, and exit. +`--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: + for more details, including other options available for fine-tuning + the installation locations. + +`--no-create' +`-n' + Run the configure checks, but stop before creating any output + files. -`configure' also accepts some other, not widely useful, options. +`configure' also accepts some other, not widely useful, options. Run +`configure --help' for more details. diff --git a/MANIFEST b/MANIFEST index a55370d..e93d3a9 100644 --- a/MANIFEST +++ b/MANIFEST @@ -11,14 +11,38 @@ common/Makefile.in common/aix.c common/alloc.c common/atobool.c +common/error.c common/fileops.c common/fmt_string.c common/lbuf.c common/list.c +common/regress/sudo_conf/conf_test.c +common/regress/sudo_conf/test1.in +common/regress/sudo_conf/test1.out.ok +common/regress/sudo_conf/test2.in +common/regress/sudo_conf/test2.out.ok +common/regress/sudo_conf/test3.in +common/regress/sudo_conf/test3.out.ok +common/regress/sudo_conf/test4.in +common/regress/sudo_conf/test4.out.ok +common/regress/sudo_parseln/parseln_test.c +common/regress/sudo_parseln/test1.in +common/regress/sudo_parseln/test1.out.ok +common/regress/sudo_parseln/test2.in +common/regress/sudo_parseln/test2.out.ok +common/regress/sudo_parseln/test3.in +common/regress/sudo_parseln/test3.out.ok +common/regress/sudo_parseln/test4.in +common/regress/sudo_parseln/test4.out.ok +common/regress/sudo_parseln/test5.in +common/regress/sudo_parseln/test5.out.ok +common/regress/sudo_parseln/test6.in +common/regress/sudo_parseln/test6.out.ok common/secure_path.c common/setgroups.c common/sudo_conf.c common/sudo_debug.c +common/sudo_printf.c common/term.c common/ttysize.c common/zero_bytes.c @@ -27,6 +51,7 @@ compat/charclass.h compat/closefrom.c compat/dlfcn.h compat/dlopen.c +compat/endian.h compat/fnmatch.c compat/fnmatch.h compat/getaddrinfo.c @@ -45,6 +70,7 @@ compat/mksigname.c compat/mksigname.h compat/mktemp.c compat/nanosleep.c +compat/nss_dbdefs.h compat/pw_dup.c compat/regress/fnmatch/fnm_test.c compat/regress/fnmatch/fnm_test.in @@ -82,6 +108,9 @@ doc/schema.ActiveDirectory doc/schema.OpenLDAP doc/schema.iPlanet doc/sudo.cat +doc/sudo.conf.cat +doc/sudo.conf.man.in +doc/sudo.conf.mdoc.in doc/sudo.man.in doc/sudo.mdoc.in doc/sudo_plugin.cat @@ -125,14 +154,14 @@ mkdep.pl mkinstalldirs mkpkg pathnames.h.in +plugins/group_file/Makefile.in +plugins/group_file/getgrent.c +plugins/group_file/group_file.c +plugins/group_file/group_file.exp +plugins/group_file/plugin_test.c plugins/sample/Makefile.in plugins/sample/sample_plugin.c plugins/sample/sample_plugin.exp -plugins/sample_group/Makefile.in -plugins/sample_group/getgrent.c -plugins/sample_group/plugin_test.c -plugins/sample_group/sample_group.c -plugins/sample_group/sample_group.exp plugins/sudoers/Makefile.in plugins/sudoers/aixcrypt.exp plugins/sudoers/alias.c @@ -152,10 +181,12 @@ plugins/sudoers/auth/securid5.c plugins/sudoers/auth/sia.c plugins/sudoers/auth/sudo_auth.c plugins/sudoers/auth/sudo_auth.h +plugins/sudoers/base64.c plugins/sudoers/boottime.c plugins/sudoers/bsm_audit.c plugins/sudoers/bsm_audit.h plugins/sudoers/check.c +plugins/sudoers/check.h plugins/sudoers/def_data.c plugins/sudoers/def_data.h plugins/sudoers/def_data.in @@ -171,6 +202,7 @@ plugins/sudoers/gram.c plugins/sudoers/gram.h plugins/sudoers/gram.y plugins/sudoers/group_plugin.c +plugins/sudoers/hexchar.c plugins/sudoers/ins_2001.h plugins/sudoers/ins_classic.h plugins/sudoers/ins_csops.h @@ -183,6 +215,7 @@ plugins/sudoers/iolog_path.c plugins/sudoers/ldap.c plugins/sudoers/linux_audit.c plugins/sudoers/linux_audit.h +plugins/sudoers/locale.c plugins/sudoers/logging.c plugins/sudoers/logging.h plugins/sudoers/logwrap.c @@ -191,10 +224,11 @@ plugins/sudoers/match_addr.c plugins/sudoers/mkdefaults plugins/sudoers/parse.c plugins/sudoers/parse.h -plugins/sudoers/plugin_error.c plugins/sudoers/po/README plugins/sudoers/po/da.mo plugins/sudoers/po/da.po +plugins/sudoers/po/de.mo +plugins/sudoers/po/de.po plugins/sudoers/po/eo.mo plugins/sudoers/po/eo.po plugins/sudoers/po/eu.mo @@ -209,20 +243,28 @@ plugins/sudoers/po/ja.mo plugins/sudoers/po/ja.po plugins/sudoers/po/lt.mo plugins/sudoers/po/lt.po +plugins/sudoers/po/nl.mo +plugins/sudoers/po/nl.po plugins/sudoers/po/pl.mo plugins/sudoers/po/pl.po -plugins/sudoers/po/sl.mo +plugins/sudoers/po/sl.mo plugins/sudoers/po/sl.po plugins/sudoers/po/sudoers.pot plugins/sudoers/po/sv.mo plugins/sudoers/po/sv.po +plugins/sudoers/po/tr.mo +plugins/sudoers/po/tr.po plugins/sudoers/po/uk.mo plugins/sudoers/po/uk.po plugins/sudoers/po/vi.mo plugins/sudoers/po/vi.po plugins/sudoers/po/zh_CN.mo plugins/sudoers/po/zh_CN.po +plugins/sudoers/policy.c +plugins/sudoers/prompt.c plugins/sudoers/pwutil.c +plugins/sudoers/pwutil.h +plugins/sudoers/pwutil_impl.c plugins/sudoers/redblack.c plugins/sudoers/redblack.h plugins/sudoers/regress/check_symbols/check_symbols.c @@ -233,10 +275,28 @@ plugins/sudoers/regress/logging/check_wrap.in plugins/sudoers/regress/logging/check_wrap.out.ok plugins/sudoers/regress/parser/check_addr.c plugins/sudoers/regress/parser/check_addr.in +plugins/sudoers/regress/parser/check_base64.c +plugins/sudoers/regress/parser/check_digest.c +plugins/sudoers/regress/parser/check_digest.out.ok plugins/sudoers/regress/parser/check_fill.c plugins/sudoers/regress/sudoers/test1.in plugins/sudoers/regress/sudoers/test1.out.ok plugins/sudoers/regress/sudoers/test1.toke.ok +plugins/sudoers/regress/sudoers/test10.in +plugins/sudoers/regress/sudoers/test10.out.ok +plugins/sudoers/regress/sudoers/test10.toke.ok +plugins/sudoers/regress/sudoers/test11.in +plugins/sudoers/regress/sudoers/test11.out.ok +plugins/sudoers/regress/sudoers/test11.toke.ok +plugins/sudoers/regress/sudoers/test12.in +plugins/sudoers/regress/sudoers/test12.out.ok +plugins/sudoers/regress/sudoers/test12.toke.ok +plugins/sudoers/regress/sudoers/test13.in +plugins/sudoers/regress/sudoers/test13.out.ok +plugins/sudoers/regress/sudoers/test13.toke.ok +plugins/sudoers/regress/sudoers/test14.in +plugins/sudoers/regress/sudoers/test14.out.ok +plugins/sudoers/regress/sudoers/test14.toke.ok plugins/sudoers/regress/sudoers/test2.in plugins/sudoers/regress/sudoers/test2.out.ok plugins/sudoers/regress/sudoers/test2.toke.ok @@ -258,9 +318,34 @@ plugins/sudoers/regress/sudoers/test7.toke.ok plugins/sudoers/regress/sudoers/test8.in plugins/sudoers/regress/sudoers/test8.out.ok plugins/sudoers/regress/sudoers/test8.toke.ok +plugins/sudoers/regress/sudoers/test9.in +plugins/sudoers/regress/sudoers/test9.out.ok +plugins/sudoers/regress/sudoers/test9.toke.ok plugins/sudoers/regress/testsudoers/test1.out.ok plugins/sudoers/regress/testsudoers/test1.sh +plugins/sudoers/regress/testsudoers/test2.inc +plugins/sudoers/regress/testsudoers/test2.out.ok +plugins/sudoers/regress/testsudoers/test2.sh +plugins/sudoers/regress/testsudoers/test3.d/root +plugins/sudoers/regress/testsudoers/test3.out.ok +plugins/sudoers/regress/testsudoers/test3.sh +plugins/sudoers/regress/testsudoers/test4.out.ok +plugins/sudoers/regress/testsudoers/test4.sh +plugins/sudoers/regress/testsudoers/test5.out.ok +plugins/sudoers/regress/testsudoers/test5.sh +plugins/sudoers/regress/visudo/test1.out.ok +plugins/sudoers/regress/visudo/test1.sh +plugins/sudoers/regress/visudo/test2.err.ok +plugins/sudoers/regress/visudo/test2.out.ok +plugins/sudoers/regress/visudo/test2.sh +plugins/sudoers/regress/visudo/test3.err.ok +plugins/sudoers/regress/visudo/test3.out.ok +plugins/sudoers/regress/visudo/test3.sh +plugins/sudoers/regress/visudo/test4.out.ok +plugins/sudoers/regress/visudo/test4.sh plugins/sudoers/set_perms.c +plugins/sudoers/sha2.c +plugins/sudoers/sha2.h plugins/sudoers/sssd.c plugins/sudoers/sudo_nss.c plugins/sudoers/sudo_nss.h @@ -272,6 +357,7 @@ plugins/sudoers/sudoers2ldif plugins/sudoers/sudoers_version.h plugins/sudoers/sudoreplay.c plugins/sudoers/testsudoers.c +plugins/sudoers/timestamp.c plugins/sudoers/timestr.c plugins/sudoers/toke.c plugins/sudoers/toke.h @@ -287,14 +373,15 @@ pp src/Makefile.in src/conversation.c src/env_hooks.c -src/error.c src/exec.c src/exec_common.c src/exec_pty.c src/get_pty.c src/hooks.c src/load_plugins.c +src/locale_stub.c src/net_ifs.c +src/openbsd.c src/parse_args.c src/po/README src/po/da.mo @@ -317,6 +404,8 @@ src/po/it.mo src/po/it.po src/po/ja.mo src/po/ja.po +src/po/nl.mo +src/po/nl.po src/po/pl.mo src/po/pl.po src/po/ru.mo @@ -328,6 +417,8 @@ src/po/sr.po src/po/sudo.pot src/po/sv.mo src/po/sv.po +src/po/tr.mo +src/po/tr.po src/po/uk.mo src/po/uk.po src/po/vi.mo @@ -335,8 +426,11 @@ src/po/vi.po src/po/zh_CN.mo src/po/zh_CN.po src/preload.c +src/regress/ttyname/check_ttyname.c src/selinux.c src/sesh.c +src/signal.c +src/solaris.c src/sudo.c src/sudo.h src/sudo_edit.c diff --git a/Makefile.in b/Makefile.in index aeb3aa5..14c28aa 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2010-2011 Todd C. Miller +# Copyright (c) 2010-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -46,9 +46,10 @@ sudoers_gid = @SUDOERS_GID@ sudoers_mode = @SUDOERS_MODE@ shlib_mode = @SHLIB_MODE@ -SUBDIRS = compat common @ZLIB_SRC@ plugins/sudoers src include doc +SUBDIRS = compat common @ZLIB_SRC@ plugins/group_file plugins/sudoers \ + plugins/system_group src include doc -SAMPLES = plugins/sample plugins/sample_group plugins/system_group +SAMPLES = plugins/sample VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ @@ -65,6 +66,7 @@ ECHO_C = @ECHO_C@ # Message catalog support NLS = @SUDO_NLS@ POTFILES = src/po/sudo.pot plugins/sudoers/po/sudoers.pot +LOCALEDIR_SUFFIX = @LOCALEDIR_SUFFIX@ MSGFMT = msgfmt MSGMERGE = msgmerge XGETTEXT = xgettext @@ -72,12 +74,12 @@ XGETTEXT_OPTS = -F -k_ -kN_ --copyright-holder="Todd C. Miller" \ "--msgid-bugs-address=http://www.sudo.ws/bugs" \ --package-name=@PACKAGE_NAME@ --package-version=$(VERSION) \ --flag warning:1:c-format --flag warningx:1:c-format \ - --flag error:2:c-format --flag errorx:2:c-format \ + --flag fatal:1:c-format --flag fatalx:1:c-format \ --flag easprintf:3:c-format --flag lbuf_append:2:c-format \ --flag lbuf_append_quoted:3:c-format --foreign-user all: config.status - for d in $(SUBDIRS) $(SAMPLES); \ + for d in $(SUBDIRS); \ do (cd $$d && exec $(MAKE) $@) && continue; \ exit $$?; \ done @@ -118,9 +120,6 @@ uninstall-nls: rm -f $(DESTDIR)$(localedir)/*/LC_MESSAGES/$$domain.mo; \ done -autoconf: - autoconf -I m4 - siglist.c signame.c: (cd compat && exec $(MAKE) $@) @@ -131,14 +130,14 @@ depend: siglist.c signame.c fi; \ $(srcdir)/mkdep.pl $(srcdir)/common/Makefile.in \ $(srcdir)/compat/Makefile.in $(srcdir)/plugins/sample/Makefile.in \ - $(srcdir)/plugins/sample_group/Makefile.in \ + $(srcdir)/plugins/group_file/Makefile.in \ $(srcdir)/plugins/sudoers/Makefile.in \ $(srcdir)/plugins/system_group/Makefile.in \ $(srcdir)/src/Makefile.in $(srcdir)/zlib/Makefile.in; \ ./config.status --file $(srcdir)/common/Makefile \ --file $(srcdir)/compat/Makefile \ --file $(srcdir)/plugins/sample/Makefile \ - --file $(srcdir)/plugins/sample_group/Makefile \ + --file $(srcdir)/plugins/group_file/Makefile \ --file $(srcdir)/plugins/sudoers/Makefile \ --file $(srcdir)/plugins/system_group/Makefile \ --file $(srcdir)/src/Makefile --file $(srcdir)/zlib/Makefile @@ -177,15 +176,25 @@ update-pot: echo "Updating $$pot"; \ domain=`basename $$pot .pot`; \ case "$$domain" in \ - sudo) cfiles="src/*c common/*c compat/*c";; \ - sudoers) cfiles="plugins/sudoers/*.c plugins/sudoers/auth/*.c";; \ + sudo) tmpfiles=; cfiles="src/*c common/*c compat/*c";; \ + sudoers) \ + echo "syntax error" > confstr.sh; \ + sed -n -e 's/^badpass_message="/gettext "/p' \ + -e 's/^passprompt="/gettext "/p' \ + -e 's/^mailsub="/gettext "/p' configure.in \ + >> confstr.sh; \ + tmpfiles=confstr.sh; \ + cfiles="plugins/sudoers/*.c plugins/sudoers/auth/*.c";; \ *) echo unknown domain $$domain; continue;; \ esac; \ - $(XGETTEXT) $(XGETTEXT_OPTS) -d$$domain $$cfiles -o $$pot.tmp; \ + $(XGETTEXT) $(XGETTEXT_OPTS) -d$$domain $$cfiles $$tmpfiles -o $$pot.tmp; \ + test -n "$$tmpfiles" && rm -f $$tmpfiles; \ if diff -I'^.POT-Creation-Date' -I'^.Project-Id-Version' -I'^#' $$pot.tmp $$pot >/dev/null; then \ rm -f $$pot.tmp; \ else \ - mv -f $$pot.tmp $$pot; \ + printf '/^#$$/+1,$$d\nw\nq\n' | ed - $$pot; \ + sed '1,/^#$$/d' $$pot.tmp >> $$pot; \ + rm -f $$pot.tmp; \ fi; \ done; \ fi @@ -237,6 +246,11 @@ install-nls: test -s $$podir/$$lang.mo || continue; \ echo $(ECHO_N) " $$lang$(ECHO_C)"; \ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES; \ + if test -n "$(LOCALEDIR_SUFFIX)"; then \ + if test ! -d $(DESTDIR)$(localedir)/$$lang$(LOCALEDIR_SUFFIX); then \ + ln -s $$lang $(DESTDIR)$(localedir)/$$lang$(LOCALEDIR_SUFFIX); \ + fi; \ + fi; \ $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $$podir/$$lang.mo $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$$domain.mo; \ done; \ echo ""; \ @@ -245,13 +259,16 @@ install-nls: check-dist: update-pot compile-po @if [ -d .hg ]; then \ - if hg stat -am | grep '\.[mp]ot*$$'; then \ - echo "Uncommitted message catalog changes" 1>&2; \ - false; \ + if test `hg stat -am | wc -l` -ne 0; then \ + echo "Uncommitted changes" 1>&2; \ + hg stat -am 1>&2; \ + exit 1; \ fi; \ fi -dist: check-dist ChangeLog $(srcdir)/MANIFEST +dist: check-dist force-dist + +force-dist: ChangeLog $(srcdir)/MANIFEST pax -w -x ustar -s '/^/$(PACKAGE_TARNAME)-$(VERSION)\//' \ -f ../$(PACKAGE_TARNAME)-$(VERSION).tar \ `sed 's/[ ].*//' $(srcdir)/MANIFEST` diff --git a/NEWS b/NEWS index 23fa457..51a0083 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,118 @@ +What's new in Sudo 1.8.7? + + * The non-Unix group plugin is now supported when sudoers data + is stored in LDAP. + + * Sudo now uses a workaround for a locale bug on Solaris 11.0 + that prevents setuid programs like sudo from fully using locales. + + * User messages are now always displayed in the user's locale, + even when the same message is being logged or mailed in a + different locale. + + * Log files created by sudo now explicitly have the group set + to group ID 0 rather than relying on BSD group semantics (which + may not be the default). + + * A new "exec_background" sudoers option can be used to initially + run the command without read access to the terminal when running + a command in a pseudo-tty. If the command tries to read from + the terminal it will be stopped by the kernel (via SIGTTIN or + SIGTTOU) and sudo will immediately restart it as the forground + process (if possible). This allows sudo to only pass terminal + input to the program if the program actually is expecting it. + Unfortunately, a few poorly-behaved programs (like "su" on most + Linux systems) do not handle SIGTTIN and SIGTTOU properly. + + * Sudo now uses an efficient group query to get all the groups + for a user instead of iterating over every record in the group + database on HP-UX and Solaris. + + * Sudo now produces better error messages when there is an error + in the sudo.conf file. + + * Two new settings have been added to sudo.conf to give the admin + better control of how group database queries are performed. The + "group_source" specifies how the group list for a user will be + determined. Legal values are "static" (use the kernel groups + list), "dynamic" (perform a group database query) and "adaptive" + (only perform a group database query if the kernel list is full). + The "max_groups" specifies the maximum number of groups a user may + belong to when performing a group database query. + + * The sudo.conf file now supports line continuation by using a + backslash as the last character on the line. + + * There is now a standalone sudo.conf manual page. + + * Sudo now stores its libexec files in a "sudo" subdirectory instead + of in libexec itself. For backwards compatibility, if the plugin + is not found in the default plugin directory, sudo will check + the parent directory if the default directory ends in "/sudo". + + * The sudoers I/O logging plugin now logs the terminal size. + + * A new sudoers option "maxseq" can be used to limit the number of + I/O log entries that are stored. + + * The "system_group" and "group_file" sudoers group provider plugins + are now installed by default. + + * The list output (sudo -l) output from the sudoers plugin is now + less ambiguous when an entry includes different runas users. + The long list output (sudo -ll) for file-based sudoers is now + more consistent with the format of LDAP-based sudoers. + + * A uid may now be used in the sudoRunAsUser attributes for LDAP + sudoers. + + * Minor plugin API change: the close and version functions are now + optional. If the policy plugin does not provide a close function + and the command is not being run in a new pseudo-tty, sudo may + now execute the command directly instead of in a child process. + + * A new sudoers option "pam_session" can be used to disable sudo's + PAM session support. + + * On HP-UX systems, sudo will now use the pstat() function to + determine the tty instead of ttyname(). + + * Turkish translation for sudo and sudoers from translationproject.org. + + * Dutch translation for sudo and sudoers from translationproject.org. + + * Tivoli Directory Server client libraries may now be used with + HP-UX where libibmldap has a hidden dependency on libCsup. + + * The sudoers plugin will now ignore invalid domain names when + checking netgroup membership. Most Linux systems use the string + "(none)" for the NIS-style domain name instead of an empty string. + + * New support for specifying a SHA-2 digest along with the command + in sudoers. Supported hash types are sha224, sha256, sha384 and + sha512. See the description of Digest_Spec in the sudoers manual + or the description of sudoCommand in the sudoers.ldap manual for + details. + + * The paths to ldap.conf and ldap.secret may now be specified as + arguments to the sudoers plugin in the sudo.conf file. + + * Fixed potential false positives in visudo's alias cycle detection. + + * Fixed a problem where the time stamp file was being treated + as out of date on Linux systems where the change time on the + pseudo-tty device node can change after it is allocated. + + * Sudo now only builds Position Independent Executables (PIE) + by default on Linux systems and verifies that a trivial test + program builds and runs. + + * On Solaris 11.1 and higher, sudo binaries will now have the + ASLR tag enabled if supported by the linker. + What's new in Sudo 1.8.6p8? - * Terminal dection now works properly on 64-bit AIX kernels. + * Terminal detection now works properly on 64-bit AIX kernels. This was broken by the removal of the ttyname() fallback in Sudo 1.8.6p6. Sudo is now able to map an AIX 64-bit device number to the corresponding device file in /dev. diff --git a/README b/README index d5a0b22..e6b67df 100644 --- a/README +++ b/README @@ -29,26 +29,10 @@ the UPGRADE file in the doc directory. For a history of sudo please see the HISTORY file in the doc directory. You can find a list of contributors to sudo in the doc/CONTRIBUTORS file. -System requirements -=================== -To build sudo from the source distribution you need a POSIX-compliant -operating system (any modern version of BSD, Linux or Unix should -work), an ANSI/ISO C compiler that supports variadic marcos (a C99 -feature) and the ar, make and ranlib utilities. - -If you wish to modify the parser then you will need flex version -2.5.2 or later and either bison or byacc (sudo comes with a pre-flex'd -tokenizer and pre-yacc'd grammar parser). You'll also have to -uncomment a few lines from the Makefile or run configure with the ---with-devel option. You can get flex from http://flex.sourceforge.net/. -You can get GNU bison from ftp://ftp.gnu.org/pub/gnu/bison/ or any -GNU mirror. - Building the release ==================== -Please read the installation guide in the `INSTALL' file before -trying to build sudo. Pay special attention to the "OS dependent notes" -section. +Please read the installation guide in the `INSTALL' file before trying to +build sudo. Pay special attention to the "OS dependent notes" section. Copyright ========= @@ -81,9 +65,9 @@ for the appropriate links. Web page ======== -There is a sudo web page at http://www.sudo.ws/ that contains -an overview of sudo, documentation, downloads, information about -beta versions and other useful info. +There is a sudo web page at http://www.sudo.ws/ that contains an +overview of sudo, documentation, downloads, a bug tracker, information +about beta versions and other useful info. Bug reports =========== diff --git a/aclocal.m4 b/aclocal.m4 index 481ffeb..e87c852 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ dnl Local m4 macros for autoconf (used by sudo) dnl -dnl Copyright (c) 1994-1996, 1998-2005, 2007-2011 +dnl Copyright (c) 1994-1996, 1998-2005, 2007-2013 dnl Todd C. Miller dnl dnl XXX - should cache values in all cases!!! @@ -170,6 +170,23 @@ rm -f core core.* *.core]) AC_MSG_RESULT($sudo_cv_func_fnmatch) AS_IF([test $sudo_cv_func_fnmatch = yes], [$1], [$2])]) +dnl +dnl Attempt to check for working PIE support. +dnl This is a bit of a hack but on Solaris 10 with GNU ld and GNU as +dnl we can end up with strange values from malloc(). +dnl A better check would be to verify that ASLR works with PIE. +dnl +AC_DEFUN([SUDO_WORKING_PIE], +[AC_MSG_CHECKING([for working PIE support]) +AC_CACHE_VAL(sudo_cv_working_pie, +[rm -f conftestdata; > conftestdata +AC_TRY_RUN(AC_INCLUDES_DEFAULT([]) +[main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; }], [sudo_cv_working_pie=yes], [sudo_cv_working_pie=no], + [sudo_cv_working_pie=no]) +rm -f core core.* *.core]) +AC_MSG_RESULT($sudo_cv_working_pie) +AS_IF([test $sudo_cv_working_pie = yes], [$1], [$2])]) + dnl dnl check for isblank(3) dnl @@ -293,22 +310,37 @@ AC_DEFINE_UNQUOTED(MAX_UID_T_LEN, $sudo_cv_uid_t_len, [Define to the max length ]) dnl -dnl append a libpath to an LDFLAGS style variable +dnl Append a libpath to an LDFLAGS style variable if not already present. +dnl Also appends to the _R version unless rpath is disabled. dnl AC_DEFUN([SUDO_APPEND_LIBPATH], [ - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) $1="${$1} -L$2 -Wl,+b,$2" - ;; - *) $1="${$1} -L$2 -Wl,-R$2" - ;; - esac - else - $1="${$1} -L$2" - fi - if test X"$blibpath" != X"" -a "$1" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:$2" - fi + case "${$1}" in + *"-L$2"|*"-L$2 ") + ;; + *) + $1="${$1} -L$2" + if test X"$enable_rpath" = X"yes"; then + $1_R="${$1_R} -R$2" + fi + ;; + esac +]) + +dnl +dnl Append a directory to CPPFLAGS if not already present. +dnl +AC_DEFUN([SUDO_APPEND_CPPFLAGS], [ + case "${CPPFLAGS}" in + *"$1"|*"$1 ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="$1" + else + CPPFLAGS="${CPPFLAGS} $1" + fi + ;; + esac ]) dnl @@ -364,13 +396,13 @@ EOF dnl dnl Pull in libtool macros dnl -m4_include([libtool.m4]) -m4_include([ltoptions.m4]) -m4_include([ltsugar.m4]) -m4_include([ltversion.m4]) -m4_include([lt~obsolete.m4]) +m4_include([m4/libtool.m4]) +m4_include([m4/ltoptions.m4]) +m4_include([m4/ltsugar.m4]) +m4_include([m4/ltversion.m4]) +m4_include([m4/lt~obsolete.m4]) dnl dnl Pull in other non-standard macros dnl -m4_include([ax_check_compile_flag.m4]) -m4_include([ax_check_link_flag.m4]) +m4_include([m4/ax_check_compile_flag.m4]) +m4_include([m4/ax_check_link_flag.m4]) diff --git a/common/Makefile.in b/common/Makefile.in index c21695f..b24912e 100644 --- a/common/Makefile.in +++ b/common/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2011 Todd C. Miller +# Copyright (c) 2011-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -54,6 +54,11 @@ PIE_LDFLAGS = @PIE_LDFLAGS@ SSP_CFLAGS = @SSP_CFLAGS@ SSP_LDFLAGS = @SSP_LDFLAGS@ +# Regression tests +TEST_PROGS = conf_test parseln_test +TEST_LIBS = @LIBS@ @LIBINTL@ ../compat/libreplace.la +TEST_LDFLAGS = @LDFLAGS@ + # OS dependent defines DEFS = @OSDEFS@ -D_PATH_SUDO_CONF=\"$(sysconfdir)/sudo.conf\" @@ -61,9 +66,13 @@ DEFS = @OSDEFS@ -D_PATH_SUDO_CONF=\"$(sysconfdir)/sudo.conf\" SHELL = @SHELL@ -LTOBJS = alloc.lo atobool.lo fileops.lo fmt_string.lo lbuf.lo list.lo \ - secure_path.lo setgroups.lo sudo_conf.lo sudo_debug.lo term.lo \ - ttysize.lo zero_bytes.lo @COMMON_OBJS@ +LTOBJS = alloc.lo atobool.lo error.lo fileops.lo fmt_string.lo lbuf.lo list.lo \ + secure_path.lo setgroups.lo sudo_conf.lo sudo_debug.lo sudo_printf.lo \ + term.lo ttysize.lo zero_bytes.lo @COMMON_OBJS@ + +PARSELN_TEST_OBJS = parseln_test.lo + +CONF_TEST_OBJS = conf_test.lo all: libcommon.la @@ -78,6 +87,12 @@ Makefile: $(srcdir)/Makefile.in libcommon.la: $(LTOBJS) $(LIBTOOL) --mode=link $(CC) -o $@ $(LTOBJS) -no-install +conf_test: $(CONF_TEST_OBJS) libcommon.la + $(LIBTOOL) --mode=link $(CC) -o $@ $(CONF_TEST_OBJS) libcommon.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + +parseln_test: $(PARSELN_TEST_OBJS) libcommon.la + $(LIBTOOL) --mode=link $(CC) -o $@ $(PARSELN_TEST_OBJS) libcommon.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + pre-install: install: @@ -94,10 +109,36 @@ install-plugin: uninstall: -check: +check: $(TEST_PROGS) + @if test X"$(cross_compiling)" != X"yes"; then \ + passed=0; failed=0; total=0; \ + for dir in sudo_conf sudo_parseln; do \ + mkdir -p regress/$$dir; \ + for t in $(srcdir)/regress/$$dir/*.in; do \ + base=`basename $$t .in`; \ + out="regress/$$dir/$$base.out"; \ + if test "$$dir" = "sudo_conf"; then \ + ./conf_test $$t >$$out; \ + else \ + ./parseln_test <$$t >$$out; \ + fi; \ + if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \ + passed=`expr $$passed + 1`; \ + echo "$$dir/$$base: OK"; \ + else \ + failed=`expr $$failed + 1`; \ + echo "$$dir/$$base: FAIL"; \ + diff $$out $(srcdir)/$$out.ok; \ + fi; \ + total=`expr $$total + 1`; \ + done; \ + done; \ + echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \ + exit $$failed; \ + fi clean: - -$(LIBTOOL) --mode=clean rm -f *.lo *.o *.la *.a stamp-* core *.core core.* + -$(LIBTOOL) --mode=clean rm -f $(TEST_PROGS) *.lo *.o *.la *.a stamp-* core *.core core.* regress/*/*.out mostlyclean: clean @@ -122,6 +163,14 @@ alloc.lo: $(srcdir)/alloc.c $(top_builddir)/config.h $(incdir)/missing.h \ atobool.lo: $(srcdir)/atobool.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/atobool.c +conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c $(top_builddir)/config.h \ + $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \ + $(incdir)/sudo_conf.h $(incdir)/list.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_conf/conf_test.c +error.lo: $(srcdir)/error.c $(top_builddir)/config.h \ + $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h $(incdir)/alloc.h \ + $(incdir)/error.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/error.c fileops.lo: $(srcdir)/fileops.c $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(top_srcdir)/compat/timespec.h \ $(incdir)/missing.h $(incdir)/fileops.h $(incdir)/sudo_debug.h @@ -136,6 +185,10 @@ lbuf.lo: $(srcdir)/lbuf.c $(top_builddir)/config.h $(incdir)/missing.h \ list.lo: $(srcdir)/list.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/list.h $(incdir)/error.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/list.c +parseln_test.lo: $(srcdir)/regress/sudo_parseln/parseln_test.c \ + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h \ + $(incdir)/missing.h $(incdir)/fileops.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_parseln/parseln_test.c secure_path.lo: $(srcdir)/secure_path.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/sudo_debug.h \ $(incdir)/secure_path.h @@ -152,9 +205,13 @@ sudo_conf.lo: $(srcdir)/sudo_conf.c $(top_builddir)/config.h \ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_conf.c sudo_debug.lo: $(srcdir)/sudo_debug.c $(top_builddir)/config.h \ $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \ - $(incdir)/alloc.h $(incdir)/error.h $(incdir)/gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h + $(incdir)/alloc.h $(incdir)/error.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_debug.c +sudo_printf.lo: $(srcdir)/sudo_printf.c $(top_builddir)/config.h \ + $(incdir)/missing.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_printf.c term.lo: $(srcdir)/term.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/term.c diff --git a/common/aix.c b/common/aix.c index 2af2694..5b6a71f 100644 --- a/common/aix.c +++ b/common/aix.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2010-2011 Todd C. Miller + * Copyright (c) 2008, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -90,7 +90,7 @@ aix_setlimits(char *user) debug_decl(aix_setlimits, SUDO_DEBUG_UTIL) if (setuserdb(S_READ) != 0) - error(1, "unable to open userdb"); + fatal("unable to open userdb"); /* * For each resource limit, get the soft/hard values for the user @@ -147,10 +147,10 @@ aix_setauthdb(char *user) if (user != NULL) { if (setuserdb(S_READ) != 0) - error(1, _("unable to open userdb")); + fatal(_("unable to open userdb")); if (getuserattr(user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { if (setauthdb(registry, NULL) != 0) - error(1, _("unable to switch to registry \"%s\" for %s"), + fatal(_("unable to switch to registry \"%s\" for %s"), registry, user); } enduserdb(); @@ -167,7 +167,7 @@ aix_restoreauthdb(void) debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) if (setauthdb(NULL, NULL) != 0) - error(1, _("unable to restore registry")); + fatal(_("unable to restore registry")); debug_return; } diff --git a/common/alloc.c b/common/alloc.c index e1fe258..05ddffd 100644 --- a/common/alloc.c +++ b/common/alloc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007, 2010-2011 + * Copyright (c) 1999-2005, 2007, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,7 +22,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -51,6 +50,7 @@ #include "missing.h" #include "alloc.h" #include "error.h" +#include "errno.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" @@ -79,10 +79,10 @@ emalloc(size_t size) void *ptr; if (size == 0) - errorx2(1, _("internal error, tried to emalloc(0)")); + fatalx_nodebug(_("internal error, tried to emalloc(0)")); if ((ptr = malloc(size)) == NULL) - errorx2(1, _("unable to allocate memory")); + fatalx_nodebug(NULL); return ptr; } @@ -96,13 +96,13 @@ emalloc2(size_t nmemb, size_t size) void *ptr; if (nmemb == 0 || size == 0) - errorx2(1, _("internal error, tried to emalloc2(0)")); + fatalx_nodebug(_("internal error, tried to emalloc2(0)")); if (nmemb > SIZE_MAX / size) - errorx2(1, _("internal error, %s overflow"), "emalloc2()"); + fatalx_nodebug(_("internal error, %s overflow"), "emalloc2()"); size *= nmemb; if ((ptr = malloc(size)) == NULL) - errorx2(1, _("unable to allocate memory")); + fatalx_nodebug(NULL); return ptr; } @@ -117,14 +117,14 @@ ecalloc(size_t nmemb, size_t size) void *ptr; if (nmemb == 0 || size == 0) - errorx2(1, _("internal error, tried to ecalloc(0)")); + fatalx_nodebug(_("internal error, tried to ecalloc(0)")); if (nmemb != 1) { if (nmemb > SIZE_MAX / size) - errorx2(1, _("internal error, %s overflow"), "ecalloc()"); + fatalx_nodebug(_("internal error, %s overflow"), "ecalloc()"); size *= nmemb; } if ((ptr = malloc(size)) == NULL) - errorx2(1, _("unable to allocate memory")); + fatalx_nodebug(NULL); memset(ptr, 0, size); return ptr; } @@ -139,11 +139,11 @@ erealloc(void *ptr, size_t size) { if (size == 0) - errorx2(1, _("internal error, tried to erealloc(0)")); + fatalx_nodebug(_("internal error, tried to erealloc(0)")); ptr = ptr ? realloc(ptr, size) : malloc(size); if (ptr == NULL) - errorx2(1, _("unable to allocate memory")); + fatalx_nodebug(NULL); return ptr; } @@ -158,14 +158,14 @@ erealloc3(void *ptr, size_t nmemb, size_t size) { if (nmemb == 0 || size == 0) - errorx2(1, _("internal error, tried to erealloc3(0)")); + fatalx_nodebug(_("internal error, tried to erealloc3(0)")); if (nmemb > SIZE_MAX / size) - errorx2(1, _("internal error, %s overflow"), "erealloc3()"); + fatalx_nodebug(_("internal error, %s overflow"), "erealloc3()"); size *= nmemb; ptr = ptr ? realloc(ptr, size) : malloc(size); if (ptr == NULL) - errorx2(1, _("unable to allocate memory")); + fatalx_nodebug(NULL); return ptr; } @@ -182,14 +182,14 @@ erecalloc(void *ptr, size_t onmemb, size_t nmemb, size_t msize) size_t size; if (nmemb == 0 || msize == 0) - errorx2(1, _("internal error, tried to erecalloc(0)")); + fatalx_nodebug(_("internal error, tried to erecalloc(0)")); if (nmemb > SIZE_MAX / msize) - errorx2(1, _("internal error, %s overflow"), "erecalloc()"); + fatalx_nodebug(_("internal error, %s overflow"), "erecalloc()"); size = nmemb * msize; ptr = ptr ? realloc(ptr, size) : malloc(size); if (ptr == NULL) - errorx2(1, _("unable to allocate memory")); + fatalx_nodebug(NULL); if (nmemb > onmemb) { size = (nmemb - onmemb) * msize; memset((char *)ptr + (onmemb * msize), 0, size); @@ -248,12 +248,13 @@ easprintf(char **ret, const char *fmt, ...) { int len; va_list ap; + va_start(ap, fmt); len = vasprintf(ret, fmt, ap); va_end(ap); if (len == -1) - errorx2(1, _("unable to allocate memory")); + fatalx_nodebug(NULL); return len; } @@ -267,16 +268,6 @@ evasprintf(char **ret, const char *format, va_list args) int len; if ((len = vasprintf(ret, format, args)) == -1) - errorx2(1, _("unable to allocate memory")); + fatalx_nodebug(NULL); return len; } - -/* - * Wrapper for free(3) so we can depend on C89 semantics. - */ -void -efree(void *ptr) -{ - if (ptr != NULL) - free(ptr); -} diff --git a/common/atobool.c b/common/atobool.c index 6d6b502..9cdcef6 100644 --- a/common/atobool.c +++ b/common/atobool.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #ifdef STDC_HEADERS diff --git a/common/error.c b/common/error.c new file mode 100644 index 0000000..9c44c60 --- /dev/null +++ b/common/error.c @@ -0,0 +1,192 @@ +/* + * Copyright (c) 2004-2005, 2010-2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ + +#include "missing.h" +#include "alloc.h" +#include "error.h" +#include "sudo_plugin.h" + +#define DEFAULT_TEXT_DOMAIN "sudo" +#include "gettext.h" + +sigjmp_buf fatal_jmp; +static bool setjmp_enabled = false; +static struct sudo_fatal_callback { + void (*func)(void); + struct sudo_fatal_callback *next; +} *callbacks; + +static void _warning(int, const char *, va_list); + +static void +do_cleanup(void) +{ + struct sudo_fatal_callback *cb; + + /* Run callbacks, removing them from the list as we go. */ + while ((cb = callbacks) != NULL) { + callbacks = cb->next; + cb->func(); + free(cb); + } +} + +void +fatal2(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + _warning(1, fmt, ap); + va_end(ap); + do_cleanup(); + if (setjmp_enabled) + siglongjmp(fatal_jmp, 1); + else + exit(EXIT_FAILURE); +} + +void +fatalx2(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + _warning(0, fmt, ap); + va_end(ap); + do_cleanup(); + if (setjmp_enabled) + siglongjmp(fatal_jmp, 1); + else + exit(EXIT_FAILURE); +} + +void +vfatal2(const char *fmt, va_list ap) +{ + _warning(1, fmt, ap); + do_cleanup(); + if (setjmp_enabled) + siglongjmp(fatal_jmp, 1); + else + exit(EXIT_FAILURE); +} + +void +vfatalx2(const char *fmt, va_list ap) +{ + _warning(0, fmt, ap); + do_cleanup(); + if (setjmp_enabled) + siglongjmp(fatal_jmp, 1); + else + exit(EXIT_FAILURE); +} + +void +warning2(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + _warning(1, fmt, ap); + va_end(ap); +} + +void +warningx2(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + _warning(0, fmt, ap); + va_end(ap); +} + +void +vwarning2(const char *fmt, va_list ap) +{ + _warning(1, fmt, ap); +} + +void +vwarningx2(const char *fmt, va_list ap) +{ + _warning(0, fmt, ap); +} + +static void +_warning(int use_errno, const char *fmt, va_list ap) +{ + int serrno = errno; + char *str; + + evasprintf(&str, fmt, ap); + if (use_errno) { + if (fmt != NULL) { + sudo_printf(SUDO_CONV_ERROR_MSG, + _("%s: %s: %s\n"), getprogname(), str, strerror(serrno)); + } else { + sudo_printf(SUDO_CONV_ERROR_MSG, + _("%s: %s\n"), getprogname(), strerror(serrno)); + } + } else { + sudo_printf(SUDO_CONV_ERROR_MSG, + _("%s: %s\n"), getprogname(), str ? str : "(null)"); + } + efree(str); + errno = serrno; +} + +int +fatal_callback_register(void (*func)(void)) +{ + struct sudo_fatal_callback *cb; + + cb = malloc(sizeof(*cb)); + if (cb == NULL) + return -1; + cb->func = func; + cb->next = callbacks; + callbacks = cb; + + return 0; +} + +void +fatal_disable_setjmp(void) +{ + setjmp_enabled = false; +} + +void +fatal_enable_setjmp(void) +{ + setjmp_enabled = true; +} diff --git a/common/fileops.c b/common/fileops.c index f99710c..577bf10 100644 --- a/common/fileops.c +++ b/common/fileops.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007, 2009-2011 + * Copyright (c) 1999-2005, 2007, 2009-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,29 +22,40 @@ #include #include -#include #include #ifdef HAVE_FLOCK # include #endif /* HAVE_FLOCK */ -#include -#ifdef HAVE_STDBOOL_H -# include +#ifdef STDC_HEADERS +# include +# include #else -# include "compat/stdbool.h" -#endif +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif # include #endif /* HAVE_STRING_H */ #ifdef HAVE_STRINGS_H # include -#endif /* HAVE_STRINGS_H */ +#endif /* HAVE_STRING_H */ +#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) +# include +#endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include -#include #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif #if TIME_WITH_SYS_TIME # include #endif @@ -56,10 +67,6 @@ #include "fileops.h" #include "sudo_debug.h" -#ifndef LINE_MAX -# define LINE_MAX 2048 -#endif - /* * Update the access and modify times on an fd or file. */ @@ -152,28 +159,75 @@ lock_file(int fd, int lockit) #endif /* - * Read a line of input, remove comments and strip off leading - * and trailing spaces. Returns static storage that is reused. + * Read a line of input, honoring line continuation chars. + * Remove comments and strips off leading and trailing spaces. + * Returns the line length and updates the buf and bufsize pointers. + * XXX - just use a struct w/ state, including getline buffer? + * could also make comment char and line continuation configurable */ -char * -sudo_parseln(FILE *fp) +ssize_t +sudo_parseln(char **bufp, size_t *bufsizep, unsigned int *lineno, FILE *fp) { - size_t len; - char *cp = NULL; - static char buf[LINE_MAX]; + size_t len, linesize = 0, total = 0; + char *cp, *line = NULL; + bool continued; debug_decl(sudo_parseln, SUDO_DEBUG_UTIL) - if (fgets(buf, sizeof(buf), fp) != NULL) { - /* Remove comments */ - if ((cp = strchr(buf, '#')) != NULL) + do { + continued = false; + len = getline(&line, &linesize, fp); + if (len == -1) + break; + if (lineno != NULL) + (*lineno)++; + + /* Remove trailing newline(s) if present. */ + while (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r')) + line[--len] = '\0'; + + /* Remove comments or check for line continuation (but not both) */ + if ((cp = strchr(line, '#')) != NULL) { *cp = '\0'; + len = (size_t)(cp - line); + } else if (len > 0 && line[len - 1] == '\\' && (len == 1 || line[len - 2] != '\\')) { + line[--len] = '\0'; + continued = true; + } - /* Trim leading and trailing whitespace/newline */ - len = strlen(buf); - while (len > 0 && isspace((unsigned char)buf[len - 1])) - buf[--len] = '\0'; - for (cp = buf; isblank((unsigned char)*cp); cp++) - continue; - } - debug_return_str(cp); + /* Trim leading and trailing whitespace */ + if (!continued) { + while (len > 0 && isblank((unsigned char)line[len - 1])) + line[--len] = '\0'; + } + for (cp = line; isblank((unsigned char)*cp); cp++) + len--; + + if (*bufp == NULL || total + len >= *bufsizep) { + void *tmp; + size_t size = total + len + 1; + + if (size < 64) { + size = 64; + } else if (size <= 0x80000000) { + /* Round up to next highest power of two. */ + size--; + size |= size >> 1; + size |= size >> 2; + size |= size >> 4; + size |= size >> 8; + size |= size >> 16; + size++; + } + if ((tmp = realloc(*bufp, size)) == NULL) + break; + *bufp = tmp; + *bufsizep = size; + } + memcpy(*bufp + total, cp, len + 1); + total += len; + } while (continued); + free(line); + if (len == -1 && total == 0) + debug_return_size_t((size_t)-1); + debug_return_size_t(total); } diff --git a/common/fmt_string.c b/common/fmt_string.c index 23bc5f7..1a24203 100644 --- a/common/fmt_string.c +++ b/common/fmt_string.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2011 Todd C. Miller + * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #ifdef STDC_HEADERS diff --git a/common/lbuf.c b/common/lbuf.c index 3b20323..cda3444 100644 --- a/common/lbuf.c +++ b/common/lbuf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Todd C. Miller + * Copyright (c) 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -19,7 +19,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -77,6 +76,17 @@ lbuf_destroy(struct lbuf *lbuf) debug_return; } +static void +lbuf_expand(struct lbuf *lbuf, size_t extra) +{ + if (lbuf->len + extra + 1 >= lbuf->size) { + do { + lbuf->size += 256; + } while (lbuf->len + extra + 1 >= lbuf->size); + lbuf->buf = erealloc(lbuf->buf, lbuf->size); + } +} + /* * Parse the format and append strings, only %s and %% escapes are supported. * Any characters in set are quoted with a backslash. @@ -86,47 +96,40 @@ lbuf_append_quoted(struct lbuf *lbuf, const char *set, const char *fmt, ...) { va_list ap; int len; - char *cp, *s = NULL; + char *cp, *s; debug_decl(lbuf_append_quoted, SUDO_DEBUG_UTIL) va_start(ap, fmt); while (*fmt != '\0') { - len = 1; if (fmt[0] == '%' && fmt[1] == 's') { - s = va_arg(ap, char *); - len = strlen(s); - } - /* Assume worst case that all chars must be escaped. */ - if (lbuf->len + (len * 2) + 1 >= lbuf->size) { - do { - lbuf->size += 256; - } while (lbuf->len + len + 1 >= lbuf->size); - lbuf->buf = erealloc(lbuf->buf, lbuf->size); - } - if (*fmt == '%') { - if (*(++fmt) == 's') { - while ((cp = strpbrk(s, set)) != NULL) { - len = (int)(cp - s); - memcpy(lbuf->buf + lbuf->len, s, len); - lbuf->len += len; - lbuf->buf[lbuf->len++] = '\\'; - lbuf->buf[lbuf->len++] = *cp; - s = cp + 1; - } - if (*s != '\0') { - len = strlen(s); - memcpy(lbuf->buf + lbuf->len, s, len); - lbuf->len += len; - } - fmt++; - continue; + if ((s = va_arg(ap, char *)) == NULL) + goto done; + while ((cp = strpbrk(s, set)) != NULL) { + len = (int)(cp - s); + lbuf_expand(lbuf, len + 2); + memcpy(lbuf->buf + lbuf->len, s, len); + lbuf->len += len; + lbuf->buf[lbuf->len++] = '\\'; + lbuf->buf[lbuf->len++] = *cp; + s = cp + 1; } + if (*s != '\0') { + len = strlen(s); + lbuf_expand(lbuf, len); + memcpy(lbuf->buf + lbuf->len, s, len); + lbuf->len += len; + } + fmt += 2; + continue; } + lbuf_expand(lbuf, 2); if (strchr(set, *fmt) != NULL) lbuf->buf[lbuf->len++] = '\\'; lbuf->buf[lbuf->len++] = *fmt++; } - lbuf->buf[lbuf->len] = '\0'; +done: + if (lbuf->size != 0) + lbuf->buf[lbuf->len] = '\0'; va_end(ap); debug_return; @@ -140,33 +143,27 @@ lbuf_append(struct lbuf *lbuf, const char *fmt, ...) { va_list ap; int len; - char *s = NULL; + char *s; debug_decl(lbuf_append, SUDO_DEBUG_UTIL) va_start(ap, fmt); while (*fmt != '\0') { - len = 1; if (fmt[0] == '%' && fmt[1] == 's') { - s = va_arg(ap, char *); + if ((s = va_arg(ap, char *)) == NULL) + goto done; len = strlen(s); + lbuf_expand(lbuf, len); + memcpy(lbuf->buf + lbuf->len, s, len); + lbuf->len += len; + fmt += 2; + continue; } - if (lbuf->len + len + 1 >= lbuf->size) { - do { - lbuf->size += 256; - } while (lbuf->len + len + 1 >= lbuf->size); - lbuf->buf = erealloc(lbuf->buf, lbuf->size); - } - if (*fmt == '%') { - if (*(++fmt) == 's') { - memcpy(lbuf->buf + lbuf->len, s, len); - lbuf->len += len; - fmt++; - continue; - } - } + lbuf_expand(lbuf, 1); lbuf->buf[lbuf->len++] = *fmt++; } - lbuf->buf[lbuf->len] = '\0'; +done: + if (lbuf->size != 0) + lbuf->buf[lbuf->len] = '\0'; va_end(ap); debug_return; diff --git a/common/list.c b/common/list.c index a656a6e..27d6dcf 100644 --- a/common/list.c +++ b/common/list.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2008, 2010-2011 Todd C. Miller + * Copyright (c) 2007-2008, 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -81,7 +81,7 @@ list2tq(void *vh, void *vl) if (l != NULL) { #ifdef DEBUG if (l->prev == NULL) { - warningx2("list2tq called with non-semicircular list"); + warningx_nodebug("list2tq called with non-semicircular list"); abort(); } #endif diff --git a/common/regress/sudo_conf/conf_test.c b/common/regress/sudo_conf/conf_test.c new file mode 100644 index 0000000..4dbe469 --- /dev/null +++ b/common/regress/sudo_conf/conf_test.c @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif + +#include "missing.h" +#include "sudo_conf.h" + +static void sudo_conf_dump(void); + +/* + * Simple test driver for sudo_conf(). + * Parses the given configuration file and dumps the resulting + * sudo_conf_data struct to the standard output. + */ +int +main(int argc, char *argv[]) +{ + if (argc != 2) { + fprintf(stderr, "usage: conf_test conf_file\n"); + exit(1); + } + sudo_conf_read(argv[1]); + sudo_conf_dump(); + + exit(0); +} + +static void +sudo_conf_dump(void) +{ + struct plugin_info_list *plugins = sudo_conf_plugins(); + struct plugin_info *info; + + printf("Set disable_coredump %s\n", + sudo_conf_disable_coredump() ? "true" : "false"); + printf("Set group_source %s\n", + sudo_conf_group_source() == GROUP_SOURCE_ADAPTIVE ? "adaptive" : + sudo_conf_group_source() == GROUP_SOURCE_STATIC ? "static" : "dynamic"); + printf("Set max_groups %d\n", sudo_conf_max_groups()); + if (sudo_conf_debug_flags() != NULL) + printf("Debug %s %s\n", getprogname(), sudo_conf_debug_flags()); + if (sudo_conf_askpass_path() != NULL) + printf("Path askpass %s\n", sudo_conf_askpass_path()); +#ifdef _PATH_SUDO_NOEXEC + if (sudo_conf_noexec_path() != NULL) + printf("Path noexec %s\n", sudo_conf_noexec_path()); +#endif + tq_foreach_fwd(plugins, info) { + printf("Plugin %s %s", info->symbol_name, info->path); + if (info->options) { + char * const * op; + for (op = info->options; *op != NULL; op++) + printf(" %s", *op); + } + putchar('\n'); + } +} + +/* STUB */ +void +warning_set_locale(void) +{ + return; +} + +/* STUB */ +void +warning_restore_locale(void) +{ + return; +} diff --git a/common/regress/sudo_conf/test1.in b/common/regress/sudo_conf/test1.in new file mode 100644 index 0000000..d572cad --- /dev/null +++ b/common/regress/sudo_conf/test1.in @@ -0,0 +1,72 @@ +# +# Sample /etc/sudo.conf file +# +# Format: +# Plugin plugin_name plugin_path plugin_options ... +# Path askpass /path/to/askpass +# Path noexec /path/to/sudo_noexec.so +# Debug sudo /var/log/sudo_debug all@warn +# Set disable_coredump true +# +# Sudo plugins: +# +# The plugin_path is relative to ${prefix}/libexec unless fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are present. +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so + +# +# Sudo askpass: +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +#Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo noexec: +# +# Path to a shared library containing dummy versions of the execv(), +# execve() and fexecve() library functions that just return an error. +# This is used to implement the "noexec" functionality on systems that +# support C or its equivalent. +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +Path noexec /usr/libexec/sudo_noexec.so + +# +# Core dumps: +# +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +Set disable_coredump false + +# +# User groups: +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +Set group_source static diff --git a/common/regress/sudo_conf/test1.out.ok b/common/regress/sudo_conf/test1.out.ok new file mode 100644 index 0000000..54e0671 --- /dev/null +++ b/common/regress/sudo_conf/test1.out.ok @@ -0,0 +1,6 @@ +Set disable_coredump false +Set group_source static +Set max_groups -1 +Path askpass /usr/X11R6/bin/ssh-askpass +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so diff --git a/common/regress/sudo_conf/test2.in b/common/regress/sudo_conf/test2.in new file mode 100644 index 0000000..e69de29 diff --git a/common/regress/sudo_conf/test2.out.ok b/common/regress/sudo_conf/test2.out.ok new file mode 100644 index 0000000..af42145 --- /dev/null +++ b/common/regress/sudo_conf/test2.out.ok @@ -0,0 +1,3 @@ +Set disable_coredump true +Set group_source adaptive +Set max_groups -1 diff --git a/common/regress/sudo_conf/test3.in b/common/regress/sudo_conf/test3.in new file mode 100644 index 0000000..b111a23 --- /dev/null +++ b/common/regress/sudo_conf/test3.in @@ -0,0 +1,2 @@ +Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_mode=0400 sudoers_gid=0 sudoers_uid=0 +Plugin sudoers_io sudoers.so diff --git a/common/regress/sudo_conf/test3.out.ok b/common/regress/sudo_conf/test3.out.ok new file mode 100644 index 0000000..819d638 --- /dev/null +++ b/common/regress/sudo_conf/test3.out.ok @@ -0,0 +1,5 @@ +Set disable_coredump true +Set group_source adaptive +Set max_groups -1 +Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_mode=0400 sudoers_gid=0 sudoers_uid=0 +Plugin sudoers_io sudoers.so diff --git a/common/regress/sudo_conf/test4.in b/common/regress/sudo_conf/test4.in new file mode 100644 index 0000000..a60236a --- /dev/null +++ b/common/regress/sudo_conf/test4.in @@ -0,0 +1 @@ +Set disable_coredump foo diff --git a/common/regress/sudo_conf/test4.out.ok b/common/regress/sudo_conf/test4.out.ok new file mode 100644 index 0000000..af42145 --- /dev/null +++ b/common/regress/sudo_conf/test4.out.ok @@ -0,0 +1,3 @@ +Set disable_coredump true +Set group_source adaptive +Set max_groups -1 diff --git a/common/regress/sudo_parseln/parseln_test.c b/common/regress/sudo_parseln/parseln_test.c new file mode 100644 index 0000000..0f3cb44 --- /dev/null +++ b/common/regress/sudo_parseln/parseln_test.c @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif + +#include "missing.h" +#include "fileops.h" + +/* + * Simple test driver for sudo_parseln(). + * Behaves similarly to "cat -n" but with comment removal + * and line continuation. + */ + +int +main(int argc, char *argv[]) +{ + unsigned int lineno = 0; + size_t linesize = 0; + char *line = NULL; + + while (sudo_parseln(&line, &linesize, &lineno, stdin) != -1) + printf("%6u\t%s\n", lineno, line); + free(line); + exit(0); +} + +/* STUB */ +void +warning_set_locale(void) +{ + return; +} + +/* STUB */ +void +warning_restore_locale(void) +{ + return; +} diff --git a/common/regress/sudo_parseln/test1.in b/common/regress/sudo_parseln/test1.in new file mode 100644 index 0000000..c605bb5 --- /dev/null +++ b/common/regress/sudo_parseln/test1.in @@ -0,0 +1,72 @@ +# +# Sample /etc/sudo.conf file +# +# Format: +# Plugin plugin_name plugin_path plugin_options ... +# Path askpass /path/to/askpass +# Path noexec /path/to/sudo_noexec.so +# Debug sudo /var/log/sudo_debug all@warn +# Set disable_coredump true +# +# Sudo plugins: +# +# The plugin_path is relative to ${prefix}/libexec unless fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are present. +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so + +# +# Sudo askpass: +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +#Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +#Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo noexec: +# +# Path to a shared library containing dummy versions of the execv(), +# execve() and fexecve() library functions that just return an error. +# This is used to implement the "noexec" functionality on systems that +# support C or its equivalent. +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +#Path noexec /usr/libexec/sudo_noexec.so + +# +# Core dumps: +# +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +#Set disable_coredump false + +# +# User groups: +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +#Set group_source static diff --git a/common/regress/sudo_parseln/test1.out.ok b/common/regress/sudo_parseln/test1.out.ok new file mode 100644 index 0000000..c98ca77 --- /dev/null +++ b/common/regress/sudo_parseln/test1.out.ok @@ -0,0 +1,72 @@ + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + 10 + 11 + 12 + 13 + 14 + 15 + 16 + 17 + 18 + 19 Plugin sudoers_policy sudoers.so + 20 Plugin sudoers_io sudoers.so + 21 + 22 + 23 + 24 + 25 + 26 + 27 + 28 + 29 + 30 + 31 + 32 + 33 + 34 + 35 + 36 + 37 + 38 + 39 + 40 + 41 + 42 + 43 + 44 + 45 + 46 + 47 + 48 + 49 + 50 + 51 + 52 + 53 + 54 + 55 + 56 + 57 + 58 + 59 + 60 + 61 + 62 + 63 + 64 + 65 + 66 + 67 + 68 + 69 + 70 + 71 + 72 diff --git a/common/regress/sudo_parseln/test2.in b/common/regress/sudo_parseln/test2.in new file mode 100644 index 0000000..49166ee --- /dev/null +++ b/common/regress/sudo_parseln/test2.in @@ -0,0 +1,8 @@ +this \ +is all \ +one line +# this is a comment, and does not get continued\ +trim the \ + leading \ + white \ +space diff --git a/common/regress/sudo_parseln/test2.out.ok b/common/regress/sudo_parseln/test2.out.ok new file mode 100644 index 0000000..d921968 --- /dev/null +++ b/common/regress/sudo_parseln/test2.out.ok @@ -0,0 +1,3 @@ + 3 this is all one line + 4 + 8 trim the leading white space diff --git a/common/regress/sudo_parseln/test3.in b/common/regress/sudo_parseln/test3.in new file mode 100644 index 0000000..e372c07 --- /dev/null +++ b/common/regress/sudo_parseln/test3.in @@ -0,0 +1 @@ +line continuation at EOF \ diff --git a/common/regress/sudo_parseln/test3.out.ok b/common/regress/sudo_parseln/test3.out.ok new file mode 100644 index 0000000..2e8d16d --- /dev/null +++ b/common/regress/sudo_parseln/test3.out.ok @@ -0,0 +1 @@ + 1 line continuation at EOF diff --git a/common/regress/sudo_parseln/test4.in b/common/regress/sudo_parseln/test4.in new file mode 100644 index 0000000..3583f3b --- /dev/null +++ b/common/regress/sudo_parseln/test4.in @@ -0,0 +1,4 @@ +line contin\ +uation raw +line contin\ + uation indented diff --git a/common/regress/sudo_parseln/test4.out.ok b/common/regress/sudo_parseln/test4.out.ok new file mode 100644 index 0000000..38afbeb --- /dev/null +++ b/common/regress/sudo_parseln/test4.out.ok @@ -0,0 +1,2 @@ + 2 line continuation raw + 4 line continuation indented diff --git a/common/regress/sudo_parseln/test5.in b/common/regress/sudo_parseln/test5.in new file mode 100644 index 0000000..57ddad2 --- /dev/null +++ b/common/regress/sudo_parseln/test5.in @@ -0,0 +1 @@ +\ diff --git a/common/regress/sudo_parseln/test5.out.ok b/common/regress/sudo_parseln/test5.out.ok new file mode 100644 index 0000000..e69de29 diff --git a/common/regress/sudo_parseln/test6.in b/common/regress/sudo_parseln/test6.in new file mode 100644 index 0000000..95cac84 --- /dev/null +++ b/common/regress/sudo_parseln/test6.in @@ -0,0 +1,3 @@ + leading and trailing white space + # a comment +\ diff --git a/common/regress/sudo_parseln/test6.out.ok b/common/regress/sudo_parseln/test6.out.ok new file mode 100644 index 0000000..340765e --- /dev/null +++ b/common/regress/sudo_parseln/test6.out.ok @@ -0,0 +1,2 @@ + 1 leading and trailing white space + 2 diff --git a/common/secure_path.c b/common/secure_path.c index 7ae3c19..6eaf2fc 100644 --- a/common/secure_path.c +++ b/common/secure_path.c @@ -18,7 +18,6 @@ #include #include -#include #include #ifdef HAVE_STRING_H # include diff --git a/common/setgroups.c b/common/setgroups.c index f34bb5f..f9568a6 100644 --- a/common/setgroups.c +++ b/common/setgroups.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/common/sudo_conf.c b/common/sudo_conf.c index 144bbc3..fcbba6d 100644 --- a/common/sudo_conf.c +++ b/common/sudo_conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2011 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -44,6 +43,7 @@ #endif /* HAVE_UNISTD_H */ #include #include +#include #define SUDO_ERROR_WRAP 0 @@ -56,6 +56,8 @@ #include "sudo_conf.h" #include "sudo_debug.h" #include "secure_path.h" + +#define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" #ifdef __TANDEM @@ -64,16 +66,12 @@ # define ROOT_UID 0 #endif -#ifndef _PATH_SUDO_ASKPASS -# define _PATH_SUDO_ASKPASS NULL -#endif - extern bool atobool(const char *str); /* atobool.c */ struct sudo_conf_table { const char *name; unsigned int namelen; - bool (*setter)(const char *entry); + void (*setter)(const char *entry, const char *conf_file); }; struct sudo_conf_paths { @@ -82,10 +80,15 @@ struct sudo_conf_paths { const char *pval; }; -static bool set_debug(const char *entry); -static bool set_path(const char *entry); -static bool set_plugin(const char *entry); -static bool set_variable(const char *entry); +static void set_debug(const char *entry, const char *conf_file); +static void set_path(const char *entry, const char *conf_file); +static void set_plugin(const char *entry, const char *conf_file); +static void set_variable(const char *entry, const char *conf_file); +static void set_var_disable_coredump(const char *entry, const char *conf_file); +static void set_var_group_source(const char *entry, const char *conf_file); +static void set_var_max_groups(const char *entry, const char *conf_file); + +static unsigned int conf_lineno; static struct sudo_conf_table sudo_conf_table[] = { { "Debug", sizeof("Debug") - 1, set_debug }, @@ -95,19 +98,32 @@ static struct sudo_conf_table sudo_conf_table[] = { { NULL } }; +static struct sudo_conf_table sudo_conf_table_vars[] = { + { "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump }, + { "group_source", sizeof("group_source") - 1, set_var_group_source }, + { "max_groups", sizeof("max_groups") - 1, set_var_max_groups }, + { NULL } +}; + static struct sudo_conf_data { bool disable_coredump; + int group_source; + int max_groups; const char *debug_flags; - struct sudo_conf_paths paths[3]; + struct sudo_conf_paths paths[4]; struct plugin_info_list plugins; } sudo_conf_data = { true, + GROUP_SOURCE_ADAPTIVE, + -1, NULL, { #define SUDO_CONF_ASKPASS_IDX 0 { "askpass", sizeof("askpass") - 1, _PATH_SUDO_ASKPASS }, +#define SUDO_CONF_SESH_IDX 1 + { "sesh", sizeof("sesh") - 1, _PATH_SUDO_SESH }, #ifdef _PATH_SUDO_NOEXEC -#define SUDO_CONF_NOEXEC_IDX 1 +#define SUDO_CONF_NOEXEC_IDX 2 { "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC }, #endif { NULL } @@ -117,28 +133,68 @@ static struct sudo_conf_data { /* * "Set variable_name value" */ -static bool -set_variable(const char *entry) +static void +set_variable(const char *entry, const char *conf_file) +{ + struct sudo_conf_table *var; + + for (var = sudo_conf_table_vars; var->name != NULL; var++) { + if (strncmp(entry, var->name, var->namelen) == 0 && + isblank((unsigned char)entry[var->namelen])) { + entry += var->namelen + 1; + while (isblank((unsigned char)*entry)) + entry++; + var->setter(entry, conf_file); + break; + } + } +} + +static void +set_var_disable_coredump(const char *entry, const char *conf_file) +{ + int val = atobool(entry); + + if (val != -1) + sudo_conf_data.disable_coredump = val; +} + +static void +set_var_group_source(const char *entry, const char *conf_file) { -#undef DC_LEN -#define DC_LEN (sizeof("disable_coredump") - 1) - /* Currently the only variable supported is "disable_coredump". */ - if (strncmp(entry, "disable_coredump", DC_LEN) == 0 && - isblank((unsigned char)entry[DC_LEN])) { - entry += DC_LEN + 1; - while (isblank((unsigned char)*entry)) - entry++; - sudo_conf_data.disable_coredump = atobool(entry); + if (strcasecmp(entry, "adaptive") == 0) { + sudo_conf_data.group_source = GROUP_SOURCE_ADAPTIVE; + } else if (strcasecmp(entry, "static") == 0) { + sudo_conf_data.group_source = GROUP_SOURCE_STATIC; + } else if (strcasecmp(entry, "dynamic") == 0) { + sudo_conf_data.group_source = GROUP_SOURCE_DYNAMIC; + } else { + warningx(_("unsupported group source `%s' in %s, line %d"), entry, + conf_file, conf_lineno); + } +} + +static void +set_var_max_groups(const char *entry, const char *conf_file) +{ + long lval; + char *ep; + + lval = strtol(entry, &ep, 10); + if (*entry == '\0' || *ep != '\0' || lval < 0 || lval > INT_MAX || + (errno == ERANGE && lval == LONG_MAX)) { + warningx(_("invalid max groups `%s' in %s, line %d"), entry, + conf_file, conf_lineno); + } else { + sudo_conf_data.max_groups = (int)lval; } -#undef DC_LEN - return true; } /* * "Debug progname debug_file debug_flags" */ -static bool -set_debug(const char *entry) +static void +set_debug(const char *entry, const char *conf_file) { size_t filelen, proglen; const char *progname; @@ -151,14 +207,14 @@ set_debug(const char *entry) proglen = strlen(progname); if (strncmp(entry, progname, proglen) != 0 || !isblank((unsigned char)entry[proglen])) - return false; + return; entry += proglen + 1; while (isblank((unsigned char)*entry)) entry++; debug_flags = strpbrk(entry, " \t"); if (debug_flags == NULL) - return false; + return; filelen = (size_t)(debug_flags - entry); while (isblank((unsigned char)*debug_flags)) debug_flags++; @@ -170,12 +226,10 @@ set_debug(const char *entry) efree(debug_file); sudo_conf_data.debug_flags = debug_flags; - - return true; } -static bool -set_path(const char *entry) +static void +set_path(const char *entry, const char *conf_file) { const char *name, *path; struct sudo_conf_paths *cur; @@ -184,7 +238,7 @@ set_path(const char *entry) name = entry; path = strpbrk(entry, " \t"); if (path == NULL) - return false; + return; while (isblank((unsigned char)*path)) path++; @@ -196,12 +250,10 @@ set_path(const char *entry) break; } } - - return true; } -static bool -set_plugin(const char *entry) +static void +set_plugin(const char *entry, const char *conf_file) { struct plugin_info *info; const char *name, *path, *cp, *ep; @@ -213,7 +265,7 @@ set_plugin(const char *entry) name = entry; path = strpbrk(entry, " \t"); if (path == NULL) - return false; + return; namelen = (size_t)(path - name); while (isblank((unsigned char)*path)) path++; @@ -248,9 +300,8 @@ set_plugin(const char *entry) info->options = options; info->prev = info; /* info->next = NULL; */ + info->lineno = conf_lineno; tq_append(&sudo_conf_data.plugins, info); - - return true; } const char * @@ -259,6 +310,12 @@ sudo_conf_askpass_path(void) return sudo_conf_data.paths[SUDO_CONF_ASKPASS_IDX].pval; } +const char * +sudo_conf_sesh_path(void) +{ + return sudo_conf_data.paths[SUDO_CONF_SESH_IDX].pval; +} + #ifdef _PATH_SUDO_NOEXEC const char * sudo_conf_noexec_path(void) @@ -273,6 +330,18 @@ sudo_conf_debug_flags(void) return sudo_conf_data.debug_flags; } +int +sudo_conf_group_source(void) +{ + return sudo_conf_data.group_source; +} + +int +sudo_conf_max_groups(void) +{ + return sudo_conf_data.max_groups; +} + struct plugin_info_list * sudo_conf_plugins(void) { @@ -289,49 +358,58 @@ sudo_conf_disable_coredump(void) * Reads in /etc/sudo.conf and populates sudo_conf_data. */ void -sudo_conf_read(void) +sudo_conf_read(const char *conf_file) { struct sudo_conf_table *cur; struct stat sb; FILE *fp; - char *cp; - - switch (sudo_secure_file(_PATH_SUDO_CONF, ROOT_UID, -1, &sb)) { - case SUDO_PATH_SECURE: - break; - case SUDO_PATH_MISSING: - /* Root should always be able to read sudo.conf. */ - if (errno != ENOENT && geteuid() == ROOT_UID) - warning(_("unable to stat %s"), _PATH_SUDO_CONF); - goto done; - case SUDO_PATH_BAD_TYPE: - warningx(_("%s is not a regular file"), _PATH_SUDO_CONF); - goto done; - case SUDO_PATH_WRONG_OWNER: - warningx(_("%s is owned by uid %u, should be %u"), - _PATH_SUDO_CONF, (unsigned int) sb.st_uid, ROOT_UID); - goto done; - case SUDO_PATH_WORLD_WRITABLE: - warningx(_("%s is world writable"), _PATH_SUDO_CONF); - goto done; - case SUDO_PATH_GROUP_WRITABLE: - warningx(_("%s is group writable"), _PATH_SUDO_CONF); - goto done; - default: - /* NOTREACHED */ - goto done; + char *cp, *line = NULL; + char *prev_locale = estrdup(setlocale(LC_ALL, NULL)); + size_t linesize = 0; + + /* Parse sudo.conf in the "C" locale. */ + if (prev_locale[0] != 'C' || prev_locale[1] != '\0') + setlocale(LC_ALL, "C"); + + if (conf_file == NULL) { + conf_file = _PATH_SUDO_CONF; + switch (sudo_secure_file(conf_file, ROOT_UID, -1, &sb)) { + case SUDO_PATH_SECURE: + break; + case SUDO_PATH_MISSING: + /* Root should always be able to read sudo.conf. */ + if (errno != ENOENT && geteuid() == ROOT_UID) + warning(_("unable to stat %s"), conf_file); + goto done; + case SUDO_PATH_BAD_TYPE: + warningx(_("%s is not a regular file"), conf_file); + goto done; + case SUDO_PATH_WRONG_OWNER: + warningx(_("%s is owned by uid %u, should be %u"), + conf_file, (unsigned int) sb.st_uid, ROOT_UID); + goto done; + case SUDO_PATH_WORLD_WRITABLE: + warningx(_("%s is world writable"), conf_file); + goto done; + case SUDO_PATH_GROUP_WRITABLE: + warningx(_("%s is group writable"), conf_file); + goto done; + default: + /* NOTREACHED */ + goto done; + } } - if ((fp = fopen(_PATH_SUDO_CONF, "r")) == NULL) { + if ((fp = fopen(conf_file, "r")) == NULL) { if (errno != ENOENT && geteuid() == ROOT_UID) - warning(_("unable to open %s"), _PATH_SUDO_CONF); + warning(_("unable to open %s"), conf_file); goto done; } - while ((cp = sudo_parseln(fp)) != NULL) { - /* Skip blank or comment lines */ - if (*cp == '\0') - continue; + conf_lineno = 0; + while (sudo_parseln(&line, &linesize, &conf_lineno, fp) != -1) { + if (*(cp = line) == '\0') + continue; /* empty line or comment */ for (cur = sudo_conf_table; cur->name != NULL; cur++) { if (strncasecmp(cp, cur->name, cur->namelen) == 0 && @@ -339,12 +417,16 @@ sudo_conf_read(void) cp += cur->namelen; while (isblank((unsigned char)*cp)) cp++; - if (cur->setter(cp)) - break; + cur->setter(cp, conf_file); + break; } } } fclose(fp); + free(line); done: - return; + /* Restore locale if needed. */ + if (prev_locale[0] != 'C' || prev_locale[1] != '\0') + setlocale(LC_ALL, prev_locale); + efree(prev_locale); } diff --git a/common/sudo_debug.c b/common/sudo_debug.c index b4ce805..c46bf36 100644 --- a/common/sudo_debug.c +++ b/common/sudo_debug.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include #include @@ -51,10 +50,12 @@ #include "missing.h" #include "alloc.h" #include "error.h" -#include "gettext.h" #include "sudo_plugin.h" #include "sudo_debug.h" +#define DEFAULT_TEXT_DOMAIN "sudo" +#include "gettext.h" + /* * The debug priorities and subsystems are currently hard-coded. * In the future we might consider allowing plugins to register their @@ -118,8 +119,6 @@ static int sudo_debug_mode; static char sudo_debug_pidstr[(((sizeof(int) * 8) + 2) / 3) + 3]; static size_t sudo_debug_pidlen; -extern sudo_conv_t sudo_conv; - /* * Parse settings string from sudo.conf and open debugfile. * Returns 1 on success, 0 if cannot open debugfile. @@ -138,10 +137,17 @@ int sudo_debug_init(const char *debugfile, const char *settings) if (debugfile != NULL) { if (sudo_debug_fd != -1) close(sudo_debug_fd); - sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT, - S_IRUSR|S_IWUSR); - if (sudo_debug_fd == -1) - return 0; + sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR); + if (sudo_debug_fd == -1) { + /* Create debug file as needed and set group ownership. */ + if (errno == ENOENT) { + sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT, + S_IRUSR|S_IWUSR); + } + if (sudo_debug_fd == -1) + return 0; + ignore_result(fchown(sudo_debug_fd, (uid_t)-1, 0)); + } (void)fcntl(sudo_debug_fd, F_SETFD, FD_CLOEXEC); sudo_debug_mode = SUDO_DEBUG_MODE_FILE; } else { @@ -276,36 +282,25 @@ static void sudo_debug_write_conv(const char *func, const char *file, int lineno, const char *str, int len, int errno_val) { - struct sudo_conv_message msg; - struct sudo_conv_reply repl; - char *buf = NULL; - - /* Call conversation function */ - if (sudo_conv != NULL) { - /* Remove the newline at the end if appending extra info. */ - if (str[len - 1] == '\n') - len--; - - if (func != NULL && file != NULL && lineno != 0) { - if (errno_val) { - easprintf(&buf, "%.*s: %s @ %s() %s:%d", len, str, - strerror(errno_val), func, file, lineno); - } else { - easprintf(&buf, "%.*s @ %s() %s:%d", len, str, - func, file, lineno); - } - str = buf; - } else if (errno_val) { - easprintf(&buf, "%.*s: %s", len, str, strerror(errno_val)); - str = buf; + /* Remove the newline at the end if appending extra info. */ + if (str[len - 1] == '\n') + len--; + + if (func != NULL && file != NULL) { + if (errno_val) { + sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s: %s @ %s() %s:%d", + len, str, strerror(errno_val), func, file, lineno); + } else { + sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s @ %s() %s:%d", + len, str, func, file, lineno); + } + } else { + if (errno_val) { + sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s: %s", + len, str, strerror(errno_val)); + } else { + sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s", len, str); } - memset(&msg, 0, sizeof(msg)); - memset(&repl, 0, sizeof(repl)); - msg.msg_type = SUDO_CONV_DEBUG_MSG; - msg.msg = str; - sudo_conv(1, &msg, &repl); - if (buf != NULL) - efree(buf); } } @@ -386,7 +381,7 @@ sudo_debug_write_file(const char *func, const char *file, int lineno, } /* Do timestamp last due to ctime's static buffer. */ - now = time(NULL); + time(&now); timestr = ctime(&now) + 4; timestr[15] = ' '; /* replace year with a space */ timestr[16] = '\0'; @@ -422,11 +417,10 @@ sudo_debug_write(const char *str, int len, int errno_val) } void -sudo_debug_printf2(const char *func, const char *file, int lineno, int level, - const char *fmt, ...) +sudo_debug_vprintf2(const char *func, const char *file, int lineno, int level, + const char *fmt, va_list ap) { int buflen, pri, subsys, saved_errno = errno; - va_list ap; char *buf; if (!sudo_debug_mode) @@ -438,7 +432,6 @@ sudo_debug_printf2(const char *func, const char *file, int lineno, int level, /* Make sure we want debug info at this level. */ if (subsys < NUM_SUBSYSTEMS && sudo_debug_settings[subsys] >= pri) { - va_start(ap, fmt); buflen = vasprintf(&buf, fmt, ap); va_end(ap); if (buflen != -1) { @@ -454,6 +447,17 @@ sudo_debug_printf2(const char *func, const char *file, int lineno, int level, errno = saved_errno; } +void +sudo_debug_printf2(const char *func, const char *file, int lineno, int level, + const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + sudo_debug_vprintf2(func, file, lineno, level, fmt, ap); + va_end(ap); +} + void sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[]) { diff --git a/common/sudo_printf.c b/common/sudo_printf.c new file mode 100644 index 0000000..0983924 --- /dev/null +++ b/common/sudo_printf.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2010-2012 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#include +#include + +#include "missing.h" +#include "sudo_plugin.h" +#include "sudo_debug.h" + +int +_sudo_printf(int msg_type, const char *fmt, ...) +{ + va_list ap; + char *buf; + int len = -1; + + switch (msg_type) { + case SUDO_CONV_INFO_MSG: + va_start(ap, fmt); + len = vfprintf(stdout, fmt, ap); + va_end(ap); + break; + case SUDO_CONV_ERROR_MSG: + va_start(ap, fmt); + len = vfprintf(stderr, fmt, ap); + va_end(ap); + break; + case SUDO_CONV_DEBUG_MSG: + /* XXX - add debug version of vfprintf()? */ + va_start(ap, fmt); + len = vasprintf(&buf, fmt, ap); + va_end(ap); + if (len != -1) + sudo_debug_write(buf, len, 0); + break; + default: + errno = EINVAL; + break; + } + + return len; +} + +sudo_printf_t sudo_printf = _sudo_printf; diff --git a/common/term.c b/common/term.c index e9c4a49..792cbdc 100644 --- a/common/term.c +++ b/common/term.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/common/ttysize.c b/common/ttysize.c index d3ac78b..c30643d 100644 --- a/common/ttysize.c +++ b/common/ttysize.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/compat/Makefile.in b/compat/Makefile.in index 827db90..55208eb 100644 --- a/compat/Makefile.in +++ b/compat/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2011 Todd C. Miller +# Copyright (c) 2011-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -99,10 +99,10 @@ mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/missing.h $(top $(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksigname.c -o $@ fnm_test: fnm_test.o libreplace.la - $(LIBTOOL) --mode=link $(CC) -o $@ fnm_test.o libreplace.la + $(LIBTOOL) --mode=link $(CC) -o $@ fnm_test.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) globtest: globtest.o libreplace.la - $(LIBTOOL) --mode=link $(CC) -o $@ globtest.o libreplace.la + $(LIBTOOL) --mode=link $(CC) -o $@ globtest.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(srcdir)/mksiglist.h: $(srcdir)/siglist.in @if [ -n "$(DEVEL)" ]; then \ @@ -170,7 +170,7 @@ dlopen.lo: $(srcdir)/dlopen.c $(top_builddir)/config.h \ $(top_srcdir)/compat/dlfcn.h $(incdir)/missing.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/dlopen.c fnm_test.o: $(srcdir)/regress/fnmatch/fnm_test.c $(top_builddir)/config.h \ - $(top_srcdir)/compat/fnmatch.h + $(top_srcdir)/compat/fnmatch.h $(incdir)/missing.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/fnmatch/fnm_test.c fnmatch.lo: $(srcdir)/fnmatch.c $(top_builddir)/config.h $(incdir)/missing.h \ $(top_srcdir)/compat/charclass.h $(top_srcdir)/compat/fnmatch.h @@ -178,7 +178,7 @@ fnmatch.lo: $(srcdir)/fnmatch.c $(top_builddir)/config.h $(incdir)/missing.h \ getcwd.lo: $(srcdir)/getcwd.c $(top_builddir)/config.h $(incdir)/missing.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getcwd.c getgrouplist.lo: $(srcdir)/getgrouplist.c $(top_builddir)/config.h \ - $(incdir)/missing.h + $(top_srcdir)/compat/nss_dbdefs.h $(incdir)/missing.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrouplist.c getline.lo: $(srcdir)/getline.c $(top_builddir)/config.h $(incdir)/missing.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getline.c diff --git a/compat/closefrom.c b/compat/closefrom.c index 71777e7..a589156 100644 --- a/compat/closefrom.c +++ b/compat/closefrom.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005, 2007, 2010 + * Copyright (c) 2004-2005, 2007, 2010, 2012-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -17,8 +17,9 @@ #include +#ifndef HAVE_CLOSEFROM + #include -#include #include #include #ifdef STDC_HEADERS @@ -30,20 +31,25 @@ # endif #endif /* STDC_HEADERS */ #include -#ifdef HAVE_DIRENT_H -# include -# define NAMLEN(dirent) strlen((dirent)->d_name) +#ifdef HAVE_PSTAT_GETPROC +# include +# include #else -# define dirent direct -# define NAMLEN(dirent) (dirent)->d_namlen -# ifdef HAVE_SYS_NDIR_H -# include -# endif -# ifdef HAVE_SYS_DIR_H -# include -# endif -# ifdef HAVE_NDIR_H -# include +# ifdef HAVE_DIRENT_H +# include +# define NAMLEN(dirent) strlen((dirent)->d_name) +# else +# define dirent direct +# define NAMLEN(dirent) (dirent)->d_namlen +# ifdef HAVE_SYS_NDIR_H +# include +# endif +# ifdef HAVE_SYS_DIR_H +# include +# endif +# ifdef HAVE_NDIR_H +# include +# endif # endif #endif @@ -85,15 +91,28 @@ closefrom_fallback(int lowfd) * Close all file descriptors greater than or equal to lowfd. * We try the fast way first, falling back on the slow method. */ -#ifdef HAVE_FCNTL_CLOSEM +#if defined(HAVE_FCNTL_CLOSEM) void closefrom(int lowfd) { if (fcntl(lowfd, F_CLOSEM, 0) == -1) closefrom_fallback(lowfd); } -#else -# ifdef HAVE_DIRFD +#elif defined(HAVE_PSTAT_GETPROC) +void +closefrom(int lowfd) +{ + struct pst_status pstat; + int fd; + + if (pstat_getproc(&pstat, sizeof(pstat), 0, getpid()) != -1) { + for (fd = lowfd; fd <= pstat.pst_highestfd; fd++) + (void) close(fd); + } else { + closefrom_fallback(lowfd); + } +} +#elif defined(HAVE_DIRFD) void closefrom(int lowfd) { @@ -114,5 +133,5 @@ closefrom(int lowfd) } else closefrom_fallback(lowfd); } -#endif /* HAVE_DIRFD */ #endif /* HAVE_FCNTL_CLOSEM */ +#endif /* HAVE_CLOSEFROM */ diff --git a/compat/dlopen.c b/compat/dlopen.c index f5f62fe..dc33d80 100644 --- a/compat/dlopen.c +++ b/compat/dlopen.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010, 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,6 +16,8 @@ #include +#ifndef HAVE_DLOPEN + #include #include @@ -51,7 +53,7 @@ void * sudo_dlopen(const char *path, int mode) { - int flags = DYNAMIC_PATH; + int flags = DYNAMIC_PATH | BIND_VERBOSE; if (mode == 0) mode = RTLD_LAZY; /* default behavior */ @@ -150,5 +152,5 @@ sudo_dlerror(void) { return strerror(errno); } - #endif /* HAVE_SHL_LOAD */ +#endif /* HAVE_DLOPEN */ diff --git a/compat/endian.h b/compat/endian.h new file mode 100644 index 0000000..6888008 --- /dev/null +++ b/compat/endian.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _COMPAT_ENDIAN_H +#define _COMPAT_ENDIAN_H + +#ifndef BYTE_ORDER +# undef LITTLE_ENDIAN +# define LITTLE_ENDIAN 1234 +# undef BIG_ENDIAN +# define BIG_ENDIAN 4321 +# undef UNKNOWN_ENDIAN +# define UNKNOWN_ENDIAN 0 + +/* + * Attempt to guess endianness. + * Solaris may define _LITTLE_ENDIAN and _BIG_ENDIAN to 1 + * HP-UX may define __LITTLE_ENDIAN__ and __BIG_ENDIAN__ to 1 + * Otherwise, check for cpu-specific cpp defines. + * Note that some CPUs are bi-endian, including: arm, powerpc, alpha, + * sparc64, mips, hppa, sh4 and ia64. + * We just check for the most common uses. + */ + +# if defined(__BYTE_ORDER) +# define BYTE_ORDER __BYTE_ORDER +# elif defined(_BYTE_ORDER) +# define BYTE_ORDER _BYTE_ORDER +# elif defined(_LITTLE_ENDIAN) || defined(__LITTLE_ENDIAN__) +# define BYTE_ORDER LITTLE_ENDIAN +# elif defined(_BIG_ENDIAN) || defined(__BIG_ENDIAN__) +# define BYTE_ORDER BIG_ENDIAN +# elif defined(__alpha__) || defined(__alpha) || defined(__amd64) || \ + defined(BIT_ZERO_ON_RIGHT) || defined(i386) || defined(__i386) || \ + defined(MIPSEL) || defined(_MIPSEL) || defined(ns32000) || \ + defined(__ns3200) || defined(sun386) || defined(vax) || \ + defined(__vax) || defined(__x86__) || \ + (defined(sun) && defined(__powerpc)) || \ + (!defined(__hpux) && defined(__ia64)) +# define BYTE_ORDER LITTLE_ENDIAN +# elif defined(__68k__) || defined(apollo) || defined(BIT_ZERO_ON_LEFT) || \ + defined(__convex__) || defined(_CRAY) || defined(DGUX) || \ + defined(__hppa) || defined(__hp9000) || defined(__hp9000s300) || \ + defined(__hp9000s700) || defined(__hp3000s900) || \ + defined(ibm032) || defined(ibm370) || defined(_IBMR2) || \ + defined(is68k) || defined(mc68000) || defined(m68k) || \ + defined(__m68k) || defined(m88k) || defined(__m88k) || \ + defined(MIPSEB) || defined(_MIPSEB) || defined(MPE) || \ + defined(pyr) || defined(__powerpc) || defined(__powerpc__) || \ + defined(sel) || defined(__sparc) || defined(__sparc__) || \ + defined(tahoe) || (defined(__hpux) && defined(__ia64)) || \ + (defined(sun) && defined(__powerpc)) +# define BYTE_ORDER BIG_ENDIAN +# else +# define BYTE_ORDER UNKNOWN_ENDIAN +# endif +#endif /* BYTE_ORDER */ + +#endif /* _COMPAT_ENDIAN_H */ diff --git a/compat/fnmatch.c b/compat/fnmatch.c index 54a3142..7ea5dc5 100644 --- a/compat/fnmatch.c +++ b/compat/fnmatch.c @@ -71,6 +71,8 @@ #include +#ifndef HAVE_FNMATCH + #include #include @@ -472,3 +474,4 @@ firstsegment: /* pattern didn't match to the end of string */ return FNM_NOMATCH; } +#endif /* HAVE_FNMATCH */ diff --git a/compat/getaddrinfo.c b/compat/getaddrinfo.c index 9927587..8a3dc3d 100644 --- a/compat/getaddrinfo.c +++ b/compat/getaddrinfo.c @@ -32,6 +32,8 @@ #include +#ifndef HAVE_GETADDRINFO + #include #include @@ -436,3 +438,4 @@ getaddrinfo(const char *nodename, const char *servname, return 0; } } +#endif /* HAVE_GETADDRINFO */ diff --git a/compat/getcwd.c b/compat/getcwd.c index 3185504..c5765be 100644 --- a/compat/getcwd.c +++ b/compat/getcwd.c @@ -29,7 +29,9 @@ #include -#include +#ifndef HAVE_GETCWD + +#include #include #include @@ -262,3 +264,4 @@ err: (void)closedir(dir); return NULL; } +#endif /* HAVE_GETCWD */ diff --git a/compat/getgrouplist.c b/compat/getgrouplist.c index cea72f5..c37ddb6 100644 --- a/compat/getgrouplist.c +++ b/compat/getgrouplist.c @@ -16,6 +16,8 @@ #include +#ifndef HAVE_GETGROUPLIST + #include #include #ifdef STDC_HEADERS @@ -33,6 +35,15 @@ # include #endif /* HAVE_STRINGS_H */ #include +#ifdef HAVE_NSS_SEARCH +# include +# include +# ifdef HAVE_NSS_DBDEFS_H +# include +# else +# include "compat/nss_dbdefs.h" +# endif +#endif #include "missing.h" @@ -70,7 +81,7 @@ getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp) rval = 0; done: - efree(grset); + free(grset); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif @@ -79,31 +90,178 @@ done: return rval; } -#elif defined(HAVE__GETGROUPSBYMEMBER) +#elif defined(HAVE_NSS_SEARCH) + +#ifndef GID_MAX +# define GID_MAX UID_MAX +#endif + +#ifndef ALIGNBYTES +# define ALIGNBYTES (sizeof(long) - 1L) +#endif +#ifndef ALIGN +# define ALIGN(p) (((unsigned long)(p) + ALIGNBYTES) & ~ALIGNBYTES) +#endif + +extern void _nss_initf_group(nss_db_params_t *); /* - * BSD-compatible getgrouplist(3) using _getgroupsbymember(3) + * Convert a groups file string (instr) to a struct group (ent) using + * buf for storage. */ -int -getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp) +static int +str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen) { - int ngroups, grpsize = *ngroupsp; - int rval = -1; + struct group *grp = ent; + char *cp, *ep, *fieldsep = buf; + char **gr_mem, **gr_end; + int yp = 0; + unsigned long gid; + + /* Must at least have space to copy instr -> buf. */ + if (inlen >= buflen) + return NSS_STR_PARSE_ERANGE; + + /* Paranoia: buf and instr should be distinct. */ + if (buf != instr) { + memmove(buf, instr, inlen); + buf[inlen] = '\0'; + } + + if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) + return NSS_STR_PARSE_PARSE; + *fieldsep++ = '\0'; + grp->gr_name = cp; + + /* Check for YP inclusion/exclusion entries. */ + if (*cp == '+' || *cp == '-') { + /* Only the name is required for YP inclusion/exclusion entries. */ + grp->gr_passwd = ""; + grp->gr_gid = 0; + grp->gr_mem = NULL; + yp = 1; + } + + if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) + return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; + *fieldsep++ = '\0'; + grp->gr_passwd = cp; + + if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) + return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; + *fieldsep++ = '\0'; + gid = strtoul(cp, &ep, 10); + if (*cp == '\0' || *ep != '\0') + return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; +#ifdef GID_NOBODY + if (*cp == '-' && gid != 0) { + /* Negative gids get mapped to nobody on Solaris. */ + grp->gr_gid = GID_NOBODY; + } else +#endif + if ((errno == ERANGE && gid == ULONG_MAX) || + gid > GID_MAX || gid != (gid_t)gid) { + return NSS_STR_PARSE_ERANGE; + } else { + grp->gr_gid = (gid_t)gid; + } + + /* Store group members, taking care to use proper alignment. */ + grp->gr_mem = NULL; + if (*fieldsep != '\0') { + grp->gr_mem = gr_mem = (char **)ALIGN(buf + inlen + 1); + gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES); + for (;;) { + if (gr_mem == gr_end) + return NSS_STR_PARSE_ERANGE; /* out of space! */ + *gr_mem++ = cp; + if (fieldsep == NULL) + break; + if ((fieldsep = strchr(cp = fieldsep, ',')) != NULL) + *fieldsep++ = '\0'; + } + *gr_mem = NULL; + } + return NSS_STR_PARSE_SUCCESS; +} + +static nss_status_t +process_cstr(const char *instr, int inlen, struct nss_groupsbymem *gbm) +{ + const char *user = gbm->username; + nss_status_t rval = NSS_NOTFOUND; + nss_XbyY_buf_t *buf; + struct group *grp; + char **gr_mem; + int error, i; - if (grpsize > 0) { - /* We support BSD semantics where the first element is the base gid */ - groups[0] = basegid; + buf = _nss_XbyY_buf_alloc(sizeof(struct group), NSS_BUFLEN_GROUP); + if (buf == NULL) + return NSS_UNAVAIL; - /* The last arg is 1 because we already filled in the base gid. */ - ngroups = _getgroupsbymember(name, groups, grpsize, 1); - if (ngroups != -1) { - rval = 0; - *ngroupsp = ngroups; + /* Parse groups file string -> struct group. */ + grp = buf->result; + error = (*gbm->str2ent)(instr, inlen, grp, buf->buffer, buf->buflen); + if (error || grp->gr_mem == NULL) + goto done; + + for (gr_mem = grp->gr_mem; *gr_mem != NULL; gr_mem++) { + if (strcmp(*gr_mem, user) == 0) { + /* Append to gid_array unless gr_gid is a dupe. */ + for (i = 0; i < gbm->numgids; i++) { + if (gbm->gid_array[i] == grp->gr_gid) + goto done; /* already present */ + } + /* Store gid if there is space. */ + if (i < gbm->maxgids) + gbm->gid_array[i] = grp->gr_gid; + /* Always increment numgids so we can detect when out of space. */ + gbm->numgids++; + goto done; } } +done: + _nss_XbyY_buf_free(buf); return rval; } +/* + * BSD-compatible getgrouplist(3) using nss_search(3) + */ +int +getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp) +{ + struct nss_groupsbymem gbm; + static DEFINE_NSS_DB_ROOT(db_root); + + /* We support BSD semantics where the first element is the base gid */ + if (*ngroupsp <= 0) + return -1; + groups[0] = basegid; + + memset(&gbm, 0, sizeof(gbm)); + gbm.username = name; + gbm.gid_array = groups; + gbm.maxgids = *ngroupsp; + gbm.numgids = 1; /* for basegid */ + gbm.force_slow_way = 1; + gbm.str2ent = str2grp; + gbm.process_cstr = process_cstr; + + /* + * Can't use nss_search return value since it may return NSS_UNAVAIL + * when no nsswitch.conf entry (e.g. compat mode). + */ + (void)nss_search(&db_root, _nss_initf_group, NSS_DBOP_GROUP_BYMEMBER, &gbm); + + if (gbm.numgids <= gbm.maxgids) { + *ngroupsp = gbm.numgids; + return 0; + } + *ngroupsp = gbm.maxgids; + return -1; +} + #else /* !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */ /* @@ -154,3 +312,4 @@ done: return rval; } #endif /* !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */ +#endif /* HAVE_GETGROUPLIST */ diff --git a/compat/getline.c b/compat/getline.c index 018fe93..5d869d9 100644 --- a/compat/getline.c +++ b/compat/getline.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2010 Todd C. Miller + * Copyright (c) 2009-2010, 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,6 +16,8 @@ #include +#ifndef HAVE_GETLINE + #include #include @@ -101,4 +103,5 @@ getline(char **bufp, size_t *bufsizep, FILE *fp) *bufsizep = bufsize; return len; } -#endif +#endif /* HAVE_FGETLN */ +#endif /* HAVE_GETLINE */ diff --git a/compat/getprogname.c b/compat/getprogname.c index 34673f5..6fa876d 100644 --- a/compat/getprogname.c +++ b/compat/getprogname.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,6 +16,8 @@ #include +#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) + #include #include @@ -44,3 +46,4 @@ getprogname(void) { return progname; } +#endif /* !HAVE_GETPROGNAME !HAVE___PROGNAME */ diff --git a/compat/glob.c b/compat/glob.c index cf9a4e2..c24f77a 100644 --- a/compat/glob.c +++ b/compat/glob.c @@ -52,7 +52,9 @@ #include -#include +#ifndef HAVE_GLOB + +#include #include #include @@ -898,4 +900,5 @@ qprintf(const char *str, Char *s) (void)printf("%c", ismeta(*p) ? '_' : ' '); (void)printf("\n"); } -#endif +#endif /* DEBUG */ +#endif /* HAVE_GLOB */ diff --git a/compat/isblank.c b/compat/isblank.c index 083d805..e2020b0 100644 --- a/compat/isblank.c +++ b/compat/isblank.c @@ -1,5 +1,6 @@ /* - * Copyright (c) 2008, 2010-2011 Todd C. Miller + * Copyright (c) 2008, 2010-2011, 2013 + * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,6 +17,8 @@ #include +#ifndef HAVE_ISBLANK + #include #include "missing.h" @@ -26,3 +29,4 @@ isblank(int ch) { return ch == ' ' || ch == '\t'; } +#endif /* HAVE_ISBLANK */ diff --git a/compat/memrchr.c b/compat/memrchr.c index 0b1e3a5..34d8271 100644 --- a/compat/memrchr.c +++ b/compat/memrchr.c @@ -1,5 +1,6 @@ /* - * Copyright (c) 2007, 2010-2011 Todd C. Miller + * Copyright (c) 2007, 2010-2011, 2013 + * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,6 +17,8 @@ #include +#ifndef HAVE_MEMRCHR + #include #include "missing.h" @@ -38,3 +41,4 @@ memrchr(const void *s, int c, size_t n) } return (void *)0; } +#endif /* HAVE_MEMRCHR */ diff --git a/compat/mksiglist.c b/compat/mksiglist.c index 287dfb5..56729a8 100644 --- a/compat/mksiglist.c +++ b/compat/mksiglist.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2011 Todd C. Miller + * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -32,6 +32,8 @@ #include "missing.h" +__dso_public int main(int argc, char *argv[]); + int main(int argc, char *argv[]) { diff --git a/compat/mksigname.c b/compat/mksigname.c index fcb8b33..10b6324 100644 --- a/compat/mksigname.c +++ b/compat/mksigname.c @@ -32,6 +32,8 @@ #include "missing.h" +__dso_public int main(int argc, char *argv[]); + int main(int argc, char *argv[]) { diff --git a/compat/mktemp.c b/compat/mktemp.c index ce7a4e5..34d514a 100644 --- a/compat/mktemp.c +++ b/compat/mktemp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2003, 2004, 2008-2011 + * Copyright (c) 2001, 2003, 2004, 2008-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -17,6 +17,8 @@ #include +#if !defined(HAVE_MKSTEMPS) || !defined(HAVE_MKDTEMP) + #include #include #include @@ -157,3 +159,4 @@ mkdtemp(char *path) return path; } #endif /* HAVE_MKDTEMP */ +#endif /* !HAVE_MKSTEMPS || !HAVE_MKDTEMP */ diff --git a/compat/nanosleep.c b/compat/nanosleep.c index 23e3b9e..6b8b388 100644 --- a/compat/nanosleep.c +++ b/compat/nanosleep.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2011 Todd C. Miller + * Copyright (c) 2009-2011, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,6 +16,8 @@ #include +#ifndef HAVE_NANOSLEEP + #include #include #ifdef HAVE_SYS_SELECT_H @@ -52,3 +54,4 @@ nanosleep(const struct timespec *ts, struct timespec *rts) } return rval; } +#endif /* HAVE_NANOSLEEP */ diff --git a/compat/nss_dbdefs.h b/compat/nss_dbdefs.h new file mode 100644 index 0000000..129802b --- /dev/null +++ b/compat/nss_dbdefs.h @@ -0,0 +1,106 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _COMPAT_NSS_DBDEFS_H +#define _COMPAT_NSS_DBDEFS_H + +/* + * Bits of nss_dbdefs.h and nss_common.h needed to implement + * getgrouplist(3) using nss_search(3). + * + * HP-UX does not ship those headers so we need this compatibility header. + * It may also work on other systems that use a Solaris-derived nsswitch + * API. + */ + +#ifdef NEED_HPUX_MUTEX +# include +#endif + +typedef enum { + NSS_SUCCESS, + NSS_NOTFOUND, + NSS_UNAVAIL +} nss_status_t; + +typedef struct nss_db_params { + const char *name; + const char *config_name; + const char *default_config; + unsigned int max_active_per_src; + unsigned int max_dormant_per_src; + int flags; + void *finders; + void *private; + void (*cleanup)(struct nss_db_params *); +} nss_db_params_t; + +struct nss_groupsbymem { + const char *username; + gid_t *gid_array; + int maxgids; + int force_slow_way; + int (*str2ent)(const char *, int, void *, char *, int); + nss_status_t (*process_cstr)(const char *, int, struct nss_groupsbymem *); + int numgids; +}; + +typedef struct { + void *result; /* group struct to fill in. */ + char *buffer; /* string buffer for above */ + size_t buflen; /* string buffer size */ +} nss_XbyY_buf_t; + +typedef struct { + void *state; /* really struct nss_db_state * */ +#ifdef NEED_HPUX_MUTEX + lwp_mutex_t lock; +#endif +} nss_db_root_t; + +#ifdef NEED_HPUX_MUTEX +# define NSS_DB_ROOT_INIT { 0, LWP_MUTEX_INITIALIZER } +#else +# define NSS_DB_ROOT_INIT { 0 } +#endif +# define DEFINE_NSS_DB_ROOT(name) nss_db_root_t name = NSS_DB_ROOT_INIT + +/* Backend function to find all groups a user belongs to for initgroups(). */ +#define NSS_DBOP_GROUP_BYMEMBER 6 + +/* str2ent function return values */ +#define NSS_STR_PARSE_SUCCESS 0 +#define NSS_STR_PARSE_PARSE 1 +#define NSS_STR_PARSE_ERANGE 2 + +/* Max length for an /etc/group file line. */ +#define NSS_BUFLEN_GROUP 8192 + +/* HP-UX uses an extra underscore for these functions. */ +#ifdef HAVE___NSS_INITF_GROUP +# define _nss_initf_group __nss_initf_group +#endif +#ifdef HAVE___NSS_XBYY_BUF_ALLOC +# define _nss_XbyY_buf_alloc __nss_XbyY_buf_alloc +# define _nss_XbyY_buf_free __nss_XbyY_buf_free +#endif + +typedef void (*nss_db_initf_t)(nss_db_params_t *); +extern nss_status_t nss_search(nss_db_root_t *, nss_db_initf_t, int, void *); +extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int, int); +extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *); + +#endif /* _COMPAT_NSS_DBDEFS_H */ diff --git a/compat/pw_dup.c b/compat/pw_dup.c index f43153e..6f9312e 100644 --- a/compat/pw_dup.c +++ b/compat/pw_dup.c @@ -1,5 +1,6 @@ /* - * Copyright (c) 2000, 2002, 2012 Todd C. Miller + * Copyright (c) 2000, 2002, 2012-2013 + * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -20,6 +21,8 @@ #include +#ifndef HAVE_PW_DUP + #include #include @@ -102,3 +105,4 @@ pw_dup(const struct passwd *pw) return newpw; } +#endif /* HAVE_PW_DUP */ diff --git a/compat/regress/fnmatch/fnm_test.c b/compat/regress/fnmatch/fnm_test.c index 2079e3b..7795363 100644 --- a/compat/regress/fnmatch/fnm_test.c +++ b/compat/regress/fnmatch/fnm_test.c @@ -20,6 +20,10 @@ # include "compat/fnmatch.h" #endif +#include "missing.h" + +__dso_public int main(int argc, char *argv[]); + int main(int argc, char *argv[]) { diff --git a/compat/regress/glob/globtest.c b/compat/regress/glob/globtest.c index b4f61f2..8da3ed4 100644 --- a/compat/regress/glob/globtest.c +++ b/compat/regress/glob/globtest.c @@ -33,6 +33,7 @@ struct gl_entry { }; int test_glob(struct gl_entry *); +__dso_public int main(int argc, char *argv[]); int main(int argc, char **argv) diff --git a/compat/sig2str.c b/compat/sig2str.c index b233c9b..6c9cd39 100644 --- a/compat/sig2str.c +++ b/compat/sig2str.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012 Todd C. Miller + * Copyright (c) 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,6 +16,8 @@ #include +#ifndef HAVE_SIG2STR + #include #include @@ -74,3 +76,4 @@ sig2str(int signo, char *signame) errno = EINVAL; return -1; } +#endif /* HAVE_SIG2STR */ diff --git a/compat/snprintf.c b/compat/snprintf.c index 8a77a5b..93f49ed 100644 --- a/compat/snprintf.c +++ b/compat/snprintf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2008, 2010-2011 + * Copyright (c) 1999-2005, 2008, 2010-2013 * Todd C. Miller * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. @@ -41,8 +41,9 @@ #include +#if !defined(HAVE_VSNPRINTF) || !defined(HAVE_SNPRINTF) || !defined(HAVE_VASPRINTF) || !defined(HAVE_ASPRINTF) + #include -#include #include #ifdef STDC_HEADERS @@ -53,8 +54,10 @@ # include # endif #endif /* STDC_HEADERS */ -#ifdef HAVE_STDINT_H +#if defined(HAVE_STDINT_H) # include +#elif defined(HAVE_INTTYPES_H) +# include #endif #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) @@ -116,7 +119,7 @@ static int xxxprintf(char **, size_t, int, const char *, va_list); #define LADJUST 0x004 /* left adjustment */ #define LONGDBL 0x008 /* long double; unimplemented */ #define LONGINT 0x010 /* long integer */ -#define QUADINT 0x020 /* quad integer */ +#define LLONGINT 0x020 /* quad integer */ #define SHORTINT 0x040 /* short integer */ #define ZEROPAD 0x080 /* zero (as opposed to blank) pad */ @@ -430,11 +433,16 @@ reswitch: switch (ch) { flags |= SHORTINT; goto rflag; case 'l': - flags |= LONGINT; + if (*fmt == 'l') { + fmt++; + flags |= LLONGINT; + } else { + flags |= LONGINT; + } goto rflag; #ifdef HAVE_LONG_LONG_INT case 'q': - flags |= QUADINT; + flags |= LLONGINT; goto rflag; #endif /* HAVE_LONG_LONG_INT */ case 'c': @@ -448,7 +456,7 @@ reswitch: switch (ch) { case 'd': case 'i': #ifdef HAVE_LONG_LONG_INT - if (flags & QUADINT) { + if (flags & LLONGINT) { uqval = va_arg(ap, long long); if ((long long)uqval < 0) { uqval = -uqval; @@ -468,7 +476,7 @@ reswitch: switch (ch) { goto number; case 'n': #ifdef HAVE_LONG_LONG_INT - if (flags & QUADINT) + if (flags & LLONGINT) *va_arg(ap, long long *) = ret; else #endif /* HAVE_LONG_LONG_INT */ @@ -484,7 +492,7 @@ reswitch: switch (ch) { /*FALLTHROUGH*/ case 'o': #ifdef HAVE_LONG_LONG_INT - if (flags & QUADINT) + if (flags & LLONGINT) uqval = va_arg(ap, unsigned long long); else #endif /* HAVE_LONG_LONG_INT */ @@ -502,7 +510,7 @@ reswitch: switch (ch) { ulval = (unsigned long)va_arg(ap, void *); base = 16; xdigs = "0123456789abcdef"; - flags = (flags & ~QUADINT) | HEXPREFIX; + flags = (flags & ~LLONGINT) | HEXPREFIX; ch = 'x'; goto nosign; case 's': @@ -531,7 +539,7 @@ reswitch: switch (ch) { /*FALLTHROUGH*/ case 'u': #ifdef HAVE_LONG_LONG_INT - if (flags & QUADINT) + if (flags & LLONGINT) uqval = va_arg(ap, unsigned long long); else #endif /* HAVE_LONG_LONG_INT */ @@ -545,7 +553,7 @@ reswitch: switch (ch) { xdigs = "0123456789abcdef"; hex: #ifdef HAVE_LONG_LONG_INT - if (flags & QUADINT) + if (flags & LLONGINT) uqval = va_arg(ap, unsigned long long); else #endif /* HAVE_LONG_LONG_INT */ @@ -554,7 +562,7 @@ hex: /* leading 0x/X only if non-zero */ if (flags & ALT && #ifdef HAVE_LONG_LONG_INT - (flags & QUADINT ? uqval != 0 : ulval != 0)) + (flags & LLONGINT ? uqval != 0 : ulval != 0)) #else ulval != 0) #endif /* HAVE_LONG_LONG_INT */ @@ -577,7 +585,7 @@ number: if ((dprec = prec) >= 0) */ cp = buf + BUF; #ifdef HAVE_LONG_LONG_INT - if (flags & QUADINT) { + if (flags & LLONGINT) { if (uqval != 0 || prec != 0) cp = __uqtoa(uqval, cp, base, flags & ALT, xdigs); @@ -705,3 +713,5 @@ asprintf(char **str, char const *fmt, ...) return ret; } #endif /* HAVE_ASPRINTF */ + +#endif /* !HAVE_VSNPRINTF || !HAVE_SNPRINTF || !HAVE_VASPRINTF || !HAVE_ASPRINTF */ diff --git a/compat/strlcat.c b/compat/strlcat.c index 57e3ca5..535d9f2 100644 --- a/compat/strlcat.c +++ b/compat/strlcat.c @@ -1,7 +1,7 @@ /* $OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $ */ /* - * Copyright (c) 1998, 2003-2005, 2010-2011 + * Copyright (c) 1998, 2003-2005, 2010-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -19,6 +19,8 @@ #include +#ifndef HAVE_STRLCAT + #include #include @@ -58,3 +60,4 @@ strlcat(char *dst, const char *src, size_t siz) return dlen + (s - src); /* count does not include NUL */ } +#endif /* HAVE_STRLCAT */ diff --git a/compat/strlcpy.c b/compat/strlcpy.c index 89fb01b..765bde8 100644 --- a/compat/strlcpy.c +++ b/compat/strlcpy.c @@ -1,7 +1,7 @@ /* $OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $ */ /* - * Copyright (c) 1998, 2003-2005, 2010-2011 + * Copyright (c) 1998, 2003-2005, 2010-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -19,6 +19,8 @@ #include +#ifndef HAVE_STRLCPY + #include #include "missing.h" @@ -53,3 +55,4 @@ strlcpy(char *dst, const char *src, size_t siz) return s - src - 1; /* count does not include NUL */ } +#endif /* HAVE_STRLCPY */ diff --git a/compat/strsignal.c b/compat/strsignal.c index 9ebb8e1..2f42fdf 100644 --- a/compat/strsignal.c +++ b/compat/strsignal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2011 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,6 +16,8 @@ #include +#ifndef HAVE_STRSIGNAL + #include #include @@ -47,3 +49,4 @@ strsignal(int signo) /* XXX - should be "Unknown signal: %d" */ return _("Unknown signal"); } +#endif /* HAVE_STRSIGNAL */ diff --git a/compat/utimes.c b/compat/utimes.c index 455ecd2..bc41193 100644 --- a/compat/utimes.c +++ b/compat/utimes.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005, 2007, 2010-2011 + * Copyright (c) 2004-2005, 2007, 2010-2011, 2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -17,6 +17,8 @@ #include +#if !defined(HAVE_UTIMES) || (!defined(HAVE_FUTIMES) && !defined(HAVE_FUTIMESAT)) + #include #include #include @@ -67,3 +69,5 @@ futimes(int fd, const struct timeval *times) return futime(fd, NULL); } #endif /* HAVE_FUTIME */ + +#endif /* !HAVE_UTIMES || (!HAVE_FUTIMES && !HAVE_FUTIMESAT) */ diff --git a/config.h.in b/config.h.in index 93f36da..2ee54c4 100644 --- a/config.h.in +++ b/config.h.in @@ -134,6 +134,9 @@ /* Define to 1 if the compiler supports the __visibility__ attribute. */ #undef HAVE_DSO_VISIBILITY +/* Define to 1 if you have the header file. */ +#undef HAVE_ENDIAN_H + /* Define to 1 if your system has the F_CLOSEM fcntl. */ #undef HAVE_FCNTL_CLOSEM @@ -168,7 +171,7 @@ #undef HAVE_GETADDRINFO /* Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow - passwords) */ + passwords). */ #undef HAVE_GETAUTHUID /* Define to 1 if you have the `getcwd' function. */ @@ -196,22 +199,22 @@ #undef HAVE_GETPROGNAME /* Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow - passwords) */ + passwords). */ #undef HAVE_GETPRPWNAM /* Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow - passwords) */ + passwords). */ #undef HAVE_GETPWANAM /* Define to 1 if you have the `getresuid' function. */ #undef HAVE_GETRESUID /* Define to 1 if you have the `getspnam' function (SVR4-style shadow - passwords) */ + passwords). */ #undef HAVE_GETSPNAM /* Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow - passwords) */ + passwords). */ #undef HAVE_GETSPWUID /* Define to 1 if you have the `getttyent' function. */ @@ -254,11 +257,11 @@ #undef HAVE_ISBLANK /* Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for - shadow enabled) */ + shadow enabled). */ #undef HAVE_ISCOMSEC /* Define to 1 if you have the `issecure' function. (SunOS 4.x check for - shadow enabled) */ + shadow enabled). */ #undef HAVE_ISSECURE /* Define to 1 if you use Kerberos V. */ @@ -280,7 +283,7 @@ /* Define to 1 if you have the `krb5_verify_user' function. */ #undef HAVE_KRB5_VERIFY_USER -/* Define to 1 if your LDAP needs . (OpenLDAP does not) */ +/* Define to 1 if your LDAP needs . (OpenLDAP does not). */ #undef HAVE_LBER_H /* Define to 1 if you use LDAP for sudoers. */ @@ -352,15 +355,15 @@ /* Define to 1 if you have the `lrand48' function. */ #undef HAVE_LRAND48 +/* Define to 1 if you have the header file. */ +#undef HAVE_MACHINE_ENDIAN_H + /* Define to 1 if you have the header file. */ #undef HAVE_MAILLOCK_H /* Define to 1 if you have the header file. */ #undef HAVE_MALLOC_H -/* Define to 1 if you have the `mbr_check_membership' function. */ -#undef HAVE_MBR_CHECK_MEMBERSHIP - /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H @@ -391,6 +394,12 @@ /* Define to 1 if you have the `nl_langinfo' function. */ #undef HAVE_NL_LANGINFO +/* Define to 1 if you have the header file. */ +#undef HAVE_NSS_DBDEFS_H + +/* Define to 1 if you have the `nss_search' function. */ +#undef HAVE_NSS_SEARCH + /* Define to 1 if you have the `openpty' function. */ #undef HAVE_OPENPTY @@ -424,6 +433,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_PROJECT_H +/* Define to 1 if you have the `pstat_getproc' function. */ +#undef HAVE_PSTAT_GETPROC + /* Define to 1 if you have the header file. */ #undef HAVE_PTY_H @@ -440,7 +452,7 @@ #undef HAVE_REVOKE /* Define to 1 if the skeychallenge() function is RFC1938-compliant and takes - 4 arguments */ + 4 arguments. */ #undef HAVE_RFC1938_SKEYCHALLENGE /* Define to 1 if you have the header file. */ @@ -470,9 +482,6 @@ /* Define to 1 if you have the `setkeycreatecon' function. */ #undef HAVE_SETKEYCREATECON -/* Define to 1 if you have the `setlocale' function. */ -#undef HAVE_SETLOCALE - /* Define to 1 if you have the `setresuid' function. */ #undef HAVE_SETRESUID @@ -542,6 +551,9 @@ /* Define to 1 if you have the `strsignal' function. */ #undef HAVE_STRSIGNAL +/* Define to 1 if you have the `strtoll' function. */ +#undef HAVE_STRTOLL + /* Define to 1 if `d_type' is a member of `struct dirent'. */ #undef HAVE_STRUCT_DIRENT_D_TYPE @@ -614,13 +626,13 @@ /* Define to 1 if `ut_user' is a member of `struct utmp'. */ #undef HAVE_STRUCT_UTMP_UT_USER -/* Define to 1 if your struct stat has an st_mtim member */ +/* Define to 1 if your struct stat has an st_mtim member. */ #undef HAVE_ST_MTIM -/* Define to 1 if your struct stat has an st_mtimespec member */ +/* Define to 1 if your struct stat has an st_mtimespec member. */ #undef HAVE_ST_MTIMESPEC -/* Define to 1 if your struct stat uses an st__tim union */ +/* Define to 1 if your struct stat uses an st__tim union. */ #undef HAVE_ST__TIM /* Define to 1 if you have the `sysconf' function. */ @@ -636,6 +648,9 @@ */ #undef HAVE_SYS_DIR_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_ENDIAN_H + /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_NDIR_H @@ -700,28 +715,37 @@ /* Define to 1 if the system has the type `_Bool'. */ #undef HAVE__BOOL -/* Define to 1 if you have the `_getgroupsbymember' function. */ -#undef HAVE__GETGROUPSBYMEMBER - /* Define to 1 if you have the `_getpty' function. */ #undef HAVE__GETPTY /* Define to 1 if you have the `_innetgr' function. */ #undef HAVE__INNETGR +/* Define to 1 if you have the `_nss_initf_group' function. */ +#undef HAVE__NSS_INITF_GROUP + +/* Define to 1 if you have the `_nss_XbyY_buf_alloc' function. */ +#undef HAVE__NSS_XBYY_BUF_ALLOC + /* Define to 1 if you have the `_ttyname_dev' function. */ #undef HAVE__TTYNAME_DEV /* Define to 1 if the compiler supports the C99 __func__ variable. */ #undef HAVE___FUNC__ +/* Define to 1 if you have the `__nss_initf_group' function. */ +#undef HAVE___NSS_INITF_GROUP + +/* Define to 1 if you have the `__nss_XbyY_buf_alloc' function. */ +#undef HAVE___NSS_XBYY_BUF_ALLOC + /* Define to 1 if your crt0.o defines the __progname symbol for you. */ #undef HAVE___PROGNAME /* Define to 1 if you want the hostname to be entered into the log file. */ #undef HOST_IN_LOG -/* Define to 1 if you want to ignore '.' and empty PATH elements */ +/* Define to 1 if you want to ignore '.' and empty PATH elements. */ #undef IGNORE_DOT_PATH /* The message given when a bad password is entered. */ @@ -768,7 +792,7 @@ sudo. */ #undef NO_LECTURE -/* Define to 1 if you don't want to use sudo's PAM session support */ +/* Define to 1 if you don't want to use sudo's PAM session support. */ #undef NO_PAM_SESSION /* Define to avoid runing the mailer as root. */ @@ -865,7 +889,7 @@ #undef SUDOERS_PLUGIN /* An instance string to append to the username (separated by a slash) for - Kerberos V authentication */ + Kerberos V authentication. */ #undef SUDO_KRB5_INSTANCE /* The umask that the sudo-run prog should use. */ @@ -907,7 +931,7 @@ /* Define for large files, on AIX-style hosts. */ #undef _LARGE_FILES -/* Define to __FUNCTION__ if your compiler support __FUNCTION__ but not +/* Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__ */ #undef __func__ @@ -930,6 +954,9 @@ /* Define to `int' if does not define. */ #undef mode_t +/* Define to an OS-specific initialization function or `os_init_common'. */ +#undef os_init + /* Define to `int' if does not define. */ #undef sig_atomic_t @@ -945,6 +972,15 @@ /* Define to `int' if doesn't define. */ #undef uid_t +/* Define to `unsigned int' if does not define. */ +#undef uint32_t + +/* Define to `unsigned long long' if does not define. */ +#undef uint64_t + +/* Define to `unsigned char' if does not define. */ +#undef uint8_t + /* Define to empty if the keyword `volatile' does not work. Warning: valid code using `volatile' can become incorrect without. Disable with care. */ #undef volatile @@ -984,23 +1020,6 @@ # define ignore_result(x) (void)(x) #endif -/* Macros to set/clear/test flags. */ -#undef SET -#define SET(t, f) ((t) |= (f)) -#undef CLR -#define CLR(t, f) ((t) &= ~(f)) -#undef ISSET -#define ISSET(t, f) ((t) & (f)) - -/* ANSI-style OS defs for HP-UX and ConvexOS. */ -#if defined(hpux) && !defined(__hpux) -# define __hpux 1 -#endif /* hpux */ - -#if defined(convex) && !defined(__convex__) -# define __convex__ 1 -#endif /* convex */ - /* BSD compatibility on some SVR4 systems. */ #ifdef __svr4__ # define BSD_COMP diff --git a/configure b/configure index 5a8e4d9..aa37375 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for sudo 1.8.6p8. +# Generated by GNU Autoconf 2.68 for sudo 1.8.7. # # Report bugs to . # @@ -570,8 +570,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.8.6p8' -PACKAGE_STRING='sudo 1.8.6p8' +PACKAGE_VERSION='1.8.7' +PACKAGE_STRING='sudo 1.8.7' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' @@ -658,6 +658,8 @@ OBJEXT EXEEXT ac_ct_CC CC +PLUGINDIR +pam_session editor secure_path netsvc_conf @@ -701,6 +703,7 @@ PIE_CFLAGS PIE_LDFLAGS CROSS_COMPILING COMPAT_TEST_PROGS +LOCALEDIR_SUFFIX SUDO_NLS LIBINTL LT_STATIC @@ -716,9 +719,9 @@ SELINUX_USAGE BSDAUTH_USAGE DONT_LEAK_PATH_INFO INSTALL_NOEXEC +sesh_file noexec_file SOEXT -PLUGINDIR NOEXECDIR NOEXECFILE mansrcdir @@ -900,6 +903,7 @@ enable_hardening enable_pie enable_admin_flag enable_nls +enable_rpath with_selinux enable_gss_krb5_ccache_name enable_shared @@ -909,6 +913,7 @@ enable_fast_install with_gnu_ld with_sysroot enable_libtool_lock +with_libtool with_noexec with_netsvc enable_sia @@ -1470,7 +1475,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.8.6p8 to adapt to many kinds of systems. +\`configure' configures sudo 1.8.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1535,7 +1540,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.8.6p8:";; + short | recursive ) echo "Configuration of sudo 1.8.7:";; esac cat <<\_ACEOF @@ -1562,10 +1567,10 @@ Optional Features: --enable-werror Whether to enable the -Werror compiler option --disable-hardening Do not use compiler/linker exploit mitigation options - --disable-pie Do not build position independent executables, even - if the compiler/linker supports them + --enable-pie Build sudo as a position independent executable. --enable-admin-flag Whether to create a Ubuntu-style admin flag file --disable-nls Disable natural language support using gettext + --disable-rpath Disable passing of -Rpath to the linker --enable-gss-krb5-ccache-name Use GSS-API to set the Kerberos V cred cache name --enable-shared[=PKGS] build shared libraries [default=yes] @@ -1586,8 +1591,8 @@ Optional Packages: --with-alertmail deprecated --with-devel add development options --with-CC C compiler to use - --with-rpath pass -R flag in addition to -L for lib paths - --with-blibpath=PATH pass -blibpath flag to ld for additional lib paths + --with-rpath deprecated, use --disable-rpath + --with-blibpath=PATH deprecated --with-bsm-audit enable BSM audit support --with-linux-audit enable Linux audit support --with-sssd enable SSSD support @@ -1675,6 +1680,7 @@ Optional Packages: --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot=DIR Search for dependent libraries within DIR (or the compiler's sysroot if not specified). + --with-libtool=PATH specify path to libtool --with-noexec=PATH fully qualified pathname of sudo_noexec.so --with-netsvc[=PATH] path to netsvc.conf --with-pam-login enable specific PAM session for sudo -i @@ -1761,7 +1767,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.8.6p8 +sudo configure 1.8.7 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2465,7 +2471,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.8.6p8, which was +It was created by sudo $as_me 1.8.7, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2916,6 +2922,9 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} + + + @@ -2956,9 +2965,12 @@ path_info=on ldap_conf=/etc/ldap.conf ldap_secret=/etc/ldap.secret netsvc_conf=/etc/netsvc.conf -noexec_file=/usr/local/libexec/sudo_noexec.so +noexec_file=/usr/local/libexec/sudo/sudo_noexec.so +sesh_file=/usr/local/libexec/sudo/sesh nsswitch_conf=/etc/nsswitch.conf secure_path="not set" +pam_session=on +PLUGINDIR=/usr/local/libexec/sudo # # End initial values for man page substitution # @@ -2986,9 +2998,11 @@ AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd SUDO_NLS=disabled +LOCALEDIR_SUFFIX= LT_LDEXPORTS="-export-symbols \$(shlib_exp)" LT_LDDEP="\$(shlib_exp)" NO_VIZ="-DNO_VIZ" +OS_INIT=os_init_common CHECKSHADOW=true shadow_defs= @@ -3004,6 +3018,19 @@ RTLD_PRELOAD_DEFAULT= +# +# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir. +# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip +# off an extraneous "/sudo" from libexecdir. +# +case "$libexecdir" in + */sudo) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&5 +$as_echo "$as_me: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&2;} + libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'` + ;; +esac + # Check whether --with-otp-only was given. @@ -3061,23 +3088,16 @@ fi # Check whether --with-rpath was given. if test "${with_rpath+set}" = set; then : - withval=$with_rpath; case $with_rpath in - yes|no) ;; - *) as_fn_error $? "\"--with-rpath does not take an argument.\"" "$LINENO" 5 - ;; -esac + withval=$with_rpath; { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-rpath deprecated, rpath is now the default" >&5 +$as_echo "$as_me: WARNING: --with-rpath deprecated, rpath is now the default" >&2;} fi # Check whether --with-blibpath was given. if test "${with_blibpath+set}" = set; then : - withval=$with_blibpath; case $with_blibpath in - yes|no) ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: will pass -blibpath:${with_blibpath} to the loader." >&5 -$as_echo "$as_me: will pass -blibpath:${with_blibpath} to the loader." >&6;} - ;; -esac + withval=$with_blibpath; { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-blibpath deprecated, use --with-libpath" >&5 +$as_echo "$as_me: WARNING: --with-blibpath deprecated, use --with-libpath" >&2;} fi @@ -3964,7 +3984,19 @@ if test "${with_incpath+set}" = set; then : *) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_incpath} to CPPFLAGS" >&5 $as_echo "$as_me: Adding ${with_incpath} to CPPFLAGS" >&6;} for i in ${with_incpath}; do - CPPFLAGS="${CPPFLAGS} -I${i}" + + case "${CPPFLAGS}" in + *"-I${i}"|*"-I${i} ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${i}" + else + CPPFLAGS="${CPPFLAGS} -I${i}" + fi + ;; + esac + done ;; esac @@ -5230,17 +5262,27 @@ if test "${with_askpass+set}" = set; then : yes) as_fn_error $? "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5 ;; no) ;; - *) cat >>confdefs.h <&5 + + with_askpass=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } + fi +if test X"$with_askpass" != X"no"; then + cat >>confdefs.h <>confdefs.h <&6; } # Check whether --with-noexec was given. if test "${with_noexec+set}" = set; then : withval=$with_noexec; case $with_noexec in - yes) with_noexec="$libexecdir/sudo_noexec$_shrext" + yes) with_noexec="$libexecdir/sudo/sudo_noexec.so" ;; no) ;; *) ;; esac else - with_noexec="$libexecdir/sudo_noexec$_shrext" + with_noexec="$libexecdir/sudo/sudo_noexec.so" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_noexec" >&5 $as_echo "$with_noexec" >&6; } -NOEXECFILE="sudo_noexec$_shrext" +NOEXECFILE="sudo_noexec.so" NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([^}]*\)}:$(\1):' -e 's:^\(.*\)/[^/]*:\1:'`" # Extract the first word of "uname", so it can be a program name with args. @@ -13902,18 +13968,9 @@ case "$host" in # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " - # For implementing getgrouplist() - for ac_func in _getgroupsbymember -do : - ac_fn_c_check_func "$LINENO" "_getgroupsbymember" "ac_cv_func__getgroupsbymember" -if test "x$ac_cv_func__getgroupsbymember" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE__GETGROUPSBYMEMBER 1 -_ACEOF - -fi -done - + # Solaris-specific initialization + OS_INIT=os_init_solaris + SUDO_OBJS="${SUDO_OBJS} solaris.o" # To get the crypt(3) prototype (so we pass -Wall) OSDEFS="${OSDEFS} -D__EXTENSIONS__" @@ -13923,7 +13980,6 @@ done fi : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" for ac_func in priv_set do : @@ -13941,42 +13997,6 @@ done # To get all prototypes (so we pass -Wall) OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" - if test X"$with_blibpath" != X"no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if linker accepts -Wl,-blibpath" >&5 -$as_echo_n "checking if linker accepts -Wl,-blibpath... " >&6; } - O_LDFLAGS="$LDFLAGS" - LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then - blibpath="$with_blibpath" - elif test -n "$GCC"; then - blibpath="/usr/lib:/lib:/usr/local/lib" - else - blibpath="/usr/lib:/lib" - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - fi - LDFLAGS="$O_LDFLAGS" # On AIX 6 and higher default to PAM, else default to LAM if test $OSMAJOR -ge 6; then @@ -14015,19 +14035,6 @@ fi with_netsvc="/etc/netsvc.conf" fi - # For implementing getgrouplist() - for ac_func in getgrset -do : - ac_fn_c_check_func "$LINENO" "getgrset" "ac_cv_func_getgrset" -if test "x$ac_cv_func_getgrset" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETGRSET 1 -_ACEOF - -fi -done - - # LDR_PRELOAD is only supported in AIX 5.3 and later if test $OSMAJOR -lt 5; then with_noexec=no @@ -14036,7 +14043,7 @@ done fi # AIX-specific functions - for ac_func in getuserattr setauthdb + for ac_func in getuserattr setauthdb setrlimit64 do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -14134,12 +14141,12 @@ $as_echo "$sudo_cv_var_daportable" >&6; } ;; esac - case "$host" in - *-*-hpux[1-8].*) + case "$host_os" in + hpux[1-8].*) $as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h ;; - *-*-hpux9.*) + hpux9.*) $as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h @@ -14150,10 +14157,35 @@ $as_echo "$sudo_cv_var_daportable" >&6; } # order of libs in 9.X is important. -lc_r must be last SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r" LIBS="${LIBS} -ldce -lM -lc_r" - CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant" + + case "${CPPFLAGS}" in + *"-D_REENTRANT"|*"-D_REENTRANT ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-D_REENTRANT" + else + CPPFLAGS="${CPPFLAGS} -D_REENTRANT" + fi + ;; + esac + + + case "${CPPFLAGS}" in + *"-I/usr/include/reentrant"|*"-I/usr/include/reentrant ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I/usr/include/reentrant" + else + CPPFLAGS="${CPPFLAGS} -I/usr/include/reentrant" + fi + ;; + esac + fi ;; - *-*-hpux10.*) + hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" # HP-UX 10.20 libc has an incompatible getline @@ -14165,6 +14197,17 @@ $as_echo "$sudo_cv_var_daportable" >&6; } test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac + for ac_func in pstat_getproc +do : + ac_fn_c_check_func "$LINENO" "pstat_getproc" "ac_cv_func_pstat_getproc" +if test "x$ac_cv_func_pstat_getproc" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PSTAT_GETPROC 1 +_ACEOF + +fi +done + ;; *-dec-osf*) # ignore envariables wrt dynamic lib path @@ -14342,7 +14385,32 @@ fi ;; *-*-riscos*) LIBS="${LIBS} -lsun -lbsd" - CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" + + case "${CPPFLAGS}" in + *"-I/usr/include"|*"-I/usr/include ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I/usr/include" + else + CPPFLAGS="${CPPFLAGS} -I/usr/include" + fi + ;; + esac + + + case "${CPPFLAGS}" in + *"-I/usr/include/bsd"|*"-I/usr/include/bsd ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I/usr/include/bsd" + else + CPPFLAGS="${CPPFLAGS} -I/usr/include/bsd" + fi + ;; + esac + OSDEFS="${OSDEFS} -D_MIPS" : ${mansectsu='1m'} : ${mansectform='4'} @@ -14375,7 +14443,6 @@ fi shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lc89" >&5 @@ -14420,13 +14487,11 @@ fi : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-*-bsdi*) SKIP_SETREUID=yes @@ -14460,13 +14525,12 @@ done CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} - # PIE is broken on FreeBSD/ia64 - case "$host_cpu" in - ia64*) - enable_pie=no;; - esac ;; *-*-*openbsd*) + # OpenBSD-specific initialization + OS_INIT=os_init_openbsd + SUDO_OBJS="${SUDO_OBJS} openbsd.o" + # OpenBSD has a real setreuid(2) starting with 3.3 but # we will use setresuid(2) instead. SKIP_SETREUID=yes @@ -14524,7 +14588,6 @@ done *-*-*sysv4*) : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-*-sysv*) : ${mansectsu='1m'} @@ -14579,19 +14642,16 @@ fi if test -n "$with_libpath"; then for i in ${with_libpath}; do - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) LDFLAGS="${LDFLAGS} -L$i -Wl,+b,$i" - ;; - *) LDFLAGS="${LDFLAGS} -L$i -Wl,-R$i" - ;; - esac - else - LDFLAGS="${LDFLAGS} -L$i" - fi - if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:$i" - fi + case "${LDFLAGS}" in + *"-L$i"|*"-L$i ") + ;; + *) + LDFLAGS="${LDFLAGS} -L$i" + if test X"$enable_rpath" = X"yes"; then + LDFLAGS_R="${LDFLAGS_R} -R$i" + fi + ;; + esac done fi @@ -15441,6 +15501,19 @@ fi done +for ac_header in endian.h sys/endian.h machine/endian.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + break +fi + +done + for ac_header in procfs.h sys/procfs.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` @@ -15680,8 +15753,8 @@ rm -rf conftest* fi fi -case "$host" in - *-*-hpux11.*) +case "$host_os" in + hpux11.*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sys/types.h needs _XOPEN_SOURCE_EXTENDED" >&5 $as_echo_n "checking whether sys/types.h needs _XOPEN_SOURCE_EXTENDED... " >&6; } if ${sudo_cv_xopen_source_extended+:} false; then : @@ -16102,6 +16175,9 @@ $as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h fi +if test X"$ac_cv_type_long_long_int" != X"yes"; then + as_fn_error $? "\"C compiler does not appear have required long long support\"" "$LINENO" 5 +fi # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. @@ -16179,6 +16255,39 @@ _ACEOF fi +ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default" +if test "x$ac_cv_type_uint8_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define uint8_t unsigned char +_ACEOF + +fi + +ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default" +if test "x$ac_cv_type_uint32_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define uint32_t unsigned int +_ACEOF + +fi + +ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default" +if test "x$ac_cv_type_uint64_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define uint64_t unsigned long long +_ACEOF + +fi + ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " $ac_includes_default #include @@ -16622,9 +16731,8 @@ $as_echo "#define HAVE_GETGROUPS 1" >>confdefs.h fi LIBS=$ac_save_LIBS -for ac_func in glob strrchr sysconf tzset strftime setenv \ - regcomp setlocale nl_langinfo mbr_check_membership \ - setrlimit64 +for ac_func in glob nl_langinfo regcomp setenv strftime strrchr strtoll \ + sysconf tzset do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -16636,19 +16744,113 @@ _ACEOF fi done -ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist" +for ac_func in getgrouplist +do : + ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist" if test "x$ac_cv_func_getgrouplist" = xyes; then : - $as_echo "#define HAVE_GETGROUPLIST 1" >>confdefs.h + cat >>confdefs.h <<_ACEOF +#define HAVE_GETGROUPLIST 1 +_ACEOF else - case " $LIBOBJS " in + + case "$host_os" in + aix*) + for ac_func in getgrset +do : + ac_fn_c_check_func "$LINENO" "getgrset" "ac_cv_func_getgrset" +if test "x$ac_cv_func_getgrset" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETGRSET 1 +_ACEOF + +fi +done + + ;; + *) + ac_fn_c_check_func "$LINENO" "nss_search" "ac_cv_func_nss_search" +if test "x$ac_cv_func_nss_search" = xyes; then : + + ac_fn_c_check_func "$LINENO" "_nss_XbyY_buf_alloc" "ac_cv_func__nss_XbyY_buf_alloc" +if test "x$ac_cv_func__nss_XbyY_buf_alloc" = xyes; then : + + # Solaris + ac_fn_c_check_func "$LINENO" "_nss_initf_group" "ac_cv_func__nss_initf_group" +if test "x$ac_cv_func__nss_initf_group" = xyes; then : + + for ac_header in nss_dbdefs.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" +if test "x$ac_cv_header_nss_dbdefs_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NSS_DBDEFS_H 1 +_ACEOF + +fi + +done + + $as_echo "#define HAVE_NSS_SEARCH 1" >>confdefs.h + + $as_echo "#define HAVE__NSS_XBYY_BUF_ALLOC 1" >>confdefs.h + + $as_echo "#define HAVE__NSS_INITF_GROUP 1" >>confdefs.h + + +fi + + +else + + # HP-UX + ac_fn_c_check_func "$LINENO" "__nss_XbyY_buf_alloc" "ac_cv_func___nss_XbyY_buf_alloc" +if test "x$ac_cv_func___nss_XbyY_buf_alloc" = xyes; then : + + ac_fn_c_check_func "$LINENO" "__nss_initf_group" "ac_cv_func___nss_initf_group" +if test "x$ac_cv_func___nss_initf_group" = xyes; then : + + for ac_header in nss_dbdefs.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" +if test "x$ac_cv_header_nss_dbdefs_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NSS_DBDEFS_H 1 +_ACEOF + +fi + +done + + $as_echo "#define HAVE_NSS_SEARCH 1" >>confdefs.h + + $as_echo "#define HAVE___NSS_XBYY_BUF_ALLOC 1" >>confdefs.h + + $as_echo "#define HAVE___NSS_INITF_GROUP 1" >>confdefs.h + + +fi + + +fi + + +fi + + +fi + + ;; + esac + case " $LIBOBJS " in *" getgrouplist.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getgrouplist.$ac_objext" ;; esac -fi +fi +done for ac_func in getline do : @@ -17088,13 +17290,12 @@ if test "x$ac_cv_func_setreuid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SETREUID 1 _ACEOF - SKIP_SETEUID=yes + fi done fi -if test -z "$SKIP_SETEUID"; then - for ac_func in seteuid +for ac_func in seteuid do : ac_fn_c_check_func "$LINENO" "seteuid" "ac_cv_func_seteuid" if test "x$ac_cv_func_seteuid" = xyes; then : @@ -17105,7 +17306,6 @@ _ACEOF fi done -fi if test X"$with_interfaces" != X"no"; then for ac_func in getifaddrs do : @@ -18019,21 +18219,30 @@ fi # make sure we use the gettext() that matches the include file. if test "$enable_nls" != "no"; then if test "$enable_nls" != "yes"; then - CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) LDFLAGS="${LDFLAGS} -L$enable_nls/lib -Wl,+b,$enable_nls/lib" - ;; - *) LDFLAGS="${LDFLAGS} -L$enable_nls/lib -Wl,-R$enable_nls/lib" - ;; - esac - else - LDFLAGS="${LDFLAGS} -L$enable_nls/lib" - fi - if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:$enable_nls/lib" - fi + case "${CPPFLAGS}" in + *"-I${enable_nls}/include"|*"-I${enable_nls}/include ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${enable_nls}/include" + else + CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include" + fi + ;; + esac + + + case "${LDFLAGS}" in + *"-L$enable_nls/lib"|*"-L$enable_nls/lib ") + ;; + *) + LDFLAGS="${LDFLAGS} -L$enable_nls/lib" + if test X"$enable_rpath" = X"yes"; then + LDFLAGS_R="${LDFLAGS_R} -R$enable_nls/lib" + fi + ;; + esac fi OLIBS="$LIBS" @@ -18104,6 +18313,10 @@ done $as_echo "#define HAVE_LIBINTL_H 1" >>confdefs.h SUDO_NLS=enabled + # For Solaris we need links from lang to lang.UTF-8 in localedir + case "$host_os" in + solaris2*) LOCALEDIR_SUFFIX=".UTF-8";; + esac elif test "$sudo_cv_gettext_lintl" = "yes"; then $as_echo "#define HAVE_LIBINTL_H 1" >>confdefs.h @@ -18188,21 +18401,30 @@ fi *) $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h - CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) ZLIB="${ZLIB} -L$enable_zlib/lib -Wl,+b,$enable_zlib/lib" - ;; - *) ZLIB="${ZLIB} -L$enable_zlib/lib -Wl,-R$enable_zlib/lib" - ;; - esac - else - ZLIB="${ZLIB} -L$enable_zlib/lib" - fi - if test X"$blibpath" != X"" -a "ZLIB" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:$enable_zlib/lib" - fi + case "${CPPFLAGS}" in + *"-I${enable_zlib}/include"|*"-I${enable_zlib}/include ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${enable_zlib}/include" + else + CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include" + fi + ;; + esac + + + case "${ZLIB}" in + *"-L$enable_zlib/lib"|*"-L$enable_zlib/lib ") + ;; + *) + ZLIB="${ZLIB} -L$enable_zlib/lib" + if test X"$enable_rpath" = X"yes"; then + ZLIB_R="${ZLIB_R} -R$enable_zlib/lib" + fi + ;; + esac ZLIB="${ZLIB} -lz" ;; @@ -18647,16 +18869,17 @@ if test "${enable_pam_session+set}" = set; then : yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - $as_echo "#define NO_PAM_SESSION 1" >>confdefs.h + $as_echo "#define NO_PAM_SESSION 1" >>confdefs.h - ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + pam_session=off + ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&5 $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&2;} - ;; + ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -18716,21 +18939,30 @@ fi if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_fwtk} -Wl,+b,${with_fwtk}" - ;; - *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_fwtk} -Wl,-R${with_fwtk}" - ;; - esac - else - SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_fwtk}" - fi - if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${with_fwtk}" - fi + case "${SUDOERS_LDFLAGS}" in + *"-L${with_fwtk}"|*"-L${with_fwtk} ") + ;; + *) + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_fwtk}" + if test X"$enable_rpath" = X"yes"; then + SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_fwtk}" + fi + ;; + esac + + + case "${CPPFLAGS}" in + *"-I${with_fwtk}"|*"-I${with_fwtk} ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${with_fwtk}" + else + CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" + fi + ;; + esac - CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" with_fwtk=yes fi SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" @@ -18745,21 +18977,30 @@ if test ${with_SecurID-'no'} != "no"; then else with_SecurID=/usr/ace fi - CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}" - ;; - *) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}" - ;; - esac - else - LDFLAGS="${LDFLAGS} -L${with_SecurID}" - fi - if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${with_SecurID}" - fi + case "${CPPFLAGS}" in + *"-I${with_SecurID}"|*"-I${with_SecurID} ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${with_SecurID}" + else + CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" + fi + ;; + esac + + + case "${SUDOERS_LDFLAGS}" in + *"-L${with_SecurID}"|*"-L${with_SecurID} ") + ;; + *) + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_SecurID}" + if test X"$enable_rpath" = X"yes"; then + SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_SecurID}" + fi + ;; + esac SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" AUTH_OBJS="$AUTH_OBJS securid5.lo"; @@ -18878,21 +19119,30 @@ $as_echo "$as_me: WARNING: Unable to locate Kerberos V include files, you will h fi else - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb5}/lib -Wl,+b,${with_kerb5}/lib" - ;; - *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb5}/lib -Wl,-R${with_kerb5}/lib" - ;; - esac - else - SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb5}/lib" - fi - if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${with_kerb5}/lib" - fi + case "${SUDOERS_LDFLAGS}" in + *"-L${with_kerb5}/lib"|*"-L${with_kerb5}/lib ") + ;; + *) + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb5}/lib" + if test X"$enable_rpath" = X"yes"; then + SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_kerb5}/lib" + fi + ;; + esac + + + case "${CPPFLAGS}" in + *"-I${with_kerb5}/include"|*"-I${with_kerb5}/include ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${with_kerb5}/include" + else + CPPFLAGS="${CPPFLAGS} -I${with_kerb5}/include" + fi + ;; + esac - CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 @@ -19088,19 +19338,16 @@ if test ${with_AFS-'no'} = "yes"; then for i in $AFSLIBDIRS; do if test -d ${i}; then - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L$i -Wl,+b,$i" - ;; - *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L$i -Wl,-R$i" - ;; - esac - else - SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L$i" - fi - if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:$i" - fi + case "${SUDOERS_LDFLAGS}" in + *"-L$i"|*"-L$i ") + ;; + *) + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L$i" + if test X"$enable_rpath" = X"yes"; then + SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R$i" + fi + ;; + esac FOUND_AFSLIBDIR=true fi @@ -19128,7 +19375,19 @@ $as_echo "$as_me: WARNING: Unable to locate AFS libraries, you will have to edit # AFS includes may live in /usr/include on some machines... for i in /usr/afsws/include; do if test -d ${i}; then - CPPFLAGS="${CPPFLAGS} -I${i}" + + case "${CPPFLAGS}" in + *"-I${i}"|*"-I${i} ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${i}" + else + CPPFLAGS="${CPPFLAGS} -I${i}" + fi + ;; + esac + FOUND_AFSINCDIR=true fi done @@ -19150,36 +19409,31 @@ fi if test "${with_skey-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then - CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib" - ;; - *) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib" - ;; - esac - else - LDFLAGS="${LDFLAGS} -L${with_skey}/lib" - fi - if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${with_skey}/lib" - fi + case "${CPPFLAGS}" in + *"-I${with_skey}/include"|*"-I${with_skey}/include ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${with_skey}/include" + else + CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" + fi + ;; + esac + LDFLAGS="$LDFLAGS -L${with_skey}/lib" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib" - ;; - *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib" - ;; - esac - else - SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_skey}/lib" - fi - if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${with_skey}/lib" - fi + case "${SUDOERS_LDFLAGS}" in + *"-L${with_skey}/lib"|*"-L${with_skey}/lib ") + ;; + *) + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_skey}/lib" + if test X"$enable_rpath" = X"yes"; then + SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_skey}/lib" + fi + ;; + esac ac_fn_c_check_header_compile "$LINENO" "skey.h" "ac_cv_header_skey_h" "#include " @@ -19206,35 +19460,18 @@ fi if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else + LDFLAGS="$LDFLAGS -L${dir}/lib" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" - ;; - *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" - ;; - esac - else - LDFLAGS="${LDFLAGS} -L${dir}/lib" - fi - if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${dir}/lib" - fi - - - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" - ;; - *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" - ;; - esac - else - SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib" - fi - if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${dir}/lib" - fi + case "${SUDOERS_LDFLAGS}" in + *"-L${dir}/lib"|*"-L${dir}/lib ") + ;; + *) + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib" + if test X"$enable_rpath" = X"yes"; then + SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${dir}/lib" + fi + ;; + esac fi if test "$found" = "no"; then @@ -19360,36 +19597,31 @@ fi if test "${with_opie-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then - CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib" - ;; - *) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib" - ;; - esac - else - LDFLAGS="${LDFLAGS} -L${with_opie}/lib" - fi - if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${with_opie}/lib" - fi + case "${CPPFLAGS}" in + *"-I${with_opie}/include"|*"-I${with_opie}/include ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${with_opie}/include" + else + CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" + fi + ;; + esac + LDFLAGS="$LDFLAGS -L${with_opie}/lib" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib" - ;; - *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib" - ;; - esac - else - SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_opie}/lib" - fi - if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${with_opie}/lib" - fi + case "${SUDOERS_LDFLAGS}" in + *"-L${with_opie}/lib"|*"-L${with_opie}/lib ") + ;; + *) + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_opie}/lib" + if test X"$enable_rpath" = X"yes"; then + SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_opie}/lib" + fi + ;; + esac cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -19432,35 +19664,18 @@ rm -f conftest.err conftest.i conftest.$ac_ext if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else + LDFLAGS="$LDFLAGS -L${dir}/lib" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" - ;; - *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" - ;; - esac - else - LDFLAGS="${LDFLAGS} -L${dir}/lib" - fi - if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${dir}/lib" - fi - - - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" - ;; - *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" - ;; - esac - else - SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib" - fi - if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${dir}/lib" - fi + case "${SUDOERS_LDFLAGS}" in + *"-L${dir}/lib"|*"-L${dir}/lib ") + ;; + *) + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib" + if test X"$enable_rpath" = X"yes"; then + SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${dir}/lib" + fi + ;; + esac fi if test "$found" = "no"; then @@ -19754,106 +19969,144 @@ done fi if test ${with_ldap-'no'} != "no"; then - _LDFLAGS="$LDFLAGS" + O_LDFLAGS="$LDFLAGS" if test "$with_ldap" != "yes"; then - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib" - ;; - *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib" - ;; - esac - else - SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_ldap}/lib" - fi - if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${with_ldap}/lib" - fi + case "${SUDOERS_LDFLAGS}" in + *"-L${with_ldap}/lib"|*"-L${with_ldap}/lib ") + ;; + *) + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_ldap}/lib" + if test X"$enable_rpath" = X"yes"; then + SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_ldap}/lib" + fi + ;; + esac + LDFLAGS="$LDFLAGS -L${with_ldap}/lib" - if test X"$with_rpath" = X"yes"; then - case "$host" in - *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib" - ;; - *) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib" - ;; - esac - else - LDFLAGS="${LDFLAGS} -L${with_ldap}/lib" - fi - if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then - blibpath_add="${blibpath_add}:${with_ldap}/lib" - fi + case "${CPPFLAGS}" in + *"-I${with_ldap}/include"|*"-I${with_ldap}/include ") + ;; + *) + if test X"${CPPFLAGS}" = X""; then + CPPFLAGS="-I${with_ldap}/include" + else + CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" + fi + ;; + esac - CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" with_ldap=yes fi SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo" LDAP="" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LDAP libraries" >&5 -$as_echo_n "checking for LDAP libraries... " >&6; } - LDAP_LIBS="" _LIBS="$LIBS" + LDAP_LIBS="" + IBMLDAP_EXTRA="" found=no - for l in -lldap -llber '-lssl -lcrypto'; do - LIBS="${LIBS} $l" - LDAP_LIBS="${LDAP_LIBS} $l" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + # On HP-UX, libibmldap has a hidden dependency on libCsup + case "$host_os" in + hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lCsup" >&5 +$as_echo_n "checking for main in -lCsup... " >&6; } +if ${ac_cv_lib_Csup_main+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lCsup $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include - #include - #include + + int main () { -(void)ldap_init(0, 0) +return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - found=yes; break + ac_cv_lib_Csup_main=yes +else + ac_cv_lib_Csup_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - done - if test "$found" = "no"; then - LDAP_LIBS="" - LIBS="$_LIBS" - for l in -libmldap -lidsldif; do - LIBS="${LIBS} $l" - LDAP_LIBS="${LDAP_LIBS} $l" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_Csup_main" >&5 +$as_echo "$ac_cv_lib_Csup_main" >&6; } +if test "x$ac_cv_lib_Csup_main" = xyes; then : + IBMLDAP_EXTRA=" -lCsup" +fi +;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ldap_init" >&5 +$as_echo_n "checking for library containing ldap_init... " >&6; } +if ${ac_cv_search_ldap_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include - #include - #include + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char ldap_init (); int main () { -(void)ldap_init(0, 0) +return ldap_init (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - found=yes; break +for ac_lib in '' "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}"; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_ldap_init=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - done - fi - if test "$found" = "no"; then - LIBS="${_LIBS} -lldap" + conftest$ac_exeext + if ${ac_cv_search_ldap_init+:} false; then : + break +fi +done +if ${ac_cv_search_ldap_init+:} false; then : + +else + ac_cv_search_ldap_init=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ldap_init" >&5 +$as_echo "$ac_cv_search_ldap_init" >&6; } +ac_res=$ac_cv_search_ldap_init +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + test "$ac_res" != "none required" && LDAP_LIBS="$ac_res" + found=yes + +fi + + # If nothing linked, try -lldap and hope for the best + if test "$found" = "no"; then LDAP_LIBS="-lldap" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found, using -lldap" >&5 -$as_echo "not found, using -lldap" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDAP_LIBS" >&5 -$as_echo "$LDAP_LIBS" >&6; } fi + LIBS="${_LIBS} ${LDAP_LIBS}" OLIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ber_set_option" >&5 $as_echo_n "checking for library containing ber_set_option... " >&6; } @@ -19951,7 +20204,8 @@ if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF - for ac_func in ldap_sasl_interactive_bind_s + + for ac_func in ldap_sasl_interactive_bind_s do : ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind_s" "ac_cv_func_ldap_sasl_interactive_bind_s" if test "x$ac_cv_func_ldap_sasl_interactive_bind_s" = xyes; then : @@ -19962,8 +20216,8 @@ _ACEOF fi done -else - break + break + fi done @@ -20169,7 +20423,7 @@ $as_echo "$as_me: WARNING: Unable to locate gssapi.h, you will have to edit the SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" - LDFLAGS="$_LDFLAGS" + LDFLAGS="$O_LDFLAGS" fi # @@ -20180,13 +20434,13 @@ case "$lt_cv_dlopen" in dlopen) $as_echo "#define HAVE_DLOPEN 1" >>confdefs.h - SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" ;; shl_load) $as_echo "#define HAVE_SHL_LOAD 1" >>confdefs.h - SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" case " $LIBOBJS " in *" dlopen.$ac_objext "* ) ;; @@ -20226,8 +20480,8 @@ fi # what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads) # so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. -case "$host" in - *-*-hpux*) +case "$host_os" in + hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 $as_echo_n "checking for main in -lpthread... " >&6; } if ${ac_cv_lib_pthread_main+:} false; then : @@ -20262,17 +20516,10 @@ if test "x$ac_cv_lib_pthread_main" = xyes; then : SUDO_LIBS="${SUDO_LIBS} -lpthread" fi + OSDEFS="${OSDEFS} -D_REENTRANT" ;; esac -if test -n "$blibpath"; then - if test -n "$blibpath_add"; then - SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" - elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then - SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}" - fi -fi - if test "$utmp_style" = "LEGACY"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utmp file path" >&5 $as_echo_n "checking for utmp file path... " >&6; } @@ -20457,8 +20704,8 @@ else fi else - case "$host" in - *-*-hpux*) + case "$host_os" in + hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Bhidden_def" >&5 $as_echo_n "checking whether C compiler accepts -Bhidden_def... " >&6; } if ${ax_cv_check_cflags___Bhidden_def+:} false; then : @@ -20501,7 +20748,7 @@ else fi ;; - *-*-solaris2*) + solaris2*) as_CACHEVAR=`$as_echo "ax_cv_check_cflags__-xldscope=hidden" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -xldscope=hidden" >&5 $as_echo_n "checking whether C compiler accepts -xldscope=hidden... " >&6; } @@ -20557,6 +20804,7 @@ if ${sudo_cv_var_gnu_ld_anon_map+:} false; then : $as_echo_n "(cached) " >&6 else + sudo_cv_var_gnu_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; @@ -20579,9 +20827,7 @@ main () } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - - sudo_cv_var_gnu_ld_anon_map=yes - + sudo_cv_var_gnu_ld_anon_map=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext @@ -20596,14 +20842,15 @@ $as_echo "$sudo_cv_var_gnu_ld_anon_map" >&6; } LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)" fi else - case "$host" in - *-*-solaris2*) + case "$host_os" in + solaris2*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports anonymous map files" >&5 $as_echo_n "checking whether ld supports anonymous map files... " >&6; } if ${sudo_cv_var_solaris_ld_anon_map+:} false; then : $as_echo_n "(cached) " >&6 else + sudo_cv_var_solaris_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; @@ -20626,9 +20873,7 @@ main () } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - - sudo_cv_var_solaris_ld_anon_map=yes - + sudo_cv_var_solaris_ld_anon_map=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext @@ -20643,13 +20888,14 @@ $as_echo "$sudo_cv_var_solaris_ld_anon_map" >&6; } LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)" fi ;; - *-*-hpux*) + hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports controlling exported symbols" >&5 $as_echo_n "checking whether ld supports controlling exported symbols... " >&6; } if ${sudo_cv_var_hpux_ld_symbol_export+:} false; then : $as_echo_n "(cached) " >&6 else + sudo_cv_var_hpux_ld_symbol_export=no echo "+e foo" > conftest.opt _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" @@ -20671,14 +20917,13 @@ main () } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - - sudo_cv_var_hpux_ld_symbol_export=yes - + sudo_cv_var_hpux_ld_symbol_export=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" + rm -f conftest.opt fi @@ -20692,8 +20937,97 @@ $as_echo "$sudo_cv_var_hpux_ld_symbol_export" >&6; } fi fi -if test "$enable_pie" != "no" -a -n "$GCC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5 +if test -n "$GCC"; then + if test -z "$enable_pie"; then + case "$host_os" in + linux*) + # Attempt to build with PIE support + enable_pie="maybe" + ;; + esac + fi + if test -n "$enable_pie"; then + if test "$enable_pie" = "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-pie" >&5 +$as_echo_n "checking whether C compiler accepts -fno-pie... " >&6; } +if ${ax_cv_check_cflags___fno_pie+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -fno-pie" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ax_cv_check_cflags___fno_pie=yes +else + ax_cv_check_cflags___fno_pie=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_pie" >&5 +$as_echo "$ax_cv_check_cflags___fno_pie" >&6; } +if test x"$ax_cv_check_cflags___fno_pie" = xyes; then : + + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fno-pie" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -nopie" >&5 +$as_echo_n "checking whether the linker accepts -nopie... " >&6; } +if ${ax_cv_check_ldflags___nopie+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -nopie" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ax_cv_check_ldflags___nopie=yes +else + ax_cv_check_ldflags___nopie=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___nopie" >&5 +$as_echo "$ax_cv_check_ldflags___nopie" >&6; } +if test x"$ax_cv_check_ldflags___nopie" = xyes; then : + + PIE_CFLAGS="-fno-pie" + PIE_LDFLAGS="-nopie" + +else + : +fi + + CFLAGS="$_CFLAGS" + +else + : +fi + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5 $as_echo_n "checking whether C compiler accepts -fPIE... " >&6; } if ${ax_cv_check_cflags___fPIE+:} false; then : $as_echo_n "(cached) " >&6 @@ -20724,9 +21058,9 @@ fi $as_echo "$ax_cv_check_cflags___fPIE" >&6; } if test x"$ax_cv_check_cflags___fPIE" = xyes; then : - _CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -fPIE" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5 + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fPIE" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5 $as_echo_n "checking whether the linker accepts -pie... " >&6; } if ${ax_cv_check_ldflags___pie+:} false; then : $as_echo_n "(cached) " >&6 @@ -20758,19 +21092,99 @@ fi $as_echo "$ax_cv_check_ldflags___pie" >&6; } if test x"$ax_cv_check_ldflags___pie" = xyes; then : - PIE_CFLAGS="-fPIE" - PIE_LDFLAGS="-pie" + if test "$enable_pie" = "maybe"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working PIE support" >&5 +$as_echo_n "checking for working PIE support... " >&6; } +if ${sudo_cv_working_pie+:} false; then : + $as_echo_n "(cached) " >&6 +else + rm -f conftestdata; > conftestdata +if test "$cross_compiling" = yes; then : + sudo_cv_working_pie=no +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; } +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + sudo_cv_working_pie=yes +else + sudo_cv_working_pie=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +rm -f core core.* *.core +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_working_pie" >&5 +$as_echo "$sudo_cv_working_pie" >&6; } +if test $sudo_cv_working_pie = yes; then : + enable_pie=yes +fi + fi + if test "$enable_pie" = "yes"; then + PIE_CFLAGS="-fPIE" + PIE_LDFLAGS="-Wc,-fPIE -pie" + fi else : fi - CFLAGS="$_CFLAGS" + CFLAGS="$_CFLAGS" else : fi + fi + fi +fi +if test "$enable_pie" != "yes"; then + # Solaris 11.1 and higher supports tagging binaries to use ASLR + case "$host_os" in + solaris2.1[1-9]|solaris2.[2-9][0-9]) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,aslr" >&5 +$as_echo_n "checking whether the linker accepts -Wl,-z,aslr... " >&6; } +if ${ax_cv_check_ldflags___Wl__z_aslr+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,-z,aslr" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ax_cv_check_ldflags___Wl__z_aslr=yes +else + ax_cv_check_ldflags___Wl__z_aslr=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_aslr" >&5 +$as_echo "$ax_cv_check_ldflags___Wl__z_aslr" >&6; } +if test x"$ax_cv_check_ldflags___Wl__z_aslr" = xyes; then : + PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr" +else + : +fi + + ;; + esac fi if test "$enable_hardening" != "no"; then @@ -20995,6 +21409,12 @@ if test -n "$LIBS"; then done fi + +cat >>confdefs.h <<_ACEOF +#define os_init $OS_INIT +_ACEOF + + if test -n "$GCC"; then if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then CFLAGS="${CFLAGS} -Wall" @@ -21008,7 +21428,7 @@ CROSS_COMPILING="$cross_compiling" test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' -if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then +if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then oexec_prefix="$exec_prefix" if test "$exec_prefix" = '$(prefix)'; then if test "$prefix" = "NONE"; then @@ -21033,7 +21453,7 @@ EOF fi if test X"$with_selinux" != X"no"; then - sesh_file="$libexecdir/sesh" + sesh_file="$libexecdir/sudo/sesh" _sesh_file= while test X"$sesh_file" != X"$_sesh_file"; do _sesh_file="$sesh_file" @@ -21044,22 +21464,40 @@ EOF EOF fi - PLUGINDIR="$with_plugindir" - _PLUGINDIR= - while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do - _PLUGINDIR="$PLUGINDIR" - eval PLUGINDIR="$_PLUGINDIR" - done - cat >>confdefs.h <>confdefs.h <>confdefs.h <>confdefs.h <>confdefs.h <confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -21596,7 +22034,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.8.6p8, which was +This file was extended by sudo $as_me 1.8.7, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21662,7 +22100,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.8.6p8 +sudo config.status 1.8.7 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" @@ -22078,7 +22516,7 @@ do "src/sudo_usage.h") CONFIG_FILES="$CONFIG_FILES src/sudo_usage.h" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "plugins/sample/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample/Makefile" ;; - "plugins/sample_group/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample_group/Makefile" ;; + "plugins/group_file/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/group_file/Makefile" ;; "plugins/system_group/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/system_group/Makefile" ;; "plugins/sudoers/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/Makefile" ;; "plugins/sudoers/sudoers") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/sudoers" ;; @@ -23302,8 +23740,8 @@ fi if test "$with_pam" = "yes"; then - case $host in - *-*-hpux*) + case $host_os in + hpux*) if test -f /usr/lib/security/libpam_hpsec.so.1; then { $as_echo "$as_me:${as_lineno-$LINENO}: You may wish to add the following line to /etc/pam.conf" >&5 $as_echo "$as_me: You may wish to add the following line to /etc/pam.conf" >&6;} @@ -23311,7 +23749,7 @@ $as_echo "$as_me: You may wish to add the following line to /etc/pam.conf" >&6;} $as_echo "$as_me: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&6;} fi ;; - *-*-linux*) + linux*) { $as_echo "$as_me:${as_lineno-$LINENO}: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&5 $as_echo "$as_me: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&6;} ;; @@ -23409,6 +23847,11 @@ fi + + + + + diff --git a/configure.in b/configure.in index 2b3ce53..7328151 100644 --- a/configure.in +++ b/configure.in @@ -3,7 +3,7 @@ dnl Process this file with GNU autoconf to produce a configure script. dnl dnl Copyright (c) 1994-1996,1998-2013 Todd C. Miller dnl -AC_INIT([sudo], [1.8.6p8], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.8.7], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) dnl dnl Note: this must come after AC_INIT @@ -56,9 +56,9 @@ AC_SUBST([mansectform]) AC_SUBST([mansrcdir]) AC_SUBST([NOEXECFILE]) AC_SUBST([NOEXECDIR]) -AC_SUBST([PLUGINDIR]) AC_SUBST([SOEXT]) AC_SUBST([noexec_file]) +AC_SUBST([sesh_file]) AC_SUBST([INSTALL_NOEXEC]) AC_SUBST([DONT_LEAK_PATH_INFO]) AC_SUBST([BSDAUTH_USAGE]) @@ -74,6 +74,7 @@ AC_SUBST([LIBDL]) AC_SUBST([LT_STATIC]) AC_SUBST([LIBINTL]) AC_SUBST([SUDO_NLS]) +AC_SUBST([LOCALEDIR_SUFFIX]) AC_SUBST([COMPAT_TEST_PROGS]) AC_SUBST([CROSS_COMPILING]) AC_SUBST([PIE_LDFLAGS]) @@ -120,6 +121,8 @@ AC_SUBST([nsswitch_conf]) AC_SUBST([netsvc_conf]) AC_SUBST([secure_path]) AC_SUBST([editor]) +AC_SUBST([pam_session]) +AC_SUBST([PLUGINDIR]) # # Begin initial values for man page substitution # @@ -156,9 +159,12 @@ path_info=on ldap_conf=/etc/ldap.conf ldap_secret=/etc/ldap.secret netsvc_conf=/etc/netsvc.conf -noexec_file=/usr/local/libexec/sudo_noexec.so +noexec_file=/usr/local/libexec/sudo/sudo_noexec.so +sesh_file=/usr/local/libexec/sudo/sesh nsswitch_conf=/etc/nsswitch.conf secure_path="not set" +pam_session=on +PLUGINDIR=/usr/local/libexec/sudo # # End initial values for man page substitution # @@ -190,9 +196,11 @@ AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd SUDO_NLS=disabled +LOCALEDIR_SUFFIX= LT_LDEXPORTS="-export-symbols \$(shlib_exp)" LT_LDDEP="\$(shlib_exp)" NO_VIZ="-DNO_VIZ" +OS_INIT=os_init_common dnl dnl Other vaiables @@ -217,6 +225,18 @@ dnl libc replacement functions live in compat dnl AC_CONFIG_LIBOBJ_DIR(compat) +# +# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir. +# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip +# off an extraneous "/sudo" from libexecdir. +# +case "$libexecdir" in + */sudo) + AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory]) + libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'` + ;; +esac + dnl dnl Deprecated --with options (these all warn or generate an error) dnl @@ -257,19 +277,11 @@ AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], ;; esac]) -AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])], -[case $with_rpath in - yes|no) ;; - *) AC_MSG_ERROR(["--with-rpath does not take an argument."]) - ;; -esac]) +AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])], +[AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])]) -AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])], -[case $with_blibpath in - yes|no) ;; - *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.]) - ;; -esac]) +AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [deprecated])], +[AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])]) dnl dnl Handle BSM auditing support. @@ -330,7 +342,7 @@ AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to loo ;; *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS]) for i in ${with_incpath}; do - CPPFLAGS="${CPPFLAGS} -I${i}" + SUDO_APPEND_CPPFLAGS(-I${i}) done ;; esac]) @@ -1125,16 +1137,23 @@ AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pat yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) ;; no) ;; - *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass]) - ;; -esac], AC_MSG_RESULT(no)) + *) ;; +esac], [ + with_askpass=no + AC_MSG_RESULT(no) +]) +if test X"$with_askpass" != X"no"; then + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass") +else + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL) +fi AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])], [case $with_plugindir in no) AC_MSG_ERROR(["illegal argument: --without-plugindir."]) ;; *) ;; -esac], [with_plugindir="$libexecdir"]) +esac], [with_plugindir="$libexecdir/sudo"]) AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])], [case $with_man in @@ -1364,8 +1383,7 @@ AC_ARG_ENABLE(hardening, [], [enable_hardening=yes]) AC_ARG_ENABLE(pie, -[AS_HELP_STRING([--disable-pie], [Do not build position independent executables, even if the compiler/linker supports them])], -[], [enable_pie=yes]) +[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])]) AC_ARG_ENABLE(admin-flag, [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], @@ -1382,6 +1400,10 @@ AC_ARG_ENABLE(nls, [AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])], [], [enable_nls=yes]) +AC_ARG_ENABLE(rpath, +[AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])], +[], [enable_rpath=yes]) + AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], [case $with_selinux in yes) SELINUX_USAGE="[[-r role]] [[-t type]] " @@ -1396,7 +1418,7 @@ AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support]) no) ;; *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) ;; -esac]) +esac], [with_selinux=no]) dnl dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default @@ -1437,6 +1459,21 @@ AC_CONFIG_MACRO_DIR([m4]) LT_PREREQ([2.2.6b]) LT_INIT([dlopen]) +dnl +dnl Allow the user to specify an alternate libtool. +dnl XXX - should be able to skip LT_INIT if we are using a different libtool +dnl +AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])], +[case $with_libtool in + yes|builtin) ;; + no) AC_MSG_ERROR(["--without-libtool not supported."]) + ;; + system) LIBTOOL=libtool + ;; + *) LIBTOOL="$with_libtool" + ;; +esac]) + dnl dnl Defer with_noexec until after libtool magic runs dnl @@ -1446,6 +1483,7 @@ if test "$enable_shared" = "no"; then lt_cv_dlopen=none lt_cv_dlopen_libs= ac_cv_func_dlopen=no + LT_LDFLAGS=-static else eval _shrext="$shrext_cmds" # Darwin uses .dylib for libraries but .so for modules @@ -1458,13 +1496,13 @@ fi AC_MSG_CHECKING(path to sudo_noexec.so) AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])], [case $with_noexec in - yes) with_noexec="$libexecdir/sudo_noexec$_shrext" + yes) with_noexec="$libexecdir/sudo/sudo_noexec.so" ;; no) ;; *) ;; -esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"]) +esac], [with_noexec="$libexecdir/sudo/sudo_noexec.so"]) AC_MSG_RESULT($with_noexec) -NOEXECFILE="sudo_noexec$_shrext" +NOEXECFILE="sudo_noexec.so" NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" dnl @@ -1551,8 +1589,9 @@ case "$host" in # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " - # For implementing getgrouplist() - AC_CHECK_FUNCS(_getgroupsbymember) + # Solaris-specific initialization + OS_INIT=os_init_solaris + SUDO_OBJS="${SUDO_OBJS} solaris.o" # To get the crypt(3) prototype (so we pass -Wall) OSDEFS="${OSDEFS} -D__EXTENSIONS__" @@ -1562,7 +1601,6 @@ case "$host" in fi : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" AC_CHECK_FUNCS(priv_set, [PSMAN=1]) ;; @@ -1570,22 +1608,6 @@ case "$host" in # To get all prototypes (so we pass -Wall) OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" - if test X"$with_blibpath" != X"no"; then - AC_MSG_CHECKING([if linker accepts -Wl,-blibpath]) - O_LDFLAGS="$LDFLAGS" - LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [ - if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then - blibpath="$with_blibpath" - elif test -n "$GCC"; then - blibpath="/usr/lib:/lib:/usr/local/lib" - else - blibpath="/usr/lib:/lib" - fi - AC_MSG_RESULT(yes) - ], [AC_MSG_RESULT(no)]) - fi - LDFLAGS="$O_LDFLAGS" # On AIX 6 and higher default to PAM, else default to LAM if test $OSMAJOR -ge 6; then @@ -1610,9 +1632,6 @@ case "$host" in with_netsvc="/etc/netsvc.conf" fi - # For implementing getgrouplist() - AC_CHECK_FUNCS(getgrset) - # LDR_PRELOAD is only supported in AIX 5.3 and later if test $OSMAJOR -lt 5; then with_noexec=no @@ -1621,7 +1640,7 @@ case "$host" in fi # AIX-specific functions - AC_CHECK_FUNCS(getuserattr setauthdb) + AC_CHECK_FUNCS(getuserattr setauthdb setrlimit64) COMMON_OBJS="$COMMON_OBJS aix.lo" ;; *-*-hiuxmpp*) @@ -1682,11 +1701,11 @@ case "$host" in ;; esac - case "$host" in - *-*-hpux[[1-8]].*) + case "$host_os" in + hpux[[1-8]].*) AC_DEFINE(BROKEN_SYSLOG) ;; - *-*-hpux9.*) + hpux9.*) AC_DEFINE(BROKEN_SYSLOG) shadow_funcs="getspwuid" @@ -1696,10 +1715,11 @@ case "$host" in # order of libs in 9.X is important. -lc_r must be last SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r" LIBS="${LIBS} -ldce -lM -lc_r" - CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant" + SUDO_APPEND_CPPFLAGS(-D_REENTRANT) + SUDO_APPEND_CPPFLAGS(-I/usr/include/reentrant) fi ;; - *-*-hpux10.*) + hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" # HP-UX 10.20 libc has an incompatible getline @@ -1711,6 +1731,7 @@ case "$host" in test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac + AC_CHECK_FUNCS(pstat_getproc) ;; *-dec-osf*) # ignore envariables wrt dynamic lib path @@ -1820,7 +1841,8 @@ case "$host" in ;; *-*-riscos*) LIBS="${LIBS} -lsun -lbsd" - CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" + SUDO_APPEND_CPPFLAGS(-I/usr/include) + SUDO_APPEND_CPPFLAGS(-I/usr/include/bsd) OSDEFS="${OSDEFS} -D_MIPS" : ${mansectsu='1m'} : ${mansectform='4'} @@ -1853,19 +1875,16 @@ case "$host" in shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"]) : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-*-bsdi*) SKIP_SETREUID=yes @@ -1889,13 +1908,12 @@ case "$host" in CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} - # PIE is broken on FreeBSD/ia64 - case "$host_cpu" in - ia64*) - enable_pie=no;; - esac ;; *-*-*openbsd*) + # OpenBSD-specific initialization + OS_INIT=os_init_openbsd + SUDO_OBJS="${SUDO_OBJS} openbsd.o" + # OpenBSD has a real setreuid(2) starting with 3.3 but # we will use setresuid(2) instead. SKIP_SETREUID=yes @@ -1953,7 +1971,6 @@ case "$host" in *-*-*sysv4*) : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-*-sysv*) : ${mansectsu='1m'} @@ -2070,6 +2087,7 @@ AC_HEADER_TIME AC_HEADER_STDBOOL AC_HEADER_MAJOR AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) +AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break]) AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT #ifdef HAVE_PROCFS_H #include @@ -2084,8 +2102,8 @@ dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h dnl when large files support is enabled so work around it. dnl AC_SYS_LARGEFILE -case "$host" in - *-*-hpux11.*) +case "$host_os" in + hpux11.*) AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended], [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT #include ], [])], [sudo_cv_xopen_source_extended=no], [ @@ -2141,11 +2159,17 @@ AC_CHECK_TYPES([struct timespec], [], [], [#include AC_CHECK_TYPES([struct in6_addr], [], [], [#include #include ]) AC_TYPE_LONG_LONG_INT +if test X"$ac_cv_type_long_long_int" != X"yes"; then + AC_MSG_ERROR(["C compiler does not appear have required long long support"]) +fi AC_CHECK_SIZEOF([long int]) AC_CHECK_TYPE(size_t, unsigned int) AC_CHECK_TYPE(ssize_t, int) AC_CHECK_TYPE(dev_t, int) AC_CHECK_TYPE(ino_t, unsigned int) +AC_CHECK_TYPE(uint8_t, unsigned char) +AC_CHECK_TYPE(uint32_t, unsigned int) +AC_CHECK_TYPE(uint64_t, unsigned long long) AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [ AC_INCLUDES_DEFAULT #include ]) @@ -2199,10 +2223,39 @@ dnl dnl Function checks dnl AC_FUNC_GETGROUPS -AC_CHECK_FUNCS(glob strrchr sysconf tzset strftime setenv \ - regcomp setlocale nl_langinfo mbr_check_membership \ - setrlimit64) -AC_REPLACE_FUNCS(getgrouplist) +AC_CHECK_FUNCS(glob nl_langinfo regcomp setenv strftime strrchr strtoll \ + sysconf tzset) +AC_CHECK_FUNCS(getgrouplist, [], [ + case "$host_os" in + aix*) + AC_CHECK_FUNCS(getgrset) + ;; + *) + AC_CHECK_FUNC(nss_search, [ + AC_CHECK_FUNC(_nss_XbyY_buf_alloc, [ + # Solaris + AC_CHECK_FUNC(_nss_initf_group, [ + AC_CHECK_HEADERS(nss_dbdefs.h) + AC_DEFINE([HAVE_NSS_SEARCH]) + AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC]) + AC_DEFINE([HAVE__NSS_INITF_GROUP]) + ]) + ], [ + # HP-UX + AC_CHECK_FUNC(__nss_XbyY_buf_alloc, [ + AC_CHECK_FUNC(__nss_initf_group, [ + AC_CHECK_HEADERS(nss_dbdefs.h) + AC_DEFINE([HAVE_NSS_SEARCH]) + AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) + AC_DEFINE([HAVE___NSS_INITF_GROUP]) + ]) + ]) + ]) + ]) + ;; + esac + AC_LIBOBJ(getgrouplist) +]) AC_CHECK_FUNCS(getline, [], [ AC_LIBOBJ(getline) AC_CHECK_FUNCS(fgetln) @@ -2278,11 +2331,9 @@ if test -z "$SKIP_SETRESUID"; then ]) fi if test -z "$SKIP_SETREUID"; then - AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes]) -fi -if test -z "$SKIP_SETEUID"; then - AC_CHECK_FUNCS(seteuid) + AC_CHECK_FUNCS(setreuid) fi +AC_CHECK_FUNCS(seteuid) if test X"$with_interfaces" != X"no"; then AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)]) fi @@ -2449,7 +2500,7 @@ elif test -n "$GCC"; then AC_MSG_RESULT($sudo_cv___FUNCTION__) if test "$sudo_cv___FUNCTION__" = "yes"; then AC_DEFINE(HAVE___FUNC__) - AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__]) + AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__]) fi fi @@ -2461,7 +2512,7 @@ fi # make sure we use the gettext() that matches the include file. if test "$enable_nls" != "no"; then if test "$enable_nls" != "yes"; then - CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include" + SUDO_APPEND_CPPFLAGS(-I${enable_nls}/include) SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib]) fi OLIBS="$LIBS" @@ -2497,6 +2548,10 @@ if test "$enable_nls" != "no"; then if test "$sudo_cv_gettext" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled + # For Solaris we need links from lang to lang.UTF-8 in localedir + case "$host_os" in + solaris2*) LOCALEDIR_SUFFIX=".UTF-8";; + esac elif test "$sudo_cv_gettext_lintl" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled @@ -2531,7 +2586,7 @@ case "$enable_zlib" in ;; *) AC_DEFINE(HAVE_ZLIB_H) - CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}" + SUDO_APPEND_CPPFLAGS(-I${enable_zlib}/include) SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) ZLIB="${ZLIB} -lz" ;; @@ -2706,12 +2761,13 @@ if test ${with_pam-"no"} != "no"; then [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; - no) AC_MSG_RESULT(no) - AC_DEFINE(NO_PAM_SESSION) - ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) - ;; + no) AC_MSG_RESULT(no) + AC_DEFINE(NO_PAM_SESSION) + pam_session=off + ;; + *) AC_MSG_RESULT(no) + AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) + ;; esac], AC_MSG_RESULT(yes)) fi fi @@ -2759,7 +2815,7 @@ dnl if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}]) - CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" + SUDO_APPEND_CPPFLAGS(-I${with_fwtk}) with_fwtk=yes fi SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" @@ -2777,8 +2833,8 @@ if test ${with_SecurID-'no'} != "no"; then else with_SecurID=/usr/ace fi - CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}]) + SUDO_APPEND_CPPFLAGS(-I${with_SecurID}) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}]) SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" AUTH_OBJS="$AUTH_OBJS securid5.lo"; fi @@ -2841,7 +2897,7 @@ if test ${with_kerb5-'no'} != "no"; then else dnl XXX - try to include krb5.h here too SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib]) - CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" + SUDO_APPEND_CPPFLAGS(-I${with_kerb5}/include) fi dnl @@ -2931,7 +2987,7 @@ if test ${with_AFS-'no'} = "yes"; then # AFS includes may live in /usr/include on some machines... for i in /usr/afsws/include; do if test -d ${i}; then - CPPFLAGS="${CPPFLAGS} -I${i}" + SUDO_APPEND_CPPFLAGS(-I${i}) FOUND_AFSINCDIR=true fi done @@ -2959,8 +3015,8 @@ dnl if test "${with_skey-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then - CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib]) + SUDO_APPEND_CPPFLAGS(-I${with_skey}/include) + LDFLAGS="$LDFLAGS -L${with_skey}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib]) AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include ]) else @@ -2974,7 +3030,7 @@ if test "${with_skey-'no'}" = "yes"; then if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else - SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) + LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then @@ -3009,8 +3065,8 @@ dnl if test "${with_opie-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then - CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib]) + SUDO_APPEND_CPPFLAGS(-I${with_opie}/include) + LDFLAGS="$LDFLAGS -L${with_opie}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib]) AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes], [found=no]) else @@ -3023,7 +3079,7 @@ if test "${with_opie-'no'}" = "yes"; then if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else - SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) + LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then @@ -3091,46 +3147,33 @@ dnl dnl extra lib and .o file for LDAP support dnl if test ${with_ldap-'no'} != "no"; then - _LDFLAGS="$LDFLAGS" + O_LDFLAGS="$LDFLAGS" if test "$with_ldap" != "yes"; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib]) - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) - CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" + LDFLAGS="$LDFLAGS -L${with_ldap}/lib" + SUDO_APPEND_CPPFLAGS(-I${with_ldap}/include) with_ldap=yes fi SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo" LDAP="" - AC_MSG_CHECKING([for LDAP libraries]) - LDAP_LIBS="" _LIBS="$LIBS" + LDAP_LIBS="" + IBMLDAP_EXTRA="" found=no - for l in -lldap -llber '-lssl -lcrypto'; do - LIBS="${LIBS} $l" - LDAP_LIBS="${LDAP_LIBS} $l" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include - #include - #include ]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) - done - if test "$found" = "no"; then - LDAP_LIBS="" - LIBS="$_LIBS" - for l in -libmldap -lidsldif; do - LIBS="${LIBS} $l" - LDAP_LIBS="${LDAP_LIBS} $l" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include - #include - #include ]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) - done - fi - dnl if nothing linked just try with -lldap + # On HP-UX, libibmldap has a hidden dependency on libCsup + case "$host_os" in + hpux*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);; + esac + AC_SEARCH_LIBS(ldap_init, "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}", [ + test "$ac_res" != "none required" && LDAP_LIBS="$ac_res" + found=yes + ]) + # If nothing linked, try -lldap and hope for the best if test "$found" = "no"; then - LIBS="${_LIBS} -lldap" LDAP_LIBS="-lldap" - AC_MSG_RESULT([not found, using -lldap]) - else - AC_MSG_RESULT([$LDAP_LIBS]) fi + LIBS="${_LIBS} ${LDAP_LIBS}" dnl check if we need to link with -llber for ber_set_option OLIBS="$LIBS" AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no]) @@ -3144,7 +3187,10 @@ if test ${with_ldap-'no'} != "no"; then AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_LBER_H)]) - AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break]) + AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [ + AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s) + break + ]) AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include ]) AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np) AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break]) @@ -3178,7 +3224,7 @@ if test ${with_ldap-'no'} != "no"; then SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" - LDFLAGS="$_LDFLAGS" + LDFLAGS="$O_LDFLAGS" fi # @@ -3188,12 +3234,12 @@ fi case "$lt_cv_dlopen" in dlopen) AC_DEFINE(HAVE_DLOPEN) - SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" ;; shl_load) AC_DEFINE(HAVE_SHL_LOAD) - SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" AC_LIBOBJ(dlopen) ;; @@ -3223,24 +3269,13 @@ fi # what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads) # so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. -case "$host" in - *-*-hpux*) +case "$host_os" in + hpux*) AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"]) + OSDEFS="${OSDEFS} -D_REENTRANT" ;; esac -dnl -dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we -dnl added -L dirpaths to SUDOERS_LDFLAGS. -dnl -if test -n "$blibpath"; then - if test -n "$blibpath_add"; then - SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" - elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then - SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}" - fi -fi - dnl dnl Check for log file, timestamp and iolog locations dnl @@ -3280,8 +3315,8 @@ if test -n "$GCC"; then NO_VIZ= ]) else - case "$host" in - *-*-hpux*) + case "$host_os" in + hpux*) AX_CHECK_COMPILE_FLAG([-Bhidden_def], [ AC_DEFINE(HAVE_DSO_VISIBILITY) CFLAGS="${CFLAGS} -Bhidden_def" @@ -3289,7 +3324,7 @@ else LT_LDDEP= ]) ;; - *-*-solaris2*) + solaris2*) AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [ AC_DEFINE(HAVE_DSO_VISIBILITY) CFLAGS="${CFLAGS} -xldscope=hidden" @@ -3310,6 +3345,7 @@ if test -n "$LT_LDEXPORTS"; then AC_CACHE_CHECK([whether ld supports anonymous map files], [sudo_cv_var_gnu_ld_anon_map], [ + sudo_cv_var_gnu_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; @@ -3320,9 +3356,8 @@ EOF CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map" - AC_TRY_LINK([int foo;], [], [ - sudo_cv_var_gnu_ld_anon_map=yes - ]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], + [sudo_cv_var_gnu_ld_anon_map=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" ] @@ -3331,11 +3366,12 @@ EOF LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)" fi else - case "$host" in - *-*-solaris2*) + case "$host_os" in + solaris2*) AC_CACHE_CHECK([whether ld supports anonymous map files], [sudo_cv_var_solaris_ld_anon_map], [ + sudo_cv_var_solaris_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; @@ -3346,9 +3382,8 @@ EOF CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map" - AC_TRY_LINK([int foo;], [], [ - sudo_cv_var_solaris_ld_anon_map=yes - ]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], + [sudo_cv_var_solaris_ld_anon_map=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" ] @@ -3357,10 +3392,11 @@ EOF LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)" fi ;; - *-*-hpux*) + hpux*) AC_CACHE_CHECK([whether ld supports controlling exported symbols], [sudo_cv_var_hpux_ld_symbol_export], [ + sudo_cv_var_hpux_ld_symbol_export=no echo "+e foo" > conftest.opt _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" @@ -3370,11 +3406,11 @@ EOF else LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt" fi - AC_TRY_LINK([int foo;], [], [ - sudo_cv_var_hpux_ld_symbol_export=yes - ]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], + [sudo_cv_var_hpux_ld_symbol_export=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" + rm -f conftest.opt ] ) if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then @@ -3389,16 +3425,51 @@ dnl dnl Check for PIE executable support if using gcc. dnl This test relies on AC_LANG_WERROR dnl -if test "$enable_pie" != "no" -a -n "$GCC"; then - AX_CHECK_COMPILE_FLAG([-fPIE], [ - _CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -fPIE" - AX_CHECK_LINK_FLAG([-pie], [ - PIE_CFLAGS="-fPIE" - PIE_LDFLAGS="-pie" - ]) - CFLAGS="$_CFLAGS" - ]) +if test -n "$GCC"; then + if test -z "$enable_pie"; then + case "$host_os" in + linux*) + # Attempt to build with PIE support + enable_pie="maybe" + ;; + esac + fi + if test -n "$enable_pie"; then + if test "$enable_pie" = "no"; then + AX_CHECK_COMPILE_FLAG([-fno-pie], [ + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fno-pie" + AX_CHECK_LINK_FLAG([-nopie], [ + PIE_CFLAGS="-fno-pie" + PIE_LDFLAGS="-nopie" + ]) + CFLAGS="$_CFLAGS" + ]) + else + AX_CHECK_COMPILE_FLAG([-fPIE], [ + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fPIE" + AX_CHECK_LINK_FLAG([-pie], [ + if test "$enable_pie" = "maybe"; then + SUDO_WORKING_PIE([enable_pie=yes], []) + fi + if test "$enable_pie" = "yes"; then + PIE_CFLAGS="-fPIE" + PIE_LDFLAGS="-Wc,-fPIE -pie" + fi + ]) + CFLAGS="$_CFLAGS" + ]) + fi + fi +fi +if test "$enable_pie" != "yes"; then + # Solaris 11.1 and higher supports tagging binaries to use ASLR + case "$host_os" in + solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]]) + AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"]) + ;; + esac fi dnl @@ -3458,6 +3529,11 @@ if test -n "$LIBS"; then done fi +dnl +dnl OS-specific initialization +dnl +AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or `os_init_common'.]) + dnl dnl We add -Wall and -Werror after all tests so they don't cause failures dnl @@ -3484,7 +3560,7 @@ dnl dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set dnl XXX - this is gross! dnl -if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then +if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then oexec_prefix="$exec_prefix" if test "$exec_prefix" = '$(prefix)'; then if test "$prefix" = "NONE"; then @@ -3506,24 +3582,42 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) fi if test X"$with_selinux" != X"no"; then - sesh_file="$libexecdir/sesh" + sesh_file="$libexecdir/sudo/sesh" _sesh_file= while test X"$sesh_file" != X"$_sesh_file"; do _sesh_file="$sesh_file" eval sesh_file="$_sesh_file" done - SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file") + fi + if test X"$enable_shared" != X"no"; then + PLUGINDIR="$with_plugindir" + _PLUGINDIR= + while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do + _PLUGINDIR="$PLUGINDIR" + eval PLUGINDIR="$_PLUGINDIR" + done + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") + SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers.so") fi - PLUGINDIR="$with_plugindir" - _PLUGINDIR= - while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do - _PLUGINDIR="$PLUGINDIR" - eval PLUGINDIR="$_PLUGINDIR" - done - SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") - SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}") exec_prefix="$oexec_prefix" fi +if test X"$with_selinux" = X"no"; then + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL) +fi + +dnl +dnl Add -R options to LDFLAGS, etc. +dnl +if test X"$LDFLAGS_R" != X""; then + LDFLAGS="$LDFLAGS $LDFLAGS_R" +fi +if test X"$SUDOERS_LDFLAGS_R" != X""; then + SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R" +fi +if test X"$ZLIB_R" != X""; then + ZLIB="$ZLIB_R $ZLIB" +fi dnl dnl Override default configure dirs for the Makefile @@ -3546,21 +3640,21 @@ test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/ dnl dnl Substitute into the Makefile and man pages dnl -AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) +AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT dnl dnl Spew any text the user needs to know about dnl if test "$with_pam" = "yes"; then - case $host in - *-*-hpux*) + case $host_os in + hpux*) if test -f /usr/lib/security/libpam_hpsec.so.1; then AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf]) AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) fi ;; - *-*-linux*) + linux*) AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) ;; esac @@ -3592,21 +3686,21 @@ AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.]) AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) -AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)]) -AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)]) -AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)]) -AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)]) -AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)]) +AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords).]) +AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).]) +AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords).]) +AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).]) +AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords).]) AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) -AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)]) -AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) +AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled).]) +AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled).]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) -AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not)]) +AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not).]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) @@ -3621,18 +3715,18 @@ AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) -AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments]) -AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) -AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) -AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) +AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.]) +AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.]) +AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.]) +AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) -AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements]) +AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.]) AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) -AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support]) +AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.]) AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.]) @@ -3655,13 +3749,18 @@ AH_TEMPLATE(socklen_t, [Define to `unsigned int' if doesn't defin AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.]) AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.]) AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.]) -AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication]) +AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.]) AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.]) AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).]) AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.]) AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).]) AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.]) AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.]) +AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the `nss_search' function.]) +AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the `_nss_initf_group' function.]) +AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the `__nss_initf_group' function.]) +AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `_nss_XbyY_buf_alloc' function.]) +AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `__nss_XbyY_buf_alloc' function.]) dnl dnl Bits to copy verbatim into config.h.in @@ -3704,23 +3803,6 @@ AH_BOTTOM([/* # define ignore_result(x) (void)(x) #endif -/* Macros to set/clear/test flags. */ -#undef SET -#define SET(t, f) ((t) |= (f)) -#undef CLR -#define CLR(t, f) ((t) &= ~(f)) -#undef ISSET -#define ISSET(t, f) ((t) & (f)) - -/* ANSI-style OS defs for HP-UX and ConvexOS. */ -#if defined(hpux) && !defined(__hpux) -# define __hpux 1 -#endif /* hpux */ - -#if defined(convex) && !defined(__convex__) -# define __convex__ 1 -#endif /* convex */ - /* BSD compatibility on some SVR4 systems. */ #ifdef __svr4__ # define BSD_COMP diff --git a/doc/CONTRIBUTORS b/doc/CONTRIBUTORS index 147ce07..78cd55d 100644 --- a/doc/CONTRIBUTORS +++ b/doc/CONTRIBUTORS @@ -15,7 +15,6 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Elias Benali Jamie Beverly Spider Boardman - Jakub Bogusz P.J. Bostley Keith Bowes Keith Garry Boyce @@ -28,14 +27,12 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Andreas Bussjaeger Gary Calvin Aaron Campbell - Milo Casagrande - Yuri Chornoivan Vitezslav Cizek Chris Coleman Deven T. Corzine Frank Cusack + Wei Dai Theo de Raadt - Francisco Dieguez David Dill Theo Van Dinter Jeff Earickson @@ -51,7 +48,6 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Jean-loup Gailly Simon J. Gerraty B. Guillory - Joe Hansen Randy M. Hayman Joachim Henke YOSHIFUJI Hideaki @@ -68,7 +64,6 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Timo Juhani Ayamura KIKUCHI Kevin Kadow - Jorma Karvonen Stepan Kasal Mike Kienenberger Dale King @@ -76,12 +71,10 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Jim Knoble Tim Knox Alek O. Komarnitsky + Nikolai Kondrashov Daniel Kopecek - Yuri Kozlov - Jakob Kramer Paul Kranenburg David Krause - Tomislav Krznar Eric Lakin Case Larsen Dmitry V. Levin @@ -92,10 +85,8 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Tom McLaughlin Jeff Makey Michael D. Marchionna - Algimantas Margevicius Paul Markham Emin Martinian - Pavel Maryanov Michael Meskes Todd C. Miller Loic Minier @@ -106,9 +97,7 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Dworkin Muller Jeff Nieusma Peter A. Nikitser - Miroslav Nikolic Ludwig Nussel - Daniel Nylander Eric Paquet Chantal Paradis Ted Percival @@ -118,8 +107,8 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Diego Elio Petteno Joel Pickett Alex Plotnick - Tran Ngoc Quan Gudleik Rasch + Steve Reid Matt Richards Guido van Rossum John P. Rouillard @@ -133,7 +122,6 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Patrick Schoenfeld Arno Schuring Dougal Scott - Abel Sendón Nick Sieger Thor Lancelot Simon Marc Slemko @@ -146,7 +134,6 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Russell Street Tilo Stritzky Michael Stroucken - Yasuaki Taniguchi Robert Tarrall Matthew Thomas Giles Todd @@ -154,13 +141,11 @@ you believe you should be listed, please send a note to sudo@sudo.ws. Chris Torek Darren Tucker Robert Uhl - Mikel Olasagasti Uranga Petr Uzel Reznic Valery Martynas Venckus Klaus Wagner Dan Walsh - Wylmer Wang John Warburton Kirk Webb Timm Wetzel @@ -168,3 +153,34 @@ you believe you should be listed, please send a note to sudo@sudo.ws. David Wood Gustavo Zacarias John Zolnowsky + +The following people have worked to translate sudo into other +languages: + + Jakub Bogusz + Milo Casagrande + Felipe Castro + Yuri Chornoivan + Francisco Dieguez + Volkan Gezer + Takeshi Hamasaki + P. Hamming + Joe Hansen + Jochen Hein + Damir Jerovsek + Jorma Karvonen + Klemen Kosir + Yuri Kozlov + Jakob Kramer + Tomislav Krznar + Algimantas Margevicius + Pavel Maryanov + Miroslav Nikolic + Daniel Nylander + Tran Ngoc Quan + Leandro Regueiro + Ozgur Sarier + Abel Sendón + Yasuaki Taniguchi + Mikel Olasagasti Uranga + Wylmer Wang diff --git a/doc/LICENSE b/doc/LICENSE index 962d959..625cbe5 100644 --- a/doc/LICENSE +++ b/doc/LICENSE @@ -1,6 +1,6 @@ Sudo is distributed under the following license: - Copyright (c) 1994-1996, 1998-2012 + Copyright (c) 1994-1996, 1998-2013 Todd C. Miller Permission to use, copy, modify, and distribute this software for any diff --git a/doc/Makefile.in b/doc/Makefile.in index 0589a5e..b8b235e 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2010-2012 Todd C. Miller +# Copyright (c) 2010-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -64,12 +64,13 @@ DEVEL = @DEVEL@ SHELL = @SHELL@ -DOCS = sudo.$(mantype) visudo.$(mantype) sudoers.$(mantype) \ - sudoers.ldap.$(mantype) sudoers.$(mantype) \ +DOCS = sudo.$(mantype) visudo.$(mantype) sudo.conf.$(mantype) \ + sudoers.$(mantype) sudoers.ldap.$(mantype) sudoers.$(mantype) \ sudoreplay.$(mantype) sudo_plugin.$(mantype) DEVDOCS = $(srcdir)/sudo.man.in $(srcdir)/sudo.cat \ $(srcdir)/visudo.man.in $(srcdir)/visudo.cat \ + $(srcdir)/sudo.conf.man.in $(srcdir)/sudo.conf.cat \ $(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \ $(srcdir)/sudoers.ldap.man.in $(srcdir)/sudoers.ldap.cat \ $(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \ @@ -158,6 +159,34 @@ $(srcdir)/visudo.cat: varsub $(srcdir)/visudo.mdoc.in visudo.cat: $(srcdir)/visudo.cat +$(srcdir)/sudo.conf.man.in: $(srcdir)/sudo.conf.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ + printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudo.conf.mdoc.in\n' >> $@; \ + $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo.conf.mdoc.in >> $@; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ + fi + +sudo.conf.man.sed: $(srcdir)/fixman.sh + $(SHELL) $(srcdir)/fixman.sh $@ + +sudo.conf.man: $(srcdir)/sudo.conf.man.in sudo.conf.man.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ + +sudo.conf.mdoc: $(srcdir)/sudo.conf.mdoc.in + (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) + +$(srcdir)/sudo.conf.cat: varsub $(srcdir)/sudo.conf.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + $(SED) -f varsub $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ + fi + +sudo.conf.cat: $(srcdir)/sudo.conf.cat + $(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ @@ -292,10 +321,11 @@ install-doc: install-dirs $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudo_plugin.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) + $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudo.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) @if test -n "$(MANCOMPRESS)"; then \ - for f in $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \ + for f in $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudo.conf.$(mansectform) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \ if test -f $(DESTDIR)$$f; then \ echo $(MANCOMPRESS) -f $(DESTDIR)$$f; \ $(MANCOMPRESS) -f $(DESTDIR)$$f; \ @@ -319,6 +349,7 @@ uninstall: $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) \ $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) \ $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \ + $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \ $(DESTDIR)$(mandirform)/sudoers.$(mansectform) \ $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) @@ -330,7 +361,7 @@ clean: mostlyclean: clean distclean: clean - -rm -rf Makefile config.log *.man + -rm -rf Makefile config.log *.man *.mdoc clobber: distclean diff --git a/doc/TROUBLESHOOTING b/doc/TROUBLESHOOTING index ecd9854..328b37e 100644 --- a/doc/TROUBLESHOOTING +++ b/doc/TROUBLESHOOTING @@ -67,7 +67,7 @@ A) Make sure you have an entry in your syslog.conf file to save its conf file. Also, remember that syslogd does *not* create log files, you need to create the file before syslogd will log to it (ie: touch /var/log/sudo). - Note: the facility (e.g. "auth.debug") must be separated from the + Note: the facility (e.g. "auth.debug") must be separated from the destination (e.g. "/var/log/auth" or "@loghost") by tabs, *not* spaces. This is a common error. @@ -182,6 +182,17 @@ A) Starting with Solaris 2.6, snprintf(3) is included in the standard #define HAVE_VSNPRINTF 1 and run make. +Q) I built sudo on a Solaris 11 (or higher) machine but the resulting + binary doesn't work older Solaris versions. Why? + +A) Starting with Solaris 11, asprintf(3) is included in the standard + C library. To build a version of sudo on a Solaris 11 machine that + will run on an older Solaris release, edit config.h and comment out + the lines: + #define HAVE_ASPRINTF 1 + #define HAVE_VASPRINTF 1 + and run make. + Q) When I run "visudo" it says "sudoers file busy, try again later." and doesn't do anything. A) Someone else is currently editing the sudoers file with visudo. @@ -240,6 +251,18 @@ A) On systems that use a Mozilla-derived LDAP SDK there must be a Enter new password: Re-enter password: +Q) On HP-UX, when I run command via sudo it displays information + about the last successful login and last authentication failure + for every command. How can I fix this? +A) This output comes from /usr/lib/security/libpam_hpsec.so.1. + To suppress it, add a line like the following to /etc/pam.conf: + sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login + +Q) On HP-UX, the umask setting in sudoers has no effect. +A) If your /etc/pam.conf file has the libpam_hpsec.so.1 session module + enabled, you may need to a add line like the following to pam.conf: + sudo session required libpam_hpsec.so.1 bypass_umask + Q) When I run sudo on AIX I get the following error: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted. A) AIX's Enhanced RBAC is preventing sudo from running. To fix @@ -251,6 +274,15 @@ A) AIX's Enhanced RBAC is preventing sudo from running. To fix innateprivs = PV_DAC_GID,PV_DAC_O,PV_DAC_R,PV_DAC_UID,PV_DAC_W,PV_DAC_X,PV_FS_CHOWN,PV_PROC_ENV,PV_PROC_PRIO,PV_PROC_RAC secflags = FSF_EPS +Q) Sudo configures and builds without error but when I run it I get + a Segmentation fault. +A) If you are on a Linux system, the first thing to try is to run + configure with the --disable-pie option, then "make clean" and + "make". If that fixes the problem then your operating system + does not properly support position independent executables. + Please send a message to sudo@sudo.ws with system details such + as the Linux distro, kernel version and CPU architecture. + Q) When I run configure I get the following error: dlopen present but libtool doesn't appear to support your platform. A) Libtool doesn't know how to support dynamic linking on the operating diff --git a/doc/UPGRADE b/doc/UPGRADE index 8c83aaf..2dad645 100644 --- a/doc/UPGRADE +++ b/doc/UPGRADE @@ -1,16 +1,36 @@ Notes on upgrading from an older release ======================================== +o Upgrading from a version prior to 1.8.7: + + Sudo now stores its libexec files in a "sudo" sub-directory + instead of in libexec itself. For backwards compatibility, if + the plugin is not found in the default plugin directory, sudo + will check the parent directory default directory ends in "/sudo". + + The default sudo plugins now all use the .so extension, regardless + of the extension used by native shared libraries. For backwards + compatibility, sudo on HP-UX will also search for a plugin with + an .sl extension if the .so version is not found. + + Handling of users belonging to a large number of groups has + changed. Previously, sudo would only use the group list from + the kernel unless the system_group plugin was enabled in sudoers. + Now, sudo will query the groups database if the user belongs + to the maximum number of groups supported by the kernel. See + the group_source and max_groups settings in the sudo.conf manual + for details. + o Upgrading from a version prior to 1.8.2: When matching Unix groups in the sudoers file, sudo will now match based on the name of the group as it appears in sudoers instead of the group ID. This can substantially reduce the number of group lookups for sudoers files that contain a large - nummber of groups. There are a few side effects of this change. + number of groups. There are a few side effects of this change. 1) Unix groups with different names but the same group ID are - can no longer be used interchangably. Sudo will look up all + can no longer be used interchangeably. Sudo will look up all of a user's groups by group ID and use the resulting group names when matching sudoers entries. If there are multiple groups with the same ID, the group name returned by the @@ -156,7 +176,7 @@ o Upgrading from a version prior to 1.7.0: group ID. When sudo is build with LDAP support the /etc/nsswitch.conf file is - now used to determine the sudoers seach order. sudo will default to + now used to determine the sudoers sea ch order. sudo will default to only using /etc/sudoers unless /etc/nsswitch.conf says otherwise. This can be changed with an nsswitch.conf line, e.g.: sudoers: ldap files @@ -183,7 +203,7 @@ o Upgrading from a version prior to 1.6.9: Environment variable handling has changed significantly in sudo 1.6.9. Prior to version 1.6.9, sudo would preserve the user's environment, pruning out potentially dangerous variables. - Beginning with sudo 1.6.9, the envionment is reset to a default + Beginning with sudo 1.6.9, the environment is reset to a default set of values with only a small number of "safe" variables preserved. To preserve specific environment variables, add them to the "env_keep" list in sudoers. E.g. @@ -212,7 +232,7 @@ o Upgrading from a version prior to 1.6.9: also preserved in the env_reset case, provided that they do not contain a '/' or '%' character. Note that it is not necessary to also list a variable in env_keep--having it in env_check is - sufficent. + sufficient. The default lists of variables to be preserved and/or checked are displayed when sudo is run by root with the -V flag. @@ -229,7 +249,7 @@ o Upgrading from a version prior to 1.6.8: a command as a certain user did not override a previous entry allowing the same command. This has been fixed in sudo 1.6.8 such that the last match is now used (as it is documented). - Hopefully no one was depending on the previous (buggy) beghavior. + Hopefully no one was depending on the previous (buggy) behavior. o Upgrading from a version prior to 1.6: @@ -259,7 +279,7 @@ o Upgrading from a version prior to 1.6: command. In other words, the "(root)" sets the default runas user to root for the rest of the list. If we wanted to require a password for /bin/ls and /sbin/dump the line could be written - thusly: + as: millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \ (root) PASSWD:/bin/ls, /sbin/dump diff --git a/doc/fixman.sh b/doc/fixman.sh index e57dccc..791e7a6 100755 --- a/doc/fixman.sh +++ b/doc/fixman.sh @@ -1,4 +1,19 @@ #!/bin/sh +# +# Copyright (c) 2012-2013 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# OUTFILE="$1" rm -f "$OUTFILE" diff --git a/doc/fixmdoc.sh b/doc/fixmdoc.sh index 6171f3e..ba60824 100755 --- a/doc/fixmdoc.sh +++ b/doc/fixmdoc.sh @@ -1,4 +1,19 @@ #!/bin/sh +# +# Copyright (c) 2012-2013 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# OUTFILE="$1" rm -f "$OUTFILE" @@ -47,7 +62,7 @@ case "$OUTFILE" in if [ X"$SEMAN" != X"1" ]; then SE_FLAG='/^.*\n\.Op Fl r Ar role/{;N;/^.*\n\.Ek$/d;};/^.*\n\.Op Fl t Ar type/{;N;/^.*\n\.Ek$/d;};' cat >>"$OUTFILE" <<-'EOF' - /^\.It Fl r Ar role/,/newline character\.$/ { + /^\.It Fl r Ar role/,/^\.Ar role \.$/ { d } /^\.It Fl t Ar type/,/specified role\.$/ { diff --git a/doc/sample.sudo.conf b/doc/sample.sudo.conf index 3672bcb..c605bb5 100644 --- a/doc/sample.sudo.conf +++ b/doc/sample.sudo.conf @@ -24,7 +24,7 @@ Plugin sudoers_io sudoers.so # # An askpass helper program may be specified to provide a graphical # password prompt for "sudo -A" support. Sudo does not ship with its -# own passpass program but can use the OpenSSH askpass. +# own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass #Path askpass /usr/X11R6/bin/ssh-askpass @@ -53,3 +53,20 @@ Plugin sudoers_io sudoers.so # dumps by setting "disable_coredump" to false. # #Set disable_coredump false + +# +# User groups: +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +#Set group_source static diff --git a/doc/sample.sudoers b/doc/sample.sudoers index 0ef1579..9946008 100644 --- a/doc/sample.sudoers +++ b/doc/sample.sudoers @@ -44,7 +44,9 @@ Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification ## Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ - /usr/sbin/rrestore, /usr/bin/mt + /usr/sbin/rrestore, /usr/bin/mt, \ + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \ + /home/operator/bin/start_backups Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown diff --git a/doc/sudo.cat b/doc/sudo.cat index f46b334..75f6876 100644 --- a/doc/sudo.cat +++ b/doc/sudo.cat @@ -24,7 +24,7 @@ DDEESSCCRRIIPPTTIIOONN input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the ssuuddoo front end. The default security policy is _s_u_d_o_e_r_s, which is configured via the - file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP. See the _P_L_U_G_I_N_S section for more + file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP. See the _P_l_u_g_i_n_s section for more information. The security policy determines what privileges, if any, a user has to run @@ -54,7 +54,7 @@ DDEESSCCRRIIPPTTIIOONN to read the user's password and output the password to the standard output. If the SUDO_ASKPASS environment variable is set, it specifies the path to the helper program. Otherwise, - if _/_e_t_c_/_s_u_d_o_._c_o_n_f contains a line specifying the askpass + if sudo.conf(4) contains a line specifying the askpass program, that value will be used. For example: # Path to askpass helper program @@ -299,7 +299,7 @@ DDEESSCCRRIIPPTTIIOONN CCOOMMMMAANNDD EEXXEECCUUTTIIOONN When ssuuddoo executes a command, the security policy specifies the execution - envionment for the command. Typically, the real and effective uid and + environment for the command. Typically, the real and effective uid and gid are set to match those of the target user, as specified in the password database, and the group vector is initialized based on the group database (unless the --PP option was specified). @@ -333,13 +333,16 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN environment as described above, and calls the execve system call in the child process. The main ssuuddoo process waits until the command has completed, then passes the command's exit status to the security policy's - close method and exits. If an I/O logging plugin is configured, a new - pseudo-terminal (``pty'') is created and a second ssuuddoo process is used to - relay job control signals between the user's existing pty and the new pty - the command is being run in. This extra process makes it possible to, - for example, suspend and resume the command. Without it, the command - would be in what POSIX terms an ``orphaned process group'' and it would - not receive any job control signals. + close function and exits. If an I/O logging plugin is configured or if + the security policy explicitly requests it, a new pseudo-terminal + (``pty'') is created and a second ssuuddoo process is used to relay job + control signals between the user's existing pty and the new pty the + command is being run in. This extra process makes it possible to, for + example, suspend and resume the command. Without it, the command would + be in what POSIX terms an ``orphaned process group'' and it would not + receive any job control signals. As a special case, if the policy plugin + does not define a close function and no pty is required, ssuuddoo will + execute the command directly instead of calling fork(2) first. SSiiggnnaall hhaannddlliinngg Because the command is run as a child of the ssuuddoo process, ssuuddoo will @@ -354,7 +357,7 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN As a special case, ssuuddoo will not relay signals that were sent by the command it is running. This prevents the command from accidentally killing itself. On some systems, the reboot(1m) command sends SIGTERM to - all non-system processes other than itself before rebooting the systyem. + all non-system processes other than itself before rebooting the system. This prevents ssuuddoo from relaying the SIGTERM signal it received back to reboot(1m), which might then exit before the system was actually rebooted, leaving it in a half-dead state similar to single user mode. Note, @@ -365,124 +368,18 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN run using the eexxeecc() family of functions instead of ssyysstteemm() (which interposes a shell between the command and the calling process). -PPLLUUGGIINNSS - Plugins are dynamically loaded based on the contents of the - _/_e_t_c_/_s_u_d_o_._c_o_n_f file. If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, or it - contains no Plugin lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s security - policy and I/O logging, which corresponds to the following _/_e_t_c_/_s_u_d_o_._c_o_n_f - file. - - # - # Default /etc/sudo.conf file - # - # Format: - # Plugin plugin_name plugin_path plugin_options ... - # Path askpass /path/to/askpass - # Path noexec /path/to/sudo_noexec.so - # Debug sudo /var/log/sudo_debug all@warn - # Set disable_coredump true - # - # The plugin_path is relative to /usr/local/libexec unless - # fully qualified. - # The plugin_name corresponds to a global symbol in the plugin - # that contains the plugin interface structure. - # The plugin_options are optional. - # - Plugin policy_plugin sudoers.so - Plugin io_plugin sudoers.so + If no I/O logging plugins are loaded and the policy plugin has not + defined a cclloossee() function, set a command timeout or required that the + command be run in a new pty, ssuuddoo may execute the command directly + instead of running it as a child process. - A Plugin line consists of the Plugin keyword, followed by the _s_y_m_b_o_l___n_a_m_e - and the _p_a_t_h to the shared object containing the plugin. The _s_y_m_b_o_l___n_a_m_e - is the name of the struct policy_plugin or struct io_plugin in the plugin - shared object. The _p_a_t_h may be fully qualified or relative. If not - fully qualified it is relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any - additional parameters after the _p_a_t_h are passed as arguments to the - plugin's _o_p_e_n function. Lines that don't begin with Plugin, Path, Debug, - or Set are silently ignored. - - For more information, see the sudo_plugin(1m) manual. - -PPAATTHHSS - A Path line consists of the Path keyword, followed by the name of the - path to set and its value. E.g. - - Path noexec /usr/local/libexec/sudo_noexec.so - Path askpass /usr/X11R6/bin/ssh-askpass - - The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f - file: - - askpass The fully qualified path to a helper program used to read the - user's password when no terminal is available. This may be the - case when ssuuddoo is executed from a graphical (as opposed to - text-based) application. The program specified by _a_s_k_p_a_s_s - should display the argument passed to it as the prompt and - write the user's password to the standard output. The value of - _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment - variable. - - noexec The fully-qualified path to a shared library containing dummy - versions of the eexxeeccvv(), eexxeeccvvee() and ffeexxeeccvvee() library - functions that just return an error. This is used to implement - the _n_o_e_x_e_c functionality on systems that support LD_PRELOAD or - its equivalent. Defaults to _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o. - -DDEEBBUUGG FFLLAAGGSS - ssuuddoo versions 1.8.4 and higher support a flexible debugging framework - that can help track down what ssuuddoo is doing internally if there is a - problem. - - A Debug line consists of the Debug keyword, followed by the name of the - program to debug (ssuuddoo, vviissuuddoo, ssuuddoorreeppllaayy), the debug file name and a - comma-separated list of debug flags. The debug flag syntax used by ssuuddoo - and the _s_u_d_o_e_r_s plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but the plugin is free to - use a different format so long as it does not include a comma (`,'). - - For instance: - - Debug sudo /var/log/sudo_debug all@warn,plugin@info - - would log all debugging statements at the _w_a_r_n level and higher in - addition to those at the _i_n_f_o level for the plugin subsystem. - - Currently, only one Debug entry per program is supported. The ssuuddoo Debug - entry is shared by the ssuuddoo front end, ssuuddooeeddiitt and the plugins. A - future release may add support for per-plugin Debug lines and/or support - for multiple debugging files for a single program. - - The priorities used by the ssuuddoo front end, in order of decreasing - severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g. - Each priority, when specified, also includes all priorities higher than - it. For example, a priority of _n_o_t_i_c_e would include debug messages - logged at _n_o_t_i_c_e and higher. - - The following subsystems are used by the ssuuddoo front-end: - - _a_l_l matches every subsystem - - _a_r_g_s command line argument processing - - _c_o_n_v user conversation - - _e_d_i_t sudoedit - - _e_x_e_c command execution - - _m_a_i_n ssuuddoo main function - - _n_e_t_i_f network interface handling - - _p_c_o_m_m communication with the plugin - - _p_l_u_g_i_n plugin configuration - - _p_t_y pseudo-tty related code - - _s_e_l_i_n_u_x SELinux-specific handling - - _u_t_i_l utility functions - - _u_t_m_p utmp handling + PPlluuggiinnss + Plugins are dynamically loaded based on the contents of the sudo.conf(4) + file. If no sudo.conf(4) file is present, or it contains no Plugin + lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s security policy and I/O + logging. See the sudo.conf(4) manual for details of the _/_e_t_c_/_s_u_d_o_._c_o_n_f + file and the sudo_plugin(1m) manual for more information about the ssuuddoo + plugin architecture. EEXXIITT VVAALLUUEE Upon successful execution of a program, the exit status from _s_u_d_o will @@ -524,15 +421,11 @@ SSEECCUURRIITTYY NNOOTTEESS disables core dumps by default while it is executing (they are re-enabled for the command that is run). To aid in debugging ssuuddoo crashes, you may wish to re-enable core dumps by setting ``disable_coredump'' to false in - the _/_e_t_c_/_s_u_d_o_._c_o_n_f file as follows: + the sudo.conf(4) file as follows: Set disable_coredump false - Note that by default, most operating systems disable core dumps from - setuid programs, which includes ssuuddoo. To actually get a ssuuddoo core file - you may need to enable core dumps for setuid processes. On BSD and Linux - systems this is accomplished via the sysctl command, on Solaris the - coreadm command can be used. + See the sudo.conf(4) manual for more information. EENNVVIIRROONNMMEENNTT ssuuddoo utilizes the following environment variables. The security policy @@ -617,7 +510,7 @@ EEXXAAMMPPLLEESS $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" SSEEEE AALLSSOO - grep(1), su(1), stat(2), login_cap(3), passwd(4), sudoers(4), + su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4), sudo_plugin(1m), sudoreplay(1m), visudo(1m) HHIISSTTOORRYY @@ -668,4 +561,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.6 July 10, 2012 Sudo 1.8.6 +Sudo 1.8.7 March 13, 2013 Sudo 1.8.7 diff --git a/doc/sudo.conf.cat b/doc/sudo.conf.cat new file mode 100644 index 0000000..607242b --- /dev/null +++ b/doc/sudo.conf.cat @@ -0,0 +1,364 @@ +SUDO(4) Programmer's Manual SUDO(4) + +NNAAMMEE + ssuuddoo..ccoonnff - configuration for sudo front end + +DDEESSCCRRIIPPTTIIOONN + The ssuuddoo..ccoonnff file is used to configure the ssuuddoo front end. It specifies + the security policy and I/O logging plugins, debug flags as well as + plugin-agnostic path names and settings. + + The ssuuddoo..ccoonnff file supports the following directives, described in detail + below. + + Plugin a security policy or I/O logging plugin + + Path a plugin-agnostic path + + Set a front end setting, such as _d_i_s_a_b_l_e___c_o_r_e_d_u_m_p or _g_r_o_u_p___s_o_u_r_c_e + + Debug debug flags to aid in debugging ssuuddoo, ssuuddoorreeppllaayy, vviissuuddoo, and + the ssuuddooeerrss plugin. + + The pound sign (`#') is used to indicate a comment. Both the comment + character and any text after it, up to the end of the line, are ignored. + + Long lines can be continued with a backslash (`\') as the last character + on the line. Note that leading white space is removed from the beginning + of lines even when the continuation character is used. + + Non-comment lines that don't begin with Plugin, Path, Debug, or Set are + silently ignored. + + The ssuuddoo..ccoonnff file is always parsed in the ``C'' locale. + + PPlluuggiinn ccoonnffiigguurraattiioonn + ssuuddoo supports a plugin architecture for security policies and + input/output logging. Third parties can develop and distribute their own + policy and I/O logging plugins to work seamlessly with the ssuuddoo front + end. Plugins are dynamically loaded based on the contents of ssuuddoo..ccoonnff. + + A Plugin line consists of the Plugin keyword, followed by the _s_y_m_b_o_l___n_a_m_e + and the _p_a_t_h to the shared object containing the plugin. The _s_y_m_b_o_l___n_a_m_e + is the name of the struct policy_plugin or struct io_plugin in the plugin + shared object. The _p_a_t_h may be fully qualified or relative. If not + fully qualified, it is relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o directory. + In other words: + + Plugin sudoers_policy sudoers.so + + is equivalent to: + + Plugin sudoers_policy /usr/local/libexec/sudo/sudoers.so + + Starting with ssuuddoo 1.8.5, any additional parameters after the _p_a_t_h are + passed as arguments to the plugin's _o_p_e_n function. For example, to + override the compile-time default sudoers file mode: + + Plugin sudoers_policy sudoers.so sudoers_mode=0440 + + The same shared object may contain multiple plugins, each with a + different symbol name. The shared object file must be owned by uid 0 and + only writable by its owner. Because of ambiguities that arise from + composite policies, only a single policy plugin may be specified. This + limitation does not apply to I/O plugins. + + If no ssuuddoo..ccoonnff file is present, or if it contains no Plugin lines, the + ssuuddooeerrss plugin will be used as the default security policy and for I/O + logging (if enabled by the policy). This is equivalent to the following: + + Plugin sudoers_policy sudoers.so + Plugin sudoers_io sudoers.so + + For more information on the ssuuddoo plugin architecture, see the + sudo_plugin(1m) manual. + + PPaatthh sseettttiinnggss + A Path line consists of the Path keyword, followed by the name of the + path to set and its value. For example: + + Path noexec /usr/local/libexec/sudo/sudo_noexec.so + Path askpass /usr/X11R6/bin/ssh-askpass + + The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f + file: + + askpass The fully qualified path to a helper program used to read the + user's password when no terminal is available. This may be the + case when ssuuddoo is executed from a graphical (as opposed to + text-based) application. The program specified by _a_s_k_p_a_s_s + should display the argument passed to it as the prompt and + write the user's password to the standard output. The value of + _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment + variable. + + noexec The fully-qualified path to a shared library containing dummy + versions of the eexxeeccvv(), eexxeeccvvee() and ffeexxeeccvvee() library + functions that just return an error. This is used to implement + the _n_o_e_x_e_c functionality on systems that support LD_PRELOAD or + its equivalent. The default value is: + _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_u_d_o___n_o_e_x_e_c_._s_o. + + sesh The fully-qualified path to the sseesshh binary. This setting is + only used when ssuuddoo is built with SELinux support. The default + value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_e_s_h. + + OOtthheerr sseettttiinnggss + The ssuuddoo..ccoonnff file also supports the following front end settings: + + disable_coredump + Core dumps of ssuuddoo itself are disabled by default. To aid in + debugging ssuuddoo crashes, you may wish to re-enable core dumps by + setting ``disable_coredump'' to false in ssuuddoo..ccoonnff as follows: + + Set disable_coredump false + + Note that most operating systems disable core dumps from setuid + programs, including ssuuddoo. To actually get a ssuuddoo core file you + will likely need to enable core dumps for setuid processes. On + BSD and Linux systems this is accomplished in the sysctl + command. On Solaris, the coreadm command is used to configure + core dump behavior. + + This setting is only available in ssuuddoo version 1.8.4 and + higher. + + group_source + ssuuddoo passes the invoking user's group list to the policy and + I/O plugins. On most systems, there is an upper limit to the + number of groups that a user may belong to simultaneously + (typically 16 for compatibility with NFS). On systems with the + getconf(1) utility, running: + getconf NGROUPS_MAX + will return the maximum number of groups. + + However, it is still possible to be a member of a larger number + of groups--they simply won't be included in the group list + returned by the kernel for the user. Starting with ssuuddoo + version 1.8.7, if the user's kernel group list has the maximum + number of entries, ssuuddoo will consult the group database + directly to determine the group list. This makes it possible + for the security policy to perform matching by group name even + when the user is a member of more than the maximum number of + groups. + + The _g_r_o_u_p___s_o_u_r_c_e setting allows the administrator to change + this default behavior. Supported values for _g_r_o_u_p___s_o_u_r_c_e are: + + static Use the static group list that the kernel returns. + Retrieving the group list this way is very fast but + it is subject to an upper limit as described above. + It is ``static'' in that it does not reflect changes + to the group database made after the user logs in. + This was the default behavior prior to ssuuddoo 1.8.7. + + dynamic Always query the group database directly. It is + ``dynamic'' in that changes made to the group + database after the user logs in will be reflected in + the group list. On some systems, querying the group + database for all of a user's groups can be time + consuming when querying a network-based group + database. Most operating systems provide an + efficient method of performing such queries. + Currently, ssuuddoo supports efficient group queries on + AIX, BSD, HP-UX, Linux and Solaris. + + adaptive Only query the group database if the static group + list returned by the kernel has the maximum number of + entries. This is the default behavior in ssuuddoo 1.8.7 + and higher. + + For example, to cause ssuuddoo to only use the kernel's static list + of groups for the user: + + Set group_source static + + This setting is only available in ssuuddoo version 1.8.7 and + higher. + + max_groups + The maximum number of user groups to retrieve from the group + database. This setting is only used when querying the group + database directly. It is intended to be used on systems where + it is not possible to detect when the array to be populated + with group entries is not sufficiently large. By default, ssuuddoo + will allocate four times the system's maximum number of groups + (see above) and retry with double that number if the group + database query fails. However, some systems just return as + many entries as will fit and do not indicate an error when + there is a lack of space. + + This setting is only available in ssuuddoo version 1.8.7 and + higher. + + DDeebbuugg ffllaaggss + ssuuddoo versions 1.8.4 and higher support a flexible debugging framework + that can help track down what ssuuddoo is doing internally if there is a + problem. + + A Debug line consists of the Debug keyword, followed by the name of the + program (or plugin) to debug (ssuuddoo, vviissuuddoo, ssuuddoorreeppllaayy, ssuuddooeerrss), the + debug file name and a comma-separated list of debug flags. The debug + flag syntax used by ssuuddoo and the ssuuddooeerrss plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but + a plugin is free to use a different format so long as it does not include + a comma (`,'). + + For example: + + Debug sudo /var/log/sudo_debug all@warn,plugin@info + + would log all debugging statements at the _w_a_r_n level and higher in + addition to those at the _i_n_f_o level for the plugin subsystem. + + Currently, only one Debug entry per program is supported. The ssuuddoo Debug + entry is shared by the ssuuddoo front end, ssuuddooeeddiitt and the plugins. A + future release may add support for per-plugin Debug lines and/or support + for multiple debugging files for a single program. + + The priorities used by the ssuuddoo front end, in order of decreasing + severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g. + Each priority, when specified, also includes all priorities higher than + it. For example, a priority of _n_o_t_i_c_e would include debug messages + logged at _n_o_t_i_c_e and higher. + + The following subsystems are used by the ssuuddoo front-end: + + _a_l_l matches every subsystem + + _a_r_g_s command line argument processing + + _c_o_n_v user conversation + + _e_d_i_t sudoedit + + _e_x_e_c command execution + + _m_a_i_n ssuuddoo main function + + _n_e_t_i_f network interface handling + + _p_c_o_m_m communication with the plugin + + _p_l_u_g_i_n plugin configuration + + _p_t_y pseudo-tty related code + + _s_e_l_i_n_u_x SELinux-specific handling + + _u_t_i_l utility functions + + _u_t_m_p utmp handling + + The sudoers(4) plugin includes support for additional subsystems. + +FFIILLEESS + _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo front end configuration + +EEXXAAMMPPLLEESS + # + # Default /etc/sudo.conf file + # + # Format: + # Plugin plugin_name plugin_path plugin_options ... + # Path askpass /path/to/askpass + # Path noexec /path/to/sudo_noexec.so + # Debug sudo /var/log/sudo_debug all@warn + # Set disable_coredump true + # + # The plugin_path is relative to /usr/local/libexec/sudo unless + # fully qualified. + # The plugin_name corresponds to a global symbol in the plugin + # that contains the plugin interface structure. + # The plugin_options are optional. + # + # The sudoers plugin is used by default if no Plugin lines are + # present. + Plugin sudoers_policy sudoers.so + Plugin sudoers_io sudoers.so + + # + # Sudo askpass: + # + # An askpass helper program may be specified to provide a graphical + # password prompt for "sudo -A" support. Sudo does not ship with + # its own askpass program but can use the OpenSSH askpass. + # + # Use the OpenSSH askpass + #Path askpass /usr/X11R6/bin/ssh-askpass + # + # Use the Gnome OpenSSH askpass + #Path askpass /usr/libexec/openssh/gnome-ssh-askpass + + # + # Sudo noexec: + # + # Path to a shared library containing dummy versions of the execv(), + # execve() and fexecve() library functions that just return an error. + # This is used to implement the "noexec" functionality on systems that + # support C or its equivalent. + # The compiled-in value is usually sufficient and should only be + # changed if you rename or move the sudo_noexec.so file. + # + #Path noexec /usr/local/libexec/sudo/sudo_noexec.so + + # + # Core dumps: + # + # By default, sudo disables core dumps while it is executing + # (they are re-enabled for the command that is run). + # To aid in debugging sudo problems, you may wish to enable core + # dumps by setting "disable_coredump" to false. + # + #Set disable_coredump false + + # + # User groups: + # + # Sudo passes the user's group list to the policy plugin. + # If the user is a member of the maximum number of groups (usually 16), + # sudo will query the group database directly to be sure to include + # the full list of groups. + # + # On some systems, this can be expensive so the behavior is configurable. + # The "group_source" setting has three possible values: + # static - use the user's list of groups returned by the kernel. + # dynamic - query the group database to find the list of groups. + # adaptive - if user is in less than the maximum number of groups. + # use the kernel list, else query the group database. + # + #Set group_source static + +SSEEEE AALLSSOO + sudoers(4), sudo(1m), sudo_plugin(1m) + +HHIISSTTOORRYY + See the HISTORY file in the ssuuddoo distribution + (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. + +AAUUTTHHOORRSS + Many people have worked on ssuuddoo over the years; this version consists of + code written primarily by: + + Todd C. Miller + + See the CONTRIBUTORS file in the ssuuddoo distribution + (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of + people who have contributed to ssuuddoo. + +BBUUGGSS + If you feel you have found a bug in ssuuddoo, please submit a bug report at + http://www.sudo.ws/sudo/bugs/ + +SSUUPPPPOORRTT + Limited free support is available via the sudo-users mailing list, see + http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the + archives. + +DDIISSCCLLAAIIMMEERR + ssuuddoo is provided ``AS IS'' and any express or implied warranties, + including, but not limited to, the implied warranties of merchantability + and fitness for a particular purpose are disclaimed. See the LICENSE + file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for + complete details. + +Sudo 1.8.7 March 14, 2013 Sudo 1.8.7 diff --git a/doc/sudo.conf.man.in b/doc/sudo.conf.man.in new file mode 100644 index 0000000..3239c1b --- /dev/null +++ b/doc/sudo.conf.man.in @@ -0,0 +1,618 @@ +.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! +.\" IT IS GENERATED AUTOMATICALLY FROM sudo.conf.mdoc.in +.\" +.\" Copyright (c) 2010-2013 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.TH "SUDO" "5" "March 14, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo.conf\fR +\- configuration for sudo front end +.SH "DESCRIPTION" +The +\fBsudo.conf\fR +file is used to configure the +\fBsudo\fR +front end. +It specifies the security policy and I/O logging plugins, debug flags +as well as plugin-agnostic path names and settings. +.PP +The +\fBsudo.conf\fR +file supports the following directives, described in detail below. +.TP 10n +Plugin +a security policy or I/O logging plugin +.TP 10n +Path +a plugin-agnostic path +.TP 10n +Set +a front end setting, such as +\fIdisable_coredump\fR +or +\fIgroup_source\fR +.TP 10n +Debug +debug flags to aid in debugging +\fBsudo\fR, +\fBsudoreplay\fR, +\fBvisudo\fR, +and the +\fBsudoers\fR +plugin. +.PP +The pound sign +(`#') +is used to indicate a comment. +Both the comment character and any text after it, up to the end of +the line, are ignored. +.PP +Long lines can be continued with a backslash +(`\e') +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. +.PP +Non-comment lines that don't begin with +\fRPlugin\fR, +\fRPath\fR, +\fRDebug\fR, +or +\fRSet\fR +are silently ignored. +.PP +The +\fBsudo.conf\fR +file is always parsed in the +``\fRC\fR'' +locale. +.SS "Plugin configuration" +\fBsudo\fR +supports a plugin architecture for security policies and input/output +logging. +Third parties can develop and distribute their own policy and I/O +logging plugins to work seamlessly with the +\fBsudo\fR +front end. +Plugins are dynamically loaded based on the contents of +\fBsudo.conf\fR. +.PP +A +\fRPlugin\fR +line consists of the +\fRPlugin\fR +keyword, followed by the +\fIsymbol_name\fR +and the +\fIpath\fR +to the shared object containing the plugin. +The +\fIsymbol_name\fR +is the name of the +\fRstruct policy_plugin\fR +or +\fRstruct io_plugin\fR +in the plugin shared object. +The +\fIpath\fR +may be fully qualified or relative. +If not fully qualified, it is relative to the +\fI@PLUGINDIR@\fR +directory. +In other words: +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so +.RE +.fi +.PP +is equivalent to: +.nf +.sp +.RS 6n +Plugin sudoers_policy @PLUGINDIR@/sudoers.so +.RE +.fi +.PP +Starting with +\fBsudo\fR +1.8.5, any additional parameters after the +\fIpath\fR +are passed as arguments to the plugin's +\fIopen\fR +function. +For example, to override the compile-time default sudoers file mode: +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so sudoers_mode=0440 +.RE +.fi +.PP +The same shared object may contain multiple plugins, each with a +different symbol name. +The shared object file must be owned by uid 0 and only writable by its owner. +Because of ambiguities that arise from composite policies, only a single +policy plugin may be specified. +This limitation does not apply to I/O plugins. +.PP +If no +\fBsudo.conf\fR +file is present, or if it contains no +\fRPlugin\fR +lines, the +\fBsudoers\fR +plugin will be used as the default security policy and for I/O logging +(if enabled by the policy). +This is equivalent to the following: +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +.RE +.fi +.PP +For more information on the +\fBsudo\fR +plugin architecture, see the +sudo_plugin(@mansectsu@) +manual. +.SS "Path settings" +A +\fRPath\fR +line consists of the +\fRPath\fR +keyword, followed by the name of the path to set and its value. +For example: +.nf +.sp +.RS 6n +Path noexec @noexec_file@ +Path askpass /usr/X11R6/bin/ssh-askpass +.RE +.fi +.PP +The following plugin-agnostic paths may be set in the +\fI@sysconfdir@/sudo.conf\fR +file: +.TP 10n +askpass +The fully qualified path to a helper program used to read the user's +password when no terminal is available. +This may be the case when +\fBsudo\fR +is executed from a graphical (as opposed to text-based) application. +The program specified by +\fIaskpass\fR +should display the argument passed to it as the prompt and write +the user's password to the standard output. +The value of +\fIaskpass\fR +may be overridden by the +\fRSUDO_ASKPASS\fR +environment variable. +.TP 10n +noexec +The fully-qualified path to a shared library containing dummy +versions of the +\fBexecv\fR(), +\fBexecve\fR() +and +\fBfexecve\fR() +library functions that just return an error. +This is used to implement the +\fInoexec\fR +functionality on systems that support +\fRLD_PRELOAD\fR +or its equivalent. +The default value is: +\fI@noexec_file@\fR. +.TP 10n +sesh +The fully-qualified path to the +\fBsesh\fR +binary. +This setting is only used when +\fBsudo\fR +is built with SELinux support. +The default value is +\fI@sesh_file@\fR. +.SS "Other settings" +The +\fBsudo.conf\fR +file also supports the following front end settings: +.TP 10n +disable_coredump +Core dumps of +\fBsudo\fR +itself are disabled by default. +To aid in debugging +\fBsudo\fR +crashes, you may wish to re-enable core dumps by setting +``disable_coredump'' +to false in +\fBsudo.conf\fR +as follows: +.RS +.nf +.sp +.RS 6n +Set disable_coredump false +.RE +.fi +.sp +Note that most operating systems disable core dumps from setuid programs, +including +\fBsudo\fR. +To actually get a +\fBsudo\fR +core file you will likely need to enable core dumps for setuid processes. +On BSD and Linux systems this is accomplished in the +sysctl +command. +On Solaris, the +coreadm +command is used to configure core dump behavior. +.sp +This setting is only available in +\fBsudo\fR +version 1.8.4 and higher. +.PP +.RE +.PD 0 +.TP 10n +group_source +\fBsudo\fR +passes the invoking user's group list to the policy and I/O plugins. +On most systems, there is an upper limit to the number of groups that +a user may belong to simultaneously (typically 16 for compatibility +with NFS). +On systems with the +getconf(1) +utility, running: +.RS 6n +getconf NGROUPS_MAX +.RE +will return the maximum number of groups. +.sp +However, it is still possible to be a member of a larger number of +groups--they simply won't be included in the group list returned +by the kernel for the user. +Starting with +\fBsudo\fR +version 1.8.7, if the user's kernel group list has the maximum number +of entries, +\fBsudo\fR +will consult the group database directly to determine the group list. +This makes it possible for the security policy to perform matching by group +name even when the user is a member of more than the maximum number of groups. +.sp +The +\fIgroup_source\fR +setting allows the administrator to change this default behavior. +Supported values for +\fIgroup_source\fR +are: +.RS +.PD +.TP 10n +static +Use the static group list that the kernel returns. +Retrieving the group list this way is very fast but it is subject +to an upper limit as described above. +It is +``static'' +in that it does not reflect changes to the group database made +after the user logs in. +This was the default behavior prior to +\fBsudo\fR +1.8.7. +.TP 10n +dynamic +Always query the group database directly. +It is +``dynamic'' +in that changes made to the group database after the user logs in +will be reflected in the group list. +On some systems, querying the group database for all of a user's +groups can be time consuming when querying a network-based group +database. +Most operating systems provide an efficient method of performing +such queries. +Currently, +\fBsudo\fR +supports efficient group queries on AIX, BSD, HP-UX, Linux and +Solaris. +.TP 10n +adaptive +Only query the group database if the static group list returned +by the kernel has the maximum number of entries. +This is the default behavior in +\fBsudo\fR +1.8.7 and higher. +.PP +For example, to cause +\fBsudo\fR +to only use the kernel's static list of groups for the user: +.nf +.sp +.RS 6n +Set group_source static +.RE +.fi +.sp +This setting is only available in +\fBsudo\fR +version 1.8.7 and higher. +.PP +.RE +.PD 0 +.TP 10n +max_groups +The maximum number of user groups to retrieve from the group database. +This setting is only used when querying the group database directly. +It is intended to be used on systems where it is not possible to detect +when the array to be populated with group entries is not sufficiently large. +By default, +\fBsudo\fR +will allocate four times the system's maximum number of groups (see above) +and retry with double that number if the group database query fails. +However, some systems just return as many entries as will fit and +do not indicate an error when there is a lack of space. +.sp +This setting is only available in +\fBsudo\fR +version 1.8.7 and higher. +.PD +.SS "Debug flags" +\fBsudo\fR +versions 1.8.4 and higher support a flexible debugging framework +that can help track down what +\fBsudo\fR +is doing internally if there is a problem. +.PP +A +\fRDebug\fR +line consists of the +\fRDebug\fR +keyword, followed by the name of the program (or plugin) to debug +(\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR, \fBsudoers\fR), +the debug file name and a comma-separated list of debug flags. The +debug flag syntax used by +\fBsudo\fR +and the +\fBsudoers\fR +plugin is +\fIsubsystem\fR@\fIpriority\fR +but a plugin is free to use a different format so long as it does +not include a comma +(`\&,'). +.PP +For example: +.nf +.sp +.RS 6n +Debug sudo /var/log/sudo_debug all@warn,plugin@info +.RE +.fi +.PP +would log all debugging statements at the +\fIwarn\fR +level and higher in addition to those at the +\fIinfo\fR +level for the plugin subsystem. +.PP +Currently, only one +\fRDebug\fR +entry per program is supported. The +\fBsudo\fR +\fRDebug\fR +entry is shared by the +\fBsudo\fR +front end, +\fBsudoedit\fR +and the plugins. A future release may add support for per-plugin +\fRDebug\fR +lines and/or support for multiple debugging files for a single +program. +.PP +The priorities used by the +\fBsudo\fR +front end, in order of decreasing severity, are: +\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR +and +\fIdebug\fR. +Each priority, when specified, also includes all priorities higher +than it. For example, a priority of +\fInotice\fR +would include debug messages logged at +\fInotice\fR +and higher. +.PP +The following subsystems are used by the +\fBsudo\fR +front-end: +.TP 12n +\fIall\fR +matches every subsystem +.TP 12n +\fIargs\fR +command line argument processing +.TP 12n +\fIconv\fR +user conversation +.TP 12n +\fIedit\fR +sudoedit +.TP 12n +\fIexec\fR +command execution +.TP 12n +\fImain\fR +\fBsudo\fR +main function +.TP 12n +\fInetif\fR +network interface handling +.TP 12n +\fIpcomm\fR +communication with the plugin +.TP 12n +\fIplugin\fR +plugin configuration +.TP 12n +\fIpty\fR +pseudo-tty related code +.TP 12n +\fIselinux\fR +SELinux-specific handling +.TP 12n +\fIutil\fR +utility functions +.TP 12n +\fIutmp\fR +utmp handling +.PP +The +sudoers(@mansectform@) +plugin includes support for additional subsystems. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +\fBsudo\fR +front end configuration +.SH "EXAMPLES" +.nf +.RS 0n +# +# Default @sysconfdir@/sudo.conf file +# +# Format: +# Plugin plugin_name plugin_path plugin_options ... +# Path askpass /path/to/askpass +# Path noexec /path/to/sudo_noexec.so +# Debug sudo /var/log/sudo_debug all@warn +# Set disable_coredump true +# +# The plugin_path is relative to @PLUGINDIR@ unless +# fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are +# present. +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so + +# +# Sudo askpass: +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with +# its own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +#Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +#Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo noexec: +# +# Path to a shared library containing dummy versions of the execv(), +# execve() and fexecve() library functions that just return an error. +# This is used to implement the "noexec" functionality on systems that +# support C or its equivalent. +# The compiled-in value is usually sufficient and should only be +# changed if you rename or move the sudo_noexec.so file. +# +#Path noexec @noexec_file@ + +# +# Core dumps: +# +# By default, sudo disables core dumps while it is executing +# (they are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +#Set disable_coredump false + +# +# User groups: +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +#Set group_source static +.RE +.fi +.SH "SEE ALSO" +sudoers(@mansectform@), +sudo(@mansectsu@), +sudo_plugin(@mansectsu@) +.SH "HISTORY" +See the HISTORY file in the +\fBsudo\fR +distribution (http://www.sudo.ws/sudo/history.html) for a brief +history of sudo. +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (http://www.sudo.ws/sudo/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at http://www.sudo.ws/sudo/bugs/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +``AS IS'' +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or http://www.sudo.ws/sudo/license.html for complete details. diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in new file mode 100644 index 0000000..7efe311 --- /dev/null +++ b/doc/sudo.conf.mdoc.in @@ -0,0 +1,562 @@ +.\" +.\" Copyright (c) 2010-2013 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd March 14, 2013 +.Dt SUDO @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo.conf +.Nd configuration for sudo front end +.Sh DESCRIPTION +The +.Nm sudo.conf +file is used to configure the +.Nm sudo +front end. +It specifies the security policy and I/O logging plugins, debug flags +as well as plugin-agnostic path names and settings. +.Pp +The +.Nm sudo.conf +file supports the following directives, described in detail below. +.Bl -tag -width 8n +.It Plugin +a security policy or I/O logging plugin +.It Path +a plugin-agnostic path +.It Set +a front end setting, such as +.Em disable_coredump +or +.Em group_source +.It Debug +debug flags to aid in debugging +.Nm sudo , +.Nm sudoreplay , +.Nm visudo , +and the +.Nm sudoers +plugin. +.El +.Pp +The pound sign +.Pq Ql # +is used to indicate a comment. +Both the comment character and any text after it, up to the end of +the line, are ignored. +.Pp +Long lines can be continued with a backslash +.Pq Ql \e +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. +.Pp +Non-comment lines that don't begin with +.Li Plugin , +.Li Path , +.Li Debug , +or +.Li Set +are silently ignored. +.Pp +The +.Nm sudo.conf +file is always parsed in the +.Dq Li C +locale. +.Ss Plugin configuration +.Nm sudo +supports a plugin architecture for security policies and input/output +logging. +Third parties can develop and distribute their own policy and I/O +logging plugins to work seamlessly with the +.Nm sudo +front end. +Plugins are dynamically loaded based on the contents of +.Nm sudo.conf . +.Pp +A +.Li Plugin +line consists of the +.Li Plugin +keyword, followed by the +.Em symbol_name +and the +.Em path +to the shared object containing the plugin. +The +.Em symbol_name +is the name of the +.Li struct policy_plugin +or +.Li struct io_plugin +in the plugin shared object. +The +.Em path +may be fully qualified or relative. +If not fully qualified, it is relative to the +.Pa @PLUGINDIR@ +directory. +In other words: +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so +.Ed +.Pp +is equivalent to: +.Bd -literal -offset indent +Plugin sudoers_policy @PLUGINDIR@/sudoers.so +.Ed +.Pp +Starting with +.Nm sudo +1.8.5, any additional parameters after the +.Em path +are passed as arguments to the plugin's +.Em open +function. +For example, to override the compile-time default sudoers file mode: +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so sudoers_mode=0440 +.Ed +.Pp +The same shared object may contain multiple plugins, each with a +different symbol name. +The shared object file must be owned by uid 0 and only writable by its owner. +Because of ambiguities that arise from composite policies, only a single +policy plugin may be specified. +This limitation does not apply to I/O plugins. +.Pp +If no +.Nm sudo.conf +file is present, or if it contains no +.Li Plugin +lines, the +.Nm sudoers +plugin will be used as the default security policy and for I/O logging +(if enabled by the policy). +This is equivalent to the following: +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +.Ed +.Pp +For more information on the +.Nm sudo +plugin architecture, see the +.Xr sudo_plugin @mansectsu@ +manual. +.Ss Path settings +A +.Li Path +line consists of the +.Li Path +keyword, followed by the name of the path to set and its value. +For example: +.Bd -literal -offset indent +Path noexec @noexec_file@ +Path askpass /usr/X11R6/bin/ssh-askpass +.Ed +.Pp +The following plugin-agnostic paths may be set in the +.Pa @sysconfdir@/sudo.conf +file: +.Bl -tag -width 8n +.It askpass +The fully qualified path to a helper program used to read the user's +password when no terminal is available. +This may be the case when +.Nm sudo +is executed from a graphical (as opposed to text-based) application. +The program specified by +.Em askpass +should display the argument passed to it as the prompt and write +the user's password to the standard output. +The value of +.Em askpass +may be overridden by the +.Ev SUDO_ASKPASS +environment variable. +.It noexec +The fully-qualified path to a shared library containing dummy +versions of the +.Fn execv , +.Fn execve +and +.Fn fexecve +library functions that just return an error. +This is used to implement the +.Em noexec +functionality on systems that support +.Ev LD_PRELOAD +or its equivalent. +The default value is: +.Pa @noexec_file@ . +.It sesh +The fully-qualified path to the +.Nm sesh +binary. +This setting is only used when +.Nm sudo +is built with SELinux support. +The default value is +.Pa @sesh_file@ . +.El +.Ss Other settings +The +.Nm sudo.conf +file also supports the following front end settings: +.Bl -tag -width 8n +.It disable_coredump +Core dumps of +.Nm sudo +itself are disabled by default. +To aid in debugging +.Nm sudo +crashes, you may wish to re-enable core dumps by setting +.Dq disable_coredump +to false in +.Nm sudo.conf +as follows: +.Bd -literal -offset indent +Set disable_coredump false +.Ed +.Pp +Note that most operating systems disable core dumps from setuid programs, +including +.Nm sudo . +To actually get a +.Nm sudo +core file you will likely need to enable core dumps for setuid processes. +On BSD and Linux systems this is accomplished in the +.Xr sysctl +command. +On Solaris, the +.Xr coreadm +command is used to configure core dump behavior. +.Pp +This setting is only available in +.Nm sudo +version 1.8.4 and higher. +.It group_source +.Nm sudo +passes the invoking user's group list to the policy and I/O plugins. +On most systems, there is an upper limit to the number of groups that +a user may belong to simultaneously (typically 16 for compatibility +with NFS). +On systems with the +.Xr getconf 1 +utility, running: +.Dl getconf NGROUPS_MAX +will return the maximum number of groups. +.Pp +However, it is still possible to be a member of a larger number of +groups--they simply won't be included in the group list returned +by the kernel for the user. +Starting with +.Nm sudo +version 1.8.7, if the user's kernel group list has the maximum number +of entries, +.Nm sudo +will consult the group database directly to determine the group list. +This makes it possible for the security policy to perform matching by group +name even when the user is a member of more than the maximum number of groups. +.Pp +The +.Em group_source +setting allows the administrator to change this default behavior. +Supported values for +.Em group_source +are: +.Bl -tag -width 8n +.It static +Use the static group list that the kernel returns. +Retrieving the group list this way is very fast but it is subject +to an upper limit as described above. +It is +.Dq static +in that it does not reflect changes to the group database made +after the user logs in. +This was the default behavior prior to +.Nm sudo +1.8.7. +.It dynamic +Always query the group database directly. +It is +.Dq dynamic +in that changes made to the group database after the user logs in +will be reflected in the group list. +On some systems, querying the group database for all of a user's +groups can be time consuming when querying a network-based group +database. +Most operating systems provide an efficient method of performing +such queries. +Currently, +.Nm sudo +supports efficient group queries on AIX, BSD, HP-UX, Linux and +Solaris. +.It adaptive +Only query the group database if the static group list returned +by the kernel has the maximum number of entries. +This is the default behavior in +.Nm sudo +1.8.7 and higher. +.El +.Pp +For example, to cause +.Nm sudo +to only use the kernel's static list of groups for the user: +.Bd -literal -offset indent +Set group_source static +.Ed +.Pp +This setting is only available in +.Nm sudo +version 1.8.7 and higher. +.It max_groups +The maximum number of user groups to retrieve from the group database. +This setting is only used when querying the group database directly. +It is intended to be used on systems where it is not possible to detect +when the array to be populated with group entries is not sufficiently large. +By default, +.Nm sudo +will allocate four times the system's maximum number of groups (see above) +and retry with double that number if the group database query fails. +However, some systems just return as many entries as will fit and +do not indicate an error when there is a lack of space. +.Pp +This setting is only available in +.Nm sudo +version 1.8.7 and higher. +.El +.Ss Debug flags +.Nm sudo +versions 1.8.4 and higher support a flexible debugging framework +that can help track down what +.Nm sudo +is doing internally if there is a problem. +.Pp +A +.Li Debug +line consists of the +.Li Debug +keyword, followed by the name of the program (or plugin) to debug +.Pq Nm sudo , Nm visudo , Nm sudoreplay , Nm sudoers , +the debug file name and a comma-separated list of debug flags. The +debug flag syntax used by +.Nm sudo +and the +.Nm sudoers +plugin is +.Em subsystem Ns No @ Ns Em priority +but a plugin is free to use a different format so long as it does +not include a comma +.Pq Ql \&, . +.Pp +For example: +.Bd -literal -offset indent +Debug sudo /var/log/sudo_debug all@warn,plugin@info +.Ed +.Pp +would log all debugging statements at the +.Em warn +level and higher in addition to those at the +.Em info +level for the plugin subsystem. +.Pp +Currently, only one +.Li Debug +entry per program is supported. The +.Nm sudo +.Li Debug +entry is shared by the +.Nm sudo +front end, +.Nm sudoedit +and the plugins. A future release may add support for per-plugin +.Li Debug +lines and/or support for multiple debugging files for a single +program. +.Pp +The priorities used by the +.Nm sudo +front end, in order of decreasing severity, are: +.Em crit , err , warn , notice , diag , info , trace +and +.Em debug . +Each priority, when specified, also includes all priorities higher +than it. For example, a priority of +.Em notice +would include debug messages logged at +.Em notice +and higher. +.Pp +The following subsystems are used by the +.Nm sudo +front-end: +.Bl -tag -width Fl +.It Em all +matches every subsystem +.It Em args +command line argument processing +.It Em conv +user conversation +.It Em edit +sudoedit +.It Em exec +command execution +.It Em main +.Nm sudo +main function +.It Em netif +network interface handling +.It Em pcomm +communication with the plugin +.It Em plugin +plugin configuration +.It Em pty +pseudo-tty related code +.It Em selinux +SELinux-specific handling +.It Em util +utility functions +.It Em utmp +utmp handling +.El +.Pp +The +.Xr sudoers @mansectform@ +plugin includes support for additional subsystems. +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +.Nm sudo +front end configuration +.El +.Sh EXAMPLES +.Bd -literal +# +# Default @sysconfdir@/sudo.conf file +# +# Format: +# Plugin plugin_name plugin_path plugin_options ... +# Path askpass /path/to/askpass +# Path noexec /path/to/sudo_noexec.so +# Debug sudo /var/log/sudo_debug all@warn +# Set disable_coredump true +# +# The plugin_path is relative to @PLUGINDIR@ unless +# fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are +# present. +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so + +# +# Sudo askpass: +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with +# its own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +#Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +#Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo noexec: +# +# Path to a shared library containing dummy versions of the execv(), +# execve() and fexecve() library functions that just return an error. +# This is used to implement the "noexec" functionality on systems that +# support C or its equivalent. +# The compiled-in value is usually sufficient and should only be +# changed if you rename or move the sudo_noexec.so file. +# +#Path noexec @noexec_file@ + +# +# Core dumps: +# +# By default, sudo disables core dumps while it is executing +# (they are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +#Set disable_coredump false + +# +# User groups: +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +#Set group_source static +.Ed +.Sh SEE ALSO +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr sudo_plugin @mansectsu@ +.Sh HISTORY +See the HISTORY file in the +.Nm sudo +distribution (http://www.sudo.ws/sudo/history.html) for a brief +history of sudo. +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (http://www.sudo.ws/sudo/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at http://www.sudo.ws/sudo/bugs/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or http://www.sudo.ws/sudo/license.html for complete details. diff --git a/doc/sudo.man.in b/doc/sudo.man.in index 914941c..5c6f032 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -1,7 +1,7 @@ .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDO" "@mansectsu@" "July 10, 2012" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "SUDO" "@mansectsu@" "March 13, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -99,7 +99,7 @@ which is configured via the file \fI@sysconfdir@/sudoers\fR, or via LDAP. See the -\fIPLUGINS\fR +\fIPlugins\fR section for more information. .PP The security policy determines what privileges, if any, a user has @@ -162,7 +162,7 @@ If the environment variable is set, it specifies the path to the helper program. Otherwise, if -\fI@sysconfdir@/sudo.conf\fR +sudo.conf(@mansectform@) contains a line specifying the askpass program, that value will be used. For example: @@ -694,7 +694,7 @@ for more information. When \fBsudo\fR executes a command, the security policy specifies the execution -envionment for the command. +environment for the command. Typically, the real and effective uid and gid are set to match those of the target user, as specified in the password database, and the group vector is initialized based on the group database @@ -747,8 +747,9 @@ system call in the child process. The main \fBsudo\fR process waits until the command has completed, then passes the -command's exit status to the security policy's close method and exits. -If an I/O logging plugin is configured, a new pseudo-terminal +command's exit status to the security policy's close function and exits. +If an I/O logging plugin is configured or if the security policy +explicitly requests it, a new pseudo-terminal (``pty'') is created and a second \fBsudo\fR @@ -759,6 +760,12 @@ and resume the command. Without it, the command would be in what POSIX terms an ``orphaned process group'' and it would not receive any job control signals. +As a special case, if the policy plugin does not define a close +function and no pty is required, +\fBsudo\fR +will execute the command directly instead of calling +fork(2) +first. .SS "Signal handling" Because the command is run as a child of the \fBsudo\fR @@ -796,7 +803,7 @@ reboot(@mansectsu@) command sends \fRSIGTERM\fR to all non-system processes other than itself before rebooting -the systyem. +the system. This prevents \fBsudo\fR from relaying the @@ -823,244 +830,36 @@ are run using the family of functions instead of \fBsystem\fR() (which interposes a shell between the command and the calling process). -.SH "PLUGINS" +.PP +If no I/O logging plugins are loaded and the policy plugin has not +defined a +\fBclose\fR() +function, set a command timeout or required that the command be +run in a new pty, +\fBsudo\fR +may execute the command directly instead of running it as a child process. +.SS "Plugins" Plugins are dynamically loaded based on the contents of the -\fI@sysconfdir@/sudo.conf\fR +sudo.conf(@mansectform@) file. If no -\fI@sysconfdir@/sudo.conf\fR +sudo.conf(@mansectform@) file is present, or it contains no \fRPlugin\fR lines, \fBsudo\fR will use the traditional \fIsudoers\fR -security policy and I/O logging, which corresponds to the following +security policy and I/O logging. +See the +sudo.conf(@mansectform@) +manual for details of the \fI@sysconfdir@/sudo.conf\fR -file. -.nf -.sp -.RS 0n -# -# Default @sysconfdir@/sudo.conf file -# -# Format: -# Plugin plugin_name plugin_path plugin_options ... -# Path askpass /path/to/askpass -# Path noexec /path/to/sudo_noexec.so -# Debug sudo /var/log/sudo_debug all@warn -# Set disable_coredump true -# -# The plugin_path is relative to @prefix@/libexec unless -# fully qualified. -# The plugin_name corresponds to a global symbol in the plugin -# that contains the plugin interface structure. -# The plugin_options are optional. -# -Plugin policy_plugin sudoers.so -Plugin io_plugin sudoers.so -.RE -.fi -.PP -A -\fRPlugin\fR -line consists of the -\fRPlugin\fR -keyword, followed by the -\fIsymbol_name\fR -and the -\fIpath\fR -to the shared object containing the plugin. -The -\fIsymbol_name\fR -is the name of the -\fRstruct policy_plugin\fR -or -\fRstruct io_plugin\fR -in the plugin shared object. -The -\fIpath\fR -may be fully qualified or relative. -If not fully qualified it is relative to the -\fI@prefix@/libexec\fR -directory. -Any additional parameters after the -\fIpath\fR -are passed as arguments to the plugin's -\fIopen\fR -function. -Lines that don't begin with -\fRPlugin\fR, -\fRPath\fR, -\fRDebug\fR, -or -\fRSet\fR -are silently ignored. -.PP -For more information, see the +file and the sudo_plugin(@mansectsu@) -manual. -.SH "PATHS" -A -\fRPath\fR -line consists of the -\fRPath\fR -keyword, followed by the name of the path to set and its value. -E.g. -.nf -.sp -.RS 6n -Path noexec @noexec_file@ -Path askpass /usr/X11R6/bin/ssh-askpass -.RE -.fi -.PP -The following plugin-agnostic paths may be set in the -\fI@sysconfdir@/sudo.conf\fR -file: -.TP 10n -askpass -The fully qualified path to a helper program used to read the user's -password when no terminal is available. -This may be the case when -\fBsudo\fR -is executed from a graphical (as opposed to text-based) application. -The program specified by -\fIaskpass\fR -should display the argument passed to it as the prompt and write -the user's password to the standard output. -The value of -\fIaskpass\fR -may be overridden by the -\fRSUDO_ASKPASS\fR -environment variable. -.TP 10n -noexec -The fully-qualified path to a shared library containing dummy -versions of the -\fBexecv\fR(), -\fBexecve\fR() -and -\fBfexecve\fR() -library functions that just return an error. -This is used to implement the -\fInoexec\fR -functionality on systems that support -\fRLD_PRELOAD\fR -or its equivalent. -Defaults to -\fI@noexec_file@\fR. -.SH "DEBUG FLAGS" -\fBsudo\fR -versions 1.8.4 and higher support a flexible debugging framework -that can help track down what +manual for more information about the \fBsudo\fR -is doing internally if there is a problem. -.PP -A -\fRDebug\fR -line consists of the -\fRDebug\fR -keyword, followed by the name of the program to debug -(\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR), -the debug file name and a comma-separated list of debug flags. -The debug flag syntax used by -\fBsudo\fR -and the -\fIsudoers\fR -plugin is -\fIsubsystem\fR@\fIpriority\fR -but the plugin is free to use a different format so long as it does -not include a comma -(`\&,'). -.PP -For instance: -.nf -.sp -.RS 6n -Debug sudo /var/log/sudo_debug all@warn,plugin@info -.RE -.fi -.PP -would log all debugging statements at the -\fIwarn\fR -level and higher in addition to those at the -\fIinfo\fR -level for the plugin subsystem. -.PP -Currently, only one -\fRDebug\fR -entry per program is supported. -The -\fBsudo\fR -\fRDebug\fR -entry is shared by the -\fBsudo\fR -front end, -\fBsudoedit\fR -and the plugins. -A future release may add support for per-plugin -\fRDebug\fR -lines and/or support for multiple debugging files for a single -program. -.PP -The priorities used by the -\fBsudo\fR -front end, in order of decreasing severity, are: -\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR -and -\fIdebug\fR. -Each priority, when specified, also includes all priorities higher -than it. -For example, a priority of -\fInotice\fR -would include debug messages logged at -\fInotice\fR -and higher. -.PP -The following subsystems are used by the -\fBsudo\fR -front-end: -.TP 12n -\fIall\fR -matches every subsystem -.TP 12n -\fIargs\fR -command line argument processing -.TP 12n -\fIconv\fR -user conversation -.TP 12n -\fIedit\fR -sudoedit -.TP 12n -\fIexec\fR -command execution -.TP 12n -\fImain\fR -\fBsudo\fR -main function -.TP 12n -\fInetif\fR -network interface handling -.TP 12n -\fIpcomm\fR -communication with the plugin -.TP 12n -\fIplugin\fR -plugin configuration -.TP 12n -\fIpty\fR -pseudo-tty related code -.TP 12n -\fIselinux\fR -SELinux-specific handling -.TP 12n -\fIutil\fR -utility functions -.TP 12n -\fIutmp\fR -utmp handling +plugin architecture. .SH "EXIT VALUE" Upon successful execution of a program, the exit status from \fIsudo\fR @@ -1142,7 +941,7 @@ To aid in debugging crashes, you may wish to re-enable core dumps by setting ``disable_coredump'' to false in the -\fI@sysconfdir@/sudo.conf\fR +sudo.conf(@mansectform@) file as follows: .nf .sp @@ -1151,14 +950,9 @@ Set disable_coredump false .RE .fi .PP -Note that by default, most operating systems disable core dumps -from setuid programs, which includes -\fBsudo\fR. -To actually get a -\fBsudo\fR -core file you may need to enable core dumps for setuid processes. -On BSD and Linux systems this is accomplished via the sysctl command, -on Solaris the coreadm command can be used. +See the +sudo.conf(@mansectform@) +manual for more information. .SH "ENVIRONMENT" \fBsudo\fR utilizes the following environment variables. @@ -1323,11 +1117,11 @@ $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" .RE .fi .SH "SEE ALSO" -grep(1), su(1), stat(2), login_cap(3), passwd(@mansectform@), +sudo.conf(@mansectform@), sudoers(@mansectform@), sudo_plugin(@mansectsu@), sudoreplay(@mansectsu@), diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in index 0337a4d..605dd3f 100644 --- a/doc/sudo.mdoc.in +++ b/doc/sudo.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd July 10, 2012 +.Dd March 13, 2013 .Dt SUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -139,7 +139,7 @@ which is configured via the file .Pa @sysconfdir@/sudoers , or via LDAP. See the -.Sx PLUGINS +.Sx Plugins section for more information. .Pp The security policy determines what privileges, if any, a user has @@ -202,7 +202,7 @@ If the environment variable is set, it specifies the path to the helper program. Otherwise, if -.Pa @sysconfdir@/sudo.conf +.Xr sudo.conf @mansectform@ contains a line specifying the askpass program, that value will be used. For example: @@ -687,7 +687,7 @@ for more information. When .Nm sudo executes a command, the security policy specifies the execution -envionment for the command. +environment for the command. Typically, the real and effective uid and gid are set to match those of the target user, as specified in the password database, and the group vector is initialized based on the group database @@ -725,14 +725,15 @@ When .Nm sudo runs a command, it calls .Xr fork 2 , -sets up the execution environment as described above, and calls the +sets up the execution environment as described above, and calls the .Xr execve system call in the child process. The main .Nm sudo process waits until the command has completed, then passes the -command's exit status to the security policy's close method and exits. -If an I/O logging plugin is configured, a new pseudo-terminal +command's exit status to the security policy's close function and exits. +If an I/O logging plugin is configured or if the security policy +explicitly requests it, a new pseudo-terminal .Pq Dq pty is created and a second .Nm sudo @@ -743,6 +744,12 @@ and resume the command. Without it, the command would be in what POSIX terms an .Dq orphaned process group and it would not receive any job control signals. +As a special case, if the policy plugin does not define a close +function and no pty is required, +.Nm sudo +will execute the command directly instead of calling +.Xr fork 2 +first. .Ss Signal handling Because the command is run as a child of the .Nm sudo @@ -780,7 +787,7 @@ On some systems, the command sends .Dv SIGTERM to all non-system processes other than itself before rebooting -the systyem. +the system. This prevents .Nm sudo from relaying the @@ -807,224 +814,36 @@ are run using the family of functions instead of .Fn system (which interposes a shell between the command and the calling process). -.Sh PLUGINS +.Pp +If no I/O logging plugins are loaded and the policy plugin has not +defined a +.Fn close +function, set a command timeout or required that the command be +run in a new pty, +.Nm sudo +may execute the command directly instead of running it as a child process. +.Ss Plugins Plugins are dynamically loaded based on the contents of the -.Pa @sysconfdir@/sudo.conf +.Xr sudo.conf @mansectform@ file. If no -.Pa @sysconfdir@/sudo.conf +.Xr sudo.conf @mansectform@ file is present, or it contains no .Li Plugin lines, .Nm sudo will use the traditional .Em sudoers -security policy and I/O logging, which corresponds to the following +security policy and I/O logging. +See the +.Xr sudo.conf @mansectform@ +manual for details of the .Pa @sysconfdir@/sudo.conf -file. -.Bd -literal -# -# Default @sysconfdir@/sudo.conf file -# -# Format: -# Plugin plugin_name plugin_path plugin_options ... -# Path askpass /path/to/askpass -# Path noexec /path/to/sudo_noexec.so -# Debug sudo /var/log/sudo_debug all@warn -# Set disable_coredump true -# -# The plugin_path is relative to @prefix@/libexec unless -# fully qualified. -# The plugin_name corresponds to a global symbol in the plugin -# that contains the plugin interface structure. -# The plugin_options are optional. -# -Plugin policy_plugin sudoers.so -Plugin io_plugin sudoers.so -.Ed -.Pp -A -.Li Plugin -line consists of the -.Li Plugin -keyword, followed by the -.Em symbol_name -and the -.Em path -to the shared object containing the plugin. -The -.Em symbol_name -is the name of the -.Li struct policy_plugin -or -.Li struct io_plugin -in the plugin shared object. -The -.Em path -may be fully qualified or relative. -If not fully qualified it is relative to the -.Pa @prefix@/libexec -directory. -Any additional parameters after the -.Em path -are passed as arguments to the plugin's -.Em open -function. -Lines that don't begin with -.Li Plugin , -.Li Path , -.Li Debug , -or -.Li Set -are silently ignored. -.Pp -For more information, see the +file and the .Xr sudo_plugin @mansectsu@ -manual. -.Sh PATHS -A -.Li Path -line consists of the -.Li Path -keyword, followed by the name of the path to set and its value. -E.g. -.Bd -literal -offset indent -Path noexec @noexec_file@ -Path askpass /usr/X11R6/bin/ssh-askpass -.Ed -.Pp -The following plugin-agnostic paths may be set in the -.Pa @sysconfdir@/sudo.conf -file: -.Bl -tag -width 8n -.It askpass -The fully qualified path to a helper program used to read the user's -password when no terminal is available. -This may be the case when -.Nm sudo -is executed from a graphical (as opposed to text-based) application. -The program specified by -.Em askpass -should display the argument passed to it as the prompt and write -the user's password to the standard output. -The value of -.Em askpass -may be overridden by the -.Ev SUDO_ASKPASS -environment variable. -.It noexec -The fully-qualified path to a shared library containing dummy -versions of the -.Fn execv , -.Fn execve -and -.Fn fexecve -library functions that just return an error. -This is used to implement the -.Em noexec -functionality on systems that support -.Ev LD_PRELOAD -or its equivalent. -Defaults to -.Pa @noexec_file@ . -.El -.Sh DEBUG FLAGS +manual for more information about the .Nm sudo -versions 1.8.4 and higher support a flexible debugging framework -that can help track down what -.Nm sudo -is doing internally if there is a problem. -.Pp -A -.Li Debug -line consists of the -.Li Debug -keyword, followed by the name of the program to debug -.Pq Nm sudo , Nm visudo , Nm sudoreplay , -the debug file name and a comma-separated list of debug flags. -The debug flag syntax used by -.Nm sudo -and the -.Em sudoers -plugin is -.Em subsystem Ns No @ Ns Em priority -but the plugin is free to use a different format so long as it does -not include a comma -.Pq Ql \&, . -.Pp -For instance: -.Bd -literal -offset indent -Debug sudo /var/log/sudo_debug all@warn,plugin@info -.Ed -.Pp -would log all debugging statements at the -.Em warn -level and higher in addition to those at the -.Em info -level for the plugin subsystem. -.Pp -Currently, only one -.Li Debug -entry per program is supported. -The -.Nm sudo -.Li Debug -entry is shared by the -.Nm sudo -front end, -.Nm sudoedit -and the plugins. -A future release may add support for per-plugin -.Li Debug -lines and/or support for multiple debugging files for a single -program. -.Pp -The priorities used by the -.Nm sudo -front end, in order of decreasing severity, are: -.Em crit , err , warn , notice , diag , info , trace -and -.Em debug . -Each priority, when specified, also includes all priorities higher -than it. -For example, a priority of -.Em notice -would include debug messages logged at -.Em notice -and higher. -.Pp -The following subsystems are used by the -.Nm sudo -front-end: -.Bl -tag -width Fl -.It Em all -matches every subsystem -.It Em args -command line argument processing -.It Em conv -user conversation -.It Em edit -sudoedit -.It Em exec -command execution -.It Em main -.Nm sudo -main function -.It Em netif -network interface handling -.It Em pcomm -communication with the plugin -.It Em plugin -plugin configuration -.It Em pty -pseudo-tty related code -.It Em selinux -SELinux-specific handling -.It Em util -utility functions -.It Em utmp -utmp handling -.El +plugin architecture. .Sh EXIT VALUE Upon successful execution of a program, the exit status from .Em sudo @@ -1106,20 +925,15 @@ To aid in debugging crashes, you may wish to re-enable core dumps by setting .Dq disable_coredump to false in the -.Pa @sysconfdir@/sudo.conf +.Xr sudo.conf @mansectform@ file as follows: .Bd -literal -offset indent Set disable_coredump false .Ed .Pp -Note that by default, most operating systems disable core dumps -from setuid programs, which includes -.Nm sudo . -To actually get a -.Nm sudo -core file you may need to enable core dumps for setuid processes. -On BSD and Linux systems this is accomplished via the sysctl command, -on Solaris the coreadm command can be used. +See the +.Xr sudo.conf @mansectform@ +manual for more information. .Sh ENVIRONMENT .Nm sudo utilizes the following environment variables. @@ -1251,11 +1065,11 @@ and file redirection work. $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" .Ed .Sh SEE ALSO -.Xr grep 1 , .Xr su 1 , .Xr stat 2 , .Xr login_cap 3 , .Xr passwd @mansectform@ , +.Xr sudo.conf @mansectform@ , .Xr sudoers @mansectform@ , .Xr sudo_plugin @mansectsu@ , .Xr sudoreplay @mansectsu@ , diff --git a/doc/sudo_plugin.cat b/doc/sudo_plugin.cat index 11e9dd7..193da0e 100644 --- a/doc/sudo_plugin.cat +++ b/doc/sudo_plugin.cat @@ -5,11 +5,10 @@ NNAAMMEE DDEESSCCRRIIPPTTIIOONN Starting with version 1.8, ssuuddoo supports a plugin API for policy and - session logging. By default, the _s_u_d_o_e_r_s policy plugin and an associated + session logging. By default, the ssuuddooeerrss policy plugin and an associated I/O logging plugin are used. Via the plugin API, ssuuddoo can be configured to use alternate policy and/or I/O logging plugins provided by third - parties. The plugins to be used are specified via the _/_e_t_c_/_s_u_d_o_._c_o_n_f - file. + parties. The plugins to be used are specified in the sudo.conf(4) file. The API is versioned with a major and minor number. The minor version number is incremented when additions are made. The major number is @@ -18,50 +17,11 @@ DDEESSCCRRIIPPTTIIOONN The plugin API is defined by the sudo_plugin.h header file. - TThhee ssuuddoo..ccoonnff ffiillee - The _/_e_t_c_/_s_u_d_o_._c_o_n_f file contains plugin configuration directives. The - primary keyword is the Plugin directive, which causes a plugin to be - loaded. - - A Plugin line consists of the Plugin keyword, followed by the _s_y_m_b_o_l___n_a_m_e - and the _p_a_t_h to the shared object containing the plugin. The _s_y_m_b_o_l___n_a_m_e - is the name of the struct policy_plugin or struct io_plugin in the plugin - shared object. The _p_a_t_h may be fully qualified or relative. If not - fully qualified it is relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any - additional parameters after the _p_a_t_h are passed as options to the - plugin's ooppeenn() function. Lines that don't begin with Plugin, Path, - Debug or Set are silently ignored. - - The same shared object may contain multiple plugins, each with a - different symbol name. The shared object file must be owned by uid 0 and - only writable by its owner. Because of ambiguities that arise from - composite policies, only a single policy plugin may be specified. This - limitation does not apply to I/O plugins. - - # - # Default /etc/sudo.conf file - # - # Format: - # Plugin plugin_name plugin_path plugin_options ... - # Path askpass /path/to/askpass - # Path noexec /path/to/sudo_noexec.so - # Debug sudo /var/log/sudo_debug all@warn - # Set disable_coredump true - # - # The plugin_path is relative to /usr/local/libexec unless - # fully qualified. - # The plugin_name corresponds to a global symbol in the plugin - # that contains the plugin interface structure. - # The plugin_options are optional. - # - Plugin sudoers_policy sudoers.so - Plugin sudoers_io sudoers.so - PPoolliiccyy pplluuggiinn AAPPII A policy plugin must declare and populate a policy_plugin struct in the global scope. This structure contains pointers to the functions that implement the ssuuddoo policy checks. The name of the symbol should be - specified in _/_e_t_c_/_s_u_d_o_._c_o_n_f along with a path to the plugin so that ssuuddoo + specified in sudo.conf(4) along with a path to the plugin so that ssuuddoo can load it. struct policy_plugin { @@ -141,92 +101,109 @@ DDEESSCCRRIIPPTTIIOONN equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. + bsdauth_type=string + Authentication type, if specified by the --aa flag, to + use on systems where BSD authentication is supported. + + closefrom=number + If specified, the user has requested via the --CC flag + that ssuuddoo close all files descriptors with a value of + _n_u_m_b_e_r or higher. The plugin may optionally pass this, + or another value, back in the _c_o_m_m_a_n_d___i_n_f_o list. + debug_flags=string A comma-separated list of debug flags that correspond - to ssuuddoo's Debug entry in _/_e_t_c_/_s_u_d_o_._c_o_n_f, if there is - one. The flags are passed to the plugin as they appear - in _/_e_t_c_/_s_u_d_o_._c_o_n_f. The syntax used by ssuuddoo and the - _s_u_d_o_e_r_s plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but the plugin is - free to use a different format so long as it does not - include a comma (`,'). - - For reference, the priorities supported by the ssuuddoo - front end and _s_u_d_o_e_r_s are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, - _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g. - - The following subsystems are defined: _m_a_i_n, _m_e_m_o_r_y, - _a_r_g_s, _e_x_e_c, _p_t_y, _u_t_m_p, _c_o_n_v, _p_c_o_m_m, _u_t_i_l, _l_i_s_t, _n_e_t_i_f, - _a_u_d_i_t, _e_d_i_t, _s_e_l_i_n_u_x, _l_d_a_p, _m_a_t_c_h, _p_a_r_s_e_r, _a_l_i_a_s, - _d_e_f_a_u_l_t_s, _a_u_t_h, _e_n_v, _l_o_g_g_i_n_g, _n_s_s, _r_b_t_r_e_e, _p_e_r_m_s, - _p_l_u_g_i_n. The subsystem _a_l_l includes every subsystem. - - There is not currently a way to specify a set of debug - flags specific to the plugin--the flags are shared by - ssuuddoo and the plugin. + to ssuuddoo's Debug entry in sudo.conf(4), if there is one. + The flags are passed to the plugin as they appear in + sudo.conf(4). The syntax used by ssuuddoo and the ssuuddooeerrss + plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but the plugin is free to + use a different format so long as it does not include a + comma (`,'). There is not currently a way to specify a + set of debug flags specific to the plugin--the flags + are shared by ssuuddoo and the plugin. debug_level=number This setting has been deprecated in favor of _d_e_b_u_g___f_l_a_g_s. - runas_user=string - The user name or uid to to run the command as, if - specified via the --uu flag. + ignore_ticket=bool + Set to true if the user specified the --kk flag along + with a command, indicating that the user wishes to + ignore any cached authentication credentials. + _i_m_p_l_i_e_d___s_h_e_l_l to true. This allows ssuuddoo with no + arguments to be used similarly to su(1). If the plugin + does not to support this usage, it may return a value + of -2 from the cchheecckk__ppoolliiccyy() function, which will + cause ssuuddoo to print a usage message and exit. - runas_group=string - The group name or gid to to run the command as, if - specified via the --gg flag. + implied_shell=bool + If the user does not specify a program on the command + line, ssuuddoo will pass the plugin the path to the user's + shell and set - prompt=string - The prompt to use when requesting a password, if - specified via the --pp flag. + login_class=string + BSD login class to use when setting resource limits and + nice value, if specified by the --cc flag. - set_home=bool - Set to true if the user specified the --HH flag. If - true, set the HOME environment variable to the target - user's home directory. + login_shell=bool + Set to true if the user specified the --ii flag, + indicating that the user wishes to run a login shell. + + max_groups=int + The maximum number of groups a user may belong to. + This will only be present if there is a corresponding + setting in sudo.conf(4). + + network_addrs=list + A space-separated list of IP network addresses and + netmasks in the form ``addr/netmask'', e.g. + ``192.168.1.2/255.255.255.0''. The address and netmask + pairs may be either IPv4 or IPv6, depending on what the + operating system supports. If the address contains a + colon (`:'), it is an IPv6 address, else it is IPv4. + + noninteractive=bool + Set to true if the user specified the --nn flag, + indicating that ssuuddoo should operate in non-interactive + mode. The plugin may reject a command run in non- + interactive mode if user interaction is required. + + plugin_dir=string + The default plugin directory used by the ssuuddoo front + end. This is the default directory set at compile time + and may not correspond to the directory the running + plugin was loaded from. It may be used by a plugin to + locate support files. preserve_environment=bool Set to true if the user specified the --EE flag, indicating that the user wishes to preserve the environment. - run_shell=bool - Set to true if the user specified the --ss flag, - indicating that the user wishes to run a shell. - - login_shell=bool - Set to true if the user specified the --ii flag, - indicating that the user wishes to run a login shell. - - implied_shell=bool - If the user does not specify a program on the command - line, ssuuddoo will pass the plugin the path to the user's - shell and set _i_m_p_l_i_e_d___s_h_e_l_l to true. This allows ssuuddoo - with no arguments to be used similarly to su(1). If - the plugin does not to support this usage, it may - return a value of -2 from the cchheecckk__ppoolliiccyy() function, - which will cause ssuuddoo to print a usage message and - exit. - preserve_groups=bool Set to true if the user specified the --PP flag, indicating that the user wishes to preserve the group vector instead of setting it based on the runas user. - ignore_ticket=bool - Set to true if the user specified the --kk flag along - with a command, indicating that the user wishes to - ignore any cached authentication credentials. + progname=string + The command name that sudo was run as, typically + ``sudo'' or ``sudoedit''. - noninteractive=bool - Set to true if the user specified the --nn flag, - indicating that ssuuddoo should operate in non-interactive - mode. The plugin may reject a command run in non- - interactive mode if user interaction is required. + prompt=string + The prompt to use when requesting a password, if + specified via the --pp flag. - login_class=string - BSD login class to use when setting resource limits and - nice value, if specified by the --cc flag. + run_shell=bool + Set to true if the user specified the --ss flag, + indicating that the user wishes to run a shell. + + runas_group=string + The group name or gid to to run the command as, if + specified via the --gg flag. + + runas_user=string + The user name or uid to to run the command as, if + specified via the --uu flag. selinux_role=string SELinux role to use when executing the command, if @@ -236,21 +213,10 @@ DDEESSCCRRIIPPTTIIOONN SELinux type to use when executing the command, if specified by the --tt flag. - bsdauth_type=string - Authentication type, if specified by the --aa flag, to - use on systems where BSD authentication is supported. - - network_addrs=list - A space-separated list of IP network addresses and - netmasks in the form ``addr/netmask'', e.g. - ``192.168.1.2/255.255.255.0''. The address and netmask - pairs may be either IPv4 or IPv6, depending on what the - operating system supports. If the address contains a - colon (`:'), it is an IPv6 address, else it is IPv4. - - progname=string - The command name that sudo was run as, typically - ``sudo'' or ``sudoedit''. + set_home=bool + Set to true if the user specified the --HH flag. If + true, set the HOME environment variable to the target + user's home directory. sudoedit=bool Set to true when the --ee flag is is specified or if @@ -260,12 +226,6 @@ DDEESSCCRRIIPPTTIIOONN support _s_u_d_o_e_d_i_t. For more information, see the _c_h_e_c_k___p_o_l_i_c_y section. - closefrom=number - If specified, the user has requested via the --CC flag - that ssuuddoo close all files descriptors with a value of - _n_u_m_b_e_r or higher. The plugin may optionally pass this, - or another value, back in the _c_o_m_m_a_n_d___i_n_f_o list. - Additional settings may be added in the future so the plugin should silently ignore settings that it does not recognize. @@ -278,42 +238,20 @@ DDEESSCCRRIIPPTTIIOONN equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. - pid=int - The process ID of the running ssuuddoo process. Only - available starting with API version 1.2 - - ppid=int - The parent process ID of the running ssuuddoo process. - Only available starting with API version 1.2 - - sid=int - The session ID of the running ssuuddoo process or 0 if ssuuddoo - is not part of a POSIX job control session. Only - available starting with API version 1.2 - - pgid=int - The ID of the process group that the running ssuuddoo - process belongs to. Only available starting with API - version 1.2 + cols=int + The number of columns the user's terminal supports. If + there is no terminal device available, a default value + of 80 is used. - tcpgid=int - The ID of the forground process group associated with - the terminal device associcated with the ssuuddoo process - or -1 if there is no terminal present. Only available - starting with API version 1.2 + cwd=string + The user's current working directory. - user=string - The name of the user invoking ssuuddoo. + egid=gid_t + The effective group ID of the user invoking ssuuddoo. euid=uid_t The effective user ID of the user invoking ssuuddoo. - uid=uid_t - The real user ID of the user invoking ssuuddoo. - - egid=gid_t - The effective group ID of the user invoking ssuuddoo. - gid=gid_t The real group ID of the user invoking ssuuddoo. @@ -321,14 +259,6 @@ DDEESSCCRRIIPPTTIIOONN The user's supplementary group list formatted as a string of comma-separated group IDs. - cwd=string - The user's current working directory. - - tty=string - The path to the user's terminal device. If the user - has no terminal device associated with the session, the - value will be empty, as in ``tty=''. - host=string The local machine's hostname as returned by the gethostname(2) system call. @@ -338,10 +268,54 @@ DDEESSCCRRIIPPTTIIOONN there is no terminal device available, a default value of 24 is used. - cols=int - The number of columns the user's terminal supports. If - there is no terminal device available, a default value - of 80 is used. + pgid=int + The ID of the process group that the running ssuuddoo + process is a member of. Only available starting with + API version 1.2 + + pid=int + The process ID of the running ssuuddoo process. Only + available starting with API version 1.2 + + plugin_options + Any (non-comment) strings immediately after the plugin + path are passed as arguments to the plugin. These + arguments are split on a white space boundary and are + passed to the plugin in the form of a NULL-terminated + array of strings. If no arguments were specified, + _p_l_u_g_i_n___o_p_t_i_o_n_s will be the NULL pointer. + + NOTE: the _p_l_u_g_i_n___o_p_t_i_o_n_s parameter is only available + starting with API version 1.2. A plugin mmuusstt check the + API version specified by the ssuuddoo front end before + using _p_l_u_g_i_n___o_p_t_i_o_n_s. Failure to do so may result in a + crash. + + ppid=int + The parent process ID of the running ssuuddoo process. + Only available starting with API version 1.2 + + sid=int + The session ID of the running ssuuddoo process or 0 if ssuuddoo + is not part of a POSIX job control session. Only + available starting with API version 1.2 + + tcpgid=int + The ID of the foreground process group associated with + the terminal device associated with the ssuuddoo process or + -1 if there is no terminal present. Only available + starting with API version 1.2 + + tty=string + The path to the user's terminal device. If the user + has no terminal device associated with the session, the + value will be empty, as in ``tty=''. + + uid=uid_t + The real user ID of the user invoking ssuuddoo. + + user=string + The name of the user invoking ssuuddoo. user_env The user's environment in the form of a NULL-terminated @@ -351,19 +325,6 @@ DDEESSCCRRIIPPTTIIOONN equal sign (`=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. - plugin_options - Any (non-comment) strings immediately after the plugin path - are treated as arguments to the plugin. These arguments are - split on a white space boundary and are passed to the plugin - in the form of a NULL-terminated array of strings. If no - arguments were specified, _p_l_u_g_i_n___o_p_t_i_o_n_s will be the NULL - pointer. - - NOTE: the _p_l_u_g_i_n___o_p_t_i_o_n_s parameter is only available starting - with API version 1.2. A plugin mmuusstt check the API version - specified by the ssuuddoo front end before using _p_l_u_g_i_n___o_p_t_i_o_n_s. - Failure to do so may result in a crash. - close void (*close)(int exit_status, int error); @@ -384,6 +345,11 @@ DDEESSCCRRIIPPTTIIOONN ccoonnvveerrssaattiioonn() or pplluuggiinn__pprriinnttff() function. If the command was successfully executed, the value of error is 0. + If no cclloossee() function is defined, no I/O logging plugins are + loaded, and neither the _t_i_m_e_o_u_t not _u_s_e___p_t_y options are set in the + command_info list, the ssuuddoo front end may execute the command + directly instead of running it as a child process. + show_version int (*show_version)(int verbose); @@ -454,79 +420,62 @@ DDEESSCCRRIIPPTTIIOONN must be terminated with a NULL pointer. The following values are recognized by ssuuddoo: - command=string - Fully qualified path to the command to be executed. - - runas_uid=uid - User ID to run the command as. - - runas_euid=uid - Effective user ID to run the command as. If not - specified, the value of _r_u_n_a_s___u_i_d is used. - - runas_gid=gid - Group ID to run the command as. - - runas_egid=gid - Effective group ID to run the command as. If not - specified, the value of _r_u_n_a_s___g_i_d is used. - - runas_groups=list - The supplementary group vector to use for the command - in the form of a comma-separated list of group IDs. If - _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, this option is ignored. + chroot=string + The root directory to use when running the command. - login_class=string - BSD login class to use when setting resource limits and - nice value (optional). This option is only set on - systems that support login classes. + closefrom=number + If specified, ssuuddoo will close all files descriptors + with a value of _n_u_m_b_e_r or higher. - preserve_groups=bool - If set, ssuuddoo will preserve the user's group vector - instead of initializing the group vector based on - runas_user. + command=string + Fully qualified path to the command to be executed. cwd=string The current working directory to change to when executing the command. - noexec=bool - If set, prevent the command from executing other - programs. - - chroot=string - The root directory to use when running the command. - - nice=int - Nice value (priority) to use when executing the - command. The nice value, if specified, overrides the - priority associated with the _l_o_g_i_n___c_l_a_s_s on BSD - systems. - - umask=octal - The file creation mask to use when executing the - command. - - selinux_role=string - SELinux role to use when executing the command. - - selinux_type=string - SELinux type to use when executing the command. - - timeout=int - Command timeout. If non-zero then when the timeout - expires the command will be killed. - - sudoedit=bool - Set to true when in _s_u_d_o_e_d_i_t mode. The plugin may - enable _s_u_d_o_e_d_i_t mode even if ssuuddoo was not invoked as - ssuuddooeeddiitt. This allows the plugin to perform command - substitution and transparently enable _s_u_d_o_e_d_i_t when the - user attempts to run an editor. - - closefrom=number - If specified, ssuuddoo will close all files descriptors - with a value of _n_u_m_b_e_r or higher. + exec_background=bool + By default, ssuuddoo runs a command as the foreground + process as long as ssuuddoo itself is running in the + foreground. When _e_x_e_c___b_a_c_k_g_r_o_u_n_d is enabled and the + command is being run in a pty (due to I/O logging or + the _u_s_e___p_t_y setting), the command will be run as a + background process. Attempts to read from the + controlling terminal (or to change terminal settings) + will result in the command being suspended with the + SIGTTIN signal (or SIGTTOU in the case of terminal + settings). If this happens when ssuuddoo is a foreground + process, the command will be granted the controlling + terminal and resumed in the foreground with no user + intervention required. The advantage of initially + running the command in the background is that ssuuddoo need + not read from the terminal unless the command + explicitly requests it. Otherwise, any terminal input + must be passed to the command, whether it has required + it or not (the kernel buffers terminals so it is not + possible to tell whether the command really wants the + input). This is different from historic _s_u_d_o behavior + or when the command is not being run in a pty. + + For this to work seamlessly, the operating system must + support the automatic restarting of system calls. + Unfortunately, not all operating systems do this by + default, and even those that do may have bugs. For + example, Mac OS X fails to restart the ttccggeettaattttrr() and + ttccsseettaattttrr() system calls (this is a bug in Mac OS X). + Furthermore, because this behavior depends on the + command stopping with the SIGTTIN or SIGTTOU signals, + programs that catch these signals and suspend + themselves with a different signal (usually SIGTOP) + will not be automatically foregrounded. Some versions + of the linux su(1) command behave this way. Because of + this, a plugin should not set _e_x_e_c___b_a_c_k_g_r_o_u_n_d unless it + is explicitly enabled by the administrator and there + should be a way to enabled or disable it on a per- + command basis. + + This setting has no effect unless I/O logging is + enabled or _u_s_e___p_t_y is enabled. iolog_compress=bool Set to true if the I/O logging plugins, if any, should @@ -572,11 +521,50 @@ DDEESSCCRRIIPPTTIIOONN hint to the I/O logging plugin which may choose to ignore it. - use_pty=bool - Allocate a pseudo-tty to run the command in, regardless - of whether or not I/O logging is in use. By default, - ssuuddoo will only run the command in a pty when an I/O log - plugin is loaded. + login_class=string + BSD login class to use when setting resource limits and + nice value (optional). This option is only set on + systems that support login classes. + + nice=int + Nice value (priority) to use when executing the + command. The nice value, if specified, overrides the + priority associated with the _l_o_g_i_n___c_l_a_s_s on BSD + systems. + + noexec=bool + If set, prevent the command from executing other + programs. + + preserve_groups=bool + If set, ssuuddoo will preserve the user's group vector + instead of initializing the group vector based on + runas_user. + + runas_egid=gid + Effective group ID to run the command as. If not + specified, the value of _r_u_n_a_s___g_i_d is used. + + runas_euid=uid + Effective user ID to run the command as. If not + specified, the value of _r_u_n_a_s___u_i_d is used. + + runas_gid=gid + Group ID to run the command as. + + runas_groups=list + The supplementary group vector to use for the command + in the form of a comma-separated list of group IDs. If + _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, this option is ignored. + + runas_uid=uid + User ID to run the command as. + + selinux_role=string + SELinux role to use when executing the command. + + selinux_type=string + SELinux type to use when executing the command. set_utmp=bool Create a utmp (or utmpx) entry when a pseudo-tty is @@ -584,6 +572,27 @@ DDEESSCCRRIIPPTTIIOONN the user's existing utmp entry (if any), with the tty, time, type and pid fields updated. + sudoedit=bool + Set to true when in _s_u_d_o_e_d_i_t mode. The plugin may + enable _s_u_d_o_e_d_i_t mode even if ssuuddoo was not invoked as + ssuuddooeeddiitt. This allows the plugin to perform command + substitution and transparently enable _s_u_d_o_e_d_i_t when the + user attempts to run an editor. + + timeout=int + Command timeout. If non-zero then when the timeout + expires the command will be killed. + + umask=octal + The file creation mask to use when executing the + command. + + use_pty=bool + Allocate a pseudo-tty to run the command in, regardless + of whether or not I/O logging is in use. By default, + ssuuddoo will only run the command in a pty when an I/O log + plugin is loaded. + utmp_user=string User name to use when constructing a new utmp (or utmpx) entry when _s_e_t___u_t_m_p is enabled. This option can @@ -639,7 +648,7 @@ DDEESSCCRRIIPPTTIIOONN int (*validate)(void); The vvaalliiddaattee() function is called when ssuuddoo is run with the --vv - flag. For policy plugins such as _s_u_d_o_e_r_s that cache authentication + flag. For policy plugins such as ssuuddooeerrss that cache authentication credentials, this function will validate and cache the credentials. The vvaalliiddaattee() function should be NULL if the plugin does not @@ -654,7 +663,7 @@ DDEESSCCRRIIPPTTIIOONN void (*invalidate)(int remove); The iinnvvaalliiddaattee() function is called when ssuuddoo is called with the --kk - or --KK flag. For policy plugins such as _s_u_d_o_e_r_s that cache + or --KK flag. For policy plugins such as ssuuddooeerrss that cache authentication credentials, this function will invalidate the credentials. If the _r_e_m_o_v_e flag is set, the plugin may remove the credentials instead of simply invalidating them. @@ -764,10 +773,11 @@ DDEESSCCRRIIPPTTIIOONN #define SUDO_IO_PLUGIN 2 unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation + int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], int argc, char * const argv[], - char * const user_env[], char * const plugin_options[]); + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*log_ttyin)(const char *buf, unsigned int len); @@ -810,7 +820,7 @@ DDEESSCCRRIIPPTTIIOONN against. open - int (*open)(unsigned int version, sudo_conv_t conversation + int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_options[]); @@ -1025,6 +1035,29 @@ DDEESSCCRRIIPPTTIIOONN Same as for the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I. + SSiiggnnaall hhaannddlleerrss + The ssuuddoo front end installs default signal handlers to trap common + signals while the plugin functions are run. The following signals are + trapped by default before the command is executed: + + oo SIGALRM + oo SIGHUP + oo SIGINT + oo SIGQUIT + oo SIGTERM + oo SIGTSTP + oo SIGUSR1 + oo SIGUSR2 + + If a fatal signal is received before the command is executed, ssuuddoo will + call the plugin's cclloossee() function with an exit status of 128 plus the + value of the signal that was received. This allows for consistent + logging of commands killed by a signal for plugins that log such + information in their cclloossee() function. + + A plugin may temporarily install its own signal handlers but must restore + the original handler before the plugin function returns. + HHooookk ffuunnccttiioonn AAPPII Beginning with plugin API version 1.2, it is possible to install hooks for certain functions called by the ssuuddoo front end. @@ -1215,20 +1248,20 @@ DDEESSCCRRIIPPTTIIOONN Unlike, SUDO_CONV_INFO_MSG and Dv SUDO_CONV_ERROR_MSG , messages sent with the SUDO_CONV_DEBUG_MSG _m_s_g___t_y_p_e are not directly user-visible. Instead, they are logged to the file specified in the Debug statement (if - any) in the _/_e_t_c_/_s_u_d_o_._c_o_n_f - - file. This allows a plugin to log debugging information and is intended - to be used in conjunction with the _d_e_b_u_g___f_l_a_g_s setting. + any) in the sudo.conf(4). file. This allows a plugin to log debugging + information and is intended to be used in conjunction with the + _d_e_b_u_g___f_l_a_g_s setting. See the sample plugin for an example of the ccoonnvveerrssaattiioonn() function usage. SSuuddooeerrss ggrroouupp pplluuggiinn AAPPII - The _s_u_d_o_e_r_s module supports a plugin interface to allow non-Unix group - lookups. This can be used to query a group source other than the - standard Unix group database. A sample group plugin is bundled with ssuuddoo - that implements file-based lookups. Third party group plugins include a - QAS AD plugin available from Quest Software. + The ssuuddooeerrss plugin supports its own plugin interface to allow non-Unix + group lookups. This can be used to query a group source other than the + standard Unix group database. Two sample group plugins are bundled with + ssuuddoo, _g_r_o_u_p___f_i_l_e and _s_y_s_t_e_m___g_r_o_u_p, are detailed in sudoers(4). Third + party group plugins include a QAS AD plugin available from Quest + Software. A group plugin must declare and populate a sudoers_group_plugin struct in the global scope. This structure contains pointers to the functions that @@ -1248,7 +1281,7 @@ DDEESSCCRRIIPPTTIIOONN version The version field should be set to GROUP_API_VERSION. - This allows _s_u_d_o_e_r_s to determine the API version the group plugin + This allows ssuuddooeerrss to determine the API version the group plugin was built against. init @@ -1265,9 +1298,9 @@ DDEESSCCRRIIPPTTIIOONN The function arguments are as follows: version - The version passed in by _s_u_d_o_e_r_s allows the plugin to + The version passed in by ssuuddooeerrss allows the plugin to determine the major and minor version number of the group - plugin API supported by _s_u_d_o_e_r_s. + plugin API supported by ssuuddooeerrss. plugin_printf A pointer to a pprriinnttff()-style function that may be used to @@ -1282,7 +1315,7 @@ DDEESSCCRRIIPPTTIIOONN cleanup void (*cleanup)(); - The cclleeaannuupp() function is called when _s_u_d_o_e_r_s has finished its + The cclleeaannuupp() function is called when ssuuddooeerrss has finished its group checks. The plugin should free any memory it has allocated and close open file handles. @@ -1328,13 +1361,13 @@ PPLLUUGGIINN AAPPII CCHHAANNGGEELLOOGG Version 1.0 Initial API version. - Version 1.1 + Version 1.1 (sudo 1.8.0) The I/O logging plugin's ooppeenn() function was modified to take the command_info list as an argument. - Version 1.2 + Version 1.2 (sudo 1.8.5) The Policy and I/O logging plugins' ooppeenn() functions are now passed - a list of plugin options if any are specified in _/_e_t_c_/_s_u_d_o_._c_o_n_f. + a list of plugin parameters if any are specified in sudo.conf(4). A simple hooks API has been introduced to allow plugins to hook in to the system's environment handling functions. @@ -1344,8 +1377,24 @@ PPLLUUGGIINN AAPPII CCHHAANNGGEELLOOGG used to merge in environment variables stored in the PAM handle before a command is run. + Version 1.3 (sudo 1.8.7) + Support for the _e_x_e_c___b_a_c_k_g_r_o_u_n_d entry has been added to the + command_info list. + + The _m_a_x___g_r_o_u_p_s and _p_l_u_g_i_n___d_i_r entries were added to the settings + list. + + The vveerrssiioonn() and cclloossee() functions are now optional. Previously, + a missing vveerrssiioonn() or cclloossee() function would result in a crash. + If no policy plugin cclloossee() function is defined, a default cclloossee() + function will be provided by the ssuuddoo front end that displays a + warning if the command could not be executed. + + The ssuuddoo front end now installs default signal handlers to trap + common signals while the plugin functions are run. + SSEEEE AALLSSOO - sudoers(4), sudo(1m) + sudo.conf(4), sudoers(4), sudo(1m) BBUUGGSS If you feel you have found a bug in ssuuddoo, please submit a bug report at @@ -1363,4 +1412,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.6 July 16, 2012 Sudo 1.8.6 +Sudo 1.8.7 March 5, 2013 Sudo 1.8.7 diff --git a/doc/sudo_plugin.man.in b/doc/sudo_plugin.man.in index f7b9071..0278db6 100644 --- a/doc/sudo_plugin.man.in +++ b/doc/sudo_plugin.man.in @@ -1,7 +1,7 @@ .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudo_plugin.mdoc.in .\" -.\" Copyright (c) 2009-2012 Todd C. Miller +.\" Copyright (c) 2009-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.TH "SUDO_PLUGIN" "5" "July 16, 2012" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" +.TH "SUDO_PLUGIN" "5" "March 5, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" .nh .if n .ad l .SH "NAME" @@ -28,14 +28,14 @@ Starting with version 1.8, supports a plugin API for policy and session logging. By default, the -\fIsudoers\fR +\fBsudoers\fR policy plugin and an associated I/O logging plugin are used. Via the plugin API, \fBsudo\fR can be configured to use alternate policy and/or I/O logging plugins provided by third parties. -The plugins to be used are specified via the -\fI@sysconfdir@/sudo.conf\fR +The plugins to be used are specified in the +sudo.conf(@mansectform@) file. .PP The API is versioned with a major and minor number. @@ -47,78 +47,6 @@ major version matches. The plugin API is defined by the \fRsudo_plugin.h\fR header file. -.SS "The sudo.conf file" -The -\fI@sysconfdir@/sudo.conf\fR -file contains plugin configuration directives. -The primary keyword is the -\fRPlugin\fR -directive, which causes a plugin to be loaded. -.PP -A -\fRPlugin\fR -line consists of the -\fRPlugin\fR -keyword, followed by the -\fIsymbol_name\fR -and the -\fIpath\fR -to the shared object containing the plugin. -The -\fIsymbol_name\fR -is the name of the -\fRstruct policy_plugin\fR -or -\fRstruct io_plugin\fR -in the plugin shared object. -The -\fIpath\fR -may be fully qualified or relative. -If not fully qualified it is relative to the -\fI@prefix@/libexec\fR -directory. -Any additional parameters after the -\fIpath\fR -are passed as options to the plugin's -\fBopen\fR() -function. -Lines that don't begin with -\fRPlugin\fR, -\fRPath\fR, -\fRDebug\fR -or -\fRSet\fR -are silently ignored. -.PP -The same shared object may contain multiple plugins, each with a -different symbol name. -The shared object file must be owned by uid 0 and only writable by its owner. -Because of ambiguities that arise from composite policies, only a single -policy plugin may be specified. -This limitation does not apply to I/O plugins. -.nf -.sp -.RS 0n -# -# Default @sysconfdir@/sudo.conf file -# -# Format: -# Plugin plugin_name plugin_path plugin_options ... -# Path askpass /path/to/askpass -# Path noexec /path/to/sudo_noexec.so -# Debug sudo /var/log/sudo_debug all@warn -# Set disable_coredump true -# -# The plugin_path is relative to @prefix@/libexec unless -# fully qualified. -# The plugin_name corresponds to a global symbol in the plugin -# that contains the plugin interface structure. -# The plugin_options are optional. -# -Plugin sudoers_policy sudoers.so -Plugin sudoers_io sudoers.so -.RE -.fi .SS "Policy plugin API" A policy plugin must declare and populate a \fRpolicy_plugin\fR @@ -127,7 +55,7 @@ This structure contains pointers to the functions that implement the \fBsudo\fR policy checks. The name of the symbol should be specified in -\fI@sysconfdir@/sudo.conf\fR +sudo.conf(@mansectform@) along with a path to the plugin so that \fBsudo\fR can load it. @@ -252,71 +180,42 @@ itself but the might. .RS .TP 6n +bsdauth_type=string +Authentication type, if specified by the +\fB\-a\fR +flag, to use on +systems where BSD authentication is supported. +.TP 6n +closefrom=number +If specified, the user has requested via the +\fB\-C\fR +flag that +\fBsudo\fR +close all files descriptors with a value of +\fInumber\fR +or higher. +The plugin may optionally pass this, or another value, back in the +\fIcommand_info\fR +list. +.TP 6n debug_flags=string A comma-separated list of debug flags that correspond to \fBsudo\fR's \fRDebug\fR entry in -\fI@sysconfdir@/sudo.conf\fR, +sudo.conf(@mansectform@), if there is one. The flags are passed to the plugin as they appear in -\fI@sysconfdir@/sudo.conf\fR. +sudo.conf(@mansectform@). The syntax used by \fBsudo\fR and the -\fIsudoers\fR +\fBsudoers\fR plugin is \fIsubsystem\fR@\fIpriority\fR but the plugin is free to use a different format so long as it does not include a comma (`,\&'). -.sp -For reference, the priorities supported by the -\fBsudo\fR -front end and -\fIsudoers\fR -are: -\fIcrit\fR, -\fIerr\fR, -\fIwarn\fR, -\fInotice\fR, -\fIdiag\fR, -\fIinfo\fR, -\fItrace\fR -and -\fIdebug\fR. -.sp -The following subsystems are defined: -\fImain\fR, -\fImemory\fR, -\fIargs\fR, -\fIexec\fR, -\fIpty\fR, -\fIutmp\fR, -\fIconv\fR, -\fIpcomm\fR, -\fIutil\fR, -\fIlist\fR, -\fInetif\fR, -\fIaudit\fR, -\fIedit\fR, -\fIselinux\fR, -\fIldap\fR, -\fImatch\fR, -\fIparser\fR, -\fIalias\fR, -\fIdefaults\fR, -\fIauth\fR, -\fIenv\fR, -\fIlogging\fR, -\fInss\fR, -\fIrbtree\fR, -\fIperms\fR, -\fIplugin\fR. -The subsystem -\fIall\fR -includes every subsystem. -.sp There is not currently a way to specify a set of debug flags specific to the plugin--the flags are shared by \fBsudo\fR @@ -326,53 +225,12 @@ debug_level=number This setting has been deprecated in favor of \fIdebug_flags\fR. .TP 6n -runas_user=string -The user name or uid to to run the command as, if specified via the -\fB\-u\fR -flag. -.TP 6n -runas_group=string -The group name or gid to to run the command as, if specified via -the -\fB\-g\fR -flag. -.TP 6n -prompt=string -The prompt to use when requesting a password, if specified via -the -\fB\-p\fR -flag. -.TP 6n -set_home=bool -Set to true if the user specified the -\fB\-H\fR -flag. -If true, set the -\fRHOME\fR -environment variable to the target user's home directory. -.TP 6n -preserve_environment=bool -Set to true if the user specified the -\fB\-E\fR -flag, indicating that -the user wishes to preserve the environment. -.TP 6n -run_shell=bool -Set to true if the user specified the -\fB\-s\fR -flag, indicating that -the user wishes to run a shell. -.TP 6n -login_shell=bool +ignore_ticket=bool Set to true if the user specified the -\fB\-i\fR -flag, indicating that -the user wishes to run a login shell. -.TP 6n -implied_shell=bool -If the user does not specify a program on the command line, -\fBsudo\fR -will pass the plugin the path to the user's shell and set +\fB\-k\fR +flag along with a +command, indicating that the user wishes to ignore any cached +authentication credentials. \fIimplied_shell\fR to true. This allows @@ -388,28 +246,10 @@ function, which will cause to print a usage message and exit. .TP 6n -preserve_groups=bool -Set to true if the user specified the -\fB\-P\fR -flag, indicating that -the user wishes to preserve the group vector instead of setting it -based on the runas user. -.TP 6n -ignore_ticket=bool -Set to true if the user specified the -\fB\-k\fR -flag along with a -command, indicating that the user wishes to ignore any cached -authentication credentials. -.TP 6n -noninteractive=bool -Set to true if the user specified the -\fB\-n\fR -flag, indicating that +implied_shell=bool +If the user does not specify a program on the command line, \fBsudo\fR -should operate in non-interactive mode. -The plugin may reject a command run in non-interactive mode if user -interaction is required. +will pass the plugin the path to the user's shell and set .TP 6n login_class=string BSD login class to use when setting resource limits and nice value, @@ -417,23 +257,16 @@ if specified by the \fB\-c\fR flag. .TP 6n -selinux_role=string -SELinux role to use when executing the command, if specified by -the -\fB\-r\fR -flag. -.TP 6n -selinux_type=string -SELinux type to use when executing the command, if specified by -the -\fB\-t\fR -flag. +login_shell=bool +Set to true if the user specified the +\fB\-i\fR +flag, indicating that +the user wishes to run a login shell. .TP 6n -bsdauth_type=string -Authentication type, if specified by the -\fB\-a\fR -flag, to use on -systems where BSD authentication is supported. +max_groups=int +The maximum number of groups a user may belong to. +This will only be present if there is a corresponding setting in +sudo.conf(@mansectform@). .TP 6n network_addrs=list A space-separated list of IP network addresses and netmasks in the @@ -447,12 +280,85 @@ If the address contains a colon (`:\&'), it is an IPv6 address, else it is IPv4. .TP 6n +noninteractive=bool +Set to true if the user specified the +\fB\-n\fR +flag, indicating that +\fBsudo\fR +should operate in non-interactive mode. +The plugin may reject a command run in non-interactive mode if user +interaction is required. +.TP 6n +plugin_dir=string +The default plugin directory used by the +\fBsudo\fR +front end. +This is the default directory set at compile time and may not +correspond to the directory the running plugin was loaded from. +It may be used by a plugin to locate support files. +.TP 6n +preserve_environment=bool +Set to true if the user specified the +\fB\-E\fR +flag, indicating that +the user wishes to preserve the environment. +.TP 6n +preserve_groups=bool +Set to true if the user specified the +\fB\-P\fR +flag, indicating that +the user wishes to preserve the group vector instead of setting it +based on the runas user. +.TP 6n progname=string The command name that sudo was run as, typically ``sudo'' or ``sudoedit''. .TP 6n +prompt=string +The prompt to use when requesting a password, if specified via +the +\fB\-p\fR +flag. +.TP 6n +run_shell=bool +Set to true if the user specified the +\fB\-s\fR +flag, indicating that +the user wishes to run a shell. +.TP 6n +runas_group=string +The group name or gid to to run the command as, if specified via +the +\fB\-g\fR +flag. +.TP 6n +runas_user=string +The user name or uid to to run the command as, if specified via the +\fB\-u\fR +flag. +.TP 6n +selinux_role=string +SELinux role to use when executing the command, if specified by +the +\fB\-r\fR +flag. +.TP 6n +selinux_type=string +SELinux type to use when executing the command, if specified by +the +\fB\-t\fR +flag. +.TP 6n +set_home=bool +Set to true if the user specified the +\fB\-H\fR +flag. +If true, set the +\fRHOME\fR +environment variable to the target user's home directory. +.TP 6n sudoedit=bool Set to true when the \fB\-e\fR @@ -468,18 +374,6 @@ if the plugin does not support For more information, see the \fIcheck_policy\fR section. -.TP 6n -closefrom=number -If specified, the user has requested via the -\fB\-C\fR -flag that -\fBsudo\fR -close all files descriptors with a value of -\fInumber\fR -or higher. -The plugin may optionally pass this, or another value, back in the -\fIcommand_info\fR -list. .PP Additional settings may be added in the future so the plugin should silently ignore settings that it does not recognize. @@ -510,12 +404,78 @@ might. .RS .PD .TP 6n +cols=int +The number of columns the user's terminal supports. +If there is no terminal device available, a default value of 80 is used. +.TP 6n +cwd=string +The user's current working directory. +.TP 6n +egid=gid_t +The effective group ID of the user invoking +\fBsudo\fR. +.TP 6n +euid=uid_t +The effective user ID of the user invoking +\fBsudo\fR. +.TP 6n +gid=gid_t +The real group ID of the user invoking +\fBsudo\fR. +.TP 6n +groups=list +The user's supplementary group list formatted as a string of +comma-separated group IDs. +.TP 6n +host=string +The local machine's hostname as returned by the +gethostname(2) +system call. +.TP 6n +lines=int +The number of lines the user's terminal supports. +If there is +no terminal device available, a default value of 24 is used. +.TP 6n +pgid=int +The ID of the process group that the running +\fBsudo\fR +process is a member of. +Only available starting with API version 1.2 +.TP 6n pid=int The process ID of the running \fBsudo\fR process. Only available starting with API version 1.2 .TP 6n +plugin_options +Any (non-comment) strings immediately after the plugin path are +passed as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +\fRNULL\fR-terminated +array of strings. +If no arguments were +specified, +\fIplugin_options\fR +will be the +\fRNULL\fR +pointer. +.sp +NOTE: the +\fIplugin_options\fR +parameter is only available starting with +API version 1.2. +A plugin +\fBmust\fR +check the API version specified +by the +\fBsudo\fR +front end before using +\fIplugin_options\fR. +Failure to do so may result in a crash. +.TP 6n ppid=int The parent process ID of the running \fBsudo\fR @@ -527,71 +487,30 @@ The session ID of the running \fBsudo\fR process or 0 if \fBsudo\fR -is -not part of a POSIX job control session. -Only available starting with API version 1.2 -.TP 6n -pgid=int -The ID of the process group that the running -\fBsudo\fR -process belongs -to. +is not part of a POSIX job control session. Only available starting with API version 1.2 .TP 6n tcpgid=int -The ID of the forground process group associated with the terminal -device associcated with the +The ID of the foreground process group associated with the terminal +device associated with the \fBsudo\fR process or \-1 if there is no terminal present. Only available starting with API version 1.2 .TP 6n -user=string -The name of the user invoking -\fBsudo\fR. -.TP 6n -euid=uid_t -The effective user ID of the user invoking -\fBsudo\fR. -.TP 6n -uid=uid_t -The real user ID of the user invoking -\fBsudo\fR. -.TP 6n -egid=gid_t -The effective group ID of the user invoking -\fBsudo\fR. -.TP 6n -gid=gid_t -The real group ID of the user invoking -\fBsudo\fR. -.TP 6n -groups=list -The user's supplementary group list formatted as a string of -comma-separated group IDs. -.TP 6n -cwd=string -The user's current working directory. -.TP 6n tty=string The path to the user's terminal device. If the user has no terminal device associated with the session, the value will be empty, as in ``\fRtty=\fR''. .TP 6n -host=string -The local machine's hostname as returned by the -gethostname(2) -system call. -.TP 6n -lines=int -The number of lines the user's terminal supports. -If there is -no terminal device available, a default value of 24 is used. +uid=uid_t +The real user ID of the user invoking +\fBsudo\fR. .TP 6n -cols=int -The number of columns the user's terminal supports. -If there is no terminal device available, a default value of 80 is used. +user=string +The name of the user invoking +\fBsudo\fR. .PP .RE .PD 0 @@ -615,33 +534,6 @@ itself but the \fIvalue\fR might. .PD -.TP 6n -plugin_options -Any (non-comment) strings immediately after the plugin path are -treated as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -\fRNULL\fR-terminated -array of strings. -If no arguments were -specified, -\fIplugin_options\fR -will be the -\fRNULL\fR -pointer. -.sp -NOTE: the -\fIplugin_options\fR -parameter is only available starting with -API version 1.2. -A plugin -\fBmust\fR -check the API version specified -by the -\fBsudo\fR -front end before using -\fIplugin_options\fR. -Failure to do so may result in a crash. .PP .RE .PD 0 @@ -690,6 +582,20 @@ If the command was successfully executed, the value of \fRerror\fR is 0. .PP +If no +\fBclose\fR() +function is defined, no I/O logging plugins are loaded, +and neither the +\fItimeout\fR +not +\fIuse_pty\fR +options are set in the +\fRcommand_info\fR +list, the +\fBsudo\fR +front end may execute the command directly instead of running +it as a child process. +.PP .RE .PD 0 .TP 6n @@ -862,89 +768,9 @@ The following values are recognized by \fBsudo\fR: .RS .TP 6n -command=string -Fully qualified path to the command to be executed. -.TP 6n -runas_uid=uid -User ID to run the command as. -.TP 6n -runas_euid=uid -Effective user ID to run the command as. -If not specified, the value of -\fIrunas_uid\fR -is used. -.TP 6n -runas_gid=gid -Group ID to run the command as. -.TP 6n -runas_egid=gid -Effective group ID to run the command as. -If not specified, the value of -\fIrunas_gid\fR -is used. -.TP 6n -runas_groups=list -The supplementary group vector to use for the command in the form -of a comma-separated list of group IDs. -If -\fIpreserve_groups\fR -is set, this option is ignored. -.TP 6n -login_class=string -BSD login class to use when setting resource limits and nice value -(optional). -This option is only set on systems that support login classes. -.TP 6n -preserve_groups=bool -If set, -\fBsudo\fR -will preserve the user's group vector instead of -initializing the group vector based on -\fRrunas_user\fR. -.TP 6n -cwd=string -The current working directory to change to when executing the command. -.TP 6n -noexec=bool -If set, prevent the command from executing other programs. -.TP 6n chroot=string The root directory to use when running the command. .TP 6n -nice=int -Nice value (priority) to use when executing the command. -The nice value, if specified, overrides the priority associated with the -\fIlogin_class\fR -on BSD systems. -.TP 6n -umask=octal -The file creation mask to use when executing the command. -.TP 6n -selinux_role=string -SELinux role to use when executing the command. -.TP 6n -selinux_type=string -SELinux type to use when executing the command. -.TP 6n -timeout=int -Command timeout. -If non-zero then when the timeout expires the command will be killed. -.TP 6n -sudoedit=bool -Set to true when in -\fIsudoedit\fR -mode. -The plugin may enable -\fIsudoedit\fR -mode even if -\fBsudo\fR -was not invoked as -\fBsudoedit\fR. -This allows the plugin to perform command substitution and transparently -enable -\fIsudoedit\fR -when the user attempts to run an editor. -.TP 6n closefrom=number If specified, \fBsudo\fR @@ -953,6 +779,73 @@ of \fInumber\fR or higher. .TP 6n +command=string +Fully qualified path to the command to be executed. +.TP 6n +cwd=string +The current working directory to change to when executing the command. +.TP 6n +exec_background=bool +By default, +\fBsudo\fR +runs a command as the foreground process as long as +\fBsudo\fR +itself is running in the foreground. +When +\fIexec_background\fR +is enabled and the command is being run in a pty (due to I/O logging +or the +\fIuse_pty\fR +setting), the command will be run as a background process. +Attempts to read from the controlling terminal (or to change terminal +settings) will result in the command being suspended with the +\fRSIGTTIN\fR +signal (or +\fRSIGTTOU\fR +in the case of terminal settings). +If this happens when +\fBsudo\fR +is a foreground process, the command will be granted the controlling terminal +and resumed in the foreground with no user intervention required. +The advantage of initially running the command in the background is that +\fBsudo\fR +need not read from the terminal unless the command explicitly requests it. +Otherwise, any terminal input must be passed to the command, whether it +has required it or not (the kernel buffers terminals so it is not possible +to tell whether the command really wants the input). +This is different from historic +\fIsudo\fR +behavior or when the command is not being run in a pty. +.sp +For this to work seamlessly, the operating system must support the +automatic restarting of system calls. +Unfortunately, not all operating systems do this by default, +and even those that do may have bugs. +For example, Mac OS X fails to restart the +\fBtcgetattr\fR() +and +\fBtcsetattr\fR() +system calls (this is a bug in Mac OS X). +Furthermore, because this behavior depends on the command stopping with the +\fRSIGTTIN\fR +or +\fRSIGTTOU\fR +signals, programs that catch these signals and suspend themselves +with a different signal (usually +\fRSIGTOP\fR) +will not be automatically foregrounded. +Some versions of the linux +su(1) +command behave this way. +Because of this, a plugin should not set +\fIexec_background\fR +unless it is explicitly enabled by the administrator and there should +be a way to enabled or disable it on a per-command basis. +.sp +This setting has no effect unless I/O logging is enabled or +\fIuse_pty\fR +is enabled. +.TP 6n iolog_compress=bool Set to true if the I/O logging plugins, if any, should compress the log data. @@ -992,6 +885,85 @@ terminal output. This only includes output to the screen, not output to a pipe or file. This is a hint to the I/O logging plugin which may choose to ignore it. .TP 6n +login_class=string +BSD login class to use when setting resource limits and nice value +(optional). +This option is only set on systems that support login classes. +.TP 6n +nice=int +Nice value (priority) to use when executing the command. +The nice value, if specified, overrides the priority associated with the +\fIlogin_class\fR +on BSD systems. +.TP 6n +noexec=bool +If set, prevent the command from executing other programs. +.TP 6n +preserve_groups=bool +If set, +\fBsudo\fR +will preserve the user's group vector instead of +initializing the group vector based on +\fRrunas_user\fR. +.TP 6n +runas_egid=gid +Effective group ID to run the command as. +If not specified, the value of +\fIrunas_gid\fR +is used. +.TP 6n +runas_euid=uid +Effective user ID to run the command as. +If not specified, the value of +\fIrunas_uid\fR +is used. +.TP 6n +runas_gid=gid +Group ID to run the command as. +.TP 6n +runas_groups=list +The supplementary group vector to use for the command in the form +of a comma-separated list of group IDs. +If +\fIpreserve_groups\fR +is set, this option is ignored. +.TP 6n +runas_uid=uid +User ID to run the command as. +.TP 6n +selinux_role=string +SELinux role to use when executing the command. +.TP 6n +selinux_type=string +SELinux type to use when executing the command. +.TP 6n +set_utmp=bool +Create a utmp (or utmpx) entry when a pseudo-tty is allocated. +By default, the new entry will be a copy of the user's existing utmp +entry (if any), with the tty, time, type and pid fields updated. +.TP 6n +sudoedit=bool +Set to true when in +\fIsudoedit\fR +mode. +The plugin may enable +\fIsudoedit\fR +mode even if +\fBsudo\fR +was not invoked as +\fBsudoedit\fR. +This allows the plugin to perform command substitution and transparently +enable +\fIsudoedit\fR +when the user attempts to run an editor. +.TP 6n +timeout=int +Command timeout. +If non-zero then when the timeout expires the command will be killed. +.TP 6n +umask=octal +The file creation mask to use when executing the command. +.TP 6n use_pty=bool Allocate a pseudo-tty to run the command in, regardless of whether or not I/O logging is in use. @@ -1000,11 +972,6 @@ By default, will only run the command in a pty when an I/O log plugin is loaded. .TP 6n -set_utmp=bool -Create a utmp (or utmpx) entry when a pseudo-tty is allocated. -By default, the new entry will be a copy of the user's existing utmp -entry (if any), with the tty, time, type and pid fields updated. -.TP 6n utmp_user=string User name to use when constructing a new utmp (or utmpx) entry when \fIset_utmp\fR @@ -1114,7 +1081,7 @@ is run with the \fB\-v\fR flag. For policy plugins such as -\fIsudoers\fR +\fBsudoers\fR that cache authentication credentials, this function will validate and cache the credentials. @@ -1158,7 +1125,7 @@ or \fB\-K\fR flag. For policy plugins such as -\fIsudoers\fR +\fBsudoers\fR that cache authentication credentials, this function will invalidate the credentials. @@ -1395,10 +1362,11 @@ struct io_plugin { #define SUDO_IO_PLUGIN 2 unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation + int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], int argc, char * const argv[], - char * const user_env[], char * const plugin_options[]); + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*log_ttyin)(const char *buf, unsigned int len); @@ -1467,7 +1435,7 @@ open .RS .nf .RS 0n -int (*open)(unsigned int version, sudo_conv_t conversation +int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_options[]); @@ -1906,6 +1874,53 @@ section for a description of .PP Same as for the \fIPolicy plugin API\fR. +.SS "Signal handlers" +The +\fBsudo\fR +front end installs default signal handlers to trap common signals +while the plugin functions are run. +The following signals are trapped by default before the command is +executed: +.TP 4n +\fBo\fR +\fRSIGALRM\fR +.PD 0 +.TP 4n +\fBo\fR +\fRSIGHUP\fR +.TP 4n +\fBo\fR +\fRSIGINT\fR +.TP 4n +\fBo\fR +\fRSIGQUIT\fR +.TP 4n +\fBo\fR +\fRSIGTERM\fR +.TP 4n +\fBo\fR +\fRSIGTSTP\fR +.TP 4n +\fBo\fR +\fRSIGUSR1\fR +.TP 4n +\fBo\fR +\fRSIGUSR2\fR +.PD +.PP +If a fatal signal is received before the command is executed, +\fBsudo\fR +will call the plugin's +\fBclose\fR() +function with an exit status of 128 plus the value of the signal +that was received. +This allows for consistent logging of commands killed by a signal +for plugins that log such information in their +\fBclose\fR() +function. +.PP +A plugin may temporarily install its own signal handlers but must +restore the original handler before the plugin function returns. .SS "Hook function API" Beginning with plugin API version 1.2, it is possible to install hooks for certain functions called by the @@ -2247,8 +2262,7 @@ user-visible. Instead, they are logged to the file specified in the \fRDebug\fR statement (if any) in the -\fI@sysconfdir@/sudo.conf\fR -.PP +sudo.conf(@mansectform@). file. This allows a plugin to log debugging information and is intended to be used in conjunction with the @@ -2260,14 +2274,18 @@ See the sample plugin for an example of the function usage. .SS "Sudoers group plugin API" The -\fIsudoers\fR -module supports a plugin interface to allow non-Unix +\fBsudoers\fR +plugin supports its own plugin interface to allow non-Unix group lookups. This can be used to query a group source other than the standard Unix group database. -A sample group plugin is bundled with -\fBsudo\fR -that implements file-based lookups. +Two sample group plugins are bundled with +\fBsudo\fR, +\fIgroup_file\fR +and +\fIsystem_group\fR, +are detailed in +sudoers(@mansectform@). Third party group plugins include a QAS AD plugin available from Quest Software. .PP A group plugin must declare and populate a @@ -2299,7 +2317,7 @@ The field should be set to GROUP_API_VERSION. .sp This allows -\fIsudoers\fR +\fBsudoers\fR to determine the API version the group plugin was built against. .TP 6n @@ -2331,10 +2349,10 @@ The function arguments are as follows: .TP 6n version The version passed in by -\fIsudoers\fR +\fBsudoers\fR allows the plugin to determine the major and minor version number of the group plugin API supported by -\fIsudoers\fR. +\fBsudoers\fR. .TP 6n plugin_printf A pointer to a @@ -2368,7 +2386,7 @@ void (*cleanup)(); The \fBcleanup\fR() function is called when -\fIsudoers\fR +\fBsudoers\fR has finished its group checks. The plugin should free any memory it has allocated and close open file handles. @@ -2444,19 +2462,19 @@ The following revisions have been made to the Sudo Plugin API. Version 1.0 Initial API version. .TP 6n -Version 1.1 +Version 1.1 (sudo 1.8.0) The I/O logging plugin's \fBopen\fR() function was modified to take the \fRcommand_info\fR list as an argument. .TP 6n -Version 1.2 +Version 1.2 (sudo 1.8.5) The Policy and I/O logging plugins' \fBopen\fR() functions are now passed -a list of plugin options if any are specified in -\fI@sysconfdir@/sudo.conf\fR. +a list of plugin parameters if any are specified in +sudo.conf(@mansectform@). .sp A simple hooks API has been introduced to allow plugins to hook in to the system's environment handling functions. @@ -2467,7 +2485,47 @@ Policy plugin function is now passed a pointer to the user environment which can be updated as needed. This can be used to merge in environment variables stored in the PAM handle before a command is run. +.TP 6n +Version 1.3 (sudo 1.8.7) +Support for the +\fIexec_background\fR +entry has been added to the +\fRcommand_info\fR +list. +.sp +The +\fImax_groups\fR +and +\fIplugin_dir\fR +entries were added to the +\fRsettings\fR +list. +.sp +The +\fBversion\fR() +and +\fBclose\fR() +functions are now optional. +Previously, a missing +\fBversion\fR() +or +\fBclose\fR() +function would result in a crash. +If no policy plugin +\fBclose\fR() +function is defined, a default +\fBclose\fR() +function will be provided by the +\fBsudo\fR +front end that displays a warning if the command could not be +executed. +.sp +The +\fBsudo\fR +front end now installs default signal handlers to trap common signals +while the plugin functions are run. .SH "SEE ALSO" +sudo.conf(@mansectform@), sudoers(@mansectform@), sudo(@mansectsu@) .SH "BUGS" diff --git a/doc/sudo_plugin.mdoc.in b/doc/sudo_plugin.mdoc.in index b39cfc1..53b54b6 100644 --- a/doc/sudo_plugin.mdoc.in +++ b/doc/sudo_plugin.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 2009-2012 Todd C. Miller +.\" Copyright (c) 2009-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd July 16, 2012 +.Dd March 5, 2013 .Dt SUDO_PLUGIN @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -26,14 +26,14 @@ Starting with version 1.8, supports a plugin API for policy and session logging. By default, the -.Em sudoers +.Nm sudoers policy plugin and an associated I/O logging plugin are used. Via the plugin API, .Nm sudo can be configured to use alternate policy and/or I/O logging plugins provided by third parties. -The plugins to be used are specified via the -.Pa @sysconfdir@/sudo.conf +The plugins to be used are specified in the +.Xr sudo.conf @mansectform@ file. .Pp The API is versioned with a major and minor number. @@ -45,75 +45,6 @@ major version matches. The plugin API is defined by the .Li sudo_plugin.h header file. -.Ss The sudo.conf file -The -.Pa @sysconfdir@/sudo.conf -file contains plugin configuration directives. -The primary keyword is the -.Li Plugin -directive, which causes a plugin to be loaded. -.Pp -A -.Li Plugin -line consists of the -.Li Plugin -keyword, followed by the -.Em symbol_name -and the -.Em path -to the shared object containing the plugin. -The -.Em symbol_name -is the name of the -.Li struct policy_plugin -or -.Li struct io_plugin -in the plugin shared object. -The -.Em path -may be fully qualified or relative. -If not fully qualified it is relative to the -.Pa @prefix@/libexec -directory. -Any additional parameters after the -.Em path -are passed as options to the plugin's -.Fn open -function. -Lines that don't begin with -.Li Plugin , -.Li Path , -.Li Debug -or -.Li Set -are silently ignored. -.Pp -The same shared object may contain multiple plugins, each with a -different symbol name. -The shared object file must be owned by uid 0 and only writable by its owner. -Because of ambiguities that arise from composite policies, only a single -policy plugin may be specified. -This limitation does not apply to I/O plugins. -.Bd -literal -# -# Default @sysconfdir@/sudo.conf file -# -# Format: -# Plugin plugin_name plugin_path plugin_options ... -# Path askpass /path/to/askpass -# Path noexec /path/to/sudo_noexec.so -# Debug sudo /var/log/sudo_debug all@warn -# Set disable_coredump true -# -# The plugin_path is relative to @prefix@/libexec unless -# fully qualified. -# The plugin_name corresponds to a global symbol in the plugin -# that contains the plugin interface structure. -# The plugin_options are optional. -# -Plugin sudoers_policy sudoers.so -Plugin sudoers_io sudoers.so -.Ed .Ss Policy plugin API A policy plugin must declare and populate a .Li policy_plugin @@ -122,7 +53,7 @@ This structure contains pointers to the functions that implement the .Nm sudo policy checks. The name of the symbol should be specified in -.Pa @sysconfdir@/sudo.conf +.Xr sudo.conf @mansectform@ along with a path to the plugin so that .Nm sudo can load it. @@ -235,71 +166,40 @@ itself but the .Em value might. .Bl -tag -width 4n +.It bsdauth_type=string +Authentication type, if specified by the +.Fl a +flag, to use on +systems where BSD authentication is supported. +.It closefrom=number +If specified, the user has requested via the +.Fl C +flag that +.Nm sudo +close all files descriptors with a value of +.Em number +or higher. +The plugin may optionally pass this, or another value, back in the +.Em command_info +list. .It debug_flags=string A comma-separated list of debug flags that correspond to .Nm sudo Ns No 's .Li Debug entry in -.Pa @sysconfdir@/sudo.conf , +.Xr sudo.conf @mansectform@ , if there is one. The flags are passed to the plugin as they appear in -.Pa @sysconfdir@/sudo.conf . +.Xr sudo.conf @mansectform@ . The syntax used by .Nm sudo and the -.Em sudoers +.Nm sudoers plugin is .Em subsystem Ns No @ Ns Em priority but the plugin is free to use a different format so long as it does not include a comma .Pq Ql ,\& . -.Pp -For reference, the priorities supported by the -.Nm sudo -front end and -.Em sudoers -are: -.Em crit , -.Em err , -.Em warn , -.Em notice , -.Em diag , -.Em info , -.Em trace -and -.Em debug . -.Pp -The following subsystems are defined: -.Em main , -.Em memory , -.Em args , -.Em exec , -.Em pty , -.Em utmp , -.Em conv , -.Em pcomm , -.Em util , -.Em list , -.Em netif , -.Em audit , -.Em edit , -.Em selinux , -.Em ldap , -.Em match , -.Em parser , -.Em alias , -.Em defaults , -.Em auth , -.Em env , -.Em logging , -.Em nss , -.Em rbtree , -.Em perms , -.Em plugin . -The subsystem -.Em all -includes every subsystem. -.Pp There is not currently a way to specify a set of debug flags specific to the plugin--the flags are shared by .Nm sudo @@ -307,46 +207,12 @@ and the plugin. .It debug_level=number This setting has been deprecated in favor of .Em debug_flags . -.It runas_user=string -The user name or uid to to run the command as, if specified via the -.Fl u -flag. -.It runas_group=string -The group name or gid to to run the command as, if specified via -the -.Fl g -flag. -.It prompt=string -The prompt to use when requesting a password, if specified via -the -.Fl p -flag. -.It set_home=bool -Set to true if the user specified the -.Fl H -flag. -If true, set the -.Li HOME -environment variable to the target user's home directory. -.It preserve_environment=bool -Set to true if the user specified the -.Fl E -flag, indicating that -the user wishes to preserve the environment. -.It run_shell=bool -Set to true if the user specified the -.Fl s -flag, indicating that -the user wishes to run a shell. -.It login_shell=bool +.It ignore_ticket=bool Set to true if the user specified the -.Fl i -flag, indicating that -the user wishes to run a login shell. -.It implied_shell=bool -If the user does not specify a program on the command line, -.Nm sudo -will pass the plugin the path to the user's shell and set +.Fl k +flag along with a +command, indicating that the user wishes to ignore any cached +authentication credentials. .Em implied_shell to true. This allows @@ -361,46 +227,24 @@ function, which will cause .Nm sudo to print a usage message and exit. -.It preserve_groups=bool -Set to true if the user specified the -.Fl P -flag, indicating that -the user wishes to preserve the group vector instead of setting it -based on the runas user. -.It ignore_ticket=bool -Set to true if the user specified the -.Fl k -flag along with a -command, indicating that the user wishes to ignore any cached -authentication credentials. -.It noninteractive=bool -Set to true if the user specified the -.Fl n -flag, indicating that +.It implied_shell=bool +If the user does not specify a program on the command line, .Nm sudo -should operate in non-interactive mode. -The plugin may reject a command run in non-interactive mode if user -interaction is required. +will pass the plugin the path to the user's shell and set .It login_class=string BSD login class to use when setting resource limits and nice value, if specified by the .Fl c flag. -.It selinux_role=string -SELinux role to use when executing the command, if specified by -the -.Fl r -flag. -.It selinux_type=string -SELinux type to use when executing the command, if specified by -the -.Fl t -flag. -.It bsdauth_type=string -Authentication type, if specified by the -.Fl a -flag, to use on -systems where BSD authentication is supported. +.It login_shell=bool +Set to true if the user specified the +.Fl i +flag, indicating that +the user wishes to run a login shell. +.It max_groups=int +The maximum number of groups a user may belong to. +This will only be present if there is a corresponding setting in +.Xr sudo.conf @mansectform@ . .It network_addrs=list A space-separated list of IP network addresses and netmasks in the form @@ -412,11 +256,73 @@ what the operating system supports. If the address contains a colon .Pq Ql :\& , it is an IPv6 address, else it is IPv4. +.It noninteractive=bool +Set to true if the user specified the +.Fl n +flag, indicating that +.Nm sudo +should operate in non-interactive mode. +The plugin may reject a command run in non-interactive mode if user +interaction is required. +.It plugin_dir=string +The default plugin directory used by the +.Nm sudo +front end. +This is the default directory set at compile time and may not +correspond to the directory the running plugin was loaded from. +It may be used by a plugin to locate support files. +.It preserve_environment=bool +Set to true if the user specified the +.Fl E +flag, indicating that +the user wishes to preserve the environment. +.It preserve_groups=bool +Set to true if the user specified the +.Fl P +flag, indicating that +the user wishes to preserve the group vector instead of setting it +based on the runas user. .It progname=string The command name that sudo was run as, typically .Dq sudo or .Dq sudoedit . +.It prompt=string +The prompt to use when requesting a password, if specified via +the +.Fl p +flag. +.It run_shell=bool +Set to true if the user specified the +.Fl s +flag, indicating that +the user wishes to run a shell. +.It runas_group=string +The group name or gid to to run the command as, if specified via +the +.Fl g +flag. +.It runas_user=string +The user name or uid to to run the command as, if specified via the +.Fl u +flag. +.It selinux_role=string +SELinux role to use when executing the command, if specified by +the +.Fl r +flag. +.It selinux_type=string +SELinux type to use when executing the command, if specified by +the +.Fl t +flag. +.It set_home=bool +Set to true if the user specified the +.Fl H +flag. +If true, set the +.Li HOME +environment variable to the target user's home directory. .It sudoedit=bool Set to true when the .Fl e @@ -432,17 +338,6 @@ if the plugin does not support For more information, see the .Em check_policy section. -.It closefrom=number -If specified, the user has requested via the -.Fl C -flag that -.Nm sudo -close all files descriptors with a value of -.Em number -or higher. -The plugin may optionally pass this, or another value, back in the -.Em command_info -list. .El .Pp Additional settings may be added in the future so the plugin should @@ -468,11 +363,67 @@ itself but the .Em value might. .Bl -tag -width 4n +.It cols=int +The number of columns the user's terminal supports. +If there is no terminal device available, a default value of 80 is used. +.It cwd=string +The user's current working directory. +.It egid=gid_t +The effective group ID of the user invoking +.Nm sudo . +.It euid=uid_t +The effective user ID of the user invoking +.Nm sudo . +.It gid=gid_t +The real group ID of the user invoking +.Nm sudo . +.It groups=list +The user's supplementary group list formatted as a string of +comma-separated group IDs. +.It host=string +The local machine's hostname as returned by the +.Xr gethostname 2 +system call. +.It lines=int +The number of lines the user's terminal supports. +If there is +no terminal device available, a default value of 24 is used. +.It pgid=int +The ID of the process group that the running +.Nm sudo +process is a member of. +Only available starting with API version 1.2 .It pid=int The process ID of the running .Nm sudo process. Only available starting with API version 1.2 +.It plugin_options +Any (non-comment) strings immediately after the plugin path are +passed as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +.Dv NULL Ns No -terminated +array of strings. +If no arguments were +specified, +.Em plugin_options +will be the +.Dv NULL +pointer. +.Pp +NOTE: the +.Em plugin_options +parameter is only available starting with +API version 1.2. +A plugin +.Sy must +check the API version specified +by the +.Nm sudo +front end before using +.Em plugin_options . +Failure to do so may result in a crash. .It ppid=int The parent process ID of the running .Nm sudo @@ -483,58 +434,26 @@ The session ID of the running .Nm sudo process or 0 if .Nm sudo -is -not part of a POSIX job control session. -Only available starting with API version 1.2 -.It pgid=int -The ID of the process group that the running -.Nm sudo -process belongs -to. +is not part of a POSIX job control session. Only available starting with API version 1.2 .It tcpgid=int -The ID of the forground process group associated with the terminal -device associcated with the +The ID of the foreground process group associated with the terminal +device associated with the .Nm sudo process or \-1 if there is no terminal present. Only available starting with API version 1.2 -.It user=string -The name of the user invoking -.Nm sudo . -.It euid=uid_t -The effective user ID of the user invoking -.Nm sudo . -.It uid=uid_t -The real user ID of the user invoking -.Nm sudo . -.It egid=gid_t -The effective group ID of the user invoking -.Nm sudo . -.It gid=gid_t -The real group ID of the user invoking -.Nm sudo . -.It groups=list -The user's supplementary group list formatted as a string of -comma-separated group IDs. -.It cwd=string -The user's current working directory. .It tty=string The path to the user's terminal device. If the user has no terminal device associated with the session, the value will be empty, as in .Dq Li tty= . -.It host=string -The local machine's hostname as returned by the -.Xr gethostname 2 -system call. -.It lines=int -The number of lines the user's terminal supports. -If there is -no terminal device available, a default value of 24 is used. -.It cols=int -The number of columns the user's terminal supports. -If there is no terminal device available, a default value of 80 is used. +.It uid=uid_t +The real user ID of the user invoking +.Nm sudo . +.It user=string +The name of the user invoking +.Nm sudo . .El .It user_env The user's environment in the form of a @@ -554,32 +473,6 @@ field will never include one itself but the .Em value might. -.It plugin_options -Any (non-comment) strings immediately after the plugin path are -treated as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -.Dv NULL Ns No -terminated -array of strings. -If no arguments were -specified, -.Em plugin_options -will be the -.Dv NULL -pointer. -.Pp -NOTE: the -.Em plugin_options -parameter is only available starting with -API version 1.2. -A plugin -.Sy must -check the API version specified -by the -.Nm sudo -front end before using -.Em plugin_options . -Failure to do so may result in a crash. .El .It close .Bd -literal -compact @@ -618,6 +511,20 @@ If the command was successfully executed, the value of .Li error is 0. .El +.Pp +If no +.Fn close +function is defined, no I/O logging plugins are loaded, +and neither the +.Em timeout +not +.Em use_pty +options are set in the +.Li command_info +list, the +.Nm sudo +front end may execute the command directly instead of running +it as a child process. .It show_version .Bd -literal -compact int (*show_version)(int verbose); @@ -771,72 +678,8 @@ pointer. The following values are recognized by .Nm sudo : .Bl -tag -width 4n -.It command=string -Fully qualified path to the command to be executed. -.It runas_uid=uid -User ID to run the command as. -.It runas_euid=uid -Effective user ID to run the command as. -If not specified, the value of -.Em runas_uid -is used. -.It runas_gid=gid -Group ID to run the command as. -.It runas_egid=gid -Effective group ID to run the command as. -If not specified, the value of -.Em runas_gid -is used. -.It runas_groups=list -The supplementary group vector to use for the command in the form -of a comma-separated list of group IDs. -If -.Em preserve_groups -is set, this option is ignored. -.It login_class=string -BSD login class to use when setting resource limits and nice value -(optional). -This option is only set on systems that support login classes. -.It preserve_groups=bool -If set, -.Nm sudo -will preserve the user's group vector instead of -initializing the group vector based on -.Li runas_user . -.It cwd=string -The current working directory to change to when executing the command. -.It noexec=bool -If set, prevent the command from executing other programs. .It chroot=string The root directory to use when running the command. -.It nice=int -Nice value (priority) to use when executing the command. -The nice value, if specified, overrides the priority associated with the -.Em login_class -on BSD systems. -.It umask=octal -The file creation mask to use when executing the command. -.It selinux_role=string -SELinux role to use when executing the command. -.It selinux_type=string -SELinux type to use when executing the command. -.It timeout=int -Command timeout. -If non-zero then when the timeout expires the command will be killed. -.It sudoedit=bool -Set to true when in -.Em sudoedit -mode. -The plugin may enable -.Em sudoedit -mode even if -.Nm sudo -was not invoked as -.Nm sudoedit . -This allows the plugin to perform command substitution and transparently -enable -.Em sudoedit -when the user attempts to run an editor. .It closefrom=number If specified, .Nm sudo @@ -844,6 +687,70 @@ will close all files descriptors with a value of .Em number or higher. +.It command=string +Fully qualified path to the command to be executed. +.It cwd=string +The current working directory to change to when executing the command. +.It exec_background=bool +By default, +.Nm sudo +runs a command as the foreground process as long as +.Nm sudo +itself is running in the foreground. +When +.Em exec_background +is enabled and the command is being run in a pty (due to I/O logging +or the +.Em use_pty +setting), the command will be run as a background process. +Attempts to read from the controlling terminal (or to change terminal +settings) will result in the command being suspended with the +.Dv SIGTTIN +signal (or +.Dv SIGTTOU +in the case of terminal settings). +If this happens when +.Nm sudo +is a foreground process, the command will be granted the controlling terminal +and resumed in the foreground with no user intervention required. +The advantage of initially running the command in the background is that +.Nm sudo +need not read from the terminal unless the command explicitly requests it. +Otherwise, any terminal input must be passed to the command, whether it +has required it or not (the kernel buffers terminals so it is not possible +to tell whether the command really wants the input). +This is different from historic +.Em sudo +behavior or when the command is not being run in a pty. +.Pp +For this to work seamlessly, the operating system must support the +automatic restarting of system calls. +Unfortunately, not all operating systems do this by default, +and even those that do may have bugs. +For example, Mac OS X fails to restart the +.Fn tcgetattr +and +.Fn tcsetattr +system calls (this is a bug in Mac OS X). +Furthermore, because this behavior depends on the command stopping with the +.Dv SIGTTIN +or +.Dv SIGTTOU +signals, programs that catch these signals and suspend themselves +with a different signal (usually +.Dv SIGTOP ) +will not be automatically foregrounded. +Some versions of the linux +.Xr su 1 +command behave this way. +Because of this, a plugin should not set +.Em exec_background +unless it is explicitly enabled by the administrator and there should +be a way to enabled or disable it on a per-command basis. +.Pp +This setting has no effect unless I/O logging is enabled or +.Em use_pty +is enabled. .It iolog_compress=bool Set to true if the I/O logging plugins, if any, should compress the log data. @@ -876,6 +783,70 @@ Set to true if the I/O logging plugins, if any, should log all terminal output. This only includes output to the screen, not output to a pipe or file. This is a hint to the I/O logging plugin which may choose to ignore it. +.It login_class=string +BSD login class to use when setting resource limits and nice value +(optional). +This option is only set on systems that support login classes. +.It nice=int +Nice value (priority) to use when executing the command. +The nice value, if specified, overrides the priority associated with the +.Em login_class +on BSD systems. +.It noexec=bool +If set, prevent the command from executing other programs. +.It preserve_groups=bool +If set, +.Nm sudo +will preserve the user's group vector instead of +initializing the group vector based on +.Li runas_user . +.It runas_egid=gid +Effective group ID to run the command as. +If not specified, the value of +.Em runas_gid +is used. +.It runas_euid=uid +Effective user ID to run the command as. +If not specified, the value of +.Em runas_uid +is used. +.It runas_gid=gid +Group ID to run the command as. +.It runas_groups=list +The supplementary group vector to use for the command in the form +of a comma-separated list of group IDs. +If +.Em preserve_groups +is set, this option is ignored. +.It runas_uid=uid +User ID to run the command as. +.It selinux_role=string +SELinux role to use when executing the command. +.It selinux_type=string +SELinux type to use when executing the command. +.It set_utmp=bool +Create a utmp (or utmpx) entry when a pseudo-tty is allocated. +By default, the new entry will be a copy of the user's existing utmp +entry (if any), with the tty, time, type and pid fields updated. +.It sudoedit=bool +Set to true when in +.Em sudoedit +mode. +The plugin may enable +.Em sudoedit +mode even if +.Nm sudo +was not invoked as +.Nm sudoedit . +This allows the plugin to perform command substitution and transparently +enable +.Em sudoedit +when the user attempts to run an editor. +.It timeout=int +Command timeout. +If non-zero then when the timeout expires the command will be killed. +.It umask=octal +The file creation mask to use when executing the command. .It use_pty=bool Allocate a pseudo-tty to run the command in, regardless of whether or not I/O logging is in use. @@ -883,10 +854,6 @@ By default, .Nm sudo will only run the command in a pty when an I/O log plugin is loaded. -.It set_utmp=bool -Create a utmp (or utmpx) entry when a pseudo-tty is allocated. -By default, the new entry will be a copy of the user's existing utmp -entry (if any), with the tty, time, type and pid fields updated. .It utmp_user=string User name to use when constructing a new utmp (or utmpx) entry when .Em set_utmp @@ -975,7 +942,7 @@ is run with the .Fl v flag. For policy plugins such as -.Em sudoers +.Nm sudoers that cache authentication credentials, this function will validate and cache the credentials. @@ -1011,7 +978,7 @@ or .Fl K flag. For policy plugins such as -.Em sudoers +.Nm sudoers that cache authentication credentials, this function will invalidate the credentials. @@ -1219,10 +1186,11 @@ struct io_plugin { #define SUDO_IO_PLUGIN 2 unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation + int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], int argc, char * const argv[], - char * const user_env[], char * const plugin_options[]); + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[]); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*log_ttyin)(const char *buf, unsigned int len); @@ -1286,7 +1254,7 @@ to determine the API version the plugin was built against. .It open .Bd -literal -compact -int (*open)(unsigned int version, sudo_conv_t conversation +int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], int argc, char * const argv[], char * const user_env[], char * const plugin_options[]); @@ -1654,6 +1622,46 @@ section for a description of .Pp Same as for the .Sx Policy plugin API . +.Ss Signal handlers +The +.Nm sudo +front end installs default signal handlers to trap common signals +while the plugin functions are run. +The following signals are trapped by default before the command is +executed: +.Pp +.Bl -bullet -compact +.It +.Dv SIGALRM +.It +.Dv SIGHUP +.It +.Dv SIGINT +.It +.Dv SIGQUIT +.It +.Dv SIGTERM +.It +.Dv SIGTSTP +.It +.Dv SIGUSR1 +.It +.Dv SIGUSR2 +.El +.Pp +If a fatal signal is received before the command is executed, +.Nm sudo +will call the plugin's +.Fn close +function with an exit status of 128 plus the value of the signal +that was received. +This allows for consistent logging of commands killed by a signal +for plugins that log such information in their +.Fn close +function. +.Pp +A plugin may temporarily install its own signal handlers but must +restore the original handler before the plugin function returns. .Ss Hook function API Beginning with plugin API version 1.2, it is possible to install hooks for certain functions called by the @@ -1943,8 +1951,7 @@ user-visible. Instead, they are logged to the file specified in the .Li Debug statement (if any) in the -.Pa @sysconfdir@/sudo.conf -.Pp +.Xr sudo.conf @mansectform@ . file. This allows a plugin to log debugging information and is intended to be used in conjunction with the @@ -1956,14 +1963,18 @@ See the sample plugin for an example of the function usage. .Ss Sudoers group plugin API The -.Em sudoers -module supports a plugin interface to allow non-Unix +.Nm sudoers +plugin supports its own plugin interface to allow non-Unix group lookups. This can be used to query a group source other than the standard Unix group database. -A sample group plugin is bundled with -.Nm sudo -that implements file-based lookups. +Two sample group plugins are bundled with +.Nm sudo , +.Em group_file +and +.Em system_group , +are detailed in +.Xr sudoers @mansectform@ . Third party group plugins include a QAS AD plugin available from Quest Software. .Pp A group plugin must declare and populate a @@ -1992,7 +2003,7 @@ The field should be set to GROUP_API_VERSION. .Pp This allows -.Em sudoers +.Nm sudoers to determine the API version the group plugin was built against. .It init @@ -2020,10 +2031,10 @@ The function arguments are as follows: .Bl -tag -width 4n .It version The version passed in by -.Em sudoers +.Nm sudoers allows the plugin to determine the major and minor version number of the group plugin API supported by -.Em sudoers . +.Nm sudoers . .It plugin_printf A pointer to a .Fn printf Ns No -style @@ -2049,7 +2060,7 @@ void (*cleanup)(); The .Fn cleanup function is called when -.Em sudoers +.Nm sudoers has finished its group checks. The plugin should free any memory it has allocated and close open file handles. @@ -2109,18 +2120,18 @@ The following revisions have been made to the Sudo Plugin API. .Bl -tag -width 4n .It Version 1.0 Initial API version. -.It Version 1.1 +.It Version 1.1 (sudo 1.8.0) The I/O logging plugin's .Fn open function was modified to take the .Li command_info list as an argument. -.It Version 1.2 +.It Version 1.2 (sudo 1.8.5) The Policy and I/O logging plugins' .Fn open functions are now passed -a list of plugin options if any are specified in -.Pa @sysconfdir@/sudo.conf . +a list of plugin parameters if any are specified in +.Xr sudo.conf @mansectform@ . .Pp A simple hooks API has been introduced to allow plugins to hook in to the system's environment handling functions. @@ -2131,8 +2142,47 @@ Policy plugin function is now passed a pointer to the user environment which can be updated as needed. This can be used to merge in environment variables stored in the PAM handle before a command is run. +.It Version 1.3 (sudo 1.8.7) +Support for the +.Em exec_background +entry has been added to the +.Li command_info +list. +.Pp +The +.Em max_groups +and +.Em plugin_dir +entries were added to the +.Li settings +list. +.Pp +The +.Fn version +and +.Fn close +functions are now optional. +Previously, a missing +.Fn version +or +.Fn close +function would result in a crash. +If no policy plugin +.Fn close +function is defined, a default +.Fn close +function will be provided by the +.Nm sudo +front end that displays a warning if the command could not be +executed. +.Pp +The +.Nm sudo +front end now installs default signal handlers to trap common signals +while the plugin functions are run. .El .Sh SEE ALSO +.Xr sudo.conf @mansectform@ , .Xr sudoers @mansectform@ , .Xr sudo @mansectsu@ .Sh BUGS diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 12be154..02f31e7 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -1,15 +1,65 @@ SUDOERS(4) Programmer's Manual SUDOERS(4) NNAAMMEE - ssuuddooeerrss - default sudo security policy module + ssuuddooeerrss - default sudo security policy plugin DDEESSCCRRIIPPTTIIOONN - The _s_u_d_o_e_r_s policy module determines a user's ssuuddoo privileges. It is the + The _s_u_d_o_e_r_s policy plugin determines a user's ssuuddoo privileges. It is the default ssuuddoo policy plugin. The policy is driven by the _/_e_t_c_/_s_u_d_o_e_r_s file or, optionally in LDAP. The policy format is described in detail in the _S_U_D_O_E_R_S _F_I_L_E _F_O_R_M_A_T section. For information on storing _s_u_d_o_e_r_s policy information in LDAP, please see sudoers.ldap(4). + CCoonnffiigguurriinngg ssuuddoo..ccoonnff ffoorr ssuuddooeerrss + ssuuddoo consults the sudo.conf(4) file to determine which policy and and I/O + logging plugins to load. If no sudo.conf(4) file is present, or if it + contains no Plugin lines, ssuuddooeerrss will be used for policy decisions and + I/O logging. To explicitly configure sudo.conf(4) to use the ssuuddooeerrss + plugin, the following configuration can be used. + + Plugin sudoers_policy sudoers.so + Plugin sudoers_io sudoers.so + + Starting with ssuuddoo 1.8.5, it is possible to specify optional arguments to + the ssuuddooeerrss plugin in the sudo.conf(4) file. These arguments, if + present, should be listed after the path to the plugin (i.e. after + _s_u_d_o_e_r_s_._s_o). Multiple arguments may be specified, separated by white + space. For example: + + Plugin sudoers_policy sudoers.so sudoers_mode=0400 + + The following plugin arguments are supported: + + ldap_conf=pathname + The _l_d_a_p___c_o_n_f argument can be used to override the default path + to the _l_d_a_p_._c_o_n_f file. + + ldap_secret=pathname + The _l_d_a_p___s_e_c_r_e_t argument can be used to override the default + path to the _l_d_a_p_._s_e_c_r_e_t file. + + sudoers_file=pathname + The _s_u_d_o_e_r_s___f_i_l_e argument can be used to override the default + path to the _s_u_d_o_e_r_s file. + + sudoers_uid=uid + The _s_u_d_o_e_r_s___u_i_d argument can be used to override the default + owner of the sudoers file. It should be specified as a numeric + user ID. + + sudoers_gid=gid + The _s_u_d_o_e_r_s___g_i_d argument can be used to override the default + group of the sudoers file. It must be specified as a numeric + group ID (not a group name). + + sudoers_mode=mode + The _s_u_d_o_e_r_s___m_o_d_e argument can be used to override the default + file mode for the sudoers file. It should be specified as an + octal value. + + For more information on configuring sudo.conf(4), please refer to its + manual. + AAuutthheennttiiccaattiioonn aanndd llooggggiinngg The _s_u_d_o_e_r_s security policy requires that most users authenticate themselves before they can use ssuuddoo. A password is not required if the @@ -186,8 +236,8 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT '!'* %:#nonunix_gid | '!'* User_Alias - A User_List is made up of one or more user names, user ids (prefixed with - `#'), system group names and ids (prefixed with `%' and `%#' + A User_List is made up of one or more user names, user IDs (prefixed with + `#'), system group names and IDs (prefixed with `%' and `%#' respectively), netgroups (prefixed with `+'), non-Unix group names and IDs (prefixed with `%:' and `%:#' respectively) and User_Aliases. Each list item may be prefixed with zero or more `!' operators. An odd number @@ -201,8 +251,8 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT characters must be included inside the quotes. The actual nonunix_group and nonunix_gid syntax depends on the underlying - group provider plugin (see the _g_r_o_u_p___p_l_u_g_i_n description below). For - instance, the QAS AD plugin supports the following formats: + group provider plugin. For instance, the QAS AD plugin supports the + following formats: oo Group in the same domain: "%:Group Name" @@ -210,6 +260,8 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT oo Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" + See _G_R_O_U_P _P_R_O_V_I_D_E_R _P_L_U_G_I_N_S for more information. + Note that quotes around group names are optional. Unquoted strings must use a backslash (`\') to escape spaces and special characters. See _O_t_h_e_r _s_p_e_c_i_a_l _c_h_a_r_a_c_t_e_r_s _a_n_d _r_e_s_e_r_v_e_d _w_o_r_d_s for a list of characters that need @@ -260,6 +312,14 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT ``localhost'' will only match if that is the actual host name, which is usually only the case for non-networked systems. + digest ::= [A-Fa-f0-9]+ | + [[A-Za-z0-9+/=]+ + + Digest_Spec ::= "sha224" ':' digest | + "sha256" ':' digest | + "sha384" ':' digest | + "sha512" ':' digest + Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List @@ -267,7 +327,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT file name args | file name '""' - Cmnd ::= '!'* command name | + Cmnd ::= Digest_Spec? '!'* command name | '!'* directory | '!'* "sudoedit" | '!'* Cmnd_Alias @@ -287,9 +347,33 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following characters must be escaped with a `\' if they are used in command - arguments: `,', `:', `=', `\'. The special command ``sudoedit'' is used + arguments: `,', `:', `=', `\'. The built-in command ``sudoedit'' is used to permit a user to run ssuuddoo with the --ee option (or as ssuuddooeeddiitt). It may - take command line arguments just as a normal command does. + take command line arguments just as a normal command does. Note that + ``sudoedit'' is a command built into ssuuddoo itself and must be specified in + _s_u_d_o_e_r_s without a leading path. + + If a command name is prefixed with a Digest_Spec, the command will only + match successfully if it can be verified using the specified SHA-2 + digest. This may be useful in situations where the user invoking ssuuddoo + has write access to the command or its parent directory. The following + digest formats are supported: sha224, sha256, sha384 and sha512. The + string may be specified in either hex or base64 format (base64 is more + compact). There are several utilities capable of generating SHA-2 + digests in hex format such as openssl, shasum, sha224sum, sha256sum, + sha384sum, sha512sum. + + For example, using openssl: + + $ openssl dgst -sha224 /bin/ls + SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 + + It is also possible to use openssl to generate base64 output: + + $ openssl dgst -binary -sha224 /bin/ls | openssl base64 + EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== + + Command digests are only supported by version 1.8.7 or higher. DDeeffaauullttss Certain configuration options may be changed from their default values at @@ -469,76 +553,77 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT it is overridden by the opposite tag (in other words, PASSWD overrides NOPASSWD and NOEXEC overrides EXEC). - _N_O_P_A_S_S_W_D _a_n_d _P_A_S_S_W_D + _N_O_P_A_S_S_W_D and _P_A_S_S_W_D - By default, ssuuddoo requires that a user authenticate him or herself before - running a command. This behavior can be modified via the NOPASSWD tag. - Like a Runas_Spec, the NOPASSWD tag sets a default for the commands that - follow it in the Cmnd_Spec_List. Conversely, the PASSWD tag can be used - to reverse things. For example: + By default, ssuuddoo requires that a user authenticate him or herself + before running a command. This behavior can be modified via the + NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default for + the commands that follow it in the Cmnd_Spec_List. Conversely, the + PASSWD tag can be used to reverse things. For example: - ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm + ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm - would allow the user rraayy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and _/_u_s_r_/_b_i_n_/_l_p_r_m as - rroooott on the machine rushmore without authenticating himself. If we only - want rraayy to be able to run _/_b_i_n_/_k_i_l_l without a password the entry would - be: + would allow the user rraayy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and _/_u_s_r_/_b_i_n_/_l_p_r_m + as rroooott on the machine rushmore without authenticating himself. If we + only want rraayy to be able to run _/_b_i_n_/_k_i_l_l without a password the entry + would be: - ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm + ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm - Note, however, that the PASSWD tag has no effect on users who are in the - group specified by the _e_x_e_m_p_t___g_r_o_u_p option. + Note, however, that the PASSWD tag has no effect on users who are in + the group specified by the _e_x_e_m_p_t___g_r_o_u_p option. - By default, if the NOPASSWD tag is applied to any of the entries for a - user on the current host, he or she will be able to run ``sudo -l'' - without a password. Additionally, a user may only run ``sudo -v'' - without a password if the NOPASSWD tag is present for all a user's - entries that pertain to the current host. This behavior may be - overridden via the _v_e_r_i_f_y_p_w and _l_i_s_t_p_w options. + By default, if the NOPASSWD tag is applied to any of the entries for a + user on the current host, he or she will be able to run ``sudo -l'' + without a password. Additionally, a user may only run ``sudo -v'' + without a password if the NOPASSWD tag is present for all a user's + entries that pertain to the current host. This behavior may be + overridden via the _v_e_r_i_f_y_p_w and _l_i_s_t_p_w options. - _N_O_E_X_E_C _a_n_d _E_X_E_C + _N_O_E_X_E_C and _E_X_E_C - If ssuuddoo has been compiled with _n_o_e_x_e_c support and the underlying - operating system supports it, the NOEXEC tag can be used to prevent a - dynamically-linked executable from running further commands itself. + If ssuuddoo has been compiled with _n_o_e_x_e_c support and the underlying + operating system supports it, the NOEXEC tag can be used to prevent a + dynamically-linked executable from running further commands itself. - In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e and - _/_u_s_r_/_b_i_n_/_v_i but shell escapes will be disabled. + In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e and + _/_u_s_r_/_b_i_n_/_v_i but shell escapes will be disabled. - aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi + aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi - See the _P_r_e_v_e_n_t_i_n_g _s_h_e_l_l _e_s_c_a_p_e_s section below for more details on how - NOEXEC works and whether or not it will work on your system. + See the _P_r_e_v_e_n_t_i_n_g _s_h_e_l_l _e_s_c_a_p_e_s section below for more details on how + NOEXEC works and whether or not it will work on your system. - _S_E_T_E_N_V _a_n_d _N_O_S_E_T_E_N_V + _S_E_T_E_N_V and _N_O_S_E_T_E_N_V - These tags override the value of the _s_e_t_e_n_v option on a per-command - basis. Note that if SETENV has been set for a command, the user may - disable the _e_n_v___r_e_s_e_t option from the command line via the --EE option. - Additionally, environment variables set on the command line are not - subject to the restrictions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or - _e_n_v___k_e_e_p. As such, only trusted users should be allowed to set variables - in this manner. If the command matched is AALLLL, the SETENV tag is implied - for that command; this default may be overridden by use of the NOSETENV - tag. + These tags override the value of the _s_e_t_e_n_v option on a per-command + basis. Note that if SETENV has been set for a command, the user may + disable the _e_n_v___r_e_s_e_t option from the command line via the --EE option. + Additionally, environment variables set on the command line are not + subject to the restrictions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or + _e_n_v___k_e_e_p. As such, only trusted users should be allowed to set + variables in this manner. If the command matched is AALLLL, the SETENV + tag is implied for that command; this default may be overridden by use + of the NOSETENV tag. - _L_O_G___I_N_P_U_T _a_n_d _N_O_L_O_G___I_N_P_U_T + _L_O_G___I_N_P_U_T and _N_O_L_O_G___I_N_P_U_T - These tags override the value of the _l_o_g___i_n_p_u_t option on a per-command - basis. For more information, see the description of _l_o_g___i_n_p_u_t in the - _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below. + These tags override the value of the _l_o_g___i_n_p_u_t option on a per-command + basis. For more information, see the description of _l_o_g___i_n_p_u_t in the + _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below. - _L_O_G___O_U_T_P_U_T _a_n_d _N_O_L_O_G___O_U_T_P_U_T + _L_O_G___O_U_T_P_U_T and _N_O_L_O_G___O_U_T_P_U_T - These tags override the value of the _l_o_g___o_u_t_p_u_t option on a per-command - basis. For more information, see the description of _l_o_g___o_u_t_p_u_t in the - _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below. + These tags override the value of the _l_o_g___o_u_t_p_u_t option on a per-command + basis. For more information, see the description of _l_o_g___o_u_t_p_u_t in the + _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below. WWiillddccaarrddss ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob characters) to be used in host names, path names and command line arguments in the _s_u_d_o_e_r_s - file. Wildcard matching is done via the PPOOSSIIXX glob(3) and fnmatch(3) - routines. Note that these are _n_o_t regular expressions. + file. Wildcard matching is done via the glob(3) and fnmatch(3) functions + as specified by IEEE Std 1003.1 (``POSIX.1''). Note that these are _n_o_t + regular expressions. * Matches any set of zero or more characters. @@ -551,7 +636,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT \x For any character `x', evaluates to `x'. This is used to escape special characters such as: `*', `?', `[', and `]'. - POSIX character classes may also be used if your system's glob(3) and + Character classes may also be used if your system's glob(3) and fnmatch(3) functions support them. However, because the `:' character has special meaning in _s_u_d_o_e_r_s, it must be escaped. For example: @@ -668,11 +753,24 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT since in a command context, it allows the user to run aannyy command on the system. - An exclamation point (`!') can be used as a logical _n_o_t operator both in - an _a_l_i_a_s and in front of a Cmnd. This allows one to exclude certain - values. Note, however, that using a `!' in conjunction with the built-in - AALLLL alias to allow a user to run ``all but a few'' commands rarely works - as intended (see _S_E_C_U_R_I_T_Y _N_O_T_E_S below). + An exclamation point (`!') can be used as a logical _n_o_t operator in a + list or _a_l_i_a_s as well as in front of a Cmnd. This allows one to exclude + certain values. For the `!' operator to be effective, there must be + something for it to exclude. For example, to match all users except for + root one would use: + + ALL,!root + + If the AALLLL, is omitted, as in: + + !root + + it would explicitly deny root but not match any other users. This is + different from a true ``negation'' operator. + + Note, however, that using a `!' in conjunction with the built-in AALLLL + alias to allow a user to run ``all but a few'' commands rarely works as + intended (see _S_E_C_U_R_I_T_Y _N_O_T_E_S below). Long lines can be continued with a backslash (`\') as the last character on the line. @@ -718,6 +816,45 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS This flag is _o_n by default when ssuuddoo is compiled with zzlliibb support. + exec_background By default, ssuuddoo runs a command as the foreground + process as long as ssuuddoo itself is running in the + foreground. When the _e_x_e_c___b_a_c_k_g_r_o_u_n_d flag is enabled + and the command is being run in a pty (due to I/O + logging or the _u_s_e___p_t_y flag), the command will be run + as a background process. Attempts to read from the + controlling terminal (or to change terminal settings) + will result in the command being suspended with the + SIGTTIN signal (or SIGTTOU in the case of terminal + settings). If this happens when ssuuddoo is a foreground + process, the command will be granted the controlling + terminal and resumed in the foreground with no user + intervention required. The advantage of initially + running the command in the background is that ssuuddoo need + not read from the terminal unless the command + explicitly requests it. Otherwise, any terminal input + must be passed to the command, whether it has required + it or not (the kernel buffers terminals so it is not + possible to tell whether the command really wants the + input). This is different from historic _s_u_d_o behavior + or when the command is not being run in a pty. + + For this to work seamlessly, the operating system must + support the automatic restarting of system calls. + Unfortunately, not all operating systems do this by + default, and even those that do may have bugs. For + example, Mac OS X fails to restart the ttccggeettaattttrr() and + ttccsseettaattttrr() system calls (this is a bug in Mac OS X). + Furthermore, because this behavior depends on the + command stopping with the SIGTTIN or SIGTTOU signals, + programs that catch these signals and suspend + themselves with a different signal (usually SIGTOP) + will not be automatically foregrounded. Some versions + of the linux su(1) command behave this way. + + This setting is only supported by version 1.8.7 or + higher. It has no effect unless I/O logging is enabled + or the _u_s_e___p_t_y flag is enabled. + env_editor If set, vviissuuddoo will use the value of the EDITOR or VISUAL environment variables before falling back on the default editor list. Note that this may create a @@ -906,6 +1043,26 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS well as the _P_r_e_v_e_n_t_i_n_g _s_h_e_l_l _e_s_c_a_p_e_s section at the end of this manual. This flag is _o_f_f by default. + pam_session On systems that use PAM for authentication, ssuuddoo will + create a new PAM session for the command to be run in. + Disabling _p_a_m___s_e_s_s_i_o_n may be needed on older PAM + implementations or on operating systems where opening a + PAM session changes the utmp or wtmp files. If PAM + session support is disabled, resource limits may not be + updated for the command being run. This flag is _o_n by + default. + + This setting is only supported by version 1.8.7 or + higher. + + passprompt_override + The password prompt specified by _p_a_s_s_p_r_o_m_p_t will + normally only be used if the password prompt provided + by systems such as PAM matches the string + ``Password:''. If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, + _p_a_s_s_p_r_o_m_p_t will always be used. This flag is _o_f_f by + default. + path_info Normally, ssuuddoo will tell the user when a command could not be found in their PATH environment variable. Some sites may wish to disable this as it could be used to @@ -916,14 +1073,6 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS not allowed to run it, which can be confusing. This flag is _o_n by default. - passprompt_override - The password prompt specified by _p_a_s_s_p_r_o_m_p_t will - normally only be used if the password prompt provided - by systems such as PAM matches the string - ``Password:''. If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, - _p_a_s_s_p_r_o_m_p_t will always be used. This flag is _o_f_f by - default. - preserve_groups By default, ssuuddoo will initialize the group vector to the list of groups the target user is in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's existing group @@ -1189,6 +1338,11 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS unique combination of digits and letters, similar to the mktemp(3) function. + If the path created by concatenating _i_o_l_o_g___d_i_r and + _i_o_l_o_g___f_i_l_e already exists, the existing I/O log file + will be truncated and overwritten unless _i_o_l_o_g___f_i_l_e + ends in six or more Xs. + limitprivs The default Solaris limit privileges to use when constructing a new privilege set for a command. This bounds all privileges of the executing process. The @@ -1200,9 +1354,27 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS escape %h will expand to the host name of the machine. Default is ``*** SECURITY information for %h ***''. - noexec_file This option is no longer supported. The path to the - noexec file should now be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f - file. + maxseq The maximum sequence number that will be substituted + for the ``%{seq}'' escape in the I/O log file (see the + _i_o_l_o_g___d_i_r description above for more information). + While the value substituted for ``%{seq}'' is in base + 36, _m_a_x_s_e_q itself should be expressed in decimal. + Values larger than 2176782336 (which corresponds to the + base 36 sequence number ``ZZZZZZ'') will be silently + truncated to 2176782336. The default value is + 2176782336. + + Once the local sequence number reaches the value of + _m_a_x_s_e_q, it will ``roll over'' to zero, after which + ssuuddooeerrss will truncate and re-use any existing I/O log + pathnames. + + This setting is only supported by version 1.8.7 or + higher. + + noexec_file As of ssuuddoo version 1.8.1 this option is no longer + supported. The path to the noexec file should now be + set in the sudo.conf(4) file. passprompt The default prompt to use when asking for a password; can be overridden via the --pp option or the SUDO_PROMPT @@ -1295,21 +1467,15 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS a % prefix. This is not set by default. group_plugin A string containing a _s_u_d_o_e_r_s group plugin with optional - arguments. This can be used to implement support for the - nonunix_group syntax described earlier. The string should - consist of the plugin path, either fully-qualified or - relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory, followed by - any configuration arguments the plugin requires. These + arguments. The string should consist of the plugin path, + either fully-qualified or relative to the + _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o directory, followed by any + configuration arguments the plugin requires. These arguments (if any) will be passed to the plugin's initialization function. If arguments are present, the string must be enclosed in double quotes (""). - For example, given _/_e_t_c_/_s_u_d_o_-_g_r_o_u_p, a group file in Unix - group format, the sample group plugin can be used: - - Defaults group_plugin="sample_group.so /etc/sudo-group" - - For more information see sudo_plugin(4). + For more information see GROUP PROVIDER PLUGINS. lecture This option controls when a short lecture will be printed along with the password prompt. It has the following @@ -1446,6 +1612,41 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS variables to keep is displayed when ssuuddoo is run by root with the --VV option. +GGRROOUUPP PPRROOVVIIDDEERR PPLLUUGGIINNSS + The ssuuddooeerrss plugin supports its own plugin interface to allow non-Unix + group lookups which can query a group source other than the standard Unix + group database. This can be used to implement support for the + nonunix_group syntax described earlier. + + Group provider plugins are specified via the _g_r_o_u_p___p_l_u_g_i_n Defaults + setting. The argument to _g_r_o_u_p___p_l_u_g_i_n should consist of the plugin path, + either fully-qualified or relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o + directory, followed by any configuration options the plugin requires. + These options (if specified) will be passed to the plugin's + initialization function. If options are present, the string must be + enclosed in double quotes (""). + + The following group provider plugins are installed by default: + + group_file + The _g_r_o_u_p___f_i_l_e plugin supports an alternate group file that + uses the same syntax as the _/_e_t_c_/_g_r_o_u_p file. The path to the + group file should be specified as an option to the plugin. For + example, if the group file to be used is _/_e_t_c_/_s_u_d_o_-_g_r_o_u_p: + + Defaults group_plugin="group_file.so /etc/sudo-group" + + system_group + The _s_y_s_t_e_m___g_r_o_u_p plugin supports group lookups via the standard + C library functions ggeettggrrnnaamm() and ggeettggrriidd(). This plugin can + be used in instances where the user belongs to groups not + present in the user's supplemental group vector. This plugin + takes no options: + + Defaults group_plugin=system_group.so + + The group provider plugin API is described in detail in sudo_plugin(1m). + LLOOGG FFOORRMMAATT ssuuddooeerrss can log events using either syslog(3) or a simple log file. In each case the log format is almost identical. @@ -1547,9 +1748,9 @@ LLOOGG FFOORRMMAATT when the _s_u_d_o_e_r_s file is located on a remote file system that maps user ID 0 to a different value. Normally, ssuuddooeerrss tries to open _s_u_d_o_e_r_s using group permissions to avoid this problem. Consider - changing the ownership of _/_e_t_c_/_s_u_d_o_e_r_s by adding an option like - ``sudoers_uid=N'' (where `N' is the user ID that owns the _s_u_d_o_e_r_s - file) to the ssuuddooeerrss plugin line in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file. + either changing the ownership of _/_e_t_c_/_s_u_d_o_e_r_s or adding an argument + like ``sudoers_uid=N'' (where `N' is the user ID that owns the _s_u_d_o_e_r_s + file) to the end of the ssuuddooeerrss Plugin line in the sudo.conf(4) file. unable to stat /etc/sudoers The _/_e_t_c_/_s_u_d_o_e_r_s file is missing. @@ -1561,21 +1762,21 @@ LLOOGG FFOORRMMAATT /etc/sudoers is owned by uid N, should be 0 The _s_u_d_o_e_r_s file has the wrong owner. If you wish to change the _s_u_d_o_e_r_s file owner, please add ``sudoers_uid=N'' (where `N' is the - user ID that owns the _s_u_d_o_e_r_s file) to the ssuuddooeerrss plugin line in the - _/_e_t_c_/_s_u_d_o_._c_o_n_f file. + user ID that owns the _s_u_d_o_e_r_s file) to the ssuuddooeerrss Plugin line in the + sudo.conf(4) file. /etc/sudoers is world writable The permissions on the _s_u_d_o_e_r_s file allow all users to write to it. The _s_u_d_o_e_r_s file must not be world-writable, the default file mode is 0440 (readable by owner and group, writable by none). The default mode may be changed via the ``sudoers_mode'' option to the ssuuddooeerrss - plugin line in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file. + Plugin line in the sudo.conf(4) file. /etc/sudoers is owned by gid N, should be 1 The _s_u_d_o_e_r_s file has the wrong group ownership. If you wish to change the _s_u_d_o_e_r_s file group ownership, please add ``sudoers_gid=N'' (where - `N' is the group ID that owns the _s_u_d_o_e_r_s file) to the ssuuddooeerrss plugin - line in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file. + `N' is the group ID that owns the _s_u_d_o_e_r_s file) to the ssuuddooeerrss Plugin + line in the sudo.conf(4) file. unable to open /var/adm/sudo/username/ttyname _s_u_d_o_e_r_s was unable to read or create the user's time stamp file. @@ -1615,110 +1816,6 @@ LLOOGG FFOORRMMAATT _l_o_g_l_i_n_e_l_e_n option is set to 0 (or negated with a `!'), word wrap will be disabled. -SSUUDDOO..CCOONNFF - The _/_e_t_c_/_s_u_d_o_._c_o_n_f file determines which plugins the ssuuddoo front end will - load. If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, or it contains no Plugin - lines, ssuuddoo will use the _s_u_d_o_e_r_s security policy and I/O logging, which - corresponds to the following _/_e_t_c_/_s_u_d_o_._c_o_n_f file. - - # - # Default /etc/sudo.conf file - # - # Format: - # Plugin plugin_name plugin_path plugin_options ... - # Path askpass /path/to/askpass - # Path noexec /path/to/sudo_noexec.so - # Debug sudo /var/log/sudo_debug all@warn - # Set disable_coredump true - # - # The plugin_path is relative to /usr/local/libexec unless - # fully qualified. - # The plugin_name corresponds to a global symbol in the plugin - # that contains the plugin interface structure. - # The plugin_options are optional. - # - Plugin policy_plugin sudoers.so - Plugin io_plugin sudoers.so - - PPlluuggiinn ooppttiioonnss - Starting with ssuuddoo 1.8.5, it is possible to pass options to the _s_u_d_o_e_r_s - plugin. Options may be listed after the path to the plugin (i.e. after - _s_u_d_o_e_r_s_._s_o); multiple options should be space-separated. For example: - - Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440 - - The following plugin options are supported: - - sudoers_file=pathname - The _s_u_d_o_e_r_s___f_i_l_e option can be used to override the default - path to the _s_u_d_o_e_r_s file. - - sudoers_uid=uid - The _s_u_d_o_e_r_s___u_i_d option can be used to override the default - owner of the sudoers file. It should be specified as a numeric - user ID. - - sudoers_gid=gid - The _s_u_d_o_e_r_s___g_i_d option can be used to override the default - group of the sudoers file. It should be specified as a numeric - group ID. - - sudoers_mode=mode - The _s_u_d_o_e_r_s___m_o_d_e option can be used to override the default - file mode for the sudoers file. It should be specified as an - octal value. - - DDeebbuugg ffllaaggss - Versions 1.8.4 and higher of the _s_u_d_o_e_r_s plugin supports a debugging - framework that can help track down what the plugin is doing internally if - there is a problem. This can be configured in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file as - described in sudo(1m). - - The _s_u_d_o_e_r_s plugin uses the same debug flag format as the ssuuddoo front-end: - _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y. - - The priorities used by _s_u_d_o_e_r_s, in order of decreasing severity, are: - _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g. Each priority, - when specified, also includes all priorities higher than it. For - example, a priority of _n_o_t_i_c_e would include debug messages logged at - _n_o_t_i_c_e and higher. - - The following subsystems are used by _s_u_d_o_e_r_s: - - _a_l_i_a_s User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias processing - - _a_l_l matches every subsystem - - _a_u_d_i_t BSM and Linux audit code - - _a_u_t_h user authentication - - _d_e_f_a_u_l_t_s _s_u_d_o_e_r_s _D_e_f_a_u_l_t_s settings - - _e_n_v environment handling - - _l_d_a_p LDAP-based sudoers - - _l_o_g_g_i_n_g logging support - - _m_a_t_c_h matching of users, groups, hosts and netgroups in _s_u_d_o_e_r_s - - _n_e_t_i_f network interface handling - - _n_s_s network service switch handling in _s_u_d_o_e_r_s - - _p_a_r_s_e_r _s_u_d_o_e_r_s file parsing - - _p_e_r_m_s permission setting - - _p_l_u_g_i_n The equivalent of _m_a_i_n for the plugin. - - _p_t_y pseudo-tty related code - - _r_b_t_r_e_e redblack tree internals - - _u_t_i_l utility functions - FFIILLEESS _/_e_t_c_/_s_u_d_o_._c_o_n_f Sudo front end configuration @@ -1768,7 +1865,9 @@ EEXXAAMMPPLLEESS # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ - /usr/sbin/restore, /usr/sbin/rrestore + /usr/sbin/restore, /usr/sbin/rrestore,\ + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \ + /home/operator/bin/start_backups Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown @@ -1838,7 +1937,11 @@ EEXXAAMMPPLLEESS The ooppeerraattoorr user may run commands limited to simple maintenance. Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory - _/_u_s_r_/_o_p_e_r_/_b_i_n_/. + _/_u_s_r_/_o_p_e_r_/_b_i_n_/. Note that one command in the DUMPS Cmnd_Alias includes a + sha224 digest, _/_h_o_m_e_/_o_p_e_r_a_t_o_r_/_b_i_n_/_s_t_a_r_t___b_a_c_k_u_p_s. This is because the + directory containing the script is writable by the operator user. If the + script is modified (resulting in a digest mismatch) it will no longer be + possible to run it via ssuuddoo. joe ALL = /usr/bin/su operator @@ -2047,8 +2150,64 @@ SSEECCUURRIITTYY NNOOTTEESS stamp file is stale and will ignore it. Administrators should not rely on this feature as it is not universally available. +DDEEBBUUGGGGIINNGG + Versions 1.8.4 and higher of the ssuuddooeerrss plugin support a flexible + debugging framework that can help track down what the plugin is doing + internally if there is a problem. This can be configured in the + sudo.conf(4) file. + + The ssuuddooeerrss plugin uses the same debug flag format as the ssuuddoo front-end: + _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y. + + The priorities used by ssuuddooeerrss, in order of decreasing severity, are: + _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g. Each priority, + when specified, also includes all priorities higher than it. For + example, a priority of _n_o_t_i_c_e would include debug messages logged at + _n_o_t_i_c_e and higher. + + The following subsystems are used by the ssuuddooeerrss plugin: + + _a_l_i_a_s User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias processing + + _a_l_l matches every subsystem + + _a_u_d_i_t BSM and Linux audit code + + _a_u_t_h user authentication + + _d_e_f_a_u_l_t_s _s_u_d_o_e_r_s _D_e_f_a_u_l_t_s settings + + _e_n_v environment handling + + _l_d_a_p LDAP-based sudoers + + _l_o_g_g_i_n_g logging support + + _m_a_t_c_h matching of users, groups, hosts and netgroups in _s_u_d_o_e_r_s + + _n_e_t_i_f network interface handling + + _n_s_s network service switch handling in _s_u_d_o_e_r_s + + _p_a_r_s_e_r _s_u_d_o_e_r_s file parsing + + _p_e_r_m_s permission setting + + _p_l_u_g_i_n The equivalent of _m_a_i_n for the plugin. + + _p_t_y pseudo-tty related code + + _r_b_t_r_e_e redblack tree internals + + _u_t_i_l utility functions + For example: + + Debug sudo /var/log/sudo_debug match@info,nss@info + + For more information, see the sudo.conf(4) manual. + SSEEEE AALLSSOO - ssh(1), su(1), fnmatch(3), glob(3), mktemp(3), strftime(3), + ssh(1), su(1), fnmatch(3), glob(3), mktemp(3), strftime(3), sudo.conf(4), sudoers.ldap(4), sudo_plugin(1m), sudo(1m), visudo(1m) CCAAVVEEAATTSS @@ -2078,4 +2237,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.6 July 16, 2012 Sudo 1.8.6 +Sudo 1.8.7 April 30, 2013 Sudo 1.8.7 diff --git a/doc/sudoers.ldap.cat b/doc/sudoers.ldap.cat index 8d640a8..9f3f38c 100644 --- a/doc/sudoers.ldap.cat +++ b/doc/sudoers.ldap.cat @@ -37,10 +37,10 @@ DDEESSCCRRIIPPTTIIOONN LDAP, ssuuddoo-specific Aliases are not supported. For the most part, there is really no need for ssuuddoo-specific Aliases. - Unix groups or user netgroups can be used in place of User_Aliases and - Runas_Aliases. Host netgroups can be used in place of Host_Aliases. - Since Unix groups and netgroups can also be stored in LDAP there is no - real need for ssuuddoo-specific aliases. + Unix groups, non-Unix groups (via the _g_r_o_u_p___p_l_u_g_i_n) or user netgroups can + be used in place of User_Aliases and Runas_Aliases. Host netgroups can + be used in place of Host_Aliases. Since groups and netgroups can also be + stored in LDAP there is no real need for ssuuddoo-specific aliases. Cmnd_Aliases are not really required either since it is possible to have multiple users listed in a sudoRole. Instead of defining a Cmnd_Alias @@ -67,20 +67,45 @@ DDEESSCCRRIIPPTTIIOONN following attributes: ssuuddooUUsseerr - A user name, user ID (prefixed with `#'), Unix group (prefixed with - `%'), Unix group ID (prefixed with `%#'), or user netgroup - (prefixed with `+'). + A user name, user ID (prefixed with `#'), Unix group name or ID + (prefixed with `%' or `%#' respectively), user netgroup (prefixed + with `+'), or non-Unix group name or ID (prefixed with `%:' or + `%:#' respectively). Non-Unix group support is only available when + an appropriate _g_r_o_u_p___p_l_u_g_i_n is defined in the global _d_e_f_a_u_l_t_s + sudoRole object. ssuuddooHHoosstt A host name, IP address, IP network, or host netgroup (prefixed with a `+'). The special value ALL will match any host. ssuuddooCCoommmmaanndd - A Unix command with optional command line arguments, potentially - including globbing characters (aka wild cards). The special value - ALL will match any command. If a command is prefixed with an - exclamation point `!', the user will be prohibited from running - that command. + A fully-qualified Unix command name with optional command line + arguments, potentially including globbing characters (aka wild + cards). If a command name is preceded by an exclamation point, + `!', the user will be prohibited from running that command. + + The built-in command ``sudoedit'' is used to permit a user to run + ssuuddoo with the --ee option (or as ssuuddooeeddiitt). It may take command line + arguments just as a normal command does. Note that ``sudoedit'' is + a command built into ssuuddoo itself and must be specified in without a + leading path. + + The special value ALL will match any command. + + If a command name is prefixed with a SHA-2 digest, it will only be + allowed if the digest matches. This may be useful in situations + where the user invoking ssuuddoo has write access to the command or its + parent directory. The following digest formats are supported: + sha224, sha256, sha384 and sha512. The digest name must be + followed by a colon (`:') and then the actual digest, in either hex + or base64 format. For example, given the following value for + sudoCommand: + + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls + + The user may only run _/_b_i_n_/_l_s if its sha224 digest matches the + specified value. Command digests are only supported by version + 1.8.7 or higher. ssuuddooOOppttiioonn Identical in function to the global options described above, but @@ -134,7 +159,7 @@ DDEESSCCRRIIPPTTIIOONN inherent order. The sudoOrder attribute is an integer (or floating point value for LDAP servers that support it) that is used to sort the matching entries. This allows LDAP-based sudoers entries to - more closely mimic the behaviour of the sudoers file, where the of + more closely mimic the behavior of the sudoers file, where the of the entries influences the result. If multiple entries match, the entry with the highest sudoOrder attribute is chosen. This corresponds to the ``last match'' behavior of the sudoers file. If @@ -168,7 +193,7 @@ DDEESSCCRRIIPPTTIIOONN user belongs to any of them. If timed entries are enabled with the SSUUDDOOEERRSS__TTIIMMEEDD configuration - directive, the LDAP queries include a subfilter that limits retrieval to + directive, the LDAP queries include a sub-filter that limits retrieval to entries that satisfy the time constraints, if any. DDiiffffeerreenncceess bbeettwweeeenn LLDDAAPP aanndd nnoonn--LLDDAAPP ssuuddooeerrss @@ -246,10 +271,11 @@ DDEESSCCRRIIPPTTIIOONN CCoonnffiigguurriinngg llddaapp..ccoonnff Sudo reads the _/_e_t_c_/_l_d_a_p_._c_o_n_f file for LDAP-specific configuration. - Typically, this file is shared amongst different LDAP-aware clients. As + Typically, this file is shared between different LDAP-aware clients. As such, most of the settings are not ssuuddoo-specific. Note that ssuuddoo parses _/_e_t_c_/_l_d_a_p_._c_o_n_f itself and may support options that differ from those - described in the system's ldap.conf(1m) manual. + described in the system's ldap.conf(1m) manual. The path to _l_d_a_p_._c_o_n_f may + be overridden via the _l_d_a_p___c_o_n_f plugin argument in sudo.conf(4). Also note that on systems using the OpenLDAP libraries, default values specified in _/_e_t_c_/_o_p_e_n_l_d_a_p_/_l_d_a_p_._c_o_n_f or the user's _._l_d_a_p_r_c files are not @@ -259,8 +285,12 @@ DDEESSCCRRIIPPTTIIOONN by ssuuddoo are honored. Configuration options are listed below in upper case but are parsed in a case-independent manner. + Long lines can be continued with a backslash (`\') as the last character + on the line. Note that leading white space is removed from the beginning + of lines even when the continuation character is used. + UURRII _l_d_a_p_[_s_]_:_/_/_[_h_o_s_t_n_a_m_e_[_:_p_o_r_t_]_] _._._. - Specifies a whitespace-delimited list of one or more URIs + Specifies a white space-delimited list of one or more URIs describing the LDAP server(s) to connect to. The _p_r_o_t_o_c_o_l may be either _l_d_a_p _l_d_a_p_s, the latter being for servers that support TLS (SSL) encryption. If no _p_o_r_t is specified, the default is port 389 @@ -273,7 +303,7 @@ DDEESSCCRRIIPPTTIIOONN of supporting one or the other. HHOOSSTT _n_a_m_e_[_:_p_o_r_t_] _._._. - If no UURRII is specified, the HHOOSSTT parameter specifies a whitespace- + If no UURRII is specified, the HHOOSSTT parameter specifies a white space- delimited list of LDAP servers to connect to. Each host may include an optional _p_o_r_t separated by a colon (`:'). The HHOOSSTT parameter is deprecated in favor of the UURRII specification and is @@ -328,6 +358,12 @@ DDEESSCCRRIIPPTTIIOONN be set in a production environment as the extra information is likely to confuse users. + The SSUUDDOOEERRSS__DDEEBBUUGG parameter is deprecated and will be removed in a + future release. The same information is now logged via the ssuuddoo + debugging framework using the ``ldap'' subsystem at priorities _d_i_a_g + and _i_n_f_o for _d_e_b_u_g___l_e_v_e_l values 1 and 2 respectively. See the + sudo.conf(4) manual for details on how to configure ssuuddoo debugging. + BBIINNDDDDNN _D_N The BBIINNDDDDNN parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing LDAP operations. @@ -344,8 +380,10 @@ DDEESSCCRRIIPPTTIIOONN The RROOOOTTBBIINNDDDDNN parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing privileged LDAP operations, such as _s_u_d_o_e_r_s queries. The password corresponding to - the identity should be stored in _/_e_t_c_/_l_d_a_p_._s_e_c_r_e_t. If not - specified, the BBIINNDDDDNN identity is used (if any). + the identity should be stored in the or the path specified by the + _l_d_a_p___s_e_c_r_e_t plugin argument in sudo.conf(4), which defaults to + _/_e_t_c_/_l_d_a_p_._s_e_c_r_e_t. If no RROOOOTTBBIINNDDDDNN is specified, the BBIINNDDDDNN + identity is used (if any). LLDDAAPP__VVEERRSSIIOONN _n_u_m_b_e_r The version of the LDAP protocol to use when connecting to the @@ -530,12 +568,12 @@ DDEESSCCRRIIPPTTIIOONN sudoers = ldap - To treat LDAP as authoratative and only use the local sudoers file if the + To treat LDAP as authoritative and only use the local sudoers file if the user is not present in LDAP, use: sudoers = ldap = auth, files - Note that in the above example, the auth qualfier only affects user + Note that in the above example, the auth qualifier only affects user lookups; both LDAP and _s_u_d_o_e_r_s will be queried for Defaults entries. If the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is not present or there is no sudoers line, @@ -739,7 +777,7 @@ EEXXAAMMPPLLEESS ) SSEEEE AALLSSOO - ldap.conf(1m), sudoers(1m) + ldap.conf(4), sudo.conf(4), sudoers(1m) CCAAVVEEAATTSS Note that there are differences in the way that LDAP-based _s_u_d_o_e_r_s is @@ -762,4 +800,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.6 July 12, 2012 Sudo 1.8.6 +Sudo 1.8.7 April 25, 2013 Sudo 1.8.7 diff --git a/doc/sudoers.ldap.man.in b/doc/sudoers.ldap.man.in index 22f3c51..918f3d3 100644 --- a/doc/sudoers.ldap.man.in +++ b/doc/sudoers.ldap.man.in @@ -1,7 +1,7 @@ .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudoers.ldap.mdoc.in .\" -.\" Copyright (c) 2003-2012 Todd C. Miller +.\" Copyright (c) 2003-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.TH "SUDOERS.LDAP" "8" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "OpenBSD System Manager's Manual" +.TH "SUDOERS.LDAP" "8" "April 25, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -86,11 +86,11 @@ Aliases are not supported. For the most part, there is really no need for \fBsudo\fR-specific Aliases. -Unix groups or user netgroups can be used in place of User_Aliases and -Runas_Aliases. +Unix groups, non-Unix groups (via the +\fIgroup_plugin\fR) +or user netgroups can be used in place of User_Aliases and Runas_Aliases. Host netgroups can be used in place of Host_Aliases. -Since Unix groups and netgroups can also be stored in LDAP there is no -real need for +Since groups and netgroups can also be stored in LDAP there is no real need for \fBsudo\fR-specific aliases. .PP @@ -139,12 +139,23 @@ It consists of the following attributes: \fBsudoUser\fR A user name, user ID (prefixed with `#'), -Unix group (prefixed with -`%'), -Unix group ID (prefixed with -`%#'), -or user netgroup (prefixed with -`+'). +Unix group name or ID (prefixed with +`%' +or +`%#' +respectively), user netgroup (prefixed with +`+'), +or non-Unix group name or ID (prefixed with +`%:' +or +`%:#' +respectively). +Non-Unix group support is only available when an appropriate +\fIgroup_plugin\fR +is defined in the global +\fIdefaults\fR +\fRsudoRole\fR +object. .TP 6n \fBsudoHost\fR A host name, IP address, IP network, or host netgroup (prefixed with a @@ -154,20 +165,63 @@ The special value will match any host. .TP 6n \fBsudoCommand\fR -A Unix command with optional command line arguments, potentially -including globbing characters (aka wild cards). +A fully-qualified Unix command name with optional command line arguments, +potentially including globbing characters (aka wild cards). +If a command name is preceded by an exclamation point, +`\&!', +the user will be prohibited from running that command. +.sp +The built-in command +``\fRsudoedit\fR'' +is used to permit a user to run +\fBsudo\fR +with the +\fB\-e\fR +option (or as +\fBsudoedit\fR). +It may take command line arguments just as a normal command does. +Note that +``\fRsudoedit\fR'' +is a command built into +\fBsudo\fR +itself and must be specified in without a leading path. +.sp The special value \fRALL\fR will match any command. -If a command is prefixed with an exclamation point -`\&!', -the user will be prohibited from running that command. +.sp +If a command name is prefixed with a SHA-2 digest, it will +only be allowed if the digest matches. +This may be useful in situations where the user invoking +\fBsudo\fR +has write access to the command or its parent directory. +The following digest formats are supported: sha224, sha256, sha384 and sha512. +The digest name must be followed by a colon +(`:\&') +and then the actual digest, in either hex or base64 format. +For example, given the following value for sudoCommand: +.RS +.nf +.sp +.RS 4n +sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls +.RE +.fi +.sp +The user may only run +\fI/bin/ls\fR +if its sha224 digest matches the specified value. +Command digests are only supported by version 1.8.7 or higher. +.PP +.RE +.PD 0 .TP 6n \fBsudoOption\fR Identical in function to the global options described above, but specific to the \fRsudoRole\fR in which it resides. +.PD .TP 6n \fBsudoRunAsUser\fR A user name or uid (prefixed with @@ -263,7 +317,7 @@ The \fRsudoOrder\fR attribute is an integer (or floating point value for LDAP servers that support it) that is used to sort the matching entries. -This allows LDAP-based sudoers entries to more closely mimic the behaviour +This allows LDAP-based sudoers entries to more closely mimic the behavior of the sudoers file, where the of the entries influences the result. If multiple entries match, the entry with the highest \fRsudoOrder\fR @@ -321,7 +375,7 @@ to see if the user belongs to any of them. .PP If timed entries are enabled with the \fBSUDOERS_TIMED\fR -configuration directive, the LDAP queries include a subfilter that +configuration directive, the LDAP queries include a sub-filter that limits retrieval to entries that satisfy the time constraints, if any. .SS "Differences between LDAP and non-LDAP sudoers" There are some subtle differences in the way sudoers is handled @@ -426,7 +480,7 @@ section. Sudo reads the \fI@ldap_conf@\fR file for LDAP-specific configuration. -Typically, this file is shared amongst different LDAP-aware clients. +Typically, this file is shared between different LDAP-aware clients. As such, most of the settings are not \fBsudo\fR-specific. Note that @@ -437,6 +491,12 @@ itself and may support options that differ from those described in the system's ldap.conf(@mansectsu@) manual. +The path to +\fIldap.conf\fR +may be overridden via the +\fIldap_conf\fR +plugin argument in +sudo.conf(@mansectform@). .PP Also note that on systems using the OpenLDAP libraries, default values specified in @@ -452,9 +512,15 @@ as being supported by are honored. Configuration options are listed below in upper case but are parsed in a case-independent manner. +.PP +Long lines can be continued with a backslash +(`\e') +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. .TP 6n \fBURI\fR \fIldap[s]://[hostname[:port]] ...\fR -Specifies a whitespace-delimited list of one or more URIs describing +Specifies a white space-delimited list of one or more URIs describing the LDAP server(s) to connect to. The \fIprotocol\fR @@ -492,7 +558,7 @@ If no \fBURI\fR is specified, the \fBHOST\fR -parameter specifies a whitespace-delimited list of LDAP servers to connect to. +parameter specifies a white space-delimited list of LDAP servers to connect to. Each host may include an optional \fIport\fR separated by a colon @@ -589,6 +655,26 @@ A value of 1 results in a moderate amount of debugging information. A value of 2 shows the results of the matches themselves. This parameter should not be set in a production environment as the extra information is likely to confuse users. +.sp +The +\fBSUDOERS_DEBUG\fR +parameter is deprecated and will be removed in a future release. +The same information is now logged via the +\fBsudo\fR +debugging framework using the +``ldap'' +subsystem at priorities +\fIdiag\fR +and +\fIinfo\fR +for +\fIdebug_level\fR +values 1 and 2 respectively. +See the +sudo.conf(@mansectform@) +manual for details on how to configure +\fBsudo\fR +debugging. .TP 6n \fBBINDDN\fR \fIDN\fR The @@ -613,10 +699,16 @@ parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing privileged LDAP operations, such as \fIsudoers\fR queries. -The password corresponding -to the identity should be stored in +The password corresponding to the identity should be stored in the +or the path specified by the +\fIldap_secret\fR +plugin argument in +sudo.conf(@mansectform@), +which defaults to \fI@ldap_secret@\fR. -If not specified, the +If no +\fBROOTBINDDN\fR +is specified, the \fBBINDDN\fR identity is used (if any). .TP 6n @@ -929,7 +1021,7 @@ sudoers = ldap .RE .fi .PP -To treat LDAP as authoratative and only use the local sudoers file +To treat LDAP as authoritative and only use the local sudoers file if the user is not present in LDAP, use: .nf .sp @@ -940,7 +1032,7 @@ sudoers = ldap = auth, files .PP Note that in the above example, the \fRauth\fR -qualfier only affects user lookups; both LDAP and +qualifier only affects user lookups; both LDAP and \fIsudoers\fR will be queried for \fRDefaults\fR @@ -1170,7 +1262,8 @@ objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL .RE .fi .SH "SEE ALSO" -ldap.conf(@mansectsu@), +ldap.conf(@mansectform@), +sudo.conf(@mansectform@), sudoers(@mansectsu@) .SH "CAVEATS" Note that there are differences in the way that LDAP-based diff --git a/doc/sudoers.ldap.mdoc.in b/doc/sudoers.ldap.mdoc.in index 68d7dcd..d042a85 100644 --- a/doc/sudoers.ldap.mdoc.in +++ b/doc/sudoers.ldap.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 2003-2012 Todd C. Miller +.\" Copyright (c) 2003-2013 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd July 12, 2012 +.Dd April 25, 2013 .Dt SUDOERS.LDAP @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -82,11 +82,11 @@ Aliases are not supported. For the most part, there is really no need for .Nm sudo Ns No -specific Aliases. -Unix groups or user netgroups can be used in place of User_Aliases and -Runas_Aliases. +Unix groups, non-Unix groups (via the +.Em group_plugin ) +or user netgroups can be used in place of User_Aliases and Runas_Aliases. Host netgroups can be used in place of Host_Aliases. -Since Unix groups and netgroups can also be stored in LDAP there is no -real need for +Since groups and netgroups can also be stored in LDAP there is no real need for .Nm sudo Ns No -specific aliases. .Pp @@ -132,12 +132,23 @@ It consists of the following attributes: .It Sy sudoUser A user name, user ID (prefixed with .Ql # ) , -Unix group (prefixed with -.Ql % ) , -Unix group ID (prefixed with -.Ql %# ) , -or user netgroup (prefixed with -.Ql + ) . +Unix group name or ID (prefixed with +.Ql % +or +.Ql %# +respectively), user netgroup (prefixed with +.Ql + ) , +or non-Unix group name or ID (prefixed with +.Ql %: +or +.Ql %:# +respectively). +Non-Unix group support is only available when an appropriate +.Em group_plugin +is defined in the global +.Em defaults +.Li sudoRole +object. .It Sy sudoHost A host name, IP address, IP network, or host netgroup (prefixed with a .Ql + ) . @@ -145,14 +156,49 @@ The special value .Li ALL will match any host. .It Sy sudoCommand -A Unix command with optional command line arguments, potentially -including globbing characters (aka wild cards). +A fully-qualified Unix command name with optional command line arguments, +potentially including globbing characters (aka wild cards). +If a command name is preceded by an exclamation point, +.Ql \&! , +the user will be prohibited from running that command. +.Pp +The built-in command +.Dq Li sudoedit +is used to permit a user to run +.Nm sudo +with the +.Fl e +option (or as +.Nm sudoedit ) . +It may take command line arguments just as a normal command does. +Note that +.Dq Li sudoedit +is a command built into +.Nm sudo +itself and must be specified in without a leading path. +.Pp The special value .Li ALL will match any command. -If a command is prefixed with an exclamation point -.Ql \&! , -the user will be prohibited from running that command. +.Pp +If a command name is prefixed with a SHA-2 digest, it will +only be allowed if the digest matches. +This may be useful in situations where the user invoking +.Nm sudo +has write access to the command or its parent directory. +The following digest formats are supported: sha224, sha256, sha384 and sha512. +The digest name must be followed by a colon +.Pq Ql :\& +and then the actual digest, in either hex or base64 format. +For example, given the following value for sudoCommand: +.Bd -literal -offset 4n +sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls +.Ed +.Pp +The user may only run +.Pa /bin/ls +if its sha224 digest matches the specified value. +Command digests are only supported by version 1.8.7 or higher. .It Sy sudoOption Identical in function to the global options described above, but specific to the @@ -248,7 +294,7 @@ The .Li sudoOrder attribute is an integer (or floating point value for LDAP servers that support it) that is used to sort the matching entries. -This allows LDAP-based sudoers entries to more closely mimic the behaviour +This allows LDAP-based sudoers entries to more closely mimic the behavior of the sudoers file, where the of the entries influences the result. If multiple entries match, the entry with the highest .Li sudoOrder @@ -304,7 +350,7 @@ to see if the user belongs to any of them. .Pp If timed entries are enabled with the .Sy SUDOERS_TIMED -configuration directive, the LDAP queries include a subfilter that +configuration directive, the LDAP queries include a sub-filter that limits retrieval to entries that satisfy the time constraints, if any. .Ss Differences between LDAP and non-LDAP sudoers There are some subtle differences in the way sudoers is handled @@ -403,7 +449,7 @@ section. Sudo reads the .Pa @ldap_conf@ file for LDAP-specific configuration. -Typically, this file is shared amongst different LDAP-aware clients. +Typically, this file is shared between different LDAP-aware clients. As such, most of the settings are not .Nm sudo Ns No -specific. Note that @@ -414,6 +460,12 @@ itself and may support options that differ from those described in the system's .Xr ldap.conf @mansectsu@ manual. +The path to +.Pa ldap.conf +may be overridden via the +.Em ldap_conf +plugin argument in +.Xr sudo.conf @mansectform@ . .Pp Also note that on systems using the OpenLDAP libraries, default values specified in @@ -429,9 +481,15 @@ as being supported by are honored. Configuration options are listed below in upper case but are parsed in a case-independent manner. +.Pp +Long lines can be continued with a backslash +.Pq Ql \e +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. .Bl -tag -width 4n .It Sy URI Ar ldap[s]://[hostname[:port]] ... -Specifies a whitespace-delimited list of one or more URIs describing +Specifies a white space-delimited list of one or more URIs describing the LDAP server(s) to connect to. The .Em protocol @@ -468,7 +526,7 @@ If no .Sy URI is specified, the .Sy HOST -parameter specifies a whitespace-delimited list of LDAP servers to connect to. +parameter specifies a white space-delimited list of LDAP servers to connect to. Each host may include an optional .Em port separated by a colon @@ -556,6 +614,26 @@ A value of 1 results in a moderate amount of debugging information. A value of 2 shows the results of the matches themselves. This parameter should not be set in a production environment as the extra information is likely to confuse users. +.Pp +The +.Sy SUDOERS_DEBUG +parameter is deprecated and will be removed in a future release. +The same information is now logged via the +.Nm sudo +debugging framework using the +.Dq ldap +subsystem at priorities +.Em diag +and +.Em info +for +.Em debug_level +values 1 and 2 respectively. +See the +.Xr sudo.conf @mansectform@ +manual for details on how to configure +.Nm sudo +debugging. .It Sy BINDDN Ar DN The .Sy BINDDN @@ -577,10 +655,16 @@ parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing privileged LDAP operations, such as .Em sudoers queries. -The password corresponding -to the identity should be stored in +The password corresponding to the identity should be stored in the +or the path specified by the +.Em ldap_secret +plugin argument in +.Xr sudo.conf @mansectform@ , +which defaults to .Pa @ldap_secret@ . -If not specified, the +If no +.Sy ROOTBINDDN +is specified, the .Sy BINDDN identity is used (if any). .It Sy LDAP_VERSION Ar number @@ -844,7 +928,7 @@ file can be ignored completely by using: sudoers = ldap .Ed .Pp -To treat LDAP as authoratative and only use the local sudoers file +To treat LDAP as authoritative and only use the local sudoers file if the user is not present in LDAP, use: .Bd -literal -offset 4n sudoers = ldap = auth, files @@ -852,7 +936,7 @@ sudoers = ldap = auth, files .Pp Note that in the above example, the .Li auth -qualfier only affects user lookups; both LDAP and +qualifier only affects user lookups; both LDAP and .Em sudoers will be queried for .Li Defaults @@ -1073,7 +1157,8 @@ objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL ) .Ed .Sh SEE ALSO -.Xr ldap.conf @mansectsu@ , +.Xr ldap.conf @mansectform@ , +.Xr sudo.conf @mansectform@ , .Xr sudoers @mansectsu@ .Sh CAVEATS Note that there are differences in the way that LDAP-based diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 065f52e..d076587 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -1,8 +1,8 @@ .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012 -.\" Todd C. Miller +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013 +.\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -21,16 +21,16 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDOERS" "@mansectsu@" "July 16, 2012" "Sudo @PACKAGE_VERSION@" "Programmer's Manual" +.TH "SUDOERS" "@mansectsu@" "April 30, 2013" "Sudo @PACKAGE_VERSION@" "Programmer's Manual" .nh .if n .ad l .SH "NAME" \fBsudoers\fR -\- default sudo security policy module +\- default sudo security policy plugin .SH "DESCRIPTION" The \fIsudoers\fR -policy module determines a user's +policy plugin determines a user's \fBsudo\fR privileges. It is the default @@ -48,6 +48,94 @@ For information on storing policy information in LDAP, please see sudoers.ldap(@mansectform@). +.SS "Configuring sudo.conf for sudoers" +\fBsudo\fR +consults the +sudo.conf(@mansectform@) +file to determine which policy and and I/O logging plugins to load. +If no +sudo.conf(@mansectform@) +file is present, or if it contains no +\fRPlugin\fR +lines, +\fBsudoers\fR +will be used for policy decisions and I/O logging. +To explicitly configure +sudo.conf(@mansectform@) +to use the +\fBsudoers\fR +plugin, the following configuration can be used. +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +.RE +.fi +.PP +Starting with +\fBsudo\fR +1.8.5, it is possible to specify optional arguments to the +\fBsudoers\fR +plugin in the +sudo.conf(@mansectform@) +file. +These arguments, if present, should be listed after the path to the plugin +(i.e.\& after +\fIsudoers.so\fR). +Multiple arguments may be specified, separated by white space. +For example: +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so sudoers_mode=0400 +.RE +.fi +.PP +The following plugin arguments are supported: +.TP 10n +ldap_conf=pathname +The +\fIldap_conf\fR +argument can be used to override the default path to the +\fIldap.conf\fR +file. +.TP 10n +ldap_secret=pathname +The +\fIldap_secret\fR +argument can be used to override the default path to the +\fIldap.secret\fR +file. +.TP 10n +sudoers_file=pathname +The +\fIsudoers_file\fR +argument can be used to override the default path to the +\fIsudoers\fR +file. +.TP 10n +sudoers_uid=uid +The +\fIsudoers_uid\fR +argument can be used to override the default owner of the sudoers file. +It should be specified as a numeric user ID. +.TP 10n +sudoers_gid=gid +The +\fIsudoers_gid\fR +argument can be used to override the default group of the sudoers file. +It must be specified as a numeric group ID (not a group name). +.TP 10n +sudoers_mode=mode +The +\fIsudoers_mode\fR +argument can be used to override the default file mode for the sudoers file. +It should be specified as an octal value. +.PP +For more information on configuring +sudo.conf(@mansectform@), +please refer to its manual. .SS "Authentication and logging" The \fIsudoers\fR @@ -451,10 +539,10 @@ User ::= '!'* user name | .PP A \fRUser_List\fR -is made up of one or more user names, user ids +is made up of one or more user names, user IDs (prefixed with `#'), -system group names and ids (prefixed with +system group names and IDs (prefixed with `%' and `%#' @@ -496,9 +584,7 @@ The actual and \fRnonunix_gid\fR syntax depends on -the underlying group provider plugin (see the -\fIgroup_plugin\fR -description below). +the underlying group provider plugin. For instance, the QAS AD plugin supports the following formats: .TP 6n \fBo\fR @@ -510,6 +596,10 @@ Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN" \fBo\fR Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" .PP +See +\fIGROUP PROVIDER PLUGINS\fR +for more information. +.PP Note that quotes around group names are optional. Unquoted strings must use a backslash (`\e') @@ -602,6 +692,14 @@ only the case for non-networked systems. .nf .sp .RS 0n +digest ::= [A-Fa-f0-9]+ | + [[A-Za-z0-9\+/=]+ + +Digest_Spec ::= "sha224" ':' digest | + "sha256" ':' digest | + "sha384" ':' digest | + "sha512" ':' digest + Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List @@ -609,7 +707,7 @@ command name ::= file name | file name args | file name '""' -Cmnd ::= '!'* command name | +Cmnd ::= Digest_Spec? '!'* command name | '!'* directory | '!'* "sudoedit" | '!'* Cmnd_Alias @@ -655,7 +753,7 @@ if they are used in command arguments: `:\&', `=\&', `\e'. -The special command +The built-in command ``\fRsudoedit\fR'' is used to permit a user to run \fBsudo\fR @@ -664,6 +762,48 @@ with the option (or as \fBsudoedit\fR). It may take command line arguments just as a normal command does. +Note that +``\fRsudoedit\fR'' +is a command built into +\fBsudo\fR +itself and must be specified in +\fIsudoers\fR +without a leading path. +.PP +If a +\fRcommand name\fR +is prefixed with a +\fRDigest_Spec\fR, +the command will only match successfully if it can be verified +using the specified SHA-2 digest. +This may be useful in situations where the user invoking +\fBsudo\fR +has write access to the command or its parent directory. +The following digest formats are supported: sha224, sha256, sha384 and sha512. +The string may be specified in either hex or base64 format +(base64 is more compact). +There are several utilities capable of generating SHA-2 digests in hex +format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum. +.PP +For example, using openssl: +.nf +.sp +.RS 0n +$ openssl dgst -sha224 /bin/ls +SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 +.RE +.fi +.PP +It is also possible to use openssl to generate base64 output: +.nf +.sp +.RS 0n +$ openssl dgst -binary -sha224 /bin/ls | openssl base64 +EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== +.RE +.fi +.PP +Command digests are only supported by version 1.8.7 or higher. .SS "Defaults" Certain configuration options may be changed from their default values at run-time via one or more @@ -1028,9 +1168,9 @@ and \fRNOEXEC\fR overrides \fREXEC\fR). -.PP -\fINOPASSWD and PASSWD\fR -.PP +.TP 2n +\fINOPASSWD\fR and \fIPASSWD\fR +.sp By default, \fBsudo\fR requires that a user authenticate him or herself @@ -1049,13 +1189,14 @@ Conversely, the \fRPASSWD\fR tag can be used to reverse things. For example: +.RS .nf .sp .RS 0n ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm .RE .fi -.PP +.sp would allow the user \fBray\fR to run @@ -1078,13 +1219,13 @@ without a password the entry would be: ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm .RE .fi -.PP +.sp Note, however, that the \fRPASSWD\fR tag has no effect on users who are in the group specified by the \fIexempt_group\fR option. -.PP +.sp By default, if the \fRNOPASSWD\fR tag is applied to any of the entries for a user on the current host, @@ -1102,8 +1243,11 @@ and \fIlistpw\fR options. .PP -\fINOEXEC and EXEC\fR -.PP +.RE +.PD 0 +.TP 2n +\fINOEXEC\fR and \fIEXEC\fR +.sp If \fBsudo\fR has been compiled with @@ -1112,7 +1256,7 @@ support and the underlying operating system supports it, the \fRNOEXEC\fR tag can be used to prevent a dynamically-linked executable from running further commands itself. -.PP +.sp In the following example, user \fBaaron\fR may run @@ -1120,21 +1264,26 @@ may run and \fI/usr/bin/vi\fR but shell escapes will be disabled. +.RS .nf .sp .RS 0n aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi .RE .fi -.PP +.sp See the \fIPreventing shell escapes\fR section below for more details on how \fRNOEXEC\fR works and whether or not it will work on your system. +.PD .PP -\fISETENV and NOSETENV\fR -.PP +.RE +.PD 0 +.TP 2n +\fISETENV\fR and \fINOSETENV\fR +.sp These tags override the value of the \fIsetenv\fR option on a per-command basis. @@ -1159,9 +1308,10 @@ the tag is implied for that command; this default may be overridden by use of the \fRNOSETENV\fR tag. -.PP -\fILOG_INPUT and NOLOG_INPUT\fR -.PP +.PD +.TP 2n +\fILOG_INPUT\fR and \fINOLOG_INPUT\fR +.sp These tags override the value of the \fIlog_input\fR option on a per-command basis. @@ -1170,9 +1320,9 @@ For more information, see the description of in the \fISUDOERS OPTIONS\fR section below. -.PP -\fILOG_OUTPUT and NOLOG_OUTPUT\fR -.PP +.TP 2n +\fILOG_OUTPUT\fR and \fINOLOG_OUTPUT\fR +.sp These tags override the value of the \fIlog_output\fR option on a per-command basis. @@ -1190,11 +1340,11 @@ to be used in host names, path names and command line arguments in the \fIsudoers\fR file. Wildcard matching is done via the -\fBPOSIX\fR glob(3) and fnmatch(3) -routines. +functions as specified by +IEEE Std 1003.1 (\(lqPOSIX.1\(rq). Note that these are \fInot\fR regular expressions. @@ -1225,7 +1375,7 @@ This is used to escape special characters such as: and `]\&'. .PP -POSIX character classes may also be used if your system's +Character classes may also be used if your system's glob(3) and fnmatch(3) @@ -1490,11 +1640,37 @@ An exclamation point (`\&!') can be used as a logical \fInot\fR -operator both in an +operator in a list or \fIalias\fR -and in front of a +as well as in front of a \fRCmnd\fR. This allows one to exclude certain values. +For the +`\&!' +operator to be effective, there must be something for it to exclude. +For example, to match all users except for root one would use: +.nf +.sp +.RS 4n +ALL,!root +.RE +.fi +.PP +If the +\fBALL\fR, +is omitted, as in: +.nf +.sp +.RS 4n +!root +.RE +.fi +.PP +it would explicitly deny root but not match any other users. +This is different from a true +``negation'' +operator. +.PP Note, however, that using a `\&!' in conjunction with the built-in @@ -1603,6 +1779,64 @@ is compiled with \fBzlib\fR support. .TP 18n +exec_background +By default, +\fBsudo\fR +runs a command as the foreground process as long as +\fBsudo\fR +itself is running in the foreground. +When the +\fIexec_background\fR +flag is enabled and the command is being run in a pty (due to I/O logging +or the +\fIuse_pty\fR +flag), the command will be run as a background process. +Attempts to read from the controlling terminal (or to change terminal +settings) will result in the command being suspended with the +\fRSIGTTIN\fR +signal (or +\fRSIGTTOU\fR +in the case of terminal settings). +If this happens when +\fBsudo\fR +is a foreground process, the command will be granted the controlling terminal +and resumed in the foreground with no user intervention required. +The advantage of initially running the command in the background is that +\fBsudo\fR +need not read from the terminal unless the command explicitly requests it. +Otherwise, any terminal input must be passed to the command, whether it +has required it or not (the kernel buffers terminals so it is not possible +to tell whether the command really wants the input). +This is different from historic +\fIsudo\fR +behavior or when the command is not being run in a pty. +.sp +For this to work seamlessly, the operating system must support the +automatic restarting of system calls. +Unfortunately, not all operating systems do this by default, +and even those that do may have bugs. +For example, Mac OS X fails to restart the +\fBtcgetattr\fR() +and +\fBtcsetattr\fR() +system calls (this is a bug in Mac OS X). +Furthermore, because this behavior depends on the command stopping with the +\fRSIGTTIN\fR +or +\fRSIGTTOU\fR +signals, programs that catch these signals and suspend themselves +with a different signal (usually +\fRSIGTOP\fR) +will not be automatically foregrounded. +Some versions of the linux +su(1) +command behave this way. +.sp +This setting is only supported by version 1.8.7 or higher. +It has no effect unless I/O logging is enabled or the +\fIuse_pty\fR +flag is enabled. +.TP 18n env_editor If set, \fBvisudo\fR @@ -1985,23 +2219,21 @@ This flag is \fIoff\fR by default. .TP 18n -path_info -Normally, -\fBsudo\fR -will tell the user when a command could not be -found in their -\fRPATH\fR -environment variable. -Some sites may wish to disable this as it could be used to gather -information on the location of executables that the normal user does -not have access to. -The disadvantage is that if the executable is simply not in the user's -\fRPATH\fR, +pam_session +On systems that use PAM for authentication, \fBsudo\fR -will tell the user that they are not allowed to run it, which can be confusing. +will create a new PAM session for the command to be run in. +Disabling +\fIpam_session\fR +may be needed on older PAM implementations or on operating systems where +opening a PAM session changes the utmp or wtmp files. +If PAM session support is disabled, resource limits may not be updated +for the command being run. This flag is -\fI@path_info@\fR +\fI@pam_session@\fR by default. +.sp +This setting is only supported by version 1.8.7 or higher. .TP 18n passprompt_override The password prompt specified by @@ -2018,6 +2250,24 @@ This flag is \fIoff\fR by default. .TP 18n +path_info +Normally, +\fBsudo\fR +will tell the user when a command could not be +found in their +\fRPATH\fR +environment variable. +Some sites may wish to disable this as it could be used to gather +information on the location of executables that the normal user does +not have access to. +The disadvantage is that if the executable is simply not in the user's +\fRPATH\fR, +\fBsudo\fR +will tell the user that they are not allowed to run it, which can be confusing. +This flag is +\fI@path_info@\fR +by default. +.TP 18n preserve_groups By default, \fBsudo\fR @@ -2533,6 +2783,17 @@ will have the replaced with a unique combination of digits and letters, similar to the mktemp(3) function. +.sp +If the path created by concatenating +\fIiolog_dir\fR +and +\fIiolog_file\fR +already exists, the existing I/O log file will be truncated and +overwritten unless +\fIiolog_file\fR +ends in six or +more +\fRX\fRs. .PD .TP 18n limitprivs @@ -2555,10 +2816,39 @@ will expand to the host name of the machine. Default is ``\fR@mailsub@\fR''. .TP 18n +maxseq +The maximum sequence number that will be substituted for the +``\fR%{seq}\fR'' +escape in the I/O log file (see the +\fIiolog_dir\fR +description above for more information). +While the value substituted for +``\fR%{seq}\fR'' +is in base 36, +\fImaxseq\fR +itself should be expressed in decimal. +Values larger than 2176782336 (which corresponds to the +base 36 sequence number +``ZZZZZZ'') +will be silently truncated to 2176782336. +The default value is 2176782336. +.sp +Once the local sequence number reaches the value of +\fImaxseq\fR, +it will +``roll over'' +to zero, after which +\fBsudoers\fR +will truncate and re-use any existing I/O log pathnames. +.sp +This setting is only supported by version 1.8.7 or higher. +.TP 18n noexec_file -This option is no longer supported. +As of +\fBsudo\fR +version 1.8.1 this option is no longer supported. The path to the noexec file should now be set in the -\fI@sysconfdir@/sudo.conf\fR +sudo.conf(@mansectform@) file. .TP 18n passprompt @@ -2729,40 +3019,22 @@ group_plugin A string containing a \fIsudoers\fR group plugin with optional arguments. -This can be used to implement support for the -\fRnonunix_group\fR -syntax described earlier. The string should consist of the plugin path, either fully-qualified or relative to the -\fI@prefix@/libexec\fR +\fI@PLUGINDIR@\fR directory, followed by any configuration arguments the plugin requires. These arguments (if any) will be passed to the plugin's initialization function. If arguments are present, the string must be enclosed in double quotes (\&""). .sp -For example, given -\fI/etc/sudo-group\fR, -a group file in Unix group format, the sample group plugin can be used: -.RS -.nf -.sp -.RS 0n -Defaults group_plugin="sample_group.so /etc/sudo-group" -.RE -.fi -.sp For more information see -sudo_plugin(@mansectform@). -.PP -.RE -.PD 0 +GROUP PROVIDER PLUGINS. .TP 14n lecture This option controls when a short lecture will be printed along with the password prompt. It has the following possible values: .RS -.PD .TP 8n always Always lecture the user. @@ -3050,6 +3322,74 @@ is displayed when is run by root with the \fB\-V\fR option. +.SH "GROUP PROVIDER PLUGINS" +The +\fBsudoers\fR +plugin supports its own plugin interface to allow non-Unix +group lookups which can query a group source other +than the standard Unix group database. +This can be used to implement support for the +\fRnonunix_group\fR +syntax described earlier. +.PP +Group provider plugins are specified via the +\fIgroup_plugin\fR +Defaults setting. +The argument to +\fIgroup_plugin\fR +should consist of the plugin path, either fully-qualified or relative to the +\fI@PLUGINDIR@\fR +directory, followed by any configuration options the plugin requires. +These options (if specified) will be passed to the plugin's initialization +function. +If options are present, the string must be enclosed in double quotes +(\&""). +.PP +The following group provider plugins are installed by default: +.TP 10n +group_file +The +\fIgroup_file\fR +plugin supports an alternate group file that uses the same syntax as the +\fI/etc/group\fR +file. +The path to the group file should be specified as an option +to the plugin. +For example, if the group file to be used is +\fI/etc/sudo-group\fR: +.RS +.nf +.sp +.RS 0n +Defaults group_plugin="group_file.so /etc/sudo-group" +.RE +.fi +.PP +.RE +.PD 0 +.TP 10n +system_group +The +\fIsystem_group\fR +plugin supports group lookups via the standard C library functions +\fBgetgrnam\fR() +and +\fBgetgrid\fR(). +This plugin can be used in instances where the user belongs to +groups not present in the user's supplemental group vector. +This plugin takes no options: +.RS +.nf +.sp +.RS 0n +Defaults group_plugin=system_group.so +.RE +.fi +.RE +.PD +.PP +The group provider plugin API is described in detail in +sudo_plugin(@mansectsu@). .SH "LOG FORMAT" \fBsudoers\fR can log events using either @@ -3221,18 +3561,19 @@ Normally, tries to open \fIsudoers\fR using group permissions to avoid this problem. -Consider changing the ownership of +Consider either changing the ownership of \fI@sysconfdir@/sudoers\fR -by adding an option like +or adding an argument like ``sudoers_uid=N'' (where `N' is the user ID that owns the \fIsudoers\fR -file) to the +file) to the end of the \fBsudoers\fR -plugin line in the -\fI@sysconfdir@/sudo.conf\fR +\fRPlugin\fR +line in the +sudo.conf(@mansectform@) file. .TP 3n unable to stat @sysconfdir@/sudoers @@ -3259,8 +3600,9 @@ is the user ID that owns the \fIsudoers\fR file) to the \fBsudoers\fR -plugin line in the -\fI@sysconfdir@/sudo.conf\fR +\fRPlugin\fR +line in the +sudo.conf(@mansectform@) file. .TP 3n @sysconfdir@/sudoers is world writable @@ -3275,8 +3617,9 @@ The default mode may be changed via the ``sudoers_mode'' option to the \fBsudoers\fR -plugin line in the -\fI@sysconfdir@/sudo.conf\fR +\fRPlugin\fR +line in the +sudo.conf(@mansectform@) file. .TP 3n @sysconfdir@/sudoers is owned by gid N, should be 1 @@ -3293,8 +3636,9 @@ is the group ID that owns the \fIsudoers\fR file) to the \fBsudoers\fR -plugin line in the -\fI@sysconfdir@/sudo.conf\fR +\fRPlugin\fR +line in the +sudo.conf(@mansectform@) file. .TP 3n unable to open @timedir@/username/ttyname @@ -3374,193 +3718,6 @@ If the option is set to 0 (or negated with a `\&!'), word wrap will be disabled. -.SH "SUDO.CONF" -The -\fI@sysconfdir@/sudo.conf\fR -file determines which plugins the -\fBsudo\fR -front end will load. -If no -\fI@sysconfdir@/sudo.conf\fR -file -is present, or it contains no -\fRPlugin\fR -lines, -\fBsudo\fR -will use the -\fIsudoers\fR -security policy and I/O logging, which corresponds to the following -\fI@sysconfdir@/sudo.conf\fR -file. -.nf -.sp -.RS 0n -# -# Default @sysconfdir@/sudo.conf file -# -# Format: -# Plugin plugin_name plugin_path plugin_options ... -# Path askpass /path/to/askpass -# Path noexec /path/to/sudo_noexec.so -# Debug sudo /var/log/sudo_debug all@warn -# Set disable_coredump true -# -# The plugin_path is relative to @prefix@/libexec unless -# fully qualified. -# The plugin_name corresponds to a global symbol in the plugin -# that contains the plugin interface structure. -# The plugin_options are optional. -# -Plugin policy_plugin sudoers.so -Plugin io_plugin sudoers.so -.RE -.fi -.SS "Plugin options" -Starting with -\fBsudo\fR -1.8.5, it is possible to pass options to the -\fIsudoers\fR -plugin. -Options may be listed after the path to the plugin (i.e.\& after -\fIsudoers.so\fR); -multiple options should be space-separated. -For example: -.nf -.sp -.RS 0n -Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440 -.RE -.fi -.PP -The following plugin options are supported: -.TP 10n -sudoers_file=pathname -The -\fIsudoers_file\fR -option can be used to override the default path -to the -\fIsudoers\fR -file. -.TP 10n -sudoers_uid=uid -The -\fIsudoers_uid\fR -option can be used to override the default owner of the sudoers file. -It should be specified as a numeric user ID. -.TP 10n -sudoers_gid=gid -The -\fIsudoers_gid\fR -option can be used to override the default group of the sudoers file. -It should be specified as a numeric group ID. -.TP 10n -sudoers_mode=mode -The -\fIsudoers_mode\fR -option can be used to override the default file mode for the sudoers file. -It should be specified as an octal value. -.SS "Debug flags" -Versions 1.8.4 and higher of the -\fIsudoers\fR -plugin supports a debugging framework that can help track down what the -plugin is doing internally if there is a problem. -This can be configured in the -\fI@sysconfdir@/sudo.conf\fR -file as described in -sudo(@mansectsu@). -.PP -The -\fIsudoers\fR -plugin uses the same debug flag format as the -\fBsudo\fR -front-end: -\fIsubsystem\fR@\fIpriority\fR. -.PP -The priorities used by -\fIsudoers\fR, -in order of decreasing severity, -are: -\fIcrit\fR, -\fIerr\fR, -\fIwarn\fR, -\fInotice\fR, -\fIdiag\fR, -\fIinfo\fR, -\fItrace\fR -and -\fIdebug\fR. -Each priority, when specified, also includes all priorities higher than it. -For example, a priority of -\fInotice\fR -would include debug messages logged at -\fInotice\fR -and higher. -.PP -The following subsystems are used by -\fIsudoers\fR: -.TP 10n -\fIalias\fR -\fRUser_Alias\fR, -\fRRunas_Alias\fR, -\fRHost_Alias\fR -and -\fRCmnd_Alias\fR -processing -.TP 10n -\fIall\fR -matches every subsystem -.TP 10n -\fIaudit\fR -BSM and Linux audit code -.TP 10n -\fIauth\fR -user authentication -.TP 10n -\fIdefaults\fR -\fIsudoers\fR -\fIDefaults\fR -settings -.TP 10n -\fIenv\fR -environment handling -.TP 10n -\fIldap\fR -LDAP-based sudoers -.TP 10n -\fIlogging\fR -logging support -.TP 10n -\fImatch\fR -matching of users, groups, hosts and netgroups in -\fIsudoers\fR -.TP 10n -\fInetif\fR -network interface handling -.TP 10n -\fInss\fR -network service switch handling in -\fIsudoers\fR -.TP 10n -\fIparser\fR -\fIsudoers\fR -file parsing -.TP 10n -\fIperms\fR -permission setting -.TP 10n -\fIplugin\fR -The equivalent of -\fImain\fR -for the plugin. -.TP 10n -\fIpty\fR -pseudo-tty related code -.TP 10n -\fIrbtree\fR -redblack tree internals -.TP 10n -\fIutil\fR -utility functions .SH "FILES" .TP 26n \fI@sysconfdir@/sudo.conf\fR @@ -3624,7 +3781,9 @@ Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e - /usr/sbin/restore, /usr/sbin/rrestore + /usr/sbin/restore, /usr/sbin/rrestore,\e + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e + /home/operator/bin/start_backups Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown @@ -3776,6 +3935,15 @@ Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory \fI/usr/oper/bin/\fR. +Note that one command in the +\fRDUMPS\fR +Cmnd_Alias includes a sha224 digest, +\fI/home/operator/bin/start_backups\fR. +This is because the directory containing the script is writable by the +operator user. +If the script is modified (resulting in a digest mismatch) it will no longer +be possible to run it via +\fBsudo\fR. .nf .sp .RS 0n @@ -4213,6 +4381,117 @@ is able to determine when a tty-based time stamp file is stale and will ignore it. Administrators should not rely on this feature as it is not universally available. +.SH "DEBUGGING" +Versions 1.8.4 and higher of the +\fBsudoers\fR +plugin support a flexible debugging framework that can help track +down what the plugin is doing internally if there is a problem. +This can be configured in the +sudo.conf(@mansectform@) +file. +.PP +The +\fBsudoers\fR +plugin uses the same debug flag format as the +\fBsudo\fR +front-end: +\fIsubsystem\fR@\fIpriority\fR. +.PP +The priorities used by +\fBsudoers\fR, +in order of decreasing severity, +are: +\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR +and +\fIdebug\fR. +Each priority, when specified, also includes all priorities higher +than it. +For example, a priority of +\fInotice\fR +would include debug messages logged at +\fInotice\fR +and higher. +.PP +The following subsystems are used by the +\fBsudoers\fR +plugin: +.TP 10n +\fIalias\fR +\fRUser_Alias\fR, +\fRRunas_Alias\fR, +\fRHost_Alias\fR +and +\fRCmnd_Alias\fR +processing +.TP 10n +\fIall\fR +matches every subsystem +.TP 10n +\fIaudit\fR +BSM and Linux audit code +.TP 10n +\fIauth\fR +user authentication +.TP 10n +\fIdefaults\fR +\fIsudoers\fR +\fIDefaults\fR +settings +.TP 10n +\fIenv\fR +environment handling +.TP 10n +\fIldap\fR +LDAP-based sudoers +.TP 10n +\fIlogging\fR +logging support +.TP 10n +\fImatch\fR +matching of users, groups, hosts and netgroups in +\fIsudoers\fR +.TP 10n +\fInetif\fR +network interface handling +.TP 10n +\fInss\fR +network service switch handling in +\fIsudoers\fR +.TP 10n +\fIparser\fR +\fIsudoers\fR +file parsing +.TP 10n +\fIperms\fR +permission setting +.TP 10n +\fIplugin\fR +The equivalent of +\fImain\fR +for the plugin. +.TP 10n +\fIpty\fR +pseudo-tty related code +.TP 10n +\fIrbtree\fR +redblack tree internals +.TP 10n +\fIutil\fR +utility functions +.PD 0 +.PP +.PD +For example: +.nf +.sp +.RS 0n +Debug sudo /var/log/sudo_debug match@info,nss@info +.RE +.fi +.PP +For more information, see the +sudo.conf(@mansectform@) +manual. .SH "SEE ALSO" ssh(1), su(1), @@ -4220,6 +4499,7 @@ fnmatch(3), glob(3), mktemp(3), strftime(3), +sudo.conf(@mansectform@), sudoers.ldap(@mansectform@), sudo_plugin(@mansectsu@), sudo(@mansectsu@), diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index fe65e76..1331580 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -1,6 +1,6 @@ .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012 -.\" Todd C. Miller +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013 +.\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,16 +19,16 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd July 16, 2012 +.Dd April 30, 2013 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME .Nm sudoers -.Nd default sudo security policy module +.Nd default sudo security policy plugin .Sh DESCRIPTION The .Em sudoers -policy module determines a user's +policy plugin determines a user's .Nm sudo privileges. It is the default @@ -46,6 +46,84 @@ For information on storing policy information in LDAP, please see .Xr sudoers.ldap @mansectform@ . +.Ss Configuring sudo.conf for sudoers +.Nm sudo +consults the +.Xr sudo.conf @mansectform@ +file to determine which policy and and I/O logging plugins to load. +If no +.Xr sudo.conf @mansectform@ +file is present, or if it contains no +.Li Plugin +lines, +.Nm sudoers +will be used for policy decisions and I/O logging. +To explicitly configure +.Xr sudo.conf @mansectform@ +to use the +.Nm sudoers +plugin, the following configuration can be used. +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +.Ed +.Pp +Starting with +.Nm sudo +1.8.5, it is possible to specify optional arguments to the +.Nm sudoers +plugin in the +.Xr sudo.conf @mansectform@ +file. +These arguments, if present, should be listed after the path to the plugin +(i.e.\& after +.Pa sudoers.so ) . +Multiple arguments may be specified, separated by white space. +For example: +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so sudoers_mode=0400 +.Ed +.Pp +The following plugin arguments are supported: +.Bl -tag -width 8n +.It ldap_conf=pathname +The +.Em ldap_conf +argument can be used to override the default path to the +.Pa ldap.conf +file. +.It ldap_secret=pathname +The +.Em ldap_secret +argument can be used to override the default path to the +.Pa ldap.secret +file. +.It sudoers_file=pathname +The +.Em sudoers_file +argument can be used to override the default path to the +.Em sudoers +file. +.It sudoers_uid=uid +The +.Em sudoers_uid +argument can be used to override the default owner of the sudoers file. +It should be specified as a numeric user ID. +.It sudoers_gid=gid +The +.Em sudoers_gid +argument can be used to override the default group of the sudoers file. +It must be specified as a numeric group ID (not a group name). +.It sudoers_mode=mode +The +.Em sudoers_mode +argument can be used to override the default file mode for the sudoers file. +It should be specified as an octal value. +.El +.Pp +For more information on configuring +.Xr sudo.conf @mansectform@ , +please refer to its manual. .Ss Authentication and logging The .Em sudoers @@ -437,10 +515,10 @@ User ::= '!'* user name | .Pp A .Li User_List -is made up of one or more user names, user ids +is made up of one or more user names, user IDs (prefixed with .Ql # ) , -system group names and ids (prefixed with +system group names and IDs (prefixed with .Ql % and .Ql %# @@ -482,9 +560,7 @@ The actual and .Li nonunix_gid syntax depends on -the underlying group provider plugin (see the -.Em group_plugin -description below). +the underlying group provider plugin. For instance, the QAS AD plugin supports the following formats: .Bl -bullet -width 4n .It @@ -495,6 +571,10 @@ Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN" Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" .El .Pp +See +.Sx "GROUP PROVIDER PLUGINS" +for more information. +.Pp Note that quotes around group names are optional. Unquoted strings must use a backslash .Pq Ql \e @@ -579,6 +659,14 @@ Also, the host name will only match if that is the actual host name, which is usually only the case for non-networked systems. .Bd -literal +digest ::= [A-Fa-f0-9]+ | + [[A-Za-z0-9\+/=]+ + +Digest_Spec ::= "sha224" ':' digest | + "sha256" ':' digest | + "sha384" ':' digest | + "sha512" ':' digest + Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List @@ -586,7 +674,7 @@ command name ::= file name | file name args | file name '""' -Cmnd ::= '!'* command name | +Cmnd ::= Digest_Spec? '!'* command name | '!'* directory | '!'* "sudoedit" | '!'* Cmnd_Alias @@ -631,7 +719,7 @@ if they are used in command arguments: .Ql :\& , .Ql =\& , .Ql \e . -The special command +The built-in command .Dq Li sudoedit is used to permit a user to run .Nm sudo @@ -640,6 +728,42 @@ with the option (or as .Nm sudoedit ) . It may take command line arguments just as a normal command does. +Note that +.Dq Li sudoedit +is a command built into +.Nm sudo +itself and must be specified in +.Em sudoers +without a leading path. +.Pp +If a +.Li command name +is prefixed with a +.Li Digest_Spec , +the command will only match successfully if it can be verified +using the specified SHA-2 digest. +This may be useful in situations where the user invoking +.Nm sudo +has write access to the command or its parent directory. +The following digest formats are supported: sha224, sha256, sha384 and sha512. +The string may be specified in either hex or base64 format +(base64 is more compact). +There are several utilities capable of generating SHA-2 digests in hex +format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum. +.Pp +For example, using openssl: +.Bd -literal +$ openssl dgst -sha224 /bin/ls +SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 +.Ed +.Pp +It is also possible to use openssl to generate base64 output: +.Bd -literal +$ openssl dgst -binary -sha224 /bin/ls | openssl base64 +EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== +.Ed +.Pp +Command digests are only supported by version 1.8.7 or higher. .Ss Defaults Certain configuration options may be changed from their default values at run-time via one or more @@ -970,9 +1094,9 @@ and .Li NOEXEC overrides .Li EXEC ) . -.Pp -.Em NOPASSWD and PASSWD -.Pp +.Bl -hang -width 0n +.It Em NOPASSWD No and Em PASSWD +.sp By default, .Nm sudo requires that a user authenticate him or herself @@ -1037,9 +1161,8 @@ This behavior may be overridden via the and .Em listpw options. -.Pp -.Em NOEXEC and EXEC -.Pp +.It Em NOEXEC No and Em EXEC +.sp If .Nm sudo has been compiled with @@ -1065,9 +1188,8 @@ See the section below for more details on how .Li NOEXEC works and whether or not it will work on your system. -.Pp -.Em SETENV and NOSETENV -.Pp +.It Em SETENV No and Em NOSETENV +.sp These tags override the value of the .Em setenv option on a per-command basis. @@ -1092,9 +1214,8 @@ the tag is implied for that command; this default may be overridden by use of the .Li NOSETENV tag. -.Pp -.Em LOG_INPUT and NOLOG_INPUT -.Pp +.It Em LOG_INPUT No and Em NOLOG_INPUT +.sp These tags override the value of the .Em log_input option on a per-command basis. @@ -1103,9 +1224,8 @@ For more information, see the description of in the .Sx SUDOERS OPTIONS section below. -.Pp -.Em LOG_OUTPUT and NOLOG_OUTPUT -.Pp +.It Em LOG_OUTPUT No and Em NOLOG_OUTPUT +.sp These tags override the value of the .Em log_output option on a per-command basis. @@ -1114,6 +1234,7 @@ For more information, see the description of in the .Sx SUDOERS OPTIONS section below. +.El .Ss Wildcards .Nm sudo allows shell-style @@ -1123,11 +1244,11 @@ to be used in host names, path names and command line arguments in the .Em sudoers file. Wildcard matching is done via the -.Sy POSIX .Xr glob 3 and .Xr fnmatch 3 -routines. +functions as specified by +.St -p1003.1 . Note that these are .Em not regular expressions. @@ -1155,7 +1276,7 @@ and .Ql ]\& . .El .Pp -POSIX character classes may also be used if your system's +Character classes may also be used if your system's .Xr glob 3 and .Xr fnmatch 3 @@ -1393,11 +1514,31 @@ An exclamation point .Pq Ql \&! can be used as a logical .Em not -operator both in an +operator in a list or .Em alias -and in front of a +as well as in front of a .Li Cmnd . This allows one to exclude certain values. +For the +.Ql \&! +operator to be effective, there must be something for it to exclude. +For example, to match all users except for root one would use: +.Bd -literal -offset 4n +ALL,!root +.Ed +.Pp +If the +.Sy ALL , +is omitted, as in: +.Bd -literal -offset 4n +!root +.Ed +.Pp +it would explicitly deny root but not match any other users. +This is different from a true +.Dq negation +operator. +.Pp Note, however, that using a .Ql \&! in conjunction with the built-in @@ -1504,6 +1645,63 @@ by default when is compiled with .Sy zlib support. +.It exec_background +By default, +.Nm sudo +runs a command as the foreground process as long as +.Nm sudo +itself is running in the foreground. +When the +.Em exec_background +flag is enabled and the command is being run in a pty (due to I/O logging +or the +.Em use_pty +flag), the command will be run as a background process. +Attempts to read from the controlling terminal (or to change terminal +settings) will result in the command being suspended with the +.Dv SIGTTIN +signal (or +.Dv SIGTTOU +in the case of terminal settings). +If this happens when +.Nm sudo +is a foreground process, the command will be granted the controlling terminal +and resumed in the foreground with no user intervention required. +The advantage of initially running the command in the background is that +.Nm sudo +need not read from the terminal unless the command explicitly requests it. +Otherwise, any terminal input must be passed to the command, whether it +has required it or not (the kernel buffers terminals so it is not possible +to tell whether the command really wants the input). +This is different from historic +.Em sudo +behavior or when the command is not being run in a pty. +.Pp +For this to work seamlessly, the operating system must support the +automatic restarting of system calls. +Unfortunately, not all operating systems do this by default, +and even those that do may have bugs. +For example, Mac OS X fails to restart the +.Fn tcgetattr +and +.Fn tcsetattr +system calls (this is a bug in Mac OS X). +Furthermore, because this behavior depends on the command stopping with the +.Dv SIGTTIN +or +.Dv SIGTTOU +signals, programs that catch these signals and suspend themselves +with a different signal (usually +.Dv SIGTOP ) +will not be automatically foregrounded. +Some versions of the linux +.Xr su 1 +command behave this way. +.Pp +This setting is only supported by version 1.8.7 or higher. +It has no effect unless I/O logging is enabled or the +.Em use_pty +flag is enabled. .It env_editor If set, .Nm visudo @@ -1872,23 +2070,21 @@ section at the end of this manual. This flag is .Em off by default. -.It path_info -Normally, +.It pam_session +On systems that use PAM for authentication, .Nm sudo -will tell the user when a command could not be -found in their -.Ev PATH -environment variable. -Some sites may wish to disable this as it could be used to gather -information on the location of executables that the normal user does -not have access to. -The disadvantage is that if the executable is simply not in the user's -.Ev PATH , -.Nm sudo -will tell the user that they are not allowed to run it, which can be confusing. +will create a new PAM session for the command to be run in. +Disabling +.Em pam_session +may be needed on older PAM implementations or on operating systems where +opening a PAM session changes the utmp or wtmp files. +If PAM session support is disabled, resource limits may not be updated +for the command being run. This flag is -.Em @path_info@ +.Em @pam_session@ by default. +.Pp +This setting is only supported by version 1.8.7 or higher. .It passprompt_override The password prompt specified by .Em passprompt @@ -1903,6 +2099,23 @@ will always be used. This flag is .Em off by default. +.It path_info +Normally, +.Nm sudo +will tell the user when a command could not be +found in their +.Ev PATH +environment variable. +Some sites may wish to disable this as it could be used to gather +information on the location of executables that the normal user does +not have access to. +The disadvantage is that if the executable is simply not in the user's +.Ev PATH , +.Nm sudo +will tell the user that they are not allowed to run it, which can be confusing. +This flag is +.Em @path_info@ +by default. .It preserve_groups By default, .Nm sudo @@ -2386,6 +2599,17 @@ will have the replaced with a unique combination of digits and letters, similar to the .Xr mktemp 3 function. +.Pp +If the path created by concatenating +.Em iolog_dir +and +.Em iolog_file +already exists, the existing I/O log file will be truncated and +overwritten unless +.Em iolog_file +ends in six or +more +.Li X Ns No s . .It limitprivs The default Solaris limit privileges to use when constructing a new privilege set for a command. @@ -2404,10 +2628,38 @@ The escape will expand to the host name of the machine. Default is .Dq Li @mailsub@ . +.It maxseq +The maximum sequence number that will be substituted for the +.Dq Li %{seq} +escape in the I/O log file (see the +.Em iolog_dir +description above for more information). +While the value substituted for +.Dq Li %{seq} +is in base 36, +.Em maxseq +itself should be expressed in decimal. +Values larger than 2176782336 (which corresponds to the +base 36 sequence number +.Dq ZZZZZZ ) +will be silently truncated to 2176782336. +The default value is 2176782336. +.Pp +Once the local sequence number reaches the value of +.Em maxseq , +it will +.Dq roll over +to zero, after which +.Nm sudoers +will truncate and re-use any existing I/O log pathnames. +.Pp +This setting is only supported by version 1.8.7 or higher. .It noexec_file -This option is no longer supported. +As of +.Nm sudo +version 1.8.1 this option is no longer supported. The path to the noexec file should now be set in the -.Pa @sysconfdir@/sudo.conf +.Xr sudo.conf @mansectform@ file. .It passprompt The default prompt to use when asking for a password; can be overridden via the @@ -2558,26 +2810,16 @@ This is not set by default. A string containing a .Em sudoers group plugin with optional arguments. -This can be used to implement support for the -.Li nonunix_group -syntax described earlier. The string should consist of the plugin path, either fully-qualified or relative to the -.Pa @prefix@/libexec +.Pa @PLUGINDIR@ directory, followed by any configuration arguments the plugin requires. These arguments (if any) will be passed to the plugin's initialization function. If arguments are present, the string must be enclosed in double quotes .Pq \&"" . .Pp -For example, given -.Pa /etc/sudo-group , -a group file in Unix group format, the sample group plugin can be used: -.Bd -literal -Defaults group_plugin="sample_group.so /etc/sudo-group" -.Ed -.Pp For more information see -.Xr sudo_plugin @mansectform@ . +.Xr "GROUP PROVIDER PLUGINS" . .It lecture This option controls when a short lecture will be printed along with the password prompt. @@ -2843,6 +3085,61 @@ is run by root with the .Fl V option. .El +.Sh GROUP PROVIDER PLUGINS +The +.Nm sudoers +plugin supports its own plugin interface to allow non-Unix +group lookups which can query a group source other +than the standard Unix group database. +This can be used to implement support for the +.Li nonunix_group +syntax described earlier. +.Pp +Group provider plugins are specified via the +.Em group_plugin +Defaults setting. +The argument to +.Em group_plugin +should consist of the plugin path, either fully-qualified or relative to the +.Pa @PLUGINDIR@ +directory, followed by any configuration options the plugin requires. +These options (if specified) will be passed to the plugin's initialization +function. +If options are present, the string must be enclosed in double quotes +.Pq \&"" . +.Pp +The following group provider plugins are installed by default: +.Bl -tag -width 8n +.It group_file +The +.Em group_file +plugin supports an alternate group file that uses the same syntax as the +.Pa /etc/group +file. +The path to the group file should be specified as an option +to the plugin. +For example, if the group file to be used is +.Pa /etc/sudo-group : +.Bd -literal +Defaults group_plugin="group_file.so /etc/sudo-group" +.Ed +.It system_group +The +.Em system_group +plugin supports group lookups via the standard C library functions +.Fn getgrnam +and +.Fn getgrid . +This plugin can be used in instances where the user belongs to +groups not present in the user's supplemental group vector. +This plugin takes no options: +.Bd -literal +Defaults group_plugin=system_group.so +.Ed +.El +.Pp +The group provider plugin API is described in detail in +.Xr sudo_plugin @mansectsu@ . .Sh LOG FORMAT .Nm sudoers can log events using either @@ -2995,18 +3292,19 @@ Normally, tries to open .Em sudoers using group permissions to avoid this problem. -Consider changing the ownership of +Consider either changing the ownership of .Pa @sysconfdir@/sudoers -by adding an option like +or adding an argument like .Dq sudoers_uid=N (where .Sq N is the user ID that owns the .Em sudoers -file) to the +file) to the end of the .Nm sudoers -plugin line in the -.Pa @sysconfdir@/sudo.conf +.Li Plugin +line in the +.Xr sudo.conf @mansectform@ file. .It unable to stat @sysconfdir@/sudoers The @@ -3030,8 +3328,9 @@ is the user ID that owns the .Em sudoers file) to the .Nm sudoers -plugin line in the -.Pa @sysconfdir@/sudo.conf +.Li Plugin +line in the +.Xr sudo.conf @mansectform@ file. .It @sysconfdir@/sudoers is world writable The permissions on the @@ -3045,8 +3344,9 @@ The default mode may be changed via the .Dq sudoers_mode option to the .Nm sudoers -plugin line in the -.Pa @sysconfdir@/sudo.conf +.Li Plugin +line in the +.Xr sudo.conf @mansectform@ file. .It @sysconfdir@/sudoers is owned by gid N, should be 1 The @@ -3062,8 +3362,9 @@ is the group ID that owns the .Em sudoers file) to the .Nm sudoers -plugin line in the -.Pa @sysconfdir@/sudo.conf +.Li Plugin +line in the +.Xr sudo.conf @mansectform@ file. .It unable to open @timedir@/username/ttyname .Em sudoers @@ -3140,170 +3441,6 @@ option is set to 0 (or negated with a .Ql \&! ) , word wrap will be disabled. .El -.Sh SUDO.CONF -The -.Pa @sysconfdir@/sudo.conf -file determines which plugins the -.Nm sudo -front end will load. -If no -.Pa @sysconfdir@/sudo.conf -file -is present, or it contains no -.Li Plugin -lines, -.Nm sudo -will use the -.Em sudoers -security policy and I/O logging, which corresponds to the following -.Pa @sysconfdir@/sudo.conf -file. -.Bd -literal -# -# Default @sysconfdir@/sudo.conf file -# -# Format: -# Plugin plugin_name plugin_path plugin_options ... -# Path askpass /path/to/askpass -# Path noexec /path/to/sudo_noexec.so -# Debug sudo /var/log/sudo_debug all@warn -# Set disable_coredump true -# -# The plugin_path is relative to @prefix@/libexec unless -# fully qualified. -# The plugin_name corresponds to a global symbol in the plugin -# that contains the plugin interface structure. -# The plugin_options are optional. -# -Plugin policy_plugin sudoers.so -Plugin io_plugin sudoers.so -.Ed -.Ss Plugin options -Starting with -.Nm sudo -1.8.5, it is possible to pass options to the -.Em sudoers -plugin. -Options may be listed after the path to the plugin (i.e.\& after -.Pa sudoers.so ) ; -multiple options should be space-separated. -For example: -.Bd -literal -Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440 -.Ed -.Pp -The following plugin options are supported: -.Bl -tag -width 8n -.It sudoers_file=pathname -The -.Em sudoers_file -option can be used to override the default path -to the -.Em sudoers -file. -.It sudoers_uid=uid -The -.Em sudoers_uid -option can be used to override the default owner of the sudoers file. -It should be specified as a numeric user ID. -.It sudoers_gid=gid -The -.Em sudoers_gid -option can be used to override the default group of the sudoers file. -It should be specified as a numeric group ID. -.It sudoers_mode=mode -The -.Em sudoers_mode -option can be used to override the default file mode for the sudoers file. -It should be specified as an octal value. -.El -.Ss Debug flags -Versions 1.8.4 and higher of the -.Em sudoers -plugin supports a debugging framework that can help track down what the -plugin is doing internally if there is a problem. -This can be configured in the -.Pa @sysconfdir@/sudo.conf -file as described in -.Xr sudo @mansectsu@ . -.Pp -The -.Em sudoers -plugin uses the same debug flag format as the -.Nm sudo -front-end: -.Em subsystem Ns No @ Ns Em priority . -.Pp -The priorities used by -.Em sudoers , -in order of decreasing severity, -are: -.Em crit , -.Em err , -.Em warn , -.Em notice , -.Em diag , -.Em info , -.Em trace -and -.Em debug . -Each priority, when specified, also includes all priorities higher than it. -For example, a priority of -.Em notice -would include debug messages logged at -.Em notice -and higher. -.Pp -The following subsystems are used by -.Em sudoers : -.Bl -tag -width 8n -.It Em alias -.Li User_Alias , -.Li Runas_Alias , -.Li Host_Alias -and -.Li Cmnd_Alias -processing -.It Em all -matches every subsystem -.It Em audit -BSM and Linux audit code -.It Em auth -user authentication -.It Em defaults -.Em sudoers -.Em Defaults -settings -.It Em env -environment handling -.It Em ldap -LDAP-based sudoers -.It Em logging -logging support -.It Em match -matching of users, groups, hosts and netgroups in -.Em sudoers -.It Em netif -network interface handling -.It Em nss -network service switch handling in -.Em sudoers -.It Em parser -.Em sudoers -file parsing -.It Em perms -permission setting -.It Em plugin -The equivalent of -.Em main -for the plugin. -.It Em pty -pseudo-tty related code -.It Em rbtree -redblack tree internals -.It Em util -utility functions -.El .Sh FILES .Bl -tag -width 24n .It Pa @sysconfdir@/sudo.conf @@ -3360,7 +3497,9 @@ Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e - /usr/sbin/restore, /usr/sbin/rrestore + /usr/sbin/restore, /usr/sbin/rrestore,\e + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e + /home/operator/bin/start_backups Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown @@ -3493,6 +3632,15 @@ Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory .Pa /usr/oper/bin/ . +Note that one command in the +.Li DUMPS +Cmnd_Alias includes a sha224 digest, +.Pa /home/operator/bin/start_backups . +This is because the directory containing the script is writable by the +operator user. +If the script is modified (resulting in a digest mismatch) it will no longer +be possible to run it via +.Nm sudo . .Bd -literal joe ALL = /usr/bin/su operator .Ed @@ -3886,6 +4034,96 @@ is able to determine when a tty-based time stamp file is stale and will ignore it. Administrators should not rely on this feature as it is not universally available. +.Sh DEBUGGING +Versions 1.8.4 and higher of the +.Nm sudoers +plugin support a flexible debugging framework that can help track +down what the plugin is doing internally if there is a problem. +This can be configured in the +.Xr sudo.conf @mansectform@ +file. +.Pp +The +.Nm sudoers +plugin uses the same debug flag format as the +.Nm sudo +front-end: +.Em subsystem Ns No @ Ns Em priority . +.Pp +The priorities used by +.Nm sudoers , +in order of decreasing severity, +are: +.Em crit , err , warn , notice , diag , info , trace +and +.Em debug . +Each priority, when specified, also includes all priorities higher +than it. +For example, a priority of +.Em notice +would include debug messages logged at +.Em notice +and higher. +.Pp +The following subsystems are used by the +.Nm sudoers +plugin: +.Bl -tag -width 8n +.It Em alias +.Li User_Alias , +.Li Runas_Alias , +.Li Host_Alias +and +.Li Cmnd_Alias +processing +.It Em all +matches every subsystem +.It Em audit +BSM and Linux audit code +.It Em auth +user authentication +.It Em defaults +.Em sudoers +.Em Defaults +settings +.It Em env +environment handling +.It Em ldap +LDAP-based sudoers +.It Em logging +logging support +.It Em match +matching of users, groups, hosts and netgroups in +.Em sudoers +.It Em netif +network interface handling +.It Em nss +network service switch handling in +.Em sudoers +.It Em parser +.Em sudoers +file parsing +.It Em perms +permission setting +.It Em plugin +The equivalent of +.Em main +for the plugin. +.It Em pty +pseudo-tty related code +.It Em rbtree +redblack tree internals +.It Em util +utility functions +.El +For example: +.Bd -literal +Debug sudo /var/log/sudo_debug match@info,nss@info +.Ed +.Pp +For more information, see the +.Xr sudo.conf @mansectform@ +manual. .Sh SEE ALSO .Xr ssh 1 , .Xr su 1 , @@ -3893,6 +4131,7 @@ available. .Xr glob 3 , .Xr mktemp 3 , .Xr strftime 3 , +.Xr sudo.conf @mansectform@ , .Xr sudoers.ldap @mansectform@ , .Xr sudo_plugin @mansectsu@ , .Xr sudo @mansectsu@ , diff --git a/doc/sudoreplay.cat b/doc/sudoreplay.cat index 4b3d31d..a254920 100644 --- a/doc/sudoreplay.cat +++ b/doc/sudoreplay.cat @@ -60,7 +60,7 @@ DDEESSCCRRIIPPTTIIOONN _p_a_t_t_e_r_n. On systems with POSIX regular expression support, the pattern may be an extended regular expression. On systems without POSIX regular - expression support, a simple substring match is + expression support, a simple sub-string match is performed instead. cwd _d_i_r_e_c_t_o_r_y @@ -253,4 +253,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.6 July 12, 2012 Sudo 1.8.6 +Sudo 1.8.7 February 5, 2013 Sudo 1.8.7 diff --git a/doc/sudoreplay.man.in b/doc/sudoreplay.man.in index 0292cf3..09139ed 100644 --- a/doc/sudoreplay.man.in +++ b/doc/sudoreplay.man.in @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.TH "SUDOREPLAY" "@mansectsu@" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "SUDOREPLAY" "@mansectsu@" "February 5, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -141,7 +141,7 @@ Evaluates to true if the command run matches \fIpattern\fR. On systems with POSIX regular expression support, the pattern may be an extended regular expression. -On systems without POSIX regular expression support, a simple substring +On systems without POSIX regular expression support, a simple sub-string match is performed instead. .TP 8n cwd \fIdirectory\fR diff --git a/doc/sudoreplay.mdoc.in b/doc/sudoreplay.mdoc.in index 72fa959..610122d 100644 --- a/doc/sudoreplay.mdoc.in +++ b/doc/sudoreplay.mdoc.in @@ -14,7 +14,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd July 12, 2012 +.Dd February 5, 2013 .Dt SUDOREPLAY @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -142,7 +142,7 @@ Evaluates to true if the command run matches .Ar pattern . On systems with POSIX regular expression support, the pattern may be an extended regular expression. -On systems without POSIX regular expression support, a simple substring +On systems without POSIX regular expression support, a simple sub-string match is performed instead. .It cwd Ar directory Evaluates to true if the command was run with the specified current diff --git a/doc/visudo.cat b/doc/visudo.cat index 98fe060..883d9cd 100644 --- a/doc/visudo.cat +++ b/doc/visudo.cat @@ -45,11 +45,11 @@ DDEESSCCRRIIPPTTIIOONN If an error is encountered, vviissuuddoo will exit with a value of 1. - --ff _s_u_d_o_e_r_s Specify and alternate _s_u_d_o_e_r_s file location. With this - option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your - choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock file - used is the specified _s_u_d_o_e_r_s file with ``.tmp'' appended to - it. In _c_h_e_c_k_-_o_n_l_y mode only, the argument to --ff may be `-', + --ff _s_u_d_o_e_r_s Specify an alternate _s_u_d_o_e_r_s file location. With this option + vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your choice, + instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock file used is + the specified _s_u_d_o_e_r_s file with ``.tmp'' appended to it. In + _c_h_e_c_k_-_o_n_l_y mode only, the argument to --ff may be `-', indicating that _s_u_d_o_e_r_s will be read from the standard input. --hh The --hh (_h_e_l_p) option causes vviissuuddoo to print a short help @@ -144,4 +144,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.6 July 12, 2012 Sudo 1.8.6 +Sudo 1.8.7 June 12, 2013 Sudo 1.8.7 diff --git a/doc/visudo.man.in b/doc/visudo.man.in index 61f08ce..e2146e4 100644 --- a/doc/visudo.man.in +++ b/doc/visudo.man.in @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "VISUDO" "@mansectsu@" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "VISUDO" "@mansectsu@" "June 12, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -93,19 +93,19 @@ Upon finding an error, \fBvisudo\fR will print a message stating the line number(s) where the error occurred and the user will receive the -``What now?'' +\(lqWhat now?\(rq prompt. At this point the user may enter -`e' +\(oqe\(cq to re-edit the \fIsudoers\fR file, -`x' +\(oqx\(cq to exit without saving the changes, or -`Q' +\(oqQ\(cq to quit and save changes. The -`Q' +\(oqQ\(cq option should be used with extreme care because if \fBvisudo\fR believes there to be a parse error, so will @@ -115,7 +115,7 @@ will be able to \fBsudo\fR again until the error is fixed. If -`e' +\(oqe\(cq is typed to edit the \fIsudoers\fR file after a parse error has been detected, the cursor will be placed on @@ -145,7 +145,7 @@ will exit with a value of 1. .TP 12n \fB\-f\fR \fIsudoers\fR .br -Specify and alternate +Specify an alternate \fIsudoers\fR file location. With this option @@ -158,14 +158,14 @@ instead of the default, The lock file used is the specified \fIsudoers\fR file with -``\.tmp'' +\(lq\.tmp\(rq appended to it. In \fIcheck-only\fR mode only, the argument to \fB\-f\fR may be -`-', +\(oq-\(cq, indicating that \fIsudoers\fR will be read from the standard input. @@ -200,7 +200,7 @@ will consider this a parse error. Note that it is not possible to differentiate between an alias and a host name or user name that consists solely of uppercase letters, digits, and the underscore -(`_') +(\(oq_\(cq) character. .TP 12n \fB\-V\fR @@ -256,7 +256,7 @@ Your user ID does not appear in the system passwd file. Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed that consists solely of uppercase letters, digits, and the underscore -(`_') +(\(oq_\(cq) character. In the latter case, you can ignore the warnings (\fBsudo\fR @@ -318,7 +318,7 @@ search the archives. .SH "DISCLAIMER" \fBvisudo\fR is provided -``AS IS'' +\(lqAS IS\(rq and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. diff --git a/doc/visudo.mdoc.in b/doc/visudo.mdoc.in index 187c9f3..208fead 100644 --- a/doc/visudo.mdoc.in +++ b/doc/visudo.mdoc.in @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd July 12, 2012 +.Dd June 12, 2013 .Dt VISUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -142,7 +142,7 @@ If an error is encountered, .Nm visudo will exit with a value of 1. .It Fl f Ar sudoers -Specify and alternate +Specify an alternate .Em sudoers file location. With this option diff --git a/include/Makefile.in b/include/Makefile.in index 0f68e94..42058dd 100644 --- a/include/Makefile.in +++ b/include/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2011 Todd C. Miller +# Copyright (c) 2011-2012 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above diff --git a/include/alloc.h b/include/alloc.h index b5b3e38..23fa6de 100644 --- a/include/alloc.h +++ b/include/alloc.h @@ -1,5 +1,6 @@ /* - * Copyright (c) 2009-2010 Todd C. Miller + * Copyright (c) 2009-2010, 2012-1013 + * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -19,16 +20,18 @@ #include +#undef efree +#define efree(x) free((void *)(x)) + int easprintf(char **, const char *, ...) __printflike(2, 3); int evasprintf(char **, const char *, va_list) __printflike(2, 0); -void efree(void *); -void *ecalloc(size_t, size_t); -void *emalloc(size_t); -void *emalloc2(size_t, size_t); +void *ecalloc(size_t, size_t) __malloc_like; +void *emalloc(size_t) __malloc_like; +void *emalloc2(size_t, size_t) __malloc_like; void *erealloc(void *, size_t); void *erealloc3(void *, size_t, size_t); void *erecalloc(void *, size_t, size_t, size_t); -char *estrdup(const char *); -char *estrndup(const char *, size_t); +char *estrdup(const char *) __malloc_like; +char *estrndup(const char *, size_t) __malloc_like; #endif /* _SUDO_ALLOC_H */ diff --git a/include/error.h b/include/error.h index 6b5836b..bbdc9e2 100644 --- a/include/error.h +++ b/include/error.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2010 Todd C. Miller + * Copyright (c) 2004, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -18,76 +18,177 @@ #define _SUDO_ERROR_H_ #include +#include /* - * We wrap error/errorx and warn/warnx so that the same output can + * We wrap fatal/fatalx and warning/warningx so that the same output can * go to the debug file, if there is one. */ #if defined(SUDO_ERROR_WRAP) && SUDO_ERROR_WRAP == 0 # if defined(__GNUC__) && __GNUC__ == 2 -# define error(rval, fmt...) error2((rval), fmt) -# define errorx(rval, fmt...) errorx2((rval), fmt) -# define warning(fmt...) warning2(fmt) -# define warningx(fmt...) warningx2(fmt) +# define fatal(fmt...) fatal_nodebug(fmt) +# define fatalx(fmt...) fatalx_nodebug(fmt) +# define warning(fmt...) warning_nodebug(fmt) +# define warningx(fmt...) warningx_nodebug(fmt) # else -# define error(rval, ...) error2((rval), __VA_ARGS__) -# define errorx(rval, ...) errorx2((rval), __VA_ARGS__) -# define warning(...) warning2(__VA_ARGS__) -# define warningx(...) warningx2(__VA_ARGS__) +# define fatal(...) fatal_nodebug(__VA_ARGS__) +# define fatalx(...) fatalx_nodebug(__VA_ARGS__) +# define warning(...) warning_nodebug(__VA_ARGS__) +# define warningx(...) warningx_nodebug(__VA_ARGS__) # endif /* __GNUC__ == 2 */ +# define vfatal(fmt, ap) fatal_nodebug((fmt), (ap)) +# define vfatalx(fmt, ap) fatalx_nodebug((fmt), (ap)) +# define vwarning(fmt, ap) warning_nodebug((fmt), (ap)) +# define vwarningx(fmt, ap) warningx_nodebug((fmt), (ap)) #else /* SUDO_ERROR_WRAP */ # if defined(__GNUC__) && __GNUC__ == 2 -# define error(rval, fmt...) do { \ +# define fatal(fmt...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ fmt); \ - error2((rval), fmt); \ + fatal_nodebug(fmt); \ } while (0) -# define errorx(rval, fmt...) do { \ +# define fatalx(fmt...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, fmt); \ - errorx2((rval), fmt); \ + fatalx_nodebug(fmt); \ } while (0) # define warning(fmt...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ fmt); \ - warning2(fmt); \ + warning_nodebug(fmt); \ } while (0) # define warningx(fmt...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, fmt); \ - warningx2(fmt); \ + warningx_nodebug(fmt); \ } while (0) # else -# define error(rval, ...) do { \ +# define fatal(...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ __VA_ARGS__); \ - error2((rval), __VA_ARGS__); \ + fatal_nodebug(__VA_ARGS__); \ } while (0) -# define errorx(rval, ...) do { \ +# define fatalx(...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, __VA_ARGS__); \ - errorx2((rval), __VA_ARGS__); \ + fatalx_nodebug(__VA_ARGS__); \ } while (0) # define warning(...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ __VA_ARGS__); \ - warning2(__VA_ARGS__); \ + warning_nodebug(__VA_ARGS__); \ } while (0) # define warningx(...) do { \ sudo_debug_printf2(__func__, __FILE__, __LINE__, \ SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|sudo_debug_subsys, __VA_ARGS__); \ - warningx2(__VA_ARGS__); \ + warningx_nodebug(__VA_ARGS__); \ } while (0) # endif /* __GNUC__ == 2 */ +# define vfatal(fmt, ap) do { \ + sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \ + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ + (fmt), (ap)); \ + vfatal_nodebug((fmt), (ap)); \ +} while (0) +# define vfatalx(fmt, ap) do { \ + sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \ + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, (fmt), (ap)); \ + vfatalx_nodebug((fmt), (ap)); \ +} while (0) +# define vwarning(fmt, ap) do { \ + sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \ + SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \ + (fmt), (ap)); \ + vwarning_nodebug((fmt), (ap)); \ + warning_restore_locale(); \ +} while (0) +# define vwarningx(fmt, ap) do { \ + sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \ + SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|sudo_debug_subsys, (fmt), (ap)); \ + vwarningx_nodebug((fmt), (ap)); \ +} while (0) #endif /* SUDO_ERROR_WRAP */ -void error2(int, const char *, ...) __printflike(2, 3) __attribute__((__noreturn__)); -void errorx2(int, const char *, ...) __printflike(2, 3) __attribute__((__noreturn__)); +#if defined(__GNUC__) && __GNUC__ == 2 +# define fatal_nodebug(fmt...) do { \ + warning_set_locale(); \ + fatal2(fmt); \ +} while (0) +# define fatalx_nodebug(fmt...) do { \ + warning_set_locale(); \ + fatalx2(fmt); \ +} while (0) +# define warning_nodebug(fmt...) do { \ + warning_set_locale(); \ + warning2(fmt); \ + warning_restore_locale(); \ +} while (0) +# define warningx_nodebug(fmt...) do { \ + warning_set_locale(); \ + warningx2(fmt); \ + warning_restore_locale(); \ +} while (0) +#else +# define fatal_nodebug(...) do { \ + warning_set_locale(); \ + fatal2(__VA_ARGS__); \ +} while (0) +# define fatalx_nodebug(...) do { \ + warning_set_locale(); \ + fatalx2(__VA_ARGS__); \ +} while (0) +# define warning_nodebug(...) do { \ + warning_set_locale(); \ + warning2(__VA_ARGS__); \ + warning_restore_locale(); \ +} while (0) +# define warningx_nodebug(...) do { \ + warning_set_locale(); \ + warningx2(__VA_ARGS__); \ + warning_restore_locale(); \ +} while (0) +#endif /* __GNUC__ == 2 */ +#define vfatal_nodebug(fmt, ap) do { \ + warning_set_locale(); \ + vfatal2((fmt), (ap)); \ +} while (0) +#define vfatalx_nodebug(fmt, ap) do { \ + warning_set_locale(); \ + vfatalx2((fmt), (ap)); \ +} while (0) +#define vwarning_nodebug(fmt, ap) do { \ + warning_set_locale(); \ + vwarning2((fmt), (ap)); \ + warning_restore_locale(); \ +} while (0) +#define vwarningx_nodebug(fmt, ap) do { \ + warning_set_locale(); \ + vwarningx2((fmt), (ap)); \ + warning_restore_locale(); \ +} while (0) + +#define fatal_setjmp() (fatal_enable_setjmp(), sigsetjmp(fatal_jmp, 1)) +#define fatal_longjmp(val) siglongjmp(fatal_jmp, val) + +extern int (*sudo_printf)(int msg_type, const char *fmt, ...); +extern sigjmp_buf fatal_jmp; + +int fatal_callback_register(void (*func)(void)); +void fatal_disable_setjmp(void); +void fatal_enable_setjmp(void); +void fatal2(const char *, ...) __printflike(1, 2) __attribute__((__noreturn__)); +void fatalx2(const char *, ...) __printflike(1, 2) __attribute__((__noreturn__)); +void vfatal2(const char *, va_list ap) __attribute__((__noreturn__)); +void vfatalx2(const char *, va_list ap) __attribute__((__noreturn__)); void warning2(const char *, ...) __printflike(1, 2); void warningx2(const char *, ...) __printflike(1, 2); +void vwarning2(const char *, va_list ap); +void vwarningx2(const char *, va_list ap); +void warning_set_locale(void); +void warning_restore_locale(void); #endif /* _SUDO_ERROR_H_ */ diff --git a/include/fileops.h b/include/fileops.h index cd0a0df..9cb537f 100644 --- a/include/fileops.h +++ b/include/fileops.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010, 2011, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -28,6 +28,6 @@ struct timeval; bool lock_file(int, int); int touch(int, char *, struct timeval *); -char *sudo_parseln(FILE *); +ssize_t sudo_parseln(char **buf, size_t *bufsize, unsigned int *lineno, FILE *fp); #endif /* _SUDO_FILEOPS_H */ diff --git a/include/gettext.h b/include/gettext.h index b3ea285..8f87bcd 100644 --- a/include/gettext.h +++ b/include/gettext.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,9 +21,7 @@ * Solaris locale.h includes libintl.h which causes problems when we * redefine the gettext functions. We include it first to avoid this. */ -#if defined(HAVE_SETLOCALE) && defined(__sun__) && defined(__svr4__) -# include -#endif +#include #ifdef HAVE_LIBINTL_H diff --git a/include/lbuf.h b/include/lbuf.h index c6d5093..b3fd1c3 100644 --- a/include/lbuf.h +++ b/include/lbuf.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2010 Todd C. Miller + * Copyright (c) 2007, 2010, 2011 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/include/missing.h b/include/missing.h index fda151b..2ada306 100644 --- a/include/missing.h +++ b/include/missing.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2008, 2009-2010 + * Copyright (c) 1996, 1998-2005, 2008, 2009-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -52,6 +52,15 @@ # endif #endif +/* Hint to compiler that returned pointer is unique (malloc but not realloc). */ +#ifndef __malloc_like +# if __GNUC_PREREQ__(2, 96) +# define __malloc_like __attribute__((__malloc__)) +# else +# define __malloc_like +# endif +#endif + #ifndef __dso_public # ifdef HAVE_DSO_VISIBILITY # if defined(__GNUC__) @@ -82,19 +91,19 @@ #endif #ifndef PATH_MAX -# ifdef MAXPATHLEN -# define PATH_MAX MAXPATHLEN +# ifdef _POSIX_PATH_MAX +# define PATH_MAX _POSIX_PATH_MAX # else -# ifdef _POSIX_PATH_MAX -# define PATH_MAX _POSIX_PATH_MAX -# else -# define PATH_MAX 1024 -# endif +# define PATH_MAX 256 # endif #endif -#ifndef MAXHOSTNAMELEN -# define MAXHOSTNAMELEN 64 +#ifndef HOST_NAME_MAX +# ifdef _POSIX_HOST_NAME_MAX +# define HOST_NAME_MAX _POSIX_HOST_NAME_MAX +# else +# define HOST_NAME_MAX 255 +# endif #endif /* @@ -140,7 +149,7 @@ #endif /* - * BSD defines these in but others may not. + * BSD defines these in but we don't include that anymore. */ #ifndef MIN # define MIN(a,b) (((a)<(b))?(a):(b)) @@ -149,6 +158,21 @@ # define MAX(a,b) (((a)>(b))?(a):(b)) #endif +/* Macros to set/clear/test flags. */ +#undef SET +#define SET(t, f) ((t) |= (f)) +#undef CLR +#define CLR(t, f) ((t) &= ~(f)) +#undef ISSET +#define ISSET(t, f) ((t) & (f)) + +/* + * Some systems define this in but we don't include that anymore. + */ +#ifndef howmany +# define howmany(x, y) (((x) + ((y) - 1)) / (y)) +#endif + /* * Older systems may be missing stddef.h and/or offsetof macro */ @@ -224,11 +248,11 @@ typedef struct sigaction sigaction_t; #ifndef HAVE_GETPROGNAME # ifdef HAVE___PROGNAME extern const char *__progname; -# define getprogname() (__progname) +# define getprogname() (__progname) # else const char *getprogname(void); void setprogname(const char *); -#endif /* HAVE___PROGNAME */ +# endif /* HAVE___PROGNAME */ #endif /* !HAVE_GETPROGNAME */ /* diff --git a/include/sudo_conf.h b/include/sudo_conf.h index c0dcc5a..5beab76 100644 --- a/include/sudo_conf.h +++ b/include/sudo_conf.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -19,23 +19,31 @@ #include "list.h" +#define GROUP_SOURCE_ADAPTIVE 0 +#define GROUP_SOURCE_STATIC 1 +#define GROUP_SOURCE_DYNAMIC 2 + struct plugin_info { struct plugin_info *prev; /* required */ struct plugin_info *next; /* required */ const char *path; const char *symbol_name; char * const * options; + int lineno; }; TQ_DECLARE(plugin_info) /* Read main sudo.conf file. */ -void sudo_conf_read(void); +void sudo_conf_read(const char *); /* Accessor functions. */ const char *sudo_conf_askpass_path(void); +const char *sudo_conf_sesh_path(void); const char *sudo_conf_noexec_path(void); const char *sudo_conf_debug_flags(void); struct plugin_info_list *sudo_conf_plugins(void); bool sudo_conf_disable_coredump(void); +int sudo_conf_group_source(void); +int sudo_conf_max_groups(void); #endif /* _SUDO_CONF_H */ diff --git a/include/sudo_debug.h b/include/sudo_debug.h index 5f6871e..ed1cd71 100644 --- a/include/sudo_debug.h +++ b/include/sudo_debug.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -201,7 +201,8 @@ void sudo_debug_exit_str_masked(const char *func, const char *file, int line, in void sudo_debug_exit_ptr(const char *func, const char *file, int line, int subsys, const void *rval); int sudo_debug_fd_set(int fd); int sudo_debug_init(const char *debugfile, const char *settings); -void sudo_debug_printf2(const char *func, const char *file, int line, int level, const char *format, ...) __printflike(5, 6); +void sudo_debug_printf2(const char *func, const char *file, int line, int level, const char *fmt, ...) __printflike(5, 6); +void sudo_debug_vprintf2(const char *func, const char *file, int line, int level, const char *fmt, va_list ap); void sudo_debug_write(const char *str, int len, int errno_val); void sudo_debug_write2(const char *func, const char *file, int line, const char *str, int len, int errno_val); pid_t sudo_debug_fork(void); diff --git a/include/sudo_plugin.h b/include/sudo_plugin.h index 52dee0a..6cab959 100644 --- a/include/sudo_plugin.h +++ b/include/sudo_plugin.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2012 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -19,7 +19,7 @@ /* API version major/minor */ #define SUDO_API_VERSION_MAJOR 1 -#define SUDO_API_VERSION_MINOR 2 +#define SUDO_API_VERSION_MINOR 3 #define SUDO_API_MKVERSION(x, y) ((x << 16) | y) #define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR, SUDO_API_VERSION_MINOR) diff --git a/mkdep.pl b/mkdep.pl index 04e1374..8ef8f26 100755 --- a/mkdep.pl +++ b/mkdep.pl @@ -1,4 +1,19 @@ #!/usr/bin/env perl +# +# Copyright (c) 2011-2013 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# use File::Temp qw/ :mktemp /; use Fcntl; @@ -51,8 +66,8 @@ sub mkdep { # Expand some configure bits $makefile =~ s:\@DEV\@::g; $makefile =~ s:\@COMMON_OBJS\@:aix.lo:; - $makefile =~ s:\@SUDO_OBJS\@:preload.o selinux.o sesh.o sudo_noexec.lo:; - $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo sssd.lo:; + $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o sudo_noexec.lo:; + $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo sssd.lo:; # XXX - fill in AUTH_OBJS from contents of the auth dir instead $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo dlopen.lo fnmatch.lo getcwd.lo getgrouplist.lo getline.lo getprogname.lo glob.lo isblank.lo memrchr.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo utimes.lo globtest.o fnm_test.o:; diff --git a/mkpkg b/mkpkg index 06e54fc..73ade28 100755 --- a/mkpkg +++ b/mkpkg @@ -1,5 +1,19 @@ #!/bin/sh # +# Copyright (c) 2010-2013 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# # Build a binary package using polypkg # Usage: mkpkg [--debug] [--flavor flavor] [--platform platform] [--osversion ver] # @@ -129,6 +143,7 @@ case "$osversion" in --with-tty-tickets --with-ldap --with-passprompt=[sudo] password for %p: + --with-sendmail=/usr/sbin/sendmail $configure_opts" ;; sles*) @@ -147,7 +162,7 @@ case "$osversion" in # Note, must indent with tabs, not spaces due to IFS trickery # XXX - SuSE uses secure path but only for env_reset configure_opts="--prefix=/usr - --libexecdir=/usr/$libexec/sudo + --libexecdir=/usr/$libexec --with-logging=syslog --with-logfac=auth --with-all-insults @@ -160,6 +175,7 @@ case "$osversion" in --with-ldap --with-env-editor --with-passprompt=%p\'s password: + --with-sendmail=/usr/sbin/sendmail $configure_opts" make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)' @@ -197,7 +213,7 @@ case "$osversion" in --disable-setresuid --with-sendmail=/usr/sbin/sendmail --mandir=/usr/share/man - --libexecdir=/usr/lib/sudo + --libexecdir=/usr/lib --with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin $configure_opts" ;; @@ -240,6 +256,7 @@ case "$osversion" in --with-env-editor --enable-zlib=builtin --disable-nls + --with-sendmail=/usr/sbin/sendmail $configure_opts" PPVARS="${PPVARS}${PPVARS+$space}aix_freeware=true" ;; @@ -247,7 +264,7 @@ case "$osversion" in # For Solaris, add project support and use let configure choose zlib. # For all others, use the builtin zlib and disable NLS support. case "$osversion" in - sol*) configure_opts="${configure_opts}${configure_opts+$tab}--with-project${tab}--disable-pie";; + sol*) configure_opts="${configure_opts}${configure_opts+$tab}--with-project";; *) configure_opts="${configure_opts}${configure_opts+$tab}--enable-zlib=builtin${tab}--disable-nls";; esac if test "$flavor" = "ldap"; then diff --git a/pathnames.h.in b/pathnames.h.in index e7a762c..e47bec1 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998, 1999, 2001, 2004, 2005, 2007-2010 + * Copyright (c) 1996, 1998, 1999, 2001, 2004, 2005, 2007-2012 * Todd C. Miller . * * Permission to use, copy, modify, and distribute this software for any diff --git a/plugins/sample_group/Makefile.in b/plugins/group_file/Makefile.in similarity index 81% rename from plugins/sample_group/Makefile.in rename to plugins/group_file/Makefile.in index a65c5bb..edede21 100644 --- a/plugins/sample_group/Makefile.in +++ b/plugins/group_file/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2011 Todd C. Miller +# Copyright (c) 2010-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -69,9 +69,9 @@ plugindir = @PLUGINDIR@ # File extension, mode and map file to use for shared libraries/objects soext = @SOEXT@ shlib_mode = @SHLIB_MODE@ -shlib_exp = $(srcdir)/sample_group.exp -shlib_map = sample_group.map -shlib_opt = sample_group.opt +shlib_exp = $(srcdir)/group_file.exp +shlib_map = group_file.map +shlib_opt = group_file.opt # OS dependent defines DEFS = @OSDEFS@ @@ -80,16 +80,16 @@ DEFS = @OSDEFS@ SHELL = @SHELL@ -OBJS = sample_group.lo getgrent.lo +OBJS = group_file.lo getgrent.lo LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ VERSION = @PACKAGE_VERSION@ -all: sample_group.la +all: group_file.la Makefile: $(srcdir)/Makefile.in - (cd $(top_builddir) && ./config.status --file plugins/sample_group/Makefile) + (cd $(top_builddir) && ./config.status --file plugins/group_file/Makefile) .SUFFIXES: .o .c .h .lo @@ -102,7 +102,7 @@ $(shlib_map): $(shlib_exp) $(shlib_opt): $(shlib_exp) @sed 's/^/+e /' $(shlib_exp) > $@ -sample_group.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@ +group_file.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir) pre-install: @@ -118,11 +118,11 @@ install-includes: install-doc: -install-plugin: install-dirs sample_group.la - $(INSTALL) -b~ -m $(shlib_mode) .libs/sample_group$(soext) $(DESTDIR)$(plugindir) +install-plugin: install-dirs group_file.la + $(INSTALL) -b~ -m $(shlib_mode) .libs/group_file$(soext) $(DESTDIR)$(plugindir)/group_file.so uninstall: - -rm -f $(DESTDIR)$(plugindir)/sample_group$(soext) + -rm -f $(DESTDIR)$(plugindir)/group_file.so check: @@ -144,7 +144,7 @@ cleandir: realclean # Autogenerated dependencies, do not modify getgrent.lo: $(srcdir)/getgrent.c $(top_builddir)/config.h $(incdir)/missing.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrent.c -sample_group.lo: $(srcdir)/sample_group.c $(top_builddir)/config.h \ - $(top_srcdir)/compat/stdbool.h $(incdir)/sudo_plugin.h \ - $(incdir)/missing.h - $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sample_group.c +group_file.lo: $(srcdir)/group_file.c $(top_builddir)/config.h \ + $(top_srcdir)/compat/stdbool.h $(incdir)/sudo_plugin.h \ + $(incdir)/missing.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_file.c diff --git a/plugins/sample_group/getgrent.c b/plugins/group_file/getgrent.c similarity index 97% rename from plugins/sample_group/getgrent.c rename to plugins/group_file/getgrent.c index aa98c14..68e004e 100644 --- a/plugins/sample_group/getgrent.c +++ b/plugins/group_file/getgrent.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005,2008,2010-2011 Todd C. Miller + * Copyright (c) 2005,2008,2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/plugins/sample_group/sample_group.c b/plugins/group_file/group_file.c similarity index 90% rename from plugins/sample_group/sample_group.c rename to plugins/group_file/group_file.c index 2e3628d..77d65b6 100644 --- a/plugins/sample_group/sample_group.c +++ b/plugins/group_file/group_file.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include @@ -77,7 +76,7 @@ sample_init(int version, sudo_printf_t sudo_printf, char *const argv[]) if (GROUP_API_VERSION_GET_MAJOR(version) != GROUP_API_VERSION_MAJOR) { sudo_log(SUDO_CONV_ERROR_MSG, - "sample_group: incompatible major version %d, expected %d\n", + "group_file: incompatible major version %d, expected %d\n", GROUP_API_VERSION_GET_MAJOR(version), GROUP_API_VERSION_MAJOR); return -1; @@ -86,12 +85,12 @@ sample_init(int version, sudo_printf_t sudo_printf, char *const argv[]) /* Sanity check the specified group file. */ if (argv == NULL || argv[0] == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, - "sample_group: path to group file not specified\n"); + "group_file: path to group file not specified\n"); return -1; } if (stat(argv[0], &sb) != 0) { sudo_log(SUDO_CONV_ERROR_MSG, - "sample_group: %s: %s\n", argv[0], strerror(errno)); + "group_file: %s: %s\n", argv[0], strerror(errno)); return -1; } if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { @@ -132,7 +131,7 @@ sample_query(const char *user, const char *group, const struct passwd *pwd) return false; } -struct sudoers_group_plugin group_plugin = { +__dso_public struct sudoers_group_plugin group_plugin = { GROUP_API_VERSION, sample_init, sample_cleanup, diff --git a/plugins/sample_group/sample_group.exp b/plugins/group_file/group_file.exp similarity index 100% rename from plugins/sample_group/sample_group.exp rename to plugins/group_file/group_file.exp diff --git a/plugins/sample_group/plugin_test.c b/plugins/group_file/plugin_test.c similarity index 96% rename from plugins/sample_group/plugin_test.c rename to plugins/group_file/plugin_test.c index 87077a5..cd63bff 100644 --- a/plugins/sample_group/plugin_test.c +++ b/plugins/group_file/plugin_test.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2011 Todd C. Miller + * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,6 @@ */ #include -#include #include #include @@ -31,6 +30,8 @@ #include "sudo_plugin.h" +__dso_public int main(int argc, char *argv[]); + /* * Simple driver to test sudoer group plugins. * usage: plugin_test [-p "plugin.so plugin_args ..."] user:group ... @@ -126,7 +127,7 @@ group_plugin_load(char *plugin_info) if (ac != 0) { argv = malloc(ac * sizeof(char *)); if (argv == NULL) { - fprintf(stderr, "unable to allocate memory\n"); + perror(NULL); return -1; } ac = 0; @@ -169,7 +170,7 @@ int main(int argc, char *argv[]) { int ch, i, found; - char *plugin = "sample_group.so"; + char *plugin = "group_file.so"; char *user, *group; struct passwd *pwd; diff --git a/plugins/sample/Makefile.in b/plugins/sample/Makefile.in index 1117133..8adb46d 100644 --- a/plugins/sample/Makefile.in +++ b/plugins/sample/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2011 Todd C. Miller +# Copyright (c) 2011-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -118,10 +118,10 @@ install-includes: install-doc: install-plugin: install-dirs sample_plugin.la - $(INSTALL) -b~ -m $(shlib_mode) .libs/sample_plugin$(soext) $(DESTDIR)$(plugindir) + $(INSTALL) -b~ -m $(shlib_mode) .libs/sample_plugin$(soext) $(DESTDIR)$(plugindir)/sample_plugin.so uninstall: - -rm -f $(DESTDIR)$(plugindir)/sample_plugin$(soext) + -rm -f $(DESTDIR)$(plugindir)/sample_plugin.so check: diff --git a/plugins/sample/sample_plugin.c b/plugins/sample/sample_plugin.c index a8d4118..faa4ea6 100644 --- a/plugins/sample/sample_plugin.c +++ b/plugins/sample/sample_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2011 Todd C. Miller + * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include @@ -306,6 +305,7 @@ find_editor(int nfiles, char * const files[], char **argv_out[]) cp = strtok(editor, " \t"); if (cp == NULL || (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) { + free(editor); return NULL; } if (editor_path != editor) @@ -503,7 +503,7 @@ struct policy_plugin sample_policy = { * Note: This plugin does not differentiate between tty and pipe I/O. * It all gets logged to the same file. */ -struct io_plugin sample_io = { +__dso_public struct io_plugin sample_io = { SUDO_IO_PLUGIN, SUDO_API_VERSION, io_open, diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 7ffc074..e779618 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 1996, 1998-2005, 2007-2012 +# Copyright (c) 1996, 1998-2005, 2007-2013 # Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any @@ -123,36 +123,42 @@ SHELL = @SHELL@ PROGS = sudoers.la visudo sudoreplay testsudoers -TEST_PROGS = check_iolog_path check_fill check_wrap check_addr check_symbols +TEST_PROGS = check_iolog_path check_fill check_wrap check_addr check_symbols \ + check_digest check_base64 AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ -LIBPARSESUDOERS_OBJS = alias.lo audit.lo defaults.lo gram.lo match.lo \ - match_addr.lo pwutil.lo timestr.lo toke.lo \ - toke_util.lo redblack.lo +LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \ + gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \ + timestr.lo toke.lo toke_util.lo redblack.lo sha2.lo -SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo goodpath.lo \ - group_plugin.lo find_path.lo interfaces.lo logging.lo \ - logwrap.lo parse.lo set_perms.lo sudoers.lo sudo_nss.lo \ - iolog.lo iolog_path.lo @SUDOERS_OBJS@ +SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \ + goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ + iolog_path.lo locale.lo logging.lo logwrap.lo parse.lo \ + policy.lo prompt.lo set_perms.lo sudo_nss.lo sudoers.lo \ + timestamp.lo @SUDOERS_OBJS@ -VISUDO_OBJS = visudo.o goodpath.o find_path.o error.o +VISUDO_OBJS = find_path.o goodpath.o locale.o visudo.o -REPLAY_OBJS = getdate.o sudoreplay.o error.o +REPLAY_OBJS = getdate.o locale.o sudoreplay.o -TEST_OBJS = interfaces.o testsudoers.o tsgetgrpw.o error.o group_plugin.o \ - net_ifs.o +TEST_OBJS = group_plugin.o interfaces.o locale.o net_ifs.o \ + testsudoers.o tsgetgrpw.o -CHECK_ADDR_OBJS = check_addr.o match_addr.o interfaces.o error.o +CHECK_ADDR_OBJS = check_addr.o interfaces.o locale.o match_addr.o -CHECK_FILL_OBJS = check_fill.o toke_util.o error.o +CHECK_BASE64_OBJS = check_base64.o base64.o locale.o -CHECK_IOLOG_PATH_OBJS = check_iolog_path.o error.o iolog_path.o pwutil.o \ - redblack.o +CHECK_DIGEST_OBJS = check_digest.o sha2.o -CHECK_SYMBOLS_OBJS = check_symbols.o error.o +CHECK_FILL_OBJS = check_fill.o hexchar.o locale.o toke_util.o -CHECK_WRAP_OBJS = check_wrap.o logwrap.o error.o +CHECK_IOLOG_PATH_OBJS = check_iolog_path.o iolog_path.o locale.o \ + pwutil.o pwutil_impl.o redblack.o + +CHECK_SYMBOLS_OBJS = check_symbols.o locale.o + +CHECK_WRAP_OBJS = check_wrap.o locale.o logwrap.o LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ @@ -201,14 +207,22 @@ testsudoers: libparsesudoers.la $(TEST_OBJS) $(LT_LIBS) check_addr: $(CHECK_ADDR_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_ADDR_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) $(NET_LIBS) -check_iolog_path: $(CHECK_IOLOG_PATH_OBJS) $(LT_LIBS) - $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PATH_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) +check_base64: $(CHECK_BASE64_OBJS) $(LT_LIBS) + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_BASE64_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) + +check_digest: $(CHECK_DIGEST_OBJS) $(LT_LIBS) + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) check_fill: $(CHECK_FILL_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_FILL_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) +check_iolog_path: $(CHECK_IOLOG_PATH_OBJS) $(LT_LIBS) + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PATH_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) + check_symbols: $(CHECK_SYMBOLS_OBJS) $(LT_LIBS) - $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@ + if [ X"$(soext)" != X"" ]; then \ + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@; \ + fi check_wrap: $(CHECK_WRAP_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_WRAP_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @@ -222,7 +236,7 @@ $(devdir)/gram.c $(devdir)/gram.h: $(srcdir)/gram.y else \ gram_y="$(srcdir)/gram.y"; \ fi; \ - cmd='$(YACC) -d '"$$gram_y"'; echo "#include " > $(devdir)/gram.c; sed "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"gram.c\"/" y.tab.c >> $(devdir)/gram.c; rm -f y.tab.c; mv -f y.tab.h $(devdir)/gram.h'; \ + cmd='$(YACC) -d -p sudoers '"$$gram_y"'; echo "#include " > $(devdir)/gram.c; sed "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"gram.c\"/" y.tab.c >> $(devdir)/gram.c; rm -f y.tab.c; mv -f y.tab.h $(devdir)/gram.h'; \ echo "$$cmd"; eval $$cmd; \ fi @@ -233,7 +247,7 @@ $(devdir)/toke.c: $(srcdir)/toke.l else \ toke_l="$(srcdir)/toke.l"; \ fi; \ - cmd='$(FLEX) '"$$toke_l"'; echo "#include " > $(devdir)/toke.c; cat lex.yy.c >> $(devdir)/toke.c; rm -f lex.yy.c'; \ + cmd='$(FLEX) '"$$toke_l"'; echo "#include " > $(devdir)/toke.c; cat lex.sudoers.c >> $(devdir)/toke.c; rm -f lex.sudoers.c'; \ echo "$$cmd"; eval $$cmd; \ fi @@ -286,7 +300,7 @@ install-plugin: sudoers.la install-dirs if [ X"$(soext)" != X"" ]; then \ test X"$$SUDO_PREINSTALL_CMD" != X"" && \ $$SUDO_PREINSTALL_CMD .libs/sudoers$(soext); \ - $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/sudoers$(soext) $(DESTDIR)$(plugindir); \ + $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/sudoers$(soext) $(DESTDIR)$(plugindir)/sudoers.so; \ fi install-sudoers: install-dirs @@ -297,29 +311,29 @@ install-sudoers: install-dirs sudoers $(DESTDIR)$(sudoersdir)/sudoers uninstall: - -rm -f $(DESTDIR)$(plugindir)/sudoers$(soext) + -rm -f $(DESTDIR)$(plugindir)/sudoers.so -rm -f $(DESTDIR)$(replaydir)/sudoreplay -rm -f $(DESTDIR)$(visudodir)/visudo -cmp $(DESTDIR)$(sudoersdir)/sudoers $(srcdir)/sudoers >/dev/null && \ rm -f $(DESTDIR)$(sudoersdir)/sudoers check: $(TEST_PROGS) visudo testsudoers - @-if test X"$(cross_compiling)" != X"yes"; then \ + @if test X"$(cross_compiling)" != X"yes"; then \ rval=0; \ - PWD=`pwd`; \ - ./check_addr $(srcdir)/regress/parser/check_addr.in; \ - rval=`expr $$rval + $$?`; \ - ./check_fill; \ - rval=`expr $$rval + $$?`; \ - ./check_iolog_path $(srcdir)/regress/iolog_path/data; \ - rval=`expr $$rval + $$?`; \ + CWD=`pwd`; \ + mkdir -p regress/parser; \ + ./check_addr $(srcdir)/regress/parser/check_addr.in || rval=`expr $$rval + $$?`; \ + ./check_base64 || rval=`expr $$rval + $$?`; \ + ./check_digest > regress/parser/check_digest.out; \ + diff regress/parser/check_digest.out $(srcdir)/regress/parser/check_digest.out.ok || rval=`expr $$rval + $$?`; \ + ./check_fill || rval=`expr $$rval + $$?`; \ + ./check_iolog_path $(srcdir)/regress/iolog_path/data || rval=`expr $$rval + $$?`; \ if [ X"$(soext)" != X"" ]; then \ - ./check_symbols .libs/sudoers$(soext) $(shlib_exp); \ - rval=`expr $$rval + $$?`; \ + ./check_symbols .libs/sudoers$(soext) $(shlib_exp) || rval=`expr $$rval + $$?`; \ fi; \ - ./check_wrap $(srcdir)/regress/logging/check_wrap.in > check_wrap.out; \ - diff check_wrap.out $(srcdir)/regress/logging/check_wrap.out.ok; \ - rval=`expr $$rval + $$?`; \ + mkdir -p regress/logging; \ + ./check_wrap $(srcdir)/regress/logging/check_wrap.in > regress/logging/check_wrap.out; \ + diff regress/logging/check_wrap.out $(srcdir)/regress/logging/check_wrap.out.ok || rval=`expr $$rval + $$?`; \ passed=0; failed=0; total=0; \ mkdir -p regress/sudoers; \ dir=sudoers; \ @@ -327,14 +341,14 @@ check: $(TEST_PROGS) visudo testsudoers base=`basename $$t .in`; \ out="regress/sudoers/$${base}.out"; \ toke="regress/sudoers/$${base}.toke"; \ - ./testsudoers -dt <$$t >$$out 2>$$toke; \ + ./testsudoers -dt <$$t >$$out 2>$$toke || true; \ if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \ passed=`expr $$passed + 1`; \ echo "$$dir/$$base (parse): OK"; \ else \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base: FAIL"; \ - diff $$out $(srcdir)/$$out.ok; \ + diff $$out $(srcdir)/$$out.ok || true; \ fi; \ total=`expr $$total + 1`; \ if cmp $$toke $(srcdir)/$$toke.ok >/dev/null; then \ @@ -343,12 +357,14 @@ check: $(TEST_PROGS) visudo testsudoers else \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base (toke): FAIL"; \ - diff $$out $(srcdir)/$$out.ok; \ + diff $$out $(srcdir)/$$out.ok || true; \ fi; \ total=`expr $$total + 1`; \ done; \ echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \ - rval=`expr $$rval + $$failed`; \ + if test $$failed -ne 0; then \ + rval=`expr $$rval + $$failed`; \ + fi; \ for dir in testsudoers visudo; do \ mkdir -p regress/$$dir; \ passed=0; failed=0; total=0; \ @@ -356,7 +372,7 @@ check: $(TEST_PROGS) visudo testsudoers base=`basename $$t .sh`; \ out="regress/$$dir/$${base}.out"; \ err="regress/$$dir/$${base}.err"; \ - TESTDIR=$$PWD/$(srcdir)/regress/$$dir \ + TESTDIR=$$CWD/$(srcdir)/regress/$$dir \ $(SHELL) $$t >$$out 2>$$err; \ if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \ passed=`expr $$passed + 1`; \ @@ -364,7 +380,7 @@ check: $(TEST_PROGS) visudo testsudoers else \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base: FAIL"; \ - diff $$out $(srcdir)/$$out.ok; \ + diff $$out $(srcdir)/$$out.ok || true; \ fi; \ total=`expr $$total + 1`; \ if test -s $(srcdir)/$$err.ok; then \ @@ -374,21 +390,27 @@ check: $(TEST_PROGS) visudo testsudoers else \ failed=`expr $$failed + 1`; \ echo "$$dir/$$base (stderr): FAIL"; \ - diff $$out $(srcdir)/$$out.ok; \ + diff $$out $(srcdir)/$$out.ok || true; \ fi; \ total=`expr $$total + 1`; \ elif test -s $$err; then \ + failed=`expr $$failed + 1`; \ + echo "$$dir/$$base (stderr): FAIL"; \ cat $$err 1>&2; \ fi; \ done; \ echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \ - rval=`expr $$rval + $$failed`; \ + if test $$failed -ne 0; then \ + rval=`expr $$rval + $$failed`; \ + fi; \ done; \ exit $$rval; \ fi clean: - -$(LIBTOOL) --mode=clean rm -f $(PROGS) $(TEST_PROGS) *.lo *.o *.la *.a stamp-* core *.core core.* *.out *.toke *.err *.inc + -$(LIBTOOL) --mode=clean rm -f $(PROGS) $(TEST_PROGS) *.lo *.o *.la \ + *.a stamp-* core *.core core.* regress/*/*.out regress/*/*.toke \ + regress/*/*.err mostlyclean: clean @@ -430,10 +452,15 @@ alias.lo: $(srcdir)/alias.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \ $(srcdir)/parse.h $(srcdir)/redblack.h $(devdir)/gram.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c -audit.lo: $(srcdir)/audit.c $(top_builddir)/config.h $(incdir)/missing.h \ +audit.lo: $(srcdir)/audit.c $(top_builddir)/config.h \ + $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \ $(srcdir)/logging.h $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h \ $(srcdir)/linux_audit.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c +base64.lo: $(srcdir)/base64.c $(top_builddir)/config.h $(incdir)/missing.h \ + $(incdir)/sudo_debug.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/base64.c +base64.o: base64.lo boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/boottime.c @@ -453,7 +480,8 @@ check.lo: $(srcdir)/check.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \ + $(srcdir)/check.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/check.c check_addr.o: $(srcdir)/regress/parser/check_addr.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \ @@ -464,10 +492,16 @@ check_addr.o: $(srcdir)/regress/parser/check_addr.c $(top_builddir)/config.h \ $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/parse.h \ $(srcdir)/interfaces.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_addr.c +check_base64.o: $(srcdir)/regress/parser/check_base64.c \ + $(top_builddir)/config.h $(incdir)/missing.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_base64.c +check_digest.o: $(srcdir)/regress/parser/check_digest.c \ + $(top_builddir)/config.h $(incdir)/missing.h $(srcdir)/sha2.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_digest.c check_fill.o: $(srcdir)/regress/parser/check_fill.c $(top_builddir)/config.h \ - $(top_srcdir)/compat/stdbool.h $(incdir)/list.h \ - $(srcdir)/parse.h $(srcdir)/toke.h $(incdir)/sudo_plugin.h \ - $(devdir)/gram.h + $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \ + $(incdir)/list.h $(srcdir)/parse.h $(srcdir)/toke.h \ + $(incdir)/sudo_plugin.h $(devdir)/gram.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_fill.c check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \ $(top_builddir)/config.h $(srcdir)/sudoers.h \ @@ -509,9 +543,6 @@ env.lo: $(srcdir)/env.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/env.c -error.o: $(top_srcdir)/src/error.c $(top_builddir)/config.h \ - $(incdir)/missing.h $(incdir)/error.h $(incdir)/gettext.h - $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/error.c find_path.lo: $(srcdir)/find_path.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h \ @@ -553,7 +584,7 @@ gram.lo: $(devdir)/gram.c $(top_builddir)/config.h $(top_builddir)/config.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \ $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ - $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h $(devdir)/gram.h + $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/gram.c group_plugin.lo: $(srcdir)/group_plugin.c $(top_builddir)/config.h \ $(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \ @@ -565,6 +596,10 @@ group_plugin.lo: $(srcdir)/group_plugin.c $(top_builddir)/config.h \ $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c group_plugin.o: group_plugin.lo +hexchar.lo: $(srcdir)/hexchar.c $(top_builddir)/config.h $(incdir)/missing.h \ + $(incdir)/sudo_debug.h $(incdir)/error.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c +hexchar.o: hexchar.lo interfaces.lo: $(srcdir)/interfaces.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h \ @@ -612,6 +647,12 @@ linux_audit.lo: $(srcdir)/linux_audit.c $(top_builddir)/config.h \ $(incdir)/gettext.h $(incdir)/sudo_debug.h \ $(srcdir)/linux_audit.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/linux_audit.c +locale.lo: $(srcdir)/locale.c $(top_builddir)/config.h \ + $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \ + $(incdir)/error.h $(incdir)/alloc.h $(srcdir)/logging.h \ + $(incdir)/gettext.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/locale.c +locale.o: locale.lo logging.lo: $(srcdir)/logging.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ @@ -627,14 +668,15 @@ logwrap.lo: $(srcdir)/logwrap.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/logwrap.c logwrap.o: logwrap.lo -match.lo: $(srcdir)/match.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ - $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \ - $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ - $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ - $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \ - $(srcdir)/parse.h $(devdir)/gram.h $(top_srcdir)/compat/fnmatch.h \ - $(top_srcdir)/compat/glob.h +match.lo: $(srcdir)/match.c $(top_builddir)/config.h \ + $(top_srcdir)/compat/fnmatch.h $(top_srcdir)/compat/glob.h \ + $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \ + $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ + $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ + $(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \ + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/sha2.h \ + $(devdir)/gram.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match.c match_addr.lo: $(srcdir)/match_addr.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \ @@ -672,19 +714,40 @@ passwd.lo: $(authdir)/passwd.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/passwd.c -plugin_error.lo: $(srcdir)/plugin_error.c $(top_builddir)/config.h \ - $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h - $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/plugin_error.c +policy.lo: $(srcdir)/policy.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ + $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \ + $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ + $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ + $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \ + $(srcdir)/sudoers_version.h $(srcdir)/interfaces.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/policy.c +prompt.lo: $(srcdir)/prompt.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ + $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \ + $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ + $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ + $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/prompt.c pwutil.lo: $(srcdir)/pwutil.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \ - $(srcdir)/redblack.h + $(srcdir)/redblack.h $(srcdir)/pwutil.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pwutil.c pwutil.o: pwutil.lo +pwutil_impl.lo: $(srcdir)/pwutil_impl.c $(top_builddir)/config.h \ + $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \ + $(top_builddir)/pathnames.h $(incdir)/missing.h \ + $(incdir)/error.h $(incdir)/alloc.h $(incdir)/list.h \ + $(incdir)/fileops.h $(srcdir)/defaults.h $(devdir)/def_data.h \ + $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/pwutil.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pwutil_impl.c +pwutil_impl.o: pwutil_impl.lo redblack.lo: $(srcdir)/redblack.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/alloc.h $(incdir)/sudo_debug.h $(srcdir)/redblack.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/redblack.c @@ -721,6 +784,10 @@ set_perms.lo: $(srcdir)/set_perms.c $(top_builddir)/config.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/set_perms.c +sha2.lo: $(srcdir)/sha2.c $(top_builddir)/config.h \ + $(top_srcdir)/compat/endian.h $(srcdir)/sha2.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sha2.c +sha2.o: sha2.lo sia.lo: $(authdir)/sia.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ @@ -762,16 +829,15 @@ sudoers.lo: $(srcdir)/sudoers.c $(top_builddir)/config.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \ $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/interfaces.h \ - $(srcdir)/sudoers_version.h $(srcdir)/auth/sudo_auth.h \ - $(incdir)/secure_path.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h \ + $(srcdir)/auth/sudo_auth.h $(incdir)/secure_path.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudoers.c sudoreplay.o: $(srcdir)/sudoreplay.c $(top_builddir)/config.h \ $(top_srcdir)/compat/timespec.h $(top_srcdir)/compat/stdbool.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h \ $(incdir)/alloc.h $(incdir)/error.h $(incdir)/gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_conf.h $(incdir)/list.h \ - $(incdir)/sudo_debug.h + $(srcdir)/logging.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_conf.h $(incdir)/list.h $(incdir)/sudo_debug.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudoreplay.c testsudoers.o: $(srcdir)/testsudoers.c $(top_builddir)/config.h \ $(top_srcdir)/compat/fnmatch.h $(srcdir)/tsgetgrpw.h \ @@ -785,6 +851,14 @@ testsudoers.o: $(srcdir)/testsudoers.c $(top_builddir)/config.h \ $(incdir)/sudo_conf.h $(incdir)/list.h $(incdir)/secure_path.h \ $(devdir)/gram.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/testsudoers.c +timestamp.lo: $(srcdir)/timestamp.c $(top_builddir)/config.h \ + $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \ + $(top_builddir)/pathnames.h $(incdir)/missing.h \ + $(incdir)/error.h $(incdir)/alloc.h $(incdir)/list.h \ + $(incdir)/fileops.h $(srcdir)/defaults.h $(devdir)/def_data.h \ + $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/check.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/timestamp.c timestr.lo: $(srcdir)/timestr.c $(top_builddir)/config.h $(incdir)/missing.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/timestr.c toke.lo: $(devdir)/toke.c $(top_builddir)/config.h $(top_builddir)/config.h \ @@ -794,7 +868,8 @@ toke.lo: $(devdir)/toke.c $(top_builddir)/config.h $(top_builddir)/config.h \ $(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \ $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h \ - $(devdir)/gram.h $(incdir)/lbuf.h $(incdir)/secure_path.h + $(devdir)/gram.h $(incdir)/lbuf.h $(srcdir)/sha2.h \ + $(incdir)/secure_path.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c toke_util.lo: $(srcdir)/toke_util.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \ @@ -821,7 +896,7 @@ visudo.o: $(srcdir)/visudo.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \ - $(srcdir)/interfaces.h $(srcdir)/parse.h $(srcdir)/redblack.h \ - $(incdir)/gettext.h $(srcdir)/sudoers_version.h \ - $(incdir)/sudo_conf.h $(incdir)/list.h $(devdir)/gram.h + $(srcdir)/parse.h $(srcdir)/redblack.h $(incdir)/gettext.h \ + $(srcdir)/sudoers_version.h $(incdir)/sudo_conf.h $(incdir)/list.h \ + $(devdir)/gram.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/visudo.c diff --git a/plugins/sudoers/alias.c b/plugins/sudoers/alias.c index eb95039..ccedd03 100644 --- a/plugins/sudoers/alias.c +++ b/plugins/sudoers/alias.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005, 2007-2011 + * Copyright (c) 2004-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -20,7 +20,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -50,7 +49,6 @@ * Globals */ struct rbtree *aliases; -unsigned int alias_seqno; /* * Comparison function for the red-black tree. @@ -76,35 +74,48 @@ alias_compare(const void *v1, const void *v2) /* * Search the tree for an alias with the specified name and type. * Returns a pointer to the alias structure or NULL if not found. + * Caller is responsible for calling alias_put() on the returned + * alias to mark it as unused. */ struct alias * -alias_find(char *name, int type) +alias_get(char *name, int type) { struct alias key; struct rbnode *node; struct alias *a = NULL; - debug_decl(alias_find, SUDO_DEBUG_ALIAS) + debug_decl(alias_get, SUDO_DEBUG_ALIAS) key.name = name; key.type = type; if ((node = rbfind(aliases, &key)) != NULL) { /* - * Compare the global sequence number with the one stored - * in the alias. If they match then we've seen this alias - * before and found a loop. + * Check whether this alias is already in use. + * If so, we've detected a loop. If not, set the flag, + * which the caller should clear with a call to alias_put(). */ a = node->data; - if (a->seqno == alias_seqno) { + if (a->used) { errno = ELOOP; debug_return_ptr(NULL); } - a->seqno = alias_seqno; + a->used = true; } else { errno = ENOENT; } debug_return_ptr(a); } +/* + * Clear the "used" flag in an alias once the caller is done with it. + */ +void +alias_put(struct alias *a) +{ + debug_decl(alias_put, SUDO_DEBUG_ALIAS) + a->used = false; + debug_return; +} + /* * Add an alias to the aliases redblack tree. * Returns NULL on success and an error string on failure. @@ -119,10 +130,10 @@ alias_add(char *name, int type, struct member *members) a = ecalloc(1, sizeof(*a)); a->name = name; a->type = type; - /* a->seqno = 0; */ + /* a->used = false; */ list2tq(&a->members, members); if (rbinsert(aliases, a)) { - snprintf(errbuf, sizeof(errbuf), _("Alias `%s' already defined"), name); + snprintf(errbuf, sizeof(errbuf), N_("Alias `%s' already defined"), name); alias_free(a); debug_return_str(errbuf); } diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c index e6baadb..2cfbb8f 100644 --- a/plugins/sudoers/audit.c +++ b/plugins/sudoers/audit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2010 Todd C. Miller + * Copyright (c) 2009-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -65,12 +65,16 @@ void audit_failure(char *exec_args[], char const *const fmt, ...) { va_list ap; + int oldlocale; debug_decl(audit_success, SUDO_DEBUG_AUDIT) + /* Audit error messages should be in the sudoers locale. */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); + if (exec_args != NULL) { va_start(ap, fmt); #ifdef HAVE_BSM_AUDIT - bsm_audit_failure(exec_args, fmt, ap); + bsm_audit_failure(exec_args, _(fmt), ap); #endif #ifdef HAVE_LINUX_AUDIT linux_audit_command(exec_args, 0); @@ -78,5 +82,7 @@ audit_failure(char *exec_args[], char const *const fmt, ...) va_end(ap); } + sudoers_setlocale(oldlocale, NULL); + debug_return; } diff --git a/plugins/sudoers/auth/API b/plugins/sudoers/auth/API index 62c21d0..2ccbc55 100644 --- a/plugins/sudoers/auth/API +++ b/plugins/sudoers/auth/API @@ -57,8 +57,7 @@ The member functions can return the following values: AUTH_FATAL A fatal error occurred. The routine should have written an error message to stderr and optionally - sent mail to the administrator. (If log_error() - is called to do this, the NO_EXIT flag must be used.) + sent mail to the administrator. When verify_user() gets AUTH_FATAL from an auth function it does an exit(1). diff --git a/plugins/sudoers/auth/afs.c b/plugins/sudoers/auth/afs.c index f9693d0..99ceb47 100644 --- a/plugins/sudoers/auth/afs.c +++ b/plugins/sudoers/auth/afs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2001-2005, 2007, 2010-2011 + * Copyright (c) 1999, 2001-2005, 2007, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -21,7 +21,6 @@ #include -#include #include #include #ifdef STDC_HEADERS diff --git a/plugins/sudoers/auth/aix_auth.c b/plugins/sudoers/auth/aix_auth.c index 7aa5e27..cc24124 100644 --- a/plugins/sudoers/auth/aix_auth.c +++ b/plugins/sudoers/auth/aix_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007-2011 Todd C. Miller + * Copyright (c) 1999-2005, 2007-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c index 3597e56..e0eeb4e 100644 --- a/plugins/sudoers/auth/bsdauth.c +++ b/plugins/sudoers/auth/bsdauth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2005, 2007-2008, 2010-2011 + * Copyright (c) 2000-2005, 2007-2008, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,7 +22,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -74,14 +73,14 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) else state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS); if (state.lc == NULL) { - log_error(USE_ERRNO|NO_MAIL, - _("unable to get login class for user %s"), pw->pw_name); + log_warning(USE_ERRNO|NO_MAIL, + N_("unable to get login class for user %s"), pw->pw_name); debug_return_int(AUTH_FATAL); } if ((state.as = auth_open()) == NULL) { - log_error(USE_ERRNO|NO_MAIL, - _("unable to begin bsd authentication")); + log_warning(USE_ERRNO|NO_MAIL, + N_("unable to begin bsd authentication")); login_close(state.lc); debug_return_int(AUTH_FATAL); } @@ -89,7 +88,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) /* XXX - maybe sanity check the auth style earlier? */ login_style = login_getstyle(state.lc, login_style, "auth-sudo"); if (login_style == NULL) { - log_error(NO_MAIL, _("invalid authentication type")); + log_warning(NO_MAIL, N_("invalid authentication type")); auth_close(state.as); login_close(state.lc); debug_return_int(AUTH_FATAL); @@ -98,7 +97,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 || auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 || auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) { - log_error(NO_MAIL, _("unable to setup authentication")); + log_warning(NO_MAIL, N_("unable to setup authentication")); auth_close(state.as); login_close(state.lc); debug_return_int(AUTH_FATAL); @@ -170,7 +169,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth) debug_return_int(AUTH_INTR); if ((s = auth_getvalue(as, "errormsg")) != NULL) - log_error(NO_MAIL, "%s", s); + log_warning(NO_MAIL, "%s", s); debug_return_int(AUTH_FAILURE); } diff --git a/plugins/sudoers/auth/dce.c b/plugins/sudoers/auth/dce.c index 467c08f..cc511e7 100644 --- a/plugins/sudoers/auth/dce.c +++ b/plugins/sudoers/auth/dce.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2010-2011 + * Copyright (c) 1996, 1998-2005, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -36,7 +36,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/plugins/sudoers/auth/fwtk.c b/plugins/sudoers/auth/fwtk.c index 4855623..b27625f 100644 --- a/plugins/sudoers/auth/fwtk.c +++ b/plugins/sudoers/auth/fwtk.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2008, 2010-2011 + * Copyright (c) 1999-2005, 2008, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,7 +22,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/plugins/sudoers/auth/kerb5.c b/plugins/sudoers/auth/kerb5.c index ab47c19..b8c5e16 100644 --- a/plugins/sudoers/auth/kerb5.c +++ b/plugins/sudoers/auth/kerb5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007-2008, 2010-2012 + * Copyright (c) 1999-2005, 2007-2008, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -25,7 +25,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -113,9 +112,9 @@ sudo_krb5_setup(struct passwd *pw, char **promptp, sudo_auth *auth) * API does not currently provide this unless the auth is standalone. */ if ((error = krb5_unparse_name(sudo_context, princ, &pname))) { - log_error(NO_MAIL, - _("%s: unable to unparse princ ('%s'): %s"), auth->name, - pw->pw_name, error_message(error)); + log_warning(NO_MAIL, + N_("%s: unable to convert principal to string ('%s'): %s"), + auth->name, pw->pw_name, error_message(error)); debug_return_int(AUTH_FAILURE); } @@ -156,8 +155,8 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth) error = krb5_parse_name(sudo_context, pname, &(sudo_krb5_data.princ)); if (error) { - log_error(NO_MAIL, - _("%s: unable to parse '%s': %s"), auth->name, pname, + log_warning(NO_MAIL, + N_("%s: unable to parse '%s': %s"), auth->name, pname, error_message(error)); goto done; } @@ -166,8 +165,8 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth) (long) getpid()); if ((error = krb5_cc_resolve(sudo_context, cache_name, &(sudo_krb5_data.ccache)))) { - log_error(NO_MAIL, - _("%s: unable to resolve ccache: %s"), auth->name, + log_warning(NO_MAIL, + N_("%s: unable to resolve credential cache: %s"), auth->name, error_message(error)); goto done; } @@ -214,8 +213,8 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth) /* Set default flags based on the local config file. */ error = krb5_get_init_creds_opt_alloc(sudo_context, &opts); if (error) { - log_error(NO_MAIL, - _("%s: unable to allocate options: %s"), auth->name, + log_warning(NO_MAIL, + N_("%s: unable to allocate options: %s"), auth->name, error_message(error)); goto done; } @@ -230,8 +229,8 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth) NULL, 0, NULL, opts))) { /* Don't print error if just a bad password */ if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY) - log_error(NO_MAIL, - _("%s: unable to get credentials: %s"), auth->name, + log_warning(NO_MAIL, + N_("%s: unable to get credentials: %s"), auth->name, error_message(error)); goto done; } @@ -241,15 +240,15 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth) if ((error = verify_krb_v5_tgt(sudo_context, creds, auth->name))) goto done; - /* Store cred in cred cache. */ + /* Store credential in cache. */ if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) { - log_error(NO_MAIL, - _("%s: unable to initialize ccache: %s"), auth->name, - error_message(error)); + log_warning(NO_MAIL, + N_("%s: unable to initialize credential cache: %s"), + auth->name, error_message(error)); } else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) { - log_error(NO_MAIL, - _("%s: unable to store cred in ccache: %s"), auth->name, - error_message(error)); + log_warning(NO_MAIL, + N_("%s: unable to store credential in cache: %s"), + auth->name, error_message(error)); } done: @@ -312,8 +311,8 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name) */ if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL, KRB5_NT_SRV_HST, &server))) { - log_error(NO_MAIL, - _("%s: unable to get host principal: %s"), auth_name, + log_warning(NO_MAIL, + N_("%s: unable to get host principal: %s"), auth_name, error_message(error)); debug_return_int(-1); } @@ -327,8 +326,8 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name) NULL, &vopt); krb5_free_principal(sudo_context, server); if (error) - log_error(NO_MAIL, - _("%s: Cannot verify TGT! Possible attack!: %s"), + log_warning(NO_MAIL, + N_("%s: Cannot verify TGT! Possible attack!: %s"), auth_name, error_message(error)); debug_return_int(error); } diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c index 0ede540..357781a 100644 --- a/plugins/sudoers/auth/pam.c +++ b/plugins/sudoers/auth/pam.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007-2011 Todd C. Miller + * Copyright (c) 1999-2005, 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -57,6 +56,11 @@ # endif #endif +/* We don't want to translate the strings in the calls to dgt(). */ +#ifdef PAM_TEXT_DOMAIN +# define dgt(d, t) dgettext(d, t) +#endif + #include "sudoers.h" #include "sudo_auth.h" @@ -68,15 +72,16 @@ # define PAM_CONST #endif -static int converse(int, PAM_CONST struct pam_message **, - struct pam_response **, void *); -static char *def_prompt = "Password:"; -static int getpass_error; - #ifndef PAM_DATA_SILENT #define PAM_DATA_SILENT 0 #endif +static int converse(int, PAM_CONST struct pam_message **, + struct pam_response **, void *); +static char *def_prompt = "Password:"; +static bool sudo_pam_cred_established; +static bool sudo_pam_authenticated; +static int getpass_error; static pam_handle_t *pamh; int @@ -97,7 +102,7 @@ sudo_pam_init(struct passwd *pw, sudo_auth *auth) #endif pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); if (pam_status != PAM_SUCCESS) { - log_error(USE_ERRNO|NO_MAIL, _("unable to initialize PAM")); + log_warning(USE_ERRNO|NO_MAIL, N_("unable to initialize PAM")); debug_return_int(AUTH_FATAL); } @@ -139,28 +144,31 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth) *pam_status = pam_acct_mgmt(pamh, PAM_SILENT); switch (*pam_status) { case PAM_SUCCESS: + sudo_pam_authenticated = true; debug_return_int(AUTH_SUCCESS); case PAM_AUTH_ERR: - log_error(NO_MAIL, _("account validation failure, " + log_warning(NO_MAIL, N_("account validation failure, " "is your account locked?")); debug_return_int(AUTH_FATAL); case PAM_NEW_AUTHTOK_REQD: - log_error(NO_MAIL, _("Account or password is " + log_warning(NO_MAIL, N_("Account or password is " "expired, reset your password and try again")); *pam_status = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (*pam_status == PAM_SUCCESS) debug_return_int(AUTH_SUCCESS); - if ((s = pam_strerror(pamh, *pam_status))) - log_error(NO_MAIL, _("pam_chauthtok: %s"), s); + if ((s = pam_strerror(pamh, *pam_status)) != NULL) { + log_warning(NO_MAIL, + N_("unable to change expired password: %s"), s); + } debug_return_int(AUTH_FAILURE); case PAM_AUTHTOK_EXPIRED: - log_error(NO_MAIL, - _("Password expired, contact your system administrator")); + log_warning(NO_MAIL, + N_("Password expired, contact your system administrator")); debug_return_int(AUTH_FATAL); case PAM_ACCT_EXPIRED: - log_error(NO_MAIL, - _("Account expired or PAM config lacks an \"account\" " + log_warning(NO_MAIL, + N_("Account expired or PAM config lacks an \"account\" " "section for sudo, contact your system administrator")); debug_return_int(AUTH_FATAL); } @@ -176,8 +184,8 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth) case PAM_PERM_DENIED: debug_return_int(AUTH_FAILURE); default: - if ((s = pam_strerror(pamh, *pam_status))) - log_error(NO_MAIL, _("pam_authenticate: %s"), s); + if ((s = pam_strerror(pamh, *pam_status)) != NULL) + log_warning(NO_MAIL, N_("PAM authentication error: %s"), s); debug_return_int(AUTH_FATAL); } } @@ -230,7 +238,15 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth) * this is not set and so pam_setcred() returns PAM_PERM_DENIED. * We can't call pam_acct_mgmt() with Linux-PAM for a similar reason. */ - (void) pam_setcred(pamh, PAM_ESTABLISH_CRED); + status = pam_setcred(pamh, PAM_ESTABLISH_CRED); + if (status == PAM_SUCCESS) { + sudo_pam_cred_established = true; + } else if (sudo_pam_authenticated) { + const char *s = pam_strerror(pamh, status); + if (s != NULL) + log_warning(NO_MAIL, N_("unable to establish credentials: %s"), s); + goto done; + } #ifdef HAVE_PAM_GETENVLIST /* @@ -252,13 +268,13 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth) } #endif /* HAVE_PAM_GETENVLIST */ -#ifndef NO_PAM_SESSION - status = pam_open_session(pamh, 0); - if (status != PAM_SUCCESS) { - (void) pam_end(pamh, status | PAM_DATA_SILENT); - pamh = NULL; + if (def_pam_session) { + status = pam_open_session(pamh, 0); + if (status != PAM_SUCCESS) { + (void) pam_end(pamh, status | PAM_DATA_SILENT); + pamh = NULL; + } } -#endif done: debug_return_int(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE); @@ -277,10 +293,10 @@ sudo_pam_end_session(struct passwd *pw, sudo_auth *auth) * XXX - still needed now that session init is in parent? */ (void) pam_set_item(pamh, PAM_USER, pw->pw_name); -#ifndef NO_PAM_SESSION - (void) pam_close_session(pamh, PAM_SILENT); -#endif - (void) pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); + if (def_pam_session) + (void) pam_close_session(pamh, PAM_SILENT); + if (sudo_pam_cred_established) + (void) pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); status = pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT); pamh = NULL; } @@ -321,7 +337,7 @@ converse(int num_msg, PAM_CONST struct pam_message **msg, if (getpass_error) goto done; - /* Is the sudo prompt standard? (If so, we'l just use PAM's) */ + /* Is the sudo prompt standard? (If so, we'll just use PAM's) */ std_prompt = strncmp(def_prompt, "Password:", 9) == 0 && (def_prompt[9] == '\0' || (def_prompt[9] == ' ' && def_prompt[10] == '\0')); @@ -329,8 +345,8 @@ converse(int num_msg, PAM_CONST struct pam_message **msg, /* Only override PAM prompt if it matches /^Password: ?/ */ #if defined(PAM_TEXT_DOMAIN) && defined(HAVE_LIBINTL_H) if (!def_passprompt_override && (std_prompt || - (strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password: ")) && - strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:"))))) + (strcmp(pm->msg, dgt(PAM_TEXT_DOMAIN, "Password: ")) && + strcmp(pm->msg, dgt(PAM_TEXT_DOMAIN, "Password:"))))) prompt = pm->msg; #else if (!def_passprompt_override && (std_prompt || diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c index c86b730..8f1d7de 100644 --- a/plugins/sudoers/auth/passwd.c +++ b/plugins/sudoers/auth/passwd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2010-2011 Todd C. Miller + * Copyright (c) 1999-2005, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/plugins/sudoers/auth/rfc1938.c b/plugins/sudoers/auth/rfc1938.c index f4ed7c0..bacb1dc 100644 --- a/plugins/sudoers/auth/rfc1938.c +++ b/plugins/sudoers/auth/rfc1938.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994-1996, 1998-2005, 2010-2011 + * Copyright (c) 1994-1996, 1998-2005, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,7 +22,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c index 3341175..f5839ed 100644 --- a/plugins/sudoers/auth/secureware.c +++ b/plugins/sudoers/auth/secureware.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2005, 2010-2011 Todd C. Miller + * Copyright (c) 1998-2005, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/plugins/sudoers/auth/securid5.c b/plugins/sudoers/auth/securid5.c index 6fe7dcb..f4f32ad 100644 --- a/plugins/sudoers/auth/securid5.c +++ b/plugins/sudoers/auth/securid5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007, 2010-2011 + * Copyright (c) 1999-2005, 2007, 2010-2012 * Todd C. Miller * Copyright (c) 2002 Michael Stroucken * @@ -26,7 +26,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/plugins/sudoers/auth/sia.c b/plugins/sudoers/auth/sia.c index d9f685e..c6050ca 100644 --- a/plugins/sudoers/auth/sia.c +++ b/plugins/sudoers/auth/sia.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007, 2010-2011 + * Copyright (c) 1999-2005, 2007, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -24,7 +24,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -105,8 +104,8 @@ sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth) if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 1, NULL) != SIASUCCESS) { - log_error(USE_ERRNO|NO_MAIL, - _("unable to initialize SIA session")); + log_warning(USE_ERRNO|NO_MAIL, + N_("unable to initialize SIA session")); debug_return_int(AUTH_FATAL); } diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c index 6362ae4..dbe53ca 100644 --- a/plugins/sudoers/auth/sudo_auth.c +++ b/plugins/sudoers/auth/sudo_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2008-2010 Todd C. Miller + * Copyright (c) 1999-2005, 2008-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -117,9 +116,9 @@ sudo_auth_init(struct passwd *pw) /* Make sure we haven't mixed standalone and shared auth methods. */ standalone = IS_STANDALONE(&auth_switch[0]); if (standalone && auth_switch[1].name != NULL) { - audit_failure(NewArgv, "invalid authentication methods"); - log_fatal(0, _("Invalid authentication methods compiled into sudo! " - "You may mix standalone and non-standalone authentication.")); + audit_failure(NewArgv, N_("invalid authentication methods")); + log_fatal(0, N_("Invalid authentication methods compiled into sudo! " + "You may not mix standalone and non-standalone authentication.")); debug_return_int(-1); } @@ -201,9 +200,9 @@ verify_user(struct passwd *pw, char *prompt, int validated) /* Make sure we have at least one auth method. */ /* XXX - check FLAG_DISABLED too */ if (auth_switch[0].name == NULL) { - audit_failure(NewArgv, "no authentication methods"); - log_error(0, - _("There are no authentication methods compiled into sudo! " + audit_failure(NewArgv, N_("no authentication methods")); + log_warning(0, + N_("There are no authentication methods compiled into sudo! " "If you want to turn off authentication, use the " "--disable-authentication configure option.")); debug_return_int(-1); @@ -291,7 +290,7 @@ sudo_auth_begin_session(struct passwd *pw, char **user_env[]) { sudo_auth *auth; int status = AUTH_SUCCESS; - debug_decl(auth_begin_session, SUDO_DEBUG_AUTH) + debug_decl(sudo_auth_begin_session, SUDO_DEBUG_AUTH) for (auth = auth_switch; auth->name; auth++) { if (auth->begin_session && !IS_DISABLED(auth)) { @@ -303,6 +302,22 @@ sudo_auth_begin_session(struct passwd *pw, char **user_env[]) debug_return_int(status == AUTH_FATAL ? -1 : 1); } +bool +sudo_auth_needs_end_session(void) +{ + sudo_auth *auth; + bool needed = false; + debug_decl(sudo_auth_needs_end_session, SUDO_DEBUG_AUTH) + + for (auth = auth_switch; auth->name; auth++) { + if (auth->end_session && !IS_DISABLED(auth)) { + needed = true; + break; + } + } + debug_return_bool(needed); +} + /* * Call authentication method end session hooks. * Returns 1 on success and -1 on error. @@ -312,7 +327,7 @@ sudo_auth_end_session(struct passwd *pw) { sudo_auth *auth; int status = AUTH_SUCCESS; - debug_decl(auth_end_session, SUDO_DEBUG_AUTH) + debug_decl(sudo_auth_end_session, SUDO_DEBUG_AUTH) for (auth = auth_switch; auth->name; auth++) { if (auth->end_session && !IS_DISABLED(auth)) { diff --git a/plugins/sudoers/auth/sudo_auth.h b/plugins/sudoers/auth/sudo_auth.h index a783661..ea2fb8a 100644 --- a/plugins/sudoers/auth/sudo_auth.h +++ b/plugins/sudoers/auth/sudo_auth.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007-2010 Todd C. Miller + * Copyright (c) 1999-2005, 2007-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/plugins/sudoers/base64.c b/plugins/sudoers/base64.c new file mode 100644 index 0000000..2870ea0 --- /dev/null +++ b/plugins/sudoers/base64.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ + +#include "missing.h" +#include "sudo_debug.h" + +/* + * Decode a NUL-terminated string in base64 format and store the + * result in dst. + */ +size_t +base64_decode(const char *str, unsigned char *dst, size_t dsize) +{ + static const char b64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + const unsigned char *dst0 = dst; + const unsigned char *dend = dst + dsize; + unsigned char ch[4]; + char *pos; + int i; + debug_decl(base64_decode, SUDO_DEBUG_MATCH) + + /* + * Convert from base64 to binary. Each base64 char holds 6 bits of data + * so 4 base64 chars equals 3 chars of data. + * Padding (with the '=' char) may or may not be present. + */ + while (*str != '\0') { + for (i = 0; i < 4; i++) { + switch (*str) { + case '=': + str++; + /* FALLTHROUGH */ + case '\0': + ch[i] = '='; + break; + default: + if ((pos = strchr(b64, *str++)) == NULL) + debug_return_size_t((size_t)-1); + ch[i] = (unsigned char)(pos - b64); + break; + } + } + if (ch[0] == '=' || ch[1] == '=' || dst == dend) + break; + *dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4); + if (ch[2] == '=' || dst == dend) + break; + *dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2); + if (ch[3] == '=' || dst == dend) + break; + *dst++ = ((ch[2] & 0x03) << 6) | ch[3]; + } + debug_return_size_t((size_t)(dst - dst0)); +} diff --git a/plugins/sudoers/boottime.c b/plugins/sudoers/boottime.c index 2c9c074..1ee052c 100644 --- a/plugins/sudoers/boottime.c +++ b/plugins/sudoers/boottime.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2011 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,7 +16,6 @@ #include -#include #include #include @@ -64,7 +63,7 @@ int get_boottime(struct timeval *tv) { - char *line = NULL; + char *ep, *line = NULL; size_t linesize = 0; ssize_t len; FILE * fp; @@ -75,9 +74,21 @@ get_boottime(struct timeval *tv) if (fp != NULL) { while ((len = getline(&line, &linesize, fp)) != -1) { if (strncmp(line, "btime ", 6) == 0) { - tv->tv_sec = atoi(line + 6); - tv->tv_usec = 0; - debug_return_bool(1); +#ifdef HAVE_STRTOLL + long long llval = strtoll(line + 6, &ep, 10); + if (line[6] != '\0' && *ep == '\0' && (time_t)llval == llval) { + tv->tv_sec = (time_t)llval; + tv->tv_usec = 0; + debug_return_bool(1); + } +#else + long lval = strtol(line + 6, &ep, 10); + if (line[6] != '\0' && *ep == '\0' && (time_t)lval == lval) { + tv->tv_sec = (time_t)llval; + tv->tv_usec = 0; + debug_return_bool(1); + } +#endif } } fclose(fp); diff --git a/plugins/sudoers/bsm_audit.c b/plugins/sudoers/bsm_audit.c index bec1cba..baf4a8b 100644 --- a/plugins/sudoers/bsm_audit.c +++ b/plugins/sudoers/bsm_audit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2011 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * Copyright (c) 2009 Christian S.J. Peron * * Permission to use, copy, modify, and distribute this software for any @@ -57,10 +57,10 @@ audit_sudo_selected(int sf) if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { if (errno == ENOSYS) { if (getaudit(&ainfo) < 0) - error(1, _("getaudit: failed")); + fatal("getaudit"); mask = &ainfo.ai_mask; } else - error(1, _("getaudit: failed")); + fatal("getaudit"); } else mask = &ainfo_addr.ai_mask; sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; @@ -87,7 +87,7 @@ bsm_audit_success(char **exec_args) if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { if (errno == AUDIT_NOT_CONFIGURED) return; - error(1, _("Could not determine audit condition")); + fatal(_("Could not determine audit condition")); } if (au_cond == AUC_NOAUDIT) debug_return; @@ -98,9 +98,9 @@ bsm_audit_success(char **exec_args) if (!audit_sudo_selected(0)) debug_return; if (getauid(&auid) < 0) - error(1, _("getauid failed")); + fatal("getauid"); if ((aufd = au_open()) == -1) - error(1, _("au_open: failed")); + fatal("au_open"); if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo_addr.ai_termid); @@ -109,24 +109,24 @@ bsm_audit_success(char **exec_args) * NB: We should probably watch out for ERANGE here. */ if (getaudit(&ainfo) < 0) - error(1, _("getaudit: failed")); + fatal("getaudit"); tok = au_to_subject(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo.ai_termid); } else - error(1, _("getaudit: failed")); + fatal("getaudit"); if (tok == NULL) - error(1, _("au_to_subject: failed")); + fatal("au_to_subject"); au_write(aufd, tok); tok = au_to_exec_args(exec_args); if (tok == NULL) - error(1, _("au_to_exec_args: failed")); + fatal("au_to_exec_args"); au_write(aufd, tok); tok = au_to_return32(0, 0); if (tok == NULL) - error(1, _("au_to_return32: failed")); + fatal("au_to_return32"); au_write(aufd, tok); if (au_close(aufd, 1, AUE_sudo) == -1) - error(1, _("unable to commit audit record")); + fatal(_("unable to commit audit record")); debug_return; } @@ -150,43 +150,43 @@ bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap) if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { if (errno == AUDIT_NOT_CONFIGURED) debug_return; - error(1, _("Could not determine audit condition")); + fatal(_("Could not determine audit condition")); } if (au_cond == AUC_NOAUDIT) debug_return; if (!audit_sudo_selected(1)) debug_return; if (getauid(&auid) < 0) - error(1, _("getauid: failed")); + fatal("getauid"); if ((aufd = au_open()) == -1) - error(1, _("au_open: failed")); + fatal("au_open"); if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo_addr.ai_termid); } else if (errno == ENOSYS) { if (getaudit(&ainfo) < 0) - error(1, _("getaudit: failed")); + fatal("getaudit"); tok = au_to_subject(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo.ai_termid); } else - error(1, _("getaudit: failed")); + fatal("getaudit"); if (tok == NULL) - error(1, _("au_to_subject: failed")); + fatal("au_to_subject"); au_write(aufd, tok); tok = au_to_exec_args(exec_args); if (tok == NULL) - error(1, _("au_to_exec_args: failed")); + fatal("au_to_exec_args"); au_write(aufd, tok); (void) vsnprintf(text, sizeof(text), fmt, ap); tok = au_to_text(text); if (tok == NULL) - error(1, _("au_to_text: failed")); + fatal("au_to_text"); au_write(aufd, tok); tok = au_to_return32(EPERM, 1); if (tok == NULL) - error(1, _("au_to_return32: failed")); + fatal("au_to_return32"); au_write(aufd, tok); if (au_close(aufd, 1, AUE_sudo) == -1) - error(1, _("unable to commit audit record")); + fatal(_("unable to commit audit record")); debug_return; } diff --git a/plugins/sudoers/bsm_audit.h b/plugins/sudoers/bsm_audit.h index bd29764..47cb9d6 100644 --- a/plugins/sudoers/bsm_audit.h +++ b/plugins/sudoers/bsm_audit.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2010 Todd C. Miller + * Copyright (c) 2009-2010, 2013 Todd C. Miller * Copyright (c) 2009 Christian S.J. Peron * * Permission to use, copy, modify, and distribute this software for any @@ -15,10 +15,10 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_BSM_AUDIT_H -#define _SUDO_BSM_AUDIT_H +#ifndef _SUDOERS_BSM_AUDIT_H +#define _SUDOERS_BSM_AUDIT_H void bsm_audit_success(char **); void bsm_audit_failure(char **, char const * const, va_list); -#endif /* _SUDO_BSM_AUDIT_H */ +#endif /* _SUDOERS_BSM_AUDIT_H */ diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c index e89f9b6..8b92710 100644 --- a/plugins/sudoers/check.c +++ b/plugins/sudoers/check.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996,1998-2005, 2007-2011 + * Copyright (c) 1993-1996,1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,18 +22,7 @@ #include #include -#include #include -#include -#ifdef __linux__ -# include -#endif -#if defined(__sun) && defined(__SVR4) -# include -#endif -#ifndef __TANDEM -# include -#endif #include #ifdef STDC_HEADERS # include @@ -57,41 +46,67 @@ #endif #include #include -#include #include #include #include "sudoers.h" +#include "check.h" -/* Status codes for timestamp_status() */ -#define TS_CURRENT 0 -#define TS_OLD 1 -#define TS_MISSING 2 -#define TS_NOFILE 3 -#define TS_ERROR 4 - -/* Flags for timestamp_status() */ -#define TS_MAKE_DIRS 1 -#define TS_REMOVE 2 +static bool display_lecture(int); +static struct passwd *get_authpw(void); /* - * Info stored in tty ticket from stat(2) to help with tty matching. + * Returns true if the user successfully authenticates, false if not + * or -1 on error. */ -static struct tty_info { - dev_t dev; /* ID of device tty resides on */ - dev_t rdev; /* tty device ID */ - ino_t ino; /* tty inode number */ - struct timeval ctime; /* tty inode change time */ - pid_t sid; /* ID of session with controlling tty */ -} tty_info; +static int +check_user_interactive(int validated, int mode, struct passwd *auth_pw) +{ + int status, rval = true; + debug_decl(check_user_interactive, SUDO_DEBUG_AUTH) -static int build_timestamp(char **, char **); -static int timestamp_status(char *, char *, char *, int); -static char *expand_prompt(char *, char *, char *); -static void lecture(int); -static void update_timestamp(char *, char *); -static bool tty_is_devpts(const char *); -static struct passwd *get_authpw(void); + /* Always need a password when -k was specified with the command. */ + if (ISSET(mode, MODE_IGNORE_TICKET)) + SET(validated, FLAG_CHECK_USER); + + if (build_timestamp(auth_pw) == -1) { + rval = -1; + goto done; + } + + status = timestamp_status(auth_pw); + + if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) { + char *prompt; + bool lectured; + + /* Bail out if we are non-interactive and a password is required */ + if (ISSET(mode, MODE_NONINTERACTIVE)) { + validated |= FLAG_NON_INTERACTIVE; + log_auth_failure(validated, 0); + rval = -1; + goto done; + } + + /* XXX - should not lecture if askpass helper is being used. */ + lectured = display_lecture(status); + + /* Expand any escapes in the prompt. */ + prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt, + user_name, user_shost); + + rval = verify_user(auth_pw, prompt, validated); + if (rval == true && lectured) + set_lectured(); + efree(prompt); + } + /* Only update timestamp if user was validated. */ + if (rval == true && ISSET(validated, VALIDATE_OK) && + !ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR) + update_timestamp(auth_pw); +done: + debug_return_bool(rval); +} /* * Returns true if the user successfully authenticates, false if not @@ -101,11 +116,7 @@ int check_user(int validated, int mode) { struct passwd *auth_pw; - char *timestampdir = NULL; - char *timestampfile = NULL; - char *prompt; - struct stat sb; - int status, rval = true; + int rval = true; debug_decl(check_user, SUDO_DEBUG_AUTH) /* @@ -135,52 +146,7 @@ check_user(int validated, int mode) goto done; } - /* Always need a password when -k was specified with the command. */ - if (ISSET(mode, MODE_IGNORE_TICKET)) - SET(validated, FLAG_CHECK_USER); - - /* Stash the tty's device, session ID and ctime for ticket comparison. */ - if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { - tty_info.dev = sb.st_dev; - tty_info.ino = sb.st_ino; - tty_info.rdev = sb.st_rdev; - if (tty_is_devpts(user_ttypath)) - ctim_get(&sb, &tty_info.ctime); - tty_info.sid = user_sid; - } - - if (build_timestamp(×tampdir, ×tampfile) == -1) { - rval = -1; - goto done; - } - - status = timestamp_status(timestampdir, timestampfile, user_name, - TS_MAKE_DIRS); - - if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) { - /* Bail out if we are non-interactive and a password is required */ - if (ISSET(mode, MODE_NONINTERACTIVE)) { - validated |= FLAG_NON_INTERACTIVE; - log_auth_failure(validated, 0); - rval = -1; - goto done; - } - - /* XXX - should not lecture if askpass helper is being used. */ - lecture(status); - - /* Expand any escapes in the prompt. */ - prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt, - user_name, user_shost); - - rval = verify_user(auth_pw, prompt, validated); - } - /* Only update timestamp if user was validated. */ - if (rval == true && ISSET(validated, VALIDATE_OK) && - !ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR) - update_timestamp(timestampdir, timestampfile); - efree(timestampdir); - efree(timestampfile); + rval = check_user_interactive(validated, mode, auth_pw); done: sudo_auth_cleanup(auth_pw); @@ -189,18 +155,12 @@ done: debug_return_bool(rval); } -#define DEFAULT_LECTURE "\n" \ - "We trust you have received the usual lecture from the local System\n" \ - "Administrator. It usually boils down to these three things:\n\n" \ - " #1) Respect the privacy of others.\n" \ - " #2) Think before you type.\n" \ - " #3) With great power comes great responsibility.\n\n" - /* - * Standard sudo lecture. + * Display sudo lecture (standard or custom). + * Returns true if the user was lectured, else false. */ -static void -lecture(int status) +static bool +display_lecture(int status) { FILE *fp; char buf[BUFSIZ]; @@ -210,8 +170,8 @@ lecture(int status) debug_decl(lecture, SUDO_DEBUG_AUTH) if (def_lecture == never || - (def_lecture == once && status != TS_MISSING && status != TS_ERROR)) - debug_return; + (def_lecture == once && already_lectured(status))) + debug_return_bool(false); memset(&msg, 0, sizeof(msg)); memset(&repl, 0, sizeof(repl)); @@ -226,180 +186,15 @@ lecture(int status) fclose(fp); } else { msg.msg_type = SUDO_CONV_ERROR_MSG; - msg.msg = _(DEFAULT_LECTURE); + msg.msg = _("\n" + "We trust you have received the usual lecture from the local System\n" + "Administrator. It usually boils down to these three things:\n\n" + " #1) Respect the privacy of others.\n" + " #2) Think before you type.\n" + " #3) With great power comes great responsibility.\n\n"); sudo_conv(1, &msg, &repl); } - debug_return; -} - -/* - * Update the time on the timestamp file/dir or create it if necessary. - */ -static void -update_timestamp(char *timestampdir, char *timestampfile) -{ - debug_decl(update_timestamp, SUDO_DEBUG_AUTH) - - /* If using tty timestamps but we have no tty there is nothing to do. */ - if (def_tty_tickets && !user_ttypath) - debug_return; - - if (timestamp_uid != 0) - set_perms(PERM_TIMESTAMP); - if (timestampfile) { - /* - * Store tty info in timestamp file - */ - int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600); - if (fd == -1) - log_error(USE_ERRNO, _("unable to open %s"), timestampfile); - else { - lock_file(fd, SUDO_LOCK); - if (write(fd, &tty_info, sizeof(tty_info)) != sizeof(tty_info)) { - log_error(USE_ERRNO, _("unable to write to %s"), - timestampfile); - } - close(fd); - } - } else { - if (touch(-1, timestampdir, NULL) == -1) { - if (mkdir(timestampdir, 0700) == -1) { - log_error(USE_ERRNO, _("unable to mkdir %s"), - timestampdir); - } - } - } - if (timestamp_uid != 0) - restore_perms(); - debug_return; -} - -/* - * Expand %h and %u escapes in the prompt and pass back the dynamically - * allocated result. Returns the same string if there are no escapes. - */ -static char * -expand_prompt(char *old_prompt, char *user, char *host) -{ - size_t len, n; - int subst; - char *p, *np, *new_prompt, *endp; - debug_decl(expand_prompt, SUDO_DEBUG_AUTH) - - /* How much space do we need to malloc for the prompt? */ - subst = 0; - for (p = old_prompt, len = strlen(old_prompt); *p; p++) { - if (p[0] =='%') { - switch (p[1]) { - case 'h': - p++; - len += strlen(user_shost) - 2; - subst = 1; - break; - case 'H': - p++; - len += strlen(user_host) - 2; - subst = 1; - break; - case 'p': - p++; - if (def_rootpw) - len += 2; - else if (def_targetpw || def_runaspw) - len += strlen(runas_pw->pw_name) - 2; - else - len += strlen(user_name) - 2; - subst = 1; - break; - case 'u': - p++; - len += strlen(user_name) - 2; - subst = 1; - break; - case 'U': - p++; - len += strlen(runas_pw->pw_name) - 2; - subst = 1; - break; - case '%': - p++; - len--; - subst = 1; - break; - default: - break; - } - } - } - - if (subst) { - new_prompt = emalloc(++len); - endp = new_prompt + len; - for (p = old_prompt, np = new_prompt; *p; p++) { - if (p[0] =='%') { - switch (p[1]) { - case 'h': - p++; - n = strlcpy(np, user_shost, np - endp); - if (n >= np - endp) - goto oflow; - np += n; - continue; - case 'H': - p++; - n = strlcpy(np, user_host, np - endp); - if (n >= np - endp) - goto oflow; - np += n; - continue; - case 'p': - p++; - if (def_rootpw) - n = strlcpy(np, "root", np - endp); - else if (def_targetpw || def_runaspw) - n = strlcpy(np, runas_pw->pw_name, np - endp); - else - n = strlcpy(np, user_name, np - endp); - if (n >= np - endp) - goto oflow; - np += n; - continue; - case 'u': - p++; - n = strlcpy(np, user_name, np - endp); - if (n >= np - endp) - goto oflow; - np += n; - continue; - case 'U': - p++; - n = strlcpy(np, runas_pw->pw_name, np - endp); - if (n >= np - endp) - goto oflow; - np += n; - continue; - case '%': - /* convert %% -> % */ - p++; - break; - default: - /* no conversion */ - break; - } - } - *np++ = *p; - if (np >= endp) - goto oflow; - } - *np = '\0'; - } else - new_prompt = old_prompt; - - debug_return_str(new_prompt); - -oflow: - /* We pre-allocate enough space, so this should never happen. */ - errorx(1, _("internal error, %s overflow"), "expand_prompt()"); + debug_return_bool(true); } /* @@ -416,338 +211,6 @@ user_is_exempt(void) debug_return_bool(rval); } -/* - * Fills in timestampdir as well as timestampfile if using tty tickets. - */ -static int -build_timestamp(char **timestampdir, char **timestampfile) -{ - char *dirparent; - int len; - debug_decl(build_timestamp, SUDO_DEBUG_AUTH) - - dirparent = def_timestampdir; - *timestampfile = NULL; - len = easprintf(timestampdir, "%s/%s", dirparent, user_name); - if (len >= PATH_MAX) - goto bad; - - /* - * Timestamp file may be a file in the directory or NUL to use - * the directory as the timestamp. - */ - if (def_tty_tickets) { - char *p; - - if ((p = strrchr(user_tty, '/'))) - p++; - else - p = user_tty; - if (def_targetpw) - len = easprintf(timestampfile, "%s/%s/%s:%s", dirparent, user_name, - p, runas_pw->pw_name); - else - len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p); - if (len >= PATH_MAX) - goto bad; - } else if (def_targetpw) { - len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, - runas_pw->pw_name); - if (len >= PATH_MAX) - goto bad; - } else - *timestampfile = NULL; - - debug_return_int(len); -bad: - log_fatal(0, _("timestamp path too long: %s"), - *timestampfile ? *timestampfile : *timestampdir); - /* NOTREACHED */ - debug_return_int(-1); -} - -/* - * Check the timestamp file and directory and return their status. - */ -static int -timestamp_status(char *timestampdir, char *timestampfile, char *user, int flags) -{ - struct stat sb; - struct timeval boottime, mtime; - time_t now; - char *dirparent = def_timestampdir; - int status = TS_ERROR; /* assume the worst */ - debug_decl(timestamp_status, SUDO_DEBUG_AUTH) - - if (timestamp_uid != 0) - set_perms(PERM_TIMESTAMP); - - /* - * Sanity check dirparent and make it if it doesn't already exist. - * We start out assuming the worst (that the dir is not sane) and - * if it is ok upgrade the status to ``no timestamp file''. - * Note that we don't check the parent(s) of dirparent for - * sanity since the sudo dir is often just located in /tmp. - */ - if (lstat(dirparent, &sb) == 0) { - if (!S_ISDIR(sb.st_mode)) - log_error(0, _("%s exists but is not a directory (0%o)"), - dirparent, (unsigned int) sb.st_mode); - else if (sb.st_uid != timestamp_uid) - log_error(0, _("%s owned by uid %u, should be uid %u"), - dirparent, (unsigned int) sb.st_uid, - (unsigned int) timestamp_uid); - else if ((sb.st_mode & 0000022)) - log_error(0, - _("%s writable by non-owner (0%o), should be mode 0700"), - dirparent, (unsigned int) sb.st_mode); - else { - if ((sb.st_mode & 0000777) != 0700) - (void) chmod(dirparent, 0700); - status = TS_MISSING; - } - } else if (errno != ENOENT) { - log_error(USE_ERRNO, _("unable to stat %s"), dirparent); - } else { - /* No dirparent, try to make one. */ - if (ISSET(flags, TS_MAKE_DIRS)) { - if (mkdir(dirparent, S_IRWXU)) - log_error(USE_ERRNO, _("unable to mkdir %s"), - dirparent); - else - status = TS_MISSING; - } - } - if (status == TS_ERROR) - goto done; - - /* - * Sanity check the user's ticket dir. We start by downgrading - * the status to TS_ERROR. If the ticket dir exists and is sane - * this will be upgraded to TS_OLD. If the dir does not exist, - * it will be upgraded to TS_MISSING. - */ - status = TS_ERROR; /* downgrade status again */ - if (lstat(timestampdir, &sb) == 0) { - if (!S_ISDIR(sb.st_mode)) { - if (S_ISREG(sb.st_mode)) { - /* convert from old style */ - if (unlink(timestampdir) == 0) - status = TS_MISSING; - } else - log_error(0, _("%s exists but is not a directory (0%o)"), - timestampdir, (unsigned int) sb.st_mode); - } else if (sb.st_uid != timestamp_uid) - log_error(0, _("%s owned by uid %u, should be uid %u"), - timestampdir, (unsigned int) sb.st_uid, - (unsigned int) timestamp_uid); - else if ((sb.st_mode & 0000022)) - log_error(0, - _("%s writable by non-owner (0%o), should be mode 0700"), - timestampdir, (unsigned int) sb.st_mode); - else { - if ((sb.st_mode & 0000777) != 0700) - (void) chmod(timestampdir, 0700); - status = TS_OLD; /* do date check later */ - } - } else if (errno != ENOENT) { - log_error(USE_ERRNO, _("unable to stat %s"), timestampdir); - } else - status = TS_MISSING; - - /* - * If there is no user ticket dir, AND we are in tty ticket mode, - * AND the TS_MAKE_DIRS flag is set, create the user ticket dir. - */ - if (status == TS_MISSING && timestampfile && ISSET(flags, TS_MAKE_DIRS)) { - if (mkdir(timestampdir, S_IRWXU) == -1) { - status = TS_ERROR; - log_error(USE_ERRNO, _("unable to mkdir %s"), timestampdir); - } - } - - /* - * Sanity check the tty ticket file if it exists. - */ - if (timestampfile && status != TS_ERROR) { - if (status != TS_MISSING) - status = TS_NOFILE; /* dir there, file missing */ - if (def_tty_tickets && !user_ttypath) - goto done; /* no tty, always prompt */ - if (lstat(timestampfile, &sb) == 0) { - if (!S_ISREG(sb.st_mode)) { - status = TS_ERROR; - log_error(0, _("%s exists but is not a regular file (0%o)"), - timestampfile, (unsigned int) sb.st_mode); - } else { - /* If bad uid or file mode, complain and kill the bogus file. */ - if (sb.st_uid != timestamp_uid) { - log_error(0, - _("%s owned by uid %u, should be uid %u"), - timestampfile, (unsigned int) sb.st_uid, - (unsigned int) timestamp_uid); - (void) unlink(timestampfile); - } else if ((sb.st_mode & 0000022)) { - log_error(0, - _("%s writable by non-owner (0%o), should be mode 0600"), - timestampfile, (unsigned int) sb.st_mode); - (void) unlink(timestampfile); - } else { - /* If not mode 0600, fix it. */ - if ((sb.st_mode & 0000777) != 0600) - (void) chmod(timestampfile, 0600); - - /* - * Check for stored tty info. If the file is zero-sized - * it is an old-style timestamp with no tty info in it. - * If removing, we don't care about the contents. - * The actual mtime check is done later. - */ - if (ISSET(flags, TS_REMOVE)) { - status = TS_OLD; - } else if (sb.st_size != 0) { - struct tty_info info; - int fd = open(timestampfile, O_RDONLY, 0644); - if (fd != -1) { - if (read(fd, &info, sizeof(info)) == sizeof(info) && - memcmp(&info, &tty_info, sizeof(info)) == 0) { - status = TS_OLD; - } - close(fd); - } - } - } - } - } else if (errno != ENOENT) { - log_error(USE_ERRNO, _("unable to stat %s"), timestampfile); - status = TS_ERROR; - } - } - - /* - * If the file/dir exists and we are not removing it, check its mtime. - */ - if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) { - mtim_get(&sb, &mtime); - if (timevalisset(&mtime)) { - /* Negative timeouts only expire manually (sudo -k). */ - if (def_timestamp_timeout < 0) { - status = TS_CURRENT; - } else { - now = time(NULL); - if (def_timestamp_timeout && - now - mtime.tv_sec < 60 * def_timestamp_timeout) { - /* - * Check for bogus time on the stampfile. The clock may - * have been set back or user could be trying to spoof us. - */ - if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { - time_t tv_sec = (time_t)mtime.tv_sec; - log_error(0, - _("timestamp too far in the future: %20.20s"), - 4 + ctime(&tv_sec)); - if (timestampfile) - (void) unlink(timestampfile); - else - (void) rmdir(timestampdir); - status = TS_MISSING; - } else if (get_boottime(&boottime) && - timevalcmp(&mtime, &boottime, <)) { - status = TS_OLD; - } else { - status = TS_CURRENT; - } - } - } - } - } - -done: - if (timestamp_uid != 0) - restore_perms(); - debug_return_int(status); -} - -/* - * Remove the timestamp ticket file/dir. - */ -void -remove_timestamp(bool remove) -{ - struct timeval tv; - char *timestampdir, *timestampfile, *path; - int status; - debug_decl(remove_timestamp, SUDO_DEBUG_AUTH) - - if (build_timestamp(×tampdir, ×tampfile) == -1) - debug_return; - - status = timestamp_status(timestampdir, timestampfile, user_name, - TS_REMOVE); - if (status != TS_MISSING && status != TS_ERROR) { - path = timestampfile ? timestampfile : timestampdir; - if (remove) { - if (timestampfile) - status = unlink(timestampfile); - else - status = rmdir(timestampdir); - if (status == -1 && errno != ENOENT) { - log_error(0, - _("unable to remove %s (%s), will reset to the epoch"), - path, strerror(errno)); - remove = false; - } - } - if (!remove) { - timevalclear(&tv); - if (touch(-1, path, &tv) == -1 && errno != ENOENT) - error(1, _("unable to reset %s to the epoch"), path); - } - } - efree(timestampdir); - efree(timestampfile); - - debug_return; -} - -/* - * Returns true if tty lives on a devpts, /dev or /devices filesystem, else - * false. Unlike most filesystems, the ctime of devpts nodes is not updated - * when the device node is written to, only when the inode's status changes, - * typically via the chmod, chown, link, rename, or utimes system calls. - * Since the ctime is "stable" in this case, we can stash it the tty ticket - * file and use it to determine whether the tty ticket file is stale. - */ -static bool -tty_is_devpts(const char *tty) -{ - bool retval = false; -#ifdef __linux__ - struct statfs sfs; - debug_decl(tty_is_devpts, SUDO_DEBUG_PTY) - -#ifndef DEVPTS_SUPER_MAGIC -# define DEVPTS_SUPER_MAGIC 0x1cd1 -#endif - - if (statfs(tty, &sfs) == 0) { - if (sfs.f_type == DEVPTS_SUPER_MAGIC) - retval = true; - } -#elif defined(__sun) && defined(__SVR4) - struct statvfs sfs; - debug_decl(tty_is_devpts, SUDO_DEBUG_PTY) - - if (statvfs(tty, &sfs) == 0) { - if (strcmp(sfs.f_fstr, "dev") == 0 || strcmp(sfs.f_fstr, "devices") == 0) - retval = true; - } -#else - debug_decl(tty_is_devpts, SUDO_DEBUG_PTY) -#endif /* __linux__ */ - debug_return_bool(retval); -} - /* * Get passwd entry for the user we are going to authenticate as. * By default, this is the user invoking sudo. In the most common @@ -761,13 +224,13 @@ get_authpw(void) if (def_rootpw) { if ((pw = sudo_getpwuid(ROOT_UID)) == NULL) - log_fatal(0, _("unknown uid: %u"), ROOT_UID); + log_fatal(0, N_("unknown uid: %u"), ROOT_UID); } else if (def_runaspw) { if ((pw = sudo_getpwnam(def_runas_default)) == NULL) - log_fatal(0, _("unknown user: %s"), def_runas_default); + log_fatal(0, N_("unknown user: %s"), def_runas_default); } else if (def_targetpw) { if (runas_pw->pw_name == NULL) - log_fatal(NO_MAIL|MSG_ONLY, _("unknown uid: %u"), + log_fatal(NO_MAIL|MSG_ONLY, N_("unknown uid: %u"), (unsigned int) runas_pw->pw_uid); sudo_pw_addref(runas_pw); pw = runas_pw; diff --git a/plugins/sudoers/check.h b/plugins/sudoers/check.h new file mode 100644 index 0000000..5d73756 --- /dev/null +++ b/plugins/sudoers/check.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1993-1996,1998-2005, 2007-2013 + * Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +#ifndef _SUDOERS_CHECK_H +#define _SUDOERS_CHECK_H + +/* Status codes for timestamp_status() */ +#define TS_CURRENT 0 +#define TS_OLD 1 +#define TS_MISSING 2 +#define TS_NOFILE 3 +#define TS_ERROR 4 + +/* This may be a function in some implementations. */ +#define already_lectured(s) (s != TS_MISSING && s != TS_ERROR) + +/* + * Info stored in tty ticket from stat(2) to help with tty matching. + */ +struct sudo_tty_info { + dev_t dev; /* ID of device tty resides on */ + dev_t rdev; /* tty device ID */ + ino_t ino; /* tty inode number */ + uid_t uid; /* tty owner */ + gid_t gid; /* tty group */ + pid_t sid; /* ID of session with controlling tty */ +}; + +bool update_timestamp(struct passwd *pw); +int build_timestamp(struct passwd *pw); +int timestamp_status(struct passwd *pw); + +#endif /* _SUDOERS_CHECK_H */ diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c index ff8f21f..c4a5dd1 100644 --- a/plugins/sudoers/def_data.c +++ b/plugins/sudoers/def_data.c @@ -350,6 +350,18 @@ struct sudo_defs_types sudo_defs_table[] = { "limitprivs", T_STR, N_("Set of limit privileges"), NULL, + }, { + "exec_background", T_FLAG, + N_("Run commands on a pty in the background"), + NULL, + }, { + "pam_session", T_FLAG, + N_("Create a new PAM session for the command to run in"), + NULL, + }, { + "maxseq", T_UINT, + N_("Maximum I/O log sequence number"), + NULL, }, { NULL, 0, NULL } diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h index 774b399..36fba1b 100644 --- a/plugins/sudoers/def_data.h +++ b/plugins/sudoers/def_data.h @@ -162,6 +162,12 @@ #define I_PRIVS 80 #define def_limitprivs (sudo_defs_table[81].sd_un.str) #define I_LIMITPRIVS 81 +#define def_exec_background (sudo_defs_table[82].sd_un.flag) +#define I_EXEC_BACKGROUND 82 +#define def_pam_session (sudo_defs_table[83].sd_un.flag) +#define I_PAM_SESSION 83 +#define def_maxseq (sudo_defs_table[84].sd_un.ival) +#define I_MAXSEQ 84 enum def_tuple { never, diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in index 430f235..9f8ffa0 100644 --- a/plugins/sudoers/def_data.in +++ b/plugins/sudoers/def_data.in @@ -259,3 +259,12 @@ privs limitprivs T_STR "Set of limit privileges" +exec_background + T_FLAG + "Run commands on a pty in the background" +pam_session + T_FLAG + "Create a new PAM session for the command to run in" +maxseq + T_UINT + "Maximum I/O log sequence number" diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index 7125667..277cf3f 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007-2011 + * Copyright (c) 1999-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,7 +22,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -422,6 +421,11 @@ init_defaults(void) def_env_reset = ENV_RESET; def_set_logname = true; def_closefrom = STDERR_FILENO + 1; +#ifdef NO_PAM_SESSION + def_pam_session = false; +#else + def_pam_session = true; +#endif /* Syslog options need special care since they both strings and ints */ #if (LOGGING & SLOG_SYSLOG) @@ -452,7 +456,7 @@ init_defaults(void) /* Now do the strings */ def_mailto = estrdup(MAILTO); - def_mailsub = estrdup(_(MAILSUBJECT)); + def_mailsub = estrdup(N_(MAILSUBJECT)); def_badpass_message = estrdup(_(INCORRECT_PASSWORD)); def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR); def_passprompt = estrdup(_(PASSPROMPT)); @@ -500,10 +504,21 @@ update_defaults(int what) rc = false; break; case DEFAULTS_USER: +#if 1 + if (ISSET(what, SETDEF_USER)) { + int m; + m = userlist_matches(sudo_user.pw, &def->binding); + if (m == ALLOW) { + if (!set_default(def->var, def->val, def->op)) + rc = false; + } + } +#else if (ISSET(what, SETDEF_USER) && userlist_matches(sudo_user.pw, &def->binding) == ALLOW && !set_default(def->var, def->val, def->op)) rc = false; +#endif break; case DEFAULTS_RUNAS: if (ISSET(what, SETDEF_RUNAS) && diff --git a/plugins/sudoers/defaults.h b/plugins/sudoers/defaults.h index bd8ddf8..082a001 100644 --- a/plugins/sudoers/defaults.h +++ b/plugins/sudoers/defaults.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2008-2010 + * Copyright (c) 1999-2005, 2008-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -19,8 +19,8 @@ * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ -#ifndef _SUDO_DEFAULTS_H -#define _SUDO_DEFAULTS_H +#ifndef _SUDOERS_DEFAULTS_H +#define _SUDOERS_DEFAULTS_H #include @@ -113,4 +113,4 @@ bool check_defaults(int what, bool quiet); extern struct sudo_defs_types sudo_defs_table[]; -#endif /* _SUDO_DEFAULTS_H */ +#endif /* _SUDOERS_DEFAULTS_H */ diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index d678fa1..5e88221 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2005, 2007-2011 + * Copyright (c) 2000-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,7 +22,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -286,12 +285,12 @@ sudo_putenv_nodebug(char *str, bool dupcheck, bool overwrite) size_t nsize; if (env.env_size > SIZE_MAX - 128) { - errorx2(1, _("internal error, %s overflow"), + fatalx_nodebug(_("internal error, %s overflow"), "sudo_putenv_nodebug()"); } nsize = env.env_size + 128; if (nsize > SIZE_MAX / sizeof(char *)) { - errorx2(1, _("internal error, %s overflow"), + fatalx_nodebug(_("internal error, %s overflow"), "sudo_putenv_nodebug()"); } nenvp = realloc(env.envp, nsize * sizeof(char *)); @@ -365,9 +364,9 @@ sudo_putenv(char *str, bool dupcheck, bool overwrite) if (rval == -1) { #ifdef ENV_DEBUG if (env.envp[env.env_len] != NULL) - errorx(1, _("sudo_putenv: corrupted envp, length mismatch")); + fatalx(_("sudo_putenv: corrupted envp, length mismatch")); #endif - errorx(1, _("unable to allocate memory")); + fatalx(NULL); } debug_return_int(rval); } @@ -393,7 +392,7 @@ sudo_setenv2(const char *var, const char *val, bool dupcheck, bool overwrite) strlcat(estring, "=", esize) >= esize || strlcat(estring, val, esize) >= esize) { - errorx(1, _("internal error, %s overflow"), "sudo_setenv2()"); + fatalx(_("internal error, %s overflow"), "sudo_setenv2()"); } rval = sudo_putenv(estring, dupcheck, overwrite); if (rval == -1) @@ -401,6 +400,15 @@ sudo_setenv2(const char *var, const char *val, bool dupcheck, bool overwrite) debug_return_int(rval); } +/* + * Similar to setenv(3) but operates on a private copy of the environment. + */ +int +sudo_setenv(const char *var, const char *val, int overwrite) +{ + return sudo_setenv2(var, val, true, (bool)overwrite); +} + /* * Similar to setenv(3) but operates on a private copy of the environment. * Does not include warnings or debugging to avoid recursive calls. @@ -408,49 +416,48 @@ sudo_setenv2(const char *var, const char *val, bool dupcheck, bool overwrite) static int sudo_setenv_nodebug(const char *var, const char *val, int overwrite) { - char *estring; + char *ep, *estring = NULL; + const char *cp; size_t esize; int rval = -1; - esize = strlen(var) + 1 + strlen(val) + 1; - if ((estring = malloc(esize)) == NULL) { - errno = ENOMEM; + if (var == NULL || *var == '\0') { + errno = EINVAL; goto done; } - /* Build environment string and insert it. */ - if (strlcpy(estring, var, esize) >= esize || - strlcat(estring, "=", esize) >= esize || - strlcat(estring, val, esize) >= esize) { + /* + * POSIX says a var name with '=' is an error but BSD + * just ignores the '=' and anything after it. + */ + for (cp = var; *cp && *cp != '='; cp++) + ; + esize = (size_t)(cp - var) + 2; + if (val) { + esize += strlen(val); /* glibc treats a NULL val as "" */ + } - errno = EINVAL; + /* Allocate and fill in estring. */ + if ((estring = ep = malloc(esize)) == NULL) { + errno = ENOMEM; goto done; } + for (cp = var; *cp && *cp != '='; cp++) + *ep++ = *cp; + *ep++ = '='; + if (val) { + for (cp = val; *cp; cp++) + *ep++ = *cp; + } + *ep = '\0'; + rval = sudo_putenv_nodebug(estring, true, overwrite); done: if (rval == -1) - efree(estring); + free(estring); return rval; } -/* - * Similar to setenv(3) but operates on a private copy of the environment. - */ -int -sudo_setenv(const char *var, const char *val, int overwrite) -{ - int rval; - debug_decl(sudo_setenv, SUDO_DEBUG_ENV) - - rval = sudo_setenv_nodebug(var, val, overwrite); - if (rval == -1) { - if (errno == EINVAL) - errorx(1, _("internal error, %s overflow"), "sudo_setenv()"); - errorx(1, _("unable to allocate memory")); - } - debug_return_int(rval); -} - /* * Similar to unsetenv(3) but operates on a private copy of the environment. * Does not include warnings or debugging to avoid recursive calls. @@ -1002,7 +1009,7 @@ validate_env_vars(char * const env_vars[]) if (bad != NULL) { bad[blen - 2] = '\0'; /* remove trailing ", " */ log_fatal(NO_MAIL, - _("sorry, you are not allowed to set the following environment variables: %s"), bad); + N_("sorry, you are not allowed to set the following environment variables: %s"), bad); /* NOTREACHED */ efree(bad); } @@ -1022,15 +1029,15 @@ void read_env_file(const char *path, int overwrite) { FILE *fp; - char *cp, *var, *val; - size_t var_len, val_len; + char *cp, *var, *val, *line = NULL; + size_t var_len, val_len, linesize = 0; if ((fp = fopen(path, "r")) == NULL) return; - while ((var = sudo_parseln(fp)) != NULL) { + while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { /* Skip blank or comment lines */ - if (*var == '\0') + if (*(var = line) == '\0') continue; /* Skip optional "export " */ @@ -1062,6 +1069,7 @@ read_env_file(const char *path, int overwrite) sudo_putenv(cp, true, overwrite); } + free(line); fclose(fp); } @@ -1105,7 +1113,21 @@ sudoers_hook_getenv(const char *name, char **value, void *closure) return SUDO_HOOK_RET_NEXT; in_progress = true; + + /* Hack to make GNU gettext() find the sudoers locale when needed. */ + if (*name == 'L' && sudoers_getlocale() == SUDOERS_LOCALE_SUDOERS) { + if (strcmp(name, "LANGUAGE") == 0 || strcmp(name, "LANG") == 0) { + *value = NULL; + goto done; + } + if (strcmp(name, "LC_ALL") == 0 || strcmp(name, "LC_MESSAGES") == 0) { + *value = def_sudoers_locale; + goto done; + } + } + *value = sudo_getenv_nodebug(name); +done: in_progress = false; return SUDO_HOOK_RET_STOP; } diff --git a/plugins/sudoers/find_path.c b/plugins/sudoers/find_path.c index 208b88e..2d52613 100644 --- a/plugins/sudoers/find_path.c +++ b/plugins/sudoers/find_path.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2010-2011 + * Copyright (c) 1996, 1998-2005, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,7 +22,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -65,8 +64,10 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path, int len; /* length parameter */ debug_decl(find_path, SUDO_DEBUG_UTIL) - if (strlen(infile) >= PATH_MAX) - errorx(1, _("%s: %s"), infile, strerror(ENAMETOOLONG)); + if (strlen(infile) >= PATH_MAX) { + errno = ENAMETOOLONG; + fatal("%s", infile); + } /* * If we were given a fully qualified or relative path @@ -104,8 +105,10 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path, * Resolve the path and exit the loop if found. */ len = snprintf(command, sizeof(command), "%s/%s", path, infile); - if (len <= 0 || len >= sizeof(command)) - errorx(1, _("%s: %s"), infile, strerror(ENAMETOOLONG)); + if (len <= 0 || len >= sizeof(command)) { + errno = ENAMETOOLONG; + fatal("%s", infile); + } if ((found = sudo_goodpath(command, sbp))) break; @@ -119,8 +122,10 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path, */ if (!found && checkdot) { len = snprintf(command, sizeof(command), "./%s", infile); - if (len <= 0 || len >= sizeof(command)) - errorx(1, _("%s: %s"), infile, strerror(ENAMETOOLONG)); + if (len <= 0 || len >= sizeof(command)) { + errno = ENAMETOOLONG; + fatal("%s", infile); + } found = sudo_goodpath(command, sbp); if (found && ignore_dot) debug_return_int(NOT_FOUND_DOT); diff --git a/plugins/sudoers/getdate.c b/plugins/sudoers/getdate.c index b577e9a..16abf3a 100644 --- a/plugins/sudoers/getdate.c +++ b/plugins/sudoers/getdate.c @@ -654,9 +654,8 @@ Convert(Month, Day, Year, Hours, Minutes, Seconds, Meridian, DSTmode) } DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0) ? 29 : 28; - /* Checking for 2038 bogusly assumes that time_t is 32 bits. But - I'm too lazy to try to check for time_t overflow in another way. */ - if (Year < EPOCH || Year > 2038 + /* 32-bit time_t cannot represent years past 2038 */ + if (Year < EPOCH || (sizeof(time_t) == sizeof(int) && Year > 2038) || Month < 1 || Month > 12 /* Lint fluff: "conversion from long may lose accuracy" */ || Day < 1 || Day > DaysInMonth[(int)--Month]) @@ -1028,7 +1027,7 @@ main(ac, av) /* NOTREACHED */ } #endif /* defined(TEST) */ -#line 979 "getdate.c" +#line 978 "getdate.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) @@ -1040,28 +1039,25 @@ static int yygrowstack() short *newss; YYSTYPE *newvs; - if ((newsize = yystacksize) == 0) - newsize = YYINITSTACKSIZE; - else if (newsize >= YYMAXDEPTH) + newsize = yystacksize ? yystacksize : YYINITSTACKSIZE; + if (newsize >= YYMAXDEPTH) return -1; else if ((newsize *= 2) > YYMAXDEPTH) newsize = YYMAXDEPTH; - i = yyssp - yyss; #ifdef SIZE_MAX #define YY_SIZE_MAX SIZE_MAX #else #define YY_SIZE_MAX 0x7fffffff #endif - if (!newsize || YY_SIZE_MAX / newsize < sizeof *newss) + if (YY_SIZE_MAX / newsize < sizeof *newss) goto bail; + i = yyssp - yyss; newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) : (short *)malloc(newsize * sizeof *newss); /* overflow check above */ if (newss == NULL) goto bail; yyss = newss; yyssp = newss + i; - if (!newsize || YY_SIZE_MAX / newsize < sizeof *newvs) - goto bail; newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) : (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */ if (newvs == NULL) @@ -1523,7 +1519,7 @@ case 41: yyval.Meridian = yyvsp[0].Meridian; } break; -#line 1474 "getdate.c" +#line 1470 "getdate.c" } yyssp -= yym; yystate = *yyssp; diff --git a/plugins/sudoers/getdate.y b/plugins/sudoers/getdate.y index 5ebe29e..bd411a0 100644 --- a/plugins/sudoers/getdate.y +++ b/plugins/sudoers/getdate.y @@ -586,9 +586,8 @@ Convert(Month, Day, Year, Hours, Minutes, Seconds, Meridian, DSTmode) } DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0) ? 29 : 28; - /* Checking for 2038 bogusly assumes that time_t is 32 bits. But - I'm too lazy to try to check for time_t overflow in another way. */ - if (Year < EPOCH || Year > 2038 + /* 32-bit time_t cannot represent years past 2038 */ + if (Year < EPOCH || (sizeof(time_t) == sizeof(int) && Year > 2038) || Month < 1 || Month > 12 /* Lint fluff: "conversion from long may lose accuracy" */ || Day < 1 || Day > DaysInMonth[(int)--Month]) diff --git a/plugins/sudoers/getspwuid.c b/plugins/sudoers/getspwuid.c index e98db83..1263942 100644 --- a/plugins/sudoers/getspwuid.c +++ b/plugins/sudoers/getspwuid.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2010 + * Copyright (c) 1996, 1998-2005, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -23,7 +23,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include diff --git a/plugins/sudoers/goodpath.c b/plugins/sudoers/goodpath.c index 2a8446b..1d0eee2 100644 --- a/plugins/sudoers/goodpath.c +++ b/plugins/sudoers/goodpath.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2010-2011 + * Copyright (c) 1996, 1998-2005, 2010-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -23,7 +23,6 @@ #include #include -#include #include #ifdef HAVE_STRING_H # include diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 7de57f8..46e15be 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -9,10 +9,36 @@ #define yyclearin (yychar=(YYEMPTY)) #define yyerrok (yyerrflag=0) #define YYRECOVERING() (yyerrflag!=0) -#define YYPREFIX "yy" +#define yyparse sudoersparse +#define yylex sudoerslex +#define yyerror sudoerserror +#define yychar sudoerschar +#define yyval sudoersval +#define yylval sudoerslval +#define yydebug sudoersdebug +#define yynerrs sudoersnerrs +#define yyerrflag sudoerserrflag +#define yyss sudoersss +#define yysslim sudoerssslim +#define yyssp sudoersssp +#define yyvs sudoersvs +#define yyvsp sudoersvsp +#define yystacksize sudoersstacksize +#define yylhs sudoerslhs +#define yylen sudoerslen +#define yydefred sudoersdefred +#define yydgoto sudoersdgoto +#define yysindex sudoerssindex +#define yyrindex sudoersrindex +#define yygindex sudoersgindex +#define yytable sudoerstable +#define yycheck sudoerscheck +#define yyname sudoersname +#define yyrule sudoersrule +#define YYPREFIX "sudoers" #line 2 "gram.y" /* - * Copyright (c) 1996, 1998-2005, 2007-2012 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -37,7 +63,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -67,7 +92,6 @@ #include "sudoers.h" /* XXX */ #include "parse.h" #include "toke.h" -#include "gram.h" /* * We must define SIZE_MAX for yacc's skeleton.c. @@ -103,33 +127,8 @@ static void add_defaults(int, struct member *, struct defaults *); static void add_userspec(struct member *, struct privilege *); static struct defaults *new_default(char *, char *, int); static struct member *new_member(char *, int); - void yyerror(const char *); - -void -yyerror(const char *s) -{ - debug_decl(yyerror, SUDO_DEBUG_PARSER) - - /* If we last saw a newline the error is on the preceding line. */ - if (last_token == COMMENT) - sudolineno--; - - /* Save the line the first error occurred on. */ - if (errorlineno == -1) { - errorlineno = sudolineno; - errorfile = estrdup(sudoers); - } - if (sudoers_warnings && s != NULL) { - LEXTRACE("<*> "); -#ifndef TRACELEXER - if (trace_print == NULL || trace_print == sudoers_trace_print) - warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno); -#endif - } - parse_error = true; - debug_return; -} -#line 122 "gram.y" +static struct sudo_digest *new_digest(int, const char *); +#line 95 "gram.y" #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { @@ -138,6 +137,7 @@ typedef union { struct member *member; struct runascontainer *runas; struct privilege *privilege; + struct sudo_digest *digest; struct sudo_command command; struct cmndtag tag; struct selinux_info seinfo; @@ -154,372 +154,391 @@ typedef union { #define NETGROUP 261 #define USERGROUP 262 #define WORD 263 -#define DEFAULTS 264 -#define DEFAULTS_HOST 265 -#define DEFAULTS_USER 266 -#define DEFAULTS_RUNAS 267 -#define DEFAULTS_CMND 268 -#define NOPASSWD 269 -#define PASSWD 270 -#define NOEXEC 271 -#define EXEC 272 -#define SETENV 273 -#define NOSETENV 274 -#define LOG_INPUT 275 -#define NOLOG_INPUT 276 -#define LOG_OUTPUT 277 -#define NOLOG_OUTPUT 278 -#define ALL 279 -#define COMMENT 280 -#define HOSTALIAS 281 -#define CMNDALIAS 282 -#define USERALIAS 283 -#define RUNASALIAS 284 -#define ERROR 285 -#define TYPE 286 -#define ROLE 287 -#define PRIVS 288 -#define LIMITPRIVS 289 -#define MYSELF 290 +#define DIGEST 264 +#define DEFAULTS 265 +#define DEFAULTS_HOST 266 +#define DEFAULTS_USER 267 +#define DEFAULTS_RUNAS 268 +#define DEFAULTS_CMND 269 +#define NOPASSWD 270 +#define PASSWD 271 +#define NOEXEC 272 +#define EXEC 273 +#define SETENV 274 +#define NOSETENV 275 +#define LOG_INPUT 276 +#define NOLOG_INPUT 277 +#define LOG_OUTPUT 278 +#define NOLOG_OUTPUT 279 +#define ALL 280 +#define COMMENT 281 +#define HOSTALIAS 282 +#define CMNDALIAS 283 +#define USERALIAS 284 +#define RUNASALIAS 285 +#define ERROR 286 +#define TYPE 287 +#define ROLE 288 +#define PRIVS 289 +#define LIMITPRIVS 290 +#define MYSELF 291 +#define SHA224 292 +#define SHA256 293 +#define SHA384 294 +#define SHA512 295 #define YYERRCODE 256 #if defined(__cplusplus) || defined(__STDC__) -const short yylhs[] = +const short sudoerslhs[] = #else -short yylhs[] = +short sudoerslhs[] = #endif { -1, - 0, 0, 28, 28, 29, 29, 29, 29, 29, 29, - 29, 29, 29, 29, 29, 29, 4, 4, 3, 3, - 3, 3, 3, 20, 20, 19, 10, 10, 8, 8, - 8, 8, 8, 2, 2, 1, 6, 6, 23, 24, - 22, 22, 22, 22, 22, 26, 27, 25, 25, 25, - 25, 25, 17, 17, 18, 18, 18, 18, 18, 21, - 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, - 5, 5, 5, 31, 31, 34, 9, 9, 32, 32, - 35, 7, 7, 33, 33, 36, 30, 30, 37, 13, - 13, 11, 11, 12, 12, 12, 12, 12, 16, 16, - 14, 14, 15, 15, 15, + 0, 0, 30, 30, 31, 31, 31, 31, 31, 31, + 31, 31, 31, 31, 31, 31, 4, 4, 3, 3, + 3, 3, 3, 21, 21, 20, 11, 11, 9, 9, + 9, 9, 9, 2, 2, 1, 29, 29, 29, 29, + 7, 7, 6, 6, 24, 25, 23, 23, 23, 23, + 23, 27, 28, 26, 26, 26, 26, 26, 18, 18, + 19, 19, 19, 19, 19, 22, 22, 22, 22, 22, + 22, 22, 22, 22, 22, 22, 5, 5, 5, 33, + 33, 36, 10, 10, 34, 34, 37, 8, 8, 35, + 35, 38, 32, 32, 39, 14, 14, 12, 12, 13, + 13, 13, 13, 13, 17, 17, 15, 15, 16, 16, + 16, }; #if defined(__cplusplus) || defined(__STDC__) -const short yylen[] = +const short sudoerslen[] = #else -short yylen[] = +short sudoerslen[] = #endif { 2, 0, 1, 1, 2, 1, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 1, 3, 1, 2, 3, 3, 3, 1, 3, 3, 1, 2, 1, 1, - 1, 1, 1, 1, 3, 5, 1, 2, 3, 3, - 0, 1, 1, 2, 2, 3, 3, 0, 1, 1, - 2, 2, 0, 3, 0, 1, 3, 2, 1, 0, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 1, 1, 1, 1, 3, 3, 1, 3, 1, 3, - 3, 1, 3, 1, 3, 3, 1, 3, 3, 1, - 3, 1, 2, 1, 1, 1, 1, 1, 1, 3, - 1, 2, 1, 1, 1, + 1, 1, 1, 1, 3, 5, 3, 3, 3, 3, + 1, 2, 1, 2, 3, 3, 0, 1, 1, 2, + 2, 3, 3, 0, 1, 1, 2, 2, 0, 3, + 0, 1, 3, 2, 1, 0, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, + 3, 3, 1, 3, 1, 3, 3, 1, 3, 1, + 3, 3, 1, 3, 3, 1, 3, 1, 2, 1, + 1, 1, 1, 1, 1, 3, 1, 2, 1, 1, + 1, }; #if defined(__cplusplus) || defined(__STDC__) -const short yydefred[] = +const short sudoersdefred[] = #else -short yydefred[] = +short sudoersdefred[] = #endif { 0, - 0, 94, 96, 97, 98, 0, 0, 0, 0, 0, - 95, 5, 0, 0, 0, 0, 0, 0, 90, 92, + 0, 100, 102, 103, 104, 0, 0, 0, 0, 0, + 101, 5, 0, 0, 0, 0, 0, 0, 96, 98, 0, 0, 3, 6, 0, 0, 17, 0, 29, 32, - 31, 33, 30, 0, 27, 0, 77, 0, 0, 73, - 72, 71, 0, 37, 82, 0, 0, 0, 74, 0, - 0, 79, 0, 0, 87, 0, 0, 84, 93, 0, - 0, 24, 0, 4, 0, 0, 0, 20, 0, 28, - 0, 0, 0, 0, 38, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 91, 0, 0, 21, 22, - 23, 18, 78, 83, 0, 75, 0, 80, 0, 88, - 0, 85, 0, 34, 0, 0, 25, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 103, 105, 104, 0, - 99, 101, 0, 0, 54, 35, 0, 0, 0, 0, - 60, 0, 0, 44, 45, 102, 0, 0, 40, 39, - 0, 0, 0, 51, 52, 100, 46, 47, 61, 62, - 63, 64, 65, 66, 67, 68, 69, 70, 36, + 31, 33, 30, 0, 27, 0, 83, 0, 0, 79, + 78, 77, 0, 0, 0, 0, 0, 43, 41, 88, + 0, 0, 0, 0, 80, 0, 0, 85, 0, 0, + 93, 0, 0, 90, 99, 0, 0, 24, 0, 4, + 0, 0, 0, 20, 0, 28, 0, 0, 0, 0, + 44, 0, 0, 0, 0, 0, 0, 42, 0, 0, + 0, 0, 0, 0, 0, 0, 97, 0, 0, 21, + 22, 23, 18, 84, 37, 38, 39, 40, 89, 0, + 81, 0, 86, 0, 94, 0, 91, 0, 34, 0, + 0, 25, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 109, 111, 110, 0, 105, 107, 0, 0, 60, + 35, 0, 0, 0, 0, 66, 0, 0, 50, 51, + 108, 0, 0, 46, 45, 0, 0, 0, 57, 58, + 106, 52, 53, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 36, }; #if defined(__cplusplus) || defined(__STDC__) -const short yydgoto[] = +const short sudoersdgoto[] = #else -short yydgoto[] = +short sudoersdgoto[] = #endif { 18, - 104, 105, 27, 28, 44, 45, 46, 35, 61, 37, - 19, 20, 21, 121, 122, 123, 106, 110, 62, 63, - 143, 114, 115, 116, 131, 132, 133, 22, 23, 54, - 48, 51, 57, 49, 52, 58, 55, + 119, 120, 27, 28, 48, 49, 50, 51, 35, 67, + 37, 19, 20, 21, 136, 137, 138, 121, 125, 68, + 69, 158, 129, 130, 131, 146, 147, 148, 52, 22, + 23, 60, 54, 57, 63, 55, 58, 64, 61, }; #if defined(__cplusplus) || defined(__STDC__) -const short yysindex[] = +const short sudoerssindex[] = #else -short yysindex[] = +short sudoerssindex[] = #endif - { 541, - -270, 0, 0, 0, 0, -21, -5, 553, 553, 20, - 0, 0, -242, -229, -216, -214, -240, 0, 0, 0, - -27, 541, 0, 0, -18, -227, 0, 2, 0, 0, - 0, 0, 0, -223, 0, -33, 0, -31, -31, 0, - 0, 0, -243, 0, 0, -24, -12, -6, 0, 3, - 4, 0, 5, 7, 0, 6, 10, 0, 0, 553, - -20, 0, 11, 0, -206, -193, -191, 0, -21, 0, - -5, 2, 2, 2, 0, 20, 2, -5, -242, 20, - -229, 553, -216, 553, -214, 0, 33, -5, 0, 0, - 0, 0, 0, 0, 31, 0, 32, 0, 34, 0, - 34, 0, 513, 0, 35, -226, 0, 86, -25, 36, - 33, 19, 21, -234, -202, -201, 0, 0, 0, -232, - 0, 0, 41, 86, 0, 0, -176, -173, 37, 38, - 0, -198, -195, 0, 0, 0, 86, 41, 0, 0, - -169, -168, 569, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0,}; + { -33, + -277, 0, 0, 0, 0, -13, 75, 105, 105, -15, + 0, 0, -246, -241, -217, -210, -226, 0, 0, 0, + -5, -33, 0, 0, -3, -244, 0, 5, 0, 0, + 0, 0, 0, -237, 0, -28, 0, -19, -19, 0, + 0, 0, -251, -7, -1, 4, 7, 0, 0, 0, + -14, -20, -2, 8, 0, 6, 11, 0, 9, 13, + 0, 12, 14, 0, 0, 105, -11, 0, 18, 0, + -203, -200, -188, 0, -13, 0, 75, 5, 5, 5, + 0, -187, -185, -184, -183, -15, 5, 0, 75, -246, + -15, -241, 105, -217, 105, -210, 0, 42, 75, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 39, + 0, 40, 0, 43, 0, 43, 0, 45, 0, 44, + -279, 0, 135, -6, 49, 42, 25, 32, -243, -195, + -192, 0, 0, 0, -236, 0, 0, 54, 135, 0, + 0, -164, -163, 41, 46, 0, -189, -180, 0, 0, + 0, 135, 54, 0, 0, -159, -158, 585, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) -const short yyrindex[] = +const short sudoersrindex[] = #else -short yyrindex[] = +short sudoersrindex[] = #endif - { 96, + { 106, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 110, 0, 0, 1, 0, 0, 181, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 97, 0, 0, 1, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 207, 0, 0, - 237, 0, 0, 271, 0, 0, 300, 0, 0, 0, - 0, 0, 329, 0, 0, 0, 0, 0, 0, 0, - 0, 358, 387, 417, 0, 0, 446, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 463, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 59, 0, 89, 0, - 118, 0, 60, 0, 148, -28, 0, 62, 63, 0, - 463, 0, 0, 594, 489, 512, 0, 0, 0, 0, - 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, - 0, 623, 653, 0, 0, 0, 0, 65, 0, 0, + 0, 0, 0, 211, 0, 0, 241, 0, 0, 271, + 0, 0, 301, 0, 0, 0, 0, 0, 331, 0, + 0, 0, 0, 0, 0, 0, 0, 361, 391, 421, + 0, 0, 0, 0, 0, 0, 451, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 467, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 31, + 0, 61, 0, 91, 0, 121, 0, 70, 0, 151, + 495, 0, 71, 72, 0, 467, 0, 0, 615, 525, + 555, 0, 0, 0, 0, 0, 0, 73, 0, 0, + 0, 0, 0, 0, 0, 0, 645, 675, 0, 0, + 0, 0, 74, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0,}; + 0, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) -const short yygindex[] = +const short sudoersgindex[] = #else -short yygindex[] = +short sudoersgindex[] = #endif { 0, - -11, 0, 39, 12, 66, -72, 27, 76, -4, 40, - 52, 98, -1, -23, -7, -8, 0, 0, 42, 0, - 0, 0, 8, 13, 0, -13, -9, 0, 99, 0, - 0, 0, 0, 46, 45, 44, 48, + -10, 0, 47, 17, 80, 65, -84, 27, 92, -4, + 48, 62, 112, 2, -25, 10, -9, 0, 0, 33, + 0, 0, 0, 3, 16, 0, -17, -12, 0, 0, + 111, 0, 0, 0, 0, 50, 51, 52, 53, }; -#define YYTABLESIZE 932 +#define YYTABLESIZE 970 #if defined(__cplusplus) || defined(__STDC__) -const short yytable[] = +const short sudoerstable[] = #else -short yytable[] = +short sudoerstable[] = #endif - { 26, - 19, 26, 36, 94, 41, 34, 38, 39, 26, 24, - 71, 26, 60, 40, 41, 47, 60, 2, 60, 76, - 3, 4, 5, 71, 66, 117, 67, 34, 50, 76, - 118, 68, 124, 19, 29, 42, 30, 31, 11, 32, - 87, 53, 65, 56, 19, 69, 119, 72, 78, 73, - 74, 79, 43, 129, 130, 33, 89, 77, 81, 112, - 113, 81, 76, 80, 83, 82, 84, 85, 88, 90, - 159, 91, 103, 95, 71, 76, 125, 60, 111, 127, - 99, 128, 101, 112, 137, 113, 139, 76, 89, 140, - 130, 81, 129, 147, 148, 1, 2, 141, 142, 126, - 55, 109, 59, 56, 58, 57, 97, 92, 75, 70, - 93, 86, 136, 146, 59, 138, 81, 86, 120, 145, - 64, 89, 144, 135, 96, 98, 0, 134, 102, 107, - 100, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 89, 26, 0, 0, - 86, 0, 0, 0, 0, 0, 0, 0, 0, 0, + { 17, + 19, 109, 36, 24, 26, 40, 41, 127, 128, 38, + 39, 53, 43, 26, 74, 77, 56, 43, 26, 26, + 29, 132, 30, 31, 66, 32, 133, 34, 42, 86, + 82, 2, 77, 19, 3, 4, 5, 66, 66, 72, + 59, 73, 33, 134, 19, 144, 145, 62, 75, 98, + 82, 139, 78, 11, 79, 80, 83, 71, 89, 100, + 87, 84, 101, 82, 85, 90, 91, 87, 92, 93, + 94, 96, 95, 174, 102, 99, 105, 17, 106, 107, + 108, 118, 77, 86, 110, 142, 66, 126, 82, 140, + 95, 127, 143, 87, 114, 128, 116, 152, 154, 155, + 145, 156, 123, 162, 163, 1, 157, 34, 144, 2, + 61, 65, 62, 64, 63, 141, 88, 112, 87, 124, + 92, 103, 81, 95, 104, 76, 161, 97, 65, 153, + 160, 122, 70, 150, 159, 0, 0, 17, 0, 111, + 0, 0, 113, 0, 151, 149, 115, 117, 95, 0, + 26, 0, 0, 92, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 135, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 92, 0, + 12, 0, 0, 26, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 26, 0, + 9, 0, 0, 12, 0, 0, 0, 0, 0, 0, + 0, 0, 1, 0, 2, 0, 0, 3, 4, 5, + 25, 6, 7, 8, 9, 10, 40, 41, 0, 25, + 10, 40, 41, 9, 25, 25, 11, 12, 13, 14, + 15, 16, 29, 0, 30, 31, 19, 32, 19, 42, + 0, 19, 19, 19, 42, 19, 19, 19, 19, 19, + 8, 0, 0, 10, 33, 0, 44, 45, 46, 47, + 19, 19, 19, 19, 19, 19, 82, 0, 82, 0, + 0, 82, 82, 82, 0, 82, 82, 82, 82, 82, + 11, 0, 2, 8, 0, 3, 4, 5, 0, 0, + 82, 82, 82, 82, 82, 82, 87, 0, 87, 0, + 0, 87, 87, 87, 11, 87, 87, 87, 87, 87, + 7, 0, 29, 11, 30, 31, 0, 32, 0, 0, + 87, 87, 87, 87, 87, 87, 95, 0, 95, 0, + 0, 95, 95, 95, 33, 95, 95, 95, 95, 95, + 15, 0, 2, 7, 0, 3, 4, 5, 0, 0, + 95, 95, 95, 95, 95, 95, 92, 0, 92, 0, + 0, 92, 92, 92, 11, 92, 92, 92, 92, 92, + 13, 0, 132, 15, 0, 0, 0, 133, 0, 0, + 92, 92, 92, 92, 92, 92, 26, 0, 26, 0, + 0, 26, 26, 26, 134, 26, 26, 26, 26, 26, + 14, 0, 0, 13, 0, 0, 0, 0, 0, 0, + 26, 26, 26, 26, 26, 26, 12, 0, 12, 0, + 0, 12, 12, 12, 0, 12, 12, 12, 12, 12, + 16, 0, 0, 14, 0, 0, 0, 0, 0, 0, + 12, 12, 12, 12, 12, 12, 9, 0, 9, 0, + 0, 9, 9, 9, 0, 9, 9, 9, 9, 9, + 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, + 9, 9, 9, 9, 9, 9, 10, 0, 10, 59, + 0, 10, 10, 10, 0, 10, 10, 10, 10, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 86, 12, 0, 0, 0, - 26, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 10, 10, 10, 10, 10, 10, 8, 47, 8, 0, + 0, 8, 8, 8, 0, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 26, 9, 0, 0, 12, + 8, 8, 8, 8, 8, 8, 11, 48, 11, 0, + 0, 11, 11, 11, 0, 11, 11, 11, 11, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 25, 0, 25, 41, 41, - 29, 0, 30, 31, 25, 32, 10, 25, 0, 9, - 41, 41, 41, 41, 41, 41, 41, 41, 41, 41, - 41, 33, 29, 0, 30, 31, 19, 32, 19, 41, - 41, 19, 19, 19, 19, 19, 19, 19, 19, 10, - 8, 0, 0, 33, 0, 0, 40, 41, 0, 19, - 19, 19, 19, 19, 19, 76, 0, 76, 0, 0, - 76, 76, 76, 76, 76, 76, 76, 76, 42, 11, - 0, 0, 0, 8, 0, 0, 0, 0, 76, 76, - 76, 76, 76, 76, 81, 0, 81, 0, 0, 81, - 81, 81, 81, 81, 81, 81, 81, 0, 7, 0, - 0, 0, 11, 0, 0, 0, 0, 81, 81, 81, - 81, 81, 81, 117, 89, 0, 89, 0, 118, 89, - 89, 89, 89, 89, 89, 89, 89, 15, 0, 0, - 0, 7, 0, 0, 119, 0, 0, 89, 89, 89, - 89, 89, 89, 86, 0, 86, 0, 0, 86, 86, - 86, 86, 86, 86, 86, 86, 13, 0, 0, 0, - 15, 0, 0, 0, 0, 0, 86, 86, 86, 86, - 86, 86, 0, 26, 0, 26, 0, 0, 26, 26, - 26, 26, 26, 26, 26, 26, 14, 0, 0, 13, - 0, 0, 0, 0, 0, 0, 26, 26, 26, 26, - 26, 26, 12, 0, 12, 0, 0, 12, 12, 12, - 12, 12, 12, 12, 12, 16, 0, 0, 0, 14, - 0, 0, 0, 0, 0, 12, 12, 12, 12, 12, - 12, 0, 9, 0, 9, 0, 0, 9, 9, 9, - 9, 9, 9, 9, 9, 0, 0, 0, 16, 0, - 0, 0, 0, 0, 0, 9, 9, 9, 9, 9, - 9, 0, 10, 0, 10, 53, 0, 10, 10, 10, - 10, 10, 10, 10, 10, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 10, 10, 10, 10, 10, - 10, 42, 0, 0, 0, 0, 8, 0, 8, 0, - 0, 8, 8, 8, 8, 8, 8, 8, 8, 0, - 0, 0, 0, 0, 43, 17, 0, 0, 0, 8, - 8, 8, 8, 8, 8, 11, 0, 11, 0, 0, - 11, 11, 11, 11, 11, 11, 11, 11, 0, 0, - 108, 0, 0, 17, 0, 0, 0, 0, 11, 11, - 11, 11, 11, 11, 7, 17, 7, 0, 0, 7, - 7, 7, 7, 7, 7, 7, 7, 0, 0, 0, - 0, 43, 0, 0, 0, 0, 0, 7, 7, 7, - 7, 7, 7, 15, 0, 15, 0, 0, 15, 15, - 15, 15, 15, 15, 15, 15, 48, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 15, 15, 15, 15, - 15, 15, 13, 0, 13, 0, 0, 13, 13, 13, - 13, 13, 13, 13, 13, 49, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 13, 13, 13, 13, 13, - 13, 0, 14, 0, 14, 0, 0, 14, 14, 14, - 14, 14, 14, 14, 14, 50, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 14, 14, 14, 14, 14, - 14, 16, 0, 16, 0, 0, 16, 16, 16, 16, - 16, 16, 16, 16, 0, 0, 0, 0, 0, 53, - 53, 0, 0, 0, 16, 16, 16, 16, 16, 16, - 0, 53, 53, 53, 53, 53, 53, 53, 53, 53, - 53, 53, 0, 0, 0, 42, 42, 0, 53, 53, - 53, 53, 0, 0, 0, 0, 0, 42, 42, 42, - 42, 42, 42, 42, 42, 42, 42, 42, 43, 43, - 2, 0, 0, 3, 4, 5, 42, 42, 0, 0, - 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, - 43, 11, 0, 0, 0, 0, 1, 0, 2, 43, - 43, 3, 4, 5, 6, 7, 8, 9, 10, 0, - 2, 0, 0, 3, 4, 5, 0, 0, 0, 11, - 12, 13, 14, 15, 16, 40, 41, 0, 0, 0, - 0, 11, 0, 0, 0, 0, 0, 149, 150, 151, - 152, 153, 154, 155, 156, 157, 158, 42, 0, 0, - 48, 48, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 48, 48, 48, 48, 48, 48, 48, 48, - 48, 48, 48, 0, 0, 0, 0, 0, 0, 49, - 49, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 49, 49, 49, 49, 49, 49, 49, 49, 49, - 49, 49, 0, 0, 0, 0, 0, 0, 0, 50, - 50, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 50, 50, 50, 50, 50, 50, 50, 50, 50, - 50, 50, + 11, 11, 11, 11, 11, 11, 7, 49, 7, 0, + 0, 7, 7, 7, 0, 7, 7, 7, 7, 7, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 7, 7, 7, 7, 7, 7, 15, 43, 15, 0, + 0, 15, 15, 15, 0, 15, 15, 15, 15, 15, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 15, 15, 15, 15, 15, 15, 13, 54, 13, 0, + 0, 13, 13, 13, 0, 13, 13, 13, 13, 13, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 13, 13, 13, 13, 13, 13, 14, 55, 14, 0, + 0, 14, 14, 14, 0, 14, 14, 14, 14, 14, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 14, 14, 14, 14, 14, 14, 16, 56, 16, 0, + 0, 16, 16, 16, 0, 16, 16, 16, 16, 16, + 0, 0, 0, 59, 59, 0, 0, 0, 0, 0, + 16, 16, 16, 16, 16, 16, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 59, 59, 0, 0, 0, + 0, 47, 47, 59, 59, 59, 59, 0, 59, 59, + 59, 59, 0, 0, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 0, 0, 0, 0, 0, + 0, 48, 48, 47, 47, 0, 47, 47, 47, 47, + 0, 0, 0, 0, 48, 48, 48, 48, 48, 48, + 48, 48, 48, 48, 48, 0, 0, 0, 0, 0, + 0, 49, 49, 48, 48, 0, 48, 48, 48, 48, + 0, 0, 0, 0, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 0, 0, 0, 0, 0, + 0, 40, 41, 49, 49, 0, 49, 49, 49, 49, + 0, 0, 0, 0, 164, 165, 166, 167, 168, 169, + 170, 171, 172, 173, 42, 0, 0, 0, 0, 0, + 0, 54, 54, 0, 0, 0, 44, 45, 46, 47, + 0, 0, 0, 0, 54, 54, 54, 54, 54, 54, + 54, 54, 54, 54, 54, 0, 0, 0, 0, 0, + 0, 55, 55, 0, 0, 0, 54, 54, 54, 54, + 0, 0, 0, 0, 55, 55, 55, 55, 55, 55, + 55, 55, 55, 55, 55, 0, 0, 0, 0, 0, + 0, 56, 56, 0, 0, 0, 55, 55, 55, 55, + 0, 0, 0, 0, 56, 56, 56, 56, 56, 56, + 56, 56, 56, 56, 56, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 56, 56, 56, 56, }; #if defined(__cplusplus) || defined(__STDC__) -const short yycheck[] = +const short sudoerscheck[] = #else -short yycheck[] = +short sudoerscheck[] = #endif { 33, - 0, 33, 7, 76, 33, 33, 8, 9, 33, 280, - 44, 33, 44, 257, 258, 258, 44, 258, 44, 44, - 261, 262, 263, 44, 43, 258, 45, 33, 258, 0, - 263, 259, 58, 33, 258, 279, 260, 261, 279, 263, - 61, 258, 61, 258, 44, 44, 279, 36, 61, 38, - 39, 58, 33, 288, 289, 279, 263, 46, 0, 286, - 287, 58, 33, 61, 58, 61, 61, 58, 58, 263, - 143, 263, 40, 78, 44, 44, 41, 44, 44, 61, - 82, 61, 84, 286, 44, 287, 263, 58, 0, 263, - 289, 33, 288, 263, 263, 0, 0, 61, 61, 111, - 41, 103, 41, 41, 41, 41, 80, 69, 43, 34, - 71, 60, 120, 137, 17, 124, 58, 0, 33, 133, - 22, 33, 132, 116, 79, 81, -1, 115, 85, 88, - 83, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 58, 0, -1, -1, - 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 0, 86, 7, 281, 33, 257, 258, 287, 288, 8, + 9, 258, 33, 33, 259, 44, 258, 33, 33, 33, + 258, 258, 260, 261, 44, 263, 263, 33, 280, 44, + 0, 258, 44, 33, 261, 262, 263, 44, 44, 43, + 258, 45, 280, 280, 44, 289, 290, 258, 44, 61, + 58, 58, 36, 280, 38, 39, 58, 61, 61, 263, + 0, 58, 263, 33, 58, 58, 61, 51, 58, 61, + 58, 58, 61, 158, 263, 58, 264, 33, 264, 264, + 264, 40, 44, 44, 89, 61, 44, 44, 58, 41, + 0, 287, 61, 33, 93, 288, 95, 44, 263, 263, + 290, 61, 58, 263, 263, 0, 61, 33, 289, 0, + 41, 41, 41, 41, 41, 126, 52, 91, 58, 118, + 0, 75, 43, 33, 77, 34, 152, 66, 17, 139, + 148, 99, 22, 131, 147, -1, -1, 33, -1, 90, + -1, -1, 92, -1, 135, 130, 94, 96, 58, -1, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 33, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 58, -1, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 58, -1, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, + -1, -1, 256, -1, 258, -1, -1, 261, 262, 263, + 259, 265, 266, 267, 268, 269, 257, 258, -1, 259, + 0, 257, 258, 33, 259, 259, 280, 281, 282, 283, + 284, 285, 258, -1, 260, 261, 256, 263, 258, 280, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, -1, 33, 280, -1, 292, 293, 294, 295, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + 0, -1, 258, 33, -1, 261, 262, 263, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, 258, 33, 260, 261, -1, 263, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, 258, 33, -1, 261, 262, 263, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, 258, 33, -1, -1, -1, 263, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, 33, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, 33, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 58, 0, -1, -1, -1, - 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 58, 0, -1, -1, 33, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 259, -1, 259, 257, 258, - 258, -1, 260, 261, 259, 263, 0, 259, -1, 33, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 279, 258, -1, 260, 261, 256, 263, 258, 288, - 289, 261, 262, 263, 264, 265, 266, 267, 268, 33, - 0, -1, -1, 279, -1, -1, 257, 258, -1, 279, - 280, 281, 282, 283, 284, 256, -1, 258, -1, -1, - 261, 262, 263, 264, 265, 266, 267, 268, 279, 0, - -1, -1, -1, 33, -1, -1, -1, -1, 279, 280, - 281, 282, 283, 284, 256, -1, 258, -1, -1, 261, - 262, 263, 264, 265, 266, 267, 268, -1, 0, -1, - -1, -1, 33, -1, -1, -1, -1, 279, 280, 281, - 282, 283, 284, 258, 256, -1, 258, -1, 263, 261, - 262, 263, 264, 265, 266, 267, 268, 0, -1, -1, - -1, 33, -1, -1, 279, -1, -1, 279, 280, 281, - 282, 283, 284, 256, -1, 258, -1, -1, 261, 262, - 263, 264, 265, 266, 267, 268, 0, -1, -1, -1, - 33, -1, -1, -1, -1, -1, 279, 280, 281, 282, - 283, 284, -1, 256, -1, 258, -1, -1, 261, 262, - 263, 264, 265, 266, 267, 268, 0, -1, -1, 33, - -1, -1, -1, -1, -1, -1, 279, 280, 281, 282, - 283, 284, 256, -1, 258, -1, -1, 261, 262, 263, - 264, 265, 266, 267, 268, 0, -1, -1, -1, 33, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, -1, 256, -1, 258, -1, -1, 261, 262, 263, - 264, 265, 266, 267, 268, -1, -1, -1, 33, -1, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, -1, 256, -1, 258, 33, -1, 261, 262, 263, - 264, 265, 266, 267, 268, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, 33, -1, -1, -1, -1, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, 267, 268, -1, - -1, -1, -1, -1, 33, 33, -1, -1, -1, 279, - 280, 281, 282, 283, 284, 256, -1, 258, -1, -1, - 261, 262, 263, 264, 265, 266, 267, 268, -1, -1, - 58, -1, -1, 33, -1, -1, -1, -1, 279, 280, - 281, 282, 283, 284, 256, 33, 258, -1, -1, 261, - 262, 263, 264, 265, 266, 267, 268, -1, -1, -1, - -1, 33, -1, -1, -1, -1, -1, 279, 280, 281, - 282, 283, 284, 256, -1, 258, -1, -1, 261, 262, - 263, 264, 265, 266, 267, 268, 33, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 279, 280, 281, 282, - 283, 284, 256, -1, 258, -1, -1, 261, 262, 263, - 264, 265, 266, 267, 268, 33, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, -1, 256, -1, 258, -1, -1, 261, 262, 263, - 264, 265, 266, 267, 268, 33, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, 256, -1, 258, -1, -1, 261, 262, 263, 264, - 265, 266, 267, 268, -1, -1, -1, -1, -1, 257, - 258, -1, -1, -1, 279, 280, 281, 282, 283, 284, - -1, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, -1, -1, -1, 257, 258, -1, 286, 287, - 288, 289, -1, -1, -1, -1, -1, 269, 270, 271, - 272, 273, 274, 275, 276, 277, 278, 279, 257, 258, - 258, -1, -1, 261, 262, 263, 288, 289, -1, -1, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 279, -1, -1, -1, -1, 256, -1, 258, 288, - 289, 261, 262, 263, 264, 265, 266, 267, 268, -1, - 258, -1, -1, 261, 262, 263, -1, -1, -1, 279, - 280, 281, 282, 283, 284, 257, 258, -1, -1, -1, - -1, 279, -1, -1, -1, -1, -1, 269, 270, 271, - 272, 273, 274, 275, 276, 277, 278, 279, -1, -1, - 257, 258, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 269, 270, 271, 272, 273, 274, 275, 276, - 277, 278, 279, -1, -1, -1, -1, -1, -1, 257, - 258, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, -1, -1, -1, -1, -1, -1, -1, 257, - 258, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, 257, 258, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 270, 271, 272, 273, + 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, + -1, 257, 258, 287, 288, 289, 290, -1, 292, 293, + 294, 295, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, 289, 290, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, 289, 290, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, 289, 290, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, -1, -1, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, -1, -1, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, -1, -1, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 292, 293, 294, 295, }; #define YYFINAL 18 #ifndef YYDEBUG #define YYDEBUG 0 #endif -#define YYMAXTOKEN 290 +#define YYMAXTOKEN 295 #if YYDEBUG #if defined(__cplusplus) || defined(__STDC__) -const char * const yyname[] = +const char * const sudoersname[] = #else -char *yyname[] = +char *sudoersname[] = #endif { "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, @@ -529,16 +548,17 @@ char *yyname[] = 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS", -"DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD", -"PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT", -"LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS", -"RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS","MYSELF", +"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DIGEST", +"DEFAULTS","DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND", +"NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT", +"NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS", +"CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS", +"MYSELF","SHA224","SHA256","SHA384","SHA512", }; #if defined(__cplusplus) || defined(__STDC__) -const char * const yyrule[] = +const char * const sudoersrule[] = #else -char *yyrule[] = +char *sudoersrule[] = #endif {"$accept : file", "file :", @@ -576,7 +596,13 @@ char *yyrule[] = "host : WORD", "cmndspeclist : cmndspec", "cmndspeclist : cmndspeclist ',' cmndspec", -"cmndspec : runasspec selinux solarisprivs cmndtag opcmnd", +"cmndspec : runasspec selinux solarisprivs cmndtag digcmnd", +"digest : SHA224 ':' DIGEST", +"digest : SHA256 ':' DIGEST", +"digest : SHA384 ':' DIGEST", +"digest : SHA512 ':' DIGEST", +"digcmnd : opcmnd", +"digcmnd : digest opcmnd", "opcmnd : cmnd", "opcmnd : '!' cmnd", "rolespec : ROLE '=' WORD", @@ -622,8 +648,8 @@ char *yyrule[] = "cmndaliases : cmndalias", "cmndaliases : cmndaliases ':' cmndalias", "cmndalias : ALIAS '=' cmndlist", -"cmndlist : opcmnd", -"cmndlist : cmndlist ',' opcmnd", +"cmndlist : digcmnd", +"cmndlist : cmndlist ',' digcmnd", "runasaliases : runasalias", "runasaliases : runasaliases ':' runasalias", "runasalias : ALIAS '=' userlist", @@ -673,7 +699,39 @@ short *yyss; short *yysslim; YYSTYPE *yyvs; int yystacksize; -#line 674 "gram.y" +#line 681 "gram.y" +void +sudoerserror(const char *s) +{ + debug_decl(sudoerserror, SUDO_DEBUG_PARSER) + + /* If we last saw a newline the error is on the preceding line. */ + if (last_token == COMMENT) + sudolineno--; + + /* Save the line the first error occurred on. */ + if (errorlineno == -1) { + errorlineno = sudolineno; + errorfile = estrdup(sudoers); + } + if (sudoers_warnings && s != NULL) { + LEXTRACE("<*> "); +#ifndef TRACELEXER + if (trace_print == NULL || trace_print == sudoers_trace_print) { + const char fmt[] = ">>> %s: %s near line %d <<<\n"; + int oldlocale; + + /* Warnings are displayed in the user's locale. */ + sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); + sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), sudolineno); + sudoers_setlocale(oldlocale, NULL); + } +#endif + } + parse_error = true; + debug_return; +} + static struct defaults * new_default(char *var, char *val, int op) { @@ -707,6 +765,19 @@ new_member(char *name, int type) debug_return_ptr(m); } +struct sudo_digest * +new_digest(int digest_type, const char *digest_str) +{ + struct sudo_digest *dig; + debug_decl(new_digest, SUDO_DEBUG_PARSER) + + dig = emalloc(sizeof(*dig)); + dig->digest_type = digest_type; + dig->digest_str = estrdup(digest_str); + + debug_return_ptr(dig); +} + /* * Add a list of defaults structures to the defaults list. * The binding, if non-NULL, specifies a list of hosts, users, or @@ -876,7 +947,7 @@ init_parser(const char *path, bool quiet) debug_return; } -#line 827 "gram.c" +#line 898 "gram.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) @@ -1079,127 +1150,127 @@ yyreduce: switch (yyn) { case 1: -#line 204 "gram.y" +#line 185 "gram.y" { ; } break; case 5: -#line 212 "gram.y" +#line 193 "gram.y" { ; } break; case 6: -#line 215 "gram.y" +#line 196 "gram.y" { yyerrok; } break; case 7: -#line 218 "gram.y" +#line 199 "gram.y" { add_userspec(yyvsp[-1].member, yyvsp[0].privilege); } break; case 8: -#line 221 "gram.y" +#line 202 "gram.y" { ; } break; case 9: -#line 224 "gram.y" +#line 205 "gram.y" { ; } break; case 10: -#line 227 "gram.y" +#line 208 "gram.y" { ; } break; case 11: -#line 230 "gram.y" +#line 211 "gram.y" { ; } break; case 12: -#line 233 "gram.y" +#line 214 "gram.y" { add_defaults(DEFAULTS, NULL, yyvsp[0].defaults); } break; case 13: -#line 236 "gram.y" +#line 217 "gram.y" { add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults); } break; case 14: -#line 239 "gram.y" +#line 220 "gram.y" { add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults); } break; case 15: -#line 242 "gram.y" +#line 223 "gram.y" { add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults); } break; case 16: -#line 245 "gram.y" +#line 226 "gram.y" { add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults); } break; case 18: -#line 251 "gram.y" +#line 232 "gram.y" { list_append(yyvsp[-2].defaults, yyvsp[0].defaults); yyval.defaults = yyvsp[-2].defaults; } break; case 19: -#line 257 "gram.y" +#line 238 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, true); } break; case 20: -#line 260 "gram.y" +#line 241 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, false); } break; case 21: -#line 263 "gram.y" +#line 244 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true); } break; case 22: -#line 266 "gram.y" +#line 247 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); } break; case 23: -#line 269 "gram.y" +#line 250 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); } break; case 25: -#line 275 "gram.y" +#line 256 "gram.y" { list_append(yyvsp[-2].privilege, yyvsp[0].privilege); yyval.privilege = yyvsp[-2].privilege; } break; case 26: -#line 281 "gram.y" +#line 262 "gram.y" { struct privilege *p = ecalloc(1, sizeof(*p)); list2tq(&p->hostlist, yyvsp[-2].member); @@ -1210,51 +1281,51 @@ case 26: } break; case 27: -#line 291 "gram.y" +#line 272 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 28: -#line 295 "gram.y" +#line 276 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 29: -#line 301 "gram.y" +#line 282 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 30: -#line 304 "gram.y" +#line 285 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 31: -#line 307 "gram.y" +#line 288 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; case 32: -#line 310 "gram.y" +#line 291 "gram.y" { yyval.member = new_member(yyvsp[0].string, NTWKADDR); } break; case 33: -#line 313 "gram.y" +#line 294 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; case 35: -#line 319 "gram.y" +#line 300 "gram.y" { list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec); #ifdef HAVE_SELINUX @@ -1294,7 +1365,7 @@ case 35: } break; case 36: -#line 358 "gram.y" +#line 339 "gram.y" { struct cmndspec *cs = ecalloc(1, sizeof(*cs)); if (yyvsp[-4].runas != NULL) { @@ -1325,246 +1396,285 @@ case 36: } break; case 37: -#line 388 "gram.y" +#line 369 "gram.y" +{ + yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string); + } +break; +case 38: +#line 372 "gram.y" +{ + yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string); + } +break; +case 39: +#line 375 "gram.y" +{ + yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string); + } +break; +case 40: +#line 378 "gram.y" +{ + yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string); + } +break; +case 41: +#line 383 "gram.y" +{ + yyval.member = yyvsp[0].member; + } +break; +case 42: +#line 386 "gram.y" +{ + /* XXX - yuck */ + struct sudo_command *c = (struct sudo_command *)(yyvsp[0].member->name); + c->digest = yyvsp[-1].digest; + yyval.member = yyvsp[0].member; + } +break; +case 43: +#line 394 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 38: -#line 392 "gram.y" +case 44: +#line 398 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 39: -#line 398 "gram.y" +case 45: +#line 404 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 40: -#line 403 "gram.y" +case 46: +#line 409 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 41: -#line 408 "gram.y" +case 47: +#line 414 "gram.y" { yyval.seinfo.role = NULL; yyval.seinfo.type = NULL; } break; -case 42: -#line 412 "gram.y" +case 48: +#line 418 "gram.y" { yyval.seinfo.role = yyvsp[0].string; yyval.seinfo.type = NULL; } break; -case 43: -#line 416 "gram.y" +case 49: +#line 422 "gram.y" { yyval.seinfo.type = yyvsp[0].string; yyval.seinfo.role = NULL; } break; -case 44: -#line 420 "gram.y" +case 50: +#line 426 "gram.y" { yyval.seinfo.role = yyvsp[-1].string; yyval.seinfo.type = yyvsp[0].string; } break; -case 45: -#line 424 "gram.y" +case 51: +#line 430 "gram.y" { yyval.seinfo.type = yyvsp[-1].string; yyval.seinfo.role = yyvsp[0].string; } break; -case 46: -#line 430 "gram.y" +case 52: +#line 436 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 47: -#line 434 "gram.y" +case 53: +#line 440 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 48: -#line 439 "gram.y" +case 54: +#line 445 "gram.y" { yyval.privinfo.privs = NULL; yyval.privinfo.limitprivs = NULL; } break; -case 49: -#line 443 "gram.y" +case 55: +#line 449 "gram.y" { yyval.privinfo.privs = yyvsp[0].string; yyval.privinfo.limitprivs = NULL; } break; -case 50: -#line 447 "gram.y" +case 56: +#line 453 "gram.y" { yyval.privinfo.privs = NULL; yyval.privinfo.limitprivs = yyvsp[0].string; } break; -case 51: -#line 451 "gram.y" +case 57: +#line 457 "gram.y" { yyval.privinfo.privs = yyvsp[-1].string; yyval.privinfo.limitprivs = yyvsp[0].string; } break; -case 52: -#line 455 "gram.y" +case 58: +#line 461 "gram.y" { yyval.privinfo.limitprivs = yyvsp[-1].string; yyval.privinfo.privs = yyvsp[0].string; } break; -case 53: -#line 460 "gram.y" +case 59: +#line 467 "gram.y" { yyval.runas = NULL; } break; -case 54: -#line 463 "gram.y" +case 60: +#line 470 "gram.y" { yyval.runas = yyvsp[-1].runas; } break; -case 55: -#line 468 "gram.y" +case 61: +#line 475 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = new_member(NULL, MYSELF); /* $$->runasgroups = NULL; */ } break; -case 56: -#line 473 "gram.y" +case 62: +#line 480 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[0].member; /* $$->runasgroups = NULL; */ } break; -case 57: -#line 478 "gram.y" +case 63: +#line 485 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[-2].member; yyval.runas->runasgroups = yyvsp[0].member; } break; -case 58: -#line 483 "gram.y" +case 64: +#line 490 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); /* $$->runasusers = NULL; */ yyval.runas->runasgroups = yyvsp[0].member; } break; -case 59: -#line 488 "gram.y" +case 65: +#line 495 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = new_member(NULL, MYSELF); /* $$->runasgroups = NULL; */ } break; -case 60: -#line 495 "gram.y" +case 66: +#line 502 "gram.y" { yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.log_input = yyval.tag.log_output = UNSPEC; } break; -case 61: -#line 499 "gram.y" +case 67: +#line 506 "gram.y" { yyval.tag.nopasswd = true; } break; -case 62: -#line 502 "gram.y" +case 68: +#line 509 "gram.y" { yyval.tag.nopasswd = false; } break; -case 63: -#line 505 "gram.y" +case 69: +#line 512 "gram.y" { yyval.tag.noexec = true; } break; -case 64: -#line 508 "gram.y" +case 70: +#line 515 "gram.y" { yyval.tag.noexec = false; } break; -case 65: -#line 511 "gram.y" +case 71: +#line 518 "gram.y" { yyval.tag.setenv = true; } break; -case 66: -#line 514 "gram.y" +case 72: +#line 521 "gram.y" { yyval.tag.setenv = false; } break; -case 67: -#line 517 "gram.y" +case 73: +#line 524 "gram.y" { yyval.tag.log_input = true; } break; -case 68: -#line 520 "gram.y" +case 74: +#line 527 "gram.y" { yyval.tag.log_input = false; } break; -case 69: -#line 523 "gram.y" +case 75: +#line 530 "gram.y" { yyval.tag.log_output = true; } break; -case 70: -#line 526 "gram.y" +case 76: +#line 533 "gram.y" { yyval.tag.log_output = false; } break; -case 71: -#line 531 "gram.y" +case 77: +#line 538 "gram.y" { yyval.member = new_member(NULL, ALL); } break; -case 72: -#line 534 "gram.y" +case 78: +#line 541 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; -case 73: -#line 537 "gram.y" +case 79: +#line 544 "gram.y" { struct sudo_command *c = ecalloc(1, sizeof(*c)); c->cmnd = yyvsp[0].command.cmnd; @@ -1572,151 +1682,151 @@ case 73: yyval.member = new_member((char *)c, COMMAND); } break; -case 76: -#line 549 "gram.y" +case 82: +#line 556 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } break; -case 78: -#line 559 "gram.y" +case 84: +#line 566 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; -case 81: -#line 569 "gram.y" +case 87: +#line 576 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } break; -case 83: -#line 579 "gram.y" +case 89: +#line 586 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; -case 86: -#line 589 "gram.y" +case 92: +#line 596 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } break; -case 89: -#line 602 "gram.y" +case 95: +#line 609 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } break; -case 91: -#line 612 "gram.y" +case 97: +#line 619 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; -case 92: -#line 618 "gram.y" +case 98: +#line 625 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 93: -#line 622 "gram.y" +case 99: +#line 629 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 94: -#line 628 "gram.y" +case 100: +#line 635 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; -case 95: -#line 631 "gram.y" +case 101: +#line 638 "gram.y" { yyval.member = new_member(NULL, ALL); } break; -case 96: -#line 634 "gram.y" +case 102: +#line 641 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; -case 97: -#line 637 "gram.y" +case 103: +#line 644 "gram.y" { yyval.member = new_member(yyvsp[0].string, USERGROUP); } break; -case 98: -#line 640 "gram.y" +case 104: +#line 647 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; -case 100: -#line 646 "gram.y" +case 106: +#line 653 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; -case 101: -#line 652 "gram.y" +case 107: +#line 659 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 102: -#line 656 "gram.y" +case 108: +#line 663 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 103: -#line 662 "gram.y" +case 109: +#line 669 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; -case 104: -#line 665 "gram.y" +case 110: +#line 672 "gram.y" { yyval.member = new_member(NULL, ALL); } break; -case 105: -#line 668 "gram.y" +case 111: +#line 675 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; -#line 1667 "gram.c" +#line 1777 "gram.c" } yyssp -= yym; yystate = *yyssp; diff --git a/plugins/sudoers/gram.h b/plugins/sudoers/gram.h index 44f9bfd..e11062d 100644 --- a/plugins/sudoers/gram.h +++ b/plugins/sudoers/gram.h @@ -5,33 +5,38 @@ #define NETGROUP 261 #define USERGROUP 262 #define WORD 263 -#define DEFAULTS 264 -#define DEFAULTS_HOST 265 -#define DEFAULTS_USER 266 -#define DEFAULTS_RUNAS 267 -#define DEFAULTS_CMND 268 -#define NOPASSWD 269 -#define PASSWD 270 -#define NOEXEC 271 -#define EXEC 272 -#define SETENV 273 -#define NOSETENV 274 -#define LOG_INPUT 275 -#define NOLOG_INPUT 276 -#define LOG_OUTPUT 277 -#define NOLOG_OUTPUT 278 -#define ALL 279 -#define COMMENT 280 -#define HOSTALIAS 281 -#define CMNDALIAS 282 -#define USERALIAS 283 -#define RUNASALIAS 284 -#define ERROR 285 -#define TYPE 286 -#define ROLE 287 -#define PRIVS 288 -#define LIMITPRIVS 289 -#define MYSELF 290 +#define DIGEST 264 +#define DEFAULTS 265 +#define DEFAULTS_HOST 266 +#define DEFAULTS_USER 267 +#define DEFAULTS_RUNAS 268 +#define DEFAULTS_CMND 269 +#define NOPASSWD 270 +#define PASSWD 271 +#define NOEXEC 272 +#define EXEC 273 +#define SETENV 274 +#define NOSETENV 275 +#define LOG_INPUT 276 +#define NOLOG_INPUT 277 +#define LOG_OUTPUT 278 +#define NOLOG_OUTPUT 279 +#define ALL 280 +#define COMMENT 281 +#define HOSTALIAS 282 +#define CMNDALIAS 283 +#define USERALIAS 284 +#define RUNASALIAS 285 +#define ERROR 286 +#define TYPE 287 +#define ROLE 288 +#define PRIVS 289 +#define LIMITPRIVS 290 +#define MYSELF 291 +#define SHA224 292 +#define SHA256 293 +#define SHA384 294 +#define SHA512 295 #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { @@ -40,6 +45,7 @@ typedef union { struct member *member; struct runascontainer *runas; struct privilege *privilege; + struct sudo_digest *digest; struct sudo_command command; struct cmndtag tag; struct selinux_info seinfo; @@ -48,4 +54,4 @@ typedef union { int tok; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ -extern YYSTYPE yylval; +extern YYSTYPE sudoerslval; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 9c9d39d..0642802 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -1,6 +1,6 @@ %{ /* - * Copyright (c) 1996, 1998-2005, 2007-2012 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -25,7 +25,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -55,7 +54,6 @@ #include "sudoers.h" /* XXX */ #include "parse.h" #include "toke.h" -#include "gram.h" /* * We must define SIZE_MAX for yacc's skeleton.c. @@ -91,32 +89,7 @@ static void add_defaults(int, struct member *, struct defaults *); static void add_userspec(struct member *, struct privilege *); static struct defaults *new_default(char *, char *, int); static struct member *new_member(char *, int); - void yyerror(const char *); - -void -yyerror(const char *s) -{ - debug_decl(yyerror, SUDO_DEBUG_PARSER) - - /* If we last saw a newline the error is on the preceding line. */ - if (last_token == COMMENT) - sudolineno--; - - /* Save the line the first error occurred on. */ - if (errorlineno == -1) { - errorlineno = sudolineno; - errorfile = estrdup(sudoers); - } - if (sudoers_warnings && s != NULL) { - LEXTRACE("<*> "); -#ifndef TRACELEXER - if (trace_print == NULL || trace_print == sudoers_trace_print) - warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno); -#endif - } - parse_error = true; - debug_return; -} +static struct sudo_digest *new_digest(int, const char *); %} %union { @@ -125,6 +98,7 @@ yyerror(const char *s) struct member *member; struct runascontainer *runas; struct privilege *privilege; + struct sudo_digest *digest; struct sudo_command command; struct cmndtag tag; struct selinux_info seinfo; @@ -141,6 +115,7 @@ yyerror(const char *s) %token NETGROUP /* a netgroup (+NAME) */ %token USERGROUP /* a usergroup (%NAME) */ %token WORD /* a word */ +%token DIGEST /* a SHA-2 digest */ %token DEFAULTS /* Defaults entry */ %token DEFAULTS_HOST /* Host-specific defaults entry */ %token DEFAULTS_USER /* User-specific defaults entry */ @@ -170,6 +145,10 @@ yyerror(const char *s) %token PRIVS /* Solaris privileges */ %token LIMITPRIVS /* Solaris limit privileges */ %token MYSELF /* run as myself, not another user */ +%token SHA224 /* sha224 digest */ +%token SHA256 /* sha256 digest */ +%token SHA384 /* sha384 digest */ +%token SHA512 /* sha512 digest */ %type cmndspec %type cmndspeclist @@ -177,6 +156,7 @@ yyerror(const char *s) %type defaults_list %type cmnd %type opcmnd +%type digcmnd %type cmndlist %type host %type hostlist @@ -198,6 +178,7 @@ yyerror(const char *s) %type solarisprivs %type privsspec %type limitprivsspec +%type digest %% @@ -355,7 +336,7 @@ cmndspeclist : cmndspec } ; -cmndspec : runasspec selinux solarisprivs cmndtag opcmnd { +cmndspec : runasspec selinux solarisprivs cmndtag digcmnd { struct cmndspec *cs = ecalloc(1, sizeof(*cs)); if ($1 != NULL) { list2tq(&cs->runasuserlist, $1->runasusers); @@ -385,6 +366,31 @@ cmndspec : runasspec selinux solarisprivs cmndtag opcmnd { } ; +digest : SHA224 ':' DIGEST { + $$ = new_digest(SUDO_DIGEST_SHA224, $3); + } + | SHA256 ':' DIGEST { + $$ = new_digest(SUDO_DIGEST_SHA256, $3); + } + | SHA384 ':' DIGEST { + $$ = new_digest(SUDO_DIGEST_SHA384, $3); + } + | SHA512 ':' DIGEST { + $$ = new_digest(SUDO_DIGEST_SHA512, $3); + } + ; + +digcmnd : opcmnd { + $$ = $1; + } + | digest opcmnd { + /* XXX - yuck */ + struct sudo_command *c = (struct sudo_command *)($2->name); + c->digest = $1; + $$ = $2; + } + ; + opcmnd : cmnd { $$ = $1; $$->negated = false; @@ -443,19 +449,20 @@ solarisprivs : /* empty */ { | privsspec { $$.privs = $1; $$.limitprivs = NULL; - } + } | limitprivsspec { $$.privs = NULL; $$.limitprivs = $1; - } + } | privsspec limitprivsspec { $$.privs = $1; $$.limitprivs = $2; - } + } | limitprivsspec privsspec { $$.limitprivs = $1; $$.privs = $2; - } + } + ; runasspec : /* empty */ { $$ = NULL; @@ -549,7 +556,7 @@ hostaliases : hostalias hostalias : ALIAS '=' hostlist { char *s; if ((s = alias_add($1, HOSTALIAS, $3)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } @@ -569,14 +576,14 @@ cmndaliases : cmndalias cmndalias : ALIAS '=' cmndlist { char *s; if ((s = alias_add($1, CMNDALIAS, $3)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } ; -cmndlist : opcmnd - | cmndlist ',' opcmnd { +cmndlist : digcmnd + | cmndlist ',' digcmnd { list_append($1, $3); $$ = $1; } @@ -589,7 +596,7 @@ runasaliases : runasalias runasalias : ALIAS '=' userlist { char *s; if ((s = alias_add($1, RUNASALIAS, $3)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } @@ -602,7 +609,7 @@ useraliases : useralias useralias : ALIAS '=' userlist { char *s; if ((s = alias_add($1, USERALIAS, $3)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } @@ -671,6 +678,38 @@ group : ALIAS { ; %% +void +sudoerserror(const char *s) +{ + debug_decl(sudoerserror, SUDO_DEBUG_PARSER) + + /* If we last saw a newline the error is on the preceding line. */ + if (last_token == COMMENT) + sudolineno--; + + /* Save the line the first error occurred on. */ + if (errorlineno == -1) { + errorlineno = sudolineno; + errorfile = estrdup(sudoers); + } + if (sudoers_warnings && s != NULL) { + LEXTRACE("<*> "); +#ifndef TRACELEXER + if (trace_print == NULL || trace_print == sudoers_trace_print) { + const char fmt[] = ">>> %s: %s near line %d <<<\n"; + int oldlocale; + + /* Warnings are displayed in the user's locale. */ + sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); + sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), sudolineno); + sudoers_setlocale(oldlocale, NULL); + } +#endif + } + parse_error = true; + debug_return; +} + static struct defaults * new_default(char *var, char *val, int op) { @@ -704,6 +743,19 @@ new_member(char *name, int type) debug_return_ptr(m); } +struct sudo_digest * +new_digest(int digest_type, const char *digest_str) +{ + struct sudo_digest *dig; + debug_decl(new_digest, SUDO_DEBUG_PARSER) + + dig = emalloc(sizeof(*dig)); + dig->digest_type = digest_type; + dig->digest_str = estrdup(digest_str); + + debug_return_ptr(dig); +} + /* * Add a list of defaults structures to the defaults list. * The binding, if non-NULL, specifies a list of hosts, users, or diff --git a/plugins/sudoers/group_plugin.c b/plugins/sudoers/group_plugin.c index b7ffcd9..fcb1eec 100644 --- a/plugins/sudoers/group_plugin.c +++ b/plugins/sudoers/group_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include #include @@ -88,9 +87,9 @@ group_plugin_load(char *plugin_info) (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info); } if (len <= 0 || len >= sizeof(path)) { - warningx(_("%s%s: %s"), - (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info, - strerror(ENAMETOOLONG)); + errno = ENAMETOOLONG; + warning("%s%s", + (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info); goto done; } diff --git a/plugins/sudoers/hexchar.c b/plugins/sudoers/hexchar.c new file mode 100644 index 0000000..9f9970d --- /dev/null +++ b/plugins/sudoers/hexchar.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include + +#include "missing.h" +#include "sudo_debug.h" +#include "error.h" + +int +hexchar(const char *s) +{ + unsigned char result[2]; + int i; + debug_decl(hexchar, SUDO_DEBUG_UTIL) + + for (i = 0; i < 2; i++) { + switch (s[i]) { + case '0': + result[i] = 0; + break; + case '1': + result[i] = 1; + break; + case '2': + result[i] = 2; + break; + case '3': + result[i] = 3; + break; + case '4': + result[i] = 4; + break; + case '5': + result[i] = 5; + break; + case '6': + result[i] = 6; + break; + case '7': + result[i] = 7; + break; + case '8': + result[i] = 8; + break; + case '9': + result[i] = 9; + break; + case 'A': + case 'a': + result[i] = 10; + break; + case 'B': + case 'b': + result[i] = 11; + break; + case 'C': + case 'c': + result[i] = 12; + break; + case 'D': + case 'd': + result[i] = 13; + break; + case 'E': + case 'e': + result[i] = 14; + break; + case 'F': + case 'f': + result[i] = 15; + break; + default: + /* Should not happen. */ + fatalx("internal error, \\x%s not in proper hex format", s); + } + } + debug_return_int((result[0] << 4) | result[1]); +} diff --git a/plugins/sudoers/ins_2001.h b/plugins/sudoers/ins_2001.h index 63a5d64..604c3e4 100644 --- a/plugins/sudoers/ins_2001.h +++ b/plugins/sudoers/ins_2001.h @@ -14,8 +14,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_INS_2001_H -#define _SUDO_INS_2001_H +#ifndef _SUDOERS_INS_2001_H +#define _SUDOERS_INS_2001_H /* * HAL insults (paraphrased) from 2001. @@ -30,4 +30,4 @@ "This mission is too important for me to allow you to jeopardize it.", "I feel much better now.", -#endif /* _SUDO_INS_2001_H */ +#endif /* _SUDOERS_INS_2001_H */ diff --git a/plugins/sudoers/ins_classic.h b/plugins/sudoers/ins_classic.h index b1942bd..3cb35eb 100644 --- a/plugins/sudoers/ins_classic.h +++ b/plugins/sudoers/ins_classic.h @@ -14,8 +14,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_INS_CLASSIC_H -#define _SUDO_INS_CLASSIC_H +#ifndef _SUDOERS_INS_CLASSIC_H +#define _SUDOERS_INS_CLASSIC_H /* * Insults from the original sudo(8). @@ -34,4 +34,4 @@ "Do you think like you type?", "Your mind just hasn't been the same since the electro-shock, has it?", -#endif /* _SUDO_INS_CLASSIC_H */ +#endif /* _SUDOERS_INS_CLASSIC_H */ diff --git a/plugins/sudoers/ins_csops.h b/plugins/sudoers/ins_csops.h index 20e9b02..f4ecabd 100644 --- a/plugins/sudoers/ins_csops.h +++ b/plugins/sudoers/ins_csops.h @@ -15,8 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_INS_CSOPS_H -#define _SUDO_INS_CSOPS_H +#ifndef _SUDOERS_INS_CSOPS_H +#define _SUDOERS_INS_CSOPS_H /* * CSOps insults (may be site dependent). @@ -36,4 +36,4 @@ "Have you considered trying to match wits with a rutabaga?", "You speak an infinite deal of nothing", -#endif /* _SUDO_INS_CSOPS_H */ +#endif /* _SUDOERS_INS_CSOPS_H */ diff --git a/plugins/sudoers/ins_goons.h b/plugins/sudoers/ins_goons.h index 16a262a..117393f 100644 --- a/plugins/sudoers/ins_goons.h +++ b/plugins/sudoers/ins_goons.h @@ -14,8 +14,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_INS_GOONS_H -#define _SUDO_INS_GOONS_H +#ifndef _SUDOERS_INS_GOONS_H +#define _SUDOERS_INS_GOONS_H /* * Insults from the "Goon Show." @@ -45,4 +45,4 @@ "It's only your word against mine.", "I think ... err ... I think ... I think I'll go home", -#endif /* _SUDO_INS_GOONS_H */ +#endif /* _SUDOERS_INS_GOONS_H */ diff --git a/plugins/sudoers/insults.h b/plugins/sudoers/insults.h index bdb3fc6..e5d441a 100644 --- a/plugins/sudoers/insults.h +++ b/plugins/sudoers/insults.h @@ -15,8 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_INSULTS_H -#define _SUDO_INSULTS_H +#ifndef _SUDOERS_INSULTS_H +#define _SUDOERS_INSULTS_H #if defined(HAL_INSULTS) || defined(GOONS_INSULTS) || defined(CLASSIC_INSULTS) || defined(CSOPS_INSULTS) @@ -58,4 +58,4 @@ char *insults[] = { #endif /* HAL_INSULTS || GOONS_INSULTS || CLASSIC_INSULTS || CSOPS_INSULTS */ -#endif /* _SUDO_INSULTS_H */ +#endif /* _SUDOERS_INSULTS_H */ diff --git a/plugins/sudoers/interfaces.c b/plugins/sudoers/interfaces.c index 624882e..4dc6012 100644 --- a/plugins/sudoers/interfaces.c +++ b/plugins/sudoers/interfaces.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -18,7 +18,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -52,6 +51,8 @@ # define INADDR_NONE ((unsigned int)-1) #endif +static struct interface *interfaces; + /* * Parse a space-delimited list of IP address/netmask pairs and * store in a list of interface structures. @@ -101,6 +102,12 @@ set_interfaces(const char *ai) debug_return; } +struct interface * +get_interfaces(void) +{ + return interfaces; +} + void dump_interfaces(const char *ai) { diff --git a/plugins/sudoers/interfaces.h b/plugins/sudoers/interfaces.h index e3a13bf..3ccd816 100644 --- a/plugins/sudoers/interfaces.h +++ b/plugins/sudoers/interfaces.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007, 2010 + * Copyright (c) 1996, 1998-2005, 2007, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -19,8 +19,8 @@ * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ -#ifndef _SUDO_INTERFACES_H -#define _SUDO_INTERFACES_H +#ifndef _SUDOERS_INTERFACES_H +#define _SUDOERS_INTERFACES_H /* * Union to hold either strucr in_addr or in6_add @@ -48,12 +48,6 @@ struct interface { int get_net_ifs(char **addrinfo); void dump_interfaces(const char *); void set_interfaces(const char *); +struct interface *get_interfaces(void); -/* - * Definitions for external variables. - */ -#ifndef _SUDO_MAIN -extern struct interface *interfaces; -#endif - -#endif /* _SUDO_INTERFACES_H */ +#endif /* _SUDOERS_INTERFACES_H */ diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index f4685aa..0509590 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2011 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include #include @@ -44,7 +43,6 @@ #include #include #include -#include #include #include #ifdef HAVE_ZLIB_H @@ -53,17 +51,6 @@ #include "sudoers.h" -/* plugin_error.c */ -extern sigjmp_buf error_jmp; - -union io_fd { - FILE *f; -#ifdef HAVE_ZLIB_H - gzFile g; -#endif - void *v; -}; - struct script_buf { int len; /* buffer length (how much read in) */ int off; /* write position (how much already consumed) */ @@ -82,53 +69,118 @@ struct iolog_details { const char *iolog_path; struct passwd *runas_pw; struct group *runas_gr; - int iolog_stdin; - int iolog_stdout; - int iolog_stderr; - int iolog_ttyin; - int iolog_ttyout; + int lines; + int cols; }; -#define IOFD_STDIN 0 -#define IOFD_STDOUT 1 -#define IOFD_STDERR 2 -#define IOFD_TTYIN 3 -#define IOFD_TTYOUT 4 -#define IOFD_TIMING 5 -#define IOFD_MAX 6 +union io_fd { + FILE *f; +#ifdef HAVE_ZLIB_H + gzFile g; +#endif + void *v; +}; + +static struct io_log_file { + bool enabled; + const char *suffix; + union io_fd fd; +} io_log_files[] = { +#define IOFD_LOG 0 + { true, "/log" }, +#define IOFD_TIMING 1 + { true, "/timing" }, +#define IOFD_STDIN 2 + { false, "/stdin" }, +#define IOFD_STDOUT 3 + { false, "/stdout" }, +#define IOFD_STDERR 4 + { false, "/stderr" }, +#define IOFD_TTYIN 5 + { false, "/ttyin" }, +#define IOFD_TTYOUT 6 + { false, "/ttyout" }, +#define IOFD_MAX 7 + { false, NULL } +}; #define SESSID_MAX 2176782336U static int iolog_compress; static struct timeval last_time; -static union io_fd io_fds[IOFD_MAX]; +static unsigned int sessid_max = SESSID_MAX; + +/* sudoers_io is declared at the end of this file. */ extern __dso_public struct io_plugin sudoers_io; /* - * Create parent directories for path as needed, but not path itself. + * Create path and any parent directories as needed. + * If is_temp is set, use mkdtemp() for the final directory. */ static void -mkdir_parents(char *path) +io_mkdirs(char *path, mode_t mode, bool is_temp) { struct stat sb; + gid_t parent_gid = 0; char *slash = path; - debug_decl(mkdir_parents, SUDO_DEBUG_UTIL) + debug_decl(io_mkdirs, SUDO_DEBUG_UTIL) - for (;;) { - if ((slash = strchr(slash + 1, '/')) == NULL) - break; + /* Fast path: not a temporary and already exists. */ + if (!is_temp && stat(path, &sb) == 0) { + if (!S_ISDIR(sb.st_mode)) { + log_fatal(0, N_("%s exists but is not a directory (0%o)"), + path, (unsigned int) sb.st_mode); + } + debug_return; + } + + while ((slash = strchr(slash + 1, '/')) != NULL) { *slash = '\0'; if (stat(path, &sb) != 0) { - if (mkdir(path, S_IRWXU) != 0) - log_fatal(USE_ERRNO, _("unable to mkdir %s"), path); + if (mkdir(path, mode) != 0) + log_fatal(USE_ERRNO, N_("unable to mkdir %s"), path); + ignore_result(chown(path, (uid_t)-1, parent_gid)); } else if (!S_ISDIR(sb.st_mode)) { - log_fatal(0, _("%s: %s"), path, strerror(ENOTDIR)); + log_fatal(0, N_("%s exists but is not a directory (0%o)"), + path, (unsigned int) sb.st_mode); + } else { + /* Inherit gid of parent dir for ownership. */ + parent_gid = sb.st_gid; } *slash = '/'; } + /* Create final path component. */ + if (is_temp) { + if (mkdtemp(path) == NULL) + log_fatal(USE_ERRNO, N_("unable to mkdir %s"), path); + ignore_result(chown(path, (uid_t)-1, parent_gid)); + } else { + if (mkdir(path, mode) != 0 && errno != EEXIST) + log_fatal(USE_ERRNO, N_("unable to mkdir %s"), path); + ignore_result(chown(path, (uid_t)-1, parent_gid)); + } debug_return; } +/* + * Set max session ID (aka sequence number) + */ +int +io_set_max_sessid(const char *maxval) +{ + unsigned long ulval; + char *ep; + + errno = 0; + ulval = strtoul(maxval, &ep, 0); + if (*maxval != '\0' && *ep == '\0' && + (errno != ERANGE || ulval != ULONG_MAX)) { + sessid_max = MIN((unsigned int)ulval, SESSID_MAX); + return true; + } + return false; +} + /* * Read the on-disk sequence number, set sessid to the next * number, and update the on-disk copy. @@ -150,14 +202,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) /* * Create I/O log directory if it doesn't already exist. */ - mkdir_parents(iolog_dir); - if (stat(iolog_dir, &sb) != 0) { - if (mkdir(iolog_dir, S_IRWXU) != 0) - log_fatal(USE_ERRNO, _("unable to mkdir %s"), iolog_dir); - } else if (!S_ISDIR(sb.st_mode)) { - log_fatal(0, _("%s exists but is not a directory (0%o)"), - iolog_dir, (unsigned int) sb.st_mode); - } + io_mkdirs(iolog_dir, S_IRWXU, false); /* * Open sequence file @@ -169,7 +214,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) } fd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR); if (fd == -1) - log_fatal(USE_ERRNO, _("unable to open %s"), pathbuf); + log_fatal(USE_ERRNO, N_("unable to open %s"), pathbuf); lock_file(fd, SUDO_LOCK); /* @@ -189,7 +234,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) nread = read(fd2, buf, sizeof(buf)); if (nread > 0) { id = strtoul(buf, &ep, 36); - if (buf == ep || id >= SESSID_MAX) + if (buf == ep || id >= sessid_max) id = 0; } close(fd2); @@ -202,10 +247,10 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) nread = read(fd, buf, sizeof(buf)); if (nread != 0) { if (nread == -1) - log_fatal(USE_ERRNO, _("unable to read %s"), pathbuf); + log_fatal(USE_ERRNO, N_("unable to read %s"), pathbuf); id = strtoul(buf, &ep, 36); - if (buf == ep || id >= SESSID_MAX) - log_fatal(0, _("invalid sequence number %s"), pathbuf); + if (buf == ep || id >= sessid_max) + id = 0; } } id++; @@ -226,7 +271,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) /* Rewind and overwrite old seq file. */ if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1 || write(fd, buf, 7) != 7) - log_fatal(USE_ERRNO, _("unable to write to %s"), pathbuf); + log_fatal(USE_ERRNO, N_("unable to write to %s"), pathbuf); close(fd); debug_return; @@ -240,6 +285,7 @@ static size_t mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize) { size_t len; + bool is_temp = false; debug_decl(mkdir_iopath, SUDO_DEBUG_UTIL) len = strlcpy(pathbuf, iolog_path, pathsize); @@ -252,14 +298,9 @@ mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize) * Create path and intermediate subdirs as needed. * If path ends in at least 6 Xs (ala POSIX mktemp), use mkdtemp(). */ - mkdir_parents(pathbuf); - if (len >= 6 && strcmp(&pathbuf[len - 6], "XXXXXX") == 0) { - if (mkdtemp(pathbuf) == NULL) - log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf); - } else { - if (mkdir(pathbuf, S_IRWXU) != 0) - log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf); - } + if (len >= 6 && strcmp(&pathbuf[len - 6], "XXXXXX") == 0) + is_temp = true; + io_mkdirs(pathbuf, S_IRWXU, is_temp); debug_return_size_t(len); } @@ -268,34 +309,44 @@ mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize) * Append suffix to pathbuf after len chars and open the resulting file. * Note that the size of pathbuf is assumed to be PATH_MAX. * Uses zlib if docompress is true. - * Returns the open file handle which has the close-on-exec flag set. + * Stores the open file handle which has the close-on-exec flag set. */ -static void * -open_io_fd(char *pathbuf, size_t len, const char *suffix, bool docompress) +static void +open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress) { - void *vfd = NULL; int fd; debug_decl(open_io_fd, SUDO_DEBUG_UTIL) pathbuf[len] = '\0'; - strlcat(pathbuf, suffix, PATH_MAX); - fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); - if (fd != -1) { - fcntl(fd, F_SETFD, FD_CLOEXEC); + strlcat(pathbuf, iol->suffix, PATH_MAX); + if (iol->enabled) { + fd = open(pathbuf, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR); + if (fd != -1) { + fcntl(fd, F_SETFD, FD_CLOEXEC); #ifdef HAVE_ZLIB_H - if (docompress) - vfd = gzdopen(fd, "w"); - else + if (docompress) + iol->fd.g = gzdopen(fd, "w"); + else #endif - vfd = fdopen(fd, "w"); + iol->fd.f = fdopen(fd, "w"); + } + if (fd == -1 || iol->fd.v == NULL) { + log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf); + if (fd != -1) + close(fd); + } + } else { + /* Remove old log file if we recycled sequence numbers. */ + unlink(pathbuf); } - debug_return_ptr(vfd); + debug_return; } /* * Pull out I/O log related data from user_info and command_info arrays. + * Returns true if I/O logging is enabled, else false. */ -static void +static bool iolog_deserialize_info(struct iolog_details *details, char * const user_info[], char * const command_info[]) { @@ -308,16 +359,27 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[], gid_t runas_gid = 0; debug_decl(iolog_deserialize_info, SUDO_DEBUG_UTIL) - memset(details, 0, sizeof(*details)); + details->lines = 24; + details->cols = 80; for (cur = user_info; *cur != NULL; cur++) { switch (**cur) { case 'c': + if (strncmp(*cur, "cols=", sizeof("cols=") - 1) == 0) { + details->cols = atoi(*cur + sizeof("cols=") - 1); + continue; + } if (strncmp(*cur, "cwd=", sizeof("cwd=") - 1) == 0) { details->cwd = *cur + sizeof("cwd=") - 1; continue; } break; + case 'l': + if (strncmp(*cur, "lines=", sizeof("lines=") - 1) == 0) { + details->lines = atoi(*cur + sizeof("lines=") - 1); + continue; + } + break; case 't': if (strncmp(*cur, "tty=", sizeof("tty=") - 1) == 0) { details->tty = *cur + sizeof("tty=") - 1; @@ -348,27 +410,27 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[], } if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_stdin=") - 1) == true) - details->iolog_stdin = true; + io_log_files[IOFD_STDIN].enabled = true; continue; } if (strncmp(*cur, "iolog_stdout=", sizeof("iolog_stdout=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_stdout=") - 1) == true) - details->iolog_stdout = true; + io_log_files[IOFD_STDOUT].enabled = true; continue; } if (strncmp(*cur, "iolog_stderr=", sizeof("iolog_stderr=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_stderr=") - 1) == true) - details->iolog_stderr = true; + io_log_files[IOFD_STDERR].enabled = true; continue; } if (strncmp(*cur, "iolog_ttyin=", sizeof("iolog_ttyin=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_ttyin=") - 1) == true) - details->iolog_ttyin = true; + io_log_files[IOFD_TTYIN].enabled = true; continue; } if (strncmp(*cur, "iolog_ttyout=", sizeof("iolog_ttyout=") - 1) == 0) { if (atobool(*cur + sizeof("iolog_ttyout=") - 1) == true) - details->iolog_ttyout = true; + io_log_files[IOFD_TTYOUT].enabled = true; continue; } if (strncmp(*cur, "iolog_compress=", sizeof("iolog_compress=") - 1) == 0) { @@ -377,6 +439,10 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[], continue; } break; + case 'm': + if (strncmp(*cur, "maxseq=", sizeof("maxseq=") - 1) == 0) + io_set_max_sessid(*cur + sizeof("maxseq=") - 1); + break; case 'r': if (strncmp(*cur, "runas_gid=", sizeof("runas_gid=") - 1) == 0) { runas_gid_str = *cur + sizeof("runas_gid=") - 1; @@ -437,7 +503,10 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[], details->runas_gr = sudo_fakegrnam(id); } } - debug_return; + debug_return_bool( + io_log_files[IOFD_STDIN].enabled || io_log_files[IOFD_STDOUT].enabled || + io_log_files[IOFD_STDERR].enabled || io_log_files[IOFD_TTYIN].enabled || + io_log_files[IOFD_TTYOUT].enabled); } static int @@ -451,22 +520,21 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, char *tofree = NULL; char * const *cur; const char *debug_flags = NULL; - FILE *io_logfile; size_t len; - int rval = -1; + int i, rval = -1; debug_decl(sudoers_io_open, SUDO_DEBUG_PLUGIN) - if (!sudo_conv) - sudo_conv = conversation; - if (!sudo_printf) - sudo_printf = plugin_printf; + sudo_conv = conversation; + sudo_printf = plugin_printf; /* If we have no command (because -V was specified) just return. */ if (argc == 0) debug_return_bool(true); - if (sigsetjmp(error_jmp, 1)) { - /* called via error(), errorx() or log_fatal() */ + memset(&details, 0, sizeof(details)); + + if (fatal_setjmp() != 0) { + /* called via fatal(), fatalx() or log_fatal() */ rval = -1; goto done; } @@ -487,13 +555,9 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, sudo_debug_init(NULL, debug_flags); /* - * Pull iolog settings out of command_info, if any. + * Pull iolog settings out of command_info. */ - iolog_deserialize_info(&details, user_info, command_info); - /* Did policy module disable I/O logging? */ - if (!details.iolog_stdin && !details.iolog_ttyin && - !details.iolog_stdout && !details.iolog_stderr && - !details.iolog_ttyout) { + if (!iolog_deserialize_info(&details, user_info, command_info)) { rval = false; goto done; } @@ -521,75 +585,44 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, /* * We create 7 files: a log file, a timing file and 5 for input/output. */ - io_logfile = open_io_fd(pathbuf, len, "/log", false); - if (io_logfile == NULL) - log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf); - - io_fds[IOFD_TIMING].v = open_io_fd(pathbuf, len, "/timing", - iolog_compress); - if (io_fds[IOFD_TIMING].v == NULL) - log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf); - - if (details.iolog_ttyin) { - io_fds[IOFD_TTYIN].v = open_io_fd(pathbuf, len, "/ttyin", - iolog_compress); - if (io_fds[IOFD_TTYIN].v == NULL) - log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf); - } else { - sudoers_io.log_ttyin = NULL; - } - if (details.iolog_stdin) { - io_fds[IOFD_STDIN].v = open_io_fd(pathbuf, len, "/stdin", - iolog_compress); - if (io_fds[IOFD_STDIN].v == NULL) - log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf); - } else { - sudoers_io.log_stdin = NULL; - } - if (details.iolog_ttyout) { - io_fds[IOFD_TTYOUT].v = open_io_fd(pathbuf, len, "/ttyout", - iolog_compress); - if (io_fds[IOFD_TTYOUT].v == NULL) - log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf); - } else { - sudoers_io.log_ttyout = NULL; - } - if (details.iolog_stdout) { - io_fds[IOFD_STDOUT].v = open_io_fd(pathbuf, len, "/stdout", - iolog_compress); - if (io_fds[IOFD_STDOUT].v == NULL) - log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf); - } else { - sudoers_io.log_stdout = NULL; - } - if (details.iolog_stderr) { - io_fds[IOFD_STDERR].v = open_io_fd(pathbuf, len, "/stderr", - iolog_compress); - if (io_fds[IOFD_STDERR].v == NULL) - log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf); - } else { - sudoers_io.log_stderr = NULL; + for (i = 0; i < IOFD_MAX; i++) { + open_io_fd(pathbuf, len, &io_log_files[i], i ? iolog_compress : false); } gettimeofday(&last_time, NULL); - - fprintf(io_logfile, "%ld:%s:%s:%s:%s\n", (long)last_time.tv_sec, + fprintf(io_log_files[IOFD_LOG].fd.f, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", + (long long)last_time.tv_sec, details.user ? details.user : "unknown", details.runas_pw->pw_name, details.runas_gr ? details.runas_gr->gr_name : "", - details.tty ? details.tty : "unknown"); - fputs(details.cwd ? details.cwd : "unknown", io_logfile); - fputc('\n', io_logfile); - fputs(details.command ? details.command : "unknown", io_logfile); + details.tty ? details.tty : "unknown", details.lines, details.cols, + details.cwd ? details.cwd : "unknown", + details.command ? details.command : "unknown"); for (cur = &argv[1]; *cur != NULL; cur++) { - fputc(' ', io_logfile); - fputs(*cur, io_logfile); + fputc(' ', io_log_files[IOFD_LOG].fd.f); + fputs(*cur, io_log_files[IOFD_LOG].fd.f); } - fputc('\n', io_logfile); - fclose(io_logfile); + fputc('\n', io_log_files[IOFD_LOG].fd.f); + fclose(io_log_files[IOFD_LOG].fd.f); + io_log_files[IOFD_LOG].fd.f = NULL; + + /* + * Clear I/O log function pointers for disabled log functions. + */ + if (!io_log_files[IOFD_STDIN].enabled) + sudoers_io.log_stdin = NULL; + if (!io_log_files[IOFD_STDOUT].enabled) + sudoers_io.log_stdout = NULL; + if (!io_log_files[IOFD_STDERR].enabled) + sudoers_io.log_stderr = NULL; + if (!io_log_files[IOFD_TTYIN].enabled) + sudoers_io.log_ttyin = NULL; + if (!io_log_files[IOFD_TTYOUT].enabled) + sudoers_io.log_ttyout = NULL; rval = true; done: + fatal_disable_setjmp(); efree(tofree); if (details.runas_pw) sudo_pw_delref(details.runas_pw); @@ -607,20 +640,21 @@ sudoers_io_close(int exit_status, int error) int i; debug_decl(sudoers_io_close, SUDO_DEBUG_PLUGIN) - if (sigsetjmp(error_jmp, 1)) { - /* called via error(), errorx() or log_fatal() */ + if (fatal_setjmp() != 0) { + /* called via fatal(), fatalx() or log_fatal() */ + fatal_disable_setjmp(); debug_return; } for (i = 0; i < IOFD_MAX; i++) { - if (io_fds[i].v == NULL) + if (io_log_files[i].fd.v == NULL) continue; #ifdef HAVE_ZLIB_H if (iolog_compress) - gzclose(io_fds[i].g); + gzclose(io_log_files[i].fd.g); else #endif - fclose(io_fds[i].f); + fclose(io_log_files[i].fd.f); } debug_return; } @@ -630,8 +664,9 @@ sudoers_io_version(int verbose) { debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN) - if (sigsetjmp(error_jmp, 1)) { - /* called via error(), errorx() or log_fatal() */ + if (fatal_setjmp() != 0) { + /* called via fatal(), fatalx() or log_fatal() */ + fatal_disable_setjmp(); debug_return_bool(-1); } @@ -652,27 +687,28 @@ sudoers_io_log(const char *buf, unsigned int len, int idx) gettimeofday(&now, NULL); - if (sigsetjmp(error_jmp, 1)) { - /* called via error(), errorx() or log_fatal() */ + if (fatal_setjmp() != 0) { + /* called via fatal(), fatalx() or log_fatal() */ + fatal_disable_setjmp(); debug_return_bool(-1); } #ifdef HAVE_ZLIB_H if (iolog_compress) - ignore_result(gzwrite(io_fds[idx].g, (const voidp)buf, len)); + ignore_result(gzwrite(io_log_files[idx].fd.g, (const voidp)buf, len)); else #endif - ignore_result(fwrite(buf, 1, len, io_fds[idx].f)); + ignore_result(fwrite(buf, 1, len, io_log_files[idx].fd.f)); delay.tv_sec = now.tv_sec; delay.tv_usec = now.tv_usec; timevalsub(&delay, &last_time); #ifdef HAVE_ZLIB_H if (iolog_compress) - gzprintf(io_fds[IOFD_TIMING].g, "%d %f %d\n", idx, + gzprintf(io_log_files[IOFD_TIMING].fd.g, "%d %f %d\n", idx, delay.tv_sec + ((double)delay.tv_usec / 1000000), len); else #endif - fprintf(io_fds[IOFD_TIMING].f, "%d %f %d\n", idx, + fprintf(io_log_files[IOFD_TIMING].fd.f, "%d %f %d\n", idx, delay.tv_sec + ((double)delay.tv_usec / 1000000), len); last_time.tv_sec = now.tv_sec; last_time.tv_usec = now.tv_usec; diff --git a/plugins/sudoers/iolog_path.c b/plugins/sudoers/iolog_path.c index 71030e4..34fea89 100644 --- a/plugins/sudoers/iolog_path.c +++ b/plugins/sudoers/iolog_path.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -35,9 +35,6 @@ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ -#ifdef HAVE_SETLOCALE -# include -#endif #include #include #include @@ -49,32 +46,16 @@ struct path_escape { size_t (*copy_fn)(char *, size_t, char *); }; -static size_t fill_seq(char *, size_t, char *); -static size_t fill_user(char *, size_t, char *); -static size_t fill_group(char *, size_t, char *); -static size_t fill_runas_user(char *, size_t, char *); -static size_t fill_runas_group(char *, size_t, char *); -static size_t fill_hostname(char *, size_t, char *); -static size_t fill_command(char *, size_t, char *); - -/* Note: "seq" must be first in the list. */ -static struct path_escape io_path_escapes[] = { - { "seq", fill_seq }, - { "user", fill_user }, - { "group", fill_group }, - { "runas_user", fill_runas_user }, - { "runas_group", fill_runas_group }, - { "hostname", fill_hostname }, - { "command", fill_command }, - { NULL, NULL } -}; - static size_t fill_seq(char *str, size_t strsize, char *logdir) { +#ifdef SUDOERS_NO_SEQ + debug_decl(fill_seq, SUDO_DEBUG_UTIL) + debug_return_size_t(strlcpy(str, "%{seq}", strsize)); +#else static char sessid[7]; int len; - debug_decl(sudoers_io_version, SUDO_DEBUG_UTIL) + debug_decl(fill_seq, SUDO_DEBUG_UTIL) if (sessid[0] == '\0') io_nextid(logdir, def_iolog_dir, sessid); @@ -85,6 +66,7 @@ fill_seq(char *str, size_t strsize, char *logdir) if (len < 0) debug_return_size_t(strsize); /* handle non-standard snprintf() */ debug_return_size_t(len); +#endif /* SUDOERS_NO_SEQ */ } static size_t @@ -155,6 +137,18 @@ fill_command(char *str, size_t strsize, char *unused) debug_return_size_t(strlcpy(str, user_base, strsize)); } +/* Note: "seq" must be first in the list. */ +static struct path_escape io_path_escapes[] = { + { "seq", fill_seq }, + { "user", fill_user }, + { "group", fill_group }, + { "runas_user", fill_runas_user }, + { "runas_group", fill_runas_group }, + { "hostname", fill_hostname }, + { "command", fill_command }, + { NULL, NULL } +}; + /* * Concatenate dir + file, expanding any escape sequences. * Returns the concatenated path and sets slashp point to @@ -168,8 +162,8 @@ expand_iolog_path(const char *prefix, const char *dir, const char *file, char *dst, *dst0, *path, *pathend, tmpbuf[PATH_MAX]; char *slash = NULL; const char *endbrace, *src = dir; - static struct path_escape *escapes; - int pass; + struct path_escape *escapes = NULL; + int pass, oldlocale; bool strfit; debug_decl(expand_iolog_path, SUDO_DEBUG_UTIL) @@ -196,7 +190,7 @@ expand_iolog_path(const char *prefix, const char *dir, const char *file, switch (pass) { case 0: src = dir; - escapes = io_path_escapes + 1; /* skip "${seq}" */ + escapes = io_path_escapes + 1; /* skip "%{seq}" */ break; case 1: /* Trim trailing slashes from dir component. */ @@ -258,20 +252,16 @@ expand_iolog_path(const char *prefix, const char *dir, const char *file, time(&now); timeptr = localtime(&now); -#ifdef HAVE_SETLOCALE - if (!setlocale(LC_ALL, def_sudoers_locale)) { - warningx(_("unable to set locale to \"%s\", using \"C\""), - def_sudoers_locale); - setlocale(LC_ALL, "C"); - } -#endif + /* Use sudoers locale for strftime() */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); + /* We only calls strftime() on the current part of the buffer. */ tmpbuf[sizeof(tmpbuf) - 1] = '\0'; len = strftime(tmpbuf, sizeof(tmpbuf), dst0, timeptr); -#ifdef HAVE_SETLOCALE - setlocale(LC_ALL, ""); -#endif + /* Restore old locale. */ + sudoers_setlocale(oldlocale, NULL); + if (len == 0 || tmpbuf[sizeof(tmpbuf) - 1] != '\0') goto bad; /* strftime() failed, buf too small? */ diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 8e69b22..2bb4b65 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003-2011 Todd C. Miller + * Copyright (c) 2003-2013 Todd C. Miller * * This code is derived from software contributed by Aaron Spangler. * @@ -20,7 +20,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -48,7 +47,6 @@ #include #include #include -#include #ifdef HAVE_LBER_H # include #endif @@ -120,7 +118,29 @@ extern int ldapssl_set_strength(LDAP *ldap, int strength); (var) != NULL; \ (var) = ldap_next_entry((ld), (var))) -#define DPRINTF(args, level) if (ldap_conf.debug >= level) warningx args +#if defined(__GNUC__) && __GNUC__ == 2 +# define DPRINTF1(fmt...) do { \ + if (ldap_conf.debug >= 1) \ + warningx(__VA_ARGS__); \ + sudo_debug_printf(SUDO_DEBUG_DIAG, fmt); \ +} while (0) +# define DPRINTF2(fmt...) do { \ + if (ldap_conf.debug >= 2) \ + warningx(__VA_ARGS__); \ + sudo_debug_printf(SUDO_DEBUG_INFO, fmt); \ +} while (0) +#else +# define DPRINTF1(...) do { \ + if (ldap_conf.debug >= 1) \ + warningx(__VA_ARGS__); \ + sudo_debug_printf(SUDO_DEBUG_DIAG, __VA_ARGS__); \ +} while (0) +# define DPRINTF2(...) do { \ + if (ldap_conf.debug >= 2) \ + warningx(__VA_ARGS__); \ + sudo_debug_printf(SUDO_DEBUG_INFO, __VA_ARGS__); \ +} while (0) +#endif #define CONF_BOOL 0 #define CONF_INT 1 @@ -384,7 +404,7 @@ sudo_ldap_conf_add_ports(void) hostbuf[0] = '\0'; if (snprintf(defport, sizeof(defport), ":%d", ldap_conf.port) >= sizeof(defport)) - errorx(1, _("sudo_ldap_conf_add_ports: port too large")); + fatalx(_("sudo_ldap_conf_add_ports: port too large")); for ((host = strtok(ldap_conf.host, " \t")); host; (host = strtok(NULL, " \t"))) { if (hostbuf[0] != '\0') { @@ -407,7 +427,7 @@ sudo_ldap_conf_add_ports(void) debug_return; toobig: - errorx(1, _("sudo_ldap_conf_add_ports: out of space expanding hostbuf")); + fatalx(_("sudo_ldap_conf_add_ports: out of space expanding hostbuf")); } #endif @@ -495,7 +515,7 @@ done: debug_return_int(rc); toobig: - errorx(1, _("sudo_ldap_parse_uri: out of space building hostbuf")); + fatalx(_("sudo_ldap_parse_uri: out of space building hostbuf")); } #else static char * @@ -534,9 +554,9 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port) #ifdef HAVE_LDAPSSL_INIT if (ldap_conf.ssl_mode != SUDO_LDAP_CLEAR) { const int defsecure = ldap_conf.ssl_mode == SUDO_LDAP_SSL; - DPRINTF(("ldapssl_clientauth_init(%s, %s)", + DPRINTF2("ldapssl_clientauth_init(%s, %s)", ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL", - ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2); + ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"); rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL, ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL); /* @@ -561,9 +581,9 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port) } } if (retry) { - DPRINTF(("ldapssl_clientauth_init(%s, %s)", + DPRINTF2("ldapssl_clientauth_init(%s, %s)", ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL", - ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2); + ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"); rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL, ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL); } @@ -573,11 +593,11 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port) ldapssl_err2string(rc)); if (ldap_conf.tls_certfile == NULL) warningx(_("you must set TLS_CERT in %s to use SSL"), - _PATH_LDAP_CONF); + path_ldap_conf); goto done; } - DPRINTF(("ldapssl_init(%s, %d, %d)", host, port, defsecure), 2); + DPRINTF2("ldapssl_init(%s, %d, %d)", host, port, defsecure); if ((ld = ldapssl_init(host, port, defsecure)) != NULL) rc = LDAP_SUCCESS; } else @@ -587,20 +607,20 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port) warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc)); debug_return_int(-1); } - DPRINTF(("ldap_ssl_init(%s, %d, NULL)", host, port), 2); + DPRINTF2("ldap_ssl_init(%s, %d, NULL)", host, port); if ((ld = ldap_ssl_init((char *)host, port, NULL)) != NULL) rc = LDAP_SUCCESS; } else #endif { #ifdef HAVE_LDAP_CREATE - DPRINTF(("ldap_create()"), 2); + DPRINTF2("ldap_create()"); if ((rc = ldap_create(&ld)) != LDAP_SUCCESS) goto done; - DPRINTF(("ldap_set_option(LDAP_OPT_HOST_NAME, %s)", host), 2); + DPRINTF2("ldap_set_option(LDAP_OPT_HOST_NAME, %s)", host); rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, host); #else - DPRINTF(("ldap_init(%s, %d)", host, port), 2); + DPRINTF2("ldap_init(%s, %d)", host, port); if ((ld = ldap_init((char *)host, port)) != NULL) rc = LDAP_SUCCESS; #endif @@ -613,15 +633,15 @@ done: /* * Walk through search results and return true if we have a matching - * netgroup, else false. + * non-Unix group (including netgroups), else false. */ static bool -sudo_ldap_check_user_netgroup(LDAP *ld, LDAPMessage *entry, char *user) +sudo_ldap_check_non_unix_group(LDAP *ld, LDAPMessage *entry, struct passwd *pw) { struct berval **bv, **p; char *val; int ret = false; - debug_decl(sudo_ldap_check_user_netgroup, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_check_non_unix_group, SUDO_DEBUG_LDAP) if (!entry) debug_return_bool(ret); @@ -634,11 +654,17 @@ sudo_ldap_check_user_netgroup(LDAP *ld, LDAPMessage *entry, char *user) /* walk through values */ for (p = bv; *p != NULL && !ret; p++) { val = (*p)->bv_val; - /* match any */ - if (netgr_matches(val, NULL, NULL, user)) - ret = true; - DPRINTF(("ldap sudoUser netgroup '%s' ... %s", val, - ret ? "MATCH!" : "not"), 2 + ((ret) ? 0 : 1)); + if (*val == '+') { + if (netgr_matches(val, NULL, NULL, pw->pw_name)) + ret = true; + DPRINTF2("ldap sudoUser netgroup '%s' ... %s", val, + ret ? "MATCH!" : "not"); + } else { + if (group_plugin_query(pw->pw_name, val + 2, pw)) + ret = true; + DPRINTF2("ldap sudoUser non-Unix group '%s' ... %s", val, + ret ? "MATCH!" : "not"); + } } ldap_value_free_len(bv); /* cleanup */ @@ -674,8 +700,7 @@ sudo_ldap_check_host(LDAP *ld, LDAPMessage *entry) netgr_matches(val, user_host, user_shost, NULL) || hostname_matches(user_shost, user_host, val)) ret = true; - DPRINTF(("ldap sudoHost '%s' ... %s", val, - ret ? "MATCH!" : "not"), 2); + DPRINTF2("ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not"); } ldap_value_free_len(bv); /* cleanup */ @@ -742,12 +767,11 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry) } /* FALLTHROUGH */ default: - if (strcasecmp(val, runas_pw->pw_name) == 0) + if (userpw_matches(val, runas_pw->pw_name, runas_pw)) ret = true; break; } - DPRINTF(("ldap sudoRunAsUser '%s' ... %s", val, - ret ? "MATCH!" : "not"), 2); + DPRINTF2("ldap sudoRunAsUser '%s' ... %s", val, ret ? "MATCH!" : "not"); } ldap_value_free_len(bv); /* cleanup */ @@ -777,8 +801,8 @@ sudo_ldap_check_runas_group(LDAP *ld, LDAPMessage *entry) val = (*p)->bv_val; if (strcmp(val, "ALL") == 0 || group_matches(val, runas_gr)) ret = true; - DPRINTF(("ldap sudoRunAsGroup '%s' ... %s", val, - ret ? "MATCH!" : "not"), 2); + DPRINTF2("ldap sudoRunAsGroup '%s' ... %s", + val, ret ? "MATCH!" : "not"); } ldap_value_free_len(bv); /* cleanup */ @@ -805,6 +829,65 @@ sudo_ldap_check_runas(LDAP *ld, LDAPMessage *entry) debug_return_bool(ret); } +static struct sudo_digest * +sudo_ldap_extract_digest(char **cmnd, struct sudo_digest *digest) +{ + char *ep, *cp = *cmnd; + int digest_type = SUDO_DIGEST_INVALID; + debug_decl(sudo_ldap_check_command, SUDO_DEBUG_LDAP) + + /* + * Check for and extract a digest prefix, e.g. + * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls + */ + if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') { + switch (cp[3]) { + case '2': + if (cp[4] == '2' && cp[5] == '4') + digest_type = SUDO_DIGEST_SHA224; + else if (cp[4] == '5' && cp[5] == '6') + digest_type = SUDO_DIGEST_SHA256; + break; + case '3': + if (cp[4] == '8' && cp[5] == '4') + digest_type = SUDO_DIGEST_SHA384; + break; + case '5': + if (cp[4] == '1' && cp[5] == '2') + digest_type = SUDO_DIGEST_SHA512; + break; + } + if (digest_type != SUDO_DIGEST_INVALID) { + cp += 6; + while (isblank((unsigned char)*cp)) + cp++; + if (*cp == ':') { + cp++; + while (isblank((unsigned char)*cp)) + cp++; + ep = cp; + while (*ep != '\0' && !isblank((unsigned char)*ep)) + ep++; + if (*ep != '\0') { + digest->digest_type = digest_type; + digest->digest_str = estrndup(cp, (size_t)(ep - cp)); + cp = ep + 1; + while (isblank((unsigned char)*cp)) + cp++; + *cmnd = cp; + DPRINTF1("%s digest %s for %s", + digest_type == SUDO_DIGEST_SHA224 ? "sha224" : + digest_type == SUDO_DIGEST_SHA256 ? "sha256" : + digest_type == SUDO_DIGEST_SHA384 ? "sha384" : + "sha512", digest->digest_str, cp); + debug_return_ptr(digest); + } + } + } + } + debug_return_ptr(NULL); +} + /* * Walk through search results and return true if we have a command match, * false if disallowed and UNSPEC if not matched. @@ -812,6 +895,7 @@ sudo_ldap_check_runas(LDAP *ld, LDAPMessage *entry) static int sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied) { + struct sudo_digest digest, *allowed_digest = NULL; struct berval **bv, **p; char *allowed_cmnd, *allowed_args, *val; bool foundbang; @@ -832,10 +916,13 @@ sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied) ret = true; if (setenv_implied != NULL) *setenv_implied = true; - DPRINTF(("ldap sudoCommand '%s' ... MATCH!", val), 2); + DPRINTF2("ldap sudoCommand '%s' ... MATCH!", val); continue; } + /* check for sha-2 digest */ + allowed_digest = sudo_ldap_extract_digest(&val, &digest); + /* check for !command */ if (*val == '!') { foundbang = true; @@ -851,17 +938,19 @@ sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied) *allowed_args++ = '\0'; /* check the command like normal */ - if (command_matches(allowed_cmnd, allowed_args)) { + if (command_matches(allowed_cmnd, allowed_args, allowed_digest)) { /* * If allowed (no bang) set ret but keep on checking. * If disallowed (bang), exit loop. */ ret = foundbang ? false : true; } - DPRINTF(("ldap sudoCommand '%s' ... %s", val, - ret == true ? "MATCH!" : "not"), 2); + DPRINTF2("ldap sudoCommand '%s' ... %s", + val, ret == true ? "MATCH!" : "not"); efree(allowed_cmnd); /* cleanup */ + if (allowed_digest != NULL) + efree(allowed_digest->digest_str); } ldap_value_free_len(bv); /* more cleanup */ @@ -891,7 +980,7 @@ sudo_ldap_check_bool(LDAP *ld, LDAPMessage *entry, char *option) /* walk through options */ for (p = bv; *p != NULL; p++) { var = (*p)->bv_val;; - DPRINTF(("ldap sudoOption: '%s'", var), 2); + DPRINTF2("ldap sudoOption: '%s'", var); if ((ch = *var) == '!') var++; @@ -925,7 +1014,7 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry) /* walk through options */ for (p = bv; *p != NULL; p++) { var = estrdup((*p)->bv_val); - DPRINTF(("ldap sudoOption: '%s'", var), 2); + DPRINTF2("ldap sudoOption: '%s'", var); /* check for equals sign past first char */ val = strchr(var, '='); @@ -1222,7 +1311,7 @@ sudo_ldap_build_pass1(struct passwd *pw) /* Add ALL to list and end the global OR */ if (strlcat(buf, "(sudoUser=ALL)", sz) >= sz) - errorx(1, _("sudo_ldap_build_pass1 allocation mismatch")); + fatalx(_("sudo_ldap_build_pass1 allocation mismatch")); /* Add the time restriction, or simply end the global OR. */ if (ldap_conf.timed) { @@ -1238,7 +1327,8 @@ sudo_ldap_build_pass1(struct passwd *pw) } /* - * Builds up a filter to check against netgroup entries in LDAP. + * Builds up a filter to check against non-Unix group + * entries in LDAP, including netgroups. */ static char * sudo_ldap_build_pass2(void) @@ -1250,15 +1340,23 @@ sudo_ldap_build_pass2(void) sudo_ldap_timefilter(timebuffer, sizeof(timebuffer)); /* - * Match all sudoUsers beginning with a '+'. + * Match all sudoUsers beginning with '+' or '%:'. * If a search filter or time restriction is specified, * those get ANDed in to the expression. */ - easprintf(&filt, "%s%s(sudoUser=+*)%s%s", - (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "", - ldap_conf.search_filter ? ldap_conf.search_filter : "", - ldap_conf.timed ? timebuffer : "", - (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); + if (def_group_plugin) { + easprintf(&filt, "%s%s(|(sudoUser=+*)(sudoUser=%%:*))%s%s", + (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "", + ldap_conf.search_filter ? ldap_conf.search_filter : "", + ldap_conf.timed ? timebuffer : "", + (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); + } else { + easprintf(&filt, "%s%s(sudoUser=+*)%s%s", + (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "", + ldap_conf.search_filter ? ldap_conf.search_filter : "", + ldap_conf.timed ? timebuffer : "", + (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); + } debug_return_str(filt); } @@ -1270,7 +1368,7 @@ sudo_ldap_read_secret(const char *path) char buf[LINE_MAX], *cp; debug_decl(sudo_ldap_read_secret, SUDO_DEBUG_LDAP) - if ((fp = fopen(_PATH_LDAP_SECRET, "r")) != NULL) { + if ((fp = fopen(path_ldap_secret, "r")) != NULL) { if (fgets(buf, sizeof(buf), fp) != NULL) { if ((cp = strchr(buf, '\n')) != NULL) *cp = '\0'; @@ -1347,7 +1445,8 @@ static bool sudo_ldap_read_config(void) { FILE *fp; - char *cp, *keyword, *value; + char *cp, *keyword, *value, *line = NULL; + size_t linesize = 0; debug_decl(sudo_ldap_read_config, SUDO_DEBUG_LDAP) /* defaults */ @@ -1361,15 +1460,15 @@ sudo_ldap_read_config(void) ldap_conf.rootuse_sasl = -1; ldap_conf.deref = -1; - if ((fp = fopen(_PATH_LDAP_CONF, "r")) == NULL) + if ((fp = fopen(path_ldap_conf, "r")) == NULL) debug_return_bool(false); - while ((cp = sudo_parseln(fp)) != NULL) { - if (*cp == '\0') + while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { + if (*line == '\0') continue; /* skip empty line */ /* split into keyword and value */ - keyword = cp; + keyword = cp = line; while (*cp && !isblank((unsigned char) *cp)) cp++; if (*cp) @@ -1384,108 +1483,91 @@ sudo_ldap_read_config(void) if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global)) sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn); } + free(line); fclose(fp); if (!ldap_conf.host) ldap_conf.host = estrdup("localhost"); - if (ldap_conf.debug > 1) { - sudo_printf(SUDO_CONV_ERROR_MSG, "LDAP Config Summary\n"); - sudo_printf(SUDO_CONV_ERROR_MSG, "===================\n"); - if (ldap_conf.uri) { - struct ldap_config_list_str *uri = ldap_conf.uri; + DPRINTF1("LDAP Config Summary"); + DPRINTF1("==================="); + if (ldap_conf.uri) { + struct ldap_config_list_str *uri = ldap_conf.uri; - do { - sudo_printf(SUDO_CONV_ERROR_MSG, "uri %s\n", - uri->val); - } while ((uri = uri->next) != NULL); - } else { - sudo_printf(SUDO_CONV_ERROR_MSG, "host %s\n", - ldap_conf.host ? ldap_conf.host : "(NONE)"); - sudo_printf(SUDO_CONV_ERROR_MSG, "port %d\n", - ldap_conf.port); - } - sudo_printf(SUDO_CONV_ERROR_MSG, "ldap_version %d\n", - ldap_conf.version); - - if (ldap_conf.base) { - struct ldap_config_list_str *base = ldap_conf.base; - do { - sudo_printf(SUDO_CONV_ERROR_MSG, "sudoers_base %s\n", - base->val); - } while ((base = base->next) != NULL); - } else { - sudo_printf(SUDO_CONV_ERROR_MSG, "sudoers_base %s\n", - "(NONE: LDAP disabled)"); - } - if (ldap_conf.search_filter) { - sudo_printf(SUDO_CONV_ERROR_MSG, "search_filter %s\n", - ldap_conf.search_filter); - } - sudo_printf(SUDO_CONV_ERROR_MSG, "binddn %s\n", - ldap_conf.binddn ? ldap_conf.binddn : "(anonymous)"); - sudo_printf(SUDO_CONV_ERROR_MSG, "bindpw %s\n", - ldap_conf.bindpw ? ldap_conf.bindpw : "(anonymous)"); - if (ldap_conf.bind_timelimit > 0) { - sudo_printf(SUDO_CONV_ERROR_MSG, "bind_timelimit %d\n", - ldap_conf.bind_timelimit); - } - if (ldap_conf.timelimit > 0) { - sudo_printf(SUDO_CONV_ERROR_MSG, "timelimit %d\n", - ldap_conf.timelimit); - } - if (ldap_conf.deref != -1) { - sudo_printf(SUDO_CONV_ERROR_MSG, "deref %d\n", - ldap_conf.deref); - } - sudo_printf(SUDO_CONV_ERROR_MSG, "ssl %s\n", - ldap_conf.ssl ? ldap_conf.ssl : "(no)"); - if (ldap_conf.tls_checkpeer != -1) { - sudo_printf(SUDO_CONV_ERROR_MSG, "tls_checkpeer %s\n", - ldap_conf.tls_checkpeer ? "(yes)" : "(no)"); - } - if (ldap_conf.tls_cacertfile != NULL) { - sudo_printf(SUDO_CONV_ERROR_MSG, "tls_cacertfile %s\n", - ldap_conf.tls_cacertfile); - } - if (ldap_conf.tls_cacertdir != NULL) { - sudo_printf(SUDO_CONV_ERROR_MSG, "tls_cacertdir %s\n", - ldap_conf.tls_cacertdir); - } - if (ldap_conf.tls_random_file != NULL) { - sudo_printf(SUDO_CONV_ERROR_MSG, "tls_random_file %s\n", - ldap_conf.tls_random_file); - } - if (ldap_conf.tls_cipher_suite != NULL) { - sudo_printf(SUDO_CONV_ERROR_MSG, "tls_cipher_suite %s\n", - ldap_conf.tls_cipher_suite); - } - if (ldap_conf.tls_certfile != NULL) { - sudo_printf(SUDO_CONV_ERROR_MSG, "tls_certfile %s\n", - ldap_conf.tls_certfile); - } - if (ldap_conf.tls_keyfile != NULL) { - sudo_printf(SUDO_CONV_ERROR_MSG, "tls_keyfile %s\n", - ldap_conf.tls_keyfile); - } + do { + DPRINTF1("uri %s", uri->val); + } while ((uri = uri->next) != NULL); + } else { + DPRINTF1("host %s", + ldap_conf.host ? ldap_conf.host : "(NONE)"); + DPRINTF1("port %d", ldap_conf.port); + } + DPRINTF1("ldap_version %d", ldap_conf.version); + + if (ldap_conf.base) { + struct ldap_config_list_str *base = ldap_conf.base; + do { + DPRINTF1("sudoers_base %s", base->val); + } while ((base = base->next) != NULL); + } else { + DPRINTF1("sudoers_base %s", "(NONE: LDAP disabled)"); + } + if (ldap_conf.search_filter) { + DPRINTF1("search_filter %s", ldap_conf.search_filter); + } + DPRINTF1("binddn %s", + ldap_conf.binddn ? ldap_conf.binddn : "(anonymous)"); + DPRINTF1("bindpw %s", + ldap_conf.bindpw ? ldap_conf.bindpw : "(anonymous)"); + if (ldap_conf.bind_timelimit > 0) { + DPRINTF1("bind_timelimit %d", ldap_conf.bind_timelimit); + } + if (ldap_conf.timelimit > 0) { + DPRINTF1("timelimit %d", ldap_conf.timelimit); + } + if (ldap_conf.deref != -1) { + DPRINTF1("deref %d", ldap_conf.deref); + } + DPRINTF1("ssl %s", ldap_conf.ssl ? ldap_conf.ssl : "(no)"); + if (ldap_conf.tls_checkpeer != -1) { + DPRINTF1("tls_checkpeer %s", + ldap_conf.tls_checkpeer ? "(yes)" : "(no)"); + } + if (ldap_conf.tls_cacertfile != NULL) { + DPRINTF1("tls_cacertfile %s", ldap_conf.tls_cacertfile); + } + if (ldap_conf.tls_cacertdir != NULL) { + DPRINTF1("tls_cacertdir %s", ldap_conf.tls_cacertdir); + } + if (ldap_conf.tls_random_file != NULL) { + DPRINTF1("tls_random_file %s", ldap_conf.tls_random_file); + } + if (ldap_conf.tls_cipher_suite != NULL) { + DPRINTF1("tls_cipher_suite %s", ldap_conf.tls_cipher_suite); + } + if (ldap_conf.tls_certfile != NULL) { + DPRINTF1("tls_certfile %s", ldap_conf.tls_certfile); + } + if (ldap_conf.tls_keyfile != NULL) { + DPRINTF1("tls_keyfile %s", ldap_conf.tls_keyfile); + } #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S - if (ldap_conf.use_sasl != -1) { - sudo_printf(SUDO_CONV_ERROR_MSG, "use_sasl %s\n", - ldap_conf.use_sasl ? "yes" : "no"); - sudo_printf(SUDO_CONV_ERROR_MSG, "sasl_auth_id %s\n", - ldap_conf.sasl_auth_id ? ldap_conf.sasl_auth_id : "(NONE)"); - sudo_printf(SUDO_CONV_ERROR_MSG, "rootuse_sasl %d\n", - ldap_conf.rootuse_sasl); - sudo_printf(SUDO_CONV_ERROR_MSG, "rootsasl_auth_id %s\n", - ldap_conf.rootsasl_auth_id ? ldap_conf.rootsasl_auth_id : "(NONE)"); - sudo_printf(SUDO_CONV_ERROR_MSG, "sasl_secprops %s\n", - ldap_conf.sasl_secprops ? ldap_conf.sasl_secprops : "(NONE)"); - sudo_printf(SUDO_CONV_ERROR_MSG, "krb5_ccname %s\n", - ldap_conf.krb5_ccname ? ldap_conf.krb5_ccname : "(NONE)"); - } -#endif - sudo_printf(SUDO_CONV_ERROR_MSG, "===================\n"); + if (ldap_conf.use_sasl != -1) { + DPRINTF1("use_sasl %s", ldap_conf.use_sasl ? "yes" : "no"); + DPRINTF1("sasl_auth_id %s", + ldap_conf.sasl_auth_id ? ldap_conf.sasl_auth_id : "(NONE)"); + DPRINTF1("rootuse_sasl %d", + ldap_conf.rootuse_sasl); + DPRINTF1("rootsasl_auth_id %s", + ldap_conf.rootsasl_auth_id ? ldap_conf.rootsasl_auth_id : "(NONE)"); + DPRINTF1("sasl_secprops %s", + ldap_conf.sasl_secprops ? ldap_conf.sasl_secprops : "(NONE)"); + DPRINTF1("krb5_ccname %s", + ldap_conf.krb5_ccname ? ldap_conf.krb5_ccname : "(NONE)"); } +#endif + DPRINTF1("==================="); + if (!ldap_conf.base) debug_return_bool(false); /* if no base is defined, ignore LDAP */ @@ -1553,7 +1635,7 @@ sudo_ldap_read_config(void) /* If rootbinddn set, read in /etc/ldap.secret if it exists. */ if (ldap_conf.rootbinddn) - sudo_ldap_read_secret(_PATH_LDAP_SECRET); + sudo_ldap_read_secret(path_ldap_secret); #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S /* @@ -1565,11 +1647,13 @@ sudo_ldap_read_config(void) value = ldap_conf.krb5_ccname + (ldap_conf.krb5_ccname[4] == ':' ? 5 : 7); if ((fp = fopen(value, "r")) != NULL) { - DPRINTF(("using krb5 credential cache: %s", value), 1); + sudo_debug_printf(SUDO_DEBUG_INFO, + "using krb5 credential cache: %s", value); fclose(fp); } else { /* Can't open it, just ignore the entry. */ - DPRINTF(("unable to open krb5 credential cache: %s", value), 1); + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "unable to open krb5 credential cache: %s", value); efree(ldap_conf.krb5_ccname); ldap_conf.krb5_ccname = NULL; } @@ -1844,7 +1928,7 @@ sudo_ldap_display_privs(struct sudo_nss *nss, struct passwd *pw, goto done; ld = handle->ld; - DPRINTF(("ldap search for command list"), 1); + DPRINTF1("ldap search for command list"); lres = sudo_ldap_result_get(nss, pw); /* Display all matching entries. */ @@ -1879,7 +1963,7 @@ sudo_ldap_display_cmnd(struct sudo_nss *nss, struct passwd *pw) * The sudo_ldap_result_get() function returns all nodes that match * the user and the host. */ - DPRINTF(("ldap search for command list"), 1); + DPRINTF1("ldap search for command list"); lres = sudo_ldap_result_get(nss, pw); for (i = 0; i < lres->nentries; i++) { entry = lres->entries[i].entry; @@ -1947,7 +2031,7 @@ sudo_ldap_set_options_table(LDAP *ld, struct ldap_config_table *table) case CONF_INT: ival = *(int *)(cur->valp); if (ival >= 0) { - DPRINTF(("ldap_set_option: %s -> %d", cur->conf_str, ival), 1); + DPRINTF1("ldap_set_option: %s -> %d", cur->conf_str, ival); rc = ldap_set_option(ld, cur->opt_val, &ival); if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option: %s -> %d: %s", @@ -1959,7 +2043,7 @@ sudo_ldap_set_options_table(LDAP *ld, struct ldap_config_table *table) case CONF_STR: sval = *(char **)(cur->valp); if (sval != NULL) { - DPRINTF(("ldap_set_option: %s -> %s", cur->conf_str, sval), 1); + DPRINTF1("ldap_set_option: %s -> %s", cur->conf_str, sval); rc = ldap_set_option(ld, cur->opt_val, sval); if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option: %s -> %s: %s", @@ -2015,12 +2099,11 @@ sudo_ldap_set_options_conn(LDAP *ld) struct timeval tv; tv.tv_sec = ldap_conf.timeout; tv.tv_usec = 0; - DPRINTF(("ldap_set_option(LDAP_OPT_TIMEOUT, %ld)", - (long)tv.tv_sec), 1); + DPRINTF1("ldap_set_option(LDAP_OPT_TIMEOUT, %d)", ldap_conf.timeout); rc = ldap_set_option(ld, LDAP_OPT_TIMEOUT, &tv); if (rc != LDAP_OPT_SUCCESS) { - warningx("ldap_set_option(TIMEOUT, %ld): %s", - (long)tv.tv_sec, ldap_err2string(rc)); + warningx("ldap_set_option(TIMEOUT, %d): %s", + ldap_conf.timeout, ldap_err2string(rc)); } } #endif @@ -2030,14 +2113,14 @@ sudo_ldap_set_options_conn(LDAP *ld) struct timeval tv; tv.tv_sec = ldap_conf.bind_timelimit / 1000; tv.tv_usec = 0; - DPRINTF(("ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, %ld)", - (long)tv.tv_sec), 1); + DPRINTF1("ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, %d)", + ldap_conf.bind_timelimit / 1000); rc = ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); # if !defined(LDAP_OPT_CONNECT_TIMEOUT) || LDAP_VENDOR_VERSION != 510 /* Tivoli Directory Server 6.3 libs always return a (bogus) error. */ if (rc != LDAP_OPT_SUCCESS) { - warningx("ldap_set_option(NETWORK_TIMEOUT, %ld): %s", - (long)tv.tv_sec, ldap_err2string(rc)); + warningx("ldap_set_option(NETWORK_TIMEOUT, %d): %s", + ldap_conf.bind_timelimit / 1000, ldap_err2string(rc)); } # endif } @@ -2046,7 +2129,7 @@ sudo_ldap_set_options_conn(LDAP *ld) #if defined(LDAP_OPT_X_TLS) && !defined(HAVE_LDAPSSL_INIT) if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) { int val = LDAP_OPT_X_TLS_HARD; - DPRINTF(("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)"), 1); + DPRINTF1("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)"); rc = ldap_set_option(ld, LDAP_OPT_X_TLS, &val); if (rc != LDAP_SUCCESS) { warningx("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD): %s", @@ -2148,7 +2231,8 @@ sudo_ldap_bind_s(LDAP *ld) if (gss_krb5_ccache_name(&status, ldap_conf.krb5_ccname, &old_ccname) != GSS_S_COMPLETE) { old_ccname = NULL; - DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "gss_krb5_ccache_name() failed: %d", status); } # else sudo_setenv("KRB5CCNAME", ldap_conf.krb5_ccname, true); @@ -2159,7 +2243,8 @@ sudo_ldap_bind_s(LDAP *ld) if (ldap_conf.krb5_ccname != NULL) { # ifdef HAVE_GSS_KRB5_CCACHE_NAME if (gss_krb5_ccache_name(&status, old_ccname, NULL) != GSS_S_COMPLETE) - DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "gss_krb5_ccache_name() failed: %d", status); # else if (old_ccname != NULL) sudo_setenv("KRB5CCNAME", old_ccname, true); @@ -2172,7 +2257,7 @@ sudo_ldap_bind_s(LDAP *ld) ldap_err2string(rc)); debug_return_int(-1); } - DPRINTF(("ldap_sasl_interactive_bind_s() ok"), 1); + DPRINTF1("ldap_sasl_interactive_bind_s() ok"); } else #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ #ifdef HAVE_LDAP_SASL_BIND_S @@ -2188,7 +2273,7 @@ sudo_ldap_bind_s(LDAP *ld) warningx("ldap_sasl_bind_s(): %s", ldap_err2string(rc)); debug_return_int(-1); } - DPRINTF(("ldap_sasl_bind_s() ok"), 1); + DPRINTF1("ldap_sasl_bind_s() ok"); } #else { @@ -2197,7 +2282,7 @@ sudo_ldap_bind_s(LDAP *ld) warningx("ldap_simple_bind_s(): %s", ldap_err2string(rc)); debug_return_int(-1); } - DPRINTF(("ldap_simple_bind_s() ok"), 1); + DPRINTF1("ldap_simple_bind_s() ok"); } #endif debug_return_int(0); @@ -2233,7 +2318,7 @@ sudo_ldap_open(struct sudo_nss *nss) #ifdef HAVE_LDAP_INITIALIZE if (ldap_conf.uri != NULL) { char *buf = sudo_ldap_join_uri(ldap_conf.uri); - DPRINTF(("ldap_initialize(ld, %s)", buf), 2); + DPRINTF2("ldap_initialize(ld, %s)", buf); rc = ldap_initialize(&ld, buf); efree(buf); if (rc != LDAP_SUCCESS) @@ -2258,7 +2343,7 @@ sudo_ldap_open(struct sudo_nss *nss) warningx("ldap_start_tls_s(): %s", ldap_err2string(rc)); debug_return_int(-1); } - DPRINTF(("ldap_start_tls_s() ok"), 1); + DPRINTF1("ldap_start_tls_s() ok"); #elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP) if (ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw, 0, &rc) != LDAP_SUCCESS) { warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc)); @@ -2269,7 +2354,7 @@ sudo_ldap_open(struct sudo_nss *nss) warningx("ldap_start_tls_s_np(): %s", ldap_err2string(rc)); debug_return_int(-1); } - DPRINTF(("ldap_start_tls_s_np() ok"), 1); + DPRINTF1("ldap_start_tls_s_np() ok"); #else warningx(_("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()")); #endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */ @@ -2307,7 +2392,7 @@ sudo_ldap_setdefs(struct sudo_nss *nss) ld = handle->ld; filt = sudo_ldap_build_default_filter(); - DPRINTF(("Looking for cn=defaults: %s", filt), 1); + DPRINTF1("Looking for cn=defaults: %s", filt); for (base = ldap_conf.base; base != NULL; base = base->next) { if (ldap_conf.timeout > 0) { @@ -2319,11 +2404,11 @@ sudo_ldap_setdefs(struct sudo_nss *nss) rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt, NULL, 0, NULL, NULL, tvp, 0, &result); if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) { - DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1); + DPRINTF1("found:%s", ldap_get_dn(ld, entry)); sudo_ldap_parse_options(ld, entry); - } else - DPRINTF(("no default options found in %s", base->val), 1); - + } else { + DPRINTF1("no default options found in %s", base->val); + } if (result) ldap_msgfree(result); } @@ -2362,7 +2447,7 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag) enum def_tuple pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple; - DPRINTF(("perform search for pwflag %d", pwflag), 1); + DPRINTF1("perform search for pwflag %d", pwflag); for (i = 0; i < lres->nentries; i++) { entry = lres->entries[i].entry; if ((pwcheck == any && doauth != false) || @@ -2401,7 +2486,7 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag) goto done; } - DPRINTF(("searching LDAP for sudoers entries"), 1); + DPRINTF1("searching LDAP for sudoers entries"); setenv_implied = false; for (i = 0; i < lres->nentries; i++) { @@ -2411,9 +2496,9 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag) rc = sudo_ldap_check_command(ld, entry, &setenv_implied); if (rc != UNSPEC) { /* We have a match. */ - DPRINTF(("Command %sallowed", rc == true ? "" : "NOT "), 1); + DPRINTF1("Command %sallowed", rc == true ? "" : "NOT "); if (rc == true) { - DPRINTF(("LDAP entry: %p", entry), 1); + DPRINTF1("LDAP entry: %p", entry); /* Apply entry-specific options. */ if (setenv_implied) def_setenv = true; @@ -2436,9 +2521,9 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag) } done: - DPRINTF(("done with LDAP searches"), 1); - DPRINTF(("user_matches=%d", lres->user_matches), 1); - DPRINTF(("host_matches=%d", lres->host_matches), 1); + DPRINTF1("done with LDAP searches"); + DPRINTF1("user_matches=%d", lres->user_matches); + DPRINTF1("host_matches=%d", lres->host_matches); if (!ISSET(ret, VALIDATE_OK)) { /* No matching entries. */ @@ -2449,7 +2534,7 @@ done: CLR(ret, FLAG_NO_USER); if (lres->host_matches) CLR(ret, FLAG_NO_HOST); - DPRINTF(("sudo_ldap_lookup(%d)=0x%02x", pwflag, ret), 1); + DPRINTF1("sudo_ldap_lookup(%d)=0x%02x", pwflag, ret); debug_return_int(ret); } @@ -2504,13 +2589,13 @@ sudo_ldap_result_add_entry(struct ldap_result *lres, LDAPMessage *entry) if (bv != NULL) { if (ldap_count_values_len(bv) > 0) { /* Get the value of this attribute, 0 if not present. */ - DPRINTF(("order attribute raw: %s", (*bv)->bv_val), 1); + DPRINTF2("order attribute raw: %s", (*bv)->bv_val); order = strtod((*bv)->bv_val, &ep); if (ep == (*bv)->bv_val || *ep != '\0') { warningx(_("invalid sudoOrder attribute: %s"), (*bv)->bv_val); order = 0.0; } - DPRINTF(("order attribute: %f", order), 1); + DPRINTF2("order attribute: %f", order); } ldap_value_free_len(bv); } @@ -2542,7 +2627,7 @@ sudo_ldap_result_free_nss(struct sudo_nss *nss) debug_decl(sudo_ldap_result_free_nss, SUDO_DEBUG_LDAP) if (handle->result != NULL) { - DPRINTF(("removing reusable search result"), 1); + DPRINTF1("removing reusable search result"); sudo_ldap_result_free(handle->result); if (handle->username) { efree(handle->username); @@ -2567,7 +2652,7 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) struct timeval tv, *tvp = NULL; LDAPMessage *entry, *result; LDAP *ld = handle->ld; - int do_netgr, rc; + int pass, rc; char *filt; debug_decl(sudo_ldap_result_get, SUDO_DEBUG_LDAP) @@ -2578,13 +2663,13 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) if (handle->result) { if (handle->grlist == user_group_list && strcmp(pw->pw_name, handle->username) == 0) { - DPRINTF(("reusing previous result (user %s) with %d entries", - handle->username, handle->result->nentries), 1); + DPRINTF1("reusing previous result (user %s) with %d entries", + handle->username, handle->result->nentries); debug_return_ptr(handle->result); } /* User mismatch, cached result cannot be used. */ - DPRINTF(("removing result (user %s), new search (user %s)", - handle->username, pw->pw_name), 1); + DPRINTF1("removing result (user %s), new search (user %s)", + handle->username, pw->pw_name); sudo_ldap_result_free_nss(nss); } @@ -2598,20 +2683,21 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) * sudoUser in this pass since the LDAP server already scanned * it for us. * - * The second pass will return all the entries that contain - * user netgroups. Then we take the netgroups returned and - * try to match them against the username. + * The second pass will return all the entries that contain non- + * Unix groups, including netgroups. Then we take the non-Unix + * groups returned and try to match them against the username. * * Since we have to sort the possible entries before we make a * decision, we perform the queries and store all of the results in * an ldap_result object. The results are then sorted by sudoOrder. */ lres = sudo_ldap_result_alloc(); - for (do_netgr = 0; do_netgr < 2; do_netgr++) { - filt = do_netgr ? sudo_ldap_build_pass2() : sudo_ldap_build_pass1(pw); - DPRINTF(("ldap search '%s'", filt), 1); + for (pass = 0; pass < 2; pass++) { + filt = pass ? sudo_ldap_build_pass2() : sudo_ldap_build_pass1(pw); + DPRINTF1("ldap search '%s'", filt); for (base = ldap_conf.base; base != NULL; base = base->next) { - DPRINTF(("searching from base '%s'", base->val), 1); + DPRINTF1("searching from base '%s'", + base->val); if (ldap_conf.timeout > 0) { tv.tv_sec = ldap_conf.timeout; tv.tv_usec = 0; @@ -2621,29 +2707,29 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt, NULL, 0, NULL, NULL, tvp, 0, &result); if (rc != LDAP_SUCCESS) { - DPRINTF(("nothing found for '%s'", filt), 1); + DPRINTF1("nothing found for '%s'", filt); continue; } lres->user_matches = true; /* Add the seach result to list of search results. */ - DPRINTF(("adding search result"), 1); + DPRINTF1("adding search result"); sudo_ldap_result_add_search(lres, ld, result); LDAP_FOREACH(entry, ld, result) { - if ((!do_netgr || - sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name)) && + if ((!pass || + sudo_ldap_check_non_unix_group(ld, entry, pw)) && sudo_ldap_check_host(ld, entry)) { lres->host_matches = true; sudo_ldap_result_add_entry(lres, entry); } } - DPRINTF(("result now has %d entries", lres->nentries), 1); + DPRINTF1("result now has %d entries", lres->nentries); } efree(filt); } /* Sort the entries by the sudoOrder attribute. */ - DPRINTF(("sorting remaining %d entries", lres->nentries), 1); + DPRINTF1("sorting remaining %d entries", lres->nentries); qsort(lres->entries, lres->nentries, sizeof(lres->entries[0]), ldap_entry_compare); @@ -2723,8 +2809,7 @@ sudo_ldap_result_from_search(LDAP *ldap, LDAPMessage *searchresult) LDAP_FOREACH(entry, last->ldap, last->searchresult) { sudo_ldap_result_add_entry(result, entry); } - DPRINTF(("sudo_ldap_result_from_search: %d entries found", - result->nentries), 2); + DPRINTF1("sudo_ldap_result_from_search: %d entries found", result->nentries); return result; } #endif diff --git a/plugins/sudoers/linux_audit.c b/plugins/sudoers/linux_audit.c index 9cfd4a7..d50cd62 100644 --- a/plugins/sudoers/linux_audit.c +++ b/plugins/sudoers/linux_audit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -54,7 +54,7 @@ static linux_audit_open(void) if (au_fd == -1) { /* Kernel may not have audit support. */ if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT) - error(1, _("unable to open audit system")); + fatal(_("unable to open audit system")); } else { (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC); } @@ -79,7 +79,7 @@ linux_audit_command(char *argv[], int result) for (av = argv; *av != NULL; av++) { n = strlcpy(cp, *av, size - (cp - command)); if (n >= size - (cp - command)) { - errorx(1, _("internal error, %s overflow"), + fatalx(_("internal error, %s overflow"), "linux_audit_command()"); } cp += n; diff --git a/plugins/sudoers/linux_audit.h b/plugins/sudoers/linux_audit.h index 8f4d46c..090de64 100644 --- a/plugins/sudoers/linux_audit.h +++ b/plugins/sudoers/linux_audit.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,9 +14,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_LINUX_AUDIT_H -#define _SUDO_LINUX_AUDIT_H +#ifndef _SUDOERS_LINUX_AUDIT_H +#define _SUDOERS_LINUX_AUDIT_H int linux_audit_command(char *argv[], int result); -#endif /* _SUDO_LINUX_AUDIT_H */ +#endif /* _SUDOERS_LINUX_AUDIT_H */ diff --git a/plugins/sudoers/locale.c b/plugins/sudoers/locale.c new file mode 100644 index 0000000..3173b0b --- /dev/null +++ b/plugins/sudoers/locale.c @@ -0,0 +1,123 @@ +/* + * Copyright (c) 2012-2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ + +#include "missing.h" +#include "error.h" +#include "alloc.h" +#include "logging.h" +#include "gettext.h" + +static int current_locale = SUDOERS_LOCALE_USER; +static char *user_locale; +static char *sudoers_locale; + +int +sudoers_getlocale(void) +{ + return current_locale; +} + +void +sudoers_initlocale(const char *ulocale, const char *slocale) +{ + if (ulocale != NULL) { + efree(user_locale); + user_locale = estrdup(ulocale); + } + if (slocale != NULL) { + efree(sudoers_locale); + sudoers_locale = estrdup(slocale); + } +} + +/* + * Set locale to user or sudoers value. + * Returns true on success and false on failure, + * If prevlocale is non-NULL it will be filled in with the + * old SUDOERS_LOCALE_* value. + */ +bool +sudoers_setlocale(int newlocale, int *prevlocale) +{ + char *res = NULL; + + switch (newlocale) { + case SUDOERS_LOCALE_USER: + if (prevlocale) + *prevlocale = current_locale; + if (current_locale != SUDOERS_LOCALE_USER) { + current_locale = SUDOERS_LOCALE_USER; + res = setlocale(LC_ALL, user_locale ? user_locale : ""); + if (res != NULL && user_locale == NULL) + user_locale = estrdup(setlocale(LC_ALL, NULL)); + } + break; + case SUDOERS_LOCALE_SUDOERS: + if (prevlocale) + *prevlocale = current_locale; + if (current_locale != SUDOERS_LOCALE_SUDOERS) { + current_locale = SUDOERS_LOCALE_SUDOERS; + res = setlocale(LC_ALL, sudoers_locale ? sudoers_locale : "C"); + if (res == NULL && sudoers_locale != NULL) { + if (strcmp(sudoers_locale, "C") != 0) { + efree(sudoers_locale); + sudoers_locale = estrdup("C"); + res = setlocale(LC_ALL, "C"); + } + } + } + break; + } + return res ? true : false; +} + +static int warning_locale; + +void +warning_set_locale(void) +{ + sudoers_setlocale(SUDOERS_LOCALE_USER, &warning_locale); +} + +void +warning_restore_locale(void) +{ + sudoers_setlocale(warning_locale, NULL); +} diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index c122b35..d7256a5 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994-1996, 1998-2011 Todd C. Miller + * Copyright (c) 1994-1996, 1998-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -25,7 +25,6 @@ #include #include -#include #include #include #include @@ -47,9 +46,6 @@ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ -#ifdef HAVE_SETLOCALE -# include -#endif /* HAVE_SETLOCALE */ #ifdef HAVE_NL_LANGINFO # include #endif /* HAVE_NL_LANGINFO */ @@ -60,10 +56,16 @@ #include #include #include -#include #include "sudoers.h" +#ifndef va_copy +# define va_copy(d, s) memcpy(&(d), &(s), sizeof(d)); +#endif + +/* Special message for log_warning() so we know to use ngettext() */ +#define INCORRECT_PASSWORD_ATTEMPT ((char *)0x01) + static void do_syslog(int, char *); static void do_logfile(char *); static void send_mail(const char *fmt, ...); @@ -71,8 +73,6 @@ static int should_mail(int); static void mysyslog(int, const char *, ...); static char *new_logline(const char *, int); -extern sigjmp_buf error_jmp; - extern char **NewArgv; /* XXX - for auditing */ #define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */ @@ -119,9 +119,6 @@ mysyslog(int pri, const char *fmt, ...) debug_return; } -#define FMT_FIRST "%8s : %s" -#define FMT_CONTD "%8s : (command continued) %s" - /* * Log a message to syslog, pre-pending the username and splitting the * message into parts if it is longer than MAXSYSLOGLEN. @@ -132,20 +129,15 @@ do_syslog(int pri, char *msg) size_t len, maxlen; char *p, *tmp, save; const char *fmt; -#ifdef HAVE_SETLOCALE - const char *old_locale = estrdup(setlocale(LC_ALL, NULL)); -#endif + int oldlocale; debug_decl(do_syslog, SUDO_DEBUG_LOGGING) -#ifdef HAVE_SETLOCALE - if (!setlocale(LC_ALL, def_sudoers_locale)) - setlocale(LC_ALL, "C"); -#endif /* HAVE_SETLOCALE */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); /* * Log the full line, breaking into multiple syslog(3) calls if necessary */ - fmt = _(FMT_FIRST); + fmt = _("%8s : %s"); maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name)); for (p = msg; *p != '\0'; ) { len = strlen(p); @@ -173,14 +165,11 @@ do_syslog(int pri, char *msg) mysyslog(pri, fmt, user_name, p); p += len; } - fmt = _(FMT_CONTD); + fmt = _("%8s : (command continued) %s"); maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name)); } -#ifdef HAVE_SETLOCALE - setlocale(LC_ALL, old_locale); - efree((void *)old_locale); -#endif /* HAVE_SETLOCALE */ + sudoers_setlocale(oldlocale, NULL); debug_return; } @@ -192,9 +181,12 @@ do_logfile(char *msg) size_t len; mode_t oldmask; time_t now; + int oldlocale; FILE *fp; debug_decl(do_logfile, SUDO_DEBUG_LOGGING) + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); + oldmask = umask(077); fp = fopen(def_logfile, "a"); (void) umask(oldmask); @@ -205,13 +197,7 @@ do_logfile(char *msg) send_mail(_("unable to lock log file: %s: %s"), def_logfile, strerror(errno)); } else { -#ifdef HAVE_SETLOCALE - const char *old_locale = estrdup(setlocale(LC_ALL, NULL)); - if (!setlocale(LC_ALL, def_sudoers_locale)) - setlocale(LC_ALL, "C"); -#endif /* HAVE_SETLOCALE */ - - now = time(NULL); + time(&now); if (def_loglinelen < sizeof(LOG_INDENT)) { /* Don't pretty-print long log file lines (hard to grep) */ if (def_log_host) @@ -237,12 +223,9 @@ do_logfile(char *msg) (void) fflush(fp); (void) lock_file(fileno(fp), SUDO_UNLOCK); (void) fclose(fp); - -#ifdef HAVE_SETLOCALE - setlocale(LC_ALL, old_locale); - efree((void *)old_locale); -#endif /* HAVE_SETLOCALE */ } + sudoers_setlocale(oldlocale, NULL); + debug_return; } @@ -252,14 +235,19 @@ do_logfile(char *msg) void log_denial(int status, bool inform_user) { - char *logline, *message; + const char *message; + char *logline; + int oldlocale; debug_decl(log_denial, SUDO_DEBUG_LOGGING) - /* Handle auditing first. */ + /* Handle auditing first (audit_failure() handles the locale itself). */ if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST)) - audit_failure(NewArgv, _("No user or host")); + audit_failure(NewArgv, N_("No user or host")); else - audit_failure(NewArgv, _("validation failure")); + audit_failure(NewArgv, N_("validation failure")); + + /* Log and mail messages should be in the sudoers locale. */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); /* Set error message. */ if (ISSET(status, FLAG_NO_USER)) @@ -271,11 +259,31 @@ log_denial(int status, bool inform_user) logline = new_logline(message, 0); + /* Become root if we are not already. */ + set_perms(PERM_ROOT|PERM_NOEXIT); + if (should_mail(status)) send_mail("%s", logline); /* send mail based on status */ - /* Inform the user if they failed to authenticate. */ + /* + * Log via syslog and/or a file. + */ + if (def_syslog) + do_syslog(def_syslog_badpri, logline); + if (def_logfile) + do_logfile(logline); + + restore_perms(); + + efree(logline); + + /* Restore locale. */ + sudoers_setlocale(oldlocale, NULL); + + /* Inform the user if they failed to authenticate (in their locale). */ if (inform_user) { + sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); + if (ISSET(status, FLAG_NO_USER)) { sudo_printf(SUDO_CONV_ERROR_MSG, _("%s is not in the sudoers " "file. This incident will be reported.\n"), user_name); @@ -295,17 +303,8 @@ log_denial(int status, bool inform_user) runas_pw->pw_name : user_name, runas_gr ? ":" : "", runas_gr ? runas_gr->gr_name : "", user_host); } + sudoers_setlocale(oldlocale, NULL); } - - /* - * Log via syslog and/or a file. - */ - if (def_syslog) - do_syslog(def_syslog_badpri, logline); - if (def_logfile) - do_logfile(logline); - - efree(logline); debug_return; } @@ -315,8 +314,8 @@ log_denial(int status, bool inform_user) void log_failure(int status, int flags) { - debug_decl(log_failure, SUDO_DEBUG_LOGGING) bool inform_user = true; + debug_decl(log_failure, SUDO_DEBUG_LOGGING) /* The user doesn't always get to see the log message (path info). */ if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info && @@ -351,7 +350,7 @@ log_auth_failure(int status, int tries) debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING) /* Handle auditing first. */ - audit_failure(NewArgv, _("authentication failure")); + audit_failure(NewArgv, N_("authentication failure")); /* * Do we need to send mail? @@ -374,12 +373,10 @@ log_auth_failure(int status, int tries) /* * If sudoers denied the command we'll log that separately. */ - if (ISSET(status, FLAG_BAD_PASSWORD)) { - log_error(flags, ngettext("%d incorrect password attempt", - "%d incorrect password attempts", tries), tries); - } else if (ISSET(status, FLAG_NON_INTERACTIVE)) { - log_error(flags, _("a password is required")); - } + if (ISSET(status, FLAG_BAD_PASSWORD)) + log_warning(flags, INCORRECT_PASSWORD_ATTEMPT, tries); + else if (ISSET(status, FLAG_NON_INTERACTIVE)) + log_warning(flags, N_("a password is required")); debug_return; } @@ -391,10 +388,17 @@ void log_allowed(int status) { char *logline; + int oldlocale; debug_decl(log_allowed, SUDO_DEBUG_LOGGING) + /* Log and mail messages should be in the sudoers locale. */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); + logline = new_logline(NULL, 0); + /* Become root if we are not already. */ + set_perms(PERM_ROOT|PERM_NOEXIT); + if (should_mail(status)) send_mail("%s", logline); /* send mail based on status */ @@ -406,42 +410,51 @@ log_allowed(int status) if (def_logfile) do_logfile(logline); + restore_perms(); + efree(logline); + + sudoers_setlocale(oldlocale, NULL); + debug_return; } /* - * Perform logging for log_error()/log_fatal() + * Perform logging for log_warning()/log_fatal() */ static void -vlog_error(int flags, const char *fmt, va_list ap) +vlog_warning(int flags, const char *fmt, va_list ap) { - int serrno = errno; + int oldlocale, serrno = errno; char *logline, *message; + va_list ap2; debug_decl(vlog_error, SUDO_DEBUG_LOGGING) - /* Expand printf-style format + args. */ - evasprintf(&message, fmt, ap); + /* Need extra copy of ap for warning() below. */ + if (!ISSET(flags, NO_STDERR)) + va_copy(ap2, ap); - /* Become root if we are not already to avoid user interference */ - set_perms(PERM_ROOT|PERM_NOEXIT); + /* Log messages should be in the sudoers locale. */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); + + /* Expand printf-style format + args (with a special case). */ + if (fmt == INCORRECT_PASSWORD_ATTEMPT) { + int tries = va_arg(ap, int); + easprintf(&message, ngettext("%d incorrect password attempt", + "%d incorrect password attempts", tries), tries); + } else { + evasprintf(&message, _(fmt), ap); + } - if (ISSET(flags, MSG_ONLY)) + if (ISSET(flags, MSG_ONLY)) { logline = message; - else + } else { logline = new_logline(message, ISSET(flags, USE_ERRNO) ? serrno : 0); - - /* - * Tell the user. - */ - if (!ISSET(flags, NO_STDERR)) { - if (ISSET(flags, USE_ERRNO)) - warning("%s", message); - else - warningx("%s", message); - } - if (logline != message) efree(message); + } + + /* Become root if we are not already. */ + set_perms(PERM_ROOT|PERM_NOEXIT); /* * Send a copy of the error via mail. @@ -459,22 +472,41 @@ vlog_error(int flags, const char *fmt, va_list ap) do_logfile(logline); } + restore_perms(); + efree(logline); - restore_perms(); + sudoers_setlocale(oldlocale, NULL); + + /* + * Tell the user (in their locale). + */ + if (!ISSET(flags, NO_STDERR)) { + if (fmt == INCORRECT_PASSWORD_ATTEMPT) { + int tries = va_arg(ap2, int); + warningx(ngettext("%d incorrect password attempt", + "%d incorrect password attempts", tries), tries); + } else { + if (ISSET(flags, USE_ERRNO)) + vwarning(fmt, ap2); + else + vwarningx(fmt, ap2); + } + va_end(ap2); + } debug_return; } void -log_error(int flags, const char *fmt, ...) +log_warning(int flags, const char *fmt, ...) { va_list ap; debug_decl(log_error, SUDO_DEBUG_LOGGING) /* Log the error. */ va_start(ap, fmt); - vlog_error(flags, fmt, ap); + vlog_warning(flags, fmt, ap); va_end(ap); debug_return; @@ -488,13 +520,13 @@ log_fatal(int flags, const char *fmt, ...) /* Log the error. */ va_start(ap, fmt); - vlog_error(flags, fmt, ap); + vlog_warning(flags, fmt, ap); va_end(ap); /* Exit the plugin. */ - plugin_cleanup(0); + sudoers_cleanup(); sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); - siglongjmp(error_jmp, 1); + fatal_longjmp(1); } #define MAX_MAILFLAGS 63 @@ -531,7 +563,7 @@ send_mail(const char *fmt, ...) switch (pid = sudo_debug_fork()) { case -1: /* Error. */ - error(1, _("unable to fork")); + fatal(_("unable to fork")); break; case 0: /* Child. */ @@ -569,13 +601,7 @@ send_mail(const char *fmt, ...) (void) dup2(fd, STDERR_FILENO); } -#ifdef HAVE_SETLOCALE - if (!setlocale(LC_ALL, def_sudoers_locale)) { - setlocale(LC_ALL, "C"); - efree(def_sudoers_locale); - def_sudoers_locale = estrdup("C"); - } -#endif /* HAVE_SETLOCALE */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, NULL); /* Close password, group and other fds so we don't leak. */ sudo_endpwent(); @@ -665,7 +691,7 @@ send_mail(const char *fmt, ...) /* Pipes are all setup, send message. */ (void) fprintf(mail, "To: %s\nFrom: %s\nAuto-Submitted: %s\nSubject: ", def_mailto, def_mailfrom ? def_mailfrom : user_name, "auto-generated"); - for (p = def_mailsub; *p; p++) { + for (p = _(def_mailsub); *p; p++) { /* Expand escapes in the subject */ if (*p == '%' && *(p+1) != '%') { switch (*(++p)) { @@ -739,12 +765,15 @@ should_mail(int status) static char * new_logline(const char *message, int serrno) { + char *line, *errstr = NULL, *evstr = NULL; +#ifndef SUDOERS_NO_SEQ + char sessid[7]; +#endif + const char *tsid = NULL; size_t len = 0; - char *errstr = NULL; - char *evstr = NULL; - char *line, sessid[7], *tsid = NULL; debug_decl(new_logline, SUDO_DEBUG_LOGGING) +#ifndef SUDOERS_NO_SEQ /* A TSID may be a sudoers-style session ID or a free-form string. */ if (sudo_user.iolog_file != NULL) { if (IS_SESSID(sudo_user.iolog_file)) { @@ -760,6 +789,7 @@ new_logline(const char *message, int serrno) tsid = sudo_user.iolog_file; } } +#endif /* * Compute line length @@ -866,5 +896,5 @@ new_logline(const char *message, int serrno) debug_return_str(line); toobig: - errorx(1, _("internal error: insufficient space for log line")); + fatalx(_("internal error: insufficient space for log line")); } diff --git a/plugins/sudoers/logging.h b/plugins/sudoers/logging.h index 81b73c0..d1b620e 100644 --- a/plugins/sudoers/logging.h +++ b/plugins/sudoers/logging.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2009-2010 + * Copyright (c) 1999-2005, 2009-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -15,8 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _LOGGING_H -#define _LOGGING_H +#ifndef _SUDOERS_LOGGING_H +#define _SUDOERS_LOGGING_H #include #ifdef __STDC__ @@ -30,7 +30,13 @@ #define SLOG_FILE 0x02 #define SLOG_BOTH 0x03 -/* Flags for log_error()/log_fatal() */ +/* + * Values for sudoers_setlocale() + */ +#define SUDOERS_LOCALE_USER 0 +#define SUDOERS_LOCALE_SUDOERS 1 + +/* Flags for log_warning()/log_fatal() */ #define MSG_ONLY 0x01 #define USE_ERRNO 0x02 #define NO_MAIL 0x04 @@ -52,14 +58,17 @@ */ #define LOG_INDENT " " +bool sudoers_setlocale(int newlocale, int *prevlocale); +int sudoers_getlocale(void); void audit_success(char *exec_args[]); void audit_failure(char *exec_args[], char const *const fmt, ...); void log_allowed(int status); void log_auth_failure(int status, int tries); void log_denial(int status, bool inform_user); void log_failure(int status, int flags); -void log_error(int flags, const char *fmt, ...) __printflike(2, 3); +void log_warning(int flags, const char *fmt, ...) __printflike(2, 3); void log_fatal(int flags, const char *fmt, ...) __printflike(2, 3) __attribute__((__noreturn__)); +void sudoers_initlocale(const char *ulocale, const char *slocale); void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen); -#endif /* _LOGGING_H */ +#endif /* _SUDOERS_LOGGING_H */ diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index aa86135..ac393fc 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2012 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -24,7 +24,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -41,22 +40,31 @@ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_FNMATCH # include +#else +# include "compat/fnmatch.h" #endif /* HAVE_FNMATCH */ -#ifdef HAVE_GLOB -# include -#endif /* HAVE_GLOB */ +#ifndef SUDOERS_NAME_MATCH +# ifdef HAVE_GLOB +# include +# else +# include "compat/glob.h" +# endif /* HAVE_GLOB */ +#endif /* SUDOERS_NAME_MATCH */ #ifdef HAVE_NETGROUP_H # include +#else +# include #endif /* HAVE_NETGROUP_H */ -#include -#include -#include -#include #ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) @@ -73,24 +81,24 @@ # include # endif #endif +#include +#include +#include +#include #include "sudoers.h" #include "parse.h" +#include "sha2.h" #include -#ifndef HAVE_FNMATCH -# include "compat/fnmatch.h" -#endif /* HAVE_FNMATCH */ -#ifndef HAVE_GLOB -# include "compat/glob.h" -#endif /* HAVE_GLOB */ - static struct member_list empty; static bool command_matches_dir(char *, size_t); +#ifndef SUDOERS_NAME_MATCH static bool command_matches_glob(char *, char *); +#endif static bool command_matches_fnmatch(char *, char *); -static bool command_matches_normal(char *, char *); +static bool command_matches_normal(char *, char *, struct sudo_digest *); /* * Returns true if string 's' contains meta characters. @@ -101,13 +109,13 @@ static bool command_matches_normal(char *, char *); * Check for user described by pw in a list of members. * Returns ALLOW, DENY or UNSPEC. */ -static int -_userlist_matches(struct passwd *pw, struct member_list *list) +int +userlist_matches(struct passwd *pw, struct member_list *list) { struct member *m; struct alias *a; int rval, matched = UNSPEC; - debug_decl(_userlist_matches, SUDO_DEBUG_MATCH) + debug_decl(userlist_matches, SUDO_DEBUG_MATCH) tq_foreach_rev(list, m) { switch (m->type) { @@ -123,10 +131,11 @@ _userlist_matches(struct passwd *pw, struct member_list *list) matched = !m->negated; break; case ALIAS: - if ((a = alias_find(m->name, USERALIAS)) != NULL) { - rval = _userlist_matches(pw, &a->members); + if ((a = alias_get(m->name, USERALIAS)) != NULL) { + rval = userlist_matches(pw, &a->members); if (rval != UNSPEC) matched = m->negated ? !rval : rval; + alias_put(a); break; } /* FALLTHROUGH */ @@ -141,20 +150,13 @@ _userlist_matches(struct passwd *pw, struct member_list *list) debug_return_bool(matched); } -int -userlist_matches(struct passwd *pw, struct member_list *list) -{ - alias_seqno++; - return _userlist_matches(pw, list); -} - /* * Check for user described by pw in a list of members. * If both lists are empty compare against def_runas_default. * Returns ALLOW, DENY or UNSPEC. */ -static int -_runaslist_matches(struct member_list *user_list, +int +runaslist_matches(struct member_list *user_list, struct member_list *group_list, struct member **matching_user, struct member **matching_group) { @@ -163,7 +165,7 @@ _runaslist_matches(struct member_list *user_list, int rval; int user_matched = UNSPEC; int group_matched = UNSPEC; - debug_decl(_runaslist_matches, SUDO_DEBUG_MATCH) + debug_decl(runaslist_matches, SUDO_DEBUG_MATCH) if (runas_pw != NULL) { /* If no runas user or runas group listed in sudoers, use default. */ @@ -184,11 +186,12 @@ _runaslist_matches(struct member_list *user_list, user_matched = !m->negated; break; case ALIAS: - if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { - rval = _runaslist_matches(&a->members, &empty, + if ((a = alias_get(m->name, RUNASALIAS)) != NULL) { + rval = runaslist_matches(&a->members, &empty, matching_user, NULL); if (rval != UNSPEC) user_matched = m->negated ? !rval : rval; + alias_put(a); break; } /* FALLTHROUGH */ @@ -221,11 +224,12 @@ _runaslist_matches(struct member_list *user_list, group_matched = !m->negated; break; case ALIAS: - if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { - rval = _runaslist_matches(&empty, &a->members, + if ((a = alias_get(m->name, RUNASALIAS)) != NULL) { + rval = runaslist_matches(&empty, &a->members, NULL, matching_group); if (rval != UNSPEC) group_matched = m->negated ? !rval : rval; + alias_put(a); break; } /* FALLTHROUGH */ @@ -253,27 +257,17 @@ _runaslist_matches(struct member_list *user_list, debug_return_int(UNSPEC); } -int -runaslist_matches(struct member_list *user_list, - struct member_list *group_list, struct member **matching_user, - struct member **matching_group) -{ - alias_seqno++; - return _runaslist_matches(user_list ? user_list : &empty, - group_list ? group_list : &empty, matching_user, matching_group); -} - /* * Check for host and shost in a list of members. * Returns ALLOW, DENY or UNSPEC. */ -static int -_hostlist_matches(struct member_list *list) +int +hostlist_matches(struct member_list *list) { struct member *m; struct alias *a; int rval, matched = UNSPEC; - debug_decl(_hostlist_matches, SUDO_DEBUG_MATCH) + debug_decl(hostlist_matches, SUDO_DEBUG_MATCH) tq_foreach_rev(list, m) { switch (m->type) { @@ -289,10 +283,11 @@ _hostlist_matches(struct member_list *list) matched = !m->negated; break; case ALIAS: - if ((a = alias_find(m->name, HOSTALIAS)) != NULL) { - rval = _hostlist_matches(&a->members); + if ((a = alias_get(m->name, HOSTALIAS)) != NULL) { + rval = hostlist_matches(&a->members); if (rval != UNSPEC) matched = m->negated ? !rval : rval; + alias_put(a); break; } /* FALLTHROUGH */ @@ -307,23 +302,16 @@ _hostlist_matches(struct member_list *list) debug_return_bool(matched); } -int -hostlist_matches(struct member_list *list) -{ - alias_seqno++; - return _hostlist_matches(list); -} - /* * Check for cmnd and args in a list of members. * Returns ALLOW, DENY or UNSPEC. */ -static int -_cmndlist_matches(struct member_list *list) +int +cmndlist_matches(struct member_list *list) { struct member *m; int matched = UNSPEC; - debug_decl(_cmndlist_matches, SUDO_DEBUG_MATCH) + debug_decl(cmndlist_matches, SUDO_DEBUG_MATCH) tq_foreach_rev(list, m) { matched = cmnd_matches(m); @@ -333,13 +321,6 @@ _cmndlist_matches(struct member_list *list) debug_return_bool(matched); } -int -cmndlist_matches(struct member_list *list) -{ - alias_seqno++; - return _cmndlist_matches(list); -} - /* * Check cmnd and args. * Returns ALLOW, DENY or UNSPEC. @@ -357,16 +338,16 @@ cmnd_matches(struct member *m) matched = !m->negated; break; case ALIAS: - alias_seqno++; - if ((a = alias_find(m->name, CMNDALIAS)) != NULL) { - rval = _cmndlist_matches(&a->members); + if ((a = alias_get(m->name, CMNDALIAS)) != NULL) { + rval = cmndlist_matches(&a->members); if (rval != UNSPEC) matched = m->negated ? !rval : rval; + alias_put(a); } break; case COMMAND: c = (struct sudo_command *)m->name; - if (command_matches(c->cmnd, c->args)) + if (command_matches(c->cmnd, c->args, c->digest)) matched = !m->negated; break; } @@ -374,9 +355,7 @@ cmnd_matches(struct member *m) } static bool -command_args_match(sudoers_cmnd, sudoers_args) - char *sudoers_cmnd; - char *sudoers_args; +command_args_match(char *sudoers_cmnd, char *sudoers_args) { int flags = 0; debug_decl(command_args_match, SUDO_DEBUG_MATCH) @@ -407,7 +386,7 @@ command_args_match(sudoers_cmnd, sudoers_args) * otherwise, return true if user_cmnd names one of the inodes in path. */ bool -command_matches(char *sudoers_cmnd, char *sudoers_args) +command_matches(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest) { debug_decl(command_matches, SUDO_DEBUG_MATCH) @@ -435,11 +414,15 @@ command_matches(char *sudoers_cmnd, char *sudoers_args) * If sudoers_cmnd has meta characters in it, we need to * use glob(3) and/or fnmatch(3) to do the matching. */ +#ifdef SUDOERS_NAME_MATCH + debug_return_bool(command_matches_fnmatch(sudoers_cmnd, sudoers_args)); +#else if (def_fast_glob) debug_return_bool(command_matches_fnmatch(sudoers_cmnd, sudoers_args)); debug_return_bool(command_matches_glob(sudoers_cmnd, sudoers_args)); +#endif } - debug_return_bool(command_matches_normal(sudoers_cmnd, sudoers_args)); + debug_return_bool(command_matches_normal(sudoers_cmnd, sudoers_args, digest)); } static bool @@ -465,6 +448,7 @@ command_matches_fnmatch(char *sudoers_cmnd, char *sudoers_args) debug_return_bool(false); } +#ifndef SUDOERS_NAME_MATCH static bool command_matches_glob(char *sudoers_cmnd, char *sudoers_args) { @@ -535,9 +519,134 @@ command_matches_glob(char *sudoers_cmnd, char *sudoers_args) } debug_return_bool(false); } +#endif /* SUDOERS_NAME_MATCH */ + +#ifdef SUDOERS_NAME_MATCH +static bool +command_matches_normal(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest) +{ + size_t dlen; + debug_decl(command_matches_normal, SUDO_DEBUG_MATCH) + + dlen = strlen(sudoers_cmnd); + + /* If it ends in '/' it is a directory spec. */ + if (sudoers_cmnd[dlen - 1] == '/') + debug_return_bool(command_matches_dir(sudoers_cmnd, dlen)); + + if (strcmp(user_cmnd, sudoers_cmnd) == 0) { + if (command_args_match(sudoers_cmnd, sudoers_args)) { + efree(safe_cmnd); + safe_cmnd = estrdup(sudoers_cmnd); + debug_return_bool(true); + } + } + debug_return_bool(false); +} +#else /* !SUDOERS_NAME_MATCH */ + +static struct digest_function { + const char *digest_name; + const unsigned int digest_len; + void (*init)(SHA2_CTX *); + void (*update)(SHA2_CTX *, const unsigned char *, size_t); + void (*final)(unsigned char *, SHA2_CTX *); +} digest_functions[] = { + { + "SHA224", + SHA224_DIGEST_LENGTH, + SHA224Init, + SHA224Update, + SHA224Final + }, { + "SHA256", + SHA256_DIGEST_LENGTH, + SHA256Init, + SHA256Update, + SHA256Final + }, { + "SHA384", + SHA384_DIGEST_LENGTH, + SHA384Init, + SHA384Update, + SHA384Final + }, { + "SHA512", + SHA512_DIGEST_LENGTH, + SHA512Init, + SHA512Update, + SHA512Final + }, { + NULL + } +}; static bool -command_matches_normal(char *sudoers_cmnd, char *sudoers_args) +digest_matches(char *file, struct sudo_digest *sd) +{ + unsigned char file_digest[SHA512_DIGEST_LENGTH]; + unsigned char sudoers_digest[SHA512_DIGEST_LENGTH]; + unsigned char buf[32 * 1024]; + struct digest_function *func = NULL; + size_t nread; + SHA2_CTX ctx; + FILE *fp; + unsigned int i; + debug_decl(digest_matches, SUDO_DEBUG_MATCH) + + for (i = 0; digest_functions[i].digest_name != NULL; i++) { + if (sd->digest_type == i) { + func = &digest_functions[i]; + break; + } + } + if (func == NULL) { + warningx(_("unsupported digest type %d for %s"), sd->digest_type, file); + debug_return_bool(false); + } + if (strlen(sd->digest_str) == func->digest_len * 2) { + /* Convert the command digest from ascii hex to binary. */ + for (i = 0; i < func->digest_len; i++) { + if (!isxdigit((unsigned char)sd->digest_str[i + i]) || + !isxdigit((unsigned char)sd->digest_str[i + i + 1])) { + goto bad_format; + } + sudoers_digest[i] = hexchar(&sd->digest_str[i + i]); + } + } else { + size_t len = base64_decode(sd->digest_str, sudoers_digest, + sizeof(sudoers_digest)); + if (len != func->digest_len) + goto bad_format; + } + + if ((fp = fopen(file, "r")) == NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO, "unable to open %s: %s", + file, strerror(errno)); + debug_return_bool(false); + } + + func->init(&ctx); + while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) { + func->update(&ctx, buf, nread); + } + if (ferror(fp)) { + warningx(_("%s: read error"), file); + fclose(fp); + debug_return_bool(false); + } + fclose(fp); + func->final(file_digest, &ctx); + + debug_return_bool(memcmp(file_digest, sudoers_digest, func->digest_len) == 0); +bad_format: + warningx(_("digest for %s (%s) is not in %s form"), file, + sd->digest_str, func->digest_name); + debug_return_bool(false); +} + +static bool +command_matches_normal(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest) { struct stat sudoers_stat; char *base; @@ -563,19 +672,36 @@ command_matches_normal(char *sudoers_cmnd, char *sudoers_args) * a) there are no args in sudoers OR * b) there are no args on command line and none req by sudoers OR * c) there are args in sudoers and on command line and they match + * d) there is a digest and it matches */ if (user_stat != NULL && (user_stat->st_dev != sudoers_stat.st_dev || user_stat->st_ino != sudoers_stat.st_ino)) debug_return_bool(false); - if (command_args_match(sudoers_cmnd, sudoers_args)) { - efree(safe_cmnd); - safe_cmnd = estrdup(sudoers_cmnd); - debug_return_bool(true); + if (!command_args_match(sudoers_cmnd, sudoers_args)) + debug_return_bool(false); + if (digest != NULL && !digest_matches(sudoers_cmnd, digest)) { + /* XXX - log functions not available but we should log very loudly */ + debug_return_bool(false); } - debug_return_bool(false); + efree(safe_cmnd); + safe_cmnd = estrdup(sudoers_cmnd); + debug_return_bool(true); } +#endif /* SUDOERS_NAME_MATCH */ +#ifdef SUDOERS_NAME_MATCH +/* + * Return true if user_cmnd begins with sudoers_dir, else false. + * Note that sudoers_dir include the trailing '/' + */ +static bool +command_matches_dir(char *sudoers_dir, size_t dlen) +{ + debug_decl(command_matches_dir, SUDO_DEBUG_MATCH) + debug_return_bool(strncmp(user_cmnd, sudoers_dir, dlen) == 0); +} +#else /* !SUDOERS_NAME_MATCH */ /* * Return true if user_cmnd names one of the inodes in dir, else false. */ @@ -621,6 +747,7 @@ command_matches_dir(char *sudoers_dir, size_t dlen) closedir(dirp); debug_return_bool(dent != NULL); } +#endif /* SUDOERS_NAME_MATCH */ /* * Returns true if the hostname matches the pattern, else false @@ -722,6 +849,35 @@ done: debug_return_bool(matched); } +#ifdef HAVE_INNETGR +/* + * Get NIS-style domain name and return a malloc()ed copy or NULL if none. + */ +static char * +sudo_getdomainname(void) +{ + char *domain = NULL; +#ifdef HAVE_GETDOMAINNAME + char *buf, *cp; + + buf = emalloc(HOST_NAME_MAX + 1); + if (getdomainname(buf, HOST_NAME_MAX + 1) == 0 && *buf != '\0') { + domain = buf; + for (cp = buf; *cp != '\0'; cp++) { + /* Check for illegal characters, Linux may use "(none)". */ + if (*cp == '(' || *cp == ')' || *cp == ',' || *cp == ' ') { + domain = NULL; + break; + } + } + } + if (domain == NULL) + efree(buf); +#endif /* HAVE_GETDOMAINNAME */ + return domain; +} +#endif /* HAVE_INNETGR */ + /* * Returns true if "host" and "user" belong to the netgroup "netgr", * else return false. Either of "host", "shost" or "user" may be NULL @@ -732,29 +888,23 @@ done: bool netgr_matches(char *netgr, char *lhost, char *shost, char *user) { +#ifdef HAVE_INNETGR static char *domain; -#ifdef HAVE_GETDOMAINNAME static int initialized; #endif debug_decl(netgr_matches, SUDO_DEBUG_MATCH) +#ifdef HAVE_INNETGR /* make sure we have a valid netgroup, sudo style */ if (*netgr++ != '+') debug_return_bool(false); -#ifdef HAVE_GETDOMAINNAME /* get the domain name (if any) */ if (!initialized) { - domain = (char *) emalloc(MAXHOSTNAMELEN + 1); - if (getdomainname(domain, MAXHOSTNAMELEN + 1) == -1 || *domain == '\0') { - efree(domain); - domain = NULL; - } + domain = sudo_getdomainname(); initialized = 1; } -#endif /* HAVE_GETDOMAINNAME */ -#ifdef HAVE_INNETGR if (innetgr(netgr, lhost, user, domain)) debug_return_bool(true); else if (lhost != shost && innetgr(netgr, shost, user, domain)) diff --git a/plugins/sudoers/match_addr.c b/plugins/sudoers/match_addr.c index 23e6867..75f82c9 100644 --- a/plugins/sudoers/match_addr.c +++ b/plugins/sudoers/match_addr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2011 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -45,7 +45,6 @@ #endif /* HAVE_UNISTD_H */ #include #include -#include #include "sudoers.h" #include "interfaces.h" @@ -71,7 +70,7 @@ addr_matches_if(char *n) addr.ip4.s_addr = inet_addr(n); } - for (ifp = interfaces; ifp != NULL; ifp = ifp->next) { + for (ifp = get_interfaces(); ifp != NULL; ifp = ifp->next) { if (ifp->family != family) continue; switch (family) { @@ -154,7 +153,7 @@ addr_matches_if_netmask(char *n, char *m) } #endif /* HAVE_STRUCT_IN6_ADDR */ - for (ifp = interfaces; ifp != NULL; ifp = ifp->next) { + for (ifp = get_interfaces(); ifp != NULL; ifp = ifp->next) { if (ifp->family != family) continue; switch (family) { diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index 99c9601..f99f2d5 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005, 2007-2012 Todd C. Miller + * Copyright (c) 2004-2005, 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -19,7 +19,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -48,7 +47,7 @@ #include /* Characters that must be quoted in sudoers */ -#define SUDOERS_QUOTED ":\\,=#\"" +#define SUDOERS_QUOTED ":\\,=#\"" /* sudoers nsswitch routines */ struct sudo_nss sudo_nss_file = { @@ -68,7 +67,7 @@ struct sudo_nss sudo_nss_file = { /* * Parser externs. */ -extern FILE *yyin; +extern FILE *sudoersin; extern char *errorfile; extern int errorlineno; extern bool parse_error; @@ -76,8 +75,10 @@ extern bool parse_error; /* * Local prototypes. */ -static void print_member(struct lbuf *, char *, int, int, int); -static int display_bound_defaults(int, struct lbuf *); +static int display_bound_defaults(int dtype, struct lbuf *lbuf); +static void print_member(struct lbuf *lbuf, struct member *m, int alias_type); +static void print_member2(struct lbuf *lbuf, struct member *m, + const char *separator, int alias_type); int sudo_file_open(struct sudo_nss *nss) @@ -100,7 +101,7 @@ sudo_file_close(struct sudo_nss *nss) if (nss->handle != NULL) { fclose(nss->handle); nss->handle = NULL; - yyin = NULL; + sudoersin = NULL; } debug_return_int(0); } @@ -117,13 +118,13 @@ sudo_file_parse(struct sudo_nss *nss) debug_return_int(-1); init_parser(sudoers_file, false); - yyin = nss->handle; - if (yyparse() != 0 || parse_error) { + sudoersin = nss->handle; + if (sudoersparse() != 0 || parse_error) { if (errorlineno != -1) { - log_error(0, _("parse error in %s near line %d"), + log_warning(0, N_("parse error in %s near line %d"), errorfile, errorlineno); } else { - log_error(0, _("parse error in %s"), errorfile); + log_warning(0, N_("parse error in %s"), errorfile); } debug_return_int(-1); } @@ -290,14 +291,16 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag) debug_return_int(validated); } +#define TAG_SET(tt) \ + ((tt) != UNSPEC && (tt) != IMPLIED) + #define TAG_CHANGED(t) \ - (cs->tags.t != UNSPEC && cs->tags.t != IMPLIED && cs->tags.t != tags->t) + (TAG_SET(cs->tags.t) && cs->tags.t != tags->t) static void sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags, struct lbuf *lbuf) { - struct member *m; debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS) #ifdef HAVE_PRIV_SET @@ -332,59 +335,73 @@ sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags, lbuf_append(lbuf, cs->tags.log_output ? "LOG_OUTPUT: " : "NOLOG_OUTPUT: "); tags->log_output = cs->tags.log_output; } - m = cs->cmnd; - print_member(lbuf, m->name, m->type, m->negated, - CMNDALIAS); + print_member(lbuf, cs->cmnd, CMNDALIAS); debug_return; } +#define RUNAS_CHANGED(cs1, cs2) \ + (cs1 == NULL || cs2 == NULL || \ + cs1->runasuserlist.first != cs2->runasuserlist.first || \ + cs1->runasuserlist.last != cs2->runasuserlist.last || \ + cs1->runasgrouplist.first != cs2->runasgrouplist.first || \ + cs1->runasgrouplist.last != cs2->runasgrouplist.last) + static int sudo_file_display_priv_short(struct passwd *pw, struct userspec *us, struct lbuf *lbuf) { - struct cmndspec *cs; + struct cmndspec *cs, *prev_cs; struct member *m; struct privilege *priv; struct cmndtag tags; int nfound = 0; debug_decl(sudo_file_display_priv_short, SUDO_DEBUG_NSS) + /* gcc -Wuninitialized false positive */ + tags.noexec = UNSPEC; + tags.setenv = UNSPEC; + tags.nopasswd = UNSPEC; + tags.log_input = UNSPEC; + tags.log_output = UNSPEC; tq_foreach_fwd(&us->privileges, priv) { if (hostlist_matches(&priv->hostlist) != ALLOW) continue; - tags.noexec = UNSPEC; - tags.setenv = UNSPEC; - tags.nopasswd = UNSPEC; - tags.log_input = UNSPEC; - tags.log_output = UNSPEC; - lbuf_append(lbuf, " "); + prev_cs = NULL; tq_foreach_fwd(&priv->cmndlist, cs) { - if (cs != tq_first(&priv->cmndlist)) - lbuf_append(lbuf, ", "); - lbuf_append(lbuf, "("); - if (!tq_empty(&cs->runasuserlist)) { - tq_foreach_fwd(&cs->runasuserlist, m) { - if (m != tq_first(&cs->runasuserlist)) - lbuf_append(lbuf, ", "); - print_member(lbuf, m->name, m->type, m->negated, - RUNASALIAS); + if (RUNAS_CHANGED(cs, prev_cs)) { + if (cs != tq_first(&priv->cmndlist)) + lbuf_append(lbuf, "\n"); + lbuf_append(lbuf, " ("); + if (!tq_empty(&cs->runasuserlist)) { + tq_foreach_fwd(&cs->runasuserlist, m) { + if (m != tq_first(&cs->runasuserlist)) + lbuf_append(lbuf, ", "); + print_member(lbuf, m, RUNASALIAS); + } + } else if (tq_empty(&cs->runasgrouplist)) { + lbuf_append(lbuf, "%s", def_runas_default); + } else { + lbuf_append(lbuf, "%s", pw->pw_name); } - } else if (tq_empty(&cs->runasgrouplist)) { - lbuf_append(lbuf, "%s", def_runas_default); - } else { - lbuf_append(lbuf, "%s", pw->pw_name); - } - if (!tq_empty(&cs->runasgrouplist)) { - lbuf_append(lbuf, " : "); - tq_foreach_fwd(&cs->runasgrouplist, m) { - if (m != tq_first(&cs->runasgrouplist)) - lbuf_append(lbuf, ", "); - print_member(lbuf, m->name, m->type, m->negated, - RUNASALIAS); + if (!tq_empty(&cs->runasgrouplist)) { + lbuf_append(lbuf, " : "); + tq_foreach_fwd(&cs->runasgrouplist, m) { + if (m != tq_first(&cs->runasgrouplist)) + lbuf_append(lbuf, ", "); + print_member(lbuf, m, RUNASALIAS); + } } + lbuf_append(lbuf, ") "); + tags.noexec = UNSPEC; + tags.setenv = UNSPEC; + tags.nopasswd = UNSPEC; + tags.log_input = UNSPEC; + tags.log_output = UNSPEC; + } else if (cs != tq_first(&priv->cmndlist)) { + lbuf_append(lbuf, ", "); } - lbuf_append(lbuf, ") "); sudo_file_append_cmnd(cs, &tags, lbuf); + prev_cs = cs; nfound++; } lbuf_append(lbuf, "\n"); @@ -392,54 +409,115 @@ sudo_file_display_priv_short(struct passwd *pw, struct userspec *us, debug_return_int(nfound); } +#define TAGS_CHANGED(ot, nt) \ + ((TAG_SET((nt).setenv) && (nt).setenv != (ot).setenv) || \ + (TAG_SET((nt).noexec) && (nt).noexec != (ot).noexec) || \ + (TAG_SET((nt).nopasswd) && (nt).nopasswd != (ot).nopasswd) || \ + (TAG_SET((nt).log_input) && (nt).log_input != (ot).log_input) || \ + (TAG_SET((nt).log_output) && (nt).log_output != (ot).log_output)) + +/* + * Compare the current cmndspec with the previous one to determine + * whether we need to start a new long entry for "sudo -ll". + * Returns true if we should start a new long entry, else false. + */ +static bool +new_long_entry(struct cmndspec *cs, struct cmndspec *prev_cs) +{ + if (prev_cs == NULL) + return true; + if (RUNAS_CHANGED(cs, prev_cs) || TAGS_CHANGED(cs->tags, prev_cs->tags)) + return true; +#ifdef HAVE_PRIV_SET + if (cs->privs && (!prev_cs->privs || strcmp(cs->privs, prev_cs->privs) != 0)) + return true; + if (cs->limitprivs && (!prev_cs->limitprivs || strcmp(cs->limitprivs, prev_cs->limitprivs) != 0)) + return true; +#endif /* HAVE_PRIV_SET */ +#ifdef HAVE_SELINUX + if (cs->role && (!prev_cs->role || strcmp(cs->role, prev_cs->role) != 0)) + return true; + if (cs->type && (!prev_cs->type || strcmp(cs->type, prev_cs->type) != 0)) + return true; +#endif /* HAVE_SELINUX */ + return false; +} + static int sudo_file_display_priv_long(struct passwd *pw, struct userspec *us, struct lbuf *lbuf) { - struct cmndspec *cs; + struct cmndspec *cs, *prev_cs; struct member *m; struct privilege *priv; - struct cmndtag tags; - int nfound = 0; + int nfound = 0, olen; debug_decl(sudo_file_display_priv_long, SUDO_DEBUG_NSS) tq_foreach_fwd(&us->privileges, priv) { if (hostlist_matches(&priv->hostlist) != ALLOW) continue; - tags.noexec = UNSPEC; - tags.setenv = UNSPEC; - tags.nopasswd = UNSPEC; - tags.log_input = UNSPEC; - tags.log_output = UNSPEC; - lbuf_append(lbuf, _("\nSudoers entry:\n")); + prev_cs = NULL; tq_foreach_fwd(&priv->cmndlist, cs) { - lbuf_append(lbuf, _(" RunAsUsers: ")); - if (!tq_empty(&cs->runasuserlist)) { - tq_foreach_fwd(&cs->runasuserlist, m) { - if (m != tq_first(&cs->runasuserlist)) - lbuf_append(lbuf, ", "); - print_member(lbuf, m->name, m->type, m->negated, - RUNASALIAS); - } - } else if (tq_empty(&cs->runasgrouplist)) { - lbuf_append(lbuf, "%s", def_runas_default); - } else { - lbuf_append(lbuf, "%s", pw->pw_name); - } - lbuf_append(lbuf, "\n"); - if (!tq_empty(&cs->runasgrouplist)) { - lbuf_append(lbuf, _(" RunAsGroups: ")); - tq_foreach_fwd(&cs->runasgrouplist, m) { - if (m != tq_first(&cs->runasgrouplist)) - lbuf_append(lbuf, ", "); - print_member(lbuf, m->name, m->type, m->negated, - RUNASALIAS); + if (new_long_entry(cs, prev_cs)) { + lbuf_append(lbuf, _("\nSudoers entry:\n")); + lbuf_append(lbuf, _(" RunAsUsers: ")); + if (!tq_empty(&cs->runasuserlist)) { + tq_foreach_fwd(&cs->runasuserlist, m) { + if (m != tq_first(&cs->runasuserlist)) + lbuf_append(lbuf, ", "); + print_member(lbuf, m, RUNASALIAS); + } + } else if (tq_empty(&cs->runasgrouplist)) { + lbuf_append(lbuf, "%s", def_runas_default); + } else { + lbuf_append(lbuf, "%s", pw->pw_name); } lbuf_append(lbuf, "\n"); + if (!tq_empty(&cs->runasgrouplist)) { + lbuf_append(lbuf, _(" RunAsGroups: ")); + tq_foreach_fwd(&cs->runasgrouplist, m) { + if (m != tq_first(&cs->runasgrouplist)) + lbuf_append(lbuf, ", "); + print_member(lbuf, m, RUNASALIAS); + } + lbuf_append(lbuf, "\n"); + } + olen = lbuf->len; + lbuf_append(lbuf, _(" Options: ")); + if (TAG_SET(cs->tags.setenv)) + lbuf_append(lbuf, "%ssetenv, ", cs->tags.setenv ? "" : "!"); + if (TAG_SET(cs->tags.noexec)) + lbuf_append(lbuf, "%snoexec, ", cs->tags.noexec ? "" : "!"); + if (TAG_SET(cs->tags.nopasswd)) + lbuf_append(lbuf, "%sauthenticate, ", cs->tags.nopasswd ? "!" : ""); + if (TAG_SET(cs->tags.log_input)) + lbuf_append(lbuf, "%slog_input, ", cs->tags.log_input ? "" : "!"); + if (TAG_SET(cs->tags.log_output)) + lbuf_append(lbuf, "%slog_output, ", cs->tags.log_output ? "" : "!"); + if (lbuf->buf[lbuf->len - 2] == ',') { + lbuf->len -= 2; /* remove trailing ", " */ + lbuf_append(lbuf, "\n"); + } else { + lbuf->len = olen; /* no options */ + } +#ifdef HAVE_PRIV_SET + if (cs->privs) + lbuf_append(lbuf, " Privs: %s\n", cs->privs); + if (cs->limitprivs) + lbuf_append(lbuf, " Limitprivs: %s\n", cs->limitprivs); +#endif /* HAVE_PRIV_SET */ +#ifdef HAVE_SELINUX + if (cs->role) + lbuf_append(lbuf, " Role: %s\n", cs->role); + if (cs->type) + lbuf_append(lbuf, " Type: %s\n", cs->type); +#endif /* HAVE_SELINUX */ + lbuf_append(lbuf, _(" Commands:\n")); } - lbuf_append(lbuf, _(" Commands:\n\t")); - sudo_file_append_cmnd(cs, &tags, lbuf); + lbuf_append(lbuf, "\t"); + print_member2(lbuf, cs->cmnd, "\n\t", CMNDALIAS); lbuf_append(lbuf, "\n"); + prev_cs = cs; nfound++; } } @@ -585,7 +663,7 @@ display_bound_defaults(int dtype, struct lbuf *lbuf) for (m = binding; m != NULL; m = m->next) { if (m != binding) lbuf_append(lbuf, ","); - print_member(lbuf, m->name, m->type, m->negated, atype); + print_member(lbuf, m, atype); lbuf_append(lbuf, " "); } } else @@ -651,7 +729,7 @@ done: */ static void _print_member(struct lbuf *lbuf, char *name, int type, int negated, - int alias_type) + const char *separator, int alias_type) { struct alias *a; struct member *m; @@ -676,13 +754,15 @@ _print_member(struct lbuf *lbuf, char *name, int type, int negated, } break; case ALIAS: - if ((a = alias_find(name, alias_type)) != NULL) { + if ((a = alias_get(name, alias_type)) != NULL) { tq_foreach_fwd(&a->members, m) { if (m != tq_first(&a->members)) - lbuf_append(lbuf, ", "); + lbuf_append(lbuf, "%s", separator); _print_member(lbuf, m->name, m->type, - negated ? !m->negated : m->negated, alias_type); + negated ? !m->negated : m->negated, separator, + alias_type); } + alias_put(a); break; } /* FALLTHROUGH */ @@ -694,9 +774,14 @@ _print_member(struct lbuf *lbuf, char *name, int type, int negated, } static void -print_member(struct lbuf *lbuf, char *name, int type, int negated, +print_member(struct lbuf *lbuf, struct member *m, int alias_type) +{ + _print_member(lbuf, m->name, m->type, m->negated, ", ", alias_type); +} + +static void +print_member2(struct lbuf *lbuf, struct member *m, const char *separator, int alias_type) { - alias_seqno++; - _print_member(lbuf, name, type, negated, alias_type); + _print_member(lbuf, m->name, m->type, m->negated, separator, alias_type); } diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index 3f7c451..a892e97 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2000, 2004, 2007-2011 + * Copyright (c) 1996, 1998-2000, 2004, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -15,8 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_PARSE_H -#define _SUDO_PARSE_H +#ifndef _SUDOERS_PARSE_H +#define _SUDOERS_PARSE_H #undef UNSPEC #define UNSPEC -1 @@ -27,17 +27,30 @@ #undef IMPLIED #define IMPLIED 2 +#define SUDO_DIGEST_SHA224 0 +#define SUDO_DIGEST_SHA256 1 +#define SUDO_DIGEST_SHA384 2 +#define SUDO_DIGEST_SHA512 3 +#define SUDO_DIGEST_INVALID 4 + +struct sudo_digest { + int digest_type; + char *digest_str; +}; + /* - * A command with args. XXX - merge into struct member. + * A command with option args and digest. + * XXX - merge into struct member */ struct sudo_command { char *cmnd; char *args; + struct sudo_digest *digest; }; /* * Tags associated with a command. - * Possible values: true, false, UNSPEC. + * Possible values: true, false, IMPLIED, UNSPEC. */ struct cmndtag { __signed int nopasswd: 3; @@ -117,6 +130,7 @@ struct cmndspec { struct member_list runasuserlist; /* list of runas users */ struct member_list runasgrouplist; /* list of runas groups */ struct member *cmnd; /* command to allow/deny */ + char *digest; /* optional command digest */ struct cmndtag tags; /* tag specificaion */ #ifdef HAVE_SELINUX char *role, *type; /* SELinux role and type */ @@ -148,7 +162,7 @@ struct runascontainer { struct alias { char *name; /* alias name */ unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ - unsigned short seqno; /* sequence number */ + bool used; /* "used" flag for cycle detection */ struct member_list members; /* list of alias members */ }; @@ -170,35 +184,43 @@ struct defaults { extern struct userspec_list userspecs; extern struct defaults_list defaults; -/* - * Alias sequence number to avoid loops. - */ -extern unsigned int alias_seqno; - -/* - * Prototypes - */ -char *alias_add(char *, int, struct member *); -bool addr_matches(char *); -int cmnd_matches(struct member *); -int cmndlist_matches(struct member_list *); -bool command_matches(char *, char *); -int hostlist_matches(struct member_list *); -bool hostname_matches(char *, char *, char *); -bool netgr_matches(char *, char *, char *, char *); +/* alias.c */ bool no_aliases(void); -int runaslist_matches(struct member_list *, struct member_list *, struct member **, struct member **); -int userlist_matches(struct passwd *, struct member_list *); -bool usergr_matches(char *, char *, struct passwd *); -bool userpw_matches(char *, char *, struct passwd *); -bool group_matches(char *, struct group *); -struct alias *alias_find(char *, int); -struct alias *alias_remove(char *, int); -void alias_free(void *); -void alias_apply(int (*)(void *, void *), void *); +char *alias_add(char *name, int type, struct member *members); +int alias_compare(const void *a1, const void *a2); +struct alias *alias_get(char *name, int type); +struct alias *alias_remove(char *name, int type); +void alias_apply(int (*func)(void *, void *), void *cookie); +void alias_free(void *a); +void alias_put(struct alias *a); void init_aliases(void); -void init_lexer(void); + +/* gram.c */ void init_parser(const char *, bool); -int alias_compare(const void *, const void *); -#endif /* _SUDO_PARSE_H */ +/* match_addr.c */ +bool addr_matches(char *n); + +/* match.c */ +bool command_matches(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest); +bool group_matches(char *sudoers_group, struct group *gr); +bool hostname_matches(char *shost, char *lhost, char *pattern); +bool netgr_matches(char *netgr, char *lhost, char *shost, char *user); +bool usergr_matches(char *group, char *user, struct passwd *pw); +bool userpw_matches(char *sudoers_user, char *user, struct passwd *pw); +int cmnd_matches(struct member *m); +int cmndlist_matches(struct member_list *list); +int hostlist_matches(struct member_list *list); +int runaslist_matches(struct member_list *user_list, struct member_list *group_list, struct member **matching_user, struct member **matching_group); +int userlist_matches(struct passwd *pw, struct member_list *list); + +/* toke.c */ +void init_lexer(void); + +/* hexchar.c */ +int hexchar(const char *s); + +/* base64.c */ +size_t base64_decode(const char *str, unsigned char *dst, size_t dsize); + +#endif /* _SUDOERS_PARSE_H */ diff --git a/plugins/sudoers/plugin_error.c b/plugins/sudoers/plugin_error.c deleted file mode 100644 index 142eddc..0000000 --- a/plugins/sudoers/plugin_error.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright (c) 2004-2005, 2010 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include - -#include -#include -#include -#include -#include - -#include "missing.h" -#include "alloc.h" -#include "error.h" -#include "sudo_plugin.h" - -#define DEFAULT_TEXT_DOMAIN "sudoers" -#include "gettext.h" - -static void _warning(int, const char *, va_list); - void plugin_cleanup(int); - -extern sigjmp_buf error_jmp; - -extern sudo_conv_t sudo_conv; - -void -error2(int eval, const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - _warning(1, fmt, ap); - va_end(ap); - plugin_cleanup(0); - siglongjmp(error_jmp, eval); -} - -void -errorx2(int eval, const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - _warning(0, fmt, ap); - va_end(ap); - plugin_cleanup(0); - siglongjmp(error_jmp, eval); -} - -void -warning2(const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - _warning(1, fmt, ap); - va_end(ap); -} - -void -warningx2(const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - _warning(0, fmt, ap); - va_end(ap); -} - -static void -_warning(int use_errno, const char *fmt, va_list ap) -{ - struct sudo_conv_message msg[6]; - struct sudo_conv_reply repl[6]; - char *str; - int nmsgs = 4; - - evasprintf(&str, fmt, ap); - - /* Call conversation function */ - memset(&msg, 0, sizeof(msg)); - msg[0].msg_type = SUDO_CONV_ERROR_MSG; - msg[0].msg = getprogname(); - msg[1].msg_type = SUDO_CONV_ERROR_MSG; - msg[1].msg = _(": "); - msg[2].msg_type = SUDO_CONV_ERROR_MSG; - msg[2].msg = str; - if (use_errno) { - msg[3].msg_type = SUDO_CONV_ERROR_MSG; - msg[3].msg = _(": "); - msg[4].msg_type = SUDO_CONV_ERROR_MSG; - msg[4].msg = strerror(errno); - nmsgs = 6; - } - msg[nmsgs - 1].msg_type = SUDO_CONV_ERROR_MSG; - msg[nmsgs - 1].msg = "\n"; - memset(&repl, 0, sizeof(repl)); - sudo_conv(nmsgs, msg, repl); - efree(str); -} diff --git a/plugins/sudoers/po/da.mo b/plugins/sudoers/po/da.mo index c0005ee33ac56d8b705918fb3c6a2cb48601aca5..bc30f4c6fd14ddce882c914aaf7bdd41d576177f 100644 GIT binary patch delta 9725 zcmZwM349dg{m1cH0x03WZ!+Wn0!auVT;T`-5(ps#35TGxZn8tNWRI}32}FTK6x3SJ z@v28H9<<`!wTe|Mf_N3Q-o;z0m1;}%|5uTE_4D1CDDA8B@|XAXJaawI?|J4)XurL* z!|rQ3B;M)M@oIx(sn0Nm;a%y5@hs&T{nct1XVKUT{hl%GN&P(RgN|3FlHp#Tz;C(kO6*}63FC6pFuK!lGtyw(jlJ4TlG~9uMa4(L+!^)f8sauoLy5Bc7e9XhdUi2$mwx zGFD?YZo+}M6T9KVr~y2M6Y*8gE?lgR&qNJqHIBn39K-vKYbhw(dvQ9xhI&w+9M_RZ zpNv8*##&TIE<`Rhc4I!ifO^rlI2MO6e7&d~HS+aXfEOZtGakZ3fWn&;%5e5*H-+1f zX)_+hq4)+W17G4S>^+8T;1Vpt%TW*9kLuV*sE&3a@49XlDpOlf9k>S7(F3{UUpF41 zK@aLoxAnqlsP^SJ0ozb>ekbyuag-m*NMD9$;$$3;D^VT40F{~BaW+2Zo$s3G4rDq` zrF}&n`PYLlqoD#1qUNqI`Rt4HaRi=$lkjX@kM|*cHZmDb2`)mt@B$=B#$7lQUqLQ4 z`p`SI&qm$Xh#JV12@3pYJjRa<{0H{L?uG6R!%>+jN2PKjUV?j253V3RN@X0?@hgz& zHx6JI`~;Z|;|tVc9>K%3`X{2=6N@O&NuvdI<84@u&mmbedht|^WCl*gvvEG&kIKvm z)RYZk!j++7)PvU{rwj*sABm{^r$t^LEy$ zF&~xk2x?K?f$G2$sDZqV>TtIy?u!@VT|egB_O(5mgmilAr|pi;dS z%WxO2z@zA3DZ7jw^fEFF#@DzA^XQf4v<)?Y+fZ};25N0}obKLNh0KOwOWtqXP9Xzd z$Juxs({U;*QyrR%+S$&*0r)#qY7gRI)Nr+ChTuRPi@I(O_QzG&2cus5Hq`rmfeFpk z!xV<$5$ucKqaNIsk6o)eA5C0}y3t16=b)zKQ5=GQ!Cv?sszW_X4WkA#updTI9XcO} z;`OEEUnzT#hVl45DrLQAyNhc&>cZ8i4z;2lbUA8&xE)8}vp5KkVg~w{Hw|bcsw1;d z*Dpp5Fox>LjR@laUA|nS1ofGPz54Z-N&OIN0H30+Pjq8xs$mjpDo#UNeH9xp2X98*e*iTVM^OXpw7@kB$w- zqTZMED1}o{bH4~pv{294fj#hk)PVM)7U|2Vuj3fz==<-q(CyJU)PpL~#5z<8&qHRx zxDPdlpQGlwUzK~^WYh~*qUL@bDx;fF*I$Pkz#dcv{)EMN414o_Ba7WbJ)4Aj;S$u1 zn^9}yCe&y35Gs|=;8^?+P3%?eK6nCZvDKhD5jk5k5{8I5<`7P7o$3I18RhKc|L<0*$1f1bl{_(gxOezt5MhAh?>$psEi$~A^%z| z@6sSUEisI)I1bhGDX5VyMa}tU)FRx8`S=W8hL?LULd%>H_-3R;~|HXyhp>8~}!u=yPeWjbiL8u26c+SOBsh^JOxF6XB zjZLVp;1SdS-oZK8;dD1+c%2k|IlUDp z;U3fjkD;cfx8KdgOjLU_YH>QK5&i+SBOXOvKcvo`!U|76DwCUV1m26OzyF`7P)@^f zR1as?yQ!|n65W7odd5S@7eBu+_n|s;2p8a&2@0CS(kTC~!{w-y-hoQl8<>SBFdv6Au^M3& z&cOuE$9>2rZ=|nhd&U6jIwR&T?qaN=+Kf|iFV4io2@2}*6x)5^PjM{uTW}m6LXG?c zW@2I79eFKwp?)1|B)8x~`~-*K@Mi%}`P6Z7yD)PQ^&-1~A-_2sBcZpPlY6MO0VPf}Pz!;`2E zWNvilY%;2+wWy4Qa6Dd%n)9bobNd+%!X9mIhezXJ>T_@uo{3s~=b^6OiJIC!;1J$# zyiK7eeue7ksb{-iK_T{|J{L8z(@|5f9S7rYP^*3)YAQOO)sVc?{>I+aAX+))b z8|pcCU=hBIYVUlm+n$eFGb_*KflB#S8iwI-(8L3te?`6Elx=Q?Mx$=5LQO>+wPvnG zW%5qXeV9r8FzWm_sFe3Q&)r!^p%(Rm1O?4e9Cg7C)W~l{jpz~7NM7~YzxUclobNtp zDr#<5V>w=c!|@Pi<0m*0du?~$Q{*`h)xpFH3c8^Um4R!~#0PK^zKZH#*B$PIhNE6s ziYA6o9lZo~-LFv(ei*f3y@ffLeu4WH6{6mE2J)FFj5Z3o;Af~sbRQ~}@8d-L3YEgV z3*E&x8&j(qwKyZ5JFo}!UwY^7Mm^_o)aUscX5l|kpL5@fB=bLuLOBgVRI2VpO~s3- z&+;SGcYho;qR~Hd|9QR~hfqHY)$wysBfAT=XrJ@iPoR(bL&PV@Oj#>Py z=Bf_(FJdy~T;0Vn02g{?_8Mat<&Ium=jRdUs=#qSaVJ4vjdZTL26e0_o*-&y`xWY# zNu=K2n?`+)ItEkL@p~7;#xmL_5u+%7L9k62XAwGzX%FBc+?i_m@yEjyAM>hX@p+<} zSWYbFdX9v_^rq6NnnRq*iEQ^|>YrU||24rLV@##}6|5w5Oegw#*QOfykxMYeKO9L) zcN0$%^NB^oXzuv~W^4RW3e#!09lPVJcqY+-^3|AwI!sTkf%fCiD$stb*KiX~^sc*$ z^0Qw1NZJaBzj}4S>Nk2Q|8J?rF@y`|;G|TI)lR*bvKCbZ<@V!i3MSEyw*SKuMEh|| zdjW?Mv%UL9cy{)@&ATqKj>1~6(jWg$eCgHoUF$f5IEBz>sAC)t@goa6^@*wN4nkY4 zj&3eSC+}sd{*Bm9{E>KuC?hx$slP@hyOq@6>ur>$5NU*d$><2Wq&`O#(|GVf+(o=g zTuc0t(4kMS{b-^P^D5!?M*IgcBh|Uo`ghM<4p$K8yVcY`5XVqHOjyKw#5SUk8(+sY z#7D#!>R(~|p-txJM7`H=3?C$VaNXx#+h)&8^!`dtl;Q@jQTzWJ#N))xUfVbLHnD_j z#}m4*JCR3u815hj679!*6s{+(A|?`hh*n}XaVqf?aUGG^!jF@Wo;>j0lNvstoKIUX zVz<{mkFpN!dR3H9BW4n%Ui(jIzkxWL_#N>+v5aUxawzn1uT2;iQ<+WtiO`|FeK9eE z_>6dzSV+_nM~D*dC2vyJv684EzE_1KLM$Q1slw5fDCeFDI03K3(}-@A2l~k4$5cKg zs)#J_j;MvZ16h;#-cnyQF6S1GDB{F%Ljt_}x#8#r5I6$07 zj3?TU#9m7OPw4;u`wN~v%3X<3-Zk;|3-LwbY2r0v zB#}paOX#@A#a*+{QE4Q8Lk#CZQ+&x0!-~@q=_@TW9&54VW?QtyZ1lHUX3VO$f~{7- zj5k_li{0W6nIWq_-V(FSwXtY8)f|e}(_GtT$E|RBSs)yY1nqdtACJZg%*wcXSE$Xb ziv~ls8HjF(nDMA?w0T=&%+k+bq`@vpq^Fx4Src;2rIy{yYf_JIjs;u&^=)Q!tr_L6 zm|fsrR+MWl9_Vz;uHnvr#iO~zxgvXz)092xKbtapdZ&XCv)*6dXgMEbS7nVIJJzf% zpSyf%<+4>~FhVxMevQJUWac!QoKIHgJVkwEfD(cQiR zW;_%O2UD4A4Th`+%QkAQxK={572`ylg{kF{I_F$e+?pPbwVD0~e=t&zJYM`#=j=d` zo8oRFY;#PGoofbdlL6_SIkrxOooA*WaBiG&RR`v>bmkDJV%E>QgspgEG+-M+=d*DG zoR?`14sBDb%#u{p?uo6UaP-VluiSZU72ijq^J^sXToNZwd6#Mj@B`|Ef}qgnsM+OSKU zN9PZ69-p7>d^5j$=Nvne!6c8(pXzfSU(mInwzk%^qb;#|i_gzCsm|j(&k2Qi89C=e ziJ4(mPcUMYIzuZz>f7v(@iC@)oJxsS_3_G9C${jBN|jly5Ji`qIpt zfR|Y(Qk{`pS^bJHZAx8{Q&3ahePVuLasGrU=7dQllZu?JHA7EHwG>TsZmBtv+`i;8 zwwo0}K7(k853_my?Rh4jX+YZ!or?zI{sv~6ufc5Czl+_0RU2qkH$!YZ{?v(3w8JK%r`Al9mC-bDur^Fo7+uxD4$nbxwxWcX?5AM%9_RQx^lO!D^`coifWo;OexDD(x#m& zzkTPjnbP*uaJGrpH!(97d)K#Xo=h8)>PuaS+2r?^e{G`{6AOaPOJ{y;Nq+1<<{Mh= zZ?c1_mBJR6&lYD}O|4ey<4L|=zr#0JuWpD2nzVpI>Vp+yZzt)_N~SBX|?-zu_D&;>#HF~uiT}koh)d@jP{dERmdM;&u-u5 zIO!Z*cTV>_TK4a0HQC?T>t;12(~@6CZcEFx{iL0x>u>NrO?T5%_BAU(R!zP(J;PaY z_FyL&JLFt$@6yg^wp`PnSvzTLY;Dm1ue+z^hUDhf4!(iB>VI93+_d3TpYz1V{>i-? z?T*fp%@xkR%~gFEY;&`v4UoST^oxkyb<0R++Lon*S^}Z{d+L}^f1tt7$KAwxw1S+o zx6JGqWB+p=-;#Oj-YvetmbO2w;gc6q>eBZT{ha3#X8*N8O|9J)u484ptC_j~BC*Kl zJiN90c(%X%reG+*W>_Bk&&^N^ij9XIEyBlYH>I}2Dd&DRP+wRyq&1uxLae>}BerdJ oezon{Y>-h>QUAV9(%LK4Cf_En&=nq^2rl9@1*giRa}1Xl{Y z0(HUaRa}5d>D=OiR<^5vMXaSNC@7*=MOsBs@wUMI{_?(fqtEr}`|zL7Ip^KZ`JZ!M zc-XNe?CSck;MsPKHX9t1U53#GAC5GP11d+U)i6vN+hBrYCbp(N9NXbEr@jC?P_M%_ z+rUVH(C@NWxAy z54+=HOvOjABOXDW{{Tnf70koj1p7HF>kS&l6BN|*BN&TkkUz#1ev&XY(J-Ph7hB*= z)CfwjF9sZ+!lu;ULk4erj2eiGUPoX%?13?uf+I1C_ZwacLvRi1!TXVWjT5Mje2wZz z2Yx6TgHbP-izY5ZW#A#lgQyIAj=j)u8%7xP#?F|DB{&g-!zhF(D5c*b(`EGLX}WL% zDkJ5XgKIDs4`C*TC)*twfa>Th?1#6auG@pk+$B^;nlWs3d=P3N(^Hs#y=bY^uo*L` zzkr(iFE9;Lm{?_G8k$&#y>Tn5!>=KOH9o;SjN~SrABP&iavX$PP|rPqqp(E}@~=6Z z#>BM8br^>aVSjuPtMDu2*~Yw{hLMGLqF#6i8JzJM4#hUx>4CGNp5Ox2vI8ybK6d0TlOWrktQ8)nCU;*w!Wh9*5X{r)YnaM#txCYg+ZP*t7 zf+WK@@3gn!q|T4vM{~afb^m5$;6dYcr{No9T^XsYAfk=BI`$$C$1A9eW%CrR zi4rt%9cmFijRWx*DwAQ1W*Fw<3|xa2zK6-Y-|%rYNieqJcszodt0-0s&oJ^(b6AI3 zG>@V>@F|iUqcvMc4#Rj1U>;hisX2-2&o1_Lk7O$ZmGZt6VsRF>!CGvE zYf&BAjFWIXcEE2@9g1XL^dJ+p8^)lf%!^uN+fe)b5b8ajqB7TtkBKroAcy?3V2wf= zl;Vxp8TX-j{toJemrxIi$h8+)8pcu2Ms<8PcEUQ0$6sR?+>IK*pHcU}kIIbZM+4}P z7qmx^MuQg9G{-uOp#A`AgpZ;+b`&)QpP)K;1-0nfvBK2ReyCkA#&I_4`YKe1S7JQ= z7S)kg^!?S1e?>j;Gwh0C`Svz6aSZjDs1!bi8p#oygBMYm8#CPg!Ua$r-i7Qy<8P?# z*mQ(l?~jSp%TNOf-a|n*JmoaJiJF^>sGdjjl~BjhP&bZ1-B^nHZmdRiY&YsTZ#(VR zo%SB1>^Yx`x_=pJfZJ??#y$#4$tmZ=52y}A7ubs`AC;<7)UH_WXrVH<6E*ky9Z#X| z{~EQ3yNO#bRO-G&b+8Nbkbv1};yhG_f~Yy) zgv!hlsO$HmI{YE_!z-xk(#JX-!3^GS%%Y$h?nR|~7it^6idx0*U>aV=WQ-qYcc1{( z@iNrnT8nzYcGO6pLw(rZLap|2zHWUn234PcLG`$pf^H0=db|;piDyvT=OC&>Z=tR~ z?|2>6fzA``FXdol{Te>hb$d`#cN~?ebLhs)jrj zyHP0`h#hc(V-fN#G8Us&^IlX(Phmb@MP(#!y1jVkVGru7QJLM1nwr;eCVmv8kV_$J zhW(&rj*p;jIEY#Ur%`kKJtkpC?(T>~P#K(xt#BR=#3~$u+p#I0Lp|pLDl<)fWq;s; zohbC8As#bvB6h-6$bvNQDumxB-=cJx==x>`(nNs>5ls z>_s^Y!&q{LpMrW;ixs#DSs%tV9ERg(+YemtxC@o~W5_qk_&f5+Ff!-ZBVUSIWP8xW zcTj)FT)`ojGS{Bc66~-2zm$R=xEnQBZ#ngAsKuBt&mQS`%%EO}y6$O=#gmR-qB0mc z-=36k@*94^AO z*axqmGLc$jPmvcj;ti8*GS~I;o_T0`zz0krIcnDkKo2YGj7TaNq1@`mfQO_N;fc&RYsG?yYZbiN+#tGB| zyOcU>0M*g;I0+A;M%1p%&ddaa+NU)!=umtz6$ z3Q}Na7?<%OoLFUFcmcIqM)pQDgOL*rUIg=yHE`gGJic%7_LCg-7Ba? zbrhA#?@<|wUSi*uiaI|7JK!4B`3F!P+ld|V00y;6-=&}o{L49!u+*NjL8uo@#?Dxc zS$Ho_!q>15MlZ8dJR12H88xUi^fpe%#>?#~o{dwfug3cG%gMjCUE^ErRF6fass?p| z<#-U)!Aq#Q?zqBEZ5pbB1sH>+sJUK+nwsCCrtqZGe$8o5yUlK&avS;A;#*FGiH|!T zMm_iwRE8RJo%VeyYD%V}I#P>DDTV30x_4HHl! zs6_R6Evo(ZsP+?>fS;q*M)OtnVjG0Y%na1|<){~IbKH&U@B!?KA7d8`yWReD2jeN| zhUu7qrI>+tp^5uY9e5vg-FKLXO;_8CtOshUZbmoWiTV&di+bTH)OP*eIp1`Ry=HnL znF|{8DfH!nI#fz`U}yXj>V>CKDZJ>|=nnf|I$cobd!VLZD0ae|up3rk{TC5OQhy0G zz_7J;>XWdw_J0-y?f0>$ZL42 z<~ubFBFriO4G$7pSH^kb3qr>j9x{%2@~z_*E+L@I5XLmmBy$LmXc z`A~mrJwi7o3JKF`0OWxY=nl@%Ka{g5|`PB>&qf=r}-pTVJw&WMwE{J!R2$9=@t^(Fo; z-~n1_FA^t+?$osfKO(je4UYsWyNL>?(To2<{K2W;V31SD#__}yryeYzaEW-?X*h=Z z0O|M>@mFG(D$b}P9o3{=!LF)5PV#$}7|HpGIKsK^Nc~ynfAUo9zW3h4|Xp6 z#<_4K&L-lW`p+q$A%{3hwBX*Rc$LucEOETP#J>k{9Ptn0bE1j!9*Raw$^+D<`5#4L zG4W?2j<}ongcwNtK=kC|-l(GuajL##|Fq}ay%bZNhks1jM?66k5^mbl@H;}sDqlbi=GY|z$&wn@|Je#?ibWX0oOxh1Q^@dbY@er|`FT-Wd z$$aXq2p3UjgywbW7anJF4EI%46?#hoS&_z1tIe!kX1`EG!r<@-cOc7j2dwO*zE)Y% z%T_;ky0yhU&HBcjV-4w^m|>QC&En$1;xdmeGjw&Wx3H+vW7ha6RTugL9<$nC?kzS` zlHGyiRI9T4xVS9S$jQm!2Hj+OJ%xU=vfS%2-6dvrc6R7=_nzUQ!D*rJ&{yeKU7?nJ z%3Ri_3{TTQV6o3%l4XW2XM7eGYSjN3mvwGHb*OmYu?TBw&S9%b?&GaJOR5>t{A$0i zs=6j6)!LOC+q~RcUNgUruGsY`-c`F~eqn71&Bb;OoGblwJ}|%3@2jo0cII}D40yPr z%3ETeZW*X8@y(~rS~Y0NtZ#bKT9j8D;aO6jwIg|{tvrirJ>FuE>8-6Q^7um^ z=QVLzjq_hls-gomWgc%$d2wNloxSS9s`&Xb*el99GpBEh%0thyf}Do*xt)d=`#mLQ`Og>KxI(X4 zUQyvO7cBJnSxF0g{u*Cpg;ygfTySFr9^B^+9Nd{|&7V6V{%33O(3ACRaN&=O@XfhZ z;i2lnL*c1Km8>X_NshdpK+U1;9@TuM_3!&hV`#SLAFhz6^bVKRtUSu-14r7vHo6n+}g2tZ}4Xe zIo((1@so@qqug7=5X}Xig_S+oem^elU%2A`UF^SbZNueXxTMpx|6BgQa6^OTpOX6T zuhAAMTC&B8T54H$FO6q=Rn&RBfttd~(6*&5U7^Fv8oRn_7yO&8VZFCJCUkarpiz76 zjS7$7W0uucu;x6K0gqL%a~-{_L@(vvv&lX=S*39G%mm=rPQn`uQcsd)YB~T*Oq$x UREHnj8EUpJGAxvH*G1R=0>Otdb^rhX diff --git a/plugins/sudoers/po/da.po b/plugins/sudoers/po/da.po index ab98ff2..031eecb 100644 --- a/plugins/sudoers/po/da.po +++ b/plugins/sudoers/po/da.po @@ -1,12 +1,13 @@ # Danish translation of sudoers. # This file is put in the public domain. -# Joe Hansen , 2011, 2012. +# Joe Hansen , 2011, 2012, 2013. # # audit -> overvÃ¥gning # dummy -> attrap # epoch -> epoke # execute -> udføre (run -> kør) # overflow -> overløb +# principal -> værtshovedstol # runas -> runas ? (eller mÃ¥ske bedre med kør som. den er valgt indtil videre) # stat -> stat # @@ -15,62 +16,69 @@ # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.6b3\n" +"Project-Id-Version: sudoers 1.8.7b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-07-11 16:27-0400\n" -"PO-Revision-Date: 2012-08-10 23:06+0100\n" +"POT-Creation-Date: 2013-04-17 15:52-0400\n" +"PO-Revision-Date: 2013-04-23 23:06+0100\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: gram.y:110 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s: %s nær linje %d <<<" +#: confstr.sh:2 +msgid "Password:" +msgstr "Adgangskode:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** SIKKERHEDSINFORMATION for %h ***" + +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Beklager, prøv igen." -#: plugins/sudoers/alias.c:125 +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Alias »%s« er allerede defineret" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "kan ikke hente logindklasse for bruger %s" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "kan ikke starte bsd-godkendelse" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "ugyldig godkendelsestype" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "kan ikke opsætte godkendelse" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "kan ikke læse fwtk-konfiguration" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "kan ikke forbinde til godkendelsesserver" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "mistede forbindelsen til godkendelseserveren" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -79,147 +87,152 @@ msgstr "" "godkendelsesserverfejl:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format -msgid "%s: unable to unparse princ ('%s'): %s" -msgstr "%s: Kan ikke fjerne fortolkning af princ (»%s«): %s" +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s: Kan ikke konvertere værtshovedstol til streng (»%s«): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: Kan ikke fortolke »%s«: %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format -msgid "%s: unable to resolve ccache: %s" -msgstr "%s: Kan ikke løse ccache: %s" +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s: Kan ikke slÃ¥ akkreditivmellemlager op: %s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: Kan ikke allokere tilvalg: %s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: Kan ikke indhente akkreditiver: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format -msgid "%s: unable to initialize ccache: %s" -msgstr "%s: Kan ikke initialisere ccache: %s" +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: Kan ikke initialisere akkreditivmellemlager: %s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format -msgid "%s: unable to store cred in ccache: %s" -msgstr "%s: Kan ikke gemme cred i ccache: %s" +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: Kan ikke gemme akkreditiver i mellemlager: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: Kan ikke indhente værtshovedstol: %s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Kan ikke verifiere TGT! Muligt angreb!: %s" -#: plugins/sudoers/auth/pam.c:100 +#: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" msgstr "kan ikke initialisere PAM" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "valideringsfejl for konto, er din konto lÃ¥st?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" msgstr "Konto eller adgangskoder er udløbet, nulstil din adgangskode og forsøg igen" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:162 #, c-format -msgid "pam_chauthtok: %s" -msgstr "pam_chauthtok: %s" +msgid "unable to change expired password: %s" +msgstr "kan ikke ændre udløbet adgangskode: %s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "Adgangskode udløbet, kontakt din systemadministrator" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:171 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto udløbet eller PAM-konfiguration mangler et »kontoafsnit« for sudo. Kontakt din systemadministrator" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:188 #, c-format -msgid "pam_authenticate: %s" -msgstr "pam_authenticate: %s" +msgid "PAM authentication error: %s" +msgstr "PAM-godkendelsesserverfejl: %s" -#: plugins/sudoers/auth/pam.c:332 -msgid "Password: " -msgstr "Adgangskode: " - -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "Adgangskode:" +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "kan ikke etablere akkreditiver: %s" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "du findes ikke i %s-databasen" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "kunne ikke initialisere ACE API-biblioteket" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "kan ikke kontakte SecurID-serveren" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "Bruger-ID lÃ¥st for SecurID-godkendelse" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "ugyldigt brugernavnslængde for SecurID" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "ugyldigt godkendelseshÃ¥ndtag for SecurID" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "SecurID-kommunikation fejlede" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "ukendt SecurID-fejl" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "ugyldig adgangskodelængde for SecurID" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "kan ikke initialisere SIA-session" -#: plugins/sudoers/auth/sudo_auth.c:121 -msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." -msgstr "Ugyldige godkendelsesmetoder kompileret ind i sudo! Du kan blande alenestÃ¥ende og ikkealenestÃ¥ende godkendelse." +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "ugyldige godkendelsesmetoder" -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "Ugyldige godkendelsesmetoder kompileret ind i sudo! Du kan ikke blande uafhængig og ikkeuafhængig godkendelse." + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "ingen godkendelsesmetoder" + +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Der er ingen godkendelsesmetoder kompileret ind i sudo! Hvis du ønsker at fravælge godkendelse sÃ¥ brug konfigurationstilvalget --disable-authentication." -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Godkendelsesmetoder:" @@ -235,10 +248,10 @@ msgstr "getaudit: fejlede" msgid "Could not determine audit condition" msgstr "Kunne ikke bestemme overvÃ¥gningsbetingelse" -#: plugins/sudoers/bsm_audit.c:101 +#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160 #, c-format -msgid "getauid failed" -msgstr "getauid fejlede" +msgid "getauid: failed" +msgstr "getauid: fejlede" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 #, c-format @@ -265,104 +278,40 @@ msgstr "au_to_return32: fejlede" msgid "unable to commit audit record" msgstr "kan ikke indsende overvÃ¥gningspost" -#: plugins/sudoers/bsm_audit.c:160 -#, c-format -msgid "getauid: failed" -msgstr "getauid: fejlede" - #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text: fejlede" -#: plugins/sudoers/check.c:244 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:978 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:815 -#, c-format -msgid "unable to open %s" -msgstr "kan ikke Ã¥bne %s" - -#: plugins/sudoers/check.c:248 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "kan ikke skrive til %s" - -#: plugins/sudoers/check.c:256 plugins/sudoers/check.c:501 -#: plugins/sudoers/check.c:551 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "kan ikke mkdir %s" - -#: plugins/sudoers/check.c:391 -#, c-format -msgid "internal error, expand_prompt() overflow" -msgstr "intern fejl, expand_prompt()-overløb" - -#: plugins/sudoers/check.c:451 -#, c-format -msgid "timestamp path too long: %s" -msgstr "tidsstempelsti er for lang: %s" - -#: plugins/sudoers/check.c:480 plugins/sudoers/check.c:524 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s findes men er ikke en mappe (0%o)" - -#: plugins/sudoers/check.c:483 plugins/sudoers/check.c:527 -#: plugins/sudoers/check.c:572 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "%s ejet af uid %u, bør være uid %u" - -#: plugins/sudoers/check.c:488 plugins/sudoers/check.c:532 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "%s er skrivbar for ikkeejer (0%o), bør være tilstand 0700" - -#: plugins/sudoers/check.c:496 plugins/sudoers/check.c:540 -#: plugins/sudoers/check.c:608 plugins/sudoers/sudoers.c:993 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:581 -#, c-format -msgid "unable to stat %s" -msgstr "kan ikke stat %s" - -#: plugins/sudoers/check.c:566 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s findes men er ikke en regulær fil (0%o)" - -#: plugins/sudoers/check.c:578 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "%s skrivbar af ikkeejer (0%o), bør være tilstand 0600" - -#: plugins/sudoers/check.c:632 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "tidsstempel for langt ude i fremtiden: %20.20s" - -#: plugins/sudoers/check.c:679 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "kan ikke fjerne %s (%s), vil nulstille til epoken" - -#: plugins/sudoers/check.c:687 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "kan ikke nulstille %s til epoken" +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Vi stoler pÃ¥, at du har modtaget den gængse advarsel fra den lokale\n" +"systemadministrator. Det drejer sig normalt om følgende tre ting:\n" +"\n" +" #1) Respekter andres privatliv.\n" +" #2) Tænk før du taster.\n" +" #3) Med stor magt følger stort ansvar.\n" +"\n" -#: plugins/sudoers/check.c:747 plugins/sudoers/check.c:753 -#: plugins/sudoers/sudoers.c:841 plugins/sudoers/sudoers.c:845 +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "ukendt uid: %u" -#: plugins/sudoers/check.c:750 plugins/sudoers/sudoers.c:782 -#: plugins/sudoers/sudoers.c:1110 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "ukendt bruger: %s" @@ -720,197 +669,210 @@ msgstr "Tilføjer et punkt til utmp/utmpx-filen nÃ¥r der allokeres en pty" msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Angiv brugeren i utmp til brugeren kør som, ikke den opstartende bruger" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:347 +msgid "Set of permitted privileges" +msgstr "Sæt af tilladte privilegier" + +# engelsk fejl? Set of limited ... +#: plugins/sudoers/def_data.c:351 +msgid "Set of limit privileges" +msgstr "Sæt af begræns privilegier" + +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Kør kommandoer pÃ¥ en pty i baggrunden" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Opret en ny PAM-session som kommandoen kan køre i" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "Maksimalt I/O-logsekvenstal" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "ukendt standardpunkt »%s«" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "værdi »%s« er ugyldig for indstilling »%s«" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "ingen værdi angivet for »%s«" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "værdier for »%s« skal begynde med en »/«" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "indstilling »%s« kan ikke modtage en værdi" -#: plugins/sudoers/env.c:339 -#, c-format -msgid "sudo_putenv: corrupted envp, length mismatch" -msgstr "sudo_putenv: ødelagt envp, forskellig længde" - -#: plugins/sudoers/env.c:341 plugins/sudoers/env.c:411 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:682 toke.l:812 toke.l:872 toke.l:968 -#, c-format -msgid "unable to allocate memory" -msgstr "kan ikke allokere hukommelse" - -#: plugins/sudoers/env.c:366 +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 #, c-format -msgid "internal error, sudo_setenv2() overflow" -msgstr "intern fejl, sudo_setenv2()-overløb" +msgid "internal error, %s overflow" +msgstr "intern fejl, %s-overløb" -#: plugins/sudoers/env.c:410 +#: plugins/sudoers/env.c:367 #, c-format -msgid "internal error, sudo_setenv() overflow" -msgstr "intern fejl, sudo_setenv()-overløb" +msgid "sudo_putenv: corrupted envp, length mismatch" +msgstr "sudo_putenv: ødelagt envp, forskellig længde" -#: plugins/sudoers/env.c:955 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "beklager, du har ikke tilladelse til at angive de følgende miljøvariabler: %s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:935 toke.l:678 toke.l:868 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s skal være ejet af uid %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s skal være skrivbar af ejer" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "kan ikke dlopen %s: %s" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "kan ikke finde symbol »group_plugin« i %s" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: inkompatibel gruppeudvidelsesmodul for hovedversion %d, forventede %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Lokal IP-adresse og netmaskepar:\n" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:981 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s findes men er ikke en mappe (0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 +#, c-format +msgid "unable to mkdir %s" +msgstr "kan ikke mkdir %s" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "kan ikke Ã¥bne %s" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "kan ikke læse %s" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format -msgid "invalid sequence number %s" -msgstr "ugyldig sekvenstal %s" +msgid "unable to write to %s" +msgstr "kan ikke skrive til %s" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "kan ikke oprette %s" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:378 -#, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "kan ikke angive sprog til »%s«, bruger »C«" - -#: plugins/sudoers/ldap.c:389 +#: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: port for stor" -#: plugins/sudoers/ldap.c:412 +#: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: stigende mellemlager for vært (hostbuf) har ikke nok plads" -#: plugins/sudoers/ldap.c:442 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "ikkeunderstøttet LDAP uri-type: %s" -#: plugins/sudoers/ldap.c:471 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "ugyldig uri: %s" -#: plugins/sudoers/ldap.c:477 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "kan ikke blande ldap og ldaps URI'er" -#: plugins/sudoers/ldap.c:481 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "kan ikke blande ldaps og starttls" -#: plugins/sudoers/ldap.c:500 +#: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: opbyggende mellemlager for vært (hostbuf) har ikke nok plads" -#: plugins/sudoers/ldap.c:574 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "kan ikke initialisere SSL-cert og key db: %s" -#: plugins/sudoers/ldap.c:577 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "du skal angive at TLS_CERT i %s skal bruge SSL" -#: plugins/sudoers/ldap.c:994 +#: plugins/sudoers/ldap.c:1062 #, c-format msgid "unable to get GMT time" msgstr "kan ikke indhente GMT-tid" -#: plugins/sudoers/ldap.c:1000 +#: plugins/sudoers/ldap.c:1068 #, c-format msgid "unable to format timestamp" msgstr "kan ikke formatere tidsstempel" -#: plugins/sudoers/ldap.c:1008 +#: plugins/sudoers/ldap.c:1076 #, c-format msgid "unable to build time filter" msgstr "kan ikke bygge tidsfilter" -#: plugins/sudoers/ldap.c:1223 +#: plugins/sudoers/ldap.c:1295 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 forskellige allokeringer" -#: plugins/sudoers/ldap.c:1759 +#: plugins/sudoers/ldap.c:1842 #, c-format msgid "" "\n" @@ -919,7 +881,7 @@ msgstr "" "\n" "LDAP-rolle: %s\n" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1844 #, c-format msgid "" "\n" @@ -928,27 +890,28 @@ msgstr "" "\n" "LDAP-rolle: UKENDT\n" -#: plugins/sudoers/ldap.c:1808 +#: plugins/sudoers/ldap.c:1891 #, c-format msgid " Order: %s\n" msgstr " Rækkefølge: %s\n" -#: plugins/sudoers/ldap.c:1816 +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr " Kommandoer:\n" -#: plugins/sudoers/ldap.c:2238 +#: plugins/sudoers/ldap.c:2321 #, c-format msgid "unable to initialize LDAP: %s" msgstr "kan ikke initialisere LDAP: %s" -#: plugins/sudoers/ldap.c:2272 +#: plugins/sudoers/ldap.c:2355 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls angivet men LDAP libs understøtter ikke ldap_start_tls_s() eller ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2508 +#: plugins/sudoers/ldap.c:2591 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "ugyldig sudoOrder-attribut: %s" @@ -958,74 +921,80 @@ msgstr "ugyldig sudoOrder-attribut: %s" msgid "unable to open audit system" msgstr "kan ikke Ã¥bne overvÃ¥gningssystem" -#: plugins/sudoers/linux_audit.c:82 -#, c-format -msgid "internal error, linux_audit_command() overflow" -msgstr "intern fejl, linux_audit_command()-overløb" - -#: plugins/sudoers/linux_audit.c:91 +#: plugins/sudoers/linux_audit.c:93 #, c-format msgid "unable to send audit message" msgstr "kan ikke sende overvÃ¥gningsbesked" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s: (kommando fortsat) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "kan ikke Ã¥bne logfil: %s: %s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "kan ikke lÃ¥se logfil: %s: %s" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Ingen bruger eller vært" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "valideringsfejl" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "bruger IKKE i sudoers" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "bruger IKKE autoriseret pÃ¥ vært" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "kommando ikke tilladt" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s er ikke sudoersfilen. Denne handling vil blive rapporteret.\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s har ikke tilladelse til at køre sudo pÃ¥ %s. Denne handling vil blive rapporteret.\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Beklager. Bruger %s mÃ¥ ikke køre sudo pÃ¥ %s.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Beklager. Bruger %s har ikke tilladelse til at køre »%s%s%s« som %s%s%s pÃ¥ %s.\n" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "Ingen bruger eller vært" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "valideringsfejl" - -#: plugins/sudoers/logging.c:334 plugins/sudoers/sudoers.c:498 -#: plugins/sudoers/sudoers.c:499 plugins/sudoers/sudoers.c:1517 -#: plugins/sudoers/sudoers.c:1518 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: Kommando ikke fundet" -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" @@ -1034,62 +1003,77 @@ msgstr "" "ignorerer »%s« fundet i ».«\n" "Brug »sudo ./%s« hvis dette er »%s«, du ønsker at køre." -#: plugins/sudoers/logging.c:350 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "godkendelsesfejl" -#: plugins/sudoers/logging.c:374 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "der kræves en adgangskode" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d ukorrekt adgangskodeforsøg" msgstr[1] "%d ukorrekte adgangskodeforsøg" -#: plugins/sudoers/logging.c:377 -msgid "a password is required" -msgstr "der kræves en adgangskode" - -#: plugins/sudoers/logging.c:528 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "kan ikke forgrene" -#: plugins/sudoers/logging.c:535 plugins/sudoers/logging.c:597 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "kan ikke forgrene: %m" -#: plugins/sudoers/logging.c:587 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "kan ikke Ã¥bne datakanal: %m" -#: plugins/sudoers/logging.c:612 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "kan ikke dup stdin: %m" -#: plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "kan ikke køre %s: %m" -#: plugins/sudoers/logging.c:863 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "intern fejl: utilstrækkelig plads for loglinje" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "ej understøttet sammendragstype %d for %s" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "%s: læsefejl" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "sammendrag for %s (%s) er ikke i %s-form" + +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "fortolkningsfejl i %s nær linje %d" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "fortolkningsfejl i %s" -#: plugins/sudoers/parse.c:389 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1098,379 +1082,380 @@ msgstr "" "\n" "Sudoers-punkt:\n" -#: plugins/sudoers/parse.c:391 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " KørSomBrugere: " -#: plugins/sudoers/parse.c:406 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " KørSomGrupper: " -#: plugins/sudoers/parse.c:415 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Tilvalg: " + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "kan ikke udføre %s" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Udvidelsesmodulversion %s for sudoerspolitik\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Grammatikversion %d for sudoersfil\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" Kommandoer:\n" -"\t" +"\n" +"Sudoers-sti: %s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ": " +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "nsswitch-sti: %s\n" + +#: plugins/sudoers/policy.c:670 +#, c-format +msgid "ldap.conf path: %s\n" +msgstr "ldap.conf-sti: %s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:671 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "kan ikke cache uid %u (%s), findes allerede" +msgid "ldap.secret path: %s\n" +msgstr "ldap.secret-sti: %s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "kan ikke cache uid %u, findes allerede" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "kan ikke cache bruger %s, findes allerede" -#: plugins/sudoers/pwutil.c:668 -#, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "kan ikke cache gid %u (%s), findes allerede" - -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "kan ikke cache gid %u, findes allerede" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "kan ikke cache gruppe %s, findes allerede" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "kan ikke cache gruppeliste for %s, findes allerede" + +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "kan ikke fortolke grupper for %s" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "permanent stakoverløb" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "permanent stakunderløb" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "kan ikke ændre til root gid" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "kan ikke ændre til kør som gid" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "kan ikke ændre til kør som uid" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "kan ikke ændre til sudoers gid" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "for mange processer" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "kan ikke angive kør som gruppevektor" -#: plugins/sudoers/sudo_nss.c:243 +#: plugins/sudoers/sssd.c:257 +#, c-format +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "kan ikke initialisere SSS-kilde. Er SSSD installeret pÃ¥ din maskine?" + +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 +#, c-format +msgid "unable to find symbol \"%s\" in %s" +msgstr "kan ikke finde symbol »%s« i %s" + +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Matchende standardpunkter for %s pÃ¥ denne vært:\n" -#: plugins/sudoers/sudo_nss.c:256 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Kør som og kommandospecifikke standarder for %s:\n" -#: plugins/sudoers/sudo_nss.c:269 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" -msgstr "Bruger %s mÃ¥ ikke køre de følgende kommandoer pÃ¥ denne vært:\n" +msgstr "Bruger %s mÃ¥ køre de følgende kommandoer pÃ¥ denne vært:\n" -#: plugins/sudoers/sudo_nss.c:278 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Bruger %s har ikke tilladelse til at køre sudo pÃ¥ %s.\n" -#: plugins/sudoers/sudoers.c:208 plugins/sudoers/sudoers.c:239 -#: plugins/sudoers/sudoers.c:943 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "problem med standardpunkter" -#: plugins/sudoers/sudoers.c:212 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "ingen gyldige sudoerskilder fundet, afslutter" -#: plugins/sudoers/sudoers.c:264 -#, c-format -msgid "unable to execute %s: %s" -msgstr "kan ikke udføre %s: %s" - -#: plugins/sudoers/sudoers.c:331 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers angiver at administrator (root) ikke har tilladelse til sudo" -#: plugins/sudoers/sudoers.c:338 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "du har ikke tilladelse til at bruge tilvalget -C" -#: plugins/sudoers/sudoers.c:427 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "tidsstempelejer (%s): Ingen sÃ¥dan bruger" -#: plugins/sudoers/sudoers.c:443 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "ingen tty" -#: plugins/sudoers/sudoers.c:444 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "beklager, du skal bruge en tty for at køre sudo" -#: plugins/sudoers/sudoers.c:494 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "kommando i aktuel mappe" -#: plugins/sudoers/sudoers.c:506 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "beklager men du har ikke tilladelse til at bevare miljøet" -#: plugins/sudoers/sudoers.c:666 plugins/sudoers/sudoers.c:673 -#, c-format -msgid "internal error, runas_groups overflow" -msgstr "intern fejl, runas_groups-overløb" - -#: plugins/sudoers/sudoers.c:926 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 #, c-format -msgid "internal error, set_cmnd() overflow" -msgstr "intern fejl, set_cmnd()-overløb" +msgid "unable to stat %s" +msgstr "kan ikke stat %s" -#: plugins/sudoers/sudoers.c:996 +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s er ikke en regulær fil" -#: plugins/sudoers/sudoers.c:999 toke.l:831 +#: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s er ejet af uid %u, bør være %u" -#: plugins/sudoers/sudoers.c:1003 toke.l:838 +#: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "%s er skrivbar for alle" -#: plugins/sudoers/sudoers.c:1006 toke.l:843 +#: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s er eget af gid %u, bør være %u" -#: plugins/sudoers/sudoers.c:1033 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "kun administrator (root) kan bruge »-c %s«" -#: plugins/sudoers/sudoers.c:1050 plugins/sudoers/sudoers.c:1052 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "ukendt logindklasse: %s" -#: plugins/sudoers/sudoers.c:1079 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "kan ikke slÃ¥ vært %s op" -#: plugins/sudoers/sudoers.c:1131 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "ukendt gruppe: %s" -#: plugins/sudoers/sudoers.c:1180 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Udvidelsesmodulversion %s for sudoerspolitik\n" - -#: plugins/sudoers/sudoers.c:1182 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Grammatikversion %d for sudoersfil\n" - -#: plugins/sudoers/sudoers.c:1186 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Sudoers-sti: %s\n" - -#: plugins/sudoers/sudoers.c:1189 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "nsswitch-sti: %s\n" - -#: plugins/sudoers/sudoers.c:1191 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "ldap.conf-sti: %s\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "ldap.secret-sti: %s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "ugyldigt filtertilvalg: %s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "ugyldig maks ventetid: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "ugyldig hastighedsfaktor: %s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s version %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/timing: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/timing: %s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Genafspiller sudosession: %s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Advarsel: Din terminal er for lille til korrekt at afspille loggen.\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Loggeometri er %d x %d, din terminals geometri er %d x %d." -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "kan ikke angive tty til rÃ¥ (raw) tilstand" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "ugyldig timingfillinje: %s" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "skriver til standarduddata" -#: plugins/sudoers/sudoreplay.c:530 +#: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "tvetydigt udtryk »%s«" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "for mange udtryk i parentes, maks %d" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "manglende »)« i udtryk" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "ukendt søgeterm »%s«" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s kræver et argument" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "ugyldigt regulært udtryk: %s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "kunne ikke fortolke dato »%s«" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "mangler »(« i udtryk" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "ugyldig kæde »or« (eller)" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "ugyldig kæde »!«" -#: plugins/sudoers/sudoreplay.c:1050 -#, c-format -msgid "invalid regex: %s" -msgstr "ugyldigt regulært udtryk: %s" - -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "brug: %s [-h] [-d mappe] [-m maks_ventetid] [-s hastighedsfaktor] ID\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "brug: %s [-h] [-d mappe] -l [søgeudtryk]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1479,7 +1464,7 @@ msgstr "" "%s - genafspil sudosessionslogge\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1502,16 +1487,11 @@ msgstr "" " -s hastighedsfaktor øg eller sænk uddata\n" " -V vis versionsinformation og afslut" -#: plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, init_vars() overflow" -msgstr "intern fejl, init_vars()-overløb" - -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\thost matchede ikke" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1519,7 +1499,7 @@ msgstr "" "\n" "Kommando tilladt" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" @@ -1527,7 +1507,7 @@ msgstr "" "\n" "Kommando nægtet" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1535,90 +1515,132 @@ msgstr "" "\n" "Kommando ikke matchet" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "tidsstempelsti er for lang: %s" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "%s ejet af uid %u, bør være uid %u" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s er skrivbar for ikkeejer (0%o), bør være tilstand 0700" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s findes men er ikke en regulær fil (0%o)" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s skrivbar af ikkeejer (0%o), bør være tilstand 0600" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "tidsstempel for langt ude i fremtiden: %20.20s" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "kan ikke fjerne %s, vil nulstille til epoken" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "kan ikke nulstille %s til epoken" + +#: plugins/sudoers/toke_util.c:176 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: overløb for mellemlager" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s grammatikversion %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:538 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "tryk retur for at redigere %s: " -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "skrivefejl" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "kan ikke stat midlertidig fil (%s), %s unchanged" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "midlertidig fil med nullængde (%s), %s uændret" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "redigeringsprogram (%s) fejlede, %s uændret" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s uændret" -#: plugins/sudoers/visudo.c:483 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "kan ikke genÃ¥bne midlertidig fil (%s), %s uændrede." -#: plugins/sudoers/visudo.c:493 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "kan ikke fortolke midlertidig fil (%s), ukendt fejl" -#: plugins/sudoers/visudo.c:531 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "intern fejl, kan ikke finde %s pÃ¥ listen!" -#: plugins/sudoers/visudo.c:583 plugins/sudoers/visudo.c:592 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "kan ikke angive (uid, gid) af %s til (%u, %u)" -#: plugins/sudoers/visudo.c:587 plugins/sudoers/visudo.c:597 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "kan ikke ændre tilstand pÃ¥ %s til 0%o" -#: plugins/sudoers/visudo.c:614 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s og %s er ikke pÃ¥ det samme filsystem, bruger mv til at omdøbe" -#: plugins/sudoers/visudo.c:628 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "kommando fejlede: »%s %s %s«, %s uændret" -#: plugins/sudoers/visudo.c:638 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "fejl under omdøbing af %s, %s uændret" -#: plugins/sudoers/visudo.c:701 +#: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "Hvad nu? " -#: plugins/sudoers/visudo.c:715 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1630,92 +1652,87 @@ msgstr "" " afslut(x) uden at gemme ændringer til sudoersfil\n" " afslut(Q) og gem ændringer til sudoersfil (FARLIGT!)\n" -#: plugins/sudoers/visudo.c:756 -#, c-format -msgid "unable to execute %s" -msgstr "kan ikke udføre %s" - -#: plugins/sudoers/visudo.c:763 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "kan ikke køre %s" -#: plugins/sudoers/visudo.c:789 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: forkert ejer (uid, gid) bør være (%u, %u)\n" -#: plugins/sudoers/visudo.c:796 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: ugyldige rettigheder, bør være tilstand 0%o\n" -#: plugins/sudoers/visudo.c:821 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "kunne ikke fortolke %s-fil, ukendt fejl" -#: plugins/sudoers/visudo.c:834 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "fortolkningsfejl i %s nær linje %d\n" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "fortolkningsfejl i %s\n" -#: plugins/sudoers/visudo.c:844 plugins/sudoers/visudo.c:849 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: fortolket o.k.\n" -#: plugins/sudoers/visudo.c:896 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s travl, forsøg igen senere" -#: plugins/sudoers/visudo.c:940 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "angivet redigeringsprogram (%s) findes ikke" -#: plugins/sudoers/visudo.c:963 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "kan ikke stat redigeringsprogram (%s)" -#: plugins/sudoers/visudo.c:1011 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "intet redigeringsprogram fundet (sti for redigeringsprogram = %s)" -#: plugins/sudoers/visudo.c:1105 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Fejl: Cyklus i %s_Alias »%s«" -#: plugins/sudoers/visudo.c:1106 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Advarsel: Cyklus i %s_Alias »%s«" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Fejl: %s_Alias »%s« refereret men ikke defineret" -#: plugins/sudoers/visudo.c:1110 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Advarsel: %s_Alias »%s« refereret men ikke defineret" -#: plugins/sudoers/visudo.c:1245 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: ubrugt %s_Alias %s" -#: plugins/sudoers/visudo.c:1301 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -1724,7 +1741,7 @@ msgstr "" "%s - rediger sikkert sudoersfilen\n" "\n" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1744,6 +1761,24 @@ msgstr "" " -s streng syntakskontrol\n" " -V vis information om version og afslut" -#: toke.l:805 +#: toke.l:886 msgid "too many levels of includes" msgstr "for mange niveauer af includes (inkluderinger)" + +#~ msgid "pam_chauthtok: %s" +#~ msgstr "pam_chauthtok: %s" + +#~ msgid "pam_authenticate: %s" +#~ msgstr "pam_authenticate: %s" + +#~ msgid "Password: " +#~ msgstr "Adgangskode: " + +#~ msgid "getauid failed" +#~ msgstr "getauid fejlede" + +#~ msgid "Unable to dlopen %s: %s" +#~ msgstr "Kan ikke dlopen %s: %s" + +#~ msgid "invalid regex: %s" +#~ msgstr "ugyldigt regulært udtryk: %s" diff --git a/plugins/sudoers/po/de.mo b/plugins/sudoers/po/de.mo new file mode 100644 index 0000000000000000000000000000000000000000..4c4fb160cc655153305715e9d9c7c17f7b868629 GIT binary patch literal 26280 zcmb`P3z!^Nb?3{x41$0k7zi(yZN`%9>5*g`aK<+BNE%r}ud!w%gAK^t(=|QCbXT{l zsx=-#*x-d-5+H#o?WXZy^A;1F521xRe-6dqd{r%6q zRbAaPl9hbh_MQK9)qR|M?z!ijd+r&1{enmQTEORfl&4dg=LW%Z&k2GLJYG+O;58Qp z!Fk{>f=>Y7>hb;H6Z!sey{G=?g?#@j9$ohyV{}`MC z#~|kCz!vxn@ZI3kz)ynwAAFS`&jbGf+zvjQmsf#(Q2o6R6dezOqU#4Bqz9Klgy^`A zAFB5PQ0-n0QYH8>xDEU>@Oto{K+!u15t?TNhTv;J&F^=?8^O(oY0$JMN(;)u`U**TM!JmM4fLkvPg3aJ>fs^2ap!z>I41$f|I4C~OfvR^GsPR4k zQZ@J*D7pG6sQQm%@|xE*;C8SDGL_)Hpy>G&_!#higNRu0Feb+m1y2Siz^&jIcns7! zy&Aj${3!Sw@Q0x0aXC!XJf^`-;LAYue>W)k{0b;~{)c~l0h7}E-Js|>0jm9PfU5Ud z|NY0HogP`UW`R{K5wJsk4 zHP0`A7lMBSGPU3wI;D%?a_|s%2-LjZ32I$Wf>aH@4~owhu?Tv94G1fP8Bou2P~*G_ z)cW7+->-ri?>pc{;6H*I@BHx~V2cHl;G@7fP|t4z)&HwN>793hs&_9aeti}ce}4#S z+;b2{^&f(gpKHKpfO|p7M+@8wz5|5S!FRzIflpx3v@hDA#(fVcIsF_+*TFeVUf(A` z(NhOS&(DKe$2a)r_k!y8^Pu|q2T<#AF^i_>H-ju;a3_dp1n&a14u1-Y&To1=heqPx z#h{*V2Vr^eVo>Y!8c_56ASn5Jz~f(nT8F;{HUEnsTKne;Fa&pk>Zb`l9{d&X0`MIm zDl7OXD7kqM6n)2n0>+*MC2tE-dcLDfp@O*F& zDE{3Fs{V0M^#3}jaXtj9-h-g%`8p{6{2wp`pMFtE_H}Mu?giD~DNy}<34Ap8 zZBTss0XPFb{(7f>kAdRT>%nR8{ooGpM<5~`Tz!L^X9HxY;1!_O{|`Z`1fTKmANjl> zIKcNyz>B~xsCmB{+y{OHWXlFW1-F5lw!3|GD;V3^M4tLhy))5-wu8Y+zQ^spiC*a7rX@gF$n8}C+~6Vas*VnH-MV&r@@V& zl$OTb1Zv&~K$akQIY`&RN$_&;Vb4eBgPXy}fOmpV0`CH!3cdwoD+M0|uL8dZs-LIB z#0b0%d;$0XC_10I->u_|Ktw!vJIIm-Uk0B7UWBlyzX=eQ1@j=R4&Dcf-v0@Tf9FFK zOBFQ0qu_f$SQq@%FOj^f% zp!nJaMaLUKSQva6WT@boEZQf)4yg85&bs+@K&BLY5Y)Io0k?u%=N#Ya;EjBLIrvQQ z6QKD0HE;}k_!0MfGdRxoJ)qXF59Z*9K+$;_lNZ0IzzOgdK+*kS@M7?bpw|2E{qv`> zSv1ae@B(lF+y<_I7lQYI7lEGy)!&yv(f0@z@zLOA;5FblsQ&Aq`gtWNKD`;d0=y4Y zf8PMLZa)T9|EVu@`ehOnor|Exc^$~o1Si3(!N=a}=D8iz{5}R=3I08JEqL*5PJUhh zik>%so4`K-&j)`1s=kb|_&yG5{ay@8zTXY9WWjeqjd$IP-Tv)@;>YiUA^1H|^V;wd zhvT5=J_xE^3T^>^2Na+G0@V8bUr_Cyb!05ZZsz*~pvL_^DEgmq zyIY4Xpw?>|48b<|9PstvrQoN)XMo=U)z2gAPA<2A;^!+s@#S;ib>RO3C&8;5jz0;g z`MlNRAAzd>*WktAW9Qv`t^_aP`^}){k@@Gp30}tc2SBa+xBc_;noiE21M2=D7kqrD1Lk#RKH&YB@h1yioaK&M8waRfKLTq1!}$D30?($3DmsLU2yBX4V>nC z13U-(80FtkevhJ$=I{y%&8)xQ2mgffuP9HZ6rV@%%kNM$*5fHRQ}oeVcPXEv%uot74U}h7G+%wR&)-A&9%TnbAMqfke3o)Q zrTF|iet9e9uPB=TK}tx`M|$TSl-KABpVvAV`uUrDyMyu{{Zq-tHz;hs;Me@Ke+&Mc z|NTPncFKRDyp*EPrzpQfVT+hd-U)t{qR(?31dsLD0VUUOqx>Reg`&^f9oWy~{QNZK zag@(czDUvM3zVOse3G(6xt^lWNe996J^s1JUk9}(wC`W;p9yCC@BazBkMbe^UGk^T zf2T;M-b8r;rTAcSOg4W7+(-FC%A+YQO7Zyx|I43(*HUW!`bI~9p!_Rizs!9K9^G#C{NQD z|C#srpTVzF*xtb-{WHPSDK}8QO?eUJOO%gL^m!xYH|#g`68IR(zo*-+v)Q#0Y=ZabO`$FdDW-;W&Jcks|H z2YGm?m&e^Co7@nFwfV68%r8dsOSNv&UI{zhW~8?ZVb*VUqcjV{tQXD43oGS=g}5Ds z?e2VCeW~tZ*-_YxvtGNt5-vvVUf7AUtlo-3(H-3x=c;?hpl+Mj;qfSKbh9YjbVomq z^37qklH~O}!zfL=Y0*KZh7eMGvOJCF^P;K|A15tUI$Bf-OG+3ZgU&Ec7P@K2Xf6o~ zHq81-MoFHoOv0h!L9d=KdQRRFg?ZY~@^Gcw4;SmlqcDx;qxg8#4D-b(>}UOYJ8Vbu zc|VQ9g|yqT$6`=BoL$NCsIy_J*@=@Fy6bs2oe1~lt`+=lbmMjwHoMD7n0M6>UgV2u zq@PTRrD9%Tc-gki;o(Rtkz4P*G(KLRUkSSlVV6c}HsPvWwK<%l-BQ?ym~Lbw=PSL) zzrK2NcuSlwhOIQJ=V1>?O2hds>*SxL41s*ajkq1>D-#JUNm<6c5I(%|h|f|FVhEOpfQfNggNtsJYo*Hd&wfZVF=|tDa@c-4t2R z;ax8e#?JJXo-;{TmS4LNBG)nR*Bla>}f?6vzXCf%vOlucWX z*c@kFB(YF!+q&u}nxoh)wT41rl3qiF5*bDtR6%0s8u3WA3OzO#?W78l zR=8>7ShjI%3%(b=&BW0ad5%CqsIND#GKzm{(kJML0XX^T^@7b1xjyZfyK;Y%%10Ff~8V zy5(92c0)7d&CJvR7B*RkTVb2k&QONorFB>D(lBGWq%GBlxe1x{ytgRj4PZl(t5Wc0~*Ie!F5p9P@3xca`P<#w;(!^NYq@+hTFj>*rg#{Twh_ zU5jqA5qmP&`WnskR*it-Z-vMxJ-AgM7qy8QB^}4 z(6Er%I62;3g5qVlGzmr|ZS}P=vT^J}9aB*cGaS)&u-Emrablx(#j|Fn=Jo`8*ZLdY zUv=~)nIuV5liWM?!#C|fBv$Hbt;a&A$FUM9vvoIx_}F8iJtkwp2OMx>}+h*OMN9EghhF$o-Lu%7!lXdDw#2d7L9>K z$`VS1{0bUp_cNXdmC;S=rep220fcgqUhDtUWstmSUj~{zvh8@J};L!^jZK5 zgi{|gB?%y|5M~XZS_&-7q4z-j&bZU>gkC?PXYc4o$$S(h{Z1oFgM(eiR2r*AaL^vx zUbkLZK`#oWS~q4L(lN@8X-2GDn2JM**0+VRlSDm~YPKfQ^O{|>uplEW^MWKXiXK)} z@VH5e9-<)IsuakkkBFQ(S;p^~(&jiP;A~8K(PlE3!RU#ILP~s>?%|qUUDOtJTJxGa zJI3=vc1sSi>&N+xS|2U`kp%H~3O4Ka@teWhEPVeW~c4wFpX%JPASJaZ7#((T{bXhT56y50-uxO)$=vlW>M|*b} zP5q?sE*5a_aL{H;AI5Daw^7;J(xE;=qJcEKf%Q6LD^!bDQfKacP|ws#sZfSnY0;_+ zW^N0#XH+}AbLEVTnJ#B{&3ZZWR&z~R#dh4mPf`E?UbJxj)Fsb*@}oF0H%H$|wDupm z>EIL|ofP+x+3CYW`*9!_>Ppp(ex@q_TZ}CClD!#hJF~!|RSkk!4)81E1HXQvcw*h5 zf!D5(^D^wPG?tk!o}sGspFenS8117lm4)OE>h&8hMRD4m8~7aFrn{5hEGntkU?`e8 zp@`~vm9czRSujM*N z4#`44O^~;Rkv_&H112c78c{%Xs1Q0>bi0h;}uvd^bVes8Uz z5YK|6u@r{$o)^2gt2V;)uDx@I*56)1<@^WzsWS`Bz#qO*&$x~*Kq);3pT;Frc5p80 zII^|}Bb@d1M<2s1WY?WfCpU~`fuFTBHtIFSf2o}0ikB578Z=`xj61!uB{z*_n~P0M z7d(MKoxo{j$wqNl@{%yMb2^-w*~^w}=b#h z%%1$VMQkb+~_DxaDvR+85cpEhSCMrc;ubJR#|^xA)b#l>8w}B(bM8; z=bDv9m6_{4yvpGoG$xj=A_w$*CMW-NuVwtocRhTvc_Qr`&&(-bulpiKNgPGzXiSJH zf?{;>>QLHbc?sL4F`-ZAQx)$q!$bA^2!pxX>kQd$)_W7$op@G7*xR0A&QnZ6<*6cN z)J)`}%AsDPN}S9Er`0ifBcB&=Y}7=glrsWE=sZ}BpD`ZdGvzvd`igxVO1p=U=OlJX zB7%fSag5tvq0pkC@)HS_VZbC-Ty?0jQ#wwR7}9wQd3{ML2vYh{-~xB^NKQJ-70J5@gPBO1_2Ai?4(#{7&k`8TU%_i`KtMvKLgT zE{@wKjOek7UKLk0-$2B1AF@JU$0PX4GzlxT`$TC5?+_k213Vf8wi}Tm?u~3T)=;gY z$+$=WCkixW<(-9*31SkN?~j)OPJMtn?!z2H@96)p}}K~j4o+^oDMD6@XE z*}YS^yk^l)Q(<<0IIpWNoz|8JIW`-oA7*xT)|*c5m9vnqyI?Gf*H)kr6K(!u2VWYS zwY@T+T*;xZ&d3;wMM@nT75XI$xofJ5R8d2BNUW?vuGogk5S=B$yTfbjg|Je|p16(S zu9rsN$wezdMk6#@+g{w0>r)k8XUI*2+&T_PsBU|Psj?>v%lVRg8?MGGB-nk4BhQ~D zhhC!Iow6_;>Fx!FE3m(YH+AK;u52wNV)QK~iWwEV+Fg_O6Zdq;XIOFGPw~#?={e(S zSHyVeIZBJ~eJF7CB;LM)H`&OHS#xY-D3^83TYn<3Sk9Pp#YDUm^ua@OHdRizC!FkA z;Iw?l&hpwZFxPMBtfNObdAFPMuaKBku}xTU+*~cUrdHM56%#$@Th+sjTQ&w&Pihbs zLA^qYxly&9{tRkWz1Lz^OFn%& z1s@fGsO@dmj^YQH$6lC&Z4=i{JhyT6hQpRHP&<%eA8I@Lt*kc3edJ=E_a?V&SzcbA zP=kr(Y)gZ88)gp8)$AUOzG}NTB2R`_ZQXWtZR<6)tF8&RZJXS-mEX5+rDE-HqzlB6 zde5$1wKd%KoXKt5uH1SR_4e1Zyf&BCldP>&l*#b)oD^EB> zE=QbvQyywJ)X1wEN~|g#967jSdf(K+gL7qWRg{b-S0&tglYbD-q^tKY)DCo;eap&N zCWaYV`cx&=sueeMC7Of>xfn_K&E3MwsnqJnC|adC4JBMDV`xv@Uf>v$oDkKVdQiuW zs2re@bH%8d7uz&jSiOHSCCnv9!ji5QqQy2mJrK2FSThLcj!@=V%xQO* z>YUCAu8}D;l$8+fT};#{j@WXos7-c3y3}618>@;>PCCv(k;i;lXc)+w{sMUtn6myt z$R$@C`ev9-#vDn*N~5JbCY*-0j&&IxvAQH=xgule$aBXvVUnFQ1qCA|Tg(y}M zvTl-rVpj~3wvM2)^0`-T?kVuiI>_`Y!GR8Rcj$kkBF_|%HzDVYLcCYlsCqBhxK=`t=OCe@aKaEf}9 zgfT5-rW5XGvD_Grcm_IT`C;(E5u(c;N545L>cCZ{23yi6ik0gLYohR0iIw&vmnCd2 z%PMo5dDE$rW7(;D28m?luoz*cYdK_oZJ#;eSZtSzhD69J zrs1iRJ`R5Bp4wCcnJ0mUP=j{6xlLiXLpNX~kVrU9y=D-GI;J__*P4mI6J!*4MMioC zqBN^eSVU;5cDTbOYS5#R_(>-mh>3@}@0o7ETVMcs$5# zb2>$}#ziwWiYhZMWowSCKB>Td%k2;H72;hQ+B~5stgIjz+?`GvTjSWAtlpoK!6g}W8&#^)yoIu{ zRw6Vbr`dO^Y$G!dSCYxrWj}1jQb;9ZwOF~-q!dEg;f^Tj!)b1v&>C^nKmmqFI<2U| zxLI*`nXoFl=VnEMS)D|qu+Ukk9yY28n5U@Za4;(l`uBQ?A|rv&D6@I!_G6%LWCyoTLIc8~> z&Bpl&2Ik_fV|Jn7mwc=feRdUA%a}rBEBcEUwaZi(A*BOKyJ9aH9#T-CHt`t+T z9lI*F`yKB_JbS**aEpo*L7k~YZ7ow8ESOz(8X{!N{7_UBB;YN08;;~6;(cT;X~mRDSKuOq{gaAdu#d)msaoN4y_RR6Mbn} zzT%Lfd+^960o7=P$s{P-i3YJHWf)UIN!x;c$}!_k`@V zR9aX0eKMGGvS~i_vdH$cL)G4y(%NWJ2hm!}_lr2F?a=tFDUw`nhJj=ha>KF8=LDA1 zG6_T+^X?KSYFl78rR#9|W(bOD zh+QrdEYndXPgn0QScJRm)lP=R@(x^)Bd8N5^@r3jQ95M{o*-8c(-Q21nSdnK>PFi3av(8yyCq)o-D~X;6j)CrWNG z#80*_mJM4-E+eM|wy=^4IkJ*ec!cBzo2wSTYM99Ck=$B!Wfof1VBn71O3Q8(((DbF z*L|E}iV2*?e=^BFJFl$hiTp!C0mi9P2%HSL$DMT)T-m}@G_L9i&NxnCoH|*#0>y_k z1?&2=L&~Cea%}%vHljB|q$Z+PGmc$mGOfvO`7+MYX(BYbP^uMlm%Oa{KU(8r3unPd z^P(kOuGGTgweWJ0!g%VQ)An4*L{(9od6c2mC#vF?f0X3)JDzoCTBn$l{J7~*LXeOI zo`MNYaz&i0AiXJV!w+n*9l%I%oRvmBjvC;q-%=uVj>A$H%0LO$>u48lQ6)&k=$+P0 zo1N9WSKrB>vy|uPg2^atIsZOwr#R^PouOS(I1IKSjKZQ%qF~aW92^QqPY$NJ{lQ^f z9S$~Rq1@K-JLN2>Ta;z#a^h?fu9G;mSlT8orFmrR3!gfv(~m-+rqYYl$%;<3SmeM` zm@NKtJ4r)Ats{LD_YQIc$+%n^9KM|6BF`P($nZz7kbkv~1 zke^d=FVC{WVOc1m9(lAVO?P%Qt=on3loS<83cb%w*6F)NY6|^VdI=+Yc7gLM`UVr+ zD%5aQ*vcb|KRTE(NA8e)w@uQ}oG3Z^?Ee}8iNHyt_zWj)IWS%c(O8ReSRyESP1R~H zrd_^|Nf)r?lTlcgnuM`@mME^1EdHsJ$`oaEoJ7;z-mRq5>B@-~qI9D5ZlTnVsjTwA zGf*sw-a5loRZ_t&%((I-oaErUVW_%xAT3VbYmV0w!5ldu9b&`nC?;8GNCL-nbA!3$ z5Ab|WDW@f$R4U8Idp8sgH_NY64xzuZ=+OLG6PU7#a`V%}tV=+hteH>cn59kPywlks z@A)Q6KF#B$O3ZAKemZ06r#^Bv6v!ilflCzbF49j~7yLe-lPb5a>LKC44)(aY^QJ6( zAB3lrin@BYoK2kxs=L@UC%H?Un(R<8qD6gPw;T7NJ96xPsP3jY8p|e_XS#Nm4SaDn zvMmLBVaN@?Mbl7BeeDiKe=aF(L0E^asS_c81g1+Jj$-8+T3Z+E(H3!6!K7iR2=7;F-<3y>&OxP0qe7ZbgRze&{Myp$kfsVOb16=mDtg2DdaZC7;x z3L&o5EhMXDuKuH$NGxHv5O^jbxY zZnspwC%j!@+NJh#Iy7Lh{n>o5Nd6B^_pm6O zQL1uTslH}Oi|AUV4%ZysH7r7KBsEmtn_ya&?*7VY+V6o%y>xIHr7p83=WJyoDHCQu zzT>iG>|$T1e9rDjHD%b0KJtTC&jmUwbE7ge_jZ}XJGecyXPL|49Xw^>(K(9R;?j23 zFu@7Gv|^h-!Ayc-bzHEj#q) zg5U2Z;{|JQW-b$a2jm~*NNd@9b~%Gio`==26oO5j`7>Z7sZ`na&fI53BvUeqt|;>thmC(Sr4)42Kr{La9LwvX6MMfyA@=#jjK9H$7j|UQ zz3rOX@Wj%CU33v6W&x$NIfzpv!I8yrGf+(|i7rjFJEtpu@l|LXXWd5qnISV!oO?=F zl-_)=t{1cw;e$f4m_!!CcUJFLFvVPY-BB#oiEUU6*|Z2z_=3AhC0|&|vs_hw)hpv* zLC8|c>5AO3%1+vRlLU_>5X&_keQX)TPBjK1WBoj0NwU{C68vf8h4d@#6%;&s=xpK{ zuEWg=Fh{$guMA~3a4w;E%_tUoUuTdatysy#*6)(bFUFk}XH4fLWVRc-ZCz|Y1c}sC z@3L8{J98W0W*xxTe z&5qe!YplK-%o34_Bo6K(c3ZNs3sPb-T$q%#boC)WH~Ts0+@&FxmW|!Pm8ji=VnUK= z5oO0;bVG$DXemlS=WMJT>ueVwymEmWw(tLsZj#!51lAjue_@y9)v-%)_GDS!^+U{t z*_Ws3ha4Omx|S<$Z1lt660>rB>DB@9LZR6WE`FHt(Y;Vu(j@98T)$;b@fq1OYbsdM zqhg6?u5qS5yoCsd>bQ%nS$PFE3rCY2V7Usc391P_$~7QtazXN8+RkLqWcI3(TKKcG z?(d`u0rmb#P%fdnh#9(aABeF}tTtoJa_RJMH1cmB_#1X(uH{&JDQNb4{97^#e`8(? z30`~kK9n$E^-6IV`08%<>%2f~cic-^idmO;Jv0Y1ccj)DQyd+GnwO&D`n}-IMzHd8eGpTSM@yPcw%otMJ1)53=OWdpB<6>w&k?Cr&ZUvxj!I{!kK^WI4HJ~LUe1tfJJ^M2HNm6iCNt5Ol!ADk3@Cb)Fw_8|t=oJ_m! z?DXb%VYXi8)#%nQF75klZ>$2>M3c^ZLikxXEk*F?;AF*NrLv-fUFYh;n|1c)>U|5C zjlv=!(q5^!f4s;|dAN=fsv(~E3gU@+$m?yU=j;Knltp|ac8 zA-f{3T6CqOk7UBQu14y)$sNRA@~`4?f8&=_?sdTedb5~ZNn26J(j`h(jvR-4Ph2ZG zYg^q4>yYoLj)?0q5D|I}*#{WU5L;HX9-5|q# zKto|ot*&VTWw$E=F1OV2qT+VC;MPz*657_U>UJ@QhF#3H7{}@!+`Ds+(&2|AH+4>& zMBSuW^3%2P;Q((Qt4dWTkV+iHI8Ov#i^59 z?EV}*tBo{Ecf|ogU6VcUdw0w$9nRq?4IC3!%})$lCGjyW$iJ9lhoK>PvWuKkCyPXT XC@GH)$FY literal 0 HcmV?d00001 diff --git a/plugins/sudoers/po/de.po b/plugins/sudoers/po/de.po new file mode 100644 index 0000000..822f498 --- /dev/null +++ b/plugins/sudoers/po/de.po @@ -0,0 +1,1717 @@ +# Portable object template file for the sudoers plugin +# This file is put in the public domain. +# Todd C. Miller , 2011-2013 +# Jochen Hein , 2001-2013. +msgid "" +msgstr "" +"Project-Id-Version: sudoers 1.8.7b3\n" +"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" +"POT-Creation-Date: 2013-04-24 11:10-0400\n" +"PO-Revision-Date: 2013-05-20 16:11+0200\n" +"Last-Translator: Jochen Hein \n" +"Language-Team: German \n" +"Language: German\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: confstr.sh:2 +msgid "Password:" +msgstr "Passwort:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** Sicherheits-Information für %h ***" + +# XXX +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Das hat nicht funktioniert, bitte nochmal probieren." + +#: plugins/sudoers/alias.c:124 +#, c-format +msgid "Alias `%s' already defined" +msgstr "Alias »%s« ist bereits definiert" + +#: plugins/sudoers/auth/bsdauth.c:77 +#, c-format +msgid "unable to get login class for user %s" +msgstr "Kann die Login-Klasse des Benutzers »%s« nicht lesen" + +#: plugins/sudoers/auth/bsdauth.c:83 +msgid "unable to begin bsd authentication" +msgstr "Kann die BSD-Authentisierung nicht beginnen" + +#: plugins/sudoers/auth/bsdauth.c:91 +msgid "invalid authentication type" +msgstr "ungültiger Authentisierungstyp" + +#: plugins/sudoers/auth/bsdauth.c:100 +msgid "unable to setup authentication" +msgstr "kann die Authentisierung nicht vorbereiten" + +#: plugins/sudoers/auth/fwtk.c:59 +#, c-format +msgid "unable to read fwtk config" +msgstr "Kann die fwtk-Konfiguration nicht lesen" + +#: plugins/sudoers/auth/fwtk.c:64 +#, c-format +msgid "unable to connect to authentication server" +msgstr "Kann nicht zum Authentisierungsserver verbinden" + +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 +#, c-format +msgid "lost connection to authentication server" +msgstr "Verbindung zum Authentisierungsserver verloren" + +#: plugins/sudoers/auth/fwtk.c:74 +#, c-format +msgid "" +"authentication server error:\n" +"%s" +msgstr "" +"Fehler des Authentisierungsservers:\n" +"%s" + +#: plugins/sudoers/auth/kerb5.c:116 +#, c-format +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s: kann den Principal nicht in eine Zeichenkette konvertieren (»%s«): %s" + +#: plugins/sudoers/auth/kerb5.c:159 +#, c-format +msgid "%s: unable to parse '%s': %s" +msgstr "%s: kann »%s« nicht parsen: %s" + +# XXX check source? +#: plugins/sudoers/auth/kerb5.c:169 +#, c-format +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s: kann den Credential-Cache nicht auflösen: %s" + +#: plugins/sudoers/auth/kerb5.c:217 +#, c-format +msgid "%s: unable to allocate options: %s" +msgstr "%s: kann die Optionen nicht allozieren: %s" + +#: plugins/sudoers/auth/kerb5.c:233 +#, c-format +msgid "%s: unable to get credentials: %s" +msgstr "%s: kann die Credentials nicht bekommen: %s" + +#: plugins/sudoers/auth/kerb5.c:246 +#, c-format +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: kann den Credential-Cache nicht initialisieren: %s" + +#: plugins/sudoers/auth/kerb5.c:250 +#, c-format +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: kann die Credentials nicht im Credential-Cache speichern: %s" + +#: plugins/sudoers/auth/kerb5.c:315 +#, c-format +msgid "%s: unable to get host principal: %s" +msgstr "%s: kann das Rechner-Principal nicht bekommen: %s" + +#: plugins/sudoers/auth/kerb5.c:330 +#, c-format +msgid "%s: Cannot verify TGT! Possible attack!: %s" +msgstr "%s: kann das TGT nicht verifizieren! Möglicher Angriff!: %s" + +#: plugins/sudoers/auth/pam.c:105 +msgid "unable to initialize PAM" +msgstr "Kann PAM nicht initialisieren" + +# XXX wie account übersetzen? +#: plugins/sudoers/auth/pam.c:150 +msgid "account validation failure, is your account locked?" +msgstr "Fehler bei der Validierung des Zugangs, ist der Zugang gesperrt?" + +#: plugins/sudoers/auth/pam.c:154 +msgid "Account or password is expired, reset your password and try again" +msgstr "Zugang oder Password ist abgelaufen, bitte Passwort zurücksetzen und nochmal probieren" + +#: plugins/sudoers/auth/pam.c:162 +#, c-format +msgid "unable to change expired password: %s" +msgstr "kann das abgelaufene Passwort nicht ändern: %s«" + +#: plugins/sudoers/auth/pam.c:167 +msgid "Password expired, contact your system administrator" +msgstr "Dass Passwort ist abgelaufen, bitte wenden Sie sich an den Systemadministrator" + +#: plugins/sudoers/auth/pam.c:171 +msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" +msgstr "Der Zugang ist abgelaufen oder in der PAM-Konfiguration fehlt der »account«-Abschnitt für sudo. Bitte wenden Sie sich an den Systemadministrator" + +#: plugins/sudoers/auth/pam.c:188 +#, c-format +msgid "PAM authentication error: %s" +msgstr "Fehler bei der PAM-Authentisierung: %s" + +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "kann die Credentials nicht bekommen: %s" + +# XXX Karl fragen +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 +#, c-format +msgid "you do not exist in the %s database" +msgstr "Der Benutzer existiert nicht in der %s Datenbank" + +#: plugins/sudoers/auth/securid5.c:80 +#, c-format +msgid "failed to initialise the ACE API library" +msgstr "Die ACE API Bibliothen konnte nicht initialisiert werden" + +#: plugins/sudoers/auth/securid5.c:106 +#, c-format +msgid "unable to contact the SecurID server" +msgstr "Kann den SecurID-Server nicht erreichen" + +#: plugins/sudoers/auth/securid5.c:115 +#, c-format +msgid "User ID locked for SecurID Authentication" +msgstr "Benutzer-ID ist für SecurID-Authentisierung gesperrt" + +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 +#, c-format +msgid "invalid username length for SecurID" +msgstr "ungültige Länge des Benutzernamens für SecurID" + +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 +#, c-format +msgid "invalid Authentication Handle for SecurID" +msgstr "ungültiges Authentication Handle für SecurID" + +#: plugins/sudoers/auth/securid5.c:127 +#, c-format +msgid "SecurID communication failed" +msgstr "SecurID Kommunikation fehlgeschlagen" + +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 +#, c-format +msgid "unknown SecurID error" +msgstr "unbekannter SecurID Fehler" + +#: plugins/sudoers/auth/securid5.c:165 +#, c-format +msgid "invalid passcode length for SecurID" +msgstr "ungültige Passcode Länge für SecurID" + +#: plugins/sudoers/auth/sia.c:108 +msgid "unable to initialize SIA session" +msgstr "kann die SIA Sitzung nicht initialisieren" + +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "ungültige Authentisierungsmethoden" + +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "Ungültige Authentifizierungsmethoden sind in sudo einkompiliert! Standalone und nicht-standalone Authentifizierung können nicht zusammen verwendet werden." + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "keine Authentisierungsmethoden" + +#: plugins/sudoers/auth/sudo_auth.c:205 +msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." +msgstr "Es sind keine Authentifizierungsmethoden in sudo einkompiliert! Wenn Sie Authentifizierung wirklich abschalten wollen, verwenden Sie bitte die configure-Option »--disable-athentication«." + +#: plugins/sudoers/auth/sudo_auth.c:389 +msgid "Authentication methods:" +msgstr "Authentisierungsmethoden:" + +# XXX unklar +#: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 +msgid "Could not determine audit condition" +msgstr "Kann den Audit-Zustand nicht bestimmen" + +# XXX error at close +#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 +msgid "unable to commit audit record" +msgstr "Audit-Satz kann nicht auf Platte geschrieben werden" + +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Wir gehen davon aus, dass der lokale Systemadministrator Ihnen die\n" +"Regeln erklärt hat. Normalerweise läuft es auf drei Regeln hinaus:\n" +"\n" +" #1) Resprektieren Sie die Privatsphäre anderer.\n" +" #2) Denken Sie nach bevor Sie tippen.\n" +" #3) Mit großer Macht kommt große Verantwortung.\n" +"\n" + +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 +#, c-format +msgid "unknown uid: %u" +msgstr "unbekannte uid: %u" + +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 +#, c-format +msgid "unknown user: %s" +msgstr "unbekannter Benutzer: %s" + +#: plugins/sudoers/def_data.c:27 +#, c-format +msgid "Syslog facility if syslog is being used for logging: %s" +msgstr "Syslog Facility wenn syslog für Protokollierung verwendet wird: %s" + +#: plugins/sudoers/def_data.c:31 +#, c-format +msgid "Syslog priority to use when user authenticates successfully: %s" +msgstr "Syslog Priorität wenn der Benutzer sich erfolgreich authentifiziert: %s" + +#: plugins/sudoers/def_data.c:35 +#, c-format +msgid "Syslog priority to use when user authenticates unsuccessfully: %s" +msgstr "Syslog Priorität wenn der Benutzer sich nicht erfolgreich authentifiziert: %s" + +#: plugins/sudoers/def_data.c:39 +msgid "Put OTP prompt on its own line" +msgstr "Schreibe den OTP (One-Time-Passwords) Prompt in eine eigene Zeile" + +#: plugins/sudoers/def_data.c:43 +msgid "Ignore '.' in $PATH" +msgstr "Ignoriere ».« in $PATH" + +#: plugins/sudoers/def_data.c:47 +msgid "Always send mail when sudo is run" +msgstr "Sende immer eine Mail wenn sudo gestartet wird" + +#: plugins/sudoers/def_data.c:51 +msgid "Send mail if user authentication fails" +msgstr "Sende eine Mail wenn die Authentifizierung des Benutzers fehlschlägt" + +#: plugins/sudoers/def_data.c:55 +msgid "Send mail if the user is not in sudoers" +msgstr "Sende eine Mail wenn der Benutzer nicht in der sudoers Datei steht" + +#: plugins/sudoers/def_data.c:59 +msgid "Send mail if the user is not in sudoers for this host" +msgstr "Sende eine Mail wenn der Benutzer nicht in der sudoers Datei für diesen Rechner steht" + +#: plugins/sudoers/def_data.c:63 +msgid "Send mail if the user is not allowed to run a command" +msgstr "Sende eine Mail wenn der Benutzer nicht berechtigt ist ein Kommando auszuführen" + +#: plugins/sudoers/def_data.c:67 +msgid "Use a separate timestamp for each user/tty combo" +msgstr "Verwende getrennte Zeitstempel für jede Benutzer/tty Kombination" + +#: plugins/sudoers/def_data.c:71 +msgid "Lecture user the first time they run sudo" +msgstr "Belehre den Benutzer beim ersten Aufruf von sudo" + +#: plugins/sudoers/def_data.c:75 +#, c-format +msgid "File containing the sudo lecture: %s" +msgstr "Datei mit der sudo-Belehrung: %s" + +#: plugins/sudoers/def_data.c:79 +msgid "Require users to authenticate by default" +msgstr "Standardmäßig muss der Benutzer sich authentifizieren" + +#: plugins/sudoers/def_data.c:83 +msgid "Root may run sudo" +msgstr "Root darf sudo verwenden" + +#: plugins/sudoers/def_data.c:87 +msgid "Log the hostname in the (non-syslog) log file" +msgstr "Protokolliere den Hostname in der (nicht-syslog) Log-Datei" + +#: plugins/sudoers/def_data.c:91 +msgid "Log the year in the (non-syslog) log file" +msgstr "Protokolliere das Jahr in der (nicht-syslog) Log-Datei" + +#: plugins/sudoers/def_data.c:95 +msgid "If sudo is invoked with no arguments, start a shell" +msgstr "Starte eine Shell, wenn sudo ohne Parameter aufgerufen wird" + +#: plugins/sudoers/def_data.c:99 +msgid "Set $HOME to the target user when starting a shell with -s" +msgstr "Setze die Umgebungsvariable $HOME beim Starten einer Shell mit »-s«" + +#: plugins/sudoers/def_data.c:103 +msgid "Always set $HOME to the target user's home directory" +msgstr "Immer die Variable $HOME auf das Home-Verzeichnis des Ziel-Benutzers setzen" + +#: plugins/sudoers/def_data.c:107 +msgid "Allow some information gathering to give useful error messages" +msgstr "Erlaube Informationssammlung für nützliche Fehlermeldungen" + +#: plugins/sudoers/def_data.c:111 +msgid "Require fully-qualified hostnames in the sudoers file" +msgstr "Sind voll qualifizierte Hostnamen in der sudoers-Datei notwendig" + +#: plugins/sudoers/def_data.c:115 +msgid "Insult the user when they enter an incorrect password" +msgstr "»Beschimpfung« bei Eingabe eines falschen Passwortes" + +#: plugins/sudoers/def_data.c:119 +msgid "Only allow the user to run sudo if they have a tty" +msgstr "Der Benutzer darf sudo nur aufrufen wenn ein tty vorhanden ist" + +#: plugins/sudoers/def_data.c:123 +msgid "Visudo will honor the EDITOR environment variable" +msgstr "Visudo beachtet die Umgebungsvariable »EDITOR«" + +#: plugins/sudoers/def_data.c:127 +msgid "Prompt for root's password, not the users's" +msgstr "Frage nach dem root-Passwort, nicht dem Passwort des Benutzers" + +#: plugins/sudoers/def_data.c:131 +msgid "Prompt for the runas_default user's password, not the users's" +msgstr "Frage nach dem Passwort des Benutzers »runas_default«, nicht dem Passwort des aufrufenden Benutzers" + +#: plugins/sudoers/def_data.c:135 +msgid "Prompt for the target user's password, not the users's" +msgstr "Frage nach dem Passwort des Ziel-Benutzers, nicht dem Passwort des aufrufenden Benutzers" + +#: plugins/sudoers/def_data.c:139 +msgid "Apply defaults in the target user's login class if there is one" +msgstr "" + +#: plugins/sudoers/def_data.c:143 +msgid "Set the LOGNAME and USER environment variables" +msgstr "Setze die Umgebungsvariablen »LOGNAME« und »USER«" + +#: plugins/sudoers/def_data.c:147 +msgid "Only set the effective uid to the target user, not the real uid" +msgstr "Setze nur die effektive UID auf den Ziel-Benutzer, nicht die reale UID" + +# XXX Keep the group list of the logged in user? +#: plugins/sudoers/def_data.c:151 +msgid "Don't initialize the group vector to that of the target user" +msgstr "Die sekundären Gruppen nicht auf die Gruppen des Ziel-Benutzers setzen" + +#: plugins/sudoers/def_data.c:155 +#, c-format +msgid "Length at which to wrap log file lines (0 for no wrap): %d" +msgstr "Zeilenlänge für Zeilenumbruch (0 für keinen Zeilenumbruch): %d" + +#: plugins/sudoers/def_data.c:159 +#, c-format +msgid "Authentication timestamp timeout: %.1f minutes" +msgstr "" + +#: plugins/sudoers/def_data.c:163 +#, c-format +msgid "Password prompt timeout: %.1f minutes" +msgstr "" + +#: plugins/sudoers/def_data.c:167 +#, c-format +msgid "Number of tries to enter a password: %d" +msgstr "Anzahl Versuche zur Eingabe des Passwortes: %d" + +#: plugins/sudoers/def_data.c:171 +#, c-format +msgid "Umask to use or 0777 to use user's: 0%o" +msgstr "" + +#: plugins/sudoers/def_data.c:175 +#, c-format +msgid "Path to log file: %s" +msgstr "Pfad zur Log-Datei: %s" + +#: plugins/sudoers/def_data.c:179 +#, c-format +msgid "Path to mail program: %s" +msgstr "Pfad zum Mail-Programm: %s" + +#: plugins/sudoers/def_data.c:183 +#, c-format +msgid "Flags for mail program: %s" +msgstr "Parameter für das Mail-Programm: %s" + +#: plugins/sudoers/def_data.c:187 +#, c-format +msgid "Address to send mail to: %s" +msgstr "Mail-Adresse des Empfängers: %s" + +#: plugins/sudoers/def_data.c:191 +#, c-format +msgid "Address to send mail from: %s" +msgstr "Mail-Adresse des Absenders: %s" + +#: plugins/sudoers/def_data.c:195 +#, c-format +msgid "Subject line for mail messages: %s" +msgstr "Subject:-Zeile für Mails: %s" + +#: plugins/sudoers/def_data.c:199 +#, c-format +msgid "Incorrect password message: %s" +msgstr "Meldung bei Eingabe eines falschen Passwortes: %s" + +#: plugins/sudoers/def_data.c:203 +#, c-format +msgid "Path to authentication timestamp dir: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:207 +#, c-format +msgid "Owner of the authentication timestamp dir: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:211 +#, c-format +msgid "Users in this group are exempt from password and PATH requirements: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:215 +#, c-format +msgid "Default password prompt: %s" +msgstr "Standard Passwort-Prompt: %s" + +#: plugins/sudoers/def_data.c:219 +msgid "If set, passprompt will override system prompt in all cases." +msgstr "" + +#: plugins/sudoers/def_data.c:223 +#, c-format +msgid "Default user to run commands as: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:227 +#, c-format +msgid "Value to override user's $PATH with: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:231 +#, c-format +msgid "Path to the editor for use by visudo: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:235 +#, c-format +msgid "When to require a password for 'list' pseudocommand: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:239 +#, c-format +msgid "When to require a password for 'verify' pseudocommand: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:243 +msgid "Preload the dummy exec functions contained in the sudo_noexec library" +msgstr "" + +#: plugins/sudoers/def_data.c:247 +msgid "If LDAP directory is up, do we ignore local sudoers file" +msgstr "Wenn das LDAP-Verzeichnis erreichbar ist, wird die lokale sudoers-Datei ignoriert?" + +#: plugins/sudoers/def_data.c:251 +#, c-format +msgid "File descriptors >= %d will be closed before executing a command" +msgstr "Datei-Deskriptoren >= %d werden geschlossen, bevor ein Kommando ausgeführt wird" + +#: plugins/sudoers/def_data.c:255 +msgid "If set, users may override the value of `closefrom' with the -C option" +msgstr "" + +#: plugins/sudoers/def_data.c:259 +msgid "Allow users to set arbitrary environment variables" +msgstr "Erlaube Benutzern beliebige Umgebungsvariablen zu setzen" + +#: plugins/sudoers/def_data.c:263 +msgid "Reset the environment to a default set of variables" +msgstr "Setze die Umgebung auf eine Standard-Menge an Variablen zurück" + +#: plugins/sudoers/def_data.c:267 +msgid "Environment variables to check for sanity:" +msgstr "Prüfe folgende Umgebungsvariablen:" + +#: plugins/sudoers/def_data.c:271 +msgid "Environment variables to remove:" +msgstr "Lösche folgende Umgebungsvariablen:" + +#: plugins/sudoers/def_data.c:275 +msgid "Environment variables to preserve:" +msgstr "Erhalte folgende Umgebungsvariablen:" + +#: plugins/sudoers/def_data.c:279 +#, c-format +msgid "SELinux role to use in the new security context: %s" +msgstr "Im neuen Security-Kontext von SELinux wird diese Rolle verwendet: %s" + +#: plugins/sudoers/def_data.c:283 +#, c-format +msgid "SELinux type to use in the new security context: %s" +msgstr "Im neuen Security-Kontext von SELinux wird dieser Typ verwendet: %s" + +#: plugins/sudoers/def_data.c:287 +#, c-format +msgid "Path to the sudo-specific environment file: %s" +msgstr "Pfad zur sudo-spezifischen »environment«-Datei: %s" + +#: plugins/sudoers/def_data.c:291 +#, c-format +msgid "Locale to use while parsing sudoers: %s" +msgstr "Beim Parsen der sudoers-Datei wird diese Locale verwendet: %s" + +#: plugins/sudoers/def_data.c:295 +msgid "Allow sudo to prompt for a password even if it would be visible" +msgstr "Erlaube sudo nach einem Passwort zu fragen, auch wenn das Passwort sichtbar wird" + +#: plugins/sudoers/def_data.c:299 +msgid "Provide visual feedback at the password prompt when there is user input" +msgstr "" + +#: plugins/sudoers/def_data.c:303 +msgid "Use faster globbing that is less accurate but does not access the filesystem" +msgstr "" + +#: plugins/sudoers/def_data.c:307 +msgid "The umask specified in sudoers will override the user's, even if it is more permissive" +msgstr "" + +#: plugins/sudoers/def_data.c:311 +msgid "Log user's input for the command being run" +msgstr "" + +#: plugins/sudoers/def_data.c:315 +msgid "Log the output of the command being run" +msgstr "" + +# XXX use input/output logs +#: plugins/sudoers/def_data.c:319 +msgid "Compress I/O logs using zlib" +msgstr "Komprimiere Ein-/Ausgabe-Logs mittels lib" + +#: plugins/sudoers/def_data.c:323 +msgid "Always run commands in a pseudo-tty" +msgstr "Starte Kommandos immer in einem Pseudo-TTY" + +#: plugins/sudoers/def_data.c:327 +#, c-format +msgid "Plugin for non-Unix group support: %s" +msgstr "Pluginh für nicht-Unix Gruppen-Unterstützung: %s" + +#: plugins/sudoers/def_data.c:331 +#, c-format +msgid "Directory in which to store input/output logs: %s" +msgstr "Verzeichnis zur Speicherung der Ein-/Ausgabe-Logs: %s" + +#: plugins/sudoers/def_data.c:335 +#, c-format +msgid "File in which to store the input/output log: %s" +msgstr "Datei zur Speicherung der Ein-/Ausgabe-Logs: %s" + +# XXX pty -> pseudo TTY? +#: plugins/sudoers/def_data.c:339 +msgid "Add an entry to the utmp/utmpx file when allocating a pty" +msgstr "Füge einen Eintrag in die utmp/utmpx-Datei ein, wenn ein Pseudo-TTY erzeugt wird" + +#: plugins/sudoers/def_data.c:343 +msgid "Set the user in utmp to the runas user, not the invoking user" +msgstr "Verwende für den Eintrag in der utmp-Datei den runas-Benutzer, nicht den aufrufenden Benutzer" + +#: plugins/sudoers/def_data.c:347 +msgid "Set of permitted privileges" +msgstr "Menge der erlaubten Priviliegien" + +# XXX ? +#: plugins/sudoers/def_data.c:351 +msgid "Set of limit privileges" +msgstr "Menge der eingeschränkten Privilegien" + +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Starte Kommandos mit einem Pseudo-TTY im Hintergrund" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Erzeuge eine neue PAM-Sitzung, um das Kommando auszuführen" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "Maximale Ein-/Ausgabe-Log Sequenznummer" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 +#, c-format +msgid "unknown defaults entry `%s'" +msgstr "unbekannter defaults-Eintrag »%s«" + +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 +#, c-format +msgid "value `%s' is invalid for option `%s'" +msgstr "Der Wert »%s« ist für die Option »%s« ungültig" + +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 +#, c-format +msgid "no value specified for `%s'" +msgstr "Kein Wert für »%s« angegeben" + +#: plugins/sudoers/defaults.c:241 +#, c-format +msgid "values for `%s' must start with a '/'" +msgstr "Werte für »%s« müssen mit einem »/« beginnen" + +#: plugins/sudoers/defaults.c:303 +#, c-format +msgid "option `%s' does not take a value" +msgstr "Die Option »%s« wird ohne Wert verwendet" + +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 +#, c-format +msgid "internal error, %s overflow" +msgstr "interner Fehler, %s Überlauf" + +#: plugins/sudoers/env.c:367 +msgid "sudo_putenv: corrupted envp, length mismatch" +msgstr "sudo_putenv: envp ist korrupt, die Längen passen nicht" + +#: plugins/sudoers/env.c:1012 +#, c-format +msgid "sorry, you are not allowed to set the following environment variables: %s" +msgstr "Tut mir leid, die folgenden Umgebungsvariablen dürfen nicht gesetzt werden: %s" + +#: plugins/sudoers/group_plugin.c:102 +#, c-format +msgid "%s must be owned by uid %d" +msgstr "%s muss der uid %d gehören" + +#: plugins/sudoers/group_plugin.c:106 +#, c-format +msgid "%s must only be writable by owner" +msgstr "%s darf nur für den Eigentümer der Datei schreibbar sein" + +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 +#, c-format +msgid "unable to dlopen %s: %s" +msgstr "dlopen für %s fehlgeschlagen: %s" + +#: plugins/sudoers/group_plugin.c:118 +#, c-format +msgid "unable to find symbol \"group_plugin\" in %s" +msgstr "kann das Symbol \"group_plugin\" in %s nicht finden" + +#: plugins/sudoers/group_plugin.c:123 +#, c-format +msgid "%s: incompatible group plugin major version %d, expected %d" +msgstr "%s: Die Major-Version %d des Group-Plugins ist inkompatibel, erwartet wird %d" + +#: plugins/sudoers/interfaces.c:119 +msgid "Local IP address and netmask pairs:\n" +msgstr "Lokale IP-Adresse und Netzmaske:\n" + +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existiert, aber ist kein Verzeichnis (0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 +#, c-format +msgid "unable to mkdir %s" +msgstr "kann das Verzeichnis »%s« nicht erstellen" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "kann die Datei »%s« nicht öffnen" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 +#, c-format +msgid "unable to read %s" +msgstr "kann die Datei »%s« nicht lesen" + +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 +#, c-format +msgid "unable to write to %s" +msgstr "kann die Datei »%s« nicht schreiben" + +#: plugins/sudoers/iolog.c:334 +#, c-format +msgid "unable to create %s" +msgstr "kann die Datei »%s« nicht erstellen" + +#: plugins/sudoers/ldap.c:385 +msgid "sudo_ldap_conf_add_ports: port too large" +msgstr "sudo_ldap_conf_add_ports: Port ist zu groß" + +# XXX ? +#: plugins/sudoers/ldap.c:408 +msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" +msgstr "sudo_ldap_conf_add_ports: kein Platz zum Erweitern von hostbuf" + +#: plugins/sudoers/ldap.c:438 +#, c-format +msgid "unsupported LDAP uri type: %s" +msgstr "LDAP uri Typ ist nicht unterstützt: %s" + +#: plugins/sudoers/ldap.c:467 +#, c-format +msgid "invalid uri: %s" +msgstr "ungültige URI: %s" + +#: plugins/sudoers/ldap.c:473 +#, c-format +msgid "unable to mix ldap and ldaps URIs" +msgstr "ldap und ldaps URIs können nicht zusammen verwendet werden" + +#: plugins/sudoers/ldap.c:477 +#, c-format +msgid "unable to mix ldaps and starttls" +msgstr "ldaps und starttls können nicht zusammen verwendet werden" + +#: plugins/sudoers/ldap.c:496 +msgid "sudo_ldap_parse_uri: out of space building hostbuf" +msgstr "sudo_ldap_parse_uri: kein Platz zum Erzeugen von hostbuf" + +#: plugins/sudoers/ldap.c:570 +#, c-format +msgid "unable to initialize SSL cert and key db: %s" +msgstr "kann die Zertifikat- und Schlüsseldatenbank für SSL nicht initialisieren: %s" + +#: plugins/sudoers/ldap.c:573 +#, c-format +msgid "you must set TLS_CERT in %s to use SSL" +msgstr "In der Datei »%s« muss »TLS_CERT« angegeben sein um SSL zu nutzen" + +#: plugins/sudoers/ldap.c:1062 +#, c-format +msgid "unable to get GMT time" +msgstr "kann die GMT-Zeit nicht bekommen" + +#: plugins/sudoers/ldap.c:1068 +#, c-format +msgid "unable to format timestamp" +msgstr "kann den Zeitstempel nicht formatieren" + +# XXX ? +#: plugins/sudoers/ldap.c:1076 +#, c-format +msgid "unable to build time filter" +msgstr "Kann den Filter beim Kompilieren nicht erstellen" + +#: plugins/sudoers/ldap.c:1295 +msgid "sudo_ldap_build_pass1 allocation mismatch" +msgstr "" + +#: plugins/sudoers/ldap.c:1842 +#, c-format +msgid "" +"\n" +"LDAP Role: %s\n" +msgstr "" +"\n" +"LDAP-Rolle: %s\n" + +#: plugins/sudoers/ldap.c:1844 +#, c-format +msgid "" +"\n" +"LDAP Role: UNKNOWN\n" +msgstr "" +"\n" +"LDAP-Rolle: UNBEKANNT\n" + +#: plugins/sudoers/ldap.c:1891 +#, c-format +msgid " Order: %s\n" +msgstr "" + +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 +#, c-format +msgid " Commands:\n" +msgstr " Kommandos:\n" + +#: plugins/sudoers/ldap.c:2321 +#, c-format +msgid "unable to initialize LDAP: %s" +msgstr "Kann LDAP nicht initialisieren: %s" + +#: plugins/sudoers/ldap.c:2355 +#, c-format +msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" +msgstr "start_tls ist angegeben, aber die LDAP-Bibliotheken unterstützen ldap_start_tls_s() und ldap_start_tls_s_np() nicht" + +#: plugins/sudoers/ldap.c:2591 +#, c-format +msgid "invalid sudoOrder attribute: %s" +msgstr "ungültiges »sudoOrder« Attribut: %s" + +#: plugins/sudoers/linux_audit.c:57 +msgid "unable to open audit system" +msgstr "Kann das Audit-System nicht öffnen" + +#: plugins/sudoers/linux_audit.c:93 +#, c-format +msgid "unable to send audit message" +msgstr "Kann die Audit-Nachricht nicht senden" + +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (Kommando fortgesetzt) %s" + +#: plugins/sudoers/logging.c:194 +#, c-format +msgid "unable to open log file: %s: %s" +msgstr "Kann die Log-Datei nicht öffnen: %s: %s" + +#: plugins/sudoers/logging.c:197 +#, c-format +msgid "unable to lock log file: %s: %s" +msgstr "Kann die Log-Datei nicht sperren: %s: %s" + +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Kein Benutzer oder Rechner angegeben" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "Fehler bei der Validierung" + +#: plugins/sudoers/logging.c:254 +msgid "user NOT in sudoers" +msgstr "Der Benutzer ist NICHT in der sudoers" + +#: plugins/sudoers/logging.c:256 +msgid "user NOT authorized on host" +msgstr "Der Benutzer ist NICHT auf dem Rechner authorisiert" + +#: plugins/sudoers/logging.c:258 +msgid "command not allowed" +msgstr "Das Kommando ist nicht erlaubt" + +#: plugins/sudoers/logging.c:288 +#, c-format +msgid "%s is not in the sudoers file. This incident will be reported.\n" +msgstr "%s ist nicht in der sudoers-Datei. Dieser Vorfall wird gemeldet.\n" + +#: plugins/sudoers/logging.c:291 +#, c-format +msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" +msgstr "%s darf sudo für %s nicht verwenden. Dieser Vorfall wird gemeldet.\n" + +#: plugins/sudoers/logging.c:295 +#, c-format +msgid "Sorry, user %s may not run sudo on %s.\n" +msgstr "Tut mir leid, der Benutzer %s darf sudo für %s nicht verwenden.\n" + +#: plugins/sudoers/logging.c:298 +#, c-format +msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" +msgstr "Tut mir leid, der Benutzer %s darf '%s%s%s' als %s%s%s auf %s nicht ausführen.\n" + +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 +#, c-format +msgid "%s: command not found" +msgstr "%s: Kommando nicht gefunden" + +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 +#, c-format +msgid "" +"ignoring `%s' found in '.'\n" +"Use `sudo ./%s' if this is the `%s' you wish to run." +msgstr "" +"ignoriere `%s' im aktuellen Verzeichnis ».«\n" +"Verwende »sudo ./%s«, wenn dies das gewünschte Kommando »%s« ist." + +#: plugins/sudoers/logging.c:353 +msgid "authentication failure" +msgstr "Fehler bei der Authentisierung" + +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "Ein Passwort ist notwendig" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 +#, c-format +msgid "%d incorrect password attempt" +msgid_plural "%d incorrect password attempts" +msgstr[0] "%d Fehlversuch bei der Passwort-Eingabe" +msgstr[1] "%d Fehlversuche bei der Passwort-Eingabe" + +#: plugins/sudoers/logging.c:566 +msgid "unable to fork" +msgstr "Fehler bei fork()" + +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 +#, c-format +msgid "unable to fork: %m" +msgstr "Fehler bei fork(): %m" + +#: plugins/sudoers/logging.c:619 +#, c-format +msgid "unable to open pipe: %m" +msgstr "Kann die Pipe nicht öffnen: %m" + +# XXX ? +#: plugins/sudoers/logging.c:644 +#, c-format +msgid "unable to dup stdin: %m" +msgstr "Kann stdin nicht duplizieren" + +#: plugins/sudoers/logging.c:680 +#, c-format +msgid "unable to execute %s: %m" +msgstr "Kann %s nicht ausführen: %m" + +#: plugins/sudoers/logging.c:899 +msgid "internal error: insufficient space for log line" +msgstr "interner Fehler: unzureichender Platz für die Protokoll-Zeile" + +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "LDAP uri Typ %d ist nicht unterstützt für %s" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "%s: Fehler beim Lesen" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "Digest für %s (%s) ist nicht in der %s Form" + +#: plugins/sudoers/parse.c:124 +#, c-format +msgid "parse error in %s near line %d" +msgstr "Syntax-Fehler in %s bei der Zeile %d" + +#: plugins/sudoers/parse.c:127 +#, c-format +msgid "parse error in %s" +msgstr "Syntax-Fehler in %s" + +#: plugins/sudoers/parse.c:462 +#, c-format +msgid "" +"\n" +"Sudoers entry:\n" +msgstr "" +"\n" +"Sudoers Eintrag:\n" + +#: plugins/sudoers/parse.c:463 +#, c-format +msgid " RunAsUsers: " +msgstr " RunAsUsers: " + +#: plugins/sudoers/parse.c:477 +#, c-format +msgid " RunAsGroups: " +msgstr " RunAsGroups: " + +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Optionen: " + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "kann %s nicht ausführen" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Sudoers Policy-Plugin Version %s\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Sudoers-Datei Grammatik-Version %d\n" + +#: plugins/sudoers/policy.c:665 +#, c-format +msgid "" +"\n" +"Sudoers path: %s\n" +msgstr "" +"\n" +"Sudoers Pfad: %s\n" + +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "nsswitch Pfad: %s\n" + +#: plugins/sudoers/policy.c:670 +#, c-format +msgid "ldap.conf path: %s\n" +msgstr "ldap.conf Pfad: %s\n" + +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "ldap.secret Pfad: %s\n" + +#: plugins/sudoers/pwutil.c:148 +#, c-format +msgid "unable to cache uid %u, already exists" +msgstr "kann die uid %u nicht cachen, sie existiert bereits" + +#: plugins/sudoers/pwutil.c:190 +#, c-format +msgid "unable to cache user %s, already exists" +msgstr "Kann den Benutzer %s nicht in den Cache aufnehmen, er existiert bereits" + +#: plugins/sudoers/pwutil.c:386 +#, c-format +msgid "unable to cache gid %u, already exists" +msgstr "Kann die gid %u nicht in den Cache aufnehmen, sie existiert bereits" + +#: plugins/sudoers/pwutil.c:422 +#, c-format +msgid "unable to cache group %s, already exists" +msgstr "Kann die Gruppe %s nicht in den Cache aufnehmen, sie existiert bereits" + +#: plugins/sudoers/pwutil.c:578 plugins/sudoers/pwutil.c:600 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "Kann die Gruppen-Liste für %s nicht in den Cache aufnehmen, sie existiert bereits" + +#: plugins/sudoers/pwutil.c:598 +#, c-format +msgid "unable to parse groups for %s" +msgstr "Kann die Gruppen für %s nicht parsen" + +# XXX ? +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 +msgid "perm stack overflow" +msgstr "Stack-Überlauf der Permissions" + +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 +msgid "perm stack underflow" +msgstr "Stack-Bereichsunterschreitung der Permissions" + +# XXX ? +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "Kann nicht zur root GID wechseln" + +# XXX ? +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 +msgid "unable to change to runas gid" +msgstr "Kann nicht zur runas UID wechseln" + +# XXX ? +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 +msgid "unable to change to runas uid" +msgstr "Kann nicht zur runas GID wechseln" + +# XXX ? +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 +msgid "unable to change to sudoers gid" +msgstr "Kann nicht zur sudoers GID wechseln" + +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 +msgid "too many processes" +msgstr "Zu viele Prozesse" + +# XXX vector? +#: plugins/sudoers/set_perms.c:1583 +msgid "unable to set runas group vector" +msgstr "Kann die runas Gruppen nicht setzen" + +#: plugins/sudoers/sssd.c:257 +#, c-format +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "Kann die SSS_Quelle nicht initialisieren. Ist SSSD auf dem Rechner installiert?" + +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 +#, c-format +msgid "unable to find symbol \"%s\" in %s" +msgstr "Kann das Symbol »%s« nicht in %s finden" + +#: plugins/sudoers/sudo_nss.c:283 +#, c-format +msgid "Matching Defaults entries for %s on this host:\n" +msgstr "Passende Defaults-Einträge für %s auf diesem Rechner:\n" + +#: plugins/sudoers/sudo_nss.c:296 +#, c-format +msgid "Runas and Command-specific defaults for %s:\n" +msgstr "" + +#: plugins/sudoers/sudo_nss.c:309 +#, c-format +msgid "User %s may run the following commands on this host:\n" +msgstr "" +"Der Benutzer %s darf die folgenden Kommandos auf diesem Rechner\n" +"ausführen:\n" + +#: plugins/sudoers/sudo_nss.c:318 +#, c-format +msgid "User %s is not allowed to run sudo on %s.\n" +msgstr "Der Benutzer %s darf sudo auf dem Rechner %s nicht ausführen.\n" + +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 +msgid "problem with defaults entries" +msgstr "Problem mit den Standard-Einträgen" + +#: plugins/sudoers/sudoers.c:165 +#, c-format +msgid "no valid sudoers sources found, quitting" +msgstr "Keine gültige sudoers-Quelle gefunden, Programmende" + +#: plugins/sudoers/sudoers.c:227 +#, c-format +msgid "sudoers specifies that root is not allowed to sudo" +msgstr "sudoers gibt an, dass root sudo nicht verwenden darf" + +#: plugins/sudoers/sudoers.c:234 +#, c-format +msgid "you are not permitted to use the -C option" +msgstr "Sie dürfen die -C Option nicht verwenden" + +#: plugins/sudoers/sudoers.c:315 +#, c-format +msgid "timestamp owner (%s): No such user" +msgstr "" + +#: plugins/sudoers/sudoers.c:329 +msgid "no tty" +msgstr "Kein tty" + +#: plugins/sudoers/sudoers.c:330 +#, c-format +msgid "sorry, you must have a tty to run sudo" +msgstr "Uh, Sie müssen ein TTY haben, um sudo zu verwenden" + +# XXX ? +#: plugins/sudoers/sudoers.c:378 +msgid "command in current directory" +msgstr "Kommando ist im aktuellen Verzeichnis" + +#: plugins/sudoers/sudoers.c:395 +#, c-format +msgid "sorry, you are not allowed to preserve the environment" +msgstr "Uh, Sie dürfen das Environment nicht erhalten" + +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:726 +#, c-format +msgid "%s is not a regular file" +msgstr "%s ist keine reguläre Datei" + +#: plugins/sudoers/sudoers.c:729 toke.l:913 +#, c-format +msgid "%s is owned by uid %u, should be %u" +msgstr "" + +#: plugins/sudoers/sudoers.c:733 toke.l:920 +#, c-format +msgid "%s is world writable" +msgstr "%s ist für alle beschreibbar (world writable)" + +#: plugins/sudoers/sudoers.c:736 toke.l:925 +#, c-format +msgid "%s is owned by gid %u, should be %u" +msgstr "" + +#: plugins/sudoers/sudoers.c:763 +#, c-format +msgid "only root can use `-c %s'" +msgstr "Nur root kann »-c %s« verwenden" + +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 +#, c-format +msgid "unknown login class: %s" +msgstr "unbekannte Login-Klasse: %s" + +#: plugins/sudoers/sudoers.c:814 +#, c-format +msgid "unable to resolve host %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 +#, c-format +msgid "unknown group: %s" +msgstr "unbekannte Gruppe: %s" + +#: plugins/sudoers/sudoreplay.c:292 +#, c-format +msgid "invalid filter option: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:305 +#, c-format +msgid "invalid max wait: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:311 +#, c-format +msgid "invalid speed factor: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 +#, c-format +msgid "%s version %s\n" +msgstr "%s Version %s\n" + +#: plugins/sudoers/sudoreplay.c:339 +#, c-format +msgid "%s/%.2s/%.2s/%.2s/timing: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:345 +#, c-format +msgid "%s/%s/timing: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:363 +#, c-format +msgid "Replaying sudo session: %s\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:369 +#, c-format +msgid "Warning: your terminal is too small to properly replay the log.\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:370 +#, c-format +msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." +msgstr "" + +#: plugins/sudoers/sudoreplay.c:400 +msgid "unable to set tty to raw mode" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:416 +#, c-format +msgid "invalid timing file line: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:499 +msgid "writing to standard output" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 +#, c-format +msgid "ambiguous expression \"%s\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:683 +#, c-format +msgid "too many parenthesized expressions, max %d" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:694 +msgid "unmatched ')' in expression" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:700 +#, c-format +msgid "unknown search term \"%s\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:714 +#, c-format +msgid "%s requires an argument" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 +#, c-format +msgid "invalid regular expression: %s" +msgstr "ungültiger regulärer Ausdruck: %s" + +#: plugins/sudoers/sudoreplay.c:724 +#, c-format +msgid "could not parse date \"%s\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:737 +msgid "unmatched '(' in expression" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:739 +msgid "illegal trailing \"or\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:741 +msgid "illegal trailing \"!\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1182 +#, c-format +msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1185 +#, c-format +msgid "usage: %s [-h] [-d directory] -l [search expression]\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1194 +#, c-format +msgid "" +"%s - replay sudo session logs\n" +"\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1196 +msgid "" +"\n" +"Options:\n" +" -d directory specify directory for session logs\n" +" -f filter specify which I/O type to display\n" +" -h display help message and exit\n" +" -l [expression] list available session IDs that match expression\n" +" -m max_wait max number of seconds to wait between events\n" +" -s speed_factor speed up or slow down output\n" +" -V display version information and exit" +msgstr "" + +#: plugins/sudoers/testsudoers.c:328 +msgid "\thost unmatched" +msgstr "" + +#: plugins/sudoers/testsudoers.c:331 +msgid "" +"\n" +"Command allowed" +msgstr "" +"\n" +"Kommando erlaubt" + +#: plugins/sudoers/testsudoers.c:332 +msgid "" +"\n" +"Command denied" +msgstr "" +"\n" +"Kommando verweigert" + +#: plugins/sudoers/testsudoers.c:332 +msgid "" +"\n" +"Command unmatched" +msgstr "" + +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "" + +#: plugins/sudoers/toke_util.c:176 +#, c-format +msgid "fill_args: buffer overflow" +msgstr "" + +#: plugins/sudoers/visudo.c:180 +#, c-format +msgid "%s grammar version %d\n" +msgstr "" + +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 +#, c-format +msgid "press return to edit %s: " +msgstr "" + +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 +msgid "write error" +msgstr "" + +#: plugins/sudoers/visudo.c:414 +#, c-format +msgid "unable to stat temporary file (%s), %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:419 +#, c-format +msgid "zero length temporary file (%s), %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:425 +#, c-format +msgid "editor (%s) failed, %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:448 +#, c-format +msgid "%s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:477 +#, c-format +msgid "unable to re-open temporary file (%s), %s unchanged." +msgstr "" + +#: plugins/sudoers/visudo.c:487 +#, c-format +msgid "unabled to parse temporary file (%s), unknown error" +msgstr "" + +#: plugins/sudoers/visudo.c:526 +#, c-format +msgid "internal error, unable to find %s in list!" +msgstr "" + +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 +#, c-format +msgid "unable to set (uid, gid) of %s to (%u, %u)" +msgstr "" + +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "" + +#: plugins/sudoers/visudo.c:609 +#, c-format +msgid "%s and %s not on the same file system, using mv to rename" +msgstr "" + +#: plugins/sudoers/visudo.c:623 +#, c-format +msgid "command failed: '%s %s %s', %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:633 +#, c-format +msgid "error renaming %s, %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:695 +msgid "What now? " +msgstr "" + +#: plugins/sudoers/visudo.c:709 +msgid "" +"Options are:\n" +" (e)dit sudoers file again\n" +" e(x)it without saving changes to sudoers file\n" +" (Q)uit and save changes to sudoers file (DANGER!)\n" +msgstr "" + +#: plugins/sudoers/visudo.c:757 +#, c-format +msgid "unable to run %s" +msgstr "" + +#: plugins/sudoers/visudo.c:783 +#, c-format +msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" +msgstr "" + +#: plugins/sudoers/visudo.c:790 +#, c-format +msgid "%s: bad permissions, should be mode 0%o\n" +msgstr "" + +#: plugins/sudoers/visudo.c:815 +#, c-format +msgid "failed to parse %s file, unknown error" +msgstr "" + +#: plugins/sudoers/visudo.c:831 +#, c-format +msgid "parse error in %s near line %d\n" +msgstr "" + +#: plugins/sudoers/visudo.c:834 +#, c-format +msgid "parse error in %s\n" +msgstr "" + +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 +#, c-format +msgid "%s: parsed OK\n" +msgstr "" + +#: plugins/sudoers/visudo.c:893 +#, c-format +msgid "%s busy, try again later" +msgstr "" + +#: plugins/sudoers/visudo.c:937 +#, c-format +msgid "specified editor (%s) doesn't exist" +msgstr "" + +#: plugins/sudoers/visudo.c:960 +#, c-format +msgid "unable to stat editor (%s)" +msgstr "" + +#: plugins/sudoers/visudo.c:1008 +#, c-format +msgid "no editor found (editor path = %s)" +msgstr "" + +#: plugins/sudoers/visudo.c:1100 +#, c-format +msgid "Error: cycle in %s_Alias `%s'" +msgstr "" + +#: plugins/sudoers/visudo.c:1101 +#, c-format +msgid "Warning: cycle in %s_Alias `%s'" +msgstr "" + +#: plugins/sudoers/visudo.c:1104 +#, c-format +msgid "Error: %s_Alias `%s' referenced but not defined" +msgstr "" + +#: plugins/sudoers/visudo.c:1105 +#, c-format +msgid "Warning: %s_Alias `%s' referenced but not defined" +msgstr "" + +#: plugins/sudoers/visudo.c:1240 +#, c-format +msgid "%s: unused %s_Alias %s" +msgstr "" + +#: plugins/sudoers/visudo.c:1302 +#, c-format +msgid "" +"%s - safely edit the sudoers file\n" +"\n" +msgstr "" + +#: plugins/sudoers/visudo.c:1304 +msgid "" +"\n" +"Options:\n" +" -c check-only mode\n" +" -f sudoers specify sudoers file location\n" +" -h display help message and exit\n" +" -q less verbose (quiet) syntax error messages\n" +" -s strict syntax checking\n" +" -V display version information and exit" +msgstr "" +"\n" +"Optionen:\n" +" -c nur den Prüf-Modus verwenden\n" +" -f sudoers gibt den Namen der sudoers Datei an\n" +" -h diese Hilfe anzeigen und beenden\n" +" -q weniger ausführliche Syntaxfehler-Meldungen\n" +" -s strikte Syntax-Prüfung\n" +" -V Versionsinformation anzeigen und beenden" + +#: toke.l:886 +msgid "too many levels of includes" +msgstr "Zu viele geschachtelte include Einträge" + +#~ msgid "getaudit: failed" +#~ msgstr "getaudit: fehlgeschlagen" + +#~ msgid "getauid: failed" +#~ msgstr "getauid: fehlgeschlagen" + +#~ msgid "au_open: failed" +#~ msgstr "au_open: fehlgeschlagen" + +#~ msgid "au_to_subject: failed" +#~ msgstr "au_to_subject: fehlgeschlagen" + +#~ msgid "au_to_exec_args: failed" +#~ msgstr "au_to_exec_args: fehlgeschlagen" + +#~ msgid "au_to_return32: failed" +#~ msgstr "au_to_return32: fehlgeschlagen" + +#~ msgid "au_to_text: failed" +#~ msgstr "au_to_text: fehlgeschlagen" diff --git a/plugins/sudoers/po/eo.mo b/plugins/sudoers/po/eo.mo index 951f7ecccd999fcc46ea454622af609e69d21582..e99c675e00b4019b577cb29bb84d72f792ae5917 100644 GIT binary patch delta 10437 zcmZ|U349dg{m1cH4wY~dF1a$ffP^GKxWgGaB4@Zk5OtCaVUo>G*x3z&!g7^*^iZc( zTaRk3ZB(ye5Rw^n5t5(!jTMrbANBeKp7LWcv-<^qs|LgUiSAV>p=b4#jo_ph~ zzr3d1ksI2j-ssigdV_0e#4rZo-Ymm-hV+y^Dm9EtDC~h&XdJtf--W%<5A#38-sB&~ z9=!h?UWN5wb* zrz3S4Yp?(>$9{M_cEQI`9rzuN!9Rv};$by>Dyl^Yp#z{OaO*Ptr=EvjMfp&HtWao2OxP$RVs)qwA#8hWsZ z@z;xQQJ{*>qS^Z3Bvknd9F3b%bAAuD zB|%3f<3!3=mN5RR_`4L$!NaJz%Vs>Yu?mOaS{#R4a3k(R+HB;}oeErl`rtQ_K{EE@ zRD20})aXU)R6Yas-Ud`hu1k^Nf5zkdlY<{(ckDVUcwsPVWM-p=@>2XZK8mV%4#T6N zOrRQmEi(PaLF|Mlk=ZalK`rJXRHoHG234L~K!QdZNz{u!!P)pMGHON-YE@6B;CS4E zRrmmEWd4Jivi?lCMrbUm;s)fF;bTvH8Z`p1B77+1s6}-bssT@+I`TTI!CfW5xhIfSP6|49;BwOv>d zB#koEP_M^I{3)))6X@e~P8n77A~Flc=ePh%XqD!4GpYkWLCy7RsI}E$a`4`KWHt;> z@_pk@5;=GbXW(a;g%eqsYS2v7$#xm`#fMNsdl=6}bysU<0QSRT)N|)yAG`p2p&OR( zM1AiEn9^K5Mq&`Yh1vLDRK?kBcCG4CG;t~FMGy6!kD8MGH~`x30oB0csD^c5C8_}hsE$lbkx&H-aWK{+3)uJu&c*$xAwFwX(1TLEko*$V zNZp65OXC$(1ADS}*||mqYMV8M`5$5)`QM{D@ORYnsV*!{6^uho#S&D{E=Rra-SGZ{ zIF$Sm)Qg{>R`HOkpnNfES8T#U{1NK?gQ%%Ef$Ct#^8@pd5lI=9VS$BeKne@+Zq!g6 zMXl<$LqErS^4ScJhHwIE?iZkmHmaUI*bN^*b?5+Uk-mu99Uoz#_J7BDL5oJ9Dw>NX z)}V%P7cvXRKGYok3pLlh=LgS?M}1%wYVI3QBYHXN`5RFkcoa1P&*ND92z&B7_}@XoTpqme)QaGNm+_B!0lVRoD}%rB{(xP{zk&L|2dEE! zg=b^;RlyYX!wT|aaTvN-gf}2Zf$;=tiaVrM2iv3o%P6SAe%OK>1Xi}VIGwf`R`F`9y7*cUsk3s$Fz zs$eeV=qd=l00YjHa6#fkUE!>gM(`=YGiifJnjDnNi3w` zOH>2qUlI&;4Q5WV(1WObdlL0Q(+YYt1=Rrub^j*R6g-a_p-=E!>{=5{@h}`rekJDf zeIr4l5^uy&_!J-(|4t;nM}da$R@7>J9yN6Dq8joQ7GY^aP{Ar(ME)w&+`fuB(YiMV zJ)Vggxh*&hA4fI#cvv2Z22(dH%J^%wZlpjhyd4Yix2THWM-5?4Q{YO}5Plog(+5yP z`6+57ix_vk*M#Te9jHb50cwiQc7vW5;#~4eQY3UF-h^}Te$)p)MKz?fIq1PMRQ@v5 z2X05LnPaG)p1U#lBlSYOj(i%2@?qF80FRn2k4}dVCM6f@iTDPoX|kx;Z#d)~J7)Q1ER@8PofI0XMYECkHDWho zPdtbkv16#Y{utGuPP>AsEy6+MXJ8(#LoM3vDH7dC+>2U#`%xou6bImksQr4*?jS!N z_1uy$Ux$;(r*I}dhWfylSb^p@g7?>=rus_Ml-`Q@nEC~Y0ury_K>QNb(sTC&{~0|V zdyr3{8uSg+2;7GH&|y@AKSnL$uHVf3t{VlYhR;Ur9uGBQcc4c4FtW>1#z_)|6#N$_ zV&N4*3okAy2i#Q^a`EMS6>?FU||ooIS=M(jCIQ?$082D8cmraSuVCj4Yn{KI-D< zz<7eFrtCJMGzbA!DGeyihXL`zh4>*cCDXXf`Va101J@F}gRGIm1H(zbO4!6- ziJinK%8%hX;yq$G`F~^Ur9NTGuL~n)t6WTrpxXF+v%x&ctlq8I7ayI$T0@ zA>A*+IR1^y---D|FJc-ueu28GNO!_w%)=K{7+&Y&4~Q3uv$=mWUQ9elOd@{)=3_R| ziTFMFDDg3oB^TB9AYJrMdyYs%E|G&3!HE}-a4p@#ei3rhpHIq1x{0aPw=uf&cF*JN8 z(fT0%fq0sDnaCwdh%X6U_XPxN_E|C;h@TUKsc1qZJ!H_>_NlB@wwZ`0y@a{hO`035 z7Tb*5wYJk@*O`e8wwd&jR@98zwTWchHrL19rc80vt)+O`W-nnkWmVQSIWfme#I1xI zFEi&Rg14fZ%^KH^e2Z2z5t z`T51g#pbfvGgmB~yZi#vi7^^YmU>~5G7C4D+)pnoENMS_rpCfHEi-0sG8b1aG(Fq% zS|8L5w|0;Q#*;DANpBkdQ2X{VH<2Du@>L{fp>?U#lx#BRj;uDLZauGWOxm$p+l(cf zYV3G=c$pLFOSM*#%IHUJ&fQX&`#&m3Op6`77_(jk4b(9?}3|Ip-v{>@Xq*N(ZIK6QXUXWF+qHQ9*` zZk=a1{y#?a^sL)5?5C!m>id8C7Cz`FXFQQ!S9z?xzi9S+|KRL-J=KwB+W+;} z{mMCcevdgFxtr_P%qhyYFKu?1aI@L+yiIPrj+N$LI;Y}nm)6xgb?KYu42bmc5>^eB zY%puTUK?J8zrU)#|C_1;|BI@wXBB#RbSC{#)x?PZoAW!DEnBwC^xR~;)@J*8CfQls zr=Dn(k1^(Kl(^Z%>TzQBbbsL7_p+O?g}Rev_O#gEVXReHtz;}J9FC7YYw zxW+piQSCIdur3@~KejL@y=vi0k@gd6%KftH*Z#hmFeGuvsN{KC*XWn zr;OWBk;%@E+KmY^X69aXyw25;~n8O=`x7gbp;%9bcp9r2H?n$>3!(@`}G;_?SuH@Wh2S=5PxvfW8y9*}wq<0Cr7)x+pk6C`?g6siyqf_sg96;QR z((gv=;4PVvce&l$-+94`tTsg**DTHr4z~F#md>78UBM#OZgm?N#jlUG#G04e^{qU3 zZ$ifn^;->0X2R9r`On+EJ2M-txBM;ZX86BaH)8Dkxb1KRw9o|3z*5h)VwzN&7CD)j zZXLfjQ*n=E(CbI}L z1EWKlF0nzF@^q>5<4Bjb@Axk_teRM->vY21{( z(2DYDc4isB{dBk`S?0grINX1>vC2Oc>*41`kM`$BGuc?HKO5S9n??O}bcmnV)W2=N z{K}?vrN->WE$nudcg&8lTid+XW}$@B=0DR^F#L4IoEjx&a!Y1CSoNIFI!>&(#p;SP z1U+I^k-}0Z^J`u2L|yaXEm2op(`=cQr&pbu-s;x2>t-b{PPiAxZT@nKjVbp}Y`o-* z)-H`-UCc@321`5qp=#Z<3_E8^X6#x1+WW7?FUc%MztX$jKj~f7(TOGOxPNP+-#Huy zL1t%iL|A-Zazf8GEwW5b+(!Ro^4yaDXGDyc-NNz4WVRU(ze~%N{&Ov_pV96IH%-oN z^Nba4KL6cK@25Y#bXxlnTAxm=&S})y=h=)Re_H5gxFRzr{Ke*246};;_~rNeleTtg zv$E=4f6>;d{x7%A=jSxp%oOPNl)cIc;J>-G)StR-em}d>3tFoQ@>=+na%1`_O>Udo zF>di`|JU1w`v%`=@xAnww`CafY-c{g7 zcXjeVPxbDbIc3?qO*QPzn3<;^Vmszn?#lMdx9=+tj=Kf3Di@b#8swe+Zg7jk=gcDC z+|e(X*J(S(R|F67^IgiGqfce#Q&%K|pYzOF9{#9n&9OCG7{?|KR43+6PdDrs8p-BQ zaQeotOp?EI^#}`R&(3X;5nbYxjOeP52Z{>niYG1#p5TG*qbMq_y6opW-HCCZ=Z~jf{^ng(UEN*vtLo0` zzPcmk@vSl8_uDtwZg3R245K^V5^op>Rqmu#!!T)Vi^-0IunqMw*dAv&_2t-+dJVSa z`Ym`P-qORqen67lzW`g)Zzgh|u;F$ZDzP0W)}kJ`4fAj>@{jQ$KfTZ}4PylK#xA%R z({L4L;H}sh52Mb1faCEz7GgoNeV?^a!-jDu1&#bLCgMrtALBefy)iMxFcPo;TjD&_ z3_Lg(LymW2GwSallQ&MGCgNh$ao8UFVOLDYaoCCH8-5BSaU<%+&mh+tM^OX$7B!HL z{7^JTpdPRYO{_y@V3*^ws0@681JFn{j2IY*-Ea_ka5{!ZQHW4bO20>z%NWSr)NvXr zBRjaY!s;UJ9dV-IL3YM}Em2QNqUdkB@ev#5bIXWAP0aMVQRq_h5d&}ye)J7!aV z47K)OVqZ*WVU>|tXkrZx#2u&szlcoMIE{rE&qX>v1vP;+I2>Q=SS_AqprIXd8Y9y zYG6MhyWhwNlNWUyfl8?xmAaeoI(!T1Yb@g`4RkBAO2#29=qqVO^UB4Zfc-VN^Y4{G=S4IXqNGUEtjd%-cV2|S%Jdes)9(U26 z@SusCQJe5DI1FDxWip1@jKa}47dN7X?_nRFZv^N~5{w-<6%V7VZR0OECwP;w!NO?n2#nKbm+1)&C5te>|^3SScS&Ara?eTdc;` zxCu3&?RW{^g&pyG)PUky7v0E2y$zF4OXf#yvfZfn{5jNfK0{@$H6IgYcxXQPXTut9 z8kFK2u^T>t8u>e@2cAXUD6YWXWPPzG^*q$T7ho5x!6du^yW@V;1YSX1e*%>mt&b+q zu`q1Upf3&DOtTzoFpm08)C~8a26hCs1gB90JdfIR?b%@(Xb$QvnB=$s)xR7y;I){9 zx1k2|w7$Q(@J-YWKgS*zGunO)O`Jr19x8>mqh@j#7vfi_%uO0&f8j!?0pEwbfyUdY z*Rk1HyFLU{sINdxD7=M&F1Xuicn!5SU!g{xz*j;8>x;T@Eb77%)OTY8YGC_O_c`XY zUvS#{jkni)ChGb+)C70ihK(mEC?&_86F;E_kTAjCRHIR;DnY#!YaA_9=Jui1{u#&P zsO!H)ZQ>pi?TPe9?Ue%5TQwh3_5N2<(1>=RZgc=md=-_tuTcZ+&N?Jx9-6oqm7y?d z&9|X4b0@0*GpGT7h&gy3)h~0hGZ4(?`Nn(-y5L$=s_#R+hA*IY@jKWT&tV@-nqm)N z0&3tZP@8KL>H&A5X8I`V!}bPhx5x5z8;o61^=TN^h>I!c!Z2#YH=;6e59;-K7B!$Z zQ2jq~ynq@&w`um5as;w}jR30OL#UsThLHA-5&8&)J#jT7jDBe zd;~M`B<^$Z1>|d_0XeGi%*9-sf?A4An1K%i8$r4IjbYcnp<^pRp5W%(DkxfEw_09EJ-WZ^CBOUqNN^ zZPecQ1>-QBaH)O6p4g9usn{87k*}_C118|BXyT`sj7=}IZN^+wL71|Zulwo$C$@fY zrg^v=t5F#`;k0*HW3cB&LsG0wa+SLgj z`(I2(;aKWd;63Vx*;wYaA9O2f@4Sx9@mGw;ri@Zc&>ofYLezxjq6Xk!PX6_v-85*# zFXD9kCu%JxmDrmljGAc#N8=gngPAMr0nb6TS7JIoj05o`CSxm~eZPUI`*Gp9c@~>2{qCqpg z)$tH&FPuRQq%-|AgIrVwyr`63kIL8{?23OyE#({79lvmlTWkL<>4mLnFG6kFC1DCZ zCw59MoY5>PjOL7)dFlB>1ka4J)6{CrDs0Z%Cp?C!K+8P_}3}vA*a2aaT)u1wb z4GzZ#kpYH{FDQ(l;R5ObBmQ7Nun3hRKWfD5P^sRH8t?(sjbFfIeAn?8>_xrjCVPOR zaTfIoRKG*0iGGS5^!~dx+Z{WhHq97piRGvP)S)iC&T&5uqy9Q7Q_Zj99yo=cSCK8# zaJ)!qiBr?yW1RBa_$+Y|&o@3Hz9e)^;wIAx-Y{bh(TuXzU;jy!zZua(|EX3-KK>Ek zC0eP0qc?3Wh!~;^@fmIB2#e6SL;ovSM>iaU;S2nXq@uMRNpz+>%IT!E-9r3Kj3cy6 zI=0$Gf3^9B(*OQOZ7)#%ig=m$3sJ!NLCD)1J?`N*ju@r&AM89#sXj)`BQj{y8tTX) z_C`zm(ZGqs-NZJcny5eiMB#ekjMMNn_95OOE_2#Ue2{2Du-$mY$^TsxbQ~nUkCyD8 z`LK+bM6g$k8wefR^|=f%9=8zMob^Wz?R^Oydc7Vd_7K`nRmA5+{n4Mo39Y}5>xgfo zB{m&5(7XRQag<1--W5M4ZYCNZ$yD|erB0(C?;!rmsn?@dPDdUwm6)LlM|c81XNf0O z<9LbCTcG19;!WZ{Rh(JHJE}>$pSLY~yv6VP#5m4R$FWYo!_l*b@ej2TeP|zyQ}F|> z{|Kk!cTUF}aRHI!)c+F?4f(_oq9xZh!(Ry<4-kKgmiX6goI?B$@deS;c@9OR6=i+2 znri*WQ&>g3Li8lAAx;y+h@Xi5bRLL0+7id3CHtoX=dPug?%ezo&@mCaI^}klOguyTBAw*eXJZVbeH!s0^@}it(2^|FC0w_ApS~BBN`unrqaoIXcLT3|A_cI zF_-vnq9d`CsGlfBV<3H>P(jU|`F%86wtp^hZn&~hTR++^p?*8Dop^|7K{P&=Q#skF z;h&T@5Q~Y{PWxo;vzhYM!~r77=hPchPQ^4RXlbUJWoI1<;E;Zj8nU<1m`ut{bvAcMMSKSQtuJ*f^m3hso0Hq3dFyu8W zfUNhBW=H=x@-c9Qt8yV3z5*zs@ z^H*1-Rn`iZwJqD*EEHN52zqkO$hqv#Vq(b`*C?e!OXO@DRy zGH)<)s<5fcx@h#1y~`Ou)e5h_%2({Jva?s=E?-i-Ld{iyQr#f(^yqhE+qlch0_tOy zd&>jC)zKnRd<)Noo!|h%^ft%DxJ}7c(i43wwaZkJ7h#=R!&w{{8V?SDsy(w?GKf? zs{+AXbBfnjwZa@7Smh0wd3Aw6MVWg=c+h%nL6Ws|VN0vu!t|^|S9_P2Fg{<2+g}xE*tBdu`+D|Du}|0AyE@a_ zx^U%y-|cWl;`DX<-DSQypS{0%Sp61nvZyHO_gmauQSH$d_XXtS z?$V^D&e*NBOAD>1m-e?z_mxeZ@kH)$cZ|(&I?&&}lHE`hAXR30HG4=6UcagBm~77V zS*JaHn%DRCL=wEcVj^WF*SI>=x0zMm@`?bNDzC5x`YKaHHG!bgVHCMN0n=S(dIBMz zH(0$gV0yguNsT<^+ZEGr+mN-q%o{md_D5I4z_WHj?q~wsCZ8HN zDG3H5{elx*X{OJkcdNu#7BHXRUB+yx=o1Vy+@EQB{gEA^;+SS7-m2)wz-m^rG`{`` ztVyV5i`8${qWU$ku3fd=YFT@m%WFMYo6zn*zBER(wN;~UjomWh|NPn*UccM)2Hn9x zf3wj?Cq%+3yusyV)dBnJmcM<0?1natzBv3}@6m_0ZPdnBh{mI}{TSti+F^a1=_m~q zfuK2yuR(CqSi|qFVefj}_35y#U46Cn^Xjf`c=toz(i*qESKeU2YFhVY-t))*SEHQSQjK+zV$sDPj%b+wN~fN3D%?yJ&5+!l^YJ`H+&tY zjvZCR9i!imhS4;fEgChAlfMnqIbl_9O!#dxZ5$ej`$Kn^Rj{clE;_7{*29~Qrj-Rs o-G>gaG5n_UIaW&CX5;oTDOPZEX~Uc7iG05Ks4H^p>hrFD17rRd(*OVf diff --git a/plugins/sudoers/po/eo.po b/plugins/sudoers/po/eo.po index a4c5355..6566128 100644 --- a/plugins/sudoers/po/eo.po +++ b/plugins/sudoers/po/eo.po @@ -1,14 +1,14 @@ # Esperanto translations for sudo package. # This file is put in the public domain. -# Keith Bowes , 2012. +# Felipe Castro , 2013. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.6b3\n" +"Project-Id-Version: sudoers 1.8.7b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-07-11 16:27-0400\n" -"PO-Revision-Date: 2012-07-31 01:59-0400\n" -"Last-Translator: Keith Bowes \n" +"POT-Creation-Date: 2013-04-17 15:52-0400\n" +"PO-Revision-Date: 2013-04-20 19:48-0300\n" +"Last-Translator: Felipe Castro \n" "Language-Team: Esperanto \n" "Language: eo\n" "MIME-Version: 1.0\n" @@ -16,201 +16,213 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: gram.y:110 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s: %s apud linio %d <<<" +#: confstr.sh:2 +msgid "Password:" +msgstr "Pasvorto:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** SEKURECO: informoj por %h ***" + +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Malĝuste. Reprovu." -#: plugins/sudoers/alias.c:125 +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Kromnomo '%s' jam ekzistas" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "ne eblas akiri ensalutan klason por uzanto %s" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" -msgstr "ne eblas komenci bsd-konstatadn" +msgstr "ne eblas komenci bsd-aÅ­tentikigon" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" -msgstr "nevalida konstata tipo" +msgstr "nevalida aÅ­tentikiga tipo" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" -msgstr "ne eblas starigi konstatadon" +msgstr "ne eblas starigi aÅ­tentikigon" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "ne eblas legi fwtk-agordon" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" -msgstr "ne eblas konektiĝi al konstatanta servilo" +msgstr "ne eblas konektiĝi al aÅ­tentikiga servilo" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" -msgstr "konekto al konstatanta servilo perdita" +msgstr "konekto al aÅ­tentikiga servilo perdita" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" -"eraro de konstatanta servilo:\n" +"eraro de aÅ­tentikiga servilo:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format -msgid "%s: unable to unparse princ ('%s'): %s" -msgstr "%s ne eblas analizi princ-on ('%s'): %s" +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s ne eblas konverti ĉefon al ĉeno ('%s'): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: ne eblas analizi: '%s': %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format -msgid "%s: unable to resolve ccache: %s" +msgid "%s: unable to resolve credential cache: %s" msgstr "%s: ne eblas trovi ccache-on: %s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: ne eblas generi elektojn: %s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: ne eblas akiri atestilojn: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format -msgid "%s: unable to initialize ccache: %s" -msgstr "%s: ne eblas iniciati ccache-on: %s" +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: ne eblas ekigi atestilan kaŝmemoron: %s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format -msgid "%s: unable to store cred in ccache: %s" -msgstr "%s: ne eblas konservi atestilon en ccache: %s" +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: ne eblas konservi atestilon en kaŝmemoro: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" -msgstr "%s: ne eblas atingi ĉefgastiganto: %s" +msgstr "%s: ne eblas atingi gastiganton ĉefan: %s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" -msgstr "%s: Ne eblas konstati TGT-on! Ebla atako!: %s" +msgstr "%s: Ne eblas kontroli TGT! Ebla atako!: %s" -#: plugins/sudoers/auth/pam.c:100 +#: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" -msgstr "ne eblas iniciati PAM-on" +msgstr "ne eblas ekigi PAM" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "malsukceso ĉe konta validigo, ĉu via konto estas ŝlosita?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" msgstr "Konto aÅ­ pasvorto eksvalidiĝis, restarigu vian pasvorton kaj reprovu" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:162 #, c-format -msgid "pam_chauthtok: %s" -msgstr "pam_chauthtok: %s" +msgid "unable to change expired password: %s" +msgstr "ne eblas ŝanĝi eksvalidan pasvorton: %s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "Pasvorto eksvalidiĝis, kontaktu vian sistemestron" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:171 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto eksvalidiĝis aÅ­ PAM-agordon malhavas sekcion \"account\" por sudo, kontaktu vian sistemestron" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:188 #, c-format -msgid "pam_authenticate: %s" -msgstr "pam_authenticate: %s" +msgid "PAM authentication error: %s" +msgstr "eraro de aÅ­tentikiga servilo: %s" -#: plugins/sudoers/auth/pam.c:332 -msgid "Password: " -msgstr "Pasvorto: " - -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "Pasvorto:" +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "ne eblas establi atestilojn: %s" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "vi ne ekzistas en la datumbazo %s" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" -msgstr "malsukcesis iniciati la bibliotekon de la API ACE" +msgstr "malsukcesis ekigi la bibliotekon de la API ACE" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "ne eblas kontakti la servilon de SecurID" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" -msgstr "Uzanto identigilo ŝlosita pro konstatado en SecurID" +msgstr "Uzanto-identigilo ŝlosita pro AÅ­tentikigo SecurID" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "nevalida salutnoma longo por SecurID" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" -msgstr "nevalida konstatilo por SecurID" +msgstr "nevalida AÅ­tentikiga Traktilo por SecurID" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "Komunikiĝo kun SecurID malsukcesis" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "nekonata SecurID-eraro" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "nevalida paskoda longo por SecurID" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" -msgstr "ne eblas iniciati SIA-seascon" +msgstr "ne eblas ekigi SIA-seascon" -#: plugins/sudoers/auth/sudo_auth.c:121 -msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." -msgstr "Nevalidaj konstatantaj metodoj muntitaj en sudo! Vi rajtas miksi dependan kaj sendependan konstatadon." +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "nevalidaj aÅ­tentikigaj metodoj" -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "Nevalidaj aÅ­tentikigaj metodoj kompilitaj en sudo! Vi ne rajtas miksi dependan kaj sendependan aÅ­tentikigon." + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "neniu aÅ­tentikiga metodo" + +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." -msgstr "Ekzistas neniaj konstatantaj metodoj muntitaj en sudo! Se vi volas malŝalti konstatadon, uzu la munta parametro --disable-authentication." +msgstr "Ekzistas neniaj aÅ­tentikigaj metodoj kompilitaj en sudo! Se vi volas malŝalti aÅ­tentikigon, uzu la agordan parametron --disable-authentication." -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" -msgstr "Konstatantaj metodoj:" +msgstr "AÅ­tentikigaj metodoj:" #: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63 #: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116 @@ -224,9 +236,9 @@ msgstr "getaudit: malsukcesis" msgid "Could not determine audit condition" msgstr "Ne eblis determini revizian kondiĉon" -#: plugins/sudoers/bsm_audit.c:101 +#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160 #, c-format -msgid "getauid failed" +msgid "getauid: failed" msgstr "getauid: malsukcesis" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 @@ -247,111 +259,47 @@ msgstr "au_to_exec_args: malsukcesis" #: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187 #, c-format msgid "au_to_return32: failed" -msgstr "getaudit: malsukcesis" +msgstr "au_to_return32: malsukcesis" #: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 #, c-format msgid "unable to commit audit record" -msgstr "ne eblis konservi revizian rekordon" - -#: plugins/sudoers/bsm_audit.c:160 -#, c-format -msgid "getauid: failed" -msgstr "getauid: malsukcesis" +msgstr "ne eblis konservi revizian rikordon" #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text: malsukcesis" -#: plugins/sudoers/check.c:244 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:978 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:815 -#, c-format -msgid "unable to open %s" -msgstr "ne eblas malfermi: %s" - -#: plugins/sudoers/check.c:248 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "ne eblas skribi al %s" - -#: plugins/sudoers/check.c:256 plugins/sudoers/check.c:501 -#: plugins/sudoers/check.c:551 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "ne eblas mkdir-i: %s" - -#: plugins/sudoers/check.c:391 -#, c-format -msgid "internal error, expand_prompt() overflow" -msgstr "ena eraro, superfluo en expand_prompt()" - -#: plugins/sudoers/check.c:451 -#, c-format -msgid "timestamp path too long: %s" -msgstr "tempo-indikila pado tro longa: %s" - -#: plugins/sudoers/check.c:480 plugins/sudoers/check.c:524 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s ekzistas sed ne dosierujo (0%o)" - -#: plugins/sudoers/check.c:483 plugins/sudoers/check.c:527 -#: plugins/sudoers/check.c:572 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "%s estas estrita de uid %u, devas esti uid %u" - -#: plugins/sudoers/check.c:488 plugins/sudoers/check.c:532 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "%s skribebla de ne-estro (0%o), devas esti reĝimo 0700" - -#: plugins/sudoers/check.c:496 plugins/sudoers/check.c:540 -#: plugins/sudoers/check.c:608 plugins/sudoers/sudoers.c:993 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:581 -#, c-format -msgid "unable to stat %s" -msgstr "ne eblas stat-i: %s" - -#: plugins/sudoers/check.c:566 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s ekzistas sed ne estas normala dosiero (0%o)" - -#: plugins/sudoers/check.c:578 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "%s skribebla de ne-estro (0%o), devas esti reĝimo 0600" - -#: plugins/sudoers/check.c:632 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "tempo-indikilo tro estonte: %20.20s" - -#: plugins/sudoers/check.c:679 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "ne eblas forigi: %s (%s); restarigos al la epoko" - -#: plugins/sudoers/check.c:687 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "ne eblas restarigi al la epoko: %s" +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Ni fidas, ke vi ricevis la kutiman prelegon fare de la sistemestro.\n" +"Resume memoru la jenajn:\n" +"\n" +" #1) Estimu la privatecon de aliaj.\n" +" #2) Pensu antaÅ­ ol tajpi.\n" +" #3) Granda povo devigas grandan responson.\n" +"\n" -#: plugins/sudoers/check.c:747 plugins/sudoers/check.c:753 -#: plugins/sudoers/sudoers.c:841 plugins/sudoers/sudoers.c:845 +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "nekonata uid: %u" -#: plugins/sudoers/check.c:750 plugins/sudoers/sudoers.c:782 -#: plugins/sudoers/sudoers.c:1110 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "nekonata uzanto: %s" @@ -364,12 +312,12 @@ msgstr "Syslog-trajto se syslog estas uzata por protokoli: %s" #: plugins/sudoers/def_data.c:31 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" -msgstr "Syslog-prioritato por uzi, kiam uzanta sukcese konstatas: %s" +msgstr "Syslog-prioritato por uzi, kiam uzanto sukcese aÅ­tentikiĝas: %s" #: plugins/sudoers/def_data.c:35 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" -msgstr "Syslog-prioritato por uzi kiam uzanto malsukcese konstatas: %s" +msgstr "Syslog-prioritato por uzi kiam uzanto malsukcese aÅ­tentikigas: %s" #: plugins/sudoers/def_data.c:39 msgid "Put OTP prompt on its own line" @@ -385,7 +333,7 @@ msgstr "Ĉiam sendi retmesaĝon kiam sudo plenumiĝas" #: plugins/sudoers/def_data.c:51 msgid "Send mail if user authentication fails" -msgstr "Sendi retmesaĝon se uzanto-konstato malsukcesas" +msgstr "Sendi retmesaĝon se uzanto-aÅ­tentikiĝo malsukcesas" #: plugins/sudoers/def_data.c:55 msgid "Send mail if the user is not in sudoers" @@ -414,7 +362,7 @@ msgstr "Dosiero havanta la sudo-averton: %s" #: plugins/sudoers/def_data.c:79 msgid "Require users to authenticate by default" -msgstr "Postulas, ke uzantoj konstatas aÅ­tomate" +msgstr "Postulas, ke uzantoj aÅ­tentikiĝu aÅ­tomate" #: plugins/sudoers/def_data.c:83 msgid "Root may run sudo" @@ -486,7 +434,7 @@ msgstr "Nur valorizi la efikan uid-on al la cela uzanto, ne la realan uid-on" #: plugins/sudoers/def_data.c:151 msgid "Don't initialize the group vector to that of the target user" -msgstr "Ne iniciati la grupon vektoron al tio de la cela uzanto" +msgstr "Ne ekigi la grupon vektoron al tio de la cela uzanto" #: plugins/sudoers/def_data.c:155 #, c-format @@ -496,7 +444,7 @@ msgstr "Longo je kiu linfaldi la protokolon (0 por senfalda): %d" #: plugins/sudoers/def_data.c:159 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" -msgstr "Eksvalidiĝo de la konstata tempo-indikilo: %.1f minutoj" +msgstr "Eksvalidiĝo de la aÅ­tentikiga tempo-indikilo: %.1f minutoj" #: plugins/sudoers/def_data.c:163 #, c-format @@ -551,12 +499,12 @@ msgstr "Neĝusta pasvorta mesaĝo: %s" #: plugins/sudoers/def_data.c:203 #, c-format msgid "Path to authentication timestamp dir: %s" -msgstr "Pado al dosierujo de konstata tempostampo: %s" +msgstr "Pado al dosierujo de aÅ­tentikiga tempostampo: %s" #: plugins/sudoers/def_data.c:207 #, c-format msgid "Owner of the authentication timestamp dir: %s" -msgstr "Estro de la dosierujo de konstata tempostampo: %s" +msgstr "Estro de la dosierujo de aÅ­tentikiga tempostampo: %s" #: plugins/sudoers/def_data.c:211 #, c-format @@ -668,7 +616,7 @@ msgstr "Uzi pli rapida kunigo, kiu estas malpli ĝusta sed ne atingas la dosiers #: plugins/sudoers/def_data.c:307 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" -msgstr "La umask specifa en sudors superregos tio de la uzanto, eĉ se ĝi estas pli permesema." +msgstr "La umask specifa en sudors superregos tio de la uzanto, eĉ se ĝi estas pli permesema" #: plugins/sudoers/def_data.c:311 msgid "Log user's input for the command being run" @@ -680,7 +628,7 @@ msgstr "Protokoli la eligon de la komando, kiu estas plenumiĝi" #: plugins/sudoers/def_data.c:319 msgid "Compress I/O logs using zlib" -msgstr "Kunpremi eneligaj protokoloj per zlib" +msgstr "Kunpremi eneligaj protokoloj per zlib" #: plugins/sudoers/def_data.c:323 msgid "Always run commands in a pseudo-tty" @@ -709,197 +657,209 @@ msgstr "Aldoni eron al la utmp/utmpx-dosiero dum generi pty-on" msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Valorizi uzanton en utmp al la plenumigkiela uzanto, ne la vokanta uzanto" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:347 +msgid "Set of permitted privileges" +msgstr "Aro da permesitaj privilegioj" + +#: plugins/sudoers/def_data.c:351 +msgid "Set of limit privileges" +msgstr "Aro da limigaj privilegioj" + +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Plenumigi komandojn en pty en la fono" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Krei novan PAM-seancon en kiu la komando plenumiĝos" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "maksimuma sinsekva numero de la eneliga protokolo" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "nekonata ero '%s' en defaults" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "valoro '%s' estas nevalida por parametro '%s'" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "neniu valoro specifita por '%s'" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "Valoroj por '%s' devas komenciĝi per '/'" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "parametro '%s' ne povas havi valoron" -#: plugins/sudoers/env.c:339 -#, c-format -msgid "sudo_putenv: corrupted envp, length mismatch" -msgstr "sudo_putenv: medio tro granda" - -#: plugins/sudoers/env.c:341 plugins/sudoers/env.c:411 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:682 toke.l:812 toke.l:872 toke.l:968 +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 #, c-format -msgid "unable to allocate memory" -msgstr "ne eblas generi memoron" +msgid "internal error, %s overflow" +msgstr "interna eraro, superfluo en %s" -#: plugins/sudoers/env.c:366 +#: plugins/sudoers/env.c:367 #, c-format -msgid "internal error, sudo_setenv2() overflow" -msgstr "ena eraro, superfluo en sudo_setenv2()" - -#: plugins/sudoers/env.c:410 -#, c-format -msgid "internal error, sudo_setenv() overflow" -msgstr "ena eraro, superfluo en sudo_setenv()" +msgid "sudo_putenv: corrupted envp, length mismatch" +msgstr "sudo_putenv: medio tro granda" -#: plugins/sudoers/env.c:955 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "bedaÅ­re vi ne estas permesata valorizi la jenajn medivariablojn: %s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:935 toke.l:678 toke.l:868 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s devas esti estrata de uid %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s devas esti skribebla nur de estro" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "ne eblas dlopen: %s: %s" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "ne eblas trovi simbolon \"group_plugin\" en %s" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nekongrua grupa kromprogramo: ĉefa eldono %d, atendita %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Loka IP-adresa kaj retmaska paroj:\n" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:981 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s ekzistas sed ne dosierujo (0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 +#, c-format +msgid "unable to mkdir %s" +msgstr "ne eblas mkdir-i: %s" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "ne eblas malfermi: %s" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "ne eblas legi %s" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format -msgid "invalid sequence number %s" -msgstr "nevalida sinsekva numero %s" +msgid "unable to write to %s" +msgstr "ne eblas skribi al %s" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "ne eblas krei: %s" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:378 -#, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "ne eblas elekti lokaĵaron \"%s\", uzanta lokaĵaron \"C\"" - -#: plugins/sudoers/ldap.c:389 +#: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: pordo tro granda" -#: plugins/sudoers/ldap.c:412 +#: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: eluzis spacon etendanta la bufron" -#: plugins/sudoers/ldap.c:442 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "nekonata retadresa tipo de LDAP: %s" -#: plugins/sudoers/ldap.c:471 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "nevalida retadreso: %s" -#: plugins/sudoers/ldap.c:477 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "ne eblas miksi sekurajn kaj nesekurajn retadresojn de LDAP" -#: plugins/sudoers/ldap.c:481 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "ne eblas miksi protokolojn ldaps kaj starttls" -#: plugins/sudoers/ldap.c:500 +#: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: eluzis spacon muntanta la bufron" -#: plugins/sudoers/ldap.c:574 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" -msgstr "ne eblas iniciati SSL-asertilon kaj ŝlosilan datumbazon: %s" +msgstr "ne eblas ekigi SSL-asertilon kaj ŝlosilan datumbazon: %s" -#: plugins/sudoers/ldap.c:577 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "TLS_CERT devas havi valoron en %s antaÅ­ ol SSL uzeblos" -#: plugins/sudoers/ldap.c:994 +#: plugins/sudoers/ldap.c:1062 #, c-format msgid "unable to get GMT time" msgstr "ne eblas atingi GMT-tempon" -#: plugins/sudoers/ldap.c:1000 +#: plugins/sudoers/ldap.c:1068 #, c-format msgid "unable to format timestamp" msgstr "ne eblas aranĝi tempostampon" -#: plugins/sudoers/ldap.c:1008 +#: plugins/sudoers/ldap.c:1076 #, c-format msgid "unable to build time filter" msgstr "ne eblas munti tempan filtrilon" -#: plugins/sudoers/ldap.c:1223 +#: plugins/sudoers/ldap.c:1295 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1: genra malkongruaĵo" -#: plugins/sudoers/ldap.c:1759 +#: plugins/sudoers/ldap.c:1842 #, c-format msgid "" "\n" @@ -908,7 +868,7 @@ msgstr "" "\n" "LDAP-rolo: %s\n" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1844 #, c-format msgid "" "\n" @@ -917,27 +877,28 @@ msgstr "" "\n" "LDAP-rolo: NEKONATA\n" -#: plugins/sudoers/ldap.c:1808 +#: plugins/sudoers/ldap.c:1891 #, c-format msgid " Order: %s\n" msgstr " Ordo: %s\n" -#: plugins/sudoers/ldap.c:1816 +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr " Komandoj:\n" -#: plugins/sudoers/ldap.c:2238 +#: plugins/sudoers/ldap.c:2321 #, c-format msgid "unable to initialize LDAP: %s" -msgstr "ne eblas iniciati LDAP-on: %s" +msgstr "ne eblas ekigi LDAP-on: %s" -#: plugins/sudoers/ldap.c:2272 +#: plugins/sudoers/ldap.c:2355 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls specifita sed LDAP-bibliotekoj ne havas la funkciojn ldap_start_tls_s() kaj ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2508 +#: plugins/sudoers/ldap.c:2591 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "nevalida atributo de sudoOrdo: %s" @@ -947,74 +908,80 @@ msgstr "nevalida atributo de sudoOrdo: %s" msgid "unable to open audit system" msgstr "ne eblas malfermi revizian sistemon" -#: plugins/sudoers/linux_audit.c:82 -#, c-format -msgid "internal error, linux_audit_command() overflow" -msgstr "ena eraro, superfluo en linux_audit_command()" - -#: plugins/sudoers/linux_audit.c:91 +#: plugins/sudoers/linux_audit.c:93 #, c-format msgid "unable to send audit message" msgstr "ne eblas sendi revizian mesaĝon" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s: %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s: (komando ne trovita) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "ne eblas malfermi protokolon: %s: %s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "ne eblas ŝlosi protokolon: %s: %s" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Neniu uzanto aÅ­ gastiganto" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "validiga malsukceso" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "uzanto NE estas en sudoers" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "uzanto NE permesata en gastiganto" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "komando ne permesata" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ne estas en la dosiero sudoers. Ĉi tiu estos raportita.\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" -msgstr "%s estas ne permesata plenumigi sudo-on en %s. Ĉi tio estos raportita\n" +msgstr "%s ne estas permesata plenumigi sudo-on en %s. Ĉi tio estos raportita.\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" -msgstr "BedaÅ­re uzanto %s ne rajtas plenumigi sudo-on en %s.\n" +msgstr "BedaÅ­re uzanto %s ne rajtas plenumigi sudo-on en %s.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "BedaÅ­re uzanto %s ne rajtas plenumigi '%s%s%s'-on kiel %s%s%s en %s.\n" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "Neniu uzanto aÅ­ gastiganto" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "validiga malsukceso" - -#: plugins/sudoers/logging.c:334 plugins/sudoers/sudoers.c:498 -#: plugins/sudoers/sudoers.c:499 plugins/sudoers/sudoers.c:1517 -#: plugins/sudoers/sudoers.c:1518 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: komando ne trovita" -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" @@ -1023,62 +990,77 @@ msgstr "" "Ignoranta '%s'-on trovita en '.'\n" "Uzu 'sudo ./%s'-on se tio estas la '%s', kiun vi volas plenumigi." -#: plugins/sudoers/logging.c:350 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "aÅ­tentiga malsukceso" -#: plugins/sudoers/logging.c:374 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "pasvorto estas bezonata" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d malĝusta pasvorta provo" msgstr[1] "%d malĝustaj pasvortaj provoj" -#: plugins/sudoers/logging.c:377 -msgid "a password is required" -msgstr "pasvorto estas bezonata" - -#: plugins/sudoers/logging.c:528 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "ne eblas forki" -#: plugins/sudoers/logging.c:535 plugins/sudoers/logging.c:597 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "ne eblas forki: %m" -#: plugins/sudoers/logging.c:587 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "ne eblas malfermi tubon: %m" -#: plugins/sudoers/logging.c:612 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "ne eblas kopii enigon: %m" -#: plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "ne eblas plenumigi %s-on: %m" -#: plugins/sudoers/logging.c:863 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" -msgstr "ena eraro: nesufiĉa spaco por protokola linio" +msgstr "interna eraro: nesufiĉa spaco por protokola linio" + +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "nekonata resuma tipo %d por %s" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "%s: lega eraro" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "resumo por %s (%s) ne estas laÅ­ la formo %s" + +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "analiza eraro en %s proksime al linio %d" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "analiza eraro en %s" -#: plugins/sudoers/parse.c:389 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1087,379 +1069,380 @@ msgstr "" "\n" "Ero en sudoers:\n" -#: plugins/sudoers/parse.c:391 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:406 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:415 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Elektoj: " + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "ne eblas plenumigi: %s" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Eldono %s de la konduta kromprogramo\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Eldono %d de la gramatikilo de sudoers\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" Komandoj:\n" -"\t" +"\n" +"Pado de sudoers: %s\n" + +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "pado de nsswitch: %s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ": " +#: plugins/sudoers/policy.c:670 +#, c-format +msgid "ldap.conf path: %s\n" +msgstr "pado de ldap.conf: %s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:671 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "ne eblas konservi uid-on %u (%s), jam ekzistas" +msgid "ldap.secret path: %s\n" +msgstr "pado de ldap.secret: %s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "ne eblas konservi uid-on %u, jam ekzistas" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "ne eblas konservi uzanton %s, jam ekzistas" -#: plugins/sudoers/pwutil.c:668 -#, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "ne eblas konservi gid-on %u (%s), jam ekzistas" - -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "ne eblas konservi gid-on %u, jam ekzistas" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "ne eblas konservi grupon %s, jam ekzistas" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "ne eblas konservi grupan liston por %s, jam ekzistas" + +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "ne eblas trakti grupon en %s" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "permeso-staka superfluo" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "permeso-staka subfluo" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "ne eblas ŝanĝi al radika gid" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "ne eblas ŝanĝi al plenumigkiela gid" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "ne eblas ŝanĝi al plenumigkiela uid" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "ne eblas ŝanĝi al gid de sudo-redaktantoj" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "tro da procezoj" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "ne eblas elekti vektoron de plenumigkiela grupo" -#: plugins/sudoers/sudo_nss.c:243 +#: plugins/sudoers/sssd.c:257 +#, c-format +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "ne eblas ekigi SSS-fonton. Ĉu SSSD estas instalita en via maŝino?" + +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 +#, c-format +msgid "unable to find symbol \"%s\" in %s" +msgstr "ne eblas trovi simbolon \"%s\" en %s" + +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Kongruantaj eroj de Defaults: %s en ĉi tiu gastiganto:\n" -#: plugins/sudoers/sudo_nss.c:256 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Plenumigkiela komando-specifaj aÅ­tomataĵoj por %s:\n" -#: plugins/sudoers/sudo_nss.c:269 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Uzanto %s rajtas plenumigi la jenajn komandojn en ĉi tiu gastiganto:\n" -#: plugins/sudoers/sudo_nss.c:278 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Uzanto %s ne rajtas plenumigi sudo-on en %s.\n" -#: plugins/sudoers/sudoers.c:208 plugins/sudoers/sudoers.c:239 -#: plugins/sudoers/sudoers.c:943 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "problemoj kun aÅ­tomataj eroj" -#: plugins/sudoers/sudoers.c:212 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "ne validaj fontotekstoj de sudoers trovita, ĉesiganta" -#: plugins/sudoers/sudoers.c:264 -#, c-format -msgid "unable to execute %s: %s" -msgstr "ne eblas plenumigi %s-on: %s" - -#: plugins/sudoers/sudoers.c:331 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers specifas, ke ĉefuzanto ne rajtas sudo-i" -#: plugins/sudoers/sudoers.c:338 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "vi ne rajtas uzi la parametron -C" -#: plugins/sudoers/sudoers.c:427 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" -msgstr "posedanto de tempindiko estas %s -- sed tiu uzanto ne ekzistas" +msgstr "tempindika posedanto (%s): neniu tia uzanto" -#: plugins/sudoers/sudoers.c:443 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "neniu tty" -#: plugins/sudoers/sudoers.c:444 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "bedaÅ­re vi devas havi tty-on por plenumigi sudo-on" -#: plugins/sudoers/sudoers.c:494 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "komando en nuna dosierujo" -#: plugins/sudoers/sudoers.c:506 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "bedaÅ­re vi ne rajtas konservi la medion" -#: plugins/sudoers/sudoers.c:666 plugins/sudoers/sudoers.c:673 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 #, c-format -msgid "internal error, runas_groups overflow" -msgstr "ena eraro, runas_groups superfluo" - -#: plugins/sudoers/sudoers.c:926 -#, c-format -msgid "internal error, set_cmnd() overflow" -msgstr "ena eraro, superfluo en set_cmnd()" +msgid "unable to stat %s" +msgstr "ne eblas stat-i: %s" -#: plugins/sudoers/sudoers.c:996 +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s ne estas normala dosiero" -#: plugins/sudoers/sudoers.c:999 toke.l:831 +#: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s estas estrita de uid %u, devas esti %u" -#: plugins/sudoers/sudoers.c:1003 toke.l:838 +#: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "%s estas skribebla de ĉiuj" -#: plugins/sudoers/sudoers.c:1006 toke.l:843 +#: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s estas estrita de gid %u, devas esti %u" -#: plugins/sudoers/sudoers.c:1033 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "nur ĉefuzanto rajtas uzi '-c %s'" -#: plugins/sudoers/sudoers.c:1050 plugins/sudoers/sudoers.c:1052 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "nekonata ensaluta klaso: %s" -#: plugins/sudoers/sudoers.c:1079 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "ne eblas trovi gastiganton %s" -#: plugins/sudoers/sudoers.c:1131 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "nekonata grupo: %s" -#: plugins/sudoers/sudoers.c:1180 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Eldono %s de la konduta kromprogramo\n" - -#: plugins/sudoers/sudoers.c:1182 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Eldono %d de la gramatikilo de sudoers\n" - -#: plugins/sudoers/sudoers.c:1186 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Pado de sudoers: %s\n" - -#: plugins/sudoers/sudoers.c:1189 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "pado de nsswitch: %s\n" - -#: plugins/sudoers/sudoers.c:1191 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "pado de ldap.conf: %s\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "pado de ldap.secret: %s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "nevalida filtrila elekto: %s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "nevalida maksimuma atendo: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "nevalida rapida faktoro: %s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s eldono %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s tempo-registrado: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/tempo-registrado: %s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Refaranta sudo-seancon: %s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Averto: via terminalo estas tro malgranda por konvene reskribi la protokolon.\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Protokola grando estas %dx%d, sed via terminala grando estas %dx%d." -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "ne eblas elekti tty-on en nudan reĝimon" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "nevalida linio en la tempo-registran dosieron: %s" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "skribanta al eligo" -#: plugins/sudoers/sudoreplay.c:530 +#: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "ambigua esprimo \"%s\"" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "tro da esprimoj en krampoj; maksimumo estas %d" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "esprimo kun ')' sen samnivela '('" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "nekonata serĉaĵo \"%s\"" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s bezonas parametron" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "nevalida regulesprimo: %s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "ne eblis analizi daton \"%s\"" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "esprimo kun '(' sen samnivela ')'" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "nevalida posta \"or\"" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "nevalida posta \"!\"" -#: plugins/sudoers/sudoreplay.c:1050 -#, c-format -msgid "invalid regex: %s" -msgstr "nevalida regulesprimo: %s" - -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "uzado: %s [-h] [-d dosierujo] [-m maksimuma_atendo] [-s rapida_faktoro] identigilo\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "uzado: %s [-h] [-d dosierujo] -l [serĉaĵo]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1468,7 +1451,7 @@ msgstr "" "%s - refari sudo-seancajn protokolojn\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1484,21 +1467,17 @@ msgstr "" "Parametroj:\n" " -d dosierujo specifi dosierujon por seancaj protokoloj\n" " -f filtrilo specifi kiajn eneligajn tipojn por montri\n" -" -h montri helpan mesaĝon kaj eliri -l [esprimo] listigi haveblajn seancajn identigilojn, kiuj kongruas kun esprimo\n" +" -h montri helpan mesaĝon kaj eliri\n" +" -l [esprimo] listigi haveblajn seancajn identigilojn, kiuj kongruas kun esprimo\n" " -m [atendo] maksimuma nombro da sekundoj por atendi inter okazoj\n" " -s [rapido] rapidigi aÅ­ malrapidigi eligon\n" " -V eligi eldonan informon kaj eliri" -#: plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, init_vars() overflow" -msgstr "ena eraro, superfluo en init_vars()" - -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\thost sen egalo" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1506,7 +1485,7 @@ msgstr "" "\n" "Komando permesata" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" @@ -1514,7 +1493,7 @@ msgstr "" "\n" "Komando rifuzata" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1522,90 +1501,132 @@ msgstr "" "\n" "Komando sen egalo" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "tempo-indikila pado tro longa: %s" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "%s estas estrita de uid %u, devas esti uid %u" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s skribebla de ne-estro (0%o), devas esti reĝimo 0700" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s ekzistas sed ne estas normala dosiero (0%o)" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s skribebla de ne-estro (0%o), devas esti reĝimo 0600" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "tempo-indikilo tro estonte: %20.20s" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "ne eblas forigi: %s, restarigos al la epoko" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "ne eblas restarigi al la epoko: %s" + +#: plugins/sudoers/toke_util.c:176 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: bufra superfluo" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s gramatika eldono %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:538 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "premu enen-klavon por redakti %s-on: " -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "skriba eraro" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "ne eblas stat-i provizoron dosieron (%s), %s neŝanĝita" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "nul-longa provizora dosiero (%s), %s neŝanĝita" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "redaktilo (%s) malsukcesis, %s neŝanĝita" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s neŝanĝita" -#: plugins/sudoers/visudo.c:483 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "ne eblas remalfermi provizoran dosieron (%s), %s neŝanĝita." -#: plugins/sudoers/visudo.c:493 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "ne eblas analizi provizoran dosieron (%s), nekonata eraro" -#: plugins/sudoers/visudo.c:531 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" -msgstr "ena eraro, ne eblas trovi '%s'-on en listo!" +msgstr "interna eraro, ne eblas trovi '%s'-on en listo!" -#: plugins/sudoers/visudo.c:583 plugins/sudoers/visudo.c:592 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "ne eblas ŝanĝi (uid, gid) de %s al (%u, %u)" -#: plugins/sudoers/visudo.c:587 plugins/sudoers/visudo.c:597 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "ne eblas ŝanĝi reĝimon de %s al 0%o" -#: plugins/sudoers/visudo.c:614 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s kaj %s ne estas la sama dosiersistemo, uzanta mv-on por alinomi" -#: plugins/sudoers/visudo.c:628 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "komando malsukcesis: '%s %s %s', %s neŝanĝita" -#: plugins/sudoers/visudo.c:638 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "eraro dum alinomi %s-on; %s neŝanĝita" -#: plugins/sudoers/visudo.c:701 +#: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "Kion nun? " -#: plugins/sudoers/visudo.c:715 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1617,92 +1638,87 @@ msgstr "" " x) eliri sen konservi ŝanĝojn al sudoers-dosiero\n" " q) Eliri kaj konservi ŝanĝojn al sudoers-dosiero (DANĜERA!)\n" -#: plugins/sudoers/visudo.c:756 -#, c-format -msgid "unable to execute %s" -msgstr "ne eblas plenumigi: %s" - -#: plugins/sudoers/visudo.c:763 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "ne eblas plenumigi: %s" -#: plugins/sudoers/visudo.c:789 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: malĝusta estro (uid, gid) devas esti (%u, %u)\n" -#: plugins/sudoers/visudo.c:796 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: misaj permesoj, devas esti reĝimo 0%o\n" -#: plugins/sudoers/visudo.c:821 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "malsukcesis analizi dosieron %s, nekonata eraro" -#: plugins/sudoers/visudo.c:834 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "analiza eraro en %s proksime al linio %d\n" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "analiza eraro en %s\n" -#: plugins/sudoers/visudo.c:844 plugins/sudoers/visudo.c:849 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: analizita senerare\n" -#: plugins/sudoers/visudo.c:896 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s okupata, reprovu pli malfrue" -#: plugins/sudoers/visudo.c:940 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "specifita tekstoredaktilo (%s) ne ekzistas" -#: plugins/sudoers/visudo.c:963 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "ne eblas stat-i tekstoredaktilon (%s)" -#: plugins/sudoers/visudo.c:1011 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "neniu tekstoredaktilo trovita (pado = %s)" -#: plugins/sudoers/visudo.c:1105 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Eraro: ciklo en %s_Alias '%s'" -#: plugins/sudoers/visudo.c:1106 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Averto: ciklo en %s_Alias '%s'" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Eraro: %s_Alias '%s' referinta sed ne difinita" -#: plugins/sudoers/visudo.c:1110 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Averto: %s_Alias '%s' referinta sed ne difinita" -#: plugins/sudoers/visudo.c:1245 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s neuzata %s_Alias %s" -#: plugins/sudoers/visudo.c:1301 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -1711,7 +1727,7 @@ msgstr "" "%s - sekure redakti la dosieron sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1727,14 +1743,81 @@ msgstr "" " -c nur kontroli\n" " -f sudoers specifi lokon de la dosiero sudoers\n" " -h montri helpan mesaĝon kaj eliri\n" -" -q silenta pri sintaksaj eraroj\n" +" -q pli silenta pri sintaksaj eraroj\n" " -s malsevera kontrolado de sintakso\n" " -V montri eldonon kaj eliri" -#: toke.l:805 +#: toke.l:886 msgid "too many levels of includes" msgstr "tro da niveloj de inkluzivaĵoj" +#~ msgid "pam_chauthtok: %s" +#~ msgstr "pam_chauthtok: %s" + +#~ msgid "pam_authenticate: %s" +#~ msgstr "pam_authenticate: %s" + +#~ msgid "Password: " +#~ msgstr "Pasvorto: " + +#~ msgid "getauid failed" +#~ msgstr "getauid: malsukcesis" + +#~ msgid "Unable to dlopen %s: %s" +#~ msgstr "ne eblas apliki dlopen: %s: %s" + +#~ msgid "invalid regex: %s" +#~ msgstr "nevalida regulesprimo: %s" + +#~ msgid ">>> %s: %s near line %d <<<" +#~ msgstr ">>> %s: %s apud linio %d <<<" + +#~ msgid "unable to allocate memory" +#~ msgstr "ne eblas generi memoron" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + +#~ msgid "unable to set locale to \"%s\", using \"C\"" +#~ msgstr "ne eblas elekti lokaĵaron \"%s\", uzanta lokaĵaron \"C\"" + +#~ msgid "" +#~ " Commands:\n" +#~ "\t" +#~ msgstr "" +#~ " Komandoj:\n" +#~ "\t" + +#~ msgid ": " +#~ msgstr ": " + +#~ msgid "unable to cache uid %u (%s), already exists" +#~ msgstr "ne eblas konservi uid-on %u (%s), jam ekzistas" + +#~ msgid "unable to cache gid %u (%s), already exists" +#~ msgstr "ne eblas konservi gid-on %u (%s), jam ekzistas" + +#~ msgid "unable to execute %s: %s" +#~ msgstr "ne eblas plenumigi %s-on: %s" + +#~ msgid "internal error, expand_prompt() overflow" +#~ msgstr "interna eraro, superfluo en expand_prompt()" + +#~ msgid "internal error, sudo_setenv2() overflow" +#~ msgstr "interna eraro, superfluo en sudo_setenv2()" + +#~ msgid "internal error, sudo_setenv() overflow" +#~ msgstr "interna eraro, superfluo en sudo_setenv()" + +#~ msgid "internal error, linux_audit_command() overflow" +#~ msgstr "interna eraro, superfluo en linux_audit_command()" + +#~ msgid "internal error, runas_groups overflow" +#~ msgstr "interna eraro, runas_groups superfluo" + +#~ msgid "internal error, init_vars() overflow" +#~ msgstr "interna eraro, superfluo en init_vars()" + #~ msgid "invalid log file %s" #~ msgstr "nevalida protokolo %s" @@ -1744,9 +1827,6 @@ msgstr "tro da niveloj de inkluzivaĵoj" #~ msgid "set group on %s" #~ msgstr "elekti grupon en %s" -#~ msgid "unable to set group on %s" -#~ msgstr "ne eblas elekti grupon en %s" - #~ msgid "unable to fix mode on %s" #~ msgstr "ne eblas fiksi reĝimon en %s" diff --git a/plugins/sudoers/po/fi.mo b/plugins/sudoers/po/fi.mo index b803149abb04da7c482d679ea2a8419cb7d644d5..c2650533dad422eef0a50a5f6419836929d825d0 100644 GIT binary patch delta 12720 zcmb7}349gR)xakKR3aez4jD)SNk~End)N{nK*CM{6J|CyPWyij8M&5!f`_uje7 zx#ygFW+uG4FZ-TD+3suoyMIaHT9c(HBjKSOMR|(y>_O71D3{UL7it0H@B->PVSktm z>i5Ed)Q`fxjQ=UT75-|JKR%l4_jlpP^xF&jD2l7xqAE&n8t#TPD2HJ`_%M`(pM~ea z*CBH%r{QeaV~nCOhcX}L!3H=J?uJ9*V{jaN1r|YNtfCAC#Zc~7!$qvGY@kp@!#*ez zoeFpk71>cS91iC}=2AAme0T*M0{6jQ@cU3U@Dn&0z7()0okj6EP&TvyPJm%p$ok4x zD2TNmgR|hvP$ueM;ByQ_C#4)tf%Q-nxgOG0IS5PPb5Iug7#73fY+n|tfwJ>0unb-g z(M@>>x*-a`q)-j3#``9`2I4m5VK@SwgkpgY;9S_R5Np6yumau!Wx_TnioFd*(Vo~{ z`pt!6sU1)h_%aklj~8Ko8F-2YndltUmIY@*XNyULO za6hbpPeZJx^kr7r$!s_cZikEE15hmU4=64hio?Z1Q=m+|8FEWW!hY}xC>D4HVq_(Y z&fIsEGQXfSK-tNcA^(&VKQiE*px%$wiBn}U6q84x1l4z-DDXIxjl2p);a=1Ih3nt~ z>Ysx$-#t)b=Sir_`TsoyiP~O71VyC`im5ljYIrYP4^P7+oJW?CiGBw0g7Ohu220RN ze42o=f&EZ?eG*D+b)V&rTMF@pVhLGaIY1#7{v1}pzr!3jgUA$x7C^~tm&3vEK`5p@ z0f#}^uEfl6I0P0$={Fw^f)~U7&!6r)3zYu5;23xplxTk}xc>qa1>b_ASa%{(6v&6N zkr^%pnP52_1)CrNtXvCg;lof&e9l6D2c__H)K^2X)cugSRDJIP)SrQ}fj>d%@Ae`zrC}-*SFDDzvn!wsxH-80T{w>Vvrq>94N4S`UhKE8f^sUh z!UA|Vl<~)*xZ*UF4fa^#GY?`BSE&vfG$;zVFdrU-Vyfq$MD?2iKZ1GG2VfpC;dCgz zUj|jELz!nc>;oTwvZ2SI1nJM9oQ`*4ft>#yb-qRupiEQ?RoDQw+H;a{Qn zdf-yO-!v!-TnNSYo1s|r3Ml=*3S|SwpjhB}I0e27`?0=~NA?iSrb1b86_kNjLWzw# zp&YA+pqTPWSPb8SD(t)5pLi0KU|R`AktmdTuY!`O?tl{YC*Wjw3cAuTc!jTV36z0L zplG}Sibdj3j?s-!6uAS+4i5!<63Whg1I04g9Qvs+A6CN+Q2Kuzic60{vDk@~*k6L> zbsB^{Rw>H)Z~_#~r$gE48Yn)$5=s#6gQf6E_&^pfCQugm_8NZ!KZdfv%TO%%4(toN z)%zP72*)$7v>yAvOkv$xe}^UOeGO;BF|@COeHa+O(4XLHC_C5-C5Y~YvhXADJopL} zi=BcbLFFSTuB^Pse>iP`I`tdic=(=6p@hPai~V!I5X!`tLow-I*a(k6tg8&%;QO)> ziivN7L*dg<`o9U~*kx_>^Flt9Q}TJ(3&vq@=)!8@o}lm?lnMHgT_gr3LUM{y4X4B1 za2R|P&WFE%!{La}`=*`-C8}#-4cr0C;E&-n_&%Hoi!brtxI%Ci>nr;x5Xj1_P)t>P zso${<7E#{?U3fp_=qqKH`8(eV#d3!Oo`hqlpR4)v6+t<+t#B^<0hIav0n1@tgDAqx zYbg+a%B@gL^#+^>KY)|rIP5RMxdBT1RZvWR1d3&zg0jP`kpJE=1F|z^8c#V)Ae^n}i481o$Boi;Od{>^urO1@YAZC?vhWTEkz6L%3Q&4uQNBn$p6I?+3UMTDRE`t4gQW)0aPn-wEv~@5SHo^k96N>4- z1INHu;3D`D6kpDd`a89t)DJ_Byz&~9{*z2UbJjz#bPUQy?lZB!?Dz#5RQM^(hic4s zMGc%oeLEDB9fP9S-=QclWQ+ecdmKJFA1;7msY7ri{3#R{oQC8eWuR;M z$EX={bd{a33cdzK^IY4{eARF~bsa8-d*CYg5?l_)IV3S?!z6qf62HnNt^TQb9O6|a zXRANI4P_qpK?;*7d<<8^iQD|BzZ!~V9)t_wDJYtcPxuSg!yM}SpqTU!l;C?C_J{e~ z{r=OTxUdlpf;YfX@NS4jT;&l8BWO4Yhr$n_OmM;Fe*0KhL47V%;TAXq?uAp~L0AfZ z4aGuzuJD6v8We?fSP5^1!{G@y7`_b$$@%|;!WU^6c%`rDJ}ANQ1RM$9h4bP0JN)y$ z0#2j88_NAh;0SmUipxHL5<^3oTNIxIX*U+@FqA5egldEuR#@l4BaslMqlGE zTm{9X4ir<}2gM~nfwF_wp}6L}o&F9+K(WMpD5g$8QRo09E|uqCIb68QpWlHKsUHk@ zau@a&6Xjg%N97zSn(u&P;bABfJP(J#tlj<&M?eXtdRPn%C=1^Pm%>M(M0d`0{?l^} zTu1#VlpybQy&vS4T#xA`%J!8%#2!#>~Ukz>?hvJgAVI3TPvp+zGrPQy3 zVxb3NG5jqQ#roaiD>MsAU4vEdMkwP>KlnoTz>cy0+)KHj2Llmxo_duE8eYgaU z+Up15CMXthq4@qTsKW2TQSc==4!#d1c!!e)#X?g9ZiEx5UkwZ41F%BQ|49lL)6n}i z-x5twCb|vwgFl3m;WKas%=(i5PFM*=p;{>Cy&0--50v9}Kb#7G2eaTq$nOyh>s>#T zU)J}ox%@7tS2p|*nMS!tMsW>>bwQadtc;}GJ*dn5g~-)X;CcYL54i!!q0g70Tw9RG zk(IRF1Lc~7cnVss@c&JdHLRq4F5#{vt5d{?) zNZViFKalkGjdTHyK&paqqXV83aDULx-ArLqP#FaOfP4_thXvdS&qW3V^$AR(QT_rl zIB5G0tO&}z0`>?Nlj=Ljwa8DACy{D|%k_?wJVfMLgd~vZNH;`Msa%E+?;})--I(|U zycc;L`3iCuB3GFY?>EeEJgB#1wEvOvY)?5a{{1^7CWV}%?DDHhE*&IMyn^V+uaRqz za@v0mKaaeP6jJ|Rn7;BTd=Y638s3FRkv{bMYtVLOz&)~lEjQ-DtwEzCm6OPikh_Dn zf5KOhRrH;R$hh7}3FVP+H!=iCUq>i>4IyWF$?F(wMK&PkAwNOBinu%Y$-FLL!vD%> z_zmS!+T{Oq4hHQDDa%!kETy~}nS;y=+ApE~4rDv>Ao2#X7D-TsSFnRC1trTL{=i7N`)(mtU@M8h3kBzhB1@iB)Au@MtV^m zl7$_AN99k*QlvjJmmA-MaxJFZ6Bfg<@C9iMt|jnxa|XMANfUeMU~{=H^_et9IP6Y&BszYO~g= zt8u+iH(K?OYB%euV>wzxjp&WG6W7&EakIs1j+l)!*C#AnZ^@|+wHQ&uvg4X<#>>=N z+aDE4s12qOvDA>cHLBXC476CSIj+mE5pA+6-JBeiD{oSfx<2@@H6TrCMMq1zw?$@hw_3#5_^kh&p=SiQ!uuJ=&UFetHp0MMF)E*$H&^Jl&u*hMVH16Ah(as92qyW5*M! z)}$HHvebyF`?6C*XH4pzA2OPBBGlWOr4|-gMXF(`s3@}(SaPE!xn%b7)W|urv(9bN z?PfD%C9CFMo_uERsAP|M9}Yf4yL6Y2<~^Qzv+C#Fk}ob?np|2_*GE)|sS$!%CQWXs zDNa67Q#U~07BldZ8q+Lms~HawAjwZ^D!ZAcot(WWH#uj~r$a4UYhYlr+Su+Di`qlLs`NJ}ZB63FY+FCUuXH=?%Vd>3rLKhT}e39C+c3Agh@}i2o zwTsu5MvNE-%{JxSYotyz(PM45!;`!r_8Zp0-N~maA4-$49#(u9?Qw_?Ijy8Et1^5 zcHNrw)ytOE)~{PvU+SAxBmSFhT^C;l8T{17!`&*YoseOd>dhfe94CuYW=M=DIyqe7 zB&&{t1Ih8F5=TT}a`~o_sqbF;Qg)V>x~}1gtiC#dZ5rh8Fb9Ieozg;e+2iCipeQLI z9&g(pNuurz4#%^ZE=!;~04xask%0Wy1giy=Av-9g66WwGV-T~O` zW%|lUgp6Wq;=o8mOT8D)?>2nB1g=KDNicxhjuVo7>!khu=DcpHC*tpPA4WVI*wWuK zis95dC4TP|r%1BV}?x2(vq)ly=X%9f*Q4YRjpbor;F?+ z52G#uD;e76q~6^&B&*zaiuas}v>i>Ltsf*LL2-l0wmNwtIbr+u0T%hwGgH*DNE0R= zOy05mnbhISr)CW%_er#Rx1ze_OQUUnW$M>g^vX)!xI;}%-tlBsR!Qn3cW1WSV1+X5 zP1tD>&vpMAsEQ}DdZpYCrQ8NaA*0lc*Lv%f3s}_~lDcA9GsHH_Ti$|1XQ=>WUt4yDI zDb6+`bYcC>URu1>#AD?JW+y`_nSJ8C$av9EO5Tvvuj~G^U{J^YGX^C8v};)HXUyhA zHOsT^nbVzpwo%s(cRSA}@1*2Bo5!=fLXe8Q%#z-?=4C|5nvS0?GcBQXq$l3HTXh~H zUP?_ghuB#9^mZDNXm)KqA@3FPvg03wdcDz!*Dfq=pM$%d2Kmo2qA+Ggc({t!9rG;5 za+4DcdvE5Uh#6xNI))wFayoT&C1V?&6Fd6zCYsT+RSO%Ym1sLk*6~hWCv_Owf`{Z` z-|>__t3uu)8A;7Et=qouPJ1Lit#HEAxw8i{dwEM+iIxVF_r3NUt#(S5Vk1eEY(8_S zk{;&DIPZ=4(pbc4GNM%fvl)0J4wtsuEW=)%*7-&J4;aVB$reuF?Xsg^#+mn?^qxiB_P0MJ?V4o^t5T9e0Hvu_8UH7VAR@$0$t{=Wg@=I6Uyah@3@`4go>+9>g?3uhLKHilVh;){g z?*(dIy!<)A^$qxi9^tz~35TF+={2;;-cA Q-{ey_jZGc9sUZ9R00P{R^Z)<= delta 11396 zcmbW534B!5y~l4BqXgOaHJ8AI1TqkoumlK%CCI)OQ3Sjs7jl`&OqeAQ6$Zr>+{dMA z-CDG@+Ja7NeWi*RU-fBQ>sqDibE%5&)ulzPZK=NRZ|+Spp`w1?`S73bIp?0`|No!= zS;8InWxsZ3cH;H!xz`({C0T|s5MGyW7>CH8+Do;D(Ur=su$#w1*oE>q*d5OD%Bx^c z${S%<`kxE0ftL?*`wuQ~+mD8wX*UxxPQqB`Ramea9~z)0yZ}yxNytCr_xucnAH&J8 zr)d~{;bK?>H^CBkCF~6!g8KdptcFM63^;m-J5EEI2`nZf%^!mO;cp@Tj3fLEgZYJq z(Fcx(r^2~V7OaHhV2#Hc;VG1#h8S?jy`;o8%EQaN<7xNqI$V`DTsDbxG z`WOeH6nP6ukz9Vr8YNH@EP^K74CR469v^`6z$DLTnIDjm zOW%Pkmr=lIYB&wbBWJ)$7=zPc3XX+Gp%f|_?kYMTj;9=iYIi4;=iY=;@B0)w%YXo! z1TTgf_aLl>$420Pt>G*drU%>#2g5zE9R3*A!#5yf8jDK}qXKS&nlJ@1%6J)0gN8r- z&!~i|4?^|34l<|l2$bUQ!!EF20>7wX36x8hLAmZicm;eM($-i`FDbecvP#C!U(Z-aAS;&Cz;?}(oMAlg)$60akLO2gUkBCyB8cG$mengO5JOe6t z&V`yd31z`PC`Dg~v*18RlLya+ijhm93GanN;BVkW_#u>Mi?B{XzY(rte&a`El2m*N zHBge)n)m?J1kXd9Wb`3|7Q)k@*7ADDn8u?}Yy25hP?>Bcjk5{jG~+6dhhPEaqi_c7 zftC5pZ>%K49L9RcH{(Xw8$Jthig5(?g9E3yK{EkL!D^^>>tHV!huz^Gul_cu34ac? zR4+m;!56Rx9KcpcXyDOgOgIm!!)B-syP=jO1^dIpuq*r&c7}PZLl@W!E`dJS6ULzw z+6@Q5JD@!FD@c4A??HL2Po=m2t2kYx$XciYwn7~cmqP{BemEFD2BpZGurE9YrEst5 zu4Uy=3N44~zX8h9i=h;{8OpHzP_gpL^n{x^MnxVK1vA_RMNpbAfpTd8O2HjaLG@iI zMSlsU;4>cIglc~jO5r>rtpNI<6qy6n?+mE%LOOp3k+~ESf5zQ#9()bT^}}bnmMn&6 zQI0^l?ionD8GnbeXe^P+jx*LkZNDqM@&Q;#`9mm!y3Kam`=QE-Rb;d_5h%@Xh0<(4 zRL7^F8h!wEPITbZkYeRf6Q2cDf00*zKUDO;4Aoy-LIw`?SOw*g^=>&~B*;jCTj4PH zB$TT@fQs_0xi0%bxo!;9+E;sA4^7J3pvJigDmWj9GU$1zn0Xg!w`85>o`8MfAnpH3 zG8*tKXu>#@3vYnZv>6V8Z+qWQVtq7l5!BjGhVsw?sP>zn6u$(HhqptudjX~ufnz9V z&8I!{8{^2xN|} zeAFv{0;O<1r&&TBi^xdhNl>0x3bl=MJ7sC6q4C4VPMQWG27Vm_b;94jT z-UYkDgHVS29uBA9`|u^$ZMkdMkrl3jpRd6GooRULO83J6D9uMg1<2&vWZG@#1uY}sp2cX9JE0o7Ntm3^0heK>J_9V!ZkvR;@VaL;5&8wg~ zoC&p!w!um87T6QM08fSQ!%pxss3piU}T|9)ig2k zy08+?q`VqxX>Ng9iU(l{d<`m?PCnCBd2S8*>LnG zA|751i{Z>V*YyFY3HHGb@O79EkH8{$6w0Ih9oL|7&_{U%)H|Tb!T&?Z+(Sh*d>U#u zbl>b+I18%09kO+epF*|I3b-faP$(DAfST}JC`-Q&P52Cy>pzCmpfBips0PZz-w)z{ zP5c-Y+z&>FdJY}949b=JAVwG;LV4))kUMcB97#C|IZKR#kbpOOgx$AY2ujg?a438h z>InZ7YMwz2oU+hPkXc0LLC6_lL;U^yHIFM;yR0XQ2Tff_gAkGl$-0rRQ&A(TrWfC{<~V0Sp8(d{q|Y7HIO z3tj~W!Mor<*bE22H=x%37*zjWTiyC%IF|BkXlmzgCDVtB@50e=Ka{K9fTQ3k+uS=~ zB9vk_><{mNz2O1a6Fvu}(0lN5_%A3$cQ?7Qu^&poKfp=w6F5=(-+zv~&uu8pzX!E; z55ZyZFqFn$!eTh~T$gL0+FuA28+Skj;X$Z=??M^U@jN#O$3ZDt2c`ISSi=0qb!4>d z9#I8+6KW|sZg&r&-cX)c412)sa0-kAxC)lTJ+MDK z1QUJ9yh=uveG0W!gV9QsjDZv2YN%kj3QEBPkT^5mfo1TFo$ds?p_cHV$B&>qS8%=? zq|2cUNkSR?*!lQh1H3~;KiK;M*Wxm$wXA~!;0`E-ZiaI0A*g777tVyEcDeg|3tUKf zAJq3_P~T@?=o)wl)GpZX@wE%Fz)wZ~MQ%_`g0f%>lwx;6P52y?2mS^p!l4(t7Oa7T zDDQw$@Ox0MZibccb65x`UgCZ~6Aqz#K9pfUNRW|>4|)wg^F9o^)NME!YOU8mDR3jK zhRsk4=3nMoHU$o*T#F=E|l3h?A_QN9h43y@d!D85N zkL%)@PzvmX!{HN9?LUIDtT%hl2PZ*!avfX(uk`9)hf*Z>iuC!AFcy;0#5UBLUkFWj zGnD2BpeA?)Dr$`@-3bPGtb&?o6I8I>2+x2|!BRNvD!2bKsNJy*>O|ZPCu#pbLZ&kn ze}hsa?`n6=ebA&lA8H8#P}}E+FiZ9P{08noTGC0>t@jFjV78Zk9{w6R33(HFA5l6j zL5D>Mhf(_c&m*rb*%=1af~5bNRhkBGhA$(XR6!a_T?c(f`XKL+{VQ@k(g8VH-$?!8 zEch>^g1nYiMkRVtnBg^ALB(yz-;p`UWJKv&7wO*$e#>cpe@2~;^8Zl&FXTR?lCqY9 zb1a>H!fzf@g^cB!Qg`G9o&TqkDW-C$YDwBYKTPL{a(EhYFLE6cM_SVN$gsr55wGF{ zsDOMC(fTWy$j^{mge{-mLH9tV|3r>z{aezRWHuo4kc$z*A)WmEPDa6eNRX%ZZTbU0 zk&J{QB>5MfxMiC~vTS-rkq5nU3nqD)sc<2pw}6ti-bctGec{ z9P%nMo9~O^tc-RP(`h!pMbvA%Er74VNnX3Zq+4KrlFS;Uz^(YV-&$%az1n;_pF;kh zUiks|w3q)3E3n1-5<#Z$tq3YrlP^Qk>pz!FUlmAQpov^V zel0SF{62jkO(4Gzd7XR?9D*p7!eMYa@+tB=WI3YL16hsSiR2*L5T!B579{bCN~Ea_ zatzKyMj^jK79pAG#}s;alV-zTQ2uY^C1e%yDAE%-8^N*d(m_g3BE69VZC?_`VsF6B zUS&_pBakJO??P@wevWiRGSfy1f6S=(ocu0i9n#sWpT{_tkiQK14`i@6*H6j!LIz}c zYW{%2c<*BY97wqsDM#i|J{PV;29m!8c0tZUES}=$Q{TN$nmM33LEK1$2xe9*Px2>smPa<8;#Vuf#Y)qo1|Ic z`g$u=8?DGU+7~+{?=#1z@`g;#$@4`kOkXrPb=bIM-LQv~<9+_*4Zao0qrS@Il%m2h zrV}!2YOI<%Tg?o$j)$xbLEDUl$u(G!sBJbxoKTHfJlq!@UXlzJEf`#38kLombWkTV zWLpt4=!9(3S8Gn4IyH5;s5B=vc|-4$JnPtqg%s~+6puE$(SSA zsoe5K*{Pa|H)Z#2ov=0-Zm>h%xW;#q_s^e|`sd`axyj{~kEc$az91{PWkyY&y)A9h zlQT*>+gsvxsKz!!@%jyRB=x5mCub#3n)&ds`t?>kR%eG|PK_0FO>3~~*VojkIu;IS zfYia6hjY4E!C+Wz%zC>%9BE2kS-t8cv)C6cNlu?TB>8&v(&X85^IB`RBww04Jk|fS z+^poxdH&A!HoGQHU)K?-+Ig$8l3&b!HTn61fY+sF;emddz;$S$FIre?#-mPXlUX>c zFx6$zCs`@qlD}l-OxQ3!*>BmLPGkLLll)`K%rWCC$|fZP%La6HYsQ;plPkuQk1QLT zx?$NbbCZ$Ndvsh7uD3&>aI7M~L-Lx_=cSIF-Y2(Zy}O=OKGa*!IgZ&Fc4{qFv=)z8 zmbr57N`KI4Xoy?My0e~3*p3-!vSZDA%|(W^Cn-EpH^GUw%H;HD;BVvsB6);n=nSy$dzB= z1aCKGs_cYX=WUy|A&fQY0g~sh?c1fz1ge|&CVlJI=eO;$zj8=uJP5e}JlU4YL~I}oNRUQey9o1dNf z-R4KLl6MEU=dZAWR@4gN*;HZu7ul&f4MTHMyP}mjOPI)uj6ggVji=4s7!L(vPB>ygxu%UUc!%DkGX(d^=TeWVt zCOe(C+Hdnc917u|xMNn$nqyWiooD(3PGqwcjbWuXEh`y~TFI-=i>E$5uQaQOsXQBk z%?~!U1qlaNFpgSwFw8o$kYsFMz&6Akng<9wST z5}C?mj?pqbN9X@TgLtMT#CDUSi%@Fbd)#1&Z)1-)n*Zwt`ZnXV>+c$tIDv2LIsd%% z_C@_MC&;O6MH<7bMVT+0FoX>4=a4`+eVQGoN4qBJ=RkUZgm?6``y9}{EmykFhKz~YpHR`J z`VHZrW3?WGCLYk$*xm&v?zAbA+`6Z8;wyV)I4&Fs_*+l)3~f%-w){mTmyyq=DmAQ%tuP;!kA zhRHj2Ef-2S-R`)yx`A7EL9o_psNi(4Oy&I85VIZLXJ(@v2?W9sI~tEfqg;`pP@G-v zDwS}bY3@z#ZP0Xgjf0tySS;ub)$UGcAAY=+0!`em^?_O^a-3Hiy_IV9X}b-Suv)&m zZw-#z$Ywjr9h%a^5TLGL6Ap1af6 zS}E3;yoq_9@rWIjp%2UCuF+Q;*7|wl)>y!-35Pa1n@qnI<&ev~f(hlecbn$Y9}1;r zD9n6>25%68J7d=L2ltgoV{5b3{=AN4zC2rB$V5o{MQK~T1XG;A03KQCHWTlLCZf)M-7a zO5LrizbW({=LI(lX&c8I25Zunn)i}uv;#42o=gX}PG`nqO%<_(W%36~fH#lU_us}# zUl%8MJ7pYZtq)k1HrC$NCv0W&v<^o~ob-xkOx)H%gS8!_$%n2fNVE^f%w9ZN+g^OE w1NTl;vE6RBwZ4tLHT~Ma*U?3U>ml6eMCxpVXMWwa^Rkkit{am2XVRDbe@@z!y8r+H diff --git a/plugins/sudoers/po/fi.po b/plugins/sudoers/po/fi.po index 0122094..2bf635a 100644 --- a/plugins/sudoers/po/fi.po +++ b/plugins/sudoers/po/fi.po @@ -1,15 +1,14 @@ # Finnish messages for sudoers. # This file is put in the public domain. -# Copyright © 2011, 2012 Free Software Foundation, Inc. # This file is distributed under the same license as the sudo package. -# Jorma Karvonen , 2011-2012. +# Jorma Karvonen , 2011-2013. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.6b4\n" +"Project-Id-Version: sudoers 1.8.7b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-14 09:15+0200\n" +"POT-Creation-Date: 2013-04-17 15:52-0400\n" +"PO-Revision-Date: 2013-04-20 09:04+0300\n" "Last-Translator: Jorma Karvonen \n" "Language-Team: Finnish \n" "Language: fi\n" @@ -18,50 +17,57 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -#: gram.y:112 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s: %s lähellä riviä %d <<<" +#: confstr.sh:2 +msgid "Password:" +msgstr "Salasana:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** TURVALLISUUS-tietoja kohteelle %h ***" + +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Valitan, yritä uudelleen." -#: plugins/sudoers/alias.c:125 +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Alias ”%s” on jo määritelty" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" -msgstr "ei kyetä saamaan kirjautumisluokkaa käyttäjälle %s" +msgstr "kirjautumisluokan saaminen käyttäjälle %s epäonnistui" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" -msgstr "ei kyetä aloittamaan bsd-todentamista" +msgstr "bsd-todentamisen aloittaminen epäonnistui" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "virheellinen todennustyyppi" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" -msgstr "ei kyetä asettamaan todentamista" +msgstr "asetustodentaminen epäonnistui" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" -msgstr "ei kyetä lukemaan fwtk config -asetusta" +msgstr "fwtk config -asetuksen lukeminen epäonnistui" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" -msgstr "ei kyetä yhdistämään todentamispalvelimelle" +msgstr "todentamispalvelimelle yhdistäminen epäonnistui" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "kadotettiin yhteys todentamispalvelimelle" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -70,149 +76,153 @@ msgstr "" "todentamispalvelinvirhe:\n" "%s" -# Sana princ viittaa krb5_principal -määrittelyyn -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format -msgid "%s: unable to unparse princ ('%s'): %s" -msgstr "%s: ei kyetä poistamaan valtuutetun (’%s’) jäsentämistä: %s" +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s: valtuutetun (’%s’) muuntaminen merkkijonoksi epäonnistui: %s" # Ensimmäinen parametri on auth name -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" -msgstr "%s: ei kyetä jäsentämään todentamisnimeä ’%s’: %s" +msgstr "%s: todentamisnimen ’%s’ jäsentäminen epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format -msgid "%s: unable to resolve ccache: %s" -msgstr "%s: ei kyetä ratkaisemaan ccache-välimuistia: %s" +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s: valtuustietovälimuistin ratkaiseminen epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" -msgstr "%s: ei kyetä varaamaan valitsimia: %s" +msgstr "%s: muistin varaaminen valitsimille epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" -msgstr "%s: ei kyetä hakemaan valtuustietoja: %s" +msgstr "%s: valtuustietojen hakeminen epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format -msgid "%s: unable to initialize ccache: %s" -msgstr "%s: ei kyetä alustamaan ccache-välimuistia: %s" +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: valtuustietovälimuistin alustaminen epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format -msgid "%s: unable to store cred in ccache: %s" -msgstr "%s: ei kyetä tallentamaan valtuustietoja ccache-välimuistiin: %s" +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: valtuustietojen tallentaminen valtuustietovälimuistiin epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" -msgstr "%s: ei kyetä hakemaan tietokoneen valtuutettua: %s" +msgstr "%s: tietokoneen valtuutetun hakeminen epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" -msgstr "%s: Ei voida todentaa TGT-lippua! Mahdollinen hyökkäys!: %s" +msgstr "%s: TGT-lipun todentaminen epäonnistui! Mahdollinen hyökkäys!: %s" -#: plugins/sudoers/auth/pam.c:100 +#: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" -msgstr "ei kyetä alustamaan PAM:ia" +msgstr "PAM:in alustaminen epäonnistui" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "tilikelpuutushäiriö, onko tilisi lukittu?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" msgstr "Tili tai salasana on vanhentunut, nollaa salasanasi tai yritä uudelleen" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:162 #, c-format -msgid "pam_chauthtok: %s" -msgstr "pam_chauthtok: %s" +msgid "unable to change expired password: %s" +msgstr "vanhentuneen salasanan vaihtaminen epäonnistui: %s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "Salasana vanhentunut, ota yhteyttä järjestelmän ylläpitäjään" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:171 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Tili vanhentunut tai PAM-asetuksista puuttuu ”account”-lohko sudo-komennolle, ota yhteyttä järjestelmän ylläpitäjään" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:188 #, c-format -msgid "pam_authenticate: %s" -msgstr "pam_authenticate: %s" +msgid "PAM authentication error: %s" +msgstr "PAM-todentamisvirhe: %s" -#: plugins/sudoers/auth/pam.c:332 -msgid "Password: " -msgstr "Salasana: " - -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "Salasana:" +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "valtuustietojen luominen epäonnistui: %s" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "ei ole olemassa %s-tietokannassa" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" -msgstr "epäonnistui ACE API -kirjaston alustamisessa" +msgstr "ACE API -kirjaston alustaminen epäonnistui" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" -msgstr "ei kyetä ottamaan yhteyttä SecurID-palvelimeen" +msgstr "yhteyden ottaminen SecurID-palvelimeen epäonnistui" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "Käyttäjätunniste lukittu SecurID-todennukselle" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "virheellinen käyttäjänimipituus kohteelle SecurID" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "virheellinen todentamiskäsittelijä kohteelle SecurID" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "SecurID-viestintä epäonnistui" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "tuntematon SecurID-virhe" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "virheellinen salasanakoodipituus kohteelle SecurID" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" -msgstr "ei kyetä alustamaan SIA-istuntoa" +msgstr "SIA-istunnon alustaminen epäonnistui" -#: plugins/sudoers/auth/sudo_auth.c:121 -msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." -msgstr "Virheellisiä todennusmenetelmiä käännetty sudo-ohjelmaan! Yksittäisiä ja ei-yksittäisiä todennuksia on ehkä sekoitettu keskenään." +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "virheelliset todennusmetodit" -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "Virheellisiä todennusmenetelmiä käännetty sudo-ohjelmaan! Yksittäisiä ja ei-yksittäisiä todennuksia ei voi sekoittaa keskenään." + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "ei todennusmenetelmiä:" + +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Sudo-ohjelmaan ei ole käännetty todentamismenelmiä! Jos haluat kääntää pois todentamisen, käytä asetusvalitsinta --disable-authentication." -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Todennusmenetelmät:" @@ -226,12 +236,12 @@ msgstr "getaudit: epäonnistui" #: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 #, c-format msgid "Could not determine audit condition" -msgstr "Ei voitu määritellä audit-ehtoa" +msgstr "Audit-ehdon määrittely epäonnistui" -#: plugins/sudoers/bsm_audit.c:101 +#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160 #, c-format -msgid "getauid failed" -msgstr "getauid epäonnistui" +msgid "getauid: failed" +msgstr "getauid: epäonnistui" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 #, c-format @@ -256,112 +266,42 @@ msgstr "au_to_return32: epäonnistui" #: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 #, c-format msgid "unable to commit audit record" -msgstr "ei kyetä suorittamaan commit-toimintoa audit-tietueelle" - -#: plugins/sudoers/bsm_audit.c:160 -#, c-format -msgid "getauid: failed" -msgstr "getauid: epäonnistui" +msgstr "commit-toiminnon suorittaminen audit-tietueelle epäonnistui" #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text: epäonnistui" -# Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf -#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:818 -#, c-format -msgid "unable to open %s" -msgstr "ei kyetä avaamaan kohdetta %s" - -# Kirjoittamisen kohde voi olla timestamp file tai pathbuf -#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "ei kyetä kirjoittamaan kohteeseen %s" - -#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 -#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "ei kyetä suorittamaan käskyä mkdir %s" - -#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 -#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 -#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 -#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 -#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, %s overflow" -msgstr "sisäinen virhe, %s-ylivuoto" - -#: plugins/sudoers/check.c:460 -#, c-format -msgid "timestamp path too long: %s" -msgstr "aikaleimapolku on liian pitkä: %s" - -#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)" - -#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 -#: plugins/sudoers/check.c:583 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "%s on uid %u:n omistama, pitäisi olla uid %u:n omistama" - -#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0700" - -#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 -#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 -#, c-format -msgid "unable to stat %s" -msgstr "ei kyetä kutsumaan funktiota stat %s" - -#: plugins/sudoers/check.c:577 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s on olemassa, mutta ei ole tavallinen tiedosto (0%o)" - -#: plugins/sudoers/check.c:589 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0600" - -#: plugins/sudoers/check.c:643 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "aikaleima liian kaukana tulevaisuudessa: %20.20s" - -#: plugins/sudoers/check.c:690 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "ei kyetä poistamaan %s (%s), nollataan aika" - -#: plugins/sudoers/check.c:698 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "ei kyetä nollaamaan %s ajaksi" +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Luotamme siihen, että olet vastaanottanut tavallisen luennon paikalliselta Järjestelmä-\n" +"hallinnoijalta. Se tavallisesti tiivistyy näihin kolmeen asiaan:\n" +"\n" +" #1) Kunnioita muiden yksityisyyttä.\n" +" #2) Ajattele ennen kuin kirjoitat.\n" +" #3) Suuren voiman mukana tulee suuri vastuu.\n" +"\n" -#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 -#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "tuntematon uid-käyttäjätunniste: %u" -#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "tuntematon käyttäjä: %s" @@ -580,7 +520,7 @@ msgstr "Oletussalasanakehote: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." -msgstr "Jos asetettu, salasankehote korvaa järjestelmäkehotteen kaikissa tapauksissa." +msgstr "Jos asetettu, salasanakehote korvaa järjestelmäkehotteen kaikissa tapauksissa." # Tämä on tekemisessä runas_default -määrittelyn kanssa #: plugins/sudoers/def_data.c:223 @@ -728,193 +668,209 @@ msgstr "Sallittuja käyttöoikeuksia" msgid "Set of limit privileges" msgstr "Rajoitettuja käyttöoikeuksia" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Suorita komentoja pty:llä taustalla" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Luo uusi PAM-istunto suoritettavalle komennolle" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "Suurin siirräntälokin sarjanumero %s" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "tuntematon oletusrivi ”%s”" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "arvo ”%s” on virheellinen valitsimelle ”%s”" # parametrinä on variable -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "arvoa ei ole määritelty muuttujalle ”%s”" # Parametri on muuttuja -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "muuttujan ”%s” arvojen on alettava merkillä ’/’" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "valitsin ”%s” ei ota arvoa" +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 +#, c-format +msgid "internal error, %s overflow" +msgstr "sisäinen virhe, %s-ylivuoto" + #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: rikkoutunut envp, pituus ei täsmää" -#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 -#, c-format -msgid "unable to allocate memory" -msgstr "ei kyetä varaamaan muistia" - -#: plugins/sudoers/env.c:992 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "seuraavia ympäristömuuttujia ei ole lupa asettaa: %s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s-omistajan on oltava uid %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s on vain omistajan kirjoitettava" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" -msgstr "ei kyetä kutsumaan funktiota dlopen %s: %s" +msgstr "funktion dlopen %s kutsuminen epäonnistui: %s" # parametrina on path -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" -msgstr "ei kyetä löytämään symbolia ”group_plugin” polusta %s" +msgstr "symbolin ”group_plugin” löytäminen polusta %s epäonnistui" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: yhteensopimaton ryhmälisäosan major-versio %d, odotettiin %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Paikallinen ip-osoite ja verkkopeiteparit:\n" +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 +#, c-format +msgid "unable to mkdir %s" +msgstr "käskyn mkdir %s suorittaminen epäonnistui" + +# Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "kohteen %s avaaminen epäonnistui" + # Parametrinä on sudoers-tiedosto tai pathbuf -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" -msgstr "ei kyetä lukemaan kohdetta %s" +msgstr "kohteen %s lukeminen epäonnistui" -#: plugins/sudoers/iolog.c:208 +# Kirjoittamisen kohde voi olla timestamp file tai pathbuf +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format -msgid "invalid sequence number %s" -msgstr "virheellinen sarjanumero %s" +msgid "unable to write to %s" +msgstr "kohteeseen %s kirjoittaminen epäonnistui" # Parametrina on pathbuf -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" -msgstr "ei kyetä luomaan hakemistopolkua %s" +msgstr "hakemistopolun %s luominen epäonnistui" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 -#, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "ei kyetä asettamaan locale-asetukseksi ”%s”, käytetään ”C”" - -#: plugins/sudoers/ldap.c:387 +#: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: portti on liian suuri" -#: plugins/sudoers/ldap.c:410 +#: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: hostbuf-puskuritila loppui" # URL on verkko-osoite, loogisesti URI on verkkoresurssi(osoite) -#: plugins/sudoers/ldap.c:440 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "tukematon LDAP-verkkoresurssin tunnustyyppi: %s" -#: plugins/sudoers/ldap.c:469 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "virheellinen verkkoresurssin tunnus: %s" -#: plugins/sudoers/ldap.c:475 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" -msgstr "ei kyetä sekottamaan ldap:n ja ldap-kohteiden verkkoresurssitunnuksia" +msgstr "ldap:n ja ldap-verkkoresurssitunnuksien sekoittaminen epäonnistui" -#: plugins/sudoers/ldap.c:479 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" -msgstr "ei kyetä sekoittamaan ldap- ja starttl-kohteita" +msgstr "ldap- ja starttl-kohteiden sekoittaminen epäonnistui" -#: plugins/sudoers/ldap.c:498 +#: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: hostbuf-puskuritila loppui" -#: plugins/sudoers/ldap.c:572 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" -msgstr "ei kyetä alustamaan SSL-varmenne- ja -avaintietokantaa: %s" +msgstr "SSL-varmenne- ja -avaintietokannan alustaminen epäonnistui: %s" -#: plugins/sudoers/ldap.c:575 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "kohteessa %s TLS_CERT on asetettava käyttämään SSL:ää" -#: plugins/sudoers/ldap.c:992 +#: plugins/sudoers/ldap.c:1062 #, c-format msgid "unable to get GMT time" -msgstr "ei kyetä saamaan GMT-aikaa" +msgstr "GMT-ajan saaminen epäonnistui" -#: plugins/sudoers/ldap.c:998 +#: plugins/sudoers/ldap.c:1068 #, c-format msgid "unable to format timestamp" -msgstr "ei kyetä muotoilemaan aikaleimaa" +msgstr "aikaleiman muotoileminen epäonnistui" -#: plugins/sudoers/ldap.c:1006 +#: plugins/sudoers/ldap.c:1076 #, c-format msgid "unable to build time filter" -msgstr "ei kyetä rakentamaan aikasuodatinta" +msgstr "aikasuodattimen rakentaminen epäonnistui" -#: plugins/sudoers/ldap.c:1225 +#: plugins/sudoers/ldap.c:1295 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1-varaustäsmäämättömyys" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1842 #, c-format msgid "" "\n" @@ -923,7 +879,7 @@ msgstr "" "\n" "LDAP-rooli: %s\n" -#: plugins/sudoers/ldap.c:1763 +#: plugins/sudoers/ldap.c:1844 #, c-format msgid "" "\n" @@ -932,27 +888,28 @@ msgstr "" "\n" "LDAP-rooli: TUNTEMATON\n" -#: plugins/sudoers/ldap.c:1810 +#: plugins/sudoers/ldap.c:1891 #, c-format msgid " Order: %s\n" msgstr " Järjestys: %s\n" -#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr " Komennot:\n" -#: plugins/sudoers/ldap.c:2240 +#: plugins/sudoers/ldap.c:2321 #, c-format msgid "unable to initialize LDAP: %s" -msgstr "ei kyetä alustamaan kohdetta LDAP: %s" +msgstr "kohteen LDAP alustaminen epäonnistui: %s" -#: plugins/sudoers/ldap.c:2274 +#: plugins/sudoers/ldap.c:2355 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" -msgstr "start_tls määritelty mutta LDAP-kirjastot ei tue funktiota ldap_start_tls_s() tai funktiota ldap_start_tls_s_np()" +msgstr "start_tls määritelty, mutta LDAP-kirjastot ei tue funktiota ldap_start_tls_s() tai funktiota ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2510 +#: plugins/sudoers/ldap.c:2591 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "virheellinen sudoOrder-attribuutti: %s" @@ -960,71 +917,82 @@ msgstr "virheellinen sudoOrder-attribuutti: %s" #: plugins/sudoers/linux_audit.c:57 #, c-format msgid "unable to open audit system" -msgstr "ei kyetä avaamaan audit-järjestelmää" +msgstr "audit-järjestelmän avaaminen epäonnistui" #: plugins/sudoers/linux_audit.c:93 #, c-format msgid "unable to send audit message" -msgstr "ei kyetä lähettämään audit-viestiä" +msgstr "audit-viestin lähettäminen epäonnistui" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s: (komento jatkui) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" -msgstr "ei kyetä avaamaan lokitiedostoa: %s: %s" +msgstr "lokitiedoston avaaminen epäonnistui: %s: %s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" -msgstr "ei kyetä lukitsemaan lokitiedostoa: %s: %s" +msgstr "lokitiedoston lukitseminen epäonnistui: %s: %s" + +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Ei käyttäjä eikä tietokone" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "kelpuutushäiriö" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "käyttäjä EI ole sudoers-tiedostossa" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "käyttäjä ei ole varmennettu tietokoneella" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "komento ei ole sallittu" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "käyttäjä %s ei ole sudoers-tiedostossa. Tästä tapahtumasta ilmoitetaan.\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "käyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s. Tästä tapahtumasta ilmoitetaan.\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Käyttäjä %s ei voi suorittaa komentoa sudo tietokoneella %s.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Käyttäjän %s ei sallita suorittaa ’%s%s%s’ käyttäjänä %s%s%s tietokoneella %s.\n" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "Ei käyttäjä eikä tietokone" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "kelpuutushäiriö" - -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 -#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 -#: plugins/sudoers/sudoers.c:1540 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: komentoa ei löytynyt" -#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" @@ -1033,62 +1001,77 @@ msgstr "" "ohitetaan komento ”%s”, joka löytyi kohteesta ’.’\n" "Käytä ”sudo ./%s”, jos tämä on ”%s”-komento, joka halutaan suorittaa." -#: plugins/sudoers/logging.c:352 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "todentamishäiriö" -#: plugins/sudoers/logging.c:376 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "vaaditaan salasana" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d väärä salasana yritetty" msgstr[1] "%d väärää salasanaa yritetty" -#: plugins/sudoers/logging.c:379 -msgid "a password is required" -msgstr "vaaditaan salasana" - -#: plugins/sudoers/logging.c:530 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" -msgstr "ei kyetä kutsumaan fork-funktiota" +msgstr "fork-funktion kutsuminen epäonnistui" -#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" -msgstr "ei kyetä kutsumaan fork-funktiota: %m" +msgstr "fork-funktion kutsuminen epäonnistui: %m" -#: plugins/sudoers/logging.c:589 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" -msgstr "ei kyetä avaamaan putkea: %m" +msgstr "putken avaaminen epäonnistui: %m" -#: plugins/sudoers/logging.c:614 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" -msgstr "ei kyetä kutsumaan funktiota dup vakiosyötteellä: %m" +msgstr "funktion dup kutsuminen vakiosyötteellä epäonnistui: %m" -#: plugins/sudoers/logging.c:650 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" -msgstr "ei kyetä suorittamaan %s: %m" +msgstr "käskyn %s suorittaminen epäonnistui: %m" -#: plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "sisäinen virhe: riittämättömästi tilaa lokiriville" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "tukematon tiivistetyyppi %d kohteelle %s" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "%s: kirjoitusvirhe" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "tiiviste kohteelle %s (%s) ei ole %s-muodossa" + +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "jäsentämisvirhe tiedostossa %s lähellä riviä %d" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "jäsentämisvirhe tiedostossa %s" -#: plugins/sudoers/parse.c:414 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1097,387 +1080,383 @@ msgstr "" "\n" "Sudoers-rivi:\n" -#: plugins/sudoers/parse.c:416 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " SuoritaKäyttäjänä: " -#: plugins/sudoers/parse.c:431 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " SuoritaRyhmänä: " -#: plugins/sudoers/parse.c:440 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Valitsimet: " + +# Parametri on path, mutta saattaa sisältää suoritettavan ohjelman +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "kohteen %s suorittaminen epäonnistui" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Sudoers-menettelytapalisäosaversio %s\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Sudoers-tiedostokielioppiversio %d\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" Komennot:\n" -"\t" +"\n" +"Sudoers-polku: %s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ": " +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "nsswitch-polku: %s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:670 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "ei kyetä laittamaan välimuistiin uid %u (%s) -käyttäjää, on jo siellä" +msgid "ldap.conf path: %s\n" +msgstr "ldap.conf-polku: %s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/policy.c:671 #, c-format -msgid "unable to cache uid %u, already exists" -msgstr "ei kyetä laittamaan välimuistiin uid %u -käyttäjää, on jo siellä" +msgid "ldap.secret path: %s\n" +msgstr "ldap.secret-polku: %s\n" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:148 #, c-format -msgid "unable to cache user %s, already exists" -msgstr "ei kyetä laittamaan välimuistiin käyttäjää %s, on jo siellä" +msgid "unable to cache uid %u, already exists" +msgstr "käyttäjän uid %u laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä" -#: plugins/sudoers/pwutil.c:668 +#: plugins/sudoers/pwutil.c:190 #, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "ei kyetä laittamaan välimuistiin gid %u (%s) -ryhmää, on jo siellä" +msgid "unable to cache user %s, already exists" +msgstr "käyttäjän %s laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä" -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" -msgstr "ei kyetä laittamaan välimuistiin gid %u -ryhmää, on jo siellä" +msgstr "ryhmän gid %u laittaminen välimuistiin epäonnistui, ryhmä on jo siellä" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" -msgstr "ei kyetä laittamaan välimuistiin ryhmää %s, on jo siellä" +msgstr "ryhmän %s laittaminen välimuistiin epäonnistui, ryhmä on jo siellä" + +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "ryhmäluettelon laittaminen välimuistiin tiedostossa %s epäonnistui, ryhmäluettelo on jo siellä" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +# Parametri on sudoers file +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "ryhmien jäsentäminen tiedostossa %s epäonnistui" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "käyttöoikeuspinoylivuoto" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "käyttöoikeuspinovajaus" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "vaihtaminen root gid -tunnisteeksi epäonnistui" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" -msgstr "ei kyetä vaihtamaan runas gid -tunnisteeksi" +msgstr "vaihtaminen runas gid -tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" -msgstr "ei kyetä vaihtamaan runas gid -tunnisteeksi" +msgstr "vaihtaminen runas uid -tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" -msgstr "ei kyetä vaihtamaan sudoers gid-tunnisteeksi" +msgstr "vaihtaminen sudoers gid-tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "liian monta prosessia" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" -msgstr "ei kyetä asettaan runas-ryhmävektoria" +msgstr "runas-ryhmävektorin asettaminen epäonnistui" -#: plugins/sudoers/sssd.c:251 +#: plugins/sudoers/sssd.c:257 #, c-format -msgid "Unable to dlopen %s: %s" -msgstr "Ei kyetä kutsumaan funktiota dlopen %s: %s" - -#: plugins/sudoers/sssd.c:252 -#, c-format -msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" -msgstr "Ei kyetä alustamaan SSS-lähdettä. Onko SSSD asennettu tietokoneeseesi?" +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "lähteen SSS alustaminen epäonnistui. Onko SSSD asennettu tietokoneeseesi?" # parametrina on path -#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 -#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:287 +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" -msgstr "ei kyetä löytämään symbolia ”%s” polusta %s" +msgstr "symbolin ”%s” löytäminen polusta %s epäonnistui" -#: plugins/sudoers/sudo_nss.c:267 +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Täsmäävät Defaults-rivit kohteelle %s tällä tietokoneella:\n" -#: plugins/sudoers/sudo_nss.c:280 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas- ja Command-kohtaiset oletukset kohteelle %s:\n" -#: plugins/sudoers/sudo_nss.c:293 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Käyttäjä %s voi suorittaa seuraavat komennot tällä tietokoneella:\n" -#: plugins/sudoers/sudo_nss.c:302 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Käyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s.\n" -#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 -#: plugins/sudoers/sudoers.c:953 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "oletusrivien pulma" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "ei löytynyt kelvollisia sudoers-lähteitä, poistutaan" -#: plugins/sudoers/sudoers.c:268 -#, c-format -msgid "unable to execute %s: %s" -msgstr "ei kyetä suorittamaan komentoa %s: %s" - -#: plugins/sudoers/sudoers.c:335 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers määrittelee, että root ei saa suorittaa sudo-komentoa" -#: plugins/sudoers/sudoers.c:342 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "ei käyttöoikeuksia valitsimelle -C" -#: plugins/sudoers/sudoers.c:431 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "aikaleimaomistaja (%s): Tuntematon käyttäjä" -#: plugins/sudoers/sudoers.c:447 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "ei tty:tä" -#: plugins/sudoers/sudoers.c:448 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "sudo-komennon suorittamiseksi on oltava tty" -#: plugins/sudoers/sudoers.c:498 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "komento nykyisessä hakemistossa" -#: plugins/sudoers/sudoers.c:510 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "ympäristöä ei ole lupa säilyttää" -#: plugins/sudoers/sudoers.c:1006 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "funktion stat %s kutsuminen epäonnistui" + +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s ei ole tavallinen tiedosto" -#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s on uid %u -käyttäjän omistama, pitäisi olla %u" -#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "%s on yleiskirjoitettava" -#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s on gid %u -ryhmän omistama, pitäisi olla %u" -#: plugins/sudoers/sudoers.c:1043 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "vain root-käyttäjä voi käyttää valitsinta ”-c %s”" -#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "tuntematon kirjautumisluokka: %s" -#: plugins/sudoers/sudoers.c:1089 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" -msgstr "ei kyetä ratkaisemaan tietokonetta %s" +msgstr "tietokoneen %s ratkaiseminen epäonnistui" -#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "tuntematon ryhmä: %s" -#: plugins/sudoers/sudoers.c:1190 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Sudoers-menettelytapalisäosaversio %s\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Sudoers-tiedostokielioppiversio %d\n" - -#: plugins/sudoers/sudoers.c:1196 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Sudoers-polku: %s\n" - -#: plugins/sudoers/sudoers.c:1199 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "nsswitch-polku: %s\n" - -#: plugins/sudoers/sudoers.c:1201 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "ldap.conf-polku: %s\n" - -#: plugins/sudoers/sudoers.c:1202 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "ldap.secret-polku: %s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "virheellinen suodatinvalitsin: %s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "virheellinen enimmäisodotusaika: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "virheellinen nopeustekijä: %s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s versio %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/ajoitus: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/ajoitus: %s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Toistetaan sudo-istunto: %s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Varoitus: pääteikkunasi on liian pieni tämän lokin toistamiseksi oikein.\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Lokigeometria on %d x %d, pääteikkunasi geometria on %d x %d." -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" -msgstr "ei kyetä asettamaa tty:ta raakatilaan" +msgstr "tty:n asettaminen raakatilaan epäonnistui" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "virheellinen ajoitustiedostorivi: %s" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "kirjoitetaan vakiotulosteeseen" -#: plugins/sudoers/sudoreplay.c:530 +#: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "monimerkityksellinen lauseke ”%s”" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "liian monta sulkumerkillistä lauseketta, enintään %d" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "täsmäämätön ’)’ lausekkeessa" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "tuntematon hakutermi ”%s”" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s vaatii argumentin" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "virheellinen säännöllinen lauseke: %s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" -msgstr "ei voitu jäsentää päivämäärää ”%s”" +msgstr "päivämäärän ”%s” jäsentäminen epäonnistui" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "täsmäämätön ’(’ lausekkeessa" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "virheellinen jäljessä oleva ”or”" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "virheellinen jäljessä oleva ”!”" -#: plugins/sudoers/sudoreplay.c:1050 -#, c-format -msgid "invalid regex: %s" -msgstr "virheellinen säännöllinen lauseke: %s" - -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "käyttö: %s [-h] [-d hakemisto] [-m enimmäisodotusaika] [-s nopeustekijä] ID-tunniste\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "käyttö: %s [-h] [-d hakemisto] -l [hakulauseke]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1486,7 +1465,7 @@ msgstr "" "%s - toista sudo-istuntolokit\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1508,11 +1487,11 @@ msgstr "" " -s nopeustekijä nopeuta tai hidasta tulostusta\n" " -V näytä versiotiedot ja poistu" -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\ttietokone täsmäämätön" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1520,7 +1499,7 @@ msgstr "" "\n" "Komento sallittu" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" @@ -1528,7 +1507,7 @@ msgstr "" "\n" "Komento kielletty" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1536,90 +1515,132 @@ msgstr "" "\n" "Täsmäämätön komento" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "aikaleimapolku on liian pitkä: %s" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "%s on uid %u:n omistama, pitäisi olla uid %u:n omistama" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0700" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s on olemassa, mutta ei ole tavallinen tiedosto (0%o)" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0600" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "aikaleima liian kaukana tulevaisuudessa: %20.20s" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "kohteen %s poistaminen epäonnistui, nollaa ajan" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "kohteen %s nollaaminen ajaksi epäonnistui" + +#: plugins/sudoers/toke_util.c:176 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: puskuriylivuoto" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s kielioppiversio %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "muokkaa %s painamalla enter-painiketta: " -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "kirjoitusvirhe" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" -msgstr "ei kyetä kutsumaan stat-funktiota tilapäiselle tiedostolle (%s), %s ennallaan" +msgstr "funktion stat kutsuminen tilapäiselle tiedostolle (%s) epäonnistui, %s ennallaan" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "nollapituinen tilapäinen tiedosto (%s), %s ennallaan" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editori (%s) epäonnistui, %s ennallaan" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s ennallaan" -#: plugins/sudoers/visudo.c:486 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." -msgstr "ei kyetä avaamaan uudelleen tilapäistä tiedostoa (%s), %s ennallaan." +msgstr "tilapäisen tiedoston (%s) avaaminen uudelleen epäonnistui, %s ennallaan." -#: plugins/sudoers/visudo.c:496 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" -msgstr "ei kyetä jäsentämään tilapäistä tiedostoa (%s), tuntematon virhe" +msgstr "tilapäisen tiedoston (%s) jäsentäminen epäonnistui, tuntematon virhe" -#: plugins/sudoers/visudo.c:534 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" -msgstr "sisäinen virhe, ei kyetä löytämään %s luettelosta!" +msgstr "sisäinen virhe, kohteen %s löytäminen luettelosta epäonnistui!" -#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" -msgstr "ei kyetä asettamaan kohdetta %s (uid, gid) arvoihin (%u, %u)" +msgstr "kohteen %s (uid, gid) asettaminen arvoihin (%u, %u) epäonnistui" -#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" -msgstr "ei kyetä muuttamaan %s-tilaa arvoon 0%o" +msgstr "tilan %s vaihtaminen arvoon 0%o epäonnistui" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s ja %s eivät ole samassa tiedostojärjestelmässä, käytetään komentoa mv uudelleennimeämiseen" -#: plugins/sudoers/visudo.c:631 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "komento epäonnistui: ’%s %s %s’, %s ennallaan" -#: plugins/sudoers/visudo.c:641 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "virhe nimettäessä %s uudelleen, %s ennallaan" -#: plugins/sudoers/visudo.c:704 +#: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "Mitä nyt?" -#: plugins/sudoers/visudo.c:718 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1632,93 +1653,87 @@ msgstr "" " (Q) poistu ja tallenna muutokset sudoers-tiedostoon (VAARA!)\n" # Parametri on path, mutta saattaa sisältää suoritettavan ohjelman -#: plugins/sudoers/visudo.c:759 -#, c-format -msgid "unable to execute %s" -msgstr "ei kyetä suorittamaan kohdetta %s" - -# Parametri on path, mutta saattaa sisältää suoritettavan ohjelman -#: plugins/sudoers/visudo.c:766 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" -msgstr "ei kyetä suorittamaan kohdetta %s" +msgstr "kohteen %s suorittaminen epäonnistui" -#: plugins/sudoers/visudo.c:792 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: väärä omistaja (uid, gid), pitäisi olla (%u, %u)\n" -#: plugins/sudoers/visudo.c:799 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: väärät käyttöoikeudet, pitäisi olla tila 0%o\n" -#: plugins/sudoers/visudo.c:824 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "tiedoston %s jäsentäminen epäonnistui, tuntematon virhe" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "jäsentämisvirhe tiedostossa %s lähellä riviä %d\n" -#: plugins/sudoers/visudo.c:840 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "jäsentämisvirhe tiedostossa %s\n" -#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: jäsentäminen valmis\n" -#: plugins/sudoers/visudo.c:899 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s varattu, yritä myöhemmin uudelleen" -#: plugins/sudoers/visudo.c:943 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "määritelty editori (%s) ei ole olemassa" -#: plugins/sudoers/visudo.c:966 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" -msgstr "ei kyetä kutsumaan funktiota stat editori (%s)" +msgstr "funktion stat editor (%s) kutsuminen epäonnistui" -#: plugins/sudoers/visudo.c:1014 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "editoria ei löytynyt (editoripolku = %s)" -#: plugins/sudoers/visudo.c:1108 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Virhe: jakso kohteessa %s_Alias ”%s”" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Varoitus: jakso kohteessa %s_Alias ”%s”" -#: plugins/sudoers/visudo.c:1112 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Virhe: %s_Alias ”%s” uudelleenviitattu, mutta ei määritelty" -#: plugins/sudoers/visudo.c:1113 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Varoitus: %s_Alias ”%s” uudelleenviitattu, mutta ei määritelty" -#: plugins/sudoers/visudo.c:1248 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: käyttämätön %s_Alias %s" -#: plugins/sudoers/visudo.c:1304 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -1727,7 +1742,7 @@ msgstr "" "%s - muokkaa sudoers-tiedostoa turvallisesti\n" "\n" -#: plugins/sudoers/visudo.c:1306 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1747,10 +1762,59 @@ msgstr "" " -s tiukka syntaksitarkistus\n" " -V näytä versiotiedot ja poistu" -#: toke.l:820 +#: toke.l:886 msgid "too many levels of includes" msgstr "liian monta include-tasoa" +#~ msgid "pam_chauthtok: %s" +#~ msgstr "pam_chauthtok: %s" + +#~ msgid "pam_authenticate: %s" +#~ msgstr "pam_authenticate: %s" + +#~ msgid "Password: " +#~ msgstr "Salasana: " + +#~ msgid "getauid failed" +#~ msgstr "getauid epäonnistui" + +#~ msgid "Unable to dlopen %s: %s" +#~ msgstr "Funktion dlopen %s kutsuminen epäonnistui: %s" + +#~ msgid "invalid regex: %s" +#~ msgstr "virheellinen säännöllinen lauseke: %s" + +#~ msgid ">>> %s: %s near line %d <<<" +#~ msgstr ">>> %s: %s lähellä riviä %d <<<" + +#~ msgid "unable to allocate memory" +#~ msgstr "muistin varaaminen epäonnistui" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + +#~ msgid "unable to set locale to \"%s\", using \"C\"" +#~ msgstr "locale-asetuksen ”%s” asettaminen epäonnistui, käytetään ”C”" + +#~ msgid "" +#~ " Commands:\n" +#~ "\t" +#~ msgstr "" +#~ " Komennot:\n" +#~ "\t" + +#~ msgid ": " +#~ msgstr ": " + +#~ msgid "unable to cache uid %u (%s), already exists" +#~ msgstr "käyttäjän uid %u (%s) laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä" + +#~ msgid "unable to cache gid %u (%s), already exists" +#~ msgstr "ryhmän gid %u (%s) laittaminen välimuistiin epäonnistui, ryhmä on jo siellä" + +#~ msgid "unable to execute %s: %s" +#~ msgstr "komennon %s suorittaminen epäonnistui: %s" + #~ msgid "internal error, expand_prompt() overflow" #~ msgstr "sisäinen virhe, expand_prompt()-ylivuoto" @@ -1780,12 +1844,8 @@ msgstr "liian monta include-tasoa" #~ msgid "set group on %s" #~ msgstr "aseta ryhmä tiedostossa %s" -# Parametri on sudoers file -#~ msgid "unable to set group on %s" -#~ msgstr "ei kyetä asettamaan ryhmää tiedostossa %s" - #~ msgid "unable to fix mode on %s" -#~ msgstr "ei kyetä korjaamaan tilaa tiedostossa %s" +#~ msgstr "tilan korjaaminen tiedostossa %s epäonnistui" #~ msgid "%s is mode 0%o, should be 0%o" #~ msgstr "%s on tila 0%o, pitäisi olla 0%o" @@ -1807,16 +1867,16 @@ msgstr "liian monta include-tasoa" #~ msgstr "%s: %.*s\n" #~ msgid "unable to get runas group vector" -#~ msgstr "ei kyetä hakemaan runas-ryhmävektoria" +#~ msgstr "runas-ryhmävektorin hakeminen epäonnistui" #~ msgid "unable to reset group vector" -#~ msgstr "ei kyetä nollaamaan ryhmävektoria" +#~ msgstr "ryhmävektorin nollaaminen epäonnistui" #~ msgid "unable to get group vector" -#~ msgstr "ei kyetä hakemaan ryhmävektoria" +#~ msgstr "ryhmävektorin hakeminen epäonnistui" #~ msgid "%s: %s_Alias `%s' references self" #~ msgstr "%s: %s_Alias ”%s” viittaa itseensä" #~ msgid "unable to parse temporary file (%s), unknown error" -#~ msgstr "ei kyetä jäsentämään tilapäistä tiedostoa (%s), tuntematon virhe" +#~ msgstr "tilapäisen tiedoston (%s) jäsentäminen epäonnistui, tuntematon virhe" diff --git a/plugins/sudoers/po/hr.mo b/plugins/sudoers/po/hr.mo index 35355a4a16ef5623f71bf8a3b0c94546b459c0ca..a12d546610cf57a09a3ffa1cdc3e3a04a540f9d5 100644 GIT binary patch delta 8818 zcmZA633yc1-N*5h1T=&_gnh{kBnAQrNdSScgaBccge4-2D3jz8Cdtf%Spq?2SXA5v z#;T>FM(bKF%2ZsdRH1@JT2XMtDzu8V)|I!dQtkIQ_vY32y$}ESoOABE=brWAgE!ok z{PwQo==|!BqS+(xy3$6R~}kF|=W( z;t;IH@pv`%!F_lhzKz4s3^t}02-QFzR?1C`bBNvHuW!{OL~LwUcsjf7@AE|=9)o9Bc6Z-xDfT+CalH#Fj__;E!Ua43y|e9S7U$tC2HjR za5BD&rPyz%F~ztH)!>b&4nB^f@pV+aROVeXGz-;%m8cHijC$^oVa&f8`V$3uVM?BJ zBNL0rPeZMB1o>n3@Wbku6KJ94aU^7+I=%okLjjzEx48F@p$5`^gfZjLLbbbe1oJ|N<_{nn)qIDV^1<{*n`#BB0}<3n zwxc?{5B1{jaT<0T>$F#e+B=t{g?C|=&i_6V{4po_(XQ>s4$-MthKunIjN#X)j&0>D z(;IiAUhp!qDyAd7y8tJm*7#ba&*nF%wf`GxuVqYd+F6c8yx(k50-r$bg^zIxp34^1 zTFydsa1rVYcRlvP1E{Hf5Bp*_hOa%8hw5Mns@_8EiC#>{s9U}R^*J^Vkd+k2 zbIZ!2&PX>>%~H52~kQQB!{r>cIw7gBx)m?!@!)DV&X;qn2R&bZ0~>@nZ54iR$@oRQ(s-`+vpr$S3iU z&~rmkn|cANd<*8{!>H$uB1;lAXGmyd>9ZUQQ8Q8D=KZJ_-+QKfUr=eoB$j?PhStF{0KS!Q6#-cm=Bc2#)6cCPqRJ97G+XcTg`ngL-fpl>zCpFyW1iD)4(dZS1-04NU{oKFt!}}ysI`9$_26fy9{+%v z(%u!$@hL=gWD2VO0#_fZ1J~jhd;rVvgnK`ekARkL0&1ozE17>yc{K&{8tjO_M$N=C zs1Y8+A!z11n<*Rf$R-Lkc|oh|6R3_K!ftpHHK4C?R1)u6#QZ-;qO{5x z@!1QVsp+zqzi_CSjh)fD$mv)CY6K;yDXc&(O)aM42GrDV#Rj||wfobTIDe~-NA|n1 zF&7_=lF-PHxfQ-cHJH29>3JE_2eS-I@p05leCgVAnRDF6qn4r?3vdG_UV!T8G1Lrv zie2$6^64!62qBe6Cs)J!1tMh*^i2-^5wQ2r^I_CwKutRYXa-z%uoPymhbv_^qP%jLlg|{Q0 z0`oLZz~q(Aj7`R&1Inrc+fL#PMt#!NhfCHM(uVRp6iX`O+i z$v5Fdybm>ilc?wV)Hod*hm*-KMRoXg)XY4G(|Er*MWPsUYn=y|A>Sag-gQ5+!A%$2 z`J`ToeaLUef%q_LN)IA`%s=^2dn;BsBi)7?*iqC{{(#eQcpdZ48ki;$>hXhEhzC(? z|8LY(=B{=|QiEEmE8To6>P0UiC)Aw5d$8Q=bo4ZiBj2yyS<*$AN`4)7z)khczozhd z3I^jo9E7J(<;k2OH82)6f+p09c3}~IhFY4;MyK8~YN<>7sCILjoTVzo zq2!m~9NdH&=;0^{K1SwK)KW}l%j>~r%*Ac4PhlDP4{!z!4m!Kti}T3u!L4XQ&dgkc zTGD4wFMJ1QVounZAs>z+AAOmG8vYJ71Ct`o0}WV2elHf_X;i)5&Cc#!irS$pGmBwvhLvsrjP`cWgh z4}0SQ)ZRIPBha)s=R6$Z(=s4Zg6HaAJw607}X~8l28NNu{+-H z=AS|>!Ki&f2ZQ1?0D*MsNx>GZ~wmhNhv8(>l~9ZN-83x?BDwb|c?!i!;^3(IP(w^}Ytw zbHCU^&q_$V>fT7b(%Hr1a0umo%)=e1^Zr}cPcVyo&#Rmlj74>DF{d;xVFqcE$A7^1U*5Y)$7S-Mn zRQuoKV9dV8>CjBnrjOQ z$iG63{M_rDnaM@fUyK^SHOQ%nnm7p^nO=KA_x|Uo z8A!Ro8Av8-?WdqN=K|F6taIIrTDo00M(6(p60<2dgBnTcjn0Rq7S+JzsNK5*^YLZu zif2$GZhw=r>xZBko{Rdl`fx0^ViG<@d`|FK;(AWMygzYG;#VginfRU<%M-^?S0B=I z)B;yCG006P3i#3TY;-ew@DYMlGo7jTGq=16e@9eOc9&Z=5fksvpim>!)t|JkXB`ZG zub8Qnoll%c`rpKQ;!;A_7|Lt#0=!!VKe?VE{k)sc!#@%i5LHA4^|_*kjht8?<@BBI z$c-H5rkScjt_KOeo@PAd$8i=hpL7ZKcI%Q%T*LTfv;Xh)8&ba}_7gLRxx_f0c>%LE zem{wc6x@&cm+LoiIdKl@Tkt&mCAMAK18vtkB<>~daSQIi(bU)VDDg@n#fhP8B=I*l zFSJR!X#U?rr9>+6d*U`CdIdi}z0zs$v7Z!tM7n^o9>lNQ@^aF;3W>R-7Z8() zDQ@`+%6Aei#9rbQv53$$k2*O{(tM)%zm7~P@tRxM9p@1fh%>}*iP?mQ_zN+?eaQ*Z zx)u`^M2cJPBV9=hCvpFw027ZPcNuA7J#6Dj^n z)wS9+nZ|NS|H;kw!S-%?Ar5h0`Z4KL(t5{q;sCLk7)i8U(KIUjlbrtl-(T?}VixIk zsDC1vPP8Z5t^kQ?CeZ7ULrcp9xnyCxh7+SaOI zz?Ud)4AfA(s3jD(eQ9O2KCj;!3I{#mK(N4?9d@2-Y_X~X-o}ts8(8bN!T~)P;%%#g zwtl_-x==|pEzRN@QZ&q3Xos43O``dxptspm(_#fySpl93h6sA1Mc-tcOxE@*qgR#RZD9kgl!K0D-=1bIckAM#dv8@=I{g0wUfo0{39 zLuFIgOL2)6TbVgJdtAsWv2sEtCy^M+^FEKimUjGMuRmhf4&!F*vCKj7$1(?|#EuUx zjCUTAo;)NkFV9+3KJCJVv#XX`UO(OQdDN^$%F0=7aX&sOXGBWTGHYt1j4 zXNBxgsI8)=yzPz5STN$Zyz#oBd)jBt^Q`mwB0g*O$V#g*P{&hiBDTNAw)_!awH=K2 zDR{nJcH6Tdix+#Wrf>^gNz7=qr>3DU7>M|5<421ZB&UUgEtaRwLF)7La{q%H^=(Uc{YA_&heC#vDHPf zV-@9NM&%cd&Mz#siV90c7m_Y4Oq*YsztC>>YKHQsGjSzWabZ!SUeP$KXiUkd;&^4{ zyrirNX-o2F+I~B+2}`V*>_&g6Q9IHqE*M`_aDII6{JYuji|g%Rq~7)gtXhxN?D1Lk zti?|^Ftgj>Y4mG~IToH~j}@p59(djpup)tK@BSM-^|n8d))cgBx#zF93#_UDt6?Q> z`bjniYQ2`PRvj>}6$&?dg5GG!j~jk|;6Q6QQqNupNA_=zScy#^_6I`Y zA9wpaZ-}jG>mL1V@`iY$=f~Z?$ZED5y$xQUh*azYmJ`uUZ+?+uM0E>f=-)h z#krl`+qy%pQy+_^=KLxjNhZZAKzPbIw|(S;_TQ< ziwDF%SbQicwr5Fk{L>|?lCu+sVD`)l7gkg*swi(e26}_F-qUsp0?ThpDXH)@1wGBo zQ=mEGoB}4x@2!bg5vw6kAE>u9aZGDdpdo1cBVkRcI_`b&#hn968&n_1n#UZ-XaZZZB=0KR?kx+vA)U&PB+M)CR(KknfhKQLk(YtoPLN z5sUAt|6_7G?~EL1^=N7MUND0N@k@PW$??`eRcd$J;xGhiwI+dPHj^FubnSuo!F72_ zJ!}>rag$fLH{)Nlw6>2u60M9CZd^W~DZmnP5F$+;UK(N(`RHh3ZbGrvjk~-3pPd+L v@Wwow^5fN;RwTvW+WbgzMxZ)KH<=4H;mm0$cG*=o#kySmR=oe#HSPWjVU$+4 delta 7874 zcmZYD30#*|zQ^&ynxKKGpe)KG0wS^tE}#gaASy28np+@$6%kODG&TP&sJYane;cPv z+sm=JH|t-cWs4Tm%xxO2p}N|XSIyM9Q)=Ukb8AZH^W}M*vAO5vkM}v}+0OZ$^E^-| z_xNtxK@%zCQ+G66Rny&o^_ZBM2EjLg7% zY{KE_#Vovv8cB$T?^iit;o5ioU1g@HOMNNmoW%G#b7*#B+FbzZRQ>s_U=zb^%oc&;5f!&W`coa#7X>6c%9&cT)!MLhX_J(8A}j zH@=U9@DeJsiOf!$em+j+`DPy#4;?p9H}Y_{9()+}fHovaraL=m9F9h<-W&|aX6%Ano&LS32fl(@s*h1ia2>m1G_QhNH%_NwVJYf@MW_q5pq9joQTQo# z#=l|+2C@#J7>*M#0lQ%{YCu~s8Xrex>~&;+nhU6mbHzk_w^0K*gFWzj)PTc>+cV2S4X7M-eI;t98&Ly#1U0b(sJ(J>xZAFLPe&jfu?6-C ziKvlJK&7+>HNe%VP4zR>Kwm=*@VMg{)cIFY0}f=T#bN?#Afr&%%|P9+PT$|2RPICe zpLrHb@pDw_`;M?@G9G8qZa}5(II`c&x2PFqu~T{D%uLkl_khzrjB&Itp(YeI(mp>G z)pk#%qP1y2jeHMkWCu_ezK1&TYt(llh_8kQmVTA?4_bIWBM5Qhhwf4o1bJ3!`9Ce?EQJb?BHK8`to;i8U_$JK8 z$57{egzW>tOxiwUIG^X60aTRoJ5aAzEymz#Ovc^V7vDt-FQHNzI@aD~si+5xLp@*) z>VtI;YS-__0eHk|{{=PRV7_KxmT+nGw6Y-grmGWoxq3#QT$f>o%IH##S5LM_c6 ztigk*f%TbU@A@&wzA|^Cmgr5?OwT*VJ59B(AB-AcIZneGEWmf%RQgcyr&lIn5{^Tq zycyGQJL&;PFdQ$UW_lg9RH4)DUskb>^RNT`&!Lv;0BWg^VIZDHW!8OxN`EThGwcTz zqGmK3m5FE2!dFoP{1j90Iw}+W@3ddra@6i$h8plL9E9(pHuH7N!RVRxAET3y3A)W> zDoZ)A1lic;EEZrYpF4d(>QE2fjuyUxyou%$%){8(_V4wXsLbs~?WI;M#LLL`GMRJi zjJZ)0co6mXr+I^lMt&Z9W8hr-6PtwDw99cQZbHqV6=U%`v@q%}`>*3X)Ie9DGP4(p z@K>0HK^69OLy=E_nI+v+o~6RZHCHeb3oGr-(uh52Z$qVYKhDRKs2di{vuD_dn$at$ zr96v#txZUky##ll2D}wB@OjkQe}-W*dn=KcEXcwU}SB7!84twDT6L#?DQ4e+sHyfKfOLHS=W{f!k3ZtbM2@dJ_lYIb>q| z_g}O9tcSsTYnOeu{rA9B>_WQ+HPF>aGR+Ru9`RXbZ@yU6 zK=Uyj@5CW`|F=-l8nvQE{uRbx;BxzI=z|*hNYpM~%RCL3aP&Yh*N|9N`Up0_{8rUlAgD;{BKSrIGcds$i zu?DqdtvCrUV+IzkwlmUzy3Z4+x95}9nKLj<9iKq!Txv3~+JJ7;6Fd9#x*8DphiLovA z4XaQO*okrY8fsvlqjvufXkpj}d!|{a2hG7ET!k9Y5!ChWHYx+DT*G)w-DqD>j@@W4 zK|NptDl^ZZQv4ArLqVJD3FM)cYCcBdTGUeR#zJgG4KR?e+i;9R&U2ePspyNH<`%4q;#X1a;%Y((YFG$CU?!=c=|4ckY1QECC7$pj| z{yz}8)V20`ggcx@fpgLwbnGR*B}NfL2$dZ+?LTw*nZx-n-qM#q`+sTw7x4=spLQ1V zd1x>H!OuXVkjUbgiZo1@#M4A4qKP<9+$9C4T9&Z!*}a48?K8B&S`1mx-f9E8+eVKl%|WZxbI92Z-y0N(W~^s%H=zRH6Ky z_>36I@$p!6%Xu{0%Se7E(yzB?EPjrIo%6nFKZE&usLUi{?T-KVvx=U4r#G03J5c|- z(|!qm>(sB|SmG<ycIvZ< zOzJP_0A(Qcal|R=e%PB(Nx^s=PW+WPMwAmOU5V+$6NDeJoKVRmmJ;rhYEg!Alkaf^ zkw&~ulo7X<{WQ8d5B0@^wEu_rgqTVkA-WNF5hV6UuhWQkY zZ0BGs#?Ve8a)?p1SK?$MhWc&{C1w%ph-%_N;y7`MSU|*a-V*$dxSje4qJVk?K8Y#` zM3|oc2GNBBd+;$rN`I77Pp5usd5y+AqLJ|7*g5?)jmsQtXTj^@>UMaZE z#~U`{uzzU9;>GpzDwdiIR1ajxtz?r@~;y4Ynk)mw21jd3Yfb7OVg0xPa4 z&inGXFa7)mR%Ux1ojB_DtkjIbshJs8=78Lc!JbPKqn(}sR#sMS&OmR(q%xnV;OVI) zt~yskMN@r4t~IW{rebmR3YV3cmhEjRf7~xd8602H;Hs*0Ir;o&E66isTCw-JY3F@B z+h!Dc-=FcG&&|AgX6AU0&aD0Syw=oLSq-kHnu?owEuXW?&l_Lq=kHCNpYQA4uy9&{ zH@NPYulH|DvVFbDjZ->!9$9&~Q$?Ls*-*d8s;gd6;VoS?(8s&;-p2yERFH^jMqX_v zxO!2uCwcvJ|Mm>8UEklcYJJ6zGQ4(uvZqJOgPt2LUA$km%=Yp0+ZgJZv$3al%EpI% wJsmf1aB}?M<`Z#?l?kiaI=g0XLgU#rds3{L`iAPprs`UC7186JvZclUAAAN3QUCw| diff --git a/plugins/sudoers/po/hr.po b/plugins/sudoers/po/hr.po index e8e68d2..faa3b6d 100644 --- a/plugins/sudoers/po/hr.po +++ b/plugins/sudoers/po/hr.po @@ -1,66 +1,73 @@ # Translation of sudoers to Croatian. # This file is put in the public domain. +# Tomislav Krznar , 2012, 2013. # -# Tomislav Krznar , 2012. msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.6b4\n" +"Project-Id-Version: sudoers 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-13 22:56+0200\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-18 15:32+0200\n" "Last-Translator: Tomislav Krznar \n" "Language-Team: Croatian \n" "Language: hr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n" -"X-Generator: Lokalize 1.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Gtranslator 2.91.6\n" -#: gram.y:112 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s: %s kod retka %d <<<" +#: confstr.sh:2 plugins/sudoers/auth/pam.c:340 +msgid "Password:" +msgstr "Lozinka:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** SIGURNOSNE informacije za %h ***" -#: plugins/sudoers/alias.c:125 +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Žao mi je, pokuÅ¡ajte ponovo." + +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Alias „%s” je već definiran" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "ne mogu dobiti razred prijave korisnika %s" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "ne mogu započeti bsd provjeru" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "neispravna vrsta provjere" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "ne mogu postaviti provjeru" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "ne mogu čitati fwtk konfiguraciju" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "ne mogu se spojiti na poslužitelj za provjeru" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "izgubljena veza na poslužitelj za provjeru" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -69,47 +76,47 @@ msgstr "" "greÅ¡ka poslužitelja za provjeru:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to unparse princ ('%s'): %s" msgstr "%s: ne mogu ukloniti analizu upravitelja („%s”): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: ne mogu analizirati „%s”: %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve ccache: %s" msgstr "%s: ne mogu pronaći ccache: %s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: ne mogu alocirati opcije: %s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: ne mogu dobiti vjerodajnice: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize ccache: %s" msgstr "%s: ne mogu inicijalizirati ccache: %s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store cred in ccache: %s" msgstr "%s: ne mogu spremiti vjerodajnicu u ccache: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: ne mogu dobiti upravitelja računala: %s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Ne mogu provjeriti TGT! Moguć napad!: %s" @@ -118,98 +125,102 @@ msgstr "%s: Ne mogu provjeriti TGT! Moguć napad!: %s" msgid "unable to initialize PAM" msgstr "ne mogu inicijalizirati PAM" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:145 msgid "account validation failure, is your account locked?" msgstr "potvrđivanje računa nije uspjelo, je li vaÅ¡ račun zaključan?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:149 msgid "Account or password is expired, reset your password and try again" msgstr "Račun ili lozinka su istekli, vratite izvornu lozinku i pokuÅ¡ajte ponovo" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:156 #, c-format msgid "pam_chauthtok: %s" msgstr "pam_chauthtok: %s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:160 msgid "Password expired, contact your system administrator" msgstr "Lozinka je istekla, javite vaÅ¡em administratoru sustava" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:164 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Račun je istekao ili PAM konfiguracija nema odjeljak „account” za sudo, javite vaÅ¡em administratoru sustava" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:181 #, c-format msgid "pam_authenticate: %s" msgstr "pam_authenticate: %s" -#: plugins/sudoers/auth/pam.c:332 +#: plugins/sudoers/auth/pam.c:339 msgid "Password: " msgstr "Lozinka: " -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "Lozinka:" - -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "niste navedeni u %s bazi podataka" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "nisam uspio inicijalizirati ACE API biblioteku" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "ne mogu uspostaviti vezu s SecurID poslužiteljem" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "Korisnički ID zaključan za SecurID provjeru" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "neispravna duljina korisničkog imena za SecurID" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "neispravni postupak provjere za SecurID" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "SecurID komunikacija nije uspjela" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "nepoznata SecurID greÅ¡ka" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "neispravna duljina lozinke za SecurID" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "ne mogu inicijalizirati SIA sjednicu" -#: plugins/sudoers/auth/sudo_auth.c:121 +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "neispravne metode provjere" + +#: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." -msgstr "Neispravne metode provjere kompajlirane u sudo! Možete mijeÅ¡ati samostalne i nesamostalne provjere." +msgstr "Neispravne metode provjere kompajlirane u sudo! Možete mijeÅ¡ati samostalne i nesamostalne provjere." + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "nema metoda provjere" -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." -msgstr "Nema metoda provjere kompajliranih u sudo! Ako želite isključiti provjeru, koristite konfiguracijsku opciju --disable-authentication." +msgstr "Nema metoda provjere kompajliranih u sudo! Ako želite isključiti provjeru, koristite konfiguracijsku opciju --disable-authentication." -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Metode provjere:" @@ -265,98 +276,35 @@ msgstr "getauid: nije uspio" msgid "au_to_text: failed" msgstr "au_to_text: nije uspio" -#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:818 -#, c-format -msgid "unable to open %s" -msgstr "ne mogu otvoriti %s" - -#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "ne mogu pisati u %s" - -#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 -#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "ne mogu napraviti direktorij %s" - -#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 -#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 -#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 -#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 -#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, %s overflow" -msgstr "interna greÅ¡ka, %s preljev" - -#: plugins/sudoers/check.c:460 -#, c-format -msgid "timestamp path too long: %s" -msgstr "putanja vremenske oznake predugačka: %s" - -#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s postoji, ali nije direktorij (0%o)" - -#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 -#: plugins/sudoers/check.c:583 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "vlasnik %s je uid %u, treba biti uid %u" - -#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0700" - -#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 -#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 -#, c-format -msgid "unable to stat %s" -msgstr "ne mogu izvrÅ¡iti stat %s" - -#: plugins/sudoers/check.c:577 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s postoji, ali nije obična datoteka (0%o)" - -#: plugins/sudoers/check.c:589 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0600" - -#: plugins/sudoers/check.c:643 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "vremenska oznaka predaleko u budućnosti: %20.20s" - -#: plugins/sudoers/check.c:690 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "ne mogu ukloniti %s (%s), vratit ću na početnu epohu" - -#: plugins/sudoers/check.c:698 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "ne mogu vratiti %s na početnu epohu" +#: plugins/sudoers/check.c:174 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Vjerujemo da vam je administrator lokalnog sustava održao uobičajeno\n" +"predavanje. To se obično svodi na sljedeće tri stvari:\n" +"\n" +" #1) PoÅ¡tujte tuđu privatnost.\n" +" #2) Mislite prije pisanja.\n" +" #3) S velikim moćima dolazi velika odgovornost.\n" +"\n" -#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 -#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#: plugins/sudoers/check.c:212 plugins/sudoers/check.c:218 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "nepoznat uid: %u" -#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:215 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "nepoznat korisnik: %s" @@ -722,187 +670,201 @@ msgstr "Skup dozvoljenih ovlasti" msgid "Set of limit privileges" msgstr "Skup ograničenih ovlasti" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Pokreni naredbe na pseudoterminalu u pozadini" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Napravi novu PAM sjednicu u kojoj će se pokrenuti naredba" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "Najveći redni broj U/I dnevnika" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "nepoznata stavka zadanih vrijednosti „%s”" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "vrijednost „%s” nije ispravna za opciju „%s”" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "nije navedena vrijednost za „%s”" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "vrijednost za „%s” mora početi s „/”" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "opcija „%s” ne prihvaća vrijednost" +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 +#, c-format +msgid "internal error, %s overflow" +msgstr "interna greÅ¡ka, %s preljev" + #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: oÅ¡tećen envp, duljina ne odgovara" -#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 -#, c-format -msgid "unable to allocate memory" -msgstr "ne mogu alocirati memoriju" - -#: plugins/sudoers/env.c:992 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "žao mi je, nemate dozvolu za postavljanje sljedećih varijabli okoline: %s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "vlasnik %s mora biti uid %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "samo vlasnik smije imati dozvole za pisanje %s" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 #, c-format msgid "unable to dlopen %s: %s" msgstr "ne mogu izvrÅ¡iti dlopen %s: %s" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "ne mogu pronaći simbol „group_plugin” u %s" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nekompatibilna glavna inačica grupnog priključka %d, očekujem %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Parovi lokalnih IP adresa i mrežnih maski:\n" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:199 plugins/sudoers/timestamp.c:243 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s postoji, ali nije direktorij (0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:164 +#: plugins/sudoers/timestamp.c:220 plugins/sudoers/timestamp.c:270 +#, c-format +msgid "unable to mkdir %s" +msgstr "ne mogu napraviti direktorij %s" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:154 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "ne mogu otvoriti %s" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "ne mogu čitati %s" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:158 #, c-format -msgid "invalid sequence number %s" -msgstr "neispravan broj niza %s" +msgid "unable to write to %s" +msgstr "ne mogu pisati u %s" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "ne mogu napraviti %s" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 -#, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "ne mogu postaviti lokal u „%s”, koristim „C”" - -#: plugins/sudoers/ldap.c:387 +#: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: port je prevelik" -#: plugins/sudoers/ldap.c:410 +#: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: nema dovoljno prostora za proÅ¡irenje međuspremnika računala" -#: plugins/sudoers/ldap.c:440 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "nepodržana vrsta LDAP uri-ja: %s" -#: plugins/sudoers/ldap.c:469 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "neispravan uri: %s" -#: plugins/sudoers/ldap.c:475 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "ne mogu mijeÅ¡ati ldap i ldaps URI-je" -#: plugins/sudoers/ldap.c:479 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "ne mogu mijeÅ¡ati ldaps i starttls" -#: plugins/sudoers/ldap.c:498 +#: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: nema dovoljno prostora za izgradnju međuspremnika računala" -#: plugins/sudoers/ldap.c:572 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "ne mogu inicijalizirati SSL certifikat i bazu podataka ključeva: %s" -#: plugins/sudoers/ldap.c:575 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "morate postaviti TLS_CERT u %s za koriÅ¡tenje SSL-a" -#: plugins/sudoers/ldap.c:992 +#: plugins/sudoers/ldap.c:996 #, c-format msgid "unable to get GMT time" msgstr "ne mogu dohvatiti GMT vrijeme" -#: plugins/sudoers/ldap.c:998 +#: plugins/sudoers/ldap.c:1002 #, c-format msgid "unable to format timestamp" msgstr "ne mogu oblikovati vremensku oznaku" -#: plugins/sudoers/ldap.c:1006 +#: plugins/sudoers/ldap.c:1010 #, c-format msgid "unable to build time filter" msgstr "ne mogu izgraditi filtar vremena" -#: plugins/sudoers/ldap.c:1225 +#: plugins/sudoers/ldap.c:1229 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "neodgovarajuća sudo_ldap_build_pass1 alokacija" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1776 #, c-format msgid "" "\n" @@ -911,7 +873,7 @@ msgstr "" "\n" "LDAP uloga: %s\n" -#: plugins/sudoers/ldap.c:1763 +#: plugins/sudoers/ldap.c:1778 #, c-format msgid "" "\n" @@ -920,27 +882,28 @@ msgstr "" "\n" "LDAP uloga: NEPOZNATA\n" -#: plugins/sudoers/ldap.c:1810 +#: plugins/sudoers/ldap.c:1825 #, c-format msgid " Order: %s\n" msgstr " Redoslijed: %s\n" -#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#: plugins/sudoers/ldap.c:1833 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1173 #, c-format msgid " Commands:\n" msgstr " Naredbe:\n" -#: plugins/sudoers/ldap.c:2240 +#: plugins/sudoers/ldap.c:2255 #, c-format msgid "unable to initialize LDAP: %s" msgstr "ne mogu inicijalizirati LDAP: %s" -#: plugins/sudoers/ldap.c:2274 +#: plugins/sudoers/ldap.c:2289 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "naveden je start_tls, ali LDAP biblioteke ne podržavaju ldap_start_tls_s() ili ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2510 +#: plugins/sudoers/ldap.c:2525 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "neispravno sudoOrder svojstvo: %s" @@ -955,64 +918,75 @@ msgstr "ne mogu otvoriti sustav revizije" msgid "unable to send audit message" msgstr "ne mogu poslati poruku revizije" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (naredba nastavljena) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "ne mogu otvoriti dnevičku datoteku: %s: %s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "ne mogu zaključati dnevničku datoteku: %s: %s" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Nema korisnika ili računala" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "provjera nije uspjela" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "korisnik NIJE u sudoers" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "korisnik NIJE ovlaÅ¡ten na računalu" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "naredba nije dozvoljena" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" -msgstr "%s nije u datoteci sudoers. Ovaj će incident biti prijavljen.\n" +msgstr "%s nije u datoteci sudoers. Ovaj će incident biti prijavljen.\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" -msgstr "Korisniku %s nije dozvoljeno pokrenuti sudo na %s. Ovaj će incident biti prijavljen.\n" +msgstr "Korisniku %s nije dozvoljeno pokrenuti sudo na %s. Ovaj će incident biti prijavljen.\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Žao mi je, korisnik %s ne može pokrenuti sudo na %s.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Žao mi je, korisniku %s nije dozvoljeno izvrÅ¡iti „%s%s%s” kao %s%s%s na %s.\n" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "Nema korisnika ili računala" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "provjera nije uspjela" - -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 -#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 -#: plugins/sudoers/sudoers.c:1540 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: naredba nije pronađena" -#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" @@ -1021,11 +995,15 @@ msgstr "" "zanemarujem „%s” pronađen u „.”\n" "Koristite „sudo ./%s” ako je ovo „%s” koji želite pokrenuti." -#: plugins/sudoers/logging.c:352 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "provjera nije uspjela" -#: plugins/sudoers/logging.c:376 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "potrebna je lozinka" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" @@ -1033,51 +1011,47 @@ msgstr[0] "%d netočan pokuÅ¡aj unosa lozinke" msgstr[1] "%d netočna pokuÅ¡aja unosa lozinke" msgstr[2] "%d netočnih pokuÅ¡aja unosa lozinke" -#: plugins/sudoers/logging.c:379 -msgid "a password is required" -msgstr "potrebna je lozinka" - -#: plugins/sudoers/logging.c:530 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "ne mogu razdvojiti" -#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "ne mogu razdvojiti: %m" -#: plugins/sudoers/logging.c:589 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "ne mogu otvoriti cjevovod: %m" -#: plugins/sudoers/logging.c:614 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "ne mogu izvrÅ¡iti dup stdin: %m" -#: plugins/sudoers/logging.c:650 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "ne mogu izvrÅ¡iti %s: %m" -#: plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "interna greÅ¡ka: nema dovoljno prostora za redak dnevnika" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "greÅ¡ka analize u %s kod retka %d" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "greÅ¡ka analize u %s" -#: plugins/sudoers/parse.c:414 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1086,386 +1060,390 @@ msgstr "" "\n" "Sudoers stavka:\n" -#: plugins/sudoers/parse.c:416 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " PokreniKaoKorisnici: " -#: plugins/sudoers/parse.c:431 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " PokreniKaoGrupe: " -#: plugins/sudoers/parse.c:440 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Opcije:" + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "ne mogu izvrÅ¡iti %s" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Inačica sudoers priključka police %s\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Inačica sudoers gramatike datoteke %d\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" Naredbe:\n" -"\t" +"\n" +"Sudoers putanja: %s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ": " +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "nsswitch putanja: %s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:670 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "ne mogu staviti uid %u (%s) u spremnik, već postoji" +msgid "ldap.conf path: %s\n" +msgstr "ldap.conf putanja: %s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "ldap.secret putanja: %s\n" + +#: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "ne mogu staviti uid %u u spremnik, već postoji" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "ne mogu staviti korisnika %s u spremnik, već postoji" -#: plugins/sudoers/pwutil.c:668 -#, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "ne mogu staviti gid %u (%s) u spremnik, već postoji" - -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "ne mogu staviti gid %u u spremnik, već postoji" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "ne mogu staviti grupu %s u spremnik, već postoji" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "ne mogu staviti popis grupa u spremnik za %s, već postoji" + +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "ne mogu obraditi grupe za %s" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "preljev trajnog stoga" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "podljev trajnog stoga" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "ne mogu promijeniti u administratorski gid" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "ne mogu promijeniti u „pokreni kao” gid" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "ne mogu promijeniti u „pokreni kao” uid" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "ne mogu promijeniti u sudoers gid" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "previÅ¡e procesa" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "ne mogu postaviti „pokreni kao” grupni vektor" -#: plugins/sudoers/sssd.c:251 +#: plugins/sudoers/sssd.c:256 #, c-format msgid "Unable to dlopen %s: %s" msgstr "Ne mogu izvrÅ¡iti dlopen %s: %s" -#: plugins/sudoers/sssd.c:252 +#: plugins/sudoers/sssd.c:257 #, c-format msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Ne mogu inicijalizirati SSS izvor. Je li SSSD instaliran na vaÅ¡em stroju?" -#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 -#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:287 +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "ne mogu pronaći simbol „%s” u %s" -#: plugins/sudoers/sudo_nss.c:267 +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Spajam stavke zadanih vrijednosti za %s na ovom računalu:\n" -#: plugins/sudoers/sudo_nss.c:280 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Zadane vrijednosti „pokreni kao” i specifične za naredbe za %s:\n" -#: plugins/sudoers/sudo_nss.c:293 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Korisnik %s može pokrenuti sljedeće naredbe na ovom računalu:\n" -#: plugins/sudoers/sudo_nss.c:302 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Korisniku %s nije dozvoljeno pokrenuti sudo na %s.\n" -#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 -#: plugins/sudoers/sudoers.c:953 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "problem sa stavkama zadanih vrijednosti" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "nisu pronađeni ispravni sudoers izvori, izlazim" -#: plugins/sudoers/sudoers.c:268 -#, c-format -msgid "unable to execute %s: %s" -msgstr "ne mogu izvrÅ¡iti %s: %s" - -#: plugins/sudoers/sudoers.c:335 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers navodi da root ne može koristiti sudo" -#: plugins/sudoers/sudoers.c:342 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "nemate dozvolu za koriÅ¡tenje opcije -C" -#: plugins/sudoers/sudoers.c:431 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "vlasnik vremenske oznake (%s): Nema takvog korisnika" -#: plugins/sudoers/sudoers.c:447 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "nema terminala" -#: plugins/sudoers/sudoers.c:448 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "žao mi je, morate imati terminal za pokretanje sudo" -#: plugins/sudoers/sudoers.c:498 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "naredba u trenutnom direktoriju" -#: plugins/sudoers/sudoers.c:510 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "žao mi je, nemate dozvolu za očuvanje okoline" -#: plugins/sudoers/sudoers.c:1006 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:215 +#: plugins/sudoers/timestamp.c:259 plugins/sudoers/timestamp.c:327 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "ne mogu izvrÅ¡iti stat %s" + +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s nije obična datoteka" -#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#: plugins/sudoers/sudoers.c:729 toke.l:842 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "vlasnik %s je uid %u, treba biti %u" -#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#: plugins/sudoers/sudoers.c:733 toke.l:849 #, c-format msgid "%s is world writable" msgstr "%s ima dozvole za pisanje svih korisnika" -#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#: plugins/sudoers/sudoers.c:736 toke.l:854 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "vlasnik %s je gid %u, treba biti %u" -#: plugins/sudoers/sudoers.c:1043 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "samo root smije koristiti „-c %s”" -#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "nepoznat razred prijave: %s" -#: plugins/sudoers/sudoers.c:1089 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "ne mogu pronaći računalo %s" -#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "nepoznata grupa: %s" -#: plugins/sudoers/sudoers.c:1190 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Inačica sudoers priključka police %s\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Inačica sudoers gramatike datoteke %d\n" - -#: plugins/sudoers/sudoers.c:1196 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Sudoers putanja: %s\n" - -#: plugins/sudoers/sudoers.c:1199 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "nsswitch putanja: %s\n" - -#: plugins/sudoers/sudoers.c:1201 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "ldap.conf putanja: %s\n" - -#: plugins/sudoers/sudoers.c:1202 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "ldap.secret putanja: %s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "neispravna opcija filtra: %s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "neispravno najveće čekanje: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "neispravni faktor brzine: %s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s inačica %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/vrijeme: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/vrijeme: %s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Prikazujem sudo sjednicu: %s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Upozorenje: vaÅ¡ terminal je premalen za ispravno prikazivanje dnevnika.\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Veličina dnevnika je %d x %d, a veličina vaÅ¡eg terminala %d x %d." -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "ne mogu postaviti terminal u sirovi način" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "neispravan redak datoteke mjerenja vremena: %s" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "ispisujem na standardni izlaz" -#: plugins/sudoers/sudoreplay.c:530 +#: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "viÅ¡eznačni izraz „%s”" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "previÅ¡e izraza u zagradama, najviÅ¡e %d" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "nesparena „)” u izrazu" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "nepoznat pojam pretrage „%s”" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s zahtijeva argument" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 #, c-format msgid "invalid regular expression: %s" msgstr "neispravan regularni izraz: %s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "ne mogu analizirati datum „%s”" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "nesparena „(” u izrazu" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "nedozvoljeni „or” na kraju" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "nedozvoljeni „!” na kraju" -#: plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regex: %s" msgstr "neispravni regularni izraz: %s" -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "uporaba: %s [-h] [-d direktorij] [-m max_čekanje] [-s faktor_brzine] ID\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "uporaba: %s [-h] [-d direktorij] -l [izraz pretrage]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1474,7 +1452,7 @@ msgstr "" "%s - prikaži dnevnike sudo sjednica\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1497,11 +1475,11 @@ msgstr "" " -s faktor_brzine ubrzaj ili uspori ispis\n" " -V prikaži informacije o inačici i izađi" -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\tračunalo nije pronađeno" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1509,7 +1487,7 @@ msgstr "" "\n" "Naredba dozvoljena" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" @@ -1517,7 +1495,7 @@ msgstr "" "\n" "Naredba zabranjena" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1525,90 +1503,132 @@ msgstr "" "\n" "Naredba nije pronađena" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:128 +#, c-format +msgid "timestamp path too long: %s" +msgstr "putanja vremenske oznake predugačka: %s" + +#: plugins/sudoers/timestamp.c:202 plugins/sudoers/timestamp.c:246 +#: plugins/sudoers/timestamp.c:291 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "vlasnik %s je uid %u, treba biti uid %u" + +#: plugins/sudoers/timestamp.c:207 plugins/sudoers/timestamp.c:251 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0700" + +#: plugins/sudoers/timestamp.c:285 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s postoji, ali nije obična datoteka (0%o)" + +#: plugins/sudoers/timestamp.c:297 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0600" + +#: plugins/sudoers/timestamp.c:352 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "vremenska oznaka predaleko u budućnosti: %20.20s" + +#: plugins/sudoers/timestamp.c:406 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "ne mogu ukloniti %s, vratit ću na početnu epohu" + +#: plugins/sudoers/timestamp.c:413 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "ne mogu vratiti %s na početnu epohu" + +#: plugins/sudoers/toke_util.c:221 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: preljev međuspremnika" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s inačica gramatike %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "pritisnite return za uređivanje %s: " -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "greÅ¡ka pisanja" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "na mogu izvrÅ¡iti stat privremene datoteke (%s), %s nepromijenjen" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "privremena datoteka duljine nula (%s), %s nepromijenjen" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "uređivač (%s) nije uspio, %s nepromijenjen" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s nepromijenjen" -#: plugins/sudoers/visudo.c:486 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "ne mogu ponovo otvoriti privremenu datoteku (%s), %s nepromijenjen." -#: plugins/sudoers/visudo.c:496 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "ne mogu analizirati privremenu datoteku (%s), nepoznata greÅ¡ka" -#: plugins/sudoers/visudo.c:534 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "interna greÅ¡ka, ne mogu pronaći %s na popisu!" -#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "na mogu postaviti (uid, gid) od %s na (%u, %u)" -#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "ne mogu promijeniti mod od %s u 0%o" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s i %s nisu na istom datotečnom sustavu, koristim mv za preimenovanje" -#: plugins/sudoers/visudo.c:631 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "naredba nije uspjela: „%s %s %s”, %s nepromijenjen" -#: plugins/sudoers/visudo.c:641 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "greÅ¡ka preimenovanja %s, %s nepromijenjen" -#: plugins/sudoers/visudo.c:704 +#: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "Å to sada? " -#: plugins/sudoers/visudo.c:718 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1620,92 +1640,87 @@ msgstr "" " (x) izađi bez spremanja promjena u datoteku sudoers\n" " (Q) izađi i spremi promjene u datoteku sudoers (OPASNO!)\n" -#: plugins/sudoers/visudo.c:759 -#, c-format -msgid "unable to execute %s" -msgstr "ne mogu izvrÅ¡iti %s" - -#: plugins/sudoers/visudo.c:766 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "ne mogu pokrenuti %s" -#: plugins/sudoers/visudo.c:792 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: krivi vlasnički (uid, gid), treba biti (%u, %u)\n" -#: plugins/sudoers/visudo.c:799 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: neispravne dozvole, treba biti mod 0%o\n" -#: plugins/sudoers/visudo.c:824 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "nisam uspio analizirati %s datoteku, nepoznata greÅ¡ka" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "greÅ¡ka analize u %s kod retka %d\n" -#: plugins/sudoers/visudo.c:840 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "greÅ¡ka analize u %s\n" -#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: analiza u redu\n" -#: plugins/sudoers/visudo.c:899 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s je zauzet, pokuÅ¡ajte ponovo kasnije" -#: plugins/sudoers/visudo.c:943 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "navedeni uređivač (%s) ne postoji" -#: plugins/sudoers/visudo.c:966 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "ne mogu odrediti stanje uređivača (%s)" -#: plugins/sudoers/visudo.c:1014 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "nije pronađen uređivač (putanja uređivača = %s)" -#: plugins/sudoers/visudo.c:1108 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "GreÅ¡ka: petlja u %s_Alias „%s”" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Upozorenje: petlja u %s_Alias „%s”" -#: plugins/sudoers/visudo.c:1112 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "GreÅ¡ka: %s_Alias „%s” je referenciran, ali nije definiran" -#: plugins/sudoers/visudo.c:1113 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Upozorenje: %s_Alias „%s” je referenciran, ali nije definiran" -#: plugins/sudoers/visudo.c:1248 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: nekoriÅ¡teni %s_Alias %s" -#: plugins/sudoers/visudo.c:1304 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -1714,7 +1729,7 @@ msgstr "" "%s - sigurno uređivanje datoteke sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1306 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1734,10 +1749,41 @@ msgstr "" " -s strogo provjeravanje sintakse\n" " -V prikaži informacije o inačici i izađi" -#: toke.l:820 +#: toke.l:815 msgid "too many levels of includes" msgstr "previÅ¡e razina uključivanja" +#~ msgid ">>> %s: %s near line %d <<<" +#~ msgstr ">>> %s: %s kod retka %d <<<" + +#~ msgid "unable to allocate memory" +#~ msgstr "ne mogu alocirati memoriju" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + +#~ msgid "unable to set locale to \"%s\", using \"C\"" +#~ msgstr "ne mogu postaviti lokal u „%s”, koristim „C”" + +#~ msgid "" +#~ " Commands:\n" +#~ "\t" +#~ msgstr "" +#~ " Naredbe:\n" +#~ "\t" + +#~ msgid ": " +#~ msgstr ": " + +#~ msgid "unable to cache uid %u (%s), already exists" +#~ msgstr "ne mogu staviti uid %u (%s) u spremnik, već postoji" + +#~ msgid "unable to cache gid %u (%s), already exists" +#~ msgstr "ne mogu staviti gid %u (%s) u spremnik, već postoji" + +#~ msgid "unable to execute %s: %s" +#~ msgstr "ne mogu izvrÅ¡iti %s: %s" + #~ msgid "internal error, expand_prompt() overflow" #~ msgstr "interna greÅ¡ka, expand_prompt() preljev" diff --git a/plugins/sudoers/po/it.mo b/plugins/sudoers/po/it.mo index 91cf0c61f6a7d4a2a6a4a4d2752a64a005494f48..df09d0043442640820b5486c217beddff3eb835e 100644 GIT binary patch delta 9420 zcmZYE2YeM}zQ*xM0VL8x2{i*rAPGrG0-=OJ2oNB&(2-d1BpJeyT6!yHZ&VpMvU89gfCzn9KLAD@bUx_u^#y8|p=Ua*V@~Hd)0u z4ws@DaxPNUx*ZGgMbw9W!h9S=_w}J_RL|FA5uS^*&3XW1jU?V8QH9e+nIYVYOq=xx z4#qc8BXAU_V((l=0~cW_UV?hzK2*a#Mm4l6d1-u>eXOh+c;M9Nnb zF#dY+#T3lK=TUQ)&UmKdY#fFsVi|72^|%LVvo(V5l;eEV2X`QYWZi*N@E}sv>O<>P zJ`MHUT2x0ai;>`;^%s6*;%C?syBC`WhN4EM8a0#~@gjT>_2O9!kA^aWYWStd^jrI} zD}IX1hV?CKF%RQqTK!{D<+1rBXrvWIJ$MsVL_;tcX9q26~rYVACYw)X$0B(!R~u_8!XMW~@(gH?D7 zuD~PcVkM`HUi1nw3)YV~9}8%e=CmEvftyfs{U&N{rA{`_%|m9x3QN9k-Ap1AU&Cqm z9j4(#R;C&>19h^Uj{WgI)X+YU15w@8ni+%xFdtQKI`+d=*aw4N`Bv2TuELn+>LC(C z@DQfsG1QCG+3Z@?g=pgv)PrHvb1rI19>GEQA@;(bQ4Q)@X<4%X=ZUvMpdjsHK+~sqDxTc!_7DhpTP_~f|;1ays1OOQ4N`js=pA` z!4Rq;=TyZ^Pp+Xri()_OLr1)P@^lU*@;Rs;7oZxn95tltQT5Np;dm`-weR)rzl>_& zVN}CXS&3>uHmV~NV4~njRG5N#qx!M(QqPU0ScB8rYk? z%g(jRQQNG=%U_Kn$iIN`n^6y3?A^Z?N0L8)dhlD+Djqi5 zlrKW*VwjD$qlW55)T;i_^GD1gpU&`T z2q&QCem>ghpx$#1_P~2k9omapq_3cM$LE-%{oiS>Y0+rZi)zrudejhZLuSF+gPOx{ zP;=dPo~bt;^?{YBxjzjxqMK3muS9j=LDUGmgyZmY?9KPBEKU!#tPJ(RMW_eQK&_2G zptjWmsG)os^YJj+*lU4#aS3X%)uI{_K)v@Y)Iqfiwd$Y8v3Lk$D(Jt^w73BE;2czo z>rf*SLT#f9Pz~9I>fs%pPosMF5o%iFzZT1T6v$4C zEbDk2jcWM>R8NEize>ZB4JchmSAZkPp<4B%6 zwuJG&iNwfd=7Hyyo5k@K9;M<}*d0GvVf+sD;!Z2gNcBU#coZIo6Hy~kg+5%3WAJet zjb9?m#~ONq`OexHiChY#D%^^i3`2cz z4p!hs%)t9lQ+oi_f%lPDTd^;^M9qoj!#ALM^cZrCTQ6ZL_B_d~iRs7=wCYe(b|dz~ zXK)n0hf}c2$)-cqsKvG(EAVF2R35^KeBbJPiaGHrQ7>r2DR?bvWZuR$?6lf^cr#X! z-;X*cx}0iWSb*y3B4lA(ew>OA;CMWWd05E2l;BF7qWym!3C+nGIH{o!6472b99D$u0%~73;!^rz^B;U8rB2kNfM2*0A zn2DK=8Hq}qPW}wkobC0>2d*)zeI*X1d>v{{oQD_Tlpv8B)*_v2L6CHPHi?Luo^XVF;s(YKsDeX&cb7;#W}0R41GJQLysam+DZzT zDO`a$PaUAi((R#a)ADbx+1z@=H-ewHa0M4y?kDQ4Pv#H6NOf#pEx>X}A}) zJ(Jd(o=?F3@Pn1R=$*33gV1P|a~zHfa>Vh{yg+RYSP*Zh2>V1!5 zC4TFbmu)xO(~sI!*KMcATKxwo$i$z~#$o4}A*}SQ$B~q8M}6Q9)S`PI`(f7|=77mW zl~;QPP(ytM4#vAtBmEreJ>SJh3?wo7Tr;%QsGc{V8gwa6z zWjGVB#|k`*>ez_$jZ09^Z$&luW>kk_50lVP9727t_XXxg309In0kw#(#C*IP%kfRj z!+sZ<=PFV4R-?+>P>b_=)D*sq>T#Eg%=;%J--}uGB=q8~SdDk07Two49ee!F!mp?ts$gSy}a&g-nS^hbr10;g6X%?sIwDwttTEQYAL%Obxk1>-|tP~ zl0*@Uk+iNq8>}!^QC3E1n7<`B2(42IUE?Tk#QC^8QS!e(9wPY{FRLj&KrA4Z6AP)& z6|>j?iTPH}C641pwz--3n?U7%BsLQhDL;rcgs#a%Kd)}0fFD|XY?5EDIH@~{zY?>F z`NSxmc@(qN{~(FU6x@v6@l`yDNG5$b=AbUyv(RJ{KVR2R%5U__{(xh>dUue1#w#CA zSrPGfFE4r#Jv9DrE5|j63R>}Hi5v$8d2Jo-_gSPnt{+L*L|@9j!taTW>xPa54ko5~ z&kghJ?0J({FLoM)zui$gMpXfooZ@jWIJoT&Cs^LZ@Ztx0q%DqWEMqKBW{TtsQ7EyN$q3602 z1*C`IIm7^>wYU20ASmHsVji@7zBc3F#Bw}asJf3O*uTNSXed&h1|L zOwziFiFu?K6H|yvuly9scM+S2`-l&SWkko7L!ytV8?!DTGmUtO(AAq*NK_DC5|0pb ziF)D?QSN=@Ez-JH61BuJWw-*wB4V^MT*njDJX3-tco{Axx{)4`#5n$g%ooHwq7N~Z z8~=s6W|QuU`8Wb!R-t#z!K;W@h%Vf}23HgJ5|hZU!YoWDx)LvtZzldpM2RM%v*xic zkx8r|(gkmi4Y@2S1Y-MZD-0WMC&^AF-4e!N+tRCMFSQ5!J+gVjD4r=(u8g zNqtS|zyE!RClGT;r(!A2Ad-lVtChrb@<;GHB7^ktg#PaoT@gd#=YR9_DdKO$aH4?t ziO_YI!K~S5$*d)AC5G~%2}$uDL&l}V(pEZlBoqxt?Dk;PUh8Xf?2yyo_}iRDJF?cX zqv5Ep*=}|kBGHgzuL%WP62;BI28x%qha*l)T2*6xA_{{?cf?a$Wx(k zk*QXiXD{Qyb#}e8CP;hK=16<1U2FE-jvC=?92k7kvQpmv)Rq75N`puykDSkZq*h)&zN zqjJKd^4w!t1Ke-2YI(BJ;nh@ew`6CyCuWcQZPAFH-fe%tZtyj%b=-s5^Rn{u^X;Y8 zGnOx@S+>gd2N;bOpL$`FvUAqj+>cMmDM%@qp|NmmpB->E*o&$b*kLCe?x?64?&u&5 z3`GOBKi-skUrI_K7>N%q_&F(afp4R~CE8-wjH$JogH1fXKI#M-96Jzgsdqy0j3R$h ze_rd0@-q6-V49(!a5s%3Uzox~5Pt8fc8aT)H?p zEfQ+CeN8@ppeR1LYgnzaQ-`{pDu3wze_Gd3<;Tj$;~!3YEyX=JbDle|dTtLjrPXd` zG3%x7`s#f5sp`4u&c;?h^JKUB!r=|UP$LV({kgh4B^Zpj6|*wkDYK4cgd@Is9$afT z{4%2~Db`By>`C#hv*#tb?@TCn_s#ixdaEzQK1h5j(RNk3wx-P;IQQZBzvmuK8X5>k zTU&#n2w(KNu0?L=G^$bYx91;CN|{h!>b|G=@wmd033f?Yd08px;^MSLwS`NZ zHoqpha3*tKZkHC9B@r^qi-I?; zkFukiS%>An+VOsNd?XU{@r`Cyg}3P&ou+2L?Q3SY{Ics8If1aMQHL+^F~)_Lha6Lb zjX%@Jh_X@r?E8olq6RCP0I7m2o{#@Z~oOu!J0NFh0o3%krN(~=k8v$<2dbn`qb<`wkpe=URV0tg5T8* zOHG^&N9xw)>TIYnM?#`E`tZ^k&Wh@~x+=SsL(w}RHlFxE%6J_Rb~L~N5e>HaI*tb? zaaQQaiTYUwPE*utC&z^bAzrjPJ+<>fw)4JQ<1-qf$$8NhCls_>*dhLwpgw6%icL=9 z=pY|*n)FK|7{A}ymo(5D6E>zfHO$iEfN~>E8{$WsPDshE)@Kyp!!_*+ACAmkLqKW+Iux%2X{y5%lt%81vme>XMP+ewM;dxuCM(R@zEW|p50 z5g+pzuWaj+6koGpS<+>#1JhK6h3jwhyAN&L6Tho{YElNLN04PemwwxN_oGdpxxF?I zi1*waOLdF3cXsbNtKOZzr6FyU)6AKvN8I);Q{6ANoYJ@BD6zv0zQ$<8mpCfMZe5@= zCEl?0CrtvI`HJp1e?lH4)dySoF|k9I@n z_K*K_`}Cwiz5o?BZPJ$UvjI3x*cY1ku$#SOm;2Wp-^af_cTaM5#NV3eh&MPaWp&s) PepujoD8BoGamoJyyfZp| delta 8291 zcma*rd3+Vs-N*5{NeCpe1qcKPVFoN(2P- z(LvBED0N4x=(WYARzYeN^|6ZjxKgbfwPMw%6$R|)d(U9;c|CtT=f&^7&pC5u=BxwS zetX#KH-`m|_lUT`BF*$zRy^*EwyZu&5s`2}R~)@!JNe1(x1M(>AV6b`{`jOG2-LNa;Sf_m@)PQ4X zWUW-x3#Oxu%TY71&Gli_47`OS@JkHCfnLk%kBL}?`52f$=5{ig(vOklvIg=rH5`wc zkxMZjTd)9wn1Su64kf3Uj!wZW%5|uA`%p9Y0jeXXP#qt_@O59w5Y}HWs&OmYFrD(f zsI`9whhiKHs~IUq8<*lp+>Gk*L1d8D>sW|CxYzTzSp%rWv3M2gxlds!o*v5lYYmH8 zn4WkUCg3*A#{F22?<3E&W(>EiTwINMVGtRV^(Kx-D=qZL%171Lq3+v>ywmz4s^fph zZrC@#yr^L+YD&vdQ@06s;1Q&)HH*8{(JPQuvL3-Gd>fOn6xGb2zBu0nNe2gcwbWHPK{ zZoMw*dKN!g`)btvZOFg_))Q{Uhsb`i`m%#G#f7NNvkvuQ2Q`8RQ5`*w#Td`iG=qy# zdt?jRcpnbJ7jX=JftuN5MyE}`6f1bYbq^Vbil0yqa%im=KY@C|F=UdgKJ1`rI0?0u zHz3cno<^SGn-~Ks)MDdb_+2UTd@ajbL;n_UidrIQoW8^g0t8Y`*RcmdhkdxHcm#}upD*6 z)u<&2Vn2KvyW_Xm6(d=PZWxO*(TlyX71g1uu|M91nz271`_uXqHDi79-Sa&P#=ixs7-YM6YwyqBOhQKo;P)7yj2h| znbTB6QZca5G)PAEd?sp2Yf&BCfZ9|yqB{CGs)H}Pet>Ge3wfo;h z-LE5|0SLeNj`Fj#~Rt*F|VkUX6OrO{mRz z1T~;zs6F!u>a=(!nJ-`*4$%3}C!+_>M;lvFQ@9J&(`RrHe&}BB!20OH$*8r@LCw%q zRQqM9j&H^+ycN~%H4JqG(1)oJ5zd%iCx2a~6 zrJ-Ih4fTSBs1Mc})UMx;nfSC@{sz_IXuf6v-Iz>9Jsyjii3?H3s0P)cHK-e|cD)PL zfy0=M@8bmQJ>9gs1hs@MsF~V=UcA}$5MDs})9K8=dfZNhM%s0T+3h))OnCvO;U?Ve zv8;zt51ewLdBFlyM^~cu#+BF|ccEtVZcOIBLwEEG7 zGTCJED$L&jD^Wea7gO;W9Em4UHw?JgEYVz42b)nHZo^CP2G=jJ6Xh~0)qx991F6SI z+<<&Mtw0-@3^GTs5B>|;=vKE&&6-_;+I$;OBf1MS@m04RIoB*%2C7{Jj!}CYjlXy6 zPvUsWvGdG7MrR}6hk#W8yl6RU z#`a-4zJTNL3~Gt;7Mhv83UevnhDkdA?~oZmg|*0Rx{;^{RG{j&ARj;LAP&OQs17A8 zHea|R981}c3Ah)vd7s3Y_z`Mmve-ZaaXzYJ>#-<6=5aF2x^>3AP_e}9?wvS*`g>4Q z`Ydk6vl!}FCF@H0AZm|vsxmV%7KE2hzod=3g&Js575T9~M%+9(62_VHrl%oAX_c`T$j_zquq%F!y5UDu2l86Xm+NxOp?o9i7`}?V@E;hDR;&5; z55RsDb5P%tIc|L&rcmC3nRozgo&S%>^roT%AA!LbkHfGKv#`!}pX(c_7hG_e`P(fS z)sbQx+q-(n9;SZki2j(sRE!M?Z_(|EtNlZI?zXHG*R>iR|4 z8&{*I{94p$xF0nGuV4&*f_l;S7>C{0n;A{T;gl~zbzma~`jNSXjEx6TBYqRLR^Q=N zOt{>1WI5`Ed$1A@V-6;7Fq?BRrcu5VC*U#6NBv)p(KrXyejBRYpZM2bXpP&ch^J!6 z6{d$J*o|@%s(vGC32sHL>GL=iPomZ``AYMGxv2W6#urdGevMkgrB-G|?LUs5K)bV^5HDfVb&5KJ=_t&9bupLYA zAZo9j!6J;iI#do=^T;Gnu?p3*8&D6pA2pH}u_v~>*E?=ABTI0djzhS<9<}y&VgVjU z8xyvhQ&8Y~32Fvc;%J@!ePr~4H&HMC9Fwr~4zrf&sNK5&3vnlUa0)*!BAfi@)PcH1 zZb|zi%*`LeXNeBP2gKhArAYy9m`<#ra1jwnUT3x|)}fOA*R0Zb{58HwbWsIqFm+M7 zPV^x@Ci^vU0}(}Z)HPB+EXFfLE_v;lJR%TFq0ntKn~J@}DMD+ev#NBxA@rNeZ#L~8 zIxu1;qJjDTQ~=tN5P$uZV?2SGRsL&)H0V zEAbeS;J)ht^07pJkK4`LDP*}92Vy+sAw)J&LU|p|A>zs3jNORIfq_%GsR;tOIK zkx080_yf^}d=XJdzBm2`mApiZ-v1=ggA04`Rzm3}gOx^oKQ}*;{Q2o|3YA1N;o;gx z_!6NshVozV!cd7XAmsvL0I`d@DZ~~+r@^|MxQ+NT@xN0&6@H>GH&)|Xx4{I;or#|) zud;#*`eiZ7x!=wTMh?mekMuU@+TLbo-@HtxI_XI#%bVux z^3HbJz4=aFa$>q&(_mLt`YNmaYG$c*YlCk|o!@S0B)7uX)aJFzvc{&WTs!zp`iZb$ME3NsVC9&b!s32@VO3q@3V(z9Tn2nA+99ven;E>9-qN>zDYOf*%!j^f(=go=mD=;!j z^g?HGS>(?(E1fsWQiA;^MR=T|$!T5vtNoR&+-oKxST(uA2LL>EC#Q-kD!{!bdO3a{88+bje5?H8w4Ml%1ZLJ8G;` zTi)NT$+pwS=4Om>obt5jN?)^YSrZHI4<0EW5fSgMJryu@a-Q50?JQbQ-66CG9M8g7XZ*GcoHGkj&a0WZFrfoeSLqL3AGSHF zZ(Yi{y-`(jZhL5Osm{uUwccNDk5x65H4Tk66YaB`YL@xV?UIN^2g8G3FX<5x_RN-G z^s?5l;QpFJ9%pN9Q2&_VT-L>%?G>*3%KeF>7Ny z!OV3v9_Q)x4?0sXPtsQKH#OSyt2wkg)@pg|hQ>zU`#+lW&%sJ7P z5zM`+(Bm}h;B;;tCfzj&9^L$*$NB5_&cU-==~~scYuqP)z3o(jyLo)J**mLh{G7Aa UW*^5>JLr||N5g{8Tstc4-yFKHYybcN diff --git a/plugins/sudoers/po/it.po b/plugins/sudoers/po/it.po index e571704..63e45e4 100644 --- a/plugins/sudoers/po/it.po +++ b/plugins/sudoers/po/it.po @@ -1,16 +1,14 @@ # Italian translations for sudoers package -# Copyright (C) 2011, 2012 The Free Software Foundation -# This file is distributed under the same license as the sudo package. -# -# Milo Casagrande , 2011, 2012. +# This file is put in the public domain. +# Milo Casagrande , 2011, 2012, 2013. # msgid "" msgstr "" -"Project-Id-Version: sudoers-1.8.6b4\n" +"Project-Id-Version: sudoers-1.8.7b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-15 18:27+0200\n" -"Last-Translator: Milo Casagrande \n" +"POT-Creation-Date: 2013-04-17 15:52-0400\n" +"PO-Revision-Date: 2013-04-20 13:00+0200\n" +"Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" @@ -18,50 +16,57 @@ msgstr "" "Content-Transfer-Encoding: 8-bit\n" "Plural-Forms: nplurals=2; plural=(n!=1);\n" -#: gram.y:112 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s: %s vicino alla riga %d <<<" +#: confstr.sh:2 +msgid "Password:" +msgstr "Password:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** Informazioni di SICUREZZA per %h ***" -#: plugins/sudoers/alias.c:125 +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Riprovare." + +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Alias \"%s\" già definito" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "impossibile ottenere la classe di login per l'utente %s" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "impossibile iniziare l'autenticazione bsd" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "tipo di autenticazione non valida" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "impossibile impostare l'autenticazione" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "impossibile leggere la configurazione fwtk" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "impossibile connettersi al server di autenticazione" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "connessione al server di autenticazione persa" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -70,147 +75,152 @@ msgstr "" "errore del server di autenticazione:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format -msgid "%s: unable to unparse princ ('%s'): %s" -msgstr "%s: impossibile eseguire l'unparse di princ (\"%s\"): %s" +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s: impossibile convertire il principal in stringa (\"%s\"): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: impossibile analizzare \"%s\": %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format -msgid "%s: unable to resolve ccache: %s" -msgstr "%s: impossibile risolvere la ccache: %s" +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s: impossibile risolvere la cache delle credenziali: %s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: impossibile allocare le opzioni: %s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: impossibile ottenere le credenziali: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format -msgid "%s: unable to initialize ccache: %s" -msgstr "%s: impossibile inizializzare la ccache: %s" +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: impossibile inizializzare la cache delle credenziali: %s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format -msgid "%s: unable to store cred in ccache: %s" -msgstr "%s: impossibile salvare le credenziali nella cchace: %s" +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: impossibile salvare le credenziali nella cache: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: impossibile ottenere il principal dell'host: %s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: impossibile verificare TGT. Possibile attacco in corso: %s" -#: plugins/sudoers/auth/pam.c:100 +#: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" msgstr "impossibile inizializzare PAM" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "validazione dell'account non riuscita: forse è bloccato?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" msgstr "Account o password scaduto: reimpostare la password e provare nuovamente" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:162 #, c-format -msgid "pam_chauthtok: %s" -msgstr "pam_chauthtok: %s" +msgid "unable to change expired password: %s" +msgstr "impossibile modificare la password scaduta: %s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "Password scaduta, contattare l'amministratore di sistema" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:171 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Account scaduto o alla configurazione PAM manca una sezione \"account\" per sudo: contattare l'amministratore di sistema" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:188 #, c-format -msgid "pam_authenticate: %s" -msgstr "pam_authenticate: %s" - -#: plugins/sudoers/auth/pam.c:332 -msgid "Password: " -msgstr "Password: " +msgid "PAM authentication error: %s" +msgstr "errore autenticazione PAM: %s" -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "Password:" +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "impossibile stabilire le credenziali: %s" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "l'utente attuale non esiste nel database %s" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "inizializzazione della libreria API ACE non riuscita" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "impossibile contattare il server SecurID" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "ID utente bloccato per l'autenticazione SecurID" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "lunghezza del nome utente per SecurID non valida" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "gestore di autenticazione per SecurID non valido" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "Comunicazione SecurID non riuscita" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "errore SecurID sconosciuto" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "lunghezza del passcode per SecurID errata" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "impossibile inizializzare la sessione SIA" -#: plugins/sudoers/auth/sudo_auth.c:121 -msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." -msgstr "Metodi di autenticazione non validi compilati all'interno di sudo. È possibile usare assieme autenticazione standalone e non-standalone." +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "metodi di autenticazione non validi" + +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "Metodi di autenticazione non validi compilati all'interno di sudo. Non è possibile usare assieme autenticazione standalone e non-standalone." -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "nessun metodo di autenticazione" + +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Non ci sono metodi di autenticazione compilati all'interno di sudo. Per disabilitare l'autenticazione, usare l'opzione di configurazione --disable-authentication." -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Metodi di autenticazione:" @@ -226,9 +236,9 @@ msgstr "getaudit non riuscita" msgid "Could not determine audit condition" msgstr "Impossibile determinare la condizione di audit" -#: plugins/sudoers/bsm_audit.c:101 +#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160 #, c-format -msgid "getauid failed" +msgid "getauid: failed" msgstr "getauid non riuscita" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 @@ -256,108 +266,40 @@ msgstr "au_to_return32 non riuscita" msgid "unable to commit audit record" msgstr "impossibile inviare il record di audit" -#: plugins/sudoers/bsm_audit.c:160 -#, c-format -msgid "getauid: failed" -msgstr "getauid non riuscita" - #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text non riuscita" -#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:818 -#, c-format -msgid "unable to open %s" -msgstr "impossibile aprire %s" - -#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "impossibile scrivere su %s" - -#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 -#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "impossibile creare la directory %s" - -#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 -#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 -#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 -#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 -#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, %s overflow" -msgstr "errore interno, overflow di %s" - -#: plugins/sudoers/check.c:460 -#, c-format -msgid "timestamp path too long: %s" -msgstr "percorso marcatura temporale troppo lungo: %s" - -#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s esiste, ma non è una directory (0%o)" - -#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 -#: plugins/sudoers/check.c:583 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "%s è di proprietà dell'uid %u, dovrebbe essere dell'uid %u" - -#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0700" - -#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 -#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 -#, c-format -msgid "unable to stat %s" -msgstr "impossibile eseguire stat su %s" - -#: plugins/sudoers/check.c:577 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s esiste, ma non è un file regolare (0%o)" - -#: plugins/sudoers/check.c:589 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0600" - -#: plugins/sudoers/check.c:643 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "marcatura temporale troppo avanti nel tempo: %20.20s" - -#: plugins/sudoers/check.c:690 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "impossibile rimuovere %s (%s), viene reimpostato al tempo epoch" - -#: plugins/sudoers/check.c:698 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "impossibile reimpostare %s al tempo epoch" +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Questa lezione dovrebbe essere stata impartita dall'amministratore\n" +"di sistema locale. Solitamente equivale a:\n" +"\n" +" #1) Rispettare la privacy degli altri\n" +" #2) Pensare prima di digitare\n" +" #3) Da grandi poteri derivano grandi responsabilità\n" +"\n" -#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 -#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "uid sconosciuto: %u" -#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "utente sconosciuto: %s" @@ -723,187 +665,201 @@ msgstr "Privilegi concessi" msgid "Set of limit privileges" msgstr "Privilegi non concessi" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Esegue i comandi in un pty in background" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Crea una nuova sessione PAM in cui eseguire il comando" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "Numero massimo di sequenze I/O di registro" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "voce Defaults \"%s\" sconosciuta" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "il valore \"%s\" non è valido per l'opzione \"%s\"" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "nessun valore specificato per \"%s\"" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "i valori per \"%s\" devono iniziare con un carattere \"/\"" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "l'opzione \"%s\" non accetta un valore" +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 +#, c-format +msgid "internal error, %s overflow" +msgstr "errore interno, overflow di %s" + #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp danneggiato, non corrispondenza in lunghezza" -#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 -#, c-format -msgid "unable to allocate memory" -msgstr "impossibile allocare memoria" - -#: plugins/sudoers/env.c:992 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "permessi non sufficienti per impostare le seguenti variabili d'ambiente: %s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s deve essere di proprietà dello uid %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s deve essere scrivibile solo dal proprietario" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "impossibile eseguire dlopen su %s: %s" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "impossibile trovare il simbolo \"group_plugin\" in %s" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: version major %d del plugin per il gruppo non compatibile, atteso %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Coppia indirizzo IP locale e maschera di rete:\n" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s esiste, ma non è una directory (0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 +#, c-format +msgid "unable to mkdir %s" +msgstr "impossibile creare la directory %s" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "impossibile aprire %s" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "impossibile leggere %s" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format -msgid "invalid sequence number %s" -msgstr "numero di sequenze %s non valido" +msgid "unable to write to %s" +msgstr "impossibile scrivere su %s" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "impossibile creare %s" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 -#, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "impossibile impostare il locale a \"%s\", viene usato \"C\"" - -#: plugins/sudoers/ldap.c:387 +#: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: porta troppo grande" -#: plugins/sudoers/ldap.c:410 +#: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: spazio esaurito nell'espansione di hostbuf" -#: plugins/sudoers/ldap.c:440 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "tipologia di uri LDAP non supportata: %s" -#: plugins/sudoers/ldap.c:469 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "uri non valido: %s" -#: plugins/sudoers/ldap.c:475 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "impossibile utilizzare URI ldap e ldaps assieme" -#: plugins/sudoers/ldap.c:479 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "impossibile utilizzare ldaps e starttls assieme" -#: plugins/sudoers/ldap.c:498 +#: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: spazio esaurito nella generazione di hostbuf" -#: plugins/sudoers/ldap.c:572 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "impossibile inizializzare il certificato SSL e il database delle chiavi: %s" -#: plugins/sudoers/ldap.c:575 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "è necessario selezionare TLS_CERT in %s per usare SSL" -#: plugins/sudoers/ldap.c:992 +#: plugins/sudoers/ldap.c:1062 #, c-format msgid "unable to get GMT time" msgstr "impossibile ottenere orario GMT" -#: plugins/sudoers/ldap.c:998 +#: plugins/sudoers/ldap.c:1068 #, c-format msgid "unable to format timestamp" msgstr "impossibile formattare la marcatura temporale" -#: plugins/sudoers/ldap.c:1006 +#: plugins/sudoers/ldap.c:1076 #, c-format msgid "unable to build time filter" msgstr "impossibile creare filtro temporale" -#: plugins/sudoers/ldap.c:1225 +#: plugins/sudoers/ldap.c:1295 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "non corrispondenza nell'allocazione sudo_ldap_build_pass1" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1842 #, c-format msgid "" "\n" @@ -912,7 +868,7 @@ msgstr "" "\n" "Ruolo LDAP: %s\n" -#: plugins/sudoers/ldap.c:1763 +#: plugins/sudoers/ldap.c:1844 #, c-format msgid "" "\n" @@ -921,27 +877,28 @@ msgstr "" "\n" "Ruolo LDAP: sconosciuto\n" -#: plugins/sudoers/ldap.c:1810 +#: plugins/sudoers/ldap.c:1891 #, c-format msgid " Order: %s\n" msgstr " Ordine: %s\n" -#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr " Comandi:\n" -#: plugins/sudoers/ldap.c:2240 +#: plugins/sudoers/ldap.c:2321 #, c-format msgid "unable to initialize LDAP: %s" msgstr "impossibile inizializzare LDAP: %s" -#: plugins/sudoers/ldap.c:2274 +#: plugins/sudoers/ldap.c:2355 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "specificato start_tls ma le librerie LDAP non supportano ldap_start_tls_s() o ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2510 +#: plugins/sudoers/ldap.c:2591 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "attributo sudoOrder non valido: %s" @@ -956,64 +913,75 @@ msgstr "impossibile aprire il sistema di audit" msgid "unable to send audit message" msgstr "impossibile inviare il messaggio di audit" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (comando continuato) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "impossibile aprire il file di registro: %s: %s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "impossibile impostare il blocco sul file di registro: %s: %s" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Nessun utente o host" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "validazione non riuscita" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "utente non tra i sudoers" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "utente non autorizzato sull'host" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "comando non consentito" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s non è nel file sudoers. Questo evento verrà segnalato.\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "A %s non è consentito eseguire sudo su %s. Questo evento verrà segnalato.\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "L'utente %s non può eseguire sudo su %s.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "All'utente %s non è consentito eseguire \"%s%s%s\" come %s%s%s su %s.\n" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "Nessun utente o host" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "validazione non riuscita" - -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 -#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 -#: plugins/sudoers/sudoers.c:1540 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: comando non trovato" -#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" @@ -1022,62 +990,77 @@ msgstr "" "viene ignorato \"%s\" trovato in \".\"\n" "Usare \"sudo ./%s\" se \"%s\" è quello da eseguire." -#: plugins/sudoers/logging.c:352 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "autenticazione non riuscita" -#: plugins/sudoers/logging.c:376 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "è necessaria una password" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d tentativo di immissione password non corretto" msgstr[1] "%d tentativi di immissione password non corretti" -#: plugins/sudoers/logging.c:379 -msgid "a password is required" -msgstr "è necessaria una password" - -#: plugins/sudoers/logging.c:530 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "impossibile eseguire fork" -#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "impossibile eseguire fork: %m" -#: plugins/sudoers/logging.c:589 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "impossibile aprire una pipe: %m" -#: plugins/sudoers/logging.c:614 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "impossibile eseguire dup sullo stdin: %m" -#: plugins/sudoers/logging.c:650 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "impossibile eseguire %s: %m" -#: plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "errore interno: spazio insufficiente per la riga di registro" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "tipo di digest %d non supportato per %s" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "%s: errore di lettura" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "digest per %s (%s) non è nella forma %s" + +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "errore di analisi in %s vicino alla riga %d" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "errore di analisi in %s" -#: plugins/sudoers/parse.c:414 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1086,386 +1069,380 @@ msgstr "" "\n" "Voce sudoers:\n" -#: plugins/sudoers/parse.c:416 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:431 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:440 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Opzioni: " + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "impossibile eseguire %s" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Versione %s del plugin della politica sudoers\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Versione %d della grammatica del file sudoers\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" Comandi:\n" -"\t" +"\n" +"Percorso sudoers: %s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ": " +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "percorso nsswitch: %s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:670 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "impossibile salvare in cache lo uid %u (%s), esiste già" +msgid "ldap.conf path: %s\n" +msgstr "percorso ldap.conf: %s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "percorso ldap.secret: %s\n" + +#: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "impossibile salvare in cache lo uid %u, esiste già" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "impossibile salvare in cache l'utente %s, esiste già" -#: plugins/sudoers/pwutil.c:668 -#, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "impossibile salvare in cache il gid %u (%s), esiste già" - -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "impossibile salvare in cache il gid %u, esiste già" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "impossibile salvare in cache il gruppo %s, esiste già" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "impossibile salvare in cache l'elenco di gruppo %s, esiste già" + +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "impossibile analizzare i gruppi per %s" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "overflow dello stack perm" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "underflow dello stack perm" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "impossibile passare al gid root" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "impossibile passare al gid runas" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "impossibile passare allo uid runas" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "impossibile passare al gid sudoers" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "troppi processi" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "impossibile impostare il vettore di gruppo per runas" -#: plugins/sudoers/sssd.c:251 -#, c-format -msgid "Unable to dlopen %s: %s" -msgstr "Impossibile eseguire dlopen su %s: %s" - -#: plugins/sudoers/sssd.c:252 +#: plugins/sudoers/sssd.c:257 #, c-format -msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" -msgstr "Impossibile inizializzare la sorgente SSS. È stato installato SSSD?" +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "impossibile inizializzare la sorgente SSS. È stato installato SSSD?" -#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 -#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:287 +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "impossibile trovare il simbolo \"%s\" in \"%s\"" -#: plugins/sudoers/sudo_nss.c:267 +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Corrispondenza voci Defaults per %s su questo host:\n" -#: plugins/sudoers/sudo_nss.c:280 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Valori predefiniti per Runas e Command per %s:\n" -#: plugins/sudoers/sudo_nss.c:293 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "L'utente %s può eseguire i seguenti comandi su questo host:\n" -#: plugins/sudoers/sudo_nss.c:302 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "L'utente %s non è abilitato all'esecuzione di sudo su %s.\n" -#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 -#: plugins/sudoers/sudoers.c:953 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "problema con le voci Defaults" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "nessuna sorgente valida di sudoers trovata, uscita" -#: plugins/sudoers/sudoers.c:268 -#, c-format -msgid "unable to execute %s: %s" -msgstr "impossibile eseguire %s: %s" - -#: plugins/sudoers/sudoers.c:335 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers indica che a root non è consentito usare sudo" -#: plugins/sudoers/sudoers.c:342 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "non è consentito usare l'opzione -C" -#: plugins/sudoers/sudoers.c:431 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "proprietario marcatura temporale (%s): utente inesistente" -#: plugins/sudoers/sudoers.c:447 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "nessun tty" -#: plugins/sudoers/sudoers.c:448 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "è necessario disporre di un tty per eseguire sudo" -#: plugins/sudoers/sudoers.c:498 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "comando nella directory corrente" -#: plugins/sudoers/sudoers.c:510 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "non è consentito preservare l'ambiente" -#: plugins/sudoers/sudoers.c:1006 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "impossibile eseguire stat su %s" + +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s non è un file regolare" -#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s è di proprietà dello uid %u, dovrebbe essere di %u" -#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "%s è scrivibile da tutti" -#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s è di proprietà del gid %u, dovrebbe essere di %u" -#: plugins/sudoers/sudoers.c:1043 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "solo root può usare \"-c %s\"" -#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "classe di login sconosciuta: %s" -#: plugins/sudoers/sudoers.c:1089 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "impossibile risolvere l'host %s" -#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "gruppo sconosciuto: %s" -#: plugins/sudoers/sudoers.c:1190 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Versione %s del plugin della politica sudoers\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Versione %d della grammatica del file sudoers\n" - -#: plugins/sudoers/sudoers.c:1196 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Percorso sudoers: %s\n" - -#: plugins/sudoers/sudoers.c:1199 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "percorso nsswitch: %s\n" - -#: plugins/sudoers/sudoers.c:1201 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "percorso ldap.conf: %s\n" - -#: plugins/sudoers/sudoers.c:1202 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "percorso ldap.secret: %s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "opzione di filtro non valida: %s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "attesa massima non valida: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "fattore di velocità non valido: %s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s versione %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/timing: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/timing: %s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Riproduzione della sessione sudo: %s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Attenzione: il terminale è troppo piccolo per riprodurre correttamente il registro.\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "La geometria del registro è %dx%d, quella del terminale è %dx%d." -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "impossibile impostare il terminale in modalità raw" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "riga di timing del file non valida: %sas" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "scrittura sullo standard output" -#: plugins/sudoers/sudoreplay.c:530 +#: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "espressione \"%s\" ambigua" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "troppe espressioni con parentesi, massimo %d" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "carattere \"(\" nell'espressione non corrisposto" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "termine di ricerca \"%s\" non conosciuto" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s richiede un argomento" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "espressione regolare non valida: %s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "impossibile analizzare la data \"%s\"" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "carattere \"(\" nell'espressione non corrisposto" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "\"or\" finale non consentito" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "carattere \"!\" finale non consentito" -#: plugins/sudoers/sudoreplay.c:1050 -#, c-format -msgid "invalid regex: %s" -msgstr "espressione regolare non valida: %s" - -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "uso: %s [-h] [-d DIRECTORY] [-m MAX_WAIT] [-s SPEED_FACTOR] ID\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "uso: %s [-h] [-d DIRECTORY] -l [ESPRESSIONE DI RICERCA]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1474,7 +1451,7 @@ msgstr "" "%s - Riproduce i registri di sessione di sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1496,11 +1473,11 @@ msgstr "" " -s SPEED_FACTOR Velocizza o rallenta l'output\n" " -V Visualizza la versione ed esce" -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\thost non trovato" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1508,7 +1485,7 @@ msgstr "" "\n" "Comando consentito" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" @@ -1516,7 +1493,7 @@ msgstr "" "\n" "Comando negato" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1524,90 +1501,132 @@ msgstr "" "\n" "Comando non trovato" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "percorso marcatura temporale troppo lungo: %s" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "%s è di proprietà dell'uid %u, dovrebbe essere dell'uid %u" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0700" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s esiste, ma non è un file regolare (0%o)" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0600" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "marcatura temporale troppo avanti nel tempo: %20.20s" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "impossibile rimuovere %s, viene reimpostato al tempo epoch" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "impossibile reimpostare %s al tempo epoch" + +#: plugins/sudoers/toke_util.c:176 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: buffer overflow" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s versione grammaticale %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "premere Invio per modificare %s:" -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "errore di scrittura" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "impossibile eseguire stat sul file temporaneo (%s), %s non modificato" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "file temporaneo di lunghezza pari a zero (%s), %s non modificato" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editor (%s) non riuscito, %s non modificato" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s non modificato" -#: plugins/sudoers/visudo.c:486 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "impossibile riaprire il file temporaneo (%s), %s non modificato" -#: plugins/sudoers/visudo.c:496 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "impossibile analizzare il file temporaneo (%s), errore sconosciuto" -#: plugins/sudoers/visudo.c:534 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "errore interno, impossibile trovare %s nell'elenco." -#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "impossibile impostare (uid, gid) di %s a (%u, %u)" -#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "impossibile modificare la modalità di %s a 0%o" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s e %s non sono sullo stesso file system, viene usato \"mv\" per rinominare" -#: plugins/sudoers/visudo.c:631 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "comando non riuscito: \"%s %s %s\", %s non modificato" -#: plugins/sudoers/visudo.c:641 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "errore nel rinominare %s, %s non è stato modificato" -#: plugins/sudoers/visudo.c:704 +#: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "Cosa fare ora?" -#: plugins/sudoers/visudo.c:718 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1619,99 +1638,94 @@ msgstr "" " (x) Esce senza salvare le modifiche al file sudoers\n" " (Q) Esce e salva le modifiche al file sudoers (pericoloso)\n" -#: plugins/sudoers/visudo.c:759 -#, c-format -msgid "unable to execute %s" -msgstr "impossibile eseguire %s" - -#: plugins/sudoers/visudo.c:766 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "impossibile avviare %s" -#: plugins/sudoers/visudo.c:792 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: proprietario errato (uid, gid), dovrebbe essere (%u, %u)\n" -#: plugins/sudoers/visudo.c:799 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: permessi errati, dovrebbe avere modalità 0%o\n" -#: plugins/sudoers/visudo.c:824 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "analisi del file %s non riuscita, errore sconosciuto" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "errore di analisi in %s vicino alla riga %d\n" -#: plugins/sudoers/visudo.c:840 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "errore di analisi in %s\n" -#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: analisi effettuata correttamente\n" -#: plugins/sudoers/visudo.c:899 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s occupato, riprovare" -#: plugins/sudoers/visudo.c:943 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "l'editor specificato (%s) non esiste" -#: plugins/sudoers/visudo.c:966 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "impossibile eseguire stat sull'editor (%s)" -#: plugins/sudoers/visudo.c:1014 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "nessun editor trovato (percorso dell'editor = %s)" -#: plugins/sudoers/visudo.c:1108 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Errore: ciclo in %s_Alias \"%s\"" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Attenzione: ciclo in %s_Alias \"%s\"" -#: plugins/sudoers/visudo.c:1112 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Errore: riferimento a \"%2$s\" %1$s_Alias, ma non definito" -#: plugins/sudoers/visudo.c:1113 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Attenzione: riferimento a \"%2$s\" %1$s_Alias, ma non definito" -#: plugins/sudoers/visudo.c:1248 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%1$s: %3$s di %2$s_Alias non utilizzato" -#: plugins/sudoers/visudo.c:1304 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "%s - Modifica in sicurezza il file sudoers\n" -#: plugins/sudoers/visudo.c:1306 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1731,6 +1745,55 @@ msgstr "" " -s Verifica precisa della sintassi\n" " -V Visualizza la versione ed esce" -#: toke.l:820 +#: toke.l:886 msgid "too many levels of includes" msgstr "troppi livelli di inclusioni" + +#~ msgid "pam_chauthtok: %s" +#~ msgstr "pam_chauthtok: %s" + +#~ msgid "pam_authenticate: %s" +#~ msgstr "pam_authenticate: %s" + +#~ msgid "Password: " +#~ msgstr "Password: " + +#~ msgid "getauid failed" +#~ msgstr "getauid non riuscita" + +#~ msgid "Unable to dlopen %s: %s" +#~ msgstr "Impossibile eseguire dlopen su %s: %s" + +#~ msgid "invalid regex: %s" +#~ msgstr "espressione regolare non valida: %s" + +#~ msgid ">>> %s: %s near line %d <<<" +#~ msgstr ">>> %s: %s vicino alla riga %d <<<" + +#~ msgid "unable to allocate memory" +#~ msgstr "impossibile allocare memoria" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + +#~ msgid "unable to set locale to \"%s\", using \"C\"" +#~ msgstr "impossibile impostare il locale a \"%s\", viene usato \"C\"" + +#~ msgid "" +#~ " Commands:\n" +#~ "\t" +#~ msgstr "" +#~ " Comandi:\n" +#~ "\t" + +#~ msgid ": " +#~ msgstr ": " + +#~ msgid "unable to cache uid %u (%s), already exists" +#~ msgstr "impossibile salvare in cache lo uid %u (%s), esiste già" + +#~ msgid "unable to cache gid %u (%s), already exists" +#~ msgstr "impossibile salvare in cache il gid %u (%s), esiste già" + +#~ msgid "unable to execute %s: %s" +#~ msgstr "impossibile eseguire %s: %s" diff --git a/plugins/sudoers/po/nl.mo b/plugins/sudoers/po/nl.mo new file mode 100644 index 0000000000000000000000000000000000000000..ca3122de5811bf84e12fa053ec9e764885e8109c GIT binary patch literal 35763 zcmb`Q3!Gh7UGH}hOFKZ{EiIIGC+##zJ7@ChbNWao$s`TUi%gONrA*Jv*>mP(&Z}pi zGm}Xbih|`0@)QMBym}E(v8Z@Ke`@jDG|N5{0T5I^i1&@7Q#Bcu@QFJ-@+My`=5YJDzSYM;)JU*TWp6_urcrNdo z!3)6c{{0Ae5%06$dE|cp{AuuIPj&gPxYDIx51vE1ZJ^3|x_>W&=kwkMRo_p5w}Gz# z`7inu|6B$B3wR57Q5;2=g8RU0z$&;7d0CCo=fK;+sAT^|cYyj{2bJ%&AXP=b531e&2%ZaG z22qr59VmJ}9TeSO0KOdjC`i)iAeq$82SJ7?`YrHm@blmh`1c^BivAfCA78q`@qG!@ z_nja`MJ-VI-vUm69|h@JGz8Jr{u{v?!7jK9dhm_T|gs6mr+pVRzS7u<>2|? zhd@XXecFFlq~fpVAC3DQsQfPk)$jND_b-F6Qgj*2Bl>Oy#WxRts`oXZ+W#A%+W7@= zJ9s&Tshs;j@yCn67<>n~3j7oBCh(h}=z0yE6Ti=bN5Hp%uK|Ams+`x5SoOXSRQaC< zAyM=sm}d`oC#Z3J9Y~SU2SJVRcR}$}j1Z}uDhSD4d5l1~pEf1x5e= z1}_Akf)J?O^ zTU@_x0M(v@pz=?H>gP{^YR}Jt>estK@yTC$d;~m`_ba!$_-jD5Yd-b3yUb z&wy&@dqK7DlODeWD*d-Xwf9Vz>`HJLR68a><$ETm@|xgN!54wBUi2&AZt!nF(S6M} z*N=VRvw81;qT44ySS|WKsQzq%NfEW^9#C@k3jh8-a5eAW1l6DOcewN=Q13@TjY|hq zyWb3|UGD;w@8h7-eFKz!I2&c5cHID~-e-gQ{zCu#H$n0J=RoC`FsOf5c^n5tk17BD zJW%z&8N3?&7$`b@0~CLsvCH9Qpy;*{)VS~TI0eSM9|Kj+8$t2qM?v-H)1dg}A3({; z8FxCpcPXfL-2tk+XM-`=14X~rgKFnTz*XRvef*CyI4buVP~(0JDEiz5Dt#4HyB`9t z2Y((^y3c^t4savyXFScN-wcZ0lc40P0bUM17rYkyIdBd5hhPkT6I8p;z02`e2~_!e zK$ZU-PuveI6kO?qT7#w`u=)Q?S9zDe;8a(zP|v!2R`ngi~qr->-V{b9Io=X8B}{G z{QEP&^LRfBZUG+vHNNiyN5H=VVe#m!!|wY&Q2lIzYWHhF(e=Zi+V^?zZt%MxLm2Hl z;>PKX;Pt$J98|x504o1AB)$$j1R~c=00XM%qX-VS~l90gZB(~ZLcQ2m?-F9F{HN`5~KN?(5kRKG8Nmh0y>Q2K2S zjKPP%8^E`LYr!voYVYIjar5O>;A41igZiF=UGSBl+W%OT+r8j3z;)p7fUCeSg5tNw z5Q$2NVsJlL1;@enfRd;0gX+(9&vEp676?hAH-i_0{|2hO$4@yuQv$_z2f-`A9|t#s zZvt-uKLu_8&$`d`{}xc=Qv=n$SAiOr_kzm*U*J{XCS^zY2UR_$Q#o{p%ni z7~L@K`u%+HHr_uAUI<<=c;nvK(+Jh;5FcyIVZ>a zz$ftjEbwx$3O)&Z0jTod1d5;E1B#!&0&W7&uSL-ga0e*9c`>*b`~awaJn<;J06rbO z5_~%-I({5fJHG~sFR!0>#lt>;1<3=2&&!>f_H-71x3#- z4LAQTfU56<9=`yJza9Z4XV*2I{67dP-yedPg8v1s121Vgx@`qTw=$@D-vX-NUjRGc zRqZHxEBJbF9K7XzCw~us6TH6~+zEaTOu;M3BtCczC^~%t+ytIar24S~EP*cv)xY~s+?KyeDFc= zT=3N%-wL8aqK84HJLj0=yS1R+w}Ya`z2GSLQc!aFULXHmkLNA9_FM~IOZ+Zy71;6k zTJRFye+Lv_d;*l*{}Z?x96IjWR|2o&eG4dh%!3z!&jrO7uK|_*{h<2$MevE>nGd*r zUj&NZCqVT#0o9I0@M`dlpvwDwAOC5OUjZ-U`}aV#>--;cmfH(ZOYiA2YWTRJuYr+2n#V=Ps*S*(3@%5`gjoY7r;>RC(o}=T9 zpz1G!;=c#L7<{XL{|Ko5e;vFW{C80Fx%fdx=bOPBcs~NF{Fi}h@B2Zu^Q++X;Hu}l zaXtddUV4GYcY+#^&v=Y}!tvV(sQw%P#TQGU==wHL(2y z^ZjN}{Cy92A^0NjN#L76(f7AN_3Klh+W8IeN^tcH+<0sQSMh!?C_a52sCNAtxDotw zQ2jpZg)aRqp!n(#sB)^H+VK#0Dfo8qCh#Mm_~$>t7<}SSx$zwZRsQ{;^8GBR{=FZ( z8vHc475sPbHt?2*T)G8NbbKRt1^5S``04LK$;%JGo#3@Ea^>9*YJ467Mb8g`qQ~bz z(dj#&=zG?S9lchAPvw2gzdysjw>`cBRD0hEYP>!Pj)VUVs@+>(;>t@v>4)cmYrt26 zqU(FW$Ae!1MYnH(F?jw<9c}_Q^F9e)2R;Oz0X~g?{se@rv)_;MZOXrCtRLf_KMnpN z;YSHyBK#vkzdK34m$1b1VZxa_Ypl)znRe_af2)4CgFg#?jv%?v?<&5Xt$4zd2w&mx zUkR@xoK1L~;`luo+z$R1VT@sG?WJa6@BCV77g;roOMg2qU{S39tO$N2XK(*I`R z+c586=lzce?SgR;Y`9fVH0usiBCU6xSOz+Z&!i(Ne=#}J;A5oorHG~ zUQ6f^!tYHyyn^sG|KS^;#`Lp5)c&|yI%$M`vbza?aBS~EMS_jn*e)9 zuO#Rv{N>|69EM z`-D+n)@3|@k?=Ew;%^l%?PxtS;z<(xui11OuKM~du z^!qU3PYLfL{5L_rvwVB>EIso=J@ET8!e0}15Wf%HUP#BQ{dVy0HGJO;-Ua>*c(YIU zElc5iYWMIgnOo^s;o}`XVu-wF@%*3u{bBHr{quLhy9oc6@KygUz~jkxBQK95>?AA_ zK2ErTfS5;LCP*iKk8mAn*Ms_!ZQfJNca)LF@k;@3HKBJQZM{&ql`zuZG=(6?-BMAiodt>a-pyD zG2nZ6|69VJ6OIr*NVte_AK`g~;_m~ze2j1j;eCaOeZIV-{@X>oUrX4}`!5sTK=^IK z;|ayzEH8gm`0(#M|0Ll#gme7&-IVhX&o3tYFTxeRu3zW*V!~7W`!Df)y??$Eyqx#7 zgc}GGygvXQB3#b%&w=L>o=x}(LXGe$!Y2veBvc8jN!JGdgYZP2w-L7Td7{sQ5D`}ZO=cu5GCk#7z>?jy%}e*)nLyf5h6*>kP58^^t7quiaD zODfUO_Ew`&ZdT%Qz1~_ZeyAkPTJgP*XU~rD1M$IDJsFFK(;>W1`TOC0ckSDM_dY)E zZ+C00W;!+$$EBG#`%&x6e5uu}FU5^kB~k2boc1cMq?5*R+D>L_vrE~B*;+k`>#dox z%2L|7tf073OWXDGQaqQ`+i@dF({eS5)s^H}t*f;6=V|Li#|uekx|JsJ+WUL8q`NLo zmzv%3u{h~;TAffps*E%w{L*fxHq#ABt?{*HRf&#-ByrXfDoAN(Tx-s@I#5{8p+Wrw zsgS3W%ye6wB`YTMJO4@vaZ0OIM!i+FcFo4nqnmU>%^}y~Ty179-o1W*++AuXakmv( zG(a)ScS^F=<9m{0?T)Ma-Z-w;V43nlxmGVvGa8{$yLY5^ilb-FUwX-w^&xQ}}a(B-0wo3CN0xL)TuV>r) z{!S(7fJSUJ9SbjRg%-CutI|(x-dr(nt)o;&QcIgEPypqau*Gw5#}TTyrIt3oO2N!*FZe ziIR1aYOh}IxazZ%)lM13)REAd3=CJS=~>~$Tq-$4I5lRi?lrCN>f>-a8pns`NCfd~ zsJ3prSgY6L=|tpgb-GDqv{*h}8zkN77XWL*tkX+zwFaGgBXK&{>ecy@@aEf^rRkkG z4V*!)#ZIj&!BfUY4^gC;{@j%;%G4_HA&(lNv^GTjnfjXL8lhr33Ca=KM{mXDPPNy7 zRQld)&dimYRVD;pvN1vV^IEK}*=m-o#@I%(*mtS>c*BhwHazM)H(8!x#AjGCuzq-S zQ}Lf}tpTrQk?H!r5B~dDyuI8M$J2PtFo$*>S`{B?p% z3OHTfjp3HMJ{HgT=~E@owt7v`XUrtLffBK@tI`E=yWXq9RgLmdR9Hs9%7_#vssM%= zc6r<7PRiT9$I&mevrmMyp z8?RMu>k8HNM5y6(YP?=6r-2%aofeAA^B{~pA~9sL&t!0|L~^*dZYV+>-*LwsWK@}P zGeO3fIp5}P zwC;$~!dTsSsnuiRGSwQFE3hltvQvf#StS&n%?79`U*`w{nKG!BKZ}?C&UA1zUSa-V z^3)_Iy(h)h>o(f!_0KVOx==Go_W3CrbJF^S?b4a9L2am$G#6^Hhm=~pQ0~+u zHz`>b%S)&}<_j;*nkH0Xn$V6?SEO=jaxxi3Z4PF%$eO3<##i6DfA559*HCm(ql}CUi^kh+rfNu6?$wz-{j}4cg}GfaQm6Oow8#i)Q>L{f8t?InusZ`8Bepx& zs-$Cs-%*H3+ATNQv7RuS7{t+yvoVa=>p}r69JAichLkPgr~l*i+BA`xyrkeN39~(U z(3d?~7qa5e6s=~o!}TB^A~$fxD@Jvh8nizTOovml4 zuq(CIT!XEVYbw#&soDiItR4NaPcb+L#vz(mi4T;)418m^v`o=UV<%23f+d}W8q4$y}Z{x*v z`rYd|Wo?NnNjlT1wV`4f-*LOtS}=NM>MVq0ksw(K$|jlVb)8=D65wiCJ{YQOa6oK4 zcGkW$BPtKZK@HP-0FSCYD7kq--vOQ*96u9 zh}!93#RZM(<7h1^E}ki~L>bL8J5|tNp_pY;Cl<=}9#iRTe4o)mT5k>H>CPEFOWXY{ zYsE+z(d1flp*0WHELD>U+1p1l4-i=t4YN#AuSdIGkJgN?(db=$VEoXX(eC9&zhARD z8Z}cifYohsV(NuMdh`Q7bhf5ZPPpvN?nqr0?I{W3fksYyUlrUB$tyH?33r*MJlPNR7 zmt)PGmPIywBEC!RmP9H` z5_PzVMshQF+G}f3?oxGi0A-}zyHvIkPf-8VOX*pvZYOQ(40p>PX_;y2t7oct^FZw zy}nespJvo%aRF!gFSAdJ!k6VT>J4z8F^H!e2{SEFFu%mE!2s55FWJgX^Mj0)%~nCf zL~C^_c%E#wKV z)YHnNf_CpP#oTKKYkZdF6bqusY-#1Jcc*#L#WML!mqKG2r!JO*Za;Z0`ryalbkq5{ z!_NTyxr}=TbcWiVlI+Bb8KzxUVP^P5mh$@7cd=-}v4M8|A~369@a$N6s87O3AJLkVNZU5i%26i^=8N>^HSl8KOyi zu=p}9GZW3Y*gnfIJ`A+wRa{pVId zlZB}XEx6qI84|Qx_1er*@F!)SB;T^7`5A*&<~$BhVb=Fq z?`qZ>?CydmfIc>~jtFkMg(RX_K9mWv*83+#zf_jIEw_G{vtf32 zpbTRklA%)b}bzLS%acwBm&nPfEHoyNTGfPTnkUDiKyfccLaxbm>Ow?v0ggUD-w$t-_j zZnuav6H=K}tjBs2d8TO$8D`6D40PgZy)`{8A+o(6h;CbJxWIZ=mX@;ESYEl=FdKz5 z>BEd{EvPUvNy)o{29#dQpM1d@j6wpb%Jw1TE57@r6d z#=hTe66MhuY?9oqJ-=paaZAi2d`V)zX#h{PgTX7JuhGuo8t+B(gJpC$RX*pUUnysy z23qXvtwi1ft3`dS;`UuNfgyJz>X~&lq;XuaB`P$>XTDasLABGmdN^Gjm3vc? zxG`AXCUD-nttm|hQ!M!z^1kn#MCxJlrh(6?Q~3j5yJlr%`Jrm=yz?!l`o7O_67+Cx z(y^i8H1d@6tr*k%1bgt`8r<5&otlskO^S5lYeF=GpDin;AcA}go<8Sxhm?sUi8d1% z(Y3?rI$!TVU2YTIHVP%0!|3L|wzw{fS%TU^rHHA&f#s$ryMN81&HtoE-=|65HgPoh z;Jq0_lf?I#MjBnONHgGIC`k)#w+uE>)KXh`p`%74T9#BX;c+=L4^!^yRjXI{*y`|A zzMUp%ty4y_tQ&)I*uC1Rf`T{+we6usO2SqR6r=5@6q?j#Y8vviU7nHFWN!mYK#mvE zJGW84HjM8?!%;&)UuG!>cv7};7ROL%VsN`sCf}ia?fPqjzwe_|#EiBA>&{8EQgv+Z zCdc}6h3($_m_c83%F;!?)NsfEF$s;Zg9MDd4ifa|VWzRYd+q*pYRp`2SsF4jEo$_{ zeMYvv%&Z&w-w{*u5v|axdZpYRl_h|B4Ce~$8|x3WNAasp=a8}~Cy87(%gh$14Weeb z*-Gn4(jJSu3saO657%*P@!a$;5hjn9TF26B{hQhl;|xyMDTzEZfa3>oy4)kql+Zeg z4b735Rbf}&VV@AUX>O%y^dtsRlamZJoKS_{*lx5|+qh)0&LvBn1X5zhD^7kgYoS}7 zmsvtndP&qSH>L_q=SD^!@zJ0kyRCU6zta&;`5+Dq`?4=X%RlvP^_?P`?Cg1Hox@^0 z6VAdnNaPid+d^^kfridbV90EXm`#!0hFctE%T%OOF1jdns|YC)XRG!t3&TExX`I3a z)+w@SDJ>n9n@fef`3l>pSZIKqFvz`k>PA@2MER%}rvr_jwqooANM!55scs!6vZGw` zAIK)O4FGg}DyP5Z9Pi?ZB?wbluBmkGI_i}xwkoAiYwrUtA#Y?m7syB8gjBX zQSY(cl*d68_&%?6&ik$JNIbp{j!m2-R<8M#@`gENAUD1`dD?B; zn4@o;c`N32GoGq0=zL9pe!44EP805Z@h zv?+Lh`U=TEo-nnEQeM2-YUvV-=(<_bNJ@XZ`V!a*bjlqSTD?4Jt219{Aycm=!D6HN zg!af6^o7(qgRpDwA&VRMj9o~p+yMj4=UTk>H!|4l90-ykALwHtmh&-%!V3|TyT=(! zTV$Oe!Q`HJCebD;#_c?tiIwSrYP4|6w%Zgp5U&kQO%7Iq9@6;m!QDk32q~QZ*d`rj zszQ4j^DL11yY782g+%tnakBSl*esZ&-h$&rhAAp?c;^Yt+fl9q3?Uj-ZdtLyhqMI5Q<?4B@ja!vd-HlY6NlN#w$igW zbgG{WBU@he`K9!Uh17lKRnSu2lGxh2usCw5+=iAVHS^pQms?Ae<2CEoM2==r->Ek+JgWe z+A}$|ed6FDH)*MM6*@V&Cpw;Vu$kRje?|7C%=~mQ`?T6ADebP5j$r;`1B?YK#v4a( z9=&n;`XTl(vBgV!Q*4aVwq7+Y9b*4^uG?*otzW;mxHu}Zk1nR`r->Unu>VkLy9@%# zD(%277>hS;*tn^*;pWoD4e`d!V?1oQe!~V5mJTL5Mp#U@xwK)k(rwy2w(;icHf$u_ z9vtDNL!ELn<@CFJ3I|4UonYTU_1oGyA~)yWwpO*3&dR@W2br4H9?V)gl;~8{j-Hmv zx8btFM^DDB3!U20bY_mD$=%Ubr zdi$nZwZX*W?ag@A?eWH;=xn;7wM!?SZ#8fLbA!f~!`$1@)s{+!Z39gu+T`n&%f*kD zcEy+#iZUTTox4TJva3bf?Z6>jPmc31r_Fo*(o8T(IpveEBiWjV7jytDlh0{28MC9+ z9=I@L8SH)$_fv3x>f{M`Sh#J&^&u)r>vn!*R@n--jbH_Q0-RpyR+H&Y;!djBLEsu= ztTj1{P+v}B*P52yIC3ZaY~R`%YFCwN)}g{(7i%9(l-4+2Bm81NC{bM^V9O4xIS>#r~z4M{z|_JM3O59Zh-^E zEHoI8WSAwiTc@6fTTJ3?|66oy-ebAigrBC99(PAL&8=6~wY5eWZ!Yd4yWteZHf<*L zxulln*O}ahiZNjz8x5LkRVfDxh-c1Iy8MOl4y`!dai8=KJuHd_#~}*$n>01E5qeJOr$cbwuQt$I}>nrAzB%6m>Y7Lt0U#;rV~+9E8*cE1)I)o54~<_V+GDa;Bb z)BHuQoKEIzN9Q4n-8(5U@QX=jo*RJKfv_OT;^*U%(^}OfhOQLp)K*(Ljwkh5#@uH} z)1_{rdrypMuQt!2lZ6=0!V+T-nX^Q2iJCN>9IsV5kcvM~3c;>F!7LQpTXgYKe)8YR z%^??x&K4SPwB3!EVyeCrYzG?i_y*;v-C+Qo@ph7q@5H*#lx#(tYrIBld`{IM50Nx< zu5}$P>5o(rJrtj{W4jl%1FfdZAa*V4IQ;8nx0-M&Q&TNn4cDWZu3YL~PIPWaJ({A} zc!M{Z704_VXVz!x1Q!z$`bmu(uN`IJ!mX+P489|slVzHxMP1#3hr!~|rm+G>D_~b`o<&x;(ajdK`9EDz3YZxCD zs3PW=wpd>9C7d|M{fAsBPC~R;I|^4?%L0eEi&^SC)3NVo==pT*s10H%G&5Y)Qge_^ zCPT!w*a&e-xVW`)nMPu9+@mb?|If{?yXYtPxg2Xk0v%h!`?xATj7+cv)*kMr;|G5;Nv_4j+V7;W-FXyv$R5$Wr_29U_k-6 zD`I3T6dA6Axiq0WCoH7Z<{APsXO>`j7ko)=(L+bz2k(lhBgNZcE`22lb!VNBpqS#L zui0S=-$4<_aX>B-xm=c*6f~4x&8#!AmBR2MibG}P3uO{C?PS&&-@XfF)aTChFw^HZ z%5;DR!^BCuY4+@9S&566NrETa+i6VeBTc3&xq0k<83HOBrpK8^9kNLp(+TD1Vsd`L zY_>QJGeLw_==K6_ByVAw_H&vjPB+7R7iPL6nE9rVWLRjD5%bxMkY7A2O?#`FQ&hAS ztw=#!zv}iR9C97hwDau*fT_kYG;QWu8ZR`a+>z!)F6~6JOGu-So50z?x|B>HN`YiZ z4U3nxU*Y(7Jin-hxyPMzQ4*hPP1K1dyX-eoB8U4?2{sKC>}d5%)}^LPvn^$}(=D_A zNlr~>*jh1KWEdq{Elgqtsw4Z&HAy`$&^8c6s|mAF-1LF=brY|Zm-C;MDtBEnkF_at zs@0%g$+DhqtmoW6L7*5Q?Z~@T8MT+|-P%zu(A!LJBN6Vl`Ej7m9#<57I%lzP z889@}dS|wblcC66ar4P_)XeJDMB(&k+G6)twi-jj>cWj9TZQ$kUplz1#J2Qe;80vv zie?};6h!vrkeh_X$-HjD$wMZ)(y>;BC7&~Y%H8OQO#s>vOiJ#QAG{EaJMCy>&`uXa z2@B7C&PXC|D-4=OOPs`5dT!neEmbpvU1*|fp;JhXgDAzO5GZMN?e^E?QgzN6 zxtz96$9Yfb{(cUVaL~4+J&v2Okij9DuTRysXj{UK3!HCiEkn%oG03D8F{YuxSkc<} zR4I45@##DD<}`o_IYPUrWqxjDTd(?r+ZCZ>aGdcH2WD#jKAl0>=GBv5`-#I#V!=+2 zvlniv4QcQ&S9GX5zejhRBl6J1Q(LrdX*w`&@as9fQmI5KjAX{0=xVp^Xaz1>XdBb+(o!|}W>p=-HnL!}9Tn#Av=zK<&wYKA#p8k9!XYQ|-^F}k!t))nI)zMzEJf0Kx^ zj-^|^O@7fBZDSgpcV>--RvU7jhiFuJRx<$C`b-c^B+IjSz*ud%+kM+PPRz6~0kaYJ z%((kNscg6XC_{bI--GGQ>!dX8!6|VlCpps`E*3Y3%UqI?6^y;W)HYmuT2&|_wFCod zL5vaRF8?urg%}Abwohh|+Ryyip-ilPLab@53P#bAl4*ib4G-PFWR7bDSgF!rZgW+q4Cu8)K0;RHbqX z)42-H2E~kGBp*9fB=gq@S-oeuv-Pvalm2?kL7om#ms=q6hbXgH%a()7GuvfDSX1l1 z6)qbFW$DdeT!j9{q1Q81>(=7VhJm(p&sHuZ^_LCl6<_jn8Ua7}A_)BM3>nizh^K{KNwy5S-njj4`6Zo)jd8ct1zkSPB|@Ir*(Y{LV7Y;mCmUmu z2=#Hi?Ew4G*1DBimPO{8!djetUp|>-Q4rMcs!Gf~qZkePZXNpCHMp5+9LCBRU6gf| zy5+ci)G|Wajtg5T2ocsqTGtTG7V@^!o^qKLx^kf1#8`F*(M!0yg$T#+u1HnnuO61B z`RgyW7WPsyA06qioOd)@%qVAd>OhxgPS3eP9y%w>#WsC@Co#)WC}@tYSWOjK+(}C7 zv$9WG#`L70Gz=9(uURh7FWT+J8JRS>cGC&nX1sRx{z`M*fYgQM zYQbz*iTOlrHD}bcDC+Dwr9>SW=YPn`4@w0Rzf2+~mRnJDK>F+j@Jj@Z{ z3?<8`tOTOH@EuBo23v-?Fcf9Hp}!g7jaOO9 zvTn5~@s}u72TMv#T3S{OT$fZVGpgm|uQ(KAHCd7&T&ASCc9(L1PrdUXW8=JywB2r0 zf-XbIByl~6X_9uo;T#6SU zDk*J8UYli7@1XVuG}n>1%GNIj^c3_>_l|*fdqVeQ8Ft65tew_9TMOzDc>J`UYsuE_TZzHi>V4*7}V&+uwhF>?D z@OvfZ<1A>{%v%#A5!sS(a+J<3g~s8HUY}0JEr!>V8}2OMFzQq}{b0Go@s%V#<+V)n z5xIqB(GVT&UvN13UO_Zca)i3(R-0uFS97RU%{)4Cb%=OIDG=GN5#fL+Z=1I@5 zZ=yC>mG~>05JIjAv!Jy^-{llZSaNEqFMkAGHvg9CHWqyaRl7bjrJ<-_f@Q^Mf4a^T zsts_CiTK_f<&WL4_lMfyk0;v39+K-$HZ;q^tppN`=r}^EQED5C$!;M&G(;FNP*Qr#>- z-D2Np7S7BSm@;p$HP_hL%tKClY4^}|x?t4t>40vD(l@$MaNgam)tBr9e=T$w2W1jO zeocp%3(w@#r&xN}-yv@KDkH_g`D z@mjNKt{i_e!e6w^?w$r?V%g=>{)qhcY5(`^`f2~?{`;qH9jUHFe#U`q@U3enP+#r3 zX%MYo-YmOtTHJ!p5;Nvu1;P?F%DxYXd!+q498JB3Qv{hO$1dU)PSl3l-5p7$nXu`d z4McWM1GZn5s!z$1v;nPLL ziQObkjIq`2L-%am1=SFvfkdMlr5Jok zJ0}`3dTcK_+);I@wbPB}#+=lYMe`b_DG_NjgzcCbUzlV%FR5Gd1oa#gJClIUy;z;) zS#G#gWCCQpaVOIXrDQQQ!|nyy)Nd*yr+_=fg@@cke;|_Lt7XgQq1hHwN5*GE;Vuw zG%Q?h4P_SWh*Un%Kn3{_{g_0$a1k!K`om@RiIZ^dj;sI3aA1CzPgaYZWqL>EU7f$< z(Tq;xj;k3QUQ1*`<1f0laZ0&su9hm;KgcA46$HVr_skq?+IJ^;+@uO3;xa7y$vd-- zZPX=i#hb6bkKWU1cl9I}{@QCUi|9l7u1#E(z}n=ip#SEfY;rO6wC=!~UP>ya2$4K& zhfF61m1PX8^~$oe=07(c&>@r)W$a7kZp4-$7m_fb@N}%aKL(j}x)2+WKSZTW>`dFq zI(K>xs_X1agrA5zvK%K6TTraqJ2h{0lw|8j{p~{Af(fROlYWjn;OK{GR!DiG9Z6gH zdVOU(&wg3fSA@=>iD3f!;6Y~gHiKrFrOK#=wNr8Cnl^v8J2D;7u};_S$L5Lc7@(bd z&SoM+H_rW&ycmZ_pa$>Ca-ezO>&foQ=EsJznNHnsmuhhm^<9&RMB(`H5bK0Xam6y0LvN6HOaHV}O3Ilh#m$b8L2t*3Y=`Zr^a`%PpxJg~>!`)O6q& z(@B?UeL1>B-?Z7&>$$n4M^?P3&aCs1OuKf2Hajxr#K^eQCow9xY0^cu+HO2t>4g(f zoX_-9Xn%==+T6XhKq)(TbLw0p8EFSHpdb3nUomCyt>vdd`!k)mQK!mz(&|pDaqbAA ztcK7PXTCxz+c(igT+IW;LV8|cZ2(u(m-CI-t52U*-H2>D*EMSUZ0 zUtnp?;#x_! zpVsIrCG!HT{Po1?O?a&iUD^$|c3r1kkKG*GmjvC`YiIX%S59nSu_{r>FKC|CO>!2 z*JW7oyn{8>r6h|fIsJtSt6}8~;Ue&u8K`2%Y`zqk1F!1Nt{=)wblmw%S9l?QuxBo+ zuTQ!cT+BzLV`{O3bA1Hj*dJoD_PcTh7rdi=Y;QNB>`UQpus?2Uh2#lB&)_Tc5VjjV zciKEGLRn|$Y=U1F<`mnx+rdTR^d(d|g9*dNiNPzaPVyS9`p=nI4RXTDRcd{4*N=Un?!r^o?jf5X z>ZqgUNdL#^`?I_9!x7m2IJea8Xamot4NJ>#gabp4L$a1wG%T$f$u6p2^(o5R6-A>o z5Ui*?3Q14KaSLVspMD$}2HDOU6WW0v63wIw79vPiqWpf;r1K3}R-WJe!S`jZmE6-3 zW(*m6EMuGlrhlCf->2nRh%<{*e;|nkQU0x<9S35LW1Gp!cNdyN4(zVrF?K6)a`g)3 zWzoJg2CB-zL=Gs$0~ehWaus9yuR14@Muh)gG(-;K@<)YMxbEyLQ&steXWVPi7@8W&CC%Emb{T&@Wkthf04b@=eS|X-LZ(k52 zcasi`rZ#MTg{xt*ttRh}avYy8i6fWJ?{iyff85^w_KVi(vN~j5==QVYvstUbq}aGi z>vb;){+5n7F<(B~0-OuaCJ3RQN-$kmu6eT^a%Z=mDM4$(f&0#xIBIFjt!J72d7&Ba N_p?5$-Rd$4`hR0XP*(r| literal 0 HcmV?d00001 diff --git a/plugins/sudoers/po/nl.po b/plugins/sudoers/po/nl.po new file mode 100644 index 0000000..d06d2fd --- /dev/null +++ b/plugins/sudoers/po/nl.po @@ -0,0 +1,1737 @@ +# Dutch translation for sudoers. +# Copyright (C) 2013 P. Hamming +# This file is distributed under the same license as the sudo package. +# P. Hamming , 2013 +msgid "" +msgstr "" +"Project-Id-Version: sudoers 1.8.6b4\n" +"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" +"POT-Creation-Date: 2012-08-10 13:08-0400\n" +"PO-Revision-Date: 2013-03-10 23:18+0100\n" +"Last-Translator: P. Hamming \n" +"Language-Team: Dutch \n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1\n" + +#: gram.y:112 +#, c-format +msgid ">>> %s: %s near line %d <<<" +msgstr ">>> %s: %s bij regel %d <<<" + +#: plugins/sudoers/alias.c:125 +#, c-format +msgid "Alias `%s' already defined" +msgstr "Alias `%s' reeds gedefinieerd" + +#: plugins/sudoers/auth/bsdauth.c:78 +#, c-format +msgid "unable to get login class for user %s" +msgstr "kan de loginklasse voor gebruiker %s niet verkrijgen" + +#: plugins/sudoers/auth/bsdauth.c:84 +msgid "unable to begin bsd authentication" +msgstr "kan de bsd aanmelding niet starten" + +#: plugins/sudoers/auth/bsdauth.c:92 +msgid "invalid authentication type" +msgstr "ongeldig type verificatie" + +#: plugins/sudoers/auth/bsdauth.c:101 +msgid "unable to setup authentication" +msgstr "kan verificatie niet instellen" + +#: plugins/sudoers/auth/fwtk.c:60 +#, c-format +msgid "unable to read fwtk config" +msgstr "kan fwtk configuratie niet lezen" + +#: plugins/sudoers/auth/fwtk.c:65 +#, c-format +msgid "unable to connect to authentication server" +msgstr "kan niet verbinden met aanmeldingsserver" + +#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 +#: plugins/sudoers/auth/fwtk.c:128 +#, c-format +msgid "lost connection to authentication server" +msgstr "verbinding met aanmeldingsserver verloren" + +#: plugins/sudoers/auth/fwtk.c:75 +#, c-format +msgid "" +"authentication server error:\n" +"%s" +msgstr "" +"aanmeldingsserverfout:\n" +"%s" + +#: plugins/sudoers/auth/kerb5.c:117 +#, c-format +msgid "%s: unable to unparse princ ('%s'): %s" +msgstr "%s: kan princ ('%s') niet deontleden: %s" + +#: plugins/sudoers/auth/kerb5.c:160 +#, c-format +msgid "%s: unable to parse '%s': %s" +msgstr "%s: kan '%s': %s niet ontleden" + +#: plugins/sudoers/auth/kerb5.c:170 +#, c-format +msgid "%s: unable to resolve ccache: %s" +msgstr "%s: kan ccache: %s niet oplossen" + +#: plugins/sudoers/auth/kerb5.c:218 +#, c-format +msgid "%s: unable to allocate options: %s" +msgstr "%s: kan opties: %s niet reserveren" + +#: plugins/sudoers/auth/kerb5.c:234 +#, c-format +msgid "%s: unable to get credentials: %s" +msgstr "%s: kan aanmeldingsgegevens: %s niet verkrijgen" + +#: plugins/sudoers/auth/kerb5.c:247 +#, c-format +msgid "%s: unable to initialize ccache: %s" +msgstr "%s: kan ccache: %s niet initialiseren" + +#: plugins/sudoers/auth/kerb5.c:251 +#, c-format +msgid "%s: unable to store cred in ccache: %s" +msgstr "%s: kan aanmeldingsgegeven niet opslaan in ccache: %s" + +#: plugins/sudoers/auth/kerb5.c:316 +#, c-format +msgid "%s: unable to get host principal: %s" +msgstr "%s: kan belangrijkste server niet vinden: %s" + +#: plugins/sudoers/auth/kerb5.c:331 +#, c-format +msgid "%s: Cannot verify TGT! Possible attack!: %s" +msgstr "%s: Kan TGT niet verifieren! U bent mogelijk aangevallen!: %s" + +#: plugins/sudoers/auth/pam.c:100 +msgid "unable to initialize PAM" +msgstr "kan PAM niet initialiseren" + +#: plugins/sudoers/auth/pam.c:144 +msgid "account validation failure, is your account locked?" +msgstr "fout bij valideren van account, is uw account geblokkeerd?" + +#: plugins/sudoers/auth/pam.c:148 +msgid "Account or password is expired, reset your password and try again" +msgstr "Account of wachtwoord is verlopen, stel uw wachtwoord opnieuw in en probeer opnieuw" + +#: plugins/sudoers/auth/pam.c:155 +#, c-format +msgid "pam_chauthtok: %s" +msgstr "pam_chauthtok: %s" + +#: plugins/sudoers/auth/pam.c:159 +msgid "Password expired, contact your system administrator" +msgstr "Wachtwoord verlopen, neem contact op met uw systeembeheerder" + +#: plugins/sudoers/auth/pam.c:163 +msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" +msgstr "Account verlopen of PAM configuratie heeft geen \"account\"-gedeelte voor sudo,neem contact op met uw systeembeheerder" + +#: plugins/sudoers/auth/pam.c:180 +#, c-format +msgid "pam_authenticate: %s" +msgstr "pam_authenticate: %s" + +#: plugins/sudoers/auth/pam.c:332 +msgid "Password: " +msgstr "Wachtwoord: " + +#: plugins/sudoers/auth/pam.c:333 +msgid "Password:" +msgstr "Wachtwoord:" + +#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#, c-format +msgid "you do not exist in the %s database" +msgstr "u bestaat niet in de %s database" + +#: plugins/sudoers/auth/securid5.c:81 +#, c-format +msgid "failed to initialise the ACE API library" +msgstr "initialiseren van de ACE API bibliotheek mislukt" + +#: plugins/sudoers/auth/securid5.c:107 +#, c-format +msgid "unable to contact the SecurID server" +msgstr "kan geen contact krijgen met de SecurID server" + +#: plugins/sudoers/auth/securid5.c:116 +#, c-format +msgid "User ID locked for SecurID Authentication" +msgstr "Gebruikers ID geblokkeerd voor SecurID verificatie" + +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#, c-format +msgid "invalid username length for SecurID" +msgstr "ongeldige gebruikersnaamlengte voor SecurID" + +#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#, c-format +msgid "invalid Authentication Handle for SecurID" +msgstr "kan verificatie voor SecurID op deze manier niet afhandelen" + +#: plugins/sudoers/auth/securid5.c:128 +#, c-format +msgid "SecurID communication failed" +msgstr "SecurID communicatie mislukt" + +#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#, c-format +msgid "unknown SecurID error" +msgstr "onbekende SecurID fout" + +#: plugins/sudoers/auth/securid5.c:166 +#, c-format +msgid "invalid passcode length for SecurID" +msgstr "ongeldige lengte van passcode voor SecurID" + +#: plugins/sudoers/auth/sia.c:109 +msgid "unable to initialize SIA session" +msgstr "kan SIA-sessie niet initialiseren" + +#: plugins/sudoers/auth/sudo_auth.c:121 +msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." +msgstr "Ongeldige verificatie-methoden in sudo gecompileerd! U kunt zelfstandige en niet-zelfstandige verificatie-methoden door elkaar gebruiken." + +#: plugins/sudoers/auth/sudo_auth.c:206 +msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." +msgstr "Er zijn geen verificatie-methoden in sudo gecompileerd! Als u verificatie wilt uitschakelen, dient u de --disable-authentication configuratie-optie te gebruiken." + +#: plugins/sudoers/auth/sudo_auth.c:374 +msgid "Authentication methods:" +msgstr "Verificatie-methoden:" + +#: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63 +#: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116 +#: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172 +#, c-format +msgid "getaudit: failed" +msgstr "getaudit: mislukt" + +#: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 +#, c-format +msgid "Could not determine audit condition" +msgstr "Kan voorwaarden voor controle niet bepalen" + +#: plugins/sudoers/bsm_audit.c:101 +#, c-format +msgid "getauid failed" +msgstr "getauid mislukt" + +#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 +#, c-format +msgid "au_open: failed" +msgstr "au_open: mislukt" + +#: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174 +#, c-format +msgid "au_to_subject: failed" +msgstr "au_to_subject: mislukt" + +#: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178 +#, c-format +msgid "au_to_exec_args: failed" +msgstr "au_to_exec_args: mislukt" + +#: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187 +#, c-format +msgid "au_to_return32: failed" +msgstr "au_to_return32: mislukt" + +#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 +#, c-format +msgid "unable to commit audit record" +msgstr "kan controlestructuur niet opbouwen" + +#: plugins/sudoers/bsm_audit.c:160 +#, c-format +msgid "getauid: failed" +msgstr "getauid: failed" + +#: plugins/sudoers/bsm_audit.c:183 +#, c-format +msgid "au_to_text: failed" +msgstr "au_to_text: failed" + +#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 +#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 +#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 +#: plugins/sudoers/visudo.c:818 +#, c-format +msgid "unable to open %s" +msgstr "kan %s niet openen" + +#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 +#, c-format +msgid "unable to write to %s" +msgstr "kan %s niet schrijven" + +#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 +#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 +#: plugins/sudoers/iolog.c:156 +#, c-format +msgid "unable to mkdir %s" +msgstr "mkdir %s: aanmaken mislukt" + +#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 +#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 +#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 +#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 +#, c-format +msgid "internal error, %s overflow" +msgstr "interne fout, %s overflow" + +#: plugins/sudoers/check.c:460 +#, c-format +msgid "timestamp path too long: %s" +msgstr "tijd voor pad te lang: %s" + +#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 +#: plugins/sudoers/iolog.c:158 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s bestaat al, maar is geen map (0%o)" + +#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 +#: plugins/sudoers/check.c:583 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "%s is van gebruikersnummer %u, zou gebruikersnummer %u moeten zijn" + +#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s kan geschreven worden door niet-eigenaar (0%o), zou ingesteld moeten zijn op 0700" + +#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 +#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 +#, c-format +msgid "unable to stat %s" +msgstr "kan stat %s niet uitvoeren" + +#: plugins/sudoers/check.c:577 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s bestaat maar is geen normaal bestand (0%o)" + +#: plugins/sudoers/check.c:589 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s kan geschreven worden bij niet-eigenaar (0%o), zou ingesteld moeten zijn op 0600" + +#: plugins/sudoers/check.c:643 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "tijd is te ver in de toekomst: %20.20s" + +#: plugins/sudoers/check.c:690 +#, c-format +msgid "unable to remove %s (%s), will reset to the epoch" +msgstr "kan %s niet verwijderen (%s), wordt geherinitialiseerd op de epoch" + +#: plugins/sudoers/check.c:698 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "kan %s niet herinitialiseren op de epoch" + +#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 +#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#, c-format +msgid "unknown uid: %u" +msgstr "onbekend gebruikersnummer: %u" + +#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 +#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 +#: plugins/sudoers/testsudoers.c:369 +#, c-format +msgid "unknown user: %s" +msgstr "onbekende gebruiker: %s" + +#: plugins/sudoers/def_data.c:27 +#, c-format +msgid "Syslog facility if syslog is being used for logging: %s" +msgstr "Syslog-voorziening als syslog wordt gebruikt voor loggen: %s" + +#: plugins/sudoers/def_data.c:31 +#, c-format +msgid "Syslog priority to use when user authenticates successfully: %s" +msgstr "Syslog-prioriteit wanneer aanmelden van gebruiker gelukt is: %s" + +#: plugins/sudoers/def_data.c:35 +#, c-format +msgid "Syslog priority to use when user authenticates unsuccessfully: %s" +msgstr "Syslog-prioriteit wanneer aanmelden van gebruiker niet gelukt is: %s" + +#: plugins/sudoers/def_data.c:39 +msgid "Put OTP prompt on its own line" +msgstr "Geef OTP prompt een eigen regel" + +#: plugins/sudoers/def_data.c:43 +msgid "Ignore '.' in $PATH" +msgstr "Negeer '.' in $PATH" + +#: plugins/sudoers/def_data.c:47 +msgid "Always send mail when sudo is run" +msgstr "Stuur altijd een mail wanneer sudo is gebruikt" + +#: plugins/sudoers/def_data.c:51 +msgid "Send mail if user authentication fails" +msgstr "Stuur een mail wanneer aanmelden van gebruiker mislukt" + +#: plugins/sudoers/def_data.c:55 +msgid "Send mail if the user is not in sudoers" +msgstr "Stuur een mail als de gebruiker niet in sudoers staat" + +#: plugins/sudoers/def_data.c:59 +msgid "Send mail if the user is not in sudoers for this host" +msgstr "Stuur een mail als de gebruiker niet voor deze computer in sudoers staat" + +#: plugins/sudoers/def_data.c:63 +msgid "Send mail if the user is not allowed to run a command" +msgstr "Stuur een mail als de gebruiker een opdracht niet mag gebruiken" + +#: plugins/sudoers/def_data.c:67 +msgid "Use a separate timestamp for each user/tty combo" +msgstr "Gebruik een verschillende tijd voor elke gebruiker/terminal combinatie" + +#: plugins/sudoers/def_data.c:71 +msgid "Lecture user the first time they run sudo" +msgstr "Instrueer gebruikers de eerste keer dat ze sudo gebruiken" + +#: plugins/sudoers/def_data.c:75 +#, c-format +msgid "File containing the sudo lecture: %s" +msgstr "Bestand met de sudo-instructies: %s" + +#: plugins/sudoers/def_data.c:79 +msgid "Require users to authenticate by default" +msgstr "Standaard is verificatie van gebruikers vereist" + +#: plugins/sudoers/def_data.c:83 +msgid "Root may run sudo" +msgstr "Root mag sudo gebruiken" + +#: plugins/sudoers/def_data.c:87 +msgid "Log the hostname in the (non-syslog) log file" +msgstr "Log de computernaam in het (niet-syslog) logbestand" + +#: plugins/sudoers/def_data.c:91 +msgid "Log the year in the (non-syslog) log file" +msgstr "Log het jaar in het (niet-syslog) logbestand" + +#: plugins/sudoers/def_data.c:95 +msgid "If sudo is invoked with no arguments, start a shell" +msgstr "Start een shell als sudo wordt aangeroepen zonder argumenten" + +#: plugins/sudoers/def_data.c:99 +msgid "Set $HOME to the target user when starting a shell with -s" +msgstr "Stel $HOME in op de doel-gebruiker wanneer een shell wordt gestart met -s" + +#: plugins/sudoers/def_data.c:103 +msgid "Always set $HOME to the target user's home directory" +msgstr "$HOME altijd instellen op de persoonlijke map van de doelgebruiker" + +#: plugins/sudoers/def_data.c:107 +msgid "Allow some information gathering to give useful error messages" +msgstr "Sta verzamelen van informatie toe om bruikbare fout-berichten te geven" + +#: plugins/sudoers/def_data.c:111 +msgid "Require fully-qualified hostnames in the sudoers file" +msgstr "Vereis volledig-gekwalificeerde computernamen (fqdn) in het sudoers-bestand" + +#: plugins/sudoers/def_data.c:115 +msgid "Insult the user when they enter an incorrect password" +msgstr "Beledig de gebruiker wanneer ze een verkeerd wachtwoord invoeren" + +#: plugins/sudoers/def_data.c:119 +msgid "Only allow the user to run sudo if they have a tty" +msgstr "Gebruiker alleen toestaan sudo te gebruiken wanneer deze een terminal heeft" + +#: plugins/sudoers/def_data.c:123 +msgid "Visudo will honor the EDITOR environment variable" +msgstr "Visudo zal de EDITOR omgevingsvariabele in acht nemen" + +#: plugins/sudoers/def_data.c:127 +msgid "Prompt for root's password, not the users's" +msgstr "Vraag naar wachtwoord van root, niet van de gebruiker" + +#: plugins/sudoers/def_data.c:131 +msgid "Prompt for the runas_default user's password, not the users's" +msgstr "Vraag naar wachtwoord van runas_default gebruiker, niet van huidige gebruiker" + +#: plugins/sudoers/def_data.c:135 +msgid "Prompt for the target user's password, not the users's" +msgstr "Vraag naar wachtwoord van doelgebruiker, niet van huidige gebruiker" + +#: plugins/sudoers/def_data.c:139 +msgid "Apply defaults in the target user's login class if there is one" +msgstr "Pas de standaardinstellingen van de doelgebruikers inlogklasse toe wanneer deze bestaat" + +#: plugins/sudoers/def_data.c:143 +msgid "Set the LOGNAME and USER environment variables" +msgstr "Stel de LOGNAME en USER omgevingsvariabelen in" + +#: plugins/sudoers/def_data.c:147 +msgid "Only set the effective uid to the target user, not the real uid" +msgstr "Stel het effectieve gebruikersnummer van de doelgebuiker in, niet het werkelijke gebruikersnummer" + +#: plugins/sudoers/def_data.c:151 +msgid "Don't initialize the group vector to that of the target user" +msgstr "Initialiseer niet de doelgebruikers groepsvector" + +#: plugins/sudoers/def_data.c:155 +#, c-format +msgid "Length at which to wrap log file lines (0 for no wrap): %d" +msgstr "Breek regels in logbestanden af op (0 voor niet afbreken): %d" + +#: plugins/sudoers/def_data.c:159 +#, c-format +msgid "Authentication timestamp timeout: %.1f minutes" +msgstr "Aanmeldtijd timeout: %.1f minuten" + +#: plugins/sudoers/def_data.c:163 +#, c-format +msgid "Password prompt timeout: %.1f minutes" +msgstr "Wachtwoordprompt timeout: %.1f minuten" + +#: plugins/sudoers/def_data.c:167 +#, c-format +msgid "Number of tries to enter a password: %d" +msgstr "Aantal pogingen om een wachtwoord in te voeren: %d" + +#: plugins/sudoers/def_data.c:171 +#, c-format +msgid "Umask to use or 0777 to use user's: 0%o" +msgstr "Te gebruiken umask of 0777 om die van gebruiker te gebruiken: 0%o" + +#: plugins/sudoers/def_data.c:175 +#, c-format +msgid "Path to log file: %s" +msgstr "Pad naar logbestand: %s" + +#: plugins/sudoers/def_data.c:179 +#, c-format +msgid "Path to mail program: %s" +msgstr "Pad naar mailprogramma: %s" + +#: plugins/sudoers/def_data.c:183 +#, c-format +msgid "Flags for mail program: %s" +msgstr "Opties voor mailprogramma: %s" + +#: plugins/sudoers/def_data.c:187 +#, c-format +msgid "Address to send mail to: %s" +msgstr "Adres om mails naar te sturen: %s" + +#: plugins/sudoers/def_data.c:191 +#, c-format +msgid "Address to send mail from: %s" +msgstr "Adres waarvan de mail wordt verzonden: %s" + +#: plugins/sudoers/def_data.c:195 +#, c-format +msgid "Subject line for mail messages: %s" +msgstr "Onderwerp voor mails: %s" + +#: plugins/sudoers/def_data.c:199 +#, c-format +msgid "Incorrect password message: %s" +msgstr "Boodschap voor verkeerd wachtwoord: %s" + +#: plugins/sudoers/def_data.c:203 +#, c-format +msgid "Path to authentication timestamp dir: %s" +msgstr "Pad naar aanmeld-tijdmap: %s" + +#: plugins/sudoers/def_data.c:207 +#, c-format +msgid "Owner of the authentication timestamp dir: %s" +msgstr "Eigenaar van aanmeld-tijdmap: %s" + +#: plugins/sudoers/def_data.c:211 +#, c-format +msgid "Users in this group are exempt from password and PATH requirements: %s" +msgstr "Gebruikers in deze groep hoeven geen wachtwoord en PATH in te voeren: %s" + +#: plugins/sudoers/def_data.c:215 +#, c-format +msgid "Default password prompt: %s" +msgstr "Standaard wachtwoordprompt: %s" + +#: plugins/sudoers/def_data.c:219 +msgid "If set, passprompt will override system prompt in all cases." +msgstr "Wanneer ingesteld zal de wachtwoordprompt altijd de systeempromt vervangen." + +#: plugins/sudoers/def_data.c:223 +#, c-format +msgid "Default user to run commands as: %s" +msgstr "Standaard gebruiker om opdrachten uit te voeren: %s" + +#: plugins/sudoers/def_data.c:227 +#, c-format +msgid "Value to override user's $PATH with: %s" +msgstr "Waarde om $PATH van gebruiker te vervangen %s" + +#: plugins/sudoers/def_data.c:231 +#, c-format +msgid "Path to the editor for use by visudo: %s" +msgstr "Pad naar de editor bij gebruik van visudo: %s" + +#: plugins/sudoers/def_data.c:235 +#, c-format +msgid "When to require a password for 'list' pseudocommand: %s" +msgstr "Wanneer een wachtwoord noodzakelijk is voor 'list' pseudopdracht: %s" + +#: plugins/sudoers/def_data.c:239 +#, c-format +msgid "When to require a password for 'verify' pseudocommand: %s" +msgstr "Wanneer een wachtwoord noodzakelijk is voor 'verify' pseudopdracht: %s" + +#: plugins/sudoers/def_data.c:243 +msgid "Preload the dummy exec functions contained in the sudo_noexec library" +msgstr "Laadt vooraf de dummy uitvoerfuncties uit de sudo_noexec-bibliotheek" + +#: plugins/sudoers/def_data.c:247 +msgid "If LDAP directory is up, do we ignore local sudoers file" +msgstr "Als de LDAP-map beschikbaar is, wordt het lokale sudoersbestand genegeerd?" + +#: plugins/sudoers/def_data.c:251 +#, c-format +msgid "File descriptors >= %d will be closed before executing a command" +msgstr "Bestandsindicators >= %d zullen worden gesloten voor uitvoeren van een opdracht" + +#: plugins/sudoers/def_data.c:255 +msgid "If set, users may override the value of `closefrom' with the -C option" +msgstr "Als ingesteld, gebruikers mogen de waarde van `closefrom' vervangen met de optie -C" + +#: plugins/sudoers/def_data.c:259 +msgid "Allow users to set arbitrary environment variables" +msgstr "Sta gebruikers toe willekeurige omgevingsvariabelen in te stellen" + +#: plugins/sudoers/def_data.c:263 +msgid "Reset the environment to a default set of variables" +msgstr "Stel de omgevingsvariablen in op een standaard set" + +#: plugins/sudoers/def_data.c:267 +msgid "Environment variables to check for sanity:" +msgstr "Omgevingsvariablen om juistheid te controleren:" + +#: plugins/sudoers/def_data.c:271 +msgid "Environment variables to remove:" +msgstr "Verwijder de volgende omgevingsvariablen:" + +#: plugins/sudoers/def_data.c:275 +msgid "Environment variables to preserve:" +msgstr "Behoud de volgende omgevingsvariablen:" + +#: plugins/sudoers/def_data.c:279 +#, c-format +msgid "SELinux role to use in the new security context: %s" +msgstr "SELinux role om in de nieuwe beveiliginscontext te gebruiken: %s" + +#: plugins/sudoers/def_data.c:283 +#, c-format +msgid "SELinux type to use in the new security context: %s" +msgstr "SELinux type om in de nieuwe beveiliginscontext te gebruiken: %s" + +#: plugins/sudoers/def_data.c:287 +#, c-format +msgid "Path to the sudo-specific environment file: %s" +msgstr "Pad naar het omgevingsbestand voor sudo: %s" + +#: plugins/sudoers/def_data.c:291 +#, c-format +msgid "Locale to use while parsing sudoers: %s" +msgstr "Te gebruiken taaldefinitie bij ontleden sudoers: %s" + +#: plugins/sudoers/def_data.c:295 +msgid "Allow sudo to prompt for a password even if it would be visible" +msgstr "Sta sudo toe ook te vragen naar een wachtwoord wanneer dit zichtbaar zou worden" + +#: plugins/sudoers/def_data.c:299 +msgid "Provide visual feedback at the password prompt when there is user input" +msgstr "Zorg voor zichtbare terugkoppeling op de wachtwoordprompt wanneer er gebruikersinvoer is" + +#: plugins/sudoers/def_data.c:303 +msgid "Use faster globbing that is less accurate but does not access the filesystem" +msgstr "Gebruik snellere expansie van jokertekens. Dit is minder nauwkeurig, maar maakt geen gebruik van het bestandsysteem" + +#: plugins/sudoers/def_data.c:307 +msgid "The umask specified in sudoers will override the user's, even if it is more permissive" +msgstr "De umask die is opgegeven in het sudoersbestand zal die van de gebruiker vervangen, ook wanneer deze meer toestaat" + +#: plugins/sudoers/def_data.c:311 +msgid "Log user's input for the command being run" +msgstr "Log gebruikersinvoer voor de uitgevoerde opdracht" + +#: plugins/sudoers/def_data.c:315 +msgid "Log the output of the command being run" +msgstr "Log uitvoer voor de uitgevoerde opdracht" + +#: plugins/sudoers/def_data.c:319 +msgid "Compress I/O logs using zlib" +msgstr "Comprimeer in-/uitvoer logs met zlib" + +#: plugins/sudoers/def_data.c:323 +msgid "Always run commands in a pseudo-tty" +msgstr "Voer opdrachten altijd uit in een pseudo-terminal" + +#: plugins/sudoers/def_data.c:327 +#, c-format +msgid "Plugin for non-Unix group support: %s" +msgstr "Plugin voor ondersteuning van niet-Unixgroepen: %s" + +#: plugins/sudoers/def_data.c:331 +#, c-format +msgid "Directory in which to store input/output logs: %s" +msgstr "Map waarin in-/uitvoerlogs moeten worden opgeslagen: %s" + +#: plugins/sudoers/def_data.c:335 +#, c-format +msgid "File in which to store the input/output log: %s" +msgstr "Bestand waarin in-/uitvoerlogs moeten worden opgeslagen: %s" + +#: plugins/sudoers/def_data.c:339 +msgid "Add an entry to the utmp/utmpx file when allocating a pty" +msgstr "Voeg een item toe aan het utmp/utmpx-bestand wanneer een virtuele terminal wordt gereserveerd" + +#: plugins/sudoers/def_data.c:343 +msgid "Set the user in utmp to the runas user, not the invoking user" +msgstr "Stel de gebruiker in utmp in als de doelgebruiker, niet als de aanroepende gebruiker" + +#: plugins/sudoers/def_data.c:347 +msgid "Set of permitted privileges" +msgstr "Set van toegestane privileges" + +#: plugins/sudoers/def_data.c:351 +msgid "Set of limit privileges" +msgstr "Set van beperkende privileges" + +#: plugins/sudoers/defaults.c:208 +#, c-format +msgid "unknown defaults entry `%s'" +msgstr "onbekend standaarditem `%s'" + +#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 +#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 +#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 +#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 +#: plugins/sudoers/defaults.c:328 +#, c-format +msgid "value `%s' is invalid for option `%s'" +msgstr "waarde `%s' is ongeldig voor optie `%s'" + +#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 +#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 +#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 +#: plugins/sudoers/defaults.c:324 +#, c-format +msgid "no value specified for `%s'" +msgstr "geen waarde opgegeven voor `%s'" + +#: plugins/sudoers/defaults.c:242 +#, c-format +msgid "values for `%s' must start with a '/'" +msgstr "waarden voor `%s' moeten beginnen met een '/'" + +#: plugins/sudoers/defaults.c:304 +#, c-format +msgid "option `%s' does not take a value" +msgstr "optie `%s' kan geen waarde verwerken" + +#: plugins/sudoers/env.c:367 +#, c-format +msgid "sudo_putenv: corrupted envp, length mismatch" +msgstr "sudo_putenv: envp bevat fouten, verkeerde lengte" + +#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 +#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 +#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 +#, c-format +msgid "unable to allocate memory" +msgstr "kan geen geheugen reserveren" + +#: plugins/sudoers/env.c:992 +#, c-format +msgid "sorry, you are not allowed to set the following environment variables: %s" +msgstr "excuseer, u mag de volgende omgevingsvariabelen niet instellen: %s" + +#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 +#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 +#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 +#, c-format +msgid "%s: %s" +msgstr "%s: %s" + +#: plugins/sudoers/group_plugin.c:91 +#, c-format +msgid "%s%s: %s" +msgstr "%s%s: %s" + +#: plugins/sudoers/group_plugin.c:103 +#, c-format +msgid "%s must be owned by uid %d" +msgstr "%s moet eigendom zijn van gebruikersnummer %d" + +#: plugins/sudoers/group_plugin.c:107 +#, c-format +msgid "%s must only be writable by owner" +msgstr "%s mag enkel schrijfbaar zijn voor eigenaar" + +#: plugins/sudoers/group_plugin.c:114 +#, c-format +msgid "unable to dlopen %s: %s" +msgstr "kan niet dlopen %s: %s" + +#: plugins/sudoers/group_plugin.c:119 +#, c-format +msgid "unable to find symbol \"group_plugin\" in %s" +msgstr "kan symbool \"group_plugin\" niet vinden in %s" + +#: plugins/sudoers/group_plugin.c:124 +#, c-format +msgid "%s: incompatible group plugin major version %d, expected %d" +msgstr "%s: incompatibele groepplugin hoofdversie %d, verwacht wordt %d" + +#: plugins/sudoers/interfaces.c:112 +msgid "Local IP address and netmask pairs:\n" +msgstr "Combinaties van lokale IP-adressen en netwerkmaskers:\n" + +#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#, c-format +msgid "unable to read %s" +msgstr "kan %s niet lezen" + +#: plugins/sudoers/iolog.c:208 +#, c-format +msgid "invalid sequence number %s" +msgstr "ongeldig volgnummer %s" + +#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 +#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 +#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 +#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 +#: plugins/sudoers/iolog.c:569 +#, c-format +msgid "unable to create %s" +msgstr "kan %s niet aanmaken" + +#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 +#, c-format +msgid "unable to set locale to \"%s\", using \"C\"" +msgstr "kan taaldefinitie niet instellen op \"%s\", gebruikt wordt \"C\"" + +#: plugins/sudoers/ldap.c:387 +#, c-format +msgid "sudo_ldap_conf_add_ports: port too large" +msgstr "sudo_ldap_conf_add_ports: poort te groot" + +#: plugins/sudoers/ldap.c:410 +#, c-format +msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" +msgstr "sudo_ldap_conf_add_ports: ruimte ontoereikend bij uitbreiden hostbuf" + +#: plugins/sudoers/ldap.c:440 +#, c-format +msgid "unsupported LDAP uri type: %s" +msgstr "niet-ondersteund LDAP uri type: %s" + +#: plugins/sudoers/ldap.c:469 +#, c-format +msgid "invalid uri: %s" +msgstr "ongeldige uri: %s" + +#: plugins/sudoers/ldap.c:475 +#, c-format +msgid "unable to mix ldap and ldaps URIs" +msgstr "kan ldap en ldaps URIs niet door elkaar gebruiken" + +#: plugins/sudoers/ldap.c:479 +#, c-format +msgid "unable to mix ldaps and starttls" +msgstr "kan ldaps en starttls niet door elkaar gebruiken" + +#: plugins/sudoers/ldap.c:498 +#, c-format +msgid "sudo_ldap_parse_uri: out of space building hostbuf" +msgstr "sudo_ldap_parse_uri: ruimte ontoereikend bij bouwen van hostbuf" + +#: plugins/sudoers/ldap.c:572 +#, c-format +msgid "unable to initialize SSL cert and key db: %s" +msgstr "kan SSL cert en key db niet initialiseren: %s" + +#: plugins/sudoers/ldap.c:575 +#, c-format +msgid "you must set TLS_CERT in %s to use SSL" +msgstr "u moet TLS_CERT in %s instellen om SSL te gebruiken" + +#: plugins/sudoers/ldap.c:992 +#, c-format +msgid "unable to get GMT time" +msgstr "kan GMT-tijd niet verkrijgen" + +#: plugins/sudoers/ldap.c:998 +#, c-format +msgid "unable to format timestamp" +msgstr "kan tijd niet juist opmaken" + +#: plugins/sudoers/ldap.c:1006 +#, c-format +msgid "unable to build time filter" +msgstr "kan tijd-filter niet opbouwen" + +#: plugins/sudoers/ldap.c:1225 +#, c-format +msgid "sudo_ldap_build_pass1 allocation mismatch" +msgstr "sudo_ldap_build_pass1 reserveren mislukt" + +#: plugins/sudoers/ldap.c:1761 +#, c-format +msgid "" +"\n" +"LDAP Role: %s\n" +msgstr "" +"\n" +"LDAP Role: %s\n" + +#: plugins/sudoers/ldap.c:1763 +#, c-format +msgid "" +"\n" +"LDAP Role: UNKNOWN\n" +msgstr "" +"\n" +"LDAP Role: UNKNOWN\n" + +#: plugins/sudoers/ldap.c:1810 +#, c-format +msgid " Order: %s\n" +msgstr " Volgorde: %s\n" + +#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#, c-format +msgid " Commands:\n" +msgstr " Opdrachten:\n" + +#: plugins/sudoers/ldap.c:2240 +#, c-format +msgid "unable to initialize LDAP: %s" +msgstr "kan LDAP niet initialiseren: %s" + +#: plugins/sudoers/ldap.c:2274 +#, c-format +msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" +msgstr "start_tls opgegeven maar LDAP bibliotheken ondersteunen geen ldap_start_tls_s() of ldap_start_tls_s_np()" + +#: plugins/sudoers/ldap.c:2510 +#, c-format +msgid "invalid sudoOrder attribute: %s" +msgstr "ongeldig sudoOrder kenmerk: %s" + +#: plugins/sudoers/linux_audit.c:57 +#, c-format +msgid "unable to open audit system" +msgstr "kan controlesysteem niet openen" + +#: plugins/sudoers/linux_audit.c:93 +#, c-format +msgid "unable to send audit message" +msgstr "kan controleboodschap niet verzenden" + +#: plugins/sudoers/logging.c:202 +#, c-format +msgid "unable to open log file: %s: %s" +msgstr "kan logbestand niet openen: %s: %s" + +#: plugins/sudoers/logging.c:205 +#, c-format +msgid "unable to lock log file: %s: %s" +msgstr "kan logbestand niet vergrendelen: %s: %s" + +#: plugins/sudoers/logging.c:260 +msgid "user NOT in sudoers" +msgstr "gebruiker NIET in sudoers" + +#: plugins/sudoers/logging.c:262 +msgid "user NOT authorized on host" +msgstr "gebruiker NIET aangemeld op computer" + +#: plugins/sudoers/logging.c:264 +msgid "command not allowed" +msgstr "opdracht niet toegestaan" + +#: plugins/sudoers/logging.c:274 +#, c-format +msgid "%s is not in the sudoers file. This incident will be reported.\n" +msgstr "%s in niet in het sudoersbestand. Dit incident zal worden gerapporteerd.\n" + +#: plugins/sudoers/logging.c:277 +#, c-format +msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" +msgstr "%s is niet toegestaan sudo te gebruiken op %s. Dit incident zal worden gerapporteerd.\n" + +#: plugins/sudoers/logging.c:281 +#, c-format +msgid "Sorry, user %s may not run sudo on %s.\n" +msgstr "Excuseer, gebruiker %s mag sudo niet gebruiken op %s.\n" + +#: plugins/sudoers/logging.c:284 +#, c-format +msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" +msgstr "Excuseer, gebruiker %s man '%s%s%s' niet uitvoeren als %s%s%s op %s.\n" + +#: plugins/sudoers/logging.c:317 +msgid "No user or host" +msgstr "Geen gebruiker of computer" + +#: plugins/sudoers/logging.c:319 +msgid "validation failure" +msgstr "geldigheidsfout" + +#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 +#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 +#: plugins/sudoers/sudoers.c:1540 +#, c-format +msgid "%s: command not found" +msgstr "%s: opdracht niet gevonden" + +#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#, c-format +msgid "" +"ignoring `%s' found in '.'\n" +"Use `sudo ./%s' if this is the `%s' you wish to run." +msgstr "" +"`%s' gevonden in '.' wordt genegeerd.\n" +"Gebruik `sudo ./%s' als `%s' is wat u wilt gebruiken." + +#: plugins/sudoers/logging.c:352 +msgid "authentication failure" +msgstr "aanmeldfout" + +#: plugins/sudoers/logging.c:376 +#, c-format +msgid "%d incorrect password attempt" +msgid_plural "%d incorrect password attempts" +msgstr[0] "%d ongeldige wachtwoord poging" +msgstr[1] "%d ongeldige wachtwoord pogingen" + +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "een wachtwoord is verplicht" + +#: plugins/sudoers/logging.c:530 +#, c-format +msgid "unable to fork" +msgstr "kan niet afsplitsen" + +#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#, c-format +msgid "unable to fork: %m" +msgstr "kan niet afsplitsen: %m" + +#: plugins/sudoers/logging.c:589 +#, c-format +msgid "unable to open pipe: %m" +msgstr "kan pipe niet openen: %m" + +#: plugins/sudoers/logging.c:614 +#, c-format +msgid "unable to dup stdin: %m" +msgstr "kan stdin niet klonen: %m" + +#: plugins/sudoers/logging.c:650 +#, c-format +msgid "unable to execute %s: %m" +msgstr "kan %s niet uitvoeren: %m" + +#: plugins/sudoers/logging.c:865 +#, c-format +msgid "internal error: insufficient space for log line" +msgstr "interne fout: onvoldoende ruimte voor logregel" + +#: plugins/sudoers/parse.c:123 +#, c-format +msgid "parse error in %s near line %d" +msgstr "ontleedfout in %s bij regel %d" + +#: plugins/sudoers/parse.c:126 +#, c-format +msgid "parse error in %s" +msgstr "ontleedfout in %s" + +#: plugins/sudoers/parse.c:414 +#, c-format +msgid "" +"\n" +"Sudoers entry:\n" +msgstr "" +"\n" +"Sudoers item:\n" + +#: plugins/sudoers/parse.c:416 +#, c-format +msgid " RunAsUsers: " +msgstr " RunAsUsers: " + +#: plugins/sudoers/parse.c:431 +#, c-format +msgid " RunAsGroups: " +msgstr " RunAsGroups: " + +#: plugins/sudoers/parse.c:440 +#, c-format +msgid "" +" Commands:\n" +"\t" +msgstr "" +" Opdrachten:\n" +"\t" + +#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 +msgid ": " +msgstr ": " + +#: plugins/sudoers/pwutil.c:278 +#, c-format +msgid "unable to cache uid %u (%s), already exists" +msgstr "kan gebruikersnummer %u niet bufferen (%s), bestaat reeds" + +#: plugins/sudoers/pwutil.c:286 +#, c-format +msgid "unable to cache uid %u, already exists" +msgstr "kan gebruikersnummer %u niet bufferen, bestaat reeds" + +#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#, c-format +msgid "unable to cache user %s, already exists" +msgstr "kan gebruiker %s niet bufferen, bestaat reeds" + +#: plugins/sudoers/pwutil.c:668 +#, c-format +msgid "unable to cache gid %u (%s), already exists" +msgstr "kan groepsnummer %u niet bufferen (%s), bestaat reeds" + +#: plugins/sudoers/pwutil.c:676 +#, c-format +msgid "unable to cache gid %u, already exists" +msgstr "kan groepsnummer %u niet bufferen, bestaat reeds" + +#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#, c-format +msgid "unable to cache group %s, already exists" +msgstr "kan groep %s niet bufferen, bestaat reeds" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 +#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 +#: plugins/sudoers/set_perms.c:1396 +msgid "perm stack overflow" +msgstr "permanente stapeloverloop" + +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 +#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 +#: plugins/sudoers/set_perms.c:1404 +msgid "perm stack underflow" +msgstr "permanente stapelonderloop" + +#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 +#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +msgid "unable to change to runas gid" +msgstr "kan niet wijzigen naar doelgroupsnummer" + +#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 +#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +msgid "unable to change to runas uid" +msgstr "kan niet wijzigen naar doelgebruikersnummer" + +#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +msgid "unable to change to sudoers gid" +msgstr "kan niet wijzigen naar sudoers groupsnummer" + +#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 +#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 +#: plugins/sudoers/set_perms.c:1474 +msgid "too many processes" +msgstr "te veel taken" + +#: plugins/sudoers/set_perms.c:1542 +msgid "unable to set runas group vector" +msgstr "kan doelgroepvector niet instellen" + +#: plugins/sudoers/sssd.c:251 +#, c-format +msgid "Unable to dlopen %s: %s" +msgstr "Kan niet dlopen %s: %s" + +#: plugins/sudoers/sssd.c:252 +#, c-format +msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "Kan SSS-bron niet initialiseren. Is SSSD op uw machine geinstalleerd?" + +#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 +#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 +#: plugins/sudoers/sssd.c:287 +#, c-format +msgid "unable to find symbol \"%s\" in %s" +msgstr "kan symbool \"%s\" niet vinden in %s" + +#: plugins/sudoers/sudo_nss.c:267 +#, c-format +msgid "Matching Defaults entries for %s on this host:\n" +msgstr "Overeenkomende standaarditems voor %s op deze computer:\n" + +#: plugins/sudoers/sudo_nss.c:280 +#, c-format +msgid "Runas and Command-specific defaults for %s:\n" +msgstr "Runas en opdrachtspecifieke standaarden voor %s:\n" + +#: plugins/sudoers/sudo_nss.c:293 +#, c-format +msgid "User %s may run the following commands on this host:\n" +msgstr "Gebruiker %s man de volgede opdrachten uitvoeren op deze computer:\n" + +#: plugins/sudoers/sudo_nss.c:302 +#, c-format +msgid "User %s is not allowed to run sudo on %s.\n" +msgstr "Gebruiker %s in niet toegestaan sudo te gebruiken op %s.\n" + +#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 +#: plugins/sudoers/sudoers.c:953 +msgid "problem with defaults entries" +msgstr "probleem met standaarditems" + +#: plugins/sudoers/sudoers.c:216 +#, c-format +msgid "no valid sudoers sources found, quitting" +msgstr "geen geldige sudoers-bronnen gevonden, afsluiten" + +#: plugins/sudoers/sudoers.c:268 +#, c-format +msgid "unable to execute %s: %s" +msgstr "kan %s niet uitvoeren: %s" + +#: plugins/sudoers/sudoers.c:335 +#, c-format +msgid "sudoers specifies that root is not allowed to sudo" +msgstr "sudoers geeft aan dat root sudo niet mag gebruiken" + +#: plugins/sudoers/sudoers.c:342 +#, c-format +msgid "you are not permitted to use the -C option" +msgstr "u mag de optie -C niet gebruiken" + +#: plugins/sudoers/sudoers.c:431 +#, c-format +msgid "timestamp owner (%s): No such user" +msgstr "tijd-eigenaar (%s): Gebruiker bestaat niet" + +#: plugins/sudoers/sudoers.c:447 +msgid "no tty" +msgstr "geen terminal" + +#: plugins/sudoers/sudoers.c:448 +#, c-format +msgid "sorry, you must have a tty to run sudo" +msgstr "excuseer, u moet een terminal hebben om sudo te gebruiken" + +#: plugins/sudoers/sudoers.c:498 +msgid "command in current directory" +msgstr "opdracht in huidige map" + +#: plugins/sudoers/sudoers.c:510 +#, c-format +msgid "sorry, you are not allowed to preserve the environment" +msgstr "excuseer, u mag de omgeving niet behouden" + +#: plugins/sudoers/sudoers.c:1006 +#, c-format +msgid "%s is not a regular file" +msgstr "%s in geen regulier bestand" + +#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#, c-format +msgid "%s is owned by uid %u, should be %u" +msgstr "%s is eigendom van gebruikersnummer %u, moet zijn %u" + +#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#, c-format +msgid "%s is world writable" +msgstr "%s kan door iedereen worden geschreven" + +#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#, c-format +msgid "%s is owned by gid %u, should be %u" +msgstr "%s is eigendom van groupsnummer %u, moet zijn %u" + +#: plugins/sudoers/sudoers.c:1043 +#, c-format +msgid "only root can use `-c %s'" +msgstr "alleen root kan `-c %s' gebruiken" + +#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#, c-format +msgid "unknown login class: %s" +msgstr "onbekende loginklasse: %s" + +#: plugins/sudoers/sudoers.c:1089 +#, c-format +msgid "unable to resolve host %s" +msgstr "kan computernaam %s niet herleiden" + +#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#, c-format +msgid "unknown group: %s" +msgstr "onbekende groep: %s" + +#: plugins/sudoers/sudoers.c:1190 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Sudoers beleidsplugin versie %s\n" + +#: plugins/sudoers/sudoers.c:1192 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Versie van sudoers bestandsgrammatica %d\n" + +#: plugins/sudoers/sudoers.c:1196 +#, c-format +msgid "" +"\n" +"Sudoers path: %s\n" +msgstr "" +"\n" +"Sudoers pad: %s\n" + +#: plugins/sudoers/sudoers.c:1199 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "nsswitch pad: %s\n" + +#: plugins/sudoers/sudoers.c:1201 +#, c-format +msgid "ldap.conf path: %s\n" +msgstr "ldap.conf pad: %s\n" + +#: plugins/sudoers/sudoers.c:1202 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "ldap.secret pad: %s\n" + +#: plugins/sudoers/sudoreplay.c:293 +#, c-format +msgid "invalid filter option: %s" +msgstr "ongeldige filteroptie: %s" + +#: plugins/sudoers/sudoreplay.c:306 +#, c-format +msgid "invalid max wait: %s" +msgstr "ongeldige maximale wacht: %s" + +#: plugins/sudoers/sudoreplay.c:312 +#, c-format +msgid "invalid speed factor: %s" +msgstr "ongeldige snelheidsfactor: %s" + +#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#, c-format +msgid "%s version %s\n" +msgstr "%s versie %s\n" + +#: plugins/sudoers/sudoreplay.c:340 +#, c-format +msgid "%s/%.2s/%.2s/%.2s/timing: %s" +msgstr "%s/%.2s/%.2s/%.2s/timing: %s" + +#: plugins/sudoers/sudoreplay.c:346 +#, c-format +msgid "%s/%s/timing: %s" +msgstr "%s/%s/timing: %s" + +#: plugins/sudoers/sudoreplay.c:364 +#, c-format +msgid "Replaying sudo session: %s\n" +msgstr "Bekijken van sudo sessie: %s\n" + +#: plugins/sudoers/sudoreplay.c:370 +#, c-format +msgid "Warning: your terminal is too small to properly replay the log.\n" +msgstr "Waarschuwing: uw terminal is te klein om de log goed af te bekijken.\n" + +#: plugins/sudoers/sudoreplay.c:371 +#, c-format +msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." +msgstr "Logverhouding is %d x %d, de verhouding van uw terminal is %d x %d." + +#: plugins/sudoers/sudoreplay.c:401 +#, c-format +msgid "unable to set tty to raw mode" +msgstr "kan terminal niet instellen voor ruwe modus" + +#: plugins/sudoers/sudoreplay.c:418 +#, c-format +msgid "invalid timing file line: %s" +msgstr "ongeldige timing bestandsregel: %s" + +#: plugins/sudoers/sudoreplay.c:501 +#, c-format +msgid "writing to standard output" +msgstr "naar standaarduitvoer schrijven" + +#: plugins/sudoers/sudoreplay.c:530 +#, c-format +msgid "nanosleep: tv_sec %ld, tv_nsec %ld" +msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" + +#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#, c-format +msgid "ambiguous expression \"%s\"" +msgstr "dubbelzinnige expressie \"%s\"" + +#: plugins/sudoers/sudoreplay.c:685 +#, c-format +msgid "too many parenthesized expressions, max %d" +msgstr "te veel geneste expressies, maximum %d" + +#: plugins/sudoers/sudoreplay.c:696 +#, c-format +msgid "unmatched ')' in expression" +msgstr "onvergezelde ')' in expressie" + +#: plugins/sudoers/sudoreplay.c:702 +#, c-format +msgid "unknown search term \"%s\"" +msgstr "onbekende zoekterm \"%s\"" + +#: plugins/sudoers/sudoreplay.c:716 +#, c-format +msgid "%s requires an argument" +msgstr "%s heeft een argument nodig" + +#: plugins/sudoers/sudoreplay.c:720 +#, c-format +msgid "invalid regular expression: %s" +msgstr "ongeldige reguliere expressie: %s" + +#: plugins/sudoers/sudoreplay.c:726 +#, c-format +msgid "could not parse date \"%s\"" +msgstr "kan datum niet ontleden \"%s\"" + +#: plugins/sudoers/sudoreplay.c:739 +#, c-format +msgid "unmatched '(' in expression" +msgstr "onvergezelde '(' in expressie" + +#: plugins/sudoers/sudoreplay.c:741 +#, c-format +msgid "illegal trailing \"or\"" +msgstr "ongeldige afsluitende \"or\"" + +#: plugins/sudoers/sudoreplay.c:743 +#, c-format +msgid "illegal trailing \"!\"" +msgstr "ongeldige afsluitende \"!\"" + +#: plugins/sudoers/sudoreplay.c:1050 +#, c-format +msgid "invalid regex: %s" +msgstr "ongeldige reguliere expressie: %s" + +#: plugins/sudoers/sudoreplay.c:1174 +#, c-format +msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" +msgstr "gebruik: %s [-h] [-d map] [-m max_wacht] [-s snelheidsfactor] ID\n" + +#: plugins/sudoers/sudoreplay.c:1177 +#, c-format +msgid "usage: %s [-h] [-d directory] -l [search expression]\n" +msgstr "gebruik: %s [-h] [-d map] -l [zoek expressie]\n" + +#: plugins/sudoers/sudoreplay.c:1186 +#, c-format +msgid "" +"%s - replay sudo session logs\n" +"\n" +msgstr "" +"%s - sudo sessielogs bekijken\n" +"\n" + +#: plugins/sudoers/sudoreplay.c:1188 +msgid "" +"\n" +"Options:\n" +" -d directory specify directory for session logs\n" +" -f filter specify which I/O type to display\n" +" -h display help message and exit\n" +" -l [expression] list available session IDs that match expression\n" +" -m max_wait max number of seconds to wait between events\n" +" -s speed_factor speed up or slow down output\n" +" -V display version information and exit" +msgstr "" +"\n" +"Opties:\n" +" -d map map voor sessielogs opgeven\n" +" -f filter opgeven welk type in-/uitvoer moet worden weergegeven\n" +" -h geef help weer (dit bericht) en sluit af\n" +" -l [expressie] som beschikbare sessienummers\n" +" die overeenkomen met de expressie op\n" +" -m max_wacht wacht tussen gebeurtenissen maximaal m seconden\n" +" -s snelheis_factor snelheid van uitvoer verhogen of verlagen\n" +" -V geef versieinformatie weer en sluit af" + +#: plugins/sudoers/testsudoers.c:338 +msgid "\thost unmatched" +msgstr "\tcomputer komt niet overeen" + +#: plugins/sudoers/testsudoers.c:341 +msgid "" +"\n" +"Command allowed" +msgstr "" +"\n" +"Opdracht toegestaan" + +#: plugins/sudoers/testsudoers.c:342 +msgid "" +"\n" +"Command denied" +msgstr "" +"\n" +"Opdracht niet toegestaan" + +#: plugins/sudoers/testsudoers.c:342 +msgid "" +"\n" +"Command unmatched" +msgstr "" +"\n" +"Opdracht komt niet overeen" + +#: plugins/sudoers/toke_util.c:218 +msgid "fill_args: buffer overflow" +msgstr "fill_args: stapeloverloop" + +#: plugins/sudoers/visudo.c:188 +#, c-format +msgid "%s grammar version %d\n" +msgstr "%s grammaticaversie %d\n" + +#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#, c-format +msgid "press return to edit %s: " +msgstr "toets enter om te bewerken %s: " + +#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#, c-format +msgid "write error" +msgstr "schrijffout" + +#: plugins/sudoers/visudo.c:423 +#, c-format +msgid "unable to stat temporary file (%s), %s unchanged" +msgstr "kan status van tijdelijk bestand (%s) niet vaststellen, %s ongewijzigd" + +#: plugins/sudoers/visudo.c:428 +#, c-format +msgid "zero length temporary file (%s), %s unchanged" +msgstr "tijdelijk bestand (%s) leeg, %s ongewijzigd" + +#: plugins/sudoers/visudo.c:434 +#, c-format +msgid "editor (%s) failed, %s unchanged" +msgstr "editor (%s) mislukt, %s ongewijzigd" + +#: plugins/sudoers/visudo.c:457 +#, c-format +msgid "%s unchanged" +msgstr "%s ongewijzigd" + +#: plugins/sudoers/visudo.c:486 +#, c-format +msgid "unable to re-open temporary file (%s), %s unchanged." +msgstr "kan tijdelijk bestand (%s) niet openen, %s ongewijzigd." + +#: plugins/sudoers/visudo.c:496 +#, c-format +msgid "unabled to parse temporary file (%s), unknown error" +msgstr "kan tijdelijke bestand (%s) niet ontleden, onbekende fout" + +#: plugins/sudoers/visudo.c:534 +#, c-format +msgid "internal error, unable to find %s in list!" +msgstr "interne fout, kan %s niet in de lijst vinden!" + +#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#, c-format +msgid "unable to set (uid, gid) of %s to (%u, %u)" +msgstr "kan %s niet wijzigen (gebruikers- of groupsnummer) naar (%u, %u)" + +#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "kan modus van %s niet wijzigen naar 0%o" + +#: plugins/sudoers/visudo.c:617 +#, c-format +msgid "%s and %s not on the same file system, using mv to rename" +msgstr "%s en %s niet op hetzelfde bestandssyteem, gebuikt mv om te hernoemen" + +#: plugins/sudoers/visudo.c:631 +#, c-format +msgid "command failed: '%s %s %s', %s unchanged" +msgstr "opdracht mislukt: '%s %s %s', %s ongewijzigd" + +#: plugins/sudoers/visudo.c:641 +#, c-format +msgid "error renaming %s, %s unchanged" +msgstr "fout bij hernoemen %s, %s ongewijzigd" + +#: plugins/sudoers/visudo.c:704 +msgid "What now? " +msgstr "Wat nu? " + +#: plugins/sudoers/visudo.c:718 +msgid "" +"Options are:\n" +" (e)dit sudoers file again\n" +" e(x)it without saving changes to sudoers file\n" +" (Q)uit and save changes to sudoers file (DANGER!)\n" +msgstr "" +"Opties zijn:\n" +" (e)dit sudoers bestand opnieuw\n" +" e(x)it zonder de wijzigingen op te slaan\n" +" (Q)uit en sla wijziging op in het sudoers bestand (GEVAAR!)\n" + +#: plugins/sudoers/visudo.c:759 +#, c-format +msgid "unable to execute %s" +msgstr "kan %s niet uitvoeren" + +#: plugins/sudoers/visudo.c:766 +#, c-format +msgid "unable to run %s" +msgstr "kan %s niet gebruiken" + +#: plugins/sudoers/visudo.c:792 +#, c-format +msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" +msgstr "%s: verkeerde eigenaar (gebruikers-, groepsnummer) zou moeten zijn (%u, %u)\n" + +#: plugins/sudoers/visudo.c:799 +#, c-format +msgid "%s: bad permissions, should be mode 0%o\n" +msgstr "%s: verkeerde permissies, mout zijn modus 0%o\n" + +#: plugins/sudoers/visudo.c:824 +#, c-format +msgid "failed to parse %s file, unknown error" +msgstr "kon %sbestand niet ontleden, onbekende fout" + +#: plugins/sudoers/visudo.c:837 +#, c-format +msgid "parse error in %s near line %d\n" +msgstr "fout bij ontleden van %s bij regel %d\n" + +#: plugins/sudoers/visudo.c:840 +#, c-format +msgid "parse error in %s\n" +msgstr "fout bij ontleden van %s\n" + +#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#, c-format +msgid "%s: parsed OK\n" +msgstr "%s: ontleden geslaagd\n" + +#: plugins/sudoers/visudo.c:899 +#, c-format +msgid "%s busy, try again later" +msgstr "%s bezig, probeer later opnieuw" + +#: plugins/sudoers/visudo.c:943 +#, c-format +msgid "specified editor (%s) doesn't exist" +msgstr "opgegeven editor (%s) bestaat niet" + +#: plugins/sudoers/visudo.c:966 +#, c-format +msgid "unable to stat editor (%s)" +msgstr "kan status van editor (%s) niet verkrijgen" + +#: plugins/sudoers/visudo.c:1014 +#, c-format +msgid "no editor found (editor path = %s)" +msgstr "geen editor gevonden (editorpad = %s)" + +#: plugins/sudoers/visudo.c:1108 +#, c-format +msgid "Error: cycle in %s_Alias `%s'" +msgstr "Fout: cyclus van %s_Alias `%s'" + +#: plugins/sudoers/visudo.c:1109 +#, c-format +msgid "Warning: cycle in %s_Alias `%s'" +msgstr "Waarschuwing: cyclus van %s_Alias `%s'" + +#: plugins/sudoers/visudo.c:1112 +#, c-format +msgid "Error: %s_Alias `%s' referenced but not defined" +msgstr "Fout: %s_Alias `%s' wordt naar verwezen, maar is niet gedefinieerd" + +#: plugins/sudoers/visudo.c:1113 +#, c-format +msgid "Warning: %s_Alias `%s' referenced but not defined" +msgstr "Waarschuwing: %s_Alias `%s' wordt naar verwezen, maar is niet gedefinieerd" + +#: plugins/sudoers/visudo.c:1248 +#, c-format +msgid "%s: unused %s_Alias %s" +msgstr "%s: ongebruikte %s_Alias %s" + +#: plugins/sudoers/visudo.c:1304 +#, c-format +msgid "" +"%s - safely edit the sudoers file\n" +"\n" +msgstr "" +"%s - bewerk het sudoersbestand voorzichtig\n" +"\n" + +#: plugins/sudoers/visudo.c:1306 +msgid "" +"\n" +"Options:\n" +" -c check-only mode\n" +" -f sudoers specify sudoers file location\n" +" -h display help message and exit\n" +" -q less verbose (quiet) syntax error messages\n" +" -s strict syntax checking\n" +" -V display version information and exit" +msgstr "" +"\n" +"Opties:\n" +" -c alleen lezen modus\n" +" -f sudoers geef lokatie van sudoersbestand op\n" +" -h geef help weer (dit bericht) en sluit af\n" +" -q minder uitgebreide syntactische fout berichten\n" +" -s stricte controle van syntaxis\n" +" -V geef versieinformatie weer en sluit af" + +#: toke.l:820 +msgid "too many levels of includes" +msgstr "te veel niveaus van insluitingen" diff --git a/plugins/sudoers/po/pl.mo b/plugins/sudoers/po/pl.mo index cff809e2453b3db013b48b5c59caf45a8415a48f..1253bd767278c509dfe764a6d370ca7dc0750ffb 100644 GIT binary patch delta 9553 zcmZ|U34B!5*~jsl019CzERii2l0Xu&Lx2Pb2@oJ`VHFM5dNVU5lVoPXEW`xtXjsIm z6}j4KaVd3aU0Ri?l(uN~g#cQsZQU1Yi`CN7+Uo1l)++t|=id0*zVCZKJo%n;?sm>| z&OM1AZ@4q{t?#DBe?6k_%?8KX6vG&g52hK$Q0BSjPq}U%4l#_lvDY+=!8F{7G#KB*;dlh~;%BixzKJ~3 zID>Ps-z3A}8O8$4!bYsX-I#$-;1qln^U#=V7^5K{b-o4{^M0d&LNyHsP!BrodL9*x zC?Ch-eB@b117_oP9D@gN5dH`?fa5qFUvwS7#p?Jx)PNdr8n$9C?>D|dLD_x+=ip1I z2aU*aoP_krD8U)H4%Lx8$fd^pScuP|Ui2yE<5-5T7uBLhz6FbL57IZ|hZy%#c%4EG zR!?BpDCl zJbVGU)EGhU)LxCcuNgIveQ^r>GalndCjJ?R;@}eJh6$+5)S^;(IbM&4Q4d~BdX&m2 zs^d2z({J?P06dG#hVdb4F;C=STK&^e?eP^9=%f)t-FP?F;?qdhjA1-gBbkdcu?v^r zBdE;$9W`YcOt>;M1NGn*!MyRs=<( z2$ky1ScCWCg?I*SoX;+!2R)C>g7FEizyf-uIqgIZ;BM4hzlK^{edjp$Ek|ah}zk<;b?pmmD*?U0@QG|X2#+e%tu|f07v1)I08d%dpGKR zw_;p#^&<-7@ieC6In;yG`Pj9p3(>^2s2d}w`)t&d9Ko^p77oMDP#qdN-!SSi6GvhQ z)uEj@4!=2{{3~ULXeh?tqEa@z+F4w4P!~3!I| zsE$;ju3v>3U>Mbr-8FG%B)8F^MbU$L(HXa%x`0iIdJbyD1*i^fK&5mG>iV5H3GYCy z_9xu)ze08JZB)nlvJ%ySY}7zz$0_ImD{%rgAq&{pg>`rYmE!XjIU^{jx+y)EPfjDO4{iswuhg#Kd zxqgCK)YD0iQaB4W_bbpuAL==~aR@$w8qgD{MfyDI>v$J)^!@i+=JaS9>OpmAVk0Vr zJCIp09!AaK2dKFox!k#KCh7$nQFGsd%IJ2~^|zn~a2S<=U*HUU7l-qHBa7WbJu64O za5d`2D^P3WcGPF}LsTkHVm`i&CJtNaJh&9K*y>Ro38J2RC2FJEk6QK5;B-8VaW#xy z<@C4!b>mW0j~h@K38OxvYf&B9j~d~Ft|w6=`yDDXseJV1n2j~qfV%!R)RZ1ZW$c-H z@~_46CJnORYQq?a(@;I1g&OHv)SO>|T7(C%5KrPeDg0rAS_`MvI=+t@!1?Q(3})g` z>J_K~*I^y^eR&=EKT6@g_09!>3!N8Vfx~IP1$E>78=a2*7}fLRI1FFKG5AO9kEs_q zQ!)@^)C*9H`P-2W9U_62(-H1Q!7RIuxjHRIkhu|*MD!mD(;Zrys zKg78>;!DoR>rokLLQPc{vM!B#a1OqY6iduf8$UocMPoptVerKotFRbv#UgwPYxMp9 zje>5d^f;-%0oCL0qUPu{YOxLSI$LukPNcpC%WyC1fk#nO^uF6Z+vm)EtLt9W^^c-5 zc?R=%ztL~A^Cwj?>V+LR4i8`rK8CC>;~ZAw#wI5Nx1bi^^JwB()RsJ`ncWYoP*c@| z)tKscIT>^hMP*i3{sXd4j^!@*m zfOZKTJUndKT65k1!K6yPXlvM~(P0)Pt`_b@TyTkH1ExeEJUO zJ}-Kx??h$p3@*g6JDn-J6z5alvy=SKq;Qgkd_0F$n7_-p(2rV-Hjc#;Sc9igBgo$E zyto3D+7?u%Zgf44^QeE~)+?@deklb}1GxWcQe8;l6b(5zaF3ILQr8AlW_F+!(*vl* z_&REz7=4YiR%&qy^+wd9yash$0=1UjMH2^p)yZT5YTy^gDJZ3TaT0#tz2Fya{ZpJv zd*-!H2QNXBdN=BYcVRU?jThm->zs~xF`K&WdKmTmQ>YG|!vc(tzuqa-p>EiU({Mko z#1p6+Mt#j`FGG#&QdDMc#e94cHIP4H5vJYXq__gLHrlWdZ^v@{8D{DGPuc6-kb`xc zSdaQV?!cw^80vdH??$I16LAFfIc|LwPNv?9!|-dEfp?-hblCMJ!QJHDL!MGdsf}2neJcuT~g2niE)aRIY6aPVqKP1i) zBq(|OL_c|d^3bYZ$yKTN4`L?eJl(}H8kf0cc4K2a<-TrR=NA!Islf3F@c_YkGt#)` z>!@Q3@gz}C+qY21JRhqFuk-UGLFs$MF+$V4f|$xZk7KsRAEGdahI?=@zKE9)sg!TV9MoaDY8Ce$ zuc$!#U2eneINiPOLCR0L?UQILBHnT9LW^~X^8bcv9Amj)0hT9g?D5pKn`x0Prrdjc zLct_P()K?7o#;Kj-CMwMM74Y0MA!3N?{=??w@}#ZRz~5Uh>zU*1+JU$d?MYgPvapL zW%j1zuVOXdN0h0+G04H_=e|tUKM=c!pAjdC8iFI9{NqDgp^n8wC!s$)`ViV^bod>T z|0$+oA0GS+-b=hme1o`y(4ozz_h_XMb}ND2M*K4|H`%%5`ghK-&lv0t#!jbdWO6|+ zD53pj{1WkdBA5E#u=mg=a~30p;%ZNteG*Rik#ryQu!;foESk=apDK4V+rK}n2(e3S88;RrFbjxJaInfZ^JJW2Z;*m z7h@Kt69b5!Q*R^wLd1wB;ylgcNFtNCkVqqR+(7(Svc#WPuDyIlVJh*Q+mM0%h@-?h zVlpq&@itLGTuIatJ;V;8nCLy?Pf+@ALjV8oExd?WO1UqV;X)#X=snsgETDb{KPECL z4+Bq2v1w&YFFiN;C0YVge7Em68}Teny{o+D4xl4aXu; zvojPko2{)rGwk#D{9AoqGurGkW09EEX14h}(OB4LZVrb6$>z3@hvs#ik*F__R^tu$ zgZ@Y~Y(+!iBC{^)+||};HirCd5z`y$2%6E5ZjA7@=CDsc{lTV4Wjrm-|j&`>D+|$$Z%#HqNv)L5( zSy8h+)Zq)8o>0ISaa+Q?A{31H8~ttmXlGGcnqe=?>lexP ztGD{X^damIdi?F=it&>n25sg}&52CSv(IIXu|LSF=T5JWM{|jNRd$BGDSOJlH%%Vu zp7sY#kL79h*)L=-&&towH`moJ+_1K8{l%s~NHzkNMqyGibDB-gC+6i8^eJ7aT=-1O z4Ej3E)io>4h%XZ9y-+jUJ3u-Zjs;DBqAB;$K7E3rXkuK!XDOL0t;_v^Sir0+t~c94 zP29dE<_mg!W-u0L^o0`{MgEl0Jl2ZwFvj6=x}j9qUBzvQ_ln<6&F+0k#H5Fo*&gkr z&&io?v^=d%;ZQ8-P5i2CO=?;++-X`(mOogO7*~EEHIXs9v~RZ8-{fP3CWjU=b8{kj zraxlRMLi`aq7wmo>D->g_<3_v&JXya%^`2ZuCCf<|Ga8~-EaOsM*m0edN288{*#Hf zs$cG7zp!Yzy}WkW5Ot;9Y-2I&q4t*AeEUT0vUK0&?SAITY_}qjj!@Xk0k)}D)GjOk5c-~YAmx~Tvb~>y|83P zVd*Thw7jysjB-gy+UokkwZ5%>O>*HP=DyM_D=BrZt1!z-E6Zml>g)UUi>GbaYy~8nt!+Lt z(jE?VSl%wnjQEe;$}ETY>iIN1&Fn5+KG4su&PwNd=W`Fntu|lJkxsT7zWdfFw;#Kj z@1?WDiUvbH`>FVYK^{<${Pg+qgYFH1&Yt~kzU0MSniGG-qFVvyI<|l=(;MqKa%`8` z(bG+rRPZ0$rBNpPrjr%}Dt1QH#h2&2Py2y3qt%SfqtR75_4;;C3rV!2>#K7AV{>R_ zQ|JuFEKduIy7xA15Q&G^*YvgjaZ!O?c=7W?8hg5r?eg+YG7yc~KW)gc|9MrKJ)t49 zfV8wmx}sK3x5v+rf>u{Y=NEPjlE@%>c6wr-X3M^6(&iCEzNVpI zWV;n$20VWH;|){j3i?{?1r0N8^SYt-?;7&{zYEIuU6*Fh+%)0;KEG#^HA7pDyVH;m z=9lRuyKDsuY8zJ9)h=wP?b)$z{l*&8+h+CdL4z+D-FN1OC?8E1DP`ASQ*O~7)Z$O> zM!GZ>*60F$E2zcwc^(s!FYDX4Y85vHLOn-@l~!w{Gmu>1>{|R%i1=DN*u>}qTUyNQ@D+D-CU$H-m@;mGGgUDb zdzi`cwXqKPr@q=H%{vlDnqz&6HmJiPx}y;}{q5Pw+?nkWUyQu?!u&$C+IX-TZSy5c z+J2LoS-`A@B3*nOd@Dy2jqZBqOX=V#MfRnkiHV%hJE@6l!vp)}Mq0Th>Lk+L@${}1 zZG#=WlFf!GW}V&Kk(!b?czJt@Jq+3l6d*6cIsrt7HZ^mu_k|q#WuutXF4f}Y1gBp KiOtvNrTz;W(UKVe delta 8330 zcma*rd3=;bp2zX(5CQ~9xB>|z@DOqkAS8hVNC-J4+&6-bkk}**G&xBpoJu2dpW@?% zE{ZcQB9035jIt^U3bUT$IH;pAqoR)DjUtMUqx<>hc~so}XY1v!-&OToRllm|0ep8~ z*p9oxf^T*Szu8cxc#Mh1n<9-lM!iFfdX4EsXD96JnuyV~hhi5jb=$MB8}0eniR)M5 zPTZQ{T;IEobAAR!ab5{>pP-rMc6hNf2O3ZhT!Z;&BmbGd@Y4^^VJ>#FjETj`n1Ty1 z4Yy-=Jd8U25|-gvEW(Vw&V3qM3^HRX8u?-Di7z7mnX~*PVPv8)Jum}1;26{lX5vt+ zbiEbZ(taM9ym%xe^Po z2@5fVL-0ImKq;xtK*wV??Hbg1ccU_Q1~rgxQ3LPK^mX0n{;ao^Kcddq*N0M%cEy6z_AndS-9z(2%jj0=(% zotTD7=`>X8*5Woij+|?zbCm|V8d)Xt2W*F@FcRNGl4U+eZRXfaXZNS0`pb}8nR?Xq zcj9Oa9;d?OOeA^N42Iz_Y{D^kKPn^VQA^c@Q7SWoQ8%ta4Qv~B#$!k_%t^Oj2X#D~ zAFcgD)b;C-i3iPNZpXXGell_FAf>nnwRu*e9&Dp#@DOUCZ(=FNb2nx1YSbRth!)F47to^SS1vFZ2`bt9Xz_29=)4>*Y=$@E|cO~kRNwY(X*r#XsR zVo9rUE%;ZpH5SGLjT?7UM8}q_b&; zp$1rnI=iU@~^YX4HT-V=vr;%Gl$`{xlz;GS;KOegBL3x@aJCQ8!qM`ao<& zZK?y<8=pcAiT)8nXX3-=yue^4xskR8-+oq@;x09bo425 zPDnwGdAwHNcl#&!Emfj~Z|UJFO2UqXse>b={Sy`_<|Dn?PkF zvj5Cp9Eblvr9QR9naO0FL%R``x|fjsX1+zuXb3x%H_lvzdi}P$?Z+^Y_GhRGb-v6w zKONN$&Z45VX+({DH)>=DP!~RjI`LD~ccL9%4Gk;@_24bns-I#>Wpi=cIYL|P)IL4t;mxWsUGS>>UXfH$EXBTR79!E{+Bx=vR zk9u1?W1TNxEGFpvFQB3u⩔CQ7OCyHPWZCFTU#@Z_WDX#wn<^&qZZu0_yw)sDW?5 zY`hC~-YeKL5X_?O8PEAV-wdUql+QrDUbPsHt8f6`fvNZ>wD2=jN~0$@n=BpmfQhIF zl%qaa%Tc?2KMuvCZu=|LfFt>u1$AKx6^(cVDic#tuaO@$pyj9wHoNXc4d5xv!MCv( zyH9e?y8^X@O{h$5#ALj~^%%CN{lO&iuMwZ8Loi8gP;7_A6cp5eE3#gg5p2pk6b-nOu^i6k;r_FRSl{=IC>w=kdbiyjsh@0K^M$`j# zVKW{?ZPL`sodHfnmeT|<4UeEE@&RUImsw6mOHoTY2WQ}N;XVw*53w)L zH=j^hK}XaaW5}A>gn9TDDuq4gI+>Y(Twqort6+8`-z4)Tj>qBU&UtHaFzrKFjAu~i z_p5N0Vj1Sr-ic{?|DUI#O?Cl$>%^;_PiYD2M$M=h-Gf8$Bh(&9@H&>D`WIk4-j3P} zk09S1bH;6_&2!$48CXnzJbd^{@k>(Ij8s6FrmUW4Z_A8V_e>-M7t z^fBtjoqW!HrlSV74YgE9T|aS;$Id7JO7RRTy>KmBxCckzF=T(5?{F_pTi`tSB95k= zv(QQTN^C>>e$=K5p;G)f>b_s2GTX)P{5v8Gb-ck({T( zvG_7-COxa28<(Npo_VMn-st)Q4xk-TO`OKDeO3GPE}%8zTv|9G8P>-_OM4K=fk zsLcEs^}hayeQ-vd^W_VmUdNrN8=gRAs%^cK`U*^-eLE)NVeE&e-Qz!^o|6}BaAvj| z$+CGCcVXsYXKkOu6x!_@jo}qGLr@vng7ff29EF(y=R;J7TDrqH0l&bZII79{JLY24 zUb+vpG{MtUl$via5=S;WYg~o}w6Di*_!JJuzo9Y_y~O$BGy}D^WvChZP;bHY7>9dM zoB2^p#lNCn@9&WN1WnFT=SG)f8V71H8E-)?!Q+^LpQ6?{VVSc@XJZfA%TQ~119r#z zQJH)SHN&*!&VWXv?mG{afsHs+@BgDz2GQ{uTG(raGxB`wPkR<>34+)c_qslVn(;^O z@wO|SOk}uD#!eis#UZ!~d*MOUbuVHz&o>`a(I&BYxs{?)Y>U;Hi%qBt9>kvb0%{;1 zpss6ot+Pafuruvqw><-6XfH(FcNJ zs0+I>YQ8}&qgN_#qpdyk9BK)pRy+UH8iB)TFGIbK4`BhGLY)_P9r@SpEWOT|*-|W~ zeIshqy@Fb^4^ab%UgIo95h^naFdOf7ea-D}f4$Q`8b@+`1*YS}s0_U4+Hox-R%(W= zbv9W!=F#4cgYj96$BU>v5VOu1c|NLtK3aIa>piGUo&P zk_OAD6w=X%sdxyrR;N%SZ@t-ha6itH=GY(m(JsSLxCqDKJ{*MS zP#H+r?mVXiQ)pMgZ|3tJV&JZ6GDr19OFp1#X)AF~U25;qg=h&DP#>4~NIZz7MnGOITu7(=7TJ!u9VcM{(cqY2Gc$H(x%>w;R>+)ndp<>N;8%$&-98KdK!g)(iGjp@gvtrxyw?Ax@*67ih;amO zp<$U@N;l@`W&|*$_V}{VV)y; zEB}1B%)7*J;u~ThCug9FK0JSGsX0HLIkuH*DyqCg)D!y%FOfw50Q`zjxsF&(G!i2@ zmVzo})H8{e^&dkeRt-utTEtH3bBQeK59t7981;$7o77ujUqWRNCSf6Qf%r2qolxmY zTtVDTv?7)fDp|y0BKU?{lzeXTJ(duIiN}da#HD3FjjrxP!|)N>ZxOE%vxuWaH{xo7 z#Qv&0N$VM+JMq{rM}lUud&5O;XE)jdh$*!Hlem@mBhj9?w9Kb*`jU=|)UPMXi72;U z|MuTNeG~CtL~r+54^odIdU@Po{*Ferd$142)9z2?5Tj|Y#F<1q^*b<{m_w`~{KO5! zOT=fy0wR&~8t^-!BlQxZhCV1#=8iWT@EIl{+@0O+-;zATKA&7*k4#C-vix;cWu>=rp--n7o!wmLombdgocDprC*Ybdgo(^EO&F{yLwPTxI3w=Z8+E3~Ck19S~|2I+y-$PpD(& zLXUl8malCfu(ZChD$fdim31~O6rM9FEL1ssS6J-N53H)GZ}8Q*_cfQ>2gjF&{*^l< z+@4-=Jk+Leg2!H5R2ku0)-t7MiqfKdi<^CQl|HMkxptnfG4x(h8;{+(-9+uO@#wYK^v2h!}q zF@5bf%cj~_kBRuXXR-a-nAA|uvEd%OWL$cbZ<(*MnQNUygsR5P^4LF&|GRy0LbZEI z<;2J0^Z+NJiOGS)K~{6XU$?+YEKLkWPx{IeN}lqCr`51|*>>Et(H)1RXO2kE%CxeE z=4FnstEcsHdWO)Go0mB}WKV0|T5D}ht*`M_`s(~%ckwT2x3f>oE(oPxQ5gQy>ig$p z*gNN(vcI0&+1@dCpdGcPjU82wF99?YZTHBAkt2@0pumKeVlb{Z4t> zFI{o=gEvIl`7c!=e276zQ77Emj}GH^;IkUz8W@>->Regl8!(_eV~5c^3b7$1HwXK)dxNH$(mJd z$9e-ioy|10c1f$yg@(7n>={il_JO4dp}|ehhIuC2J2%JLD>p?^t1XYW`)|z;eY2!} z>(Ib!Jf5z4hSgBN)L&o4U95or_^wdWwaYyAkyQ`aV}nVZ*-^emE8weM$_87$sBU?v zB3S6LA6@-nigwcfV|)Gfx_iUz?Q=V}<$P{m>9>z=?`BV2zsTJh, 2011-2012. +# Jakub Bogusz , 2011-2013. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.6b4\n" +"Project-Id-Version: sudoers 1.8.7b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-20 19:07+0200\n" +"POT-Creation-Date: 2013-04-17 15:52-0400\n" +"PO-Revision-Date: 2013-04-19 21:56+0200\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" @@ -16,50 +16,57 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -#: gram.y:112 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s: %s w okolicy linii %d <<<" +#: confstr.sh:2 +msgid "Password:" +msgstr "Hasło:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** informacje dotyczące BEZPIECZEŃSTWA dla %h ***" + +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Niestety, proszę spróbować ponownie." -#: plugins/sudoers/alias.c:125 +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Alias `%s' jest już zdefiniowany" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "nie udało się uzyskać klasy logowania dla użytkownika %s" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "nie udało się rozpocząć uwierzytelnienia BSD" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "błędny rodzaj uwierzytelnienia" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "nie udało się ustawić parametrów uwierzytelnienia" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "nie udało się odczytać konfiguracji fwtk" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "nie udało się połączyć z serwerem uwierzytelniającym" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "utracono połączenie z serwerem uwierzytelniającym" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -68,147 +75,152 @@ msgstr "" "błąd serwera uwierzytelniającego:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format -msgid "%s: unable to unparse princ ('%s'): %s" -msgstr "%s: nie udało się złożyć princ ('%s'): %s" +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s: nie udało się przekształcić nazwy principal do łańcucha ('%s'): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: nie udało się przeanalizować '%s': %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format -msgid "%s: unable to resolve ccache: %s" -msgstr "%s: nie udało się rozwiązać ccache: %s" +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s: nie udało się rozwiązać pamięci podręcznej danych uwierzytelniających: %s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: nie udało się przydzielić opcji: %s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: nie udało się pobrać danych uwierzytelniających: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format -msgid "%s: unable to initialize ccache: %s" -msgstr "%s: nie udało się zainicjować ccache: %s" +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: nie udało się zainicjować pamięci podręcznej danych uwierzytelniających: %s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format -msgid "%s: unable to store cred in ccache: %s" -msgstr "%s: nie udało się zapisać danych uwierzytelniających w ccache: %s" +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: nie udało się zapisać danych uwierzytelniających w pamięci podręcznej: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" -msgstr "%s: nie udało się pobrać głównego hosta: %s" +msgstr "%s: nie udało się pobrać nazwy principal dla hosta: %s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Nie można zweryfikować TGT! Możliwy atak!: %s" -#: plugins/sudoers/auth/pam.c:100 +#: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" msgstr "nie udało się zainicjować PAM" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "błąd kontroli poprawności konta - konto zablokowane?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" msgstr "Konto lub hasło wygasło, należy ustawić ponownie hasło i spróbować jeszcze raz" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:162 #, c-format -msgid "pam_chauthtok: %s" -msgstr "pam_chauthtok: %s" +msgid "unable to change expired password: %s" +msgstr "nie udało się zmienić przedawnionego hasła: %s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "Hasło wygasło, proszę skontaktować się z administratorem systemu" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:171 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto wygasło lub w konfiguracji PAM brak sekcji \"account\" dla sudo, proszę skontaktować się z administratorem systemu" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:188 #, c-format -msgid "pam_authenticate: %s" -msgstr "pam_authenticate: %s" +msgid "PAM authentication error: %s" +msgstr "Błąd uwierzytelniania PAM: %s" -#: plugins/sudoers/auth/pam.c:332 -msgid "Password: " -msgstr "Hasło: " - -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "Hasło:" +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "nie udało się ustanowić danych uwierzytelniających: %s" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "nie istniejesz w bazie danych %s" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "nie udało się zainicjować biblioteki ACE API" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "nie udało się połączyć z serwerem SecurID" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "ID użytkownika zablokowany dla uwierzytelnienia SecurID" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "błędna długość nazwy użytkownika dla SecurID" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "błędny uchwyt uwierzytelnienia dla SecurID" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "błąd komunikacji SecurID" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "nieznany błąd SecurID" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "błędna długość hasła dla SecurID" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "nie udało się zainicjować sesji SIA" -#: plugins/sudoers/auth/sudo_auth.c:121 -msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." -msgstr "W sudo wkompilowano błędne metody uwierzytelniania! Można mieszać samodzielne i niesamodzielne sposoby uwierzytelniania." +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "błędne metody uwierzytelniania" -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "W sudo wkompilowano błędne metody uwierzytelniania! Nie można mieszać samodzielnych i niesamodzielnych sposobów uwierzytelniania." + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "brak metod uwierzytelniania" + +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "W sudo nie wkompilowano żadnych metod uwierzytelniania! Aby wyłączyć uwierzytelnianie, proszę użyć opcji konfiguracyjnej --disable-authentication." -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Metody uwierzytelniania:" @@ -224,10 +236,10 @@ msgstr "getaudit: niepowodzenie" msgid "Could not determine audit condition" msgstr "Nie udało się określić warunku audytowego" -#: plugins/sudoers/bsm_audit.c:101 +#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160 #, c-format -msgid "getauid failed" -msgstr "getauid nie powiodło się" +msgid "getauid: failed" +msgstr "getauid: niepowodzenie" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 #, c-format @@ -254,108 +266,40 @@ msgstr "au_to_return32: niepowodzenie" msgid "unable to commit audit record" msgstr "nie udało się zatwierdzić rekordu audytowego" -#: plugins/sudoers/bsm_audit.c:160 -#, c-format -msgid "getauid: failed" -msgstr "getauid: niepowodzenie" - #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text: niepowodzenie" -#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:818 -#, c-format -msgid "unable to open %s" -msgstr "nie udało się otworzyć %s" - -#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "nie udało się zapisać do %s" - -#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 -#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "nie udało się wykonać mkdir %s" - -#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 -#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 -#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 -#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 -#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, %s overflow" -msgstr "błąd wewnętrzny, przepełnienie %s" - -#: plugins/sudoers/check.c:460 -#, c-format -msgid "timestamp path too long: %s" -msgstr "ścieżka znacznika czasu zbyt długa: %s" - -#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s istnieje, ale nie jest katalogiem (0%o)" - -#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 -#: plugins/sudoers/check.c:583 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "właścicielem %s jest uid %u, powinien być uid %u" - -#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "%s zapisywalny nie tylko dla właściciela (uprawnienia 0%o, powinny być 0700)" - -#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 -#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 -#, c-format -msgid "unable to stat %s" -msgstr "nie udało się wykonać stat na %s" - -#: plugins/sudoers/check.c:577 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s istnieje, ale nie jest zwykłym plikiem (0%o)" - -#: plugins/sudoers/check.c:589 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "%s zapisywalny nie tylko dla właściciela (uprawnienia 0%o, powinny być 0600)" - -#: plugins/sudoers/check.c:643 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "znacznik czasu zbyt daleko w przyszłości: %20.20s" - -#: plugins/sudoers/check.c:690 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "nie udało się usunąć %s (%s), zostanie zresetowany do epoch" - -#: plugins/sudoers/check.c:698 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "nie udało się zresetować %s do epoch" +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Ufamy, że lokalny administrator udzielił odpowiedniego szkolenia.\n" +"Zwykle sprowadza się ono do tych trzech rzeczy:\n" +"\n" +" 1) należy respektować prywatność innych,\n" +" 2) należy myśleć przed pisaniem,\n" +" 3) z dużą władzą wiąże się duża odpowiedzialność.\n" +"\n" -#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 -#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "nieznany uid: %u" -#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "nieznany użytkownik: %s" @@ -721,187 +665,201 @@ msgstr "Zbiór dozwolonych uprawnień" msgid "Set of limit privileges" msgstr "Zbiór ograniczonych uprawnień" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Uruchomienie poleceń na pseudoterminalu w tle" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Utworzenie nowej sesji PAM dla uruchamianego polecenia" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "Maksymalny numer sekwencji logu we/wy" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "nieznany wpis domyślny `%s'" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "błędna wartość `%s' dla opcji `%s'" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "nie podano wartości dla `%s'" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "wartości `%s' muszą zaczynać się od '/'" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "opcja `%s' nie przyjmuje wartości" +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 +#, c-format +msgid "internal error, %s overflow" +msgstr "błąd wewnętrzny, przepełnienie %s" + #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: uszkodzone envp, niezgodność długości" -#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 -#, c-format -msgid "unable to allocate memory" -msgstr "nie udało się przydzielić pamięci" - -#: plugins/sudoers/env.c:992 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "niestety nie jest dozwolone ustawianie następujących zmiennych środowiskowych: %s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "właścicielem %s musi być uid %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "prawo zapisu do %s może mieć tylko właściciel" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "nie udało się wykonać dlopen %s: %s" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "nie udało się odnaleźć symbolu \"group_plugin\" w %s" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: niezgodna główna wersja wtyczki grup %d, oczekiwano %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Pary lokalnych adresów IP i masek:\n" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s istnieje, ale nie jest katalogiem (0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 +#, c-format +msgid "unable to mkdir %s" +msgstr "nie udało się wykonać mkdir %s" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "nie udało się otworzyć %s" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "nie udało się odczytać %s" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format -msgid "invalid sequence number %s" -msgstr "błędny numer sekwencyjny %s" +msgid "unable to write to %s" +msgstr "nie udało się zapisać do %s" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "nie udało się utworzyć %s" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 -#, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "nie udało się ustawić lokalizacji na \"%s\", użyto \"C\"" - -#: plugins/sudoers/ldap.c:387 +#: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: port zbyt duży" -#: plugins/sudoers/ldap.c:410 +#: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: brak miejsca podczas rozszerzania hostbuf" -#: plugins/sudoers/ldap.c:440 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "nieobsługiwany rodzaj URI LDAP: %s" -#: plugins/sudoers/ldap.c:469 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "błędny URI: %s" -#: plugins/sudoers/ldap.c:475 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "nie można mieszać URI ldap i ldaps" -#: plugins/sudoers/ldap.c:479 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "nie można mieszać ldaps i starttls" -#: plugins/sudoers/ldap.c:498 +#: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: brak miejsca podczas konstruowania hostbuf" -#: plugins/sudoers/ldap.c:572 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "nie udało się zainicjować bazy certyfikatów i kluczy SSL: %s" -#: plugins/sudoers/ldap.c:575 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "aby używać SSL, trzeba ustawić TLS_CERT w %s" -#: plugins/sudoers/ldap.c:992 +#: plugins/sudoers/ldap.c:1062 #, c-format msgid "unable to get GMT time" msgstr "nie udało się pobrać czasu GMT" -#: plugins/sudoers/ldap.c:998 +#: plugins/sudoers/ldap.c:1068 #, c-format msgid "unable to format timestamp" msgstr "nie udało się sformatować znacznika czasu" -#: plugins/sudoers/ldap.c:1006 +#: plugins/sudoers/ldap.c:1076 #, c-format msgid "unable to build time filter" msgstr "nie udało się stworzyć filtra czasu" -#: plugins/sudoers/ldap.c:1225 +#: plugins/sudoers/ldap.c:1295 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "niezgodność przydzielenia sudo_ldap_build_pass1" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1842 #, c-format msgid "" "\n" @@ -910,7 +868,7 @@ msgstr "" "\n" "Rola LDAP: %s\n" -#: plugins/sudoers/ldap.c:1763 +#: plugins/sudoers/ldap.c:1844 #, c-format msgid "" "\n" @@ -919,27 +877,28 @@ msgstr "" "\n" "Rola LDAP: NIEZNANA\n" -#: plugins/sudoers/ldap.c:1810 +#: plugins/sudoers/ldap.c:1891 #, c-format msgid " Order: %s\n" msgstr " Porządek: %s\n" -#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr " Polecenia:\n" -#: plugins/sudoers/ldap.c:2240 +#: plugins/sudoers/ldap.c:2321 #, c-format msgid "unable to initialize LDAP: %s" msgstr "nie udało się zainicjować LDAP: %s" -#: plugins/sudoers/ldap.c:2274 +#: plugins/sudoers/ldap.c:2355 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "wybrano start_tls, ale biblioteki LDAP nie obsługują ldap_start_tls_s() ani ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2510 +#: plugins/sudoers/ldap.c:2591 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "błędny atrybut sudoOrder: %s" @@ -954,64 +913,75 @@ msgstr "nie udało się otworzyć systemu audytowego" msgid "unable to send audit message" msgstr "nie udało się wysłać komunikatu audytowego" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (kontynuacja polecenia) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "nie udało się otworzyć pliku logu: %s: %s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "nie udało się zablokować pliku logu: %s: %s" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Brak użytkownika lub hosta" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "błąd kontroli poprawności" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "użytkownik NIE występuje w sudoers" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "użytkownik NIE jest autoryzowany na hoście" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "polecenie niedozwolone" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s nie występuje w pliku sudoers. Ten incydent zostanie zgłoszony.\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s nie ma uprawnień do uruchamiania sudo na %s. Ten incydent zostanie zgłoszony.\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Niestety użytkownik %s nie może uruchamiać sudo na %s.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Niestety użytkownik %s nie ma uprawnień do uruchamiania '%s%s%s' jako %s%s%s na %s.\n" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "Brak użytkownika lub hosta" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "błąd kontroli poprawności" - -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 -#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 -#: plugins/sudoers/sudoers.c:1540 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: nie znaleziono polecenia" -#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" @@ -1020,11 +990,15 @@ msgstr "" "zignorowano plik `%s' znaleziony w '.'\n" "Proszę użyć `sudo ./%s', jeśli to `%s' ma być uruchomiony." -#: plugins/sudoers/logging.c:352 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "błąd uwierzytelniania" -#: plugins/sudoers/logging.c:376 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "wymagane jest hasło" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" @@ -1032,51 +1006,62 @@ msgstr[0] "%d błędna próba wprowadzenia hasła" msgstr[1] "%d błędne próby wprowadzenia hasła" msgstr[2] "%d błędnych prób wprowadzenia hasła" -#: plugins/sudoers/logging.c:379 -msgid "a password is required" -msgstr "wymagane jest hasło" - -#: plugins/sudoers/logging.c:530 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "nie udało się wykonać fork" -#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "nie udało się wykonać fork: %m" -#: plugins/sudoers/logging.c:589 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "nie udało się otworzyć potoku: %m" -#: plugins/sudoers/logging.c:614 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "nie udało się wykonać dup na stdin: %m" -#: plugins/sudoers/logging.c:650 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "nie udało się wywołać %s: %m" -#: plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "błąd wewnętrzny: za mało miejsca na linię logu" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "nieobsługiwany typ skrótu %d dla %s" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "%s: błąd odczytu" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "skrót dla %s (%s) nie jest w postaci %s" + +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "błąd składni w %s w okolicy linii %d" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "błąd składni w %s" -#: plugins/sudoers/parse.c:414 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1085,386 +1070,380 @@ msgstr "" "\n" "Wpis sudoers:\n" -#: plugins/sudoers/parse.c:416 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " Jako użytkownicy: " -#: plugins/sudoers/parse.c:431 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " Jako grupy: " -#: plugins/sudoers/parse.c:440 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Opcje: " + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "nie udało się wywołać %s" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Wersja wtyczki polityki sudoers %s\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Wersja gramatyki pliku sudoers %d\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" Polecenia:\n" -"\t" +"\n" +"Ścieżka do sudoers: %s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ": " +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "ścieżka do nsswitch: %s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:670 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "nie udało się zapamiętać uid-a %u (%s), już istnieje" +msgid "ldap.conf path: %s\n" +msgstr "ścieżka do ldap.conf: %s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "ścieżka do ldap.secret: %s\n" + +#: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "nie udało się zapamiętać uid-a %u, już istnieje" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "nie udało się zapamiętać użytkownika %s, już istnieje" -#: plugins/sudoers/pwutil.c:668 -#, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "nie udało się zapamiętać gid-a %u (%s), już istnieje" - -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "nie udało się zapamiętać gid-a %u, już istnieje" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "nie udało się zapamiętać grupy %s, już istnieje" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "nie udało się zapamiętać listy grup dla %s, już istnieje" + +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "nie udało się przeanalizować grup dla %s" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "przepełnienie stosu uprawnień" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "niedopełnienie stosu uprawnień" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "nie udało się zmienić na gid roota" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "nie udało się zmienić na docelowy gid" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "nie udało się zmienić na docelowy uid" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "nie udało się zmienić na gid sudoers" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "zbyt dużo procesów" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "nie udało się ustawić wektora grup docelowych" -#: plugins/sudoers/sssd.c:251 +#: plugins/sudoers/sssd.c:257 #, c-format -msgid "Unable to dlopen %s: %s" -msgstr "Nie udało się wykonać dlopen %s: %s" +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "nie udało się zainicjować źródła SSS. Czy SSSD jest zainstalowany na tej maszynie?" -#: plugins/sudoers/sssd.c:252 -#, c-format -msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" -msgstr "Nie udało się zainicjować źródła SSS. Czy SSSD jest zainstalowany na tej maszynie?" - -#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 -#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:287 +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nie udało się odnaleźć symbolu \"%s\" w %s" -#: plugins/sudoers/sudo_nss.c:267 +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Pasujące wpisy Defaults dla %s na tym hoście:\n" -#: plugins/sudoers/sudo_nss.c:280 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Wartości specyficzne dla Runas i Command dla %s:\n" -#: plugins/sudoers/sudo_nss.c:293 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Użytkownik %s może uruchamiać na tym hoście następujące polecenia:\n" -#: plugins/sudoers/sudo_nss.c:302 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Użytkownik %s nie ma uprawnień do uruchamiania sudo na %s.\n" -#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 -#: plugins/sudoers/sudoers.c:953 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "problem z wpisami domyślnymi" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "nie znaleziono poprawnych źródeł sudoers, zakończenie" -#: plugins/sudoers/sudoers.c:268 -#, c-format -msgid "unable to execute %s: %s" -msgstr "nie udało się wywołać %s: %s" - -#: plugins/sudoers/sudoers.c:335 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "wg sudoers root nie ma prawa używać sudo" -#: plugins/sudoers/sudoers.c:342 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "brak uprawnień do używania opcji -C" -#: plugins/sudoers/sudoers.c:431 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "właściciel znacznika czasu (%s): nie ma takiego użytkownika" -#: plugins/sudoers/sudoers.c:447 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "brak tty" -#: plugins/sudoers/sudoers.c:448 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "niestety do uruchomienia sudo konieczny jest tty" -#: plugins/sudoers/sudoers.c:498 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "polecenie w bieżącym katalogu" -#: plugins/sudoers/sudoers.c:510 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "niestety brak uprawnień do zachowania środowiska" -#: plugins/sudoers/sudoers.c:1006 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "nie udało się wykonać stat na %s" + +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s nie jest zwykłym plikiem" -#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "właścicielem %s jest uid %u, powinien być %u" -#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "%s jest zapisywalny dla świata" -#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "właścicielem %s jest gid %u, powinien być %u" -#: plugins/sudoers/sudoers.c:1043 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "tylko root może używać `-c %s'" -#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "nieznana klasa logowania: %s" -#: plugins/sudoers/sudoers.c:1089 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "nie udało się rozwiązać nazwy hosta %s" -#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "nieznana grupa: %s" -#: plugins/sudoers/sudoers.c:1190 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Wersja wtyczki polityki sudoers %s\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Wersja gramatyki pliku sudoers %d\n" - -#: plugins/sudoers/sudoers.c:1196 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Ścieżka do sudoers: %s\n" - -#: plugins/sudoers/sudoers.c:1199 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "ścieżka do nsswitch: %s\n" - -#: plugins/sudoers/sudoers.c:1201 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "ścieżka do ldap.conf: %s\n" - -#: plugins/sudoers/sudoers.c:1202 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "ścieżka do ldap.secret: %s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "błędna opcja filtra: %s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "błędny maksymalny czas oczekiwania: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "błędny współczynnik szybkości: %s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s wersja %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/czas: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/czas: %s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Odtwarzanie sesji sudo: %s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Uwaga: ten terminal jest za mały, aby właściwie odtworzyć log.\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Geometria logu to %d x %d, geometria terminala to %d x %d." -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "nie udało się przestawić tty w tryb surowy" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "błędna linia pliku czasu: %s" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "zapis na standardowe wyjście" -#: plugins/sudoers/sudoreplay.c:530 +#: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanospeep: tv_sec %ld, tv_nsec %ld" -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "niejednoznaczne wyrażenie \"%s\"" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "zbyt dużo zagnieżdżonych wyrażeń w nawiasach, maksimum to %d" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "niesparowany ')' w wyrażeniu" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "nieznany warunek wyszukiwania \"%s\"" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s wymaga argumentu" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "błędne wyrażenie regularne: %s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "nie udało się przeanalizować daty \"%s\"" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "niesparowany '(' w wyrażeniu" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "niedozwolone kończące \"or\"" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "niedozwolony kończący \"!\"" -#: plugins/sudoers/sudoreplay.c:1050 -#, c-format -msgid "invalid regex: %s" -msgstr "błędne wyrażenie regularne: %s" - -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "Składnia: %s [-h] [-d katalog] [-m maks_oczek] [-s wsp_szybkości] ID\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "Składnia: %s [-h] [-d katalog] -k [wyrażenie wyszukiwania]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1473,7 +1452,7 @@ msgstr "" "%s - odtwarzanie logów sesji sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1495,11 +1474,11 @@ msgstr "" " -s wsp_szybkości przyspieszenie lub spowolnienie wyjścia\n" " -V wyświetlenie informacji o wersji i zakończenie" -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\thost nie znaleziony" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1507,7 +1486,7 @@ msgstr "" "\n" "Polecenie dozwolone" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" @@ -1515,7 +1494,7 @@ msgstr "" "\n" "Polecenie niedozwolone" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1523,90 +1502,132 @@ msgstr "" "\n" "Polecenie nie znalezione" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "ścieżka znacznika czasu zbyt długa: %s" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "właścicielem %s jest uid %u, powinien być uid %u" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s zapisywalny nie tylko dla właściciela (uprawnienia 0%o, powinny być 0700)" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s istnieje, ale nie jest zwykłym plikiem (0%o)" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s zapisywalny nie tylko dla właściciela (uprawnienia 0%o, powinny być 0600)" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "znacznik czasu zbyt daleko w przyszłości: %20.20s" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "nie udało się usunąć %s, zostanie zresetowany do epoch" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "nie udało się zresetować %s do epoch" + +#: plugins/sudoers/toke_util.c:176 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: przepełnienie bufora" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s, wersja gramatyki %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "wciśnięcie return przejdzie do edycji %s: " -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "błąd zapisu" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "nie udało się wykonać stat na pliku tymczasowym (%s), %s nie zmieniony" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "plik tymczasowy (%s) zerowej długości, %s nie zmieniony" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "błąd edytora (%s), %s nie zmieniony" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s nie zmieniony" -#: plugins/sudoers/visudo.c:486 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "nie udało się ponownie otworzyć pliku tymczasowego (%s), %s nie zmieniony." -#: plugins/sudoers/visudo.c:496 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "nie udało się przeanalizować pliku tymczasowego (%s), nieznany błąd" -#: plugins/sudoers/visudo.c:534 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "błąd wewnętrzny, nie znaleziono %s na liście!" -#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "nie udało się ustawić (uid, gid) %s na (%u, %u)" -#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "nie udało się zmienić uprawnień %s na 0%o" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s i %s nie są na tym samym systemie plików, użycie mv do zmiany nazwy" -#: plugins/sudoers/visudo.c:631 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "polecenie nie powiodło się: '%s %s %s', %s nie zmieniony" -#: plugins/sudoers/visudo.c:641 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "błąd podczas zmiany nazwy %s, %s nie zmieniony" -#: plugins/sudoers/visudo.c:704 +#: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "Co teraz? " -#: plugins/sudoers/visudo.c:718 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1618,92 +1639,87 @@ msgstr "" " (x) wyjście bez zapisu zmian do pliku sudoers\n" " (Q) wyjście i zapisanie zmian w pliku sudoers (NIEBEZPIECZNE!)\n" -#: plugins/sudoers/visudo.c:759 -#, c-format -msgid "unable to execute %s" -msgstr "nie udało się wywołać %s" - -#: plugins/sudoers/visudo.c:766 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "nie udało się uruchomić %s" -#: plugins/sudoers/visudo.c:792 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: błędny właściciel, (uid, gid) powinny wynosić (%u, %u)\n" -#: plugins/sudoers/visudo.c:799 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: błędne uprawnienia, powinny być 0%o\n" -#: plugins/sudoers/visudo.c:824 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "nie udało się przeanalizować pliku %s, nieznany błąd" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "błąd składni w %s w okolicy linii %d\n" -#: plugins/sudoers/visudo.c:840 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "błąd składni w %s\n" -#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: składnia poprawna\n" -#: plugins/sudoers/visudo.c:899 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s zajęty, proszę spróbować później" -#: plugins/sudoers/visudo.c:943 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "podany edytor (%s) nie istnieje" -#: plugins/sudoers/visudo.c:966 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "nie udało się wykonać stat na edytorze (%s)" -#: plugins/sudoers/visudo.c:1014 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "nie znaleziono edytora (ścieżka = %s)" -#: plugins/sudoers/visudo.c:1108 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Błąd: cykl w %s_Alias `%s'" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Uwaga: cykl w %s_Alias `%s'" -#: plugins/sudoers/visudo.c:1112 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Błąd: %s_Alias `%s' użyty, ale nie zdefiniowany" -#: plugins/sudoers/visudo.c:1113 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Uwaga: %s_Alias `%s' użyty, ale nie zdefiniowany" -#: plugins/sudoers/visudo.c:1248 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: nie użyty %s_Alias %s" -#: plugins/sudoers/visudo.c:1304 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -1712,7 +1728,7 @@ msgstr "" "%s - bezpieczna edycja pliku sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1306 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1732,24 +1748,6 @@ msgstr "" " -s ścisłe sprawdzanie składni\n" " -V wyświetlenie informacji o wersji i zakończenie" -#: toke.l:820 +#: toke.l:886 msgid "too many levels of includes" msgstr "za dużo poziomów include" - -#~ msgid "internal error, expand_prompt() overflow" -#~ msgstr "błąd wewnętrzny, przepełnienie expand_prompt()" - -#~ msgid "internal error, sudo_setenv2() overflow" -#~ msgstr "błąd wewnętrzny, przepełnienie sudo_setenv2()" - -#~ msgid "internal error, sudo_setenv() overflow" -#~ msgstr "błąd wewnętrzny, przepełnienie sudo_setenv()" - -#~ msgid "internal error, linux_audit_command() overflow" -#~ msgstr "błąd wewnętrzny, przepełnienie linux_audit_command()" - -#~ msgid "internal error, runas_groups overflow" -#~ msgstr "błąd wewnętrzny, przepełnienie runas_groups" - -#~ msgid "internal error, init_vars() overflow" -#~ msgstr "błąd wewnętrzny, przepełnienie init_vars()" diff --git a/plugins/sudoers/po/sl.mo b/plugins/sudoers/po/sl.mo index d24b0660dcc14f371537bf33ce20bc03da26cb58..b01ae84e36dbbdea05808b40780190b4a4428f1d 100644 GIT binary patch delta 8791 zcmZA633wIdy~pu^uqEsP0%6Mp2#}D3BqS_>K-f3K7B*3VNiu|!P>H)1{6$KQpyB4iQ@j~r&t4bBU6{Yt3J2Pp0?mYg_=Y8LK=iO(_qrbVm z`Tch_kDN_zvB%(=*UT__|huX<2KVU+EZ{hQeYg!&iD+f!C^;iOXd@lf z@g(Gyu>xt^xCzzpAvEz-)QrD$?Mg;79*wy;5B1zetit;+GM+@zAZO{WK(@=+hQ07! z)Xb0JSUiK{u;*aID8MDC26vza_!t)AJE(eXSa+?^G}Hi=qXv8{>bZwAS${S3CI#v+ zAX7z<ral;Oi$B2=_(>fG0Pz_b{qX&NL=1(FA)%X#$T_%yAfdf` z8GGY5*abWC(yQVAXkrPf{!&!^^{B0R0DI!=*a<(w4tNPQpu};8F&k5{D|%1^T0f5U z??qxa1zNI4k%MoXK`mL^Qs=N0q3X>?4X7T~(00^^!}1oY!;5ad!vw=G%+8 zps%6^c+T}(RQ;9_PLM|212xhSsHI_cs2Pg zs1-bioLi$U@3sa!2@BARdL1MC+=ADz9|bz1no)n$1LNHMO4Jr@L5=(ns{RY^{lDTs z^3C{2=()kDLp>K&z8MGML#XH8Mz$nkd`ChvOP=PKhgykQZr+FL_+}h{Poh@n1Jo(M z;M#`e(2AL;y)Qx&XQ7_=qYmYrs0kdvo_hbEA)(jgJPV>6-M*{x!x@}irV|PP!E2I z8u8DlCG9@Td42Lw11Uw-pX=&H4d6yB!Uu3Xe(2s$<0GK08;x42*|S-HEqMh6@&;^+ zkDylKY19l)V}CT}IEQHf=8&C;7Su|-h??;nmK_ z)?hCAyHGQH1;^qKs0K%_bUrMVm`;8ZYRT`#GCYTm;82fK|14@t6B$*1EXP*38e8M~ z8rDCP#5M~0;-jcT^#%^X&r$bNYMnz>iW+bb2jP=A89%~e%&2p=U^!}lcc40c8pq*T z)S>R{btXE?%lfOsbrfjN?m!)mqplZRGknfoExaGqm9C00*IjEW5fP?XI*E4Q;i&aiXxu`Qxhr@9nmg9SPBMu2TXXXfM zLd}BCa|2K-P=Ox22Zv&$UC0^n7%ZURIxNLUPy_oK)zP4^bAKrgAioo}6;EJ$yo80= zropLSf;yxjoPyW8`PZ=v`E%Hd{*CWQXbU>8c9tp|Q^-%jj(82~Y=qn|r%=y-9hd!Y(ddjQ6|d$-4yNLE)WGgV?e%k*ho55+ z_FCgKI2W0TaV@6eZq$GuL9NtluHRrE^4+gErzTH}9 zILq7Gduv()`7QCqMU`8FB9i?IJ{AaR59p(sQh zqV-scG1QV@#F3b>(K%d8Q622Td_0Q1@JlzJxXC#?qcM&0nW&CyQSI+Sou!vHF_IDz z-%~IG3pYCr)}aQr7d3#FaR^>QJveZSlV5<^ijA0qhf!O09=l`mR%hl}*q3}6s=N+$ zR<=ak3VTsY{5)zazQP`uu+15HZ`2GYq7L6OH@^q0Wx*E`>nX*huV zDjbNnqs~m^4c1k`U>hye1f_3Z?wMIIef!$5H~iU_UJ)O$77g{=P?sI?r=LsHC%>z&VyQk zoj3}Q;BfpJo8j-3CdkIGXY@<|@k=vYOf)C{NsQo$)2OQl=^1K)tAXh2rsD&dvD2QTcwi``uHIA_kNS6j zu0G`Tap5&FrjTyBekNfODU^MWmx-ope^UZ=ILEusnXaj>_qp{V9ul^j(R+J=xa8*b zTD?RpAzBl9-E?Ks$a3Trj=!Q{JVfYItgD@akx0Ey-Sn5Zg?N>CnJ6W=G=Dy|R2+$u ziED`>B7x9rq-&)^{OQ91ii*cOzhS)_sNpz;(KTy|N z2jgbVe>ykDV%RP0iysijh`mJoqRvMoMi6#$x)A^6mQNQb#wKa=MiAX21iDquSL!^f^b3Y%ikf|nC6KSdtYu~#lA(FJn zHba4MFl09R!{$n>!8QYSrR{03tIW_!+YAT8R-IXASBAm?+guUwd*j7*{z{6=8-pR+ zn>4=4>+yMlp@0?g2Xf8nA?K;OMzg~2sSBD_{?$G+hbDe4hndW>RtTij_6@JE}F^3xKZTI%DOmmSZ zw9>2&*jC7__pi1CW~JY22i=kYUHE-LPlcz>6Kc#&N;0Ao(z+zht`B)AE;ggf(+UTS z44TDeM$pKJCkFGp*YZ`-jxXf#h3%?LZblzX>l=GCtxrPq-F|to_WhHa_s`18GRr4V zTrh9?{3}h5kKuVOHEWVGGgg}1kCkL(C*)7m;B3<}efDZ|&iFDjXa|E$6}99|J+fkf zu+Q|wss}&bGOf(I*5eI(&FMpDn|1zbo>~>QeU-N93wtZWRJsULX*fQ%w zjSMBeq7_zUZFRsO_Ep8+E|}XqDHLclt!m5T%Z>FaDoJeZwL>fYRl#WK*oUGm$6ZRX z!VHBOS2~k$Z^wQd_gstUA1BR>&YV1>gW9V%>)3fsGP-JVR`jLGs}lVFP;|_cv{=cM z>}Ih|QwKHgQf~#=_;~f8vmU|d-sug|)EP%(Kh1bIAz?&Ce)ROL$wk9*@(OeE3e5bx z;=(-Ad3i~5X6MYa8$4Q}oJlNPv00Fp@6;P^=8Y;YER4>cot-!;e^_a?*YecGw$AR{ zEOl|tRNH6A4`i`9$8T48LS}w$QEpLe&zyWt{X#oXV~2cxv%&J3HMSY74OI9%wPujX z*j|5wdGcA?d|1;W*ymH#>1a{{*46XbB(*|cF-*=+wB zUPYV7!nM|#UmWy>cAclzGQIv2J2X(Ab#lLDHmJ~V`m3t_4gUCub;$LGE#PTSv6C)K z@}GP*J{^wy+4AY#|KE{UPdeqXjQN=@qKg*Kh&{M?OY=0H@P*Dg_&mH_RaU6h!)%&P z_pGb7Cgd#$hFB{P$Fs(-)17TLn6+$Myom2Xl|McakLG37Saq?tmM&|RHOs1Luutq@ z<+Pei+-I3A7yDkv9IJeG1Dj*%?8k=M!&~-SVzECABEBZ{K>K`xthz91{~D{RCLF7( zS=&5yPQV}Zc>OGC P-J-FrAH`nZR@UNQu;ET} delta 7910 zcmZYD34E2sxySLzLWF>j00{|%voR*GPIFBWZo|GdK$@12j&`OeI{%{(*j3-ZK{ z;71+|_MK}R`hcN~3o<4Sw}u;YoO-J$^%@gFX9PxCldui#Y;21~wmlWw)1HeFT)zzO z$9p=v*T*Ng=l90eoHqoykIzi79UhG2zyj0*S7AQ-k^jse`00X|u|KwVjETXqn2P0? zhFdTipFAB181-oUdCWdNHL}pCSe&Cpl>jhUr

KS!3!BycyKI1rVQJFoy7 za1aJC3$LOEl-kuD=t#_=U4=StH!5@IQ3JV#8hAIRuj`7tvHp5ch3#02nY8z!*8W56 zjxj8(GE#&N&c)ui9yQ=+kx82Oun@ns#|Ln+CQym}a2@KtFJlQ_?@s=;hD9t)JG=|y zaWm%PQ&^3kAonz5(~Zf)#i$1ckV%;ja3GqVP5+q!RDTufx~<4F%~90Azr;2e>mx5Z zF%6Z{38>Vq!F%xpa;}-kRT}6@WR=VzY=LJn96v*nW&V!Z%rP16?(d1}FF|f)YEjqk z!eaEDpu*%#IC<9$`d}Yyz+t!#m65BcrE1G4m6=|s8<(L5b}vTaaU>b$l^h--UYMVboH+hgyQ~u^o2eRq*M?y{R}j0(HTB)CHSROA^42cork@ zAJ`hhScf(kh2t;<+hZeYK%1}=K8DKJi^%>oU!XG9p}@ZXgZa8>ATv-mxC`}xxCgbV z4q`mMf*QzqjKS-u0Y?pTXO@c^&_vYrvr#i$hZ@j!)Wi;=_R5(-KDTn6jxahB3f&V@ zQ6nFRN@*o(fGbd&>LJuXUqB7;r1d=N{Hv$|hq2QVFaY>p;C7e*>C0=YDQV?RNgo<4fXnMvF#(6MEeqILXkt=^LwJ& zzNu8SHg%|x??jF4AnL+5P$zzc`cAaqtD%AAq8>aQ)xXyE{|dGHKR{itS3(o)VjYai z$V|8GGd?OBz)noY-=b3W6>66U4Reh}r7jb-_9fPt=+It_y3fO?&3OVfp;M?m^JmoC z5;WZX0>)rxz5fMNbi?WBU?VDp528l;DkkCud%PLzqZ_B9*1kU~L!(gVm!k&09&_+f z)Oqh>(?BqjcF;)9=lLd^ic&ra^?Frf9In9b_y~5z*U`aCsFb!Dl@86c^;mbe_s3M)Gq5MF!Owz>c?PwH+s3;y z-jAB$G21?k5wtJb{%d$E*R`3zHvl_NbSJiFl6(E3N#tK6d7X|{_(#;pKSpKbDr$f& zCo>C7MGf=-cEPjAa+>c^GaNp}-Sst?PWyh;^+!>eJ%hX$<_hLuKi^b$GgM=OA-;)&u+{DEUq(k`8to~lCG%kz?nHfxeS2)> zUDWOky~F)eEEzTOO4Q8Oq2A}GF$+&(A_m{-W+EB&`VL1uuo^XyZK%!s8Y)wtVlbvp zYkHo~^ro_aj&aB_K}uD#d$| zWSVoR&6r#2_7BG{djFSG$>hLpjKNc=k^c?*W5=29@yV!xtwUwvC~C&%?eVZ#Zbtf{ z_Qsv4^H-qm^J`4N%c!M{@bJy>QJF}E{bP2a_P|xtNW0Ee3TAs!(w4HKyQw_yiXpchefk~+QF2|0z1GO~I+T$0>$-g$!t@GTG7GhW0Yp@uf z#yq@&N@dRqcYt2hgV*CA+=trDe?`r(6KT=|N22zC*Sg($5|ilJR5EHv z7nb8jJc6UJxYpfl_oFU6gqracWU?lUSEo1bKn?UQR7P7abiW4$sDb%V&v_Pg{1Pey zzQj5=^(A;K9h*=odkA&G+t?OE>)qF_1FBt$?QkJ>!nLTB@5Wes5tXsi*ap8s?S=19 zOBC18^vAi+jG_`j$1F_3g{Tv@Vo!V(mFlliOBLVf{@HLlwx{j0ZpC)A_adJJ^Ac(x z9T&L+%farn$6*F8#azAr`>3SSaUOL+^Sj)UCZSR^*g6+G)81^|i;1*X zXll#-xj?hVsXuhlqA!FtqYd)OX7gUZx(+d}@l8y?zn})7 z|844znWzWqHP)Va4D<0M_Qh5!-TMtiO>`0Vz}=|x-(Jay>bOov7IyoIo1$r`HQR_C z@Of0q-$4!N8{6M*mAhwpSc_5T%|xYq6>4b?U<{r>P2eN!grUCG?q8uCRL4||#yZ>H zh??Q!s1cvVZrEatyCZ;A@L#A0My})E>@W`p;Br*vo<|-396Mv{_3i`HF`4#o)cMt@iS5OKc+744%=c83 zny3x#$a-Nc?IG6bsN;)Jsk{$0qdnGRm_Ykas0>|4ZN?saM!RAoY6*8@A|6I%=6y`l z`yaZ=J{Wc5A*c&WQJGkW+H6mucJF5xgd_QR3)z$ZTbj`~)3)@`U|TUB+>{FmA116 zpCEp1+c)TEEBYFaCMMYSF#J1loH#-F{>o1pq4Emx4snq9o=|CS2c)|G*j%d$<&VUl zh@l)Gi$yn`N3*F6Z6Hs)I%_lP)WyR97Ozs_&qU^P-#cpPV6Q^h{c3TCb5w4ol%RD&rPo55TY0H zA~A-zxjaRqoqcF9K1=&!;xsXpI7YN5W)URzN9AQ&za^rHBR?GRnX&eU^KEB)+TDq9 zv>zw75r>JE#LZGd|JWs^iXYHpRMRW?X!~6w}9D6VU z<7jsya*1Nv%WyIgNBt3OLrf=D5f#KwiIc=7qMS(Lyao6zp?`oFLKISu#-F1~3K6O2 zzeKdXy^Khv>VKD7h#J_1T3e1Sh4T*OsMYYw{o|>}yym0g5 zW()t*PEH^!v42QdN`0P_Qt!`C&JN5=jt!2_b4)=&0bS~LYP_C0r>dgH>!g%9`T6;Q zJ*nv-fspP8n*~nweknBYT+W!_K!?7$E&P>*KWpt>*yyd9<8^8pt7m)b0+$PK2?|6G zITG5&Q&m+v$J5|-s=d{mDc~K^G1$LzRHePL`RF6Dx@(o!X{dFQQtFe^oyPi#nsO(pC@FAg z^yeWVeP-wQcZ@H-HLGVvzn+;HPG)vqMnC_h@ttf>wv&~Wmzm{{o{%2itFpGfqOP#K zdU0UXgvg-4qKO$HG0NJMO3%^?n?YM|;om=XL?Gg}uAw*5mosgQzi39=z&+EJ1c(2S zLcg=3eP~nOl1tZy1U~f42n)=am)k6GqxO9R$Jz+s%WTi7SvYPR8-YeRC@de*R}VTu9{}E@zd3@ z{z0qT`VXuc=HIotCG~_K9oa;0bRc5QmLUI-jZvXm+`!JYj|cnbZn!(AroySNEw4Rs zuh*$9t8b|D)aY3(zm_PSht_!N8$63D7^1^iy$fpR)%w5P@Nw#V@6w9O+C^-S+NCv~ fN><*}v=Yuzr;%BBX0tFwN&b}^qXTC)jtTt_=@=Nj diff --git a/plugins/sudoers/po/sl.po b/plugins/sudoers/po/sl.po index b6b130e..af392cc 100644 --- a/plugins/sudoers/po/sl.po +++ b/plugins/sudoers/po/sl.po @@ -3,66 +3,74 @@ # This file is distributed under the same license as the sudo package. # # Damir Jerovšek , 2012. -# Klemen Košir , 2012. +# Klemen Košir , 2012 - 2013. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.6b4\n" +"Project-Id-Version: sudoers 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-13 22:12+0100\n" -"Last-Translator: Klemen Košir \n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-06 09:44+0100\n" +"Last-Translator: Klemen Košir \n" "Language-Team: Slovenian \n" "Language: sl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n%100==4 ? 3 : 0);\n" +"X-Generator: Poedit 1.5.5\n" -#: gram.y:112 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s: %s blizu vrstice %d <<<" +#: confstr.sh:2 plugins/sudoers/auth/pam.c:340 +msgid "Password:" +msgstr "Geslo:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** Varnostni podatki za %h ***" -#: plugins/sudoers/alias.c:125 +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Prosimo, poskusite znova." + +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Vzdevek `%s' je že določen" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "prijavnega razreda uporabnika %s ni mogoče pridobiti" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "ni mogoče začeti overitve bsd" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "neveljavna vrsta overitve" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "ni mogoče nastaviti overitve" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "ni mogoče brati nastavitev fwtk" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "ni se mogoče povezati s strežnikom overitve" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "povezava s strežnikom overitve je bila izgubljena" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -71,47 +79,47 @@ msgstr "" "napaka strežnika overitve:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format msgid "%s: unable to unparse princ ('%s'): %s" msgstr "%s: ni mogoče odrazčleniti princ ('%s'): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: ni mogoče razčleniti '%s': %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve ccache: %s" msgstr "%s: ni mogoče razrešiti ccache: %s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: ni mogoče dodeliti možnosti: %s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: ni mogoče dobiti poverila: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format msgid "%s: unable to initialize ccache: %s" msgstr "%s: ni mogoče začeti ccache: %s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format msgid "%s: unable to store cred in ccache: %s" msgstr "%s: ni mogoče shraniti cred v ccache: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: ni mogoče pridobiti predstojnika gostitve: %s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: ni mogoče preveriti TGT! Možen napad!: %s" @@ -120,98 +128,102 @@ msgstr "%s: ni mogoče preveriti TGT! Možen napad!: %s" msgid "unable to initialize PAM" msgstr "ni mogoče začeti PAM" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:145 msgid "account validation failure, is your account locked?" msgstr "potrditev veljavnosti računa je spodletela, je vaš račun zaklenjen?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:149 msgid "Account or password is expired, reset your password and try again" msgstr "Geslo ali račun je potekel, ponastavite svoje geslo in poskusite znova" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:156 #, c-format msgid "pam_chauthtok: %s" msgstr "pam_chauthtok: %s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:160 msgid "Password expired, contact your system administrator" msgstr "Veljavnost gesla je potekla. Stopite v stik s svojim sistemskim skrbnikom" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:164 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Račun je potekel ali pa nastavitvam PAM primanjkuje odsek \"account\" za sudo, obrnite se na sistemskega skrbnika" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:181 #, c-format msgid "pam_authenticate: %s" msgstr "pam_authenticate: %s" -#: plugins/sudoers/auth/pam.c:332 +#: plugins/sudoers/auth/pam.c:339 msgid "Password: " msgstr "Geslo: " -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "Geslo:" - -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "ne obstajate v podatkovni zbirki %s" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "začenjanje knjižnice ACE API je spodletelo" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "ni mogoče navezati stika s strežnikom SecurID" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "ID uporabnika je zaklenjen zaradi overitve SecurID" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "neveljavna dolžina imena uporabnika za SecurID" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "neveljavna ročica overitve za SecurID" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "sporazumevanje SecurID je spodletelo" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "neznana napaka SecurID" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "neveljavna dolžina gesla za SecurID" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "ni mogoče začeti seje SIA" -#: plugins/sudoers/auth/sudo_auth.c:121 +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "neveljavni načini overitve" + +#: plugins/sudoers/auth/sudo_auth.c:120 msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." msgstr "Neveljavni načini overitve so kodno prevedeni v sudo! Mešate lahko samostojno in nesamostojno overjanje." -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "ni načinov overjanja" + +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Ni načinov overitve, kodno prevedenih v sudo! Če želite izklopiti overjanje, uporabite nastavitveno možnost --disable-authentication." -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Načini overjanja:" @@ -267,98 +279,35 @@ msgstr "getauid: spodletelo" msgid "au_to_text: failed" msgstr "au_to_text: spodletelo" -#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:818 -#, c-format -msgid "unable to open %s" -msgstr "ni mogoče odpreti %s" - -#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "ni mogoče pisati v %s" - -#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 -#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "ustvarjenje mape %s z mkdir ni mogoče" - -#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 -#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 -#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 -#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 -#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, %s overflow" -msgstr "notranja napaka, prekoračitev funkcije %s" - -#: plugins/sudoers/check.c:460 -#, c-format -msgid "timestamp path too long: %s" -msgstr "pot časovnega žiga je predolga : %s" - -#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s že obstaja, toda ni mapa (0%o)" - -#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 -#: plugins/sudoers/check.c:583 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "%s je v lasti ID-ja uporabnika %u, moral bi biti ID uporabnika %u" - -#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti način 0700" - -#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 -#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 -#, c-format -msgid "unable to stat %s" -msgstr "stanja %s ni mogoče dobiti" - -#: plugins/sudoers/check.c:577 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s obstaja, toda ni običajna datoteka (0%o)" - -#: plugins/sudoers/check.c:589 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti način 0600" - -#: plugins/sudoers/check.c:643 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "časovni žig je predaleč v prihodnosti: %20.20s" - -#: plugins/sudoers/check.c:690 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "ni mogoče odstraniti %s (%s), ponastavitev na epoho" - -#: plugins/sudoers/check.c:698 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "%s ni mogoče ponastaviti na epoho" +#: plugins/sudoers/check.c:174 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Verjetno vam je skrbnik sistemov že pridigal o varnosti,\n" +"vendar si vseeno zapomnite naslednja pravila:\n" +"\n" +" #1) Spoštujte zasebnost drugih.\n" +" #2) Premislite, preden izvedete ukaze.\n" +" #3) Velika moč prinaša veliko odgovornost.\n" +"\n" -#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 -#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#: plugins/sudoers/check.c:212 plugins/sudoers/check.c:218 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "neznan ID uporabnika: %u" -#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:215 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "neznan uporabnik: %s" @@ -724,187 +673,201 @@ msgstr "Niz omogočenih dovoljenj" msgid "Set of limit privileges" msgstr "Niz omejenih dovoljenj" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Zaženi ukaze v terminalu v ozadju" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Ustvari sejo PAM, v kateri se bodo ukazi izvajali" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "Največja zaporedna številka dnevnika I/O" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "neznan privzet vnos `%s'" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "vrednost `%s' je neveljavna za možnost `%s'" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "za `%s' ni določena nobena vrednost" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "vrednosti za `%s' se morajo začeti s '/'" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "možnost `%s' ne sprejme vrednosti" +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 +#, c-format +msgid "internal error, %s overflow" +msgstr "notranja napaka, prekoračitev funkcije %s" + #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: pokvarjen envp, neujemanje dolžine" -#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 -#, c-format -msgid "unable to allocate memory" -msgstr "ni mogoče dodeliti pomnilnika" - -#: plugins/sudoers/env.c:992 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "nimate dovoljenj nastavljati naslednjih spremenljivk okolja: %s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s mora biti v lasti ID-ja uporabnika %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s mora biti zapisljiv samo za lastnika" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 #, c-format msgid "unable to dlopen %s: %s" msgstr "ni mogoče uporabiti dlopen %s: %s" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "ni mogoče najti simbola \"group_plugin\" v %s" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nezdružljiva večja različica vstavka skupin %d, pričakovana %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Pari krajevnih naslovov IP in omrežnih mask:\n" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:199 plugins/sudoers/timestamp.c:243 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s že obstaja, toda ni mapa (0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:164 +#: plugins/sudoers/timestamp.c:220 plugins/sudoers/timestamp.c:270 +#, c-format +msgid "unable to mkdir %s" +msgstr "ustvarjenje mape %s z mkdir ni mogoče" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:154 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "ni mogoče odpreti %s" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "ni mogoče brati %s" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:158 #, c-format -msgid "invalid sequence number %s" -msgstr "neveljavna številka zaporedja %s" +msgid "unable to write to %s" +msgstr "ni mogoče pisati v %s" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "ni mogoče ustvariti %s" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 -#, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "ni mogoče nastaviti jezikovne oznake na \"%s\" z uporabo \"C\"" - -#: plugins/sudoers/ldap.c:387 +#: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: vrednost vrat je prevelika" -#: plugins/sudoers/ldap.c:410 +#: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: med razširjanjem hostbuf je zmanjkalo prostora" -#: plugins/sudoers/ldap.c:440 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "nepodprta vrsta uri-ja LDAP: %s" -#: plugins/sudoers/ldap.c:469 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "neveljaven uri: %s" -#: plugins/sudoers/ldap.c:475 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "ni mogoče mešati URI-jev ldap in ldaps" -#: plugins/sudoers/ldap.c:479 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "ni mogoče mešati ldaps in starttls" -#: plugins/sudoers/ldap.c:498 +#: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: med izgradnjo hostbuf je zmanjkalo prostora" -#: plugins/sudoers/ldap.c:572 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "ni mogoče začenjati potrdila SSL in ključa db: %s" -#: plugins/sudoers/ldap.c:575 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "za uporabo SSL-ja morate nastaviti TSL_CERT v datoteki %s" -#: plugins/sudoers/ldap.c:992 +#: plugins/sudoers/ldap.c:996 #, c-format msgid "unable to get GMT time" msgstr "ni mogoče dobiti časa GMT" -#: plugins/sudoers/ldap.c:998 +#: plugins/sudoers/ldap.c:1002 #, c-format msgid "unable to format timestamp" msgstr "ni mogoče oblikovati časovnega žiga" -#: plugins/sudoers/ldap.c:1006 +#: plugins/sudoers/ldap.c:1010 #, c-format msgid "unable to build time filter" msgstr "ni mogoče izgraditi časovnega filtra" -#: plugins/sudoers/ldap.c:1225 +#: plugins/sudoers/ldap.c:1229 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 neujemanje dodelitve" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1776 #, c-format msgid "" "\n" @@ -913,7 +876,7 @@ msgstr "" "\n" "Vloga LDAP: %s\n" -#: plugins/sudoers/ldap.c:1763 +#: plugins/sudoers/ldap.c:1778 #, c-format msgid "" "\n" @@ -922,27 +885,28 @@ msgstr "" "\n" "Vloga LDAP: NEZNANA\n" -#: plugins/sudoers/ldap.c:1810 +#: plugins/sudoers/ldap.c:1825 #, c-format msgid " Order: %s\n" msgstr " Vrstni red: %s\n" -#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#: plugins/sudoers/ldap.c:1833 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1173 #, c-format msgid " Commands:\n" msgstr " Ukazi:\n" -#: plugins/sudoers/ldap.c:2240 +#: plugins/sudoers/ldap.c:2255 #, c-format msgid "unable to initialize LDAP: %s" msgstr "ni mogoče začeti LDAP: %s" -#: plugins/sudoers/ldap.c:2274 +#: plugins/sudoers/ldap.c:2289 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls je določen, toda knjižnice LDAP ne podpirajo ldap_start_tls_s() ali ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2510 +#: plugins/sudoers/ldap.c:2525 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "neveljaven atribut sudoOrder: %s" @@ -957,64 +921,75 @@ msgstr "ni mogoče odpreti nadzornega sistema" msgid "unable to send audit message" msgstr "ni mogoče poslati nadzornega sporočila" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (ukaz) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "ni mogoče odpreti datoteke dnevnika: %s: %s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "ni mogoče zakleniti datoteke dnevnika: %s: %s" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Brez uporabnika ali gostitelja" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "potrjevanje veljavnosti ni uspelo" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "uporabnika NI v sudoers" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "uporabnik NI pooblaščen na gostitelju" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "ukaz ni dovoljen" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ni v datoteki sudoers. Ta dogodek bo zabeležen.\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s nima dovoljenj za izvajanje sudo na %s. Ta dogodek bo zabeležen.\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Uporabnik %s ne sme izvajati sudo na %s.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Uporabnik %s ne sme zagnati '%s%s%s' kot %s%s%s na %s.\n" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "Brez uporabnika ali gostitelja" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "potrjevanje veljavnosti ni uspelo" - -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 -#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 -#: plugins/sudoers/sudoers.c:1540 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: ukaza ni bilo mogoče najti" -#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" @@ -1023,11 +998,15 @@ msgstr "" "prezrtje `%s', najdenega v '.'\n" "Uporabite `sudo ./%s', če je to `%s', ki ga želite zagnati." -#: plugins/sudoers/logging.c:352 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "napaka overitve" -#: plugins/sudoers/logging.c:376 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "zahtevano je geslo" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" @@ -1036,51 +1015,47 @@ msgstr[1] "%d nepravilen poskus vnosa gesla" msgstr[2] "%d nepravilna poskusa vnosa gesla" msgstr[3] "%d nepravilni poskusi vnosa gesla" -#: plugins/sudoers/logging.c:379 -msgid "a password is required" -msgstr "zahtevano je geslo" - -#: plugins/sudoers/logging.c:530 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "ni mogoče razvejiti" -#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "ni mogoče razvejiti: %m" -#: plugins/sudoers/logging.c:589 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "ni mogoče odpreti cevi: %m" -#: plugins/sudoers/logging.c:614 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "ni mogoče podvojiti stdin: %m" -#: plugins/sudoers/logging.c:650 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "ni mogoče izvesti %s: %m" -#: plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "notranja napaka: premalo prostora za vrstico dnevnika" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "napaka razčlenjevanja v %s blizu vrstice %d" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "napaka med razčlenjevanjem datoteke %s" -#: plugins/sudoers/parse.c:414 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1089,386 +1064,390 @@ msgstr "" "\n" "Vnos sudoers:\n" -#: plugins/sudoers/parse.c:416 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " ZaženiKotUporabniki: " -#: plugins/sudoers/parse.c:431 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " ZaženiKotSkupine: " -#: plugins/sudoers/parse.c:440 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Možnosti: " + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "ni mogoče izvršiti %s" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Vstavek pravilnika sudoers različica %s\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Datoteka slovnice sudoers različica %d\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" Ukazi:\n" -"\t" +"\n" +"Pot sudoers: %s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ": " +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "pot nsswitch: %s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:670 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "ni mogoče predpomniti ID-ja uporabnika %u (%s), že obstaja" +msgid "ldap.conf path: %s\n" +msgstr "pot ldap.conf: %s\n" + +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "pot ldap.secret: %s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "ni mogoče predpomniti ID-ja uporabnika %u, že obstaja" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "ni mogoče predpomniti uporabnika %s, že obstaja" -#: plugins/sudoers/pwutil.c:668 -#, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "ni mogoče predpomniti ID-ja skupine %u (%s), že obstaja" - -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "ni mogoče predpomniti ID-ja skupine %u, že obstaja" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "ni mogoče predpomniti skupine %s, že obstaja" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "seznama skupina za %s ni mogoče predpomniti, saj že obstaja" + +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "skupin za %s ni mogoče razčleniti" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "prekoračitev trajnega sklada" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "prekoračitev spodnje meje trajnega sklada" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "številke skupine skrbnika ni mogoče spremeniti" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "ni mogoče spremeniti v ID-ja skupine runas" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "ni mogoče spremeniti v ID-ja uporabnika runas" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "ni mogoče spremeniti ID-ja skupine sudoers" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "preveč opravil" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "ni mogoče nastaviti vektorja skupine runas" -#: plugins/sudoers/sssd.c:251 +#: plugins/sudoers/sssd.c:256 #, c-format msgid "Unable to dlopen %s: %s" msgstr "ni mogoče uporabiti dlopen %s: %s" -#: plugins/sudoers/sssd.c:252 +#: plugins/sudoers/sssd.c:257 #, c-format msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Vira SSS ni mogoče zagnati. Ali je SSSD pravilno nameščen?" -#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 -#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:287 +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "simbola \"%s\" ni mogoče najti v %s" -#: plugins/sudoers/sudo_nss.c:267 +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Ujemajoči vpisi privzetih vrednosti za %s na tem gostitelju:\n" -#: plugins/sudoers/sudo_nss.c:280 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas in ukazno določene privzete vrednosti za %s:\n" -#: plugins/sudoers/sudo_nss.c:293 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Na tem gostitelju lahko uporabnik %s zažene naslednje ukaze:\n" -#: plugins/sudoers/sudo_nss.c:302 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Uporabniku %s ni dovoljeno zagnati sudo na %s.\n" -#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 -#: plugins/sudoers/sudoers.c:953 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "težave z vnosi privzetih vrednosti" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "najdenih niso bili nobeni veljavni viri sudoers, končanje" -#: plugins/sudoers/sudoers.c:268 -#, c-format -msgid "unable to execute %s: %s" -msgstr "ni mogoče zagnati %s: %s" - -#: plugins/sudoers/sudoers.c:335 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers določa, da skrbniku ni dovoljeno uporabiti sudo" -#: plugins/sudoers/sudoers.c:342 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "ni vam dovoljeno uporabiti možnosti -C" -#: plugins/sudoers/sudoers.c:431 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "lastnik časovnega žiga (%s): ni takšnega uporabnika" -#: plugins/sudoers/sudoers.c:447 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "brez tty" -#: plugins/sudoers/sudoers.c:448 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "za izvajanje sudo morate imeti tty" -#: plugins/sudoers/sudoers.c:498 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "ukaz v trenutni mapi" -#: plugins/sudoers/sudoers.c:510 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "nimate dovoljenj za ohranjanje okolja" -#: plugins/sudoers/sudoers.c:1006 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:215 +#: plugins/sudoers/timestamp.c:259 plugins/sudoers/timestamp.c:327 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "stanja %s ni mogoče dobiti" + +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s ni običajna datoteka" -#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#: plugins/sudoers/sudoers.c:729 toke.l:842 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s je v lasti ID-ja uporabnika %u, moral bi biti %u" -#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#: plugins/sudoers/sudoers.c:733 toke.l:849 #, c-format msgid "%s is world writable" msgstr "v datoteko %s lahko zapisujejo vsi uporabniki" -#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#: plugins/sudoers/sudoers.c:736 toke.l:854 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s je v lasti ID-ja skupine %u, moral bi biti %u" -#: plugins/sudoers/sudoers.c:1043 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "samo skrbnik lahko uporabi `-c %s'" -#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "neznan razred prijave: %s" -#: plugins/sudoers/sudoers.c:1089 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "ni mogoče razrešiti gostitelja %s" -#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "neznana skupina: %s" -#: plugins/sudoers/sudoers.c:1190 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Vstavek pravilnika sudoers različica %s\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Datoteka slovnice sudoers različica %d\n" - -#: plugins/sudoers/sudoers.c:1196 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Pot sudoers: %s\n" - -#: plugins/sudoers/sudoers.c:1199 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "pot nsswitch: %s\n" - -#: plugins/sudoers/sudoers.c:1201 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "pot ldap.conf: %s\n" - -#: plugins/sudoers/sudoers.c:1202 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "pot ldap.secret: %s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "neveljavna možnost filtra: %s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "neveljavna zgornja meja čakanja: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "neveljaven dejavnik hitrosti: %s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s različica %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/časovna uskladitev: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/časovna uskladitev: %s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Izpisovanje dnevnika seje sudo: %s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Opozorilo: terminal je premajhen za pravilno izpisovanje dnevnika.\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Geometrija dnevnika je %d x %d, medtem ko je geometrija terminala %d x %d." -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "ni mogoče nastaviti tty na surov način" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "neveljavna vrstica datoteke časovne uskladitve: %s" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "pisanje na standardni izhod" -#: plugins/sudoers/sudoreplay.c:530 +#: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "dvoumen izraz \"%s\"" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "preveč izrazov z oklepaji, največje število %d" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "v izrazu je neujemajoč ')'" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "naznan iskalni izraz \"%s\"" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s zahteva argument" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 #, c-format msgid "invalid regular expression: %s" msgstr "neveljaven logični izraz: %s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "ni mogoče razčleniti datuma \"%s\"" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "v izrazu je neujemajoč '('" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "neveljaven zaključni \"or\"" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "neveljaven zaključni \"!\"" -#: plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regex: %s" msgstr "neveljavni logični izraz: %s" -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "uporaba: %s [-h] [-d mapa] [-m zg_meja_čakanja] [-s faktor_hitrosti] ID\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "uporaba: %s [-h] [-d mapa] -l [iskalni izraz]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1477,7 +1456,7 @@ msgstr "" "%s - ponovno predvajaj dnevnike sej sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1499,11 +1478,11 @@ msgstr "" " -s faktor_hitrosti pospeši ali upočasni izhod\n" " -V prikaži podrobnosti o različici in končaj" -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\tgostitelj se ne ujema" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1511,7 +1490,7 @@ msgstr "" "\n" "Ukaz je dovoljen" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" @@ -1519,7 +1498,7 @@ msgstr "" "\n" "Ukaz je bil zavrnjen" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1527,90 +1506,132 @@ msgstr "" "\n" "Ukaz se ne ujema" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:128 +#, c-format +msgid "timestamp path too long: %s" +msgstr "pot časovnega žiga je predolga : %s" + +#: plugins/sudoers/timestamp.c:202 plugins/sudoers/timestamp.c:246 +#: plugins/sudoers/timestamp.c:291 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "%s je v lasti ID-ja uporabnika %u, moral bi biti ID uporabnika %u" + +#: plugins/sudoers/timestamp.c:207 plugins/sudoers/timestamp.c:251 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti način 0700" + +#: plugins/sudoers/timestamp.c:285 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s obstaja, toda ni običajna datoteka (0%o)" + +#: plugins/sudoers/timestamp.c:297 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti način 0600" + +#: plugins/sudoers/timestamp.c:352 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "časovni žig je predaleč v prihodnosti: %20.20s" + +#: plugins/sudoers/timestamp.c:406 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "%s ni mogoče odstraniti" + +#: plugins/sudoers/timestamp.c:413 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "%s ni mogoče ponastaviti na epoho" + +#: plugins/sudoers/toke_util.c:221 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: prekoračitev medpomnilnika" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s različica slovnice %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "za urejanje %s pritisnite return: " -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "napaka med pisanjem" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "ni mogoče začeti začasne datoteke (%s), %s nepsremenjeno" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "začasna datoteka brez dolžine (%s), %s nespremenjena" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "urejevalnik (%s) je spodletel, %s nespremenjen" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s nespremenjeno" -#: plugins/sudoers/visudo.c:486 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "ni mogoče ponovno odpreti začasne datoteke (%s), %s je nespremenjen." -#: plugins/sudoers/visudo.c:496 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "ni mogoče razčleniti začasne datoteke (%s), neznana napaka" -#: plugins/sudoers/visudo.c:534 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "notranja napaka, na seznamu ni mogoče najti %s!" -#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "ni mogoče nastaviti (ID uporabnika, ID skupine) od %s do (%u, %u)" -#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "ni mogoče spremeniti načina iz %s na 0%o" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s in %s nista na enakem datotečnem sistemu, uporaba mv za preimenovanje" -#: plugins/sudoers/visudo.c:631 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "ukaz je spodletel: '%s %s %s', %s nespremenjen" -#: plugins/sudoers/visudo.c:641 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "napaka med preimenovanjem %s, %s nespremenjen" -#: plugins/sudoers/visudo.c:704 +#: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "Kaj pa zdaj? " -#: plugins/sudoers/visudo.c:718 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1622,92 +1643,87 @@ msgstr "" " (x)končaj brez shranjevanja sprememb v datoteko sudoers\n" " (Q)končaj in shrani spremembe v datoteko sudoers (NEVARNOST!)\n" -#: plugins/sudoers/visudo.c:759 -#, c-format -msgid "unable to execute %s" -msgstr "ni mogoče izvršiti %s" - -#: plugins/sudoers/visudo.c:766 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "ni mogoče zagnati %s" -#: plugins/sudoers/visudo.c:792 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: napačen lastnik (ID uporabnika, ID skupine) moralo bi biti (%u, %u)\n" -#: plugins/sudoers/visudo.c:799 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: slaba dovoljenja, moral bi biti način 0%o\n" -#: plugins/sudoers/visudo.c:824 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "razčlenjevanje datoteke %s je spodletelo, neznana napaka" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "napaka razčlenjevanja v %s blizu vrstice %d\n" -#: plugins/sudoers/visudo.c:840 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "napaka razčlenjevanja v %s\n" -#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: uspešno razčlenjeno\n" -#: plugins/sudoers/visudo.c:899 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s zaseden, poskusite ponovno pozneje" -#: plugins/sudoers/visudo.c:943 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "določen urejevalnik (%s) se ne konča" -#: plugins/sudoers/visudo.c:966 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "ni mogoče začeti urejevalnika (%s)" -#: plugins/sudoers/visudo.c:1014 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "najdenega ni nobenega urejevalnika (pot urejevalnika = %s)" -#: plugins/sudoers/visudo.c:1108 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Napaka: kroženje v %s_Alias `%s'" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Opozorilo: kroženje v %s_Alias `%s'" -#: plugins/sudoers/visudo.c:1112 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Napaka: %s_Alias `%s' sklicevan, toda ne določen" -#: plugins/sudoers/visudo.c:1113 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Warning: %s_Alias `%s' sklicevan, toda ne določen" -#: plugins/sudoers/visudo.c:1248 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: neuporabljen %s_Alias %s" -#: plugins/sudoers/visudo.c:1304 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -1716,7 +1732,7 @@ msgstr "" "%s - varno uredi datoteko sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1306 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1736,24 +1752,6 @@ msgstr "" " -s strogo preverjanje skladnje\n" " -V prikaži podrobnosti različice in končaj" -#: toke.l:820 +#: toke.l:815 msgid "too many levels of includes" msgstr "preveč stopenj vključitev" - -#~ msgid "internal error, expand_prompt() overflow" -#~ msgstr "notranja napaka, prekoračitev expand_prompt()" - -#~ msgid "internal error, sudo_setenv2() overflow" -#~ msgstr "notranja napaka, prekoračitev v funkciji sudo_setenv2()" - -#~ msgid "internal error, sudo_setenv() overflow" -#~ msgstr "notranja napaka, prekoračitev sudo_setenv()" - -#~ msgid "internal error, linux_audit_command() overflow" -#~ msgstr "notranja napaka, prekoračitev linux_audit_command()" - -#~ msgid "internal error, runas_groups overflow" -#~ msgstr "notranja napaka, prekoračitev v funkciji runas_groups()" - -#~ msgid "internal error, init_vars() overflow" -#~ msgstr "notranja napaka, prekoračitev init_vars()" diff --git a/plugins/sudoers/po/sudoers.pot b/plugins/sudoers/po/sudoers.pot index faf30ee..33e3c83 100644 --- a/plugins/sudoers/po/sudoers.pot +++ b/plugins/sudoers/po/sudoers.pot @@ -1,13 +1,13 @@ -# SOME DESCRIPTIVE TITLE. +# Portable object template file for the sudoers plugin # This file is put in the public domain. -# FIRST AUTHOR , YEAR. +# Todd C. Miller , 2011-2013 # #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6\n" +"Project-Id-Version: sudo 1.8.7\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" +"POT-Creation-Date: 2013-04-29 14:01-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -17,350 +17,249 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" -#: gram.y:112 -#, c-format -msgid ">>> %s: %s near line %d <<<" +#: confstr.sh:2 +msgid "Password:" msgstr "" -#: plugins/sudoers/alias.c:125 +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "" + +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "" + +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" "%s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format -msgid "%s: unable to unparse princ ('%s'): %s" +msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format -msgid "%s: unable to resolve ccache: %s" +msgid "%s: unable to resolve credential cache: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format -msgid "%s: unable to initialize ccache: %s" +msgid "%s: unable to initialize credential cache: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format -msgid "%s: unable to store cred in ccache: %s" +msgid "%s: unable to store credential in cache: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:100 +#: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" msgstr "" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" msgstr "" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:162 #, c-format -msgid "pam_chauthtok: %s" +msgid "unable to change expired password: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:171 msgid "" "Account expired or PAM config lacks an \"account\" section for sudo, contact " "your system administrator" msgstr "" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:188 #, c-format -msgid "pam_authenticate: %s" -msgstr "" - -#: plugins/sudoers/auth/pam.c:332 -msgid "Password: " +msgid "PAM authentication error: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" msgstr "" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "" -#: plugins/sudoers/auth/sudo_auth.c:121 +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "" + +#: plugins/sudoers/auth/sudo_auth.c:120 msgid "" -"Invalid authentication methods compiled into sudo! You may mix standalone " -"and non-standalone authentication." +"Invalid authentication methods compiled into sudo! You may not mix " +"standalone and non-standalone authentication." +msgstr "" + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" msgstr "" -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "" "There are no authentication methods compiled into sudo! If you want to turn " "off authentication, use the --disable-authentication configure option." msgstr "" -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "" -#: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63 -#: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116 -#: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172 -#, c-format -msgid "getaudit: failed" -msgstr "" - #: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 #, c-format msgid "Could not determine audit condition" msgstr "" -#: plugins/sudoers/bsm_audit.c:101 -#, c-format -msgid "getauid failed" -msgstr "" - -#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 -#, c-format -msgid "au_open: failed" -msgstr "" - -#: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174 -#, c-format -msgid "au_to_subject: failed" -msgstr "" - -#: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178 -#, c-format -msgid "au_to_exec_args: failed" -msgstr "" - -#: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187 -#, c-format -msgid "au_to_return32: failed" -msgstr "" - #: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 #, c-format msgid "unable to commit audit record" msgstr "" -#: plugins/sudoers/bsm_audit.c:160 -#, c-format -msgid "getauid: failed" -msgstr "" - -#: plugins/sudoers/bsm_audit.c:183 -#, c-format -msgid "au_to_text: failed" -msgstr "" - -#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:818 -#, c-format -msgid "unable to open %s" -msgstr "" - -#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "" - -#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 -#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "" - -#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 -#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 -#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 -#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 -#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, %s overflow" -msgstr "" - -#: plugins/sudoers/check.c:460 -#, c-format -msgid "timestamp path too long: %s" -msgstr "" - -#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "" - -#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 -#: plugins/sudoers/check.c:583 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "" - -#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "" - -#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 -#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 -#, c-format -msgid "unable to stat %s" -msgstr "" - -#: plugins/sudoers/check.c:577 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "" - -#: plugins/sudoers/check.c:589 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "" - -#: plugins/sudoers/check.c:643 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "" - -#: plugins/sudoers/check.c:690 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "" - -#: plugins/sudoers/check.c:698 -#, c-format -msgid "unable to reset %s to the epoch" +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" msgstr "" -#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 -#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "" -#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:645 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "" @@ -729,224 +628,239 @@ msgstr "" msgid "Set of limit privileges" msgstr "" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "" -#: plugins/sudoers/env.c:367 +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:437 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 #, c-format -msgid "sudo_putenv: corrupted envp, length mismatch" +msgid "internal error, %s overflow" msgstr "" -#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 +#: plugins/sudoers/env.c:367 #, c-format -msgid "unable to allocate memory" +msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "" -#: plugins/sudoers/env.c:992 +#: plugins/sudoers/env.c:1012 #, c-format msgid "" "sorry, you are not allowed to set the following environment variables: %s" msgstr "" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 -#, c-format -msgid "%s: %s" -msgstr "" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format -msgid "unable to read %s" +msgid "%s exists but is not a directory (0%o)" msgstr "" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format -msgid "invalid sequence number %s" +msgid "unable to mkdir %s" msgstr "" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:810 #, c-format -msgid "unable to create %s" +msgid "unable to open %s" +msgstr "" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 +#, c-format +msgid "unable to read %s" +msgstr "" + +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 +#, c-format +msgid "unable to write to %s" msgstr "" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 +#: plugins/sudoers/iolog.c:334 #, c-format -msgid "unable to set locale to \"%s\", using \"C\"" +msgid "unable to create %s" msgstr "" -#: plugins/sudoers/ldap.c:387 +#: plugins/sudoers/ldap.c:407 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "" -#: plugins/sudoers/ldap.c:410 +#: plugins/sudoers/ldap.c:430 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "" -#: plugins/sudoers/ldap.c:440 +#: plugins/sudoers/ldap.c:460 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "" -#: plugins/sudoers/ldap.c:469 +#: plugins/sudoers/ldap.c:489 #, c-format msgid "invalid uri: %s" msgstr "" -#: plugins/sudoers/ldap.c:475 +#: plugins/sudoers/ldap.c:495 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "" -#: plugins/sudoers/ldap.c:479 +#: plugins/sudoers/ldap.c:499 #, c-format msgid "unable to mix ldaps and starttls" msgstr "" -#: plugins/sudoers/ldap.c:498 +#: plugins/sudoers/ldap.c:518 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "" -#: plugins/sudoers/ldap.c:572 +#: plugins/sudoers/ldap.c:592 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "" -#: plugins/sudoers/ldap.c:575 +#: plugins/sudoers/ldap.c:595 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "" -#: plugins/sudoers/ldap.c:992 +#: plugins/sudoers/ldap.c:1081 #, c-format msgid "unable to get GMT time" msgstr "" -#: plugins/sudoers/ldap.c:998 +#: plugins/sudoers/ldap.c:1087 #, c-format msgid "unable to format timestamp" msgstr "" -#: plugins/sudoers/ldap.c:1006 +#: plugins/sudoers/ldap.c:1095 #, c-format msgid "unable to build time filter" msgstr "" -#: plugins/sudoers/ldap.c:1225 +#: plugins/sudoers/ldap.c:1314 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1845 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" -#: plugins/sudoers/ldap.c:1763 +#: plugins/sudoers/ldap.c:1847 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" -#: plugins/sudoers/ldap.c:1810 +#: plugins/sudoers/ldap.c:1894 #, c-format msgid " Order: %s\n" msgstr "" -#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#: plugins/sudoers/ldap.c:1902 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr "" -#: plugins/sudoers/ldap.c:2240 +#: plugins/sudoers/ldap.c:2325 #, c-format msgid "unable to initialize LDAP: %s" msgstr "" -#: plugins/sudoers/ldap.c:2274 +#: plugins/sudoers/ldap.c:2359 #, c-format msgid "" "start_tls specified but LDAP libs do not support ldap_start_tls_s() or " "ldap_start_tls_s_np()" msgstr "" -#: plugins/sudoers/ldap.c:2510 +#: plugins/sudoers/ldap.c:2595 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "" @@ -961,515 +875,532 @@ msgstr "" msgid "unable to send audit message" msgstr "" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "" - -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 -#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 -#: plugins/sudoers/sudoers.c:1540 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "" -#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" -#: plugins/sudoers/logging.c:352 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "" -#: plugins/sudoers/logging.c:376 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "" msgstr[1] "" -#: plugins/sudoers/logging.c:379 -msgid "a password is required" -msgstr "" - -#: plugins/sudoers/logging.c:530 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "" -#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "" -#: plugins/sudoers/logging.c:589 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "" -#: plugins/sudoers/logging.c:614 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "" -#: plugins/sudoers/logging.c:650 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "" -#: plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "" + +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "" -#: plugins/sudoers/parse.c:414 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" "Sudoers entry:\n" msgstr "" -#: plugins/sudoers/parse.c:416 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr "" -#: plugins/sudoers/parse.c:431 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr "" -#: plugins/sudoers/parse.c:440 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr "" + +#: plugins/sudoers/policy.c:527 plugins/sudoers/visudo.c:751 +#, c-format +msgid "unable to execute %s" +msgstr "" + +#: plugins/sudoers/policy.c:669 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "" + +#: plugins/sudoers/policy.c:675 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " +#: plugins/sudoers/policy.c:678 +#, c-format +msgid "nsswitch path: %s\n" msgstr "" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:680 #, c-format -msgid "unable to cache uid %u (%s), already exists" +msgid "ldap.conf path: %s\n" msgstr "" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/policy.c:681 #, c-format -msgid "unable to cache uid %u, already exists" +msgid "ldap.secret path: %s\n" msgstr "" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:148 #, c-format -msgid "unable to cache user %s, already exists" +msgid "unable to cache uid %u, already exists" msgstr "" -#: plugins/sudoers/pwutil.c:668 +#: plugins/sudoers/pwutil.c:190 #, c-format -msgid "unable to cache gid %u (%s), already exists" +msgid "unable to cache user %s, already exists" msgstr "" -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:386 #, c-format msgid "unable to cache gid %u, already exists" msgstr "" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:422 #, c-format msgid "unable to cache group %s, already exists" msgstr "" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:578 plugins/sudoers/pwutil.c:600 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:598 +#, c-format +msgid "unable to parse groups for %s" +msgstr "" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "" -#: plugins/sudoers/sssd.c:251 -#, c-format -msgid "Unable to dlopen %s: %s" -msgstr "" - -#: plugins/sudoers/sssd.c:252 +#: plugins/sudoers/sssd.c:257 #, c-format -msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "" -#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 -#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:287 +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "" -#: plugins/sudoers/sudo_nss.c:267 +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "" -#: plugins/sudoers/sudo_nss.c:280 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "" -#: plugins/sudoers/sudo_nss.c:293 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "" -#: plugins/sudoers/sudo_nss.c:302 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "" -#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 -#: plugins/sudoers/sudoers.c:953 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "" -#: plugins/sudoers/sudoers.c:268 -#, c-format -msgid "unable to execute %s: %s" -msgstr "" - -#: plugins/sudoers/sudoers.c:335 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "" -#: plugins/sudoers/sudoers.c:342 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "" -#: plugins/sudoers/sudoers.c:431 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "" -#: plugins/sudoers/sudoers.c:447 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "" -#: plugins/sudoers/sudoers.c:448 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "" -#: plugins/sudoers/sudoers.c:498 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "" -#: plugins/sudoers/sudoers.c:510 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "" -#: plugins/sudoers/sudoers.c:1006 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:312 plugins/sudoers/visudo.c:577 +#, c-format +msgid "unable to stat %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "" -#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" -#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "" -#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "" -#: plugins/sudoers/sudoers.c:1043 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "" -#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "" -#: plugins/sudoers/sudoers.c:1089 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "" -#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "" -#: plugins/sudoers/sudoers.c:1190 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "" - -#: plugins/sudoers/sudoers.c:1196 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" - -#: plugins/sudoers/sudoers.c:1199 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "" - -#: plugins/sudoers/sudoers.c:1201 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "" - -#: plugins/sudoers/sudoers.c:1202 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "" -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "" -#: plugins/sudoers/sudoreplay.c:530 -#, c-format -msgid "nanosleep: tv_sec %ld, tv_nsec %ld" -msgstr "" - -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1050 -#, c-format -msgid "invalid regex: %s" -msgstr "" - -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1482,112 +1413,154 @@ msgid "" " -V display version information and exit" msgstr "" -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" msgstr "" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" msgstr "" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" msgstr "" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "" + +#: plugins/sudoers/toke_util.c:176 +#, c-format msgid "fill_args: buffer overflow" msgstr "" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:530 #, c-format msgid "press return to edit %s: " msgstr "" -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:328 plugins/sudoers/visudo.c:334 #, c-format msgid "write error" msgstr "" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:416 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:421 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:427 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:450 #, c-format msgid "%s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:486 +#: plugins/sudoers/visudo.c:475 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "" -#: plugins/sudoers/visudo.c:496 +#: plugins/sudoers/visudo.c:485 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "" -#: plugins/sudoers/visudo.c:534 +#: plugins/sudoers/visudo.c:521 #, c-format msgid "internal error, unable to find %s in list!" msgstr "" -#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#: plugins/sudoers/visudo.c:579 plugins/sudoers/visudo.c:588 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "" -#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#: plugins/sudoers/visudo.c:583 plugins/sudoers/visudo.c:593 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:610 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "" -#: plugins/sudoers/visudo.c:631 +#: plugins/sudoers/visudo.c:624 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:641 +#: plugins/sudoers/visudo.c:634 #, c-format msgid "error renaming %s, %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:704 +#: plugins/sudoers/visudo.c:696 msgid "What now? " msgstr "" -#: plugins/sudoers/visudo.c:718 +#: plugins/sudoers/visudo.c:710 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1595,99 +1568,94 @@ msgid "" " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" -#: plugins/sudoers/visudo.c:759 -#, c-format -msgid "unable to execute %s" -msgstr "" - -#: plugins/sudoers/visudo.c:766 +#: plugins/sudoers/visudo.c:758 #, c-format msgid "unable to run %s" msgstr "" -#: plugins/sudoers/visudo.c:792 +#: plugins/sudoers/visudo.c:784 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "" -#: plugins/sudoers/visudo.c:799 +#: plugins/sudoers/visudo.c:791 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "" -#: plugins/sudoers/visudo.c:824 +#: plugins/sudoers/visudo.c:816 #, c-format msgid "failed to parse %s file, unknown error" msgstr "" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:832 #, c-format msgid "parse error in %s near line %d\n" msgstr "" -#: plugins/sudoers/visudo.c:840 +#: plugins/sudoers/visudo.c:835 #, c-format msgid "parse error in %s\n" msgstr "" -#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#: plugins/sudoers/visudo.c:842 plugins/sudoers/visudo.c:847 #, c-format msgid "%s: parsed OK\n" msgstr "" -#: plugins/sudoers/visudo.c:899 +#: plugins/sudoers/visudo.c:894 #, c-format msgid "%s busy, try again later" msgstr "" -#: plugins/sudoers/visudo.c:943 +#: plugins/sudoers/visudo.c:938 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "" -#: plugins/sudoers/visudo.c:966 +#: plugins/sudoers/visudo.c:961 #, c-format msgid "unable to stat editor (%s)" msgstr "" -#: plugins/sudoers/visudo.c:1014 +#: plugins/sudoers/visudo.c:1009 #, c-format msgid "no editor found (editor path = %s)" msgstr "" -#: plugins/sudoers/visudo.c:1108 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1102 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "" -#: plugins/sudoers/visudo.c:1112 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "" -#: plugins/sudoers/visudo.c:1113 +#: plugins/sudoers/visudo.c:1106 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "" -#: plugins/sudoers/visudo.c:1248 +#: plugins/sudoers/visudo.c:1241 #, c-format msgid "%s: unused %s_Alias %s" msgstr "" -#: plugins/sudoers/visudo.c:1304 +#: plugins/sudoers/visudo.c:1303 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" -#: plugins/sudoers/visudo.c:1306 +#: plugins/sudoers/visudo.c:1305 msgid "" "\n" "Options:\n" @@ -1699,6 +1667,6 @@ msgid "" " -V display version information and exit" msgstr "" -#: toke.l:820 +#: toke.l:886 msgid "too many levels of includes" msgstr "" diff --git a/plugins/sudoers/po/tr.mo b/plugins/sudoers/po/tr.mo new file mode 100644 index 0000000000000000000000000000000000000000..a4107391d31fc88a01d3d8ba4d7adb4991d5fb35 GIT binary patch literal 13956 zcmbW7dyE}deaDCLD$64QLMWt^;{;b%JS2n0xQ+-Qmui zxt@nNcLi0|mqd&DpehxQvQR{$s#S?a>$b{P(B8F>Ku}usk5*J|X;ld%D)2ai-Kg#(B&-c9F29Lg&UmQ=p#Pe={ zp66W$|C{T-obtRM0l)B4&pQSFJ@_zaUgmlHcs{@00>k8j0G|Ty20st(0{;bU zfG>EtTlWxnFV~Bp-d_Xn0e=^4gI@yYzynP7dhjavHt>U>=KC^uKltz9L*U)FdERTm zCa8U_ftv5Pz&C+UgPP}`!6V>*g7<;<-|l&@23Noz1K$T820sQ~1^*h{2cCGP=kbcy z1NVUM2M>Xt0UO}ofm-)PuX6L=1HwY@F>o*FgLib>`YOznLJ)ck)^KL1-#bWAa+#vcOT46cB);ID$y;FmzX{{!#@_)>(V_ZC6PXBGSn z@T1^CaQaTS-^alju0H_Y2R;pI|K9<{=l=ou@m|XXuX@uUTkuYTZv-C$A<^FyG<{SL^F_c?xvKYs;^{(l8AE${oF==mXp{gvmz5AX>1 zJ&2zN8xSKpGvj%Wf*%2of!_r+|MV^=$A>_z-v_myUj!NAt%H*P7r;Z{H$lneE|_%? zJPsZJGf;GV8vJ$ei(mj=;ilIAJa`fOH}D8}1ZKV+yb4|cH$d^@P6lhf!=Usx0GZ1B zS&$#^GyJ*?ei>W>cR`HSy#|Vp9|eCL{A2JB!S8_Y06)PdB$w}k(x2N=jx*paco_US zkga)t1}=bK2VV^CX0Y_R0g4_U)H**6z7_lksC|45+z;M`vOET!0ndP+1Z5ZB0;NB9 z;k-o8!=UuyL*Q}ni{MFcib)p1MUY$GI;eHO3?|?=!MB6&#EGz^_i6A`;8(!2V1f}Z zfKP+Eej&^}3cdr>Jih{pj^78xx37WX@Ap9Q=d}nGmU$0=ve$Qm;%5P#0zV7NF1`QF(p!oDbQ1sjYHSV84(eZkOFMU4> zivG)>=zl*bIe!v-75H>{{Z&wOeG9bjvw2*RcNBa%xCH8c6MP<69T9&#%o%e^E+;ta z$9#G5!{9qPZ?8RkA%9C3FK{A$d$3)5z*cJyqE&}z_({(9>Y_XhDB0b~`AW`LaOz+S z_UQ5Z`JC@^msT(P<=`Wanb#Dk-bd}J;SvOMTb&9!@B972uNXO?)cYnlOD2`tI^pdXZv@7re{3-cAzNdrGO{bV&rO)EhL<(-rzkbT$;qc9&# zPfdBdGt(@x!G2gUFn-4mV-xv#km^C0nK;RfA4N)u~h*BGk0gxM#L~KZiVe2 z&dq8VMNkI+`bnAx?P)uIISn(5os~*SgP!9AMci8P<4(|qs9AHuk3|(Sl|n9^UfN|Y zBpG``BmF%0Tiso=5NF4-_ntIQFDxfT>}KfuX~upQ&x*WRQ^daBWqaBwDjk@lw2^9_ z@sLiCn^qcVyP+TPcDd4c1d5#szi9L3FSrEo15qGd_j5Am+qAd=F z*H`^P#FJTY12KKSrGwkc-TTF18=V1 z#}7cGUqrc##hSt7D^b#sydqd)!etFWm@Jyafj3uhiMBaki$Ba)l6E%hok)6p*p-=u z1BrxqR9DQ*H$L+Qx z87EFQIWR21HOh?V+A;%^Uc-3XaBC;F!>?W+zM-`-+N5plGUf__qesM(o9Ts5i1fJa zM@Y|xnK+3X^;;7&PkZOsfkKNVQbJe`Q=(BGqDGe7%IkWMByJGWSV^+nd!*` zXo!=CqH=2^j=+hwx2ULY-T0UrjIHJ^RgQ?Q;OCn>A9#zaaXB*tZQ+F|V?VvVL~mIw zN3ms)jo$8IW#}U-e|A4{p?qi7yMXmt-#o!J%bhJWlmjsZI2bu+TfMzad8-HFcYr~_ zQYkqyFwKFv7D}>?`ZS0V-=zZWqSr%vo(NiInV@9zsLFz@N{npi@i?)=u*KBJ30x?0 zv$%A@U_ZTnuJ9S+3zQW^n5K6zAoW27@Ji93ag~H4Tn?F0QjUGa@6v5d*irSC6vqm` zCIY*S(&=~?6DcMNT1niy6ts$T;iS~LSHzWXS;p((M=y;$pz}pe>9E!vvH{;tfx18Q zTaaIp{#?gdagZa)pQ7p$G+9fjZPrF1XwMjSYu8-*bGa3{yVA2b*VAyXN*m5Co_=Hw z->$H8`O^GFOzK*gCb8U-x#p*#vIU0YIO=KBbalrPw`2AsjVQ=2i1zwN0Lw@p^smgP zrnb&eIh9Io<8ejvy>figp0Rf>y`RfUmTVC5(JJ}XN$V+t$j;sj_pD5K)n~tW34BwG zi&@?>$9`)oVpyX=#xJHcwyc7glRC(?xqNEcyNr3k_kgTNY1Y`0$o2wKB&%u%a6lrh zndpVopr=F;g$WI-RCjJ-OWvc_WL*lnk`Q{VEzX}@SX$g!gkG7*AXEIkD+*))(7Ruu z$tEGy7`OgIo?kqk^n-ZTl%~RUo;)tWK2GR@@e}vcK+L=E(3abo6W*4)dGJJDy9H;* zK_4!V@4AF#c4~L#$!?{fHH-Az(h^yfg4$XmFmos7&D@0rl*Kut@j#b-qJMIjNHp%o z@=4Zrd!#frWf&1GZ02*QInNdjohLjr5fJqu?m~fvpx}_MPW*I z5_bp*J54Xsle^q$OoSIfsp1&3k-vaVTc~kN_HJn{dNK+X)DmWIdDU0sIfg0k^BhB6 z<%-YSolR}OW#Yh3o#pOsPkFAimbWjb+sj1cP(c>&Q8rFl>5Z$4W}r;5nQcu_YC~MH zROQt5OdzX|LW4*LT~bIAMJ7J+)H3SUTpCkU1#`KA$~H?@jt41UXhvbSQmbX0n;MT% z3SCcxCE?PU)+noVoAQdRW9J8#7Upm=)P!WY-yrmyJ;kDR$y zTz6($-7RFPyNl5%vC{3BKg=VGOLnCsrBJ2Vi(Qzt{MNHtz~1g3z11|teY^D(D@f+$ ziLA2fRp|m8!K?aBKMTAIX`*n|SZFsMb-kF`DjzU2(?_NsXdarnXqyI&^I0csH;xyb ztg%D}wvy-l*#iewS68Q%KuoV@2bw&ay0Ey^IH4{FGH#qCn9Q0(2WReU9K63V^MIK- zJbU;Me;+)^z{bUZd~W-=Ll2lk_s!lv^Ol2$7`yl(bdcd&M>>M#y(thK{62wXu$ z-2!aJl3H&vGCMD4qtWHI?6_K=F+)#=8$Cl?t@8|odQ(@Z>uDOI13}MR8Qu_+T6%+t zO%nN=>lCHK8=LFHja>9lw84SRb<3qSpZ#xK3*vB)q{Z6w)bS#Yq@1P$x1%UT9>%}9 z&MceP+kQ7R!;RsS=H_}Z-~oFGm~#-Q_lMEf8jmN#&2<#K8{S-p)pSbi;0WFfeE1iW zvH63J)*0S_at4gMk;lW-4E(j8-?o&;$UbD{t{NEa;l@pN67w_ePaYp`42BzBZKcHn z(=4x>Oq8*&UQ|Q{kKs((hA@e}h>M(57*fiXWiPn7-YFtl4H9;i#3@y4(8VcR%^QTV zx0@D%e9&-XO%#(j$bSq9bjC*`ZmzR4dch`Kqxr!@eo+wkGq=Pq(?c~giqygJB`)%(YBW6&d;59{mpD_tTG4Lw)uG`$oxJ^hhIx045W+EZ_r%}kxbMp zZm#2P251^8R8FLp$H4DvS1}SpmGEWEnbta_&Ebs*zkr&{z6VJ+D`Fa3&in_J`N!cJ z_KCFp3=4+@RDR79MNKr`EzEZV=p(yCD=VM5g~I*iWBe(yFpOHZB9Yl}OYU-j?+_(& zW7r6*Ecsn*fE49Dsz;%yrPekLOYlN4jx8vJUYSvH}YLP~t%w4YU23$VO z_`@e*m191frNJkDm7J0q$P*U>+>-B|brw}wHSbB#1Xl|BF!$#ZXbKu5C#$ z%trle=yB%koh+kiTZ9yRVZnn_23eEvPAZN%&2*6iw<}>VFLA}i&KR1Q zr>w<|Dx0}t(1>-BZ^MPLE3@M;qf8vwC^q2+?e1Z6}Y6g#P)6|XYDAq{?!Uhj98;3!aPH_}j#ZWB~>-Qa>!W)a{)Ex7^PT#^yHE_In-cluM(>^SD*4 z4#)5*3!t)1{vs5hU%caIF)-!xn z#qCKYYZ~XbE61bs*@a-MxxIi?fUgtY@WW#lt&~o_wc-QXilN~XJU2Baz2w@wCl0k@&!Za;rQfA*t_+5Nz^Xt_JsQ+9malKepjDyYxpGO z%DKy2wgt$#g^D07z{m2*gaBcsszZ;YV3#wYn zM6eD5nzFwd@9mcYOh#UWoV|=V<^F8#VGU|aJa7}#P0vxyf_pEkIks?;j$UQH<%Uj{ z6`FH0E`K8ShItfL-yX`34cl~#ZN%1_xE&F+(_k6x#{DU5+EQ2LC4O+)bD93Q65$B!Ummwa*jQCDV|o`5SNBw~AX28h^OB^_bCDj9U+JpEP!Q zzFnUvjfxik*UHuy*p&UuVa;h=HI#18t3GIK3s9pn)JdtneVjk;7Q?B^cI$2@>(g7j zr3{o0Z9SSNv`OVE?3WNaVzVyxZDF*1s_yGfJFnErX^@k%Qpjy;W;UNvTvd3^LRM7l zeb!v_8OM=6(54#4B~_YeUo|l%v`i&ctkG7I6TaoZngLQeV&3CdZY@{UOG>kDuHs%z%w*1GlIQ+&n(N(AL+oyk zoFRoheLpD(MBn0FTZH9UB;|BHld@lLlnLt_&Gzj%m5|v>Ic<4bwqrc!rMOG!WYZ&r z!2h*T1zx4pWtEGgC|!Yd+sdwOv(+C+8g>ctZDj~MFt{=_@~=`JN`q|MX(aJ#%z*s2 zE;Q=TYG}DNETaQ01Qi%hDmNZsNvo?$C68Ma)Mm2lm7RAiYh{sS$=Yco_5Em_@j$g>$d9elu%CKHsX=|b{r)r2*_-z4N1yE-qNH2v z+D#N>qt$m18c8i?N>**N0?Ad;DWu, 2011-2013 +# +msgid "" +msgstr "" +"Project-Id-Version: sudoers 1.8.7b2\n" +"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" +"POT-Creation-Date: 2013-04-17 15:52-0400\n" +"PO-Revision-Date: 2013-04-27 23:41+0200\n" +"Last-Translator: Özgür Sarıer \n" +"Language-Team: Turkish \n" +"Language: tr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Poedit 1.5.5\n" + +#: confstr.sh:2 +msgid "Password:" +msgstr "Parola:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** %h için GÜVENLİK bilgisi ***" + +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Üzgünüm, yeniden deneyin." + +#: plugins/sudoers/alias.c:124 +#, c-format +msgid "Alias `%s' already defined" +msgstr "Takma ad `%s' önceden tanımlanmış" + +#: plugins/sudoers/auth/bsdauth.c:77 +#, c-format +msgid "unable to get login class for user %s" +msgstr "kullanıcı %s için oturum açma sınıfı elde edilemedi" + +#: plugins/sudoers/auth/bsdauth.c:83 +msgid "unable to begin bsd authentication" +msgstr "bsd kimlik doğrulama işlemine başlanılamadı" + +#: plugins/sudoers/auth/bsdauth.c:91 +msgid "invalid authentication type" +msgstr "geçersiz kimlik doğrulama türü" + +#: plugins/sudoers/auth/bsdauth.c:100 +msgid "unable to setup authentication" +msgstr "kimlik doğrulama gerçekleştirilemedi" + +#: plugins/sudoers/auth/fwtk.c:59 +#, c-format +msgid "unable to read fwtk config" +msgstr "fwtk yapılandırması okunamadı" + +#: plugins/sudoers/auth/fwtk.c:64 +#, c-format +msgid "unable to connect to authentication server" +msgstr "kimlik doğrulama sunucusuna bağlanılamadı" + +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 +#, c-format +msgid "lost connection to authentication server" +msgstr "kimlik doğrulama sunucusunda bağlantı kaybı" + +#: plugins/sudoers/auth/fwtk.c:74 +#, c-format +msgid "" +"authentication server error:\n" +"%s" +msgstr "" +"kimlik doğrulama sunucusu hatası:\n" +"%s" + +#: plugins/sudoers/auth/kerb5.c:116 +#, c-format +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "" + +#: plugins/sudoers/auth/kerb5.c:159 +#, c-format +msgid "%s: unable to parse '%s': %s" +msgstr "%s: ayrıştırılamayan öge '%s': %s" + +#: plugins/sudoers/auth/kerb5.c:169 +#, c-format +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s: kimlik bilgisi önbelleği çözülemedi: %s" + +#: plugins/sudoers/auth/kerb5.c:217 +#, c-format +msgid "%s: unable to allocate options: %s" +msgstr "%s: seçenekler ayrılamadı: %s" + +#: plugins/sudoers/auth/kerb5.c:233 +#, c-format +msgid "%s: unable to get credentials: %s" +msgstr "%s: kimlik bilgileri elde edilemedi: %s" + +#: plugins/sudoers/auth/kerb5.c:246 +#, c-format +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: kimlik bilgisi önbelleği hazırlanamadı: %s" + +#: plugins/sudoers/auth/kerb5.c:250 +#, c-format +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: kimlik bilgisi önbellekte saklanamadı: %s" + +#: plugins/sudoers/auth/kerb5.c:315 +#, c-format +msgid "%s: unable to get host principal: %s" +msgstr "" + +#: plugins/sudoers/auth/kerb5.c:330 +#, c-format +msgid "%s: Cannot verify TGT! Possible attack!: %s" +msgstr "%s: TGT doğrulanamadı! Muhtemel saldırı!: %s" + +#: plugins/sudoers/auth/pam.c:105 +msgid "unable to initialize PAM" +msgstr "PAM başlatılamadı" + +#: plugins/sudoers/auth/pam.c:150 +msgid "account validation failure, is your account locked?" +msgstr "hesap geçerliliği teyit edilemedi, hesabınız kilitli mi?" + +#: plugins/sudoers/auth/pam.c:154 +msgid "Account or password is expired, reset your password and try again" +msgstr "Hesabın veya hesap parolasının süresi dolmuş, parolanızı sıfırlayınız ve yeniden deneyiniz" + +#: plugins/sudoers/auth/pam.c:162 +#, c-format +msgid "unable to change expired password: %s" +msgstr "zaman aşımına uğramış parola değiştirilemedi: %s" + +#: plugins/sudoers/auth/pam.c:167 +msgid "Password expired, contact your system administrator" +msgstr "Parola geçerlilik süresi dolmuş, sistem yöneticinizle temasa geçiniz" + +#: plugins/sudoers/auth/pam.c:171 +msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" +msgstr "Hesap geçerlilik süresi dolmuş veya sudo için PAM yapılandırması bir \"account\" bölümünden yoksun, sistem yöneticinizle temasa geçiniz" + +#: plugins/sudoers/auth/pam.c:188 +#, c-format +msgid "PAM authentication error: %s" +msgstr "PAM kimlik doğrulama hatası: %s" + +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "kimlik bilgileri oluşturulamadı: %s" + +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 +#, c-format +msgid "you do not exist in the %s database" +msgstr "%s veritabanında bulunmuyorsunuz" + +#: plugins/sudoers/auth/securid5.c:80 +#, c-format +msgid "failed to initialise the ACE API library" +msgstr "ACE API kütüphanesinin hazırlanması başarısız oldu" + +#: plugins/sudoers/auth/securid5.c:106 +#, c-format +msgid "unable to contact the SecurID server" +msgstr "SecurID sunucusuyla bağlantı kurulamadı" + +#: plugins/sudoers/auth/securid5.c:115 +#, c-format +msgid "User ID locked for SecurID Authentication" +msgstr "Kullanıcı Kimliği(User ID), SecurID Kimlik Doğrulaması için kilitli" + +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 +#, c-format +msgid "invalid username length for SecurID" +msgstr "SecurID için geçersiz kullanıcı adı uzunluğu" + +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 +#, c-format +msgid "invalid Authentication Handle for SecurID" +msgstr "SecurID için geçersiz Kimlik Doğrulama İşleyicisi" + +#: plugins/sudoers/auth/securid5.c:127 +#, c-format +msgid "SecurID communication failed" +msgstr "SecurID iletişimi başarısız oldu" + +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 +#, c-format +msgid "unknown SecurID error" +msgstr "bilinmeyen SecurID hatası" + +#: plugins/sudoers/auth/securid5.c:165 +#, c-format +msgid "invalid passcode length for SecurID" +msgstr "SecurID için geçersiz şifre uzunluğu" + +#: plugins/sudoers/auth/sia.c:108 +msgid "unable to initialize SIA session" +msgstr "SIA oturumu başlatılamadı" + +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "geçersiz kimlik doğrulama yöntemleri" + +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "Sudo içinde geçersiz kimlik doğrulama yöntemleri derlenmiş! Bağımsız ve bağımsız olmayan kimlik doğrulama yöntemlerini karma bir şekilde kullanamayabilirsiniz." + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "kimlik doğrulama yöntemleri yok" + +#: plugins/sudoers/auth/sudo_auth.c:205 +msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." +msgstr "Sudo içinde herhangi bir kimlik doğrulama yöntemi derlenmemiş! Kimlik doğrulamayı kapatmak isterseniz, --disable-authentication seçeneğini kullanınız." + +#: plugins/sudoers/auth/sudo_auth.c:389 +msgid "Authentication methods:" +msgstr "Kimlik doğrulama yöntemleri:" + +#: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63 +#: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116 +#: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172 +#, c-format +msgid "getaudit: failed" +msgstr "getaudit: işlem başarısız" + +#: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 +#, c-format +msgid "Could not determine audit condition" +msgstr "Denetim durumu belirlenemedi" + +#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160 +#, c-format +msgid "getauid: failed" +msgstr "getauid: işlem başarısız" + +#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 +#, c-format +msgid "au_open: failed" +msgstr "au_open: işlem başarısız" + +#: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174 +#, c-format +msgid "au_to_subject: failed" +msgstr "au_to_subject: işlem başarısız" + +#: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178 +#, c-format +msgid "au_to_exec_args: failed" +msgstr "au_to_exec_args: işlem başarısız" + +#: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187 +#, c-format +msgid "au_to_return32: failed" +msgstr "au_to_return32: işlem başarısız" + +#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 +#, c-format +msgid "unable to commit audit record" +msgstr "denetim kaydı işlenemiyor" + +#: plugins/sudoers/bsm_audit.c:183 +#, c-format +msgid "au_to_text: failed" +msgstr "au_to_text: işlem başarısız" + +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Yerel Sistem Yöneticisinden olağan öğütleri aldığınıza güveniyoruz.\n" +"Bunları genellikle aşağıdaki üç şeyle özetleyebiliriz:\n" +"\n" +" #1) Diğer kişilerin özel hayatına saygı gösterin.\n" +" #2) Bir yazmadan önce iki kere düşünün.\n" +" #3) Büyük gücün büyük bir sorumluluk getirdiğini unutmayın.\n" +"\n" + +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 +#, c-format +msgid "unknown uid: %u" +msgstr "bilinmeyen uid: %u" + +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 +#, c-format +msgid "unknown user: %s" +msgstr "bilinmeyen kullanıcı: %s" + +#: plugins/sudoers/def_data.c:27 +#, c-format +msgid "Syslog facility if syslog is being used for logging: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:31 +#, c-format +msgid "Syslog priority to use when user authenticates successfully: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:35 +#, c-format +msgid "Syslog priority to use when user authenticates unsuccessfully: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:39 +msgid "Put OTP prompt on its own line" +msgstr "OTP güdüsünü kendi satırına yerleştir" + +#: plugins/sudoers/def_data.c:43 +msgid "Ignore '.' in $PATH" +msgstr "$PATH içindeki '.' ögesini yoksay" + +#: plugins/sudoers/def_data.c:47 +msgid "Always send mail when sudo is run" +msgstr "Sudonun çalıştırıldığı her zaman e-posta gönder" + +#: plugins/sudoers/def_data.c:51 +msgid "Send mail if user authentication fails" +msgstr "Kullanıcı kimlik doğrulaması başarısız olursa e-posta gönder" + +#: plugins/sudoers/def_data.c:55 +msgid "Send mail if the user is not in sudoers" +msgstr "Kullanıcı sudoers içinde değilse e-posta gönder" + +#: plugins/sudoers/def_data.c:59 +msgid "Send mail if the user is not in sudoers for this host" +msgstr "Kullanıcı bu makinedeki sudoers içinde değilse e-posta gönder" + +#: plugins/sudoers/def_data.c:63 +msgid "Send mail if the user is not allowed to run a command" +msgstr "Kullanıcının bir komut çalıştırmasına izin verilmiyor ise e-posta gönder" + +#: plugins/sudoers/def_data.c:67 +msgid "Use a separate timestamp for each user/tty combo" +msgstr "Her kullanıcı/tty birleşik girişi için ayrı bir zaman damgası kullan" + +#: plugins/sudoers/def_data.c:71 +msgid "Lecture user the first time they run sudo" +msgstr "Sudoyu ilk defa çalıştırdıkları zaman kullanıcıya gerekli öğütleri ver" + +#: plugins/sudoers/def_data.c:75 +#, c-format +msgid "File containing the sudo lecture: %s" +msgstr "Dosya sudo öğüdü içeriyor: %s" + +#: plugins/sudoers/def_data.c:79 +msgid "Require users to authenticate by default" +msgstr "Öntanımlı olarak kullanıcıların kimlik doğrulaması gerekmektedir" + +#: plugins/sudoers/def_data.c:83 +msgid "Root may run sudo" +msgstr "Kök kullanıcı (root) sudoyu çalıştırabilir" + +#: plugins/sudoers/def_data.c:87 +msgid "Log the hostname in the (non-syslog) log file" +msgstr "" + +#: plugins/sudoers/def_data.c:91 +msgid "Log the year in the (non-syslog) log file" +msgstr "" + +#: plugins/sudoers/def_data.c:95 +msgid "If sudo is invoked with no arguments, start a shell" +msgstr "Eğer sudo herhangi bir bağımsız değişkenle uyandırılmazsa, bir kabuk başlat" + +#: plugins/sudoers/def_data.c:99 +msgid "Set $HOME to the target user when starting a shell with -s" +msgstr "Kabuğu -s ile başlatırken $HOME çevre değişkenini hedef kullanıcıya ata" + +#: plugins/sudoers/def_data.c:103 +msgid "Always set $HOME to the target user's home directory" +msgstr "Her zaman $HOME çevre değişkenini hedef kullanıcının ev dizinine ata" + +#: plugins/sudoers/def_data.c:107 +msgid "Allow some information gathering to give useful error messages" +msgstr "Yararlı hata iletilerinin verilmesi için bazı bilgilerin toplanmasına izin ver" + +#: plugins/sudoers/def_data.c:111 +msgid "Require fully-qualified hostnames in the sudoers file" +msgstr "Sudoers dosyası içerisinde tam nitelikli ana makine adlarının olması gerekmektedir" + +#: plugins/sudoers/def_data.c:115 +msgid "Insult the user when they enter an incorrect password" +msgstr "Hatalı parola girdikleri zaman kullanıcıyı aşağıla" + +#: plugins/sudoers/def_data.c:119 +msgid "Only allow the user to run sudo if they have a tty" +msgstr "Ancak bir tty sahibi iseler kullanıcıya sudoyu çalıştırma izni ver" + +#: plugins/sudoers/def_data.c:123 +msgid "Visudo will honor the EDITOR environment variable" +msgstr "Visudo EDITOR çevre değişkeninin gereğini şerefle yerine getirecektir." + +#: plugins/sudoers/def_data.c:127 +msgid "Prompt for root's password, not the users's" +msgstr "" + +#: plugins/sudoers/def_data.c:131 +msgid "Prompt for the runas_default user's password, not the users's" +msgstr "" + +#: plugins/sudoers/def_data.c:135 +msgid "Prompt for the target user's password, not the users's" +msgstr "" + +#: plugins/sudoers/def_data.c:139 +msgid "Apply defaults in the target user's login class if there is one" +msgstr "Eğer bir tane varsa hedef kullanıcı oturum açma sınıfında öntanımlıları uygula" + +#: plugins/sudoers/def_data.c:143 +msgid "Set the LOGNAME and USER environment variables" +msgstr "LOGNAME ve USER çevre değişkenlerini ata" + +#: plugins/sudoers/def_data.c:147 +msgid "Only set the effective uid to the target user, not the real uid" +msgstr "" + +#: plugins/sudoers/def_data.c:151 +msgid "Don't initialize the group vector to that of the target user" +msgstr "" + +#: plugins/sudoers/def_data.c:155 +#, c-format +msgid "Length at which to wrap log file lines (0 for no wrap): %d" +msgstr "" + +#: plugins/sudoers/def_data.c:159 +#, c-format +msgid "Authentication timestamp timeout: %.1f minutes" +msgstr "" + +#: plugins/sudoers/def_data.c:163 +#, c-format +msgid "Password prompt timeout: %.1f minutes" +msgstr "" + +#: plugins/sudoers/def_data.c:167 +#, c-format +msgid "Number of tries to enter a password: %d" +msgstr "Bir parola girişinde deneme sayısı: %d" + +#: plugins/sudoers/def_data.c:171 +#, c-format +msgid "Umask to use or 0777 to use user's: 0%o" +msgstr "" + +#: plugins/sudoers/def_data.c:175 +#, c-format +msgid "Path to log file: %s" +msgstr "Günlük kütüğü yolu: %s" + +#: plugins/sudoers/def_data.c:179 +#, c-format +msgid "Path to mail program: %s" +msgstr "E-posta programı yolu: %s" + +#: plugins/sudoers/def_data.c:183 +#, c-format +msgid "Flags for mail program: %s" +msgstr "E-posta programı için bayraklar: %s" + +#: plugins/sudoers/def_data.c:187 +#, c-format +msgid "Address to send mail to: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:191 +#, c-format +msgid "Address to send mail from: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:195 +#, c-format +msgid "Subject line for mail messages: %s" +msgstr "E-posta iletileri için konu satırı: %s" + +#: plugins/sudoers/def_data.c:199 +#, c-format +msgid "Incorrect password message: %s" +msgstr "Hatalı parola iletisi: %s" + +#: plugins/sudoers/def_data.c:203 +#, c-format +msgid "Path to authentication timestamp dir: %s" +msgstr "Kimlik doğrulama zaman damgası dizininin yolu: %s" + +#: plugins/sudoers/def_data.c:207 +#, c-format +msgid "Owner of the authentication timestamp dir: %s" +msgstr "Kimlik doğrulama zaman damgası dizininin sahibi: %s" + +#: plugins/sudoers/def_data.c:211 +#, c-format +msgid "Users in this group are exempt from password and PATH requirements: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:215 +#, c-format +msgid "Default password prompt: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:219 +msgid "If set, passprompt will override system prompt in all cases." +msgstr "" + +#: plugins/sudoers/def_data.c:223 +#, c-format +msgid "Default user to run commands as: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:227 +#, c-format +msgid "Value to override user's $PATH with: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:231 +#, c-format +msgid "Path to the editor for use by visudo: %s" +msgstr "Visudo tarafından kullanılacak düzenleyici yolu: %s" + +#: plugins/sudoers/def_data.c:235 +#, c-format +msgid "When to require a password for 'list' pseudocommand: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:239 +#, c-format +msgid "When to require a password for 'verify' pseudocommand: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:243 +msgid "Preload the dummy exec functions contained in the sudo_noexec library" +msgstr "Sudo_noexec kütüphanesinin içerdiği taklit exec işlevlerini önyükle" + +#: plugins/sudoers/def_data.c:247 +msgid "If LDAP directory is up, do we ignore local sudoers file" +msgstr "LDAP dizini kullanılabilir durumda ise, yerel sudoers dosyalarını yok sayalım mı" + +#: plugins/sudoers/def_data.c:251 +#, c-format +msgid "File descriptors >= %d will be closed before executing a command" +msgstr "" + +#: plugins/sudoers/def_data.c:255 +msgid "If set, users may override the value of `closefrom' with the -C option" +msgstr "" + +#: plugins/sudoers/def_data.c:259 +msgid "Allow users to set arbitrary environment variables" +msgstr "" + +#: plugins/sudoers/def_data.c:263 +msgid "Reset the environment to a default set of variables" +msgstr "" + +#: plugins/sudoers/def_data.c:267 +msgid "Environment variables to check for sanity:" +msgstr "" + +#: plugins/sudoers/def_data.c:271 +msgid "Environment variables to remove:" +msgstr "" + +#: plugins/sudoers/def_data.c:275 +msgid "Environment variables to preserve:" +msgstr "" + +#: plugins/sudoers/def_data.c:279 +#, c-format +msgid "SELinux role to use in the new security context: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:283 +#, c-format +msgid "SELinux type to use in the new security context: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:287 +#, c-format +msgid "Path to the sudo-specific environment file: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:291 +#, c-format +msgid "Locale to use while parsing sudoers: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:295 +msgid "Allow sudo to prompt for a password even if it would be visible" +msgstr "" + +#: plugins/sudoers/def_data.c:299 +msgid "Provide visual feedback at the password prompt when there is user input" +msgstr "" + +#: plugins/sudoers/def_data.c:303 +msgid "Use faster globbing that is less accurate but does not access the filesystem" +msgstr "" + +#: plugins/sudoers/def_data.c:307 +msgid "The umask specified in sudoers will override the user's, even if it is more permissive" +msgstr "" + +#: plugins/sudoers/def_data.c:311 +msgid "Log user's input for the command being run" +msgstr "" + +#: plugins/sudoers/def_data.c:315 +msgid "Log the output of the command being run" +msgstr "" + +#: plugins/sudoers/def_data.c:319 +msgid "Compress I/O logs using zlib" +msgstr "I/O günlüklerini zlib kullanarak sıkıştır" + +#: plugins/sudoers/def_data.c:323 +msgid "Always run commands in a pseudo-tty" +msgstr "" + +#: plugins/sudoers/def_data.c:327 +#, c-format +msgid "Plugin for non-Unix group support: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:331 +#, c-format +msgid "Directory in which to store input/output logs: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:335 +#, c-format +msgid "File in which to store the input/output log: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:339 +msgid "Add an entry to the utmp/utmpx file when allocating a pty" +msgstr "" + +#: plugins/sudoers/def_data.c:343 +msgid "Set the user in utmp to the runas user, not the invoking user" +msgstr "" + +#: plugins/sudoers/def_data.c:347 +msgid "Set of permitted privileges" +msgstr "" + +#: plugins/sudoers/def_data.c:351 +msgid "Set of limit privileges" +msgstr "" + +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 +#, c-format +msgid "unknown defaults entry `%s'" +msgstr "" + +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 +#, c-format +msgid "value `%s' is invalid for option `%s'" +msgstr "" + +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 +#, c-format +msgid "no value specified for `%s'" +msgstr "" + +#: plugins/sudoers/defaults.c:241 +#, c-format +msgid "values for `%s' must start with a '/'" +msgstr "" + +#: plugins/sudoers/defaults.c:303 +#, c-format +msgid "option `%s' does not take a value" +msgstr "" + +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 +#, c-format +msgid "internal error, %s overflow" +msgstr "" + +#: plugins/sudoers/env.c:367 +#, c-format +msgid "sudo_putenv: corrupted envp, length mismatch" +msgstr "" + +#: plugins/sudoers/env.c:1012 +#, c-format +msgid "sorry, you are not allowed to set the following environment variables: %s" +msgstr "" + +#: plugins/sudoers/group_plugin.c:102 +#, c-format +msgid "%s must be owned by uid %d" +msgstr "" + +#: plugins/sudoers/group_plugin.c:106 +#, c-format +msgid "%s must only be writable by owner" +msgstr "" + +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 +#, c-format +msgid "unable to dlopen %s: %s" +msgstr "" + +#: plugins/sudoers/group_plugin.c:118 +#, c-format +msgid "unable to find symbol \"group_plugin\" in %s" +msgstr "" + +#: plugins/sudoers/group_plugin.c:123 +#, c-format +msgid "%s: incompatible group plugin major version %d, expected %d" +msgstr "" + +#: plugins/sudoers/interfaces.c:119 +msgid "Local IP address and netmask pairs:\n" +msgstr "" + +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 +#, c-format +msgid "unable to mkdir %s" +msgstr "" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 +#, c-format +msgid "unable to read %s" +msgstr "" + +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 +#, c-format +msgid "unable to write to %s" +msgstr "" + +#: plugins/sudoers/iolog.c:334 +#, c-format +msgid "unable to create %s" +msgstr "" + +#: plugins/sudoers/ldap.c:385 +#, c-format +msgid "sudo_ldap_conf_add_ports: port too large" +msgstr "" + +#: plugins/sudoers/ldap.c:408 +#, c-format +msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" +msgstr "" + +#: plugins/sudoers/ldap.c:438 +#, c-format +msgid "unsupported LDAP uri type: %s" +msgstr "" + +#: plugins/sudoers/ldap.c:467 +#, c-format +msgid "invalid uri: %s" +msgstr "" + +#: plugins/sudoers/ldap.c:473 +#, c-format +msgid "unable to mix ldap and ldaps URIs" +msgstr "" + +#: plugins/sudoers/ldap.c:477 +#, c-format +msgid "unable to mix ldaps and starttls" +msgstr "" + +#: plugins/sudoers/ldap.c:496 +#, c-format +msgid "sudo_ldap_parse_uri: out of space building hostbuf" +msgstr "" + +#: plugins/sudoers/ldap.c:570 +#, c-format +msgid "unable to initialize SSL cert and key db: %s" +msgstr "" + +#: plugins/sudoers/ldap.c:573 +#, c-format +msgid "you must set TLS_CERT in %s to use SSL" +msgstr "" + +#: plugins/sudoers/ldap.c:1062 +#, c-format +msgid "unable to get GMT time" +msgstr "" + +#: plugins/sudoers/ldap.c:1068 +#, c-format +msgid "unable to format timestamp" +msgstr "" + +#: plugins/sudoers/ldap.c:1076 +#, c-format +msgid "unable to build time filter" +msgstr "" + +#: plugins/sudoers/ldap.c:1295 +#, c-format +msgid "sudo_ldap_build_pass1 allocation mismatch" +msgstr "" + +#: plugins/sudoers/ldap.c:1842 +#, c-format +msgid "" +"\n" +"LDAP Role: %s\n" +msgstr "" + +#: plugins/sudoers/ldap.c:1844 +#, c-format +msgid "" +"\n" +"LDAP Role: UNKNOWN\n" +msgstr "" + +#: plugins/sudoers/ldap.c:1891 +#, c-format +msgid " Order: %s\n" +msgstr "" + +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 +#, c-format +msgid " Commands:\n" +msgstr "" + +#: plugins/sudoers/ldap.c:2321 +#, c-format +msgid "unable to initialize LDAP: %s" +msgstr "" + +#: plugins/sudoers/ldap.c:2355 +#, c-format +msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" +msgstr "" + +#: plugins/sudoers/ldap.c:2591 +#, c-format +msgid "invalid sudoOrder attribute: %s" +msgstr "" + +#: plugins/sudoers/linux_audit.c:57 +#, c-format +msgid "unable to open audit system" +msgstr "" + +#: plugins/sudoers/linux_audit.c:93 +#, c-format +msgid "unable to send audit message" +msgstr "" + +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "" + +#: plugins/sudoers/logging.c:194 +#, c-format +msgid "unable to open log file: %s: %s" +msgstr "günlük kütüğü açılamadı: %s: %s" + +#: plugins/sudoers/logging.c:197 +#, c-format +msgid "unable to lock log file: %s: %s" +msgstr "günlük kütüğü kilitlenemedi: %s: %s" + +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Kullanıcı veya ana makine yok" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "doğrulama başarısız" + +#: plugins/sudoers/logging.c:254 +msgid "user NOT in sudoers" +msgstr "kullancı sudoers içinde DEĞİL" + +#: plugins/sudoers/logging.c:256 +msgid "user NOT authorized on host" +msgstr "kullanıcı ana makine üzerinde yetkili DEĞİL" + +#: plugins/sudoers/logging.c:258 +msgid "command not allowed" +msgstr "komuta izin verilmiyor" + +#: plugins/sudoers/logging.c:288 +#, c-format +msgid "%s is not in the sudoers file. This incident will be reported.\n" +msgstr "%s sudoers dosyası içinde değil. Bu olay rapor edilecek.\n" + +#: plugins/sudoers/logging.c:291 +#, c-format +msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" +msgstr "%s, %s üzerinde sudoyu çalıştırma iznine sahip değil. Bu olay rapor edilecek.\n" + +#: plugins/sudoers/logging.c:295 +#, c-format +msgid "Sorry, user %s may not run sudo on %s.\n" +msgstr "Üzgünüm, %s kullanıcısı %s üzerinde sudoyu çalıştıramayabilir.\n" + +#: plugins/sudoers/logging.c:298 +#, c-format +msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" +msgstr "Üzgünüm, %s kullanıcısı '%s%s%s' komutunu %s%s%s olarak %s üzerinde çalıştırma iznine sahip değil.\n" + +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 +#, c-format +msgid "%s: command not found" +msgstr "%s: komut bulunamadı" + +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 +#, c-format +msgid "" +"ignoring `%s' found in '.'\n" +"Use `sudo ./%s' if this is the `%s' you wish to run." +msgstr "" + +#: plugins/sudoers/logging.c:353 +msgid "authentication failure" +msgstr "" + +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 +#, c-format +msgid "%d incorrect password attempt" +msgid_plural "%d incorrect password attempts" +msgstr[0] "" +msgstr[1] "" + +#: plugins/sudoers/logging.c:566 +#, c-format +msgid "unable to fork" +msgstr "" + +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 +#, c-format +msgid "unable to fork: %m" +msgstr "" + +#: plugins/sudoers/logging.c:619 +#, c-format +msgid "unable to open pipe: %m" +msgstr "" + +#: plugins/sudoers/logging.c:644 +#, c-format +msgid "unable to dup stdin: %m" +msgstr "" + +#: plugins/sudoers/logging.c:680 +#, c-format +msgid "unable to execute %s: %m" +msgstr "" + +#: plugins/sudoers/logging.c:899 +#, c-format +msgid "internal error: insufficient space for log line" +msgstr "" + +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "" + +#: plugins/sudoers/parse.c:124 +#, c-format +msgid "parse error in %s near line %d" +msgstr "" + +#: plugins/sudoers/parse.c:127 +#, c-format +msgid "parse error in %s" +msgstr "" + +#: plugins/sudoers/parse.c:462 +#, c-format +msgid "" +"\n" +"Sudoers entry:\n" +msgstr "" + +#: plugins/sudoers/parse.c:463 +#, c-format +msgid " RunAsUsers: " +msgstr "" + +#: plugins/sudoers/parse.c:477 +#, c-format +msgid " RunAsGroups: " +msgstr "" + +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr "" + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "" + +#: plugins/sudoers/policy.c:665 +#, c-format +msgid "" +"\n" +"Sudoers path: %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:670 +#, c-format +msgid "ldap.conf path: %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "" + +#: plugins/sudoers/pwutil.c:148 +#, c-format +msgid "unable to cache uid %u, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:190 +#, c-format +msgid "unable to cache user %s, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:374 +#, c-format +msgid "unable to cache gid %u, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:410 +#, c-format +msgid "unable to cache group %s, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 +msgid "perm stack overflow" +msgstr "" + +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 +msgid "perm stack underflow" +msgstr "" + +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 +msgid "unable to change to runas gid" +msgstr "" + +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 +msgid "unable to change to runas uid" +msgstr "" + +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 +msgid "unable to change to sudoers gid" +msgstr "" + +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 +msgid "too many processes" +msgstr "" + +#: plugins/sudoers/set_perms.c:1583 +msgid "unable to set runas group vector" +msgstr "" + +#: plugins/sudoers/sssd.c:257 +#, c-format +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "" + +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 +#, c-format +msgid "unable to find symbol \"%s\" in %s" +msgstr "" + +#: plugins/sudoers/sudo_nss.c:283 +#, c-format +msgid "Matching Defaults entries for %s on this host:\n" +msgstr "" + +#: plugins/sudoers/sudo_nss.c:296 +#, c-format +msgid "Runas and Command-specific defaults for %s:\n" +msgstr "" + +#: plugins/sudoers/sudo_nss.c:309 +#, c-format +msgid "User %s may run the following commands on this host:\n" +msgstr "" + +#: plugins/sudoers/sudo_nss.c:318 +#, c-format +msgid "User %s is not allowed to run sudo on %s.\n" +msgstr "" + +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 +msgid "problem with defaults entries" +msgstr "" + +#: plugins/sudoers/sudoers.c:165 +#, c-format +msgid "no valid sudoers sources found, quitting" +msgstr "" + +#: plugins/sudoers/sudoers.c:227 +#, c-format +msgid "sudoers specifies that root is not allowed to sudo" +msgstr "" + +#: plugins/sudoers/sudoers.c:234 +#, c-format +msgid "you are not permitted to use the -C option" +msgstr "" + +#: plugins/sudoers/sudoers.c:315 +#, c-format +msgid "timestamp owner (%s): No such user" +msgstr "" + +#: plugins/sudoers/sudoers.c:329 +msgid "no tty" +msgstr "" + +#: plugins/sudoers/sudoers.c:330 +#, c-format +msgid "sorry, you must have a tty to run sudo" +msgstr "" + +#: plugins/sudoers/sudoers.c:378 +msgid "command in current directory" +msgstr "" + +#: plugins/sudoers/sudoers.c:395 +#, c-format +msgid "sorry, you are not allowed to preserve the environment" +msgstr "" + +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:726 +#, c-format +msgid "%s is not a regular file" +msgstr "" + +#: plugins/sudoers/sudoers.c:729 toke.l:913 +#, c-format +msgid "%s is owned by uid %u, should be %u" +msgstr "" + +#: plugins/sudoers/sudoers.c:733 toke.l:920 +#, c-format +msgid "%s is world writable" +msgstr "" + +#: plugins/sudoers/sudoers.c:736 toke.l:925 +#, c-format +msgid "%s is owned by gid %u, should be %u" +msgstr "" + +#: plugins/sudoers/sudoers.c:763 +#, c-format +msgid "only root can use `-c %s'" +msgstr "" + +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 +#, c-format +msgid "unknown login class: %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:814 +#, c-format +msgid "unable to resolve host %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 +#, c-format +msgid "unknown group: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:292 +#, c-format +msgid "invalid filter option: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:305 +#, c-format +msgid "invalid max wait: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:311 +#, c-format +msgid "invalid speed factor: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 +#, c-format +msgid "%s version %s\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:339 +#, c-format +msgid "%s/%.2s/%.2s/%.2s/timing: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:345 +#, c-format +msgid "%s/%s/timing: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:363 +#, c-format +msgid "Replaying sudo session: %s\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:369 +#, c-format +msgid "Warning: your terminal is too small to properly replay the log.\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:370 +#, c-format +msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." +msgstr "" + +#: plugins/sudoers/sudoreplay.c:400 +#, c-format +msgid "unable to set tty to raw mode" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:416 +#, c-format +msgid "invalid timing file line: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:499 +#, c-format +msgid "writing to standard output" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:528 +#, c-format +msgid "nanosleep: tv_sec %ld, tv_nsec %ld" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 +#, c-format +msgid "ambiguous expression \"%s\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:683 +#, c-format +msgid "too many parenthesized expressions, max %d" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:694 +#, c-format +msgid "unmatched ')' in expression" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:700 +#, c-format +msgid "unknown search term \"%s\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:714 +#, c-format +msgid "%s requires an argument" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 +#, c-format +msgid "invalid regular expression: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:724 +#, c-format +msgid "could not parse date \"%s\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:737 +#, c-format +msgid "unmatched '(' in expression" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:739 +#, c-format +msgid "illegal trailing \"or\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:741 +#, c-format +msgid "illegal trailing \"!\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1182 +#, c-format +msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1185 +#, c-format +msgid "usage: %s [-h] [-d directory] -l [search expression]\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1194 +#, c-format +msgid "" +"%s - replay sudo session logs\n" +"\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1196 +msgid "" +"\n" +"Options:\n" +" -d directory specify directory for session logs\n" +" -f filter specify which I/O type to display\n" +" -h display help message and exit\n" +" -l [expression] list available session IDs that match expression\n" +" -m max_wait max number of seconds to wait between events\n" +" -s speed_factor speed up or slow down output\n" +" -V display version information and exit" +msgstr "" + +#: plugins/sudoers/testsudoers.c:328 +msgid "\thost unmatched" +msgstr "" + +#: plugins/sudoers/testsudoers.c:331 +msgid "" +"\n" +"Command allowed" +msgstr "" + +#: plugins/sudoers/testsudoers.c:332 +msgid "" +"\n" +"Command denied" +msgstr "" + +#: plugins/sudoers/testsudoers.c:332 +msgid "" +"\n" +"Command unmatched" +msgstr "" + +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "" + +#: plugins/sudoers/toke_util.c:176 +#, c-format +msgid "fill_args: buffer overflow" +msgstr "" + +#: plugins/sudoers/visudo.c:180 +#, c-format +msgid "%s grammar version %d\n" +msgstr "" + +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 +#, c-format +msgid "press return to edit %s: " +msgstr "" + +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 +#, c-format +msgid "write error" +msgstr "yazma hatası" + +#: plugins/sudoers/visudo.c:414 +#, c-format +msgid "unable to stat temporary file (%s), %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:419 +#, c-format +msgid "zero length temporary file (%s), %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:425 +#, c-format +msgid "editor (%s) failed, %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:448 +#, c-format +msgid "%s unchanged" +msgstr "%s değişmemiş" + +#: plugins/sudoers/visudo.c:477 +#, c-format +msgid "unable to re-open temporary file (%s), %s unchanged." +msgstr "geçici dosya (%s) yeniden açılamadı, %s değişmemiş." + +#: plugins/sudoers/visudo.c:487 +#, c-format +msgid "unabled to parse temporary file (%s), unknown error" +msgstr "" + +#: plugins/sudoers/visudo.c:526 +#, c-format +msgid "internal error, unable to find %s in list!" +msgstr "" + +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 +#, c-format +msgid "unable to set (uid, gid) of %s to (%u, %u)" +msgstr "" + +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "" + +#: plugins/sudoers/visudo.c:609 +#, c-format +msgid "%s and %s not on the same file system, using mv to rename" +msgstr "" + +#: plugins/sudoers/visudo.c:623 +#, c-format +msgid "command failed: '%s %s %s', %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:633 +#, c-format +msgid "error renaming %s, %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:695 +msgid "What now? " +msgstr "" + +#: plugins/sudoers/visudo.c:709 +msgid "" +"Options are:\n" +" (e)dit sudoers file again\n" +" e(x)it without saving changes to sudoers file\n" +" (Q)uit and save changes to sudoers file (DANGER!)\n" +msgstr "" + +#: plugins/sudoers/visudo.c:757 +#, c-format +msgid "unable to run %s" +msgstr "%s çalıştırılamadı" + +#: plugins/sudoers/visudo.c:783 +#, c-format +msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" +msgstr "" + +#: plugins/sudoers/visudo.c:790 +#, c-format +msgid "%s: bad permissions, should be mode 0%o\n" +msgstr "" + +#: plugins/sudoers/visudo.c:815 +#, c-format +msgid "failed to parse %s file, unknown error" +msgstr "%s dosyasının ayrıştırılması başarısız oldu, bilinmeyen hata" + +#: plugins/sudoers/visudo.c:831 +#, c-format +msgid "parse error in %s near line %d\n" +msgstr "%s içindeki %d satırı yakınında ayrıştırma hatası\n" + +#: plugins/sudoers/visudo.c:834 +#, c-format +msgid "parse error in %s\n" +msgstr "%s içinde ayrıştırma hatası\n" + +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 +#, c-format +msgid "%s: parsed OK\n" +msgstr "%s: ayrıştırma TAMAM\n" + +#: plugins/sudoers/visudo.c:893 +#, c-format +msgid "%s busy, try again later" +msgstr "%s meşgul, daha sonra tekrar deneyin" + +#: plugins/sudoers/visudo.c:937 +#, c-format +msgid "specified editor (%s) doesn't exist" +msgstr "belirtilen düzenleyici (%s) yok" + +#: plugins/sudoers/visudo.c:960 +#, c-format +msgid "unable to stat editor (%s)" +msgstr "düzenleyici (%s) başlatılamadı" + +#: plugins/sudoers/visudo.c:1008 +#, c-format +msgid "no editor found (editor path = %s)" +msgstr "hiçbir düzenleyici bulunamadı (düzenleyici yolu = %s)" + +#: plugins/sudoers/visudo.c:1100 +#, c-format +msgid "Error: cycle in %s_Alias `%s'" +msgstr "" + +#: plugins/sudoers/visudo.c:1101 +#, c-format +msgid "Warning: cycle in %s_Alias `%s'" +msgstr "" + +#: plugins/sudoers/visudo.c:1104 +#, c-format +msgid "Error: %s_Alias `%s' referenced but not defined" +msgstr "" + +#: plugins/sudoers/visudo.c:1105 +#, c-format +msgid "Warning: %s_Alias `%s' referenced but not defined" +msgstr "" + +#: plugins/sudoers/visudo.c:1240 +#, c-format +msgid "%s: unused %s_Alias %s" +msgstr "" + +#: plugins/sudoers/visudo.c:1302 +#, c-format +msgid "" +"%s - safely edit the sudoers file\n" +"\n" +msgstr "" + +#: plugins/sudoers/visudo.c:1304 +msgid "" +"\n" +"Options:\n" +" -c check-only mode\n" +" -f sudoers specify sudoers file location\n" +" -h display help message and exit\n" +" -q less verbose (quiet) syntax error messages\n" +" -s strict syntax checking\n" +" -V display version information and exit" +msgstr "" +"\n" +"Seçenekler:\n" +" -c sadece denetim kipi\n" +" -f sudoers sudoers dosyasının konumu\n" +" -h yardım iletisini görüntüle ve çık\n" +" -q daha az ayrıntılı (sessiz=quiet) sözdizim hata iletileri\n" +" -s sıkı sözdizim denetimi\n" +" -V sürüm bilgisini görüntüle ve çık" + +#: toke.l:886 +msgid "too many levels of includes" +msgstr "" diff --git a/plugins/sudoers/po/uk.mo b/plugins/sudoers/po/uk.mo index 9df54d9bed2b9ab322d7c21d02c6131d999ba2be..ca0d727ba3ea11c766ad14321246cee51f6d90f6 100644 GIT binary patch delta 10008 zcmajk33yc1*}(CWgf+5-K*F92NgyO48-yh+Nq~fXM-fDDk_^c}k_j^j5JV>d#MGrA z7ujSHMFc?_7y^+^&{DNkJ0oCQ>QdamrGC=7RH@qkd(Vxw{hsgnuDtU*=ghfhzjyLH zzW_6!t?*r>O?4edVDsKe z(S{n0u~>k^a2C9FA|IG}JL(+Z!2^ zO2a`o3uPd6NLBR=4#3}|bo4zYVmGEQ9p$0Sd?}`29Wpj`0)0g!{!AhlbNcBeT#am- zI*r}&3d#z6jiWFkfz`n2n1LHm8hjCDVAoIv+M0EjdZSQQ>RyxqY(^RAh5oF+-1r^^ z(ohSAEgcR+DZdrdu^MI14DaglHQT8s9^^C-E*bDE#Ok9aeu^t(->ce!ha574V_alp>4&g|=gj7`> z8J(2ppxjr2GLelw68uwV_=v&3VtZ_xrf=wpvNCxnOSu9c#zvHe^I0BQ%1V@hKZ0z( zx`3_mQ)D;PS15?^7u{p$brDvKjfO{Cvm_AKUo|dgq*~ zaVSe(j&i6DpbX$V%0%8q8E~5+y5osBhWvb#_8vz$J1?Ul&;O?+d>$&5<&v>Igsdr|iK3d-4PHeBB~3E2(h73p6+MIr|O zfI0XLhT~99rVMBd%A4(OjKT(#rF|8llL}?3+xeH_AXp zq12y>GC>c@K-T5@^h|b8Acx`tN=Mi2eCTLiO622FW}J*Npj%OvbSX;xwb&bXp`7+} z_V;g~4Ddsgfi>eK$^ha}CNk7VLK>KYJ+T-$!0JAnfTvNGxW!mKg8?|7{0x+pI*go4 z^+%KeM)2(N3gw3N_V-7zFZtI| zZu|=66!#jZ%cr9}70WRmcca{Y0c9($qfD^*cx^1QB0iOC7dTJ`;KMk424$&!k8-Nt zx4nt6_mC2PM|F1%b18CqJbTz=!Vl#4%;-8fs~`PTZ8hVdJN^%zlsC#J@iRI z)Kopn z_Ubg&Uk=N=6o}2ID|HJdp^SV8%1mdX?D;(?hj0%Lz?ZRGD1Vq>7Ws%-`p`{AIYVyb zU8FW)Bwn=3uVHKMYcrempB=^u+@_ai$y`0sS{zMA_^ zPQg}KgR-~3z?*m$c{0_>JM|g*5x0;Zvp}!RpM50cdGEPUSD1|>$ZtiN`DI*&>MrY_ zT8>ixkGAa{EHC+d%*H)hm{p+vru1MG`NJp^x`3!z z7U_Rhfl2rYeu+^owgYcj%r6=qK;9`TY>9Rfrjs|(#0&UKoLj2Bj-$yhFVjEQ zC-DJ!{#%yo8#baWd0#irFwQ{Piqj~E=vy3*Lo0N>TAWD!5b{rb!^b^X!t_~v^%2V6 zkN0RFMiy1Qfk`;n%UPj+RX{=-*n<31tt$09eHGqKz5%N+osUEKG}4Be%|689OPGhB zB8#cgmn-!SZbNBr#R{3JQlDWyF0a;Gau$8EmpxYU_Cgb7Xs{o9iGOO16H)aNKm zGqF~8ungriKZCbn*lOM3Jd}>M<817`hCfVk8E(ZJ_$WTGmTg4iKK;J%;B@kj<1ndr zA0v^1BwFi-t8fzTMF)O?91At`e(iajMn0`hZ%qx(C;v}mwbk5T=z#?B5%QB+_mTJx z4#6G|>Xn?0Pmn+CBaud8#zRUmNwpdau-U`<-Cv9{pjsS+uOY7t70S`(pK|cA5x>BT zxMn?1Q3%_)LDyT$C>B%xKFZ2WrSeR?hH^H1S*AWrhmqA(y*KH@v=?*9e}ZM0%z9?x zcBDuJuoF5r>%Clww~~Jy<1lUuk1$TaWc&!DF_KZlU=sF{=YJB3o)j#`Zdiw7@ktzk z*KrKSZ_@*C;b8K+aS*U>`h%vI6hmLhSs6{!6C{mylnJ8TbWu$Ji(J zQJ(z-*a5#oNrMDm(ZzErYEAUm6j`Q~EnI1tF zL4Af3@xiC{)AS}zAwP7#evho%&-xcoaFc?2alrw-XK&*K^0z;ue;b~_T=L&z1!f=A zKRWd&9lU{~uqUraxosbs3%bxjy|L7Wn&EaI!wg}I9)pJA=|B2Is4 zEw_C2G$Ds^DCL)M0wI^|XJ@;vRlrAoqOK`}JTU56;@8ADLJns??qU1+p<@1W=!R3k zOH8%J%Q&A1CH*MIqg;lq9IB@4kCLFA7pQgZL?_DrhTjrR*Aq<%>`vs^_w}-EVY}C^=UYrd zUWIaXCO#v+mJC-{jrBrmNjlQbC(($5^aDhcU3LI7>~tI3=5}Y2{g}9q_#N>wkxOv- zte?)oI%EBASCf|KKa9w-%U!nZZRL;4S4r<9-X*pWy9l{bG}h-5K0S86?BB}&N_vDf zIP3iDZ#KXq#9EzIF;qw({U^dn{DoLeq*49{ypy;_B#{3HHeInK9wG|ug3s|d(T;jw z+GY3HJ}muD;EQZrZWs2#E5!4}ZoBNC_%<<}x~YWR*OrjK^?KksBARHr>Pc)THW32} z-qzNi^7F72@f%_*;k%cQf4|z(;IICz-~-YFD3kxE^Nd|Smb6@H#3a%)h>=9LUA} z!&Od9Cz2$?bqkTlJ?WT^8*v8FhIDiY>-Y(oFNjG*M`9FT97DOrk#3EN*azQ`Li-wz z+lY%qOTOQM3yGt|F!FOT79)w)#B1bBiT@$0h+?9J>|-Y)hPaIgC*)dBykMpH$+T_a z2NL~=-`fRUusQJ}F^lL!XL5Z=3?piYJmLbehDarvF5fv)e<$Ss|Gkg56XQuY!weil zgb+ zm%0lno>lFwbe4tZ7L~cmUEWHMqtfk3F(y>%yGpB#0=KKwYZSScmm8ICxzS5+B_5}I zy2^{aS-$XagDW<@zcJJ4t)LsL`3jF~nWM1Ua4$04+~x76=xQ1LjoI9|#3*nsax)$o zb7ggf)Bbv3e`AiTvcxF%I31Nng?qWvV-&i}oL;-cLl^FHudBdS>Z+_x2@hB1=$OdX z(<&-m6lWRcT`_~=hI)-GBi^gxtwaL%mpRIdXs5i=RbJ&R>d%*EeM~QZeN4|VGkRf~ z**5lgI6W2_PLId!G0(u?bqM@F*e%#GIknw z7CC8}DrRk57xRv|zW-U&r@j5PtK2Ab6qY#6OL3E86B84SS$Sh_ojGClT*Fn)YLq!- z76vIJzQo{r|H$~{u=Fvq7EZ%qlslIj({ra7UZ>aFR8e-gX@U&UQ&n!b{KW|kVPWO& zN`Lp{A3|cLI99mIs>+NBsnd*7cQLmwt#XzZI*szGvI3{a-zCKr5=FC)DjH)Rg?bpW z6z0m*QvZ$A4@2XcI`JBe&|y?mRx@U6rwbf~ONu@2s`4WL8yPb~!z(@2hNIZwDo^ou z&)gI0?=m#KSzM8;*vSdCrsg#g;=TP1m)Bs3(n`Enz9=)tkGSCPF>*vm%Q9zWiMz;a z=8U@Ad~H-uvw8M+QU5i%rYbkH&->rc`9qj_Y3w9(Qr^UNGL#CVl*25InoIK%&6n~f zMmkqixY#G7!r}EUcYBIBAm$HwSz&H>r8y!$#vGadV;66wqktPrjKZIGlq1DiNgFrJ zzk1xH5cBOJS>}u5KZ>kycz6!1uB@?3rCk%2nO!HI^8a(QaayD>M z?g&046@pu&*GB7(2HI>)F#=oo`h?sWyr0x_$;MBkI`V&ZA@ybC>lxicGG-%ij3Ha& zILSBuz}c+u@EJ`nn80ppZ1oJ99;nq|FsidOzgET?XdtzY)N|6I3@-SPG$?aw4Blt( z&6!}GB+c{lJLi%;`tw^Uuq$wck*u*+NVm-t86I<$wGD2uX4DX@3D&V(+O{{Nl zZ9sZk!w%BhF>5(>>gRo^&190B@>E;5E5sPUVRI zdQDm@DaS)@uGiyZZ)ovo;COINa8uJB$?Mbq)ts&^<<;q*x^Qbq4>^C#f@8uVF*pE? z_EBQ$X3){i{O+!?X8Ey};S|e~vO?zL1>H@*BO;oE$n1mbt*%ZQ2`?Os_r7qdznNRm z%N*r+r3Fnk1nbNxj_CH*F3RZihFVpU3iAKIDvuUqw$iNxH=C^rYm(&E8`vbxaP;LN zk-p^wZwNdU*c#Xqcp~tm{R%b@77g})R`_{~_&q<5os{+1HCRp5S}$dqIK^b^S9LZQ zENkz-vbe5g-cC87JdFV!GFj3SfzuqMIu4mUsL}|DQzUEkNO%rUSnDmvw@#PUnyE&ulFwjuuGD~~sCyOCz}!^ZH<^pdV|@*_ZxoKqe_ zYuq#;1vNB(T!tCk>|b2tZEhwxdxfN!Q`X(;H`cXl?*Ht;gjQ2^TXG=J>eq_gSt}2q z%)(kt`DL(vEA*>GR$KPz49jZw%iVM$2eRX)T_OIL9^Dw)T=vvjHPg4Xi+{n^Ng@7z z+g}N3VbA!0C)rGWrlr|wZ-hT=$AJ*@&RwzouXldl(j2;PkD2iFqn%me=j9P*U?+`$ zU!K9h^JeM(A?CABN0}Y>@6O?Sd8Vv^^O}`6jrDBXZwiCcEYsulB|9olx%J+VjiB=S zEHikpyIFFejd^7MLbL4FZc#sV!zcF wuI4B8KluN8@T(L8B^`NFIbNWU&n62}NzC?QN;8 z6y2=hj-^7Cn$ni`Nzo~7O|?~Krqos~-RASnxmx}G{+RRfectDL?so1u=icXuLkm2= z`q9I6p<#{Z6=k49spj~cw^B!_*KI7VO4X;aJ~proMqlzsY>3Hro{4_sqzV*@r!M!Dczj71aqr`&wB#_Jf3euh#_aR7$mcnrg3 z*aY{ZZ2u5b@Cqhk=T`bWldE-c$5f=}`!NttA^+4BKH8vnuu}fm8S7#y${h^FNX)Ta ziM7e!M{Zu7LAj9|=!G8iz5~|5cGwLYbA2_6N-r!$IdKJYj5>_ckuOm?QiBhwDh%ZU z{n5aQC?l}Mb~nlhoWo9d9X&88M5$&NjJX((uHIBOQIR3NgiMzT;%u^G9Lk6c$9OEo z1hlX#-a_e6Xj|RUG>jt8N7?Tsl##oL(viC;9dF0&%W-|$G5>O*JiB2&Mv%XbGWVZi zdu+ zuq7_RZny;t@C)ReYCuP&VsJXj1uf*J)F&8+D!lriibrYBM>*~}k2 zHp=!WK4k7Epd3FRxp9}Ov>U!c){_cg1<4R6qAZ@7C>J(S?qDZMM=xM9Hs@?If@4tD z$U-!5E4IRu*aNSjjBF@(CyRa@W^#S?8Wod<-%w6uvbS8g66FG?kwH@ate}4Q2+CYO zkDODzg)+x?P!^TJqa^1Uj|`exZhHiS$ZugHHsUV5xxN}og=?tM$TqbSn_v|(DC!CZ zVDnyj(R4@YU<%59qp&fSVMAPEx4(#T!96Hbbrxj`e#J)Ej7PyGC+MVwK7Nlr=*2wvVq+YLA?Sx?C>>gi&2R(Ch#f@Mr@D+XV*c^=^WU4di*#fp z$_b{SydajMEUF4@iAPa7auJ*2&nO*koS^Tl8%l=;qZ~gL?FB*ap^$wvZJs*fNq?1rOI2&bAy@1lu11KH*(DowA{^g%gp zILi47<^9`&%0guQsaLQsevUHqZIkq!48Sb%Vw9o#5Ls{PF3KHsWu@}OsSzlT-!eO| z#9;DkC^yvLVZDDiO76;}B6CxW((`pFJ*z-D@I90rucEvs>hRW(j&(!1a287Ye7k)Y z%Ig0F<#>4{f27ZvHiI&6a{P=@L%$|`rHY6DP)E&^rlQ*1}0K|USj zJgZO^=P{HUI*qbszCn3f9FOQXU{h=%&wo4>IbjwWScWo$D^Pm+HnzgA?Cmv~A31R- z%G^hzj8Hnt{^LdX)XnV0A|@g4~hD{#;*0QjsAag7SD3U~`;}?QspZ#dpxa zYbZnNo30mGILZb3p8G(?X`+hMw+ zal;t@>gSOL8LC2*k(h_lfwkBb-^QQt4)P$Vn~&-5h91LtU6ap58G%NR>&N&}+gg0h;wLAiln za27TkrCpA-$?J~RYpF5HRCYx#Oh)O5D~-w+Do3y#29wB!bd)#PQItEmh>X4p$!1!x z6cg|xl*QF>tX>N#C>@@KJ@71c#CkdWV8s~pz=ha>>#HSHZqu+2*WtEYUXPgO)IUHr z+kT4?v`3B8U)SSs8TmciMdSISg1qSj{WU!T7n8q+CPwDzDL9T3$!}t;JpUufWbv%V z_IM7{u*M|*7{P(~S9}Y(SrwnJ*T4qbOGw{U`vUzYT!!-8A3!<&J1oI5h5D6!24|Aj zE8<v0G^ z{1@&9UqByx1zFc>4>HH90k@HtdZzu>hl%>&Ml#k;-#4e1d*h@U))Ox%epg$JhotG7M`m13Th1^v7oOJ_sYR zB@V$BSd4-AG(L=5F&3|5GKQPg9dM~BRJzmfD#{RDz<6v#uTpR@%2cev4D@3mbir}h z6jx#stU&3|akTKC*cr_gdjGdk&U+h&VdP4sobvoHq4FpVH?SwBGOp6&a+JsA@3uax z^q0>t+h;L}?Wb((uhy%42*%LsQtkWIOL_hLv*Z_}UYdnoIbw6MtHh)pCfsrWZTaWVhr}~IWFLbQe ziy{s)$xCoLzK7D089766!xlo%|^c)u90P-CuC;9~kVd|^8{RNcv%b0}` zuj!|08Agy_wGDdRrROZ;b$#ObD0g}cWzM>6(Jzwu7)`z%W#}&3?SWhM8!pMV5M$WB z8f6Wg#W)P){VtE+V>m*#V-ntRQIY2{db_^Bs~AOo5fiY<4!$HX6Vvb{%3}53sqeG^ zyOSTpws;E@u~~)gKo&-lzl5{!EQaCWU3$A~7L_S99I+cBck7-`M>*jE?1x{XOhsp& ztvUDvN?!AC`b{_-`;c20iFZ++p71^VrvpyK9{3HGV9UML=Xa@RsmP88FbF;O>966| z*qM9)N{?q_2Yd~~@rsiHqfy>iQlbbR+v@T*pRzW1imJb)%BoxS$68oMT(R4(qAb|6 z#BjUKK-QtELChm${k%>{`8#n-=Kp?qoXS|DFR_4FPDlwSqUoSFE+Lu`_e&)0VfG!# zbIzKp{$*4bONnoY`=uk5^LFwSUYELDU;ewi1-?mivQHL3{R`p+;=$62#3ClyjfKd| zPx0{lsr0lnS@Hb{Sr#uf^@_G`^=>!-fs2g;M&xGvh&^e zzFohA>BP6hWxMS@4{=;~l3GLxF^zbSXer~rn95f~58?-+13Sx$M@oI-AJsMe(SU7B zskTKaUlK*cYeY8DhW7S&n~*YxC?|@EUTh0RDJj&u5Y_XaN~NhJ6kjxmXQ+=PBB<|_ z4V3QG`wwgg6AzXxB#rEgdf-0te-a-PnZ#R!A2EhtVE;dSjxQ!|vuLk|=v) z5H=@oM|30lkk7=SM04tE(3i*}<`Q|t)5M3wHDWvw%zl&c9#M~a5|K!~32sCwAw&bY z{vo0v8`j}^Ldq(Q3a35Lu6L&XU^zgNLzEB>wtbDK2q`_t-8iT^;|)ljK(ruM(3VCl zB;;wR{_A!F9+%|*lmc=m5x{{H@GtiE-sE+O-^iybYgF?n&z1%yxu~EZyD+yT##{Y4 ztz&L8qAagg(Vku*B{4=wi5c4_(wxxdkQo&cZmtL!V%`dgH+zK!M;Lj9Movz4&IG6I zreyE3!tAm6PNTGl+T`rw5~ne_IIl3rXxBERq-~g)ADZ4W#!&I`@f;ur8HLX5Vk1AV z&}oF^8nLml*7?wmo>p{w%hS3Z{)@w^*JXmkd^W;ayQE}VQE_gJVcm|n;$hY3*5AX* z>9NYA>F*cJ%`cklEVR$79yNERC0jp5cdcO#jz4DAN=SE@QxbE$oYSjs=|p0fk8?_y zvoObL6qXf?brxG+C)RS9HIojtDHxqyRyx61SeloUU8-+wa(2P!oC(rgS~N*cU>#06 z@9CSJpI;>V7zNIPqT(6mvXso4M!S%bFf$>wm3bj$kU1vR>-Ux^=EtdRt-wcWILxHJ z;Xcmk&YUui)dOMW_RVydzova={+K?=J|w4KWq@2j4`^^mNpMG_tR$~+yb+unZ29)T z?XW@y-f(z!9~)%`Wb~=mHM~pD@Q5x(L}W~tp5~;CW_C-Y(KR9_GTJgTylb0Zj0iL@ zjqr8UG3#ZOT8FdzYdtW{)^9oM9p=<=jm*=|KIYE7?& z?cQU!_qh*Nt*Ba9^#o~!`;hxk)pCPsB^Q`Oy1#0^QME#Ldz02fva5WW=caYCrcS@< zX?;HHoQHMARm)LtJ%^ODTV>T!R?XG&{WYx{3#QaG8$Xq7eZ17CremEs=M8`JYDKW= zzh|EH^)u~iTUo2uI-0l-bJRgPROvq8t}w$-&H#kYMG11HRvRltD0L?E(0ld=zhcC z`n$d?Usd&-`=G(*3im{;)Y`+nR^yoDou{*PXOY-~O^WZ^vkJ z&CWVj;!b}L^MhRt%qx5Sv4dHDu)ZfN&U9AF z`+n6Iux{^v%kfYponaVc7|n}I8rMF$HKgQdWkPzZn^*f diff --git a/plugins/sudoers/po/uk.po b/plugins/sudoers/po/uk.po index 82fa195..7fcab65 100644 --- a/plugins/sudoers/po/uk.po +++ b/plugins/sudoers/po/uk.po @@ -1,13 +1,13 @@ # Ukrainian translation for sudoers. # This file is put in the public domain. # -# Yuri Chornoivan , 2011, 2012. +# Yuri Chornoivan , 2011, 2012, 2013. msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.6b4\n" +"Project-Id-Version: sudoers 1.8.7b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-13 21:39+0300\n" +"POT-Creation-Date: 2013-04-17 15:52-0400\n" +"PO-Revision-Date: 2013-04-19 22:05+0300\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -17,50 +17,57 @@ msgstr "" "Plural-Forms: nplurals=4; plural=n==1 ? 3 : n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" "X-Generator: Lokalize 1.5\n" -#: gram.y:112 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s: %s поблизу рядка %d <<<" +#: confstr.sh:2 +msgid "Password:" +msgstr "Пароль:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** Дані щодо ЗАХИСТУ %h ***" + +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Вибачте, повторіть спробу." -#: plugins/sudoers/alias.c:125 +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "Замінник «%s» вже визначено" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "не вдалося отримати клас входу до системи для користувача %s" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "не вдалося розпочати розпізнавання за BSD" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "некоректний тип розпізнавання" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "не вдалося налаштувати розпізнавання" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "не вдалося прочитати налаштування fwtk" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "не вдалося встановити з’єднання з сервером розпізнавання" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "втрачено зв’язок з сервером розпізнавання" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -69,147 +76,152 @@ msgstr "" "помилка сервера розпізнавання:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format -msgid "%s: unable to unparse princ ('%s'): %s" -msgstr "%s: не вдалося зібрати princ ('%s'): %s" +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s: не вдалося перетворити реєстраційний запис на рядок («%s»): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: не вдалося обробити «%s»: %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format -msgid "%s: unable to resolve ccache: %s" -msgstr "%s: не вдалося визначити ccache: %s" +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s: не вдалося визначити кеш реєстраційних даних: %s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: не вдалося розмістити параметри: %s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: не вдалося отримати реєстраційні дані: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format -msgid "%s: unable to initialize ccache: %s" -msgstr "%s: не вдалося ініціалізувати ccache: %s" +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: не вдалося ініціалізувати кеш реєстраційних даних: %s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format -msgid "%s: unable to store cred in ccache: %s" -msgstr "%s: не вдалося зберегти реєстраційні дані у ccache: %s" +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: не вдалося зберегти реєстраційні дані у кеші: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: не вдалося отримати реєстраційний запис вузла: %s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: спроба перевірки TGT зазнала невдачі! Ймовірно, вас атаковано: %s" -#: plugins/sudoers/auth/pam.c:100 +#: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" msgstr "не вдалося ініціалізувати PAM" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "помилка під час спроби перевірки облікового запису. Ваш обліковий запис заблоковано?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" msgstr "Строк дії облікового запису або пароля збіг, визначте новий пароль і повторіть спробу" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:162 #, c-format -msgid "pam_chauthtok: %s" -msgstr "pam_chauthtok: %s" +msgid "unable to change expired password: %s" +msgstr "не вдалося змінити пароль, строк дії якого завершився: %s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "Строк дії пароля збіг, зверніться до адміністратора вашої системи щодо поновлення пароля" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:171 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Строк дії облікового запису збіг або у файлі налаштувань PAM немає розділу \"account\" для sudo. Повідомте про це адміністратора вашої системи." -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:188 #, c-format -msgid "pam_authenticate: %s" -msgstr "pam_authenticate: %s" +msgid "PAM authentication error: %s" +msgstr "Помилка розпізнавання PAM: %s" -#: plugins/sudoers/auth/pam.c:332 -msgid "Password: " -msgstr "Пароль: " - -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "Пароль:" +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "не вдалося встановити реєстраційні дані: %s" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "вас немає у базі даних %s" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "не вдалося ініціалізувати бібліотеку програмного інтерфейсу до ACE" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "не вдалося встановити зв’язок з сервером SecurID" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "Ідентифікатор користувача заблоковано для розпізнавання SecurID" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "некоректна довжина імені користувача для SecurID" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "некоректний дескриптор розпізнавання для SecurID" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "спроба обміну даними з SecurID зазнала невдачі" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "невідома помилка SecurID" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "некоректна довжина коду пароля для SecurID" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "не вдалося ініціалізувати сеанс SIA" -#: plugins/sudoers/auth/sudo_auth.c:121 -msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." -msgstr "sudo зібрано з підтримкою некоректних способів розпізнавання! Можливе змішування власних і зовнішніх способів розпізнавання." +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "некоректні способи розпізнавання" -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "sudo зібрано з підтримкою некоректних способів розпізнавання! Не можна змішувати власні і зовнішні способи розпізнавання." + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "немає способів розпізнавання" + +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "sudo зібрано без можливостей з взаємодії з інструментами розпізнавання! Якщо ви хочете вимкнути розпізнавання, скористайтеся параметром налаштування --disable-authentication." -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Способи розпізнавання:" @@ -225,10 +237,10 @@ msgstr "getaudit: помилка" msgid "Could not determine audit condition" msgstr "Не вдалося визначити умови аудита" -#: plugins/sudoers/bsm_audit.c:101 +#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160 #, c-format -msgid "getauid failed" -msgstr "помилка getauid" +msgid "getauid: failed" +msgstr "getauid: помилка" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 #, c-format @@ -255,108 +267,40 @@ msgstr "au_to_return32: помилка" msgid "unable to commit audit record" msgstr "не вдалося надіслати запис аудита" -#: plugins/sudoers/bsm_audit.c:160 -#, c-format -msgid "getauid: failed" -msgstr "getauid: помилка" - #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text: помилка" -#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:818 -#, c-format -msgid "unable to open %s" -msgstr "не вдалося відкрити %s" - -#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "не вдалося виконати запис до %s" - -#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 -#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "не вдалося створити каталог %s" - -#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 -#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 -#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 -#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 -#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, %s overflow" -msgstr "внутрішня помилка, переповнення %s" - -#: plugins/sudoers/check.c:460 -#, c-format -msgid "timestamp path too long: %s" -msgstr "шлях часового штампа є занадто довгим: %s" - -#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s існує, але не є каталогом (0%o)" - -#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 -#: plugins/sudoers/check.c:583 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "власником %s є uid %u, має бути uid %u" - -#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "%s доступний до запису невласником (0%o), має бути встановлено режим 0700" - -#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 -#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 -#, c-format -msgid "unable to stat %s" -msgstr "не вдалося виконати stat для %s" - -#: plugins/sudoers/check.c:577 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s існує, але не є звичайним файлом (0%o)" - -#: plugins/sudoers/check.c:589 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "%s доступний до запису невласником (0%o), має бути встановлено режим 0600" - -#: plugins/sudoers/check.c:643 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "занадто далекий часовий штамп у майбутньому: %20.20s" - -#: plugins/sudoers/check.c:690 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "на вдалося вилучити %s (%s), час буде змінено відповідно до епохи" - -#: plugins/sudoers/check.c:698 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "не вдалося встановити для %s час епохи" +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Ми сподіваємося, що ви отримали належні настанови від адміністратора\n" +"локальної системи. Зазвичай, подібні настанови зводяться до такого:\n" +"\n" +" #1) Поважайте конфіденційність даних інших користувачів.\n" +" #2) Обдумайте свої дії, перш ніж виконувати їх.\n" +" #3) Користування широкими правами розширює сферу відповідальності.\n" +"\n" -#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 -#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "невідоме значення uid: %u" -#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "невідомий користувач: %s" @@ -722,187 +666,201 @@ msgstr "Набір дозвільних прав доступу" msgid "Set of limit privileges" msgstr "Набір обмежувальних прав доступу" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Виконувати команди у pty у фоновому режимі" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Створити сеанс PAM для виконання команди" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "Максимальний номер у послідовності журналу введення-виведення" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "невідомий запис типових параметрів «%s»" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "значення «%s» є некоректним для параметра «%s»" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "не вказано значення для «%s»" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "значення для «%s» має починатися з «/»" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "параметру «%s» не потрібно передавати значення" +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 +#, c-format +msgid "internal error, %s overflow" +msgstr "внутрішня помилка, переповнення %s" + #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: помилкове значення envp, невідповідність довжин" -#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 -#, c-format -msgid "unable to allocate memory" -msgstr "не вдалося отримати потрібний об’єм пам’яті" - -#: plugins/sudoers/env.c:992 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "вибачте, вам не дозволено встановлювати такі змінні середовища: %s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s має належати користувачеві з uid %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s має бути доступним до запису лише для власника" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "не вдалося виконати dlopen для %s: %s" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "не вдалося знайти символ «group_plugin» у %s" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: несумісна основна версія додатка обробки груп %d, мало бути — %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Пари локальних IP-адрес і масок мережі:\n" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s існує, але не є каталогом (0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 +#, c-format +msgid "unable to mkdir %s" +msgstr "не вдалося створити каталог %s" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "не вдалося відкрити %s" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "не вдалося прочитати %s" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format -msgid "invalid sequence number %s" -msgstr "некоректний номер у послідовності %s" +msgid "unable to write to %s" +msgstr "не вдалося виконати запис до %s" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "не вдалося створити %s" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 -#, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "не вдалося встановити локаль у значення «%s», використовуємо локаль «C»" - -#: plugins/sudoers/ldap.c:387 +#: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: занадто великий номер порту" -#: plugins/sudoers/ldap.c:410 +#: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: вихід за межі розширеного буфера вузла" -#: plugins/sudoers/ldap.c:440 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "непідтримуваний тип адреси LDAP: %s" -#: plugins/sudoers/ldap.c:469 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "некоректна адреса: %s" -#: plugins/sudoers/ldap.c:475 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "не можна використовувати суміш з адрес ldap і ldaps" -#: plugins/sudoers/ldap.c:479 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "не можна використовувати суміш з ldaps і starttls" -#: plugins/sudoers/ldap.c:498 +#: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: вихід за межі пам’яті під час побудови буфера вузла" -#: plugins/sudoers/ldap.c:572 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "не вдалося ініціалізувати базу даних сертифікатів і ключів SSL: %s" -#: plugins/sudoers/ldap.c:575 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "щоб скористатися SSL, вам слід встановити для TLS_CERT значення %s" -#: plugins/sudoers/ldap.c:992 +#: plugins/sudoers/ldap.c:1062 #, c-format msgid "unable to get GMT time" msgstr "не вдалося отримати гринвіцький час" -#: plugins/sudoers/ldap.c:998 +#: plugins/sudoers/ldap.c:1068 #, c-format msgid "unable to format timestamp" msgstr "не вдалося виконати форматування часового штампа" -#: plugins/sudoers/ldap.c:1006 +#: plugins/sudoers/ldap.c:1076 #, c-format msgid "unable to build time filter" msgstr "не вдалося побудувати фільтр часу" -#: plugins/sudoers/ldap.c:1225 +#: plugins/sudoers/ldap.c:1295 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1: невідповідність розміщення" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1842 #, c-format msgid "" "\n" @@ -911,7 +869,7 @@ msgstr "" "\n" "Роль LDAP: %s\n" -#: plugins/sudoers/ldap.c:1763 +#: plugins/sudoers/ldap.c:1844 #, c-format msgid "" "\n" @@ -920,27 +878,28 @@ msgstr "" "\n" "Роль у LDAP: НЕВІДОМА\n" -#: plugins/sudoers/ldap.c:1810 +#: plugins/sudoers/ldap.c:1891 #, c-format msgid " Order: %s\n" msgstr " Порядок: %s\n" -#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr " Команди:\n" -#: plugins/sudoers/ldap.c:2240 +#: plugins/sudoers/ldap.c:2321 #, c-format msgid "unable to initialize LDAP: %s" msgstr "не вдалося ініціалізувати LDAP: %s" -#: plugins/sudoers/ldap.c:2274 +#: plugins/sudoers/ldap.c:2355 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls вказано, але у бібліотеках LDAP не передбачено підтримки ldap_start_tls_s() або ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2510 +#: plugins/sudoers/ldap.c:2591 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "некоректний атрибут sudoOrder: %s" @@ -955,64 +914,75 @@ msgstr "не вдалося відкрити систему аудита" msgid "unable to send audit message" msgstr "не вдалося надіслати повідомлення аудита" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (команда продовжується) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "не вдалося відкрити файл журналу: %s: %s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "не вдалося заблокувати файл журналу: %s: %s" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Немає користувача або вузла" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "помилка під час спроби перевірки" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "користувача немає у списку sudoers" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "користувача не уповноважено на дії на вузлі" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "виконання команди заборонено" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s немає у файлі sudoers. Запис про подію додано до звіту.\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s заборонено виконувати sudo на %s. Запис про подію додано до звіту.\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Вибачте, користувач %s не має права виконувати sudo на %s.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Вибачте, користувач %s не має права виконувати «%s%s%s» від імені %s%s%s на %s.\n" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "Немає користувача або вузла" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "помилка під час спроби перевірки" - -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 -#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 -#: plugins/sudoers/sudoers.c:1540 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: команду не знайдено" -#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" @@ -1021,11 +991,15 @@ msgstr "" "пропущено «%s» знайдений у «.»\n" "Скористайтеся командою «sudo ./%s», якщо вам потрібно виконати саме «%s»." -#: plugins/sudoers/logging.c:352 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "помилка під час спроби розпізнавання" -#: plugins/sudoers/logging.c:376 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "слід вказати пароль" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" @@ -1034,51 +1008,62 @@ msgstr[1] "%d невдалих спроби введення пароля" msgstr[2] "%d невдалих спроб введення пароля" msgstr[3] "одна невдала спроба введення пароля" -#: plugins/sudoers/logging.c:379 -msgid "a password is required" -msgstr "слід вказати пароль" - -#: plugins/sudoers/logging.c:530 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "не вдалося створити відгалуження" -#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "не вдалося створити відгалуження: %m" -#: plugins/sudoers/logging.c:589 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "не вдалося відкрити канал: %m" -#: plugins/sudoers/logging.c:614 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "не вдалося здублювати stdin: %m" -#: plugins/sudoers/logging.c:650 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "не вдалося виконати %s: %m" -#: plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "внутрішня помилка: недостатньо місця для рядка журналу" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "непідтримуваний тип контрольної суми, %d, для %s" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "%s: помилка читання" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "контрольну суму для %s (%s) подано не у формі %s" + +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "помилка обробки у %s поблизу рядка %d" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "помилка обробки у %s" -#: plugins/sudoers/parse.c:414 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1087,386 +1072,380 @@ msgstr "" "\n" "Запис sudoers:\n" -#: plugins/sudoers/parse.c:416 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " Користувачі для запуску: " -#: plugins/sudoers/parse.c:431 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " Групи для запуску: " -#: plugins/sudoers/parse.c:440 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Параметри: " + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "не вдалося виконати %s" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Додаток правил sudoers версії %s\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Граматична перевірка файла sudoers версії %d\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" Команди:\n" -"\t" +"\n" +"Шлях до sudoers: %s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ": " +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "Шлях до nsswitch: %s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:670 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "не вдалося кешувати uid %u (%s), запис вже існує" +msgid "ldap.conf path: %s\n" +msgstr "Шлях до ldap.conf: %s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "Шлях до ldap.secret: %s\n" + +#: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "не вдалося кешувати uid %u, запис вже існує" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "не вдалося кешувати користувача %s, запис вже існує" -#: plugins/sudoers/pwutil.c:668 -#, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "не вдалося кешувати gid %u (%s), запис вже існує" - -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "не вдалося кешувати gid %u, запис вже існує" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "не вдалося кешувати групу %s, запис вже існує" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "не вдалося кешувати список груп %s, запис вже існує" + +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "не вдалося обробити записи груп %s" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "переповнення стека доступу" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "вичерпання стека доступу" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "не вдалося змінити ідентифікатор групи (gid) root" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "не вдалося змінити gid на runas" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "не вдалося змінити uid на runas" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "не вдалося змінити gid на sudoers" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "забагато процесів" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "не вдалося встановити вектор групи виконання" -#: plugins/sudoers/sssd.c:251 -#, c-format -msgid "Unable to dlopen %s: %s" -msgstr "Не вдалося виконати dlopen для %s: %s" - -#: plugins/sudoers/sssd.c:252 +#: plugins/sudoers/sssd.c:257 #, c-format -msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Не вдалося ініціалізувати джерело SSS. Чи встановлено у вашій системі SSSD?" -#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 -#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:287 +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "не вдалося знайти символ «%s» у %s" -#: plugins/sudoers/sudo_nss.c:267 +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Відповідність записів Defaults для %s на цьому вузлі:\n" -#: plugins/sudoers/sudo_nss.c:280 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Типові значення для запуску від імені і команд для %s:\n" -#: plugins/sudoers/sudo_nss.c:293 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Користувач %s має право виконувати на цьому вузлі такі команди:\n" -#: plugins/sudoers/sudo_nss.c:302 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Користувач %s не має права виконувати sudo на %s.\n" -#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 -#: plugins/sudoers/sudoers.c:953 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "проблема з типовими записами" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "не знайдено коректних джерел даних sudoers, завершення роботи" -#: plugins/sudoers/sudoers.c:268 -#, c-format -msgid "unable to execute %s: %s" -msgstr "не вдалося виконати %s: %s" - -#: plugins/sudoers/sudoers.c:335 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers вказує, що sudo не можна користуватися для виконання команд від root" -#: plugins/sudoers/sudoers.c:342 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "вам не дозволено використовувати параметр -C" -#: plugins/sudoers/sudoers.c:431 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "власник часового штампа (%s): не знайдено користувача з таким іменем" -#: plugins/sudoers/sudoers.c:447 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "немає tty" -#: plugins/sudoers/sudoers.c:448 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "вибачте, для виконання sudo вашому користувачеві потрібен tty" -#: plugins/sudoers/sudoers.c:498 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "команда у поточному каталозі" -#: plugins/sudoers/sudoers.c:510 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "вибачте, вам не дозволено зберігати середовище" -#: plugins/sudoers/sudoers.c:1006 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "не вдалося виконати stat для %s" + +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s не є звичайним файлом" -#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s належить uid %u, має належати %u" -#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "Запис до «%s» можливий для довільного користувача" -#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s належить gid %u, має належати %u" -#: plugins/sudoers/sudoers.c:1043 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "використовувати «-c %s» може лише root" -#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "невідомий клас входу: %s" -#: plugins/sudoers/sudoers.c:1089 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "не вдалося визначити адресу вузла %s" -#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "невідома група: %s" -#: plugins/sudoers/sudoers.c:1190 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Додаток правил sudoers версії %s\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Граматична перевірка файла sudoers версії %d\n" - -#: plugins/sudoers/sudoers.c:1196 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Шлях до sudoers: %s\n" - -#: plugins/sudoers/sudoers.c:1199 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "Шлях до nsswitch: %s\n" - -#: plugins/sudoers/sudoers.c:1201 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "Шлях до ldap.conf: %s\n" - -#: plugins/sudoers/sudoers.c:1202 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "Шлях до ldap.secret: %s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "некоректний параметр фільтрування: %s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "некоректне значення макс. очікування: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "некоректний коефіцієнт швидкості: %s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s, версія %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/timing: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/timing: %s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Відтворення сеансу sudo: %s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Попередження: розміри вашого термінала є замалими для належного показу журналу.\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Встановлено формат журналу %d x %d, тоді як формат термінала — %d x %d." -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "не вдалося перевести tty у режим без обробки даних" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "некоректний рядок у файлі timing: %s" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "запис до стандартного виводу даних" -#: plugins/sudoers/sudoreplay.c:530 +#: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "неоднозначний вираз «%s»" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "забагато виразів у дужках, максимальна можлива кількість — %d" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "зайва дужка, «)», у виразі" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "невідомий ключ пошуку «%s»" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s потребує визначення аргументу" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "некоректний формальний вираз: %s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "не вдалося обробити дату «%s»" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "зайва дужка, «(», у виразі" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "помилкове завершальне «or»" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "помилкове завершальне «!»" -#: plugins/sudoers/sudoreplay.c:1050 -#, c-format -msgid "invalid regex: %s" -msgstr "некоректний формальний вираз: %s" - -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "використання: %s [-h] [-d каталог] [-m макс_очік] [-s коеф_швидкості] ідентифікатор\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "використання: %s [-h] [-d каталог] -l [вираз для пошуку]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1475,7 +1454,7 @@ msgstr "" "%s — відтворення журналів сеансів sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1497,11 +1476,11 @@ msgstr "" " -s коеф_швидк коефіцієнт прискорення або сповільнення виводу даних\n" " -V показати дані щодо версії і завершити роботу" -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\tвідповідника вузла не знайдено" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1509,7 +1488,7 @@ msgstr "" "\n" "Команду дозволено" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" @@ -1517,7 +1496,7 @@ msgstr "" "\n" "Команду заборонено" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1525,90 +1504,132 @@ msgstr "" "\n" "Не знайдено відповідника команди" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "шлях часового штампа є занадто довгим: %s" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "власником %s є uid %u, має бути uid %u" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s доступний до запису невласником (0%o), має бути встановлено режим 0700" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s існує, але не є звичайним файлом (0%o)" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s доступний до запису невласником (0%o), має бути встановлено режим 0600" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "занадто далекий часовий штамп у майбутньому: %20.20s" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "на вдалося вилучити %s, час буде змінено відповідно до епохи" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "не вдалося встановити для %s час епохи" + +#: plugins/sudoers/toke_util.c:176 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: переповнення буфера" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "Граматична перевірка %s, версія %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "натисніть Enter для редагування %s: " -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "помилка запису" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "не вдалося обробити stat файл тимчасових даних (%s), %s не змінено" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "файл тимчасових даних має нульовий об’єм (%s), %s не змінено" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "помилка редактора (%s), %s не змінено" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s не змінено" -#: plugins/sudoers/visudo.c:486 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "не вдалося повторно відкрити файл тимчасових даних (%s), %s не змінено." -#: plugins/sudoers/visudo.c:496 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "не вдалося обробити файл тимчасових даних (%s), невідома помилка" -#: plugins/sudoers/visudo.c:534 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "внутрішня помилка, не вдалося знайти %s у списку!" -#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "не вдалося встановити (uid, gid) %s у значення (%u, %u)" -#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "не вдалося змінити режим доступу до %s на значення 0%o" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s і %s не перебувають у одній файловій системі, використовуємо mv для перейменування" -#: plugins/sudoers/visudo.c:631 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "помилка команди: «%s %s %s», %s не змінено" -#: plugins/sudoers/visudo.c:641 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "помилка перейменування %s, %s не змінено" -#: plugins/sudoers/visudo.c:704 +#: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "А зараз що? " -#: plugins/sudoers/visudo.c:718 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1620,92 +1641,87 @@ msgstr "" " (x) — вийти без внесення змін до файла sudoers\n" " (Q) — вийти зі збереженням файла sudoers (НЕБЕЗПЕЧНО!)\n" -#: plugins/sudoers/visudo.c:759 -#, c-format -msgid "unable to execute %s" -msgstr "не вдалося виконати %s" - -#: plugins/sudoers/visudo.c:766 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "не вдалося виконати %s" -#: plugins/sudoers/visudo.c:792 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: помилковий власник (uid, gid), має бути (%u, %u)\n" -#: plugins/sudoers/visudo.c:799 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: помилкові права доступу, режим доступу має бути 0%o\n" -#: plugins/sudoers/visudo.c:824 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "не вдалося обробити файл %s, невідома помилка" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "помилка обробки у %s поблизу рядка %d\n" -#: plugins/sudoers/visudo.c:840 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "помилка обробки у %s\n" -#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: вдала обробка\n" -#: plugins/sudoers/visudo.c:899 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s зайнято, повторіть спробу пізніше" -#: plugins/sudoers/visudo.c:943 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "вказаного редактора (%s) не існує" -#: plugins/sudoers/visudo.c:966 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "не вдалося виконати stat для редактора (%s)" -#: plugins/sudoers/visudo.c:1014 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "не знайдено жодного редактора (шлях до редактора = %s)" -#: plugins/sudoers/visudo.c:1108 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "Помилка: цикл у %s_Alias «%s»" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "Попередження: цикл у %s_Alias «%s»" -#: plugins/sudoers/visudo.c:1112 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "Помилка: виявлено посилання %s_Alias «%s», яке не визначено" -#: plugins/sudoers/visudo.c:1113 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "Попередження: виявлено посилання %s_Alias «%s», яке не визначено" -#: plugins/sudoers/visudo.c:1248 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: невикористаний %s_Alias %s" -#: plugins/sudoers/visudo.c:1304 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -1714,7 +1730,7 @@ msgstr "" "%s — безпечне редагування файла sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1306 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1734,10 +1750,59 @@ msgstr "" " -s строга перевірка синтаксису\n" " -V показати дані щодо версії і завершити роботу" -#: toke.l:820 +#: toke.l:886 msgid "too many levels of includes" msgstr "занадто високий рівень вкладеності" +#~ msgid "pam_chauthtok: %s" +#~ msgstr "pam_chauthtok: %s" + +#~ msgid "pam_authenticate: %s" +#~ msgstr "pam_authenticate: %s" + +#~ msgid "Password: " +#~ msgstr "Пароль: " + +#~ msgid "getauid failed" +#~ msgstr "помилка getauid" + +#~ msgid "Unable to dlopen %s: %s" +#~ msgstr "Не вдалося виконати dlopen для %s: %s" + +#~ msgid "invalid regex: %s" +#~ msgstr "некоректний формальний вираз: %s" + +#~ msgid ">>> %s: %s near line %d <<<" +#~ msgstr ">>> %s: %s поблизу рядка %d <<<" + +#~ msgid "unable to allocate memory" +#~ msgstr "не вдалося отримати потрібний об’єм пам’яті" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + +#~ msgid "unable to set locale to \"%s\", using \"C\"" +#~ msgstr "не вдалося встановити локаль у значення «%s», використовуємо локаль «C»" + +#~ msgid "" +#~ " Commands:\n" +#~ "\t" +#~ msgstr "" +#~ " Команди:\n" +#~ "\t" + +#~ msgid ": " +#~ msgstr ": " + +#~ msgid "unable to cache uid %u (%s), already exists" +#~ msgstr "не вдалося кешувати uid %u (%s), запис вже існує" + +#~ msgid "unable to cache gid %u (%s), already exists" +#~ msgstr "не вдалося кешувати gid %u (%s), запис вже існує" + +#~ msgid "unable to execute %s: %s" +#~ msgstr "не вдалося виконати %s: %s" + #~ msgid "internal error, expand_prompt() overflow" #~ msgstr "внутрішня помилка, переповнення expand_prompt()" @@ -1765,9 +1830,6 @@ msgstr "занадто високий рівень вкладеності" #~ msgid "set group on %s" #~ msgstr "встановлено групу у %s" -#~ msgid "unable to set group on %s" -#~ msgstr "не вдалося встановити групу на %s" - #~ msgid "unable to fix mode on %s" #~ msgstr "не вдалося виправити режим на %s" diff --git a/plugins/sudoers/po/vi.mo b/plugins/sudoers/po/vi.mo index b41003f0fe2aa2e0a2e7a830cb1ce2cf8fa46583..35f9fb6f50133a5d65e999797116f35429b33713 100644 GIT binary patch delta 10719 zcmai(33yc1^}t_95D0`VEP*8CWg`n_XAOZ6LLgxc5ZS3rW+s_2nVB$4AVL`sZ~+0~ z38Kg@6{sjUYHi{IhKjWnabGCXXhpP$MQy91(%+f)La_aR-~WD``JH>;UCuq{-1{D| zCD86K&$aV^)H7_WLYWw%C^4`$Tv3|PpX(*9igGYoQM$uJ1{+~F>VJYg;aQ`88Oo5K zVRyzyGTCOB6swPaW`N%R6#R*PAHuGR;#b~}QvR46-g z!~XCtNEc-vOoAt2U-&uf0z()q8|Vu2V64IEPz+xS#gqHsAQ*tDtgoC$=?yzF>qs~N z%0%-F+97KwOW|O+1BxMMAb*sv`N@ENll6s4U^?|mC<|?Xvh&}=On3&eq;d`VEhvfj zsR-T;#f7gz!ls0!C<@_J5}pzJK0AMwb1sKOO63+{$u`0G$S^CcVu zd*TLpJ`>7DR>R?N*C6~a6Te5pc-ZS^J$Cb9B=t>@L{;{~A@C)*7=8z_MY#>X=fnG< zEciOa8OpbC6pUfJsLDJj?RP^NcNAiq@}VC^ENjnC92^3>!CRmVutM?71}LsP4mUt0 zTc3C%6jwe6CFwqZgjI>aZJl5q#M{a!D9Ky}CHt2d?f&~wut9kq%D_vo1omWAoTAKu zvXeD%D0~S{fZs#$OcAR}$QD8I&~hjXJ_-4woaLtn>_$S!hTEadl!>A_DtKEdhLfQeN=#2cY*H>kiFE?j zN^VVtGERdyS!oiozVanX9E=;OXKNu0r@j)3LF*xNDb27C{0WL{dy%>QU@4ULN+|O* zKncNvFb2K^BjI@{{l9^dtP!}$ucG9l$iSIU26~{l`eE1~Hp6M~BiIXOatZW?#V{Jq zg|c%WBtMlsP4uC&E>DRANH(&^qd8QQ_=ifqubi5l%c0LN@;BhEB_$%xNe}Zx^ zM2yjQlmo?(5-5hxhqA*pP-46b-ULrTdHxC%L$1J{Frvt>4^RoTU!~X~uz%QYAXriCgB%c&76bp|) zPL}d6lw;CqoL(Oa6R6vv?BHG~{SO-TH=u;zODKj%afYS;ASnH(LNVkvDC0ImNkV_4 z@!%4a?2H_*-vc9|Okjc%f;CWfxYyu|P&{(ZsQ(1TfanQ&a*c=LsT$Z9`VBq+6RAG| z@t|LM3q@jn5vnkxRG%mTcBMWA%8nL5Nk$ixY+nbH;a(_)oq{sYr%;7IL-Al7alo0% zWGDvT2jk&UsLJ_&6GayI21@L2ny9-h3d(@NP;my)SrYB z<5!@J`x_L4{{_V(U8m@$Ck2Wj!=Uspg?>>iC}O}$D6ZKB>jZrP2<4FpE(ViUY71z6WLJ(Y3m#R=|E#^#jp#IbWy?^^m*!F6!qt!jC&Ujh3#+GJyHPYQs3xDS%h*CZh>XX__z+db2$KV9&myG)06@-tv7mBN2heKc_8(aX(jE(*Vl3vPr7!CbpEBOjR zu^K!Ilc-;XrR&NjFf_MsktDezU81HXpJFzHS` z6cb@0^#+(B=YMBV;a@ahKOTG!C1#O#>FhHm>Fz#+WWSMXv z^%XD{9)J?-W+(>7-lNYq3C6R&Qj3xXH$q9aXJK#n3G55Mhmt%!*6AM@rEnZ|AC#Ck z!qKqzdi~<5fIjLQp=>1VUcG-FlykonN=P1o{^2NpLzx9*H|WR03sb1S1he56P<9l( zQO}jJus`(;P+WWvO3Xim`7nHwem|7JN!0Iv(ta9B=sMk}*QeZv{|jiin}#Xy4=@cz zZq_*pipAA19coZQ@B)+xzlD;;SsWcPXcA0?RWKKBGTL8)1E`;aGX6(60_JM?KMAE) zGd_!%4U&9qpV!8y%xUEoJ*$D0M2bcvdTXhfK55;rO!JFYHP(s>$ zn?63(kCI8l6eyN2hmx%aU@80)>;ro}pbr=X#qx3}o>~V7!>6G1`y5JkE8F#pED6fI z3*bn&7K-5~jCTJ8lwmYr{Ea)Z`cVA->E+z z3x`rS8+-_kr2Yn+3L|#$cM4dFABOAk^jjg+H0lt!3i=&|&Z5{`V0s0g{Me8Kw4c|?l1Gt}t#w_ppO(l8%s zMkLO-Oc_9*p2z|8r^Q8BP0h=;M&z7;Rl)d)l9bCy>XGwGw}cr4@#Gns=|5y2j##Ek5nXf|`OT7qvoYBtxqx>Bify_V(WTgxg zDf^K{qEKRy3Zyp!&%zNf9Fa5pXC&8{5H(oj@{+>oQ{s8{k6=yz`6rl#^thp|vQ?Lz z#voy>4e(n-zX>)WavbHK=hKh~bQ`i5nT$voi*(`H5AYCjC-NtxwPYH~tp=m%E9Dc! zZ{{a~hM(X`WC1dm`m68}WHutDjJ7g(5h*bykoFtPHY!geX+~oxyank&|9jypM!R4X z@-K<>Qz-M06qyuh4_-s$3{OL(WYB&Y<|2QT2FmNm!$>!teFuM!NckNShcqBtkYq$k z2{JdR8UKQczE0x56y?`QHKH=vRoD+{E!-c$(vII>A=${M!503x1(qWRkrxm*B4sDy z2x@IVKGY%1zXR47&BG-A9gsVaQe+?!L8sO--cVkIooVk2`@ox#pV7M+&jndXHtmt{ zCMadE4kexXTj=j0tBtmO(7%kI-bTZAgEt~TN;3WDPP1sX~U* z_bzw|$w6NN*CWwLYx&+#RtN(TF+)QA;j^u(*X{Fo)drVOwVCRzs@rO|+UuI|!=j%9+=*SYQWCUb-8s#0Bya(goM zZn*7GBsVaRY_6W{G@@uY)a^6JhnSkv&n3;YHue^N=#2rS7(+K-!h}D zVy_KeNNRL zs7`%4G}P(x2BL5NIV5h1X{p`ebEsum)6`m5HNzMCtWL94b^08YR(BvO(;m`?X-z&R zV;^SS3~_~adsc1WO4g_Cl3Ew>s90!H>%0xv9E^0O$y`(IcKMu^z?-?#+l71G4XUZy zWOrr;qKE8l7l<0JhH8689!j#GzVMwW*MHmC+UaWHiNGgg-V4><9ydvwR5G!v7*wa$lF~A* zwzwo+J5@3<(z>+HPPEiIlgG2f<+hL}+Rr8Vp)QwKD;OWAjT(O~%HuUvGSH@)ug8_d zB4e^Aj0oH@VN!^8Zdkt7TzVn0&gAAa1eXe0FP(Ok)ocAGHU)m1_-RP2)8nhFbGf~& zXl!0mT}`$GjXJljua-8YbKvL6Z-;~qtIX5hnOc&YmytawyUOp{j zhPB=+-X* zIM_~4Z7{BNZr5!b(oC1TI?GGvta^K<&FiQgtre6P_nVV3!RoXIuYr8E+-0@cy=qS8 zkjx?4it>@&D_fe@tKOET->PO?OVeh%cDg(&ewNA3{nPxUI(b}Cxi~6Z3I9b~;9B|4 z5bdEEuLjIBhlcpWi*3z~93pS?Qw${Z?v}=5)GJ#W_d3;+o16EmPFqXk5z${h+S0V& ztX4Mfv8&bgmd5=uPS&69lM3sKMWroGcae%%<)f;(rRh;lYqc!5)2`Oon)jNoUw?jeYPId;AxxLYJIp+0Z_Q5|2Gp__ zr>*TaobGFAX+tr9t(&}OXG`m;_U-wxiACQDn1U=zL=Y@4Vo7l zGohvNQ722vZVA>C;!}W~&3m-+dFQ(@%L8^SWi7LoKEGJ|^M+2TQr&95;Y#(8wv6-z zJEwlU^5JC9$18WHX)W{nXpZ^L1PP;LL(`7nRP2sEZRe7{bWP~kI*>|CS};%a4ETSC z_Q^B1G#>CuZZ$peKXVf!7xvv?gqMtQXgd}xjF;QH!bTPla&ow6syel7YAJhh8F#l9 zwXnD+hIu7-YiusbSFzW=&=Y2B-rt~|UHI;G!vjzM>iu^470m83@}SNp`4qhF$xNaw zzFRH9mEef8_cj>ucQywC_nJ0`T%S#gH&?Y))|-cf$rb`HnkR*{JGoiwY~9#R+*s@K zSmkp-ta`+HZwJ~kMbE3M)J`voj+exh{o(%o+@-9H5v?autka&ain~eg6gXd%8(J_^ zPEYWZ$w3XCVlSEceDKv1JlX7`aj(}n8+*lh43W*50^M)B9MW4)o249>;K3#3dEsf_ z*Zf9%yw=pVr#+6ofpkYs*qCD75oQ@+Zrbr2U4-qX*tysPv`ayM|4*w6LrA~0|9 zoOYdY{E<3+pW3q?HS>l#vof`q{W~)kf_@mUyP?k3e5g+Q(zCm_gfwXK5loP4h5I5? zJMWFwwtJJh1QRsb6U^?wN$-}>z}cmXLt<#2X*K)YW#iPMU%Y%J43^u!YTIzUxj@sF zWw$k)TGkN3y|}L-n7ca*Rjp`wdUqzQm0Li(epn`1vV5d8ayd30;=9jnlExR7pXe2| zh>CK9ueFF@$7p?4OzIkZ$eHJl^sia5YSi`qZ8vG~A|>68ce#-*Els;s3m%Zz;^{+X zI%xk`Q4q!@_n3CGe^CTe6&07LMdf8O`Br~*U&2p!l5~^YxpEHmg*UJ1U2KGoHc8HK zQtSxxHyvOAZ62S+rDkRYyQ@xaEFZBFuW%2w&GXR8_-H!E%YHq)u1;?D$;*c(ms@N& zz49H&_{jgwctyKX6{$V5DiC<$j>3@kW-dIFwqQv=t^1mn+k)}o8pjAG%aFaw8eX|* zIiuXO*NteM+jzHC+ne{YHC|uZskQOQ(r`XJ%r$DA)$ItB-T6wGcI$l|v{CEb+E?q{ zeJv(Vy@ynkdtTmU!HdSjvmx5vd!5?k4P8PU+O?XPu;8ak$cEYdW&L~f7n(k#+Rity zyqdJl_w)&K^UV_&y&?OCYs0-UBO;Z)`<(JJ-tSD)c5Uph%6q^oNzD&>Xrc}B8f*(h>*46r|?Q;7C7HxVoL_0ITv$lR|x%Sa6yHsa8FXuW!Rn~(hWwo|r@)AOlj%k03ZEgeDvUGI+%(VMci zKGHVpds}a~35&Lk8H7!#7-D2qC0kg{UqFJ1s_-|OU#v?!4~}dv2TA!42_b3T delta 9596 zcmajj34B!5y}aELKX;1fP@edb^^$vWl4s~kPIY~keQLBSOy`A zfXH$L1cZXP;Zl%sfuvSxsO8yOwc>k-b%|Dswn%+wU#-^m_n&*iqVMzRm4CkHoO|!t z&kgv8pGWKnMFiiAjoPWWN^MH@!TVyAIz_s3yp$@{jlyo&-O`R-$q&O=EVAE) z?8f`6aXa4A*L=TUfAjfF?80*ska~h@wpHN7?%b$DX>c8mMUDJXuk&L7{uM`KoS{?_ z&cs1jiD`H*Cg2H_`>$aMUcm8~nQYcm7dFUkSYBbSuWL|+T_7; zC^K>^=A$1AFoZdH8Kpym9A-zS;&AfSD9;^2nYlKUj(m;M@l=K{?-i%A{?d@gD!3D~ z$sa*k`*$!MlUP`pks>s38D`=Jlny_S3{t&?ZLI$PI;W$(o;Xf)LrMw#Dz59?h)h|#w z{wa3Fop%4SZ=GIxIl zN_h!Vm8wN~{{R+a@H7bqr(&3Q8Nmn~fqtBXPoT`mWt63grI#`@Ls2TOKmnUlj8efWln=x`D4XgS_QPMIbfgWF@LQA)#}}9*%SGwX9F+H$qKxz|ln(7h8Q3wD zz4CTJ&`f+wK{N&Z$D0ofLg{%a%9O4^>EIfaO?5v?N1IVP_?l%K%JY{|IvmYT>yIfY z9Vte6?^cxhyz>3+OX6;1|EWiC3cian^^OVVNM_<9^7SZF_ZqU_)Ym8@%3-H+;?zQv z<9Dx>Z$Ufx&rt@{eWLk%21-6SpMr z9r!XD_&LgycAaK!vJ8|4rlT~l1m%O(h_dS+$6@%AmH!f@!!dl#g7V@Z64K*QC^In& z}$= z(DJ$Fd#mR%|DAbo4+S^jBPcz8#(LlkN`s%^I8^h@j^?9GsRx(gew57{HQ)T3QX0~> zszTWlCsFRdjZXXy8H*|pE-=^XsO1MJOVIrmv!Qh4AgFnmg%6-q_$tQZMU)Ol-pXG@ zG0}20b|C*gCgTN^=VN|ke&`G=ARly)$RSaQGL?IAA)delj3Xlr55}Rm2xa$f##DR( zWoKhVwQP6X-QY+;_D0o>QI#ki389SqkI24KG0eZzv)J+;EG6H9Qg5dU^VfSmGFhqt1GKNs zlBmO}ZhDC=n1l{?RveDU0-T2$cj9DBtE2*~M_G~!ScJW*%n>g^nW0lS2D^F8`_pj} z`E3{+MdBO@S+nlUs~yMTL@dX0d>Eg`XnI$SCvYBqhcYvBtIgB19lMbKDGtYL{6moE=Z!B#4WcewF6J$Nu0jQ97%M8 z`6Zi=tdd%ZvKQXLJF$18nLmWGrfn!Qk@jPyIKj$|GSx3(E=H}UEzCn%qM#-r6`#Sb zm~*>1r4uYS;y}t@N4A0b3T5ice`0RVChS9g5BA3AuowOw6Y(N;#~ap|$2k$DLj_2^ zLA9QQRPY$eCj1qS!7osHoWT<1pbO>2U6_pLF&@9g9vHjU?9d=&_SG2dg2zw>_9FJj z*RT*TVUe8w>^sc03}6B`4xYZrd zqnM0mPg;Abc!E5F-1 zUMNd=77I{qG*8udoKLn9<+Qzy4(zvy`IixtY%+h}ufnP151?$KPjMhdZ8n!84Kv9v zL}_3%=HYK}EJojBmKULvug4<%10p@n!9)* zN{4)w_gWr7S<};&AEE4-h^=Nl!%+sX98+;C4#N{D?foT4LK;fkX0GuZlr;{Zyr@w| zdIB@??=YmZn@<|-QG`xWF zVTje{gOhLo`6W0K*P(Q%8KvQWpd8l$_n8%zp_DhFJpU9?BbflmG<$-lL0uNiBM;T%FJ?0e7KpXj~{P-=dA=1fhPq`P3XJi#UZYgVptxEIe6H%S540LnVbeIk+gnB@Nw zOkQ|UH_AP(UMMHwpF|#MnPC}JFrLhK>!F(|I6!<&6ceKfx!4j{E}6Pqo`3pE3DZmd zGxGmMJW1q}&%xUXxt=1Ti9#ZWdve7RXJ!2tkVvIaHkn+*iATdJ{^^C2i6;p5Pxzw) z;p+i@a@y1dGpjD5?1Q(6Tdgt!pCO`%CPMbp5kjtC5tn8C+piyySV~MG`0y!CX86kB z=V&?@gPRFN zB>e%w-n;HfCKn=BSfyTkgm})%w=>F0$X9PVG26;d!b`*{;xrNbGe6P@xqeB!K^!B# zBjoB}bx6`##GR7h`aSUnVj}lvV$n6vkquuH`8kO4VK@!n#ZlICUxc4v{F=lDoG4W|)*A^v2QwbP0BmBM2sZ< zj~L9u@~M@p8}UEkl=-7O_wFI-K)F67YKg}PCoz!nbo`Q#>keWqQBREF-XN5#gme}W zUjIoXk|e{`6%ArL>BU4g>7#OkYXs@(#CxP8F`1BS2oA&o;w$2J#2iAd9>gugAtI7! zAmqv>RuaLtCC4?EO1{Mj#8Ber#0=uv>v1wYtVSd7dGhZQ|4qy%ULxX%a)ODy?s}2j z86tsbxq2t4W?B_4w+iFPrxT^*A0~Da&k~)8Yp-Qw-npjW@1)lgONcI3`4sBeKzbu_ zlIUl(^)u4(L~onb&BJ7dTQ~b-AM&Y0E>TQ=HO?jaklu$~iABUZ!b5B$UL!syDhWH! z)!{#gn@CR}#*o_Z%;|oZ>fapu?qHHR0H&HD2e?lB2eocJ;s-eJ5^yI}V{IT^wA^Fb4zsTPf zdboFPWIuzesJ5oY>8+ujg@D(&wAyX>Yf05P>wRvcuHNHy8L5sGpCe5_ zlQOMeo}u#d^LasDGQ4hQy;1G)x{Z_yW9-73q6C?IS=(Up)ZS%A-B|*EUWQ2-FCr7%=YU|wIJY$*D zQ|+!$&On*Jw#?n&c9l8nD{1w*@_M&FQ12a<^SxqUVCizV%m2Mnzq{c|k#>%KQs<0& zGPBa{cLpjvS8k|qfv2Lq9V^>jRp{Mu!)-dNz!mLo2v6{ag0wE~l>xWcqxX+LHL#}48Sq!Ry?&3&={J|5&RJ9D zs*+-V?Fwljw6O4eWLIZ(b*(&O)VOPE>l<}?@%$T%)D&NuUR!L}tBXrJ1?Y21puH?v ze_K3D*Oxd#&y_^k^m~&sI>{UcsDY)^{U-MgB~8w^>Ah3_pzoWy!m8_EQ(JmUJLVp+ zr}*qcjDXMMtu*XK_Rtg4zO?Bb`(ky+nVmxK%{Xg|9IH)Z^p#%;BvCEd2Vz@R<@CytB1_`LOW+q&@ar+)2r4c=u5LZ z+_a*q^%>e)QPtM6uTEd=-8VF0&OV!d|K>BH$L8kRddX&=-qy0gTV?J1_Do0ZTrl8< z8Ldxxt8~+Xl+YUs+M?P|z|lqH^v8<^b|`8M8P#pgFX)uT@9X#_`T85(Q6FC7j=6dU zbhjl*`rx|gpltUmhr;TWpI)suDm`t@hdsv1Kx13;i~jGQpX(m2e)(9yaMimj41aws z!@AmzlGAhDvrF4rwi>B+nOKs8WpX_ zX~H~&y1cxoi{0OP&_g4&^w(?G&zAdihV!kcaz+-4S$Zxa)YrYu7S8JB!Lj;_W$9*S zKxJ-daphE-twJBEy0=rgtGd?bURGaQh8t%|*8awL~KN;A8YUDphXl~<< zNZT|$eMc{TURu&q$L*XI`sDVNwj}$_?DzU96OF>FXN=uw*SDp64ITi9%GQU#H{_}P0tCroKAAYKS zc=PJ_>WBBPe6)Ue%lvYM%ag3e!c7_tt%qEO?98WK`urW!Vwe`rH-8*@*7_tpZJj4d z`m4WKH&$1!@2)4TFYRbAEGjk%XHBu|1M4g2T>buC+id$s@c${xGp;Q>z1_*a3vb_* z0jD9`OZRE&lf^!Xxw)<7DWjsTr-xgC)@MA1y|&)2k2SreLwCNcr`|QJtFNtPyWwwZK2*zoKin7!+*M?=d;jyN zHe1K(&o&%4r{bZzYZjGf@Im%Dl)v?4qv2xuws^z6Xg`z`H9uTuc;P88XTJ3i>)+P0 zS;^P=KYX%v)y9E(#m0u1I(L1I;qyCPD?%4Ho{36yh3k|v?Kf^~J;|g{f6G4o=)D`P z&+pK!xjJ=g!*!o>Df`P-uim+Bie9_@#?Y|sU2Wk*q^Iu4=;-rTc=%nJQln4pn4(|b z(K#yoOX(Ya*N4|VRi`G{E9+|mb!Bzcfl80pZheeWblc8^&|1CGrhPl_Gb`-6t4Ut3 z(XZ^9sAG38Fnbm9?7q=9m{ZxZ*~u5_, 2012. +# This file is put in the public domain. +# Trần Ngọc Quân , 2012-2013. # msgid "" msgstr "" -"Project-Id-Version: sudoers-1.8.6b4\n" +"Project-Id-Version: sudoers-1.8.7b3\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-09-01 15:08+0700\n" +"POT-Creation-Date: 2013-04-24 11:10-0400\n" +"PO-Revision-Date: 2013-04-28 07:08+0700\n" "Last-Translator: Trần Ngọc Quân \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"Language-Team-Website: \n" "Plural-Forms: nplurals=2; plural=1;\n" "X-Poedit-SourceCharset: UTF-8\n" +"X-Generator: Poedit 1.5.5\n" -#: gram.y:112 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s: %s gần dòng %d <<<" +#: confstr.sh:2 +msgid "Password:" +msgstr "Mật khẩu:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** Thông tin AN NINH cho %h ***" + +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "Rất tiếc, hãy thử lại sau." -#: plugins/sudoers/alias.c:125 +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" -msgstr "Bí danh `%s' đã được định nghĩa rồi" +msgstr "Bí danh “%s” đã được định nghĩa rồi" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "không thể lấy lớp đăng nhập cho tài khoản %s" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "không thể khởi chạy xác thực kiểu bsd" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "kiểu xác thực sai" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "không thể cài đặt xác thực" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "không thể đọc cấu hình fwtk" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "không thể kết nối tới máy chủ xác thực" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "mất kết nối đến máy phục vụ xác thực" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -70,294 +78,192 @@ msgstr "" "lỗi máy phục vụ xác thực:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format -msgid "%s: unable to unparse princ ('%s'): %s" -msgstr "%s: không thể bỏ phân tích cú pháp princ ('%s'): %s" +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s: không thể chuyển đổi principal sang chuỗi (“%s”): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" -msgstr "%s: không thể phân tích '%s': %s" +msgstr "%s: không thể phân tích “%s”: %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format -msgid "%s: unable to resolve ccache: %s" -msgstr "%s: không thể giải quyết ccache: %s" +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s: không thể phân giải bộ nhớ đệm “credential”: %s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: không thể phân bổ các tùy chọn: %s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: không thể lấy giấy ủy nhiệm: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format -msgid "%s: unable to initialize ccache: %s" -msgstr "%s: không thể khởi tạo ccache: %s" +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: không thể khởi tạo bộ nhớ đệm “credential”: %s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format -msgid "%s: unable to store cred in ccache: %s" -msgstr "%s: không thể lưu cred trong ccache: %s" +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: không thể cất giữ “credential” trong bộ nhớ tạm: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: không thể lấy tên máy chủ chính: %s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" -msgstr "%s: Không thể thẩm tra TGT! Có lẽ bị tấn công!: %s" +msgstr "%s: Không thể thẩm tra TGT! Gần như chắc chắn là bị tấn công!: %s" -#: plugins/sudoers/auth/pam.c:100 +#: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" msgstr "không thể khởi tạo PAM" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "xác thực tài khoản gặp lỗi nghiêm trọng, có phải tài khoản của bạn đã bị khóa?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" -msgstr "Mật khẩu hay tài khoản đã hết hạn sử dụng, đặt lại mật khẩu của bạn và thử lại" +msgstr "Mật khẩu hay tài khoản đã hết hạn sử dụng, hãy đặt lại mật khẩu của bạn và thử lại" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:162 #, c-format -msgid "pam_chauthtok: %s" -msgstr "pam_chauthtok: %s" +msgid "unable to change expired password: %s" +msgstr "không thể thay đổi mật khẩu đã hết hạn: %s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "Mật khẩu đã hết hạn dùng, hãy liên lạc với quản trị hệ thống" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:171 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" -msgstr "Tài khoản hết hạn hoặc cấu hình PAM không có phiên \"tài khoản\" cho sudo, hãy liên hệ với người quản trị" +msgstr "Tài khoản hết hạn hoặc cấu hình PAM không có phiên “tài khoản” cho sudo, hãy liên hệ với người quản trị" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:188 #, c-format -msgid "pam_authenticate: %s" -msgstr "pam_authenticate: %s" +msgid "PAM authentication error: %s" +msgstr "lỗi xác thực PAM: %s" -#: plugins/sudoers/auth/pam.c:332 -msgid "Password: " -msgstr "Mật khẩu: " - -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "Mật khẩu:" +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "không thể thiết lập giấy ủy nhiệm: %s" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "bạn không tồn tại trong cơ sở dữ liệu %s" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" -msgstr "gặp lỗi khi khởi tạo thư viện \"ACE API\"" +msgstr "gặp lỗi khi khởi tạo thư viện “ACE API”" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "không thể liên lạc được với máy chủ SecurID" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" -msgstr "ID người dùng bị khóa với \"SecurID Authentication\"" +msgstr "ID người dùng bị khóa với “SecurID Authentication”" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "sai chiều dài tên tài khoản cho SecurID" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "sai Bộ Tiếp Hợp Xác Thực cho SecurID" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "Truyền thông với SecurID gặp lỗi" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "không hiểu lỗi SecurID" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "sai chiều dài passcode cho SecurID" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "không thể khởi tạo phiên SIA" -#: plugins/sudoers/auth/sudo_auth.c:121 -msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." -msgstr "Sai phương thức xác thực được dịch vào trong sudo! Bạn có thể pha trộn kiểu xác thực giữa standalone và non-standalone" +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "Phương thức xác thực không hợp lệ" + +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "Phương thức xác thực không hợp lệ được biên dịch vào trong sudo! Bạn không thể pha trộn kiểu xác thực giữa standalone và non-standalone" -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "chưa có phương thức xác" + +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "Ở đây không có phương thức xác thực nào được dịch vào trong sudo! Nếu bạn muốn tắt xác thực, sử dụng tùy chọn cấu hình --disable-authentication" -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "Phương thức xác thực:" -#: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63 -#: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116 -#: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172 -#, c-format -msgid "getaudit: failed" -msgstr "getaudit: gặp lỗi" - #: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153 -#, c-format msgid "Could not determine audit condition" msgstr "Không thể xác định điều kiện audit" -#: plugins/sudoers/bsm_audit.c:101 -#, c-format -msgid "getauid failed" -msgstr "getauid gặp lỗi" - -#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 -#, c-format -msgid "au_open: failed" -msgstr "au_open: gặp lỗi" - -#: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174 -#, c-format -msgid "au_to_subject: failed" -msgstr "au_to_subject: gặp lỗi" - -#: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178 -#, c-format -msgid "au_to_exec_args: failed" -msgstr "au_to_exec_args: gặp lỗi" - -#: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187 -#, c-format -msgid "au_to_return32: failed" -msgstr "au_to_return32: gặp lỗi" - #: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190 -#, c-format msgid "unable to commit audit record" msgstr "không thể chuyển giao bản ghi audit" -#: plugins/sudoers/bsm_audit.c:160 -#, c-format -msgid "getauid: failed" -msgstr "getauid: gặp lỗi" - -#: plugins/sudoers/bsm_audit.c:183 -#, c-format -msgid "au_to_text: failed" -msgstr "au_to_text: gặp lỗi" - -#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:818 -#, c-format -msgid "unable to open %s" -msgstr "không mở được %s" - -#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "không thể ghi vào %s" - -#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 -#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "không thể tạo thư mục mkdir '%s'" - -#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 -#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 -#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 -#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 -#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, %s overflow" -msgstr "lỗi nội bộ, %s bị tràn" - -#: plugins/sudoers/check.c:460 -#, c-format -msgid "timestamp path too long: %s" -msgstr "đường dẫn timestamp quá dài: %s" - -#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s tồn tại nhưng không phải là một thư mục (0%o)" - -#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 -#: plugins/sudoers/check.c:583 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "%s được sở hữu bởi uid %u, nên là %u" - -#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "%s có thể được ghi bởi người không sở hữu nó (0%o), cần đặt chế độ 0700" - -#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 -#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 -#, c-format -msgid "unable to stat %s" -msgstr "không thể lấy trạng thái về %s" - -#: plugins/sudoers/check.c:577 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s đã sẵn có nhưng không phải là một tập tin bình thường (0%o)" - -#: plugins/sudoers/check.c:589 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "%s có thể được ghi bởi người không sở hữu nó (0%o), cần đặt chế độ 0600" - -#: plugins/sudoers/check.c:643 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "timestamp nằm quá xa ở tương lai: %20.20s" - -#: plugins/sudoers/check.c:690 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "không thể gỡ bỏ %s (%s), sẽ đặt lại thành epoch" - -#: plugins/sudoers/check.c:698 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "không thể đặt lại %s thành epoch" +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Chúng tôi tin rằng bạn đã nhận được bài giảng từ Quản trị Hệ thống\n" +"nội bộ. Có thể tóm lược chúng lại thành một số điểm quan trọng sau:\n" +"\n" +" #1) Tôn trọng sự riêng tư của người khác.\n" +" #2) Nghĩ trước khi gõ một lệnh.\n" +" #3) Quyền lực lớn đi kèm với trách nhiệm lớn.\n" +"\n" -#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 -#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "không biết UID: %u" -#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "không hiểu người dùng: %s" @@ -383,7 +289,7 @@ msgstr "Đặt nhắc OTP (mật khẩu dùng một lần) tại dòng nó sở #: plugins/sudoers/def_data.c:43 msgid "Ignore '.' in $PATH" -msgstr "Lờ đi '.' trong $PATH" +msgstr "Lờ đi “.” trong $PATH" #: plugins/sudoers/def_data.c:47 msgid "Always send mail when sudo is run" @@ -522,7 +428,7 @@ msgstr "Umask để sử dụng hoặc 0777 để sử dụng của người dù #: plugins/sudoers/def_data.c:175 #, c-format msgid "Path to log file: %s" -msgstr "Đường dẫn tới tập tin nhật ký: '%s'" +msgstr "Đường dẫn tới tập tin nhật ký: “%s”" #: plugins/sudoers/def_data.c:179 #, c-format @@ -576,7 +482,7 @@ msgstr "Lời nhắc nhập mật khẩu mặc định: %s" #: plugins/sudoers/def_data.c:219 msgid "If set, passprompt will override system prompt in all cases." -msgstr "Nếu được đặt, lời nhắc mật khẩu sẽ dè lên dấu nhắc hệ thống trong mọi trường hợp." +msgstr "Nếu được đặt, lời nhắc mật khẩu sẽ đè lên dấu nhắc hệ thống trong mọi trường hợp." #: plugins/sudoers/def_data.c:223 #, c-format @@ -596,12 +502,12 @@ msgstr "Đường dẫn tới trình biên soạn để sử dụng cho lệnh v #: plugins/sudoers/def_data.c:235 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" -msgstr "Khi được yêu cầu mật khẩu cho 'liệt kê' lệnh-giả: %s" +msgstr "Khi được yêu cầu mật khẩu cho “liệt kê” lệnh-giả: %s" #: plugins/sudoers/def_data.c:239 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" -msgstr "Khi được yêu cầu mật khẩu cho 'thẩm tra' lệnh-giả: %s" +msgstr "Khi được yêu cầu mật khẩu cho “thẩm tra” lệnh-giả: %s" #: plugins/sudoers/def_data.c:243 msgid "Preload the dummy exec functions contained in the sudo_noexec library" @@ -614,11 +520,11 @@ msgstr "Nếu thư mục LDAP đã bật, chúng tôi sẽ lờ đi tập tin su #: plugins/sudoers/def_data.c:251 #, c-format msgid "File descriptors >= %d will be closed before executing a command" -msgstr "Các mô tả tập tin >= %d sẽ bị đóng trước khi chạy một lệnh" +msgstr "Các bộ mô tả tập tin >= %d sẽ bị đóng trước khi chạy một lệnh" #: plugins/sudoers/def_data.c:255 msgid "If set, users may override the value of `closefrom' with the -C option" -msgstr "Nếu được đặt, người dùng có thể ghi đè lên giá trị của `closefrom' bằng tùy chọn -C" +msgstr "Nếu được đặt, người dùng có thể ghi đè lên giá trị của “closefrom” bằng tùy chọn -C" #: plugins/sudoers/def_data.c:259 msgid "Allow users to set arbitrary environment variables" @@ -717,237 +623,246 @@ msgstr "Đặt người dùng trong utmp thành người dùng runasr, không ph #: plugins/sudoers/def_data.c:347 msgid "Set of permitted privileges" -msgstr "Đặt đặc quyền" +msgstr "Tập hợp các đặc quyền được phép" #: plugins/sudoers/def_data.c:351 msgid "Set of limit privileges" -msgstr "Đặt các quyền bị giới hạn" +msgstr "Tập hợp các quyền bị giới hạn" + +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "Chạy các câu lệnh trên một pty trong nền hệ thống" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "Tạo một phiên PAM mới để lệnh chạy với nó" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "Số lượng nhật ký I/O đã đạt ngưỡng tối đa" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" -msgstr "không hiểu mục mặc định `%s'" +msgstr "không hiểu mục mặc định “%s”" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" -msgstr "giá trị `%s' là không hợp lệ cho tùy chọn `%s'" +msgstr "giá trị “%s” là không hợp lệ cho tùy chọn “%s”" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" -msgstr "chưa chỉ ra giá trị cho \"%s\"" +msgstr "chưa chỉ ra giá trị cho “%s”" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" -msgstr "giá trị cho `%s' phải bắt đầu bằng một '/'" +msgstr "giá trị cho “%s” phải bắt đầu bằng một “/”" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" -msgstr "tùy chọn `%s' không chấp nhận giá trị" +msgstr "tùy chọn “%s” không nhận giá trị" -#: plugins/sudoers/env.c:367 +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 #, c-format +msgid "internal error, %s overflow" +msgstr "lỗi nội bộ, %s bị tràn" + +#: plugins/sudoers/env.c:367 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp sai hỏng, chiều dài không khớp" -#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 -#, c-format -msgid "unable to allocate memory" -msgstr "không thể cấp phát vùng nhớ" - -#: plugins/sudoers/env.c:992 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "rất tiếc, bạn không được phép đặt các biến môi trường sau đây: %1s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s phải được sở hữu bởi uid %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s phải là những thứ chỉ có thể ghi bởi chủ sở hữu" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "không thể dlopen %s: %s" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" -msgstr "không tìm thấy ký hiệu \"group_plugin\" trong %s" +msgstr "không tìm thấy ký hiệu “group_plugin” trong %s" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: phiên bản số lớn phần bổ xung nhóm không tương thích %d, mong đợi %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "Cặp địa chỉ IP và mặt nạ cục bộ:\n" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 #, c-format -msgid "unable to read %s" -msgstr "không thể đọc %s" +msgid "%s exists but is not a directory (0%o)" +msgstr "%s tồn tại nhưng không phải là một thư mục (0%o)" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 #, c-format -msgid "invalid sequence number %s" -msgstr "sai số tạo dãy %s" +msgid "unable to mkdir %s" +msgstr "không thể tạo thư mục mkdir “%s”" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 #, c-format -msgid "unable to create %s" -msgstr "không thể tạo '%s'" +msgid "unable to open %s" +msgstr "không mở được %s" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 +#, c-format +msgid "unable to read %s" +msgstr "không thể đọc %s" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "không thể đặt địa phương thành \"%s\", sẽ dùng \"C\"" +msgid "unable to write to %s" +msgstr "không thể ghi vào %s" -#: plugins/sudoers/ldap.c:387 +#: plugins/sudoers/iolog.c:334 #, c-format +msgid "unable to create %s" +msgstr "không thể tạo “%s”" + +#: plugins/sudoers/ldap.c:385 msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports: cổng quá lớn" -#: plugins/sudoers/ldap.c:410 -#, c-format +#: plugins/sudoers/ldap.c:408 msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports: hết bộ nhớ để mở rộng hostbuf" -#: plugins/sudoers/ldap.c:440 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" -msgstr "không hỗ trợ kiểu \"LDAP uri\": %s" +msgstr "không hỗ trợ kiểu “LDAP uri”: %s" -#: plugins/sudoers/ldap.c:469 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "URI không hợp lệ: %s" -#: plugins/sudoers/ldap.c:475 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "không thể trộn ldap và ldaps URIs" -#: plugins/sudoers/ldap.c:479 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "không thể trộn ldaps và starttls" -#: plugins/sudoers/ldap.c:498 -#, c-format +#: plugins/sudoers/ldap.c:496 msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri: hết bộ nhớ để xây dựng hostbuf" -#: plugins/sudoers/ldap.c:572 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "không thể khởi tạo chứng nhận SSL và csdl khóa: %s" -#: plugins/sudoers/ldap.c:575 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "bạn phải đặt TLS_CERT trong %s để sử dụng SSL" -#: plugins/sudoers/ldap.c:992 +#: plugins/sudoers/ldap.c:1062 #, c-format msgid "unable to get GMT time" msgstr "không thể lấy giờ quốc tế (GMT)" -#: plugins/sudoers/ldap.c:998 +#: plugins/sudoers/ldap.c:1068 #, c-format msgid "unable to format timestamp" msgstr "không thể định dạng dấu-vết-thời-gian" -#: plugins/sudoers/ldap.c:1006 +#: plugins/sudoers/ldap.c:1076 #, c-format msgid "unable to build time filter" msgstr "không thể xây dựng bộ lọc thời gian" -#: plugins/sudoers/ldap.c:1225 -#, c-format +#: plugins/sudoers/ldap.c:1295 msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 phân bổ không khớp" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1842 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" "\n" -"LDAP Role: %s\n" +"Vai trò LDAP: %s\n" -#: plugins/sudoers/ldap.c:1763 +#: plugins/sudoers/ldap.c:1844 #, c-format msgid "" "\n" "LDAP Role: UNKNOWN\n" msgstr "" "\n" -"LDAP Role: KHÔNG HIỂU\n" +"Vai trò LDAP: KHÔNG HIỂU\n" -#: plugins/sudoers/ldap.c:1810 +#: plugins/sudoers/ldap.c:1891 #, c-format msgid " Order: %s\n" msgstr " Thứ tự: %s\n" -#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr " Lệnh:\n" -#: plugins/sudoers/ldap.c:2240 +#: plugins/sudoers/ldap.c:2321 #, c-format msgid "unable to initialize LDAP: %s" msgstr "không thể khởi tạo LDAP: %s" -#: plugins/sudoers/ldap.c:2274 +#: plugins/sudoers/ldap.c:2355 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls được chỉ ra nhưng thư viện LDAP không hỗ trợ ldap_start_tls_s() hoặc ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2510 +#: plugins/sudoers/ldap.c:2591 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "thuộc tính sudoOrder không hợp lệ: %s" #: plugins/sudoers/linux_audit.c:57 -#, c-format msgid "unable to open audit system" msgstr "không thể mở hệ thống audit" @@ -956,128 +871,152 @@ msgstr "không thể mở hệ thống audit" msgid "unable to send audit message" msgstr "không thể gửi thông tin audit" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (lệnh tiếp tục) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "không thể mở tập tin nhật ký: %s: %s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "không thể khóa tập tin nhật ký: %s: %s" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "Không có tài khoản hay tên máy chủ" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "việc phê chuẩn thất bại" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "tài khoản KHÔNG có trong sudoers" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "tài khoản KHÔNG được cho phép sử dụng trên máy chủ" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "lệnh không được phép" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s không trong tập tin sudoers. Sự việc này sẽ được báo cáo.\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s không được phép chạy lệnh sudo trên %s. Sự việc này sẽ được báo cáo.\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Rất tiếc, tài khoảnr %s không được chạy lệnh sudo trên %s.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" -msgstr "Rất tiếc, tài khoản %s không được phép thi hành '%s%s%s' như là %s%s%s trên %s.\n" - -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "Không có tài khoản hay tên máy chủ" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "việc phê chuẩn thất bại" +msgstr "Rất tiếc, tài khoản %s không được phép thi hành “%s%s%s” như là %s%s%s trên %s.\n" -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 -#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 -#: plugins/sudoers/sudoers.c:1540 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s: không tìm thấy lệnh" -#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" "Use `sudo ./%s' if this is the `%s' you wish to run." msgstr "" -"đang bỏ qua `%s' được tìm thấy trong '.'\n" -"Sử dụng `sudo ./%s' nếu đây là `%s' bạn muốn chạy." +"đang bỏ qua “%s” được tìm thấy trong “.”\n" +"Sử dụng “sudo ./%s” nếu đây là “%s” bạn muốn chạy." -#: plugins/sudoers/logging.c:352 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" -msgstr "lỗi xác thực" +msgstr "xác thực gặp lỗi nghiêm trọng" -#: plugins/sudoers/logging.c:376 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "bắt buộc phải có mật khẩu" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "đã sai mật khẩu %d lần" msgstr[1] "đã sai mật khẩu %d lần" -#: plugins/sudoers/logging.c:379 -msgid "a password is required" -msgstr "bắt buộc phải có mật khẩu" - -#: plugins/sudoers/logging.c:530 -#, c-format +#: plugins/sudoers/logging.c:566 msgid "unable to fork" msgstr "không thể tạo tiến trình con" -#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "không thể tạo tiến trình con: %m" -#: plugins/sudoers/logging.c:589 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" -msgstr "không thể mở ống: %m" +msgstr "không thể mở ống dẫn lệnh: %m" -#: plugins/sudoers/logging.c:614 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" -msgstr "không thể dup stdin: %m" +msgstr "không thể dup (nhân bản) stdin: %m" -#: plugins/sudoers/logging.c:650 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "không thể thực thi %s: %m" -#: plugins/sudoers/logging.c:865 -#, c-format +#: plugins/sudoers/logging.c:899 msgid "internal error: insufficient space for log line" msgstr "lỗi nội bộ: thiếu khoảng trống cho dòng ghi nhật ký" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "không hỗ trợ kiểu tóm lược %d dành cho %s" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "%s: lỗi đọc" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "tóm lược cho %s (%s) không ở dạng thức %s" + +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "lỗi phân tích trong %s gần dòng %d" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "gặp lỗi phân tích trong %s" -#: plugins/sudoers/parse.c:414 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1086,386 +1025,369 @@ msgstr "" "\n" "Mục Sudoers:\n" -#: plugins/sudoers/parse.c:416 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " ChạyVớiTưCách: " -#: plugins/sudoers/parse.c:431 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " -msgstr " ChạyNhưMìnhỞNhóm: " +msgstr " ChạyNhưỞNhóm: " + +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " Tùy chọn:" + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "không thể thực thi %s" -#: plugins/sudoers/parse.c:440 +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Phiên bạn phần bổ xung chính sách Sudoers %s\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Phiên bản ngữ pháp tập tin Sudoers %d\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" Lệnh:\n" -"\t" +"\n" +"Đường dẫn Sudoers: %s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ": " +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "đường dẫn nsswitch: %s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:670 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "không thể lưu nhớ tạm uid %u (%s), đã có sẵn rồi" +msgid "ldap.conf path: %s\n" +msgstr "đường dẫn ldap.conf: %s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "đường dẫn ldap.secret: %s\n" + +#: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "không thể lưu nhớ tạm uid %u, đã có sẵn rồi" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "không thể lưu nhớ tạm tài khoản %s, đã có sẵn rồi" -#: plugins/sudoers/pwutil.c:668 -#, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "không thể lưu nhớ tạm gid %u (%s), đã có sẵn rồi" - -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:386 #, c-format msgid "unable to cache gid %u, already exists" msgstr "không thể lưu nhớ tạm gid %u, đã có sẵn rồi" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:422 #, c-format msgid "unable to cache group %s, already exists" msgstr "không thể lưu nhớ tạm nhóm %s, đã có sẵn rồi" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:578 plugins/sudoers/pwutil.c:600 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "không thể lưu nhớ tạm danh sách nhóm cho %s, đã có sẵn rồi" + +#: plugins/sudoers/pwutil.c:598 +#, c-format +msgid "unable to parse groups for %s" +msgstr "không thể phân tích nhóm cho %s" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" -msgstr "perm stack bị tràn" +msgstr "stack perm bị tràn" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "perm stack tràn ngầm" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "không thể thay đổi chỉ số nhóm gid của siêu người dùng root" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "không thể thay đổi thành runas gid" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "không thể thay đổi thành runas uid" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "không thể thay đổi thành gid sudoers" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "quá nhiều tiến trình" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "không thể đặt véc-tơ nhóm runas" -#: plugins/sudoers/sssd.c:251 +#: plugins/sudoers/sssd.c:257 #, c-format -msgid "Unable to dlopen %s: %s" -msgstr "Không thể dlopen %s: %s" +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "không thể khởi tạo nguồn SSS. SSSD đã được cài đặt trên máy của bạn chưa vậy?" -#: plugins/sudoers/sssd.c:252 -#, c-format -msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" -msgstr "Không thể khởi tạo nguồn SSS. SSSD đã được cài đặt trên máy của bạn chưa vậy?" - -#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 -#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:287 +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" -msgstr "không thể tìm thấy ký hiệu \"%s\" trong %s" +msgstr "không thể tìm thấy ký hiệu “%s” trong %s" -#: plugins/sudoers/sudo_nss.c:267 +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "Các mục mặc định khớp cho %s trên máy này:\n" -#: plugins/sudoers/sudo_nss.c:280 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas và Đặc-tả-lệnh mặc định cho %s:\n" -#: plugins/sudoers/sudo_nss.c:293 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "Người dùng %s có thể chạy những lệnh sau trên máy này:\n" -#: plugins/sudoers/sudo_nss.c:302 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Tài khoản %s không được phép thi hành sudo trên %s.\n" -#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 -#: plugins/sudoers/sudoers.c:953 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "trục trặc với các mục mặc định" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "không có người dùng hợp lệ nào được tìm thấy, đang thoát ra" -#: plugins/sudoers/sudoers.c:268 -#, c-format -msgid "unable to execute %s: %s" -msgstr "không thể thực thi %s: %s" - -#: plugins/sudoers/sudoers.c:335 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers đã ghi rõ là siêu người dùng (root) không được phép chạy sudo" -#: plugins/sudoers/sudoers.c:342 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "bạn không được phép sử dụng tùy chọn -C" -#: plugins/sudoers/sudoers.c:431 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "người sở hữu timestamp (%s): Không có người dùng nào như vậy" -#: plugins/sudoers/sudoers.c:447 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "không có tty" -#: plugins/sudoers/sudoers.c:448 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "rất tiếc, bạn phải có tty mới có thể chạy sudo" -#: plugins/sudoers/sudoers.c:498 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "lệnh trong thư mục hiện hành" -#: plugins/sudoers/sudoers.c:510 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "rất tiếc, bạn không được phép giữ lại môi trường" -#: plugins/sudoers/sudoers.c:1006 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "không thể lấy trạng thái về %s" + +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s không phải tập tin thường" -#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s được sở hữu bởi uid %u, nên là %u" -#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "%s ai ghi cũng được" -#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s được sở hữu bởi gid %u, nên là %u" -#: plugins/sudoers/sudoers.c:1043 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" -msgstr "chỉ có siêu người dùng (root) mới có thể sử dụng tùy chọn `-c %s'" +msgstr "chỉ có siêu người dùng (root) mới có thể sử dụng tùy chọn “-c %s”" -#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "không rõ lớp đăng nhập: %s" -#: plugins/sudoers/sudoers.c:1089 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "không thể phân giải địa chỉ của máy %s" -#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "không nhận ra nhóm: %s" -#: plugins/sudoers/sudoers.c:1190 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Phiên bạn phần bổ xung chính sách Sudoers %s\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Phiên bản ngữ pháp tập tin Sudoers %d\n" - -#: plugins/sudoers/sudoers.c:1196 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Đường dẫn Sudoers: %s\n" - -#: plugins/sudoers/sudoers.c:1199 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "đường dẫn nsswitch: %s\n" - -#: plugins/sudoers/sudoers.c:1201 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "đường dẫn ldap.conf: %s\n" - -#: plugins/sudoers/sudoers.c:1202 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "đường dẫn ldap.secret: %s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "tùy chọn lọc không hợp lệ: %s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "thời gian chờ tối đa không hợp lệ: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "sai hệ số nhân tốc độ: %s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s phiên bản %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/thời-gian: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/thời-gian: %s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "Đang chạy lại phiên sudo: %s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Cảnh báo: thiết bị cuối quá nhỏ để có thể chạy nhật ký một cách đúng đắn.\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Định dạng của nhật ký là %d x %d, định dạng của thiết bị cuối là %d x %d." -#: plugins/sudoers/sudoreplay.c:401 -#, c-format +#: plugins/sudoers/sudoreplay.c:400 msgid "unable to set tty to raw mode" msgstr "không thể đặt thiết bị tty chế độ raw (thô)" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "sai dòng ghi thời gian trong tập tin: %s" -#: plugins/sudoers/sudoreplay.c:501 -#, c-format +#: plugins/sudoers/sudoreplay.c:499 msgid "writing to standard output" msgstr "ghi vào đầu ra tiêu chuẩn" -#: plugins/sudoers/sudoreplay.c:530 -#, c-format -msgid "nanosleep: tv_sec %ld, tv_nsec %ld" -msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" - -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" -msgstr "biểu thức không rõ ràng \"%s\"" +msgstr "biểu thức không rõ ràng “%s”" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "có quá nhiều biểu thức trong dấu ngoặc đơn, tối đa là %d" -#: plugins/sudoers/sudoreplay.c:696 -#, c-format +#: plugins/sudoers/sudoreplay.c:694 msgid "unmatched ')' in expression" -msgstr "thiếu ')' trong biểu thức" +msgstr "thiếu “)” trong biểu thức" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" -msgstr "không hiểu giới hạn tìm kiếm \"%s\"" +msgstr "không hiểu giới hạn tìm kiếm “%s”" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s yêu cầu một đối số" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "biểu thức chính quy không hợp lệ: %s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" -msgstr "không thể phân tích ngày tháng \"%s\"" +msgstr "không thể phân tích ngày tháng “%s”" -#: plugins/sudoers/sudoreplay.c:739 -#, c-format +#: plugins/sudoers/sudoreplay.c:737 msgid "unmatched '(' in expression" -msgstr "thiếu '(' trong biểu thức" +msgstr "thiếu “(” trong biểu thức" -#: plugins/sudoers/sudoreplay.c:741 -#, c-format +#: plugins/sudoers/sudoreplay.c:739 msgid "illegal trailing \"or\"" -msgstr "sai đuôi \"or\"" +msgstr "sai đuôi “or”" -#: plugins/sudoers/sudoreplay.c:743 -#, c-format +#: plugins/sudoers/sudoreplay.c:741 msgid "illegal trailing \"!\"" -msgstr "sai đuôi \"!\"" - -#: plugins/sudoers/sudoreplay.c:1050 -#, c-format -msgid "invalid regex: %s" -msgstr "biểu thức chính quy không hợp lệ: %s" +msgstr "sai đuôi “!”" -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "cách dùng: %s [-h] [-d thư-mục] [-m chờ-tối-đa] [-s hệ-số-tốc-độ] ID\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "usage: %s [-h] [-d thư-mục] -l [biểu thức tìm kiếm]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1474,7 +1396,7 @@ msgstr "" "%s - chạy lại nhật ký phiên sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1488,19 +1410,19 @@ msgid "" msgstr "" "\n" "Tùy chọn:\n" -" -d thư-mục chỉ định thư mục cho nhật ký phiên\n" +" -d thư-mục chỉ định thư mục cho nhật ký phiên\n" " -f filter chỉ định kiểu V/R để hiển thị\n" " -h hiển thị thông tin trợ giúp rồi thoát\n" -" -l [biểu thức] liệt kê ID phiên mà nó khớp với biểu thức\n" +" -l [biểu thức] liệt kê ID phiên mà nó khớp với biểu thức\n" " -m max_wait số giây tối đa sẽ chờ giữa hai sự kiện\n" " -s speed_factor tăng hoặc giảm tốc kết xuất\n" " -V hiển thị thông tin về phiên bản rồi thoát" -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\tmáy chủ không khớp" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1508,15 +1430,15 @@ msgstr "" "\n" "Lệnh được phép" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" msgstr "" "\n" -"Lệnh không được phép" +"Lệnh bị từ chối" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1524,90 +1446,131 @@ msgstr "" "\n" "Lệnh không khớp" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "đường dẫn timestamp quá dài: %s" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "%s được sở hữu bởi uid %u, nên là %u" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s có thể được ghi bởi người không sở hữu nó (0%o), cần đặt chế độ 0700" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s đã sẵn có nhưng không phải là một tập tin bình thường (0%o)" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s có thể được ghi bởi người không sở hữu nó (0%o), cần đặt chế độ 0600" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "timestamp nằm quá xa ở tương lai: %20.20s" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "không thể gỡ bỏ %s, sẽ đặt lại thành epoch" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "không thể đặt lại %s thành epoch" + +#: plugins/sudoers/toke_util.c:176 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args: bộ đệm bị tràn" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s phiên bản ngữ pháp %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "bấm phím để trở về chỉnh sửa %s:" -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 -#, c-format +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 msgid "write error" msgstr "lỗi ghi" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" -msgstr "không thể lấy thống kê tập tin tạm (%s), %s không thay đổi." +msgstr "không thể lấy thống kê tập tin tạm (%s), %s không thay đổi gì." -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" -msgstr "tệp tin (%s) có chiều dài bằng không, %s không thay đổi" +msgstr "tệp tin tạm (%s) có chiều dài bằng không, %s không thay đổi gì" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" -msgstr "trình biên soạn (%s) gặp lỗi, %s không thay đổi" +msgstr "trình biên soạn (%s) gặp lỗi, %s không thay đổi gì" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s không thay đổi" -#: plugins/sudoers/visudo.c:486 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." -msgstr "không thể mở lại tập tin tạm (%s), %s không thay đổi." +msgstr "không thể mở lại tập tin tạm (%s), %s không thay đổi gì." -#: plugins/sudoers/visudo.c:496 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "không thể phân tích tập tin tạm (%s), lỗi chưa được biết" -#: plugins/sudoers/visudo.c:534 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "lỗi hệ thống, không thể tìm thấy %s trong danh sách!" -#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "không thể đặt (uid, gid) của %s thành (%u, %u)" -#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "không thể chuyển đổi chế độ của %s thành 0%o" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s và %s không ở trên cùng một hệ thống tập tin, sử dụng lệnh mv để đổi tên" -#: plugins/sudoers/visudo.c:631 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" -msgstr "thực hiện lệnh gặp lỗi: '%s %s %s', %s không thay đổi" +msgstr "thực hiện lệnh gặp lỗi: “%s %s %s”, %s không thay đổi" -#: plugins/sudoers/visudo.c:641 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "gặp lỗi khi đổi tên %s, %s không thay đổi" -#: plugins/sudoers/visudo.c:704 +#: plugins/sudoers/visudo.c:695 msgid "What now? " -msgstr "Vậy làm gì?" +msgstr "Vậy làm gì bây giờ? " -#: plugins/sudoers/visudo.c:718 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1619,92 +1582,87 @@ msgstr "" " e(x) thoát ra mà không ghi lại tập tin sudoerse\n" " (Q)Thoát ra và ghi lại tập tin sudoers (NGUY HIỂM!)\n" -#: plugins/sudoers/visudo.c:759 -#, c-format -msgid "unable to execute %s" -msgstr "không thể thực thi %s" - -#: plugins/sudoers/visudo.c:766 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "không thể chạy %s" -#: plugins/sudoers/visudo.c:792 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: sai sở hữu (uid, gid) đáng lẽ là (%u, %u)\n" -#: plugins/sudoers/visudo.c:799 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: phân quyền sai, phải ở chế độ 0%o\n" -#: plugins/sudoers/visudo.c:824 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "gặp lỗi khi phân tích tập tin %s, không rõ bị lỗi gì" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "lỗi phân tích trong %s gần dòng %d\n" -#: plugins/sudoers/visudo.c:840 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "gặp lỗi phân tích trong %s\n" -#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s: kiểm duyệt OK\n" -#: plugins/sudoers/visudo.c:899 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s đang bận, hãy thử lại sau" -#: plugins/sudoers/visudo.c:943 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "trình biên soạn đã chỉ ra (%s) không tồn tại" -#: plugins/sudoers/visudo.c:966 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "không thể lấy thống kê trình biên soạn (%s)" -#: plugins/sudoers/visudo.c:1014 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "không tìm thấy trình biên soạn (đường dẫn của nó = %s)" -#: plugins/sudoers/visudo.c:1108 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" -msgstr "Lỗi: cycle (vòng tròn) trong %s_Alias `%s'" +msgstr "Lỗi: cycle (vòng tròn) trong %s_Alias “%s”" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" -msgstr "Cảnh báo: cycle (vòng tròn) trong %s_Alias `%s'" +msgstr "Cảnh báo: cycle (vòng tròn) trong %s_Alias “%s”" -#: plugins/sudoers/visudo.c:1112 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" -msgstr "Lỗi: %s_Bí_danh `%s' được tham chiếu nhưng chưa được định nghĩa" +msgstr "Lỗi: %s_Bí_danh “%s” được tham chiếu nhưng chưa được định nghĩa" -#: plugins/sudoers/visudo.c:1113 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" -msgstr "Cảnh báo: %s_Bí_danh `%s' được tham chiếu nhưng chưa được định nghĩa" +msgstr "Cảnh báo: %s_Bí_danh “%s” được tham chiếu nhưng chưa được định nghĩa" -#: plugins/sudoers/visudo.c:1248 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s: không dùng %s_Bí_danh %s" -#: plugins/sudoers/visudo.c:1304 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -1713,7 +1671,7 @@ msgstr "" "%s - sửa tập tin sudoers một cách an toàn\n" "\n" -#: plugins/sudoers/visudo.c:1306 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1733,6 +1691,79 @@ msgstr "" " -s kiểm tra cú pháp ngặt nghèo\n" " -V hiển thị thông tin về phiên bản rổi thoát" -#: toke.l:820 +#: toke.l:886 msgid "too many levels of includes" msgstr "quá nhiều cấp bao gồm (include)" + +#~ msgid "getaudit: failed" +#~ msgstr "getaudit: gặp lỗi" + +#~ msgid "getauid: failed" +#~ msgstr "getauid: gặp lỗi" + +#~ msgid "au_open: failed" +#~ msgstr "au_open: gặp lỗi" + +#~ msgid "au_to_subject: failed" +#~ msgstr "au_to_subject: gặp lỗi" + +#~ msgid "au_to_exec_args: failed" +#~ msgstr "au_to_exec_args: gặp lỗi" + +#~ msgid "au_to_return32: failed" +#~ msgstr "au_to_return32: gặp lỗi" + +#~ msgid "au_to_text: failed" +#~ msgstr "au_to_text: gặp lỗi" + +#~ msgid "nanosleep: tv_sec %ld, tv_nsec %ld" +#~ msgstr "nanosleep: tv_sec %ld, tv_nsec %ld" + +#~ msgid "pam_chauthtok: %s" +#~ msgstr "pam_chauthtok: %s" + +#~ msgid "pam_authenticate: %s" +#~ msgstr "pam_authenticate: %s" + +#~ msgid "Password: " +#~ msgstr "Mật khẩu: " + +#~ msgid "getauid failed" +#~ msgstr "getauid gặp lỗi" + +#~ msgid "Unable to dlopen %s: %s" +#~ msgstr "Không thể dlopen %s: %s" + +#~ msgid "invalid regex: %s" +#~ msgstr "biểu thức chính quy không hợp lệ: %s" + +#~ msgid ">>> %s: %s near line %d <<<" +#~ msgstr ">>> %s: %s gần dòng %d <<<" + +#~ msgid "unable to allocate memory" +#~ msgstr "không thể cấp phát bộ nhớ" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + +#~ msgid "unable to set locale to \"%s\", using \"C\"" +#~ msgstr "không thể đặt địa phương thành “%s”, sẽ dùng “C”" + +#~ msgid "" +#~ " Commands:\n" +#~ "\t" +#~ msgstr "" +#~ " Lệnh:\n" +#~ "\t" + +#~ msgid ": " +#~ msgstr ": " + +#~ msgid "unable to cache uid %u (%s), already exists" +#~ msgstr "không thể lưu nhớ tạm uid %u (%s), đã có sẵn rồi" + +#~ msgid "unable to cache gid %u (%s), already exists" +#~ msgstr "không thể lưu nhớ tạm gid %u (%s), đã có sẵn rồi" + +#~ msgid "unable to execute %s: %s" +#~ msgstr "không thể thực thi %s: %s" diff --git a/plugins/sudoers/po/zh_CN.mo b/plugins/sudoers/po/zh_CN.mo index f671a5162e6b3da52f6e9acaf727cbcf234ca408..adcb6d9260bee7a9b01b4b71d14756c14f53b612 100644 GIT binary patch delta 9296 zcmZA62YeJ|{>Sl2C`t%5G-(-9AfbfNA(Rj#lmOC{CU=^$z)F%0yBi>gw=^jN0*(km zP*Iw+po8ZRpoqjrBywB*+^nKSvVQh;Ra-pjN>>G-$foZS~EJ8 zk4Dv7gqp}h0TTQ%F7T6x|G*a5EYq&g1+_A{sHI$vTd^9|@Hm!7OX)`qd;^^BS6Z|34$4Qyb5TAZcWvmU;o^;31ra z5wtLyuZ$Xc2iXPVJDiNY8I|_50yTjHsJ*_7I$I5g+w~?PyJ7ew{Tl~KB;p4+8o$Ok z9LmYmfNn*7+3v-5_#A3!FX1hy>FUgM#P-+|_1qY2i*vCxdYtk#sQw)bP4MDb=VCbL!I`QocnL11{gvO ztRW{+14uzlWN3hd8kmAza3OMljr(yTo<}Wl(@`sR5;>Q~pHKsA#kMhi%zUufLCX-KKd9;K> zP3j6^F;&p6A|3)%j4~=XPs>5lhiua+;#y-?* zbq2MRuVGINp@}W0*bVnX9k!{cfs~@!U4{Bk?M0pXOE>_pU_b@!ZnH<+8&z=vYQ*zU zE8<1HMw?Ls*^8RtamUwCGpj|dOe`<`AWXp=oQHb861An(s1>_3mG#$Q`IG|LXqsU( z#a^h94?)dz25QgmLmk5X*au(3gE9QW1Y44?oMHc4@`Pgzs{D0qjh9h-{|~%@4QI0c zr8Lm+c6(&LJM1OefDsIs0N>MJdK*sMZ6h5M6JXX)XEvN?XA28HNj!1 z6}by_e}904N#Y!8W*?y%jGbc-q#X_+-y3ykicov}D0ahYY>SssOZA>F1GPe*pbqEXaWpo$ z)6VCiwrU}21$Lq)P=kCQ0>)($X%zf`8bEhGZyMQHY>yRqH|{{4+J9j-cK?NaMiw}( zMm=AN!|*h!_R>ZJK!Abi%U=) z?MD;OqB^>aI;=O}ZFevLJCUE`=toUpJ8D3$q8T9ZcM^lKS-#!SSX2jI9D@&FF20F; zb&Z4q`x`$GJCfgudj1IJ;7d3iV+-x}ZpTdWYfxt_h`sSL2GsCPMfS+1U{~_1Q5Bv* z&FGJqj^Cp??C!GnJ_k+mx1;WtqXzgmR$|z>zjlFrNDrXeJBKEQ7O?(JNHkt(kE|tX zCPN&jqAD!JRD1}#V>J%NPf-Kyu*lx?iKzTq)QXaY@Z_})fs$rp|-O6>mx%Rs#)B{&41M83YpWvsyTQhR_;p`QByvoYRd zZ`EW}KY^tr`j9w|z3?*jz{X|v(r2J%Iu}*G6>r7oQ1AaYsQU3s?6)He$%9lCiJ28>+Q!1x_;}0ZS<8?GKW~sd*NvHt~LmiqKj?1tG`AXCwJ&sNA zJ=9iwiW)$(W%dBmP;bE~WXX*JRJ$uMa0>~GgqG+8rsF%P0sY|Ea=Be08QW4m0yVQ4 z*dLcT9zf0P1Du0jquQOuiPYP%6m^DzI0QecVEr|NgcbHoMxZLVP&3$!+LA*~{uS&- z{?Dj0V%%%bs2S?4q@wQUpaxioTDdijhn@SE(4_qOy{x~Mro~FTfdQxvr=n(3jB02L zcEDp!{#D1TsI7>-&#vDZwL%%#9>=2Y&&M`cj2h5t%)mnd5;~3VVLPltb@U^uf%d<$ zm$)x#s|qjyS7Jxpj{Wc$j>S(oy!UlU&pU=Ai0%QE$a&)P!EZ7(7FKMm$L9s?iVq zN3T)*PT{Fo{FWF@I$gE6+F_oPUQWI<>4r{T_s0^emEd}YI7VzD;&|o})U||onV3r1 z6R2w>5$(Sfg)^c>%!IVAb2bJaMI(o@L4^M5{gUAAG43XG4WzsXC*%HT$$x*&lDyz# z^#%PsF@?B;xQ*wz0>%b@wU4?i;%087*f*np(Wv||!JB3brTkr-Naz|)v~`}17Vx7F z*v9${28k2ItHgL>GSP!NFJOx1?;$aqf`ix$-^2MtEa{z?in>fkePZjcKPf@^Q%=D? z9N;{6ob>BXc{j>3h_I6v`rEL%*8gMWxH|H{7#tMM@j)R!kaQPf9O?S&I}#?*hO&R* zH$?sQWPJiV5u=@YT^$=c9&nxu@DG;g-+s!sCH_u)r3{x&wXQpfn}`HuxO&k@K0ZL` zTcPV|LZ@Dr-WpwvoX(WKM%+*Qj(Cm8A-Dq3f5#2BGtqxMR*)V-G$68^a<`+t3%VN6 z@FhG%d`j#h9wT&R*hGI9^Xql;B|j_w2k8;f!9~x%eP=uDAlBJgBasL6m(z!Yi}(w% zhRCG+1N;S1N2HPeAFRKUNo*ksor3H5Jkgxz{^OM0=eSklBGS#KXh@qMBGr%p-0lenadg0>9$t=T{3Ftom6& zE$Kd#>Hp~*b;`$*)|E+2B0ZfLNn|_azodLGv4VJx_$zTcQGcb9Xl*|mFgBAJP5gn- zrEm9b#0cV_#Cal*C?Kv7SxzS(k=8Yvm`dDGhO3mAM)XpKt0|F7oqpI4AHwNGJn8l^ ztmEIvd_hbiS`(wVaT;}vC*1^lViLZsLg$)*j}q??H*vob?;@ThhLN9($(TSiA>Jfk zOngq16AOvP+Q&9TA~B1IBXn&eejQEmuN}vFek9R@c*`m1fQ^V(h?ztZo#_e@!-!Qx zE^(1qOY|k`ufR*B{!Qrr|6Rp7#01g}u|M8Q#1QpY8Hq9EBltDZfpk-%yYq~{{z3dB z@mu13q8rhh_<_)M(#AfsZ;)9;93i^U(2$s5^Uebs1mb49Oux6>=Qk@n<>sRNr7qL! zDs;J*x{6HyB9~e2E6*=Bi(Q5Oa<9u=;PsS5i;F#l6wj>i`CTP(IYlMzQn%0V&G&n} z8RkU4U8}glEbzFCeP)qoS*hvwsG^VF7I|Izb(b#mWd-8mOs?d9>E;ZVuZ(V@&6j!I zOY;jWOwR(-LoKf_!+xxPx_LVl7n=pH1s=wuG5agZT+ZzQ>E>*=f04P+>&o|=Wu9d& zuUY6RarvAQFI{*_eeMExvD;sf5f^7zV-gdZOfB=fDb6yjyAubd4E32=W~$FfjV98l zUy@&1L_4K^cWJq+D4m4N;i#S6Wj^3tN<+x@4<#`(P!X8yu_cWFkj)1dva!45LCgaf#N*aW^{n{P_h`Tx1shw4)p;&PwL^VZk-yC&gHw49T)ynGjAW%lGmg zM7xTPT@O7rajA7nUQO`(yiiP+QeSylnaAs=M`!9fekph7|O--n%V# z(11Rf1N-zFV)h%9HK;%7%*?oHQ~S(tEp=;?`;2Apv&{aP{i4tH&m@`EzkhJ*)VPL$ zxbVguwKd0UU)*0?QxjfuBy{H4x|(gZH4oMWYwBtquRFQFZu|Psj@{SRJauiumfCac zBZr^jx3+p!WaII=J?p~3BjI)1YR_%Hw*TzaRcqqHtEgs0o;wrXchG()T)C;XdK0%l zKfmX{FM8yUrc^r6-YQKU`OHxUS|zc+=s?{w;dzgC}NQkF^fY8esip z)~}m{)<1gf;YTA?RaWKf^vuvH7N(~5f|d5uE1w>@a6G*A$=d33p%c66jvuP6em3pO zs>)Q~l~w!Ftv}9gZ~boeZSkQEC&F7#)}6OPCw5!roWb3HUf>K$gA4C^A{^WqsyyO6 zS}~`SRWoNwdwmFa-$N%ih3-GXUWQj!MPL42bN?FKH?(nYsOB7-QCod9{KzR5JNgNz zJ-;VXwU2FzyttjYMXCwb|z@$7sa&HS0!@tK%{DQXu~M zkJi;}tUFd!Tm69DuhZ$bt~+DnBUNWO6p^Z(>{xKZqTR8VOdS=PtOTe2hA%G)re`K~AIAvxsKNX8I{fh2$cr1om5}g JR$yPu{{k~Zx_JNq delta 8261 zcmZYD4SbLF{>Sm_w=oPGo10;{Hv7$nHJf2W+Zg6vau*5n+t{)j?Z!>YkBZ!d&gG_5 zN+R8fesy#vNjc|qoYd*)j!s1kbt*c#lWxxI{ky(8`v0$o&+qyDey{KM`rcj__4$gB z-FJleKaQ%m!QvY2v8-5JA8uI(NjGV!Qp;*aVKZ!QjK@gwJunLMOnw5kAU_kE(S9M` zi>uqa?K^aI>!)G_^#&l%@mpg|K>;@B#vD|KcVItskU!Qx`00cfFbiAQmKB4eFcD{A zGOoc^_#*25TR0fcVJ@b|xzCvs)X$7bXyh+qTRejNvCi?6fZ_3$)f!W=3Ff0_Fb;d5 z&$tO2lK(q0dFvh2M83u_3}N(Lu@NR=Pi#s5)>IOGu^RQ@-AEhj0BRtgq6SirACguw zs)Lbe<;wF1ZR8oYoZ*wJfQ?Jyn-F&q8;No*sbC9OlY%j(F}RPkEWicG?6 zti~J+U^-qz4Jfg*JJ4a6LB14KZ!2o$PND{K2{rH}rmuE`lGuNBRALI2VjB4;P<#I& zcEK1nRx6T+HqOLUyc;#(y~rf3cQF@#H23?`SQD6ynYaw~+ygimf9k^eYY+3-m}s1b z9dH%)#3!)~Paw~5SJ~$uMVE~zw^#NXsR!Z=Xm5nMdMYUUx^l80}8u(`ziEaF> ziz+6gmUIki>F&aN@DNhhx}H`V=wf7-tmm;29>;JzjVzXR9(9;wy1S=81yw#6d6ZRw zYQF^sq5lvGCTE4S?wUa_?1j~sk58dixl>MwX+E zPhlLsfxYo7)XF9@J01F&ID!7Hog^FzenmaVp|(2Shw9)cvPf2IPS6M(g4)Xs$TO{1 zP<#9x>QLFdN_x&LWYMg(#)H_A{6);gXl5Bs|JFDX^kGdy?pd3#6~2uuigga#U~FIa z(DXtLa4@RgRBVYg7=^1$`4&`%FQB&SUDOu*g3;KHSHZ6br;@O7D5}BDs0J%hTN1#w zcpRJIw-|w8>_a5B#L?)*7FdHC&`NBFkDylUCFFcsXHhHGI@`Se{rS3RAUB~NFc0;C zSdBVVyRieliWj=>Tn)HP3S1< z%$z~JEuJCn7cd6f>;2Crp$ASu8*5NYxDhqd*DwxGnfvwGA3Zn`wf9-56&jAJKMOVR zyDaR__kam>Id|9E!~^D&NsnW&1( zQA@rB^&zQ6t!Ikt| zO-M|qpd0qUdoTwNqRxhAvTH21Cf^&ga5QQlD^PF8UepSHg8GhlZgl^>kcb?3YdmV@ zwqhsTgTeRzT@o=ATts!ygzv1438)SRp=MNtdhix(hp!nwK@I#eY9OgMx$P%nFY@zI z&v_R0{Ev{Yw)HIz;`~{eQ{8_!EW&j1f5x`>1FAvvH208oMb3>?hI-(u*c~sRmO5^_ z`{5dbe0{AN)WG&(2Rx6eA5q{=CWgd%YfQd>mE&Iu6GF;DeYo!@d6=YDK;` z`FNju*z$}cQ3INYn!qCCMpV09sJG{skM~~{f2AN36ARrDPDAbSI+H()TFT4V3Db+* zEt`NUuQ2%?m_Ysjw!+hxgqKl=I$@^kWNblx-Auo`MB6FQ(j3En7(UB=P(BVLUy3bp zuknbve+qLcZ&=Jl7})^qbv* zJ&ihSCvYJCglgD-w)>XM#bok-M0I=ubv9a+y07&>>`Zl=}2D}N??gi9J zyoo*Z_x~kRA>|f#kB6fg6rf&1KWYy*oAN&y-$%{(TU5QKmG0jSNvQTiP!pSpHZDM| z%x2U;_Fw}2TZfgv^O%G!s@&J`1;CZ@}fK2cJZ}H4WyvhixG0 zP?w@6^qBDos{VJV3B}H1{k2EE=eY&rFphi$>d@Sa8sHXejeAgM;cuu1)uHM)p6?Dg z1=ZmQ)QZ-i?r%n|*h{GXPM{|8^L*A{Gi}d17lZv!`SHeTj3n=%I^KpY@qj6R7h908 zGyaI`IPzBaFP{u-PTq&Dum;u7YSe_b`$=et_hTEpfYBJf&|Q%Zm_|Me^;XPAjeL!9 z7ivInq6T^z)xkHY`b}?hJL-;l&Ja|+TT%7=D@o{3Y{OVQf*RT9sEQ%CyA`9bEBUV2 z11F;DuR<;HPSjQ%M!k+7p(gYNs$JM3_j&24`~YMCeyf~BdkXGGHQbJE@pgTx`i|8IVh30z~BGh=JT6g?U%iBOAO1 z@|#Gxz8AysBg{1Qz7E!4{tk&7iH>f;|NAYZB-@mR)3_n&%O?LE{@tX%!{Nji#932z zg~qh&MWz8Un3zW#COT;SSCTkI^d`P1x>7k6bu}a252oCo=GV^rJLwrlTNnB6piY9I#wi2Pld_q?maSP!;rW{v49`X|oAg&=^B1RHdUr&;WHl2px zUhqIMJ-~aCTtx@KIH=Dv1tr?Q$CdE+)a7~@h75#>1!A1mP9*`8Rj-J8Rlk3j3u8$^dtt6Ux?#~ zSkez*Br%1!gD4@^5pNM+5wnPR>dnC)iKe6n5V@pV;iIU_OEg#i`-v!SJcJJuy6$(e zQYde0(y64czG}(%h$_Ovz0-Jv(AAs#Kk&L>jxQkj9HKq3k+NaLazbx|bvyA0@mJ#i zUS$*%5p8H#jJKK!{mC~WekDKG3QUd72<>2VrZ^kDW1WlMY^QHxe41TSZu@)%zTzTPvsAmLykJIYkzHLu zYED6ARgpcXvZUN+Cw2B#bxw9l6Nh)`V_VtT*)&iiyS%8N(k?A2FS5ObcE5i80>=}( zg$A;^1VRHBQhxRXnszVtIDbehYFJe@ucETBj~)0X?OaHpUeA#s0blR?Lt=jGu&}gZ zPEomet~K7-Gb}G~IV-)MbA9%qK!cp&9_N-^Us%!n;FMm^O^ztKrKYIdS7evhl+7rr z44lqw;Bo2?*q=}~t)Qm5xTw6k#8*)5PHj#>*)(6VimNMT>j8lS1CEDA7L=A&sE%D$ zR8~>Bz*#eRLVY{QTb1nOm zh(O`c2_EN{VgGV|7(UxH@r~HmMjf~d8t<)&?`GFjm6Xr2Ru%GpK2LO83l^wC;9Vk3QWqo!MjBxh3goc3Nhi^xgqyOnANE-q+o`|Mb4c&cC$T z-TVJ#8##|o$P9QUei72ZTg81g|MN+`oS4anov$Z%a>m~{u7TNc=Y<=4bu#H-MJw3g z%%(@q1UA$?xYOLSo#s>8wF?%WdwkoOE$iI#ko4)|2fbCFE`BK4v8PPx!~@Kk2tLZD z{kg5Hbs|2y|E_Zf?$xfm0h|*OdPSox3&Z$K?f%nUQ4RyY+to7J|ZB^4ePE5@bXJJi; zhz-lnZoaFoc5U7AO?7Mc2G-U@c${bE9!b)UUwsVRIsWb(1d9R-<~KXU!fGt2kdLkHU4nyc>RJ1uWZb*A6;xijN- zZ^W4uj|XS%E_`6|?LLo_, 2011, 2012. +# Wylmer Wang , 2011, 2012, 2013. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.6b4\n" +"Project-Id-Version: sudoers 1.8.7b2\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-21 18:27+0800\n" +"POT-Creation-Date: 2013-04-17 15:52-0400\n" +"PO-Revision-Date: 2013-04-20 20:22+0800\n" "Last-Translator: Wylmer Wang \n" "Language-Team: Chinese (simplified) \n" "Language: zh_CN\n" @@ -16,50 +16,57 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -#: gram.y:112 -#, c-format -msgid ">>> %s: %s near line %d <<<" -msgstr ">>> %s:%s 在行 %d 附近<<<" +#: confstr.sh:2 +msgid "Password:" +msgstr "密码:" + +#: confstr.sh:3 +msgid "*** SECURITY information for %h ***" +msgstr "*** %h 安全信息 ***" + +#: confstr.sh:4 +msgid "Sorry, try again." +msgstr "对不起,请重试。" -#: plugins/sudoers/alias.c:125 +#: plugins/sudoers/alias.c:124 #, c-format msgid "Alias `%s' already defined" msgstr "别名“%s”已定义" -#: plugins/sudoers/auth/bsdauth.c:78 +#: plugins/sudoers/auth/bsdauth.c:77 #, c-format msgid "unable to get login class for user %s" msgstr "无法获取用户 %s 的登录类别(login class)" -#: plugins/sudoers/auth/bsdauth.c:84 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "unable to begin bsd authentication" msgstr "无法开始 bsd 认证" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:91 msgid "invalid authentication type" msgstr "无效的认证类型" -#: plugins/sudoers/auth/bsdauth.c:101 +#: plugins/sudoers/auth/bsdauth.c:100 msgid "unable to setup authentication" msgstr "无法设置认证" -#: plugins/sudoers/auth/fwtk.c:60 +#: plugins/sudoers/auth/fwtk.c:59 #, c-format msgid "unable to read fwtk config" msgstr "无法读取 fwtk 配置" -#: plugins/sudoers/auth/fwtk.c:65 +#: plugins/sudoers/auth/fwtk.c:64 #, c-format msgid "unable to connect to authentication server" msgstr "无法连接到认证服务器" -#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95 -#: plugins/sudoers/auth/fwtk.c:128 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:127 #, c-format msgid "lost connection to authentication server" msgstr "丢失了到认证服务器的连接" -#: plugins/sudoers/auth/fwtk.c:75 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -68,147 +75,152 @@ msgstr "" "认证服务器错误:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:117 +#: plugins/sudoers/auth/kerb5.c:116 #, c-format -msgid "%s: unable to unparse princ ('%s'): %s" -msgstr "%s:无法解析 princ(“%s”):%s" +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s:无法将主体(principal)转换为字符串(“%s”):%s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:159 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s:无法解析“%s”:%s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format -msgid "%s: unable to resolve ccache: %s" -msgstr "%s:无法解析 ccache:%s" +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s:无法解析凭据缓存:%s" -#: plugins/sudoers/auth/kerb5.c:218 +#: plugins/sudoers/auth/kerb5.c:217 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s:无法分配选项:%s" -#: plugins/sudoers/auth/kerb5.c:234 +#: plugins/sudoers/auth/kerb5.c:233 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s:无法获取凭据:%s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:246 #, c-format -msgid "%s: unable to initialize ccache: %s" -msgstr "%s:无法初始化 ccache:%s" +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s:无法初始化凭据缓存:%s" -#: plugins/sudoers/auth/kerb5.c:251 +#: plugins/sudoers/auth/kerb5.c:250 #, c-format -msgid "%s: unable to store cred in ccache: %s" -msgstr "%s:无法在 ccache 中储存凭据:%s" +msgid "%s: unable to store credential in cache: %s" +msgstr "%s:无法在缓存中储存凭据:%s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s:无法获取主机主体(principal):%s" -#: plugins/sudoers/auth/kerb5.c:331 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s:无法验证目标!可能遭到了攻击!:%s" -#: plugins/sudoers/auth/pam.c:100 +#: plugins/sudoers/auth/pam.c:105 msgid "unable to initialize PAM" msgstr "无法初始化 PAM" -#: plugins/sudoers/auth/pam.c:144 +#: plugins/sudoers/auth/pam.c:150 msgid "account validation failure, is your account locked?" msgstr "账户验证失败,您的账户是不是上锁了?" -#: plugins/sudoers/auth/pam.c:148 +#: plugins/sudoers/auth/pam.c:154 msgid "Account or password is expired, reset your password and try again" msgstr "账户或密码过期,重置您的密码并重试" -#: plugins/sudoers/auth/pam.c:155 +#: plugins/sudoers/auth/pam.c:162 #, c-format -msgid "pam_chauthtok: %s" -msgstr "pam_chauthtok:%s" +msgid "unable to change expired password: %s" +msgstr "无法更改过期的密码:%s" -#: plugins/sudoers/auth/pam.c:159 +#: plugins/sudoers/auth/pam.c:167 msgid "Password expired, contact your system administrator" msgstr "密码过期,联系您的系统管理员" -#: plugins/sudoers/auth/pam.c:163 +#: plugins/sudoers/auth/pam.c:171 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "账户过期,或 PAM 配置缺少 sudo 使用的“account”节,联系您的系统管理员" -#: plugins/sudoers/auth/pam.c:180 +#: plugins/sudoers/auth/pam.c:188 #, c-format -msgid "pam_authenticate: %s" -msgstr "pam_authenticate:%s" +msgid "PAM authentication error: %s" +msgstr "PAM 认证出错:%s" -#: plugins/sudoers/auth/pam.c:332 -msgid "Password: " -msgstr "密码:" - -#: plugins/sudoers/auth/pam.c:333 -msgid "Password:" -msgstr "密码:" +#: plugins/sudoers/auth/pam.c:247 +#, c-format +msgid "unable to establish credentials: %s" +msgstr "无法建立凭据:%s" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220 +#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212 #, c-format msgid "you do not exist in the %s database" msgstr "%s 数据库中没有您" -#: plugins/sudoers/auth/securid5.c:81 +#: plugins/sudoers/auth/securid5.c:80 #, c-format msgid "failed to initialise the ACE API library" msgstr "初始化 ACE API 库失败" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:106 #, c-format msgid "unable to contact the SecurID server" msgstr "无法联络 SecurID 服务器" -#: plugins/sudoers/auth/securid5.c:116 +#: plugins/sudoers/auth/securid5.c:115 #, c-format msgid "User ID locked for SecurID Authentication" msgstr "为进行 SecurID 认证,已锁定用户 ID" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 #, c-format msgid "invalid username length for SecurID" msgstr "SecurID 的用户名长度无效" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 #, c-format msgid "invalid Authentication Handle for SecurID" msgstr "SecurID 的认证句柄无效" -#: plugins/sudoers/auth/securid5.c:128 +#: plugins/sudoers/auth/securid5.c:127 #, c-format msgid "SecurID communication failed" msgstr "SecurID 通讯失败" -#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214 #, c-format msgid "unknown SecurID error" msgstr "未知的 SecurID 错误" -#: plugins/sudoers/auth/securid5.c:166 +#: plugins/sudoers/auth/securid5.c:165 #, c-format msgid "invalid passcode length for SecurID" msgstr "无效的 SecurID 密码长度" -#: plugins/sudoers/auth/sia.c:109 +#: plugins/sudoers/auth/sia.c:108 msgid "unable to initialize SIA session" msgstr "无法初始化 SIA 会话" -#: plugins/sudoers/auth/sudo_auth.c:121 -msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication." -msgstr "编译进 sudo 的认证方法无效!您可能混用了独立和非独立认证。" +#: plugins/sudoers/auth/sudo_auth.c:119 +msgid "invalid authentication methods" +msgstr "无效的认证方法" + +#: plugins/sudoers/auth/sudo_auth.c:120 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "编译进 sudo 的认证方法无效!您不能混用独立和非独立认证。" + +#: plugins/sudoers/auth/sudo_auth.c:203 +msgid "no authentication methods" +msgstr "无认证方法" -#: plugins/sudoers/auth/sudo_auth.c:206 +#: plugins/sudoers/auth/sudo_auth.c:205 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "sudo 编译时没有加入任何认证方法!如果您想关闭认证,使用 --disable-authentication 配置选项。" -#: plugins/sudoers/auth/sudo_auth.c:374 +#: plugins/sudoers/auth/sudo_auth.c:389 msgid "Authentication methods:" msgstr "认证方法:" @@ -224,10 +236,10 @@ msgstr "getaudit:失败" msgid "Could not determine audit condition" msgstr "无法确定审核条件" -#: plugins/sudoers/bsm_audit.c:101 +#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160 #, c-format -msgid "getauid failed" -msgstr "getauid 失败" +msgid "getauid: failed" +msgstr "getauid:失败" #: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162 #, c-format @@ -254,108 +266,40 @@ msgstr "au_to_return32:失败" msgid "unable to commit audit record" msgstr "无法提交审核记录" -#: plugins/sudoers/bsm_audit.c:160 -#, c-format -msgid "getauid: failed" -msgstr "getauid:失败" - #: plugins/sudoers/bsm_audit.c:183 #, c-format msgid "au_to_text: failed" msgstr "au_to_text:失败" -#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172 -#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355 -#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974 -#: plugins/sudoers/visudo.c:818 -#, c-format -msgid "unable to open %s" -msgstr "无法打开 %s" - -#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229 -#, c-format -msgid "unable to write to %s" -msgstr "无法写入 %s" - -#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512 -#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123 -#: plugins/sudoers/iolog.c:156 -#, c-format -msgid "unable to mkdir %s" -msgstr "无法创建目录 %s" - -#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289 -#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395 -#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82 -#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677 -#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253 -#, c-format -msgid "internal error, %s overflow" -msgstr "内部错误,%s 溢出" - -#: plugins/sudoers/check.c:460 -#, c-format -msgid "timestamp path too long: %s" -msgstr "时间戳路径过长:%s" - -#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535 -#: plugins/sudoers/iolog.c:158 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s 存在,但不是目录(0%o)" - -#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538 -#: plugins/sudoers/check.c:583 -#, c-format -msgid "%s owned by uid %u, should be uid %u" -msgstr "%s 属于用户 ID %u,应为用户 ID %u" - -#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0700" -msgstr "%s 对非所有者可写(0%o),模式应该为 0700" - -#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551 -#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003 -#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584 -#, c-format -msgid "unable to stat %s" -msgstr "无法 stat %s" - -#: plugins/sudoers/check.c:577 -#, c-format -msgid "%s exists but is not a regular file (0%o)" -msgstr "%s 存在,但不是常规文件(0%o)" - -#: plugins/sudoers/check.c:589 -#, c-format -msgid "%s writable by non-owner (0%o), should be mode 0600" -msgstr "%s 对非所有者可写(0%o),模式应该为 0600" - -#: plugins/sudoers/check.c:643 -#, c-format -msgid "timestamp too far in the future: %20.20s" -msgstr "时间戳太超前:%20.20s" - -#: plugins/sudoers/check.c:690 -#, c-format -msgid "unable to remove %s (%s), will reset to the epoch" -msgstr "无法移除 %s (%s),将重设为戳记" - -#: plugins/sudoers/check.c:698 -#, c-format -msgid "unable to reset %s to the epoch" -msgstr "无法将 %s 重设为戳记" +#: plugins/sudoers/check.c:189 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"我们信任您已经从系统管理员那里了解了一般的注意事项。\n" +"总结起来一般有三项:\n" +"\n" +" #1) 尊重别人的隐私。\n" +" #2) 输入前要思考(后果和风险)。\n" +" #3) 权力越大,风险越大。\n" +"\n" -#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764 -#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855 +#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233 +#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566 #, c-format msgid "unknown uid: %u" msgstr "未知的用户 ID:%u" -#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225 -#: plugins/sudoers/testsudoers.c:369 +#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635 +#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:359 #, c-format msgid "unknown user: %s" msgstr "未知用户:%s" @@ -721,187 +665,201 @@ msgstr "允许权限的集合" msgid "Set of limit privileges" msgstr "限制权限的集合" -#: plugins/sudoers/defaults.c:208 +#: plugins/sudoers/def_data.c:355 +msgid "Run commands on a pty in the background" +msgstr "在后台的伪终端上运行命令" + +#: plugins/sudoers/def_data.c:359 +msgid "Create a new PAM session for the command to run in" +msgstr "创建一个新的 PAM 会话来运行该命令" + +#: plugins/sudoers/def_data.c:363 +msgid "Maximum I/O log sequence number" +msgstr "最大 I/O 日志序列号" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587 #, c-format msgid "unknown defaults entry `%s'" msgstr "未知的默认条目“%s”" -#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226 -#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259 -#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285 -#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318 -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225 +#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258 +#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284 +#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "value `%s' is invalid for option `%s'" msgstr "值“%s”对选项“%s”无效" -#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229 -#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254 -#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280 -#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313 -#: plugins/sudoers/defaults.c:324 +#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228 +#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253 +#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279 +#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:323 #, c-format msgid "no value specified for `%s'" msgstr "没有给“%s”指定值" -#: plugins/sudoers/defaults.c:242 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "values for `%s' must start with a '/'" msgstr "“%s”的值必须以“/”开头" -#: plugins/sudoers/defaults.c:304 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "option `%s' does not take a value" msgstr "“%s”选项不带值" +#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293 +#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427 +#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654 +#: plugins/sudoers/testsudoers.c:243 +#, c-format +msgid "internal error, %s overflow" +msgstr "内部错误,%s 溢出" + #: plugins/sudoers/env.c:367 #, c-format msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv:envp 损坏,长度不符" -#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448 -#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167 -#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983 -#, c-format -msgid "unable to allocate memory" -msgstr "无法分配内存" - -#: plugins/sudoers/env.c:992 +#: plugins/sudoers/env.c:1012 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "对不起,您无权设置以下环境变量:%s" -#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108 -#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125 -#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883 -#, c-format -msgid "%s: %s" -msgstr "%s:%s" - -#: plugins/sudoers/group_plugin.c:91 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s:%s" - -#: plugins/sudoers/group_plugin.c:103 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "%s must be owned by uid %d" msgstr "%s 必须属于用户 ID %d" -#: plugins/sudoers/group_plugin.c:107 +#: plugins/sudoers/group_plugin.c:106 #, c-format msgid "%s must only be writable by owner" msgstr "%s 必须只对所有者可写" -#: plugins/sudoers/group_plugin.c:114 +#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256 #, c-format msgid "unable to dlopen %s: %s" msgstr "无法执行 dlopen %s:%s" -#: plugins/sudoers/group_plugin.c:119 +#: plugins/sudoers/group_plugin.c:118 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "无法在 %s 中找到符号“group_plugin”" -#: plugins/sudoers/group_plugin.c:124 +#: plugins/sudoers/group_plugin.c:123 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s:不兼容的组插件主版本号 %d,应为 %d" -#: plugins/sudoers/interfaces.c:112 +#: plugins/sudoers/interfaces.c:119 msgid "Local IP address and netmask pairs:\n" msgstr "本地 IP 地址和网络掩码对:\n" -#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144 +#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s 存在,但不是目录(0%o)" + +#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155 +#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165 +#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271 +#, c-format +msgid "unable to mkdir %s" +msgstr "无法创建目录 %s" + +#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708 +#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815 +#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155 +#: plugins/sudoers/visudo.c:809 +#, c-format +msgid "unable to open %s" +msgstr "无法打开 %s" + +#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711 #, c-format msgid "unable to read %s" msgstr "无法读取 %s" -#: plugins/sudoers/iolog.c:208 +#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159 #, c-format -msgid "invalid sequence number %s" -msgstr "无效的序列号:%s" +msgid "unable to write to %s" +msgstr "无法写入 %s" -#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261 -#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531 -#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545 -#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:569 +#: plugins/sudoers/iolog.c:334 #, c-format msgid "unable to create %s" msgstr "无法创建 %s" -#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382 -#, c-format -msgid "unable to set locale to \"%s\", using \"C\"" -msgstr "无法将区域设置为“%s”,将使用“C”" - -#: plugins/sudoers/ldap.c:387 +#: plugins/sudoers/ldap.c:385 #, c-format msgid "sudo_ldap_conf_add_ports: port too large" msgstr "sudo_ldap_conf_add_ports:端口太大" -#: plugins/sudoers/ldap.c:410 +#: plugins/sudoers/ldap.c:408 #, c-format msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" msgstr "sudo_ldap_conf_add_ports:扩展主机缓存时空间不足" -#: plugins/sudoers/ldap.c:440 +#: plugins/sudoers/ldap.c:438 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "不支持的 LDAP URI 类型:%s" -#: plugins/sudoers/ldap.c:469 +#: plugins/sudoers/ldap.c:467 #, c-format msgid "invalid uri: %s" msgstr "无效的 URI:%s" -#: plugins/sudoers/ldap.c:475 +#: plugins/sudoers/ldap.c:473 #, c-format msgid "unable to mix ldap and ldaps URIs" msgstr "无法混合 ldap 和 ldaps URI" -#: plugins/sudoers/ldap.c:479 +#: plugins/sudoers/ldap.c:477 #, c-format msgid "unable to mix ldaps and starttls" msgstr "无法混合 ldaps 和 starttls" -#: plugins/sudoers/ldap.c:498 +#: plugins/sudoers/ldap.c:496 #, c-format msgid "sudo_ldap_parse_uri: out of space building hostbuf" msgstr "sudo_ldap_parse_uri:构建主机缓存时空间不足" -#: plugins/sudoers/ldap.c:572 +#: plugins/sudoers/ldap.c:570 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "无法初始化 SSL 证书和密钥数据库:%s" -#: plugins/sudoers/ldap.c:575 +#: plugins/sudoers/ldap.c:573 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "要使用 SSL,您必须在 %s 中设置 TLS_CERT" -#: plugins/sudoers/ldap.c:992 +#: plugins/sudoers/ldap.c:1062 #, c-format msgid "unable to get GMT time" msgstr "无法获取 GMT 时间" -#: plugins/sudoers/ldap.c:998 +#: plugins/sudoers/ldap.c:1068 #, c-format msgid "unable to format timestamp" msgstr "无法格式化时间戳" -#: plugins/sudoers/ldap.c:1006 +#: plugins/sudoers/ldap.c:1076 #, c-format msgid "unable to build time filter" msgstr "无法构建时间过滤器" -#: plugins/sudoers/ldap.c:1225 +#: plugins/sudoers/ldap.c:1295 #, c-format msgid "sudo_ldap_build_pass1 allocation mismatch" msgstr "sudo_ldap_build_pass1 分配不匹配" -#: plugins/sudoers/ldap.c:1761 +#: plugins/sudoers/ldap.c:1842 #, c-format msgid "" "\n" @@ -910,7 +868,7 @@ msgstr "" "\n" "LDAP 角色:%s\n" -#: plugins/sudoers/ldap.c:1763 +#: plugins/sudoers/ldap.c:1844 #, c-format msgid "" "\n" @@ -919,27 +877,28 @@ msgstr "" "\n" "LDAP 角色:未知\n" -#: plugins/sudoers/ldap.c:1810 +#: plugins/sudoers/ldap.c:1891 #, c-format msgid " Order: %s\n" msgstr " 顺序:%s\n" -#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168 +#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515 +#: plugins/sudoers/sssd.c:1242 #, c-format msgid " Commands:\n" msgstr " 命令:\n" -#: plugins/sudoers/ldap.c:2240 +#: plugins/sudoers/ldap.c:2321 #, c-format msgid "unable to initialize LDAP: %s" msgstr "无法初始化 LDAP:%s" -#: plugins/sudoers/ldap.c:2274 +#: plugins/sudoers/ldap.c:2355 #, c-format msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "指定了 start_tls,但 LDAP 库不支持 ldap_start_tls_s() 或 ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:2510 +#: plugins/sudoers/ldap.c:2591 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "无效的 sudoOrder 属性:%s" @@ -954,64 +913,75 @@ msgstr "无法打开审核系统" msgid "unable to send audit message" msgstr "无法发送审核消息" -#: plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:140 +#, c-format +msgid "%8s : %s" +msgstr "%8s:%s" + +#: plugins/sudoers/logging.c:168 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s:(命令继续执行) %s" + +#: plugins/sudoers/logging.c:194 #, c-format msgid "unable to open log file: %s: %s" msgstr "无法打开日志文件:%s:%s" -#: plugins/sudoers/logging.c:205 +#: plugins/sudoers/logging.c:197 #, c-format msgid "unable to lock log file: %s: %s" msgstr "无法锁定日志文件:%s:%s" -#: plugins/sudoers/logging.c:260 +#: plugins/sudoers/logging.c:245 +msgid "No user or host" +msgstr "无用户或主机" + +#: plugins/sudoers/logging.c:247 +msgid "validation failure" +msgstr "校验失败" + +#: plugins/sudoers/logging.c:254 msgid "user NOT in sudoers" msgstr "用户不在 sudoers 中" -#: plugins/sudoers/logging.c:262 +#: plugins/sudoers/logging.c:256 msgid "user NOT authorized on host" msgstr "用户未获得此主机上的授权" -#: plugins/sudoers/logging.c:264 +#: plugins/sudoers/logging.c:258 msgid "command not allowed" msgstr "命令禁止使用" -#: plugins/sudoers/logging.c:274 +#: plugins/sudoers/logging.c:288 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s 不在 sudoers 文件中。此事将被报告。\n" -#: plugins/sudoers/logging.c:277 +#: plugins/sudoers/logging.c:291 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s 无权在 %s 上运行 sudo。此事将被报告。\n" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:295 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "对不起,用户 %s 不能在 %s 上运行 sudo。\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:298 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "对不起,用户 %1$s 无权以 %5$s%6$s%7$s 的身份在 %8$s 上执行 %2$s%3$s%4$s。\n" -#: plugins/sudoers/logging.c:317 -msgid "No user or host" -msgstr "无用户或主机" - -#: plugins/sudoers/logging.c:319 -msgid "validation failure" -msgstr "校验失败" - -#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502 -#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539 -#: plugins/sudoers/sudoers.c:1540 +#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386 +#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoers.c:1002 #, c-format msgid "%s: command not found" msgstr "%s:找不到命令" -#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499 +#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379 #, c-format msgid "" "ignoring `%s' found in '.'\n" @@ -1020,61 +990,76 @@ msgstr "" "忽略在“.”中找到的“%s”\n" "请使用“sudo ./%s”,如果这是您想运行的“%s”。" -#: plugins/sudoers/logging.c:352 +#: plugins/sudoers/logging.c:353 msgid "authentication failure" msgstr "认证失败" -#: plugins/sudoers/logging.c:376 +#: plugins/sudoers/logging.c:379 +msgid "a password is required" +msgstr "需要密码" + +#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487 #, c-format msgid "%d incorrect password attempt" msgid_plural "%d incorrect password attempts" msgstr[0] "%d 次错误密码尝试" -#: plugins/sudoers/logging.c:379 -msgid "a password is required" -msgstr "需要密码" - -#: plugins/sudoers/logging.c:530 +#: plugins/sudoers/logging.c:566 #, c-format msgid "unable to fork" msgstr "无法执行 fork" -#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629 #, c-format msgid "unable to fork: %m" msgstr "无法执行 fork:%m" -#: plugins/sudoers/logging.c:589 +#: plugins/sudoers/logging.c:619 #, c-format msgid "unable to open pipe: %m" msgstr "无法打开管道:%m" -#: plugins/sudoers/logging.c:614 +#: plugins/sudoers/logging.c:644 #, c-format msgid "unable to dup stdin: %m" msgstr "无法 dup stdin:%m" -#: plugins/sudoers/logging.c:650 +#: plugins/sudoers/logging.c:680 #, c-format msgid "unable to execute %s: %m" msgstr "无法执行 %s:%m" -#: plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:899 #, c-format msgid "internal error: insufficient space for log line" msgstr "内部错误:没有足够的空间存放日志行" -#: plugins/sudoers/parse.c:123 +#: plugins/sudoers/match.c:631 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "%2$s 的摘要类型 %1$d 不支持" + +#: plugins/sudoers/match.c:661 +#, c-format +msgid "%s: read error" +msgstr "%s:写错误" + +#: plugins/sudoers/match.c:670 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "%s(%s) 的摘要不是 %s 形式" + +#: plugins/sudoers/parse.c:124 #, c-format msgid "parse error in %s near line %d" msgstr "%s 中第 %d 行附近有解析错误" -#: plugins/sudoers/parse.c:126 +#: plugins/sudoers/parse.c:127 #, c-format msgid "parse error in %s" msgstr "%s 中出现解析错误" -#: plugins/sudoers/parse.c:414 +#: plugins/sudoers/parse.c:462 #, c-format msgid "" "\n" @@ -1083,386 +1068,380 @@ msgstr "" "\n" "Sudoers 条目:\n" -#: plugins/sudoers/parse.c:416 +#: plugins/sudoers/parse.c:463 #, c-format msgid " RunAsUsers: " msgstr " RunAs 用户:" -#: plugins/sudoers/parse.c:431 +#: plugins/sudoers/parse.c:477 #, c-format msgid " RunAsGroups: " msgstr " RunAs 组:" -#: plugins/sudoers/parse.c:440 +#: plugins/sudoers/parse.c:486 +#, c-format +msgid " Options: " +msgstr " 选项:" + +#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to execute %s" +msgstr "无法执行 %s" + +#: plugins/sudoers/policy.c:659 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "Sudoers 策略插件版本 %s\n" + +#: plugins/sudoers/policy.c:661 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "Sudoers 文件语法版本 %d\n" + +#: plugins/sudoers/policy.c:665 #, c-format msgid "" -" Commands:\n" -"\t" +"\n" +"Sudoers path: %s\n" msgstr "" -" 命令:\n" -"\t" +"\n" +"Sudoers 路径:%s\n" -#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105 -msgid ": " -msgstr ":" +#: plugins/sudoers/policy.c:668 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "nsswitch 路径:%s\n" -#: plugins/sudoers/pwutil.c:278 +#: plugins/sudoers/policy.c:670 #, c-format -msgid "unable to cache uid %u (%s), already exists" -msgstr "无法缓存用户 ID %u(%s),已存在" +msgid "ldap.conf path: %s\n" +msgstr "ldap.conf 路径:%s\n" -#: plugins/sudoers/pwutil.c:286 +#: plugins/sudoers/policy.c:671 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "ldap.secret 路径:%s\n" + +#: plugins/sudoers/pwutil.c:148 #, c-format msgid "unable to cache uid %u, already exists" msgstr "无法缓存用户 ID %u,已存在" -#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331 +#: plugins/sudoers/pwutil.c:190 #, c-format msgid "unable to cache user %s, already exists" msgstr "无法缓存用户 %s,已存在" -#: plugins/sudoers/pwutil.c:668 -#, c-format -msgid "unable to cache gid %u (%s), already exists" -msgstr "无法缓存组 ID %u(%s),已存在" - -#: plugins/sudoers/pwutil.c:676 +#: plugins/sudoers/pwutil.c:374 #, c-format msgid "unable to cache gid %u, already exists" msgstr "无法缓存组 ID %u,已存在" -#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715 +#: plugins/sudoers/pwutil.c:410 #, c-format msgid "unable to cache group %s, already exists" msgstr "无法缓存组 %s,已存在" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436 -#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114 -#: plugins/sudoers/set_perms.c:1396 +#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "无法缓存组列表 %s,已存在" + +#: plugins/sudoers/pwutil.c:584 +#, c-format +msgid "unable to parse groups for %s" +msgstr "无法对 %s 解析组" + +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141 +#: plugins/sudoers/set_perms.c:1431 msgid "perm stack overflow" msgstr "权限堆栈上溢" -#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444 -#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122 -#: plugins/sudoers/set_perms.c:1404 +#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453 +#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149 +#: plugins/sudoers/set_perms.c:1439 msgid "perm stack underflow" msgstr "权限堆栈下溢" -#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580 -#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243 +#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500 +#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471 +msgid "unable to change to root gid" +msgstr "无法切换为 root 组 ID" + +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277 msgid "unable to change to runas gid" msgstr "无法切换为 runas 组 ID" -#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253 +#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609 +#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287 msgid "unable to change to runas uid" msgstr "无法切换为 runas 用户 ID" -#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269 +#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303 msgid "unable to change to sudoers gid" msgstr "无法切换为 sudoers 组 ID" -#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681 -#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315 -#: plugins/sudoers/set_perms.c:1474 +#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349 +#: plugins/sudoers/set_perms.c:1515 msgid "too many processes" msgstr "进程过多" -#: plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:1583 msgid "unable to set runas group vector" msgstr "无法设置 runas 组向量" -#: plugins/sudoers/sssd.c:251 +#: plugins/sudoers/sssd.c:257 #, c-format -msgid "Unable to dlopen %s: %s" -msgstr "无法执行 dlopen %s:%s" - -#: plugins/sudoers/sssd.c:252 -#, c-format -msgid "Unable to initialize SSS source. Is SSSD installed on your machine?" +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "无法初始化 SSS 资源。您的计算机上安装 SSSD 了吗?" -#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266 -#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:287 +#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285 +#: plugins/sudoers/sssd.c:292 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "无法在 %s 中找到符号“%s”" -#: plugins/sudoers/sudo_nss.c:267 +#: plugins/sudoers/sudo_nss.c:283 #, c-format msgid "Matching Defaults entries for %s on this host:\n" msgstr "匹配此主机上 %s 的默认条目:\n" -#: plugins/sudoers/sudo_nss.c:280 +#: plugins/sudoers/sudo_nss.c:296 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "%s Runas 和命令特定的默认值:\n" -#: plugins/sudoers/sudo_nss.c:293 +#: plugins/sudoers/sudo_nss.c:309 #, c-format msgid "User %s may run the following commands on this host:\n" msgstr "用户 %s 可以在该主机上运行以下命令:\n" -#: plugins/sudoers/sudo_nss.c:302 +#: plugins/sudoers/sudo_nss.c:318 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "用户 %s 无权在 %s 上运行 sudo。\n" -#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243 -#: plugins/sudoers/sudoers.c:953 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193 +#: plugins/sudoers/sudoers.c:673 msgid "problem with defaults entries" msgstr "默认条目有问题" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:165 #, c-format msgid "no valid sudoers sources found, quitting" msgstr "没有找到有效的 sudoers 资源,退出" -#: plugins/sudoers/sudoers.c:268 -#, c-format -msgid "unable to execute %s: %s" -msgstr "无法执行 %s:%s" - -#: plugins/sudoers/sudoers.c:335 +#: plugins/sudoers/sudoers.c:227 #, c-format msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers 指定 root 不允许执行 sudo" -#: plugins/sudoers/sudoers.c:342 +#: plugins/sudoers/sudoers.c:234 #, c-format msgid "you are not permitted to use the -C option" msgstr "您无权使用 -C 选项" -#: plugins/sudoers/sudoers.c:431 +#: plugins/sudoers/sudoers.c:315 #, c-format msgid "timestamp owner (%s): No such user" msgstr "时间戳所有者(%s):无此用户" -#: plugins/sudoers/sudoers.c:447 +#: plugins/sudoers/sudoers.c:329 msgid "no tty" msgstr "无终端" -#: plugins/sudoers/sudoers.c:448 +#: plugins/sudoers/sudoers.c:330 #, c-format msgid "sorry, you must have a tty to run sudo" msgstr "抱歉,您必须拥有一个终端来执行 sudo" -#: plugins/sudoers/sudoers.c:498 +#: plugins/sudoers/sudoers.c:378 msgid "command in current directory" msgstr "当前目录中的命令" -#: plugins/sudoers/sudoers.c:510 +#: plugins/sudoers/sudoers.c:395 #, c-format msgid "sorry, you are not allowed to preserve the environment" msgstr "抱歉,您无权保留环境" -#: plugins/sudoers/sudoers.c:1006 +#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216 +#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576 +#, c-format +msgid "unable to stat %s" +msgstr "无法 stat %s" + +#: plugins/sudoers/sudoers.c:726 #, c-format msgid "%s is not a regular file" msgstr "%s 不是常规文件" -#: plugins/sudoers/sudoers.c:1009 toke.l:846 +#: plugins/sudoers/sudoers.c:729 toke.l:913 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 属于用户 ID %u,应为 %u" -#: plugins/sudoers/sudoers.c:1013 toke.l:853 +#: plugins/sudoers/sudoers.c:733 toke.l:920 #, c-format msgid "%s is world writable" msgstr "%s 可被任何人写" -#: plugins/sudoers/sudoers.c:1016 toke.l:858 +#: plugins/sudoers/sudoers.c:736 toke.l:925 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s 属于组 ID %u,应为 %u" -#: plugins/sudoers/sudoers.c:1043 +#: plugins/sudoers/sudoers.c:763 #, c-format msgid "only root can use `-c %s'" msgstr "只有 root 才能使用“-c %s”" -#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062 +#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782 #, c-format msgid "unknown login class: %s" msgstr "未知的登录类别:%s" -#: plugins/sudoers/sudoers.c:1089 +#: plugins/sudoers/sudoers.c:814 #, c-format msgid "unable to resolve host %s" msgstr "无法解析主机:%s" -#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387 +#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377 #, c-format msgid "unknown group: %s" msgstr "未知组:%s" -#: plugins/sudoers/sudoers.c:1190 -#, c-format -msgid "Sudoers policy plugin version %s\n" -msgstr "Sudoers 策略插件版本 %s\n" - -#: plugins/sudoers/sudoers.c:1192 -#, c-format -msgid "Sudoers file grammar version %d\n" -msgstr "Sudoers 文件语法版本 %d\n" - -#: plugins/sudoers/sudoers.c:1196 -#, c-format -msgid "" -"\n" -"Sudoers path: %s\n" -msgstr "" -"\n" -"Sudoers 路径:%s\n" - -#: plugins/sudoers/sudoers.c:1199 -#, c-format -msgid "nsswitch path: %s\n" -msgstr "nsswitch 路径:%s\n" - -#: plugins/sudoers/sudoers.c:1201 -#, c-format -msgid "ldap.conf path: %s\n" -msgstr "ldap.conf 路径:%s\n" - -#: plugins/sudoers/sudoers.c:1202 -#, c-format -msgid "ldap.secret path: %s\n" -msgstr "ldap.secret 路径:%s\n" - -#: plugins/sudoers/sudoreplay.c:293 +#: plugins/sudoers/sudoreplay.c:292 #, c-format msgid "invalid filter option: %s" msgstr "无效的过滤器选项:%s" -#: plugins/sudoers/sudoreplay.c:306 +#: plugins/sudoers/sudoreplay.c:305 #, c-format msgid "invalid max wait: %s" msgstr "无效的最大等待:%s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:311 #, c-format msgid "invalid speed factor: %s" msgstr "无法的速度系数:%s" -#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187 +#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179 #, c-format msgid "%s version %s\n" msgstr "%s 版本 %s\n" -#: plugins/sudoers/sudoreplay.c:340 +#: plugins/sudoers/sudoreplay.c:339 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/时序:%s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:345 #, c-format msgid "%s/%s/timing: %s" msgstr "%s/%s/时序:%s" -#: plugins/sudoers/sudoreplay.c:364 +#: plugins/sudoers/sudoreplay.c:363 #, c-format msgid "Replaying sudo session: %s\n" msgstr "回放 sudo 会话:%s\n" -#: plugins/sudoers/sudoreplay.c:370 +#: plugins/sudoers/sudoreplay.c:369 #, c-format msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "警告:您的终端尺寸太小,不能正常地回放日志。\n" -#: plugins/sudoers/sudoreplay.c:371 +#: plugins/sudoers/sudoreplay.c:370 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "日志的几何尺寸为 %dx%d,您终端的几何尺寸为 %dx%d。" -#: plugins/sudoers/sudoreplay.c:401 +#: plugins/sudoers/sudoreplay.c:400 #, c-format msgid "unable to set tty to raw mode" msgstr "无法将终端设为原始模式" -#: plugins/sudoers/sudoreplay.c:418 +#: plugins/sudoers/sudoreplay.c:416 #, c-format msgid "invalid timing file line: %s" msgstr "无效的时序文件行:%s" -#: plugins/sudoers/sudoreplay.c:501 +#: plugins/sudoers/sudoreplay.c:499 #, c-format msgid "writing to standard output" msgstr "写入标准输出" -#: plugins/sudoers/sudoreplay.c:530 +#: plugins/sudoers/sudoreplay.c:528 #, c-format msgid "nanosleep: tv_sec %ld, tv_nsec %ld" msgstr "nanosleep:tv_sec %ld,tv_nsec %ld" -#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666 #, c-format msgid "ambiguous expression \"%s\"" msgstr "有歧义的表达式“%s”" -#: plugins/sudoers/sudoreplay.c:685 +#: plugins/sudoers/sudoreplay.c:683 #, c-format msgid "too many parenthesized expressions, max %d" msgstr "括号表达式过多,最多 %d" -#: plugins/sudoers/sudoreplay.c:696 +#: plugins/sudoers/sudoreplay.c:694 #, c-format msgid "unmatched ')' in expression" msgstr "表达式中的“)”不匹配" -#: plugins/sudoers/sudoreplay.c:702 +#: plugins/sudoers/sudoreplay.c:700 #, c-format msgid "unknown search term \"%s\"" msgstr "未知的搜索词“%s”" -#: plugins/sudoers/sudoreplay.c:716 +#: plugins/sudoers/sudoreplay.c:714 #, c-format msgid "%s requires an argument" msgstr "%s 需要参数" -#: plugins/sudoers/sudoreplay.c:720 +#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058 #, c-format msgid "invalid regular expression: %s" msgstr "无效的正则表达式:%s" -#: plugins/sudoers/sudoreplay.c:726 +#: plugins/sudoers/sudoreplay.c:724 #, c-format msgid "could not parse date \"%s\"" msgstr "无法解析日期“%s”" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:737 #, c-format msgid "unmatched '(' in expression" msgstr "表达式中的“(”不匹配" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:739 #, c-format msgid "illegal trailing \"or\"" msgstr "非法的结尾字符“or”" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:741 #, c-format msgid "illegal trailing \"!\"" msgstr "非法的结尾字符“!”" -#: plugins/sudoers/sudoreplay.c:1050 -#, c-format -msgid "invalid regex: %s" -msgstr "无效的正则表达式:%s" - -#: plugins/sudoers/sudoreplay.c:1174 +#: plugins/sudoers/sudoreplay.c:1182 #, c-format msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n" msgstr "用法:%s [-h] [-d 目录] [-m 最长等待] [-s 速度系数] ID\n" -#: plugins/sudoers/sudoreplay.c:1177 +#: plugins/sudoers/sudoreplay.c:1185 #, c-format msgid "usage: %s [-h] [-d directory] -l [search expression]\n" msgstr "用法:%s [-h] [-d 目录] -l [搜索表达式]\n" -#: plugins/sudoers/sudoreplay.c:1186 +#: plugins/sudoers/sudoreplay.c:1194 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1471,7 +1450,7 @@ msgstr "" "%s - 回放 sudo 会话记录\n" "\n" -#: plugins/sudoers/sudoreplay.c:1188 +#: plugins/sudoers/sudoreplay.c:1196 msgid "" "\n" "Options:\n" @@ -1493,11 +1472,11 @@ msgstr "" " -s 速度系数 加速或减慢输出\n" " -V 显示版本信息并退出" -#: plugins/sudoers/testsudoers.c:338 +#: plugins/sudoers/testsudoers.c:328 msgid "\thost unmatched" msgstr "\t主机不匹配" -#: plugins/sudoers/testsudoers.c:341 +#: plugins/sudoers/testsudoers.c:331 msgid "" "\n" "Command allowed" @@ -1505,7 +1484,7 @@ msgstr "" "\n" "命令允许" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command denied" @@ -1513,7 +1492,7 @@ msgstr "" "\n" "命令被拒" -#: plugins/sudoers/testsudoers.c:342 +#: plugins/sudoers/testsudoers.c:332 msgid "" "\n" "Command unmatched" @@ -1521,90 +1500,132 @@ msgstr "" "\n" "命令不匹配" -#: plugins/sudoers/toke_util.c:218 +#: plugins/sudoers/timestamp.c:129 +#, c-format +msgid "timestamp path too long: %s" +msgstr "时间戳路径过长:%s" + +#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247 +#: plugins/sudoers/timestamp.c:292 +#, c-format +msgid "%s owned by uid %u, should be uid %u" +msgstr "%s 属于用户 ID %u,应为用户 ID %u" + +#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0700" +msgstr "%s 对非所有者可写(0%o),模式应该为 0700" + +#: plugins/sudoers/timestamp.c:286 +#, c-format +msgid "%s exists but is not a regular file (0%o)" +msgstr "%s 存在,但不是常规文件(0%o)" + +#: plugins/sudoers/timestamp.c:298 +#, c-format +msgid "%s writable by non-owner (0%o), should be mode 0600" +msgstr "%s 对非所有者可写(0%o),模式应该为 0600" + +#: plugins/sudoers/timestamp.c:353 +#, c-format +msgid "timestamp too far in the future: %20.20s" +msgstr "时间戳太超前:%20.20s" + +#: plugins/sudoers/timestamp.c:407 +#, c-format +msgid "unable to remove %s, will reset to the epoch" +msgstr "无法移除 %s ,将重设为戳记" + +#: plugins/sudoers/timestamp.c:414 +#, c-format +msgid "unable to reset %s to the epoch" +msgstr "无法将 %s 重设为戳记" + +#: plugins/sudoers/toke_util.c:176 +#, c-format msgid "fill_args: buffer overflow" msgstr "fill_args:缓存溢出" -#: plugins/sudoers/visudo.c:188 +#: plugins/sudoers/visudo.c:180 #, c-format msgid "%s grammar version %d\n" msgstr "%s 语法版本 %d\n" -#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533 #, c-format msgid "press return to edit %s: " msgstr "按回车键编辑 %s:" -#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332 #, c-format msgid "write error" msgstr "写错误" -#: plugins/sudoers/visudo.c:423 +#: plugins/sudoers/visudo.c:414 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "无法 stat 临时文件(%s),%s 未更改" -#: plugins/sudoers/visudo.c:428 +#: plugins/sudoers/visudo.c:419 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "零长度的临时文件(%s),%s 未更改" -#: plugins/sudoers/visudo.c:434 +#: plugins/sudoers/visudo.c:425 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "编辑器(%s)失败,%s 未更改" -#: plugins/sudoers/visudo.c:457 +#: plugins/sudoers/visudo.c:448 #, c-format msgid "%s unchanged" msgstr "%s 未更改" -#: plugins/sudoers/visudo.c:486 +#: plugins/sudoers/visudo.c:477 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "无法重新打开临时文件(%s),%s 未更改" -#: plugins/sudoers/visudo.c:496 +#: plugins/sudoers/visudo.c:487 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "无法解析临时文件(%s),未知错误" -#: plugins/sudoers/visudo.c:534 +#: plugins/sudoers/visudo.c:526 #, c-format msgid "internal error, unable to find %s in list!" msgstr "内部错误,在列表中找不到 %s!" -#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595 +#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "无法将 %s 的 (uid, gid) 设为 (%u, %u)" -#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600 +#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592 #, c-format msgid "unable to change mode of %s to 0%o" msgstr "无法将 %s 的模式更改为 0%o" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:609 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s 和 %s 不在同一个文件系统,使用 mv 进行重命名" -#: plugins/sudoers/visudo.c:631 +#: plugins/sudoers/visudo.c:623 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "命令失败:“%s %s %s”,%s 未更改" -#: plugins/sudoers/visudo.c:641 +#: plugins/sudoers/visudo.c:633 #, c-format msgid "error renaming %s, %s unchanged" msgstr "重命名 %s 出错,%s 未更改" -#: plugins/sudoers/visudo.c:704 +#: plugins/sudoers/visudo.c:695 msgid "What now? " msgstr "现在做什么?" -#: plugins/sudoers/visudo.c:718 +#: plugins/sudoers/visudo.c:709 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1616,92 +1637,87 @@ msgstr "" " 退出,不保存对 sudoers 文件的更改(x)\n" " 退出并将更改保存到 sudoers 文件(危险!)(Q)\n" -#: plugins/sudoers/visudo.c:759 -#, c-format -msgid "unable to execute %s" -msgstr "无法执行 %s" - -#: plugins/sudoers/visudo.c:766 +#: plugins/sudoers/visudo.c:757 #, c-format msgid "unable to run %s" msgstr "无法运行 %s" -#: plugins/sudoers/visudo.c:792 +#: plugins/sudoers/visudo.c:783 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s:错误的所有者(uid, gid),应为 (%u, %u)\n" -#: plugins/sudoers/visudo.c:799 +#: plugins/sudoers/visudo.c:790 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s:权限不正确,模式应该是 0%o\n" -#: plugins/sudoers/visudo.c:824 +#: plugins/sudoers/visudo.c:815 #, c-format msgid "failed to parse %s file, unknown error" msgstr "解析 %s 文件失败,未知错误" -#: plugins/sudoers/visudo.c:837 +#: plugins/sudoers/visudo.c:831 #, c-format msgid "parse error in %s near line %d\n" msgstr "%s 中第 %d 行附近出现解析错误\n" -#: plugins/sudoers/visudo.c:840 +#: plugins/sudoers/visudo.c:834 #, c-format msgid "parse error in %s\n" msgstr "%s 中出现解析错误\n" -#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852 +#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846 #, c-format msgid "%s: parsed OK\n" msgstr "%s:解析正确\n" -#: plugins/sudoers/visudo.c:899 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s busy, try again later" msgstr "%s 忙,请稍后重试" -#: plugins/sudoers/visudo.c:943 +#: plugins/sudoers/visudo.c:937 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "指定的编辑器(%s)不存在" -#: plugins/sudoers/visudo.c:966 +#: plugins/sudoers/visudo.c:960 #, c-format msgid "unable to stat editor (%s)" msgstr "无法 stat 编辑器(%s)" -#: plugins/sudoers/visudo.c:1014 +#: plugins/sudoers/visudo.c:1008 #, c-format msgid "no editor found (editor path = %s)" msgstr "未找到编辑器(编辑器路径 = %s)" -#: plugins/sudoers/visudo.c:1108 +#: plugins/sudoers/visudo.c:1100 #, c-format msgid "Error: cycle in %s_Alias `%s'" msgstr "错误:在 %s_Alias “%s”中循环" -#: plugins/sudoers/visudo.c:1109 +#: plugins/sudoers/visudo.c:1101 #, c-format msgid "Warning: cycle in %s_Alias `%s'" msgstr "警告:在 %s_Alias “%s”中循环" -#: plugins/sudoers/visudo.c:1112 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Error: %s_Alias `%s' referenced but not defined" msgstr "错误:引用了 %s_Alias “%s”但尚未定义" -#: plugins/sudoers/visudo.c:1113 +#: plugins/sudoers/visudo.c:1105 #, c-format msgid "Warning: %s_Alias `%s' referenced but not defined" msgstr "警告:引用了 %s_Alias “%s”但尚未定义" -#: plugins/sudoers/visudo.c:1248 +#: plugins/sudoers/visudo.c:1240 #, c-format msgid "%s: unused %s_Alias %s" msgstr "%s:未使用的 %s_Alias %s" -#: plugins/sudoers/visudo.c:1304 +#: plugins/sudoers/visudo.c:1302 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -1710,7 +1726,7 @@ msgstr "" "%s - 安全地编辑 sudoers 文件\n" "\n" -#: plugins/sudoers/visudo.c:1306 +#: plugins/sudoers/visudo.c:1304 msgid "" "\n" "Options:\n" @@ -1730,10 +1746,59 @@ msgstr "" " -s 严格语法检查\n" " -V 显示版本信息并退出" -#: toke.l:820 +#: toke.l:886 msgid "too many levels of includes" msgstr "include 嵌套层数过多" +#~ msgid "pam_chauthtok: %s" +#~ msgstr "pam_chauthtok:%s" + +#~ msgid "pam_authenticate: %s" +#~ msgstr "pam_authenticate:%s" + +#~ msgid "Password: " +#~ msgstr "密码:" + +#~ msgid "getauid failed" +#~ msgstr "getauid 失败" + +#~ msgid "Unable to dlopen %s: %s" +#~ msgstr "无法执行 dlopen %s:%s" + +#~ msgid "invalid regex: %s" +#~ msgstr "无效的正则表达式:%s" + +#~ msgid ">>> %s: %s near line %d <<<" +#~ msgstr ">>> %s:%s 在行 %d 附近<<<" + +#~ msgid "unable to allocate memory" +#~ msgstr "无法分配内存" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s:%s" + +#~ msgid "unable to set locale to \"%s\", using \"C\"" +#~ msgstr "无法将区域设置为“%s”,将使用“C”" + +#~ msgid "" +#~ " Commands:\n" +#~ "\t" +#~ msgstr "" +#~ " 命令:\n" +#~ "\t" + +#~ msgid ": " +#~ msgstr ":" + +#~ msgid "unable to cache uid %u (%s), already exists" +#~ msgstr "无法缓存用户 ID %u(%s),已存在" + +#~ msgid "unable to cache gid %u (%s), already exists" +#~ msgstr "无法缓存组 ID %u(%s),已存在" + +#~ msgid "unable to execute %s: %s" +#~ msgstr "无法执行 %s:%s" + #~ msgid "internal error, expand_prompt() overflow" #~ msgstr "内部错误,expand_prompt() 溢出" @@ -1762,9 +1827,6 @@ msgstr "include 嵌套层数过多" #~ msgid "set group on %s" #~ msgstr "对 %s 设置组" -#~ msgid "unable to set group on %s" -#~ msgstr "无法对 %s 设置组" - #~ msgid "unable to fix mode on %s" #~ msgstr "无法对 %s 修正模式" diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c new file mode 100644 index 0000000..b956a18 --- /dev/null +++ b/plugins/sudoers/policy.c @@ -0,0 +1,731 @@ +/* + * Copyright (c) 2010-2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#include +#include +#include + +#include "sudoers.h" +#include "sudoers_version.h" +#include "interfaces.h" + +/* + * Info passed in from the sudo front-end. + */ +struct sudoers_policy_open_info { + char * const *settings; + char * const *user_info; + char * const *plugin_args; +}; + +/* + * Command execution args to be filled in: argv, envp and command info. + */ +struct sudoers_exec_args { + char ***argv; + char ***envp; + char ***info; +}; + +static int sudo_version; +static const char *interfaces_string; +sudo_conv_t sudo_conv; +const char *path_ldap_conf = _PATH_LDAP_CONF; +const char *path_ldap_secret = _PATH_LDAP_SECRET; + +extern __dso_public struct policy_plugin sudoers_policy; + +#ifdef HAVE_BSD_AUTH_H +extern char *login_style; +#endif /* HAVE_BSD_AUTH_H */ + +/* + * Deserialize args, settings and user_info arrays. + * Fills in struct sudo_user and other common sudoers state. + */ +int +sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) +{ + struct sudoers_policy_open_info *info = v; + char * const *cur; + const char *p, *groups = NULL; + const char *debug_flags = NULL; + int flags = 0; + debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN) + +#define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0) + + /* Parse sudo.conf plugin args. */ + if (info->plugin_args != NULL) { + for (cur = info->plugin_args; *cur != NULL; cur++) { + if (MATCHES(*cur, "sudoers_file=")) { + sudoers_file = *cur + sizeof("sudoers_file=") - 1; + continue; + } + if (MATCHES(*cur, "sudoers_uid=")) { + sudoers_uid = (uid_t) atoi(*cur + sizeof("sudoers_uid=") - 1); + continue; + } + if (MATCHES(*cur, "sudoers_gid=")) { + sudoers_gid = (gid_t) atoi(*cur + sizeof("sudoers_gid=") - 1); + continue; + } + if (MATCHES(*cur, "sudoers_mode=")) { + sudoers_mode = (mode_t) strtol(*cur + sizeof("sudoers_mode=") - 1, + NULL, 8); + continue; + } + if (MATCHES(*cur, "ldap_conf=")) { + path_ldap_conf = *cur + sizeof("ldap_conf=") - 1; + continue; + } + if (MATCHES(*cur, "ldap_secret=")) { + path_ldap_secret = *cur + sizeof("ldap_secret=") - 1; + continue; + } + } + } + + /* Parse command line settings. */ + user_closefrom = -1; + sudo_user.max_groups = -1; + for (cur = info->settings; *cur != NULL; cur++) { + if (MATCHES(*cur, "closefrom=")) { + user_closefrom = atoi(*cur + sizeof("closefrom=") - 1); + continue; + } + if (MATCHES(*cur, "debug_flags=")) { + debug_flags = *cur + sizeof("debug_flags=") - 1; + continue; + } + if (MATCHES(*cur, "runas_user=")) { + *runas_user = *cur + sizeof("runas_user=") - 1; + sudo_user.flags |= RUNAS_USER_SPECIFIED; + continue; + } + if (MATCHES(*cur, "runas_group=")) { + *runas_group = *cur + sizeof("runas_group=") - 1; + sudo_user.flags |= RUNAS_GROUP_SPECIFIED; + continue; + } + if (MATCHES(*cur, "prompt=")) { + user_prompt = *cur + sizeof("prompt=") - 1; + def_passprompt_override = true; + continue; + } + if (MATCHES(*cur, "set_home=")) { + if (atobool(*cur + sizeof("set_home=") - 1) == true) + SET(flags, MODE_RESET_HOME); + continue; + } + if (MATCHES(*cur, "preserve_environment=")) { + if (atobool(*cur + sizeof("preserve_environment=") - 1) == true) + SET(flags, MODE_PRESERVE_ENV); + continue; + } + if (MATCHES(*cur, "run_shell=")) { + if (atobool(*cur + sizeof("run_shell=") - 1) == true) + SET(flags, MODE_SHELL); + continue; + } + if (MATCHES(*cur, "login_shell=")) { + if (atobool(*cur + sizeof("login_shell=") - 1) == true) { + SET(flags, MODE_LOGIN_SHELL); + def_env_reset = true; + } + continue; + } + if (MATCHES(*cur, "implied_shell=")) { + if (atobool(*cur + sizeof("implied_shell=") - 1) == true) + SET(flags, MODE_IMPLIED_SHELL); + continue; + } + if (MATCHES(*cur, "preserve_groups=")) { + if (atobool(*cur + sizeof("preserve_groups=") - 1) == true) + SET(flags, MODE_PRESERVE_GROUPS); + continue; + } + if (MATCHES(*cur, "ignore_ticket=")) { + if (atobool(*cur + sizeof("ignore_ticket=") - 1) == true) + SET(flags, MODE_IGNORE_TICKET); + continue; + } + if (MATCHES(*cur, "noninteractive=")) { + if (atobool(*cur + sizeof("noninteractive=") - 1) == true) + SET(flags, MODE_NONINTERACTIVE); + continue; + } + if (MATCHES(*cur, "sudoedit=")) { + if (atobool(*cur + sizeof("sudoedit=") - 1) == true) + SET(flags, MODE_EDIT); + continue; + } + if (MATCHES(*cur, "login_class=")) { + login_class = *cur + sizeof("login_class=") - 1; + def_use_loginclass = true; + continue; + } +#ifdef HAVE_PRIV_SET + if (MATCHES(*cur, "runas_privs=")) { + def_privs = *cur + sizeof("runas_privs=") - 1; + continue; + } + if (MATCHES(*cur, "runas_limitprivs=")) { + def_limitprivs = *cur + sizeof("runas_limitprivs=") - 1; + continue; + } +#endif /* HAVE_PRIV_SET */ +#ifdef HAVE_SELINUX + if (MATCHES(*cur, "selinux_role=")) { + user_role = *cur + sizeof("selinux_role=") - 1; + continue; + } + if (MATCHES(*cur, "selinux_type=")) { + user_type = *cur + sizeof("selinux_type=") - 1; + continue; + } +#endif /* HAVE_SELINUX */ +#ifdef HAVE_BSD_AUTH_H + if (MATCHES(*cur, "bsdauth_type=")) { + login_style = *cur + sizeof("bsdauth_type=") - 1; + continue; + } +#endif /* HAVE_BSD_AUTH_H */ +#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) + if (MATCHES(*cur, "progname=")) { + setprogname(*cur + sizeof("progname=") - 1); + continue; + } +#endif + if (MATCHES(*cur, "network_addrs=")) { + interfaces_string = *cur + sizeof("network_addrs=") - 1; + set_interfaces(interfaces_string); + continue; + } + if (MATCHES(*cur, "max_groups=")) { + sudo_user.max_groups = atoi(*cur + sizeof("max_groups=") - 1); + continue; + } + } + + for (cur = info->user_info; *cur != NULL; cur++) { + if (MATCHES(*cur, "user=")) { + user_name = estrdup(*cur + sizeof("user=") - 1); + continue; + } + if (MATCHES(*cur, "uid=")) { + user_uid = (uid_t) atoi(*cur + sizeof("uid=") - 1); + continue; + } + if (MATCHES(*cur, "gid=")) { + p = *cur + sizeof("gid=") - 1; + user_gid = (gid_t) atoi(p); + continue; + } + if (MATCHES(*cur, "groups=")) { + groups = *cur + sizeof("groups=") - 1; + continue; + } + if (MATCHES(*cur, "cwd=")) { + user_cwd = estrdup(*cur + sizeof("cwd=") - 1); + continue; + } + if (MATCHES(*cur, "tty=")) { + user_tty = user_ttypath = estrdup(*cur + sizeof("tty=") - 1); + if (strncmp(user_tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) + user_tty += sizeof(_PATH_DEV) - 1; + continue; + } + if (MATCHES(*cur, "host=")) { + user_host = user_shost = estrdup(*cur + sizeof("host=") - 1); + if ((p = strchr(user_host, '.'))) + user_shost = estrndup(user_host, (size_t)(p - user_host)); + continue; + } + if (MATCHES(*cur, "lines=")) { + sudo_user.lines = atoi(*cur + sizeof("lines=") - 1); + continue; + } + if (MATCHES(*cur, "cols=")) { + sudo_user.cols = atoi(*cur + sizeof("cols=") - 1); + continue; + } + if (MATCHES(*cur, "sid=")) { + sudo_user.sid = atoi(*cur + sizeof("sid=") - 1); + continue; + } + } + if (user_cwd == NULL) + user_cwd = "unknown"; + if (user_tty == NULL) + user_tty = "unknown"; /* user_ttypath remains NULL */ + + if (groups != NULL && groups[0] != '\0') { + const char *cp; + GETGROUPS_T *gids; + int ngids; + + /* Count number of groups, including passwd gid. */ + ngids = 2; + for (cp = groups; *cp != '\0'; cp++) { + if (*cp == ',') + ngids++; + } + + /* The first gid in the list is the passwd group gid. */ + gids = emalloc2(ngids, sizeof(GETGROUPS_T)); + gids[0] = user_gid; + ngids = 1; + cp = groups; + for (;;) { + gids[ngids] = atoi(cp); + if (gids[0] != gids[ngids]) + ngids++; + cp = strchr(cp, ','); + if (cp == NULL) + break; + cp++; /* skip over comma */ + } + user_gids = gids; + user_ngids = ngids; + } + + /* Stash initial umask for later use. */ + user_umask = umask(SUDO_UMASK); + umask(user_umask); + + /* Setup debugging if indicated. */ + if (debug_flags != NULL) { + sudo_debug_init(NULL, debug_flags); + for (cur = info->settings; *cur != NULL; cur++) + sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); + for (cur = info->user_info; *cur != NULL; cur++) + sudo_debug_printf(SUDO_DEBUG_INFO, "user_info: %s", *cur); + } + +#undef MATCHES + debug_return_int(flags); +} + +/* + * Setup the execution environment. + * Builds up the command_info list and sets argv and envp. + * Returns 1 on success and -1 on error. + */ +int +sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, + char *iolog_path, void *v) +{ + struct sudoers_exec_args *exec_args = v; + char **command_info; + int info_len = 0; + debug_decl(sudoers_policy_exec_setup, SUDO_DEBUG_PLUGIN) + + /* Increase the length of command_info as needed, it is *not* checked. */ + command_info = ecalloc(32, sizeof(char **)); + + command_info[info_len++] = fmt_string("command", safe_cmnd); + if (def_log_input || def_log_output) { + if (iolog_path) + command_info[info_len++] = iolog_path; + if (def_log_input) { + command_info[info_len++] = estrdup("iolog_stdin=true"); + command_info[info_len++] = estrdup("iolog_ttyin=true"); + } + if (def_log_output) { + command_info[info_len++] = estrdup("iolog_stdout=true"); + command_info[info_len++] = estrdup("iolog_stderr=true"); + command_info[info_len++] = estrdup("iolog_ttyout=true"); + } + if (def_compress_io) { + command_info[info_len++] = estrdup("iolog_compress=true"); + } + if (def_maxseq) { + easprintf(&command_info[info_len++], "maxseq=%u", def_maxseq); + } + } + if (ISSET(sudo_mode, MODE_EDIT)) + command_info[info_len++] = estrdup("sudoedit=true"); + if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { + /* Set cwd to run user's homedir. */ + command_info[info_len++] = fmt_string("cwd", runas_pw->pw_dir); + } + if (def_stay_setuid) { + easprintf(&command_info[info_len++], "runas_uid=%u", + (unsigned int)user_uid); + easprintf(&command_info[info_len++], "runas_gid=%u", + (unsigned int)user_gid); + easprintf(&command_info[info_len++], "runas_euid=%u", + (unsigned int)runas_pw->pw_uid); + easprintf(&command_info[info_len++], "runas_egid=%u", + runas_gr ? (unsigned int)runas_gr->gr_gid : + (unsigned int)runas_pw->pw_gid); + } else { + easprintf(&command_info[info_len++], "runas_uid=%u", + (unsigned int)runas_pw->pw_uid); + easprintf(&command_info[info_len++], "runas_gid=%u", + runas_gr ? (unsigned int)runas_gr->gr_gid : + (unsigned int)runas_pw->pw_gid); + } + if (def_preserve_groups) { + command_info[info_len++] = "preserve_groups=true"; + } else { + int i, len; + gid_t egid; + size_t glsize; + char *cp, *gid_list; + struct group_list *grlist = sudo_get_grlist(runas_pw); + + /* We reserve an extra spot in the list for the effective gid. */ + glsize = sizeof("runas_groups=") - 1 + + ((grlist->ngids + 1) * (MAX_UID_T_LEN + 1)); + gid_list = emalloc(glsize); + memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1); + cp = gid_list + sizeof("runas_groups=") - 1; + + /* On BSD systems the effective gid is the first group in the list. */ + egid = runas_gr ? (unsigned int)runas_gr->gr_gid : + (unsigned int)runas_pw->pw_gid; + len = snprintf(cp, glsize - (cp - gid_list), "%u", egid); + if (len < 0 || len >= glsize - (cp - gid_list)) + fatalx(_("internal error, %s overflow"), "runas_groups"); + cp += len; + for (i = 0; i < grlist->ngids; i++) { + if (grlist->gids[i] != egid) { + len = snprintf(cp, glsize - (cp - gid_list), ",%u", + (unsigned int) grlist->gids[i]); + if (len < 0 || len >= glsize - (cp - gid_list)) + fatalx(_("internal error, %s overflow"), "runas_groups"); + cp += len; + } + } + command_info[info_len++] = gid_list; + sudo_grlist_delref(grlist); + } + if (def_closefrom >= 0) + easprintf(&command_info[info_len++], "closefrom=%d", def_closefrom); + if (def_noexec) + command_info[info_len++] = estrdup("noexec=true"); + if (def_exec_background) + command_info[info_len++] = estrdup("exec_background=true"); + if (def_set_utmp) + command_info[info_len++] = estrdup("set_utmp=true"); + if (def_use_pty) + command_info[info_len++] = estrdup("use_pty=true"); + if (def_utmp_runas) + command_info[info_len++] = fmt_string("utmp_user", runas_pw->pw_name); + if (cmnd_umask != 0777) + easprintf(&command_info[info_len++], "umask=0%o", (unsigned int)cmnd_umask); +#ifdef HAVE_LOGIN_CAP_H + if (def_use_loginclass) + command_info[info_len++] = fmt_string("login_class", login_class); +#endif /* HAVE_LOGIN_CAP_H */ +#ifdef HAVE_SELINUX + if (user_role != NULL) + command_info[info_len++] = fmt_string("selinux_role", user_role); + if (user_type != NULL) + command_info[info_len++] = fmt_string("selinux_type", user_type); +#endif /* HAVE_SELINUX */ +#ifdef HAVE_PRIV_SET + if (runas_privs != NULL) + command_info[info_len++] = fmt_string("runas_privs", runas_privs); + if (runas_limitprivs != NULL) + command_info[info_len++] = fmt_string("runas_limitprivs", runas_limitprivs); +#endif /* HAVE_SELINUX */ + + /* Fill in exec environment info */ + *(exec_args->argv) = argv; + *(exec_args->envp) = envp; + *(exec_args->info) = command_info; + + debug_return_bool(true); +} + +static int +sudoers_policy_open(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const envp[], char * const args[]) +{ + struct sudoers_policy_open_info info; + debug_decl(sudoers_policy_open, SUDO_DEBUG_PLUGIN) + + sudo_version = version; + sudo_conv = conversation; + sudo_printf = plugin_printf; + + /* Plugin args are only specified for API version 1.2 and higher. */ + if (sudo_version < SUDO_API_MKVERSION(1, 2)) + args = NULL; + + if (fatal_setjmp() != 0) { + /* called via fatal(), fatalx() or log_fatal() */ + rewind_perms(); + fatal_disable_setjmp(); + debug_return_bool(-1); + } + + /* Call the sudoers init function. */ + info.settings = settings; + info.user_info = user_info; + info.plugin_args = args; + debug_return_bool(sudoers_policy_init(&info, envp)); +} + +static void +sudoers_policy_close(int exit_status, int error_code) +{ + debug_decl(sudoers_policy_close, SUDO_DEBUG_PLUGIN) + + if (fatal_setjmp() != 0) { + /* called via fatal(), fatalx() or log_fatal() */ + fatal_disable_setjmp(); + debug_return; + } + + /* We do not currently log the exit status. */ + if (error_code) { + errno = error_code; + warning(_("unable to execute %s"), safe_cmnd); + } + + /* Close the session we opened in sudoers_policy_init_session(). */ + if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT)) + (void)sudo_auth_end_session(runas_pw); + + /* Free remaining references to password and group entries. */ + /* XXX - move cleanup to function in sudoers.c */ + sudo_pw_delref(sudo_user.pw); + sudo_user.pw = NULL; + sudo_pw_delref(runas_pw); + runas_pw = NULL; + if (runas_gr != NULL) { + sudo_gr_delref(runas_gr); + runas_gr = NULL; + } + if (user_group_list != NULL) { + sudo_grlist_delref(user_group_list); + user_group_list = NULL; + } + efree(user_gids); + user_gids = NULL; + + debug_return; +} + +/* + * The init_session function is called before executing the command + * and before uid/gid changes occur. + * Returns 1 on success, 0 on failure and -1 on error. + */ +static int +sudoers_policy_init_session(struct passwd *pwd, char **user_env[]) +{ + debug_decl(sudoers_policy_init_session, SUDO_DEBUG_PLUGIN) + + /* user_env is only specified for API version 1.2 and higher. */ + if (sudo_version < SUDO_API_MKVERSION(1, 2)) + user_env = NULL; + + if (fatal_setjmp() != 0) { + /* called via fatal(), fatalx() or log_fatal() */ + fatal_disable_setjmp(); + debug_return_bool(-1); + } + + debug_return_bool(sudo_auth_begin_session(pwd, user_env)); +} + +static int +sudoers_policy_check(int argc, char * const argv[], char *env_add[], + char **command_infop[], char **argv_out[], char **user_env_out[]) +{ + struct sudoers_exec_args exec_args; + int rval; + debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN) + + if (!ISSET(sudo_mode, MODE_EDIT)) + SET(sudo_mode, MODE_RUN); + + exec_args.argv = argv_out; + exec_args.envp = user_env_out; + exec_args.info = command_infop; + + rval = sudoers_policy_main(argc, argv, 0, env_add, &exec_args); + if (rval == true && sudo_version >= SUDO_API_MKVERSION(1, 3)) { + /* Unset close function if we don't need it to avoid extra process. */ + if (!def_log_input && !def_log_output && !def_use_pty && + !sudo_auth_needs_end_session()) + sudoers_policy.close = NULL; + } + debug_return_bool(rval); +} + +static int +sudoers_policy_validate(void) +{ + debug_decl(sudoers_policy_validate, SUDO_DEBUG_PLUGIN) + + user_cmnd = "validate"; + SET(sudo_mode, MODE_VALIDATE); + + debug_return_bool(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL)); +} + +static void +sudoers_policy_invalidate(int remove) +{ + debug_decl(sudoers_policy_invalidate, SUDO_DEBUG_PLUGIN) + + user_cmnd = "kill"; + if (fatal_setjmp() == 0) { + remove_timestamp(remove); + sudoers_cleanup(); + } + fatal_disable_setjmp(); + + debug_return; +} + +static int +sudoers_policy_list(int argc, char * const argv[], int verbose, + const char *list_user) +{ + int rval; + debug_decl(sudoers_policy_list, SUDO_DEBUG_PLUGIN) + + user_cmnd = "list"; + if (argc) + SET(sudo_mode, MODE_CHECK); + else + SET(sudo_mode, MODE_LIST); + if (verbose) + long_list = 1; + if (list_user) { + list_pw = sudo_getpwnam(list_user); + if (list_pw == NULL) { + warningx(_("unknown user: %s"), list_user); + debug_return_bool(-1); + } + } + rval = sudoers_policy_main(argc, argv, I_LISTPW, NULL, NULL); + if (list_user) { + sudo_pw_delref(list_pw); + list_pw = NULL; + } + + debug_return_bool(rval); +} + +static int +sudoers_policy_version(int verbose) +{ + debug_decl(sudoers_policy_version, SUDO_DEBUG_PLUGIN) + + if (fatal_setjmp() != 0) { + /* error recovery via fatal(), fatalx() or log_fatal() */ + fatal_disable_setjmp(); + debug_return_bool(-1); + } + + sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers policy plugin version %s\n"), + PACKAGE_VERSION); + sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers file grammar version %d\n"), + SUDOERS_GRAMMAR_VERSION); + + if (verbose) { + sudo_printf(SUDO_CONV_INFO_MSG, _("\nSudoers path: %s\n"), sudoers_file); +#ifdef HAVE_LDAP +# ifdef _PATH_NSSWITCH_CONF + sudo_printf(SUDO_CONV_INFO_MSG, _("nsswitch path: %s\n"), _PATH_NSSWITCH_CONF); +# endif + sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.conf path: %s\n"), path_ldap_conf); + sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.secret path: %s\n"), path_ldap_secret); +#endif + dump_auth_methods(); + dump_defaults(); + sudo_printf(SUDO_CONV_INFO_MSG, "\n"); + if (interfaces_string != NULL) { + dump_interfaces(interfaces_string); + sudo_printf(SUDO_CONV_INFO_MSG, "\n"); + } + } + debug_return_bool(true); +} + +static void +sudoers_policy_register_hooks(int version, int (*register_hook)(struct sudo_hook *hook)) +{ + struct sudo_hook hook; + + memset(&hook, 0, sizeof(hook)); + hook.hook_version = SUDO_HOOK_VERSION; + + hook.hook_type = SUDO_HOOK_SETENV; + hook.hook_fn = sudoers_hook_setenv; + register_hook(&hook); + + hook.hook_type = SUDO_HOOK_UNSETENV; + hook.hook_fn = sudoers_hook_unsetenv; + register_hook(&hook); + + hook.hook_type = SUDO_HOOK_GETENV; + hook.hook_fn = sudoers_hook_getenv; + register_hook(&hook); + + hook.hook_type = SUDO_HOOK_PUTENV; + hook.hook_fn = sudoers_hook_putenv; + register_hook(&hook); +} + +__dso_public struct policy_plugin sudoers_policy = { + SUDO_POLICY_PLUGIN, + SUDO_API_VERSION, + sudoers_policy_open, + sudoers_policy_close, + sudoers_policy_version, + sudoers_policy_check, + sudoers_policy_list, + sudoers_policy_validate, + sudoers_policy_invalidate, + sudoers_policy_init_session, + sudoers_policy_register_hooks +}; diff --git a/plugins/sudoers/prompt.c b/plugins/sudoers/prompt.c new file mode 100644 index 0000000..e98c8ee --- /dev/null +++ b/plugins/sudoers/prompt.c @@ -0,0 +1,172 @@ +/* + * Copyright (c) 1993-1996,1998-2005, 2007-2013 + * Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include + +#include "sudoers.h" + +/* + * Expand %h and %u escapes in the prompt and pass back the dynamically + * allocated result. Returns the same string if there are no escapes. + */ +char * +expand_prompt(const char *old_prompt, const char *user, const char *host) +{ + size_t len, n; + int subst; + const char *p; + char *np, *new_prompt, *endp; + debug_decl(expand_prompt, SUDO_DEBUG_AUTH) + + /* How much space do we need to malloc for the prompt? */ + subst = 0; + for (p = old_prompt, len = strlen(old_prompt); *p; p++) { + if (p[0] =='%') { + switch (p[1]) { + case 'h': + p++; + len += strlen(user_shost) - 2; + subst = 1; + break; + case 'H': + p++; + len += strlen(user_host) - 2; + subst = 1; + break; + case 'p': + p++; + if (def_rootpw) + len += 2; + else if (def_targetpw || def_runaspw) + len += strlen(runas_pw->pw_name) - 2; + else + len += strlen(user_name) - 2; + subst = 1; + break; + case 'u': + p++; + len += strlen(user_name) - 2; + subst = 1; + break; + case 'U': + p++; + len += strlen(runas_pw->pw_name) - 2; + subst = 1; + break; + case '%': + p++; + len--; + subst = 1; + break; + default: + break; + } + } + } + + if (subst) { + new_prompt = emalloc(++len); + endp = new_prompt + len; + for (p = old_prompt, np = new_prompt; *p; p++) { + if (p[0] =='%') { + switch (p[1]) { + case 'h': + p++; + n = strlcpy(np, user_shost, np - endp); + if (n >= np - endp) + goto oflow; + np += n; + continue; + case 'H': + p++; + n = strlcpy(np, user_host, np - endp); + if (n >= np - endp) + goto oflow; + np += n; + continue; + case 'p': + p++; + if (def_rootpw) + n = strlcpy(np, "root", np - endp); + else if (def_targetpw || def_runaspw) + n = strlcpy(np, runas_pw->pw_name, np - endp); + else + n = strlcpy(np, user_name, np - endp); + if (n >= np - endp) + goto oflow; + np += n; + continue; + case 'u': + p++; + n = strlcpy(np, user_name, np - endp); + if (n >= np - endp) + goto oflow; + np += n; + continue; + case 'U': + p++; + n = strlcpy(np, runas_pw->pw_name, np - endp); + if (n >= np - endp) + goto oflow; + np += n; + continue; + case '%': + /* convert %% -> % */ + p++; + break; + default: + /* no conversion */ + break; + } + } + *np++ = *p; + if (np >= endp) + goto oflow; + } + *np = '\0'; + } else + new_prompt = estrdup(old_prompt); + + debug_return_str(new_prompt); + +oflow: + /* We pre-allocate enough space, so this should never happen. */ + fatalx(_("internal error, %s overflow"), "expand_prompt()"); +} diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c index 3e876d8..7f5904b 100644 --- a/plugins/sudoers/pwutil.c +++ b/plugins/sudoers/pwutil.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2012 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -22,8 +22,6 @@ #include #include -#include -#include #include #ifdef STDC_HEADERS # include @@ -48,17 +46,12 @@ #ifdef HAVE_SETAUTHDB # include #endif /* HAVE_SETAUTHDB */ -#ifdef HAVE_UTMPX_H -# include -#else -# include -#endif /* HAVE_UTMPX_H */ -#include #include #include #include "sudoers.h" #include "redblack.h" +#include "pwutil.h" /* * The passwd and group caches. @@ -73,47 +66,6 @@ static int cmp_grgid(const void *, const void *); #define cmp_grnam cmp_pwnam -#define ptr_to_item(p) ((struct cache_item *)((char *)p - offsetof(struct cache_item_##p, p))) - -/* - * Generic cache element. - */ -struct cache_item { - unsigned int refcnt; - /* key */ - union { - uid_t uid; - gid_t gid; - char *name; - } k; - /* datum */ - union { - struct passwd *pw; - struct group *gr; - struct group_list *grlist; - } d; -}; - -/* - * Container structs to simpify size and offset calculations and guarantee - * proper aligment of struct passwd, group and group_list. - */ -struct cache_item_pw { - struct cache_item cache; - struct passwd pw; -}; - -struct cache_item_gr { - struct cache_item cache; - struct group gr; -}; - -struct cache_item_grlist { - struct cache_item cache; - struct group_list grlist; - /* actually bigger */ -}; - /* * Compare by uid. */ @@ -136,93 +88,6 @@ cmp_pwnam(const void *v1, const void *v2) return strcmp(ci1->k.name, ci2->k.name); } -#define FIELD_SIZE(src, name, size) \ -do { \ - if (src->name) { \ - size = strlen(src->name) + 1; \ - total += size; \ - } \ -} while (0) - -#define FIELD_COPY(src, dst, name, size) \ -do { \ - if (src->name) { \ - memcpy(cp, src->name, size); \ - dst->name = cp; \ - cp += size; \ - } \ -} while (0) - -/* - * Dynamically allocate space for a struct item plus the key and data - * elements. If name is non-NULL it is used as the key, else the - * uid is the key. Fills in datum from struct password. - */ -static struct cache_item * -make_pwitem(const struct passwd *pw, const char *name) -{ - char *cp; - const char *pw_shell; - size_t nsize, psize, csize, gsize, dsize, ssize, total; - struct cache_item_pw *pwitem; - struct passwd *newpw; - debug_decl(make_pwitem, SUDO_DEBUG_NSS) - - /* If shell field is empty, expand to _PATH_BSHELL. */ - pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0') - ? _PATH_BSHELL : pw->pw_shell; - - /* Allocate in one big chunk for easy freeing. */ - nsize = psize = csize = gsize = dsize = ssize = 0; - total = sizeof(*pwitem); - FIELD_SIZE(pw, pw_name, nsize); - FIELD_SIZE(pw, pw_passwd, psize); -#ifdef HAVE_LOGIN_CAP_H - FIELD_SIZE(pw, pw_class, csize); -#endif - FIELD_SIZE(pw, pw_gecos, gsize); - FIELD_SIZE(pw, pw_dir, dsize); - /* Treat shell specially since we expand "" -> _PATH_BSHELL */ - ssize = strlen(pw_shell) + 1; - total += ssize; - if (name != NULL) - total += strlen(name) + 1; - - /* Allocate space for struct item, struct passwd and the strings. */ - pwitem = ecalloc(1, total); - newpw = &pwitem->pw; - - /* - * Copy in passwd contents and make strings relative to space - * at the end of the struct. - */ - memcpy(newpw, pw, sizeof(*pw)); - cp = (char *)(pwitem + 1); - FIELD_COPY(pw, newpw, pw_name, nsize); - FIELD_COPY(pw, newpw, pw_passwd, psize); -#ifdef HAVE_LOGIN_CAP_H - FIELD_COPY(pw, newpw, pw_class, csize); -#endif - FIELD_COPY(pw, newpw, pw_gecos, gsize); - FIELD_COPY(pw, newpw, pw_dir, dsize); - /* Treat shell specially since we expand "" -> _PATH_BSHELL */ - memcpy(cp, pw_shell, ssize); - newpw->pw_shell = cp; - cp += ssize; - - /* Set key and datum. */ - if (name != NULL) { - memcpy(cp, name, strlen(name) + 1); - pwitem->cache.k.name = cp; - } else { - pwitem->cache.k.uid = pw->pw_uid; - } - pwitem->cache.d.pw = newpw; - pwitem->cache.refcnt = 1; - - debug_return_ptr(&pwitem->cache); -} - void sudo_pw_addref(struct passwd *pw) { @@ -272,20 +137,16 @@ sudo_getpwuid(uid_t uid) #ifdef HAVE_SETAUTHDB aix_setauthdb(IDtouser(uid)); #endif - if ((key.d.pw = getpwuid(uid)) != NULL) { - item = make_pwitem(key.d.pw, NULL); - if (rbinsert(pwcache_byuid, item) != NULL) - errorx(1, _("unable to cache uid %u (%s), already exists"), - (unsigned int) uid, item->d.pw->pw_name); - } else { + item = sudo_make_pwitem(uid, NULL); + if (item == NULL) { item = ecalloc(1, sizeof(*item)); item->refcnt = 1; item->k.uid = uid; /* item->d.pw = NULL; */ - if (rbinsert(pwcache_byuid, item) != NULL) - errorx(1, _("unable to cache uid %u, already exists"), - (unsigned int) uid); } + if (rbinsert(pwcache_byuid, item) != NULL) + fatalx(_("unable to cache uid %u, already exists"), + (unsigned int) uid); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif @@ -316,20 +177,17 @@ sudo_getpwnam(const char *name) #ifdef HAVE_SETAUTHDB aix_setauthdb((char *) name); #endif - if ((key.d.pw = getpwnam(name)) != NULL) { - item = make_pwitem(key.d.pw, name); - if (rbinsert(pwcache_byname, item) != NULL) - errorx(1, _("unable to cache user %s, already exists"), name); - } else { + item = sudo_make_pwitem((uid_t)-1, name); + if (item == NULL) { len = strlen(name) + 1; item = ecalloc(1, sizeof(*item) + len); item->refcnt = 1; item->k.name = (char *) item + sizeof(*item); memcpy(item->k.name, name, len); /* item->d.pw = NULL; */ - if (rbinsert(pwcache_byname, item) != NULL) - errorx(1, _("unable to cache user %s, already exists"), name); } + if (rbinsert(pwcache_byname, item) != NULL) + fatalx(_("unable to cache user %s, already exists"), name); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif @@ -339,22 +197,32 @@ done: } /* - * Take a user, uid and gid and return a faked up passwd struct. + * Take a user, uid, gid, home and shell and return a faked up passwd struct. + * If home or shell are NULL default values will be used. */ struct passwd * -sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid) +sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, + const char *shell) { struct cache_item_pw *pwitem; struct passwd *pw; struct rbnode *node; - size_t len, namelen; + size_t len, name_len, home_len, shell_len; int i; - debug_decl(sudo_fakepwnam, SUDO_DEBUG_NSS) - - namelen = strlen(user); - len = sizeof(*pwitem) + namelen + 1 /* pw_name */ + + debug_decl(sudo_mkpwent, SUDO_DEBUG_NSS) + + /* Optional arguments. */ + if (home == NULL) + home = "/"; + if (shell == NULL) + shell = _PATH_BSHELL; + + name_len = strlen(user); + home_len = strlen(home); + shell_len = strlen(shell); + len = sizeof(*pwitem) + name_len + 1 /* pw_name */ + sizeof("*") /* pw_passwd */ + sizeof("") /* pw_gecos */ + - sizeof("/") /* pw_dir */ + sizeof(_PATH_BSHELL); + home_len + 1 /* pw_dir */ + shell_len + 1 /* pw_shell */; for (i = 0; i < 2; i++) { pwitem = ecalloc(1, len); @@ -362,36 +230,38 @@ sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid) pw->pw_uid = uid; pw->pw_gid = gid; pw->pw_name = (char *)(pwitem + 1); - memcpy(pw->pw_name, user, namelen + 1); - pw->pw_passwd = pw->pw_name + namelen + 1; + memcpy(pw->pw_name, user, name_len + 1); + pw->pw_passwd = pw->pw_name + name_len + 1; memcpy(pw->pw_passwd, "*", 2); pw->pw_gecos = pw->pw_passwd + 2; pw->pw_gecos[0] = '\0'; pw->pw_dir = pw->pw_gecos + 1; - memcpy(pw->pw_dir, "/", 2); - pw->pw_shell = pw->pw_dir + 2; - memcpy(pw->pw_shell, _PATH_BSHELL, sizeof(_PATH_BSHELL)); + memcpy(pw->pw_dir, home, home_len + 1); + pw->pw_shell = pw->pw_dir + home_len + 1; + memcpy(pw->pw_shell, shell, shell_len + 1); pwitem->cache.refcnt = 1; pwitem->cache.d.pw = pw; if (i == 0) { - /* Store by uid, overwriting cached version. */ + /* Store by uid if it doesn't already exist. */ pwitem->cache.k.uid = pw->pw_uid; if ((node = rbinsert(pwcache_byuid, &pwitem->cache)) != NULL) { - sudo_pw_delref_item(node->data); - node->data = &pwitem->cache; + /* Already exists, free the item we created. */ + efree(pwitem); + pwitem = (struct cache_item_pw *) node->data; } } else { - /* Store by name, overwriting cached version. */ + /* Store by name if it doesn't already exist. */ pwitem->cache.k.name = pw->pw_name; if ((node = rbinsert(pwcache_byname, &pwitem->cache)) != NULL) { - sudo_pw_delref_item(node->data); - node->data = &pwitem->cache; + /* Already exists, free the item we created. */ + efree(pwitem); + pwitem = (struct cache_item_pw *) node->data; } } } pwitem->cache.refcnt++; - debug_return_ptr(pw); + debug_return_ptr(&pwitem->pw); } /* @@ -403,7 +273,7 @@ sudo_fakepwnam(const char *user, gid_t gid) uid_t uid; uid = (uid_t) atoi(user + 1); - return sudo_fakepwnamid(user, uid, gid); + return sudo_mkpwent(user, uid, gid, NULL, NULL); } void @@ -459,163 +329,6 @@ cmp_grgid(const void *v1, const void *v2) return ci1->k.gid - ci2->k.gid; } -/* - * Dynamically allocate space for a struct item plus the key and data - * elements. If name is non-NULL it is used as the key, else the - * gid is the key. Fills in datum from struct group. - */ -static struct cache_item * -make_gritem(const struct group *gr, const char *name) -{ - char *cp; - size_t nsize, psize, nmem, total, len; - struct cache_item_gr *gritem; - struct group *newgr; - debug_decl(make_gritem, SUDO_DEBUG_NSS) - - /* Allocate in one big chunk for easy freeing. */ - nsize = psize = nmem = 0; - total = sizeof(*gritem); - FIELD_SIZE(gr, gr_name, nsize); - FIELD_SIZE(gr, gr_passwd, psize); - if (gr->gr_mem) { - for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) - total += strlen(gr->gr_mem[nmem]) + 1; - nmem++; - total += sizeof(char *) * nmem; - } - if (name != NULL) - total += strlen(name) + 1; - - gritem = ecalloc(1, total); - - /* - * Copy in group contents and make strings relative to space - * at the end of the buffer. Note that gr_mem must come - * immediately after struct group to guarantee proper alignment. - */ - newgr = &gritem->gr; - memcpy(newgr, gr, sizeof(*gr)); - cp = (char *)(gritem + 1); - if (gr->gr_mem) { - newgr->gr_mem = (char **)cp; - cp += sizeof(char *) * nmem; - for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) { - len = strlen(gr->gr_mem[nmem]) + 1; - memcpy(cp, gr->gr_mem[nmem], len); - newgr->gr_mem[nmem] = cp; - cp += len; - } - newgr->gr_mem[nmem] = NULL; - } - FIELD_COPY(gr, newgr, gr_passwd, psize); - FIELD_COPY(gr, newgr, gr_name, nsize); - - /* Set key and datum. */ - if (name != NULL) { - memcpy(cp, name, strlen(name) + 1); - gritem->cache.k.name = cp; - } else { - gritem->cache.k.gid = gr->gr_gid; - } - gritem->cache.d.gr = newgr; - gritem->cache.refcnt = 1; - - debug_return_ptr(&gritem->cache); -} - -#ifdef HAVE_UTMPX_H -# define GROUPNAME_LEN (sizeof((struct utmpx *)0)->ut_user + 1) -#else -# ifdef HAVE_STRUCT_UTMP_UT_USER -# define GROUPNAME_LEN (sizeof((struct utmp *)0)->ut_user + 1) -# else -# define GROUPNAME_LEN (sizeof((struct utmp *)0)->ut_name + 1) -# endif -#endif /* HAVE_UTMPX_H */ - -/* - * Dynamically allocate space for a struct item plus the key and data - * elements. Fills in datum from the groups and gids arrays. - */ -static struct cache_item * -make_grlist_item(const char *user, GETGROUPS_T *gids, int ngids) -{ - char *cp; - size_t i, nsize, ngroups, total, len; - struct cache_item_grlist *grlitem; - struct group_list *grlist; - struct group *grp; - debug_decl(make_grlist_item, SUDO_DEBUG_NSS) - -#ifdef HAVE_SETAUTHDB - aix_setauthdb((char *) user); -#endif - - /* Allocate in one big chunk for easy freeing. */ - nsize = strlen(user) + 1; - total = sizeof(*grlitem) + nsize; - total += sizeof(char *) * ngids; - total += sizeof(gid_t *) * ngids; - total += GROUPNAME_LEN * ngids; - -again: - grlitem = ecalloc(1, total); - - /* - * Copy in group list and make pointers relative to space - * at the end of the buffer. Note that the groups array must come - * immediately after struct group to guarantee proper alignment. - */ - grlist = &grlitem->grlist; - cp = (char *)(grlitem + 1); - grlist->groups = (char **)cp; - cp += sizeof(char *) * ngids; - grlist->gids = (gid_t *)cp; - cp += sizeof(gid_t) * ngids; - - /* Set key and datum. */ - memcpy(cp, user, nsize); - grlitem->cache.k.name = cp; - grlitem->cache.d.grlist = grlist; - grlitem->cache.refcnt = 1; - cp += nsize; - - /* - * Store group IDs. - */ - for (i = 0; i < ngids; i++) - grlist->gids[i] = gids[i]; - grlist->ngids = ngids; - - /* - * Resolve and store group names by ID. - */ - ngroups = 0; - for (i = 0; i < ngids; i++) { - if ((grp = sudo_getgrgid(gids[i])) != NULL) { - len = strlen(grp->gr_name) + 1; - if (cp - (char *)grlitem + len > total) { - total += len + GROUPNAME_LEN; - efree(grlitem); - sudo_gr_delref(grp); - goto again; - } - memcpy(cp, grp->gr_name, len); - grlist->groups[ngroups++] = cp; - cp += len; - sudo_gr_delref(grp); - } - } - grlist->ngroups = ngroups; - -#ifdef HAVE_SETAUTHDB - aix_restoreauthdb(); -#endif - - debug_return_ptr(&grlitem->cache); -} - void sudo_gr_addref(struct group *gr) { @@ -662,20 +375,16 @@ sudo_getgrgid(gid_t gid) /* * Cache group db entry if it exists or a negative response if not. */ - if ((key.d.gr = getgrgid(gid)) != NULL) { - item = make_gritem(key.d.gr, NULL); - if (rbinsert(grcache_bygid, item) != NULL) - errorx(1, _("unable to cache gid %u (%s), already exists"), - (unsigned int) gid, key.d.gr->gr_name); - } else { + item = sudo_make_gritem(gid, NULL); + if (item == NULL) { item = ecalloc(1, sizeof(*item)); item->refcnt = 1; item->k.gid = gid; /* item->d.gr = NULL; */ - if (rbinsert(grcache_bygid, item) != NULL) - errorx(1, _("unable to cache gid %u, already exists"), - (unsigned int) gid); } + if (rbinsert(grcache_bygid, item) != NULL) + fatalx(_("unable to cache gid %u, already exists"), + (unsigned int) gid); done: item->refcnt++; debug_return_ptr(item->d.gr); @@ -700,20 +409,17 @@ sudo_getgrnam(const char *name) /* * Cache group db entry if it exists or a negative response if not. */ - if ((key.d.gr = getgrnam(name)) != NULL) { - item = make_gritem(key.d.gr, name); - if (rbinsert(grcache_byname, item) != NULL) - errorx(1, _("unable to cache group %s, already exists"), name); - } else { + item = sudo_make_gritem((gid_t)-1, name); + if (item == NULL) { len = strlen(name) + 1; item = ecalloc(1, sizeof(*item) + len); item->refcnt = 1; item->k.name = (char *) item + sizeof(*item); memcpy(item->k.name, name, len); /* item->d.gr = NULL; */ - if (rbinsert(grcache_byname, item) != NULL) - errorx(1, _("unable to cache group %s, already exists"), name); } + if (rbinsert(grcache_byname, item) != NULL) + fatalx(_("unable to cache group %s, already exists"), name); done: item->refcnt++; debug_return_ptr(item->d.gr); @@ -728,40 +434,42 @@ sudo_fakegrnam(const char *group) struct cache_item_gr *gritem; struct group *gr; struct rbnode *node; - size_t len, namelen; + size_t len, name_len; int i; debug_decl(sudo_fakegrnam, SUDO_DEBUG_NSS) - namelen = strlen(group); - len = sizeof(*gritem) + namelen + 1; + name_len = strlen(group); + len = sizeof(*gritem) + name_len + 1; for (i = 0; i < 2; i++) { gritem = ecalloc(1, len); gr = &gritem->gr; gr->gr_gid = (gid_t) atoi(group + 1); gr->gr_name = (char *)(gritem + 1); - memcpy(gr->gr_name, group, namelen + 1); + memcpy(gr->gr_name, group, name_len + 1); gritem->cache.refcnt = 1; gritem->cache.d.gr = gr; if (i == 0) { - /* Store by gid, overwriting cached version. */ + /* Store by gid if it doesn't already exist. */ gritem->cache.k.gid = gr->gr_gid; if ((node = rbinsert(grcache_bygid, &gritem->cache)) != NULL) { - sudo_gr_delref_item(node->data); - node->data = &gritem->cache; + /* Already exists, free the item we created. */ + efree(gritem); + gritem = (struct cache_item_gr *) node->data; } } else { /* Store by name, overwriting cached version. */ gritem->cache.k.name = gr->gr_name; if ((node = rbinsert(grcache_byname, &gritem->cache)) != NULL) { - sudo_gr_delref_item(node->data); - node->data = &gritem->cache; + /* Already exists, free the item we created. */ + efree(gritem); + gritem = (struct cache_item_gr *) node->data; } } } gritem->cache.refcnt++; - debug_return_ptr(gr); + debug_return_ptr(&gritem->gr); } void @@ -846,8 +554,6 @@ sudo_get_grlist(struct passwd *pw) struct cache_item key, *item; struct rbnode *node; size_t len; - GETGROUPS_T *gids; - int ngids; debug_decl(sudo_get_grlist, SUDO_DEBUG_NSS) key.k.name = pw->pw_name; @@ -857,37 +563,9 @@ sudo_get_grlist(struct passwd *pw) } /* * Cache group db entry if it exists or a negative response if not. - * Use gids list from front-end if possible, otherwise getgrouplist(). */ - if (pw == sudo_user.pw && sudo_user.gids != NULL) { - gids = user_gids; - ngids = user_ngids; - user_gids = NULL; - user_ngids = 0; - } else { -#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) - ngids = (int)sysconf(_SC_NGROUPS_MAX) * 2; - if (ngids < 0) -#endif - ngids = NGROUPS_MAX * 2; - gids = emalloc2(ngids, sizeof(GETGROUPS_T)); - if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) { - efree(gids); - gids = emalloc2(ngids, sizeof(GETGROUPS_T)); - if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) { - efree(gids); - debug_return_ptr(NULL); - } - } - } - if (ngids > 0) { - if ((item = make_grlist_item(pw->pw_name, gids, ngids)) == NULL) - errorx(1, "unable to parse group list for %s", pw->pw_name); - efree(gids); - if (rbinsert(grlist_cache, item) != NULL) - errorx(1, "unable to cache group list for %s, already exists", - pw->pw_name); - } else { + item = sudo_make_grlist_item(pw, NULL, NULL); + if (item == NULL) { /* Should not happen. */ len = strlen(pw->pw_name) + 1; item = ecalloc(1, sizeof(*item) + len); @@ -895,15 +573,36 @@ sudo_get_grlist(struct passwd *pw) item->k.name = (char *) item + sizeof(*item); memcpy(item->k.name, pw->pw_name, len); /* item->d.grlist = NULL; */ - if (rbinsert(grlist_cache, item) != NULL) - errorx(1, "unable to cache group list for %s, already exists", - pw->pw_name); } + if (rbinsert(grlist_cache, item) != NULL) + fatalx(_("unable to cache group list for %s, already exists"), + pw->pw_name); done: item->refcnt++; debug_return_ptr(item->d.grlist); } +void +sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids) +{ + struct cache_item key, *item; + struct rbnode *node; + debug_decl(sudo_set_grlist, SUDO_DEBUG_NSS) + + /* + * Cache group db entry if it doesn't already exist + */ + key.k.name = pw->pw_name; + if ((node = rbfind(grlist_cache, &key)) == NULL) { + if ((item = sudo_make_grlist_item(pw, groups, gids)) == NULL) + fatalx(_("unable to parse groups for %s"), pw->pw_name); + if (rbinsert(grlist_cache, item) != NULL) + fatalx(_("unable to cache group list for %s, already exists"), + pw->pw_name); + } + debug_return; +} + bool user_in_group(struct passwd *pw, const char *group) { diff --git a/plugins/sudoers/pwutil.h b/plugins/sudoers/pwutil.h new file mode 100644 index 0000000..b68c3b9 --- /dev/null +++ b/plugins/sudoers/pwutil.h @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2010-2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _SUDOERS_PWUTIL_H +#define _SUDOERS_PWUTIL_H + +#define ptr_to_item(p) ((struct cache_item *)((char *)p - offsetof(struct cache_item_##p, p))) + +/* + * Generic cache element. + */ +struct cache_item { + unsigned int refcnt; + /* key */ + union { + uid_t uid; + gid_t gid; + char *name; + } k; + /* datum */ + union { + struct passwd *pw; + struct group *gr; + struct group_list *grlist; + } d; +}; + +/* + * Container structs to simpify size and offset calculations and guarantee + * proper aligment of struct passwd, group and group_list. + */ +struct cache_item_pw { + struct cache_item cache; + struct passwd pw; +}; + +struct cache_item_gr { + struct cache_item cache; + struct group gr; +}; + +struct cache_item_grlist { + struct cache_item cache; + struct group_list grlist; + /* actually bigger */ +}; + +struct cache_item *sudo_make_gritem(gid_t gid, const char *group); +struct cache_item *sudo_make_grlist_item(struct passwd *pw, char * const *groups, char * const *gids); +struct cache_item *sudo_make_pwitem(uid_t uid, const char *user); + +#endif /* _SUDOERS_PWUTIL_H */ diff --git a/plugins/sudoers/pwutil_impl.c b/plugins/sudoers/pwutil_impl.c new file mode 100644 index 0000000..0ea3e29 --- /dev/null +++ b/plugins/sudoers/pwutil_impl.c @@ -0,0 +1,343 @@ +/* + * Copyright (c) 1996, 1998-2005, 2007-2013 + * Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#include +#include +#include + +#include "sudoers.h" +#include "pwutil.h" + +#ifndef LOGIN_NAME_MAX +# ifdef _POSIX_LOGIN_NAME_MAX +# define LOGIN_NAME_MAX _POSIX_LOGIN_NAME_MAX +# else +# define LOGIN_NAME_MAX 9 +# endif +#endif /* LOGIN_NAME_MAX */ + +#define FIELD_SIZE(src, name, size) \ +do { \ + if (src->name) { \ + size = strlen(src->name) + 1; \ + total += size; \ + } \ +} while (0) + +#define FIELD_COPY(src, dst, name, size) \ +do { \ + if (src->name) { \ + memcpy(cp, src->name, size); \ + dst->name = cp; \ + cp += size; \ + } \ +} while (0) + +/* + * Dynamically allocate space for a struct item plus the key and data + * elements. If name is non-NULL it is used as the key, else the + * uid is the key. Fills in datum from struct password. + */ +struct cache_item * +sudo_make_pwitem(uid_t uid, const char *name) +{ + char *cp; + const char *pw_shell; + size_t nsize, psize, csize, gsize, dsize, ssize, total; + struct cache_item_pw *pwitem; + struct passwd *pw, *newpw; + debug_decl(sudo_make_pwitem, SUDO_DEBUG_NSS) + + /* Look up by name or uid. */ + pw = name ? getpwnam(name) : getpwuid(uid); + if (pw == NULL) + debug_return_ptr(NULL); + + /* If shell field is empty, expand to _PATH_BSHELL. */ + pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0') + ? _PATH_BSHELL : pw->pw_shell; + + /* Allocate in one big chunk for easy freeing. */ + nsize = psize = csize = gsize = dsize = ssize = 0; + total = sizeof(*pwitem); + FIELD_SIZE(pw, pw_name, nsize); + FIELD_SIZE(pw, pw_passwd, psize); +#ifdef HAVE_LOGIN_CAP_H + FIELD_SIZE(pw, pw_class, csize); +#endif + FIELD_SIZE(pw, pw_gecos, gsize); + FIELD_SIZE(pw, pw_dir, dsize); + /* Treat shell specially since we expand "" -> _PATH_BSHELL */ + ssize = strlen(pw_shell) + 1; + total += ssize; + if (name != NULL) + total += strlen(name) + 1; + + /* Allocate space for struct item, struct passwd and the strings. */ + pwitem = ecalloc(1, total); + newpw = &pwitem->pw; + + /* + * Copy in passwd contents and make strings relative to space + * at the end of the struct. + */ + memcpy(newpw, pw, sizeof(*pw)); + cp = (char *)(pwitem + 1); + FIELD_COPY(pw, newpw, pw_name, nsize); + FIELD_COPY(pw, newpw, pw_passwd, psize); +#ifdef HAVE_LOGIN_CAP_H + FIELD_COPY(pw, newpw, pw_class, csize); +#endif + FIELD_COPY(pw, newpw, pw_gecos, gsize); + FIELD_COPY(pw, newpw, pw_dir, dsize); + /* Treat shell specially since we expand "" -> _PATH_BSHELL */ + memcpy(cp, pw_shell, ssize); + newpw->pw_shell = cp; + cp += ssize; + + /* Set key and datum. */ + if (name != NULL) { + memcpy(cp, name, strlen(name) + 1); + pwitem->cache.k.name = cp; + } else { + pwitem->cache.k.uid = pw->pw_uid; + } + pwitem->cache.d.pw = newpw; + pwitem->cache.refcnt = 1; + + debug_return_ptr(&pwitem->cache); +} + +/* + * Dynamically allocate space for a struct item plus the key and data + * elements. If name is non-NULL it is used as the key, else the + * gid is the key. Fills in datum from struct group. + */ +struct cache_item * +sudo_make_gritem(gid_t gid, const char *name) +{ + char *cp; + size_t nsize, psize, nmem, total, len; + struct cache_item_gr *gritem; + struct group *gr, *newgr; + debug_decl(sudo_make_gritem, SUDO_DEBUG_NSS) + + /* Look up by name or gid. */ + gr = name ? getgrnam(name) : getgrgid(gid); + if (gr == NULL) + debug_return_ptr(NULL); + + /* Allocate in one big chunk for easy freeing. */ + nsize = psize = nmem = 0; + total = sizeof(*gritem); + FIELD_SIZE(gr, gr_name, nsize); + FIELD_SIZE(gr, gr_passwd, psize); + if (gr->gr_mem) { + for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) + total += strlen(gr->gr_mem[nmem]) + 1; + nmem++; + total += sizeof(char *) * nmem; + } + if (name != NULL) + total += strlen(name) + 1; + + gritem = ecalloc(1, total); + + /* + * Copy in group contents and make strings relative to space + * at the end of the buffer. Note that gr_mem must come + * immediately after struct group to guarantee proper alignment. + */ + newgr = &gritem->gr; + memcpy(newgr, gr, sizeof(*gr)); + cp = (char *)(gritem + 1); + if (gr->gr_mem) { + newgr->gr_mem = (char **)cp; + cp += sizeof(char *) * nmem; + for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) { + len = strlen(gr->gr_mem[nmem]) + 1; + memcpy(cp, gr->gr_mem[nmem], len); + newgr->gr_mem[nmem] = cp; + cp += len; + } + newgr->gr_mem[nmem] = NULL; + } + FIELD_COPY(gr, newgr, gr_passwd, psize); + FIELD_COPY(gr, newgr, gr_name, nsize); + + /* Set key and datum. */ + if (name != NULL) { + memcpy(cp, name, strlen(name) + 1); + gritem->cache.k.name = cp; + } else { + gritem->cache.k.gid = gr->gr_gid; + } + gritem->cache.d.gr = newgr; + gritem->cache.refcnt = 1; + + debug_return_ptr(&gritem->cache); +} + +/* + * Dynamically allocate space for a struct item plus the key and data + * elements. Fills in datum from user_gids or from getgrouplist(3). + */ +struct cache_item * +sudo_make_grlist_item(struct passwd *pw, char * const *unused1, + char * const *unused2) +{ + char *cp; + size_t i, nsize, ngroups, total, len; + struct cache_item_grlist *grlitem; + struct group_list *grlist; + GETGROUPS_T *gids; + struct group *grp; + int ngids, groupname_len; + debug_decl(sudo_make_grlist_item, SUDO_DEBUG_NSS) + + if (pw == sudo_user.pw && sudo_user.gids != NULL) { + gids = user_gids; + ngids = user_ngids; + user_gids = NULL; + user_ngids = 0; + } else { + if (sudo_user.max_groups != -1) { + ngids = sudo_user.max_groups; + gids = emalloc2(ngids, sizeof(GETGROUPS_T)); + (void)getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids); + } else { +#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) + ngids = (int)sysconf(_SC_NGROUPS_MAX) * 2; + if (ngids < 0) +#endif + ngids = NGROUPS_MAX * 2; + gids = emalloc2(ngids, sizeof(GETGROUPS_T)); + if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) { + efree(gids); + gids = emalloc2(ngids, sizeof(GETGROUPS_T)); + if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) + ngids = -1; + } + } + } + if (ngids <= 0) { + efree(gids); + debug_return_ptr(NULL); + } + +#ifdef HAVE_SETAUTHDB + aix_setauthdb((char *) pw->pw_name); +#endif + +#if defined(HAVE_SYSCONF) && defined(_SC_LOGIN_NAME_MAX) + groupname_len = MAX((int)sysconf(_SC_LOGIN_NAME_MAX), 32); +#else + groupname_len = MAX(LOGIN_NAME_MAX, 32); +#endif + + /* Allocate in one big chunk for easy freeing. */ + nsize = strlen(pw->pw_name) + 1; + total = sizeof(*grlitem) + nsize; + total += sizeof(char *) * ngids; + total += sizeof(gid_t *) * ngids; + total += groupname_len * ngids; + +again: + grlitem = ecalloc(1, total); + + /* + * Copy in group list and make pointers relative to space + * at the end of the buffer. Note that the groups array must come + * immediately after struct group to guarantee proper alignment. + */ + grlist = &grlitem->grlist; + cp = (char *)(grlitem + 1); + grlist->groups = (char **)cp; + cp += sizeof(char *) * ngids; + grlist->gids = (gid_t *)cp; + cp += sizeof(gid_t) * ngids; + + /* Set key and datum. */ + memcpy(cp, pw->pw_name, nsize); + grlitem->cache.k.name = cp; + grlitem->cache.d.grlist = grlist; + grlitem->cache.refcnt = 1; + cp += nsize; + + /* + * Store group IDs. + */ + for (i = 0; i < ngids; i++) + grlist->gids[i] = gids[i]; + grlist->ngids = ngids; + + /* + * Resolve and store group names by ID. + */ + ngroups = 0; + for (i = 0; i < ngids; i++) { + if ((grp = sudo_getgrgid(gids[i])) != NULL) { + len = strlen(grp->gr_name) + 1; + if (cp - (char *)grlitem + len > total) { + total += len + groupname_len; + efree(grlitem); + sudo_gr_delref(grp); + goto again; + } + memcpy(cp, grp->gr_name, len); + grlist->groups[ngroups++] = cp; + cp += len; + sudo_gr_delref(grp); + } + } + grlist->ngroups = ngroups; + efree(gids); + +#ifdef HAVE_SETAUTHDB + aix_restoreauthdb(); +#endif + + debug_return_ptr(&grlitem->cache); +} diff --git a/plugins/sudoers/redblack.c b/plugins/sudoers/redblack.c index f1b8321..cf02a41 100644 --- a/plugins/sudoers/redblack.c +++ b/plugins/sudoers/redblack.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005, 2007, 2009-2011 + * Copyright (c) 2004-2005, 2007, 2009-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -43,7 +43,6 @@ #include #include -#include #include #ifdef STDC_HEADERS diff --git a/plugins/sudoers/redblack.h b/plugins/sudoers/redblack.h index eab5e8f..86cc3c9 100644 --- a/plugins/sudoers/redblack.h +++ b/plugins/sudoers/redblack.h @@ -1,5 +1,6 @@ /* - * Copyright (c) 2004, 2007, 2010 Todd C. Miller + * Copyright (c) 2004, 2007, 2010, 2013 + * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,8 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_REDBLACK_H -#define _SUDO_REDBLACK_H +#ifndef _SUDOERS_REDBLACK_H +#define _SUDOERS_REDBLACK_H enum rbcolor { red, @@ -54,4 +55,4 @@ struct rbnode *rbinsert(struct rbtree *, void *); struct rbtree *rbcreate(int (*)(const void *, const void *)); void rbdestroy(struct rbtree *, void (*)(void *)); -#endif /* _SUDO_REDBLACK_H */ +#endif /* _SUDOERS_REDBLACK_H */ diff --git a/plugins/sudoers/regress/check_symbols/check_symbols.c b/plugins/sudoers/regress/check_symbols/check_symbols.c index 5e82189..bcb20c1 100644 --- a/plugins/sudoers/regress/check_symbols/check_symbols.c +++ b/plugins/sudoers/regress/check_symbols/check_symbols.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012 Todd C. Miller + * Copyright (c) 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -50,6 +50,8 @@ # define LINE_MAX 2048 #endif +__dso_public int main(int argc, char *argv[]); + static void usage(void) { @@ -78,11 +80,11 @@ main(int argc, char *argv[]) handle = dlopen(plugin_path, RTLD_LAZY|RTLD_GLOBAL); if (handle == NULL) - errorx2(1, "unable to dlopen %s: %s", plugin_path, dlerror()); + fatalx_nodebug("unable to dlopen %s: %s", plugin_path, dlerror()); fp = fopen(symbols_file, "r"); if (fp == NULL) - error2(1, "unable to open %s", symbols_file); + fatal_nodebug("unable to open %s", symbols_file); while (fgets(line, sizeof(line), fp) != NULL) { ntests++; @@ -90,7 +92,8 @@ main(int argc, char *argv[]) *cp = '\0'; sym = dlsym(handle, line); if (sym == NULL) { - warningx2("unable to resolve symbol %s: %s", line, dlerror()); + printf("%s: test %d: unable to resolve symbol %s: %s\n", + getprogname(), ntests, line, dlerror()); errors++; } } @@ -98,23 +101,18 @@ main(int argc, char *argv[]) /* * Make sure unexported symbols are not available. */ + ntests++; sym = dlsym(handle, "user_in_group"); if (sym != NULL) { - warningx2("able to resolve local symbol user_in_group"); + printf("%s: test %d: able to resolve local symbol user_in_group\n", + getprogname(), ntests); errors++; } - ntests++; dlclose(handle); - printf("check_symbols: %d tests run, %d errors, %d%% success rate\n", + printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); exit(errors); } - -void -cleanup(int gotsig) -{ - return; -} diff --git a/plugins/sudoers/regress/iolog_path/check_iolog_path.c b/plugins/sudoers/regress/iolog_path/check_iolog_path.c index 374b5fb..f3c0762 100644 --- a/plugins/sudoers/regress/iolog_path/check_iolog_path.c +++ b/plugins/sudoers/regress/iolog_path/check_iolog_path.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -35,9 +35,6 @@ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ -#ifdef HAVE_SETLOCALE -# include -#endif #include #include #include @@ -50,10 +47,11 @@ struct sudo_user sudo_user; struct passwd *list_pw; -sudo_conv_t sudo_conv; /* NULL in non-plugin */ static char sessid[7]; +__dso_public int main(int argc, char *argv[]); + static void usage(void) { @@ -117,7 +115,7 @@ main(int argc, char *argv[]) fp = fopen(argv[1], "r"); if (fp == NULL) - errorx(1, "unable to open %s", argv[1]); + fatalx("unable to open %s", argv[1]); memset(&pw, 0, sizeof(pw)); memset(&rpw, 0, sizeof(rpw)); @@ -186,7 +184,7 @@ main(int argc, char *argv[]) tests++; break; default: - errorx(1, "internal error, invalid state %d", state); + fatalx("internal error, invalid state %d", state); } state = (state + 1) % MAX_STATE; } @@ -204,9 +202,3 @@ void io_nextid(char *iolog_dir, char *fallback, char id[7]) { memcpy(id, sessid, sizeof(sessid)); } - -void -cleanup(int gotsig) -{ - return; -} diff --git a/plugins/sudoers/regress/logging/check_wrap.c b/plugins/sudoers/regress/logging/check_wrap.c index 2b9b8a2..0791fa3 100644 --- a/plugins/sudoers/regress/logging/check_wrap.c +++ b/plugins/sudoers/regress/logging/check_wrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -42,10 +42,10 @@ #include "error.h" #include "sudo_plugin.h" -sudo_conv_t sudo_conv; /* NULL in non-plugin */ - extern void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen); +__dso_public int main(int argc, char *argv[]); + static void usage(void) { @@ -70,7 +70,7 @@ main(int argc, char *argv[]) fp = fopen(argv[1], "r"); if (fp == NULL) - errorx(1, "unable to open %s", argv[1]); + fatalx("unable to open %s", argv[1]); /* * Each test record consists of a log entry on one line and a list of @@ -104,9 +104,3 @@ main(int argc, char *argv[]) exit(0); } - -void -cleanup(int gotsig) -{ - return; -} diff --git a/plugins/sudoers/regress/parser/check_addr.c b/plugins/sudoers/regress/parser/check_addr.c index a73de59..46a5920 100644 --- a/plugins/sudoers/regress/parser/check_addr.c +++ b/plugins/sudoers/regress/parser/check_addr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -41,7 +41,6 @@ #include #include -#include #define SUDO_ERROR_WRAP 0 @@ -49,13 +48,7 @@ #include "parse.h" #include "interfaces.h" -static int check_addr_printf(int msg_type, const char *fmt, ...); - -/* for match_addr.c */ -struct interface *interfaces; -sudo_printf_t sudo_printf = check_addr_printf; - -sudo_conv_t sudo_conv; /* NULL in non-plugin */ +__dso_public int main(int argc, char *argv[]); static int check_addr(char *input) @@ -107,7 +100,7 @@ main(int argc, char *argv[]) fp = fopen(argv[1], "r"); if (fp == NULL) - errorx(1, "unable to open %s", argv[1]); + fatalx("unable to open %s", argv[1]); /* * Input is in the following format. There are two types of @@ -152,35 +145,3 @@ main(int argc, char *argv[]) exit(errors); } - -/* STUB */ -void -cleanup(int gotsig) -{ - return; -} - -static int -check_addr_printf(int msg_type, const char *fmt, ...) -{ - va_list ap; - FILE *fp; - - switch (msg_type) { - case SUDO_CONV_INFO_MSG: - fp = stdout; - break; - case SUDO_CONV_ERROR_MSG: - fp = stderr; - break; - default: - errno = EINVAL; - return -1; - } - - va_start(ap, fmt); - vfprintf(fp, fmt, ap); - va_end(ap); - - return 0; -} diff --git a/plugins/sudoers/regress/parser/check_base64.c b/plugins/sudoers/regress/parser/check_base64.c new file mode 100644 index 0000000..ccbfd0c --- /dev/null +++ b/plugins/sudoers/regress/parser/check_base64.c @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#define SUDO_ERROR_WRAP 0 + +#include "missing.h" + +extern size_t base64_decode(const char *str, unsigned char *dst, size_t dsize); + +__dso_public int main(int argc, char *argv[]); + +struct base64_test { + const char *ascii; + const char *encoded; +} test_strings[] = { + { + "any carnal pleasure.", + "YW55IGNhcm5hbCBwbGVhc3VyZS4=" + }, + { + "any carnal pleasure", + "YW55IGNhcm5hbCBwbGVhc3VyZQ==" + }, + { + "any carnal pleasur", + "YW55IGNhcm5hbCBwbGVhc3Vy" + }, + { + "any carnal pleasu", + "YW55IGNhcm5hbCBwbGVhc3U=" + }, + { + "any carnal pleas", + "YW55IGNhcm5hbCBwbGVhcw==" + } +}; + +int +main(int argc, char *argv[]) +{ + const int ntests = (sizeof(test_strings) / sizeof(test_strings[0])); + int i, errors = 0; + char buf[32]; + size_t len; + + for (i = 0; i < ntests; i++) { + len = base64_decode(test_strings[i].encoded, buf, sizeof(buf)); + buf[len] = '\0'; + if (strcmp(test_strings[i].ascii, buf) != 0) { + fprintf(stderr, "check_base64: expected %s, got %s", + test_strings[i].ascii, buf); + errors++; + } + } + printf("check_base64: %d tests run, %d errors, %d%% success rate\n", + ntests, errors, (ntests - errors) * 100 / ntests); + exit(errors); +} diff --git a/plugins/sudoers/regress/parser/check_digest.c b/plugins/sudoers/regress/parser/check_digest.c new file mode 100644 index 0000000..42020e8 --- /dev/null +++ b/plugins/sudoers/regress/parser/check_digest.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "missing.h" +#include "sha2.h" + +__dso_public int main(int argc, char *argv[]); + +static struct digest_function { + const char *digest_name; + const int digest_len; + void (*init)(SHA2_CTX *); + void (*update)(SHA2_CTX *, const unsigned char *, size_t); + void (*final)(unsigned char *, SHA2_CTX *); +} digest_functions[] = { + { + "SHA224", + SHA224_DIGEST_LENGTH, + SHA224Init, + SHA224Update, + SHA224Final + }, { + "SHA256", + SHA256_DIGEST_LENGTH, + SHA256Init, + SHA256Update, + SHA256Final + }, { + "SHA384", + SHA384_DIGEST_LENGTH, + SHA384Init, + SHA384Update, + SHA384Final + }, { + "SHA512", + SHA512_DIGEST_LENGTH, + SHA512Init, + SHA512Update, + SHA512Final + }, { + NULL + } +}; + +int +main(int argc, char *argv[]) +{ + SHA2_CTX ctx; + int i, j; + struct digest_function *func; + unsigned char digest[SHA512_DIGEST_LENGTH]; + static const char hex[] = "0123456789abcdef"; + unsigned char buf[1000]; + unsigned const char *test_strings[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", + "12345678901234567890123456789012345678901234567890123456789" + "012345678901234567890", + }; + + for (func = digest_functions; func->digest_name != NULL; func++) { + for (i = 0; i < 8; i++) { + func->init(&ctx); + func->update(&ctx, test_strings[i], strlen(test_strings[i])); + func->final(digest, &ctx); + printf("%s (\"%s\") = ", func->digest_name, test_strings[i]); + for (j = 0; j < func->digest_len; j++) { + putchar(hex[digest[j] >> 4]); + putchar(hex[digest[j] & 0x0f]); + } + putchar('\n'); + } + + /* Simulate a string of a million 'a' characters. */ + memset(buf, 'a', sizeof(buf)); + func->init(&ctx); + for (i = 0; i < 1000; i++) { + func->update(&ctx, buf, sizeof(buf)); + } + func->final(digest, &ctx); + printf("%s (one million 'a' characters) = ", func->digest_name); + for (j = 0; j < func->digest_len; j++) { + putchar(hex[digest[j] >> 4]); + putchar(hex[digest[j] & 0x0f]); + } + putchar('\n'); + } + exit(0); +} diff --git a/plugins/sudoers/regress/parser/check_digest.out.ok b/plugins/sudoers/regress/parser/check_digest.out.ok new file mode 100644 index 0000000..bfb5735 --- /dev/null +++ b/plugins/sudoers/regress/parser/check_digest.out.ok @@ -0,0 +1,36 @@ +SHA224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f +SHA224 ("a") = abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5 +SHA224 ("abc") = 23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7 +SHA224 ("message digest") = 2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb +SHA224 ("abcdefghijklmnopqrstuvwxyz") = 45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2 +SHA224 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525 +SHA224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9 +SHA224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e +SHA224 (one million 'a' characters) = 20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67 +SHA256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 +SHA256 ("a") = ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb +SHA256 ("abc") = ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad +SHA256 ("message digest") = f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650 +SHA256 ("abcdefghijklmnopqrstuvwxyz") = 71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73 +SHA256 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1 +SHA256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0 +SHA256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e +SHA256 (one million 'a' characters) = cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0 +SHA384 ("") = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b +SHA384 ("a") = 54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31 +SHA384 ("abc") = cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7 +SHA384 ("message digest") = 473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5 +SHA384 ("abcdefghijklmnopqrstuvwxyz") = feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4 +SHA384 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 3391fdddfc8dc7393707a65b1b4709397cf8b1d162af05abfe8f450de5f36bc6b0455a8520bc4e6f5fe95b1fe3c8452b +SHA384 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84 +SHA384 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026 +SHA384 (one million 'a' characters) = 9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985 +SHA512 ("") = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e +SHA512 ("a") = 1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75 +SHA512 ("abc") = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f +SHA512 ("message digest") = 107dbf389d9e9f71a3a95f6c055b9251bc5268c2be16d6c13492ea45b0199f3309e16455ab1e96118e8a905d5597b72038ddb372a89826046de66687bb420e7c +SHA512 ("abcdefghijklmnopqrstuvwxyz") = 4dbff86cc2ca1bae1e16468a05cb9881c97f1753bce3619034898faa1aabe429955a1bf8ec483d7421fe3c1646613a59ed5441fb0f321389f77f48a879c7b1f1 +SHA512 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 204a8fc6dda82f0a0ced7beb8e08a41657c16ef468b228a8279be331a703c33596fd15c13b1b07f9aa1d3bea57789ca031ad85c7a71dd70354ec631238ca3445 +SHA512 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 1e07be23c26a86ea37ea810c8ec7809352515a970e9253c26f536cfc7a9996c45c8370583e0a78fa4a90041d71a4ceab7423f19c71b9d5a3e01249f0bebd5894 +SHA512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = 72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843 +SHA512 (one million 'a' characters) = e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b diff --git a/plugins/sudoers/regress/parser/check_fill.c b/plugins/sudoers/regress/parser/check_fill.c index e0f3921..5fc96d7 100644 --- a/plugins/sudoers/regress/parser/check_fill.c +++ b/plugins/sudoers/regress/parser/check_fill.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -42,19 +42,20 @@ #define SUDO_ERROR_WRAP 0 +#include "missing.h" #include "list.h" #include "parse.h" #include "toke.h" #include "sudo_plugin.h" #include +__dso_public int main(int argc, char *argv[]); + /* * TODO: test realloc */ -sudo_conv_t sudo_conv; /* NULL in non-plugin */ - -YYSTYPE yylval; +YYSTYPE sudoerslval; struct fill_test { const char *input; @@ -106,8 +107,8 @@ check_fill(const char *input, int len, int addspace, const char *expect, char ** { if (!fill(input, len)) return -1; - *resultp = yylval.string; - return !strcmp(yylval.string, expect); + *resultp = sudoerslval.string; + return !strcmp(sudoerslval.string, expect); } static int @@ -115,8 +116,8 @@ check_fill_cmnd(const char *input, int len, int addspace, const char *expect, ch { if (!fill_cmnd(input, len)) return -1; - *resultp = yylval.command.cmnd; - return !strcmp(yylval.command.cmnd, expect); + *resultp = sudoerslval.command.cmnd; + return !strcmp(sudoerslval.command.cmnd, expect); } static int @@ -124,8 +125,8 @@ check_fill_args(const char *input, int len, int addspace, const char *expect, ch { if (!fill_args(input, len, addspace)) return -1; - *resultp = yylval.command.args; - return !strcmp(yylval.command.args, expect); + *resultp = sudoerslval.command.args; + return !strcmp(sudoerslval.command.args, expect); } static int @@ -184,14 +185,7 @@ main(int argc, char *argv[]) /* STUB */ void -cleanup(int gotsig) -{ - return; -} - -/* STUB */ -void -yyerror(const char *s) +sudoerserror(const char *s) { return; } diff --git a/plugins/sudoers/regress/sudoers/test10.in b/plugins/sudoers/regress/sudoers/test10.in new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test10.in @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test10.out.ok b/plugins/sudoers/regress/sudoers/test10.out.ok new file mode 100644 index 0000000..ea87d79 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test10.out.ok @@ -0,0 +1,4 @@ +Parses OK. + + + diff --git a/plugins/sudoers/regress/sudoers/test10.toke.ok b/plugins/sudoers/regress/sudoers/test10.toke.ok new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test10.toke.ok @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test11.in b/plugins/sudoers/regress/sudoers/test11.in new file mode 100644 index 0000000..5ffba7b --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test11.in @@ -0,0 +1 @@ +bogus diff --git a/plugins/sudoers/regress/sudoers/test11.out.ok b/plugins/sudoers/regress/sudoers/test11.out.ok new file mode 100644 index 0000000..c2b9d28 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test11.out.ok @@ -0,0 +1,4 @@ +Parse error in sudoers near line 1. + + + diff --git a/plugins/sudoers/regress/sudoers/test11.toke.ok b/plugins/sudoers/regress/sudoers/test11.toke.ok new file mode 100644 index 0000000..d57d6c3 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test11.toke.ok @@ -0,0 +1,2 @@ +WORD(5) +<*> \ No newline at end of file diff --git a/plugins/sudoers/regress/sudoers/test12.in b/plugins/sudoers/regress/sudoers/test12.in new file mode 100644 index 0000000..23bda4a --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test12.in @@ -0,0 +1 @@ +user ALL = (ALL) diff --git a/plugins/sudoers/regress/sudoers/test12.out.ok b/plugins/sudoers/regress/sudoers/test12.out.ok new file mode 100644 index 0000000..c2b9d28 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test12.out.ok @@ -0,0 +1,4 @@ +Parse error in sudoers near line 1. + + + diff --git a/plugins/sudoers/regress/sudoers/test12.toke.ok b/plugins/sudoers/regress/sudoers/test12.toke.ok new file mode 100644 index 0000000..a1995f0 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test12.toke.ok @@ -0,0 +1,2 @@ +WORD(5) ALL = ( ALL ) +<*> \ No newline at end of file diff --git a/plugins/sudoers/regress/sudoers/test13.in b/plugins/sudoers/regress/sudoers/test13.in new file mode 100644 index 0000000..b8002bc --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test13.in @@ -0,0 +1 @@ +user ALL = (ALL) \ No newline at end of file diff --git a/plugins/sudoers/regress/sudoers/test13.out.ok b/plugins/sudoers/regress/sudoers/test13.out.ok new file mode 100644 index 0000000..c2b9d28 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test13.out.ok @@ -0,0 +1,4 @@ +Parse error in sudoers near line 1. + + + diff --git a/plugins/sudoers/regress/sudoers/test13.toke.ok b/plugins/sudoers/regress/sudoers/test13.toke.ok new file mode 100644 index 0000000..e189ffd --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test13.toke.ok @@ -0,0 +1 @@ +WORD(5) ALL = ( ALL ) <*> \ No newline at end of file diff --git a/plugins/sudoers/regress/sudoers/test14.in b/plugins/sudoers/regress/sudoers/test14.in new file mode 100644 index 0000000..05fafda --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test14.in @@ -0,0 +1,4 @@ +Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls +Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM= /bin/sh + +millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill diff --git a/plugins/sudoers/regress/sudoers/test14.out.ok b/plugins/sudoers/regress/sudoers/test14.out.ok new file mode 100644 index 0000000..54cfdcf --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test14.out.ok @@ -0,0 +1,7 @@ +Parses OK. + + +Cmnd_Alias LS = /bin/ls +Cmnd_Alias SH = /bin/sh + +millert ALL = LS, SH, /bin/kill diff --git a/plugins/sudoers/regress/sudoers/test14.toke.ok b/plugins/sudoers/regress/sudoers/test14.toke.ok new file mode 100644 index 0000000..016c031 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test14.toke.ok @@ -0,0 +1,4 @@ +CMNDALIAS ALIAS = SHA224 : DIGEST COMMAND +CMNDALIAS ALIAS = SHA256 : DIGEST COMMAND + +WORD(5) ALL = ALIAS , ALIAS , SHA512 : DIGEST COMMAND diff --git a/plugins/sudoers/regress/sudoers/test9.in b/plugins/sudoers/regress/sudoers/test9.in new file mode 100644 index 0000000..e69de29 diff --git a/plugins/sudoers/regress/sudoers/test9.out.ok b/plugins/sudoers/regress/sudoers/test9.out.ok new file mode 100644 index 0000000..ea87d79 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test9.out.ok @@ -0,0 +1,4 @@ +Parses OK. + + + diff --git a/plugins/sudoers/regress/sudoers/test9.toke.ok b/plugins/sudoers/regress/sudoers/test9.toke.ok new file mode 100644 index 0000000..e69de29 diff --git a/plugins/sudoers/regress/testsudoers/test1.sh b/plugins/sudoers/regress/testsudoers/test1.sh index 31f5ba0..48f1faa 100755 --- a/plugins/sudoers/regress/testsudoers/test1.sh +++ b/plugins/sudoers/regress/testsudoers/test1.sh @@ -9,3 +9,5 @@ exec 2>&1 ./testsudoers -g bin root id <&1 +./testsudoers -U $MYUID -G $MYGID root id <&1 +./testsudoers -U $MYUID -G $MYGID root id <&1 +./testsudoers -U 1 root id <$TESTFILE <&1 + +# Test world writable +chmod 666 $TESTFILE +./testsudoers -U $MYUID -G $MYGID root id < + * Copyright (c) 1994-1996,1998-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -112,6 +111,7 @@ set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; + const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) @@ -119,7 +119,7 @@ set_perms(int perm) CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { - strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); + errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } @@ -127,7 +127,7 @@ set_perms(int perm) state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { - strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); + errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } @@ -139,12 +139,12 @@ set_perms(int perm) /* Stash initial state */ #ifdef HAVE_GETRESUID if (getresuid(&state->ruid, &state->euid, &state->suid)) { - strlcpy(errbuf, "PERM_INITIAL: getresuid", sizeof(errbuf)); + errstr = "PERM_INITIAL: getresuid"; goto bad; } if (getresgid(&state->rgid, &state->egid, &state->sgid)) { - strlcpy(errbuf, "PERM_INITIAL: getresgid", sizeof(errbuf)); + errstr = "PERM_INITIAL: getresgid"; goto bad; } #else @@ -179,8 +179,16 @@ set_perms(int perm) goto bad; } state->rgid = ostate->rgid; - state->egid = ostate->egid; + state->egid = ROOT_GID; state->sgid = ostate->sgid; + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " + "[%d, %d, %d] -> [%d, %d, %d]", __func__, + (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, + (int)state->rgid, (int)state->egid, (int)state->sgid); + if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { + errstr = N_("unable to change to root gid"); + goto bad; + } state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); break; @@ -202,7 +210,7 @@ set_perms(int perm) sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { - strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); + errstr = "PERM_USER: setgroups"; goto bad; } } @@ -239,7 +247,7 @@ set_perms(int perm) sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { - strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); + errstr = "PERM_FULL_USER: setgroups"; goto bad; } } @@ -267,7 +275,7 @@ set_perms(int perm) (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { - strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); + errstr = N_("unable to change to runas gid"); goto bad; } state->grlist = runas_setgroups(); @@ -279,7 +287,7 @@ set_perms(int perm) (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { - strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); + errstr = N_("unable to change to runas uid"); goto bad; } break; @@ -297,7 +305,7 @@ set_perms(int perm) (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { - strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); + errstr = N_("unable to change to sudoers gid"); goto bad; } @@ -349,7 +357,7 @@ set_perms(int perm) perm_stack_depth++; debug_return_bool(1); bad: - warningx("%s: %s", errbuf, + warningx("%s: %s", _(errstr), errno == EAGAIN ? _("too many processes") : strerror(errno)); if (noexit) debug_return_bool(0); @@ -426,6 +434,7 @@ set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; + const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) @@ -433,7 +442,7 @@ set_perms(int perm) CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { - strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); + errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } @@ -441,7 +450,7 @@ set_perms(int perm) state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { - strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); + errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } @@ -481,8 +490,16 @@ set_perms(int perm) goto bad; } state->rgid = ostate->rgid; - state->egid = ostate->egid; + state->egid = ROOT_GID; state->sgid = ostate->sgid; + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " + "[%d, %d, %d] -> [%d, %d, %d]", __func__, + (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, + (int)state->rgid, (int)state->egid, (int)state->sgid); + if (GID_CHANGED && setgidx(ID_EFFECTIVE, ROOT_GID)) { + errstr = N_("unable to change to root gid"); + goto bad; + } state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); break; @@ -504,7 +521,7 @@ set_perms(int perm) sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { - strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); + errstr = "PERM_USER: setgroups"; goto bad; } } @@ -549,7 +566,7 @@ set_perms(int perm) sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { - strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); + errstr = "PERM_FULL_USER: setgroups"; goto bad; } } @@ -577,7 +594,7 @@ set_perms(int perm) (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setgidx(ID_EFFECTIVE, state->egid)) { - strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); + errstr = N_("unable to change to runas gid"); goto bad; } state->grlist = runas_setgroups(); @@ -589,7 +606,7 @@ set_perms(int perm) (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, (int)state->ruid, (int)state->euid, (int)state->suid); if (UID_CHANGED && setuidx(ID_EFFECTIVE, state->euid)) { - strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); + errstr = N_("unable to change to runas uid"); goto bad; } break; @@ -607,7 +624,7 @@ set_perms(int perm) (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, (int)state->rgid, (int)state->egid, (int)state->sgid); if (GID_CHANGED && setgidx(ID_EFFECTIVE, sudoers_gid)) { - strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); + errstr = N_("unable to change to sudoers gid"); goto bad; } @@ -677,7 +694,7 @@ set_perms(int perm) perm_stack_depth++; debug_return_bool(1); bad: - warningx("%s: %s", errbuf, + warningx("%s: %s", _(errstr), errno == EAGAIN ? _("too many processes") : strerror(errno)); if (noexit) debug_return_bool(0); @@ -818,6 +835,7 @@ set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; + const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) @@ -825,7 +843,7 @@ set_perms(int perm) CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { - strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); + errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } @@ -833,7 +851,7 @@ set_perms(int perm) state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { - strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); + errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } @@ -879,7 +897,15 @@ set_perms(int perm) } } state->rgid = ostate->rgid; - state->egid = ostate->rgid; + state->egid = ROOT_GID; + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " + "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, + (int)ostate->egid, (int)state->rgid, (int)state->egid); + if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { + snprintf(errbuf, sizeof(errbuf), + "PERM_ROOT: setregid(%d, %d)", ID(rgid), ID(egid)); + goto bad; + } state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); break; @@ -899,7 +925,7 @@ set_perms(int perm) sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { - strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); + errstr = "PERM_USER: setgroups"; goto bad; } } @@ -931,7 +957,7 @@ set_perms(int perm) sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { - strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); + errstr = "PERM_FULL_USER: setgroups"; goto bad; } } @@ -954,7 +980,7 @@ set_perms(int perm) "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { - strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); + errstr = N_("unable to change to runas gid"); goto bad; } state->grlist = runas_setgroups(); @@ -964,7 +990,7 @@ set_perms(int perm) "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { - strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); + errstr = N_("unable to change to runas uid"); goto bad; } break; @@ -980,7 +1006,7 @@ set_perms(int perm) "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { - strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); + errstr = N_("unable to change to sudoers gid"); goto bad; } @@ -1025,7 +1051,7 @@ set_perms(int perm) perm_stack_depth++; debug_return_bool(1); bad: - warningx("%s: %s", errbuf, + warningx("%s: %s", _(errstr), errno == EAGAIN ? _("too many processes") : strerror(errno)); if (noexit) debug_return_bool(0); @@ -1059,7 +1085,7 @@ restore_perms(void) if (OID(euid) == ROOT_UID) { /* setuid() may not set the saved ID unless the euid is ROOT_UID */ if (ID(euid) != ROOT_UID) - (void)setreuid(-1, ROOT_UID); + ignore_result(setreuid(-1, ROOT_UID)); if (setuid(ROOT_UID)) { warning("setuid() [%d, %d] -> %d)", (int)state->ruid, (int)state->euid, ROOT_UID); @@ -1104,6 +1130,7 @@ set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; + const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) @@ -1111,7 +1138,7 @@ set_perms(int perm) CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { - strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); + errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } @@ -1119,7 +1146,7 @@ set_perms(int perm) state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { - strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); + errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } @@ -1165,7 +1192,14 @@ set_perms(int perm) state->ruid = ROOT_UID; state->euid = ROOT_UID; state->rgid = ostate->rgid; - state->egid = ostate->egid; + state->egid = ROOT_GID; + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " + "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, + (int)ostate->egid, ROOT_GID, ROOT_GID); + if (GID_CHANGED && setegid(ROOT_GID)) { + errstr = N_("unable to change to root gid"); + goto bad; + } state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); break; @@ -1185,7 +1219,7 @@ set_perms(int perm) sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { - strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); + errstr = "PERM_USER: setgroups"; goto bad; } } @@ -1217,7 +1251,7 @@ set_perms(int perm) sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { - strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); + errstr = "PERM_FULL_USER: setgroups"; goto bad; } } @@ -1240,7 +1274,7 @@ set_perms(int perm) "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setegid(state->egid)) { - strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); + errstr = N_("unable to change to runas gid"); goto bad; } state->grlist = runas_setgroups(); @@ -1250,7 +1284,7 @@ set_perms(int perm) "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, (int)ostate->euid, (int)state->ruid, (int)state->euid); if (seteuid(state->euid)) { - strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); + errstr = N_("unable to change to runas uid"); goto bad; } break; @@ -1266,7 +1300,7 @@ set_perms(int perm) "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, (int)ostate->egid, (int)state->rgid, (int)state->egid); if (GID_CHANGED && setegid(sudoers_gid)) { - strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); + errstr = N_("unable to change to sudoers gid"); goto bad; } @@ -1311,7 +1345,7 @@ set_perms(int perm) perm_stack_depth++; debug_return_bool(1); bad: - warningx("%s: %s", errbuf, + warningx("%s: %s", _(errstr), errno == EAGAIN ? _("too many processes") : strerror(errno)); if (noexit) debug_return_bool(0); @@ -1386,6 +1420,7 @@ set_perms(int perm) { struct perm_state *state, *ostate = NULL; char errbuf[1024]; + const char *errstr = errbuf; int noexit; debug_decl(set_perms, SUDO_DEBUG_PERMS) @@ -1393,7 +1428,7 @@ set_perms(int perm) CLR(perm, PERM_MASK); if (perm_stack_depth == PERM_STACK_MAX) { - strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); + errstr = N_("perm stack overflow"); errno = EINVAL; goto bad; } @@ -1401,7 +1436,7 @@ set_perms(int perm) state = &perm_stack[perm_stack_depth]; if (perm != PERM_INITIAL) { if (perm_stack_depth == 0) { - strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); + errstr = N_("perm stack underflow"); errno = EINVAL; goto bad; } @@ -1421,7 +1456,7 @@ set_perms(int perm) case PERM_ROOT: state->ruid = ROOT_UID; - state->rgid = ostate->rgid; + state->rgid = ROOT_GID; state->grlist = ostate->grlist; sudo_grlist_addref(state->grlist); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " @@ -1430,23 +1465,29 @@ set_perms(int perm) snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID); goto bad; } + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " + "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); + if (setgid(ROOT_GID)) { + errstr = N_("unable to change to root gid"); + goto bad; + } break; case PERM_FULL_USER: state->rgid = user_gid; - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: " "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); (void) setgid(user_gid); state->grlist = user_group_list; sudo_grlist_addref(state->grlist); if (state->grlist != ostate->grlist) { if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { - strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); + errstr = "PERM_FULL_USER: setgroups"; goto bad; } } state->ruid = user_uid; - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: " "[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid); if (setuid(user_uid)) { snprintf(errbuf, sizeof(errbuf), @@ -1470,7 +1511,7 @@ set_perms(int perm) perm_stack_depth++; debug_return_bool(1); bad: - warningx("%s: %s", errbuf, + warningx("%s: %s", _(errstr), errno == EAGAIN ? _("too many processes") : strerror(errno)); if (noexit) debug_return_bool(0); @@ -1539,7 +1580,7 @@ runas_setgroups(void) aix_restoreauthdb(); #endif if (sudo_setgroups(grlist->ngids, grlist->gids) < 0) - log_fatal(USE_ERRNO|MSG_ONLY, _("unable to set runas group vector")); + log_fatal(USE_ERRNO|MSG_ONLY, N_("unable to set runas group vector")); debug_return_ptr(grlist); } #endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ diff --git a/plugins/sudoers/sha2.c b/plugins/sudoers/sha2.c new file mode 100644 index 0000000..74ede40 --- /dev/null +++ b/plugins/sudoers/sha2.c @@ -0,0 +1,527 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512 + * as per FIPS 180-4: Secure Hash Standard (SHS) + * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf + * + * Derived from the public domain SHA-1 and SHA-2 implementations + * by Steve Reid and Wei Dai respectively. + */ + +#include + +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#if defined(HAVE_ENDIAN_H) +# include +#elif defined(HAVE_SYS_ENDIAN_H) +# include +#elif defined(HAVE_MACHINE_ENDIAN_H) +# include +#else +# include "compat/endian.h" +#endif + +#include "sha2.h" + +/* + * SHA-2 operates on 32-bit and 64-bit words in big endian byte order. + * The following macros convert between character arrays and big endian words. + */ +#define BE8TO32(x, y) do { \ + (x) = (((uint32_t)((y)[0] & 255) << 24) | \ + ((uint32_t)((y)[1] & 255) << 16) | \ + ((uint32_t)((y)[2] & 255) << 8) | \ + ((uint32_t)((y)[3] & 255))); \ +} while (0) + +#define BE8TO64(x, y) do { \ + (x) = (((uint64_t)((y)[0] & 255) << 56) | \ + ((uint64_t)((y)[1] & 255) << 48) | \ + ((uint64_t)((y)[2] & 255) << 40) | \ + ((uint64_t)((y)[3] & 255) << 32) | \ + ((uint64_t)((y)[4] & 255) << 24) | \ + ((uint64_t)((y)[5] & 255) << 16) | \ + ((uint64_t)((y)[6] & 255) << 8) | \ + ((uint64_t)((y)[7] & 255))); \ +} while (0) + +#define BE32TO8(x, y) do { \ + (x)[0] = (uint8_t)(((y) >> 24) & 255); \ + (x)[1] = (uint8_t)(((y) >> 16) & 255); \ + (x)[2] = (uint8_t)(((y) >> 8) & 255); \ + (x)[3] = (uint8_t)((y) & 255); \ +} while (0) + +#define BE64TO8(x, y) do { \ + (x)[0] = (uint8_t)(((y) >> 56) & 255); \ + (x)[1] = (uint8_t)(((y) >> 48) & 255); \ + (x)[2] = (uint8_t)(((y) >> 40) & 255); \ + (x)[3] = (uint8_t)(((y) >> 32) & 255); \ + (x)[4] = (uint8_t)(((y) >> 24) & 255); \ + (x)[5] = (uint8_t)(((y) >> 16) & 255); \ + (x)[6] = (uint8_t)(((y) >> 8) & 255); \ + (x)[7] = (uint8_t)((y) & 255); \ +} while (0) + +#define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x) + +#define blk0(i) (W[i]) +#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15])) + +#define Ch(x,y,z) (z^(x&(y^z))) +#define Maj(x,y,z) (y^((x^y)&(y^z))) + +#define a(i) T[(0-i)&7] +#define b(i) T[(1-i)&7] +#define c(i) T[(2-i)&7] +#define d(i) T[(3-i)&7] +#define e(i) T[(4-i)&7] +#define f(i) T[(5-i)&7] +#define g(i) T[(6-i)&7] +#define h(i) T[(7-i)&7] + +extern void zero_bytes(volatile void *, size_t); + +void +SHA224Init(SHA2_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); + ctx->state.st32[0] = 0xc1059ed8UL; + ctx->state.st32[1] = 0x367cd507UL; + ctx->state.st32[2] = 0x3070dd17UL; + ctx->state.st32[3] = 0xf70e5939UL; + ctx->state.st32[4] = 0xffc00b31UL; + ctx->state.st32[5] = 0x68581511UL; + ctx->state.st32[6] = 0x64f98fa7UL; + ctx->state.st32[7] = 0xbefa4fa4UL; +} + +void +SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]) +{ + SHA256Transform(state, buffer); +} + +void +SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) +{ + SHA256Update(ctx, data, len); +} + +void +SHA224Pad(SHA2_CTX *ctx) +{ + SHA256Pad(ctx); +} + +void +SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx) +{ + SHA256Pad(ctx); + if (digest != NULL) { +#if BYTE_ORDER == BIG_ENDIAN + memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH); +#else + unsigned int i; + + for (i = 0; i < 7; i++) + BE32TO8(digest + (i * 4), ctx->state.st32[i]); +#endif + memset(ctx, 0, sizeof(*ctx)); + } +} + +static const uint32_t SHA256_K[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + +void +SHA256Init(SHA2_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); + ctx->state.st32[0] = 0x6a09e667UL; + ctx->state.st32[1] = 0xbb67ae85UL; + ctx->state.st32[2] = 0x3c6ef372UL; + ctx->state.st32[3] = 0xa54ff53aUL; + ctx->state.st32[4] = 0x510e527fUL; + ctx->state.st32[5] = 0x9b05688cUL; + ctx->state.st32[6] = 0x1f83d9abUL; + ctx->state.st32[7] = 0x5be0cd19UL; +} + +/* Round macros for SHA256 */ +#define R(i) do { \ + h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \ + d(i)+=h(i); \ + h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ +} while (0) + +#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) +#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) +#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) +#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) + +void +SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH]) +{ + uint32_t W[16]; + uint32_t T[8]; + unsigned int j; + + /* Copy context state to working vars. */ + memcpy(T, state, sizeof(T)); + /* Copy data to W in big endian format. */ +#if BYTE_ORDER == BIG_ENDIAN + memcpy(W, data, sizeof(W)); +#else + for (j = 0; j < 16; j++) { + BE8TO32(W[j], data); + data += 4; + } +#endif + /* 64 operations, partially loop unrolled. */ + for (j = 0; j < 64; j += 16) + { + R( 0); R( 1); R( 2); R( 3); + R( 4); R( 5); R( 6); R( 7); + R( 8); R( 9); R(10); R(11); + R(12); R(13); R(14); R(15); + } + /* Add the working vars back into context state. */ + state[0] += a(0); + state[1] += b(0); + state[2] += c(0); + state[3] += d(0); + state[4] += e(0); + state[5] += f(0); + state[6] += g(0); + state[7] += h(0); + /* Cleanup */ + zero_bytes(T, sizeof(T)); + zero_bytes(W, sizeof(W)); +} + +#undef S0 +#undef S1 +#undef s0 +#undef s1 +#undef R + +void +SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) +{ + size_t i = 0, j; + + j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1)); + ctx->count[0] += (len << 3); + if ((j + len) > SHA256_BLOCK_LENGTH - 1) { + memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j)); + SHA256Transform(ctx->state.st32, ctx->buffer); + for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH) + SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]); + j = 0; + } + memcpy(&ctx->buffer[j], &data[i], len - i); +} + +void +SHA256Pad(SHA2_CTX *ctx) +{ + uint8_t finalcount[8]; + + /* Store unpadded message length in bits in big endian format. */ + BE64TO8(finalcount, ctx->count[0]); + + /* Append a '1' bit (0x80) to the message. */ + SHA256Update(ctx, (uint8_t *)"\200", 1); + + /* Pad message such that the resulting length modulo 512 is 448. */ + while ((ctx->count[0] & 504) != 448) + SHA256Update(ctx, (uint8_t *)"\0", 1); + + /* Append length of message in bits and do final SHA256Transform(). */ + SHA256Update(ctx, finalcount, sizeof(finalcount)); +} + +void +SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx) +{ + SHA256Pad(ctx); + if (digest != NULL) { +#if BYTE_ORDER == BIG_ENDIAN + memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH); +#else + unsigned int i; + + for (i = 0; i < 8; i++) + BE32TO8(digest + (i * 4), ctx->state.st32[i]); +#endif + memset(ctx, 0, sizeof(*ctx)); + } +} + +void +SHA384Init(SHA2_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); + ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL; + ctx->state.st64[1] = 0x629a292a367cd507ULL; + ctx->state.st64[2] = 0x9159015a3070dd17ULL; + ctx->state.st64[3] = 0x152fecd8f70e5939ULL; + ctx->state.st64[4] = 0x67332667ffc00b31ULL; + ctx->state.st64[5] = 0x8eb44a8768581511ULL; + ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL; + ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL; +} + +void +SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH]) +{ + SHA512Transform(state, data); +} + +void +SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) +{ + SHA512Update(ctx, data, len); +} + +void +SHA384Pad(SHA2_CTX *ctx) +{ + SHA512Pad(ctx); +} + +void +SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx) +{ + SHA384Pad(ctx); + if (digest != NULL) { +#if BYTE_ORDER == BIG_ENDIAN + memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH); +#else + unsigned int i; + + for (i = 0; i < 6; i++) + BE64TO8(digest + (i * 8), ctx->state.st64[i]); +#endif + memset(ctx, 0, sizeof(*ctx)); + } +} + +static const uint64_t SHA512_K[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +void +SHA512Init(SHA2_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); + ctx->state.st64[0] = 0x6a09e667f3bcc908ULL; + ctx->state.st64[1] = 0xbb67ae8584caa73bULL; + ctx->state.st64[2] = 0x3c6ef372fe94f82bULL; + ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL; + ctx->state.st64[4] = 0x510e527fade682d1ULL; + ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL; + ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL; + ctx->state.st64[7] = 0x5be0cd19137e2179ULL; +} + +/* Round macros for SHA512 */ +#define R(i) do { \ + h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \ + d(i)+=h(i); \ + h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ +} while (0) + +#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39)) +#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41)) +#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7)) +#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6)) + +void +SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH]) +{ + uint64_t W[16]; + uint64_t T[8]; + unsigned int j; + + /* Copy context state to working vars. */ + memcpy(T, state, sizeof(T)); + /* Copy data to W in big endian format. */ +#if BYTE_ORDER == BIG_ENDIAN + memcpy(W, data, sizeof(W)); +#else + for (j = 0; j < 16; j++) { + BE8TO64(W[j], data); + data += 8; + } +#endif + /* 80 operations, partially loop unrolled. */ + for (j = 0; j < 80; j += 16) + { + R( 0); R( 1); R( 2); R( 3); + R( 4); R( 5); R( 6); R( 7); + R( 8); R( 9); R(10); R(11); + R(12); R(13); R(14); R(15); + } + /* Add the working vars back into context state. */ + state[0] += a(0); + state[1] += b(0); + state[2] += c(0); + state[3] += d(0); + state[4] += e(0); + state[5] += f(0); + state[6] += g(0); + state[7] += h(0); + /* Cleanup. */ + zero_bytes(T, sizeof(T)); + zero_bytes(W, sizeof(W)); +} + +void +SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) +{ + size_t i = 0, j; + + j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1)); + ctx->count[0] += (len << 3); + if (ctx->count[0] < (len << 3)) + ctx->count[1]++; + if ((j + len) > SHA512_BLOCK_LENGTH - 1) { + memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j)); + SHA512Transform(ctx->state.st64, ctx->buffer); + for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH) + SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]); + j = 0; + } + memcpy(&ctx->buffer[j], &data[i], len - i); +} + +void +SHA512Pad(SHA2_CTX *ctx) +{ + uint8_t finalcount[16]; + + /* Store unpadded message length in bits in big endian format. */ + BE64TO8(finalcount, ctx->count[1]); + BE64TO8(finalcount + 8, ctx->count[0]); + + /* Append a '1' bit (0x80) to the message. */ + SHA512Update(ctx, (uint8_t *)"\200", 1); + + /* Pad message such that the resulting length modulo 1024 is 896. */ + while ((ctx->count[0] & 1008) != 896) + SHA512Update(ctx, (uint8_t *)"\0", 1); + + /* Append length of message in bits and do final SHA512Transform(). */ + SHA512Update(ctx, finalcount, sizeof(finalcount)); +} + +void +SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx) +{ + SHA512Pad(ctx); + if (digest != NULL) { +#if BYTE_ORDER == BIG_ENDIAN + memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH); +#else + unsigned int i; + + for (i = 0; i < 8; i++) + BE64TO8(digest + (i * 8), ctx->state.st64[i]); +#endif + memset(ctx, 0, sizeof(*ctx)); + } +} diff --git a/plugins/sudoers/sha2.h b/plugins/sudoers/sha2.h new file mode 100644 index 0000000..79dfc06 --- /dev/null +++ b/plugins/sudoers/sha2.h @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Derived from the public domain SHA-1 and SHA-2 implementations + * by Steve Reid and Wei Dai respectively. + */ + +#ifndef _SUDOERS_SHA2_H +#define _SUDOERS_SHA2_H + +#define SHA224_BLOCK_LENGTH 64 +#define SHA224_DIGEST_LENGTH 28 +#define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1) + +#define SHA256_BLOCK_LENGTH 64 +#define SHA256_DIGEST_LENGTH 32 +#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) + +#define SHA384_BLOCK_LENGTH 128 +#define SHA384_DIGEST_LENGTH 48 +#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) + +#define SHA512_BLOCK_LENGTH 128 +#define SHA512_DIGEST_LENGTH 64 +#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) + +typedef struct { + union { + uint32_t st32[8]; /* sha224 and sha256 */ + uint64_t st64[8]; /* sha384 and sha512 */ + } state; + uint64_t count[2]; + uint8_t buffer[SHA512_BLOCK_LENGTH]; +} SHA2_CTX; + +void SHA224Init(SHA2_CTX *ctx); +void SHA224Pad(SHA2_CTX *ctx); +void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]); +void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); +void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx); + +void SHA256Init(SHA2_CTX *ctx); +void SHA256Pad(SHA2_CTX *ctx); +void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]); +void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); +void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx); + +void SHA384Init(SHA2_CTX *ctx); +void SHA384Pad(SHA2_CTX *ctx); +void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]); +void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); +void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx); + +void SHA512Init(SHA2_CTX *ctx); +void SHA512Pad(SHA2_CTX *ctx); +void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]); +void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); +void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx); + +#endif /* _SUDOERS_SHA2_H */ diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c index 95a4776..71a589c 100644 --- a/plugins/sudoers/sssd.c +++ b/plugins/sudoers/sssd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003-2012 Todd C. Miller + * Copyright (c) 2003-2013 Todd C. Miller * Copyright (c) 2011 Daniel Kopecek * * This code is derived from software contributed by Aaron Spangler. @@ -21,7 +21,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -212,7 +211,13 @@ sudo_sss_filter_result(struct sudo_sss_handle *handle, sudo_debug_printf(SUDO_DEBUG_DEBUG, "reallocating result: %p (count: %u -> %u)", out_res->rules, in_res->num_rules, l); - out_res->rules = erealloc3(out_res->rules, l, sizeof(struct sss_sudo_rule)); + if (l > 0) { + out_res->rules = + erealloc3(out_res->rules, l, sizeof(struct sss_sudo_rule)); + } else { + efree(out_res->rules); + out_res->rules = NULL; + } } out_res->num_rules = l; @@ -248,8 +253,8 @@ static int sudo_sss_open(struct sudo_nss *nss) /* Load symbols */ handle->ssslib = dlopen(path, RTLD_LAZY); if (handle->ssslib == NULL) { - warningx(_("Unable to dlopen %s: %s"), path, dlerror()); - warningx(_("Unable to initialize SSS source. Is SSSD installed on your machine?")); + warningx(_("unable to dlopen %s: %s"), path, dlerror()); + warningx(_("unable to initialize SSS source. Is SSSD installed on your machine?")); debug_return_int(EFAULT); } @@ -345,7 +350,7 @@ static int sudo_sss_setdefs(struct sudo_nss *nss) if (sss_error == ENOENT) { sudo_debug_printf(SUDO_DEBUG_INFO, "The user was not found in SSSD."); - debug_return_int(-1); + debug_return_int(0); } else if(sss_error != 0) { sudo_debug_printf(SUDO_DEBUG_INFO, "sss_error=%u\n", sss_error); debug_return_int(-1); @@ -466,7 +471,7 @@ sudo_sss_check_runas_user(struct sudo_sss_handle *handle, struct sss_sudo_rule * /* FALLTHROUGH */ sudo_debug_printf(SUDO_DEBUG_DEBUG, "FALLTHROUGH"); default: - if (strcasecmp(val, runas_pw->pw_name) == 0) { + if (userpw_matches(val, runas_pw->pw_name, runas_pw)) { sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s == %s (pw_name) => match", val, runas_pw->pw_name); ret = true; @@ -712,6 +717,71 @@ sudo_sss_check_bool(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, debug_return_int(ret); } +/* + * If a digest prefix is present, fills in struct sudo_digest + * and returns a pointer to it, updating cmnd to point to the + * command after the digest. + */ +static struct sudo_digest * +sudo_sss_extract_digest(char **cmnd, struct sudo_digest *digest) +{ + char *ep, *cp = *cmnd; + int digest_type = SUDO_DIGEST_INVALID; + debug_decl(sudo_sss_check_command, SUDO_DEBUG_LDAP) + + /* + * Check for and extract a digest prefix, e.g. + * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls + */ + if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') { + switch (cp[3]) { + case '2': + if (cp[4] == '2' && cp[5] == '4') + digest_type = SUDO_DIGEST_SHA224; + else if (cp[4] == '5' && cp[5] == '6') + digest_type = SUDO_DIGEST_SHA256; + break; + case '3': + if (cp[4] == '8' && cp[5] == '4') + digest_type = SUDO_DIGEST_SHA384; + break; + case '5': + if (cp[4] == '1' && cp[5] == '2') + digest_type = SUDO_DIGEST_SHA512; + break; + } + if (digest_type != SUDO_DIGEST_INVALID) { + cp += 6; + while (isblank((unsigned char)*cp)) + cp++; + if (*cp == ':') { + cp++; + while (isblank((unsigned char)*cp)) + cp++; + ep = cp; + while (*ep != '\0' && !isblank((unsigned char)*ep)) + ep++; + if (*ep != '\0') { + digest->digest_type = digest_type; + digest->digest_str = estrndup(cp, (size_t)(ep - cp)); + cp = ep + 1; + while (isblank((unsigned char)*cp)) + cp++; + *cmnd = cp; + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s digest %s for %s", + digest_type == SUDO_DIGEST_SHA224 ? "sha224" : + digest_type == SUDO_DIGEST_SHA256 ? "sha256" : + digest_type == SUDO_DIGEST_SHA384 ? "sha384" : + "sha512", digest->digest_str, cp); + debug_return_ptr(digest); + } + } + } + } + debug_return_ptr(NULL); +} + /* * Walk through search results and return true if we have a command match, * false if disallowed and UNSPEC if not matched. @@ -723,6 +793,7 @@ sudo_sss_check_command(struct sudo_sss_handle *handle, char **val_array = NULL, *val; char *allowed_cmnd, *allowed_args; int i, foundbang, ret = UNSPEC; + struct sudo_digest digest, *allowed_digest = NULL; debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD); if (rule == NULL) @@ -754,6 +825,9 @@ sudo_sss_check_command(struct sudo_sss_handle *handle, continue; } + /* check for sha-2 digest */ + allowed_digest = sudo_ldap_extract_digest(&val, &digest); + /* check for !command */ if (*val == '!') { foundbang = true; @@ -769,7 +843,7 @@ sudo_sss_check_command(struct sudo_sss_handle *handle, *allowed_args++ = '\0'; /* check the command like normal */ - if (command_matches(allowed_cmnd, allowed_args)) { + if (command_matches(allowed_cmnd, allowed_args, NULL)) { /* * If allowed (no bang) set ret but keep on checking. * If disallowed (bang), exit loop. diff --git a/plugins/sudoers/sudo_nss.c b/plugins/sudoers/sudo_nss.c index 83a3fe9..bf216fa 100644 --- a/plugins/sudoers/sudo_nss.c +++ b/plugins/sudoers/sudo_nss.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Todd C. Miller + * Copyright (c) 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include @@ -62,7 +61,8 @@ struct sudo_nss_list * sudo_read_nss(void) { FILE *fp; - char *cp; + char *cp, *line = NULL; + size_t linesize = 0; #ifdef HAVE_SSSD bool saw_sss = false; #endif @@ -75,17 +75,17 @@ sudo_read_nss(void) if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) goto nomatch; - while ((cp = sudo_parseln(fp)) != NULL) { + while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { /* Skip blank or comment lines */ - if (*cp == '\0') + if (*line == '\0') continue; /* Look for a line starting with "sudoers:" */ - if (strncasecmp(cp, "sudoers:", 8) != 0) + if (strncasecmp(line, "sudoers:", 8) != 0) continue; /* Parse line */ - for ((cp = strtok(cp + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { + for ((cp = strtok(line + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { if (strcasecmp(cp, "files") == 0 && !saw_files) { tq_append(&snl, &sudo_nss_file); got_match = true; @@ -113,6 +113,7 @@ sudo_read_nss(void) /* Only parse the first "sudoers:" line */ break; } + free(line); fclose(fp); nomatch: @@ -135,7 +136,8 @@ struct sudo_nss_list * sudo_read_nss(void) { FILE *fp; - char *cp, *ep; + char *cp, *ep, *line = NULL; + ssize_t linesize = 0; #ifdef HAVE_SSSD bool saw_sss = false; #endif @@ -148,9 +150,9 @@ sudo_read_nss(void) if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) goto nomatch; - while ((cp = sudo_parseln(fp)) != NULL) { + while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { /* Skip blank or comment lines */ - if (*cp == '\0') + if (*(cp = line) == '\0') continue; /* Look for a line starting with "sudoers = " */ @@ -275,7 +277,7 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw) if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) cols = 0; lbuf_init(&defs, output, 4, NULL, cols); - lbuf_init(&privs, output, 4, NULL, cols); + lbuf_init(&privs, output, 8, NULL, cols); /* Display defaults from all sources. */ lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"), diff --git a/plugins/sudoers/sudo_nss.h b/plugins/sudoers/sudo_nss.h index dab885d..3e74f3a 100644 --- a/plugins/sudoers/sudo_nss.h +++ b/plugins/sudoers/sudo_nss.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Todd C. Miller + * Copyright (c) 2007-2011, 2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,8 +14,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_NSS_H -#define _SUDO_NSS_H +#ifndef _SUDOERS_NSS_H +#define _SUDOERS_NSS_H struct lbuf; struct passwd; @@ -41,4 +41,4 @@ TQ_DECLARE(sudo_nss) struct sudo_nss_list *sudo_read_nss(void); -#endif /* _SUDO_NSS_H */ +#endif /* _SUDOERS_NSS_H */ diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 0399acd..c06907c 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996, 1998-2011 Todd C. Miller + * Copyright (c) 1993-1996, 1998-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,9 +16,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * For a brief history of sudo, please see the HISTORY file included - * with this distribution. */ #define _SUDO_MAIN @@ -31,7 +28,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -60,10 +56,6 @@ #include #include #include -#ifdef HAVE_SETLOCALE -# include -#endif -#include #include #ifdef HAVE_LOGIN_CAP_H # include @@ -78,38 +70,34 @@ # include #endif #include -#include #ifndef HAVE_GETADDRINFO # include "compat/getaddrinfo.h" #endif #include "sudoers.h" -#include "interfaces.h" -#include "sudoers_version.h" #include "auth/sudo_auth.h" #include "secure_path.h" /* * Prototypes */ -static void init_vars(char * const *); +static char *find_editor(int nfiles, char **files, char ***argv_out); +static int cb_runas_default(const char *); +static int cb_sudoers_locale(const char *); static int set_cmnd(void); +static void create_admin_success_flag(void); +static void init_vars(char * const *); +static void set_fqdn(void); static void set_loginclass(struct passwd *); -static void set_runaspw(const char *); static void set_runasgr(const char *); -static int cb_runas_default(const char *); -static int sudoers_policy_version(int verbose); -static int deserialize_info(char * const args[], char * const settings[], - char * const user_info[]); -static char *find_editor(int nfiles, char **files, char ***argv_out); -static void create_admin_success_flag(void); +static void set_runaspw(const char *); +static bool tty_present(void); /* * Globals */ struct sudo_user sudo_user; struct passwd *list_pw; -struct interface *interfaces; int long_list; uid_t timestamp_uid; extern int errorlineno; @@ -118,79 +106,40 @@ extern char *errorfile; #ifdef HAVE_BSD_AUTH_H char *login_style; #endif /* HAVE_BSD_AUTH_H */ -sudo_conv_t sudo_conv; -sudo_printf_t sudo_printf; int sudo_mode; -static int sudo_version; static char *prev_user; static char *runas_user; static char *runas_group; static struct sudo_nss_list *snl; -static const char *interfaces_string; -static sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp; /* XXX - must be extern for audit bits of sudo_auth.c */ int NewArgc; char **NewArgv; -/* Declared here instead of plugin_error.c for static sudo builds. */ -sigjmp_buf error_jmp; - -static int -sudoers_policy_open(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const envp[], char * const args[]) +int +sudoers_policy_init(void *info, char * const envp[]) { volatile int sources = 0; - sigaction_t sa; - struct sudo_nss *nss; - struct sudo_nss *nss_next; - debug_decl(sudoers_policy_open, SUDO_DEBUG_PLUGIN) - - sudo_version = version; - if (!sudo_conv) - sudo_conv = conversation; - if (!sudo_printf) - sudo_printf = plugin_printf; - - /* Plugin args are only specified for API version 1.2 and higher. */ - if (sudo_version < SUDO_API_MKVERSION(1, 2)) - args = NULL; - - if (sigsetjmp(error_jmp, 1)) { - /* called via error(), errorx() or log_fatal() */ - rewind_perms(); - debug_return_bool(-1); - } + struct sudo_nss *nss, *nss_next; + debug_decl(sudoers_policy_init, SUDO_DEBUG_PLUGIN) bindtextdomain("sudoers", LOCALEDIR); - /* - * Signal setup: - * Ignore keyboard-generated signals so the user cannot interrupt - * us at some point and avoid the logging. - * Install handler to wait for children when they exit. - */ - zero_bytes(&sa, sizeof(sa)); - sigemptyset(&sa.sa_mask); - sa.sa_flags = SA_RESTART; - sa.sa_handler = SIG_IGN; - (void) sigaction(SIGINT, &sa, &saved_sa_int); - (void) sigaction(SIGQUIT, &sa, &saved_sa_quit); - (void) sigaction(SIGTSTP, &sa, &saved_sa_tstp); - sudo_setpwent(); sudo_setgrent(); + /* Register fatal/fatalx callback. */ + fatal_callback_register(sudoers_cleanup); + /* Initialize environment functions (including replacements). */ env_init(envp); /* Setup defaults data structures. */ init_defaults(); - /* Parse args, settings and user_info */ - sudo_mode = deserialize_info(args, settings, user_info); + /* Parse info from front-end. */ + sudo_mode = sudoers_policy_deserialize_info(info, &runas_user, &runas_group); init_vars(envp); /* XXX - move this later? */ @@ -207,7 +156,7 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, if (nss->open(nss) == 0 && nss->parse(nss) == 0) { sources++; if (nss->setdefs(nss) != 0) - log_error(NO_STDERR, _("problem with defaults entries")); + log_warning(NO_STDERR, N_("problem with defaults entries")); } else { tq_remove(snl, nss); } @@ -232,6 +181,7 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, * Note that if runas_group was specified without runas_user we * defer setting runas_pw so the match routines know to ignore it. */ + /* XXX - qpm4u does more here as it may have already set runas_pw */ if (runas_group != NULL) { set_runasgr(runas_group); if (runas_user != NULL) @@ -240,7 +190,7 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, set_runaspw(runas_user ? runas_user : def_runas_default); if (!update_defaults(SETDEF_RUNAS)) - log_error(NO_STDERR, _("problem with defaults entries")); + log_warning(NO_STDERR, N_("problem with defaults entries")); if (def_fqdn) set_fqdn(); /* deferred until after sudoers is parsed */ @@ -253,79 +203,21 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, debug_return_bool(true); } -static void -sudoers_policy_close(int exit_status, int error_code) -{ - debug_decl(sudoers_policy_close, SUDO_DEBUG_PLUGIN) - - if (sigsetjmp(error_jmp, 1)) { - /* called via error(), errorx() or log_fatal() */ - debug_return; - } - - /* We do not currently log the exit status. */ - if (error_code) - warningx(_("unable to execute %s: %s"), safe_cmnd, strerror(error_code)); - - /* Close the session we opened in sudoers_policy_init_session(). */ - if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT)) - (void)sudo_auth_end_session(runas_pw); - - /* Free remaining references to password and group entries. */ - sudo_pw_delref(sudo_user.pw); - sudo_user.pw = NULL; - sudo_pw_delref(runas_pw); - runas_pw = NULL; - if (runas_gr != NULL) { - sudo_gr_delref(runas_gr); - runas_gr = NULL; - } - if (user_group_list != NULL) { - sudo_grlist_delref(user_group_list); - user_group_list = NULL; - } - efree(user_gids); - user_gids = NULL; - - debug_return; -} - -/* - * The init_session function is called before executing the command - * and before uid/gid changes occur. - * Returns 1 on success, 0 on failure and -1 on error. - */ -static int -sudoers_policy_init_session(struct passwd *pwd, char **user_env[]) -{ - debug_decl(sudoers_policy_init, SUDO_DEBUG_PLUGIN) - - /* user_env is only specified for API version 1.2 and higher. */ - if (sudo_version < SUDO_API_MKVERSION(1, 2)) - user_env = NULL; - - if (sigsetjmp(error_jmp, 1)) { - /* called via error(), errorx() or log_fatal() */ - debug_return_bool(-1); - } - - debug_return_bool(sudo_auth_begin_session(pwd, user_env)); -} - -static int +int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], - char **command_infop[], char **argv_out[], char **user_env_out[]) + void *closure) { - static char *command_info[32]; /* XXX */ char **edit_argv = NULL; + char *iolog_path = NULL; + mode_t cmnd_umask = 0777; struct sudo_nss *nss; - int cmnd_status = -1, validated; - volatile int info_len = 0; + int cmnd_status = -1, oldlocale, validated; volatile int rval = true; debug_decl(sudoers_policy_main, SUDO_DEBUG_PLUGIN) - if (sigsetjmp(error_jmp, 1)) { - /* error recovery via error(), errorx() or log_fatal() */ + /* XXX - would like to move this to policy.c but need the cleanup. */ + if (fatal_setjmp() != 0) { + /* error recovery via fatal(), fatalx() or log_fatal() */ rval = -1; goto done; } @@ -377,17 +269,10 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], /* Find command in path */ cmnd_status = set_cmnd(); -#ifdef HAVE_SETLOCALE - if (!setlocale(LC_ALL, def_sudoers_locale)) { - warningx(_("unable to set locale to \"%s\", using \"C\""), - def_sudoers_locale); - setlocale(LC_ALL, "C"); - } -#endif - /* - * Check sudoers sources. + * Check sudoers sources, using the locale specified in sudoers. */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); validated = FLAG_NO_USER | FLAG_NO_HOST; tq_foreach_fwd(snl, nss) { validated = nss->lookup(nss, validated, pwflag); @@ -403,13 +288,12 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], } } + /* Restore user's locale. */ + sudoers_setlocale(oldlocale, NULL); + if (safe_cmnd == NULL) safe_cmnd = estrdup(user_cmnd); -#ifdef HAVE_SETLOCALE - setlocale(LC_ALL, ""); -#endif - /* If only a group was specified, set runas_pw based on invoking user. */ if (runas_pw == NULL) set_runaspw(user_name); @@ -428,7 +312,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], timestamp_uid = pw->pw_uid; sudo_pw_delref(pw); } else { - log_error(0, _("timestamp owner (%s): No such user"), + log_warning(0, N_("timestamp owner (%s): No such user"), def_timestampowner); timestamp_uid = ROOT_UID; } @@ -441,14 +325,10 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], } /* Bail if a tty is required and we don't have one. */ - if (def_requiretty) { - int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY); - if (fd == -1) { - audit_failure(NewArgv, _("no tty")); - warningx(_("sorry, you must have a tty to run sudo")); - goto bad; - } else - (void) close(fd); + if (def_requiretty && !tty_present()) { + audit_failure(NewArgv, N_("no tty")); + warningx(_("sorry, you must have a tty to run sudo")); + goto bad; } /* @@ -495,12 +375,17 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], /* Finally tell the user if the command did not exist. */ if (cmnd_status == NOT_FOUND_DOT) { - audit_failure(NewArgv, _("command in current directory")); + audit_failure(NewArgv, N_("command in current directory")); warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); goto bad; } else if (cmnd_status == NOT_FOUND) { - audit_failure(NewArgv, _("%s: command not found"), user_cmnd); - warningx(_("%s: command not found"), user_cmnd); + if (ISSET(sudo_mode, MODE_CHECK)) { + audit_failure(NewArgv, N_("%s: command not found"), NewArgv[0]); + warningx(_("%s: command not found"), NewArgv[0]); + } else { + audit_failure(NewArgv, N_("%s: command not found"), user_cmnd); + warningx(_("%s: command not found"), user_cmnd); + } goto bad; } @@ -513,23 +398,13 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], validate_env_vars(sudo_user.env_vars); } - if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)) && (def_log_input || def_log_output)) { - if (def_iolog_file && def_iolog_dir) { - command_info[info_len++] = expand_iolog_path("iolog_path=", - def_iolog_dir, def_iolog_file, &sudo_user.iolog_file); + if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT))) { + if ((def_log_input || def_log_output) && def_iolog_file && def_iolog_dir) { + const char prefix[] = "iolog_path="; + iolog_path = expand_iolog_path(prefix, def_iolog_dir, + def_iolog_file, &sudo_user.iolog_file); sudo_user.iolog_file++; } - if (def_log_input) { - command_info[info_len++] = estrdup("iolog_stdin=true"); - command_info[info_len++] = estrdup("iolog_ttyin=true"); - } - if (def_log_output) { - command_info[info_len++] = estrdup("iolog_stdout=true"); - command_info[info_len++] = estrdup("iolog_stderr=true"); - command_info[info_len++] = estrdup("iolog_ttyout=true"); - } - if (def_compress_io) - command_info[info_len++] = estrdup("iolog_compress=true"); } log_allowed(validated); @@ -556,13 +431,9 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], * unless umask_override is set. */ if (def_umask != 0777) { - mode_t mask = def_umask; - if (!def_umask_override) { - mode_t omask = umask(mask); - mask |= omask; - umask(omask); - } - easprintf(&command_info[info_len++], "umask=0%o", (unsigned int)mask); + cmnd_umask = def_umask; + if (!def_umask_override) + cmnd_umask |= user_umask; } if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { @@ -574,9 +445,6 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], *p = '-'; NewArgv[0] = p; - /* Set cwd to run user's homedir. */ - command_info[info_len++] = fmt_string("cwd", runas_pw->pw_dir); - /* * Newer versions of bash require the --login option to be used * in conjunction with the -c option even if the shell name starts @@ -615,108 +483,21 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], /* Insert user-specified environment variables. */ insert_env_vars(sudo_user.env_vars); - /* Restore signal handlers before we exec. */ - (void) sigaction(SIGINT, &saved_sa_int, NULL); - (void) sigaction(SIGQUIT, &saved_sa_quit, NULL); - (void) sigaction(SIGTSTP, &saved_sa_tstp, NULL); - if (ISSET(sudo_mode, MODE_EDIT)) { - char *editor = find_editor(NewArgc - 1, NewArgv + 1, &edit_argv); - if (editor == NULL) + efree(safe_cmnd); + safe_cmnd = find_editor(NewArgc - 1, NewArgv + 1, &edit_argv); + if (safe_cmnd == NULL) goto bad; - command_info[info_len++] = fmt_string("command", editor); - command_info[info_len++] = estrdup("sudoedit=true"); - } else { - command_info[info_len++] = fmt_string("command", safe_cmnd); } - if (def_stay_setuid) { - easprintf(&command_info[info_len++], "runas_uid=%u", - (unsigned int)user_uid); - easprintf(&command_info[info_len++], "runas_gid=%u", - (unsigned int)user_gid); - easprintf(&command_info[info_len++], "runas_euid=%u", - (unsigned int)runas_pw->pw_uid); - easprintf(&command_info[info_len++], "runas_egid=%u", - runas_gr ? (unsigned int)runas_gr->gr_gid : - (unsigned int)runas_pw->pw_gid); - } else { - easprintf(&command_info[info_len++], "runas_uid=%u", - (unsigned int)runas_pw->pw_uid); - easprintf(&command_info[info_len++], "runas_gid=%u", - runas_gr ? (unsigned int)runas_gr->gr_gid : - (unsigned int)runas_pw->pw_gid); - } - if (def_preserve_groups) { - command_info[info_len++] = "preserve_groups=true"; - } else { - int i, len; - gid_t egid; - size_t glsize; - char *cp, *gid_list; - struct group_list *grlist = sudo_get_grlist(runas_pw); - - /* We reserve an extra spot in the list for the effective gid. */ - glsize = sizeof("runas_groups=") - 1 + - ((grlist->ngids + 1) * (MAX_UID_T_LEN + 1)); - gid_list = emalloc(glsize); - memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1); - cp = gid_list + sizeof("runas_groups=") - 1; - - /* On BSD systems the effective gid is the first group in the list. */ - egid = runas_gr ? (unsigned int)runas_gr->gr_gid : - (unsigned int)runas_pw->pw_gid; - len = snprintf(cp, glsize - (cp - gid_list), "%u", egid); - if (len < 0 || len >= glsize - (cp - gid_list)) - errorx(1, _("internal error, %s overflow"), "runas_groups"); - cp += len; - for (i = 0; i < grlist->ngids; i++) { - if (grlist->gids[i] != egid) { - len = snprintf(cp, glsize - (cp - gid_list), ",%u", - (unsigned int) grlist->gids[i]); - if (len < 0 || len >= glsize - (cp - gid_list)) - errorx(1, _("internal error, %s overflow"), "runas_groups"); - cp += len; - } - } - command_info[info_len++] = gid_list; - sudo_grlist_delref(grlist); - } - if (def_closefrom >= 0) - easprintf(&command_info[info_len++], "closefrom=%d", def_closefrom); - if (def_noexec) - command_info[info_len++] = estrdup("noexec=true"); - if (def_set_utmp) - command_info[info_len++] = estrdup("set_utmp=true"); - if (def_use_pty) - command_info[info_len++] = estrdup("use_pty=true"); - if (def_utmp_runas) - command_info[info_len++] = fmt_string("utmp_user", runas_pw->pw_name); -#ifdef HAVE_LOGIN_CAP_H - if (def_use_loginclass) - command_info[info_len++] = fmt_string("login_class", login_class); -#endif /* HAVE_LOGIN_CAP_H */ -#ifdef HAVE_SELINUX - if (user_role != NULL) - command_info[info_len++] = fmt_string("selinux_role", user_role); - if (user_type != NULL) - command_info[info_len++] = fmt_string("selinux_type", user_type); -#endif /* HAVE_SELINUX */ -#ifdef HAVE_PRIV_SET - if (runas_privs != NULL) - command_info[info_len++] = fmt_string("runas_privs", runas_privs); - if (runas_limitprivs != NULL) - command_info[info_len++] = fmt_string("runas_limitprivs", runas_limitprivs); -#endif /* HAVE_SELINUX */ /* Must audit before uid change. */ audit_success(NewArgv); - *command_infop = command_info; - - *argv_out = edit_argv ? edit_argv : NewArgv; + /* Setup execution environment to pass back to front-end. */ + rval = sudoers_policy_exec_setup(edit_argv ? edit_argv : NewArgv, + env_get(), cmnd_umask, iolog_path, closure); - /* Get private version of the environment and zero out stashed copy. */ - *user_env_out = env_get(); + /* Zero out stashed copy of environment, it is owned by the front-end. */ env_init(NULL); goto done; @@ -725,6 +506,7 @@ bad: rval = false; done: + fatal_disable_setjmp(); rewind_perms(); /* Close the password and group files and free up memory. */ @@ -734,77 +516,8 @@ done: debug_return_bool(rval); } -static int -sudoers_policy_check(int argc, char * const argv[], char *env_add[], - char **command_infop[], char **argv_out[], char **user_env_out[]) -{ - debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN) - - if (!ISSET(sudo_mode, MODE_EDIT)) - SET(sudo_mode, MODE_RUN); - - debug_return_bool(sudoers_policy_main(argc, argv, 0, env_add, command_infop, - argv_out, user_env_out)); -} - -static int -sudoers_policy_validate(void) -{ - debug_decl(sudoers_policy_validate, SUDO_DEBUG_PLUGIN) - - user_cmnd = "validate"; - SET(sudo_mode, MODE_VALIDATE); - - debug_return_bool(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL, NULL, NULL)); -} - -static void -sudoers_policy_invalidate(int remove) -{ - debug_decl(sudoers_policy_invalidate, SUDO_DEBUG_PLUGIN) - - user_cmnd = "kill"; - if (sigsetjmp(error_jmp, 1) == 0) { - remove_timestamp(remove); - plugin_cleanup(0); - } - - debug_return; -} - -static int -sudoers_policy_list(int argc, char * const argv[], int verbose, - const char *list_user) -{ - int rval; - debug_decl(sudoers_policy_list, SUDO_DEBUG_PLUGIN) - - user_cmnd = "list"; - if (argc) - SET(sudo_mode, MODE_CHECK); - else - SET(sudo_mode, MODE_LIST); - if (verbose) - long_list = 1; - if (list_user) { - list_pw = sudo_getpwnam(list_user); - if (list_pw == NULL) { - warningx(_("unknown user: %s"), list_user); - debug_return_bool(-1); - } - } - rval = sudoers_policy_main(argc, argv, I_LISTPW, NULL, NULL, NULL, NULL); - if (list_user) { - sudo_pw_delref(list_pw); - list_pw = NULL; - } - - debug_return_bool(rval); -} - /* - * Initialize timezone, set umask, fill in ``sudo_user'' struct and - * load the ``interfaces'' array. + * Initialize timezone and fill in ``sudo_user'' struct. */ static void init_vars(char * const envp[]) @@ -812,9 +525,7 @@ init_vars(char * const envp[]) char * const * ep; debug_decl(init_vars, SUDO_DEBUG_PLUGIN) -#ifdef HAVE_TZSET - (void) tzset(); /* set the timezone if applicable */ -#endif /* HAVE_TZSET */ + sudoers_initlocale(setlocale(LC_ALL, NULL), def_sudoers_locale); for (ep = envp; *ep; ep++) { /* XXX - don't fill in if empty string */ @@ -837,23 +548,24 @@ init_vars(char * const envp[]) } /* - * Get a local copy of the user's struct passwd with the shadow password - * if necessary. It is assumed that euid is 0 at this point so we - * can read the shadow passwd file if necessary. + * Get a local copy of the user's struct passwd if we don't already + * have one. */ - if ((sudo_user.pw = sudo_getpwuid(user_uid)) == NULL) { - /* - * It is not unusual for users to place "sudo -k" in a .logout - * file which can cause sudo to be run during reboot after the - * YP/NIS/NIS+/LDAP/etc daemon has died. - */ - if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) - errorx(1, _("unknown uid: %u"), (unsigned int) user_uid); + if (sudo_user.pw == NULL) { + if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) { + /* + * It is not unusual for users to place "sudo -k" in a .logout + * file which can cause sudo to be run during reboot after the + * YP/NIS/NIS+/LDAP/etc daemon has died. + */ + if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) + fatalx(_("unknown uid: %u"), (unsigned int) user_uid); - /* Need to make a fake struct passwd for the call to log_fatal(). */ - sudo_user.pw = sudo_fakepwnamid(user_name, user_uid, user_gid); - log_fatal(0, _("unknown uid: %u"), (unsigned int) user_uid); - /* NOTREACHED */ + /* Need to make a fake struct passwd for the call to log_fatal(). */ + sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL); + log_fatal(0, N_("unknown uid: %u"), (unsigned int) user_uid); + /* NOTREACHED */ + } } /* @@ -865,6 +577,12 @@ init_vars(char * const envp[]) /* Set runas callback. */ sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default; + /* Set locale callback. */ + sudo_defs_table[I_SUDOERS_LOCALE].callback = cb_sudoers_locale; + + /* Set maxseq callback. */ + sudo_defs_table[I_MAXSEQ].callback = io_set_max_sessid; + /* It is now safe to use log_fatal() and set_perms() */ debug_return; } @@ -933,7 +651,7 @@ set_cmnd(void) for (to = user_args, av = NewArgv + 1; *av; av++) { n = strlcpy(to, *av, size - (to - user_args)); if (n >= size - (to - user_args)) - errorx(1, _("internal error, %s overflow"), "set_cmnd()"); + fatalx(_("internal error, %s overflow"), "set_cmnd()"); to += n; *to++ = ' '; } @@ -941,8 +659,10 @@ set_cmnd(void) } } } - if (strlen(user_cmnd) >= PATH_MAX) - errorx(1, _("%s: %s"), user_cmnd, strerror(ENAMETOOLONG)); + if (strlen(user_cmnd) >= PATH_MAX) { + errno = ENAMETOOLONG; + fatal("%s", user_cmnd); + } if ((user_base = strrchr(user_cmnd, '/')) != NULL) user_base++; @@ -950,7 +670,7 @@ set_cmnd(void) user_base = user_cmnd; if (!update_defaults(SETDEF_CMND)) - log_error(NO_STDERR, _("problem with defaults entries")); + log_warning(NO_STDERR, N_("problem with defaults entries")); debug_return_int(rval); } @@ -985,10 +705,10 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen) * the user with a reasonable error message (unlike the lexer). */ if ((fp = fopen(sudoers, "r")) == NULL) { - log_error(USE_ERRNO, _("unable to open %s"), sudoers); + log_warning(USE_ERRNO, N_("unable to open %s"), sudoers); } else { if (sb.st_size != 0 && fgetc(fp) == EOF) { - log_error(USE_ERRNO, _("unable to read %s"), + log_warning(USE_ERRNO, N_("unable to read %s"), sudoers); fclose(fp); fp = NULL; @@ -1000,20 +720,20 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen) } break; case SUDO_PATH_MISSING: - log_error(USE_ERRNO, _("unable to stat %s"), sudoers); + log_warning(USE_ERRNO, N_("unable to stat %s"), sudoers); break; case SUDO_PATH_BAD_TYPE: - log_error(0, _("%s is not a regular file"), sudoers); + log_warning(0, N_("%s is not a regular file"), sudoers); break; case SUDO_PATH_WRONG_OWNER: - log_error(0, _("%s is owned by uid %u, should be %u"), + log_warning(0, N_("%s is owned by uid %u, should be %u"), sudoers, (unsigned int) sb.st_uid, (unsigned int) sudoers_uid); break; case SUDO_PATH_WORLD_WRITABLE: - log_error(0, _("%s is world writable"), sudoers); + log_warning(0, N_("%s is world writable"), sudoers); break; case SUDO_PATH_GROUP_WRITABLE: - log_error(0, _("%s is owned by gid %u, should be %u"), + log_warning(0, N_("%s is owned by gid %u, should be %u"), sudoers, (unsigned int) sb.st_gid, (unsigned int) sudoers_gid); break; default: @@ -1040,7 +760,7 @@ set_loginclass(struct passwd *pw) if (login_class && strcmp(login_class, "-") != 0) { if (user_uid != 0 && strcmp(runas_user ? runas_user : def_runas_default, "root") != 0) - errorx(1, _("only root can use `-c %s'"), login_class); + fatalx(_("only root can use `-c %s'"), login_class); } else { login_class = pw->pw_class; if (!login_class || !*login_class) @@ -1057,9 +777,9 @@ set_loginclass(struct passwd *pw) * corrupted we want the admin to be able to use sudo to fix it. */ if (login_class) - log_fatal(errflags, _("unknown login class: %s"), login_class); + log_fatal(errflags, N_("unknown login class: %s"), login_class); else - log_error(errflags, _("unknown login class: %s"), login_class); + log_warning(errflags, N_("unknown login class: %s"), login_class); def_use_loginclass = false; } login_close(lc); @@ -1080,7 +800,7 @@ set_loginclass(struct passwd *pw) * Look up the fully qualified domain name and set user_host and user_shost. * Use AI_FQDN if available since "canonical" is not always the same as fqdn. */ -void +static void set_fqdn(void) { struct addrinfo *res0, hint; @@ -1091,7 +811,7 @@ set_fqdn(void) hint.ai_family = PF_UNSPEC; hint.ai_flags = AI_FQDN; if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) { - log_error(MSG_ONLY, _("unable to resolve host %s"), user_host); + log_warning(MSG_ONLY, N_("unable to resolve host %s"), user_host); } else { if (user_shost != user_host) efree(user_shost); @@ -1122,7 +842,7 @@ set_runaspw(const char *user) runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); } else { if ((runas_pw = sudo_getpwnam(user)) == NULL) - log_fatal(NO_MAIL|MSG_ONLY, _("unknown user: %s"), user); + log_fatal(NO_MAIL|MSG_ONLY, N_("unknown user: %s"), user); } debug_return; } @@ -1143,7 +863,7 @@ set_runasgr(const char *group) runas_gr = sudo_fakegrnam(group); } else { if ((runas_gr = sudo_getgrnam(group)) == NULL) - log_fatal(NO_MAIL|MSG_ONLY, _("unknown group: %s"), group); + log_fatal(NO_MAIL|MSG_ONLY, N_("unknown group: %s"), group); } debug_return; } @@ -1161,317 +881,48 @@ cb_runas_default(const char *user) } /* - * Cleanup hook for error()/errorx() + * Callback for sudoers_locale sudoers setting. */ -void -plugin_cleanup(int gotsignal) -{ - struct sudo_nss *nss; - - if (!gotsignal) { - debug_decl(plugin_cleanup, SUDO_DEBUG_PLUGIN) - if (snl != NULL) { - tq_foreach_fwd(snl, nss) - nss->close(nss); - } - if (def_group_plugin) - group_plugin_unload(); - sudo_endpwent(); - sudo_endgrent(); - debug_return; - } -} - static int -sudoers_policy_version(int verbose) +cb_sudoers_locale(const char *locale) { - debug_decl(sudoers_policy_version, SUDO_DEBUG_PLUGIN) - - if (sigsetjmp(error_jmp, 1)) { - /* error recovery via error(), errorx() or log_fatal() */ - debug_return_bool(-1); - } - - sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers policy plugin version %s\n"), - PACKAGE_VERSION); - sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers file grammar version %d\n"), - SUDOERS_GRAMMAR_VERSION); - - if (verbose) { - sudo_printf(SUDO_CONV_INFO_MSG, _("\nSudoers path: %s\n"), sudoers_file); -#ifdef HAVE_LDAP -# ifdef _PATH_NSSWITCH_CONF - sudo_printf(SUDO_CONV_INFO_MSG, _("nsswitch path: %s\n"), _PATH_NSSWITCH_CONF); -# endif - sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.conf path: %s\n"), _PATH_LDAP_CONF); - sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.secret path: %s\n"), _PATH_LDAP_SECRET); -#endif - dump_auth_methods(); - dump_defaults(); - sudo_printf(SUDO_CONV_INFO_MSG, "\n"); - if (interfaces_string != NULL) { - dump_interfaces(interfaces_string); - sudo_printf(SUDO_CONV_INFO_MSG, "\n"); - } - } - debug_return_bool(true); + sudoers_initlocale(NULL, locale); + return true; } -static int -deserialize_info(char * const args[], char * const settings[], char * const user_info[]) +/* + * Cleanup hook for fatal()/fatalx() + */ +void +sudoers_cleanup(void) { - char * const *cur; - const char *p, *groups = NULL; - const char *debug_flags = NULL; - int flags = 0; - debug_decl(deserialize_info, SUDO_DEBUG_PLUGIN) - -#define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0) - - /* Parse sudo.conf plugin args. */ - if (args != NULL) { - for (cur = args; *cur != NULL; cur++) { - if (MATCHES(*cur, "sudoers_file=")) { - sudoers_file = *cur + sizeof("sudoers_file=") - 1; - continue; - } - if (MATCHES(*cur, "sudoers_uid=")) { - sudoers_uid = (uid_t) atoi(*cur + sizeof("sudoers_uid=") - 1); - continue; - } - if (MATCHES(*cur, "sudoers_gid=")) { - sudoers_gid = (gid_t) atoi(*cur + sizeof("sudoers_gid=") - 1); - continue; - } - if (MATCHES(*cur, "sudoers_mode=")) { - sudoers_mode = (mode_t) strtol(*cur + sizeof("sudoers_mode=") - 1, - NULL, 8); - continue; - } - } - } - - /* Parse command line settings. */ - user_closefrom = -1; - for (cur = settings; *cur != NULL; cur++) { - if (MATCHES(*cur, "closefrom=")) { - user_closefrom = atoi(*cur + sizeof("closefrom=") - 1); - continue; - } - if (MATCHES(*cur, "debug_flags=")) { - debug_flags = *cur + sizeof("debug_flags=") - 1; - continue; - } - if (MATCHES(*cur, "runas_user=")) { - runas_user = *cur + sizeof("runas_user=") - 1; - sudo_user.flags |= RUNAS_USER_SPECIFIED; - continue; - } - if (MATCHES(*cur, "runas_group=")) { - runas_group = *cur + sizeof("runas_group=") - 1; - sudo_user.flags |= RUNAS_GROUP_SPECIFIED; - continue; - } - if (MATCHES(*cur, "prompt=")) { - user_prompt = *cur + sizeof("prompt=") - 1; - def_passprompt_override = true; - continue; - } - if (MATCHES(*cur, "set_home=")) { - if (atobool(*cur + sizeof("set_home=") - 1) == true) - SET(flags, MODE_RESET_HOME); - continue; - } - if (MATCHES(*cur, "preserve_environment=")) { - if (atobool(*cur + sizeof("preserve_environment=") - 1) == true) - SET(flags, MODE_PRESERVE_ENV); - continue; - } - if (MATCHES(*cur, "run_shell=")) { - if (atobool(*cur + sizeof("run_shell=") - 1) == true) - SET(flags, MODE_SHELL); - continue; - } - if (MATCHES(*cur, "login_shell=")) { - if (atobool(*cur + sizeof("login_shell=") - 1) == true) { - SET(flags, MODE_LOGIN_SHELL); - def_env_reset = true; - } - continue; - } - if (MATCHES(*cur, "implied_shell=")) { - if (atobool(*cur + sizeof("implied_shell=") - 1) == true) - SET(flags, MODE_IMPLIED_SHELL); - continue; - } - if (MATCHES(*cur, "preserve_groups=")) { - if (atobool(*cur + sizeof("preserve_groups=") - 1) == true) - SET(flags, MODE_PRESERVE_GROUPS); - continue; - } - if (MATCHES(*cur, "ignore_ticket=")) { - if (atobool(*cur + sizeof("ignore_ticket=") - 1) == true) - SET(flags, MODE_IGNORE_TICKET); - continue; - } - if (MATCHES(*cur, "noninteractive=")) { - if (atobool(*cur + sizeof("noninteractive=") - 1) == true) - SET(flags, MODE_NONINTERACTIVE); - continue; - } - if (MATCHES(*cur, "sudoedit=")) { - if (atobool(*cur + sizeof("sudoedit=") - 1) == true) - SET(flags, MODE_EDIT); - continue; - } - if (MATCHES(*cur, "login_class=")) { - login_class = *cur + sizeof("login_class=") - 1; - def_use_loginclass = true; - continue; - } -#ifdef HAVE_PRIV_SET - if (MATCHES(*cur, "runas_privs=")) { - def_privs = *cur + sizeof("runas_privs=") - 1; - continue; - } - if (MATCHES(*cur, "runas_limitprivs=")) { - def_limitprivs = *cur + sizeof("runas_limitprivs=") - 1; - continue; - } -#endif /* HAVE_PRIV_SET */ -#ifdef HAVE_SELINUX - if (MATCHES(*cur, "selinux_role=")) { - user_role = *cur + sizeof("selinux_role=") - 1; - continue; - } - if (MATCHES(*cur, "selinux_type=")) { - user_type = *cur + sizeof("selinux_type=") - 1; - continue; - } -#endif /* HAVE_SELINUX */ -#ifdef HAVE_BSD_AUTH_H - if (MATCHES(*cur, "bsdauth_type=")) { - login_style = *cur + sizeof("bsdauth_type=") - 1; - continue; - } -#endif /* HAVE_BSD_AUTH_H */ -#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) - if (MATCHES(*cur, "progname=")) { - setprogname(*cur + sizeof("progname=") - 1); - continue; - } -#endif - if (MATCHES(*cur, "network_addrs=")) { - interfaces_string = *cur + sizeof("network_addrs=") - 1; - set_interfaces(interfaces_string); - continue; - } - } - - for (cur = user_info; *cur != NULL; cur++) { - if (MATCHES(*cur, "user=")) { - user_name = estrdup(*cur + sizeof("user=") - 1); - continue; - } - if (MATCHES(*cur, "uid=")) { - user_uid = (uid_t) atoi(*cur + sizeof("uid=") - 1); - continue; - } - if (MATCHES(*cur, "gid=")) { - p = *cur + sizeof("gid=") - 1; - user_gid = (gid_t) atoi(p); - continue; - } - if (MATCHES(*cur, "groups=")) { - groups = *cur + sizeof("groups=") - 1; - continue; - } - if (MATCHES(*cur, "cwd=")) { - user_cwd = estrdup(*cur + sizeof("cwd=") - 1); - continue; - } - if (MATCHES(*cur, "tty=")) { - user_tty = user_ttypath = estrdup(*cur + sizeof("tty=") - 1); - if (strncmp(user_tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) - user_tty += sizeof(_PATH_DEV) - 1; - continue; - } - if (MATCHES(*cur, "host=")) { - user_host = user_shost = estrdup(*cur + sizeof("host=") - 1); - if ((p = strchr(user_host, '.'))) - user_shost = estrndup(user_host, (size_t)(p - user_host)); - continue; - } - if (MATCHES(*cur, "lines=")) { - sudo_user.lines = atoi(*cur + sizeof("lines=") - 1); - continue; - } - if (MATCHES(*cur, "cols=")) { - sudo_user.cols = atoi(*cur + sizeof("cols=") - 1); - continue; - } - if (MATCHES(*cur, "sid=")) { - sudo_user.sid = atoi(*cur + sizeof("sid=") - 1); - continue; - } - } - if (user_cwd == NULL) - user_cwd = "unknown"; - if (user_tty == NULL) - user_tty = "unknown"; /* user_ttypath remains NULL */ - - if (groups != NULL && groups[0] != '\0') { - const char *cp; - GETGROUPS_T *gids; - int ngids; - - /* Count number of groups, including passwd gid. */ - ngids = 2; - for (cp = groups; *cp != '\0'; cp++) { - if (*cp == ',') - ngids++; - } - - /* The first gid in the list is the passwd group gid. */ - gids = emalloc2(ngids, sizeof(GETGROUPS_T)); - gids[0] = user_gid; - ngids = 1; - cp = groups; - for (;;) { - gids[ngids] = atoi(cp); - if (gids[0] != gids[ngids]) - ngids++; - cp = strchr(cp, ','); - if (cp == NULL) - break; - cp++; /* skip over comma */ - } - user_gids = gids; - user_ngids = ngids; - } + struct sudo_nss *nss; + debug_decl(sudoers_cleanup, SUDO_DEBUG_PLUGIN) - /* Setup debugging if indicated. */ - if (debug_flags != NULL) { - sudo_debug_init(NULL, debug_flags); - for (cur = settings; *cur != NULL; cur++) - sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); - for (cur = user_info; *cur != NULL; cur++) - sudo_debug_printf(SUDO_DEBUG_INFO, "user_info: %s", *cur); + if (snl != NULL) { + tq_foreach_fwd(snl, nss) + nss->close(nss); } + if (def_group_plugin) + group_plugin_unload(); + sudo_endpwent(); + sudo_endgrent(); -#undef MATCHES - debug_return_int(flags); + debug_return; } static char * -resolve_editor(char *editor, int nfiles, char **files, char ***argv_out) +resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, char ***argv_out) { - char *cp, **nargv, *editor_path = NULL; + char *cp, **nargv, *editor, *editor_path = NULL; int ac, i, nargc; bool wasblank; debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN) - editor = estrdup(editor); /* becomes part of argv_out */ + /* Note: editor becomes part of argv_out and is not freed. */ + editor = emalloc(edlen + 1); + memcpy(editor, ed, edlen); + editor[edlen] = '\0'; /* * Split editor into an argument vector; editor is reused (do not free). @@ -1516,7 +967,9 @@ resolve_editor(char *editor, int nfiles, char **files, char ***argv_out) static char * find_editor(int nfiles, char **files, char ***argv_out) { - char *cp, *editor, *editor_path = NULL, **ev, *ev0[4]; + const char *cp, *ep, *editor; + char *editor_path = NULL, **ev, *ev0[4]; + size_t len; debug_decl(find_editor, SUDO_DEBUG_PLUGIN) /* @@ -1526,26 +979,26 @@ find_editor(int nfiles, char **files, char ***argv_out) ev0[1] = "VISUAL"; ev0[2] = "EDITOR"; ev0[3] = NULL; - for (ev = ev0; *ev != NULL; ev++) { + for (ev = ev0; editor_path == NULL && *ev != NULL; ev++) { if ((editor = getenv(*ev)) != NULL && *editor != '\0') { - editor_path = resolve_editor(editor, nfiles, files, argv_out); - if (editor_path != NULL) - break; + editor_path = resolve_editor(editor, strlen(editor), nfiles, + files, argv_out); } } if (editor_path == NULL) { - /* def_editor could be a path, split it up */ - editor = estrdup(def_editor); - cp = strtok(editor, ":"); - while (cp != NULL && editor_path == NULL) { - editor_path = resolve_editor(cp, nfiles, files, argv_out); - cp = strtok(NULL, ":"); - } - if (editor_path) - efree(editor); + /* def_editor could be a path, split it up, avoiding strtok() */ + cp = editor = def_editor; + do { + if ((ep = strchr(cp, ':')) != NULL) + len = ep - cp; + else + len = strlen(cp); + editor_path = resolve_editor(cp, len, nfiles, files, argv_out); + cp = ep + 1; + } while (ep != NULL && editor_path == NULL); } if (!editor_path) { - audit_failure(NewArgv, _("%s: command not found"), editor); + audit_failure(NewArgv, N_("%s: command not found"), editor); warningx(_("%s: command not found"), editor); } debug_return_str(editor_path); @@ -1587,41 +1040,15 @@ create_admin_success_flag(void) } #endif /* USE_ADMIN_FLAG */ -static void -sudoers_policy_register_hooks(int version, int (*register_hook)(struct sudo_hook *hook)) +static bool +tty_present(void) { - struct sudo_hook hook; - - memset(&hook, 0, sizeof(hook)); - hook.hook_version = SUDO_HOOK_VERSION; - - hook.hook_type = SUDO_HOOK_SETENV; - hook.hook_fn = sudoers_hook_setenv; - register_hook(&hook); - - hook.hook_type = SUDO_HOOK_UNSETENV; - hook.hook_fn = sudoers_hook_unsetenv; - register_hook(&hook); - - hook.hook_type = SUDO_HOOK_GETENV; - hook.hook_fn = sudoers_hook_getenv; - register_hook(&hook); - - hook.hook_type = SUDO_HOOK_PUTENV; - hook.hook_fn = sudoers_hook_putenv; - register_hook(&hook); +#if defined(HAVE_STRUCT_KINFO_PROC2_P_TDEV) || defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) || defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV) || defined(HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV) || defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || defined(__linux__) + return user_ttypath != NULL; +#else + int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY); + if (fd != -1) + close(fd); + return fd != -1; +#endif } - -__dso_public struct policy_plugin sudoers_policy = { - SUDO_POLICY_PLUGIN, - SUDO_API_VERSION, - sudoers_policy_open, - sudoers_policy_close, - sudoers_policy_version, - sudoers_policy_check, - sudoers_policy_list, - sudoers_policy_validate, - sudoers_policy_invalidate, - sudoers_policy_init_session, - sudoers_policy_register_hooks -}; diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index e69a977..4e64a8e 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996, 1998-2005, 2007-2011 + * Copyright (c) 1993-1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -19,8 +19,8 @@ * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ -#ifndef _SUDO_SUDOERS_H -#define _SUDO_SUDOERS_H +#ifndef _SUDOERS_SUDOERS_H +#define _SUDOERS_SUDOERS_H #include #ifdef HAVE_STDBOOL_H @@ -85,7 +85,7 @@ struct sudo_user { char *privs; char *limitprivs; #endif - char *cwd; + const char *cwd; char *iolog_file; GETGROUPS_T *gids; int ngids; @@ -93,6 +93,8 @@ struct sudo_user { int lines; int cols; int flags; + int max_groups; + mode_t umask; uid_t uid; uid_t gid; pid_t sid; @@ -173,6 +175,7 @@ struct sudo_user { #define user_uid (sudo_user.uid) #define user_gid (sudo_user.gid) #define user_sid (sudo_user.sid) +#define user_umask (sudo_user.umask) #define user_passwd (sudo_user.pw->pw_passwd) #define user_dir (sudo_user.pw->pw_dir) #define user_gids (sudo_user.gids) @@ -201,10 +204,11 @@ struct sudo_user { #define runas_limitprivs (sudo_user.limitprivs) #ifdef __TANDEM -# define ROOT_UID 65535 +# define ROOT_UID 65535 #else -# define ROOT_UID 0 +# define ROOT_UID 0 #endif +#define ROOT_GID 0 /* * We used to use the system definition of PASS_MAX or _PASSWD_LEN, @@ -222,7 +226,7 @@ struct timeval; /* * Function prototypes */ -#define YY_DECL int yylex(void) +#define YY_DECL int sudoerslex(void) /* goodpath.c */ bool sudo_goodpath(const char *, struct stat *); @@ -231,11 +235,18 @@ bool sudo_goodpath(const char *, struct stat *); int find_path(char *, char **, struct stat *, char *, int); /* check.c */ -int check_user(int, int); -void remove_timestamp(bool); +int check_user(int validate, int mode); bool user_is_exempt(void); +/* prompt.c */ +char *expand_prompt(const char *old_prompt, const char *user, const char *host); + +/* timestamp.c */ +void remove_timestamp(bool); +bool set_lectured(void); + /* sudo_auth.c */ +bool sudo_auth_needs_end_session(void); int verify_user(struct passwd *pw, char *prompt, int validated); int sudo_auth_begin_session(struct passwd *pw, char **user_env[]); int sudo_auth_end_session(struct passwd *pw); @@ -260,7 +271,7 @@ void restore_perms(void); int pam_prep_user(struct passwd *); /* gram.y */ -int yyparse(void); +int sudoersparse(void); /* toke.l */ YY_DECL; @@ -292,7 +303,7 @@ bool user_in_group(struct passwd *, const char *); struct group *sudo_fakegrnam(const char *); struct group_list *sudo_get_grlist(struct passwd *pw); struct passwd *sudo_fakepwnam(const char *, gid_t); -struct passwd *sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid); +struct passwd *sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell); struct passwd *sudo_getpwnam(const char *); struct passwd *sudo_getpwuid(uid_t); void sudo_endgrent(void); @@ -302,6 +313,8 @@ void sudo_grlist_addref(struct group_list *); void sudo_grlist_delref(struct group_list *); void sudo_pw_addref(struct passwd *); void sudo_pw_delref(struct passwd *); +void sudo_set_grlist(struct passwd *pw, char * const *groups, + char * const *gids); void sudo_setgrent(void); void sudo_setpwent(void); void sudo_setspent(void); @@ -316,6 +329,7 @@ int atobool(const char *str); int get_boottime(struct timeval *); /* iolog.c */ +int io_set_max_sessid(const char *sessid); void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]); /* iolog_path.c */ @@ -343,9 +357,16 @@ int sudoers_hook_unsetenv(const char *name, void *closure); char *fmt_string(const char *, const char *); /* sudoers.c */ -void plugin_cleanup(int); -void set_fqdn(void); FILE *open_sudoers(const char *, bool, bool *); +int sudoers_policy_init(void *info, char * const envp[]); +int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure); +void sudoers_cleanup(void); + +/* policy.c */ +int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group); +int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v); +extern const char *path_ldap_conf; +extern const char *path_ldap_secret; /* aix.c */ void aix_restoreauthdb(void); @@ -367,7 +388,6 @@ extern int long_list; extern int sudo_mode; extern uid_t timestamp_uid; extern sudo_conv_t sudo_conv; -extern sudo_printf_t sudo_printf; #endif -#endif /* _SUDO_SUDOERS_H */ +#endif /* _SUDOERS_SUDOERS_H */ diff --git a/plugins/sudoers/sudoers2ldif b/plugins/sudoers/sudoers2ldif index 442155e..1a69519 100755 --- a/plugins/sudoers/sudoers2ldif +++ b/plugins/sudoers/sudoers2ldif @@ -1,4 +1,20 @@ #!/usr/bin/env perl +# +# Copyright (c) 2007, 2010-2011, 2013 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + use strict; # @@ -46,7 +62,7 @@ while (<>){ my $opt=$'; $opt=~s/\s+$//; # remove trailing whitespace push @options,$opt; - } elsif (/^(\S+)\s+(.+)=\s*(.*)/) { + } elsif (/^(\S+)\s+([^=]+)=\s*(.*)/) { # Aliases or Definitions my ($p1,$p2,$p3)=($1,$2,$3); @@ -127,7 +143,7 @@ sub expand{ s/NOLOG_INPUT:\s*// && push @options,"!log_input"; s/LOG_OUTPUT:\s*// && push @options,"log_output"; s/NOLOG_OUTPUT:\s*// && push @options,"!log_output"; - s/\w+://; # silently remove other directives + s/[[:upper:]]+://; # silently remove other tags s/\s+$//; # right trim } diff --git a/plugins/sudoers/sudoers_version.h b/plugins/sudoers/sudoers_version.h index 72e7297..8e5e571 100644 --- a/plugins/sudoers/sudoers_version.h +++ b/plugins/sudoers/sudoers_version.h @@ -1,3 +1,19 @@ +/* + * Copyright (c) 2011-2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + /* * Major sudoers grammar changes are documented here. * Note that minor changes such as added Defaults options are not listed here. @@ -45,11 +61,12 @@ * 40 sudo 1.7.6/1.8.1, A group ID is now allowed in a User_List or Runas_List. * 41 sudo 1.7.6/1.8.4, Support for relative paths in #include and #includedir * 42 sudo 1.8.6, Support for empty Runas_List (with or without a colon) to mean the invoking user. Support for Solaris Privilege Sets (PRIVS= and LIMITPRIVS=). + * 43 sudo 1.8.7, Support for specifying a digest along with the command. */ #ifndef _SUDOERS_VERSION_H #define _SUDOERS_VERSION_H -#define SUDOERS_GRAMMAR_VERSION 42 +#define SUDOERS_GRAMMAR_VERSION 43 #endif /* _SUDOERS_VERSION_H */ diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index adbc9ba..8cd9488 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2012 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #ifdef HAVE_SYS_SYSMACROS_H # include @@ -82,9 +81,6 @@ #ifdef HAVE_ZLIB_H # include #endif -#ifdef HAVE_SETLOCALE -# include -#endif #include #ifdef HAVE_STDBOOL_H # include @@ -98,6 +94,7 @@ #include "alloc.h" #include "error.h" #include "gettext.h" +#include "logging.h" #include "sudo_plugin.h" #include "sudo_conf.h" #include "sudo_debug.h" @@ -181,8 +178,6 @@ struct search_node { } u; } *search_expr; -sudo_conv_t sudo_conv; /* NULL in non-plugin */ - #define STACK_NODE_SIZE 32 static struct search_node *node_stack[32]; static int stack_top; @@ -204,7 +199,6 @@ extern char *get_timestr(time_t, int); extern int term_raw(int, int); extern int term_restore(int, int); extern void get_ttysize(int *rowp, int *colp); -void cleanup(int); static int list_sessions(int, char **, const char *, const char *, const char *); static int parse_expr(struct search_node **, char **); @@ -217,6 +211,8 @@ static int parse_timing(const char *buf, const char *decimal, int *idx, double * static struct log_info *parse_logfile(char *logfile); static void free_log_info(struct log_info *li); static size_t atomic_writev(int fd, struct iovec *iov, int iovcnt); +static void sudoreplay_handler(int); +static void sudoreplay_cleanup(void); #ifdef HAVE_REGCOMP # define REGEX_T regex_t @@ -238,12 +234,14 @@ static size_t atomic_writev(int fd, struct iovec *iov, int iovcnt); (s)[8] == '/' && (s)[9] == 'l' && (s)[10] == 'o' && (s)[11] == 'g' && \ (s)[12] == '\0') +__dso_public int main(int argc, char *argv[]); + int main(int argc, char *argv[]) { int ch, idx, plen, exitcode = 0, rows = 0, cols = 0; bool interactive = false, listonly = false, need_nlcr = false; - const char *id, *user = NULL, *pattern = NULL, *tty = NULL, *decimal = "."; + const char *decimal, *id, *user = NULL, *pattern = NULL, *tty = NULL; char path[PATH_MAX], buf[LINE_MAX], *cp, *ep; double seconds, to_wait, speed = 1.0, max_wait = 0; sigaction_t sa; @@ -264,15 +262,16 @@ main(int argc, char *argv[]) setprogname(argc > 0 ? argv[0] : "sudoreplay"); #endif -#ifdef HAVE_SETLOCALE - setlocale(LC_ALL, ""); + sudoers_setlocale(SUDOERS_LOCALE_USER, NULL); decimal = localeconv()->decimal_point; -#endif bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have sudoreplay domain */ textdomain("sudoers"); + /* Register fatal/fatalx callback. */ + fatal_callback_register(sudoreplay_cleanup); + /* Read sudo.conf. */ - sudo_conf_read(); + sudo_conf_read(NULL); while ((ch = getopt(argc, argv, "d:f:hlm:s:V")) != -1) { switch(ch) { @@ -290,7 +289,7 @@ main(int argc, char *argv[]) else if (strcmp(cp, "ttyout") == 0) SET(replay_filter, 1 << IOFD_TTYOUT); else - errorx(1, _("invalid filter option: %s"), optarg); + fatalx(_("invalid filter option: %s"), optarg); } break; case 'h': @@ -303,13 +302,13 @@ main(int argc, char *argv[]) errno = 0; max_wait = strtod(optarg, &ep); if (*ep != '\0' || errno != 0) - errorx(1, _("invalid max wait: %s"), optarg); + fatalx(_("invalid max wait: %s"), optarg); break; case 's': errno = 0; speed = strtod(optarg, &ep); if (*ep != '\0' || errno != 0) - errorx(1, _("invalid speed factor: %s"), optarg); + fatalx(_("invalid speed factor: %s"), optarg); break; case 'V': (void) printf(_("%s version %s\n"), getprogname(), PACKAGE_VERSION); @@ -337,13 +336,13 @@ main(int argc, char *argv[]) plen = snprintf(path, sizeof(path), "%s/%.2s/%.2s/%.2s/timing", session_dir, id, &id[2], &id[4]); if (plen <= 0 || plen >= sizeof(path)) - errorx(1, _("%s/%.2s/%.2s/%.2s/timing: %s"), session_dir, + fatalx(_("%s/%.2s/%.2s/%.2s/timing: %s"), session_dir, id, &id[2], &id[4], strerror(ENAMETOOLONG)); } else { plen = snprintf(path, sizeof(path), "%s/%s/timing", session_dir, id); if (plen <= 0 || plen >= sizeof(path)) - errorx(1, _("%s/%s/timing: %s"), session_dir, + fatalx(_("%s/%s/timing: %s"), session_dir, id, strerror(ENAMETOOLONG)); } plen -= 7; @@ -352,7 +351,7 @@ main(int argc, char *argv[]) for (idx = 0; idx < IOFD_MAX; idx++) { if (ISSET(replay_filter, 1 << idx) || idx == IOFD_TIMING) { if (open_io_fd(path, plen, io_fnames[idx], &io_fds[idx]) == -1) - error(1, _("unable to open %s"), path); + fatal(_("unable to open %s"), path); } } @@ -380,7 +379,7 @@ main(int argc, char *argv[]) memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESETHAND; - sa.sa_handler = cleanup; + sa.sa_handler = sudoreplay_handler; (void) sigaction(SIGINT, &sa, NULL); (void) sigaction(SIGKILL, &sa, NULL); (void) sigaction(SIGTERM, &sa, NULL); @@ -398,8 +397,7 @@ main(int argc, char *argv[]) if (ch != -1) (void) fcntl(STDIN_FILENO, F_SETFL, ch | O_NONBLOCK); if (!term_raw(STDIN_FILENO, 1)) - error(1, _("unable to set tty to raw mode")); - iovcnt = 0; + fatal(_("unable to set tty to raw mode")); iovmax = 32; iov = ecalloc(iovmax, sizeof(*iov)); } @@ -415,7 +413,7 @@ main(int argc, char *argv[]) char last_char = '\0'; if (!parse_timing(buf, decimal, &idx, &seconds, &nbytes)) - errorx(1, _("invalid timing file line: %s"), buf); + fatalx(_("invalid timing file line: %s"), buf); if (interactive) check_input(STDIN_FILENO, &speed); @@ -498,7 +496,7 @@ main(int argc, char *argv[]) iovcnt = 1; } if (atomic_writev(STDOUT_FILENO, iov, iovcnt) == -1) - error(1, _("writing to standard output")); + fatal(_("writing to standard output")); } } term_restore(STDIN_FILENO, 1); @@ -527,8 +525,8 @@ delay(double secs) rval = nanosleep(&ts, &rts); } while (rval == -1 && errno == EINTR); if (rval == -1) { - error2(1, _("nanosleep: tv_sec %ld, tv_nsec %ld"), - (long)ts.tv_sec, (long)ts.tv_nsec); + fatal_nodebug("nanosleep: tv_sec %lld, tv_nsec %ld", + (long long)ts.tv_sec, (long)ts.tv_nsec); } } @@ -640,7 +638,7 @@ parse_expr(struct search_node **headp, char *argv[]) continue; case 'c': /* command */ if (av[0][1] == '\0') - errorx(1, _("ambiguous expression \"%s\""), *av); + fatalx(_("ambiguous expression \"%s\""), *av); if (strncmp(*av, "cwd", strlen(*av)) == 0) type = ST_CWD; else if (strncmp(*av, "command", strlen(*av)) == 0) @@ -665,7 +663,7 @@ parse_expr(struct search_node **headp, char *argv[]) break; case 't': /* tty or to date */ if (av[0][1] == '\0') - errorx(1, _("ambiguous expression \"%s\""), *av); + fatalx(_("ambiguous expression \"%s\""), *av); if (strncmp(*av, "todate", strlen(*av)) == 0) type = ST_TODATE; else if (strncmp(*av, "tty", strlen(*av)) == 0) @@ -682,7 +680,7 @@ parse_expr(struct search_node **headp, char *argv[]) if (av[0][1] != '\0') goto bad; if (stack_top + 1 == STACK_NODE_SIZE) { - errorx(1, _("too many parenthesized expressions, max %d"), + fatalx(_("too many parenthesized expressions, max %d"), STACK_NODE_SIZE); } node_stack[stack_top++] = sn; @@ -693,13 +691,13 @@ parse_expr(struct search_node **headp, char *argv[]) goto bad; /* pop */ if (--stack_top < 0) - errorx(1, _("unmatched ')' in expression")); + fatalx(_("unmatched ')' in expression")); if (node_stack[stack_top]) sn->next = node_stack[stack_top]->next; debug_return_int(av - argv + 1); bad: default: - errorx(1, _("unknown search term \"%s\""), *av); + fatalx(_("unknown search term \"%s\""), *av); /* NOTREACHED */ } @@ -713,17 +711,17 @@ parse_expr(struct search_node **headp, char *argv[]) av += parse_expr(&newsn->u.expr, av + 1); } else { if (*(++av) == NULL) - errorx(1, _("%s requires an argument"), av[-1]); + fatalx(_("%s requires an argument"), av[-1]); #ifdef HAVE_REGCOMP if (type == ST_PATTERN) { if (regcomp(&newsn->u.cmdre, *av, REG_EXTENDED|REG_NOSUB) != 0) - errorx(1, _("invalid regular expression: %s"), *av); + fatalx(_("invalid regular expression: %s"), *av); } else #endif if (type == ST_TODATE || type == ST_FROMDATE) { newsn->u.tstamp = get_date(*av); if (newsn->u.tstamp == -1) - errorx(1, _("could not parse date \"%s\""), *av); + fatalx(_("could not parse date \"%s\""), *av); } else { newsn->u.ptr = *av; } @@ -736,11 +734,11 @@ parse_expr(struct search_node **headp, char *argv[]) sn = newsn; } if (stack_top) - errorx(1, _("unmatched '(' in expression")); + fatalx(_("unmatched '(' in expression")); if (or) - errorx(1, _("illegal trailing \"or\"")); + fatalx(_("illegal trailing \"or\"")); if (not) - errorx(1, _("illegal trailing \"!\"")); + fatalx(_("illegal trailing \"!\"")); debug_return_int(av - argv); } @@ -783,7 +781,7 @@ match_expr(struct search_node *head, struct log_info *log) if (rc && rc != REG_NOMATCH) { char buf[BUFSIZ]; regerror(rc, &sn->u.cmdre, buf, sizeof(buf)); - errorx(1, "%s", buf); + fatalx("%s", buf); } matched = rc == REG_NOMATCH ? 0 : 1; #else @@ -958,7 +956,7 @@ session_compare(const void *v1, const void *v2) return strcmp(s1, s2); } -/* XXX - always returns 0, calls error() on failure */ +/* XXX - always returns 0, calls fatal() on failure */ static int find_sessions(const char *dir, REGEX_T *re, const char *user, const char *tty) { @@ -977,13 +975,13 @@ find_sessions(const char *dir, REGEX_T *re, const char *user, const char *tty) d = opendir(dir); if (d == NULL) - error(1, _("unable to open %s"), dir); + fatal(_("unable to open %s"), dir); /* XXX - would be faster to chdir and use relative names */ sdlen = strlcpy(pathbuf, dir, sizeof(pathbuf)); if (sdlen + 1 >= sizeof(pathbuf)) { errno = ENAMETOOLONG; - error(1, "%s/", dir); + fatal("%s/", dir); } pathbuf[sdlen++] = '/'; pathbuf[sdlen] = '\0'; @@ -1022,7 +1020,7 @@ find_sessions(const char *dir, REGEX_T *re, const char *user, const char *tty) "%s/log", sessions[i]); if (len <= 0 || len >= sizeof(pathbuf) - sdlen) { errno = ENAMETOOLONG; - error(1, "%s/%s/log", dir, sessions[i]); + fatal("%s/%s/log", dir, sessions[i]); } efree(sessions[i]); @@ -1041,7 +1039,7 @@ find_sessions(const char *dir, REGEX_T *re, const char *user, const char *tty) debug_return_int(0); } -/* XXX - always returns 0, calls error() on failure */ +/* XXX - always returns 0, calls fatal() on failure */ static int list_sessions(int argc, char **argv, const char *pattern, const char *user, const char *tty) @@ -1057,7 +1055,7 @@ list_sessions(int argc, char **argv, const char *pattern, const char *user, if (pattern) { re = &rebuf; if (regcomp(re, pattern, REG_EXTENDED|REG_NOSUB) != 0) - errorx(1, _("invalid regex: %s"), pattern); + fatalx(_("invalid regular expression: %s"), pattern); } #else re = (char *) pattern; @@ -1207,12 +1205,21 @@ help(void) } /* - * Cleanup hook for error()/errorx() + * Cleanup hook for fatal()/fatalx() */ -void -cleanup(int signo) +static void +sudoreplay_cleanup(void) +{ + term_restore(STDIN_FILENO, 0); +} + +/* + * Signal handler for SIGINT, SIGKILL, SIGTERM, SIGHUP + * Must be installed with SA_RESETHAND enabled. + */ +static void +sudoreplay_handler(int signo) { term_restore(STDIN_FILENO, 0); - if (signo) - kill(getpid(), signo); + kill(getpid(), signo); } diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index 148dd6e..00c71c5 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2012 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -25,7 +25,6 @@ #include -#include #include #include #include @@ -59,10 +58,6 @@ #include #include #include -#include -#ifdef HAVE_SETLOCALE -# include -#endif #include "tsgetgrpw.h" #include "sudoers.h" @@ -81,11 +76,9 @@ void print_defaults(void); void print_privilege(struct privilege *); void print_userspecs(void); void usage(void) __attribute__((__noreturn__)); -void cleanup(int); static void set_runaspw(const char *); static void set_runasgr(const char *); static int cb_runas_default(const char *); -static int testsudoers_printf(int msg_type, const char *fmt, ...); static int testsudoers_print(const char *msg); extern void setgrfile(const char *); @@ -106,15 +99,12 @@ extern int (*trace_print)(const char *msg); /* * Globals */ -struct interface *interfaces; struct sudo_user sudo_user; struct passwd *list_pw; static char *runas_group, *runas_user; extern int errorlineno; extern bool parse_error; extern char *errorfile; -sudo_printf_t sudo_printf = testsudoers_printf; -sudo_conv_t sudo_conv; /* NULL in non-plugin */ /* For getopt(3) */ extern char *optarg; @@ -124,9 +114,11 @@ extern int optind; extern char *malloc_options; #endif #ifdef YYDEBUG -extern int yydebug; +extern int sudoersdebug; #endif +__dso_public int main(int argc, char *argv[]); + int main(int argc, char *argv[]) { @@ -134,7 +126,7 @@ main(int argc, char *argv[]) struct privilege *priv; struct userspec *us; char *p, *grfile, *pwfile; - char hbuf[MAXHOSTNAMELEN + 1]; + char hbuf[HOST_NAME_MAX + 1]; int match, host_match, runas_match, cmnd_match; int ch, dflag, exitcode = 0; debug_decl(main, SUDO_DEBUG_MAIN) @@ -143,21 +135,19 @@ main(int argc, char *argv[]) malloc_options = "AFGJPR"; #endif #ifdef YYDEBUG - yydebug = 1; + sudoersdebug = 1; #endif #if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) setprogname(argc > 0 ? argv[0] : "testsudoers"); #endif -#ifdef HAVE_SETLOCALE - setlocale(LC_ALL, ""); -#endif + sudoers_setlocale(SUDOERS_LOCALE_USER, NULL); bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have own domain */ textdomain("sudoers"); /* Read sudo.conf. */ - sudo_conf_read(); + sudo_conf_read(NULL); dflag = 0; grfile = pwfile = NULL; @@ -222,11 +212,11 @@ main(int argc, char *argv[]) argc -= 2; } if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) - errorx(1, _("unknown user: %s"), user_name); + fatalx(_("unknown user: %s"), user_name); if (user_host == NULL) { if (gethostname(hbuf, sizeof(hbuf)) != 0) - error(1, "gethostname"); + fatal("gethostname"); hbuf[sizeof(hbuf) - 1] = '\0'; user_host = hbuf; } @@ -250,7 +240,7 @@ main(int argc, char *argv[]) for (to = user_args, from = argv; *from; from++) { n = strlcpy(to, *from, size - (to - user_args)); if (n >= size - (to - user_args)) - errorx(1, _("internal error, %s overflow"), "init_vars()"); + fatalx(_("internal error, %s overflow"), "init_vars()"); to += n; *to++ = ' '; } @@ -270,7 +260,7 @@ main(int argc, char *argv[]) /* Allocate space for data structures in the parser. */ init_parser("sudoers", false); - if (yyparse() != 0 || parse_error) { + if (sudoersparse() != 0 || parse_error) { parse_error = true; if (errorlineno != -1) (void) printf("Parse error in %s near line %d", @@ -366,7 +356,7 @@ set_runaspw(const char *user) runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); } else { if ((runas_pw = sudo_getpwnam(user)) == NULL) - errorx(1, _("unknown user: %s"), user); + fatalx(_("unknown user: %s"), user); } debug_return; @@ -384,7 +374,7 @@ set_runasgr(const char *group) runas_gr = sudo_fakegrnam(group); } else { if ((runas_gr = sudo_getgrnam(group)) == NULL) - errorx(1, _("unknown group: %s"), group); + fatalx(_("unknown group: %s"), group); } debug_return; @@ -414,12 +404,6 @@ sudo_endspent(void) return; } -void -set_fqdn(void) -{ - return; -} - FILE * open_sudoers(const char *sudoers, bool doedit, bool *keepopen) { @@ -478,15 +462,6 @@ restore_perms(void) { } -void -cleanup(int gotsignal) -{ - if (!gotsignal) { - sudo_endpwent(); - sudo_endgrent(); - } -} - void print_member(struct member *m) { @@ -603,7 +578,8 @@ print_privilege(struct privilege *priv) print_member(m); } fputs(" = ", stdout); - tags.nopasswd = tags.noexec = UNSPEC; + tags.nopasswd = UNSPEC; + tags.noexec = UNSPEC; tq_foreach_fwd(&p->cmndlist, cs) { if (cs != tq_first(&p->cmndlist)) fputs(", ", stdout); @@ -673,32 +649,6 @@ print_userspecs(void) debug_return; } -static int -testsudoers_printf(int msg_type, const char *fmt, ...) -{ - va_list ap; - FILE *fp; - debug_decl(testsudoers_printf, SUDO_DEBUG_UTIL) - - switch (msg_type) { - case SUDO_CONV_INFO_MSG: - fp = stdout; - break; - case SUDO_CONV_ERROR_MSG: - fp = stderr; - break; - default: - errno = EINVAL; - debug_return_int(-1); - } - - va_start(ap, fmt); - vfprintf(fp, fmt, ap); - va_end(ap); - - debug_return_int(0); -} - void dump_sudoers(void) { diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c new file mode 100644 index 0000000..a7b6518 --- /dev/null +++ b/plugins/sudoers/timestamp.c @@ -0,0 +1,421 @@ +/* + * Copyright (c) 1993-1996,1998-2005, 2007-2013 + * Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +#include + +#include +#include +#include +#ifndef __TANDEM +# include +#endif +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#if TIME_WITH_SYS_TIME +# include +#endif +#include +#include +#include +#include +#include + +#include "sudoers.h" +#include "check.h" + +static struct sudo_tty_info tty_info; +static char timestampdir[PATH_MAX]; +static char timestampfile[PATH_MAX]; + +/* + * Fills in timestampdir as well as timestampfile if using tty tickets. + */ +int +build_timestamp(struct passwd *pw) +{ + char *dirparent; + struct stat sb; + int len; + debug_decl(build_timestamp, SUDO_DEBUG_AUTH) + + /* Stash the tty's device, session ID and ctime for ticket comparison. */ + if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { + tty_info.dev = sb.st_dev; + tty_info.ino = sb.st_ino; + tty_info.rdev = sb.st_rdev; + tty_info.uid = sb.st_uid; + tty_info.gid = sb.st_gid; + tty_info.sid = user_sid; + } + + dirparent = def_timestampdir; + timestampfile[0] = '\0'; + len = snprintf(timestampdir, sizeof(timestampdir), "%s/%s", dirparent, + user_name); + if (len <= 0 || len >= sizeof(timestampdir)) + goto bad; + + /* + * Timestamp file may be a file in the directory or NUL to use + * the directory as the timestamp. + */ + if (def_tty_tickets) { + char *p; + + if ((p = strrchr(user_tty, '/'))) + p++; + else + p = user_tty; + if (def_targetpw) + len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s:%s", + dirparent, user_name, p, runas_pw->pw_name); + else + len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s", + dirparent, user_name, p); + if (len <= 0 || len >= sizeof(timestampfile)) + goto bad; + } else if (def_targetpw) { + len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s", + dirparent, user_name, runas_pw->pw_name); + if (len <= 0 || len >= sizeof(timestampfile)) + goto bad; + } + sudo_debug_printf(SUDO_DEBUG_INFO, "using timestamp file %s", timestampfile); + + debug_return_int(len); +bad: + log_fatal(0, N_("timestamp path too long: %s"), + *timestampfile ? timestampfile : timestampdir); + /* NOTREACHED */ + debug_return_int(-1); +} + +/* + * Update the time on the timestamp file/dir or create it if necessary. + */ +bool +update_timestamp(struct passwd *pw) +{ + debug_decl(update_timestamp, SUDO_DEBUG_AUTH) + + /* If using tty timestamps but we have no tty there is nothing to do. */ + if (def_tty_tickets && !user_ttypath) + debug_return_bool(false); + + if (timestamp_uid != 0) + set_perms(PERM_TIMESTAMP); + if (*timestampfile) { + /* + * Store tty info in timestamp file + */ + int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600); + if (fd == -1) + log_warning(USE_ERRNO, N_("unable to open %s"), timestampfile); + else { + lock_file(fd, SUDO_LOCK); + if (write(fd, &tty_info, sizeof(tty_info)) != sizeof(tty_info)) + log_warning(USE_ERRNO, N_("unable to write to %s"), timestampfile); + close(fd); + } + } else { + if (touch(-1, timestampdir, NULL) == -1) { + if (mkdir(timestampdir, 0700) == -1) { + log_warning(USE_ERRNO, N_("unable to mkdir %s"), + timestampdir); + } + } + } + if (timestamp_uid != 0) + restore_perms(); + debug_return_bool(true); +} + +/* + * Check the timestamp file and directory and return their status. + */ +static int +timestamp_status_internal(bool removing) +{ + struct stat sb; + struct timeval boottime, mtime; + time_t now; + char *dirparent = def_timestampdir; + int status = TS_ERROR; /* assume the worst */ + debug_decl(timestamp_status_internal, SUDO_DEBUG_AUTH) + + if (timestamp_uid != 0) + set_perms(PERM_TIMESTAMP); + + /* + * Sanity check dirparent and make it if it doesn't already exist. + * We start out assuming the worst (that the dir is not sane) and + * if it is ok upgrade the status to ``no timestamp file''. + * Note that we don't check the parent(s) of dirparent for + * sanity since the sudo dir is often just located in /tmp. + */ + if (lstat(dirparent, &sb) == 0) { + if (!S_ISDIR(sb.st_mode)) + log_warning(0, N_("%s exists but is not a directory (0%o)"), + dirparent, (unsigned int) sb.st_mode); + else if (sb.st_uid != timestamp_uid) + log_warning(0, N_("%s owned by uid %u, should be uid %u"), + dirparent, (unsigned int) sb.st_uid, + (unsigned int) timestamp_uid); + else if ((sb.st_mode & 0000022)) + log_warning(0, + N_("%s writable by non-owner (0%o), should be mode 0700"), + dirparent, (unsigned int) sb.st_mode); + else { + if ((sb.st_mode & 0000777) != 0700) + (void) chmod(dirparent, 0700); + status = TS_MISSING; + } + } else if (errno != ENOENT) { + log_warning(USE_ERRNO, N_("unable to stat %s"), dirparent); + } else { + /* No dirparent, try to make one. */ + if (!removing) { + if (mkdir(dirparent, S_IRWXU)) + log_warning(USE_ERRNO, N_("unable to mkdir %s"), + dirparent); + else + status = TS_MISSING; + } + } + if (status == TS_ERROR) + goto done; + + /* + * Sanity check the user's ticket dir. We start by downgrading + * the status to TS_ERROR. If the ticket dir exists and is sane + * this will be upgraded to TS_OLD. If the dir does not exist, + * it will be upgraded to TS_MISSING. + */ + status = TS_ERROR; /* downgrade status again */ + if (lstat(timestampdir, &sb) == 0) { + if (!S_ISDIR(sb.st_mode)) { + if (S_ISREG(sb.st_mode)) { + /* convert from old style */ + if (unlink(timestampdir) == 0) + status = TS_MISSING; + } else + log_warning(0, N_("%s exists but is not a directory (0%o)"), + timestampdir, (unsigned int) sb.st_mode); + } else if (sb.st_uid != timestamp_uid) + log_warning(0, N_("%s owned by uid %u, should be uid %u"), + timestampdir, (unsigned int) sb.st_uid, + (unsigned int) timestamp_uid); + else if ((sb.st_mode & 0000022)) + log_warning(0, + N_("%s writable by non-owner (0%o), should be mode 0700"), + timestampdir, (unsigned int) sb.st_mode); + else { + if ((sb.st_mode & 0000777) != 0700) + (void) chmod(timestampdir, 0700); + status = TS_OLD; /* do date check later */ + } + } else if (errno != ENOENT) { + log_warning(USE_ERRNO, N_("unable to stat %s"), timestampdir); + } else + status = TS_MISSING; + + /* + * If there is no user ticket dir, AND we are in tty ticket mode, + * AND we are not just going to remove it, create the user ticket dir. + */ + if (status == TS_MISSING && *timestampfile && !removing) { + if (mkdir(timestampdir, S_IRWXU) == -1) { + status = TS_ERROR; + log_warning(USE_ERRNO, N_("unable to mkdir %s"), timestampdir); + } + } + + /* + * Sanity check the tty ticket file if it exists. + */ + if (*timestampfile && status != TS_ERROR) { + if (status != TS_MISSING) + status = TS_NOFILE; /* dir there, file missing */ + if (def_tty_tickets && !user_ttypath) + goto done; /* no tty, always prompt */ + if (lstat(timestampfile, &sb) == 0) { + if (!S_ISREG(sb.st_mode)) { + status = TS_ERROR; + log_warning(0, N_("%s exists but is not a regular file (0%o)"), + timestampfile, (unsigned int) sb.st_mode); + } else { + /* If bad uid or file mode, complain and kill the bogus file. */ + if (sb.st_uid != timestamp_uid) { + log_warning(0, + N_("%s owned by uid %u, should be uid %u"), + timestampfile, (unsigned int) sb.st_uid, + (unsigned int) timestamp_uid); + (void) unlink(timestampfile); + } else if ((sb.st_mode & 0000022)) { + log_warning(0, + N_("%s writable by non-owner (0%o), should be mode 0600"), + timestampfile, (unsigned int) sb.st_mode); + (void) unlink(timestampfile); + } else { + /* If not mode 0600, fix it. */ + if ((sb.st_mode & 0000777) != 0600) + (void) chmod(timestampfile, 0600); + + /* + * Check for stored tty info. If the file is zero-sized + * it is an old-style timestamp with no tty info in it. + * If removing, we don't care about the contents. + * The actual mtime check is done later. + */ + if (removing) { + status = TS_OLD; + } else if (sb.st_size != 0) { + struct sudo_tty_info info; + int fd = open(timestampfile, O_RDONLY, 0644); + if (fd != -1) { + if (read(fd, &info, sizeof(info)) == sizeof(info) && + memcmp(&info, &tty_info, sizeof(info)) == 0) { + status = TS_OLD; + } + close(fd); + } + } + } + } + } else if (errno != ENOENT) { + log_warning(USE_ERRNO, N_("unable to stat %s"), timestampfile); + status = TS_ERROR; + } + } + + /* + * If the file/dir exists and we are not removing it, check its mtime. + */ + if (status == TS_OLD && !removing) { + mtim_get(&sb, &mtime); + if (timevalisset(&mtime)) { + /* Negative timeouts only expire manually (sudo -k). */ + if (def_timestamp_timeout < 0) { + status = TS_CURRENT; + } else { + time(&now); + if (def_timestamp_timeout && + now - mtime.tv_sec < 60 * def_timestamp_timeout) { + /* + * Check for bogus time on the stampfile. The clock may + * have been set back or user could be trying to spoof us. + */ + if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { + time_t tv_sec = (time_t)mtime.tv_sec; + log_warning(0, + N_("timestamp too far in the future: %20.20s"), + 4 + ctime(&tv_sec)); + if (*timestampfile) + (void) unlink(timestampfile); + else + (void) rmdir(timestampdir); + status = TS_MISSING; + } else if (get_boottime(&boottime) && + timevalcmp(&mtime, &boottime, <)) { + status = TS_OLD; + } else { + status = TS_CURRENT; + } + } + } + } + } + +done: + if (timestamp_uid != 0) + restore_perms(); + debug_return_int(status); +} + +int +timestamp_status(struct passwd *pw) +{ + return timestamp_status_internal(false); +} + +/* + * Remove the timestamp ticket file/dir. + */ +void +remove_timestamp(bool remove) +{ + struct timeval tv; + char *path; + int status; + debug_decl(remove_timestamp, SUDO_DEBUG_AUTH) + + if (build_timestamp(NULL) == -1) + debug_return; + + status = timestamp_status_internal(true); + if (status != TS_MISSING && status != TS_ERROR) { + path = *timestampfile ? timestampfile : timestampdir; + if (remove) { + if (*timestampfile) + status = unlink(timestampfile); + else + status = rmdir(timestampdir); + if (status == -1 && errno != ENOENT) { + log_warning(0, + N_("unable to remove %s, will reset to the epoch"), path); + remove = false; + } + } + if (!remove) { + timevalclear(&tv); + if (touch(-1, path, &tv) == -1 && errno != ENOENT) + fatal(_("unable to reset %s to the epoch"), path); + } + } + + debug_return; +} + +/* + * Lecture status is currently implied by the timestamp status but + * may be stored separately in a future release. + */ +bool +set_lectured(void) +{ + return true; +} diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 6dfe12c..03a9795 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -1,4 +1,21 @@ #include +#define yy_create_buffer sudoers_create_buffer +#define yy_delete_buffer sudoers_delete_buffer +#define yy_scan_buffer sudoers_scan_buffer +#define yy_scan_string sudoers_scan_string +#define yy_scan_bytes sudoers_scan_bytes +#define yy_flex_debug sudoers_flex_debug +#define yy_init_buffer sudoers_init_buffer +#define yy_flush_buffer sudoers_flush_buffer +#define yy_load_buffer_state sudoers_load_buffer_state +#define yy_switch_to_buffer sudoers_switch_to_buffer +#define yyin sudoersin +#define yyleng sudoersleng +#define yylex sudoerslex +#define yyout sudoersout +#define yyrestart sudoersrestart +#define yytext sudoerstext + /* $OpenBSD: flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $ */ /* A lexical scanner generated by flex */ @@ -289,79 +306,100 @@ static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); *yy_cp = '\0'; \ yy_c_buf_p = yy_cp; -#define YY_NUM_RULES 61 -#define YY_END_OF_BUFFER 62 -static yyconst short int yy_accept[622] = +#define YY_NUM_RULES 67 +#define YY_END_OF_BUFFER 68 +static yyconst short int yy_accept[814] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 62, 49, 57, 56, 55, 48, 60, 32, - 50, 51, 32, 52, 49, 49, 49, 49, 54, 53, - 60, 44, 44, 44, 44, 44, 44, 44, 44, 44, - 44, 60, 49, 49, 57, 60, 44, 44, 44, 44, - 44, 2, 60, 1, 49, 44, 44, 49, 17, 16, - 17, 16, 16, 60, 60, 60, 3, 9, 8, 9, - 4, 9, 5, 60, 13, 13, 13, 11, 12, 49, - 0, 57, 55, 0, 59, 0, 49, 34, 0, 32, - 0, 33, 0, 47, 47, 0, 49, 49, 0, 49, - - 49, 49, 49, 0, 37, 44, 44, 44, 44, 44, - 44, 44, 44, 44, 44, 44, 44, 49, 58, 49, - 57, 0, 0, 0, 0, 0, 0, 49, 49, 49, - 49, 49, 2, 1, 0, 1, 45, 45, 0, 49, - 17, 17, 15, 14, 15, 0, 0, 3, 9, 0, - 6, 7, 9, 9, 13, 0, 13, 13, 0, 10, - 0, 0, 0, 34, 34, 0, 0, 49, 49, 49, - 49, 49, 0, 0, 37, 37, 44, 39, 44, 44, - 44, 44, 44, 44, 44, 44, 44, 44, 44, 44, - 49, 0, 0, 0, 0, 0, 0, 49, 49, 49, - - 49, 49, 0, 49, 10, 0, 49, 49, 49, 49, - 49, 49, 0, 38, 38, 38, 0, 0, 37, 37, - 37, 37, 37, 37, 37, 44, 44, 44, 44, 44, - 44, 44, 44, 44, 44, 40, 44, 41, 49, 0, - 0, 0, 0, 0, 0, 49, 49, 49, 49, 49, - 49, 49, 0, 0, 38, 38, 38, 0, 37, 37, - 0, 37, 37, 37, 37, 37, 37, 37, 37, 37, - 37, 37, 0, 25, 44, 44, 44, 44, 44, 44, - 44, 44, 42, 44, 49, 0, 0, 0, 0, 49, - 49, 49, 49, 49, 49, 49, 49, 0, 38, 0, - - 37, 37, 37, 0, 0, 0, 37, 37, 37, 37, - 37, 37, 37, 37, 37, 37, 37, 37, 37, 44, - 44, 44, 44, 44, 44, 44, 44, 44, 49, 0, - 0, 0, 49, 49, 49, 35, 35, 35, 0, 0, - 37, 37, 37, 37, 37, 37, 37, 0, 0, 0, - 0, 0, 37, 37, 37, 37, 37, 37, 37, 37, - 37, 37, 37, 37, 37, 37, 44, 44, 44, 0, - 24, 44, 44, 44, 44, 0, 23, 0, 26, 49, - 0, 0, 0, 49, 49, 49, 49, 35, 35, 35, - 35, 0, 37, 0, 37, 37, 37, 37, 37, 37, - - 37, 37, 37, 37, 37, 0, 0, 0, 37, 37, - 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, - 37, 44, 44, 44, 44, 44, 44, 44, 46, 0, - 0, 0, 49, 20, 45, 36, 36, 36, 36, 37, - 0, 0, 0, 37, 37, 37, 37, 37, 37, 37, - 37, 37, 37, 37, 37, 37, 0, 0, 0, 0, - 0, 37, 37, 37, 37, 37, 37, 37, 37, 44, - 44, 44, 44, 44, 0, 22, 0, 27, 0, 20, - 0, 0, 49, 0, 49, 49, 49, 36, 36, 36, - 36, 0, 0, 0, 0, 0, 37, 37, 37, 37, + 0, 0, 0, 0, 68, 55, 63, 62, 61, 54, + 66, 34, 56, 57, 34, 58, 55, 55, 55, 55, + 60, 59, 66, 46, 46, 46, 46, 46, 46, 46, + 46, 46, 46, 66, 55, 55, 63, 66, 46, 46, + 46, 46, 46, 2, 66, 1, 55, 46, 46, 55, + 17, 16, 17, 16, 16, 66, 66, 66, 3, 9, + 8, 9, 4, 9, 5, 66, 13, 13, 13, 11, + 12, 66, 19, 19, 18, 18, 18, 19, 18, 18, + 18, 19, 19, 19, 19, 19, 18, 19, 19, 55, + + 0, 63, 61, 0, 65, 0, 55, 36, 0, 34, + 0, 35, 0, 53, 53, 0, 55, 55, 0, 55, + 55, 55, 55, 0, 39, 46, 46, 46, 46, 46, + 46, 46, 46, 46, 46, 46, 46, 55, 64, 55, + 55, 63, 0, 0, 0, 0, 0, 0, 55, 55, + 55, 55, 55, 2, 1, 0, 1, 47, 47, 0, + 55, 17, 17, 15, 14, 15, 0, 0, 3, 9, + 0, 6, 7, 9, 9, 13, 0, 13, 13, 0, + 10, 36, 0, 0, 35, 19, 19, 0, 19, 0, + 0, 18, 18, 18, 18, 18, 18, 19, 19, 46, + + 19, 19, 19, 19, 19, 19, 19, 0, 0, 0, + 36, 55, 55, 55, 55, 55, 0, 0, 39, 39, + 46, 41, 46, 46, 46, 46, 46, 46, 46, 46, + 46, 46, 46, 46, 55, 55, 0, 0, 0, 0, + 0, 0, 55, 55, 55, 55, 55, 0, 55, 10, + 0, 0, 0, 18, 18, 18, 19, 19, 19, 19, + 19, 19, 19, 19, 19, 19, 19, 0, 55, 55, + 55, 55, 55, 55, 0, 40, 40, 40, 0, 0, + 39, 39, 39, 39, 39, 39, 39, 46, 46, 46, + 46, 46, 46, 46, 46, 46, 46, 42, 46, 43, + + 55, 55, 55, 55, 0, 0, 0, 0, 0, 0, + 55, 55, 55, 55, 0, 0, 0, 0, 0, 18, + 18, 19, 46, 19, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 55, 55, 55, 0, 0, 40, 40, + 40, 0, 39, 39, 0, 39, 39, 39, 39, 39, + 39, 39, 39, 39, 39, 39, 0, 27, 46, 46, + 46, 46, 46, 46, 46, 46, 44, 46, 55, 55, + 55, 55, 55, 0, 0, 0, 0, 55, 55, 55, + 0, 0, 0, 18, 18, 46, 46, 19, 19, 19, + 19, 19, 19, 19, 19, 19, 19, 19, 55, 55, + + 55, 55, 55, 0, 40, 0, 39, 39, 39, 0, + 0, 0, 39, 39, 39, 39, 39, 39, 39, 39, + 39, 39, 39, 39, 39, 46, 46, 46, 46, 46, + 46, 46, 46, 46, 48, 49, 50, 51, 55, 0, + 0, 0, 55, 55, 55, 0, 0, 0, 0, 0, + 46, 46, 19, 46, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 37, 37, 37, 0, 0, 39, 39, + 39, 39, 39, 39, 39, 0, 0, 0, 0, 0, + 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, + 39, 39, 39, 39, 46, 46, 46, 0, 26, 46, + + 46, 46, 46, 0, 25, 0, 28, 55, 0, 0, + 0, 55, 55, 55, 37, 37, 37, 46, 46, 46, + 46, 19, 19, 19, 55, 37, 37, 37, 37, 0, + 39, 0, 39, 39, 39, 39, 39, 39, 39, 39, + 39, 39, 39, 0, 0, 0, 39, 39, 39, 39, + 39, 39, 39, 39, 39, 39, 39, 39, 39, 46, + 46, 46, 46, 46, 46, 46, 52, 0, 0, 0, + 55, 22, 47, 0, 37, 37, 37, 37, 46, 46, + 46, 46, 19, 19, 19, 38, 38, 38, 38, 39, + 0, 0, 0, 39, 39, 39, 39, 39, 39, 39, + + 39, 39, 39, 39, 39, 39, 0, 0, 0, 0, + 0, 39, 39, 39, 39, 39, 39, 39, 39, 46, + 46, 46, 46, 46, 0, 24, 0, 29, 0, 22, + 0, 0, 55, 0, 55, 38, 38, 38, 38, 46, + 46, 46, 46, 55, 55, 38, 38, 38, 38, 0, + 0, 0, 0, 0, 39, 39, 39, 39, 39, 39, + 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, + 39, 39, 39, 39, 45, 0, 32, 46, 46, 46, + 0, 0, 0, 20, 0, 23, 22, 0, 0, 0, + 0, 0, 22, 0, 0, 0, 38, 38, 38, 38, + + 46, 46, 46, 55, 55, 55, 0, 0, 0, 39, + 39, 39, 39, 39, 39, 39, 39, 39, 39, 39, + 39, 39, 39, 39, 39, 39, 39, 0, 30, 46, + 46, 23, 0, 0, 22, 0, 0, 0, 46, 46, + 55, 55, 55, 55, 55, 0, 0, 0, 0, 0, + 39, 39, 39, 39, 39, 39, 39, 39, 0, 33, + 46, 0, 0, 0, 0, 0, 0, 46, 55, 55, + 55, 39, 39, 39, 39, 39, 39, 0, 31, 0, + 0, 21, 0, 0, 0, 55, 55, 55, 55, 55, + 39, 39, 39, 39, 39, 0, 0, 0, 0, 0, 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, - 37, 37, 37, 37, 37, 37, 43, 0, 30, 44, - 44, 44, 0, 0, 0, 18, 0, 21, 20, 0, - 0, 0, 0, 0, 20, 0, 49, 49, 49, 0, - 0, 0, 37, 37, 37, 37, 37, 37, 37, 37, - 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, - 0, 28, 44, 44, 21, 0, 0, 20, 49, 49, - 49, 49, 49, 0, 0, 0, 0, 0, 37, 37, - 37, 37, 37, 37, 37, 37, 0, 31, 44, 0, - 49, 49, 49, 37, 37, 37, 37, 37, 37, 0, - - 29, 0, 0, 19, 49, 49, 49, 49, 49, 37, - 37, 37, 37, 37, 35, 35, 35, 35, 35, 35, - 0 + 37, 37, 0 } ; static yyconst int yy_ec[256] = @@ -371,15 +409,15 @@ static yyconst int yy_ec[256] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 4, 5, 6, 1, 7, 1, 1, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, - 19, 20, 21, 22, 22, 22, 23, 24, 1, 1, - 25, 26, 10, 27, 28, 29, 30, 31, 32, 29, - 33, 34, 35, 36, 36, 37, 38, 39, 40, 41, - 36, 42, 43, 44, 45, 46, 47, 48, 49, 36, - 10, 50, 10, 1, 51, 1, 52, 53, 54, 55, - - 56, 57, 58, 58, 59, 58, 58, 60, 61, 62, - 63, 58, 58, 64, 65, 66, 67, 58, 58, 58, - 58, 58, 1, 1, 1, 1, 1, 1, 1, 1, + 19, 20, 21, 22, 23, 24, 25, 26, 1, 1, + 27, 28, 10, 29, 30, 31, 32, 33, 34, 31, + 35, 36, 37, 38, 38, 39, 40, 41, 42, 43, + 38, 44, 45, 46, 47, 48, 49, 50, 51, 38, + 10, 52, 10, 1, 53, 1, 54, 55, 56, 57, + + 58, 59, 60, 61, 62, 60, 60, 63, 64, 65, + 66, 60, 60, 67, 68, 69, 70, 60, 60, 60, + 60, 60, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -396,583 +434,858 @@ static yyconst int yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst int yy_meta[68] = +static yyconst int yy_meta[71] = { 0, 1, 2, 3, 4, 5, 6, 1, 7, 7, 1, - 1, 8, 1, 9, 10, 11, 11, 11, 11, 11, - 11, 11, 11, 12, 13, 7, 1, 11, 11, 11, - 11, 11, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 14, - 15, 16, 16, 16, 16, 16, 16, 15, 15, 15, - 15, 15, 15, 15, 15, 15, 15 + 8, 9, 10, 11, 12, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 13, 14, 15, 7, 1, 16, + 16, 16, 16, 16, 17, 17, 17, 17, 17, 17, + 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, + 17, 18, 19, 20, 20, 20, 20, 20, 20, 21, + 21, 21, 21, 21, 21, 21, 21, 21, 21, 21 } ; -static yyconst short int yy_base[686] = +static yyconst short int yy_base[931] = { 0, - 0, 66, 68, 76, 119, 124, 173, 239, 148, 197, - 82, 90, 2937, 2886, 2933, 3595, 2929, 3595, 165, 65, - 3595, 3595, 2882, 3595, 130, 293, 173, 146, 2907, 3595, - 3595, 350, 2893, 42, 402, 41, 2889, 74, 2888, 2895, - 2876, 458, 197, 57, 219, 482, 38, 207, 2854, 37, - 2851, 117, 249, 2880, 326, 2841, 2852, 105, 0, 3595, - 2875, 3595, 0, 469, 424, 143, 0, 2828, 3595, 48, - 3595, 223, 3595, 155, 2827, 202, 97, 3595, 252, 2817, - 504, 2855, 2852, 2852, 3595, 258, 504, 312, 526, 201, - 548, 2796, 557, 528, 2795, 582, 579, 614, 2820, 2829, - - 593, 601, 266, 2818, 182, 656, 0, 2796, 2791, 2766, - 2761, 296, 2727, 2725, 2713, 2696, 2691, 426, 3595, 87, - 659, 2659, 2663, 2655, 2650, 2651, 257, 196, 318, 276, - 258, 288, 436, 2694, 631, 2693, 655, 2644, 690, 303, - 0, 2681, 168, 3595, 3595, 701, 352, 0, 2634, 723, - 3595, 3595, 2633, 447, 2632, 2676, 467, 461, 433, 2670, - 2659, 2600, 720, 733, 206, 755, 759, 771, 781, 791, - 828, 2581, 2570, 870, 453, 913, 955, 0, 2563, 2557, - 2540, 2523, 2530, 2541, 2536, 2516, 2502, 2496, 2475, 2473, - 277, 2442, 2436, 2402, 2404, 2407, 477, 436, 2405, 424, - - 401, 292, 813, 488, 2454, 2450, 845, 438, 855, 890, - 756, 465, 2428, 2418, 930, 554, 2409, 2408, 463, 898, - 999, 939, 972, 1042, 980, 2403, 490, 2378, 500, 2380, - 2338, 2327, 2325, 2321, 2310, 0, 2305, 0, 508, 2274, - 2238, 2212, 2211, 2176, 515, 517, 615, 527, 529, 1018, - 1061, 1086, 2212, 2210, 1026, 2209, 2203, 2171, 2166, 565, - 1069, 754, 1096, 802, 1123, 0, 1106, 1134, 1151, 1159, - 1177, 1196, 601, 3595, 2136, 2137, 2127, 2131, 2090, 2090, - 2084, 2078, 0, 2062, 607, 2056, 2024, 2025, 573, 576, - 578, 676, 1204, 591, 1221, 1239, 1231, 2064, 2031, 2006, - - 2004, 1274, 676, 1256, 1293, 1318, 682, 808, 815, 1301, - 819, 1328, 0, 1339, 1350, 1367, 1247, 1393, 1377, 1955, - 1915, 1888, 742, 692, 1884, 1891, 794, 980, 777, 1889, - 1856, 652, 945, 680, 820, 1411, 1420, 1436, 1842, 1824, - 1800, 1446, 1473, 1455, 1266, 1515, 1492, 1500, 1809, 1534, - 1559, 1544, 1009, 1052, 1569, 1571, 1580, 1590, 1601, 0, - 1612, 1623, 1590, 1463, 1666, 1642, 1762, 1737, 1740, 1108, - 3595, 1696, 1672, 1662, 1628, 1157, 3595, 1158, 3595, 774, - 1514, 1500, 730, 1152, 697, 913, 1650, 805, 1686, 1709, - 1695, 1516, 1500, 1721, 1222, 1730, 1474, 1744, 0, 830, - - 1755, 1772, 1571, 1797, 1782, 1816, 1841, 1851, 1284, 1377, - 1832, 1861, 1861, 1872, 1883, 0, 1894, 1905, 1872, 1824, - 1924, 1414, 1400, 1375, 1336, 1331, 1159, 1483, 1312, 1274, - 1260, 1539, 606, 1730, 1238, 1949, 1959, 1969, 1984, 1256, - 1994, 2004, 2019, 1245, 1535, 1915, 1932, 1950, 2029, 0, - 874, 2040, 2057, 2065, 2082, 2101, 2109, 1214, 2126, 2136, - 2146, 1633, 1675, 2154, 924, 966, 2165, 0, 1003, 1092, - 1731, 1087, 1056, 1052, 2042, 3595, 2063, 3595, 1017, 2147, - 1126, 624, 1311, 2187, 2192, 2183, 1756, 2193, 2203, 2230, - 1979, 2238, 992, 2248, 2265, 2275, 830, 811, 1970, 2194, - - 2281, 2214, 2291, 0, 1111, 2302, 2319, 2256, 2344, 2329, - 2362, 2371, 2387, 1807, 813, 1170, 0, 2065, 3595, 2228, - 738, 713, 680, 731, 1201, 3595, 900, 653, 2409, 2414, - 2419, 2424, 2418, 2436, 2445, 2446, 2459, 2469, 2480, 2494, - 2504, 2515, 569, 531, 2215, 2217, 2523, 2221, 2533, 0, - 1278, 2544, 2561, 2569, 2588, 519, 2597, 2606, 2615, 492, - 2304, 3595, 2393, 452, 3595, 1416, 2621, 2629, 2637, 1981, - 2647, 2657, 2672, 2682, 345, 2692, 2707, 2717, 305, 264, - 2303, 245, 191, 2725, 0, 1477, 2441, 3595, 2444, 1632, - 2735, 2745, 2755, 2770, 2780, 2790, 90, 0, 92, 2482, - - 3595, 100, 1647, 3595, 2798, 1982, 2808, 2818, 2833, 3595, - 2843, 2853, 2763, 3595, 2868, 2876, 2884, 19, 2892, 2903, - 3595, 2953, 2969, 2985, 3001, 3017, 3033, 3049, 3065, 3081, - 3087, 3103, 3119, 1676, 3135, 3151, 3167, 3183, 3199, 3215, - 3231, 3237, 3244, 3260, 3276, 3282, 3289, 3295, 3301, 3307, - 3314, 3320, 3326, 3332, 3339, 3347, 3353, 3359, 3365, 3372, - 3380, 3386, 3392, 3399, 3407, 3413, 3421, 3428, 3436, 3442, - 3450, 3457, 3465, 3481, 3497, 3513, 3519, 3527, 3534, 3540, - 3548, 3554, 3562, 3578, 2159 + 0, 69, 71, 79, 94, 124, 175, 244, 153, 197, + 85, 130, 314, 0, 4514, 4461, 4510, 5604, 4507, 5604, + 382, 86, 5604, 5604, 4458, 5604, 140, 394, 195, 153, + 4483, 5604, 5604, 453, 4383, 43, 508, 37, 4379, 65, + 4378, 4385, 4367, 566, 581, 91, 151, 604, 39, 41, + 4351, 34, 4348, 117, 4402, 4412, 428, 4371, 4382, 136, + 0, 5604, 4407, 5604, 0, 606, 664, 105, 0, 4358, + 5604, 115, 5604, 133, 5604, 138, 4357, 152, 171, 5604, + 188, 383, 641, 694, 737, 235, 245, 794, 843, 4369, + 157, 898, 4365, 4364, 4375, 4370, 944, 0, 206, 4351, + + 266, 4400, 4397, 4397, 5604, 263, 532, 585, 4386, 608, + 707, 4346, 829, 648, 4345, 968, 981, 1018, 4359, 4370, + 563, 708, 422, 4357, 371, 1062, 1106, 4343, 4347, 4340, + 4344, 596, 4333, 4340, 4337, 4329, 4331, 644, 5604, 237, + 137, 946, 4309, 4314, 4305, 4300, 4301, 121, 225, 530, + 377, 369, 335, 445, 4366, 720, 4365, 931, 4314, 1018, + 169, 0, 4361, 160, 5604, 5604, 991, 388, 0, 4312, + 638, 5604, 5604, 4311, 661, 4310, 4356, 392, 221, 420, + 4358, 653, 665, 1139, 4296, 1145, 0, 1173, 1201, 1210, + 1037, 1239, 4333, 1081, 1170, 826, 1288, 1343, 4307, 0, + + 4311, 4309, 899, 4298, 4296, 4287, 4283, 4336, 4335, 1222, + 1258, 1389, 1362, 968, 1428, 4323, 4310, 1472, 520, 1517, + 1561, 1605, 4303, 4297, 4280, 4282, 4289, 4300, 4295, 4283, + 4279, 4292, 4291, 4290, 654, 493, 4258, 4252, 4242, 4244, + 4250, 534, 579, 4253, 491, 407, 506, 1413, 626, 4304, + 4251, 4239, 1651, 1661, 4227, 1705, 0, 4197, 4164, 4155, + 4151, 4151, 4135, 4112, 4111, 811, 4067, 4122, 1749, 378, + 0, 0, 1041, 243, 4098, 4097, 1786, 805, 4096, 4095, + 623, 1410, 1799, 1447, 1091, 1844, 1890, 4094, 429, 4073, + 632, 4084, 4082, 4056, 4054, 4050, 4053, 0, 4046, 0, + + 929, 638, 544, 561, 4022, 4024, 4008, 4022, 4008, 746, + 524, 1063, 413, 662, 1491, 4060, 4059, 4058, 1270, 1900, + 1944, 763, 904, 4037, 4020, 4009, 4007, 3992, 3988, 818, + 3993, 3988, 3912, 1990, 2002, 2014, 3930, 3929, 2024, 3929, + 3912, 3911, 3910, 919, 1536, 1003, 1580, 1142, 2037, 0, + 1626, 2083, 1680, 1372, 2128, 2174, 764, 5604, 3892, 3877, + 3870, 3884, 3862, 3869, 3879, 3879, 0, 3863, 698, 593, + 820, 973, 1093, 3857, 3824, 3825, 922, 897, 969, 1097, + 3866, 3858, 2186, 2196, 3829, 3807, 3800, 3814, 3778, 3784, + 3794, 3793, 3747, 3726, 3716, 3711, 3696, 3656, 2240, 1017, + + 2279, 2291, 1637, 3686, 3662, 3648, 3646, 2301, 1127, 3642, + 3641, 2347, 1154, 1205, 1209, 1724, 1761, 2359, 0, 1763, + 2405, 1774, 1457, 2450, 2496, 2521, 1024, 1127, 1181, 1190, + 1169, 1207, 1224, 1392, 3602, 3584, 3577, 3560, 1240, 3581, + 3547, 1313, 1391, 874, 1774, 1821, 3584, 3576, 3569, 1503, + 3523, 3519, 869, 1379, 3515, 3511, 949, 1045, 0, 0, + 0, 0, 3478, 2577, 1863, 1546, 3510, 3509, 3506, 1919, + 2616, 1963, 1590, 2660, 2706, 2056, 3517, 3509, 3487, 1692, + 1879, 1979, 2096, 2104, 2147, 2106, 2718, 0, 2217, 2764, + 2250, 1734, 2809, 2855, 2880, 2086, 1133, 1088, 5604, 421, + + 2087, 1184, 2088, 1369, 5604, 1370, 5604, 1197, 3418, 3389, + 1282, 2127, 1249, 1368, 3442, 3427, 2936, 3386, 3320, 3309, + 3295, 2951, 1219, 3272, 3006, 1181, 3044, 0, 1709, 3290, + 3263, 2260, 58, 2320, 1774, 3083, 0, 2380, 3129, 2424, + 1831, 3173, 3219, 3270, 3265, 3231, 2336, 2462, 2464, 2471, + 3256, 2477, 3243, 0, 2589, 3289, 2600, 1929, 3335, 3360, + 1376, 1087, 1847, 1409, 1542, 1586, 3218, 3184, 3166, 1832, + 1427, 2060, 3174, 2635, 3210, 3186, 3185, 2435, 3129, 3111, + 3114, 3066, 3429, 1454, 0, 3486, 2679, 2737, 1483, 3085, + 2989, 2839, 3525, 2819, 2003, 2280, 2783, 2381, 3537, 0, + + 2830, 3583, 3016, 2157, 3627, 3673, 3026, 2821, 2801, 2750, + 2228, 2472, 2474, 2695, 1189, 1531, 3685, 0, 2647, 1848, + 1925, 1602, 1522, 1849, 1587, 5604, 1664, 5604, 2692, 1967, + 1630, 2177, 2014, 2406, 2761, 2674, 2630, 3731, 2272, 1926, + 2155, 2500, 1927, 3741, 2076, 3780, 0, 1967, 2277, 3054, + 2598, 2535, 2509, 2841, 2470, 2431, 2485, 2600, 3064, 2617, + 3819, 0, 3104, 3865, 3148, 3036, 3909, 3955, 2390, 2373, + 3966, 3118, 2338, 1742, 2298, 2129, 5604, 2743, 1825, 1738, + 2219, 2153, 1825, 5604, 2062, 2083, 3130, 3172, 3276, 3281, + 1984, 2880, 1920, 3360, 3192, 1912, 1877, 1858, 3274, 1744, + + 2326, 2643, 2745, 3978, 3990, 4002, 1700, 1693, 4014, 1662, + 1623, 2856, 2951, 3496, 3084, 4026, 0, 3508, 4072, 3556, + 3074, 0, 1599, 1510, 1503, 3319, 1423, 2328, 5604, 3154, + 2037, 5604, 2124, 3602, 3646, 1409, 1403, 4118, 2407, 2791, + 4130, 2334, 4142, 4154, 3659, 3704, 1390, 1286, 1251, 3418, + 1158, 1087, 3105, 1077, 1056, 4166, 0, 3568, 2499, 5604, + 3270, 2220, 3751, 1014, 1005, 957, 3614, 2522, 4178, 4190, + 4202, 3761, 3790, 3800, 684, 0, 683, 2685, 5604, 658, + 2222, 5604, 522, 382, 4214, 4226, 2335, 4238, 4250, 3840, + 5604, 3846, 3884, 3202, 5604, 3928, 374, 208, 117, 3716, + + 4260, 4297, 4334, 4045, 4091, 4270, 59, 4371, 3941, 5604, + 4280, 3771, 5604, 4423, 4444, 4465, 4486, 4507, 4528, 4549, + 4570, 4591, 4600, 2074, 4620, 4641, 2383, 4662, 4683, 4704, + 4725, 4746, 4767, 4788, 4809, 2337, 4830, 4839, 4847, 4856, + 4876, 4897, 4918, 2474, 4939, 4960, 4981, 5002, 5011, 5030, + 5039, 5048, 2421, 2516, 5056, 5064, 5072, 5081, 5089, 5096, + 5104, 5112, 5121, 5131, 2600, 2694, 5139, 5147, 5155, 2695, + 2757, 5164, 5174, 5194, 2798, 5203, 5211, 2799, 5220, 5230, + 5250, 2228, 2615, 5259, 5271, 5280, 5290, 2803, 2825, 5299, + 5309, 5318, 5338, 2700, 5347, 5359, 2841, 2872, 5368, 5378, + + 2873, 5387, 5397, 5417, 5438, 5459, 3115, 3116, 5479, 3168, + 5486, 5496, 2951, 2967, 5505, 2520, 5525, 3304, 3313, 5534, + 5544, 3517, 3314, 3318, 5552, 5562, 5582, 3814, 3319, 3430 } ; -static yyconst short int yy_def[686] = +static yyconst short int yy_def[931] = { 0, - 621, 1, 1, 1, 622, 622, 623, 623, 624, 624, - 625, 625, 621, 626, 621, 621, 621, 621, 627, 628, - 621, 621, 629, 621, 630, 626, 26, 26, 631, 621, - 621, 621, 32, 32, 32, 35, 35, 35, 35, 35, - 35, 626, 26, 626, 621, 627, 32, 32, 35, 35, - 35, 621, 621, 621, 632, 35, 35, 626, 633, 621, - 633, 621, 633, 621, 627, 621, 634, 635, 621, 635, - 621, 635, 621, 636, 637, 637, 637, 621, 621, 626, - 626, 621, 621, 638, 621, 639, 621, 628, 621, 640, - 628, 629, 629, 630, 641, 626, 626, 26, 631, 98, - - 98, 98, 98, 642, 643, 35, 35, 35, 35, 35, - 35, 35, 35, 35, 35, 35, 35, 626, 621, 626, - 621, 621, 621, 621, 621, 621, 638, 626, 98, 626, - 626, 626, 621, 621, 621, 621, 632, 644, 626, 626, - 633, 633, 621, 621, 621, 639, 621, 634, 635, 635, - 621, 621, 635, 635, 637, 621, 637, 637, 621, 621, - 638, 645, 621, 621, 640, 640, 621, 626, 626, 626, - 98, 171, 646, 621, 647, 621, 106, 35, 35, 35, - 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, - 626, 621, 621, 621, 621, 621, 638, 626, 171, 626, - - 626, 626, 621, 626, 621, 645, 626, 626, 626, 626, - 626, 626, 648, 649, 649, 215, 650, 649, 651, 176, - 621, 221, 221, 621, 221, 35, 35, 35, 35, 35, - 35, 35, 35, 35, 35, 35, 35, 35, 626, 621, - 621, 621, 621, 621, 638, 626, 626, 626, 626, 626, - 626, 626, 621, 652, 652, 255, 652, 653, 654, 655, - 621, 656, 224, 656, 656, 265, 656, 621, 268, 268, - 621, 268, 621, 621, 35, 35, 35, 35, 35, 35, - 35, 35, 35, 35, 626, 621, 621, 621, 638, 626, - 626, 626, 626, 626, 626, 626, 626, 657, 657, 658, - - 659, 621, 621, 621, 621, 621, 660, 660, 661, 271, - 661, 661, 312, 661, 621, 315, 315, 621, 315, 35, - 35, 35, 35, 35, 35, 35, 35, 35, 626, 621, - 621, 638, 626, 626, 626, 626, 626, 626, 621, 662, - 663, 302, 621, 343, 343, 621, 343, 621, 621, 621, - 621, 621, 621, 664, 664, 665, 318, 665, 665, 359, - 665, 621, 362, 362, 621, 362, 35, 35, 35, 621, - 621, 35, 35, 35, 35, 621, 621, 621, 621, 626, - 621, 621, 638, 626, 626, 626, 626, 626, 626, 626, - 626, 621, 666, 621, 667, 346, 667, 667, 398, 398, - - 621, 401, 401, 621, 401, 621, 621, 621, 621, 668, - 668, 669, 365, 669, 669, 415, 669, 621, 418, 418, - 418, 35, 35, 35, 35, 35, 35, 35, 626, 621, - 621, 638, 626, 626, 626, 626, 626, 626, 626, 621, - 621, 621, 621, 670, 670, 671, 404, 671, 671, 449, - 449, 621, 452, 452, 621, 452, 621, 621, 621, 621, - 621, 621, 672, 672, 673, 673, 673, 467, 467, 35, - 35, 35, 35, 35, 621, 621, 621, 621, 621, 621, - 674, 638, 626, 675, 676, 626, 626, 626, 626, 626, - 626, 621, 621, 621, 621, 621, 621, 677, 677, 678, - - 455, 678, 678, 503, 503, 621, 506, 506, 621, 506, - 621, 621, 621, 621, 679, 679, 35, 621, 621, 35, - 35, 35, 621, 674, 674, 621, 638, 626, 675, 675, - 675, 675, 621, 675, 676, 676, 626, 626, 626, 621, - 621, 621, 621, 680, 680, 681, 509, 681, 681, 549, - 549, 621, 552, 552, 552, 621, 621, 621, 621, 621, - 621, 621, 35, 35, 621, 638, 621, 621, 626, 626, - 626, 626, 626, 621, 621, 621, 621, 621, 621, 682, - 682, 683, 683, 683, 584, 584, 621, 621, 35, 684, - 626, 626, 626, 621, 621, 621, 621, 685, 685, 621, - - 621, 684, 684, 621, 626, 626, 626, 626, 626, 621, - 621, 621, 621, 621, 626, 626, 626, 626, 626, 626, - 0, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621 + 813, 1, 1, 1, 814, 814, 815, 815, 816, 816, + 817, 817, 813, 13, 813, 818, 813, 813, 813, 813, + 819, 820, 813, 813, 821, 813, 822, 818, 28, 28, + 823, 813, 813, 813, 34, 34, 34, 37, 37, 37, + 37, 37, 37, 818, 28, 818, 813, 819, 34, 34, + 37, 37, 37, 813, 824, 813, 825, 37, 37, 818, + 826, 813, 826, 813, 826, 813, 819, 813, 827, 828, + 813, 828, 813, 828, 813, 829, 830, 830, 830, 813, + 813, 831, 832, 833, 813, 85, 85, 85, 813, 89, + 89, 89, 92, 92, 92, 92, 85, 88, 88, 818, + + 818, 813, 813, 834, 813, 835, 813, 820, 836, 831, + 820, 821, 821, 822, 837, 818, 818, 28, 838, 118, + 118, 118, 118, 839, 840, 37, 126, 127, 127, 127, + 127, 127, 127, 127, 127, 127, 127, 818, 813, 818, + 818, 813, 813, 813, 813, 813, 813, 834, 818, 118, + 818, 818, 818, 813, 813, 813, 813, 841, 842, 818, + 818, 843, 843, 813, 813, 813, 835, 813, 844, 845, + 845, 813, 813, 845, 845, 830, 813, 830, 830, 813, + 813, 831, 831, 831, 846, 847, 88, 846, 848, 813, + 813, 85, 192, 192, 192, 192, 813, 197, 198, 849, + + 198, 198, 198, 198, 198, 88, 88, 834, 850, 813, + 813, 818, 212, 212, 118, 215, 851, 813, 852, 813, + 127, 221, 222, 222, 222, 222, 222, 222, 222, 222, + 222, 222, 222, 222, 818, 818, 813, 813, 813, 813, + 813, 834, 818, 215, 818, 818, 818, 813, 818, 813, + 853, 854, 813, 88, 254, 197, 198, 198, 198, 198, + 198, 198, 198, 198, 198, 88, 88, 850, 818, 818, + 212, 212, 212, 818, 855, 856, 856, 277, 857, 856, + 858, 220, 813, 283, 283, 813, 283, 222, 222, 222, + 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, + + 818, 818, 818, 818, 813, 813, 813, 813, 813, 834, + 818, 818, 818, 818, 813, 813, 853, 853, 813, 254, + 197, 198, 859, 198, 198, 198, 198, 198, 198, 88, + 88, 88, 88, 212, 212, 212, 813, 860, 860, 339, + 860, 861, 862, 863, 813, 864, 286, 864, 813, 349, + 864, 813, 352, 352, 813, 352, 813, 813, 222, 222, + 222, 222, 222, 222, 222, 222, 222, 222, 818, 818, + 818, 818, 818, 813, 813, 813, 834, 818, 818, 818, + 865, 866, 813, 88, 321, 859, 859, 198, 198, 198, + 198, 198, 198, 88, 88, 88, 88, 88, 818, 818, + + 212, 212, 818, 867, 867, 868, 869, 813, 813, 870, + 871, 813, 872, 872, 873, 355, 873, 813, 418, 873, + 813, 421, 421, 813, 421, 813, 426, 426, 426, 426, + 426, 426, 426, 426, 818, 818, 818, 818, 818, 813, + 813, 874, 818, 818, 818, 813, 813, 875, 875, 813, + 859, 859, 198, 859, 198, 198, 198, 198, 88, 88, + 88, 88, 88, 818, 464, 464, 813, 876, 877, 408, + 813, 471, 471, 813, 471, 813, 813, 878, 878, 813, + 813, 879, 879, 880, 424, 880, 813, 487, 880, 813, + 490, 490, 813, 490, 813, 495, 495, 813, 813, 495, + + 495, 495, 495, 813, 813, 813, 813, 818, 813, 813, + 881, 818, 818, 818, 882, 883, 813, 884, 884, 884, + 884, 813, 522, 885, 818, 818, 818, 527, 527, 813, + 886, 813, 887, 474, 887, 813, 536, 887, 813, 539, + 539, 813, 539, 888, 889, 813, 813, 890, 890, 891, + 892, 891, 813, 553, 891, 813, 556, 556, 556, 813, + 560, 560, 560, 560, 560, 560, 818, 813, 813, 893, + 818, 818, 818, 813, 813, 894, 894, 813, 895, 895, + 895, 895, 813, 583, 896, 818, 586, 586, 586, 813, + 897, 898, 813, 899, 899, 900, 542, 900, 813, 599, + + 900, 813, 602, 602, 813, 602, 813, 813, 901, 901, + 813, 813, 902, 902, 903, 903, 813, 617, 903, 560, + 560, 560, 560, 560, 813, 813, 813, 813, 813, 813, + 904, 893, 818, 905, 906, 907, 908, 813, 907, 909, + 909, 909, 909, 818, 818, 818, 646, 646, 818, 813, + 813, 910, 910, 813, 813, 911, 911, 912, 605, 912, + 813, 661, 912, 813, 664, 664, 813, 664, 913, 914, + 813, 813, 915, 915, 560, 813, 813, 560, 560, 560, + 813, 904, 904, 813, 893, 818, 905, 905, 905, 905, + 916, 905, 917, 917, 813, 813, 907, 907, 813, 813, + + 909, 909, 909, 646, 646, 646, 918, 919, 813, 813, + 920, 920, 921, 667, 921, 813, 716, 921, 813, 719, + 719, 922, 813, 913, 913, 813, 813, 813, 813, 560, + 560, 813, 893, 813, 813, 923, 924, 813, 909, 909, + 646, 818, 646, 646, 818, 813, 813, 918, 918, 813, + 813, 925, 925, 926, 926, 926, 756, 926, 813, 813, + 560, 927, 813, 813, 923, 923, 813, 909, 646, 646, + 646, 813, 813, 813, 813, 928, 928, 813, 813, 927, + 927, 813, 929, 930, 813, 646, 818, 646, 646, 818, + 813, 813, 813, 813, 813, 813, 813, 929, 929, 813, + + 818, 818, 818, 813, 813, 813, 818, 818, 818, 813, + 813, 813, 0, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813 } ; -static yyconst short int yy_nxt[3663] = +static yyconst short int yy_nxt[5675] = { 0, - 14, 15, 16, 17, 18, 19, 20, 21, 22, 14, - 23, 24, 14, 14, 25, 26, 27, 28, 26, 26, - 26, 26, 26, 29, 30, 31, 14, 32, 33, 33, - 33, 34, 35, 35, 35, 35, 36, 35, 37, 35, - 38, 39, 40, 41, 35, 35, 35, 35, 35, 42, - 14, 43, 43, 43, 43, 43, 43, 14, 14, 14, - 14, 14, 14, 14, 44, 14, 14, 45, 81, 52, - 89, 46, 151, 53, 107, 110, 115, 52, 107, 54, - 111, 53, 55, 76, 16, 77, 78, 54, 90, 109, - 55, 76, 16, 77, 78, 47, 48, 150, 128, 49, - - 158, 113, 604, 131, 56, 394, 81, 50, 57, 35, - 51, 35, 56, 547, 91, 114, 57, 35, 133, 35, - 15, 60, 61, 120, 62, 15, 60, 61, 134, 62, - 62, 79, 58, 95, 95, 62, 81, 95, 95, 79, - 58, 191, 62, 63, 147, 119, 156, 62, 63, 15, - 16, 17, 69, 65, 81, 95, 154, 119, 70, 71, - 72, 102, 102, 102, 102, 102, 103, 85, 64, 147, - 119, 140, 73, 64, 15, 16, 17, 86, 65, 96, - 87, 87, 87, 87, 87, 87, 87, 87, 101, 101, - 101, 101, 101, 101, 101, 101, 174, 74, 15, 16, - - 17, 69, 65, 157, 621, 176, 89, 70, 71, 72, - 80, 621, 100, 100, 100, 100, 100, 100, 100, 100, - 121, 73, 66, 67, 67, 67, 67, 67, 67, 67, - 67, 67, 67, 67, 67, 67, 67, 67, 67, 67, - 15, 16, 17, 107, 65, 81, 74, 152, 122, 123, - 166, 156, 124, 159, 160, 166, 155, 198, 394, 85, - 125, 135, 129, 126, 87, 87, 87, 87, 87, 87, - 87, 87, 150, 87, 87, 87, 87, 87, 87, 87, - 87, 172, 172, 172, 172, 172, 172, 547, 66, 67, - 67, 67, 67, 67, 67, 67, 67, 67, 67, 67, - - 67, 67, 67, 67, 67, 67, 97, 81, 98, 98, - 98, 98, 98, 98, 98, 98, 99, 621, 197, 201, - 100, 100, 100, 100, 100, 81, 81, 182, 501, 138, - 138, 80, 183, 138, 138, 621, 184, 81, 185, 239, - 200, 81, 81, 202, 100, 100, 100, 100, 100, 100, - 80, 138, 81, 147, 119, 246, 80, 204, 574, 80, - 80, 91, 80, 80, 80, 106, 106, 106, 106, 106, - 106, 106, 106, 99, 199, 139, 80, 106, 106, 106, - 106, 106, 107, 107, 107, 107, 108, 107, 107, 107, - 107, 107, 107, 107, 107, 107, 107, 107, 107, 81, - - 107, 100, 100, 100, 100, 100, 100, 80, 80, 80, - 80, 80, 80, 80, 80, 80, 80, 107, 107, 107, - 107, 107, 107, 107, 107, 621, 85, 147, 119, 107, - 107, 107, 107, 107, 159, 160, 146, 133, 107, 621, - 621, 621, 621, 621, 621, 621, 621, 134, 147, 119, - 81, 207, 248, 80, 80, 80, 80, 80, 80, 118, - 119, 80, 80, 80, 158, 80, 80, 174, 157, 80, - 143, 119, 144, 81, 145, 81, 220, 174, 144, 85, - 145, 80, 80, 80, 85, 81, 220, 81, 99, 246, - 246, 273, 145, 145, 86, 589, 150, 87, 87, 87, - - 87, 87, 87, 87, 87, 80, 174, 80, 80, 80, - 156, 80, 80, 274, 81, 80, 156, 85, 145, 87, - 87, 87, 87, 87, 87, 87, 87, 80, 80, 80, - 245, 95, 95, 174, 276, 95, 95, 81, 163, 277, - 127, 164, 164, 164, 164, 164, 164, 164, 164, 88, - 249, 88, 88, 95, 501, 88, 88, 81, 92, 88, - 92, 92, 92, 285, 92, 92, 81, 290, 92, 257, - 257, 257, 88, 88, 289, 85, 81, 96, 81, 174, - 92, 92, 92, 94, 292, 80, 80, 94, 220, 80, - 80, 246, 447, 94, 168, 169, 170, 168, 168, 168, - - 168, 168, 273, 333, 293, 94, 94, 80, 172, 172, - 172, 172, 172, 172, 172, 172, 172, 172, 172, 172, - 172, 172, 172, 172, 274, 81, 85, 81, 81, 171, - 171, 171, 171, 171, 171, 171, 171, 334, 99, 332, - 81, 171, 171, 171, 171, 171, 87, 87, 87, 87, - 87, 87, 87, 87, 85, 81, 81, 483, 138, 138, - 121, 329, 138, 138, 81, 171, 171, 171, 171, 171, - 171, 177, 177, 177, 177, 177, 177, 177, 177, 99, - 138, 291, 527, 177, 177, 177, 177, 177, 122, 123, - 174, 137, 124, 80, 80, 137, 174, 80, 80, 220, - - 125, 137, 81, 126, 139, 263, 383, 171, 171, 171, - 171, 171, 171, 137, 137, 80, 621, 621, 621, 621, - 621, 621, 621, 621, 149, 81, 372, 149, 149, 81, - 335, 373, 85, 526, 149, 164, 164, 164, 164, 164, - 164, 164, 164, 370, 565, 385, 81, 149, 164, 164, - 164, 164, 164, 164, 164, 164, 165, 564, 165, 165, - 95, 434, 165, 165, 95, 371, 165, 261, 174, 207, - 95, 208, 208, 208, 208, 208, 208, 263, 165, 165, - 165, 563, 95, 95, 207, 432, 208, 208, 208, 208, - 208, 208, 208, 208, 207, 376, 209, 209, 209, 209, - - 209, 209, 209, 209, 207, 81, 210, 210, 210, 210, - 210, 211, 208, 208, 138, 621, 174, 377, 138, 387, - 81, 261, 174, 81, 138, 263, 81, 174, 261, 174, - 81, 263, 621, 174, 447, 380, 138, 138, 310, 429, - 81, 80, 310, 212, 212, 212, 212, 212, 212, 212, - 212, 444, 444, 396, 81, 212, 212, 212, 212, 212, - 250, 251, 252, 250, 250, 250, 250, 250, 207, 81, - 208, 208, 208, 208, 208, 208, 208, 208, 386, 212, - 212, 212, 212, 212, 212, 214, 215, 216, 216, 216, - 216, 216, 216, 217, 81, 498, 498, 218, 218, 218, - - 218, 218, 85, 207, 81, 208, 208, 208, 208, 208, - 208, 208, 208, 225, 225, 225, 225, 225, 225, 225, - 225, 218, 218, 218, 218, 218, 218, 174, 221, 222, - 223, 221, 221, 221, 221, 221, 224, 261, 174, 81, - 225, 225, 225, 225, 225, 255, 255, 256, 257, 257, - 257, 257, 257, 217, 265, 265, 265, 265, 265, 265, - 265, 265, 81, 566, 225, 225, 225, 225, 225, 225, - 226, 226, 226, 226, 226, 226, 226, 226, 435, 621, - 174, 378, 226, 226, 226, 226, 226, 266, 266, 266, - 266, 266, 267, 621, 81, 264, 264, 264, 264, 264, - - 264, 264, 264, 379, 384, 492, 212, 212, 212, 212, - 212, 212, 261, 174, 262, 262, 262, 262, 262, 262, - 262, 262, 263, 174, 515, 515, 264, 264, 264, 264, - 264, 293, 263, 294, 294, 294, 294, 294, 294, 294, - 294, 299, 299, 299, 299, 299, 299, 299, 299, 217, - 264, 264, 264, 264, 264, 264, 174, 268, 269, 270, - 268, 268, 268, 268, 268, 271, 174, 81, 523, 272, - 272, 272, 272, 272, 293, 310, 295, 295, 295, 295, - 295, 295, 295, 295, 304, 305, 306, 304, 304, 304, - 304, 304, 522, 272, 272, 272, 272, 272, 272, 293, - - 521, 296, 296, 296, 296, 296, 297, 294, 294, 370, - 81, 272, 272, 272, 272, 272, 272, 272, 272, 261, - 174, 308, 308, 308, 308, 308, 308, 525, 526, 263, - 520, 371, 544, 544, 517, 81, 261, 174, 308, 308, - 308, 308, 308, 308, 308, 308, 263, 261, 174, 309, - 309, 309, 309, 309, 309, 309, 309, 310, 376, 378, - 475, 311, 311, 311, 311, 311, 312, 312, 312, 312, - 312, 312, 312, 312, 313, 313, 313, 313, 313, 314, - 377, 379, 476, 261, 174, 311, 311, 311, 311, 311, - 311, 174, 315, 316, 317, 315, 315, 315, 315, 315, - - 318, 81, 525, 526, 319, 319, 319, 319, 319, 621, - 433, 311, 311, 311, 311, 311, 311, 311, 311, 336, - 337, 338, 336, 336, 336, 336, 336, 457, 319, 319, - 319, 319, 319, 319, 293, 394, 294, 294, 294, 294, - 294, 294, 294, 294, 293, 396, 294, 294, 294, 294, - 294, 294, 293, 81, 294, 294, 294, 294, 294, 294, - 294, 294, 360, 360, 360, 360, 360, 361, 396, 348, - 81, 349, 349, 349, 349, 349, 349, 349, 349, 342, - 81, 399, 399, 399, 399, 399, 400, 81, 81, 343, - 344, 345, 343, 343, 343, 343, 343, 346, 174, 580, - - 580, 347, 347, 347, 347, 347, 348, 310, 350, 350, - 350, 350, 350, 350, 350, 350, 319, 319, 319, 319, - 319, 319, 319, 319, 480, 347, 347, 347, 347, 347, - 347, 348, 479, 351, 351, 351, 351, 351, 352, 349, - 349, 261, 174, 355, 355, 355, 355, 355, 355, 355, - 355, 310, 261, 174, 355, 355, 355, 355, 355, 355, - 81, 81, 310, 261, 174, 356, 356, 356, 356, 356, - 356, 356, 356, 357, 474, 528, 473, 358, 358, 358, - 358, 358, 359, 359, 359, 359, 359, 359, 359, 359, - 621, 174, 358, 358, 358, 358, 358, 358, 358, 358, - - 357, 358, 358, 358, 358, 358, 358, 174, 362, 363, - 364, 362, 362, 362, 362, 362, 365, 590, 85, 472, - 366, 366, 366, 366, 366, 387, 388, 388, 388, 388, - 388, 388, 388, 388, 387, 389, 389, 389, 389, 389, - 389, 389, 389, 471, 366, 366, 366, 366, 366, 366, - 387, 390, 390, 390, 390, 390, 391, 388, 388, 470, - 81, 347, 347, 347, 347, 347, 347, 347, 347, 81, - 398, 398, 398, 398, 398, 398, 398, 398, 416, 416, - 416, 416, 416, 417, 477, 81, 394, 621, 395, 395, - 395, 395, 395, 395, 395, 395, 396, 396, 598, 598, - - 397, 397, 397, 397, 397, 621, 478, 397, 397, 397, - 397, 397, 397, 397, 397, 406, 407, 408, 406, 406, - 406, 406, 406, 342, 397, 397, 397, 397, 397, 397, - 401, 402, 403, 401, 401, 401, 401, 401, 404, 259, - 481, 85, 405, 405, 405, 405, 405, 348, 394, 349, - 349, 349, 349, 349, 349, 349, 349, 348, 396, 349, - 349, 349, 349, 349, 349, 431, 405, 405, 405, 405, - 405, 405, 348, 430, 349, 349, 349, 349, 349, 349, - 349, 349, 261, 174, 261, 174, 450, 450, 450, 450, - 450, 451, 310, 482, 357, 366, 366, 366, 366, 366, - - 366, 366, 366, 621, 174, 415, 415, 415, 415, 415, - 415, 415, 415, 357, 261, 174, 411, 411, 411, 411, - 411, 411, 411, 411, 357, 261, 174, 411, 411, 411, - 411, 411, 411, 603, 604, 357, 261, 174, 412, 412, - 412, 412, 412, 412, 412, 412, 413, 174, 603, 604, - 414, 414, 414, 414, 414, 621, 357, 414, 414, 414, - 414, 414, 414, 414, 414, 436, 437, 438, 439, 436, - 436, 436, 436, 428, 414, 414, 414, 414, 414, 414, - 174, 418, 419, 420, 418, 418, 418, 418, 418, 174, - 148, 148, 427, 421, 421, 421, 421, 421, 413, 81, - - 387, 388, 388, 388, 388, 388, 388, 388, 388, 387, - 388, 388, 388, 388, 388, 388, 426, 421, 421, 421, - 421, 421, 421, 387, 388, 388, 388, 388, 388, 388, - 388, 388, 518, 484, 425, 81, 441, 442, 443, 441, - 441, 441, 441, 441, 81, 405, 405, 405, 405, 405, - 405, 405, 405, 484, 519, 484, 485, 394, 81, 445, - 445, 445, 445, 445, 445, 445, 445, 396, 394, 486, - 446, 446, 446, 446, 446, 446, 446, 446, 447, 81, - 424, 423, 448, 448, 448, 448, 448, 449, 449, 449, - 449, 449, 449, 449, 449, 621, 422, 448, 448, 448, - - 448, 448, 448, 448, 448, 81, 448, 448, 448, 448, - 448, 448, 452, 453, 454, 452, 452, 452, 452, 452, - 455, 174, 348, 342, 456, 456, 456, 456, 456, 457, - 413, 458, 458, 458, 458, 458, 458, 458, 458, 468, - 468, 468, 468, 468, 469, 261, 174, 259, 456, 456, - 456, 456, 456, 456, 457, 357, 459, 459, 459, 459, - 459, 459, 459, 459, 457, 217, 460, 460, 460, 460, - 460, 461, 458, 458, 261, 174, 421, 421, 421, 421, - 421, 421, 421, 421, 413, 621, 174, 467, 467, 467, - 467, 467, 467, 467, 467, 413, 261, 174, 464, 464, - - 464, 464, 464, 464, 464, 464, 413, 261, 174, 464, - 464, 464, 464, 464, 464, 382, 381, 413, 261, 174, - 465, 465, 465, 465, 465, 465, 465, 465, 394, 375, - 374, 369, 466, 466, 466, 466, 466, 621, 447, 466, - 466, 466, 466, 466, 466, 466, 466, 456, 456, 456, - 456, 456, 456, 456, 456, 368, 466, 466, 466, 466, - 466, 466, 486, 621, 487, 487, 487, 487, 487, 487, - 487, 487, 486, 447, 488, 488, 488, 488, 488, 488, - 488, 488, 486, 394, 489, 489, 489, 489, 489, 490, - 491, 491, 486, 447, 569, 605, 367, 486, 81, 491, - - 491, 491, 487, 487, 487, 487, 487, 492, 81, 493, - 493, 493, 493, 493, 493, 493, 493, 492, 81, 494, - 494, 494, 494, 494, 494, 494, 494, 342, 81, 259, - 81, 81, 492, 81, 495, 495, 495, 495, 495, 496, - 493, 493, 394, 475, 499, 499, 499, 499, 499, 499, - 499, 499, 447, 394, 217, 500, 500, 500, 500, 500, - 500, 500, 500, 501, 477, 476, 518, 502, 502, 502, - 502, 502, 503, 503, 503, 503, 503, 503, 503, 503, - 504, 504, 504, 504, 504, 505, 478, 217, 519, 286, - 331, 502, 502, 502, 502, 502, 502, 506, 507, 508, - - 506, 506, 506, 506, 506, 509, 330, 328, 327, 510, - 510, 510, 510, 510, 621, 326, 502, 502, 502, 502, - 502, 502, 502, 502, 511, 512, 513, 511, 511, 511, - 511, 511, 325, 510, 510, 510, 510, 510, 510, 457, - 324, 458, 458, 458, 458, 458, 458, 458, 458, 457, - 484, 458, 458, 458, 458, 458, 458, 458, 458, 457, - 323, 458, 458, 458, 458, 458, 458, 261, 174, 614, - 484, 322, 484, 484, 614, 321, 320, 413, 261, 174, - 516, 516, 516, 516, 516, 516, 516, 516, 530, 302, - 531, 532, 533, 530, 259, 531, 532, 533, 537, 538, - - 539, 537, 537, 537, 537, 537, 486, 394, 487, 487, - 487, 487, 487, 487, 487, 487, 486, 501, 487, 487, - 487, 487, 487, 487, 487, 487, 217, 621, 394, 561, - 394, 298, 81, 217, 621, 105, 534, 501, 501, 286, - 547, 536, 81, 486, 547, 487, 487, 487, 487, 487, - 487, 562, 81, 540, 541, 542, 540, 540, 540, 540, - 540, 492, 288, 493, 493, 493, 493, 493, 493, 493, - 493, 550, 550, 550, 550, 550, 551, 286, 492, 81, - 493, 493, 493, 493, 493, 493, 493, 493, 492, 287, - 493, 493, 493, 493, 493, 493, 510, 510, 510, 510, - - 510, 510, 510, 510, 394, 561, 545, 545, 545, 545, - 545, 545, 545, 545, 501, 394, 394, 546, 546, 546, - 546, 546, 546, 546, 546, 547, 547, 562, 286, 548, - 548, 548, 548, 548, 549, 549, 549, 549, 549, 549, - 549, 549, 621, 284, 548, 548, 548, 548, 548, 548, - 548, 548, 283, 548, 548, 548, 548, 548, 548, 552, - 553, 554, 552, 552, 552, 552, 552, 282, 281, 280, - 279, 555, 555, 555, 555, 555, 174, 556, 556, 556, - 556, 556, 556, 556, 556, 174, 557, 557, 557, 557, - 557, 557, 557, 557, 587, 555, 555, 555, 555, 555, - - 555, 174, 558, 558, 558, 558, 558, 559, 556, 556, - 621, 278, 621, 621, 621, 530, 588, 531, 532, 533, - 621, 275, 531, 532, 533, 621, 99, 621, 621, 533, - 567, 217, 259, 568, 568, 568, 568, 568, 568, 568, - 568, 217, 587, 529, 529, 600, 621, 529, 621, 621, - 621, 105, 85, 535, 535, 205, 247, 535, 534, 529, - 529, 529, 244, 534, 588, 243, 242, 601, 534, 535, - 535, 535, 569, 534, 570, 570, 570, 570, 570, 570, - 570, 570, 569, 600, 571, 571, 571, 571, 571, 571, - 571, 571, 241, 569, 536, 572, 572, 572, 572, 572, - - 573, 570, 570, 240, 238, 601, 237, 574, 81, 575, - 575, 575, 575, 575, 575, 575, 575, 574, 81, 576, - 576, 576, 576, 576, 576, 576, 576, 236, 574, 81, - 577, 577, 577, 577, 577, 578, 575, 575, 555, 555, - 555, 555, 555, 555, 555, 555, 394, 235, 581, 581, - 581, 581, 581, 581, 581, 581, 547, 394, 234, 582, - 582, 582, 582, 582, 582, 582, 582, 233, 232, 231, - 230, 583, 583, 583, 583, 583, 584, 584, 584, 584, - 584, 584, 584, 584, 585, 585, 585, 585, 585, 586, - 229, 228, 227, 105, 97, 583, 583, 583, 583, 583, - - 583, 621, 85, 583, 583, 583, 583, 583, 583, 583, - 583, 174, 556, 556, 556, 556, 556, 556, 556, 556, - 174, 556, 556, 556, 556, 556, 556, 556, 556, 174, - 556, 556, 556, 556, 556, 556, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 591, 592, 593, 591, 591, 591, 591, 591, - 569, 85, 570, 570, 570, 570, 570, 570, 570, 570, - 569, 205, 570, 570, 570, 570, 570, 570, 570, 570, - 155, 156, 150, 150, 142, 569, 81, 570, 570, 570, - 570, 570, 570, 203, 136, 136, 81, 594, 595, 596, - - 594, 594, 594, 594, 594, 574, 81, 575, 575, 575, - 575, 575, 575, 575, 575, 196, 195, 194, 193, 192, - 574, 81, 575, 575, 575, 575, 575, 575, 575, 575, - 574, 190, 575, 575, 575, 575, 575, 575, 394, 189, - 599, 599, 599, 599, 599, 599, 599, 599, 605, 188, - 606, 606, 606, 606, 606, 606, 606, 606, 605, 187, - 607, 607, 607, 607, 607, 607, 607, 607, 605, 186, - 608, 608, 608, 608, 608, 609, 606, 606, 610, 610, - 610, 610, 610, 610, 81, 610, 610, 610, 610, 610, - 610, 610, 610, 181, 81, 611, 611, 611, 611, 611, - - 611, 611, 611, 180, 81, 612, 612, 612, 612, 612, - 613, 610, 610, 615, 616, 617, 615, 615, 615, 615, - 615, 605, 179, 606, 606, 606, 606, 606, 606, 606, - 606, 605, 178, 606, 606, 606, 606, 606, 606, 606, - 606, 105, 80, 105, 167, 93, 605, 81, 606, 606, - 606, 606, 606, 606, 85, 83, 82, 81, 610, 610, - 610, 610, 610, 610, 610, 610, 81, 81, 610, 610, - 610, 610, 610, 610, 610, 610, 156, 150, 142, 113, - 111, 136, 81, 618, 618, 618, 618, 618, 618, 618, - 618, 615, 615, 615, 615, 615, 615, 615, 615, 619, - - 619, 619, 619, 619, 620, 618, 618, 618, 618, 618, - 618, 618, 618, 618, 618, 132, 130, 81, 618, 618, - 618, 618, 618, 618, 117, 81, 116, 115, 112, 107, - 105, 93, 83, 81, 82, 81, 621, 621, 621, 621, - 621, 81, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 81, 59, 59, 59, 59, 59, 59, 59, - 59, 59, 59, 59, 59, 59, 59, 59, 59, 31, - 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, - 31, 31, 31, 31, 31, 68, 68, 68, 68, 68, - 68, 68, 68, 68, 68, 68, 68, 68, 68, 68, - - 68, 75, 75, 75, 75, 75, 75, 75, 75, 75, - 75, 75, 75, 75, 75, 75, 75, 80, 621, 621, - 621, 621, 621, 621, 621, 80, 80, 80, 621, 621, - 80, 80, 80, 84, 84, 84, 84, 84, 84, 84, - 84, 84, 84, 84, 84, 84, 84, 84, 84, 88, - 621, 621, 621, 621, 88, 621, 621, 88, 88, 88, - 88, 621, 88, 88, 88, 92, 621, 621, 621, 621, - 621, 621, 621, 92, 92, 92, 621, 621, 92, 92, - 92, 94, 621, 621, 94, 94, 621, 94, 621, 94, - 94, 94, 621, 621, 94, 94, 94, 104, 104, 621, - - 621, 621, 104, 137, 621, 621, 137, 137, 621, 137, - 621, 137, 137, 137, 621, 621, 137, 137, 137, 141, - 621, 621, 141, 141, 621, 141, 621, 141, 141, 141, - 621, 141, 621, 141, 141, 149, 621, 621, 149, 621, - 621, 149, 621, 149, 149, 149, 149, 621, 149, 149, - 149, 153, 153, 153, 153, 153, 153, 153, 153, 153, - 153, 153, 153, 153, 153, 153, 153, 155, 155, 621, - 155, 621, 155, 155, 155, 155, 155, 155, 155, 155, - 155, 155, 155, 161, 161, 161, 161, 161, 161, 161, - 161, 161, 161, 161, 161, 161, 161, 161, 161, 162, - - 162, 621, 162, 162, 162, 162, 162, 162, 162, 162, - 162, 162, 162, 162, 162, 165, 621, 621, 621, 621, - 165, 621, 621, 165, 165, 165, 621, 621, 165, 165, - 165, 95, 621, 621, 95, 95, 621, 95, 621, 95, - 95, 95, 621, 621, 95, 95, 95, 173, 173, 621, - 621, 621, 173, 175, 175, 175, 621, 621, 621, 175, - 138, 621, 621, 138, 138, 621, 138, 621, 138, 138, - 138, 621, 621, 138, 138, 138, 206, 206, 206, 206, - 206, 206, 206, 206, 206, 206, 206, 206, 206, 206, - 206, 206, 213, 213, 621, 621, 621, 213, 219, 219, - - 219, 621, 621, 621, 219, 253, 253, 621, 621, 621, - 253, 254, 254, 621, 621, 621, 254, 258, 258, 621, - 621, 621, 258, 260, 260, 260, 621, 621, 621, 260, - 298, 298, 621, 621, 621, 298, 300, 300, 621, 621, - 621, 300, 301, 301, 621, 621, 621, 301, 303, 303, - 303, 621, 621, 621, 303, 307, 307, 307, 307, 621, - 621, 621, 307, 339, 339, 621, 621, 621, 339, 340, - 340, 621, 621, 621, 340, 341, 341, 621, 621, 621, - 341, 353, 353, 353, 621, 621, 621, 353, 354, 354, - 354, 354, 621, 621, 621, 354, 392, 392, 621, 621, - - 621, 392, 393, 393, 621, 621, 621, 393, 409, 409, - 409, 621, 621, 621, 409, 410, 410, 410, 410, 621, - 621, 621, 410, 440, 440, 621, 621, 621, 440, 444, - 621, 444, 444, 621, 621, 621, 444, 462, 462, 462, - 621, 621, 621, 462, 463, 463, 463, 463, 621, 621, - 621, 463, 497, 497, 621, 621, 621, 497, 498, 621, - 498, 498, 621, 621, 621, 498, 514, 514, 514, 621, - 621, 621, 514, 515, 515, 515, 621, 621, 621, 621, - 515, 524, 524, 524, 524, 524, 524, 524, 524, 524, - 524, 524, 524, 524, 524, 524, 524, 529, 529, 621, - - 529, 529, 529, 621, 621, 529, 529, 529, 621, 621, - 529, 529, 529, 535, 535, 621, 535, 535, 535, 621, - 621, 535, 535, 535, 621, 621, 535, 535, 535, 543, - 543, 621, 621, 621, 543, 544, 621, 544, 544, 621, - 621, 621, 544, 560, 560, 621, 621, 621, 621, 560, - 579, 579, 621, 621, 621, 579, 580, 621, 580, 580, - 621, 621, 621, 580, 597, 597, 621, 621, 621, 597, - 598, 621, 598, 621, 621, 621, 621, 598, 602, 602, - 602, 602, 602, 602, 602, 602, 602, 602, 602, 602, - 602, 602, 602, 602, 13, 621, 621, 621, 621, 621, - - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621 + 16, 17, 18, 19, 20, 21, 22, 23, 24, 16, + 25, 26, 16, 16, 27, 28, 29, 30, 28, 28, + 28, 28, 28, 28, 28, 31, 32, 33, 16, 34, + 35, 35, 35, 36, 37, 37, 37, 37, 38, 37, + 39, 37, 40, 41, 42, 43, 37, 37, 37, 37, + 37, 44, 16, 45, 45, 45, 45, 45, 45, 16, + 16, 16, 16, 16, 16, 16, 16, 46, 16, 16, + 47, 532, 54, 130, 48, 135, 55, 127, 131, 127, + 54, 127, 56, 534, 55, 57, 78, 18, 79, 80, + 56, 109, 129, 57, 133, 17, 62, 63, 150, 64, + + 49, 50, 149, 152, 51, 64, 168, 139, 134, 58, + 101, 110, 52, 59, 37, 53, 37, 58, 154, 64, + 65, 59, 37, 105, 37, 17, 62, 63, 155, 64, + 796, 78, 18, 79, 80, 64, 81, 111, 60, 175, + 139, 172, 101, 115, 115, 66, 60, 115, 115, 64, + 65, 140, 142, 178, 17, 18, 19, 71, 67, 173, + 141, 168, 139, 72, 73, 74, 171, 115, 122, 122, + 122, 122, 122, 123, 179, 66, 17, 18, 19, 75, + 67, 81, 143, 144, 171, 242, 145, 101, 101, 180, + 181, 116, 176, 236, 146, 198, 140, 147, 17, 18, + + 19, 71, 67, 177, 76, 161, 201, 72, 73, 74, + 121, 121, 121, 121, 121, 121, 121, 121, 121, 121, + 101, 796, 177, 75, 179, 249, 68, 69, 69, 69, + 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, + 69, 69, 69, 69, 69, 17, 18, 19, 76, 67, + 194, 194, 194, 194, 194, 194, 194, 194, 194, 194, + 195, 195, 195, 195, 195, 196, 206, 100, 119, 100, + 100, 100, 177, 100, 100, 207, 101, 100, 107, 107, + 107, 107, 107, 107, 107, 107, 107, 107, 101, 243, + 235, 100, 100, 100, 101, 68, 69, 69, 69, 69, + + 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, + 69, 69, 69, 69, 33, 17, 18, 19, 33, 33, + 82, 23, 24, 33, 83, 26, 33, 33, 84, 85, + 86, 87, 85, 85, 85, 85, 85, 85, 85, 31, + 88, 33, 33, 89, 90, 90, 90, 91, 92, 92, + 92, 92, 93, 92, 94, 92, 95, 92, 96, 92, + 92, 92, 92, 92, 92, 68, 33, 97, 97, 97, + 97, 97, 97, 98, 98, 98, 98, 98, 98, 98, + 98, 99, 98, 98, 105, 218, 101, 796, 109, 168, + 139, 269, 247, 178, 106, 796, 220, 107, 107, 107, + + 107, 107, 107, 107, 107, 107, 107, 117, 183, 118, + 118, 118, 118, 118, 118, 118, 118, 118, 118, 119, + 101, 180, 181, 120, 120, 120, 120, 120, 101, 101, + 357, 159, 159, 246, 184, 159, 159, 216, 216, 216, + 216, 216, 216, 177, 245, 101, 154, 120, 120, 120, + 120, 120, 120, 100, 358, 159, 155, 127, 101, 100, + 313, 563, 100, 100, 101, 100, 100, 100, 126, 126, + 126, 126, 126, 126, 126, 126, 126, 126, 119, 160, + 311, 100, 126, 126, 126, 126, 126, 127, 127, 127, + 127, 128, 127, 127, 127, 127, 127, 127, 127, 127, + + 127, 127, 127, 127, 101, 127, 120, 120, 120, 120, + 120, 120, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 127, 127, 127, 127, 127, 127, 127, + 127, 127, 127, 813, 218, 796, 105, 127, 127, 127, + 127, 127, 101, 100, 101, 282, 127, 107, 107, 107, + 107, 107, 107, 107, 107, 107, 107, 101, 304, 311, + 372, 100, 100, 100, 100, 100, 100, 138, 139, 100, + 100, 100, 311, 100, 100, 101, 378, 100, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 244, 310, + 813, 100, 100, 100, 100, 101, 120, 120, 120, 120, + + 120, 120, 120, 120, 120, 120, 105, 164, 139, 165, + 813, 166, 101, 109, 436, 165, 106, 166, 373, 107, + 107, 107, 107, 107, 107, 107, 107, 107, 107, 226, + 101, 166, 166, 813, 227, 311, 111, 218, 228, 170, + 229, 185, 170, 170, 101, 168, 139, 185, 282, 170, + 185, 115, 115, 185, 185, 115, 115, 166, 813, 184, + 782, 371, 168, 139, 170, 148, 105, 187, 360, 185, + 109, 301, 302, 361, 303, 115, 167, 101, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 101, + 813, 314, 188, 185, 115, 101, 532, 115, 115, 116, + + 115, 115, 115, 115, 184, 101, 115, 115, 108, 714, + 108, 108, 171, 101, 108, 108, 184, 435, 108, 380, + 187, 115, 115, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 108, 108, 107, 107, 107, 107, 107, + 107, 107, 107, 107, 107, 190, 115, 187, 105, 101, + 191, 187, 192, 192, 192, 192, 192, 192, 192, 192, + 192, 192, 119, 187, 357, 357, 193, 193, 193, 193, + 193, 187, 187, 187, 187, 187, 187, 187, 187, 187, + 187, 187, 187, 187, 187, 187, 187, 187, 358, 358, + 193, 193, 193, 193, 193, 193, 187, 187, 187, 187, + + 187, 187, 187, 187, 187, 187, 187, 813, 377, 187, + 187, 187, 187, 187, 187, 187, 187, 187, 187, 813, + 341, 341, 341, 187, 187, 187, 187, 187, 330, 331, + 112, 332, 112, 112, 112, 394, 112, 112, 395, 437, + 112, 255, 255, 255, 255, 255, 255, 187, 187, 187, + 187, 187, 187, 187, 112, 112, 112, 187, 197, 197, + 197, 197, 197, 197, 197, 197, 197, 197, 119, 187, + 498, 101, 197, 197, 197, 197, 197, 198, 198, 198, + 198, 199, 198, 198, 198, 198, 198, 198, 198, 198, + 198, 198, 198, 198, 499, 200, 193, 193, 193, 193, + + 193, 193, 187, 187, 187, 187, 187, 187, 187, 187, + 187, 187, 187, 198, 198, 198, 198, 198, 198, 198, + 198, 198, 198, 813, 105, 101, 443, 198, 198, 198, + 198, 198, 260, 218, 159, 159, 198, 261, 159, 159, + 386, 262, 513, 263, 282, 387, 369, 142, 101, 370, + 504, 187, 187, 187, 187, 187, 187, 813, 159, 193, + 193, 193, 193, 193, 193, 193, 193, 193, 193, 114, + 763, 100, 100, 114, 505, 100, 100, 143, 144, 114, + 101, 145, 160, 272, 272, 272, 272, 272, 273, 146, + 438, 442, 147, 114, 114, 100, 212, 213, 214, 212, + + 212, 212, 212, 212, 212, 212, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 345, 218, 763, 158, + 101, 100, 100, 158, 101, 100, 100, 763, 347, 158, + 399, 444, 101, 215, 215, 215, 215, 215, 215, 215, + 215, 215, 215, 158, 158, 100, 506, 215, 215, 215, + 215, 215, 251, 252, 253, 251, 251, 251, 251, 251, + 251, 251, 100, 100, 100, 100, 496, 127, 101, 813, + 507, 215, 215, 215, 215, 215, 215, 221, 221, 221, + 221, 221, 221, 221, 221, 221, 221, 119, 119, 498, + 532, 221, 221, 221, 221, 221, 255, 255, 255, 255, + + 255, 255, 255, 255, 255, 255, 350, 350, 350, 350, + 350, 351, 714, 499, 101, 215, 215, 215, 215, 215, + 215, 127, 127, 127, 127, 127, 127, 127, 127, 127, + 127, 813, 379, 622, 127, 127, 127, 127, 127, 127, + 182, 218, 182, 182, 101, 185, 182, 182, 101, 439, + 182, 185, 282, 445, 185, 813, 218, 185, 185, 100, + 100, 100, 100, 100, 100, 182, 182, 347, 218, 127, + 127, 187, 497, 185, 185, 562, 185, 185, 185, 347, + 185, 185, 498, 659, 185, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 525, 188, 185, 185, 185, + + 185, 115, 345, 218, 115, 115, 499, 115, 115, 115, + 115, 115, 127, 115, 115, 115, 565, 502, 345, 218, + 127, 115, 345, 218, 127, 504, 500, 187, 115, 115, + 347, 501, 101, 127, 416, 115, 115, 211, 211, 211, + 211, 211, 211, 211, 211, 211, 211, 503, 101, 505, + 127, 198, 190, 115, 254, 254, 254, 254, 254, 254, + 254, 254, 254, 254, 746, 567, 584, 127, 254, 254, + 254, 254, 254, 211, 211, 211, 211, 211, 211, 211, + 211, 211, 211, 315, 105, 316, 316, 316, 316, 316, + 316, 101, 254, 254, 254, 254, 254, 254, 187, 746, + + 101, 508, 187, 256, 256, 256, 256, 256, 256, 256, + 256, 256, 256, 119, 187, 105, 572, 256, 256, 256, + 256, 256, 198, 198, 198, 198, 198, 198, 198, 198, + 198, 198, 198, 198, 198, 198, 198, 198, 198, 570, + 200, 254, 254, 254, 254, 254, 254, 187, 187, 187, + 187, 187, 187, 187, 187, 187, 187, 187, 198, 198, + 198, 198, 198, 198, 198, 198, 198, 198, 813, 511, + 504, 506, 198, 198, 198, 198, 198, 271, 271, 271, + 271, 271, 271, 271, 271, 271, 271, 419, 419, 419, + 419, 419, 420, 506, 505, 507, 187, 187, 187, 187, + + 187, 187, 269, 746, 270, 270, 270, 270, 270, 270, + 270, 270, 270, 270, 159, 520, 763, 507, 159, 101, + 521, 621, 763, 127, 159, 287, 287, 287, 287, 287, + 287, 287, 287, 287, 287, 127, 573, 218, 159, 159, + 101, 100, 101, 274, 274, 274, 274, 274, 274, 274, + 274, 274, 274, 512, 624, 627, 127, 274, 274, 274, + 274, 274, 349, 349, 349, 349, 349, 349, 349, 349, + 349, 349, 488, 488, 488, 488, 488, 489, 101, 628, + 633, 274, 274, 274, 274, 274, 274, 276, 277, 278, + 278, 278, 278, 278, 278, 278, 278, 279, 649, 649, + + 649, 280, 280, 280, 280, 280, 381, 382, 383, 381, + 381, 381, 381, 381, 381, 381, 446, 218, 447, 447, + 447, 447, 447, 447, 218, 280, 280, 280, 280, 280, + 280, 218, 283, 284, 285, 283, 283, 283, 283, 283, + 283, 283, 286, 625, 813, 218, 287, 287, 287, 287, + 287, 410, 411, 412, 410, 410, 410, 410, 410, 410, + 410, 528, 528, 528, 528, 528, 529, 626, 679, 127, + 287, 287, 287, 287, 287, 287, 288, 288, 288, 288, + 288, 288, 288, 288, 288, 288, 119, 627, 625, 127, + 288, 288, 288, 288, 288, 356, 356, 356, 356, 356, + + 356, 356, 356, 356, 356, 537, 537, 537, 537, 537, + 538, 628, 626, 218, 274, 274, 274, 274, 274, 274, + 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, + 813, 683, 684, 127, 127, 127, 127, 127, 127, 345, + 218, 414, 414, 414, 414, 414, 414, 678, 659, 127, + 399, 347, 400, 400, 400, 400, 400, 400, 100, 100, + 100, 100, 100, 100, 315, 627, 318, 318, 318, 318, + 318, 319, 316, 316, 316, 316, 320, 320, 320, 320, + 320, 320, 320, 320, 320, 320, 119, 597, 101, 628, + 320, 320, 320, 320, 320, 418, 418, 418, 418, 418, + + 418, 418, 418, 418, 418, 476, 746, 477, 477, 477, + 477, 477, 477, 746, 320, 320, 320, 320, 320, 320, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 100, 100, 100, 100, 321, 321, 321, 321, 321, 425, + 425, 425, 425, 425, 425, 425, 425, 425, 425, 554, + 554, 554, 554, 554, 555, 345, 218, 695, 320, 320, + 320, 320, 320, 320, 334, 335, 336, 334, 334, 334, + 334, 334, 334, 334, 813, 218, 345, 218, 483, 483, + 483, 483, 483, 483, 731, 127, 416, 813, 416, 487, + 487, 487, 487, 487, 487, 487, 487, 487, 487, 534, + + 101, 339, 339, 340, 341, 341, 341, 341, 341, 341, + 341, 279, 345, 218, 346, 346, 346, 346, 346, 346, + 346, 346, 346, 346, 347, 101, 683, 684, 348, 348, + 348, 348, 348, 631, 105, 514, 515, 516, 517, 515, + 515, 515, 515, 515, 515, 515, 600, 600, 600, 600, + 600, 601, 348, 348, 348, 348, 348, 348, 218, 352, + 353, 354, 352, 352, 352, 352, 352, 352, 352, 355, + 730, 695, 127, 356, 356, 356, 356, 356, 527, 527, + 527, 527, 527, 527, 527, 527, 527, 527, 632, 623, + 695, 680, 675, 218, 127, 127, 127, 356, 356, 356, + + 356, 356, 356, 813, 347, 348, 348, 348, 348, 348, + 348, 348, 348, 348, 348, 384, 384, 384, 384, 384, + 384, 384, 384, 384, 384, 695, 676, 676, 813, 384, + 384, 384, 384, 384, 475, 475, 475, 475, 475, 475, + 475, 475, 475, 475, 618, 618, 618, 618, 618, 619, + 677, 677, 813, 384, 384, 384, 384, 384, 384, 385, + 385, 385, 385, 385, 385, 385, 385, 385, 385, 703, + 634, 694, 127, 385, 385, 385, 385, 385, 536, 536, + 536, 536, 536, 536, 536, 536, 536, 536, 100, 100, + 100, 100, 634, 218, 634, 634, 734, 384, 384, 384, + + 384, 384, 384, 399, 416, 400, 400, 400, 400, 400, + 400, 400, 400, 400, 400, 399, 532, 401, 401, 401, + 401, 401, 401, 401, 401, 401, 401, 399, 534, 402, + 402, 402, 402, 402, 403, 400, 400, 400, 400, 405, + 405, 405, 405, 405, 405, 405, 405, 405, 405, 279, + 345, 218, 414, 414, 414, 414, 414, 414, 414, 414, + 414, 414, 347, 634, 105, 101, 413, 413, 413, 413, + 413, 544, 545, 546, 544, 544, 544, 544, 544, 544, + 544, 686, 761, 107, 127, 634, 107, 634, 635, 644, + 413, 413, 413, 413, 413, 413, 345, 218, 415, 415, + + 415, 415, 415, 415, 415, 415, 415, 415, 416, 345, + 218, 101, 417, 417, 417, 417, 417, 345, 218, 813, + 218, 416, 127, 127, 127, 762, 105, 101, 733, 485, + 676, 485, 561, 564, 101, 566, 417, 417, 417, 417, + 417, 417, 218, 421, 422, 423, 421, 421, 421, 421, + 421, 421, 421, 424, 677, 684, 813, 425, 425, 425, + 425, 425, 494, 494, 494, 494, 494, 494, 494, 494, + 494, 494, 662, 662, 662, 662, 662, 663, 101, 105, + 813, 425, 425, 425, 425, 425, 425, 813, 571, 417, + 417, 417, 417, 417, 417, 417, 417, 417, 417, 446, + + 701, 449, 449, 449, 449, 449, 450, 447, 447, 447, + 447, 384, 384, 384, 384, 384, 384, 384, 384, 384, + 384, 781, 782, 781, 782, 384, 384, 384, 384, 384, + 345, 218, 549, 549, 549, 549, 549, 549, 685, 575, + 575, 607, 485, 608, 608, 608, 608, 608, 608, 384, + 384, 384, 384, 384, 384, 464, 465, 466, 464, 464, + 464, 464, 464, 464, 464, 553, 553, 553, 553, 553, + 553, 553, 553, 553, 553, 591, 592, 593, 591, 591, + 591, 591, 591, 591, 591, 695, 732, 700, 700, 700, + 644, 101, 399, 532, 400, 400, 400, 400, 400, 400, + + 400, 400, 400, 400, 399, 597, 400, 400, 400, 400, + 400, 400, 400, 400, 400, 400, 471, 472, 473, 471, + 471, 471, 471, 471, 471, 471, 474, 728, 101, 728, + 475, 475, 475, 475, 475, 543, 543, 543, 543, 543, + 543, 543, 543, 543, 543, 127, 211, 741, 786, 211, + 218, 729, 218, 729, 475, 475, 475, 475, 475, 475, + 476, 416, 479, 479, 479, 479, 479, 480, 477, 477, + 477, 477, 345, 218, 483, 483, 483, 483, 483, 483, + 483, 483, 483, 483, 416, 101, 101, 218, 482, 482, + 482, 482, 482, 532, 813, 595, 595, 595, 595, 595, + + 595, 169, 169, 169, 218, 534, 597, 688, 759, 689, + 690, 691, 482, 482, 482, 482, 482, 482, 345, 218, + 484, 484, 484, 484, 484, 484, 484, 484, 484, 484, + 485, 316, 760, 316, 486, 486, 486, 486, 486, 599, + 599, 599, 599, 599, 599, 599, 599, 599, 599, 574, + 575, 575, 575, 575, 575, 575, 597, 692, 486, 486, + 486, 486, 486, 486, 218, 490, 491, 492, 490, 490, + 490, 490, 490, 490, 490, 493, 218, 345, 218, 494, + 494, 494, 494, 494, 345, 218, 218, 485, 218, 485, + 813, 218, 169, 169, 169, 534, 551, 485, 532, 551, + + 759, 813, 551, 494, 494, 494, 494, 494, 494, 813, + 597, 486, 486, 486, 486, 486, 486, 486, 486, 486, + 486, 100, 650, 778, 760, 813, 317, 100, 317, 735, + 100, 100, 735, 100, 100, 100, 127, 127, 127, 127, + 127, 127, 127, 127, 127, 127, 702, 779, 650, 100, + 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, + 127, 127, 127, 127, 495, 127, 127, 127, 127, 127, + 127, 127, 101, 127, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 525, 526, 526, 526, 526, 526, 526, 526, 526, + + 526, 526, 345, 218, 614, 614, 614, 614, 614, 614, + 447, 650, 447, 532, 551, 617, 617, 617, 617, 617, + 617, 617, 617, 617, 617, 659, 576, 576, 101, 532, + 813, 533, 533, 533, 533, 533, 533, 533, 533, 533, + 533, 534, 659, 695, 813, 535, 535, 535, 535, 535, + 636, 637, 638, 639, 636, 636, 636, 636, 636, 636, + 345, 218, 674, 674, 674, 674, 674, 674, 813, 535, + 535, 535, 535, 535, 535, 539, 540, 541, 539, 539, + 539, 539, 539, 539, 539, 542, 778, 695, 739, 543, + 543, 543, 543, 543, 646, 646, 646, 646, 646, 646, + + 646, 646, 646, 646, 448, 477, 448, 477, 345, 218, + 779, 575, 575, 543, 543, 543, 543, 543, 543, 813, + 551, 535, 535, 535, 535, 535, 535, 535, 535, 535, + 535, 345, 218, 549, 549, 549, 549, 549, 549, 549, + 549, 549, 549, 485, 728, 681, 813, 548, 548, 548, + 548, 548, 647, 647, 647, 647, 647, 648, 649, 649, + 649, 649, 688, 607, 689, 690, 691, 478, 729, 478, + 813, 548, 548, 548, 548, 548, 548, 345, 218, 550, + 550, 550, 550, 550, 550, 550, 550, 550, 550, 551, + 127, 740, 813, 552, 552, 552, 552, 552, 606, 606, + + 606, 606, 606, 606, 606, 606, 606, 606, 447, 477, + 447, 477, 694, 608, 607, 608, 813, 552, 552, 552, + 552, 552, 552, 218, 556, 557, 558, 556, 556, 556, + 556, 556, 556, 556, 607, 609, 768, 609, 559, 559, + 559, 559, 559, 532, 534, 657, 657, 657, 657, 657, + 657, 651, 650, 651, 650, 597, 651, 651, 651, 651, + 651, 651, 559, 559, 559, 559, 559, 559, 813, 532, + 552, 552, 552, 552, 552, 552, 552, 552, 552, 552, + 100, 659, 652, 608, 652, 608, 100, 687, 687, 100, + 100, 687, 100, 100, 100, 127, 127, 127, 127, 127, + + 127, 127, 127, 127, 127, 687, 687, 687, 100, 127, + 127, 127, 127, 127, 127, 127, 560, 127, 127, 127, + 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, + 127, 101, 127, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 574, 577, 577, 577, 577, 577, 578, 575, 575, 575, + 575, 187, 723, 723, 532, 187, 198, 198, 198, 198, + 198, 198, 198, 198, 198, 198, 714, 187, 724, 724, + 198, 198, 198, 583, 198, 198, 198, 198, 198, 198, + 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, + + 198, 198, 650, 200, 187, 187, 187, 187, 187, 187, + 187, 187, 187, 187, 187, 187, 187, 187, 187, 187, + 187, 586, 587, 588, 589, 586, 586, 586, 586, 586, + 586, 661, 661, 661, 661, 661, 661, 661, 661, 661, + 661, 669, 670, 671, 669, 669, 669, 669, 669, 669, + 669, 717, 717, 717, 717, 717, 718, 101, 525, 526, + 526, 526, 526, 526, 526, 526, 526, 526, 526, 707, + 708, 709, 707, 707, 707, 707, 707, 707, 707, 668, + 668, 668, 668, 668, 668, 668, 668, 668, 668, 757, + 757, 757, 757, 757, 758, 101, 532, 813, 595, 595, + + 595, 595, 595, 595, 595, 595, 595, 595, 534, 714, + 470, 643, 594, 594, 594, 594, 594, 532, 532, 712, + 712, 712, 712, 712, 712, 696, 697, 696, 697, 659, + 714, 813, 218, 813, 813, 813, 594, 594, 594, 594, + 594, 594, 532, 551, 596, 596, 596, 596, 596, 596, + 596, 596, 596, 596, 597, 759, 642, 641, 598, 598, + 598, 598, 598, 716, 716, 716, 716, 716, 716, 716, + 716, 716, 716, 688, 640, 689, 690, 691, 651, 760, + 651, 692, 598, 598, 598, 598, 598, 598, 602, 603, + 604, 602, 602, 602, 602, 602, 602, 602, 605, 574, + + 574, 127, 606, 606, 606, 606, 606, 736, 737, 738, + 736, 736, 736, 736, 736, 736, 736, 791, 791, 791, + 791, 791, 791, 692, 574, 101, 606, 606, 606, 606, + 606, 606, 813, 630, 598, 598, 598, 598, 598, 598, + 598, 598, 598, 598, 607, 629, 610, 610, 610, 610, + 610, 611, 608, 608, 608, 608, 345, 218, 614, 614, + 614, 614, 614, 614, 614, 614, 614, 614, 551, 101, + 218, 778, 613, 613, 613, 613, 613, 813, 607, 689, + 690, 691, 813, 607, 813, 813, 691, 695, 470, 696, + 696, 696, 696, 696, 696, 779, 613, 613, 613, 613, + + 613, 613, 345, 218, 615, 615, 615, 615, 615, 615, + 615, 615, 615, 615, 747, 343, 747, 127, 616, 616, + 616, 616, 616, 748, 764, 748, 764, 692, 765, 797, + 765, 797, 692, 218, 723, 723, 723, 723, 723, 723, + 585, 582, 616, 616, 616, 616, 616, 616, 813, 581, + 616, 616, 616, 616, 616, 616, 616, 616, 616, 616, + 100, 693, 580, 693, 693, 693, 100, 693, 693, 100, + 100, 693, 100, 100, 100, 127, 127, 127, 127, 127, + 127, 127, 127, 127, 127, 693, 693, 693, 100, 127, + 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, + + 127, 127, 127, 127, 127, 127, 127, 620, 127, 127, + 127, 101, 127, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 625, 746, 579, 747, 747, 747, 747, 747, 747, 187, + 798, 574, 798, 187, 198, 198, 198, 198, 198, 198, + 198, 198, 198, 198, 626, 187, 574, 569, 198, 198, + 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, + 198, 198, 198, 198, 198, 198, 198, 198, 198, 198, + 568, 200, 187, 187, 187, 187, 187, 187, 187, 187, + 187, 187, 187, 187, 187, 187, 187, 187, 187, 644, + + 476, 645, 645, 645, 645, 645, 645, 645, 645, 645, + 645, 722, 722, 722, 722, 722, 722, 722, 722, 722, + 722, 532, 476, 753, 753, 753, 753, 753, 753, 755, + 476, 470, 755, 714, 343, 279, 755, 101, 650, 524, + 653, 653, 653, 653, 653, 654, 651, 651, 651, 651, + 532, 523, 657, 657, 657, 657, 657, 657, 657, 657, + 657, 657, 597, 522, 519, 518, 656, 656, 656, 656, + 656, 756, 756, 756, 756, 756, 756, 756, 756, 756, + 756, 532, 446, 777, 777, 777, 777, 777, 777, 446, + 656, 656, 656, 656, 656, 656, 532, 446, 658, 658, + + 658, 658, 658, 658, 658, 658, 658, 658, 659, 510, + 509, 101, 660, 660, 660, 660, 660, 735, 735, 735, + 735, 735, 735, 735, 735, 735, 735, 763, 101, 764, + 764, 764, 764, 764, 764, 101, 660, 660, 660, 660, + 660, 660, 664, 665, 666, 664, 664, 664, 664, 664, + 664, 664, 667, 101, 476, 476, 668, 668, 668, 668, + 668, 735, 735, 735, 735, 735, 735, 735, 735, 735, + 735, 470, 741, 343, 742, 742, 742, 742, 742, 742, + 668, 668, 668, 668, 668, 668, 813, 279, 660, 660, + 660, 660, 660, 660, 660, 660, 660, 660, 345, 218, + + 674, 674, 674, 674, 674, 674, 674, 674, 674, 674, + 101, 279, 463, 462, 673, 673, 673, 673, 673, 772, + 773, 774, 772, 772, 772, 772, 772, 772, 772, 796, + 461, 797, 797, 797, 797, 797, 797, 460, 673, 673, + 673, 673, 673, 673, 695, 459, 698, 698, 698, 698, + 698, 699, 700, 700, 700, 700, 704, 705, 706, 704, + 704, 704, 704, 704, 704, 704, 783, 784, 785, 783, + 783, 783, 783, 783, 783, 783, 791, 791, 791, 791, + 791, 791, 791, 791, 791, 791, 810, 810, 810, 810, + 810, 810, 101, 644, 458, 645, 645, 645, 645, 645, + + 645, 645, 645, 645, 645, 792, 792, 792, 792, 792, + 792, 792, 792, 792, 792, 793, 793, 793, 793, 793, + 794, 791, 791, 791, 791, 457, 795, 456, 455, 795, + 454, 101, 532, 795, 712, 712, 712, 712, 712, 712, + 712, 712, 712, 712, 659, 453, 452, 451, 711, 711, + 711, 711, 711, 786, 813, 787, 787, 787, 787, 787, + 787, 791, 791, 791, 791, 791, 791, 791, 791, 791, + 791, 446, 711, 711, 711, 711, 711, 711, 532, 446, + 713, 713, 713, 713, 713, 713, 713, 713, 713, 713, + 714, 101, 374, 441, 715, 715, 715, 715, 715, 791, + + 791, 791, 791, 791, 791, 791, 791, 791, 791, 440, + 434, 433, 432, 431, 430, 429, 428, 427, 715, 715, + 715, 715, 715, 715, 719, 720, 721, 719, 719, 719, + 719, 719, 719, 719, 426, 408, 343, 279, 722, 722, + 722, 722, 722, 804, 805, 806, 804, 804, 804, 804, + 804, 804, 804, 404, 279, 125, 807, 807, 807, 807, + 807, 807, 722, 722, 722, 722, 722, 722, 813, 398, + 715, 715, 715, 715, 715, 715, 715, 715, 715, 715, + 218, 725, 725, 725, 725, 725, 726, 723, 723, 723, + 723, 741, 101, 742, 742, 742, 742, 742, 742, 742, + + 742, 742, 742, 741, 397, 743, 743, 743, 743, 743, + 743, 743, 743, 743, 743, 741, 396, 744, 744, 744, + 744, 744, 745, 742, 742, 742, 742, 746, 393, 749, + 749, 749, 749, 749, 750, 747, 747, 747, 747, 532, + 392, 753, 753, 753, 753, 753, 753, 753, 753, 753, + 753, 714, 391, 390, 389, 752, 752, 752, 752, 752, + 810, 810, 810, 810, 810, 810, 810, 810, 810, 810, + 388, 315, 315, 315, 374, 376, 374, 375, 374, 752, + 752, 752, 752, 752, 752, 532, 368, 754, 754, 754, + 754, 754, 754, 754, 754, 754, 754, 367, 366, 365, + + 364, 755, 755, 755, 755, 755, 804, 804, 804, 804, + 804, 804, 804, 804, 804, 804, 363, 362, 359, 119, + 279, 343, 279, 125, 105, 755, 755, 755, 755, 755, + 755, 763, 333, 766, 766, 766, 766, 766, 767, 764, + 764, 764, 764, 100, 329, 769, 770, 771, 769, 769, + 769, 769, 769, 769, 769, 741, 328, 742, 742, 742, + 742, 742, 742, 742, 742, 742, 742, 741, 327, 742, + 742, 742, 742, 742, 742, 742, 742, 742, 742, 532, + 326, 777, 777, 777, 777, 777, 777, 777, 777, 777, + 777, 786, 325, 787, 787, 787, 787, 787, 787, 787, + + 787, 787, 787, 786, 324, 788, 788, 788, 788, 788, + 788, 788, 788, 788, 788, 786, 323, 789, 789, 789, + 789, 789, 790, 787, 787, 787, 787, 796, 322, 799, + 799, 799, 799, 799, 800, 797, 797, 797, 797, 100, + 191, 801, 802, 803, 801, 801, 801, 801, 801, 801, + 801, 786, 315, 787, 787, 787, 787, 787, 787, 787, + 787, 787, 787, 786, 315, 787, 787, 787, 787, 787, + 787, 787, 787, 787, 787, 807, 807, 807, 807, 807, + 807, 807, 807, 807, 807, 811, 811, 811, 811, 811, + 812, 810, 810, 810, 810, 810, 810, 810, 810, 810, + + 810, 810, 810, 810, 810, 250, 312, 309, 308, 307, + 306, 101, 801, 801, 801, 801, 801, 801, 801, 801, + 801, 801, 305, 300, 299, 298, 297, 296, 295, 294, + 293, 292, 291, 290, 289, 125, 117, 105, 105, 267, + 266, 265, 264, 259, 258, 257, 813, 188, 101, 808, + 808, 808, 808, 808, 809, 807, 807, 807, 807, 250, + 176, 177, 171, 171, 163, 248, 157, 157, 241, 240, + 239, 238, 237, 234, 233, 232, 231, 230, 225, 224, + 223, 222, 125, 100, 125, 101, 807, 807, 807, 807, + 807, 807, 807, 807, 807, 807, 190, 113, 210, 105, + + 103, 102, 101, 205, 204, 203, 202, 198, 177, 171, + 163, 133, 131, 157, 156, 153, 151, 137, 136, 135, + 132, 127, 101, 61, 61, 61, 61, 61, 61, 61, + 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, + 61, 61, 61, 61, 33, 33, 33, 33, 33, 33, + 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, + 33, 33, 33, 33, 33, 70, 70, 70, 70, 70, + 70, 70, 70, 70, 70, 70, 70, 70, 70, 70, + 70, 70, 70, 70, 70, 70, 77, 77, 77, 77, + 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, + + 77, 77, 77, 77, 77, 77, 77, 100, 125, 113, + 103, 102, 101, 813, 100, 813, 100, 100, 100, 100, + 813, 813, 100, 100, 100, 100, 100, 100, 104, 104, + 104, 104, 104, 104, 104, 104, 104, 104, 104, 104, + 104, 104, 104, 104, 104, 104, 104, 104, 104, 108, + 813, 813, 813, 813, 108, 813, 108, 813, 108, 108, + 108, 108, 108, 813, 108, 108, 108, 108, 108, 108, + 112, 813, 813, 813, 813, 813, 813, 112, 813, 112, + 112, 112, 112, 813, 813, 112, 112, 112, 112, 112, + 112, 114, 813, 813, 114, 114, 813, 114, 114, 813, + + 114, 114, 114, 114, 813, 813, 114, 114, 114, 114, + 114, 114, 124, 124, 813, 124, 813, 813, 813, 124, + 158, 813, 813, 158, 158, 813, 158, 158, 813, 158, + 158, 158, 158, 813, 813, 158, 158, 158, 158, 158, + 158, 162, 813, 813, 162, 162, 813, 162, 162, 813, + 162, 162, 162, 162, 813, 162, 162, 162, 813, 162, + 162, 162, 170, 813, 813, 170, 813, 813, 170, 170, + 813, 170, 170, 170, 170, 170, 813, 170, 170, 170, + 170, 170, 170, 174, 174, 174, 174, 174, 174, 174, + 174, 174, 174, 174, 174, 174, 174, 174, 174, 174, + + 174, 174, 174, 174, 176, 176, 813, 176, 813, 176, + 176, 176, 176, 176, 176, 176, 176, 176, 176, 176, + 176, 176, 176, 176, 176, 182, 813, 813, 813, 813, + 182, 813, 182, 813, 182, 182, 182, 182, 182, 813, + 182, 182, 182, 182, 182, 182, 186, 813, 813, 813, + 813, 813, 813, 186, 813, 186, 186, 186, 186, 813, + 186, 186, 186, 186, 186, 186, 186, 189, 813, 813, + 189, 189, 813, 189, 189, 813, 189, 189, 189, 189, + 813, 189, 189, 189, 189, 189, 189, 189, 208, 208, + 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, + + 208, 208, 208, 208, 208, 208, 208, 208, 208, 209, + 209, 813, 209, 209, 209, 209, 209, 209, 209, 209, + 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, + 115, 813, 813, 115, 115, 813, 115, 115, 813, 115, + 115, 115, 115, 813, 813, 115, 115, 115, 115, 115, + 115, 124, 124, 813, 124, 813, 813, 813, 124, 217, + 217, 813, 217, 813, 813, 813, 217, 219, 219, 219, + 813, 219, 813, 813, 813, 219, 158, 813, 813, 158, + 158, 813, 158, 158, 813, 158, 158, 158, 158, 813, + 813, 158, 158, 158, 158, 158, 158, 159, 813, 813, + + 159, 159, 813, 159, 159, 813, 159, 159, 159, 159, + 813, 813, 159, 159, 159, 159, 159, 159, 162, 813, + 813, 162, 162, 813, 162, 162, 813, 162, 162, 162, + 162, 813, 162, 162, 162, 813, 162, 162, 162, 170, + 813, 813, 170, 813, 813, 170, 170, 813, 170, 170, + 170, 170, 170, 813, 170, 170, 170, 170, 170, 170, + 185, 813, 813, 813, 813, 813, 813, 185, 813, 185, + 185, 185, 185, 813, 813, 185, 185, 185, 185, 185, + 185, 186, 813, 813, 813, 813, 813, 813, 186, 813, + 186, 186, 186, 186, 813, 186, 186, 186, 186, 186, + + 186, 186, 189, 813, 813, 189, 189, 813, 189, 189, + 813, 189, 189, 189, 189, 813, 189, 189, 189, 189, + 189, 189, 189, 200, 813, 813, 200, 200, 813, 200, + 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, + 268, 268, 268, 268, 268, 268, 268, 268, 268, 268, + 268, 275, 275, 813, 275, 813, 813, 813, 275, 281, + 281, 281, 813, 281, 813, 813, 813, 281, 337, 337, + 813, 337, 813, 813, 813, 337, 338, 338, 813, 338, + 813, 813, 813, 338, 342, 342, 813, 342, 813, 813, + 813, 342, 344, 344, 344, 813, 344, 813, 813, 813, + + 344, 200, 813, 813, 200, 200, 813, 200, 404, 404, + 813, 404, 813, 813, 813, 404, 406, 406, 813, 406, + 813, 813, 813, 406, 407, 407, 813, 407, 813, 813, + 813, 407, 409, 409, 409, 813, 409, 813, 813, 813, + 409, 413, 413, 413, 413, 813, 413, 813, 813, 813, + 413, 467, 467, 813, 467, 813, 813, 813, 467, 468, + 468, 813, 468, 813, 813, 813, 468, 469, 469, 813, + 469, 813, 813, 813, 469, 481, 481, 481, 813, 481, + 813, 813, 813, 481, 482, 482, 482, 482, 813, 482, + 813, 813, 813, 482, 208, 208, 208, 208, 208, 208, + + 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, + 208, 208, 208, 208, 208, 530, 530, 813, 530, 813, + 813, 813, 530, 531, 531, 813, 531, 813, 813, 813, + 531, 547, 547, 547, 813, 547, 813, 813, 813, 547, + 548, 548, 548, 548, 813, 548, 813, 813, 813, 548, + 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, + 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, + 208, 200, 813, 813, 200, 200, 813, 200, 187, 813, + 813, 813, 187, 187, 813, 187, 187, 187, 813, 813, + 187, 187, 590, 590, 813, 590, 813, 813, 813, 590, + + 594, 813, 594, 594, 813, 594, 813, 813, 813, 594, + 612, 612, 612, 813, 612, 813, 813, 813, 612, 613, + 613, 613, 613, 813, 613, 813, 813, 813, 613, 559, + 559, 813, 813, 559, 813, 813, 813, 559, 208, 208, + 208, 208, 208, 208, 208, 208, 208, 208, 208, 208, + 208, 208, 208, 208, 208, 208, 208, 208, 208, 200, + 813, 813, 200, 200, 813, 200, 187, 813, 813, 813, + 187, 187, 813, 187, 187, 187, 813, 813, 187, 187, + 655, 655, 813, 655, 813, 813, 813, 655, 656, 813, + 656, 656, 813, 656, 813, 813, 813, 656, 672, 672, + + 672, 813, 672, 813, 813, 813, 672, 673, 673, 673, + 813, 813, 673, 813, 813, 813, 673, 682, 682, 682, + 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, + 682, 682, 682, 682, 682, 682, 682, 682, 687, 687, + 813, 687, 687, 687, 813, 687, 813, 687, 687, 687, + 687, 813, 813, 687, 687, 687, 687, 687, 687, 693, + 693, 813, 693, 693, 693, 813, 693, 813, 693, 693, + 693, 693, 813, 813, 693, 693, 693, 693, 693, 693, + 200, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 200, 200, 813, 200, 200, 813, 200, 710, 710, + + 813, 710, 813, 813, 813, 710, 711, 813, 711, 711, + 813, 711, 813, 813, 813, 711, 727, 727, 813, 813, + 727, 813, 813, 813, 727, 693, 813, 813, 813, 813, + 813, 813, 693, 813, 693, 693, 693, 693, 813, 813, + 693, 693, 693, 693, 693, 693, 751, 751, 813, 751, + 813, 813, 813, 751, 752, 813, 752, 752, 813, 752, + 813, 813, 813, 752, 775, 775, 813, 775, 813, 813, + 813, 775, 776, 813, 776, 813, 813, 776, 813, 813, + 813, 776, 780, 780, 780, 780, 780, 780, 780, 780, + 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, + + 780, 780, 780, 15, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813 } ; -static yyconst short int yy_chk[3663] = +static yyconst short int yy_chk[5675] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -980,403 +1293,624 @@ static yyconst short int yy_chk[3663] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 2, 618, 3, - 20, 2, 70, 3, 47, 36, 50, 4, 34, 3, - 36, 4, 3, 11, 11, 11, 11, 4, 20, 34, - 4, 12, 12, 12, 12, 2, 2, 70, 47, 2, - - 77, 38, 602, 50, 3, 599, 44, 2, 3, 3, - 2, 3, 4, 597, 20, 38, 4, 4, 52, 4, - 5, 5, 5, 44, 5, 6, 6, 6, 52, 6, - 5, 11, 3, 25, 25, 6, 120, 25, 25, 12, - 4, 120, 5, 5, 66, 66, 77, 6, 6, 9, - 9, 9, 9, 9, 58, 25, 74, 74, 9, 9, - 9, 28, 28, 28, 28, 28, 28, 19, 5, 143, - 143, 58, 9, 6, 7, 7, 7, 19, 7, 25, - 19, 19, 19, 19, 19, 19, 19, 19, 27, 27, - 27, 27, 27, 27, 27, 27, 105, 9, 10, 10, - - 10, 10, 10, 76, 583, 105, 90, 10, 10, 10, - 43, 165, 43, 43, 43, 43, 43, 43, 43, 43, - 45, 10, 7, 7, 7, 7, 7, 7, 7, 7, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 533, 3, 38, 2, 52, 3, 49, 38, 50, + 4, 36, 3, 533, 4, 3, 11, 11, 11, 11, + 4, 22, 36, 4, 40, 5, 5, 5, 50, 5, + + 2, 2, 49, 52, 2, 5, 68, 68, 40, 3, + 807, 22, 2, 3, 3, 2, 3, 4, 54, 5, + 5, 4, 4, 148, 4, 6, 6, 6, 54, 6, + 799, 12, 12, 12, 12, 6, 11, 22, 3, 76, + 76, 72, 46, 27, 27, 5, 4, 27, 27, 6, + 6, 46, 47, 78, 9, 9, 9, 9, 9, 74, + 46, 164, 164, 9, 9, 9, 72, 27, 30, 30, + 30, 30, 30, 30, 79, 6, 7, 7, 7, 9, + 7, 12, 47, 47, 74, 148, 47, 60, 141, 81, + 81, 27, 81, 141, 47, 91, 60, 47, 10, 10, + + 10, 10, 10, 78, 9, 60, 91, 10, 10, 10, + 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, + 161, 798, 79, 10, 179, 161, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 8, 8, 8, 48, 8, 128, 10, 72, 45, 45, - 90, 76, 45, 79, 79, 165, 79, 128, 582, 127, - 45, 53, 48, 45, 53, 53, 53, 53, 53, 53, - 53, 53, 72, 86, 86, 86, 86, 86, 86, 86, - 86, 103, 103, 103, 103, 103, 103, 580, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 7, 7, 7, 7, 7, 8, 8, 8, 10, 8, + 86, 86, 86, 86, 86, 86, 86, 86, 86, 86, + 87, 87, 87, 87, 87, 87, 99, 101, 274, 101, + 101, 101, 179, 101, 101, 99, 149, 101, 106, 106, + 106, 106, 106, 106, 106, 106, 106, 106, 140, 149, + 140, 101, 101, 101, 274, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 26, 131, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 88, 127, 131, - 26, 26, 26, 26, 26, 130, 191, 112, 579, 55, - 55, 129, 112, 55, 55, 88, 112, 132, 112, 191, - 130, 202, 26, 132, 26, 26, 26, 26, 26, 26, - 32, 55, 140, 147, 147, 202, 32, 140, 575, 32, - 32, 88, 32, 32, 32, 32, 32, 32, 32, 32, - 32, 32, 32, 32, 129, 55, 32, 32, 32, 32, - 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, - 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, - - 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, - 32, 32, 32, 32, 32, 32, 32, 35, 35, 35, - 35, 35, 35, 35, 35, 35, 65, 118, 118, 35, - 35, 35, 35, 35, 159, 159, 65, 133, 35, 65, - 65, 65, 65, 65, 65, 65, 65, 133, 154, 154, - 201, 208, 201, 35, 35, 35, 35, 35, 35, 42, - 42, 42, 42, 42, 158, 42, 42, 175, 157, 42, - 64, 64, 64, 200, 64, 118, 175, 219, 64, 197, - 64, 42, 42, 42, 46, 198, 219, 208, 212, 200, - 198, 227, 64, 64, 46, 564, 154, 46, 46, 46, - - 46, 46, 46, 46, 46, 81, 560, 81, 81, 81, - 158, 81, 81, 227, 212, 81, 157, 245, 64, 87, - 87, 87, 87, 87, 87, 87, 87, 81, 81, 81, - 197, 94, 94, 556, 229, 94, 94, 204, 89, 229, - 46, 89, 89, 89, 89, 89, 89, 89, 89, 91, - 204, 91, 91, 94, 544, 91, 91, 239, 93, 91, - 93, 93, 93, 239, 93, 93, 246, 246, 93, 216, - 216, 216, 91, 91, 245, 289, 248, 94, 249, 260, - 93, 93, 93, 96, 249, 96, 96, 96, 260, 96, - 96, 248, 543, 96, 97, 97, 97, 97, 97, 97, - - 97, 97, 273, 290, 294, 96, 96, 96, 101, 101, - 101, 101, 101, 101, 101, 101, 102, 102, 102, 102, - 102, 102, 102, 102, 273, 290, 482, 291, 97, 98, - 98, 98, 98, 98, 98, 98, 98, 291, 247, 289, - 294, 98, 98, 98, 98, 98, 135, 135, 135, 135, - 135, 135, 135, 135, 332, 433, 285, 433, 137, 137, - 121, 285, 137, 137, 247, 98, 98, 98, 98, 98, - 98, 106, 106, 106, 106, 106, 106, 106, 106, 106, - 137, 247, 482, 106, 106, 106, 106, 106, 121, 121, - 303, 139, 121, 139, 139, 139, 307, 139, 139, 303, - - 121, 139, 528, 121, 137, 307, 332, 106, 106, 106, - 106, 106, 106, 139, 139, 139, 146, 146, 146, 146, - 146, 146, 146, 146, 150, 292, 324, 150, 150, 334, - 292, 324, 383, 524, 150, 163, 163, 163, 163, 163, - 163, 163, 163, 323, 523, 334, 385, 150, 164, 164, - 164, 164, 164, 164, 164, 164, 166, 522, 166, 166, - 167, 385, 166, 166, 167, 323, 166, 262, 262, 211, - 167, 211, 211, 211, 211, 211, 211, 262, 166, 166, - 166, 521, 167, 167, 168, 383, 168, 168, 168, 168, - 168, 168, 168, 168, 169, 327, 169, 169, 169, 169, - - 169, 169, 169, 169, 170, 211, 170, 170, 170, 170, - 170, 170, 170, 170, 203, 264, 264, 327, 203, 388, - 168, 308, 308, 380, 203, 264, 329, 515, 309, 309, - 169, 308, 311, 311, 498, 329, 203, 203, 309, 380, - 170, 171, 311, 171, 171, 171, 171, 171, 171, 171, - 171, 400, 400, 497, 388, 171, 171, 171, 171, 171, - 207, 207, 207, 207, 207, 207, 207, 207, 209, 335, - 209, 209, 209, 209, 209, 209, 209, 209, 335, 171, - 171, 171, 171, 171, 171, 174, 174, 174, 174, 174, - 174, 174, 174, 174, 207, 451, 451, 174, 174, 174, - - 174, 174, 527, 210, 209, 210, 210, 210, 210, 210, - 210, 210, 210, 220, 220, 220, 220, 220, 220, 220, - 220, 174, 174, 174, 174, 174, 174, 176, 176, 176, - 176, 176, 176, 176, 176, 176, 176, 465, 465, 210, - 176, 176, 176, 176, 176, 215, 215, 215, 215, 215, - 215, 215, 215, 215, 222, 222, 222, 222, 222, 222, - 222, 222, 386, 527, 176, 176, 176, 176, 176, 176, - 177, 177, 177, 177, 177, 177, 177, 177, 386, 466, - 466, 328, 177, 177, 177, 177, 177, 223, 223, 223, - 223, 223, 223, 225, 333, 225, 225, 225, 225, 225, - - 225, 225, 225, 328, 333, 493, 177, 177, 177, 177, - 177, 177, 221, 221, 221, 221, 221, 221, 221, 221, - 221, 221, 221, 353, 469, 469, 221, 221, 221, 221, - 221, 250, 353, 250, 250, 250, 250, 250, 250, 250, - 250, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 221, 221, 221, 221, 221, 221, 224, 224, 224, 224, - 224, 224, 224, 224, 224, 224, 354, 250, 479, 224, - 224, 224, 224, 224, 251, 354, 251, 251, 251, 251, - 251, 251, 251, 251, 261, 261, 261, 261, 261, 261, - 261, 261, 474, 224, 224, 224, 224, 224, 224, 252, - - 473, 252, 252, 252, 252, 252, 252, 252, 252, 370, - 251, 263, 263, 263, 263, 263, 263, 263, 263, 267, - 267, 267, 267, 267, 267, 267, 267, 481, 481, 267, - 472, 370, 505, 505, 470, 252, 265, 265, 265, 265, - 265, 265, 265, 265, 265, 265, 265, 268, 268, 268, - 268, 268, 268, 268, 268, 268, 268, 268, 376, 378, - 427, 268, 268, 268, 268, 268, 269, 269, 269, 269, - 269, 269, 269, 269, 270, 270, 270, 270, 270, 270, - 376, 378, 427, 516, 516, 268, 268, 268, 268, 268, - 268, 271, 271, 271, 271, 271, 271, 271, 271, 271, - - 271, 384, 525, 525, 271, 271, 271, 271, 271, 272, - 384, 272, 272, 272, 272, 272, 272, 272, 272, 293, - 293, 293, 293, 293, 293, 293, 293, 458, 271, 271, - 271, 271, 271, 271, 295, 395, 295, 295, 295, 295, - 295, 295, 295, 295, 297, 395, 297, 297, 297, 297, - 297, 297, 296, 293, 296, 296, 296, 296, 296, 296, - 296, 296, 317, 317, 317, 317, 317, 317, 444, 304, - 295, 304, 304, 304, 304, 304, 304, 304, 304, 440, - 297, 345, 345, 345, 345, 345, 345, 435, 296, 302, - 302, 302, 302, 302, 302, 302, 302, 302, 409, 551, - - 551, 302, 302, 302, 302, 302, 305, 409, 305, 305, - 305, 305, 305, 305, 305, 305, 310, 310, 310, 310, - 310, 310, 310, 310, 431, 302, 302, 302, 302, 302, - 302, 306, 430, 306, 306, 306, 306, 306, 306, 306, - 306, 312, 312, 312, 312, 312, 312, 312, 312, 312, - 312, 312, 314, 314, 314, 314, 314, 314, 314, 314, - 483, 429, 314, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 426, 483, 425, 315, 315, 315, - 315, 315, 316, 316, 316, 316, 316, 316, 316, 316, - 319, 410, 319, 319, 319, 319, 319, 319, 319, 319, - - 410, 315, 315, 315, 315, 315, 315, 318, 318, 318, - 318, 318, 318, 318, 318, 318, 318, 566, 566, 424, - 318, 318, 318, 318, 318, 336, 336, 336, 336, 336, - 336, 336, 336, 336, 337, 337, 337, 337, 337, 337, - 337, 337, 337, 423, 318, 318, 318, 318, 318, 318, - 338, 338, 338, 338, 338, 338, 338, 338, 338, 422, - 336, 342, 342, 342, 342, 342, 342, 342, 342, 337, - 344, 344, 344, 344, 344, 344, 344, 344, 364, 364, - 364, 364, 364, 364, 428, 338, 343, 397, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 397, 586, 586, - - 343, 343, 343, 343, 343, 347, 428, 347, 347, 347, - 347, 347, 347, 347, 347, 348, 348, 348, 348, 348, - 348, 348, 348, 393, 343, 343, 343, 343, 343, 343, - 346, 346, 346, 346, 346, 346, 346, 346, 346, 392, - 432, 432, 346, 346, 346, 346, 346, 350, 445, 350, - 350, 350, 350, 350, 350, 350, 350, 352, 445, 352, - 352, 352, 352, 352, 352, 382, 346, 346, 346, 346, - 346, 346, 351, 381, 351, 351, 351, 351, 351, 351, - 351, 351, 355, 355, 356, 356, 403, 403, 403, 403, - 403, 403, 355, 432, 356, 357, 357, 357, 357, 357, - - 357, 357, 357, 358, 358, 363, 363, 363, 363, 363, - 363, 363, 363, 358, 359, 359, 359, 359, 359, 359, - 359, 359, 359, 359, 359, 361, 361, 361, 361, 361, - 361, 361, 361, 590, 590, 361, 362, 362, 362, 362, - 362, 362, 362, 362, 362, 362, 362, 462, 603, 603, - 362, 362, 362, 362, 362, 366, 462, 366, 366, 366, - 366, 366, 366, 366, 366, 387, 387, 387, 387, 387, - 387, 387, 387, 375, 362, 362, 362, 362, 362, 362, - 365, 365, 365, 365, 365, 365, 365, 365, 365, 463, - 634, 634, 374, 365, 365, 365, 365, 365, 463, 387, - - 389, 389, 389, 389, 389, 389, 389, 389, 389, 391, - 391, 391, 391, 391, 391, 391, 373, 365, 365, 365, - 365, 365, 365, 390, 390, 390, 390, 390, 390, 390, - 390, 390, 471, 434, 372, 389, 394, 394, 394, 394, - 394, 394, 394, 394, 391, 396, 396, 396, 396, 396, - 396, 396, 396, 434, 471, 434, 434, 398, 390, 398, - 398, 398, 398, 398, 398, 398, 398, 398, 401, 487, - 401, 401, 401, 401, 401, 401, 401, 401, 401, 434, - 369, 368, 401, 401, 401, 401, 401, 402, 402, 402, - 402, 402, 402, 402, 402, 405, 367, 405, 405, 405, - - 405, 405, 405, 405, 405, 487, 401, 401, 401, 401, - 401, 401, 404, 404, 404, 404, 404, 404, 404, 404, - 404, 514, 349, 341, 404, 404, 404, 404, 404, 406, - 514, 406, 406, 406, 406, 406, 406, 406, 406, 420, - 420, 420, 420, 420, 420, 411, 411, 340, 404, 404, - 404, 404, 404, 404, 407, 411, 407, 407, 407, 407, - 407, 407, 407, 407, 408, 339, 408, 408, 408, 408, - 408, 408, 408, 408, 412, 412, 413, 413, 413, 413, - 413, 413, 413, 413, 412, 414, 414, 419, 419, 419, - 419, 419, 419, 419, 419, 414, 415, 415, 415, 415, - - 415, 415, 415, 415, 415, 415, 415, 417, 417, 417, - 417, 417, 417, 417, 417, 331, 330, 417, 418, 418, - 418, 418, 418, 418, 418, 418, 418, 418, 446, 326, - 325, 322, 418, 418, 418, 418, 418, 421, 446, 421, - 421, 421, 421, 421, 421, 421, 421, 447, 447, 447, - 447, 447, 447, 447, 447, 321, 418, 418, 418, 418, - 418, 418, 436, 448, 436, 436, 436, 436, 436, 436, - 436, 436, 437, 448, 437, 437, 437, 437, 437, 437, - 437, 437, 438, 499, 438, 438, 438, 438, 438, 438, - 438, 438, 491, 499, 570, 606, 320, 439, 436, 439, - - 439, 439, 439, 439, 439, 439, 439, 441, 437, 441, - 441, 441, 441, 441, 441, 441, 441, 442, 438, 442, - 442, 442, 442, 442, 442, 442, 442, 301, 491, 300, - 570, 606, 443, 439, 443, 443, 443, 443, 443, 443, - 443, 443, 449, 475, 449, 449, 449, 449, 449, 449, - 449, 449, 449, 452, 299, 452, 452, 452, 452, 452, - 452, 452, 452, 452, 477, 475, 518, 452, 452, 452, - 452, 452, 453, 453, 453, 453, 453, 453, 453, 453, - 454, 454, 454, 454, 454, 454, 477, 298, 518, 288, - 287, 452, 452, 452, 452, 452, 452, 455, 455, 455, - - 455, 455, 455, 455, 455, 455, 286, 284, 282, 455, - 455, 455, 455, 455, 456, 281, 456, 456, 456, 456, - 456, 456, 456, 456, 457, 457, 457, 457, 457, 457, - 457, 457, 280, 455, 455, 455, 455, 455, 455, 459, - 279, 459, 459, 459, 459, 459, 459, 459, 459, 460, - 480, 460, 460, 460, 460, 460, 460, 460, 460, 461, - 278, 461, 461, 461, 461, 461, 461, 464, 464, 685, - 480, 277, 480, 480, 685, 276, 275, 464, 467, 467, - 467, 467, 467, 467, 467, 467, 467, 467, 484, 259, - 484, 484, 484, 485, 258, 485, 485, 485, 486, 486, - - 486, 486, 486, 486, 486, 486, 488, 500, 488, 488, - 488, 488, 488, 488, 488, 488, 489, 500, 489, 489, - 489, 489, 489, 489, 489, 489, 257, 502, 545, 520, - 546, 256, 486, 254, 548, 253, 484, 502, 545, 244, - 546, 485, 488, 490, 548, 490, 490, 490, 490, 490, - 490, 520, 489, 492, 492, 492, 492, 492, 492, 492, - 492, 494, 243, 494, 494, 494, 494, 494, 494, 494, - 494, 508, 508, 508, 508, 508, 508, 242, 495, 490, - 495, 495, 495, 495, 495, 495, 495, 495, 496, 241, - 496, 496, 496, 496, 496, 496, 501, 501, 501, 501, - - 501, 501, 501, 501, 503, 561, 503, 503, 503, 503, - 503, 503, 503, 503, 503, 506, 581, 506, 506, 506, - 506, 506, 506, 506, 506, 506, 581, 561, 240, 506, - 506, 506, 506, 506, 507, 507, 507, 507, 507, 507, - 507, 507, 510, 237, 510, 510, 510, 510, 510, 510, - 510, 510, 235, 506, 506, 506, 506, 506, 506, 509, - 509, 509, 509, 509, 509, 509, 509, 234, 233, 232, - 231, 509, 509, 509, 509, 509, 511, 511, 511, 511, - 511, 511, 511, 511, 511, 512, 512, 512, 512, 512, - 512, 512, 512, 512, 563, 509, 509, 509, 509, 509, - - 509, 513, 513, 513, 513, 513, 513, 513, 513, 513, - 529, 230, 529, 529, 529, 530, 563, 530, 530, 530, - 531, 228, 531, 531, 531, 532, 226, 532, 532, 532, - 533, 218, 217, 533, 533, 533, 533, 533, 533, 533, - 533, 214, 587, 534, 534, 589, 535, 534, 535, 535, - 535, 213, 206, 536, 536, 205, 199, 536, 529, 534, - 534, 534, 196, 530, 587, 195, 194, 589, 531, 536, - 536, 536, 537, 532, 537, 537, 537, 537, 537, 537, - 537, 537, 538, 600, 538, 538, 538, 538, 538, 538, - 538, 538, 193, 539, 535, 539, 539, 539, 539, 539, - - 539, 539, 539, 192, 190, 600, 189, 540, 537, 540, - 540, 540, 540, 540, 540, 540, 540, 541, 538, 541, - 541, 541, 541, 541, 541, 541, 541, 188, 542, 539, - 542, 542, 542, 542, 542, 542, 542, 542, 547, 547, - 547, 547, 547, 547, 547, 547, 549, 187, 549, 549, - 549, 549, 549, 549, 549, 549, 549, 552, 186, 552, - 552, 552, 552, 552, 552, 552, 552, 185, 184, 183, - 182, 552, 552, 552, 552, 552, 553, 553, 553, 553, - 553, 553, 553, 553, 554, 554, 554, 554, 554, 554, - 181, 180, 179, 173, 172, 552, 552, 552, 552, 552, - - 552, 555, 162, 555, 555, 555, 555, 555, 555, 555, - 555, 557, 557, 557, 557, 557, 557, 557, 557, 557, - 558, 558, 558, 558, 558, 558, 558, 558, 558, 559, - 559, 559, 559, 559, 559, 559, 567, 567, 567, 567, - 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, - 568, 568, 569, 569, 569, 569, 569, 569, 569, 569, - 571, 161, 571, 571, 571, 571, 571, 571, 571, 571, - 572, 160, 572, 572, 572, 572, 572, 572, 572, 572, - 156, 155, 153, 149, 142, 573, 569, 573, 573, 573, - 573, 573, 573, 138, 136, 134, 571, 574, 574, 574, - - 574, 574, 574, 574, 574, 576, 572, 576, 576, 576, - 576, 576, 576, 576, 576, 126, 125, 124, 123, 122, - 577, 573, 577, 577, 577, 577, 577, 577, 577, 577, - 578, 117, 578, 578, 578, 578, 578, 578, 584, 116, - 584, 584, 584, 584, 584, 584, 584, 584, 591, 115, - 591, 591, 591, 591, 591, 591, 591, 591, 592, 114, - 592, 592, 592, 592, 592, 592, 592, 592, 593, 113, - 593, 593, 593, 593, 593, 593, 593, 593, 613, 613, - 613, 613, 613, 613, 591, 594, 594, 594, 594, 594, - 594, 594, 594, 111, 592, 595, 595, 595, 595, 595, - - 595, 595, 595, 110, 593, 596, 596, 596, 596, 596, - 596, 596, 596, 605, 605, 605, 605, 605, 605, 605, - 605, 607, 109, 607, 607, 607, 607, 607, 607, 607, - 607, 608, 108, 608, 608, 608, 608, 608, 608, 608, - 608, 104, 100, 99, 95, 92, 609, 605, 609, 609, - 609, 609, 609, 609, 84, 83, 82, 607, 611, 611, - 611, 611, 611, 611, 611, 611, 80, 608, 612, 612, - 612, 612, 612, 612, 612, 612, 75, 68, 61, 57, - 56, 54, 609, 615, 615, 615, 615, 615, 615, 615, - 615, 616, 616, 616, 616, 616, 616, 616, 616, 617, - - 617, 617, 617, 617, 617, 617, 617, 619, 619, 619, - 619, 619, 619, 619, 619, 51, 49, 615, 620, 620, - 620, 620, 620, 620, 41, 616, 40, 39, 37, 33, - 29, 23, 17, 617, 15, 14, 13, 0, 0, 0, - 0, 619, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 620, 622, 622, 622, 622, 622, 622, 622, - 622, 622, 622, 622, 622, 622, 622, 622, 622, 623, - 623, 623, 623, 623, 623, 623, 623, 623, 623, 623, - 623, 623, 623, 623, 623, 624, 624, 624, 624, 624, - 624, 624, 624, 624, 624, 624, 624, 624, 624, 624, - - 624, 625, 625, 625, 625, 625, 625, 625, 625, 625, - 625, 625, 625, 625, 625, 625, 625, 626, 0, 0, - 0, 0, 0, 0, 0, 626, 626, 626, 0, 0, - 626, 626, 626, 627, 627, 627, 627, 627, 627, 627, - 627, 627, 627, 627, 627, 627, 627, 627, 627, 628, - 0, 0, 0, 0, 628, 0, 0, 628, 628, 628, - 628, 0, 628, 628, 628, 629, 0, 0, 0, 0, - 0, 0, 0, 629, 629, 629, 0, 0, 629, 629, - 629, 630, 0, 0, 630, 630, 0, 630, 0, 630, - 630, 630, 0, 0, 630, 630, 630, 631, 631, 0, - - 0, 0, 631, 632, 0, 0, 632, 632, 0, 632, - 0, 632, 632, 632, 0, 0, 632, 632, 632, 633, - 0, 0, 633, 633, 0, 633, 0, 633, 633, 633, - 0, 633, 0, 633, 633, 635, 0, 0, 635, 0, - 0, 635, 0, 635, 635, 635, 635, 0, 635, 635, - 635, 636, 636, 636, 636, 636, 636, 636, 636, 636, - 636, 636, 636, 636, 636, 636, 636, 637, 637, 0, - 637, 0, 637, 637, 637, 637, 637, 637, 637, 637, - 637, 637, 637, 638, 638, 638, 638, 638, 638, 638, - 638, 638, 638, 638, 638, 638, 638, 638, 638, 639, - - 639, 0, 639, 639, 639, 639, 639, 639, 639, 639, - 639, 639, 639, 639, 639, 640, 0, 0, 0, 0, - 640, 0, 0, 640, 640, 640, 0, 0, 640, 640, - 640, 641, 0, 0, 641, 641, 0, 641, 0, 641, - 641, 641, 0, 0, 641, 641, 641, 642, 642, 0, - 0, 0, 642, 643, 643, 643, 0, 0, 0, 643, - 644, 0, 0, 644, 644, 0, 644, 0, 644, 644, - 644, 0, 0, 644, 644, 644, 645, 645, 645, 645, - 645, 645, 645, 645, 645, 645, 645, 645, 645, 645, - 645, 645, 646, 646, 0, 0, 0, 646, 647, 647, - - 647, 0, 0, 0, 647, 648, 648, 0, 0, 0, - 648, 649, 649, 0, 0, 0, 649, 650, 650, 0, - 0, 0, 650, 651, 651, 651, 0, 0, 0, 651, - 652, 652, 0, 0, 0, 652, 653, 653, 0, 0, - 0, 653, 654, 654, 0, 0, 0, 654, 655, 655, - 655, 0, 0, 0, 655, 656, 656, 656, 656, 0, - 0, 0, 656, 657, 657, 0, 0, 0, 657, 658, - 658, 0, 0, 0, 658, 659, 659, 0, 0, 0, - 659, 660, 660, 660, 0, 0, 0, 660, 661, 661, - 661, 661, 0, 0, 0, 661, 662, 662, 0, 0, - - 0, 662, 663, 663, 0, 0, 0, 663, 664, 664, - 664, 0, 0, 0, 664, 665, 665, 665, 665, 0, - 0, 0, 665, 666, 666, 0, 0, 0, 666, 667, - 0, 667, 667, 0, 0, 0, 667, 668, 668, 668, - 0, 0, 0, 668, 669, 669, 669, 669, 0, 0, - 0, 669, 670, 670, 0, 0, 0, 670, 671, 0, - 671, 671, 0, 0, 0, 671, 672, 672, 672, 0, - 0, 0, 672, 673, 673, 673, 0, 0, 0, 0, - 673, 674, 674, 674, 674, 674, 674, 674, 674, 674, - 674, 674, 674, 674, 674, 674, 674, 675, 675, 0, - - 675, 675, 675, 0, 0, 675, 675, 675, 0, 0, - 675, 675, 675, 676, 676, 0, 676, 676, 676, 0, - 0, 676, 676, 676, 0, 0, 676, 676, 676, 677, - 677, 0, 0, 0, 677, 678, 0, 678, 678, 0, - 0, 0, 678, 679, 679, 0, 0, 0, 0, 679, - 680, 680, 0, 0, 0, 680, 681, 0, 681, 681, - 0, 0, 0, 681, 682, 682, 0, 0, 0, 682, - 683, 0, 683, 0, 0, 0, 0, 683, 684, 684, - 684, 684, 684, 684, 684, 684, 684, 684, 684, 684, - 684, 684, 684, 684, 621, 621, 621, 621, 621, 621, - - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 621, 621, 621, 621, 621, 621, - 621, 621 + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 8, 8, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 21, 125, 153, 797, 82, 168, + 168, 270, 153, 178, 21, 784, 125, 21, 21, 21, + + 21, 21, 21, 21, 21, 21, 21, 28, 82, 28, + 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, + 152, 180, 180, 28, 28, 28, 28, 28, 151, 270, + 289, 57, 57, 152, 82, 57, 57, 123, 123, 123, + 123, 123, 123, 178, 151, 28, 154, 28, 28, 28, + 28, 28, 28, 34, 289, 57, 154, 500, 246, 34, + 246, 500, 34, 34, 313, 34, 34, 34, 34, 34, + 34, 34, 34, 34, 34, 34, 34, 34, 34, 57, + 313, 34, 34, 34, 34, 34, 34, 34, 34, 34, + 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, + + 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, + 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, + 34, 34, 34, 37, 37, 37, 37, 37, 37, 37, + 37, 37, 37, 37, 219, 783, 242, 37, 37, 37, + 37, 37, 245, 150, 236, 219, 37, 107, 107, 107, + 107, 107, 107, 107, 107, 107, 107, 247, 236, 245, + 303, 37, 37, 37, 37, 37, 37, 44, 44, 44, + 44, 44, 247, 44, 44, 311, 311, 44, 121, 121, + 121, 121, 121, 121, 121, 121, 121, 121, 150, 242, + 108, 44, 44, 44, 45, 303, 45, 45, 45, 45, + + 45, 45, 45, 45, 45, 45, 48, 66, 66, 66, + 108, 66, 304, 110, 370, 66, 48, 66, 304, 48, + 48, 48, 48, 48, 48, 48, 48, 48, 48, 132, + 243, 66, 66, 110, 132, 243, 108, 281, 132, 171, + 132, 83, 171, 171, 370, 138, 138, 83, 281, 171, + 83, 114, 114, 83, 83, 114, 114, 66, 182, 110, + 780, 302, 175, 175, 171, 48, 67, 83, 291, 83, + 183, 235, 235, 291, 235, 114, 67, 249, 182, 67, + 67, 67, 67, 67, 67, 67, 67, 67, 67, 302, + 183, 249, 83, 83, 84, 138, 777, 84, 84, 114, + + 84, 84, 84, 84, 182, 235, 84, 84, 111, 775, + 111, 111, 175, 314, 111, 111, 183, 369, 111, 314, + 84, 84, 84, 122, 122, 122, 122, 122, 122, 122, + 122, 122, 122, 111, 111, 156, 156, 156, 156, 156, + 156, 156, 156, 156, 156, 84, 84, 85, 310, 369, + 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85, 322, 357, 85, 85, 85, 85, + 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85, 85, 85, 85, 85, 322, 357, + 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, + + 85, 85, 85, 85, 85, 85, 85, 88, 310, 88, + 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, + 278, 278, 278, 88, 88, 88, 88, 88, 266, 266, + 113, 266, 113, 113, 113, 330, 113, 113, 330, 371, + 113, 196, 196, 196, 196, 196, 196, 88, 88, 88, + 88, 88, 88, 89, 113, 113, 113, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 453, 371, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 453, 89, 89, 89, 89, 89, + + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 92, 92, 92, 92, 92, 92, 92, + 92, 92, 92, 92, 377, 444, 378, 92, 92, 92, + 92, 92, 203, 344, 158, 158, 92, 203, 158, 158, + 323, 203, 444, 203, 344, 323, 301, 142, 378, 301, + 457, 92, 92, 92, 92, 92, 92, 97, 158, 97, + 97, 97, 97, 97, 97, 97, 97, 97, 97, 116, + 766, 116, 116, 116, 457, 116, 116, 142, 142, 116, + 301, 142, 158, 214, 214, 214, 214, 214, 214, 142, + 372, 377, 142, 116, 116, 116, 117, 117, 117, 117, + + 117, 117, 117, 117, 117, 117, 167, 167, 167, 167, + 167, 167, 167, 167, 167, 167, 346, 346, 765, 160, + 379, 160, 160, 160, 372, 160, 160, 764, 346, 160, + 400, 379, 117, 118, 118, 118, 118, 118, 118, 118, + 118, 118, 118, 160, 160, 160, 458, 118, 118, 118, + 118, 118, 191, 191, 191, 191, 191, 191, 191, 191, + 191, 191, 273, 273, 273, 273, 427, 427, 400, 755, + 458, 118, 118, 118, 118, 118, 118, 126, 126, 126, + 126, 126, 126, 126, 126, 126, 126, 126, 312, 498, + 754, 126, 126, 126, 126, 126, 194, 194, 194, 194, + + 194, 194, 194, 194, 194, 194, 285, 285, 285, 285, + 285, 285, 752, 498, 312, 126, 126, 126, 126, 126, + 126, 127, 127, 127, 127, 127, 127, 127, 127, 127, + 127, 127, 312, 562, 562, 127, 127, 127, 127, 127, + 184, 409, 184, 184, 373, 186, 184, 184, 380, 373, + 184, 186, 409, 380, 186, 348, 348, 186, 186, 127, + 127, 127, 127, 127, 127, 184, 184, 348, 413, 497, + 428, 186, 428, 186, 188, 497, 188, 188, 188, 413, + 188, 188, 429, 751, 188, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 526, 186, 186, 188, 188, + + 188, 189, 615, 615, 189, 189, 429, 189, 189, 189, + 189, 190, 431, 189, 189, 190, 502, 431, 414, 414, + 502, 190, 415, 415, 429, 433, 430, 189, 189, 189, + 414, 430, 526, 430, 415, 190, 190, 210, 210, 210, + 210, 210, 210, 210, 210, 210, 210, 432, 508, 433, + 432, 523, 189, 189, 192, 192, 192, 192, 192, 192, + 192, 192, 192, 192, 749, 508, 523, 433, 192, 192, + 192, 192, 192, 211, 211, 211, 211, 211, 211, 211, + 211, 211, 211, 319, 511, 319, 319, 319, 319, 319, + 319, 439, 192, 192, 192, 192, 192, 192, 197, 748, + + 513, 439, 197, 197, 197, 197, 197, 197, 197, 197, + 197, 197, 197, 197, 197, 442, 513, 197, 197, 197, + 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, + 197, 197, 197, 197, 197, 197, 197, 197, 197, 511, + 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, + 197, 197, 197, 197, 197, 197, 197, 197, 198, 198, + 198, 198, 198, 198, 198, 198, 198, 198, 198, 442, + 504, 506, 198, 198, 198, 198, 198, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 354, 354, 354, + 354, 354, 354, 434, 504, 506, 198, 198, 198, 198, + + 198, 198, 212, 747, 212, 212, 212, 212, 212, 212, + 212, 212, 212, 212, 248, 454, 737, 434, 248, 514, + 454, 561, 736, 561, 248, 282, 282, 282, 282, 282, + 282, 282, 282, 282, 282, 434, 514, 727, 248, 248, + 212, 215, 443, 215, 215, 215, 215, 215, 215, 215, + 215, 215, 215, 443, 564, 584, 564, 215, 215, 215, + 215, 215, 284, 284, 284, 284, 284, 284, 284, 284, + 284, 284, 423, 423, 423, 423, 423, 423, 571, 584, + 571, 215, 215, 215, 215, 215, 215, 218, 218, 218, + 218, 218, 218, 218, 218, 218, 218, 218, 589, 589, + + 589, 218, 218, 218, 218, 218, 315, 315, 315, 315, + 315, 315, 315, 315, 315, 315, 450, 725, 450, 450, + 450, 450, 450, 450, 724, 218, 218, 218, 218, 218, + 218, 220, 220, 220, 220, 220, 220, 220, 220, 220, + 220, 220, 220, 565, 616, 616, 220, 220, 220, 220, + 220, 345, 345, 345, 345, 345, 345, 345, 345, 345, + 345, 466, 466, 466, 466, 466, 466, 565, 623, 623, + 220, 220, 220, 220, 220, 220, 221, 221, 221, 221, + 221, 221, 221, 221, 221, 221, 221, 566, 625, 565, + 221, 221, 221, 221, 221, 347, 347, 347, 347, 347, + + 347, 347, 347, 347, 347, 473, 473, 473, 473, 473, + 473, 566, 625, 723, 221, 221, 221, 221, 221, 221, + 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, + 222, 631, 631, 566, 222, 222, 222, 222, 222, 351, + 351, 351, 351, 351, 351, 351, 351, 622, 711, 622, + 403, 351, 403, 403, 403, 403, 403, 403, 222, 222, + 222, 222, 222, 222, 253, 627, 253, 253, 253, 253, + 253, 253, 253, 253, 253, 253, 254, 254, 254, 254, + 254, 254, 254, 254, 254, 254, 254, 710, 403, 627, + 254, 254, 254, 254, 254, 353, 353, 353, 353, 353, + + 353, 353, 353, 353, 353, 480, 708, 480, 480, 480, + 480, 480, 480, 707, 254, 254, 254, 254, 254, 254, + 256, 256, 256, 256, 256, 256, 256, 256, 256, 256, + 529, 529, 529, 529, 256, 256, 256, 256, 256, 416, + 416, 416, 416, 416, 416, 416, 416, 416, 416, 492, + 492, 492, 492, 492, 492, 674, 674, 700, 256, 256, + 256, 256, 256, 256, 269, 269, 269, 269, 269, 269, + 269, 269, 269, 269, 417, 417, 420, 420, 420, 420, + 420, 420, 420, 420, 680, 680, 417, 535, 420, 422, + 422, 422, 422, 422, 422, 422, 422, 422, 422, 535, + + 269, 277, 277, 277, 277, 277, 277, 277, 277, 277, + 277, 277, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 445, 683, 683, 283, 283, + 283, 283, 283, 570, 570, 445, 446, 446, 446, 446, + 446, 446, 446, 446, 446, 446, 541, 541, 541, 541, + 541, 541, 283, 283, 283, 283, 283, 283, 286, 286, + 286, 286, 286, 286, 286, 286, 286, 286, 286, 286, + 679, 698, 679, 286, 286, 286, 286, 286, 465, 465, + 465, 465, 465, 465, 465, 465, 465, 465, 570, 563, + 697, 624, 620, 481, 563, 620, 624, 286, 286, 286, + + 286, 286, 286, 287, 481, 287, 287, 287, 287, 287, + 287, 287, 287, 287, 287, 320, 320, 320, 320, 320, + 320, 320, 320, 320, 320, 696, 621, 640, 643, 320, + 320, 320, 320, 320, 470, 470, 470, 470, 470, 470, + 470, 470, 470, 470, 558, 558, 558, 558, 558, 558, + 621, 640, 643, 320, 320, 320, 320, 320, 320, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 643, + 630, 693, 621, 321, 321, 321, 321, 321, 472, 472, + 472, 472, 472, 472, 472, 472, 472, 472, 648, 648, + 648, 648, 630, 482, 630, 630, 691, 321, 321, 321, + + 321, 321, 321, 334, 482, 334, 334, 334, 334, 334, + 334, 334, 334, 334, 334, 335, 595, 335, 335, 335, + 335, 335, 335, 335, 335, 335, 335, 336, 595, 336, + 336, 336, 336, 336, 336, 336, 336, 336, 336, 339, + 339, 339, 339, 339, 339, 339, 339, 339, 339, 339, + 349, 349, 349, 349, 349, 349, 349, 349, 349, 349, + 349, 349, 349, 572, 685, 633, 349, 349, 349, 349, + 349, 476, 476, 476, 476, 476, 476, 476, 476, 476, + 476, 633, 731, 824, 731, 572, 824, 572, 572, 645, + 349, 349, 349, 349, 349, 349, 352, 352, 352, 352, + + 352, 352, 352, 352, 352, 352, 352, 352, 352, 483, + 483, 572, 352, 352, 352, 352, 352, 484, 484, 486, + 486, 483, 496, 501, 503, 733, 733, 645, 685, 484, + 676, 486, 496, 501, 686, 503, 352, 352, 352, 352, + 352, 352, 355, 355, 355, 355, 355, 355, 355, 355, + 355, 355, 355, 355, 676, 682, 641, 355, 355, 355, + 355, 355, 485, 485, 485, 485, 485, 485, 485, 485, + 485, 485, 604, 604, 604, 604, 604, 604, 512, 632, + 641, 355, 355, 355, 355, 355, 355, 356, 512, 356, + 356, 356, 356, 356, 356, 356, 356, 356, 356, 383, + + 641, 383, 383, 383, 383, 383, 383, 383, 383, 383, + 383, 384, 384, 384, 384, 384, 384, 384, 384, 384, + 384, 762, 762, 781, 781, 384, 384, 384, 384, 384, + 489, 489, 489, 489, 489, 489, 489, 489, 632, 882, + 882, 611, 489, 611, 611, 611, 611, 611, 611, 384, + 384, 384, 384, 384, 384, 399, 399, 399, 399, 399, + 399, 399, 399, 399, 399, 491, 491, 491, 491, 491, + 491, 491, 491, 491, 491, 532, 532, 532, 532, 532, + 532, 532, 532, 532, 532, 639, 681, 639, 639, 639, + 649, 399, 401, 596, 401, 401, 401, 401, 401, 401, + + 401, 401, 401, 401, 402, 596, 402, 402, 402, 402, + 402, 402, 402, 402, 402, 402, 408, 408, 408, 408, + 408, 408, 408, 408, 408, 408, 408, 701, 649, 728, + 408, 408, 408, 408, 408, 534, 534, 534, 534, 534, + 534, 534, 534, 534, 534, 675, 836, 742, 787, 836, + 547, 701, 673, 728, 408, 408, 408, 408, 408, 408, + 412, 547, 412, 412, 412, 412, 412, 412, 412, 412, + 412, 412, 418, 418, 418, 418, 418, 418, 418, 418, + 418, 418, 418, 418, 418, 742, 787, 670, 418, 418, + 418, 418, 418, 538, 598, 538, 538, 538, 538, 538, + + 538, 827, 827, 827, 669, 538, 598, 634, 739, 634, + 634, 634, 418, 418, 418, 418, 418, 418, 421, 421, + 421, 421, 421, 421, 421, 421, 421, 421, 421, 421, + 421, 853, 739, 853, 421, 421, 421, 421, 421, 540, + 540, 540, 540, 540, 540, 540, 540, 540, 540, 578, + 578, 578, 578, 578, 578, 578, 656, 634, 421, 421, + 421, 421, 421, 421, 424, 424, 424, 424, 424, 424, + 424, 424, 424, 424, 424, 424, 548, 549, 549, 424, + 424, 424, 424, 424, 550, 550, 612, 548, 613, 549, + 552, 552, 844, 844, 844, 655, 550, 612, 657, 613, + + 759, 642, 552, 424, 424, 424, 424, 424, 424, 425, + 657, 425, 425, 425, 425, 425, 425, 425, 425, 425, + 425, 426, 653, 768, 759, 642, 854, 426, 854, 916, + 426, 426, 916, 426, 426, 426, 426, 426, 426, 426, + 426, 426, 426, 426, 426, 426, 642, 768, 652, 426, + 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, + 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, + 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, + 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, + 426, 464, 464, 464, 464, 464, 464, 464, 464, 464, + + 464, 464, 555, 555, 555, 555, 555, 555, 555, 555, + 865, 651, 865, 658, 555, 557, 557, 557, 557, 557, + 557, 557, 557, 557, 557, 658, 883, 883, 464, 471, + 660, 471, 471, 471, 471, 471, 471, 471, 471, 471, + 471, 471, 660, 637, 702, 471, 471, 471, 471, 471, + 574, 574, 574, 574, 574, 574, 574, 574, 574, 574, + 619, 619, 619, 619, 619, 619, 619, 619, 702, 471, + 471, 471, 471, 471, 471, 474, 474, 474, 474, 474, + 474, 474, 474, 474, 474, 474, 778, 636, 702, 474, + 474, 474, 474, 474, 587, 587, 587, 587, 587, 587, + + 587, 587, 587, 587, 866, 870, 866, 870, 614, 614, + 778, 894, 894, 474, 474, 474, 474, 474, 474, 475, + 614, 475, 475, 475, 475, 475, 475, 475, 475, 475, + 475, 487, 487, 487, 487, 487, 487, 487, 487, 487, + 487, 487, 487, 487, 678, 629, 703, 487, 487, 487, + 487, 487, 588, 588, 588, 588, 588, 588, 588, 588, + 588, 588, 635, 610, 635, 635, 635, 871, 678, 871, + 703, 487, 487, 487, 487, 487, 487, 490, 490, 490, + 490, 490, 490, 490, 490, 490, 490, 490, 490, 490, + 678, 703, 740, 490, 490, 490, 490, 490, 597, 597, + + 597, 597, 597, 597, 597, 597, 597, 597, 875, 878, + 875, 878, 635, 888, 609, 888, 740, 490, 490, 490, + 490, 490, 490, 493, 493, 493, 493, 493, 493, 493, + 493, 493, 493, 493, 608, 889, 740, 889, 493, 493, + 493, 493, 493, 601, 594, 601, 601, 601, 601, 601, + 601, 897, 592, 897, 654, 601, 654, 654, 654, 654, + 654, 654, 493, 493, 493, 493, 493, 493, 494, 712, + 494, 494, 494, 494, 494, 494, 494, 494, 494, 494, + 495, 712, 898, 901, 898, 901, 495, 692, 692, 495, + 495, 692, 495, 495, 495, 495, 495, 495, 495, 495, + + 495, 495, 495, 495, 495, 692, 692, 692, 495, 495, + 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, + 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, + 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, + 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, + 517, 517, 517, 517, 517, 517, 517, 517, 517, 517, + 517, 522, 913, 913, 713, 522, 522, 522, 522, 522, + 522, 522, 522, 522, 522, 522, 713, 522, 914, 914, + 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, + 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, + + 522, 522, 591, 522, 522, 522, 522, 522, 522, 522, + 522, 522, 522, 522, 522, 522, 522, 522, 522, 522, + 522, 525, 525, 525, 525, 525, 525, 525, 525, 525, + 525, 603, 603, 603, 603, 603, 603, 603, 603, 603, + 603, 607, 607, 607, 607, 607, 607, 607, 607, 607, + 607, 666, 666, 666, 666, 666, 666, 525, 527, 527, + 527, 527, 527, 527, 527, 527, 527, 527, 527, 650, + 650, 650, 650, 650, 650, 650, 650, 650, 650, 659, + 659, 659, 659, 659, 659, 659, 659, 659, 659, 721, + 721, 721, 721, 721, 721, 527, 536, 715, 536, 536, + + 536, 536, 536, 536, 536, 536, 536, 536, 536, 715, + 590, 582, 536, 536, 536, 536, 536, 663, 753, 663, + 663, 663, 663, 663, 663, 907, 908, 907, 908, 663, + 753, 687, 672, 687, 687, 687, 536, 536, 536, 536, + 536, 536, 539, 672, 539, 539, 539, 539, 539, 539, + 539, 539, 539, 539, 539, 730, 581, 580, 539, 539, + 539, 539, 539, 665, 665, 665, 665, 665, 665, 665, + 665, 665, 665, 688, 579, 688, 688, 688, 910, 730, + 910, 687, 539, 539, 539, 539, 539, 539, 542, 542, + 542, 542, 542, 542, 542, 542, 542, 542, 542, 577, + + 576, 730, 542, 542, 542, 542, 542, 695, 695, 695, + 695, 695, 695, 695, 695, 695, 695, 794, 794, 794, + 794, 794, 794, 688, 575, 573, 542, 542, 542, 542, + 542, 542, 543, 569, 543, 543, 543, 543, 543, 543, + 543, 543, 543, 543, 546, 568, 546, 546, 546, 546, + 546, 546, 546, 546, 546, 546, 553, 553, 553, 553, + 553, 553, 553, 553, 553, 553, 553, 553, 553, 567, + 551, 761, 553, 553, 553, 553, 553, 689, 545, 689, + 689, 689, 690, 544, 690, 690, 690, 699, 531, 699, + 699, 699, 699, 699, 699, 761, 553, 553, 553, 553, + + 553, 553, 556, 556, 556, 556, 556, 556, 556, 556, + 556, 556, 556, 556, 918, 530, 918, 761, 556, 556, + 556, 556, 556, 919, 923, 919, 923, 689, 924, 929, + 924, 929, 690, 726, 726, 726, 726, 726, 726, 726, + 524, 521, 556, 556, 556, 556, 556, 556, 559, 520, + 559, 559, 559, 559, 559, 559, 559, 559, 559, 559, + 560, 694, 519, 694, 694, 694, 560, 694, 694, 560, + 560, 694, 560, 560, 560, 560, 560, 560, 560, 560, + 560, 560, 560, 560, 560, 694, 694, 694, 560, 560, + 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, + + 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, + 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, + 560, 560, 560, 560, 560, 560, 560, 560, 560, 560, + 583, 750, 518, 750, 750, 750, 750, 750, 750, 583, + 930, 516, 930, 583, 583, 583, 583, 583, 583, 583, + 583, 583, 583, 583, 583, 583, 515, 510, 583, 583, + 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, + 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, + 509, 583, 583, 583, 583, 583, 583, 583, 583, 583, + 583, 583, 583, 583, 583, 583, 583, 583, 583, 586, + + 479, 586, 586, 586, 586, 586, 586, 586, 586, 586, + 586, 714, 714, 714, 714, 714, 714, 714, 714, 714, + 714, 718, 478, 718, 718, 718, 718, 718, 718, 922, + 477, 469, 922, 718, 468, 467, 922, 586, 593, 463, + 593, 593, 593, 593, 593, 593, 593, 593, 593, 593, + 599, 456, 599, 599, 599, 599, 599, 599, 599, 599, + 599, 599, 599, 455, 452, 451, 599, 599, 599, 599, + 599, 720, 720, 720, 720, 720, 720, 720, 720, 720, + 720, 758, 449, 758, 758, 758, 758, 758, 758, 448, + 599, 599, 599, 599, 599, 599, 602, 447, 602, 602, + + 602, 602, 602, 602, 602, 602, 602, 602, 602, 441, + 440, 438, 602, 602, 602, 602, 602, 734, 734, 734, + 734, 734, 734, 734, 734, 734, 734, 767, 437, 767, + 767, 767, 767, 767, 767, 436, 602, 602, 602, 602, + 602, 602, 605, 605, 605, 605, 605, 605, 605, 605, + 605, 605, 605, 435, 411, 410, 605, 605, 605, 605, + 605, 735, 735, 735, 735, 735, 735, 735, 735, 735, + 735, 407, 745, 406, 745, 745, 745, 745, 745, 745, + 605, 605, 605, 605, 605, 605, 606, 405, 606, 606, + 606, 606, 606, 606, 606, 606, 606, 606, 617, 617, + + 617, 617, 617, 617, 617, 617, 617, 617, 617, 617, + 745, 404, 398, 397, 617, 617, 617, 617, 617, 746, + 746, 746, 746, 746, 746, 746, 746, 746, 746, 800, + 396, 800, 800, 800, 800, 800, 800, 395, 617, 617, + 617, 617, 617, 617, 638, 394, 638, 638, 638, 638, + 638, 638, 638, 638, 638, 638, 644, 644, 644, 644, + 644, 644, 644, 644, 644, 644, 763, 763, 763, 763, + 763, 763, 763, 763, 763, 763, 772, 772, 772, 772, + 772, 772, 772, 772, 772, 772, 812, 812, 812, 812, + 812, 812, 644, 646, 393, 646, 646, 646, 646, 646, + + 646, 646, 646, 646, 646, 773, 773, 773, 773, 773, + 773, 773, 773, 773, 773, 774, 774, 774, 774, 774, + 774, 774, 774, 774, 774, 392, 928, 391, 390, 928, + 389, 646, 661, 928, 661, 661, 661, 661, 661, 661, + 661, 661, 661, 661, 661, 388, 387, 386, 661, 661, + 661, 661, 661, 790, 385, 790, 790, 790, 790, 790, + 790, 792, 792, 792, 792, 792, 792, 792, 792, 792, + 792, 382, 661, 661, 661, 661, 661, 661, 664, 381, + 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, + 664, 790, 376, 375, 664, 664, 664, 664, 664, 793, + + 793, 793, 793, 793, 793, 793, 793, 793, 793, 374, + 368, 366, 365, 364, 363, 362, 361, 360, 664, 664, + 664, 664, 664, 664, 667, 667, 667, 667, 667, 667, + 667, 667, 667, 667, 359, 343, 342, 341, 667, 667, + 667, 667, 667, 796, 796, 796, 796, 796, 796, 796, + 796, 796, 796, 340, 338, 337, 809, 809, 809, 809, + 809, 809, 667, 667, 667, 667, 667, 667, 668, 333, + 668, 668, 668, 668, 668, 668, 668, 668, 668, 668, + 671, 671, 671, 671, 671, 671, 671, 671, 671, 671, + 671, 704, 809, 704, 704, 704, 704, 704, 704, 704, + + 704, 704, 704, 705, 332, 705, 705, 705, 705, 705, + 705, 705, 705, 705, 705, 706, 331, 706, 706, 706, + 706, 706, 706, 706, 706, 706, 706, 709, 329, 709, + 709, 709, 709, 709, 709, 709, 709, 709, 709, 716, + 328, 716, 716, 716, 716, 716, 716, 716, 716, 716, + 716, 716, 327, 326, 325, 716, 716, 716, 716, 716, + 804, 804, 804, 804, 804, 804, 804, 804, 804, 804, + 324, 318, 317, 316, 309, 308, 307, 306, 305, 716, + 716, 716, 716, 716, 716, 719, 299, 719, 719, 719, + 719, 719, 719, 719, 719, 719, 719, 297, 296, 295, + + 294, 719, 719, 719, 719, 719, 805, 805, 805, 805, + 805, 805, 805, 805, 805, 805, 293, 292, 290, 288, + 280, 279, 276, 275, 268, 719, 719, 719, 719, 719, + 719, 738, 267, 738, 738, 738, 738, 738, 738, 738, + 738, 738, 738, 741, 265, 741, 741, 741, 741, 741, + 741, 741, 741, 741, 741, 743, 264, 743, 743, 743, + 743, 743, 743, 743, 743, 743, 743, 744, 263, 744, + 744, 744, 744, 744, 744, 744, 744, 744, 744, 756, + 262, 756, 756, 756, 756, 756, 756, 756, 756, 756, + 756, 769, 261, 769, 769, 769, 769, 769, 769, 769, + + 769, 769, 769, 770, 260, 770, 770, 770, 770, 770, + 770, 770, 770, 770, 770, 771, 259, 771, 771, 771, + 771, 771, 771, 771, 771, 771, 771, 785, 258, 785, + 785, 785, 785, 785, 785, 785, 785, 785, 785, 786, + 255, 786, 786, 786, 786, 786, 786, 786, 786, 786, + 786, 788, 252, 788, 788, 788, 788, 788, 788, 788, + 788, 788, 788, 789, 251, 789, 789, 789, 789, 789, + 789, 789, 789, 789, 789, 801, 801, 801, 801, 801, + 801, 801, 801, 801, 801, 806, 806, 806, 806, 806, + 806, 806, 806, 806, 806, 811, 811, 811, 811, 811, + + 811, 811, 811, 811, 811, 250, 244, 241, 240, 239, + 238, 801, 802, 802, 802, 802, 802, 802, 802, 802, + 802, 802, 237, 234, 233, 232, 231, 230, 229, 228, + 227, 226, 225, 224, 223, 217, 216, 209, 208, 207, + 206, 205, 204, 202, 201, 199, 193, 185, 802, 803, + 803, 803, 803, 803, 803, 803, 803, 803, 803, 181, + 177, 176, 174, 170, 163, 159, 157, 155, 147, 146, + 145, 144, 143, 137, 136, 135, 134, 133, 131, 130, + 129, 128, 124, 120, 119, 803, 808, 808, 808, 808, + 808, 808, 808, 808, 808, 808, 115, 112, 109, 104, + + 103, 102, 100, 96, 95, 94, 93, 90, 77, 70, + 63, 59, 58, 56, 55, 53, 51, 43, 42, 41, + 39, 35, 808, 814, 814, 814, 814, 814, 814, 814, + 814, 814, 814, 814, 814, 814, 814, 814, 814, 814, + 814, 814, 814, 814, 815, 815, 815, 815, 815, 815, + 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, + 815, 815, 815, 815, 815, 816, 816, 816, 816, 816, + 816, 816, 816, 816, 816, 816, 816, 816, 816, 816, + 816, 816, 816, 816, 816, 816, 817, 817, 817, 817, + 817, 817, 817, 817, 817, 817, 817, 817, 817, 817, + + 817, 817, 817, 817, 817, 817, 817, 818, 31, 25, + 19, 17, 16, 15, 818, 0, 818, 818, 818, 818, + 0, 0, 818, 818, 818, 818, 818, 818, 819, 819, + 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, + 819, 819, 819, 819, 819, 819, 819, 819, 819, 820, + 0, 0, 0, 0, 820, 0, 820, 0, 820, 820, + 820, 820, 820, 0, 820, 820, 820, 820, 820, 820, + 821, 0, 0, 0, 0, 0, 0, 821, 0, 821, + 821, 821, 821, 0, 0, 821, 821, 821, 821, 821, + 821, 822, 0, 0, 822, 822, 0, 822, 822, 0, + + 822, 822, 822, 822, 0, 0, 822, 822, 822, 822, + 822, 822, 823, 823, 0, 823, 0, 0, 0, 823, + 825, 0, 0, 825, 825, 0, 825, 825, 0, 825, + 825, 825, 825, 0, 0, 825, 825, 825, 825, 825, + 825, 826, 0, 0, 826, 826, 0, 826, 826, 0, + 826, 826, 826, 826, 0, 826, 826, 826, 0, 826, + 826, 826, 828, 0, 0, 828, 0, 0, 828, 828, + 0, 828, 828, 828, 828, 828, 0, 828, 828, 828, + 828, 828, 828, 829, 829, 829, 829, 829, 829, 829, + 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, + + 829, 829, 829, 829, 830, 830, 0, 830, 0, 830, + 830, 830, 830, 830, 830, 830, 830, 830, 830, 830, + 830, 830, 830, 830, 830, 831, 0, 0, 0, 0, + 831, 0, 831, 0, 831, 831, 831, 831, 831, 0, + 831, 831, 831, 831, 831, 831, 832, 0, 0, 0, + 0, 0, 0, 832, 0, 832, 832, 832, 832, 0, + 832, 832, 832, 832, 832, 832, 832, 833, 0, 0, + 833, 833, 0, 833, 833, 0, 833, 833, 833, 833, + 0, 833, 833, 833, 833, 833, 833, 833, 834, 834, + 834, 834, 834, 834, 834, 834, 834, 834, 834, 834, + + 834, 834, 834, 834, 834, 834, 834, 834, 834, 835, + 835, 0, 835, 835, 835, 835, 835, 835, 835, 835, + 835, 835, 835, 835, 835, 835, 835, 835, 835, 835, + 837, 0, 0, 837, 837, 0, 837, 837, 0, 837, + 837, 837, 837, 0, 0, 837, 837, 837, 837, 837, + 837, 838, 838, 0, 838, 0, 0, 0, 838, 839, + 839, 0, 839, 0, 0, 0, 839, 840, 840, 840, + 0, 840, 0, 0, 0, 840, 841, 0, 0, 841, + 841, 0, 841, 841, 0, 841, 841, 841, 841, 0, + 0, 841, 841, 841, 841, 841, 841, 842, 0, 0, + + 842, 842, 0, 842, 842, 0, 842, 842, 842, 842, + 0, 0, 842, 842, 842, 842, 842, 842, 843, 0, + 0, 843, 843, 0, 843, 843, 0, 843, 843, 843, + 843, 0, 843, 843, 843, 0, 843, 843, 843, 845, + 0, 0, 845, 0, 0, 845, 845, 0, 845, 845, + 845, 845, 845, 0, 845, 845, 845, 845, 845, 845, + 846, 0, 0, 0, 0, 0, 0, 846, 0, 846, + 846, 846, 846, 0, 0, 846, 846, 846, 846, 846, + 846, 847, 0, 0, 0, 0, 0, 0, 847, 0, + 847, 847, 847, 847, 0, 847, 847, 847, 847, 847, + + 847, 847, 848, 0, 0, 848, 848, 0, 848, 848, + 0, 848, 848, 848, 848, 0, 848, 848, 848, 848, + 848, 848, 848, 849, 0, 0, 849, 849, 0, 849, + 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, + 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, + 850, 851, 851, 0, 851, 0, 0, 0, 851, 852, + 852, 852, 0, 852, 0, 0, 0, 852, 855, 855, + 0, 855, 0, 0, 0, 855, 856, 856, 0, 856, + 0, 0, 0, 856, 857, 857, 0, 857, 0, 0, + 0, 857, 858, 858, 858, 0, 858, 0, 0, 0, + + 858, 859, 0, 0, 859, 859, 0, 859, 860, 860, + 0, 860, 0, 0, 0, 860, 861, 861, 0, 861, + 0, 0, 0, 861, 862, 862, 0, 862, 0, 0, + 0, 862, 863, 863, 863, 0, 863, 0, 0, 0, + 863, 864, 864, 864, 864, 0, 864, 0, 0, 0, + 864, 867, 867, 0, 867, 0, 0, 0, 867, 868, + 868, 0, 868, 0, 0, 0, 868, 869, 869, 0, + 869, 0, 0, 0, 869, 872, 872, 872, 0, 872, + 0, 0, 0, 872, 873, 873, 873, 873, 0, 873, + 0, 0, 0, 873, 874, 874, 874, 874, 874, 874, + + 874, 874, 874, 874, 874, 874, 874, 874, 874, 874, + 874, 874, 874, 874, 874, 876, 876, 0, 876, 0, + 0, 0, 876, 877, 877, 0, 877, 0, 0, 0, + 877, 879, 879, 879, 0, 879, 0, 0, 0, 879, + 880, 880, 880, 880, 0, 880, 0, 0, 0, 880, + 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, + 881, 881, 881, 881, 881, 881, 881, 881, 881, 881, + 881, 884, 0, 0, 884, 884, 0, 884, 885, 0, + 0, 0, 885, 885, 0, 885, 885, 885, 0, 0, + 885, 885, 886, 886, 0, 886, 0, 0, 0, 886, + + 887, 0, 887, 887, 0, 887, 0, 0, 0, 887, + 890, 890, 890, 0, 890, 0, 0, 0, 890, 891, + 891, 891, 891, 0, 891, 0, 0, 0, 891, 892, + 892, 0, 0, 892, 0, 0, 0, 892, 893, 893, + 893, 893, 893, 893, 893, 893, 893, 893, 893, 893, + 893, 893, 893, 893, 893, 893, 893, 893, 893, 895, + 0, 0, 895, 895, 0, 895, 896, 0, 0, 0, + 896, 896, 0, 896, 896, 896, 0, 0, 896, 896, + 899, 899, 0, 899, 0, 0, 0, 899, 900, 0, + 900, 900, 0, 900, 0, 0, 0, 900, 902, 902, + + 902, 0, 902, 0, 0, 0, 902, 903, 903, 903, + 0, 0, 903, 0, 0, 0, 903, 904, 904, 904, + 904, 904, 904, 904, 904, 904, 904, 904, 904, 904, + 904, 904, 904, 904, 904, 904, 904, 904, 905, 905, + 0, 905, 905, 905, 0, 905, 0, 905, 905, 905, + 905, 0, 0, 905, 905, 905, 905, 905, 905, 906, + 906, 0, 906, 906, 906, 0, 906, 0, 906, 906, + 906, 906, 0, 0, 906, 906, 906, 906, 906, 906, + 909, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 909, 909, 0, 909, 909, 0, 909, 911, 911, + + 0, 911, 0, 0, 0, 911, 912, 0, 912, 912, + 0, 912, 0, 0, 0, 912, 915, 915, 0, 0, + 915, 0, 0, 0, 915, 917, 0, 0, 0, 0, + 0, 0, 917, 0, 917, 917, 917, 917, 0, 0, + 917, 917, 917, 917, 917, 917, 920, 920, 0, 920, + 0, 0, 0, 920, 921, 0, 921, 921, 0, 921, + 0, 0, 0, 921, 925, 925, 0, 925, 0, 0, + 0, 925, 926, 0, 926, 0, 0, 926, 0, 0, + 0, 926, 927, 927, 927, 927, 927, 927, 927, 927, + 927, 927, 927, 927, 927, 927, 927, 927, 927, 927, + + 927, 927, 927, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 813, 813 } ; static yy_state_type yy_last_accepting_state; @@ -1394,7 +1928,7 @@ char *yytext; #define INITIAL 0 #line 2 "toke.l" /* - * Copyright (c) 1996, 1998-2005, 2007-2012 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -1420,7 +1954,6 @@ char *yytext; #include #include -#include #include #include #ifdef STDC_HEADERS @@ -1437,6 +1970,11 @@ char *yytext; #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ @@ -1466,9 +2004,10 @@ char *yytext; #include "toke.h" #include #include "lbuf.h" +#include "sha2.h" #include "secure_path.h" -extern YYSTYPE yylval; +extern YYSTYPE sudoerslval; extern bool parse_error; extern bool sudoers_warnings; int sudolineno; @@ -1483,6 +2022,7 @@ gid_t sudoers_gid = SUDOERS_GID; static bool continued, sawspace; static int prev_state; +static int digest_len; static bool _push_include(char *, bool); static bool pop_include(void); @@ -1495,7 +2035,7 @@ int (*trace_print)(const char *msg) = sudoers_trace_print; return (n); \ } while (0) -#define ECHO ignore_result(fwrite(yytext, yyleng, 1, yyout)) +#define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout)) #define push_include(_p) (_push_include((_p), false)) #define push_includedir(_p) (_push_include((_p), true)) @@ -1511,7 +2051,9 @@ int (*trace_print)(const char *msg) = sudoers_trace_print; #define INSTR 5 -#line 1514 "lex.yy.c" +#define WANTDIGEST 6 + +#line 2056 "lex.sudoers.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -1665,9 +2207,9 @@ YY_DECL register char *yy_cp, *yy_bp; register int yy_act; -#line 132 "toke.l" +#line 140 "toke.l" -#line 1670 "lex.yy.c" +#line 2212 "lex.sudoers.c" if ( yy_init ) { @@ -1719,13 +2261,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 622 ) + if ( yy_current_state >= 814 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 3595 ); + while ( yy_base[yy_current_state] != 5604 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -1753,7 +2295,7 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 133 "toke.l" +#line 141 "toke.l" { LEXTRACE(", "); LEXRETURN(','); @@ -1761,16 +2303,16 @@ YY_RULE_SETUP YY_BREAK case 2: YY_RULE_SETUP -#line 138 "toke.l" +#line 146 "toke.l" BEGIN STARTDEFS; YY_BREAK case 3: YY_RULE_SETUP -#line 140 "toke.l" +#line 148 "toke.l" { BEGIN INDEFS; LEXTRACE("DEFVAR "); - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(DEFVAR); } @@ -1778,7 +2320,7 @@ YY_RULE_SETUP case 4: YY_RULE_SETUP -#line 149 "toke.l" +#line 157 "toke.l" { BEGIN STARTDEFS; LEXTRACE(", "); @@ -1787,7 +2329,7 @@ YY_RULE_SETUP YY_BREAK case 5: YY_RULE_SETUP -#line 155 "toke.l" +#line 163 "toke.l" { LEXTRACE("= "); LEXRETURN('='); @@ -1795,7 +2337,7 @@ YY_RULE_SETUP YY_BREAK case 6: YY_RULE_SETUP -#line 160 "toke.l" +#line 168 "toke.l" { LEXTRACE("+= "); LEXRETURN('+'); @@ -1803,7 +2345,7 @@ YY_RULE_SETUP YY_BREAK case 7: YY_RULE_SETUP -#line 165 "toke.l" +#line 173 "toke.l" { LEXTRACE("-= "); LEXRETURN('-'); @@ -1811,20 +2353,20 @@ YY_RULE_SETUP YY_BREAK case 8: YY_RULE_SETUP -#line 170 "toke.l" +#line 178 "toke.l" { LEXTRACE("BEGINSTR "); - yylval.string = NULL; + sudoerslval.string = NULL; prev_state = YY_START; BEGIN INSTR; } YY_BREAK case 9: YY_RULE_SETUP -#line 177 "toke.l" +#line 185 "toke.l" { LEXTRACE("WORD(2) "); - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(WORD); } @@ -1833,7 +2375,7 @@ YY_RULE_SETUP case 10: YY_RULE_SETUP -#line 186 "toke.l" +#line 194 "toke.l" { /* Line continuation char followed by newline. */ sudolineno++; @@ -1842,28 +2384,28 @@ YY_RULE_SETUP YY_BREAK case 11: YY_RULE_SETUP -#line 192 "toke.l" +#line 200 "toke.l" { LEXTRACE("ENDSTR "); BEGIN prev_state; - if (yylval.string == NULL) { + if (sudoerslval.string == NULL) { LEXTRACE("ERROR "); /* empty string */ LEXRETURN(ERROR); } if (prev_state == INITIAL) { - switch (yylval.string[0]) { + switch (sudoerslval.string[0]) { case '%': - if (yylval.string[1] == '\0' || - (yylval.string[1] == ':' && - yylval.string[2] == '\0')) { + if (sudoerslval.string[1] == '\0' || + (sudoerslval.string[1] == ':' && + sudoerslval.string[2] == '\0')) { LEXTRACE("ERROR "); /* empty group */ LEXRETURN(ERROR); } LEXTRACE("USERGROUP "); LEXRETURN(USERGROUP); case '+': - if (yylval.string[1] == '\0') { + if (sudoerslval.string[1] == '\0') { LEXTRACE("ERROR "); /* empty netgroup */ LEXRETURN(ERROR); } @@ -1877,19 +2419,19 @@ YY_RULE_SETUP YY_BREAK case 12: YY_RULE_SETUP -#line 224 "toke.l" +#line 232 "toke.l" { LEXTRACE("BACKSLASH "); - if (!append(yytext, yyleng)) + if (!append(sudoerstext, sudoersleng)) yyterminate(); } YY_BREAK case 13: YY_RULE_SETUP -#line 230 "toke.l" +#line 238 "toke.l" { LEXTRACE("STRBODY "); - if (!append(yytext, yyleng)) + if (!append(sudoerstext, sudoersleng)) yyterminate(); } YY_BREAK @@ -1897,29 +2439,29 @@ YY_RULE_SETUP case 14: YY_RULE_SETUP -#line 238 "toke.l" +#line 246 "toke.l" { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); - if (!fill_args(yytext, 2, sawspace)) + if (!fill_args(sudoerstext, 2, sawspace)) yyterminate(); sawspace = false; } YY_BREAK case 15: YY_RULE_SETUP -#line 246 "toke.l" +#line 254 "toke.l" { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); - if (!fill_args(yytext + 1, 1, sawspace)) + if (!fill_args(sudoerstext + 1, 1, sawspace)) yyterminate(); sawspace = false; } YY_BREAK case 16: YY_RULE_SETUP -#line 254 "toke.l" +#line 262 "toke.l" { BEGIN INITIAL; yyless(0); @@ -1928,10 +2470,10 @@ YY_RULE_SETUP YY_BREAK case 17: YY_RULE_SETUP -#line 260 "toke.l" +#line 268 "toke.l" { LEXTRACE("ARG "); - if (!fill_args(yytext, yyleng, sawspace)) + if (!fill_args(sudoerstext, sudoersleng, sawspace)) yyterminate(); sawspace = false; } /* a command line arg */ @@ -1939,7 +2481,47 @@ YY_RULE_SETUP case 18: YY_RULE_SETUP -#line 268 "toke.l" +#line 276 "toke.l" +{ + /* Only return DIGEST if the length is correct. */ + if (sudoersleng == digest_len * 2) { + if (!fill(sudoerstext, sudoersleng)) + yyterminate(); + BEGIN INITIAL; + LEXTRACE("DIGEST "); + LEXRETURN(DIGEST); + } + BEGIN INITIAL; + yyless(sudoersleng); + } /* hex digest */ + YY_BREAK +case 19: +YY_RULE_SETUP +#line 289 "toke.l" +{ + /* Only return DIGEST if the length is correct. */ + size_t len; + if (sudoerstext[sudoersleng - 1] == '=') { + /* use padding */ + len = 4 * ((digest_len + 2) / 3); + } else { + /* no padding */ + len = (4 * digest_len + 2) / 3; + } + if (sudoersleng == len) { + if (!fill(sudoerstext, sudoersleng)) + yyterminate(); + BEGIN INITIAL; + LEXTRACE("DIGEST "); + LEXRETURN(DIGEST); + } + BEGIN INITIAL; + yyless(sudoersleng); + } /* base64 digest */ + YY_BREAK +case 20: +YY_RULE_SETUP +#line 310 "toke.l" { char *path; @@ -1948,7 +2530,7 @@ YY_RULE_SETUP LEXRETURN(ERROR); } - if ((path = parse_include(yytext)) == NULL) + if ((path = parse_include(sudoerstext)) == NULL) yyterminate(); LEXTRACE("INCLUDE\n"); @@ -1958,9 +2540,9 @@ YY_RULE_SETUP yyterminate(); } YY_BREAK -case 19: +case 21: YY_RULE_SETUP -#line 286 "toke.l" +#line 328 "toke.l" { char *path; @@ -1969,7 +2551,7 @@ YY_RULE_SETUP LEXRETURN(ERROR); } - if ((path = parse_include(yytext)) == NULL) + if ((path = parse_include(sudoerstext)) == NULL) yyterminate(); LEXTRACE("INCLUDEDIR\n"); @@ -1982,9 +2564,9 @@ YY_RULE_SETUP yyterminate(); } YY_BREAK -case 20: +case 22: YY_RULE_SETUP -#line 307 "toke.l" +#line 349 "toke.l" { char deftype; int n; @@ -1994,11 +2576,11 @@ YY_RULE_SETUP LEXRETURN(ERROR); } - for (n = 0; isblank((unsigned char)yytext[n]); n++) + for (n = 0; isblank((unsigned char)sudoerstext[n]); n++) continue; n += sizeof("Defaults") - 1; - if ((deftype = yytext[n++]) != '\0') { - while (isblank((unsigned char)yytext[n])) + if ((deftype = sudoerstext[n++]) != '\0') { + while (isblank((unsigned char)sudoerstext[n])) n++; } BEGIN GOTDEFS; @@ -2025,9 +2607,9 @@ YY_RULE_SETUP } } YY_BREAK -case 21: +case 23: YY_RULE_SETUP -#line 347 "toke.l" +#line 389 "toke.l" { int n; @@ -2036,9 +2618,9 @@ YY_RULE_SETUP LEXRETURN(ERROR); } - for (n = 0; isblank((unsigned char)yytext[n]); n++) + for (n = 0; isblank((unsigned char)sudoerstext[n]); n++) continue; - switch (yytext[n]) { + switch (sudoerstext[n]) { case 'H': LEXTRACE("HOSTALIAS "); LEXRETURN(HOSTALIAS); @@ -2054,179 +2636,179 @@ YY_RULE_SETUP } } YY_BREAK -case 22: +case 24: YY_RULE_SETUP -#line 373 "toke.l" +#line 415 "toke.l" { /* cmnd does not require passwd for this user */ LEXTRACE("NOPASSWD "); LEXRETURN(NOPASSWD); } YY_BREAK -case 23: +case 25: YY_RULE_SETUP -#line 379 "toke.l" +#line 421 "toke.l" { /* cmnd requires passwd for this user */ LEXTRACE("PASSWD "); LEXRETURN(PASSWD); } YY_BREAK -case 24: +case 26: YY_RULE_SETUP -#line 385 "toke.l" +#line 427 "toke.l" { LEXTRACE("NOEXEC "); LEXRETURN(NOEXEC); } YY_BREAK -case 25: +case 27: YY_RULE_SETUP -#line 390 "toke.l" +#line 432 "toke.l" { LEXTRACE("EXEC "); LEXRETURN(EXEC); } YY_BREAK -case 26: +case 28: YY_RULE_SETUP -#line 395 "toke.l" +#line 437 "toke.l" { LEXTRACE("SETENV "); LEXRETURN(SETENV); } YY_BREAK -case 27: +case 29: YY_RULE_SETUP -#line 400 "toke.l" +#line 442 "toke.l" { LEXTRACE("NOSETENV "); LEXRETURN(NOSETENV); } YY_BREAK -case 28: +case 30: YY_RULE_SETUP -#line 405 "toke.l" +#line 447 "toke.l" { LEXTRACE("LOG_OUTPUT "); LEXRETURN(LOG_OUTPUT); } YY_BREAK -case 29: +case 31: YY_RULE_SETUP -#line 410 "toke.l" +#line 452 "toke.l" { LEXTRACE("NOLOG_OUTPUT "); LEXRETURN(NOLOG_OUTPUT); } YY_BREAK -case 30: +case 32: YY_RULE_SETUP -#line 415 "toke.l" +#line 457 "toke.l" { LEXTRACE("LOG_INPUT "); LEXRETURN(LOG_INPUT); } YY_BREAK -case 31: +case 33: YY_RULE_SETUP -#line 420 "toke.l" +#line 462 "toke.l" { LEXTRACE("NOLOG_INPUT "); LEXRETURN(NOLOG_INPUT); } YY_BREAK -case 32: +case 34: YY_RULE_SETUP -#line 425 "toke.l" +#line 467 "toke.l" { /* empty group or netgroup */ LEXTRACE("ERROR "); LEXRETURN(ERROR); } YY_BREAK -case 33: +case 35: YY_RULE_SETUP -#line 431 "toke.l" +#line 473 "toke.l" { /* netgroup */ - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NETGROUP "); LEXRETURN(NETGROUP); } YY_BREAK -case 34: +case 36: YY_RULE_SETUP -#line 439 "toke.l" +#line 481 "toke.l" { /* group */ - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("USERGROUP "); LEXRETURN(USERGROUP); } YY_BREAK -case 35: +case 37: YY_RULE_SETUP -#line 447 "toke.l" +#line 489 "toke.l" { - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } YY_BREAK -case 36: +case 38: YY_RULE_SETUP -#line 454 "toke.l" +#line 496 "toke.l" { - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } YY_BREAK -case 37: +case 39: YY_RULE_SETUP -#line 461 "toke.l" +#line 503 "toke.l" { - if (!ipv6_valid(yytext)) { + if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } YY_BREAK -case 38: +case 40: YY_RULE_SETUP -#line 472 "toke.l" +#line 514 "toke.l" { - if (!ipv6_valid(yytext)) { + if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } YY_BREAK -case 39: +case 41: YY_RULE_SETUP -#line 483 "toke.l" +#line 525 "toke.l" { LEXTRACE("ALL "); LEXRETURN(ALL); } YY_BREAK -case 40: +case 42: YY_RULE_SETUP -#line 489 "toke.l" +#line 531 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("ROLE "); @@ -2236,9 +2818,9 @@ YY_RULE_SETUP #endif } YY_BREAK -case 41: +case 43: YY_RULE_SETUP -#line 498 "toke.l" +#line 540 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("TYPE "); @@ -2248,9 +2830,9 @@ YY_RULE_SETUP #endif } YY_BREAK -case 42: +case 44: YY_RULE_SETUP -#line 506 "toke.l" +#line 548 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("PRIVS "); @@ -2260,9 +2842,9 @@ YY_RULE_SETUP #endif } YY_BREAK -case 43: +case 45: YY_RULE_SETUP -#line 515 "toke.l" +#line 557 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("LIMITPRIVS "); @@ -2272,130 +2854,171 @@ YY_RULE_SETUP #endif } YY_BREAK -case 44: +case 46: YY_RULE_SETUP -#line 524 "toke.l" +#line 566 "toke.l" { got_alias: - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("ALIAS "); LEXRETURN(ALIAS); } YY_BREAK -case 45: +case 47: YY_RULE_SETUP -#line 532 "toke.l" +#line 574 "toke.l" { + /* XXX - no way to specify digest for command */ /* no command args allowed for Defaults!/path */ - if (!fill_cmnd(yytext, yyleng)) + if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("COMMAND "); LEXRETURN(COMMAND); } YY_BREAK -case 46: +case 48: YY_RULE_SETUP -#line 540 "toke.l" +#line 583 "toke.l" +{ + digest_len = SHA224_DIGEST_LENGTH; + BEGIN WANTDIGEST; + LEXTRACE("SHA224 "); + LEXRETURN(SHA224); + } + YY_BREAK +case 49: +YY_RULE_SETUP +#line 590 "toke.l" +{ + digest_len = SHA256_DIGEST_LENGTH; + BEGIN WANTDIGEST; + LEXTRACE("SHA256 "); + LEXRETURN(SHA256); + } + YY_BREAK +case 50: +YY_RULE_SETUP +#line 597 "toke.l" +{ + digest_len = SHA384_DIGEST_LENGTH; + BEGIN WANTDIGEST; + LEXTRACE("SHA384 "); + LEXRETURN(SHA384); + } + YY_BREAK +case 51: +YY_RULE_SETUP +#line 604 "toke.l" +{ + digest_len = SHA512_DIGEST_LENGTH; + BEGIN WANTDIGEST; + LEXTRACE("SHA512 "); + LEXRETURN(SHA512); + } + YY_BREAK +case 52: +YY_RULE_SETUP +#line 611 "toke.l" { BEGIN GOTCMND; LEXTRACE("COMMAND "); - if (!fill_cmnd(yytext, yyleng)) + if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); } /* sudo -e */ YY_BREAK -case 47: +case 53: YY_RULE_SETUP -#line 547 "toke.l" +#line 618 "toke.l" { /* directories can't have args... */ - if (yytext[yyleng - 1] == '/') { + if (sudoerstext[sudoersleng - 1] == '/') { LEXTRACE("COMMAND "); - if (!fill_cmnd(yytext, yyleng)) + if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(COMMAND); } else { BEGIN GOTCMND; LEXTRACE("COMMAND "); - if (!fill_cmnd(yytext, yyleng)) + if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); } } /* a pathname */ YY_BREAK -case 48: +case 54: YY_RULE_SETUP -#line 562 "toke.l" +#line 633 "toke.l" { LEXTRACE("BEGINSTR "); - yylval.string = NULL; + sudoerslval.string = NULL; prev_state = YY_START; BEGIN INSTR; } YY_BREAK -case 49: +case 55: YY_RULE_SETUP -#line 569 "toke.l" +#line 640 "toke.l" { /* a word */ - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("WORD(5) "); LEXRETURN(WORD); } YY_BREAK -case 50: +case 56: YY_RULE_SETUP -#line 577 "toke.l" +#line 648 "toke.l" { LEXTRACE("( "); LEXRETURN('('); } YY_BREAK -case 51: +case 57: YY_RULE_SETUP -#line 582 "toke.l" +#line 653 "toke.l" { LEXTRACE(") "); LEXRETURN(')'); } YY_BREAK -case 52: +case 58: YY_RULE_SETUP -#line 587 "toke.l" +#line 658 "toke.l" { LEXTRACE(", "); LEXRETURN(','); } /* return ',' */ YY_BREAK -case 53: +case 59: YY_RULE_SETUP -#line 592 "toke.l" +#line 663 "toke.l" { LEXTRACE("= "); LEXRETURN('='); } /* return '=' */ YY_BREAK -case 54: +case 60: YY_RULE_SETUP -#line 597 "toke.l" +#line 668 "toke.l" { LEXTRACE(": "); LEXRETURN(':'); } /* return ':' */ YY_BREAK -case 55: +case 61: YY_RULE_SETUP -#line 602 "toke.l" +#line 673 "toke.l" { - if (yyleng & 1) { + if (sudoersleng & 1) { LEXTRACE("!"); LEXRETURN('!'); /* return '!' */ } } YY_BREAK -case 56: +case 62: YY_RULE_SETUP -#line 609 "toke.l" +#line 680 "toke.l" { if (YY_START == INSTR) { LEXTRACE("ERROR "); @@ -2408,25 +3031,25 @@ YY_RULE_SETUP LEXRETURN(COMMENT); } /* return newline */ YY_BREAK -case 57: +case 63: YY_RULE_SETUP -#line 621 "toke.l" +#line 692 "toke.l" { /* throw away space/tabs */ sawspace = true; /* but remember for fill_args */ } YY_BREAK -case 58: +case 64: YY_RULE_SETUP -#line 625 "toke.l" +#line 696 "toke.l" { sawspace = true; /* remember for fill_args */ sudolineno++; continued = true; } /* throw away EOL after \ */ YY_BREAK -case 59: +case 65: YY_RULE_SETUP -#line 631 "toke.l" +#line 702 "toke.l" { BEGIN INITIAL; sudolineno++; @@ -2435,9 +3058,9 @@ YY_RULE_SETUP LEXRETURN(COMMENT); } /* comment, not uid/gid */ YY_BREAK -case 60: +case 66: YY_RULE_SETUP -#line 639 "toke.l" +#line 710 "toke.l" { LEXTRACE("ERROR "); LEXRETURN(ERROR); @@ -2449,7 +3072,8 @@ case YY_STATE_EOF(GOTCMND): case YY_STATE_EOF(STARTDEFS): case YY_STATE_EOF(INDEFS): case YY_STATE_EOF(INSTR): -#line 644 "toke.l" +case YY_STATE_EOF(WANTDIGEST): +#line 715 "toke.l" { if (YY_START != INITIAL) { BEGIN INITIAL; @@ -2460,12 +3084,12 @@ case YY_STATE_EOF(INSTR): yyterminate(); } YY_BREAK -case 61: +case 67: YY_RULE_SETUP -#line 654 "toke.l" +#line 725 "toke.l" ECHO; YY_BREAK -#line 2468 "lex.yy.c" +#line 3092 "lex.sudoers.c" case YY_END_OF_BUFFER: { @@ -2756,7 +3380,7 @@ static yy_state_type yy_get_previous_state() while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 622 ) + if ( yy_current_state >= 814 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; @@ -2791,11 +3415,11 @@ yy_state_type yy_current_state; while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 622 ) + if ( yy_current_state >= 814 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 621); + yy_is_jam = (yy_current_state == 813); return yy_is_jam ? 0 : yy_current_state; } @@ -3356,7 +3980,7 @@ int main() return 0; } #endif -#line 654 "toke.l" +#line 725 "toke.l" struct path_list { char *path; @@ -3394,13 +4018,8 @@ switch_dir(struct include_stack *stack, char *dirpath) if (!(dir = opendir(dirpath))) { if (errno != ENOENT) { - char *errbuf; - if (asprintf(&errbuf, _("%s: %s"), dirpath, strerror(errno)) != -1) { - yyerror(errbuf); - free(errbuf); - } else { - yyerror(_("unable to allocate memory")); - } + warning("%s", dirpath); + sudoerserror(NULL); } goto done; } @@ -3425,6 +4044,7 @@ switch_dir(struct include_stack *stack, char *dirpath) pl->path = path; pl->next = first; first = pl; + path = NULL; count++; } closedir(dir); @@ -3466,8 +4086,8 @@ bad: while (first != NULL) { pl = first; first = pl->next; - free(pl->path); - free(pl); + efree(pl->path); + efree(pl); } efree(sorted); efree(dirpath); @@ -3498,7 +4118,7 @@ init_lexer(void) efree(istack[idepth].path); if (idepth && !istack[idepth].keepopen) fclose(istack[idepth].bs->yy_input_file); - yy_delete_buffer(istack[idepth].bs); + sudoers_delete_buffer(istack[idepth].bs); } efree(istack); istack = NULL; @@ -3522,14 +4142,15 @@ _push_include(char *path, bool isdir) /* push current state onto stack */ if (idepth >= istacksize) { if (idepth > MAX_SUDOERS_DEPTH) { - yyerror(_("too many levels of includes")); + sudoerserror(N_("too many levels of includes")); debug_return_bool(false); } istacksize += SUDOERS_STACK_INCREMENT; istack = (struct include_stack *) realloc(istack, sizeof(*istack) * istacksize); if (istack == NULL) { - yyerror(_("unable to allocate memory")); + warning(NULL); + sudoerserror(NULL); debug_return_bool(false); } } @@ -3570,7 +4191,7 @@ _push_include(char *path, bool isdir) debug_return_bool(false); } if (!(path = switch_dir(&istack[idepth], path))) { - /* switch_dir() called yyerror() for us */ + /* switch_dir() called sudoerserror() for us */ debug_return_bool(false); } while ((fp = open_sudoers(path, false, &keepopen)) == NULL) { @@ -3585,7 +4206,7 @@ _push_include(char *path, bool isdir) } else { if ((fp = open_sudoers(path, true, &keepopen)) == NULL) { /* The error was already printed by open_sudoers() */ - yyerror(NULL); + sudoerserror(NULL); debug_return_bool(false); } istack[idepth].more = NULL; @@ -3598,7 +4219,7 @@ _push_include(char *path, bool isdir) idepth++; sudolineno = 1; sudoers = path; - yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE)); + sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); debug_return_bool(true); } @@ -3615,7 +4236,7 @@ pop_include(void) if (!keepopen) fclose(YY_CURRENT_BUFFER->yy_input_file); - yy_delete_buffer(YY_CURRENT_BUFFER); + sudoers_delete_buffer(YY_CURRENT_BUFFER); /* If we are in an include dir, move to the next file. */ while ((pl = istack[idepth - 1].more) != NULL) { fp = open_sudoers(pl->path, false, &keepopen); @@ -3624,7 +4245,7 @@ pop_include(void) efree(sudoers); sudoers = pl->path; sudolineno = 1; - yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE)); + sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); efree(pl); break; } @@ -3636,7 +4257,7 @@ pop_include(void) /* If no path list, just pop the last dir on the stack. */ if (pl == NULL) { idepth--; - yy_switch_to_buffer(istack[idepth].bs); + sudoers_switch_to_buffer(istack[idepth].bs); efree(sudoers); sudoers = istack[idepth].path; sudolineno = istack[idepth].lineno; @@ -3680,7 +4301,8 @@ parse_include(char *base) len += (int)(ep - cp); path = pp = malloc(len + dirlen + 1); if (path == NULL) { - yyerror(_("unable to allocate memory")); + warning(NULL); + sudoerserror(NULL); debug_return_str(NULL); } if (dirlen) { diff --git a/plugins/sudoers/toke.h b/plugins/sudoers/toke.h index c0ab53f..002f8fb 100644 --- a/plugins/sudoers/toke.h +++ b/plugins/sudoers/toke.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,8 +14,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _SUDO_TOKE_H -#define _SUDO_TOKE_H +#ifndef _SUDOERS_TOKE_H +#define _SUDOERS_TOKE_H bool append(const char *, int); bool fill_args(const char *, int, int); @@ -23,7 +23,7 @@ bool fill_cmnd(const char *, int); bool fill_txt(const char *, int, int); bool ipv6_valid(const char *s); int sudoers_trace_print(const char *msg); -void yyerror(const char *); +void sudoerserror(const char *); #ifndef FLEX_SCANNER extern int (*trace_print)(const char *msg); @@ -39,4 +39,4 @@ extern int (*trace_print)(const char *msg); (*trace_print)(msg); \ } while (0); -#endif /* _SUDO_TOKE_H */ +#endif /* _SUDOERS_TOKE_H */ diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index 9d51364..d693a69 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -1,6 +1,6 @@ %{ /* - * Copyright (c) 1996, 1998-2005, 2007-2012 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -26,7 +26,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -43,6 +42,11 @@ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ @@ -72,9 +76,10 @@ #include "toke.h" #include #include "lbuf.h" +#include "sha2.h" #include "secure_path.h" -extern YYSTYPE yylval; +extern YYSTYPE sudoerslval; extern bool parse_error; extern bool sudoers_warnings; int sudolineno; @@ -89,6 +94,7 @@ gid_t sudoers_gid = SUDOERS_GID; static bool continued, sawspace; static int prev_state; +static int digest_len; static bool _push_include(char *, bool); static bool pop_include(void); @@ -101,7 +107,7 @@ int (*trace_print)(const char *msg) = sudoers_trace_print; return (n); \ } while (0) -#define ECHO ignore_result(fwrite(yytext, yyleng, 1, yyout)) +#define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout)) #define push_include(_p) (_push_include((_p), false)) #define push_includedir(_p) (_push_include((_p), true)) @@ -122,12 +128,14 @@ DEFVAR [a-z_]+ %option noinput %option nounput %option noyywrap +%option prefix="sudoers" %s GOTDEFS %x GOTCMND %x STARTDEFS %x INDEFS %x INSTR +%s WANTDIGEST %% [[:blank:]]*,[[:blank:]]* { @@ -140,7 +148,7 @@ DEFVAR [a-z_]+ {DEFVAR} { BEGIN INDEFS; LEXTRACE("DEFVAR "); - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(DEFVAR); } @@ -169,14 +177,14 @@ DEFVAR [a-z_]+ \" { LEXTRACE("BEGINSTR "); - yylval.string = NULL; + sudoerslval.string = NULL; prev_state = YY_START; BEGIN INSTR; } {ENVAR} { LEXTRACE("WORD(2) "); - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(WORD); } @@ -193,23 +201,23 @@ DEFVAR [a-z_]+ LEXTRACE("ENDSTR "); BEGIN prev_state; - if (yylval.string == NULL) { + if (sudoerslval.string == NULL) { LEXTRACE("ERROR "); /* empty string */ LEXRETURN(ERROR); } if (prev_state == INITIAL) { - switch (yylval.string[0]) { + switch (sudoerslval.string[0]) { case '%': - if (yylval.string[1] == '\0' || - (yylval.string[1] == ':' && - yylval.string[2] == '\0')) { + if (sudoerslval.string[1] == '\0' || + (sudoerslval.string[1] == ':' && + sudoerslval.string[2] == '\0')) { LEXTRACE("ERROR "); /* empty group */ LEXRETURN(ERROR); } LEXTRACE("USERGROUP "); LEXRETURN(USERGROUP); case '+': - if (yylval.string[1] == '\0') { + if (sudoerslval.string[1] == '\0') { LEXTRACE("ERROR "); /* empty netgroup */ LEXRETURN(ERROR); } @@ -223,13 +231,13 @@ DEFVAR [a-z_]+ \\ { LEXTRACE("BACKSLASH "); - if (!append(yytext, yyleng)) + if (!append(sudoerstext, sudoersleng)) yyterminate(); } ([^\"\n\\]|\\\")+ { LEXTRACE("STRBODY "); - if (!append(yytext, yyleng)) + if (!append(sudoerstext, sudoersleng)) yyterminate(); } } @@ -238,7 +246,7 @@ DEFVAR [a-z_]+ \\[\*\?\[\]\!] { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); - if (!fill_args(yytext, 2, sawspace)) + if (!fill_args(sudoerstext, 2, sawspace)) yyterminate(); sawspace = false; } @@ -246,7 +254,7 @@ DEFVAR [a-z_]+ \\[:\\,= \t#] { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); - if (!fill_args(yytext + 1, 1, sawspace)) + if (!fill_args(sudoerstext + 1, 1, sawspace)) yyterminate(); sawspace = false; } @@ -259,12 +267,46 @@ DEFVAR [a-z_]+ [^#\\:, \t\n]+ { LEXTRACE("ARG "); - if (!fill_args(yytext, yyleng, sawspace)) + if (!fill_args(sudoerstext, sudoersleng, sawspace)) yyterminate(); sawspace = false; } /* a command line arg */ } +[[:xdigit:]]+ { + /* Only return DIGEST if the length is correct. */ + if (sudoersleng == digest_len * 2) { + if (!fill(sudoerstext, sudoersleng)) + yyterminate(); + BEGIN INITIAL; + LEXTRACE("DIGEST "); + LEXRETURN(DIGEST); + } + BEGIN INITIAL; + yyless(sudoersleng); + } /* hex digest */ + +[A-Za-z0-9\+/=]+ { + /* Only return DIGEST if the length is correct. */ + size_t len; + if (sudoerstext[sudoersleng - 1] == '=') { + /* use padding */ + len = 4 * ((digest_len + 2) / 3); + } else { + /* no padding */ + len = (4 * digest_len + 2) / 3; + } + if (sudoersleng == len) { + if (!fill(sudoerstext, sudoersleng)) + yyterminate(); + BEGIN INITIAL; + LEXTRACE("DIGEST "); + LEXRETURN(DIGEST); + } + BEGIN INITIAL; + yyless(sudoersleng); + } /* base64 digest */ + ^#include[[:blank:]]+.*\n { char *path; @@ -273,7 +315,7 @@ DEFVAR [a-z_]+ LEXRETURN(ERROR); } - if ((path = parse_include(yytext)) == NULL) + if ((path = parse_include(sudoerstext)) == NULL) yyterminate(); LEXTRACE("INCLUDE\n"); @@ -291,7 +333,7 @@ DEFVAR [a-z_]+ LEXRETURN(ERROR); } - if ((path = parse_include(yytext)) == NULL) + if ((path = parse_include(sudoerstext)) == NULL) yyterminate(); LEXTRACE("INCLUDEDIR\n"); @@ -313,11 +355,11 @@ DEFVAR [a-z_]+ LEXRETURN(ERROR); } - for (n = 0; isblank((unsigned char)yytext[n]); n++) + for (n = 0; isblank((unsigned char)sudoerstext[n]); n++) continue; n += sizeof("Defaults") - 1; - if ((deftype = yytext[n++]) != '\0') { - while (isblank((unsigned char)yytext[n])) + if ((deftype = sudoerstext[n++]) != '\0') { + while (isblank((unsigned char)sudoerstext[n])) n++; } BEGIN GOTDEFS; @@ -352,9 +394,9 @@ DEFVAR [a-z_]+ LEXRETURN(ERROR); } - for (n = 0; isblank((unsigned char)yytext[n]); n++) + for (n = 0; isblank((unsigned char)sudoerstext[n]); n++) continue; - switch (yytext[n]) { + switch (sudoerstext[n]) { case 'H': LEXTRACE("HOSTALIAS "); LEXRETURN(HOSTALIAS); @@ -430,7 +472,7 @@ NOLOG_INPUT[[:blank:]]*: { \+{WORD} { /* netgroup */ - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NETGROUP "); LEXRETURN(NETGROUP); @@ -438,43 +480,43 @@ NOLOG_INPUT[[:blank:]]*: { \%:?({WORD}|{ID}) { /* group */ - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("USERGROUP "); LEXRETURN(USERGROUP); } {IPV4ADDR}(\/{IPV4ADDR})? { - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } {IPV4ADDR}\/([12]?[0-9]|3[0-2]) { - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } {IPV6ADDR}(\/{IPV6ADDR})? { - if (!ipv6_valid(yytext)) { + if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); } {IPV6ADDR}\/([0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]) { - if (!ipv6_valid(yytext)) { + if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("NTWKADDR "); LEXRETURN(NTWKADDR); @@ -523,52 +565,81 @@ ALL { [[:upper:]][[:upper:][:digit:]_]* { got_alias: - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("ALIAS "); LEXRETURN(ALIAS); } ({PATH}|sudoedit) { + /* XXX - no way to specify digest for command */ /* no command args allowed for Defaults!/path */ - if (!fill_cmnd(yytext, yyleng)) + if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("COMMAND "); LEXRETURN(COMMAND); } +sha224 { + digest_len = SHA224_DIGEST_LENGTH; + BEGIN WANTDIGEST; + LEXTRACE("SHA224 "); + LEXRETURN(SHA224); + } + +sha256 { + digest_len = SHA256_DIGEST_LENGTH; + BEGIN WANTDIGEST; + LEXTRACE("SHA256 "); + LEXRETURN(SHA256); + } + +sha384 { + digest_len = SHA384_DIGEST_LENGTH; + BEGIN WANTDIGEST; + LEXTRACE("SHA384 "); + LEXRETURN(SHA384); + } + +sha512 { + digest_len = SHA512_DIGEST_LENGTH; + BEGIN WANTDIGEST; + LEXTRACE("SHA512 "); + LEXRETURN(SHA512); + } + sudoedit { BEGIN GOTCMND; LEXTRACE("COMMAND "); - if (!fill_cmnd(yytext, yyleng)) + if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); } /* sudo -e */ {PATH} { /* directories can't have args... */ - if (yytext[yyleng - 1] == '/') { + if (sudoerstext[sudoersleng - 1] == '/') { LEXTRACE("COMMAND "); - if (!fill_cmnd(yytext, yyleng)) + if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); LEXRETURN(COMMAND); } else { BEGIN GOTCMND; LEXTRACE("COMMAND "); - if (!fill_cmnd(yytext, yyleng)) + if (!fill_cmnd(sudoerstext, sudoersleng)) yyterminate(); } } /* a pathname */ \" { LEXTRACE("BEGINSTR "); - yylval.string = NULL; + sudoerslval.string = NULL; prev_state = YY_START; BEGIN INSTR; } ({ID}|{WORD}) { /* a word */ - if (!fill(yytext, yyleng)) + if (!fill(sudoerstext, sudoersleng)) yyterminate(); LEXTRACE("WORD(5) "); LEXRETURN(WORD); @@ -600,7 +671,7 @@ sudoedit { } /* return ':' */ <*>!+ { - if (yyleng & 1) { + if (sudoersleng & 1) { LEXTRACE("!"); LEXRETURN('!'); /* return '!' */ } @@ -688,13 +759,8 @@ switch_dir(struct include_stack *stack, char *dirpath) if (!(dir = opendir(dirpath))) { if (errno != ENOENT) { - char *errbuf; - if (asprintf(&errbuf, _("%s: %s"), dirpath, strerror(errno)) != -1) { - yyerror(errbuf); - free(errbuf); - } else { - yyerror(_("unable to allocate memory")); - } + warning("%s", dirpath); + sudoerserror(NULL); } goto done; } @@ -719,6 +785,7 @@ switch_dir(struct include_stack *stack, char *dirpath) pl->path = path; pl->next = first; first = pl; + path = NULL; count++; } closedir(dir); @@ -760,8 +827,8 @@ bad: while (first != NULL) { pl = first; first = pl->next; - free(pl->path); - free(pl); + efree(pl->path); + efree(pl); } efree(sorted); efree(dirpath); @@ -792,7 +859,7 @@ init_lexer(void) efree(istack[idepth].path); if (idepth && !istack[idepth].keepopen) fclose(istack[idepth].bs->yy_input_file); - yy_delete_buffer(istack[idepth].bs); + sudoers_delete_buffer(istack[idepth].bs); } efree(istack); istack = NULL; @@ -816,14 +883,15 @@ _push_include(char *path, bool isdir) /* push current state onto stack */ if (idepth >= istacksize) { if (idepth > MAX_SUDOERS_DEPTH) { - yyerror(_("too many levels of includes")); + sudoerserror(N_("too many levels of includes")); debug_return_bool(false); } istacksize += SUDOERS_STACK_INCREMENT; istack = (struct include_stack *) realloc(istack, sizeof(*istack) * istacksize); if (istack == NULL) { - yyerror(_("unable to allocate memory")); + warning(NULL); + sudoerserror(NULL); debug_return_bool(false); } } @@ -864,7 +932,7 @@ _push_include(char *path, bool isdir) debug_return_bool(false); } if (!(path = switch_dir(&istack[idepth], path))) { - /* switch_dir() called yyerror() for us */ + /* switch_dir() called sudoerserror() for us */ debug_return_bool(false); } while ((fp = open_sudoers(path, false, &keepopen)) == NULL) { @@ -879,7 +947,7 @@ _push_include(char *path, bool isdir) } else { if ((fp = open_sudoers(path, true, &keepopen)) == NULL) { /* The error was already printed by open_sudoers() */ - yyerror(NULL); + sudoerserror(NULL); debug_return_bool(false); } istack[idepth].more = NULL; @@ -892,7 +960,7 @@ _push_include(char *path, bool isdir) idepth++; sudolineno = 1; sudoers = path; - yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE)); + sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); debug_return_bool(true); } @@ -909,7 +977,7 @@ pop_include(void) if (!keepopen) fclose(YY_CURRENT_BUFFER->yy_input_file); - yy_delete_buffer(YY_CURRENT_BUFFER); + sudoers_delete_buffer(YY_CURRENT_BUFFER); /* If we are in an include dir, move to the next file. */ while ((pl = istack[idepth - 1].more) != NULL) { fp = open_sudoers(pl->path, false, &keepopen); @@ -918,7 +986,7 @@ pop_include(void) efree(sudoers); sudoers = pl->path; sudolineno = 1; - yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE)); + sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); efree(pl); break; } @@ -930,7 +998,7 @@ pop_include(void) /* If no path list, just pop the last dir on the stack. */ if (pl == NULL) { idepth--; - yy_switch_to_buffer(istack[idepth].bs); + sudoers_switch_to_buffer(istack[idepth].bs); efree(sudoers); sudoers = istack[idepth].path; sudolineno = istack[idepth].lineno; @@ -974,7 +1042,8 @@ parse_include(char *base) len += (int)(ep - cp); path = pp = malloc(len + dirlen + 1); if (path == NULL) { - yyerror(_("unable to allocate memory")); + warning(NULL); + sudoerserror(NULL); debug_return_str(NULL); } if (dirlen) { diff --git a/plugins/sudoers/toke_util.c b/plugins/sudoers/toke_util.c index 3302794..505dc8e 100644 --- a/plugins/sudoers/toke_util.c +++ b/plugins/sudoers/toke_util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2011 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -25,7 +25,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -48,6 +47,7 @@ # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include +#include #include "sudoers.h" #include "parse.h" @@ -57,63 +57,19 @@ static int arg_len = 0; static int arg_size = 0; -static int -hexchar(const char *s) -{ - int i, result = 0; - debug_decl(hexchar, SUDO_DEBUG_PARSER) - - s += 2; /* skip \\x */ - for (i = 0; i < 2; i++) { - switch (*s) { - case 'A': - case 'a': - result += 10; - break; - case 'B': - case 'b': - result += 11; - break; - case 'C': - case 'c': - result += 12; - break; - case 'D': - case 'd': - result += 13; - break; - case 'E': - case 'e': - result += 14; - break; - case 'F': - case 'f': - result += 15; - break; - default: - result += *s - '0'; - break; - } - if (i == 0) { - result *= 16; - s++; - } - } - debug_return_int(result); -} - bool fill_txt(const char *src, int len, int olen) { char *dst; debug_decl(fill_txt, SUDO_DEBUG_PARSER) - dst = olen ? realloc(yylval.string, olen + len + 1) : malloc(len + 1); + dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1); if (dst == NULL) { - yyerror(_("unable to allocate memory")); + warning(NULL); + sudoerserror(NULL); debug_return_bool(false); } - yylval.string = dst; + sudoerslval.string = dst; /* Copy the string and collapse any escaped characters. */ dst += olen; @@ -122,7 +78,7 @@ fill_txt(const char *src, int len, int olen) if (src[1] == 'x' && len >= 3 && isxdigit((unsigned char) src[2]) && isxdigit((unsigned char) src[3])) { - *dst++ = hexchar(src); + *dst++ = hexchar(src + 2); src += 4; len -= 3; } else { @@ -144,8 +100,8 @@ append(const char *src, int len) int olen = 0; debug_decl(append, SUDO_DEBUG_PARSER) - if (yylval.string != NULL) - olen = strlen(yylval.string); + if (sudoerslval.string != NULL) + olen = strlen(sudoerslval.string); debug_return_bool(fill_txt(src, len, olen)); } @@ -162,9 +118,10 @@ fill_cmnd(const char *src, int len) arg_len = arg_size = 0; - dst = yylval.command.cmnd = (char *) malloc(len + 1); - if (yylval.command.cmnd == NULL) { - yyerror(_("unable to allocate memory")); + dst = sudoerslval.command.cmnd = (char *) malloc(len + 1); + if (sudoerslval.command.cmnd == NULL) { + warning(NULL); + sudoerserror(NULL); debug_return_bool(false); } @@ -177,7 +134,7 @@ fill_cmnd(const char *src, int len) } *dst = '\0'; - yylval.command.args = NULL; + sudoerslval.command.args = NULL; debug_return_bool(true); } @@ -188,7 +145,7 @@ fill_args(const char *s, int len, int addspace) char *p; debug_decl(fill_args, SUDO_DEBUG_PARSER) - if (yylval.command.args == NULL) { + if (sudoerslval.command.args == NULL) { addspace = 0; new_len = len; } else @@ -199,23 +156,25 @@ fill_args(const char *s, int len, int addspace) while (new_len >= (arg_size += COMMANDARGINC)) ; - p = yylval.command.args ? - (char *) realloc(yylval.command.args, arg_size) : + p = sudoerslval.command.args ? + (char *) realloc(sudoerslval.command.args, arg_size) : (char *) malloc(arg_size); if (p == NULL) { - efree(yylval.command.args); - yyerror(_("unable to allocate memory")); + efree(sudoerslval.command.args); + warning(NULL); + sudoerserror(NULL); debug_return_bool(false); } else - yylval.command.args = p; + sudoerslval.command.args = p; } /* Efficiently append the arg (with a leading space if needed). */ - p = yylval.command.args + arg_len; + p = sudoerslval.command.args + arg_len; if (addspace) *p++ = ' '; - if (strlcpy(p, s, arg_size - (p - yylval.command.args)) != len) { - yyerror(_("fill_args: buffer overflow")); /* paranoia */ + if (strlcpy(p, s, arg_size - (p - sudoerslval.command.args)) != len) { + warningx(_("fill_args: buffer overflow")); /* paranoia */ + sudoerserror(NULL); debug_return_bool(false); } arg_len = new_len; diff --git a/plugins/sudoers/tsgetgrpw.c b/plugins/sudoers/tsgetgrpw.c index 7b9ad79..edfc383 100644 --- a/plugins/sudoers/tsgetgrpw.c +++ b/plugins/sudoers/tsgetgrpw.c @@ -1,5 +1,6 @@ /* - * Copyright (c) 2005, 2008, 2010-2011 Todd C. Miller + * Copyright (c) 2005, 2008, 2010-2013 + * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -23,7 +24,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -42,6 +42,7 @@ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ +#include #include #include @@ -55,6 +56,14 @@ #undef GRMEM_MAX #define GRMEM_MAX 200 +#ifndef UID_MAX +# define UID_MAX 0xffffffffU +#endif + +#ifndef GID_MAX +# define GID_MAX UID_MAX +#endif + static FILE *pwf; static const char *pwfile = "/etc/passwd"; static int pw_stayopen; @@ -114,34 +123,46 @@ getpwent(void) static struct passwd pw; static char pwbuf[LINE_MAX]; size_t len; - char *cp, *colon; + unsigned long id; + char *cp, *colon, *ep; +next_entry: if ((colon = fgets(pwbuf, sizeof(pwbuf), pwf)) == NULL) return NULL; zero_bytes(&pw, sizeof(pw)); if ((colon = strchr(cp = colon, ':')) == NULL) - return NULL; + goto next_entry; *colon++ = '\0'; pw.pw_name = cp; if ((colon = strchr(cp = colon, ':')) == NULL) - return NULL; + goto next_entry; *colon++ = '\0'; pw.pw_passwd = cp; if ((colon = strchr(cp = colon, ':')) == NULL) - return NULL; + goto next_entry; *colon++ = '\0'; - pw.pw_uid = atoi(cp); + id = strtoul(cp, &ep, 10); + if (*cp == '\0' || *ep != '\0') + goto next_entry; + if (id > UID_MAX || (id == ULONG_MAX && errno == ERANGE)) + goto next_entry; + pw.pw_uid = (uid_t)id; if ((colon = strchr(cp = colon, ':')) == NULL) - return NULL; + goto next_entry; *colon++ = '\0'; - pw.pw_gid = atoi(cp); + id = strtoul(cp, &ep, 10); + if (*cp == '\0' || *ep != '\0') + goto next_entry; + if (id > GID_MAX || (id == ULONG_MAX && errno == ERANGE)) + goto next_entry; + pw.pw_gid = (gid_t)id; if ((colon = strchr(cp = colon, ':')) == NULL) - return NULL; + goto next_entry; *colon++ = '\0'; pw.pw_gecos = cp; if ((colon = strchr(cp = colon, ':')) == NULL) - return NULL; + goto next_entry; *colon++ = '\0'; pw.pw_dir = cp; pw.pw_shell = colon; @@ -234,25 +255,32 @@ getgrent(void) static struct group gr; static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1]; size_t len; - char *cp, *colon; + unsigned long id; + char *cp, *colon, *ep; int n; +next_entry: if ((colon = fgets(grbuf, sizeof(grbuf), grf)) == NULL) return NULL; zero_bytes(&gr, sizeof(gr)); if ((colon = strchr(cp = colon, ':')) == NULL) - return NULL; + goto next_entry; *colon++ = '\0'; gr.gr_name = cp; if ((colon = strchr(cp = colon, ':')) == NULL) - return NULL; + goto next_entry; *colon++ = '\0'; gr.gr_passwd = cp; if ((colon = strchr(cp = colon, ':')) == NULL) - return NULL; + goto next_entry; *colon++ = '\0'; - gr.gr_gid = atoi(cp); + id = strtoul(cp, &ep, 10); + if (*cp == '\0' || *ep != '\0') + goto next_entry; + if (id > GID_MAX || (id == ULONG_MAX && errno == ERANGE)) + goto next_entry; + gr.gr_gid = (gid_t)id; len = strlen(colon); if (len > 0 && colon[len - 1] == '\n') colon[len - 1] = '\0'; diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 1b55080..1fb7932 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2012 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -32,10 +32,10 @@ #include #include -#include #include #include #include +#include #ifndef __TANDEM # include #endif @@ -67,16 +67,11 @@ #include #include #include -#include #if TIME_WITH_SYS_TIME # include #endif -#ifdef HAVE_SETLOCALE -# include -#endif #include "sudoers.h" -#include "interfaces.h" #include "parse.h" #include "redblack.h" #include "gettext.h" @@ -94,8 +89,6 @@ struct sudoersfile { }; TQ_DECLARE(sudoersfile) -sudo_conv_t sudo_conv; /* NULL in non-plugin */ - /* * Function prototypes */ @@ -109,23 +102,21 @@ static bool check_syntax(char *, bool, bool, bool); static bool edit_sudoers(struct sudoersfile *, char *, char *, int); static bool install_sudoers(struct sudoersfile *, bool); static int print_unused(void *, void *); -static void reparse_sudoers(char *, char *, bool, bool); +static bool reparse_sudoers(char *, char *, bool, bool); static int run_command(char *, char **); -static int visudo_printf(int msg_type, const char *fmt, ...); static void setup_signals(void); static void help(void) __attribute__((__noreturn__)); static void usage(int); +static void visudo_cleanup(void); -void cleanup(int); - -extern void yyerror(const char *); -extern void yyrestart(FILE *); +extern void sudoerserror(const char *); +extern void sudoersrestart(FILE *); /* * External globals exported by the parser */ extern struct rbtree *aliases; -extern FILE *yyin; +extern FILE *sudoersin; extern char *sudoers, *errorfile; extern int errorlineno; extern bool parse_error; @@ -136,14 +127,14 @@ extern int optind; /* * Globals */ -struct interface *interfaces; struct sudo_user sudo_user; struct passwd *list_pw; -sudo_printf_t sudo_printf = visudo_printf; static struct sudoersfile_list sudoerslist; static struct rbtree *alias_freelist; static bool checkonly; +__dso_public int main(int argc, char *argv[]); + int main(int argc, char *argv[]) { @@ -164,17 +155,18 @@ main(int argc, char *argv[]) setprogname(argc > 0 ? argv[0] : "visudo"); #endif -#ifdef HAVE_SETLOCALE - setlocale(LC_ALL, ""); -#endif + sudoers_setlocale(SUDOERS_LOCALE_USER, NULL); bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have visudo domain */ textdomain("sudoers"); if (argc < 1) usage(1); + /* Register fatal/fatalx callback. */ + fatal_callback_register(visudo_cleanup); + /* Read sudo.conf. */ - sudo_conf_read(); + sudo_conf_read(NULL); /* * Arg handling. @@ -217,7 +209,7 @@ main(int argc, char *argv[]) /* Mock up a fake sudo_user struct. */ user_cmnd = ""; if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL) - errorx(1, _("you do not exist in the %s database"), "passwd"); + fatalx(_("you do not exist in the %s database"), "passwd"); get_hostname(); /* Setup defaults data structures. */ @@ -229,14 +221,13 @@ main(int argc, char *argv[]) } /* - * Parse the existing sudoers file(s) in quiet mode to highlight any - * existing errors and to pull in editor and env_editor conf values. + * Parse the existing sudoers file(s) to highlight any existing + * errors and to pull in editor and env_editor conf values. */ - if ((yyin = open_sudoers(sudoers_path, true, NULL)) == NULL) { - error(1, "%s", sudoers_path); - } + if ((sudoersin = open_sudoers(sudoers_path, true, NULL)) == NULL) + exit(1); init_parser(sudoers_path, false); - yyparse(); + sudoersparse(); (void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER); editor = get_editor(&args); @@ -256,12 +247,14 @@ main(int argc, char *argv[]) edit_sudoers(sp, editor, args, -1); } - /* Check edited files for a parse error and re-edit any that fail. */ - reparse_sudoers(editor, args, strict, quiet); - - /* Install the sudoers temp files as needed. */ - tq_foreach_fwd(&sudoerslist, sp) { - (void) install_sudoers(sp, oldperms); + /* + * Check edited files for a parse error, re-edit any that fail + * and install the edited files as needed. + */ + if (reparse_sudoers(editor, args, strict, quiet)) { + tq_foreach_fwd(&sudoerslist, sp) { + (void) install_sudoers(sp, oldperms); + } } done: @@ -316,7 +309,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno) debug_decl(edit_sudoers, SUDO_DEBUG_UTIL) if (fstat(sp->fd, &sb) == -1) - error(1, _("unable to stat %s"), sp->path); + fatal(_("unable to stat %s"), sp->path); orig_size = sb.st_size; mtim_get(&sb, &orig_mtim); @@ -325,20 +318,20 @@ edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno) easprintf(&sp->tpath, "%s.tmp", sp->path); tfd = open(sp->tpath, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (tfd < 0) - error(1, "%s", sp->tpath); + fatal("%s", sp->tpath); /* Copy sp->path -> sp->tpath and reset the mtime. */ if (orig_size != 0) { (void) lseek(sp->fd, (off_t)0, SEEK_SET); while ((nread = read(sp->fd, buf, sizeof(buf))) > 0) if (write(tfd, buf, nread) != nread) - error(1, _("write error")); + fatal(_("write error")); /* Add missing newline at EOF if needed. */ if (nread > 0 && buf[nread - 1] != '\n') { buf[0] = '\n'; if (write(tfd, buf, 1) != 1) - error(1, _("write error")); + fatal(_("write error")); } } (void) close(tfd); @@ -464,7 +457,7 @@ done: /* * Parse sudoers after editing and re-edit any ones that caused a parse error. */ -static void +static bool reparse_sudoers(char *editor, char *args, bool strict, bool quiet) { struct sudoersfile *sp, *last; @@ -472,33 +465,29 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet) int ch; debug_decl(reparse_sudoers, SUDO_DEBUG_UTIL) - if (tq_empty(&sudoerslist)) - debug_return; - /* * Parse the edited sudoers files and do sanity checking */ - do { - sp = tq_first(&sudoerslist); + while ((sp = tq_first(&sudoerslist)) != NULL) { last = tq_last(&sudoerslist); fp = fopen(sp->tpath, "r+"); if (fp == NULL) - errorx(1, _("unable to re-open temporary file (%s), %s unchanged."), + fatalx(_("unable to re-open temporary file (%s), %s unchanged."), sp->tpath, sp->path); /* Clean slate for each parse */ init_defaults(); init_parser(sp->path, quiet); - /* Parse the sudoers temp file */ - yyrestart(fp); - if (yyparse() && !parse_error) { + /* Parse the sudoers temp file(s) */ + sudoersrestart(fp); + if (sudoersparse() && !parse_error) { warningx(_("unabled to parse temporary file (%s), unknown error"), sp->tpath); parse_error = true; errorfile = sp->path; } - fclose(yyin); + fclose(sudoersin); if (!parse_error) { if (!check_defaults(SETDEF_ALL, quiet) || check_aliases(strict, quiet) != 0) { @@ -508,32 +497,31 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet) } /* - * Got an error, prompt the user for what to do now + * Got an error, prompt the user for what to do now. */ if (parse_error) { switch (whatnow()) { - case 'Q' : parse_error = false; /* ignore parse error */ - break; - case 'x' : /* XXX - should return instead of exiting */ - cleanup(0); - sudo_debug_exit_int(__func__, __FILE__, - __LINE__, sudo_debug_subsys, 0); - exit(0); - break; - } - } - if (parse_error) { - /* Edit file with the parse error */ - tq_foreach_fwd(&sudoerslist, sp) { - if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) { - edit_sudoers(sp, editor, args, errorlineno); - if (errorfile != NULL) - break; + case 'Q': + parse_error = false; /* ignore parse error */ + break; + case 'x': + visudo_cleanup(); /* discard changes */ + debug_return_bool(false); + case 'e': + default: + /* Edit file with the parse error */ + tq_foreach_fwd(&sudoerslist, sp) { + if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) { + edit_sudoers(sp, editor, args, errorlineno); + if (errorfile != NULL) + break; + } } - } - if (errorfile != NULL && sp == NULL) { - errorx(1, _("internal error, unable to find %s in list!"), - sudoers); + if (errorfile != NULL && sp == NULL) { + fatalx(_("internal error, unable to find %s in list!"), + sudoers); + } + break; } } @@ -544,9 +532,13 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet) continue; edit_sudoers(sp, editor, args, errorlineno); } - } while (parse_error); - debug_return; + /* If all sudoers files parsed OK we are done. */ + if (!parse_error) + break; + } + + debug_return_bool(true); } /* @@ -582,7 +574,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms) if (oldperms) { /* Use perms of the existing file. */ if (fstat(sp->fd, &sb) == -1) - error(1, _("unable to stat %s"), sp->path); + fatal(_("unable to stat %s"), sp->path); if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) { warning(_("unable to set (uid, gid) of %s to (%u, %u)"), sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid); @@ -649,13 +641,6 @@ done: debug_return_bool(rval); } -/* STUB */ -void -set_fqdn(void) -{ - return; -} - /* STUB */ void init_envtables(void) @@ -691,6 +676,12 @@ group_plugin_query(const char *user, const char *group, const struct passwd *pw) return false; } +/* STUB */ +struct interface *get_interfaces(void) +{ + return NULL; +} + /* * Assuming a parse error occurred, prompt the user for what they want * to do now. Returns the first letter of their choice. @@ -757,7 +748,7 @@ run_command(char *path, char **argv) switch (pid = sudo_debug_fork()) { case -1: - error(1, _("unable to execute %s"), path); + fatal(_("unable to execute %s"), path); break; /* NOTREACHED */ case 0: sudo_endpwent(); @@ -812,15 +803,15 @@ check_syntax(char *sudoers_path, bool quiet, bool strict, bool oldperms) debug_decl(check_syntax, SUDO_DEBUG_UTIL) if (strcmp(sudoers_path, "-") == 0) { - yyin = stdin; + sudoersin = stdin; sudoers_path = "stdin"; - } else if ((yyin = fopen(sudoers_path, "r")) == NULL) { + } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) { if (!quiet) warning(_("unable to open %s"), sudoers_path); goto done; } init_parser(sudoers_path, quiet); - if (yyparse() && !parse_error) { + if (sudoersparse() && !parse_error) { if (!quiet) warningx(_("failed to parse %s file, unknown error"), sudoers_path); parse_error = true; @@ -900,18 +891,18 @@ open_sudoers(const char *path, bool doedit, bool *keepopen) debug_return_ptr(NULL); } if (!checkonly && !lock_file(entry->fd, SUDO_TLOCK)) - errorx(1, _("%s busy, try again later"), entry->path); + fatalx(_("%s busy, try again later"), entry->path); if ((fp = fdopen(entry->fd, "r")) == NULL) - error(1, "%s", entry->path); + fatal("%s", entry->path); tq_append(&sudoerslist, entry); } else { /* Already exists, open .tmp version if there is one. */ if (entry->tpath != NULL) { if ((fp = fopen(entry->tpath, "r")) == NULL) - error(1, "%s", entry->tpath); + fatal("%s", entry->tpath); } else { if ((fp = fdopen(entry->fd, "r")) == NULL) - error(1, "%s", entry->path); + fatal("%s", entry->path); rewind(fp); } } @@ -944,7 +935,7 @@ get_editor(char **args) } else { if (def_env_editor) { /* If we are honoring $EDITOR this is a fatal error. */ - errorx(1, _("specified editor (%s) doesn't exist"), UserEditor); + fatalx(_("specified editor (%s) doesn't exist"), UserEditor); } else { /* Otherwise, just ignore $EDITOR. */ UserEditor = NULL; @@ -967,7 +958,7 @@ get_editor(char **args) if (stat(UserEditor, &user_editor_sb) != 0) { /* Should never happen since we already checked above. */ - error(1, _("unable to stat editor (%s)"), UserEditor); + fatal(_("unable to stat editor (%s)"), UserEditor); } EditorPath = estrdup(def_editor); Editor = strtok(EditorPath, ":"); @@ -1015,7 +1006,7 @@ get_editor(char **args) /* Bleah, none of the editors existed! */ if (Editor == NULL || *Editor == '\0') - errorx(1, _("no editor found (editor path = %s)"), def_editor); + fatalx(_("no editor found (editor path = %s)"), def_editor); } *args = EditorArgs; debug_return_str(Editor); @@ -1047,7 +1038,7 @@ get_args(char *cmnd) static void get_hostname(void) { - char *p, thost[MAXHOSTNAMELEN + 1]; + char *p, thost[HOST_NAME_MAX + 1]; debug_decl(get_hostname, SUDO_DEBUG_UTIL) if (gethostname(thost, sizeof(thost)) != -1) { @@ -1084,7 +1075,6 @@ alias_remove_recursive(char *name, int type) } rbinsert(alias_freelist, a); } - alias_seqno++; debug_return_bool(rval); } @@ -1096,12 +1086,13 @@ check_alias(char *name, int type, int strict, int quiet) int errors = 0; debug_decl(check_alias, SUDO_DEBUG_ALIAS) - if ((a = alias_find(name, type)) != NULL) { + if ((a = alias_get(name, type)) != NULL) { /* check alias contents */ tq_foreach_fwd(&a->members, m) { if (m->type == ALIAS) errors += check_alias(m->name, type, strict, quiet); } + alias_put(a); } else { if (!quiet) { char *fmt; @@ -1146,26 +1137,22 @@ check_aliases(bool strict, bool quiet) tq_foreach_fwd(&userspecs, us) { tq_foreach_fwd(&us->users, m) { if (m->type == ALIAS) { - alias_seqno++; errors += check_alias(m->name, USERALIAS, strict, quiet); } } tq_foreach_fwd(&us->privileges, priv) { tq_foreach_fwd(&priv->hostlist, m) { if (m->type == ALIAS) { - alias_seqno++; errors += check_alias(m->name, HOSTALIAS, strict, quiet); } } tq_foreach_fwd(&priv->cmndlist, cs) { tq_foreach_fwd(&cs->runasuserlist, m) { if (m->type == ALIAS) { - alias_seqno++; errors += check_alias(m->name, RUNASALIAS, strict, quiet); } } if ((m = cs->cmnd)->type == ALIAS) { - alias_seqno++; errors += check_alias(m->name, CMNDALIAS, strict, quiet); } } @@ -1176,7 +1163,6 @@ check_aliases(bool strict, bool quiet) tq_foreach_fwd(&userspecs, us) { tq_foreach_fwd(&us->users, m) { if (m->type == ALIAS) { - alias_seqno++; if (!alias_remove_recursive(m->name, USERALIAS)) errors++; } @@ -1184,7 +1170,6 @@ check_aliases(bool strict, bool quiet) tq_foreach_fwd(&us->privileges, priv) { tq_foreach_fwd(&priv->hostlist, m) { if (m->type == ALIAS) { - alias_seqno++; if (!alias_remove_recursive(m->name, HOSTALIAS)) errors++; } @@ -1192,13 +1177,11 @@ check_aliases(bool strict, bool quiet) tq_foreach_fwd(&priv->cmndlist, cs) { tq_foreach_fwd(&cs->runasuserlist, m) { if (m->type == ALIAS) { - alias_seqno++; if (!alias_remove_recursive(m->name, RUNASALIAS)) errors++; } } if ((m = cs->cmnd)->type == ALIAS) { - alias_seqno++; if (!alias_remove_recursive(m->name, CMNDALIAS)) errors++; } @@ -1225,7 +1208,6 @@ check_aliases(bool strict, bool quiet) tq_foreach_fwd(&d->binding, binding) { for (m = binding; m != NULL; m = m->next) { if (m->type == ALIAS) { - alias_seqno++; if (!alias_remove_recursive(m->name, atype)) errors++; } @@ -1247,7 +1229,7 @@ print_unused(void *v1, void *v2) struct alias *a = (struct alias *)v1; char *prefix = (char *)v2; - warningx2(_("%s: unused %s_Alias %s"), prefix, + warningx_nodebug(_("%s: unused %s_Alias %s"), prefix, a->type == HOSTALIAS ? "Host" : a->type == CMNDALIAS ? "Cmnd" : a->type == USERALIAS ? "User" : a->type == RUNASALIAS ? "Runas" : "Unknown", a->name); @@ -1257,8 +1239,8 @@ print_unused(void *v1, void *v2) /* * Unlink any sudoers temp files that remain. */ -void -cleanup(int gotsignal) +static void +visudo_cleanup(void) { struct sudoersfile *sp; @@ -1266,10 +1248,8 @@ cleanup(int gotsignal) if (sp->tpath != NULL) (void) unlink(sp->tpath); } - if (!gotsignal) { - sudo_endpwent(); - sudo_endgrent(); - } + sudo_endpwent(); + sudo_endgrent(); } /* @@ -1278,16 +1258,24 @@ cleanup(int gotsignal) static void quit(int signo) { - const char *signame, *myname; + struct sudoersfile *sp; + struct iovec iov[4]; + + tq_foreach_fwd(&sudoerslist, sp) { + if (sp->tpath != NULL) + (void) unlink(sp->tpath); + } - cleanup(signo); #define emsg " exiting due to signal: " - myname = getprogname(); - signame = strsignal(signo); - ignore_result(write(STDERR_FILENO, myname, strlen(myname))); - ignore_result(write(STDERR_FILENO, emsg, sizeof(emsg) - 1)); - ignore_result(write(STDERR_FILENO, signame, strlen(signame))); - ignore_result(write(STDERR_FILENO, "\n", 1)); + iov[0].iov_base = (char *)getprogname(); + iov[0].iov_len = strlen(iov[0].iov_base); + iov[1].iov_base = emsg; + iov[1].iov_len = sizeof(emsg) - 1; + iov[2].iov_base = strsignal(signo); + iov[2].iov_len = strlen(iov[2].iov_base); + iov[3].iov_base = "\n"; + iov[3].iov_len = 1; + ignore_result(writev(STDERR_FILENO, iov, 4)); _exit(signo); } @@ -1314,28 +1302,3 @@ help(void) " -V display version information and exit")); exit(0); } - -static int -visudo_printf(int msg_type, const char *fmt, ...) -{ - va_list ap; - FILE *fp; - - switch (msg_type) { - case SUDO_CONV_INFO_MSG: - fp = stdout; - break; - case SUDO_CONV_ERROR_MSG: - fp = stderr; - break; - default: - errno = EINVAL; - return -1; - } - - va_start(ap, fmt); - vfprintf(fp, fmt, ap); - va_end(ap); - - return 0; -} diff --git a/plugins/system_group/Makefile.in b/plugins/system_group/Makefile.in index aaac4bb..7558b9c 100644 --- a/plugins/system_group/Makefile.in +++ b/plugins/system_group/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2011-2012 Todd C. Miller +# Copyright (c) 2011-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -119,10 +119,10 @@ install-includes: install-doc: install-plugin: install-dirs system_group.la - $(INSTALL) -b~ -m $(shlib_mode) .libs/system_group$(soext) $(DESTDIR)$(plugindir) + $(INSTALL) -b~ -m $(shlib_mode) .libs/system_group$(soext) $(DESTDIR)$(plugindir)/system_group.so uninstall: - -rm -f $(DESTDIR)$(plugindir)/system_group$(soext) + -rm -f $(DESTDIR)$(plugindir)/system_group.so check: diff --git a/plugins/system_group/system_group.c b/plugins/system_group/system_group.c index b015d39..df2783d 100644 --- a/plugins/system_group/system_group.c +++ b/plugins/system_group/system_group.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2012 Todd C. Miller + * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include @@ -163,7 +162,7 @@ sysgroup_query(const char *user, const char *group, const struct passwd *pwd) return false; } -struct sudoers_group_plugin group_plugin = { +__dso_public struct sudoers_group_plugin group_plugin = { GROUP_API_VERSION, sysgroup_init, sysgroup_cleanup, diff --git a/pp b/pp index 9452f23..2b37f44 100755 --- a/pp +++ b/pp @@ -1,6 +1,6 @@ #!/bin/sh # Copyright 2012 Quest Software, Inc. ALL RIGHTS RESERVED -pp_revision="368" +pp_revision="371" # Copyright 2012 Quest Software, Inc. ALL RIGHTS RESERVED. # # Redistribution and use in source and binary forms, with or without @@ -4493,19 +4493,13 @@ do_start() then group_opt="--group $GROUP" fi - if [ "$VERBOSE" = no ] - then - quiet_opt="--quiet" - else - quiet_opt="--verbose" - fi - start-stop-daemon --start $quiet_opt $pidfile_opt $user_opt --exec $DAEMON --test > /dev/null \ + start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON --test > /dev/null \ || return 1 # Note: there seems to be no way to tell whether the daemon will fork itself or not, so pass # --background for now - start-stop-daemon --start $quiet_opt $pidfile_opt $user_opt --exec $DAEMON -- \ + start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON -- \ $DAEMON_ARGS \ || return 2 } @@ -4531,13 +4525,7 @@ do_stop() then signal_opt="--signal $STOP_SIGNAL" fi - if [ "$VERBOSE" = "no" ] - then - quiet_opt="--quiet" - else - quiet_opt="--verbose" - fi - start-stop-daemon --stop $quiet_opt $signal_opt --retry=TERM/30/KILL/5 $pidfile_opt --name $NAME + start-stop-daemon --stop --quiet $signal_opt --retry=TERM/30/KILL/5 $pidfile_opt --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks @@ -4546,7 +4534,7 @@ do_stop() # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. - start-stop-daemon --stop $quiet_opt --oknodo --retry=0/30/KILL/5 --exec $DAEMON + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. test -z $PIDFILE || rm -f $PIDFILE @@ -4567,7 +4555,7 @@ do_reload() { fi if [ -n "$RELOAD_SIGNAL" ] then - start-stop-daemon --stop --signal $RELOAD_SIGNAL $quiet_opt $pidfile_opt --name $NAME + start-stop-daemon --stop --signal $RELOAD_SIGNAL --quiet $pidfile_opt --name $NAME fi return 0 } @@ -6612,6 +6600,7 @@ pp_backend_macos_init () { pp_macos_pkg_readme= pp_macos_pkg_welcome= pp_macos_sudo=sudo + pp_macos_installer_plugin= # OS X puts the library version *before* the .dylib extension pp_shlib_suffix='*.dylib' } @@ -6835,8 +6824,7 @@ pp_macos_bom_fix_parents () { # Make sure we do not override system directories if ($d =~ m:^\./(etc|var)$:) { my $tgt = "private/$1"; - my $_ = `/usr/bin/printf "$tgt" | /usr/bin/cksum /dev/stdin`; - my ($sum, $len) = split; + my ($sum, $len) = split(/\s+/, `/usr/bin/printf "$tgt" | /usr/bin/cksum /dev/stdin`); print "$d\t120755\t0/0\t$len\t$sum\t$tgt\n"; } elsif ($d eq "." || $d eq "./Library") { print "$d\t41775\t0/80\n"; @@ -7130,6 +7118,15 @@ CompressedSize 0 awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $Contents/Archive.pax.gz ) + # Copy installer plugins if any + if test -n "$pp_macos_installer_plugin"; then + if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then + pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin" + fi + mkdir -p $pkgdir/Plugins + cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins + fi + test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage rm -f ${name}-${version}.dmg @@ -7299,6 +7296,15 @@ pp_backend_macos_flat () { awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $bundledir/Payload ) + # Copy installer plugins if any + if test -n "$pp_macos_installer_plugin"; then + if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then + pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin" + fi + mkdir -p $pkgdir/Plugins + cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins + fi + test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage # Create the flat package with xar (like pkgutil --flatten does) diff --git a/src/Makefile.in b/src/Makefile.in index 918cf04..04476fa 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2011 Todd C. Miller +# Copyright (c) 2010-2013 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -75,6 +75,10 @@ install_gid = 0 # File mode to use for shared libraries/objects shlib_mode = @SHLIB_MODE@ +TEST_PROGS = check_ttyname +TEST_LIBS = @LIBS@ @LIBINTL@ $(LT_LIBS) +TEST_LDFLAGS = @LDFLAGS@ + # OS dependent defines DEFS = @OSDEFS@ -DLOCALEDIR=\"$(localedir)\" @@ -84,10 +88,14 @@ SHELL = @SHELL@ PROGS = @PROGS@ -OBJS = conversation.o env_hooks.o error.o exec.o exec_common.o exec_pty.o \ - get_pty.o hooks.o net_ifs.o load_plugins.o parse_args.o sudo.o \ +OBJS = conversation.o env_hooks.o exec.o exec_common.o exec_pty.o get_pty.o \ + hooks.o net_ifs.o load_plugins.o parse_args.o signal.o sudo.o \ sudo_edit.o tgetpass.o ttyname.o utmp.o @SUDO_OBJS@ +SESH_OBJS = sesh.o locale_stub.o exec_common.o + +CHECK_TTYNAME_OBJS = check_ttyname.o locale_stub.o ttyname.o + LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ VERSION = @PACKAGE_VERSION@ @@ -111,8 +119,11 @@ sudo: $(OBJS) $(LT_LIBS) libsudo_noexec.la: sudo_noexec.lo $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) -sesh: sesh.o error.o exec_common.o @LIBINTL@ $(LT_LIBS) - $(LIBTOOL) --mode=link $(CC) -o $@ sesh.o error.o exec_common.o $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) @LIBINTL@ $(LIBS) +sesh: $(SESH_OBJS) @LIBINTL@ $(LT_LIBS) + $(LIBTOOL) --mode=link $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) @LIBINTL@ $(LIBS) + +check_ttyname: $(CHECK_TTYNAME_OBJS) $(top_builddir)/common/libcommon.la $(LIBOBJDIR)libreplace.la + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_TTYNAME_OBJS) $(TEST_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LIBS) pre-install: @@ -120,13 +131,13 @@ install: install-binaries @INSTALL_NOEXEC@ install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \ - $(DESTDIR)$(noexecdir) + $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir) install-binaries: install-dirs $(PROGS) $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 04755 sudo $(DESTDIR)$(bindir)/sudo rm -f $(DESTDIR)$(bindir)/sudoedit ln -s sudo $(DESTDIR)$(bindir)/sudoedit - if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 sesh $(DESTDIR)$(libexecdir)/sesh; fi + if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 sesh $(DESTDIR)$(libexecdir)/sudo/sesh; fi install-doc: @@ -141,13 +152,14 @@ install-plugin: uninstall: -rm -f $(DESTDIR)$(bindir)/sudo $(DESTDIR)$(bindir)/sudoedit \ - $(DESTDIR)$(libexecdir)/sesh \ + $(DESTDIR)$(libexecdir)/sudo/sesh \ $(DESTDIR)$(noexecdir)/$(noexecfile) -check: +check: $(TEST_PROGS) + ./check_ttyname clean: - -$(LIBTOOL) --mode=clean rm -f $(PROGS) *.lo *.o *.la *.a stamp-* core *.core core.* + -$(LIBTOOL) --mode=clean rm -f $(PROGS) $(TEST_PROGS) *.lo *.o *.la *.a stamp-* core *.core core.* mostlyclean: clean @@ -162,6 +174,10 @@ realclean: distclean cleandir: realclean # Autogenerated dependencies, do not modify +check_ttyname.o: $(srcdir)/regress/ttyname/check_ttyname.c \ + $(top_builddir)/config.h $(incdir)/missing.h \ + $(incdir)/alloc.h $(incdir)/error.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/ttyname/check_ttyname.c conversation.o: $(srcdir)/conversation.c $(top_builddir)/config.h \ $(srcdir)/sudo.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \ @@ -178,9 +194,6 @@ env_hooks.o: $(srcdir)/env_hooks.c $(top_builddir)/config.h \ $(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \ $(incdir)/sudo_plugin.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/env_hooks.c -error.o: $(srcdir)/error.c $(top_builddir)/config.h $(incdir)/missing.h \ - $(incdir)/error.h $(incdir)/gettext.h - $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/error.c exec.o: $(srcdir)/exec.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \ $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ @@ -227,10 +240,19 @@ load_plugins.o: $(srcdir)/load_plugins.c $(top_builddir)/config.h \ $(incdir)/sudo_plugin.h $(srcdir)/sudo_plugin_int.h \ $(incdir)/sudo_conf.h $(incdir)/list.h $(incdir)/sudo_debug.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/load_plugins.c +locale_stub.o: $(srcdir)/locale_stub.c $(top_builddir)/config.h \ + $(incdir)/missing.h $(incdir)/error.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/locale_stub.c net_ifs.o: $(srcdir)/net_ifs.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/alloc.h $(incdir)/error.h $(incdir)/sudo_debug.h \ $(incdir)/gettext.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/net_ifs.c +openbsd.o: $(srcdir)/openbsd.c $(top_builddir)/config.h $(srcdir)/sudo.h \ + $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \ + $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ + $(incdir)/fileops.h $(incdir)/list.h $(incdir)/sudo_conf.h \ + $(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/openbsd.c parse_args.o: $(srcdir)/parse_args.c $(top_builddir)/config.h ./sudo_usage.h \ $(srcdir)/sudo.h $(top_builddir)/pathnames.h \ $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \ @@ -253,6 +275,18 @@ sesh.o: $(srcdir)/sesh.c $(top_builddir)/config.h \ $(incdir)/list.h $(incdir)/sudo_debug.h $(srcdir)/sudo_exec.h \ $(incdir)/sudo_plugin.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sesh.c +signal.o: $(srcdir)/signal.c $(top_builddir)/config.h $(srcdir)/sudo.h \ + $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \ + $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ + $(incdir)/fileops.h $(incdir)/list.h $(incdir)/sudo_conf.h \ + $(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/signal.c +solaris.o: $(srcdir)/solaris.c $(top_builddir)/config.h $(srcdir)/sudo.h \ + $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \ + $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ + $(incdir)/fileops.h $(incdir)/list.h $(incdir)/sudo_conf.h \ + $(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris.c sudo.o: $(srcdir)/sudo.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \ $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ diff --git a/src/conversation.c b/src/conversation.c index 737335e..bab539e 100644 --- a/src/conversation.c +++ b/src/conversation.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007-2010 Todd C. Miller + * Copyright (c) 1999-2005, 2007-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -51,10 +50,6 @@ extern int tgetpass_flags; /* XXX */ -#if defined(HAVE_DLOPEN) || defined(HAVE_SHL_LOAD) -sudo_conv_t sudo_conv; /* NULL in sudo front-end */ -#endif - /* * Sudo conversation function. */ @@ -120,29 +115,3 @@ err: return -1; } - -int -_sudo_printf(int msg_type, const char *fmt, ...) -{ - va_list ap; - FILE *fp; - int len; - - switch (msg_type) { - case SUDO_CONV_INFO_MSG: - fp = stdout; - break; - case SUDO_CONV_ERROR_MSG: - fp = stderr; - break; - default: - errno = EINVAL; - return -1; - } - - va_start(ap, fmt); - len = vfprintf(fp, fmt, ap); - va_end(ap); - - return len; -} diff --git a/src/error.c b/src/error.c deleted file mode 100644 index 56108c1..0000000 --- a/src/error.c +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2004-2005, 2010 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include - -#include -#include -#include -#include - -#include "missing.h" -#include "error.h" - -#define DEFAULT_TEXT_DOMAIN "sudo" -#include "gettext.h" - -static void _warning(int, const char *, va_list); - void cleanup(int); - -void -error2(int eval, const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - _warning(1, fmt, ap); - va_end(ap); - cleanup(0); - exit(eval); -} - -void -errorx2(int eval, const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - _warning(0, fmt, ap); - va_end(ap); - cleanup(0); - exit(eval); -} - -void -warning2(const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - _warning(1, fmt, ap); - va_end(ap); -} - -void -warningx2(const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - _warning(0, fmt, ap); - va_end(ap); -} - -static void -_warning(int use_errno, const char *fmt, va_list ap) -{ - int serrno = errno; - - fputs(getprogname(), stderr); - if (fmt != NULL) { - fputs(_(": "), stderr); - vfprintf(stderr, fmt, ap); - } - if (use_errno) { - fputs(_(": "), stderr); - fputs(strerror(serrno), stderr); - } - putc('\n', stderr); -} diff --git a/src/exec.c b/src/exec.c index f88054c..8bc5555 100644 --- a/src/exec.c +++ b/src/exec.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2012 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #ifdef HAVE_SYS_SYSMACROS_H # include #endif @@ -50,9 +49,6 @@ #if TIME_WITH_SYS_TIME # include #endif -#ifdef HAVE_SETLOCALE -# include -#endif #include #include #include @@ -63,9 +59,6 @@ #include "sudo_plugin.h" #include "sudo_plugin_int.h" -/* Shared with exec_pty.c for use with handler(). */ -int signal_pipe[2]; - /* We keep a tailq of signals to forward to child. */ struct sigforward { struct sigforward *prev, *next; @@ -77,8 +70,9 @@ static pid_t ppgrp = -1; volatile pid_t cmnd_pid = -1; -static int handle_signals(int sv[2], pid_t child, int log_io, +static int dispatch_signals(int sv[2], pid_t child, int log_io, struct command_status *cstat); +static int dispatch_pending_signals(struct command_status *cstat); static void forward_signals(int fd); static void schedule_signal(int signo); #ifdef SA_SIGINFO @@ -110,8 +104,8 @@ static int fork_cmnd(struct command_details *details, int sv[2]) * XXX - currently we send SIGCONT upon resume in some cases where * we don't need to (e.g. command pgrp == parent pgrp). */ - zero_bytes(&sa, sizeof(sa)); - sigemptyset(&sa.sa_mask); + memset(&sa, 0, sizeof(sa)); + sigfillset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */ #ifdef SA_SIGINFO sa.sa_flags |= SA_SIGINFO; @@ -119,23 +113,23 @@ static int fork_cmnd(struct command_details *details, int sv[2]) #else sa.sa_handler = handler; #endif - sigaction(SIGCONT, &sa, NULL); + sudo_sigaction(SIGCONT, &sa, NULL); #ifdef SA_SIGINFO sa.sa_sigaction = handler_user_only; #endif - sigaction(SIGTSTP, &sa, NULL); + sudo_sigaction(SIGTSTP, &sa, NULL); /* * The policy plugin's session init must be run before we fork * or certain pam modules won't be able to track their state. */ if (policy_init_session(details) != true) - errorx(1, _("policy plugin failed session initialization")); + fatalx(_("policy plugin failed session initialization")); cmnd_pid = sudo_debug_fork(); switch (cmnd_pid) { case -1: - error(1, _("unable to fork")); + fatal(_("unable to fork")); break; case 0: /* child */ @@ -143,35 +137,7 @@ static int fork_cmnd(struct command_details *details, int sv[2]) close(signal_pipe[0]); close(signal_pipe[1]); fcntl(sv[1], F_SETFD, FD_CLOEXEC); - restore_signals(); - if (exec_setup(details, NULL, -1) == true) { - /* headed for execve() */ - sudo_debug_execve(SUDO_DEBUG_INFO, details->command, - details->argv, details->envp); - if (details->closefrom >= 0) { - int maxfd = details->closefrom; - dup2(sv[1], maxfd); - (void)fcntl(maxfd, F_SETFD, FD_CLOEXEC); - sv[1] = maxfd++; - if (sudo_debug_fd_set(maxfd) != -1) - maxfd++; - closefrom(maxfd); - } -#ifdef HAVE_SELINUX - if (ISSET(details->flags, CD_RBAC_ENABLED)) { - selinux_execve(details->command, details->argv, details->envp, - ISSET(details->flags, CD_NOEXEC)); - } else -#endif - { - sudo_execve(details->command, details->argv, details->envp, - ISSET(details->flags, CD_NOEXEC)); - } - sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s", - details->command, strerror(errno)); - } - cstat.type = CMD_ERRNO; - cstat.val = errno; + exec_cmnd(details, &cstat, &sv[1]); send(sv[1], &cstat, sizeof(cstat), 0); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1); _exit(1); @@ -181,58 +147,56 @@ static int fork_cmnd(struct command_details *details, int sv[2]) debug_return_int(cmnd_pid); } -static struct signal_state { - int signo; - sigaction_t sa; -} saved_signals[] = { - { SIGALRM }, - { SIGCHLD }, - { SIGCONT }, - { SIGHUP }, - { SIGINT }, - { SIGPIPE }, - { SIGQUIT }, - { SIGTERM }, - { SIGTSTP }, - { SIGTTIN }, - { SIGTTOU }, - { SIGUSR1 }, - { SIGUSR2 }, - { -1 } -}; - -/* - * Save signal handler state so it can be restored before exec. - */ -void -save_signals(void) -{ - struct signal_state *ss; - debug_decl(save_signals, SUDO_DEBUG_EXEC) - - for (ss = saved_signals; ss->signo != -1; ss++) - sigaction(ss->signo, NULL, &ss->sa); - - debug_return; -} - /* - * Restore signal handlers to initial state. + * Setup the execution environment and execute the command. + * If SELinux is enabled, run the command via sesh, otherwise + * execute it directly. + * If the exec fails, cstat is filled in with the value of errno. */ void -restore_signals(void) +exec_cmnd(struct command_details *details, struct command_status *cstat, + int *errfd) { - struct signal_state *ss; - debug_decl(restore_signals, SUDO_DEBUG_EXEC) - - for (ss = saved_signals; ss->signo != -1; ss++) - sigaction(ss->signo, &ss->sa, NULL); - + debug_decl(exec_cmnd, SUDO_DEBUG_EXEC) + + restore_signals(); + if (exec_setup(details, NULL, -1) == true) { + /* headed for execve() */ + sudo_debug_execve(SUDO_DEBUG_INFO, details->command, + details->argv, details->envp); + if (details->closefrom >= 0) { + int maxfd = details->closefrom; + /* Preserve back channel if present. */ + if (errfd != NULL) { + dup2(*errfd, maxfd); + (void)fcntl(maxfd, F_SETFD, FD_CLOEXEC); + *errfd = maxfd++; + } + if (sudo_debug_fd_set(maxfd) != -1) + maxfd++; + closefrom(maxfd); + } +#ifdef HAVE_SELINUX + if (ISSET(details->flags, CD_RBAC_ENABLED)) { + selinux_execve(details->command, details->argv, details->envp, + ISSET(details->flags, CD_NOEXEC)); + } else +#endif + { + sudo_execve(details->command, details->argv, details->envp, + ISSET(details->flags, CD_NOEXEC)); + } + cstat->type = CMD_ERRNO; + cstat->val = errno; + sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s", + details->command, strerror(errno)); + } debug_return; } /* - * Execute a command, potentially in a pty with I/O loggging. + * Execute a command, potentially in a pty with I/O loggging, and + * wait for it to finish. * This is a little bit tricky due to how POSIX job control works and * we fact that we have two different controlling terminals to deal with. */ @@ -248,6 +212,8 @@ sudo_execute(struct command_details *details, struct command_status *cstat) pid_t child; debug_decl(sudo_execute, SUDO_DEBUG_EXEC) + dispatch_pending_signals(cstat); + /* If running in background mode, fork and exit. */ if (ISSET(details->flags, CD_BACKGROUND)) { switch (sudo_debug_fork()) { @@ -278,6 +244,11 @@ sudo_execute(struct command_details *details, struct command_status *cstat) utmp_user = details->utmp_user ? details->utmp_user : user_details.username; sudo_debug_printf(SUDO_DEBUG_INFO, "allocate pty for I/O logging"); pty_setup(details->euid, user_details.tty, utmp_user); + } else if (!ISSET(details->flags, CD_SET_TIMEOUT) && + policy_plugin.u.policy->close == NULL) { + /* If no I/O logging, timeout or policy close we can exec directly. */ + exec_cmnd(details, cstat, NULL); + goto done; } /* @@ -285,22 +256,15 @@ sudo_execute(struct command_details *details, struct command_status *cstat) * Parent sends signal info to child and child sends back wait status. */ if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sv) == -1) - error(1, _("unable to create sockets")); - - /* - * We use a pipe to atomically handle signal notification within - * the select() loop. - */ - if (pipe_nonblock(signal_pipe) != 0) - error(1, _("unable to create pipe")); - - zero_bytes(&sa, sizeof(sa)); - sigemptyset(&sa.sa_mask); + fatal(_("unable to create sockets")); /* * Signals to forward to the child process (excluding SIGALRM and SIGCHLD). + * We block all other signals while running the signal handler. * Note: HP-UX select() will not be interrupted if SA_RESTART set. */ + memset(&sa, 0, sizeof(sa)); + sigfillset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */ #ifdef SA_SIGINFO sa.sa_flags |= SA_SIGINFO; @@ -308,12 +272,12 @@ sudo_execute(struct command_details *details, struct command_status *cstat) #else sa.sa_handler = handler; #endif - sigaction(SIGALRM, &sa, NULL); - sigaction(SIGCHLD, &sa, NULL); - sigaction(SIGPIPE, &sa, NULL); - sigaction(SIGTERM, &sa, NULL); - sigaction(SIGUSR1, &sa, NULL); - sigaction(SIGUSR2, &sa, NULL); + sudo_sigaction(SIGTERM, &sa, NULL); + sudo_sigaction(SIGALRM, &sa, NULL); /* XXX - only if there is a timeout */ + sudo_sigaction(SIGCHLD, &sa, NULL); + sudo_sigaction(SIGPIPE, &sa, NULL); + sudo_sigaction(SIGUSR1, &sa, NULL); + sudo_sigaction(SIGUSR2, &sa, NULL); /* * When not running the command in a pty, we do not want to @@ -328,9 +292,9 @@ sudo_execute(struct command_details *details, struct command_status *cstat) sa.sa_sigaction = handler_user_only; } #endif - sigaction(SIGHUP, &sa, NULL); - sigaction(SIGINT, &sa, NULL); - sigaction(SIGQUIT, &sa, NULL); + sudo_sigaction(SIGHUP, &sa, NULL); + sudo_sigaction(SIGINT, &sa, NULL); + sudo_sigaction(SIGQUIT, &sa, NULL); /* Max fd we will be selecting on. */ maxfd = MAX(sv[0], signal_pipe[0]); @@ -349,13 +313,11 @@ sudo_execute(struct command_details *details, struct command_status *cstat) if (ISSET(details->flags, CD_SET_TIMEOUT)) alarm(details->timeout); -#ifdef HAVE_SETLOCALE /* * I/O logging must be in the C locale for floating point numbers * to be logged consistently. */ setlocale(LC_ALL, "C"); -#endif /* * In the event loop we pass input from user tty to master @@ -393,7 +355,7 @@ sudo_execute(struct command_details *details, struct command_status *cstat) forward_signals(sv[0]); } if (FD_ISSET(signal_pipe[0], fdsr)) { - n = handle_signals(sv, child, log_io, cstat); + n = dispatch_signals(sv, child, log_io, cstat); if (n == 0) { /* Child has exited, cstat is set, we are done. */ break; @@ -495,23 +457,23 @@ do_tty_io: tq_remove(&sigfwd_list, sigfwd); efree(sigfwd); } - +done: debug_return_int(cstat->type == CMD_ERRNO ? -1 : 0); } /* - * Read signals on fd written to by handler(). + * Read signals on signal_pipe written by handler(). * Returns -1 on error, 0 on child exit, else 1. */ static int -handle_signals(int sv[2], pid_t child, int log_io, struct command_status *cstat) +dispatch_signals(int sv[2], pid_t child, int log_io, struct command_status *cstat) { char signame[SIG2STR_MAX]; unsigned char signo; ssize_t nread; int status; pid_t pid; - debug_decl(handle_signals, SUDO_DEBUG_EXEC) + debug_decl(dispatch_signals, SUDO_DEBUG_EXEC) for (;;) { /* read signal pipe */ @@ -573,15 +535,16 @@ handle_signals(int sv[2], pid_t child, int log_io, struct command_status *cstat) saved_pgrp = -1; } if (signo == SIGTSTP) { - zero_bytes(&sa, sizeof(sa)); + memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_DFL; - sigaction(SIGTSTP, &sa, &osa); + sudo_sigaction(SIGTSTP, &sa, &osa); } if (kill(getpid(), signo) != 0) warning("kill(%d, SIG%s)", (int)getpid(), signame); if (signo == SIGTSTP) - sigaction(SIGTSTP, &osa, NULL); + sudo_sigaction(SIGTSTP, &osa, NULL); if (fd != -1) { /* * Restore command's process group if different. @@ -615,6 +578,63 @@ handle_signals(int sv[2], pid_t child, int log_io, struct command_status *cstat) debug_return_int(1); } +/* + * Drain pending signals from signale_pipe written by sudo_handler(). + * Handles the case where the signal was sent to us before + * we have executed the command. + * Returns 1 if we should terminate, else 0. + */ +static int +dispatch_pending_signals(struct command_status *cstat) +{ + ssize_t nread; + struct sigaction sa; + unsigned char signo = 0; + int rval = 0; + debug_decl(dispatch_pending_signals, SUDO_DEBUG_EXEC) + + for (;;) { + nread = read(signal_pipe[0], &signo, sizeof(signo)); + if (nread <= 0) { + /* It should not be possible to get EOF but just in case. */ + if (nread == 0) + errno = ECONNRESET; + /* Restart if interrupted by signal so the pipe doesn't fill. */ + if (errno == EINTR) + continue; + /* If pipe is empty, we are done. */ + if (errno == EAGAIN) + break; + sudo_debug_printf(SUDO_DEBUG_ERROR, "error reading signal pipe %s", + strerror(errno)); + cstat->type = CMD_ERRNO; + cstat->val = errno; + rval = 1; + break; + } + /* Take the first terminal signal. */ + if (signo == SIGINT || signo == SIGQUIT) { + cstat->type = CMD_WSTATUS; + cstat->val = signo + 128; + rval = 1; + break; + } + } + /* Only stop if we haven't already been terminated. */ + if (signo == SIGTSTP) + { + memset(&sa, 0, sizeof(sa)); + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sa.sa_handler = SIG_DFL; + sudo_sigaction(SIGTSTP, &sa, NULL); + if (kill(getpid(), SIGTSTP) != 0) + warning("kill(%d, SIGTSTP)", (int)getpid()); + /* No need to reinstall SIGTSTP handler. */ + } + debug_return_int(rval); +} + /* * Forward signals in sigfwd_list to child listening on fd. */ @@ -629,7 +649,11 @@ forward_signals(int sock) while (!tq_empty(&sigfwd_list)) { sigfwd = tq_first(&sigfwd_list); - if (sig2str(sigfwd->signo, signame) == -1) + if (sigfwd->signo == SIGCONT_FG) + strlcpy(signame, "CONT_FG", sizeof(signame)); + else if (sigfwd->signo == SIGCONT_BG) + strlcpy(signame, "CONT_BG", sizeof(signame)); + else if (sig2str(sigfwd->signo, signame) == -1) snprintf(signame, sizeof(signame), "%d", sigfwd->signo); sudo_debug_printf(SUDO_DEBUG_INFO, "sending SIG%s to child over backchannel", signame); @@ -668,9 +692,13 @@ schedule_signal(int signo) char signame[SIG2STR_MAX]; debug_decl(schedule_signal, SUDO_DEBUG_EXEC) - if (sig2str(signo, signame) == -1) + if (signo == SIGCONT_FG) + strlcpy(signame, "CONT_FG", sizeof(signame)); + else if (signo == SIGCONT_BG) + strlcpy(signame, "CONT_BG", sizeof(signame)); + else if (sig2str(signo, signame) == -1) snprintf(signame, sizeof(signame), "%d", signo); - sudo_debug_printf(SUDO_DEBUG_DIAG, "forwarding SIG%s to child", signame); + sudo_debug_printf(SUDO_DEBUG_DIAG, "scheduled SIG%s for child", signame); sigfwd = ecalloc(1, sizeof(*sigfwd)); sigfwd->prev = sigfwd; diff --git a/src/exec_common.c b/src/exec_common.c index ff06dab..07113a1 100644 --- a/src/exec_common.c +++ b/src/exec_common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2012 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -40,6 +39,7 @@ # include #endif #include +#include #include #include "sudo.h" @@ -109,7 +109,7 @@ disable_execute(char *const envp[]) preload = fmt_string(RTLD_PRELOAD_VAR, sudo_conf_noexec_path()); # endif if (preload == NULL) - errorx(1, _("unable to allocate memory")); + fatalx(NULL); nenvp[env_len++] = preload; nenvp[env_len] = NULL; } else { diff --git a/src/exec_pty.c b/src/exec_pty.c index f02b873..f8940e5 100644 --- a/src/exec_pty.c +++ b/src/exec_pty.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2011 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #ifdef HAVE_SYS_SYSMACROS_H # include #endif @@ -86,7 +85,7 @@ struct io_buffer { int rfd; /* reader (producer) */ int wfd; /* writer (consumer) */ bool (*action)(const char *buf, unsigned int len); - char buf[16 * 1024]; + char buf[32 * 1024]; }; static char slavename[PATH_MAX]; @@ -99,7 +98,8 @@ static struct io_buffer *iobufs; static void flush_output(void); static int exec_monitor(struct command_details *details, int backchannel); -static void exec_pty(struct command_details *detail, int *errfd); +static void exec_pty(struct command_details *details, + struct command_status *cstat, int *errfd); static void sigwinch(int s); static void sync_ttysize(int src, int dst); static void deliver_signal(pid_t pid, int signo, bool from_parent); @@ -107,10 +107,10 @@ static int safe_close(int fd); static void check_foreground(void); /* - * Cleanup hook for error()/errorx() + * Cleanup hook for fatal()/fatalx() */ -void -cleanup(int gotsignal) +static void +pty_cleanup(void) { debug_decl(cleanup, SUDO_DEBUG_EXEC); @@ -180,7 +180,7 @@ pty_setup(uid_t uid, const char *tty, const char *utmp_user) if (io_fds[SFD_USERTTY] != -1) { if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE], slavename, sizeof(slavename), uid)) - error(1, _("unable to allocate pty")); + fatal(_("unable to allocate pty")); /* Add entry to utmp/utmpx? */ if (utmp_user != NULL) utmp_login(tty, slavename, io_fds[SFD_SLAVE], utmp_user); @@ -337,15 +337,15 @@ suspend_parent(int signo) { char signame[SIG2STR_MAX]; sigaction_t sa, osa; - int n, oldmode = ttymode, rval = 0; + int n, rval = 0; debug_decl(suspend_parent, SUDO_DEBUG_EXEC); switch (signo) { case SIGTTOU: case SIGTTIN: /* - * If we are the foreground process, just resume the command. - * Otherwise, re-send the signal with the handler disabled. + * If sudo is already the foreground process, just resume the command + * in the foreground. If not, we'll suspend sudo and resume later. */ if (!foreground) check_foreground(); @@ -359,7 +359,6 @@ suspend_parent(int signo) rval = SIGCONT_FG; /* resume command in foreground */ break; } - ttymode = TERM_RAW; /* FALLTHROUGH */ case SIGSTOP: case SIGTSTP: @@ -367,7 +366,7 @@ suspend_parent(int signo) flush_output(); /* Restore original tty mode before suspending. */ - if (oldmode != TERM_COOKED) { + if (ttymode != TERM_COOKED) { do { n = term_restore(io_fds[SFD_USERTTY], 0); } while (!n && errno == EINTR); @@ -377,11 +376,13 @@ suspend_parent(int signo) snprintf(signame, sizeof(signame), "%d", signo); /* Suspend self and continue command when we resume. */ - zero_bytes(&sa, sizeof(sa)); - sigemptyset(&sa.sa_mask); - sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */ - sa.sa_handler = SIG_DFL; - sigaction(signo, &sa, &osa); + if (signo != SIGSTOP) { + memset(&sa, 0, sizeof(sa)); + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sa.sa_handler = SIG_DFL; + sudo_sigaction(signo, &sa, &osa); + } sudo_debug_printf(SUDO_DEBUG_INFO, "kill parent SIG%s", signame); if (killpg(ppgrp, signo) != 0) warning("killpg(%d, SIG%s)", (int)ppgrp, signame); @@ -390,25 +391,30 @@ suspend_parent(int signo) check_foreground(); /* - * Only modify term if we are foreground process and either - * the old tty mode was not cooked or command got SIGTT{IN,OU} + * We always resume the command in the foreground if sudo itself + * is the foreground process. This helps work around poorly behaved + * programs that catch SIGTTOU/SIGTTIN but suspend themselves with + * SIGSTOP. At worst, sudo will go into the background but upon + * resume the command will be runnable. Otherwise, we can get into + * a situation where the command will immediately suspend itself. */ sudo_debug_printf(SUDO_DEBUG_INFO, "parent is in %s, ttymode %d -> %d", - foreground ? "foreground" : "background", oldmode, ttymode); + foreground ? "foreground" : "background", ttymode, + foreground ? TERM_RAW : TERM_COOKED); - if (ttymode != TERM_COOKED) { - if (foreground) { - /* Set raw mode. */ - do { - n = term_raw(io_fds[SFD_USERTTY], 0); - } while (!n && errno == EINTR); - } else { - /* Background process, no access to tty. */ - ttymode = TERM_COOKED; - } + if (foreground) { + /* Foreground process, set tty to raw mode. */ + do { + n = term_raw(io_fds[SFD_USERTTY], 0); + } while (!n && errno == EINTR); + ttymode = TERM_RAW; + } else { + /* Background process, no access to tty. */ + ttymode = TERM_COOKED; } - sigaction(signo, &osa, NULL); + if (signo != SIGSTOP) + sudo_sigaction(signo, &osa, NULL); rval = ttymode == TERM_RAW ? SIGCONT_FG : SIGCONT_BG; break; } @@ -561,16 +567,16 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) sigset_t mask; pid_t child; debug_decl(fork_pty, SUDO_DEBUG_EXEC); - + ppgrp = getpgrp(); /* parent's pgrp, so child can signal us */ - - zero_bytes(&sa, sizeof(sa)); + + memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); - + if (io_fds[SFD_USERTTY] != -1) { sa.sa_flags = SA_RESTART; sa.sa_handler = sigwinch; - sigaction(SIGWINCH, &sa, NULL); + sudo_sigaction(SIGWINCH, &sa, NULL); } /* So we can block tty-generated signals */ @@ -614,7 +620,7 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) sudo_debug_printf(SUDO_DEBUG_INFO, "stdin not a tty, creating a pipe"); pipeline = true; if (pipe(io_pipe[STDIN_FILENO]) != 0) - error(1, _("unable to create pipe")); + fatal(_("unable to create pipe")); iobufs = io_buf_new(STDIN_FILENO, io_pipe[STDIN_FILENO][1], log_stdin, iobufs); io_fds[SFD_STDIN] = io_pipe[STDIN_FILENO][0]; @@ -623,7 +629,7 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) sudo_debug_printf(SUDO_DEBUG_INFO, "stdout not a tty, creating a pipe"); pipeline = true; if (pipe(io_pipe[STDOUT_FILENO]) != 0) - error(1, _("unable to create pipe")); + fatal(_("unable to create pipe")); iobufs = io_buf_new(io_pipe[STDOUT_FILENO][0], STDOUT_FILENO, log_stdout, iobufs); io_fds[SFD_STDOUT] = io_pipe[STDOUT_FILENO][1]; @@ -631,13 +637,19 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) if (io_fds[SFD_STDERR] == -1 || !isatty(STDERR_FILENO)) { sudo_debug_printf(SUDO_DEBUG_INFO, "stderr not a tty, creating a pipe"); if (pipe(io_pipe[STDERR_FILENO]) != 0) - error(1, _("unable to create pipe")); + fatal(_("unable to create pipe")); iobufs = io_buf_new(io_pipe[STDERR_FILENO][0], STDERR_FILENO, log_stderr, iobufs); io_fds[SFD_STDERR] = io_pipe[STDERR_FILENO][1]; } + /* We don't want to receive SIGTTIN/SIGTTOU, getting EIO is preferable. */ + sa.sa_handler = SIG_IGN; + sudo_sigaction(SIGTTIN, &sa, NULL); + sudo_sigaction(SIGTTOU, &sa, NULL); + /* Job control signals to relay from parent to child. */ + sigfillset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */ #ifdef SA_SIGINFO sa.sa_flags |= SA_SIGINFO; @@ -645,12 +657,7 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) #else sa.sa_handler = handler; #endif - sigaction(SIGTSTP, &sa, NULL); - - /* We don't want to receive SIGTTIN/SIGTTOU, getting EIO is preferable. */ - sa.sa_handler = SIG_IGN; - sigaction(SIGTTIN, &sa, NULL); - sigaction(SIGTTOU, &sa, NULL); + sudo_sigaction(SIGTSTP, &sa, NULL); if (foreground) { /* Copy terminal attrs from user tty -> pty slave. */ @@ -659,14 +666,14 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]); } - /* Start out in raw mode if we are not part of a pipeline. */ - if (!pipeline) { + /* Start out in raw mode unless part of a pipeline or backgrounded. */ + if (!pipeline && !ISSET(details->flags, CD_EXEC_BG)) { ttymode = TERM_RAW; do { n = term_raw(io_fds[SFD_USERTTY], 0); } while (!n && errno == EINTR); if (!n) - error(1, _("unable to set terminal to raw mode")); + fatal(_("unable to set terminal to raw mode")); } } @@ -675,7 +682,7 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) * or certain pam modules won't be able to track their state. */ if (policy_init_session(details) != true) - errorx(1, _("policy plugin failed session initialization")); + fatalx(_("policy plugin failed session initialization")); /* * Block some signals until cmnd_pid is set in the parent to avoid a @@ -691,7 +698,7 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) child = sudo_debug_fork(); switch (child) { case -1: - error(1, _("unable to fork")); + fatal(_("unable to fork")); break; case 0: /* child */ @@ -700,16 +707,14 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) close(signal_pipe[1]); fcntl(sv[1], F_SETFD, FD_CLOEXEC); sigprocmask(SIG_SETMASK, omask, NULL); - if (exec_setup(details, slavename, io_fds[SFD_SLAVE]) == true) { - /* Close the other end of the stdin/stdout/stderr pipes and exec. */ - if (io_pipe[STDIN_FILENO][1]) - close(io_pipe[STDIN_FILENO][1]); - if (io_pipe[STDOUT_FILENO][0]) - close(io_pipe[STDOUT_FILENO][0]); - if (io_pipe[STDERR_FILENO][0]) - close(io_pipe[STDERR_FILENO][0]); - exec_monitor(details, sv[1]); - } + /* Close the other end of the stdin/stdout/stderr pipes and exec. */ + if (io_pipe[STDIN_FILENO][1]) + close(io_pipe[STDIN_FILENO][1]); + if (io_pipe[STDOUT_FILENO][0]) + close(io_pipe[STDOUT_FILENO][0]); + if (io_pipe[STDERR_FILENO][0]) + close(io_pipe[STDERR_FILENO][0]); + exec_monitor(details, sv[1]); cstat.type = CMD_ERRNO; cstat.val = errno; ignore_result(send(sv[1], &cstat, sizeof(cstat), 0)); @@ -721,7 +726,7 @@ fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask) close(io_pipe[STDIN_FILENO][0]); if (io_pipe[STDOUT_FILENO][1]) close(io_pipe[STDOUT_FILENO][1]); - if (io_pipe[STDERR_FILENO][1]) + if (io_pipe[STDERR_FILENO][1]) close(io_pipe[STDERR_FILENO][1]); for (iob = iobufs; iob; iob = iob->next) { @@ -830,7 +835,11 @@ deliver_signal(pid_t pid, int signo, bool from_parent) int status; debug_decl(deliver_signal, SUDO_DEBUG_EXEC); - if (sig2str(signo, signame) == -1) + if (signo == SIGCONT_FG) + strlcpy(signame, "CONT_FG", sizeof(signame)); + else if (signo == SIGCONT_BG) + strlcpy(signame, "CONT_BG", sizeof(signame)); + else if (sig2str(signo, signame) == -1) snprintf(signame, sizeof(signame), "%d", signo); /* Handle signal from parent. */ @@ -974,20 +983,23 @@ exec_monitor(struct command_details *details, int backchannel) * the select() loop. */ if (pipe_nonblock(signal_pipe) != 0) - error(1, _("unable to create pipe")); + fatal(_("unable to create pipe")); /* Reset SIGWINCH and SIGALRM. */ - zero_bytes(&sa, sizeof(sa)); + memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_DFL; - sigaction(SIGWINCH, &sa, NULL); - sigaction(SIGALRM, &sa, NULL); + sudo_sigaction(SIGWINCH, &sa, NULL); + sudo_sigaction(SIGALRM, &sa, NULL); /* Ignore any SIGTTIN or SIGTTOU we get. */ sa.sa_handler = SIG_IGN; - sigaction(SIGTTIN, &sa, NULL); - sigaction(SIGTTOU, &sa, NULL); + sudo_sigaction(SIGTTIN, &sa, NULL); + sudo_sigaction(SIGTTOU, &sa, NULL); + + /* Block all signals in mon_handler(). */ + sigfillset(&sa.sa_mask); /* Note: HP-UX select() will not be interrupted if SA_RESTART set */ sa.sa_flags = SA_INTERRUPT; @@ -997,7 +1009,7 @@ exec_monitor(struct command_details *details, int backchannel) #else sa.sa_handler = mon_handler; #endif - sigaction(SIGCHLD, &sa, NULL); + sudo_sigaction(SIGCHLD, &sa, NULL); /* Catch common signals so we can cleanup properly. */ sa.sa_flags = SA_RESTART; @@ -1007,13 +1019,13 @@ exec_monitor(struct command_details *details, int backchannel) #else sa.sa_handler = mon_handler; #endif - sigaction(SIGHUP, &sa, NULL); - sigaction(SIGINT, &sa, NULL); - sigaction(SIGQUIT, &sa, NULL); - sigaction(SIGTERM, &sa, NULL); - sigaction(SIGTSTP, &sa, NULL); - sigaction(SIGUSR1, &sa, NULL); - sigaction(SIGUSR2, &sa, NULL); + sudo_sigaction(SIGHUP, &sa, NULL); + sudo_sigaction(SIGINT, &sa, NULL); + sudo_sigaction(SIGQUIT, &sa, NULL); + sudo_sigaction(SIGTERM, &sa, NULL); + sudo_sigaction(SIGTSTP, &sa, NULL); + sudo_sigaction(SIGUSR1, &sa, NULL); + sudo_sigaction(SIGUSR2, &sa, NULL); /* * Start a new session with the parent as the session leader @@ -1027,7 +1039,7 @@ exec_monitor(struct command_details *details, int backchannel) if (io_fds[SFD_SLAVE] != -1) { #ifdef TIOCSCTTY if (ioctl(io_fds[SFD_SLAVE], TIOCSCTTY, NULL) != 0) - error(1, _("unable to set controlling tty")); + fatal(_("unable to set controlling tty")); #else /* Set controlling tty by reopening slave. */ if ((n = open(slavename, O_RDWR)) >= 0) @@ -1048,7 +1060,7 @@ exec_monitor(struct command_details *details, int backchannel) /* Start command and wait for it to stop or exit */ if (pipe(errpipe) == -1) - error(1, _("unable to create pipe")); + fatal(_("unable to create pipe")); cmnd_pid = sudo_debug_fork(); if (cmnd_pid == -1) { warning(_("unable to fork")); @@ -1064,9 +1076,7 @@ exec_monitor(struct command_details *details, int backchannel) restore_signals(); /* setup tty and exec command */ - exec_pty(details, &errpipe[1]); - cstat.type = CMD_ERRNO; - cstat.val = errno; + exec_pty(details, &cstat, &errpipe[1]); ignore_result(write(errpipe[1], &cstat, sizeof(cstat))); _exit(1); } @@ -1085,13 +1095,12 @@ exec_monitor(struct command_details *details, int backchannel) if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE]) close(io_fds[SFD_STDERR]); - /* - * Put command in its own process group. If we are starting the command - * in the foreground, assign its pgrp to the tty. - */ + /* Put command in its own process group. */ cmnd_pgrp = cmnd_pid; setpgid(cmnd_pid, cmnd_pgrp); - if (foreground) { + + /* Make the command the foreground process for the pty slave. */ + if (foreground && !ISSET(details->flags, CD_EXEC_BG)) { do { n = tcsetpgrp(io_fds[SFD_SLAVE], cmnd_pgrp); } while (n == -1 && errno == EINTR); @@ -1271,11 +1280,15 @@ flush_output(void) * Returns only if execve() fails. */ static void -exec_pty(struct command_details *details, int *errfd) +exec_pty(struct command_details *details, + struct command_status *cstat, int *errfd) { pid_t self = getpid(); debug_decl(exec_pty, SUDO_DEBUG_EXEC); + /* Register cleanup function */ + fatal_callback_register(pty_cleanup); + /* Set command process group here too to avoid a race. */ setpgid(0, self); @@ -1283,10 +1296,10 @@ exec_pty(struct command_details *details, int *errfd) if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1 || dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1 || dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1) - error(1, "dup2"); + fatal("dup2"); /* Wait for parent to grant us the tty if we are foreground. */ - if (foreground) { + if (foreground && !ISSET(details->flags, CD_EXEC_BG)) { while (tcgetpgrp(io_fds[SFD_SLAVE]) != self) ; /* spin */ } @@ -1301,30 +1314,9 @@ exec_pty(struct command_details *details, int *errfd) if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE]) close(io_fds[SFD_STDERR]); - sudo_debug_execve(SUDO_DEBUG_INFO, details->command, - details->argv, details->envp); - - if (details->closefrom >= 0) { - int maxfd = details->closefrom; - dup2(*errfd, maxfd); - (void)fcntl(maxfd, F_SETFD, FD_CLOEXEC); - *errfd = maxfd++; - if (sudo_debug_fd_set(maxfd) != -1) - maxfd++; - closefrom(maxfd); - } -#ifdef HAVE_SELINUX - if (ISSET(details->flags, CD_RBAC_ENABLED)) { - selinux_execve(details->command, details->argv, details->envp, - ISSET(details->flags, CD_NOEXEC)); - } else -#endif - { - sudo_execve(details->command, details->argv, details->envp, - ISSET(details->flags, CD_NOEXEC)); - } - sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s", - details->command, strerror(errno)); + /* Execute command; only returns on error. */ + exec_cmnd(details, cstat, errfd); + debug_return; } diff --git a/src/get_pty.c b/src/get_pty.c index 21449cb..872edce 100644 --- a/src/get_pty.c +++ b/src/get_pty.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2011 Todd C. Miller + * Copyright (c) 2009-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include #ifdef HAVE_SYS_STROPTS_H diff --git a/src/hooks.c b/src/hooks.c index 7c49bb9..1c5f4f4 100644 --- a/src/hooks.c +++ b/src/hooks.c @@ -77,7 +77,7 @@ process_hooks_setenv(const char *name, const char *value, int overwrite) case SUDO_HOOK_RET_STOP: goto done; default: - warningx2("invalid setenv hook return value: %d", rc); + warningx_nodebug("invalid setenv hook return value: %d", rc); break; } } @@ -102,7 +102,7 @@ process_hooks_putenv(char *string) case SUDO_HOOK_RET_STOP: goto done; default: - warningx2("invalid putenv hook return value: %d", rc); + warningx_nodebug("invalid putenv hook return value: %d", rc); break; } } @@ -128,7 +128,7 @@ process_hooks_getenv(const char *name, char **value) case SUDO_HOOK_RET_STOP: goto done; default: - warningx2("invalid getenv hook return value: %d", rc); + warningx_nodebug("invalid getenv hook return value: %d", rc); break; } } @@ -155,7 +155,7 @@ process_hooks_unsetenv(const char *name) case SUDO_HOOK_RET_STOP: goto done; default: - warningx2("invalid unsetenv hook return value: %d", rc); + warningx_nodebug("invalid unsetenv hook return value: %d", rc); break; } } diff --git a/src/load_plugins.c b/src/load_plugins.c index 893bd2f..1817d0e 100644 --- a/src/load_plugins.c +++ b/src/load_plugins.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2011 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include #ifdef STDC_HEADERS @@ -54,89 +53,203 @@ # define RTLD_GLOBAL 0 #endif -/* - * Load the plugin specified by "info". - */ -static bool -sudo_load_plugin(struct plugin_container *policy_plugin, - struct plugin_container_list *io_plugins, struct plugin_info *info) +#ifndef SUDOERS_PLUGIN +# define SUDOERS_PLUGIN "sudoers.la" +#endif + +#ifdef _PATH_SUDO_PLUGIN_DIR +static int +sudo_stat_plugin(struct plugin_info *info, char *fullpath, + size_t pathsize, struct stat *sb) { - struct plugin_container *container; - struct generic_plugin *plugin; - struct stat sb; - void *handle; - char path[PATH_MAX]; - bool rval = false; - debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN) + int status = -1; + debug_decl(sudo_stat_plugin, SUDO_DEBUG_PLUGIN) if (info->path[0] == '/') { - if (strlcpy(path, info->path, sizeof(path)) >= sizeof(path)) { + if (strlcpy(fullpath, info->path, pathsize) >= pathsize) { + warningx(_("error in %s, line %d while loading plugin `%s'"), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(_("%s: %s"), info->path, strerror(ENAMETOOLONG)); goto done; } + status = stat(fullpath, sb); } else { - if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR, - info->path) >= sizeof(path)) { + if (snprintf(fullpath, pathsize, "%s%s", _PATH_SUDO_PLUGIN_DIR, + info->path) >= pathsize) { + warningx(_("error in %s, line %d while loading plugin `%s'"), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path, strerror(ENAMETOOLONG)); goto done; } + /* Try parent dir for compatibility with old plugindir default. */ + if ((status = stat(fullpath, sb)) != 0) { + char *cp = strrchr(fullpath, '/'); + if (cp > fullpath + 4 && cp[-5] == '/' && cp[-4] == 's' && + cp[-3] == 'u' && cp[-2] == 'd' && cp[-1] == 'o') { + int serrno = errno; + strlcpy(cp - 4, info->path, pathsize - (cp - 4 - fullpath)); + if ((status = stat(fullpath, sb)) != 0) + errno = serrno; + } + } +# ifdef __hpux + /* Try .sl instead of .so on HP-UX for backwards compatibility. */ + if (status != 0) { + size_t len = strlen(info->path); + if (len >= 3 && info->path[len - 3] == '.' && + info->path[len - 2] == 's' && info->path[len - 1] == 'o') { + const char *sopath = info->path; + char *slpath = estrdup(info->path); + int serrno = errno; + + slpath[len - 1] = 'l'; + info->path = slpath; + status = sudo_stat_plugin(info, fullpath, pathsize, sb); + if (status == 0) { + efree((void *)sopath); + } else { + efree(slpath); + info->path = sopath; + errno = serrno; + } + } + } +# endif /* __hpux */ } - if (stat(path, &sb) != 0) { - warning("%s", path); +done: + debug_return_int(status); +} + +static bool +sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize) +{ + struct stat sb; + int rval = false; + debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN) + + if (sudo_stat_plugin(info, fullpath, pathsize, &sb) != 0) { + warningx(_("error in %s, line %d while loading plugin `%s'"), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); + warning("%s%s", _PATH_SUDO_PLUGIN_DIR, info->path); goto done; } if (sb.st_uid != ROOT_UID) { - warningx(_("%s must be owned by uid %d"), path, ROOT_UID); + warningx(_("error in %s, line %d while loading plugin `%s'"), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); + warningx(_("%s must be owned by uid %d"), fullpath, ROOT_UID); goto done; } if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { - warningx(_("%s must be only be writable by owner"), path); + warningx(_("error in %s, line %d while loading plugin `%s'"), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); + warningx(_("%s must be only be writable by owner"), fullpath); goto done; } + rval = true; + +done: + debug_return_bool(rval); +} +#else +static bool +sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize) +{ + debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN) + (void)strlcpy(fullpath, info->path, pathsize); + debug_return_bool(true); +} +#endif /* _PATH_SUDO_PLUGIN_DIR */ + +/* + * Load the plugin specified by "info". + */ +static bool +sudo_load_plugin(struct plugin_container *policy_plugin, + struct plugin_container_list *io_plugins, struct plugin_info *info) +{ + struct plugin_container *container; + struct generic_plugin *plugin; + char path[PATH_MAX]; + bool rval = false; + void *handle; + debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN) + + /* Sanity check plugin and fill in path */ + if (!sudo_check_plugin(info, path, sizeof(path))) + goto done; /* Open plugin and map in symbol */ handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL); if (!handle) { + warningx(_("error in %s, line %d while loading plugin `%s'"), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); warningx(_("unable to dlopen %s: %s"), path, dlerror()); goto done; } plugin = dlsym(handle, info->symbol_name); if (!plugin) { - warningx(_("%s: unable to find symbol %s"), path, - info->symbol_name); + warningx(_("error in %s, line %d while loading plugin `%s'"), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); + warningx(_("unable to find symbol `%s' in %s"), info->symbol_name, path); goto done; } if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) { - warningx(_("%s: unknown policy type %d"), path, plugin->type); + warningx(_("error in %s, line %d while loading plugin `%s'"), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); + warningx(_("unknown policy type %d found in %s"), plugin->type, path); goto done; } if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) { - warningx(_("%s: incompatible policy major version %d, expected %d"), - path, SUDO_API_VERSION_GET_MAJOR(plugin->version), - SUDO_API_VERSION_MAJOR); + warningx(_("error in %s, line %d while loading plugin `%s'"), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); + warningx(_("incompatible plugin major version %d (expected %d) found in %s"), + SUDO_API_VERSION_GET_MAJOR(plugin->version), + SUDO_API_VERSION_MAJOR, path); goto done; } if (plugin->type == SUDO_POLICY_PLUGIN) { if (policy_plugin->handle) { - warningx(_("%s: only a single policy plugin may be loaded"), - _PATH_SUDO_CONF); - goto done; + /* Ignore duplicate entries. */ + if (strcmp(policy_plugin->name, info->symbol_name) != 0) { + warningx(_("ignoring policy plugin `%s' in %s, line %d"), + info->symbol_name, _PATH_SUDO_CONF, info->lineno); + warningx(_("only a single policy plugin may be specified")); + goto done; + } + warningx(_("ignoring duplicate policy plugin `%s' in %s, line %d"), + info->symbol_name, _PATH_SUDO_CONF, info->lineno); + dlclose(handle); + handle = NULL; + } + if (handle != NULL) { + policy_plugin->handle = handle; + policy_plugin->name = info->symbol_name; + policy_plugin->options = info->options; + policy_plugin->u.generic = plugin; } - policy_plugin->handle = handle; - policy_plugin->name = info->symbol_name; - policy_plugin->options = info->options; - policy_plugin->u.generic = plugin; } else if (plugin->type == SUDO_IO_PLUGIN) { - container = ecalloc(1, sizeof(*container)); - container->prev = container; - /* container->next = NULL; */ - container->handle = handle; - container->name = info->symbol_name; - container->options = info->options; - container->u.generic = plugin; - tq_append(io_plugins, container); + /* Check for duplicate entries. */ + tq_foreach_fwd(io_plugins, container) { + if (strcmp(container->name, info->symbol_name) == 0) { + warningx(_("ignoring duplicate I/O plugin `%s' in %s, line %d"), + info->symbol_name, _PATH_SUDO_CONF, info->lineno); + dlclose(handle); + handle = NULL; + break; + } + } + if (handle != NULL) { + container = ecalloc(1, sizeof(*container)); + container->prev = container; + /* container->next = NULL; */ + container->handle = handle; + container->name = info->symbol_name; + container->options = info->options; + container->u.generic = plugin; + tq_append(io_plugins, container); + } } rval = true; diff --git a/src/locale_stub.c b/src/locale_stub.c new file mode 100644 index 0000000..11edfda --- /dev/null +++ b/src/locale_stub.c @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2012 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include +#include + +#include "missing.h" +#include "error.h" + +/* No need to swap locales in the front end. */ +void +warning_set_locale(void) +{ + return; +} + +void +warning_restore_locale(void) +{ + return; +} diff --git a/src/net_ifs.c b/src/net_ifs.c index fa8b676..a5c0fee 100644 --- a/src/net_ifs.c +++ b/src/net_ifs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2010 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -32,7 +32,6 @@ struct rtentry; #include #include -#include #include #include #if defined(HAVE_SYS_SOCKIO_H) && !defined(SIOCGIFCONF) @@ -224,7 +223,7 @@ get_net_ifs(char **addrinfo) sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) - error(1, _("unable to open socket")); + fatal(_("unable to open socket")); /* * Get interface configuration or return. diff --git a/src/openbsd.c b/src/openbsd.c new file mode 100644 index 0000000..41fc7c8 --- /dev/null +++ b/src/openbsd.c @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2012 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ + +#include "sudo.h" + +int +os_init(int argc, char *argv[], char *envp[]) +{ +#ifdef SUDO_DEVEL + extern char *malloc_options; + malloc_options = "AFGJPR"; +#endif + return os_init_common(argc, argv, envp); +} diff --git a/src/parse_args.c b/src/parse_args.c index 532b41b..00aeda7 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996, 1998-2012 Todd C. Miller + * Copyright (c) 1993-1996, 1998-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #ifdef STDC_HEADERS @@ -45,7 +44,7 @@ #include #include -#include +#include "sudo_usage.h" #include "sudo.h" #include "lbuf.h" @@ -108,7 +107,11 @@ static struct sudo_settings { { "closefrom" }, #define ARG_NET_ADDRS 19 { "network_addrs" }, -#define NUM_SETTINGS 20 +#define ARG_MAX_GROUPS 20 + { "max_groups" }, +#define ARG_PLUGIN_DIR 21 + { "plugin_dir" }, +#define NUM_SETTINGS 22 { NULL } }; @@ -151,6 +154,13 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, if (debug_flags != NULL) sudo_settings[ARG_DEBUG_FLAGS].value = debug_flags; + /* Set max_groups from sudo.conf. */ + i = sudo_conf_max_groups(); + if (i != -1) { + easprintf(&cp, "%d", i); + sudo_settings[ARG_MAX_GROUPS].value = cp; + } + /* Returns true if the last option string was "--" */ #define got_end_of_args (optind > 1 && argv[optind - 1][0] == '-' && \ argv[optind - 1][1] == '-' && argv[optind - 1][2] == '\0') @@ -273,7 +283,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, break; case 'U': if ((getpwnam(optarg)) == NULL) - errorx(1, _("unknown user: %s"), optarg); + fatalx(_("unknown user: %s"), optarg); list_user = optarg; break; case 'u': @@ -419,6 +429,9 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, /* * Format setting_pairs into settings array. */ +#ifdef _PATH_SUDO_PLUGIN_DIR + sudo_settings[ARG_PLUGIN_DIR].value = _PATH_SUDO_PLUGIN_DIR; +#endif settings = emalloc2(NUM_SETTINGS + 1, sizeof(char *)); for (i = 0, j = 0; i < NUM_SETTINGS; i++) { if (sudo_settings[i].value) { @@ -427,7 +440,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, settings[j] = fmt_string(sudo_settings[i].name, sudo_settings[i].value); if (settings[j] == NULL) - errorx(1, _("unable to allocate memory")); + fatalx(NULL); j++; } } @@ -440,7 +453,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, argv--; argv[0] = "sudoedit"; #else - errorx(1, _("sudoedit is not supported on this platform")); + fatalx(_("sudoedit is not supported on this platform")); #endif } diff --git a/src/po/da.mo b/src/po/da.mo index 33bfc651d3d70df248d41ad062c2726201c6cf59..87f988cb53cd3da907807bc77c066a172bcc9e0b 100644 GIT binary patch delta 4723 zcma*qe{dA#9mnzK0wEy~0tqA`fG&h2g!~R6Ktv>f1*8z5rD72w$!(HNE_dz)YP^TNy>B)(-u{DRt<8bZW6PPD|gPyG3!) z#*D^^n2WVI78@`h9ryd)n92E3oQ$two-q;gI~uiI_!|z#(hOr#aTX52d6*)Wnmys0kI}Ok9HF7~gECQNx8kybC|X0{k4c(ma;A z3FqSsJdNe}1zK3hvT|@C>iKmz0XJh29ztd0oa-gmzhge*o6Ia@s<0L{kv5!)hj9+R zi{mhbJZlB{t_xAA>~P(Kn)qw3A7dfso-y%Mn<;oV=kswAHe*Dof0D+0{5e*jhy0dc z6_(;!*IlR#{1j{OGn|H#S-zfIjni=_>iM_a^DC$YS`>%|UWwY0?p*S(lOKdlKeN~U{s^k$U*inCj=FCO6{bus$75+NJB~yvol4WS&W>mjN zP!s$a>iNj~G$?d)4K?GN$Xv{5Dn%Vtq4u%?E!>3a;1DVkCs1$6Mb!N_kuJ;xD>2d8 zs0B2kp4)+%$YJDq#GIm`m3@rr=qhR@+4QcxD@9#@5ZP9<1+_&7P#wRDn(zhGLjHm( z+9bZzo>!pyX+mXqH)?_>uvqW^2Q+4L;UB1!)v=L!u-)}A)^dIx`7F7iCe-s(ZoIwk(xaY%4$iJ$58lx*UHfrVD zP+QT5n$UT?57XILZN*YtirY~uejhdAKf8`(AIQF$?z#p^qS@;DGSa1auZ;X_Wna2C z=J3O=j_$>Ku?d%AALRwM}A9TGOm7x`=f&Hij97Cn}Z5)B0B9EFcQ2iG3JFTDU z20oaB*@pT)a)Ji;n9Hacjb&L{*>XPa!5yfHyn}jwe~)^7K1Y&fvX}*BVd_zDN4x7Y zsOtX-s)&Du+N!|}l7$m+l-~a;8oF^ls)M!e4O>yE+=tq$k5B_A)7xB}j9P(>bY%7; z**CACw(uj&!GGcy%$}Kez7#d_B{)&Gz#{iN zgv!V+)QV4{p1xeh$;5_u zEAgLQO6^WUDNH5y6FU3};x+Oh?fcwwpX*#)PaGopk2JTTMQtV;wEsGkmS>2)IvH@J z(_ZPGFT-_iyA?a#b`S0*2D|4EyB>;{|azZ~Q zO07+3?{%~g&&6Abk0tO`_dI35^`P5+alkcpEPj05wHenEkzIT|KrAFwtxpmC$D=gH z6T^vZ#5V~Y-zSO))l3u7f2d|Uhb0g1M&d`} zTeS0uE`qly{=+m1XApYTbkrs=8(qJP&k~Oj1@5&qnCZ6l3Vz#df6sLy)~T&o^%1>< zju3H>Xe0Q=jQ=0b6L=SqMd&C_V8X8bsFwD{rl&ve$tVb=nSxNAm58)xMaKAHp|(IU zY;6cSVLNs@|3w_07k?pDWdtuF`_#i}ziJ&{&_ zAgC|A-CaJXxiM^8iz^xi-ez(8fc}hg=M!B49_{_V9=iS3=1|cc1NfT*on4J#r-^yH z^X+VG4+O0qI~Z~TOvh_Yu{U`;6N4SsJ(@S) zGsq2A7>fX^K$c5K|0!8vYH!o6Mb9qV6B^a*QPi9gic)y4j@()bjuP@p^5%uwv$ z?Guezc}at2G*v~)pb^NWmWvX zs%fzW`MZ$eiVDUxW&_;BC`1>QFk4UVU=CkZO^z*Sho(BsK8qv zj=oryJ@J3uuDc5U+g<(+x9V(P*oyX*kG`iZ&|`ZC)?7;<*ke;(Uagv{)4Id)*-=WW zI;+KQ_r*(YVaYF|@03iK{-0v&ZteAXomQJ_>j<%zY%9x8(@#d2znCPyz8ju`syRYZ@^s;Y51I&3SxouTmAQ{gbnOU$&x@v-Xu$8XvG K*ri#;N&f<*?%)*w delta 4089 zcmaLYeQ;FO8OQOnA;Ay{m_R~8Xt@dDC22wuk}LtK1p~FB&`?Ayh_Fd+k|p~R_9Z~0 zT?=ArB=WKad2OpswNz)MtnFxLKuRptQKsYQjALbLY0Id!1D*cSb_z50``bNXnEuf_ zdG6=jvv<#Z&U4P)yz$83w!|L_vkw@K* zi?M#9F|~LX@@L|lG=W{nz~))Z!qcex&*I(q0p5n?oF?#mGmnO5wgi=N2e#lKmf=}! z!i)H2EMVF*u^v^4`*8phI3KT}gN;mg3f_nMUI4#@PvUGmfu%g(ysHL&Zq1pLNn|=! z(BEpWyHKSYvez$L-?RPyvQA??l;9FnCAx7s?m&(AEUMza!9**K>on?cagi}!!9J|P zW2hOug-z(8j*aL=-M<-i{}F7)^VopbQ4gBS^i|nas0u_;Gv9Cfe>H{rtHc-S&|3c6 z-Z+b$q#KtZ`^N-PpAVo0K7sS`9n^i0Va2~G3DjY&3_6pvCe??WKiW5z~FJ!)p{$o?_AP;2-!a<4g!O5j85Rn%t6;iRRQfex-l4ID!ywg>h77m)pH zMo@{qj|^cFpV8pYjAenemX+vW8)|?ps0uuR+U+l*?tdToGymYEL<`tqn!tS2_tv2j ziP-*O)WlAr#yN*fC}BRQp|$fknGb4EYqJKmG+|VxkE3Sr9BPeUL4EHNR7nfTQVA_U zt^EVI2zQ_=^g8N$SFIIf>(%?ehKAO1H}-hQ5cP{!%DbjaD^Z(o1!@TfPzmls&G1E3 zMb0CC<}aL7fpL^Yr7lPHdr=cvkMnUGj_3L2B#m4=jbrgVD)S4d8}pc+Hq)K>Ra}q! zRG7o48NY-|=xxlx%jn>zxD?0nil}lcQE$^mr06Dy39b1s4L$HRRHpw#m8y*CYxAr` zieffnJr3hOJcA3cje0lZ5NhDF$Png_=wL4Er0XiwW?zM>*v@L|uaZ1Nht}u}YJe-~ z-~_TO$2wGEtE~M^ z>-a;|FXLrYWvb?8X4-{|x&ASF@e-1&DIt43uoYD)KWcC6w*4>I{tKuH{~h(b`~>w> z#;vFlZNv#Uh)V1rYT!3fKfPCwKU2Yn`g}DfE!8emLa(A`b`@{ONi!7)40`)e`;c4<-)aL3#ZN?$gW;}3sDv-0_QoWptr<3>?r%fg*Mk~& z5S8#@)VQatA7HKC|LZg~^J=E2fmWk7QwS-BIe^-fZ=xRfDQeC0S~5%0jQXA*_29=) zOZglYi_l}+)&%qClono$t7 zC-&nVID)!Aiw(dt%>pE66S3DnLoMx}G2x-nLFm{|e2v&a>?C>#9gB$rM4ad+`Uo8d z3B4Udgi9MlA1sNEYj!9No%X4jkuHeK9NU^9=mC% zyqftpZRb>6VcT7}hX@egwS9%iE1#~W?MlB@TkP{qXtWo%6Dn60LB-R*2R_Uubf~mC z_7UC0HlmEs-njXAl#AoUX4|P>yt`~W$J(IzKTT)@>ex#hCC2N*9{h@?kNY`)&$jb% zI`JK17omM|5Ags|N<2v1MjRq^Wa?}TTf>CYJ(<0d?q5R3Dq@(>&fGv~gA5Rz1aGMM zHZhqvO#FZtJ@jMsxV_klCB#$qT0BYUt!UK+M~tW=HWESQ<5NnBBQoqPQoJ1ZhFvo$fx0AVW-O<>U5&pgYDsfGc%h0F!}TH z;xT5SliE4);jGl$!f_s7DCR~&zJTLKBH;*6>+l5v;f^^~PM9RR0^zO3|G&2c)3?m~ zzxPDk^i7R(s*?|>;|q2B``wr=ajz}08%VE7%-`$uFtyH`OWYNX^t;Tm(^Zkz&z_zg z4`s&oj+_YH_+D`2C-xCMJuvcoH1mvJEkLw4;_nanL*1D=Z}65(w>6LVx}nb4=peD} zeR_!2U~u+Nvr=2CH+hQE1$MgJ&4HU1AbF`~N}hY8*1Ejay{W91YJQu#R=bX}*0p$2 lo`$Pq@_ORTHs}VTZtA0^r#z`)@BW`W`Y-nQB(MMg diff --git a/src/po/da.po b/src/po/da.po index ada248c..05cf41d 100644 --- a/src/po/da.po +++ b/src/po/da.po @@ -1,6 +1,6 @@ # Danish translation of sudo. # This file is put in the public domain. -# Joe Hansen , 2011, 2012. +# Joe Hansen , 2011, 2012, 2013. # # audit -> overvågning # overflow -> overløb @@ -11,10 +11,10 @@ # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6b3\n" +"Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-04-24 13:41-0400\n" -"PO-Revision-Date: 2012-08-06 23:06+0100\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-13 23:06+0100\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: da\n" @@ -22,17 +22,17 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -#: common/aix.c:149 +#: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "kan ikke åbne userdb" -#: common/aix.c:152 +#: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "kan ikke skifte til register »%s« for %s" -#: common/aix.c:169 +#: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "kan ikke gendanne register" @@ -41,86 +41,91 @@ msgstr "kan ikke gendanne register" msgid "internal error, tried to emalloc(0)" msgstr "intern fejl, forsøgte at emalloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:432 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:737 -#, c-format -msgid "unable to allocate memory" -msgstr "kunne ikke allokere hukommelse" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "intern fejl, forsøgte at emalloc2(0)" -#: common/alloc.c:101 -msgid "internal error, emalloc2() overflow" -msgstr "intern fejl, emalloc2()-overløb" +#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 +#, c-format +msgid "internal error, %s overflow" +msgstr "intern fejl, %s-overløb" #: common/alloc.c:120 msgid "internal error, tried to ecalloc(0)" msgstr "intern fejl, forsøgte at ecalloc(0)" -#: common/alloc.c:123 -msgid "internal error, ecalloc() overflow" -msgstr "intern fejl, ecalloc()-overløb" - #: common/alloc.c:142 msgid "internal error, tried to erealloc(0)" msgstr "intern fejl, forsøgte at erealloc(0)" -#: common/alloc.c:161 common/alloc.c:185 +#: common/alloc.c:161 msgid "internal error, tried to erealloc3(0)" msgstr "intern fejl, forsøgte at erealloc3(0)" -#: common/alloc.c:163 common/alloc.c:187 -msgid "internal error, erealloc3() overflow" -msgstr "intern fejl, erealloc3()-overløb" +#: common/alloc.c:185 +msgid "internal error, tried to erecalloc(0)" +msgstr "intern fejl, forsøgte at erecalloc(0)" + +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" -#: common/sudo_conf.c:306 +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "ikke understøttet gruppekilde »%s« i %s, linje %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "ugyldige maks grupper »%s« i %s, linje %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "kan ikke køre stat %s" -#: common/sudo_conf.c:309 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s er ikke en regulær fil" -#: common/sudo_conf.c:312 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s er ejet af uid %u, burde være %u" -#: common/sudo_conf.c:316 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s er skrivbar for alle" -#: common/sudo_conf.c:319 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s er skrivbar for gruppe" -#: common/sudo_conf.c:328 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "kan ikke åbne %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "ukendt signal" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:107 src/exec_pty.c:628 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "udvidelsesmodul for politik mislykkedes i sessionsinitialisering" -#: src/exec.c:112 src/exec_pty.c:633 src/exec_pty.c:967 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "kunne ikke forgrene" @@ -130,180 +135,197 @@ msgstr "kunne ikke forgrene" msgid "unable to create sockets" msgstr "kunne ikke oprette sokler" -#: src/exec.c:266 src/exec_pty.c:572 src/exec_pty.c:581 src/exec_pty.c:589 -#: src/exec_pty.c:902 src/exec_pty.c:964 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "kunne ikke oprette datakanal (pipe)" - -#: src/exec.c:351 src/exec_pty.c:1029 src/exec_pty.c:1167 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "select fejlede" -#: src/exec.c:441 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "kunne ikke gendanne tty-etiket" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "kan ikke fjerne PRIV_PROC_EXEC fra PRIV_LIMIT" -#: src/exec_pty.c:144 +#: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "kunne ikke allokere pty" -#: src/exec_pty.c:619 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "kunne ikke oprette datakanal (pipe)" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "kunne ikke angive terminal til tilstanden rå (raw)" -#: src/exec_pty.c:945 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "kunne ikke angive kontrollerende tty" -#: src/exec_pty.c:1038 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "fejl under læsning fra signaldatakanal" -#: src/exec_pty.c:1059 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "fejl ved læsning fra datakanal" -#: src/exec_pty.c:1075 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "fejl ved læsning fra socketpair" -#: src/exec_pty.c:1079 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "uventet svartype på bagkanal (backchannel): %d" -#: src/load_plugins.c:79 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "fejl i %s, linje %d under indlæsning af udvidelsesmodulet »%s«" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:85 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:95 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s skal være ejet af uid %d" # engelsk fejl be dobbelt? -#: src/load_plugins.c:99 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s må kun være skrivbar for ejeren" -#: src/load_plugins.c:106 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "kunne ikke dlopen %s: %s" -#: src/load_plugins.c:111 +#: src/load_plugins.c:194 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: kunne ikke finde symbol %s" +msgid "unable to find symbol `%s' in %s" +msgstr "kunne ikke finde symbol »%s« i %s" -#: src/load_plugins.c:117 +#: src/load_plugins.c:201 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: ukendt politiktype %d" +msgid "unknown policy type %d found in %s" +msgstr "ukendt politiktype %d fundet i %s" -#: src/load_plugins.c:121 +#: src/load_plugins.c:207 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: inkompatibel politik hovedversion %d, forventede %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "inkompatibelt udvidelsesmodul for hovedversion %d (forventede %d) fundet i %s" -#: src/load_plugins.c:128 +#: src/load_plugins.c:216 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: kun et udvidelsesmodul for én politik må være indlæst" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "ignorerer politikudvidelsesmodul »%s« i %s, linje %d" -#: src/load_plugins.c:148 +#: src/load_plugins.c:218 #, c-format -msgid "%s: at least one policy plugin must be specified" -msgstr "%s: mindst et udvidelsesmodul for politik skal være angivet" +msgid "only a single policy plugin may be specified" +msgstr "kun et udvidelsesmodul for politik må være angivet" -#: src/load_plugins.c:153 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "ignorerer duplikat politikudvidelsesmodul »%s« i %s, linje %d" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "ignorerer duplikat I/O-udvidelsesmodul »%s« i %s, linje %d" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "politikudvidelsesmodulet %s inkluderer ikke en metode for check_policy" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: overløb detekteret" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "kunne ikke åbne sokkel" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argumentet for -C skal være et tal større end eller lig 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "ukendt bruger: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "du kan ikke samtidig angive tilvalgene »-i« og »-s«" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "du kan ikke samtidig angive tilvalgende »-i« og »-E«" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "tilvalget »-E« er ikke gyldigt i redigeringstilstand" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "du må ikke angive miljøvariabler i redigeringstilstand" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "tilvalget »-U« må kun bruges med tilvalget »-l«" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "tilvalgene »-A« og »-S« må ikke bruges sammen" -#: src/parse_args.c:445 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit er ikke understøttet på denne platform" -#: src/parse_args.c:518 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Kun et af tilvalgene -e, -h, -i, -K, -l, -s, -v eller -V må angives" -#: src/parse_args.c:532 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -312,7 +334,7 @@ msgstr "" "%s - rediger filer som en anden bruger\n" "\n" -#: src/parse_args.c:534 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -321,7 +343,7 @@ msgstr "" "%s - udfør en kommando som en anden bruger\n" "\n" -#: src/parse_args.c:539 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -330,103 +352,103 @@ msgstr "" "\n" "Tilvalg:\n" -#: src/parse_args.c:542 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "brug hjælpeprogram for indhentelse af adgangskode\n" -#: src/parse_args.c:545 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "brug angivet BSD-godkendelsestype\n" -#: src/parse_args.c:547 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "kør kommando i baggrunden\n" -#: src/parse_args.c:549 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "luk alle filbeskrivelser >= fd\n" -#: src/parse_args.c:552 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "kør kommando med angivet logindklasse\n" -#: src/parse_args.c:555 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "bevar brugermiljø når kommando udføres\n" -#: src/parse_args.c:557 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "rediger filer i stedet for at køre en kommando\n" -#: src/parse_args.c:559 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "udfør kommando som den angivne gruppe\n" -#: src/parse_args.c:561 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "angiv HOME-variabel til målbrugers hjemmemappe.\n" -#: src/parse_args.c:563 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "vis hjælpetekst og afslut\n" -#: src/parse_args.c:565 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "kør en logindskal som målbruger\n" -#: src/parse_args.c:567 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "fjern tidsstempelfil fuldstændig\n" -#: src/parse_args.c:569 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "ugyldiggør tidsstempelfil\n" -#: src/parse_args.c:571 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "vis brugers tilgængelige kommandoer\n" -#: src/parse_args.c:573 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "ikkeinteraktiv tilstand, vil ikke spørge bruger\n" -#: src/parse_args.c:575 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "bevar gruppevektor i stedet for at sætte til målets\n" -#: src/parse_args.c:577 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "brug angivet logind for adgangskode\n" -#: src/parse_args.c:580 src/parse_args.c:588 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "opret SELinux-sikkerhedskontekt med angivet rolle\n" -#: src/parse_args.c:583 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "læs adgangskode fra standardinddata\n" -#: src/parse_args.c:585 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "kør en skal som målbruger\n" -#: src/parse_args.c:591 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "når der listes, så list angivne brugers privilegier\n" -#: src/parse_args.c:593 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "kør kommando (eller rediger fil) som angivet bruger\n" -#: src/parse_args.c:595 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "vis versionsinformation og afslut\n" -#: src/parse_args.c:597 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "opdater brugers tidsstempel uden at køre en kommando\n" -#: src/parse_args.c:599 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "stop behandling af parametre for kommandolinjen\n" @@ -515,258 +537,263 @@ msgstr "kunne ikke bestemme tilstanden gennemtving (enforcing)." msgid "unable to setup tty context for %s" msgstr "kunne ikke opsætte tty-kontekst for %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "kunne ikke angive kørselskontekt til %s" # engelsk: mangler vist lidt info her tast eller nøgle. mon ikke det er nøgle -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "kunne ikke angive nøgleoprettelseskontekst til %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "kræver mindst et argument" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "kan ikke køre %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "grænse for ressourcekontrol er nået" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "bruger »%s« er ikke medlem af projektet »%s«" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "start af opgave er færdig" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "kunne ikke slutte til projekt »%s«" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "ingen ressourcekø som accepterer standardbindinger findes for projekt »%s«" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "angivet ressourcekø findes ikke for projekt »%s«" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "kunne ikke binde til standardressourcekø for projekt »%s«" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "setproject fejlede for projekt »%s«" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "advarsel, ressourcekontroltildeling fejlede for projekt »%s«" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo version %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Konfigurationsindstillinger: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "fatal fejl, kan ikke indlæse udvidelsesmoduler" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "kan ikke initialisere udvidelsesmodul for politik" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "fejl under initialisering af I/O-udvidelsesmodulet %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "uventet sudo-tilstand 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "kan ikke indhente gruppevektor" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "ukendt uid %u: hvem er du?" -#: src/sudo.c:760 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s skal være ejet af uid %d og have setuid bit angivet" -#: src/sudo.c:763 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "effektiv uid er ikke %d, er %s på et filsystem med indstillingen »nosuid« angivet eller et NFS-filsytsem uden administratorprivilegier (root)?" -#: src/sudo.c:769 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "effektiv uid er ikke %d, er sudo installeret setuid root?" -#: src/sudo.c:838 -#, c-format -msgid "resource control limit has been reached" -msgstr "grænse for ressourcekontrol er nået" - -#: src/sudo.c:841 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "bruger »%s« er ikke medlem af projektet »%s«" - -#: src/sudo.c:845 -#, c-format -msgid "the invoking task is final" -msgstr "start af opgave er færdig" - -#: src/sudo.c:848 -#, c-format -msgid "could not join project \"%s\"" -msgstr "kunne ikke slutte til projekt »%s«" - -#: src/sudo.c:853 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "ingen ressourcekø som accepterer standardbindinger findes for projekt »%s«" - -#: src/sudo.c:857 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "angivet ressourcekø findes ikke for projekt »%s«" - -#: src/sudo.c:861 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "kunne ikke binde til standardressourcekø for projekt »%s«" - -#: src/sudo.c:867 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "setproject fejlede for projekt »%s«" - -#: src/sudo.c:869 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "advarsel, ressourcekontroltildeling fejlede for projekt »%s«" - -#: src/sudo.c:917 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "ukendt logindklasse %s" -#: src/sudo.c:931 src/sudo.c:934 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "kan ikke angive brugerkontekst" -#: src/sudo.c:946 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "kunne ikke angive supplerende gruppe-id'er" -#: src/sudo.c:953 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "kan ikke angive effektiv gid til runas gid %u" -#: src/sudo.c:959 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "kunne ikke angive gid til runas gid %u" -#: src/sudo.c:966 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "kunne ikke angive procesprioritet" -#: src/sudo.c:974 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "kunne ikke ændre administrator (root) til %s" -#: src/sudo.c:981 src/sudo.c:987 src/sudo.c:993 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "kunne ikke ændre til runas uid (%u, %u)" -#: src/sudo.c:1007 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "kunne ikke ændre mappe til %s" -#: src/sudo.c:1079 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "uventet underbetingelse for terminering: %d" -#: src/sudo.c:1140 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "politikudvidelsesmodulet %s mangler i metoden »check_policy«" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "politikudvidelsesmodul %s understøter ikke listning af privilegier" -#: src/sudo.c:1152 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "politikudvidelsesmodul %s understøtter ikke tilvalget -v" -#: src/sudo.c:1164 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "politikudvidelsesmodul %s understøtter ikke tilvalget -k/-K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "kunne ikke ændre uid til root (%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "fejl i udvidelsesmodul: mangler filliste for sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: ikke en regulær fil" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: kort skrivning" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s tilbage uændrede" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s uændrede" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "kan ikke skrive til %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "indhold fra redigeringssession tilbage i %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "kan ikke læse midlertidig fil" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "ingen tty til stede og intet askpass-program angivet" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "intet askpass-program angivet, forsøg at angive SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "kan ikke angive gid til %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "kan ikke angive uid til %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "kan ikke køre %s" @@ -785,9 +812,3 @@ msgstr "kan ikke dup2 stdin" #, c-format msgid "unable to restore stdin" msgstr "kan ikke gendanne stdin" - -#~ msgid "must be setuid root" -#~ msgstr "skal være setuid root" - -#~ msgid "the argument to -D must be between 1 and 9 inclusive" -#~ msgstr "argumentet for -D skal være mellem 1 og 9; begge tal inkluderet" diff --git a/src/po/de.mo b/src/po/de.mo index 2be99a867b0eac1bd2c4afc9ad35b425541e5bdc..cfde55928fe7810422929f944485141da02e58ef 100644 GIT binary patch delta 4742 zcma*o3vg7`9mnyrNiYzFl<qP zP^P&V8?g>w#R>Q!S}bK+gK#eD`BgXqw_q6_L{;Q9&kLUa#<7fViuxH-jkTymLik1O z!s+;H9ESPSSu+^xITuyRb)I`riNEN19!oj*4ak(*jKfi!H{uv<#*|9`7>!1J1uM}< zeaB-pmg7p#U8oBD7;Eq!I0=iHzMfl#lW`~N`JZ{`@1iDX*&rHtF=|QL22+2P>}f8j zR4;j7TtLlOb*q5ksQd0h-RC0v&+PTSKaA@5b*#h7sQbpT!&J#dI1x9aAAf*K^sS-P zUnTCtXk0V%kx7{lT1+8-<_I4uAW}r&80yVSU$bK_FM6K~DRATR-63L@Hawu}iRH2q+0b1OG z>h~}z!4s(GQ@^9ZMmLvG8GnN0V*0aF)KN8REf=E2&8Q9zqAKwM>Mi*_>i$oVF3bp< zO>`=10!^srwxbg1LawLG%QQ5z^Qeygj+)6pde_>OqpshNEUVdyTB7}^j(>zo_$+E7 z|3q!t9KO_=SEBl9LREM-D!~`fulN59jj3F?hALSD3#kX!dUjzg=Wif?CZBiiIUiL) z{UDuXJ@k9k!Vz-B^g{ zu_wNVx8N1b$B$8o*|2Gx`mx)I-SjcC7PEpq@YO`97-Teg=^(sD8dz$@(j! z3tUhlK0dU@6Hx=+hb!?JY``3*eHTtc?TMYpSLRjJfR|ATSFnLpxdcwe=TQm1S4Slf#8PmLuDv_^_f5CVMYJiPs@c?S6PNHW1K5AwosHX;c z0NDm+Cu(n{QHlN0vk#rBk~5IXr_5#=%IFZP!?UROvj=xA$70k2DL&NU3A_(4q7rUk zbc+#GMV>$@IflCb4_K3;(SJtv!Fiqu)IeR{`5SmQ z=O3XGnlm%Iwl3j^-D__~t@%!36w#A-n$Qu+l1box+Eg=hggs~AYT_Vq{V4Dntc=-0EY$kz;4L!W zAol8{+tHi$V((m)Smm`_u+?jCz}-Zicm5U6!>F?Br}`cuKx`%Y5ML*BlxqBagm&~E zqK%k9Xya(D973;?jy1%$GOg@~_QaRH^Zaht<6iqvw`Qtf!%kbsO<0v7FHH9iogFLo^ZB4{f@2#7v^tyExEuDr)yHCAJd}6SK7bM``HD zA;uH)biy%$SWA4HSVpk7%mYOC!{wwGG0eLd#jg?kgk=6Beih4!dx=HFgG4SdpZF4? z@l7z($o>o7M0+d|Bl!Ku{5$Q7b%cHcbkt@s9iC6%lf*+riFa)U7J2QV__){prsrsE zP+M6YAvO{^62t)_MCg?&Bpx9~68#7r{wyZxc^&Pgr_uv@@ADOwBnnJPqQPdPpz}hX z;kPD2(Rk9f$K9lpjubwWQ_8pHHta?mTN1SGAvf&Ua5NBfBP})-ZfkKPc6CXjEdA%c zMZQ!^BpTNj!M0e~Z4M+IJFjwK_uDMDck9o%H$M@J^619@>!BNOU6?4lX@E#`v^5q; zx=rNm<=Yxq8;#oyPCVg8NhfH>IUO;lIq3vB@!K`gwn#A3Px^9Eu5XlW4RqL+c(g5+ z$V~NyA=2;ltMzq$)Msq31f95RTql^e1A6cWM75z0z*_E8BbDU7viC-UjxueZe z5-hjvr=JPM9VWOayJJrMv?Ourm~C;wfuIwy?QQX(lm5WJ!xLxBii zIte?wa%RP+AM|!nw*lNZOP1M8PCRKotCz(N!zJ3C_`1aB_qM>x_tV{F9{nFre&&On zy-LShJB}^p#M=WbRMMZFY_>!cU`<;j-7$WTuYPHy<@CvL(rt0<{6L4>8VGL+gu*ru zv2)|BGF9@5cEjA$`4z`}ovTah($7!u`|@Tvt+vxv4j8+JrAXSK>+oFnZFlNe#e63j ziUu9ixxTbt`ch>uFTJT|N{;{D?B?@^Sr?5&cz-ja*@)X5N@lZVNji^A8=O8}o7b~6 zZvR^vHmF{u%u;rro$fz5{r36=nJ(JsGoDDEKAGG^=ibcLw>e=p%ID1Q>h$Mw{sTJ$ B>(u}N delta 3752 zcmYk<3vg7`9mnyrn*iaF1eQEaFgFk&A<41{A&;#P2m%U%1w;jb8j^*?JT~23jl5h^ zY*e82aWx=}j^krQoRQ+i8E0&@(-|G5j_uUJcF-nmnNDk4TgTziI<4*Zw|g?vGx_i5 z+_U%bKmT)X0v8Yao;~DCjs`NHGPILKDRDW|n2+(p$$Zd?vW=O7#aNCNSc$7}21YRt zhp-4ouo%za9Q?q3{{;p(_UCX9%*X4DNt!U7Mg}(HG(3t~_%u$$=W#KRj+aUtc2>^ceCi^EPVje~UNZB(hh9ZbV&| zu)d6q9A88&T2XzeVQ+1M(AlLV({!I`LLi ziH};(qaKvSZx2178ddsjs1hH?w7>^kNF)R+T;OtrtVvn zq(d_1Zd68(q7u1){FtfiM2#;+ZORAvP(|Lv7QBjjK#1ShN^m1OxEEFWlSppn=co$* z8}+S`a*UONxB;;&HW)i$N?(}lNl{5UG% zKcj=C&FP9PK_xJRyd6pNBRVXXxqvEV2Gi0FL#P?{@Sz#Mgi7ENa!*stNlI)3YNiQP z#a=|s_}8fGvY0kqvkJ9DL#V`F#Z~(IKSoCv&SPgNku9hT9zv>Reuld6nzfv}>io5+ z@dt1%oWMk>P^;n8SsLDNy4*mp-^!|_1(d%^$m04?Rxz1YW#&PQ?YSUFLPoLj~K91W7wZ{l@GY5$wqMJw(sW-sIIFTS!KD8$aRpMcy zgV4>tOXLz8i4BCBlFK5r4Bsa*2qjKoQ|(UcJQHNv3~VN?LqJOAPy2*RzK0C`QJ$AJ47a-rX^5&l!y@b z5!Vq8@&D}s4o(tXc2H})()K4<#Z!b{O|>5qPZQI0pr-ok_3I~Yv&WG7SJ3r%Kk+?c zIdLI7U1{ zjJF&*588u!v5+`wkH?usXTLp&VUXBP^blo)+TFxtVk)tX*hlQp{PXCHw@tRwW?f^w z1*?d?gx-`b#J34Gy|QX0X;S}ZI6+^p-f^Ow$R}C|wOz!jR8Jpl*+Xy>Q9v{jY7Y^C zRF6L%I6!PBCV6jUANSRD_jg452HF$dJ9{I}K(x2JV~^9TWNX)7%?v?~HVsx$&?Q?~29}&S0!N5lJ22+uyF+C8Ex*?*2|E zzNc?zwAYy%Pkrg0EicG0VaGd^yWj5x1CxC(Waat1h513Bcer4h&-<|OOvc2%NMAIz z$J*Vcucx<%nov-?a%i5*$&)HR12 z>b-X>!Wr)Q+Uo2YvUVb|!S+}pl5le>%iM?Sn%t_&S$WER(|B@DPqe>35pnS3Q7568_Y b, 2012. +# Jakob Kramer , 2012, 2013. # Mario Blättermann , 2012. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6b4\n" +"Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-15 18:42+0200\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-07 13:58+0200\n" "Last-Translator: Jakob Kramer \n" "Language-Team: German \n" "Language: de\n" @@ -36,14 +36,6 @@ msgstr "Registrierungsdatenbank konnte nicht wiederhergestellt werden" msgid "internal error, tried to emalloc(0)" msgstr "Interner Fehler: Es wurde versucht, emalloc(0) auszuführen" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "Speicher konnte nicht zugewiesen werden" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "Interner Fehler: Es wurde versucht, emalloc2(0) auszuführen" @@ -69,76 +61,86 @@ msgstr "Interner Fehler: Es wurde versucht, erealloc3(0) auszuführen" msgid "internal error, tried to erecalloc(0)" msgstr "Interner Fehler: Es wurde versucht, erecalloc(0) auszuführen" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "Nicht unterstützte Gruppenquelle »%s« in %s, Zeile %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "Ungültige Maximalzahl an Gruppen »%s« in %s, Zeile %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "stat konnte nicht auf %s angewandt werden" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s ist keine reguläre Datei" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s gehört Benutzer mit UID %u, sollte allerdings %u gehören" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s kann von allen verändert werden" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s kann von der Gruppe verändert werden" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "%s konnte nicht geöffnet werden" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Unbekanntes Signal" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "Regelwerks-Plugin konnte Sitzung nicht initialisieren" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "Es konnte nicht geforkt werden" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "Sockets konnten nicht hergestellt werden" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "Weiterleitung konnte nicht erstellt werden" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "»select« schlug fehl" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "TTY-Kennzeichnung konnte nicht wiederhergestellt werden" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_PROC_EXEC konnte nicht von PRIV_LIMIT entfernt werden" @@ -148,148 +150,176 @@ msgstr "PRIV_PROC_EXEC konnte nicht von PRIV_LIMIT entfernt werden" msgid "unable to allocate pty" msgstr "PTY konnte nicht vergeben werden" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "Weiterleitung konnte nicht erstellt werden" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "Terminal konnte nicht in den Rohmodus gesetzt werden" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "Kontrollierendes TTY konnte nicht gesetzt werden" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "Fehler beim Lesen der Signal-Pipe" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "Fehler beim Lesen der Pipe" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "Fehler beim Lesen des Socket-Paars" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "Unerwarteter Antworttyp auf Rückmeldungskanal: %d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "Fehler in %s, Zeile %d, während Plugin »%s« geladen wurde" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s muss Benutzer mit UID %d gehören" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s darf nur vom Besitzer beschreibbar sein" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "dlopen konnte nicht auf %s ausgeführt werden: %s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "Symbol »%s« konnte in %s nicht gefunden werden" + +#: src/load_plugins.c:201 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: Symbol %s konnte nicht gefunden werden" +msgid "unknown policy type %d found in %s" +msgstr "Unbekannter Regelwerktyp %d wurde in %s gefunden" -#: src/load_plugins.c:112 +#: src/load_plugins.c:207 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: Unbekannter Regelwerktyp %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "Inkompatible Hauptversion %d des Regelwerks (%d erwartet) wurde in %s gefunden" -#: src/load_plugins.c:116 +#: src/load_plugins.c:216 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: Inkompatible Hauptversion %d des Regelwerks, %d erwartet" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "Regelwerks-Plugin »%s« in %s, Zeile %d, wird ignoriert" -#: src/load_plugins.c:123 +#: src/load_plugins.c:218 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: Nur ein einziges Regelwerks-Plugin kann geladen werden" +msgid "only a single policy plugin may be specified" +msgstr "Nur ein einziges Regelwerks-Plugin kann geladen werden" -#: src/load_plugins.c:200 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "Doppelt vorhandenes Regelswerks-Plugin »%s« in %s, Zeile %d, wird ignoriert" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "Doppelt vorhandenes E/A-Plugin »%s« in %s, Zeile %d, wird ignoriert" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "Das Regelwerks-Plugin %s enthält keine check_policy-Methode" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: Überlauf entdeckt" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "Socket konnte nicht geöffnet werden" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "Das Argument für -C muss eine Zahl größergleich 3 sein" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "Unbekannter Benutzer: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "Die Optionen »-i« und »-s« können nicht gemeinsam benutzt werden" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "Die Optionen »-i« und »-E« können nicht gemeinsam benutzt werden" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "Die Option »-E« ist im Bearbeiten-Modus ungültig" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "Im Bearbeiten-Modus können keine Umgebungsvariablen gesetzt werden" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "Die »-U«-Option kann nur zusammen mit »-l« benutzt werden" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "Die Optionen »-A« und »-S« können nicht gemeinsam benutzt werden" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit ist auf dieser Plattform nicht verfügbar" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Nur eine der Optionen -e, -h, -i, -K, -l, -s, -v oder -V darf angegeben werden" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -298,7 +328,7 @@ msgstr "" "%s - Dateien als anderer Benutzer verändern\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -307,7 +337,7 @@ msgstr "" "%s - Einen Befehl als anderer Benutzer ausführen\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -316,103 +346,103 @@ msgstr "" "\n" "Optionen:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "Hilfsprogramm zum Eingeben des Passworts verwenden\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "Angegebenen BSD-Legitimierungstypen verwenden\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "Befehl im Hintergrund ausführen\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "Alle Dateideskriptoren >= fd schließen\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "Befehl unter angegebener Login-Klasse ausführen\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "Benutzerumgebung beim Starten des Befehls beibehalten\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "Dateien bearbeiten statt einen Befehl ausführen\n" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "Befehl unter angegebener Gruppe ausführen\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "HOME-Variable als Home-Ordner des Zielnutzers setzen.\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "Hilfe ausgeben und beenden\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "Eine Anmeldeshell als Zielnutzer starten\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "Zeitstempeldateien komplett entfernen\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "Zeitstempeldatei ungültig machen\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "Für den Benutzer verfügbare Befehle auflisten\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "Nicht-interaktiver Modus, der Benutzer wird zu nichts aufgefordert werden\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "Gruppen-Vektor beibehalten, statt zu dem des Zielnutzers zu setzen\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "Angegebenen Passwort-Prompt benutzen\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "SELinux-Sicherheitskontext mit angegebener Funktion erstellen\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "Passwort von der Standardeingabe lesen\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "Eine Shell als Zielnutzer ausführen\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "Wenn aufgelistet wird, Berechtigungen des angegebenen Benutzers auflisten\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "Befehl oder Datei als angegebener Benutzer ausführen bzw. ändern\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "Versionsinformation anzeigen und beenden\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "Den Zeitstempel des Benutzers erneuern, ohne einen Befehl auszuführen\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "Aufhören, die Befehlszeilenargumente zu verarbeiten\n" @@ -505,257 +535,262 @@ msgstr "»Enforcing«-Modus konnte nicht bestimmt werden." msgid "unable to setup tty context for %s" msgstr "TTY-Kontext konnte für %s nicht aufgesetzt werden" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "Ausführungskontext konnte nicht auf »%s« gesetzt werden" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "Kontext der Schüsselerstellung konnte nicht auf %s festgelegt werden." -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "Benötigt mindestens ein Argument" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "%s konnte nicht ausgeführt werden" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "Limit der Ressourcenkontrolle wurde erreicht" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "Benutzer »%s« ist kein Mitglied des Projekts »%s«" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "Der aufrufende Prozess ist fertig" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "Projekt »%s« konnte nicht beigetreten werden" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "Für Projekt »%s« gibt es keinen Ressourcen-Pool, der die Standardanbindungen unterstützt." + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "Den angegebenen Ressourcen-Pool gibt es für das Projekt »%s« nicht" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "Es konnte nicht zum Standard-Ressourcen-Pool für Projekt »%s« verbunden werden." + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "»setproject« schlug für Projekt »%s« fehl" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "Warnung: Ressourcenkontrolle von Projekt »%s« konnte nicht zugewiesen werden" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo-Version %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Optionen für »configure«: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "Schwerwiegender Fehler, Plugins konnten nicht geladen werden" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "Regelwerks-Plugin konnte nicht initialisiert werden" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "E/A-Plugin %s konnte nicht initialisiert werden" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "Unerwarteter sudo-Modus 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "Gruppenvektor konnte nicht geholt werden" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "Unbekannte UID %u: Wer sind Sie?" -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s muss dem Benutzer mit UID %d gehören und das »setuid«-Bit gesetzt haben" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "Effektive UID ist nicht %d. Liegt %s auf einem Dateisystem mit gesetzter »nosuid«-Option oder auf einem NFS-Dateisystem ohne Root-Rechte?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "Effektive UID ist nicht %d. Wurde sudo mit »setuid root« installiert?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "Limit der Ressourcenkontrolle wurde erreicht" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "Benutzer »%s« ist kein Mitglied des Projekts »%s«" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "Der aufrufende Prozess ist fertig" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "Projekt »%s« konnte nicht beigetreten werden" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "Für Projekt »%s« gibt es keinen Ressourcen-Pool, der die Standardanbindungen unterstützt." - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "Den angegebenen Ressourcen-Pool gibt es für das Projekt »%s« nicht" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "Es konnte nicht zum Standard-Ressourcen-Pool für Projekt »%s« verbunden werden." - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "»setproject« schlug für Projekt »%s« fehl" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "Warnung: Ressourcenkontrolle von Projekt »%s« konnte nicht zugewiesen werden" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "Unbekannte Anmeldungsklasse %s" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "Nutzerkontext konnte nicht gesetzt werden" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "Zusätzliche Gruppenkennungen konnten nicht gesetzt werden" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "Effektive GID konnte nicht zu »runas«-GID %u gesetzt werden" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "GID konnte nicht zu »runas«-GID %u gesetzt werden" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "Prozesspriorität konnte nicht gesetzt werden" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "Wurzelordner konnte nicht zu %s geändert werden" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "Es konnte nicht zu »runas«-GID gewechselt werden (%u, %u)" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "In Ordner »%s« konnte nicht gewechselt werden" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "Unerwartete Abbruchsbedingung eines Unterprozesses: %d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "Dem Regelwerks-Plugin %s fehlt die »check_policy«-Methode" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "Regelwerks-Plugin %s unterstützt das Auflisten von Privilegien nicht" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "Regelwerks-Plugin %s unterstützt die Option -v nicht" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "Regelwerks-Plugin %s unterstützt die Optionen -k und -K nicht" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "UID konnte nicht zu Root (%u) geändert werden" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "Plugin-Fehler: Fehlende Dateiliste für sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: Keine reguläre Datei" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: Zu kurzer Schreibvorgang" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s blieb unverändert" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s unverändert" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "%s konnte nicht beschrieben werden" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "Bearbeitungssitzung wurden in %s gelassen" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "Temporäre Datei konnte nicht gelesen werden" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "Kein TTY vorhanden und kein »askpass«-Programm angegeben" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "Kein »askpass«-Programm angegeben, es wird versucht, SUDO_ASKPASS zu setzen" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "GID konnte nicht als %u festgelegt werden" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "UID konnte nicht als %u festgelegt werden" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "%s konnte nicht ausgeführt werden" @@ -775,6 +810,12 @@ msgstr "dup2 konnte nicht auf die Standardeingabe angewandt werden" msgid "unable to restore stdin" msgstr "Standardeingabe konnte nicht wiederhergestellt werden" +#~ msgid "unable to allocate memory" +#~ msgstr "Speicher konnte nicht zugewiesen werden" + +#~ msgid ": " +#~ msgstr ": " + #~ msgid "internal error, emalloc2() overflow" #~ msgstr "Interner Fehler: Überlauf bei emalloc2()" diff --git a/src/po/eo.mo b/src/po/eo.mo index 06ca5d1a06f57fa0a0a7380770d09ad508a8900f..ea89347829d7bf92f003bd4e3d6b826e44820690 100644 GIT binary patch delta 4874 zcma*peQ*`k8OQN+0|ALZG~vwvdLV?5CV?adkbt}x1rY_cT4>ecCU=u;a&z~(_g-F# zaM6M<*eH5yRUk@fr;biv>|C+Zv1%Q4oauCGTWvd9ZIRK|w^m!*YC9eJ{q0>eLjQ1w zC!e!>ch5fOIp?gtwDHNUxmPQO-)T4w5L1YTQe*yri^}-J@#q+1)I5aK@M)ZdZ{Vp| zKGv9VI1MM^JUk88U^RNt?*mxD`2n1P2eHbSoOy}HJTCkLM`J^|F(=^y9D(QHNL-00 z<0Uu&uR{KrOmw~jS8~1=Pr=ubF3mqtiI;Lw3Dx3RxC$rpezSu{D;M_T>G&en;0LIY zRx!*i*pBn@37n1pLW?sQ)Z}n|N3KAXvM+KsD)EDnFXK$kW8=e8n^|}U=j}KhJ29uy-$0`se}Z!` zMt$qC85{7b$X%!k{0Lj|uXrZTVEB4&9nQs@P|rUeoxg<|pk;yR#h0R{Bs+=vt7La^ zL8W>m`r%d7h*h^nn1Z_R0@QsTvi{8N(eL-6I{rD%$M;b8&0>YAk{4qOZoxYIJ}S}Q zRZ)MHcr0(@nz;xWl<7f>Ipm+&&mWcYF;wP9kYbrqwhXzN$*8GmMFwluA=Njj$epPB z_MpWAYH_}hqoGWWpk8nqD@TbeMV0Id)W`;q^=2MI&GA#H#Quy*WH{xKRmdgNgqo7o zXmJ~=-}_Jr{uuRq?pHKe=;kk|jE^F@m~pHWb<~WS%Qa|m3#x;Cs7gGH+9kh1-G3D6 z!c4WrL>Hk3(1ChxCn}LaiSw_TFrLU6zxHE{6kd2 zFQ5kUK5EgH@T2B@4yvCHRD}mn2|kQ<+W)_%v4{)*MU||LiPVF=k%Kso^XHL&W+Z#= zff!XmEy5R>4=t)As27dlEgHaCsQXu=MjW6L9YEdxAWr7}<^>vh;60>zW&}%D&cx-o z9LsS4Pr^YQf#1QA_&wB@@gS<7pGN)`RjGGzF%GAUs!)66WtihPQg8o;?&K#Oli z=Vhd;kt{`haN?*+-Hg}aAylFZ8NR*;*Q3_VBd7#kLyI4w`l;eaZR^GL)L*4ZaA6wW z82LbS!_ROT*FVB@a3K?`1h-*3K8%{n4^bUYq*u8RmFW7&9jF055S{-5n>hcVk^1Y0 z8b0U@!mL7_XHhTSi>vSzJPYd>HbpTVNFU}FT!4r0Z2UWFEj81-&XcHwzl%%oHPqUg z&feB@m*;3`aovU*$+M^gUPp^3bGItffaG9SBkR;`#ih6(^dj&H|G zd<-?U&m-&Fyp4Lkg3;jkKJVSA~tJ5ucAr*hfvtt*CwuptkGtm{aBxS*qGLXX9jaP`hC( zGI(=8QhoDBRL2t+7hR0H?xLRGhcVRXZXlHW9%7KtVF}iq$rC!x(fpr6V z96PR|F@+dSe3keTq2rrGEurn&K^!}@DEo+Igg(DICKL(3iduY^6FZ6Ph;udn2WaRh zA+*m|>V#t|(M#MztRv1NzDNu`JWfUtTC_TR;%0)K7ycJe|HCoU$wObjC~BF-oD zeiIKH#jW)f+SNpgU{{6TgHv%np^t`+c}2{o$lLJi#I;0CbnOb%XIO`}RmuPvF$uMIZgC0$z+w;OxBgliMN6ZewcHkHVBdr5nBO}e(w zQc)4hbtnBmKg6@CgxBe0T)T44nxVH@ZXeR0@lJdq<@4y~&-Bpow|1s$Pk2GH)9+6? z8Lxx9qkQ|FUO%uK+#v1wq!YKZ+)XLBGvmfNsk2>vHW@GWW4vU>4U$g6xc`=+wW|$-GQG?rNhD;mr$W=+`L$RReANO zG_Ul!JU3q0JAO>8wkB=8wC(rOX%#TjO%OYxu;dD4ETvaK?^}CV#y>vp$*5rc%r=BMnouX+Ilu@+xNV z_(Th~s$|&wj^_L?r=RDX+1S+D*wkX1o7!5NXg4*LUA(68Qg?%=8aAHGRJYldrsnXz z<|fu}EVn)agt%T+ozx1A{CkQFClf zv!tECZ?G&0H|R=a{o?P%pYy%-XOxDEKfmka)`Rsny7o@}lu^Ys&-Tc_Q$OvK>#e$; zbi=*i^fGUKX|F%amLubA%I__%wc|=!7~Rkv%l}|zby>74o*wiHLF1Cx9kWN|pKF{j z_S1Wzuy^*`!wUDd1hMhq*etJL8${D=-9kz0`He}pPYc9N WI+RAaIqdvo#{d5bzPaH2*#7{oRFZ$lP>vJhi2MR$F5!oTd{Ekk88aBC;&_~m)!2o_cmPM@ zi#Qrj;TU`uC*TME_rr!8Q^Iv6R$&W{H70GAQ)#6kg+uX&cpIL^f%ql{@hxn@Pq7Sx zMaIP_P```fmvBE$!af|s{mn&H@Valoh}=Xfu#)y! z{&g2Bb^HA5lfIYy_8Y$A*bhx`CMpx%Sb;lGp<2FPO*wxas4MfE?5EqDP#_&MrE^(!9*(^YkXu5niqxwCEoLAF_n#fO4M#}Xp{RA!>jpP#M^ZI_)P={oh0W%*T9aqQ#srEno`jcgs-| ziTmx(q89clYMeKb1*Oe(D%!h%mHT2cYHt>!w#G%xbT?`R-$m{5YpCD-1(nhgW~m8H zMeY4EoQ6A48Ttk4cOUsyGTT-?|BI<;FQ37_05e1#y5&4;8fXpbMh8(_a0b=?5^9Av zP!lX64eH;3O8KLx{wZXQX20(VypQX*v55Pd5~i;=UL_91J5i^-5%t)uMh$cbgLuNf zzKY%!pe9hvqmYO7sLX|MI?hF9ZjbK~m=ayVq~;^ZgBKoa?9s4dd;lt!P4Buf&1uwB94~VNXW-a08>$z@3e>AL zi6!_l&cQcO6AbW@plWK7B$*Y+7-lzWz*GM9Wz+-;nWg$Spfb4{^;kZI+M*+S8L}&8K58Nx zkz1G}$imX*Z7L&a_yl$1LVl&0HKSfMOHemX`t2{ER(=L`DF2E|eF^)Z_eKbHJr6a} zwWthl_uG%6CUP2E^!#6@qLdX)$*rITnTvTC*?zMJb)(mPuOL}A|3*zD#7WZ1ZPdiK zp~m|TYGD^pNR*pIJynE8T`l^)b{6eu5+L52(lN8fxHBd+xDXih9v( zMxFM<$UV$2ku{l5QJD+fm2(-YJ&k%SPhmPhrIS!ONZdp0Aa)Y#2$dPcAtFVrCwd8$ z=LtO}`v`}aLnMeIViEBOp`uCMMrhT0hyjEq#*?P?^Q!eeb012T%0l8^;%mfUqQ5*t zh4+-VC13R$$KqG~dKVrbqQo}8tps`Gy?;P{lb6XS{QH|&e=BYx*jn#ZO2)m^+n7(N zD1|EDAi9Z-L^+|ozqLHY#c^V-->5CV->(<=hP3{}gr0Gg=ZF`Gp}O#k_Eu#HvE8fX z{y|kxf0Ecm@YH#4wq-bmc#OE6I6|o8@@x!8!nj^b?tg>VK9h!rh-V2st1Af|kj+Gx z(9`fJq0{^=;+sT&(X+nWzu17IiLd+DVn3n7JWCgpB+)=TPV{JA78R8aqL3IutRl7& zs|h_a{bjLVne96t^)gvN=-sh}cz{?zJWQz6=kOj;RRk*6-ONl|**M}Vmbl6EN>ez{-<;EPV*NsLxH(9;WRCgq1 z^`vO-aI8eH(;4ZCIAJp}(QZXzoo-LBos4uuzxY9qz1EFe>z#Na;>N6r;mMY>ksl?U zFc+D}ipFJDmQ84jx^~zfB(cVgC#?L{<}+$*QN3Q z_K7=Qr>5$f%$SkqvbCj6f$YArp@Hl>qfQPO*yHrL@lDz8@}+_7pT}Lv&s-fpDI2UD zotNJd?`+DVQ0Oa zu$)9P(!VuH+e;Knq)&G|W#{@P-O1Luy-t^HInl5ibG@ChlTIugN!r?(vy;j*`x_># zI)B`bcSp`0kMs`{Wf+Pecbi(${~I1{_MXNgp=HZA3vTfe@!U;q32n|o#5(jhaWu5^fh z8iF;(;kqKA&+<&VuE496X1-lF$9{0Db?Rw@7h diff --git a/src/po/eo.po b/src/po/eo.po index 6e48cf7..41a510b 100644 --- a/src/po/eo.po +++ b/src/po/eo.po @@ -1,14 +1,14 @@ # Esperanto translations for sudo package. # This file is put in the public domain. -# Keith Bowes , 2012. +# Felipe Castro , 2013. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.5rc3\n" +"Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-04-24 13:41-0400\n" -"PO-Revision-Date: 2012-04-29 18:56-0400\n" -"Last-Translator: Keith Bowes \n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-10 22:25-0400\n" +"Last-Translator: Felipe Castro \n" "Language-Team: Esperanto \n" "Language: eo\n" "MIME-Version: 1.0\n" @@ -16,105 +16,110 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: common/aix.c:149 +#: common/aix.c:150 #, c-format msgid "unable to open userdb" msgstr "ne eblas malfermi la uzanto-datumbazon" -#: common/aix.c:152 +#: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "ne eblas ŝanĝiĝi al registrejo \"%s\" por %s" -#: common/aix.c:169 +#: common/aix.c:170 #, c-format msgid "unable to restore registry" msgstr "ne eblas restarigi registrejon" #: common/alloc.c:82 msgid "internal error, tried to emalloc(0)" -msgstr "ena eraro, provis je emalloc(0)" - -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:432 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:737 -#, c-format -msgid "unable to allocate memory" -msgstr "ne eblas generi memoron" +msgstr "interna eraro, provis je emalloc(0)" #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" -msgstr "ena eraro, provis je emalloc2(0)" +msgstr "interna eraro, provis je emalloc2(0)" -#: common/alloc.c:101 -msgid "internal error, emalloc2() overflow" -msgstr "ena eraro, emalloc2() superfluo" +#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 +#, c-format +msgid "internal error, %s overflow" +msgstr "interna eraro, superfluo en %s" #: common/alloc.c:120 msgid "internal error, tried to ecalloc(0)" -msgstr "ena eraro, provis je ecalloc(0)" - -#: common/alloc.c:123 -msgid "internal error, ecalloc() overflow" -msgstr "ena eraro, ecalloc() superfluo" +msgstr "interna eraro, provis je ecalloc(0)" #: common/alloc.c:142 msgid "internal error, tried to erealloc(0)" -msgstr "ena eraro, provis je erealloc(0)" +msgstr "interna eraro, provis je erealloc(0)" -#: common/alloc.c:161 common/alloc.c:185 +#: common/alloc.c:161 msgid "internal error, tried to erealloc3(0)" -msgstr "ena eraro, provis je erealloc3(0)" +msgstr "interna eraro, provis je erealloc3(0)" -#: common/alloc.c:163 common/alloc.c:187 -msgid "internal error, erealloc3() overflow" -msgstr "ena eraro, erealloc3() superfluo" +#: common/alloc.c:185 +msgid "internal error, tried to erecalloc(0)" +msgstr "interna eraro, provis je erealloc(0)" + +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" -#: common/sudo_conf.c:306 +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "nekomprenata grupa fonto `%s' en %s, linio %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "nevalidaj maksimumaj grupoj `%s' en %s, linio %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "ne eblas trovi je %s" -#: common/sudo_conf.c:309 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s estas ne regula dosiero" -#: common/sudo_conf.c:312 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s estas estrata de uid %u, devas esti %u" -#: common/sudo_conf.c:316 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s estas skribebla de ĉiuj" -#: common/sudo_conf.c:319 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s estas skribebla de la tuta grupo" -#: common/sudo_conf.c:328 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "ne eblas malfermi %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Nekonata signalo" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:107 src/exec_pty.c:628 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "konduta kromprogramo fiaskis dum seanca komenciĝo" -#: src/exec.c:112 src/exec_pty.c:633 src/exec_pty.c:967 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "ne eblas forki" @@ -124,179 +129,196 @@ msgstr "ne eblas forki" msgid "unable to create sockets" msgstr "ne eblas krei konektingojn" -#: src/exec.c:266 src/exec_pty.c:572 src/exec_pty.c:581 src/exec_pty.c:589 -#: src/exec_pty.c:902 src/exec_pty.c:964 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "ne eblas krei tubon" - -#: src/exec.c:351 src/exec_pty.c:1029 src/exec_pty.c:1167 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "elekto malsukcesis" -#: src/exec.c:441 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "ne eblis reatingi tty-etikedon" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "ne eblas forigi PRIV_PROC_EXEC-on de PRIV_LIMIT" -#: src/exec_pty.c:144 +#: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "ne eblis generi pty-on" -#: src/exec_pty.c:619 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "ne eblas krei tubon" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "ne eblas elekti nudan reĝimon ĉe la terminalo" -#: src/exec_pty.c:945 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "ne eblas elekti la regan tty-on" -#: src/exec_pty.c:1038 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "eraro dum legi la signalan tubon" -#: src/exec_pty.c:1059 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "eraro dum legi el tubo" -#: src/exec_pty.c:1075 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "eraro dum legi la konektingan paron" -#: src/exec_pty.c:1079 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "neatendita respondotipo ĉe la postkanalo: %d" -#: src/load_plugins.c:79 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "eraro en %s, linio %d dum ŝargi kromprogramon `%s'" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:85 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:95 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s devas esti estrita de uid %d" -#: src/load_plugins.c:99 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s estas skribebla nur de estro" -#: src/load_plugins.c:106 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "malebla: dlopen %s: %s" -#: src/load_plugins.c:111 +#: src/load_plugins.c:194 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: ne eblas trovi simbolon %s" +msgid "unable to find symbol `%s' in %s" +msgstr "ne eblas trovi simbolon `%s' en %s" -#: src/load_plugins.c:117 +#: src/load_plugins.c:201 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: nekonata konduta tipo %d" +msgid "unknown policy type %d found in %s" +msgstr "nekonata konduta tipo %d trovita en %s" -#: src/load_plugins.c:121 +#: src/load_plugins.c:207 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: malkongrua konduto, ĉefa eldono %d, atendita %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "malkongrua granda eldono %d de kromprogramo (estu %d) trovita en %s" -#: src/load_plugins.c:128 +#: src/load_plugins.c:216 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: nur unu konduta kromprogramo eblas ŝargiĝi" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "ignoranta kondutan kromprogramon `%s' en %s, linio %d" -#: src/load_plugins.c:148 +#: src/load_plugins.c:218 #, c-format -msgid "%s: at least one policy plugin must be specified" -msgstr "%s: almenaŭ unu konduku devas esti specifita" +msgid "only a single policy plugin may be specified" +msgstr "nur unu konduta kromprogramo eblas specifiĝi" -#: src/load_plugins.c:153 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "ignoranta duobligantan kondutan kromprogramon `%s' en %s, linio %d" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "ignoranta duobligitan eneligan kromprogramon `%s' en %s, linio %d" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "konduta kromprogramo %s ne inkluzivas la metodon check_policy" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: superfluo malkovrita" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "ne eblas malfermi konektingon" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "la parametro de -C devas esti nombron almenaŭ 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "nekonata uzanto: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "vi ne rajtas specifi kaj '-i' kaj '-s'" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "vi ne rajtas specifi kaj '-i' kaj '-E'" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "la parametro '-E' ne validas en redakta reĝimo" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "vi ne rajtas specifi medivariablojn en redakta reĝimo" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "la parametro '-U' ne validas kun '-l'" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "'-A' kaj '-S' ne eblas uziĝi kune" -#: src/parse_args.c:445 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit ne estas havebla en ĉi tiu platformon" -#: src/parse_args.c:518 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Vi rajtas specifi nur unu el -e, -h, -i, -K, -l, -s, -v aŭ -V" -#: src/parse_args.c:532 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -305,7 +327,7 @@ msgstr "" "%s - redakti dosierojn kiel alia uzanto\n" "\n" -#: src/parse_args.c:534 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -314,7 +336,7 @@ msgstr "" "%s - plenumigi komandon kiel alia uzanto\n" "\n" -#: src/parse_args.c:539 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -323,103 +345,103 @@ msgstr "" "\n" "Parametroj:\n" -#: src/parse_args.c:542 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "uzi helpoprogrogramon por pasvortilo\n" -#: src/parse_args.c:545 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "uzi specifitan BSD-konstatan tipon\n" -#: src/parse_args.c:547 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "plenumigi komandon fone\n" -#: src/parse_args.c:549 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "fermi ĉiujn dosierpriskribilojn >= fd\n" -#: src/parse_args.c:552 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "plenumigi komandon per specifitan ensalutan klason\n" -#: src/parse_args.c:555 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "konservi uzanto-medivariablojn dum plenumigi komandon\n" -#: src/parse_args.c:557 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "redakti dosierojn anstataŭ plenumigi komandon\n" -#: src/parse_args.c:559 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "plenumigi komandon kiel la specifitan grupon\n" -#: src/parse_args.c:561 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "valorizi medivariablon HOME je la hejma dosierujo de la cela uzanto.\n" -#: src/parse_args.c:563 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "elmontri helpan mesaĝon kaj eliri\n" -#: src/parse_args.c:565 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "plenumigi ensalutan ŝelon kiel celan uzanton\n" -#: src/parse_args.c:567 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "tute forigi tempo-indikilan dosieron\n" -#: src/parse_args.c:569 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "eksvalidigi tempo-indikilan dosieron\n" -#: src/parse_args.c:571 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "listigi disponeblajn komandojn de uzanto\n" -#: src/parse_args.c:573 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "neinteraga reĝimo, ne demandos uzanton\n" -#: src/parse_args.c:575 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "konservi grupan vektoron anstataŭ elekti celan vektoron\n" -#: src/parse_args.c:577 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "uzi specifitan pasvortilon\n" -#: src/parse_args.c:580 src/parse_args.c:588 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "krei SELinux-sekurecan kuntekstan kun specifita rolo\n" -#: src/parse_args.c:583 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "legi pasvorton el norma enigo\n" -#: src/parse_args.c:585 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "plenumigi ŝelon kiel cela uzanto\n" -#: src/parse_args.c:591 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "dum listigo, listigi privilegiojn de specifita uzanto\n" -#: src/parse_args.c:593 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "plenumigi komandon (aŭ redakti dosieron) kiel specifita uzanto\n" -#: src/parse_args.c:595 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "elmontri eldonan informon kaj eliri\n" -#: src/parse_args.c:597 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "ĝisdatigi la tempo-indikilon de la uzanto, sed ne plenumigi komandon\n" -#: src/parse_args.c:599 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "ĉesigi procedi komandliniajn parametrojn\n" @@ -508,257 +530,262 @@ msgstr "ne povas determini eldevigan reĝimon." msgid "unable to setup tty context for %s" msgstr "ne eblas agordi tty-kuntekston por %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "ne eblas elekti exec-kuntekston al %s" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "ne eblas elekti ŝlosilkrean kuntekston al %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "postulas almenaŭ unu parametron" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "ne eblas plenumigi: %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "rimedo-rega limigo estis atingita" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "uzanto \"%s\" ne estas ano de projekto \"%s\"" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "la voka tasko estas nenuligebla" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "ne eblis aliĝi al projekto \"%s\"" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "neniu rimedujo akceptanta aŭtomatajn bindaĵojn ekzistas por projekto \"%s\"" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "specifita rimedujo ne ekzistas por projekto \"%s\"" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "ne eblis bindi al aprioran rimedujo por projekto \"%s\"" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "setproject malsukcesis por projekto \"%s\"" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "averto, rimedo-rega asigno malsukcesis por projekto \"%s\"" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo: eldono %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Muntaj parametroj: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "ĉesiga eraro: ne eblas ŝargi kromprogramojn" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "ne eblas komenci konduktan kromprogramon" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "eraro dum komenci eneligan kromprogramon %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neatendita sudo-reĝimon 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "ne eblas elekti grupan vektoron" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "nekonata uid %u: kiu vi estas?" -#: src/sudo.c:760 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s devas esti estrita de uid %d kaj la setuid-bito devas esti elektita" -#: src/sudo.c:763 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektiva uid ne estas %d; ĉu %s estas en dosiersistemo kun la elekto 'nosuid' aŭ reta dosiersistemo sen ĉefuzanto-privilegioj?" -#: src/sudo.c:769 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektiva uid ne estas %d; ĉu sudo estas instalita kiel setuid-radiko?" -#: src/sudo.c:838 -#, c-format -msgid "resource control limit has been reached" -msgstr "rimedo-rega limigo estis atingita" - -#: src/sudo.c:841 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "uzanto \"%s\" ne estas ano de projekto \"%s\"" - -#: src/sudo.c:845 -#, c-format -msgid "the invoking task is final" -msgstr "la voka tasko estas nenuligebla" - -#: src/sudo.c:848 -#, c-format -msgid "could not join project \"%s\"" -msgstr "ne eblis aliĝi al projekto \"%s\"" - -#: src/sudo.c:853 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "neniu rimedujo akceptanta aŭtomatajn bindaĵojn ekzistas por projekto \"%s\"" - -#: src/sudo.c:857 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "specifita rimedujo ne ekzistas por projekto \"%s\"" - -#: src/sudo.c:861 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "ne eblis bindi al aprioran rimedujo por projekto \"%s\"" - -#: src/sudo.c:867 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "setproject malsukcesis por projekto \"%s\"" - -#: src/sudo.c:869 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "averto, rimedo-rega asigno malsukcesis por projekto \"%s\"" - -#: src/sudo.c:917 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "nekonata ensaluta klaso %s" -#: src/sudo.c:931 src/sudo.c:934 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "ne eblas elekti uzanto-kuntekston" -#: src/sudo.c:946 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "ne eblas elekti suplementajn grupajn identigilojn" -#: src/sudo.c:953 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "ne eblas elekti efikan gid-on al plenumigkiela gid %u" -#: src/sudo.c:959 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ne eblas elekti gid-on kiel plenumigkielan gid-on %u" -#: src/sudo.c:966 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "ne eblas elekti procezan prioritaton" -#: src/sudo.c:974 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "ne eblas ŝanĝi ĉefuzanton al %s" -#: src/sudo.c:981 src/sudo.c:987 src/sudo.c:993 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ne eblas ŝanĝi al plenumigkiela uid (%u, %u)" -#: src/sudo.c:1007 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "ne eblas ŝanĝi dosierujon al %s" -#: src/sudo.c:1079 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "neatendita ido ekzekutiĝis laŭ la kondiĉo: %d" -#: src/sudo.c:1140 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "konduta kromprogramo %s ne inkluzivas la metodon `check_policy'" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "konduta kromprogramo %s ne komprenas listigon de privilegioj" -#: src/sudo.c:1152 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "konduta kromprogramo %s ne komprenas la parametron -v" -#: src/sudo.c:1164 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "konduta kromprogramo %s ne komprenas la parametrojn -k kaj -K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "ne eblas ŝanĝi uid-on al ĉefuzanto (%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "kromprograma eraro: malhavas dosieran liston por sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: ne regula dosiero" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: mallonga skribado" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s restas ne modifita" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s ne ŝanĝita" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "ne eblas skribi al %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "enhavo de redakta seanco restas en %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "ne eblas legi provizoran dosieron" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "neniu tty ĉeestas kaj neniu pasvorto-programo specifita" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "neniu pasvorto-programo specifita, provi valorizi SUDO_ASKPASS-on" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "ne eblas elekti gid-on al %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "ne eblas elekti uid-on al %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "ne eblas plenumigi: %s" @@ -778,5 +805,20 @@ msgstr "ne eblas kopii al enigo" msgid "unable to restore stdin" msgstr "ne eblas restarigi enigon" +#~ msgid "unable to allocate memory" +#~ msgstr "ne eblas generi memoron" + +#~ msgid ": " +#~ msgstr ": " + +#~ msgid "internal error, emalloc2() overflow" +#~ msgstr "interna eraro, emalloc2() superfluo" + +#~ msgid "internal error, erealloc3() overflow" +#~ msgstr "interna eraro, erealloc3() superfluo" + +#~ msgid "%s: at least one policy plugin must be specified" +#~ msgstr "%s: almenaŭ unu konduku devas esti specifita" + #~ msgid "must be setuid root" #~ msgstr "devas esti ĉefuzanto setuid" diff --git a/src/po/es.mo b/src/po/es.mo index 53ad62a4c2a62a6f8dc9b19b1806952b452cf0a4..6d1db3e639b8812ed67ff8df1a870f28f648fbe9 100644 GIT binary patch delta 3627 zcmYk-32YQq9LMq3rIb>jg&q_r$F${?wzQ=;S2-+~B9$AtYH4v{?H0DkQD9q<%H@G8 zHzq7P-{?go!-g+@+&Tqxm%tb1(tjn1$=GGakckcm-8~rVPIt(=Zq7(ZZiG9-A;+ zU6+8JumF4DWK@M}B+ob7>;s2TiJU=U%2bmKJ4#bVTXYw!s?h?#f^ zdtnrHRbu%#5Z$PX>_`60NjBtU8qvbPRexoaz**ff7nSJ@WU!_NxwqMbnwkShZssgf zG;`BdH_>@UMvkg_Tk5B`^MyffxvAGB}|4#Cx^wQ(BtfxC!d zJl{0Z(HH6l>c&|NPm81&d6msdR6?7PXPE|c;IBxr%uO7NEy!LapN4!oOa-bEwW!zm zAnLqp$e2wo^WrU}GnEd{Hrp``KS#ZvcX1tdroMx)9yJ9wP>IH|qwhv0sxmWC*H@z| zR*x$63Dg5`p#~DgM#ua0=KZ(m%;bQqL8iy-v~56Lc-1zXr|Chxkwa!Ul8f=+llTsf z$41l?U^foNGgyGFS-RZQj7FVUjr?Rj zL9OB&s1HmcPglhzp%PkxdL6f*9{eF%cn+CO^8i))E-VNwTJKOgdi`b~RWpn2{r9jV z`=6n1cnNjEeT>B@p01L2MI|&BS%+pPYUC%7;+a5&nz1t~>Kuh+~ml%m&n2`Vu+C+`s|) z|DVLl&;_$l8LveKX$~V*Hn&k1CNeMjeVDBW+p@n4Rk_310k5IX3+WdeNIJG>e>Unl zD^LU7i}5_)d`(9gT}3UTPE5Emo{kp!P^CMBBk>n3!ZeohU|eYXG3xq7(T53F<_dWb55#TsaDvt=-5HBm|oCFT=R#Ir;(p{8WR2_?CTXhP_F z!gvC0vh4;`rPRg{g?fG+oe1JlTT4gtt5y26eNg2aZTDy6Ys6e)jeSh$J#X{azDn%2 z_g#-2UqoNi>mYJ9{$X@x5}|~e7N6Q1L>ciCp?S54$J+{awi7Sd2RowP2(_j`0^5yj z`QirJ>uk3YErYwk`fJrz5aWr!d|)d=@AG2fWnwU)xt~b1Bc>9qiA{vs@*sha*^73c zWfEwE*giw7BlPilj?jW$LU^BNlR-=(Vu;PeTg0OlN#_-NXCcND>+StVbfUA&-dTWY z#B^dF(S=Z(MKmW`5YvciVur>WOXpD=XLp9!jNYC?KPwEtrk(rvAXJuv<^z}t1CpsGZ zzVzhLjxvw0Iyt+^gz-f_e{#Q&EdQP4{tkb6_jyg5&MvdaC_AOzcO<2Kn4QZHDO()< z+^&WXs+^@I7N`85k;~QKx5_FkSBdf|4dzqoZ17j;G*S(8{qy^L6CPsu3-h*y{RcTq BkVOCh delta 3731 zcmaLZX>3$g7{>9_3bidup#|DfD3>XPmQv_+Wv48ntQLzPEh1emP?&abx=;lj6a@rv zVFb#id?2`?C=*R2B)CKc7e0t!aKRW8+!0Y@3=;i6GY7&aPx{{9xp(gJp7)%4;oCK5 z?+czw?zGL&_7MGue>xd+3cpNXL(A!AOd{suKrF@_oQFLzh`sPhOv3}1j>j+y&)VOw zU^4s3-HjQ9+1QuM&2&1Y9B{EK?!kC`9^>#Z7T_CLf#4xNJ0lR^-NJ zE5_nWsPkXJY4|?&z@BWn^L*o>qmg-08CT*+T!k6<3Kru>n29kAI~yHTC8pwP^kW(R zgbrpg+*F)`x^5x%$JIClcVarvH*cwfUs(S{C6bgva#)1gpNA^ly>|Z@>pS-Nch;`V zhZ6LnDls1iU;uT$t*DB>hQY~nex@@53wj%qhl_C-K8hOA8(56LVG$0do;tq@OK=l< z@lDhNE}<&go8fEZWvCI)Lmj^#RoQ*1)L(OW)SmdGJu!im#CkDa)bA5eH*Ul-d;)dD z<2V#AVj*Tw#$23@N~|5nl5uHFy!FT9jDhGArk*LHfQP;0P)~(rqO0)yH#Jq(3ncxR(HRs=>gT0tA z-Jk?jfmx_k?nhnFf&7`**(lM|r~zC?U6;v9QzE6P<8x30YeC&-J!(LQkf{rrckK@s zQFD{-MCYammFaZU2$rJexE(d;FQQ6%29?ki)ZF(Y>#;Z$RiSmL>%!LaSjv7n*=6bd zub}f;3>jhNy-opON?_w)sdYXweWu;I3w5KT zs0V(Hy8bfienZImCY*zFaR+Kjeny=)XgKvBMW=!^$KfW_;yI2Zu`~737jHa{#{ib& ztH?dfC1h~MDTpq@8L0D@qbl^Y^&C!NKa+XXl-1!R+!&;zx%m+F;B%krt6{j@RB%8kIj>@P%} zw+c0o1DKAVV=m7(f6&oLGnrV8U@|J9YSbbMp)x*&4knPL*1}MnhE+Hf_v1wT$(qlK z)%AYVfDT~{))Hz@5<#8t0P!HPoKPz#o+4U^R>DuHZ6nCRJVMkHY5^jNs3dM9)TnUe zzi=#iv!1wt&{`m`NLyfq=)eEkzm=FoY#&W_3*OEBe;RlFEG5o)Z;Kzvu>g zus>>A)H+9ryt3QrYhkKAu8VdNUA1SM=1T2$Vy!x~Zo~lM9^xTF3u!trpU`5eCVCJ% z2(|m8M7|wOw$JoOn$}1K@hB10XK*2*Z@|4o9ii2J2hoe@AVS2|)}7A7cBc)~h%I(s zY$7s=$=abc6I!f`2p{1PYBfZH>feRVox~dAE}}PawavAiDb^XNS8x_FlvqvNLR1lR z2({r+A|EStZ1*M^9J^d34iu1h%j<, 2012. +# Abel Sendón , 2012. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.5-b4\n" +"Project-Id-Version: sudo 1.8.6b4\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-03-28 14:06-0400\n" -"PO-Revision-Date: 2012-04-10 16:19-0300\n" -"Last-Translator: Abel Sendon \n" +"POT-Creation-Date: 2012-08-10 13:08-0400\n" +"PO-Revision-Date: 2012-12-28 22:39-0300\n" +"Last-Translator: Abel Sendón \n" "Language-Team: Spanish \n" -"Language: \n" +"Language: es\n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" +"Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Lokalize 1.2\n" +"X-Generator: Lokalize 1.4\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Poedit-Language: Spanish\n" "X-Poedit-Country: ARGENTINA\n" +#: common/aix.c:150 +#, c-format +msgid "unable to open userdb" +msgstr "no se puede abrir userdb" + +#: common/aix.c:153 +#, c-format +msgid "unable to switch to registry \"%s\" for %s" +msgstr "no se puede cambiar al registro \"%s\" para %s" + +#: common/aix.c:170 +#, c-format +msgid "unable to restore registry" +msgstr "no se puede restaurar el registro" + +#: common/alloc.c:82 +msgid "internal error, tried to emalloc(0)" +msgstr "error interno: trató emalloc(0)" + +#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 +#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 +#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 +#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 +#, c-format +msgid "unable to allocate memory" +msgstr "no se puede de asignar memoria" + +#: common/alloc.c:99 +msgid "internal error, tried to emalloc2(0)" +msgstr "error interno: trató emalloc2(0)" + +#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 +#, c-format +msgid "internal error, %s overflow" +msgstr "error interno: desbordamiento de %s" + +#: common/alloc.c:120 +msgid "internal error, tried to ecalloc(0)" +msgstr "error interno: trató ecalloc(0)" + +#: common/alloc.c:142 +msgid "internal error, tried to erealloc(0)" +msgstr "error interno: trató erealloc(0)" + +#: common/alloc.c:161 +msgid "internal error, tried to erealloc3(0)" +msgstr "error interno: trató erealloc3(0)" + +#: common/alloc.c:185 +msgid "internal error, tried to erecalloc(0)" +msgstr "error interno: trató erecalloc(0)" + +#: common/sudo_conf.c:305 +#, c-format +msgid "unable to stat %s" +msgstr "no se puede stat en %s" + +#: common/sudo_conf.c:308 +#, c-format +msgid "%s is not a regular file" +msgstr "%s no es un archivo regular" + +#: common/sudo_conf.c:311 +#, c-format +msgid "%s is owned by uid %u, should be %u" +msgstr "%s es adueñado por uid %u, sería %u" + +#: common/sudo_conf.c:315 +#, c-format +msgid "%s is world writable" +msgstr "%s es escribible por todos" + +#: common/sudo_conf.c:318 +#, c-format +msgid "%s is group writable" +msgstr "%s es escribible por el grupo" + +#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#, c-format +msgid "unable to open %s" +msgstr "no se pudo abrir %s" + +#: compat/strsignal.c:47 +msgid "Unknown signal" +msgstr "Señal desconocida" + #: src/error.c:82 src/error.c:86 msgid ": " msgstr ": " -#: src/exec.c:105 src/exec_pty.c:616 src/exec_pty.c:948 src/tgetpass.c:221 +#: src/exec.c:113 src/exec_pty.c:674 +#, c-format +msgid "policy plugin failed session initialization" +msgstr "política de plugin falló en la inicialización de sesión " + +#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 #, c-format msgid "unable to fork" msgstr "no se puede bifurcar" -#: src/exec.c:252 +#: src/exec.c:268 #, c-format msgid "unable to create sockets" msgstr "no se puede crear sockets" -#: src/exec.c:259 src/exec_pty.c:567 src/exec_pty.c:576 src/exec_pty.c:584 -#: src/exec_pty.c:883 src/exec_pty.c:945 src/tgetpass.c:218 +#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 +#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 #, c-format msgid "unable to create pipe" msgstr "no se puede crear tubería" -#: src/exec.c:340 src/exec_pty.c:1011 src/exec_pty.c:1146 +#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 #, c-format msgid "select failed" msgstr "selección fallida" -#: src/exec.c:425 +#: src/exec.c:467 #, c-format msgid "unable to restore tty label" -msgstr "no se puede restaurar la etiqueta tty" +msgstr "no se puede restaurar la etiqueta tty " #: src/exec_common.c:69 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "no se puede remover PRIV_PROC_EXEC desde PRIV_LIMIT" -#: src/exec_common.c:111 src/parse_args.c:432 src/sudo.c:447 src/sudo.c:467 -#: src/sudo.c:474 src/sudo.c:485 src/sudo.c:871 common/alloc.c:85 -#: common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 common/alloc.c:168 -#: common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#, c-format -msgid "unable to allocate memory" -msgstr "no se puede de asignar memoria" - -#: src/exec_pty.c:140 +#: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "no se puede asignar pty" -#: src/exec_pty.c:609 +#: src/exec_pty.c:665 #, c-format msgid "unable to set terminal to raw mode" msgstr "no se puede establecer la terminal en modo directo" -#: src/exec_pty.c:926 +#: src/exec_pty.c:1013 #, c-format msgid "unable to set controlling tty" msgstr "no se puede establecer el controlador tty" -#: src/exec_pty.c:1019 +#: src/exec_pty.c:1111 #, c-format msgid "error reading from signal pipe" msgstr "error al leer desde la tubería de la señal" -#: src/exec_pty.c:1038 +#: src/exec_pty.c:1132 #, c-format msgid "error reading from pipe" msgstr "error al leer de la tubería" -#: src/exec_pty.c:1054 +#: src/exec_pty.c:1148 #, c-format msgid "error reading from socketpair" msgstr "error leyendo de socketpair" -#: src/exec_pty.c:1058 +#: src/exec_pty.c:1152 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipo de respuesta inesperada en canales alternos %d" -#: src/load_plugins.c:79 +#: src/load_plugins.c:74 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:85 +#: src/load_plugins.c:80 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:95 +#: src/load_plugins.c:90 #, c-format msgid "%s must be owned by uid %d" msgstr "%s debe ser propiedad del uid %d" -#: src/load_plugins.c:99 +#: src/load_plugins.c:94 #, c-format msgid "%s must be only be writable by owner" msgstr "%s sólo tener permisos de escritura por el propietario" -#: src/load_plugins.c:106 +#: src/load_plugins.c:101 #, c-format msgid "unable to dlopen %s: %s" msgstr "no se puede dlopen %s: %s" -#: src/load_plugins.c:111 +#: src/load_plugins.c:106 #, c-format msgid "%s: unable to find symbol %s" msgstr "%s: no se puede de encontrar el símbolo %s" -#: src/load_plugins.c:117 +#: src/load_plugins.c:112 #, c-format msgid "%s: unknown policy type %d" msgstr "%s: tipo de política desconocida %d" -#: src/load_plugins.c:121 +#: src/load_plugins.c:116 #, c-format msgid "%s: incompatible policy major version %d, expected %d" msgstr "%s: incompatible la versión principal de la política %d, se esperaba %d" -#: src/load_plugins.c:128 +#: src/load_plugins.c:123 #, c-format msgid "%s: only a single policy plugin may be loaded" msgstr "%s: se puede cargar sólo una política de plugin" -#: src/load_plugins.c:148 -#, c-format -msgid "%s: at least one policy plugin must be specified" -msgstr "%s: debe ser especificada al menos una política de plugin" - -#: src/load_plugins.c:153 +#: src/load_plugins.c:200 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "la política del plugin %s no incluye un método check_policy" @@ -203,17 +281,17 @@ msgstr "la opción '-U' sólo se puede usar con la opcion '-l'" msgid "the `-A' and `-S' options may not be used together" msgstr "las opciones '-A' y '-S' no se pueden utilizar conjuntamente" -#: src/parse_args.c:445 +#: src/parse_args.c:443 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit no está soportado en ésta plataforma" -#: src/parse_args.c:518 +#: src/parse_args.c:516 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "puede ser especificada sólo una de las opciones -e, -h, -i, -K, -l, -s, -v o -V" -#: src/parse_args.c:532 +#: src/parse_args.c:530 #, c-format msgid "" "%s - edit files as another user\n" @@ -222,7 +300,7 @@ msgstr "" "%s - edita archivos como otro usuario\n" "\n" -#: src/parse_args.c:534 +#: src/parse_args.c:532 #, c-format msgid "" "%s - execute a command as another user\n" @@ -231,7 +309,7 @@ msgstr "" "%s - ejecuta un comando como otro usuario\n" "\n" -#: src/parse_args.c:539 +#: src/parse_args.c:537 #, c-format msgid "" "\n" @@ -240,103 +318,103 @@ msgstr "" "\n" "Opciones:\n" -#: src/parse_args.c:542 +#: src/parse_args.c:540 msgid "use helper program for password prompting\n" msgstr "utilizar el programa de ayuda para la solicitud de contraseña\n" -#: src/parse_args.c:545 +#: src/parse_args.c:543 msgid "use specified BSD authentication type\n" msgstr "utiliza tipo de autentificación especificado en BSD\n" -#: src/parse_args.c:547 +#: src/parse_args.c:545 msgid "run command in the background\n" msgstr "ejecuta un comando en segundo plano\n" -#: src/parse_args.c:549 +#: src/parse_args.c:547 msgid "close all file descriptors >= fd\n" msgstr "cierra todos los descriptores de archivo >= fd\n" -#: src/parse_args.c:552 +#: src/parse_args.c:550 msgid "run command with specified login class\n" msgstr "ejecuta un comando con la clase especificada de inicio de sesión\n" -#: src/parse_args.c:555 +#: src/parse_args.c:553 msgid "preserve user environment when executing command\n" msgstr "preserva entorno del usuario cuando está ejecutando un comando\n" -#: src/parse_args.c:557 +#: src/parse_args.c:555 msgid "edit files instead of running a command\n" msgstr "edita archivos en vez de ejecutar un comando\n" -#: src/parse_args.c:559 +#: src/parse_args.c:557 msgid "execute command as the specified group\n" msgstr "ejecuta un comando como el grupo especificado\n" -#: src/parse_args.c:561 +#: src/parse_args.c:559 msgid "set HOME variable to target user's home dir.\n" msgstr "asigna la variable HOME al directorio de inicio del usuario\n" -#: src/parse_args.c:563 +#: src/parse_args.c:561 msgid "display help message and exit\n" msgstr "muestra este mensaje de ayuda y sale\n" -#: src/parse_args.c:565 +#: src/parse_args.c:563 msgid "run a login shell as target user\n" msgstr "ejecuta un intérprete de comandos como un determinado usuario\n" -#: src/parse_args.c:567 +#: src/parse_args.c:565 msgid "remove timestamp file completely\n" msgstr "remueve un archivo de marca completamente\n" -#: src/parse_args.c:569 +#: src/parse_args.c:567 msgid "invalidate timestamp file\n" msgstr "archivo de marca inválido\n" -#: src/parse_args.c:571 +#: src/parse_args.c:569 msgid "list user's available commands\n" msgstr "lista los comandos del usuario disponibles\n" -#: src/parse_args.c:573 +#: src/parse_args.c:571 msgid "non-interactive mode, will not prompt user\n" msgstr "modo no-interactivo, no se pedirá usuario\n" -#: src/parse_args.c:575 +#: src/parse_args.c:573 msgid "preserve group vector instead of setting to target's\n" msgstr "preserva el vector de grupos en vez de establecer de objetivo\n" -#: src/parse_args.c:577 +#: src/parse_args.c:575 msgid "use specified password prompt\n" msgstr "usa la contraseña especificada\n" -#: src/parse_args.c:580 src/parse_args.c:588 +#: src/parse_args.c:578 src/parse_args.c:586 msgid "create SELinux security context with specified role\n" msgstr "crea el contexto de seguridad SELinux con la regla especificada\n" -#: src/parse_args.c:583 +#: src/parse_args.c:581 msgid "read password from standard input\n" msgstr "lee la contraseña desde la entrada estandar\n" -#: src/parse_args.c:585 +#: src/parse_args.c:583 msgid "run a shell as target user\n" msgstr "ejecuta un intérprete de comandos como un determinado usuario\n" -#: src/parse_args.c:591 +#: src/parse_args.c:589 msgid "when listing, list specified user's privileges\n" msgstr "cuando está listando, lista los privilegios del usuario especificado\n" -#: src/parse_args.c:593 +#: src/parse_args.c:591 msgid "run command (or edit file) as specified user\n" msgstr "ejecuta un comando (o edita un archivo) como un usuario específico\n" -#: src/parse_args.c:595 +#: src/parse_args.c:593 msgid "display version information and exit\n" msgstr "muestra la información de la versión y sale\n" -#: src/parse_args.c:597 +#: src/parse_args.c:595 msgid "update user's timestamp without running a command\n" msgstr "actualiza la marca del usuario sin ejecutar un comando\n" -#: src/parse_args.c:599 +#: src/parse_args.c:597 msgid "stop processing command line arguments\n" msgstr "detiene el proceso de argumentos de la línea de comandos\n" @@ -385,11 +463,6 @@ msgstr "no se puede obtener el nuevo contexto tty, no volver a etiquetar tty" msgid "unable to set new tty context" msgstr "no se puede establecer nuevo contexto tty" -#: src/selinux.c:196 src/selinux.c:209 src/sudo.c:333 common/sudo_conf.c:328 -#, c-format -msgid "unable to open %s" -msgstr "no se pudo abrir %s" - #: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" @@ -450,167 +523,167 @@ msgstr "requiere al menos un argumento" msgid "unable to execute %s" msgstr "no se puede ejecutar %s" -#: src/sudo.c:213 +#: src/sudo.c:211 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versión %s\n" -#: src/sudo.c:215 +#: src/sudo.c:213 #, c-format msgid "Configure options: %s\n" msgstr "Opciones de configuración: %s\n" -#: src/sudo.c:220 +#: src/sudo.c:218 #, c-format msgid "fatal error, unable to load plugins" msgstr "error fatal, no se puede cargar los plugins" -#: src/sudo.c:228 +#: src/sudo.c:226 #, c-format msgid "unable to initialize policy plugin" msgstr "no se puede inicializar la política de plugin" -#: src/sudo.c:283 +#: src/sudo.c:281 #, c-format msgid "error initializing I/O plugin %s" msgstr "error al inicializar los plugins de E/S %s" -#: src/sudo.c:308 +#: src/sudo.c:306 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "inesperado modo sudo 0x%x" -#: src/sudo.c:402 +#: src/sudo.c:400 #, c-format msgid "unable to get group vector" msgstr "no se puede obtener el vector de grupo" -#: src/sudo.c:443 +#: src/sudo.c:452 #, c-format msgid "unknown uid %u: who are you?" msgstr "uid desconocido %u: quién es usted?" -#: src/sudo.c:735 +#: src/sudo.c:782 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s debe ser propiedad del uid %d y tener el bit setuid establecido" -#: src/sudo.c:738 +#: src/sudo.c:785 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "el uid no es %d, es %s en un sistema de archivos con la opción 'nosuid' establecida o un sistema de archivos NFS sin privilegios de root?" -#: src/sudo.c:744 +#: src/sudo.c:791 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "el uid efectivo no es %d, sudo está instalado con setuid root?" -#: src/sudo.c:813 +#: src/sudo.c:860 #, c-format msgid "resource control limit has been reached" msgstr "el límite de control de recursos ha sido alcanzado" -#: src/sudo.c:816 +#: src/sudo.c:863 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "el usuario \"%s\" no es miembro del proyecto \"%s\"" -#: src/sudo.c:820 +#: src/sudo.c:867 #, c-format msgid "the invoking task is final" msgstr "la tarea que invoca es definitiva" -#: src/sudo.c:823 +#: src/sudo.c:870 #, c-format msgid "could not join project \"%s\"" msgstr "no podría unirse al proyecto \"%s\"" -#: src/sudo.c:828 +#: src/sudo.c:875 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "no hay fondo de recursos aceptando las asignaciones existentes para el proyecto \"%s\"" -#: src/sudo.c:832 +#: src/sudo.c:879 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "el fondo de recursos especificado no existe para el proyecto \"%s\"" -#: src/sudo.c:836 +#: src/sudo.c:883 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "no se podría enlazar al fondo de recursos predeterminado para el proyecto \"%s\" " -#: src/sudo.c:842 +#: src/sudo.c:889 #, c-format msgid "setproject failed for project \"%s\"" msgstr "configuración del proyecto fallida \"%s\" " -#: src/sudo.c:844 +#: src/sudo.c:891 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "aviso, el control de asignación de recursos falló para el proyecto \"%s\"" -#: src/sudo.c:909 +#: src/sudo.c:959 #, c-format msgid "unknown login class %s" msgstr "clase de inicio de sesión desconocida %s" -#: src/sudo.c:923 src/sudo.c:926 +#: src/sudo.c:973 src/sudo.c:976 #, c-format msgid "unable to set user context" msgstr "no se puede establecer el contexto del usuario" -#: src/sudo.c:938 +#: src/sudo.c:988 #, c-format msgid "unable to set supplementary group IDs" msgstr "no se puede establecer el grupo suplementario de IDs" -#: src/sudo.c:945 +#: src/sudo.c:995 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "no se puede establecer el gid efectivo para ejecutar como gid %u" -#: src/sudo.c:951 +#: src/sudo.c:1001 #, c-format msgid "unable to set gid to runas gid %u" msgstr "no se puede establecer el gid para ejecutar como gid %u" -#: src/sudo.c:958 +#: src/sudo.c:1008 #, c-format msgid "unable to set process priority" msgstr "no se puede establecer la prioridad de proceso" -#: src/sudo.c:966 +#: src/sudo.c:1016 #, c-format msgid "unable to change root to %s" msgstr "no se puede cambiar de root a %s" -#: src/sudo.c:973 src/sudo.c:979 src/sudo.c:985 +#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "no se puede cambiar a runas uid (%u, %u)" -#: src/sudo.c:999 +#: src/sudo.c:1049 #, c-format msgid "unable to change directory to %s" msgstr "no se puede cambiar al directorio %s" -#: src/sudo.c:1072 +#: src/sudo.c:1133 #, c-format msgid "unexpected child termination condition: %d" msgstr "inesperada terminación de condición hija: %d" -#: src/sudo.c:1133 +#: src/sudo.c:1194 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "la política del plugin %s no soporta listado de privilegios" -#: src/sudo.c:1145 +#: src/sudo.c:1206 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "la política del plugin %s no soporta la opción -v" -#: src/sudo.c:1157 +#: src/sudo.c:1218 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "la política del plugin %s no soporta las opciones -k/-K" @@ -700,81 +773,14 @@ msgstr "no se puede hacer dup2 stdin" msgid "unable to restore stdin" msgstr "no se puede restaurar stdin" -#: common/aix.c:149 -#, c-format -msgid "unable to open userdb" -msgstr "no se puede abrir userdb" - -#: common/aix.c:152 -#, c-format -msgid "unable to switch to registry \"%s\" for %s" -msgstr "no se puede cambiar al registro \"%s\" para %s" - -#: common/aix.c:169 -#, c-format -msgid "unable to restore registry" -msgstr "no se puede restaurar el registro" - -#: common/alloc.c:82 -msgid "internal error, tried to emalloc(0)" -msgstr "error interno: trató emalloc(0)" - -#: common/alloc.c:99 -msgid "internal error, tried to emalloc2(0)" -msgstr "error interno: trató emalloc2(0)" - -#: common/alloc.c:101 -msgid "internal error, emalloc2() overflow" -msgstr "error interno: desbordamiento en emalloc2()" - -#: common/alloc.c:120 -msgid "internal error, tried to ecalloc(0)" -msgstr "error interno: trató ecalloc(0)" - -#: common/alloc.c:123 -msgid "internal error, ecalloc() overflow" -msgstr "error interno: desbordamiento en ealloc()" - -#: common/alloc.c:142 -msgid "internal error, tried to erealloc(0)" -msgstr "error interno: trató erealloc(0)" - -#: common/alloc.c:161 common/alloc.c:185 -msgid "internal error, tried to erealloc3(0)" -msgstr "error interno: trató erealloc3(0)" - -#: common/alloc.c:163 common/alloc.c:187 -msgid "internal error, erealloc3() overflow" -msgstr "error interno: desbordamiento de erealloc3()" +#~ msgid "%s: at least one policy plugin must be specified" +#~ msgstr "%s: debe ser especificada al menos una política de plugin" -#: common/sudo_conf.c:306 -#, c-format -msgid "unable to stat %s" -msgstr "no se puede stat en %s" - -#: common/sudo_conf.c:309 -#, c-format -msgid "%s is not a regular file" -msgstr "%s no es un archivo regular" - -#: common/sudo_conf.c:312 -#, c-format -msgid "%s is owned by uid %u, should be %u" -msgstr "%s es adueñado por uid %u, sería %u" +#~ msgid "internal error, emalloc2() overflow" +#~ msgstr "error interno: desbordamiento en emalloc2()" -#: common/sudo_conf.c:316 -#, c-format -msgid "%s is world writable" -msgstr "%s es escribible por todos" - -#: common/sudo_conf.c:319 -#, c-format -msgid "%s is group writable" -msgstr "%s es escribible por el grupo" - -#: compat/strsignal.c:47 -msgid "Unknown signal" -msgstr "Señal desconocida" +#~ msgid "internal error, erealloc3() overflow" +#~ msgstr "error interno: desbordamiento de erealloc3()" #~ msgid "must be setuid root" #~ msgstr "debe ser setuid root" diff --git a/src/po/fi.mo b/src/po/fi.mo index 1559f806ca4c2643000b51290063918f415f41cd..32e37fa50e040b1e04cf11803c4944aa3b9919e9 100644 GIT binary patch delta 6751 zcmbW3d2|)k9mnruH_B>uwqZ#~LP7$B009IH!sFsuVzq;@gw_1CQr?sV?wo!XLdJY_GtJE%N7q`~h&u`u&yg=yD&dKk6?%efv zf4}d&lV7Fx-VsV49XDjR;yH*-z^aETbqp@f+zkxEJN88`*L1S{aXa4Z}>N~wG} z1s1~wSOS~jG-w9xyWlw955np2Nm!~>TD?i3fr@{^b71vorAEMoa2Pxv4u?(fY#z*|1IkWI z+2(e*0?vmoz*+EPsKIi!RRmW-8NU%uggf92xF1SHUJ7_L;3sez>#K3+Dm5E6Kyf4t ztKb269();&hr@}p>|k2JRZv1{1-uuE<4*>B3zqX9D)2+CD&S<^SHP*T6{aQhw^CRE zpNF+DM0{t$*{~X36Yx$b5qJvL!xL~WoX+-T+y*!g-VSB_kAwI3p=?k?AhPf}C@D!6 z6MqTW15`+;4hIcKq3l@VRs$wL>9+<-KNF%qbzji_5R{2uf%D-9Q2JG%Fo|RfoCCMR zO85vAN8czV{u1I*tVW%>1hOd=h8j#m{?x<#NGN{<#q)O{!BRsxGWe>-LrG0NWV31m zB>E~I@D?cj_CXD1posIeGzIbG9ViQwpd4{z8I+J+1!ZTuAbL}eLCNupP#ilB#gQR| zM_3A}Qgu*LvKDG^2b6gqg5uz_P{yZwC?It8S12BT0r5rUqZFBFHk4d8Lk(_+GQoZ* zk$3{iDfumw{$D_*P!qMRql=+zU^A3)w?J{^0Hi*xo~9r>dke}$e}S@-LS~oTRYR#? z4@s-q2_;4QpiKNY6o+4fvXKv=h;|T-lJi<9^K6C^;ayN1d;(U=`G1wdVk$m|60$}T zDFZtK9)JzJ{~GeAhI8f~2@w@2B7Bp4)WPFW#+R^)M6wBr!`DKI%r>aOJy1mW6f9)zVGbj@jBVAc&HM|f;pok>{N5B{1Fn9zGhdoek#y6qt>|Mx}p@tGRiDU^}3v1zM zxC2W2-7qZ|$UzFSgP*~L@DnJ_lT6^cXqpm=@+w!l)nl89JP>JLH5eP~v; z|D=G;P)^UzfQO(s{QH1Kgn1S3YiiTk3GSytcKRqp2I@Vy8s_1J@G`gt?uY!T_xPCy zi&;h9*TP1ahD+eHLH#FCB3a4m%iww_5#9@>Ur#!y7{fg(p;-gPfet9C*%j0ug0f%_ zl!%Ss{*@ifg>sy>LuuawO8xWje0U6^FEw>hwtg*?jm04{Qs0Lc zz#hMz{1>qe$85^}H{E68hax z9Q`?zbv}innHfuIXMMFn3h*u{4L^aBqYnd4SeDK8Dku)#17*Qypg49MmcoMNSq;@e zvZPv|r0_N+F;JQ^k&^)PvuHtpZplJA@SDsC-!T~OW*MWwf6ld%!l1DHIq zEPR!(r%bT?ClYWO+=T7NdY`nt>^^zPc}7xR7rd{98-sE?j0WXS zxCQL)%HPeYL!16{dB9e94VJ!>pEa1|k-JFUhV?#MDNMl5!M=%o9h2vK*bHnc zwi)YvM7$QZ9Gf0g76#<-`0Bp`-h$nTT_E{CNI{-Kn4DX=Oyrq}bztAYHef5UuVJ~5 z$;(;T_@L5;cVJu<{ul8Zuo}AzYr(F?24k0Ct1($$wfTkYr}BEr)37+k{osGS#=`lS zoMCwyvQXOs-UGjl-GG$^byvZ0L0OL8w}SHh0jI!5DT`MRV<}7?2YV0;W8BF8_xdI{ z2|E{)r!ouW2JD4sX?LbzOTyw(<+Q@ zaii5W+IXqdw%Ey7n?FzHgK>jHleMV6O>0ls$++Wh^^_$te>%4z)J&HFfnhb#t`Yb&d6Pl4$EIt+AlUHje617!|B-m%K-hj!|Yt9#d09ZGlVmfopr zon|6zh(P`BCM!mCSJzKpT-jkXO;b#BOf!+_?uxnHUA@c1`j*iw-EwTxvGjOcM>J<} zcX%+LcdVf#{gp@OI1@EuY}$yVT%GlZ9FE1hyZqqwZv9M7s8rZBjM!?&j+;^4Ma?Jo zHgl zUdUTMtGtwTa!(1bHBpAOnR=$UcK4tWTaq!$HEk{P!`Z(GO^my##+cTrCkD#6_sHDx z#R=PXYpm|BluKYch%LR%up0;@r@?Yiq0>*VOi<`etDomZ>xp}Uv*wU7)B8Jy7EvhJ>|3%N?`zxozCVb%D~=GM&1e)mJFd7lOVY<$Nbgg=&!y0Gkk#vki z+vZ%|bB(#SrN?6EXn;YJxSka<)48s*0S|6zk*{TVpI31LSg&PW)0G=r)-|u#xN^hF z6|i<>TKx;!_Xrs|hKE<2q&q4yyAg9pftN*ESv7>VxDhfVpYh#LH{ zBGLSQvd(E3E4kyQGP@7w)D}A|>gX}uN;%xP{pD`-o6C{ix;h@kdVTDt^=!U6O_GJm zI8R~j)?TIe>uHBObRzD{sWIlgQdL^pX>(okl|!l0&~CQXWChrFp^zj;zJ>nD@g7}R zHL_nQy{(H1y%P(Y{@cmh1lGF zchuGW?qs7qE0tcQkix#JC})|0WENab!9lgmM2GEPg5DjA4|>m)7mhvcgXxW5vTnZ1 z;mCe@vr!Qtv>7K?J;Q$wnaGl@p|oS*6knBy={hF=2gtA*lON63(y1*grDcF`fT^J) z4QVrvo7B~pomM_+vZDNR^=0NwMM-gj2zMWjCONvv4*AF6bcdoz+p={3t0f}Wj6Mgm O{`ogEIq)7|I_bZD+C$O+ delta 5689 zcmbW4d5{#<9mn77atI>#vRpzh%cZc(F4w{;tP6qyf?OgP0UNeqd*|qJx@U2`2GEe; z6=fn`WyOk=i6)WgsAc8w$W~G@p-iG;8A>HFNtr65QOjsFsY*WIo?aLt_(xvtZ$9sS zzw5oOy?1ZyH~IYAgL~XlhabxDvyABrN5C359!`df;UMV2p>P)* z4)?9`E`gSWvm;C-+c{5G5gABDr0n0Zz}avV^x#Z*D;xt~ zfD_ui)J#Ys6G1P*;L(LzHUuVH(uo3QpI;aShBd=OnO4by$xtz#3$-u-<()Ri z*be21-Oz#$K^^=eRP2vM<2`VX){lcaXf<36JE3ypr%(^vA=r!a&0#97@J%R-#$cW_ zp9i_hCJmMKH$$eF@52iC3Y1F^!xiut8~~e{taVEvI+;yShTR0`!lxip&HFIlM5T%V z;dQe-ViHP$+u`%@1-KdR#9SrKAD}$ak9gosGZAY2#ZVz?k63^#HP1zS7s@jO*+e0} zU<&tNnr);*yaVcbJRk8xC`D>{oy2ue3->}P{s>eOz6~#iF*FcOkd*Ma! zDX3fV?`XUlZFD`C!-dezQ^82{11QaY54FKi%$4g}p!(aPp5%w&V)zDRsu|1stejW{ zwegOK1tIM_%A36XVQ=Y z+n};`FO+3Jg!0tks9#!Z<4I5+SqZnoPDoVEk%)b8=UUox;0%5LZ>J*5UWD54eJIUG zoLA~!1o589Kw0_-)V$XqH^}@4@@FRT`sm=TPzUaX+V@#F68;6sb4n~3X2Fr1Z&p*m z2$O``;1Q^WhoC(28B{20=a;@}>)|5W_dsR)TM;MXUyL*!)IN{G7_L#g;X{pJrEVeTICyvgLEQ_pM{i{8)-a%v`3wz;i9PCGoo-eqC8Q#1Gx|Br-q9B zudGcWYoj&@KS*QXHOOwH6Z;rCMHRz!*W6+|~G zhvc{L(}-M-3_(h@RCA$Vx;-S5jqE3E}??_fzMAH1{GkNEI>{QQ3wp z4r}@$Wp4tyM#GTVh|1TH!C}pq?J$j8hV(8zeb&9PMmM$9OQ!9>-I8#uw3l$V=B%XM z;bp8&C*!+b%9_wN)pD*$J6i*%jYi?h0iz2WhtF0IAjj%po}&U!4?bmD|gI}@Fd%%YNOn^TRYgIqJ7D2!^FIJbP*mfa5=luMM`SEPvXTyWGWmCA)3v8<`o1SiU z+Hu$Ob6wA{m6J$x9Vk1*&w4tdWIPdUBiq8v`0{Ig)_O>l81_|^$sj<5C-j@*#TrPHqB z*<5?>DQ0D}vgTC#lXTs;!%nb~oh)2kH>7Y!W3QHSZMl_S=9*Itqx=l69L`uD*2P=0)olEwprZx#Bo09Jpl3@+E7_j!4@HTdoWPXXndf6)i1A>U2vo zPMnjS452#RloLsc>8GEjSmsl1(j}Wunsrhl`{?W2DLbC?d0R=blTwsdD&eFeYfgVI z7o|PaCAxg22zI(oPp%(1_d(0BfnIxut;i|I!iR;<@w}f&+xKm9R72a{wz^ENon3-# zDkVSQ$->6@=W2(-$McpHK5VHf)XpCqz8&5DkIf%j=s&-z`ZOu5wN<=_zT^9DI^*gV zJ8bOQ8W|S8vL_$P}y?6 z?6)8t%R7NSRaO`tnXjkK@*ULT$xFC_&sW9PnRPBdR>|c58Ck@L`TsUrcJdkeEGoIb is8TM8&oelo>zSm&neE`?o6Pd!+ohM>_Y3I@C;u0Bgwp!} diff --git a/src/po/fi.po b/src/po/fi.po index f50b2c3..6cf19cb 100644 --- a/src/po/fi.po +++ b/src/po/fi.po @@ -1,15 +1,14 @@ # Finnish messages for sudo. # This file is put in the public domain. -# Copyright © 2011, 2012 Free Software Foundation, Inc. # This file is distributed under the same license as the sudo package. -# Jorma Karvonen , 2011-2012. +# Jorma Karvonen , 2011-2013. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6b4\n" +"Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-14 09:07+0200\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-04 09:46+0300\n" "Last-Translator: Jorma Karvonen \n" "Language-Team: Finnish \n" "Language: fi\n" @@ -21,30 +20,22 @@ msgstr "" #: common/aix.c:150 #, c-format msgid "unable to open userdb" -msgstr "ei kyetä avaamaan userdb-käyttäjätietokantaa" +msgstr "userdb-käyttäjätietokannan avaaminen epäonnistui" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" -msgstr "ei kyetä vaihtamaan registeriä ”%s” käyttäjälle %s" +msgstr "vaihtaminen registeröitymiseen ”%s” käyttäjälle %s epäonnistui" #: common/aix.c:170 #, c-format msgid "unable to restore registry" -msgstr "ei kyetä palauttamaan rekisteriä" +msgstr "rekisteröitymisen palauttaminen epäonnistui" #: common/alloc.c:82 msgid "internal error, tried to emalloc(0)" msgstr "sisäinen virhe, yritettiin suorittaa emalloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "ei kyetä varaamaan muistia" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "sisäinen virhe, yritettiin suorittaa emalloc2(0)" @@ -70,232 +61,270 @@ msgstr "sisäinen virhe, yritettiin suorittaa erealloc3(0)" msgid "internal error, tried to erecalloc(0)" msgstr "sisäinen virhe, yritettiin suorittaa erecalloc(0)" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "tukematon ryhmälähde ”%s” tiedostossa %s, rivi %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "virheellinen ryhmien ”%s” enimmäismäärä tiedostossa %s, rivi %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" -msgstr "ei kyetä suorittamaan käskyä stat %s" +msgstr "käskyn stat %s suorittaminen epäonnistui" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s ei ole tavallinen tiedosto" # ensimmäinen parametri on path -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "polun %s omistaja on %u, pitäisi olla %u" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s on yleiskirjoitettava" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s on ryhmäkirjoitettava" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" -msgstr "ei kyetä avaamaan kohdetta %s" +msgstr "kohteen %s avaaminen epäonnistui" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Tuntematon signaali" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "Menettelytapalisäosa epäonnistui istunnon alustamisessa" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" -msgstr "ei kyetä kutsumaan fork-kutsua" +msgstr "fork-kutsu epäonnistui" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" -msgstr "ei kyetä luomaan pistokkeita" +msgstr "vastakkeiden luominen epäonnistui" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "ei kyetä luomaan putkea" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "select-funktio epäonnistui" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" -msgstr "ei kyetä palauttamaan tty-nimiötä" +msgstr "tty-nimiön palauttaminen epäonnistui" # Solaris privileges, remove PRIV_PROC_EXEC post-execve. -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" -msgstr "ei kyetä poistamaan PRIV_PROC_EXEC kohteesta PRIV_LIMIT" +msgstr "kohteen PRIV_PROC_EXEC poistaminen kohteesta PRIV_LIMIT epäonnistui" #: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" -msgstr "ei kyetä varaamaan pty:tä" +msgstr "pty:n varaaminen epäonnistui" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "putken luominen epäonnistui" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" -msgstr "ei kyetä asettamaan päätettä raakatilaan" +msgstr "pääteikkunan asentaminen raakatilaan epäonnistui" # Istunnolla voi olla ohjaava tty. Istunnon yksi prosessiryhmä voi olla edustaprosessiryhmä ja toimia siten ohjaavana tty:nä, joka vastaanottaa tty-syötteen ja -signaalit. -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" -msgstr "ei kyetä asettamaan ohjaavaa tty:tä" +msgstr "ohjaavan tty:n asettaminen epäonnistui" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "virhe luettaessa signaaliputkesta" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "virhe luettaessa putkesta" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" -msgstr "virhe luettaessa pistokeparista" +msgstr "virhe luettaessa vastakeparista" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "odottamaton vastaustyyppi paluukanavalla: %d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "virhe tiedostossa %s, rivi %d alustettaessa lisäosaa ”%s”" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" # ensimmäinen parametri on path -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "polun %s omistajan on oltava uid %d" # parametri on path -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "polun %s on oltava vain omistajan kirjoitettava" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "lisäosan avaaminen epäonnistui funktiolla dlopen %s: %s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "symbolin ”%s” löytäminen kohteesta %s epäonnistui" + +#: src/load_plugins.c:201 +#, c-format +msgid "unknown policy type %d found in %s" +msgstr "tuntematon menettelytapatyyppi %d löytyi kohteesta %s" + +#: src/load_plugins.c:207 +#, c-format +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "yhteensopimaton lisäosan major-versio %d (odotettiin %d) löytyi kohteesta %s" + +#: src/load_plugins.c:216 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: ei kyetä löytämään symbolia %s" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "ohitetaan menettelytapaliitännäinen ”%s” tiedostossa %s, rivi %d" -#: src/load_plugins.c:112 +#: src/load_plugins.c:218 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: tuntematon menettelytapatyyppi %d" +msgid "only a single policy plugin may be specified" +msgstr "vain yksi menettelytapalisäosa voidaan määritellä" -#: src/load_plugins.c:116 +#: src/load_plugins.c:221 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: yhteensopimaton menettelytavan major-versio %d, odotettiin %d" +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "ohitetaan menettelytapalisäosan ”%s” kaksoiskappale tiedostossa %s, rivi %d" -#: src/load_plugins.c:123 +#: src/load_plugins.c:236 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: vain yksi menettelytapalisäosa voidaan ladata" +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "ohitetaan siirräntälisäosan ”%s” kaksoiskappale tiedostossa %s, rivi %d" -#: src/load_plugins.c:200 +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "menettelytapalisäosa %s ei sisällä check_policy-metodia" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: ylivuoto havaittu" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" -msgstr "ei kyetä avaamaan pistoketta" +msgstr "vastakkeen avaaminen epäonnistui" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "valitsimen -C argumentin on oltava vähintään 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "tuntematon käyttäjä: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" -msgstr "et voi määritellä sekä valitsinta ”-i” että valitsinta ”-s”" +msgstr "sekä valitsimen ”-i” että valitsimen ”-s” määritteleminen ei ole sallittua" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" -msgstr "et voi määritellä sekä valitsinta ”-i” että valitsinta ”-E”" +msgstr "sekä valitsimen ”-i” että valitsimen ”-E” määritteleminen ei ole sallittua" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "valitsin ”-E” ei ole kelvollinen muokkaustilassa" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" -msgstr "ei voi määritellä ympäristömuuttujia muokkaustilassa" +msgstr "ympäristömuuttujien määritteleminen muokkaustilassa ei ole salittua" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "valitsinta ”-U” voidaan käyttää vain valitsimen ”-l” kanssa" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "valitsimia ”-A” ja ”-S” ei voi käyttää yhdessä" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit ei ole tuettu tällä alustalla" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Vain yksi valitsimista -e, -h, -i, -K, -l, -s, -v tai -V voidaan määritellä" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -304,7 +333,7 @@ msgstr "" "%s - muokkaa tiedostoja toisena käyttäjänä\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -313,7 +342,7 @@ msgstr "" "%s - suorita komentoja toisena käyttäjänä\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -322,121 +351,121 @@ msgstr "" "\n" "Valitsimet:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "käytä apuohjelmaa salasanakyselyyn\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "käytä määriteltyä BSD-todennustyyppiä\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "suorita komento taustalla\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "sulje kaikki tiedostokuvaajat >= fd\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "suorita komento määritellyllä kirjautumisluokalla\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "säilytä käyttäjäympäristö komentoa suoritettaessa\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "muokkaa tiedostoja komennon suorittamisen sijasta\n" # tämä viittaa runas_group-määritelyyn -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "suorita komento määriteltynä ryhmänä\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "aseta HOME-muuttuja osoittamaan kohdekäyttäjän kotihakemistoon.\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "näytä opasteviesti ja poistu\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "suorita kirjautumiskomentoikkuna kohdekäyttäjänä\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "poista aikaleimatiedosto kokonaan\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "mitätöi aikaleimatiedosto\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "luettele käyttäjän käytettävissä olevat komennot\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" -msgstr "ei-interaktiivinen tila, ei kysy käyttäjältä\n" +msgstr "vuorovaikutteeton tila, ei kysy käyttäjältä\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "säilytä ryhmävektori kohteen vektorin asettamisen sijasta\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "käytä määriteltyä salasanakehotetta\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "luo SELinux-turva-asiayhteys määritellyllä roolilla\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "lue salasana vakiosyötteestä\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "suorita komentotulkki kohdekäyttäjänä\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "luetteloitaessa luettele määritellyn käyttäjän käyttöoikeudet\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "suorita komento (tai muokkaa tiedostoa) määriteltynä käyttäjänä\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "näytä versiotiedot ja poistu\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "päivitä käyttäjän aikaleima suorittamatta komentoa\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "lopeta komentoriviargumenttien käsittely\n" #: src/selinux.c:77 #, c-format msgid "unable to open audit system" -msgstr "ei kyetä avaamaan audit-järjestelmää" +msgstr "audit-järjestelmän avaaminen epäonnistui" #: src/selinux.c:85 #, c-format msgid "unable to send audit message" -msgstr "ei kyetä lähettämään audit-viestiä" +msgstr "audit-viestin lähettäminen epäonnistui" #: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" -msgstr "ei kyetä kutsumaan funktiota fgetfilecon %s" +msgstr "funktion fgetfilecon %s kutsuminen epäonnistui" #: src/selinux.c:118 #, c-format @@ -446,27 +475,27 @@ msgstr "%s muutti nimiöitä" #: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" -msgstr "ei kyetä palauttamaan asiayhteyttä kohteelle %s" +msgstr "asiayhteyden palauttaminen kohteelle %s epäonnistui" #: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" -msgstr "ei kyetä avaamaan kohdetta %s, ei nimiöidä uudelleen tty:tä" +msgstr "kohteen %s avaaminen epäonnistui, ei nimiöidä uudelleen tty:tä" #: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" -msgstr "ei kyetä hakemaan nykyistä tty-asiayhteyttä, ei nimiöidä uudelleen tty:tä" +msgstr "nykyisen tty-asiayhteyden hakeminen epäonnistui, ei nimiöidä uudelleen tty:tä" #: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" -msgstr "ei kyetä hakemaan uutta tty-asiayhteyttä, ei nimiöidä uudelleen tty:tä" +msgstr "uuden tty-asiayhteyden hakeminen epäonnistui, ei nimiöidä uudelleen tty:tä" #: src/selinux.c:186 #, c-format msgid "unable to set new tty context" -msgstr "ei kyetä asettamaan uutta tty-asiayhteyttä" +msgstr "uuden tty-asiayhteyden asettaminen epäonnistui" #: src/selinux.c:252 #, c-format @@ -476,7 +505,7 @@ msgstr "tyypille %s on määriteltävä rooli" #: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" -msgstr "roolille %s ei kyetä hakemaan oletustyyppiä" +msgstr "oletustyypin hakeminen roolille %s epäonnistui" #: src/selinux.c:276 #, c-format @@ -501,285 +530,296 @@ msgstr "kohteen old_context hakeminen epäonnistui" #: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." -msgstr "ei kyetä määrittelemään vahvistustilaa." +msgstr "vahvistustilan määritteleminen epäonnistui." #: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "ei kyetä asettamaan tty-asiayhteydeksi %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "ei kyetä asettamaan suoritusasiayhteydeksi %s" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "ei kyetä asettamaan avaimenluontiasiayhteydeksi %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "vaatii vähintään yhden argumentin" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" -msgstr "ei kyetä suorittamaan kohdetta %s" +msgstr "kohteen %s suorittaminen epäonnistui" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "resurssivalvontaraja saavutettu" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "käyttäjä ”%s” ei ole hankkeen ”%s” jäsen" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "kutsuttu tehtävä on final-tyyppinen" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "hankkeeseen ”%s” liittyminen epäonnistui" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "hankkeelle ”%s” ei ole oletusyhteydet hyväksyvää resurssivarantoa" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "hankkeelle ”%s” ei ole määriteltyä resurssivarantoa" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "hankkeelle ”%s” ei voitu sitoa oletusresurssivarantoa" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "funktio setproject hankkeelle ”%s” epäonnistui" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "varoitus, hankkeen ”%s” resurssiohjausosoitus epäonnistui" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo-versio %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Asetusvalitsimet: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" -msgstr "kohtalokas virhe, ei kyetä lataamaan lisäosia" +msgstr "vakava virhe, lisäosien lataaminen epäonnistui" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" -msgstr "ei kyetä alustamaan menettelytapalisäosaa" +msgstr "menettelytapalisäosan alustaminen epäonnistui" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "virhe alustettaessa siirräntälisäosaa %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "odottamaton sudo-tila 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "ei kyetä hakemaan ryhmävektoria" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "tuntematon uid-käyttäjätunniste %u: kuka olet?" # ensimmäinen parametri on path -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "polun %s omistajan on oltava uid %d ja setuid-bitin on oltava asetettu" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "todellinen käyttäjätunniste ei ole %d, onko %s asetettu tiedostojärjestelmässä, jossa on ’nosuid’-valitsin vai onko tämä NFS-tiedostojärjestelmä ilman root-käyttäjäoikeuksia?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "todellinen käyttäjätunniste ei ole %d, onko sudo asennettu setuid root -käyttöoikeuksilla?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "resurssivalvontaraja saavutettu" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "käyttäjä ”%s” ei ole hankkeen ”%s” jäsen" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "kutsuttu tehtävä on final-tyyppinen" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "ei voitu liittyä hankkeeseen ”%s”" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "hankkeelle ”%s” ei ole oletusyhteydet hyväksyvää resurssivarantoa" - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "hankkeelle ”%s” ei ole määriteltyä resurssivarantoa" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "hankkeelle ”%s” ei voitu sitoa oletusresurssivarantoa" - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "setproject hankkeelle ”%s” epäonnistui" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "varoitus, hankkeen ”%s” resurssiohjausosoitus epäonnistui" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "tuntematon kirjautumisluokka %s" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" -msgstr "ei kyetä asettamaan käyttäjäasiayhteyttä" +msgstr "käyttäjäasiayhteyden asettaminen epäonnistui" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" -msgstr "ei kyetä asettamaan lisäryhmätunnisteita" +msgstr "lisäryhmätunnisteiden asettaminen epäonnistui" -# tämän ymmärrän niin, että käyttäjärjestelmäydin luo tiedoston ja antaa tälle tavallaan tilapäisen effective gid-tunnisteen, joka vaihdetaan suorittamisen yhteydessä prosessin omistajan suoritettavaksi ryhmätunnisteeksi. -#: src/sudo.c:995 +# tämän ymmärrän niin, että käyttöjärjestelmäydin luo tiedoston ja antaa tälle tavallaan tilapäisen effective gid-tunnisteen, joka vaihdetaan suorittamisen yhteydessä prosessin omistajan suoritettavaksi ryhmätunnisteeksi. +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" -msgstr "ei kyetä asettamaan voimassaolevaa gid-ryhmätunnistetta suoritettavaksi gid-ryhmätunnisteeksi %u" +msgstr "voimassaolevan gid-ryhmätunnisteen asettaminen suoritettavaksi gid-ryhmätunnisteeksi %u epäonnistui" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" -msgstr "ei kyetä asettamaan gid-ryhmätunnistetta suoritettavaksi gid-ryhmätunnisteeksi %u" +msgstr "gid-ryhmätunnisteen asettaminen suoritettavaksi gid-ryhmätunnisteeksi %u epäonnistui" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" -msgstr "ei kyetä asettamaan prosessiprioriteettia" +msgstr "prosessiprioriteetin asettaminen epäonnistui" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" -msgstr "ei kyetä vaihtamaan root-käyttäjää käyttäjäksi %s" +msgstr "root-käyttäjän vaihtaminen käyttäjäksi %s epäonnistui" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ei kyetä vaihtamaan suoritettavaksi uid-käyttäjätunnisteeksi (%u, %u)" # parametrina on CWD- eli Change Working Directory- komennolla palautettava hakemisto -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "ei kyetä vaihtamaan hakemistoksi %s" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "lapsiprosessin odottamaton päättymisehto: %d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "menettelytapalisäosa %s ei sisällä ”check_policy”-metodia" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "menettelytapalisäosa %s ei tue luettelointikäyttöoikeuksia" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "menettelytapalisäosa %s ei tue valitsinta -v" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "menettelytapalisäosa %s ei tue valitsimia -k/-K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" -msgstr "ei kyetä vaihtamaan uid-käyttäjätunnistetta root-tunnisteeksi (%u)" +msgstr "uid-käyttäjätunnisteen vaihtaminen root-tunnisteeksi (%u) epäonnistui" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "lisäosavirhe: puuttuu sudoedit-tiedostoluettelo" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: ei ole tavallinen tiedosto" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: lyhyt kirjoitus" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s jätetty muokkaamattomaksi" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s muuttamaton" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" -msgstr "ei kyetä kirjoittamaan kohteeseen %s" +msgstr "kohteeseen %s kirjoittaminen epäonnistui" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "muokkausistunnon sisältö jätetty kohteessa %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" -msgstr "ei kyetä lukemaan tilapäistä tiedostoa" +msgstr "tilapäisen tiedoston lukeminen epäonnistui" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "ei tty:tä käytettävissä eikä salasanan kyselyohjelmaa määriteltynä" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "salasanan kyselyohjelma ei ole määritelty, yritä asettaa SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "ei kyetä asettamaan gid-ryhmätunnisteeksi %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "ei kyetä asettamaan uid-käyttäjätunnisteeksi %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" -msgstr "ei kyetä suorittamaan salasanakyselyä %s" +msgstr "salasanakyselyn %s suorittaminen epäonnistui" #: src/utmp.c:278 #, c-format msgid "unable to save stdin" -msgstr "ei kyetä tallentamaan vakiosyötettä" +msgstr "vakiosyötteeseen tallentaminen epäonnistui" #: src/utmp.c:280 #, c-format msgid "unable to dup2 stdin" -msgstr "ei kyetä kutsumaan funktiota dup2 vakiosyötteellä" +msgstr "funktion dup2 kutsuminen vakiosyötteellä epäonnistui" #: src/utmp.c:283 #, c-format msgid "unable to restore stdin" -msgstr "ei kyetä palauttamaan vakiosyötettä" +msgstr "vakiosyötteen palauttaminen epäonnistui" + +#~ msgid "unable to allocate memory" +#~ msgstr "muistin varaaminen epäonnistui" + +#~ msgid ": " +#~ msgstr ": " #~ msgid "internal error, emalloc2() overflow" #~ msgstr "sisäinen virhe, emalloc2() -ylivuoto" diff --git a/src/po/gl.mo b/src/po/gl.mo index 96245d8951ca89da58588e70af15f891e121fce3..d7b20d6b2330f711cadb1f0c935796c9ead301cb 100644 GIT binary patch delta 4836 zcmZ{n3vd)T4^`;F3FagyVu>lK~TA1 zTkuttuHtJtwVi3zQp#wwj?Y@D9d(>O#?iJ;)e*SK3ocK zhV$Wbuo1ou6@hWMe+_JdJ@6;c!lQ5|ti)Z-n*-;;Uf2XTK}Be{$o}Tuq~lR2Lw*Bg zz{g2@>WQWPPN>jrOn42HLH8&8HBozBkPZ!e8ImXF<79v`N(;Ba9(W1VxEtZA@L|{q{|pzwX~b2AEr(}7A1We0gZ#`( zJg~{U3oSgR_{*X>j9LhLpe)@2an|gHtZfcJ9nE2gZRS--(9DMkwTQ;mLM2xllp!mj z)(s&;&Am_&dko64_X||W7c+?z)>+PlbeYvq25dAhe>xc`$GV`_IS0z29MsY6E%g`7!&G!OZ$O>RCs3AF+mZ*(P-naxYGMW| zq<2B~GS5Pt{hM$FoPhO;&>Epzh6t1Bcf)J8Y*PzWD^`{7Zz8b-|05j+lM$Wf^8LlvE@WmZ6aN76}qKh!;cBI$o0 zDq=GTFQ;J6Ud;WM2ZMBo`=EsnBz!R$_(9UHW_3lV1z{aZAa! zCgC0^gPw(o>{!lI8#hB8%^;M4I}22F7LP)0_!eZ2smB_HbUo~YJE8iYg!1UagcfTQ z$_>!M?NG^jH`M&cppNQIC_^imtjKjj3kz3JQAn?a+TgyV{R-5=A3}XlrVs{ATm+T< z>*4t@2baO8p*H*!u7&fs0!%e&sOx}N9h%8Q7c(=4A&QVTSGfbppc_yMorSJK)6jZ!2~yFyRw0G|+o%%BLjq7Nn-cDa zx+3zN=SP|2o}M&Ci-KsTat;S*8(`jy){8b4`d%AIgK zQnbgQ9{I0OehrO9Dmq)0+mMS!&}?MU@nsi{`_NF*ITz|URK}H1eBQ}Z`J-|xx(7{G zLq+j#Mp<-O(gwwU1u^ItffqRg8P_z1)(dUckE~+@ zcQBuE0=w1AxbcgV=XdeO-=1~Tc3_9iduiL4Z?WN!pU=?a(n@A;_XB#$OU6ehUmnk& zGIOqVvS~ZyjJP%$a&72FT4KP9RE@i)G>qOb<@zy&ty|qxfzO=o4(#03Gu6IW~O>SM|L~gI`Z0}go+TO`ep5cAqp~7X>S@!Vt7p~VFvhi|{NXd0o*m3P zgKm7xcE+dG?;30CSK9b+{hsb44_P-%1>V4sLj!Kc=KPFr2ZMahS1M$2i2-^1^io5` zZL)qa>}2AWhK7FL%DLE+b_d+x$RUT=1W9InVXweOK8NDl;e0k; z*Wj!>OeZ+!kcPp_j&P@_9@5PTaG>+Dt{FjPqS>}gDkK*dawV!Km zZhXB^TG1^fs$X_fNy<$5jmM#<^mOD`+4<0>e24T*c}GUG_W6UQgnj<0vNgQRfB9Tx zap-1=*@j}qUhVmzRxf6t`ErxoFgo%BdtCN9xSc9p5JkMaMBKLUgZS2kRk3ZF74KU( zZG0(4@nua`-R0)KrvBCzCWQljkamXMY~)+4Y7C7VaBNid_y5NRZt1Sv-<%&kbpOq_tX5!S}j+G{Jk(L+6(Dy#ly)|As% F{ue2cK-mBQ delta 3980 zcmZwJeQ;FO8OQOHgqI|cASAp5DVz{qlPuW{Bw!%C2!cZ7CA?UX3OBnqaP4Mqx-X!h z1T7UTR!eWO)VIE92U}}v4J|XEGwo1Xp&bXT=s2~GGcYX$Wm<>&mk#~@)=SE?J+se# z&b>MJ+;g6D&ccbEr?&RIKdj#YLkWm6#NmF%oWQmcz9^dp8&ir7R$~&U;A1!xk6;y^ z#9??2C*UVI8gDE!hN@}CVqAy=unnWe^qAFDnz*qWN8nM6;29i(S5X5SQvP{|^;pRD z5>)%8cpEx+1HOoS%&UB9z<egPevj6J9f918tS=$}z9{#R%f=~8A|QTID^&HK&6;U8W^4d65?b)Vok97B4L0KzT!`Pp20Vv#SV5zDoQE?pi8JtdoR06J+Lu)_c%{CTN(?io7ySs8y4O)N zzKEJ>$?(tb$51I;jan)n)$SQoyH}A_Gv~vU+f>#f*Rm5)M?m+>gWN~nm>gWe~)_p0xAP)tj#!He?Ky5a}>2CZy}GGOQ?Yt z^ENGQ73#S*R3^6}pC0op-&*t6a1QkLZ2DA*-&jz$Q{{a=P^?- zH=#1OMftZ>_M=kz3i2^$!s|j7N*!0Dj^{$ugLk1)y&D(fcX1YefO=sS>C^oMr~&Rp z9n;rPnS2K|ke)Jjgw}cv>X>Xmb+8?knI9raG4G*fP)ctWqo|CnLd|ps>iL7nWX-Qo zFZe4i!r{DC*XvRJKZ3J${(nJ5DgOvH^C*XtXN-dyz!RwRdYUgiIFJp(;7tQECeso6 z1ZpCukR+Ikp<_r3KZa&GYR}w*n#chhrSpG`ieC5@YFC!2*=^`dc1uK-mt#9hRl#KVNjLZXWI=l{XcjcbMH^CKRO4x!GzOlUCI z%7U3a#4`Gl6|UP2{H3?+K{>FU2q>2=p@sE;SM68tXZ|EmT0 zvWM?(qKj||5~GCnl~rMFTj+Mw(%lhWe^t$u+I581cnh(MC?Qlh-uW^x^ouxx&|N!}USyx|?`_C?*CFLkN{`5$*Y! zF<%S44~K{Kuj8XcYj~Xs6#=oF&_4Ml@fe|U12K|_DqTwm747Ezgf^p!&hJEGkuE43 zi7yfQolr>-aYDx}P25jxBCZto-s|7ca6DYSZaVF!>%q-8ntolQAXf36;Bv)=ioVX> zY|cyAwC`toZ>xN#pto(rmEz~x#}yUL=!gYt$KTo$i$t4ktf?gyjYONG(bAPGBJJ*0 zFXQ>C$Ra1}w%EpKtT7VhGt)LUwoGrTi^gcz#;hW1(oQOqbh3WB#V)2E_cC$cF7l55 zcyrF(Zs&AzFX6emn4jy&rLwtcaldOW52rTgoXu`zO)$15TD0+&)xq+borTq{!ReX@ zgMAam2A@svf)^&*>V&HlxoPW$d5Sv;$HwW_w_R?^&jhn4+1}SDUMLupQHB$4`uIyu zaBTA8;=YT)Q{E1aOuf+BseD<-w|)nyw0<(NG47Mqd$XoH?I&_^&(G0GE@k^#x|yug z;U?X<8=S4R760#kQQh)kEjHn1I{b9PVN6-yx~bq;UDf~GPPoBmb)$ozZb3myaJJ6U zAglJd|14%Or9M~LH|flE%lCBsPYVY7Ht8`WCQo0hrfm<#G%Tp-PP=4it7Cnu`S|IS zA9OdgS9P&>^0V>cTU;-#XKa^~jyt{Q8zTJ&hWQG{G_{Ng>$bz|%+VliQhtiG=Mx(2 wYML0l**qnf)?D0sw&`fW05|D%d8yuS&%9g|T%KOs`;*!0ii-PQT|BS#-)`JF%K!iX diff --git a/src/po/gl.po b/src/po/gl.po index ae2a8c3..ec5bb30 100644 --- a/src/po/gl.po +++ b/src/po/gl.po @@ -1,138 +1,234 @@ # Galician translations for sudo package. # This file is put in the public domain. +# # Fran Dieguez , 2012. # Francisco Diéguez , 2012. +# Leandro Regueiro , 2012, 2013. +# +# Proxecto Trasno - Adaptación do software libre á lingua galega: Se desexas +# colaborar connosco, podes atopar máis información en # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.4b1\n" +"Project-Id-Version: sudo 1.8.6b4\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-01-06 15:10-0500\n" -"PO-Revision-Date: 2012-02-07 22:35+0100\n" -"Last-Translator: Francisco Diéguez \n" +"POT-Creation-Date: 2012-08-10 13:08-0400\n" +"PO-Revision-Date: 2013-02-02 13:37+0200\n" +"Last-Translator: Leandro Regueiro \n" "Language-Team: Galician \n" -"Language: gl_ES\n" +"Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=2; plural=(n!=1);\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: common/aix.c:150 +#, c-format +msgid "unable to open userdb" +msgstr "non foi posíbel abrir userdb" + +#: common/aix.c:153 +#, c-format +msgid "unable to switch to registry \"%s\" for %s" +msgstr "non foi posíbel ir ao rexistro «%s» para %s" + +#: common/aix.c:170 +#, c-format +msgid "unable to restore registry" +msgstr "non foi posíbel restaurar o rexistro" + +#: common/alloc.c:82 +msgid "internal error, tried to emalloc(0)" +msgstr "erro interno: tentou emalloc(0)" + +#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 +#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 +#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 +#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 +#, c-format +msgid "unable to allocate memory" +msgstr "non foi posíbel asignar memoria" + +#: common/alloc.c:99 +msgid "internal error, tried to emalloc2(0)" +msgstr "erro interno: tentou emalloc2(0)" + +#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 +#, c-format +msgid "internal error, %s overflow" +msgstr "erro interno, desbordamento en %s" + +#: common/alloc.c:120 +msgid "internal error, tried to ecalloc(0)" +msgstr "erro interno, tentou ecalloc(0)" + +#: common/alloc.c:142 +msgid "internal error, tried to erealloc(0)" +msgstr "erro interno, tentou erealloc(0)" + +#: common/alloc.c:161 +msgid "internal error, tried to erealloc3(0)" +msgstr "erro interno, tentou erealloc3(0)" + +#: common/alloc.c:185 +msgid "internal error, tried to erecalloc(0)" +msgstr "erro interno, tentou erealloc(0)" + +#: common/sudo_conf.c:305 +#, c-format +msgid "unable to stat %s" +msgstr "non foi posíbel executar stat en %s" + +#: common/sudo_conf.c:308 +#, c-format +msgid "%s is not a regular file" +msgstr "%s non é un ficheiro normal" + +#: common/sudo_conf.c:311 +#, c-format +msgid "%s is owned by uid %u, should be %u" +msgstr "%s é propiedade de uid %u, pero debería ser %u" + +#: common/sudo_conf.c:315 +#, c-format +msgid "%s is world writable" +msgstr "%s é escribíbel por todo o mundo" + +#: common/sudo_conf.c:318 +#, c-format +msgid "%s is group writable" +msgstr "%s é escribíbel polo grupo" + +#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#, c-format +msgid "unable to open %s" +msgstr "non foi posíbel abrir %s" + +#: compat/strsignal.c:47 +msgid "Unknown signal" +msgstr "Sinal descoñecido" #: src/error.c:82 src/error.c:86 msgid ": " msgstr ": " -#: src/exec.c:133 src/exec_pty.c:604 src/exec_pty.c:936 src/tgetpass.c:227 +#: src/exec.c:113 src/exec_pty.c:674 +#, c-format +msgid "policy plugin failed session initialization" +msgstr "produciuse un erro durante a inicialización de sesión do engadido de política" + +#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 #, c-format msgid "unable to fork" -msgstr "non se pode bifurcar" +msgstr "non é posíbel realizar fork" -#: src/exec.c:299 +#: src/exec.c:268 #, c-format msgid "unable to create sockets" msgstr "non foi posíbel crear sockets" -#: src/exec.c:306 src/exec_pty.c:557 src/exec_pty.c:565 src/exec_pty.c:572 -#: src/exec_pty.c:871 src/exec_pty.c:933 src/tgetpass.c:224 +#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 +#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 #, c-format msgid "unable to create pipe" msgstr "non foi psosíbel crear tubería" -#: src/exec.c:373 src/exec_pty.c:1000 src/exec_pty.c:1135 +#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 #, c-format msgid "select failed" msgstr "selección fallada" -#: src/exec.c:458 +#: src/exec.c:467 #, c-format msgid "unable to restore tty label" msgstr "non foi posíbel restaurar a etiqueta tty" -#: src/exec_pty.c:140 +#: src/exec_common.c:69 +#, c-format +msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" +msgstr "non foi posíbel retirar PRIV_PROC_EXEC desde PRIV_LIMIT" + +#: src/exec_pty.c:183 #, c-format msgid "unable to allocate pty" msgstr "non foi posíbel asignar pty" -#: src/exec_pty.c:597 +#: src/exec_pty.c:665 #, c-format msgid "unable to set terminal to raw mode" msgstr "non foi posíbel estabelcer a terminal en modo directo" -#: src/exec_pty.c:914 +#: src/exec_pty.c:1013 #, c-format msgid "unable to set controlling tty" msgstr "non foi posíebl estabelecer o controlador tty" -#: src/exec_pty.c:1008 +#: src/exec_pty.c:1111 #, c-format msgid "error reading from signal pipe" msgstr "produciuse un erro ao ler desde a tubería do sinal" -#: src/exec_pty.c:1027 +#: src/exec_pty.c:1132 #, c-format msgid "error reading from pipe" msgstr "produciuse un erro ao ler da tubería" -#: src/exec_pty.c:1043 +#: src/exec_pty.c:1148 #, c-format msgid "error reading from socketpair" msgstr "produciuse un erro ao ler de socketpair" -#: src/exec_pty.c:1047 +#: src/exec_pty.c:1152 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipo de resposta inesperada en canles alternos %d" -#: src/load_plugins.c:79 +#: src/load_plugins.c:74 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:85 +#: src/load_plugins.c:80 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:95 +#: src/load_plugins.c:90 #, c-format msgid "%s must be owned by uid %d" msgstr "%s debe ser propiedade do uid %d" -#: src/load_plugins.c:99 +#: src/load_plugins.c:94 #, c-format msgid "%s must be only be writable by owner" msgstr "%s só debe ter permisos de escritura polo propietario" -#: src/load_plugins.c:106 +#: src/load_plugins.c:101 #, c-format msgid "unable to dlopen %s: %s" msgstr "non foi posíbel dlopen %s: %s" -#: src/load_plugins.c:111 +#: src/load_plugins.c:106 #, c-format msgid "%s: unable to find symbol %s" msgstr "%s: non é posíbel atopar o símbolo %s" -#: src/load_plugins.c:117 +#: src/load_plugins.c:112 #, c-format msgid "%s: unknown policy type %d" msgstr "%s: tipo de política descoñecida %d" -#: src/load_plugins.c:121 +#: src/load_plugins.c:116 #, c-format msgid "%s: incompatible policy major version %d, expected %d" msgstr "%s: versión maiór %d da política incompatíbel, agardábase %d" -#: src/load_plugins.c:128 +#: src/load_plugins.c:123 #, c-format msgid "%s: only a single policy plugin may be loaded" msgstr "%s: só se pode cargar unha política de engadido" -#: src/load_plugins.c:146 -#, c-format -msgid "%s: at least one policy plugin must be specified" -msgstr "%s: debe ser especificada cando menos unha política de engadido" - -#: src/load_plugins.c:151 +#: src/load_plugins.c:200 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "a política do engadido %s non inclúe un método check_policy" @@ -176,7 +272,7 @@ msgstr "a opción «-E» non é válida no modo edición" #: src/parse_args.c:351 #, c-format msgid "you may not specify environment variables in edit mode" -msgstr "non se deben especificar variábeis de contorno no modo edición" +msgstr "non se deben especificar variábeis de ambiente no modo edición" #: src/parse_args.c:359 #, c-format @@ -188,24 +284,17 @@ msgstr "a opción «-U» só se pode usar coa opción «-l»" msgid "the `-A' and `-S' options may not be used together" msgstr "as opcións «-A» e «-S» non se poden empregar conxuntamente" -#: src/parse_args.c:432 src/sudo.c:482 src/sudo.c:502 src/sudo.c:509 -#: src/sudo.c:519 common/alloc.c:85 common/alloc.c:105 common/alloc.c:123 -#: common/alloc.c:145 common/alloc.c:203 common/alloc.c:217 -#, c-format -msgid "unable to allocate memory" -msgstr "non foi posíbel asignar memoria" - -#: src/parse_args.c:445 +#: src/parse_args.c:443 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit non se admite nesta plataforma" -#: src/parse_args.c:518 +#: src/parse_args.c:516 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Só pode especificar unha das opcións -e, -h, -i, -K, -l, -s, -v ou -V" -#: src/parse_args.c:532 +#: src/parse_args.c:530 #, c-format msgid "" "%s - edit files as another user\n" @@ -214,7 +303,7 @@ msgstr "" "%s - edita ficheiros como outro usuario\n" "\n" -#: src/parse_args.c:534 +#: src/parse_args.c:532 #, c-format msgid "" "%s - execute a command as another user\n" @@ -223,7 +312,7 @@ msgstr "" "%s - executa unha orde como outro usuario\n" "\n" -#: src/parse_args.c:539 +#: src/parse_args.c:537 #, c-format msgid "" "\n" @@ -232,371 +321,372 @@ msgstr "" "\n" "Opcións:\n" -#: src/parse_args.c:542 +#: src/parse_args.c:540 msgid "use helper program for password prompting\n" msgstr "usar o programa de axuda para a solicitude de contrasinal\n" -#: src/parse_args.c:545 +#: src/parse_args.c:543 msgid "use specified BSD authentication type\n" msgstr "usar tipo de autenticación especificado en BSD\n" -#: src/parse_args.c:547 +#: src/parse_args.c:545 msgid "run command in the background\n" msgstr "executa unha orde en segundo plano\n" -#: src/parse_args.c:549 +#: src/parse_args.c:547 msgid "close all file descriptors >= fd\n" msgstr "pecha todos os descriptores de ficheiro >= td\n" -#: src/parse_args.c:552 +#: src/parse_args.c:550 msgid "run command with specified login class\n" msgstr "executa unha orde coa clase especificada de inicio de sesión\n" -#: src/parse_args.c:555 +#: src/parse_args.c:553 msgid "preserve user environment when executing command\n" -msgstr "preserva o contorno de usuario ao executar unha orde\n" +msgstr "conserva o ambiente de usuario ao executar unha orde\n" -#: src/parse_args.c:557 +#: src/parse_args.c:555 msgid "edit files instead of running a command\n" msgstr "edita ficheiros no lugar de executar unha orde\n" -#: src/parse_args.c:559 +#: src/parse_args.c:557 msgid "execute command as the specified group\n" msgstr "executa unha orde como o grupo especificado\n" -#: src/parse_args.c:561 +#: src/parse_args.c:559 msgid "set HOME variable to target user's home dir.\n" msgstr "asigna a variábel HOME ao cartafol de inicio do usuario\n" -#: src/parse_args.c:563 +#: src/parse_args.c:561 msgid "display help message and exit\n" msgstr "mostra esta mensaxe de axuda e sae\n" -#: src/parse_args.c:565 +#: src/parse_args.c:563 msgid "run a login shell as target user\n" msgstr "executa un intérprete de ordes como un determinado usuario\n" -#: src/parse_args.c:567 +#: src/parse_args.c:565 msgid "remove timestamp file completely\n" -msgstr "remove un ficheiro de marca completamente\n" +msgstr "retira un ficheiro de marca de tempo completamente\n" -#: src/parse_args.c:569 +#: src/parse_args.c:567 msgid "invalidate timestamp file\n" msgstr "ficheiro de marca non válido\n" -#: src/parse_args.c:571 +#: src/parse_args.c:569 msgid "list user's available commands\n" msgstr "lista de ordes do usuario dispoñíbeis\n" -#: src/parse_args.c:573 +#: src/parse_args.c:571 msgid "non-interactive mode, will not prompt user\n" msgstr "modo non interactivo, non se preguntará ao usuario\n" -#: src/parse_args.c:575 +#: src/parse_args.c:573 msgid "preserve group vector instead of setting to target's\n" msgstr "preserva o vector de grupos no lugar de estabelecelo ao obxectivo\n" -#: src/parse_args.c:577 +#: src/parse_args.c:575 msgid "use specified password prompt\n" msgstr "usa o contrasinal especificado\n" -#: src/parse_args.c:580 src/parse_args.c:588 +#: src/parse_args.c:578 src/parse_args.c:586 msgid "create SELinux security context with specified role\n" msgstr "crea un contexto de seguranza SELinux coa regra especificada\n" -#: src/parse_args.c:583 +#: src/parse_args.c:581 msgid "read password from standard input\n" msgstr "lee o contrasinal desde a entrada estándar\n" -#: src/parse_args.c:585 +#: src/parse_args.c:583 msgid "run a shell as target user\n" msgstr "executa un intérprete de ordes como un determinado usuario\n" -#: src/parse_args.c:591 +#: src/parse_args.c:589 msgid "when listing, list specified user's privileges\n" msgstr "cando está na lista, mostra os privilexios do usuario especificado\n" -#: src/parse_args.c:593 +#: src/parse_args.c:591 msgid "run command (or edit file) as specified user\n" msgstr "executa unha orde (ou edita un ficheiro) como un usuario específico\n" -#: src/parse_args.c:595 +#: src/parse_args.c:593 msgid "display version information and exit\n" msgstr "mostra a información da versión e sae\n" -#: src/parse_args.c:597 +#: src/parse_args.c:595 msgid "update user's timestamp without running a command\n" msgstr "actualiza a marca do usuario sen executar unha orde\n" -#: src/parse_args.c:599 +#: src/parse_args.c:597 msgid "stop processing command line arguments\n" msgstr "deten o proceso de argumentos da liña de ordes\n" -#: src/selinux.c:76 +#: src/selinux.c:77 #, c-format msgid "unable to open audit system" msgstr "non foi posíbel abrir o sistema de auditoría" -#: src/selinux.c:84 +#: src/selinux.c:85 #, c-format msgid "unable to send audit message" msgstr "non foi posíbel enviar a mensaxe de auditoría" -#: src/selinux.c:112 +#: src/selinux.c:113 #, c-format msgid "unable to fgetfilecon %s" msgstr "non foi posíbel executar fgetfilecon %s" -#: src/selinux.c:117 +#: src/selinux.c:118 #, c-format msgid "%s changed labels" msgstr "%s etiquetas cambiadas" -#: src/selinux.c:122 +#: src/selinux.c:123 #, c-format msgid "unable to restore context for %s" msgstr "non foi posíbel restaurar o contexto para %s" -#: src/selinux.c:162 +#: src/selinux.c:163 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "non foi posíbel abrir %s, non volver a etiquetar tty" -#: src/selinux.c:171 +#: src/selinux.c:172 #, c-format msgid "unable to get current tty context, not relabeling tty" -msgstr "non se pode obter o contexto actual de tty, non volver a etiquetar tty" +msgstr "non foi posíbel obter o contexto actual de tty, non se volve etiquetar tty" -#: src/selinux.c:178 +#: src/selinux.c:179 #, c-format msgid "unable to get new tty context, not relabeling tty" msgstr "non foi posíbel obter o novo contexto tty, non volver a etiquetar tty" -#: src/selinux.c:185 +#: src/selinux.c:186 #, c-format msgid "unable to set new tty context" msgstr "non foi posíbel estabelecer o novo contexto tty" -#: src/selinux.c:195 src/selinux.c:208 src/sudo.c:335 -#, c-format -msgid "unable to open %s" -msgstr "non foi posíbel abrir %s" - -#: src/selinux.c:251 +#: src/selinux.c:252 #, c-format msgid "you must specify a role for type %s" msgstr "débese especificar unha regra por tipo %s" -#: src/selinux.c:257 +#: src/selinux.c:258 #, c-format msgid "unable to get default type for role %s" msgstr "non foi posíbel obter o tipo de regra predeterminada %s" -#: src/selinux.c:275 +#: src/selinux.c:276 #, c-format msgid "failed to set new role %s" -msgstr "produciouse un fallo ao estabelecer a nova regra %s" +msgstr "produciuse un erro ao definir a nova regra %s" -#: src/selinux.c:279 +#: src/selinux.c:280 #, c-format msgid "failed to set new type %s" -msgstr "produciuse un fallo ao estabelecer o novo tipo %s" +msgstr "produciuse un erro ao definir o novo tipo %s" -#: src/selinux.c:288 +#: src/selinux.c:289 #, c-format msgid "%s is not a valid context" msgstr "%s non é un contexto válido" -#: src/selinux.c:323 +#: src/selinux.c:324 #, c-format msgid "failed to get old_context" -msgstr "produciuse un fallo ao obter old_context" +msgstr "produciuse un erro ao obter old_context" -#: src/selinux.c:329 +#: src/selinux.c:330 #, c-format msgid "unable to determine enforcing mode." msgstr "non foi posíbel determinar o método de forzado" -#: src/selinux.c:341 +#: src/selinux.c:342 #, c-format msgid "unable to setup tty context for %s" msgstr "non foi posíbel estabelecer o contexto tty para %s" -#: src/selinux.c:371 +#: src/selinux.c:373 #, c-format msgid "unable to set exec context to %s" msgstr "non foi posíbel o contexto de execución a %s" -#: src/selinux.c:378 +#: src/selinux.c:380 #, c-format msgid "unable to set key creation context to %s" msgstr "non foi posíbel estabelecer a chave de creación de contexto a %s" -#: src/sesh.c:48 +#: src/sesh.c:70 +#, c-format msgid "requires at least one argument" msgstr "require cando menos un argumento" -#: src/sesh.c:64 +#: src/sesh.c:91 #, c-format msgid "unable to execute %s" -msgstr "non se pode executar %s" - -#: src/sudo.c:198 -#, c-format -msgid "must be setuid root" -msgstr "debe ser setuid root" +msgstr "non é posíbel executar %s" -#: src/sudo.c:219 +#: src/sudo.c:211 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versión %s\n" -#: src/sudo.c:221 +#: src/sudo.c:213 #, c-format msgid "Configure options: %s\n" msgstr "Opcións de configuración: %s\n" -#: src/sudo.c:226 +#: src/sudo.c:218 #, c-format msgid "fatal error, unable to load plugins" msgstr "erro fatal, non foi posíbel cargar os engadidos" -#: src/sudo.c:234 +#: src/sudo.c:226 #, c-format msgid "unable to initialize policy plugin" msgstr "non foi posíbel inicializar a normativa do engadido" -#: src/sudo.c:289 +#: src/sudo.c:281 #, c-format msgid "error initializing I/O plugin %s" msgstr "erro ao inicializar os engadidos de E/S %s" -#: src/sudo.c:310 +#: src/sudo.c:306 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modo sudo 0x%x non agardado" -#: src/sudo.c:404 +#: src/sudo.c:400 #, c-format msgid "unable to get group vector" msgstr "non é posíbel obter o vector de grupo" -#: src/sudo.c:478 +#: src/sudo.c:452 #, c-format msgid "unknown uid %u: who are you?" msgstr "uid descoñecido %u: quen é vostede?" -#: src/sudo.c:818 +#: src/sudo.c:782 +#, c-format +msgid "%s must be owned by uid %d and have the setuid bit set" +msgstr "%s debe ser propiedade do uid %d e debe ter definido o bit setuid" + +#: src/sudo.c:785 +#, c-format +msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" +msgstr "o uid efectivo non é %d, é %s nun sistema de ficheiros coa opción «nosuid» definida ou nun sistema de ficheiros NFS sen privilexios de root?" + +#: src/sudo.c:791 +#, c-format +msgid "effective uid is not %d, is sudo installed setuid root?" +msgstr "o uid efectivo non é %d, está sudo instalado con setuid de root?" + +#: src/sudo.c:860 #, c-format msgid "resource control limit has been reached" msgstr "o límite de control de recursos foi alcanzado" -#: src/sudo.c:821 +#: src/sudo.c:863 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "o usuario «%s» non é membro do grupo «%s»" -#: src/sudo.c:825 +#: src/sudo.c:867 #, c-format msgid "the invoking task is final" msgstr "a tarefa que invoca é definitiva" -#: src/sudo.c:828 +#: src/sudo.c:870 #, c-format msgid "could not join project \"%s\"" -msgstr "non podería unirse ao proxecto «%s»" +msgstr "non é posíbel unirse ao proxecto «%s»" -#: src/sudo.c:833 +#: src/sudo.c:875 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "non hai fondo de recursos aceptando as asignacións existentes par ao proxecto «%s»" -#: src/sudo.c:837 +#: src/sudo.c:879 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "o fondo de recursos especificado non existe para o proxecto «%s»" -#: src/sudo.c:841 +#: src/sudo.c:883 #, c-format msgid "could not bind to default resource pool for project \"%s\"" -msgstr "non se podería ligar ao fondo de recursos predeterminado para o proxecto «%s»" +msgstr "non é posíbel ligar ao fondo de recursos predeterminado para o proxecto «%s»" -#: src/sudo.c:847 +#: src/sudo.c:889 #, c-format msgid "setproject failed for project \"%s\"" msgstr "configuración do proxecto fallada «%s»" -#: src/sudo.c:849 +#: src/sudo.c:891 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "aviso, o control de asignación de recuros fallou para o proxecto «%s»" -#: src/sudo.c:879 -#, c-format -msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" -msgstr "non foi posíbel eliminar PRIV_PROC_EXEC desde PRIV_LIMIT" - -#: src/sudo.c:988 +#: src/sudo.c:959 #, c-format msgid "unknown login class %s" msgstr "clase de inicio de sesión descoñecida %s" -#: src/sudo.c:1004 src/sudo.c:1007 +#: src/sudo.c:973 src/sudo.c:976 #, c-format msgid "unable to set user context" msgstr "non foi posíbel estabelecer o contexto do usuario" -#: src/sudo.c:1022 +#: src/sudo.c:988 +#, c-format +msgid "unable to set supplementary group IDs" +msgstr "non foi posíbel estabelecer o grupo suplementario de IDs" + +#: src/sudo.c:995 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "non foi posíbel estabelcer o gid efectivo para executar como gid %u" -#: src/sudo.c:1028 +#: src/sudo.c:1001 #, c-format msgid "unable to set gid to runas gid %u" msgstr "non foi posíbel estabelcer o gid para executar como gid %u" -#: src/sudo.c:1036 -#, c-format -msgid "unable to set supplementary group IDs" -msgstr "non foi posíbel estabelecer o grupo suplementario de IDs" - -#: src/sudo.c:1044 +#: src/sudo.c:1008 #, c-format msgid "unable to set process priority" msgstr "non foi posíbel estabelecer a prioridade de proceso" -#: src/sudo.c:1052 +#: src/sudo.c:1016 #, c-format msgid "unable to change root to %s" msgstr "non foi posíbel cambiar de root a %s" -#: src/sudo.c:1062 src/sudo.c:1068 src/sudo.c:1074 +#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "non foi posíbel cambiar as runas uid (%u, %u)" -#: src/sudo.c:1088 +#: src/sudo.c:1049 #, c-format msgid "unable to change directory to %s" msgstr "non foi posíbel cambiar ao cartafol %s" -#: src/sudo.c:1158 +#: src/sudo.c:1133 #, c-format msgid "unexpected child termination condition: %d" msgstr "terminación de condición filla non agardada: %d" -#: src/sudo.c:1204 +#: src/sudo.c:1194 #, c-format msgid "policy plugin %s does not support listing privileges" -msgstr "a política do engadido %s non admite o listado de privilexios" +msgstr "a política do engadido %s non admite listar os privilexios" -#: src/sudo.c:1216 +#: src/sudo.c:1206 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "a política do engadido %s non admite a opción -v" -#: src/sudo.c:1228 +#: src/sudo.c:1218 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "a normativa do engadido %s non admite as opcións -k/-K" @@ -646,27 +736,27 @@ msgstr "os contidos de edición de sesión déixanse en %s" msgid "unable to read temporary file" msgstr "non é posíbel ler o ficheiro temporal" -#: src/tgetpass.c:96 +#: src/tgetpass.c:90 #, c-format msgid "no tty present and no askpass program specified" msgstr "sen tty presente e non se especificou un programa askpass" -#: src/tgetpass.c:105 +#: src/tgetpass.c:99 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "non hai programa askpass especificado, tente estabelecer SUDO_ASKPASS" -#: src/tgetpass.c:237 +#: src/tgetpass.c:231 #, c-format msgid "unable to set gid to %u" msgstr "non foi posíbel estabelecer o gid a %u" -#: src/tgetpass.c:241 +#: src/tgetpass.c:235 #, c-format msgid "unable to set uid to %u" msgstr "non foi posíbel estabelecer o uid a %u" -#: src/tgetpass.c:246 +#: src/tgetpass.c:240 #, c-format msgid "unable to run %s" msgstr "non foi posíbel executar %s" @@ -686,45 +776,11 @@ msgstr "non foi posíbel facer dup2 stdin" msgid "unable to restore stdin" msgstr "non foi posíbel restaurar stdin" -#: common/aix.c:144 -#, c-format -msgid "unable to open userdb" -msgstr "non foi posíbel abrir userdb" +#~ msgid "%s: at least one policy plugin must be specified" +#~ msgstr "%s: debe ser especificada cando menos unha política de engadido" -#: common/aix.c:147 -#, c-format -msgid "unable to switch to registry \"%s\" for %s" -msgstr "non foi posíbel cambiar ao rexistro «%s» para %s" +#~ msgid "must be setuid root" +#~ msgstr "debe ser setuid root" -#: common/aix.c:161 -#, c-format -msgid "unable to restore registry" -msgstr "non foi posíbel restaurar o rexistro" - -#: common/alloc.c:82 -msgid "internal error, tried to emalloc(0)" -msgstr "erro interno: tentou emalloc(0)" - -#: common/alloc.c:99 -msgid "internal error, tried to emalloc2(0)" -msgstr "erro interno: tentou emalloc2(0)" - -#: common/alloc.c:101 -msgid "internal error, emalloc2() overflow" -msgstr "erro interno: desbordamento en emalloc2(0)" - -#: common/alloc.c:119 -msgid "internal error, tried to erealloc(0)" -msgstr "erro interno: tentou erealloc(0)" - -#: common/alloc.c:138 -msgid "internal error, tried to erealloc3(0)" -msgstr "erro interno: tentou erealloc3(0)" - -#: common/alloc.c:140 -msgid "internal error, erealloc3() overflow" -msgstr "erro interno: desbordamento de erealloc3(0)" - -#: compat/strsignal.c:47 -msgid "Unknown signal" -msgstr "Sinal descoñecido" +#~ msgid "internal error, erealloc3() overflow" +#~ msgstr "erro interno: desbordamento de erealloc3(0)" diff --git a/src/po/hr.mo b/src/po/hr.mo index 341ab6bea376a9df5aea6cb3a204b9dc8e5452bf..7ff45430273743e1918260f03cdfeebf19c19468 100644 GIT binary patch delta 4702 zcmb8x3vg7`9mnyr3E>e3;CcOEiy*kALDd9hPC)Amf-ke zV{di->;sP9vi*XDt!_)9$ zoQxZgKa=#1x8pL7_u~Y71-Yep7nOJcCza4F?7$UR$@peFo%x(NglFP$tj52iW?I2C zufiqRjz7ajd=D+wFs(DN6LtM%I1RVrEIfd!$T80op8voZjBiTIjA_O;R3g1N8;9^* zd>kur40YBFW_Wg@N*VIJ6_xk{p3h?q$G%CqQkz<=;&=(3g*}*7>941=1b>Qi(MNsf zU^CX^2G1K&75EX($G31E&Sd(!Zauc*PSo{}c*n1!CTQ6p8h8zANm5g&ze={36Drk% z-WMlOGgjRiU@Gc&%Td2`k^N_G^S(cby76zZ9p6U%u9h99O0LEhyb9~^UR0vLub}=a zaWSKD&a6TvWqQ$K8u>Ga_)sYyMrHmIQY=%zBSWsH616n*k;$6%NcBz3a|h~o`_N(* zwK<o}I3eZJ{v6ZF@JTw#=p9^y{8UsuR*QtQRL4&!-q<$k3BF4Rl!H`Z2UL!XZ&m&UFV?gcO6n>^BvT9znMe*RqD6B z6Ej#iebI@WG9f$%_u~0@9F@>yUJ9MK3N^z$Nbcr7&*xBy=2K4DfJ$hc=e5|u@jZ>y zpT2pO4`n!s4Z!{}XX8rTfEVN4s6_sSO4#2t{9+2@0*?1%J03^=Oi}ajUOE@a*+fup z%>9_#OQ`F{q`6xwokggn*o?~b0BV>1$~%4)8QYZbzGeB%B2=keR0Y0;Oxiq(CHNL< z&3%lj3Us0$uRtaAJygZg&(cxmd1S#g#*fM@f||*8mZh11N> zL7gAOGQ115XO5!9mr;onFdO~Oq7qzzs#Fxu)bl??X9_1CM$Paz>cTgW49#fjHW@2X z3AA{wLG7J5s+5PZ0)LIHmU#tPW;2CsHSluJ2&%HXaW>b>$brZs~yjx^w6RHmCy z=WoIb@gdYq^3NOItgW6QWRm7ET6_V0sNY^ssCxT|Awta(N;pHPE!O%^pmPSXU1w+o z#O7RY_`h8$?M|YK7)$IW)FQ*={^PQaK4a%vzvub5kvKq%v_h}Le9Ts&OY5)3Ltt(u zZqva@t%&{_@Ax9T%Whg0v5hDuzD}ssX#CrWFA}#B zDWZ}19Ki-Q4x!zvb~*9QTyOYe1+4Ur_3yw)i+i0rM@}G1ooiq4?7r+X+27YHh=qEuOdFH;Ai=YVX{oSnBmF@FuUn+jBbl z)mK)Bh(SUvLF^}biB@7faV>EsQAViM4P%m?BWN$}$xbS|-8a5EQD~|Yemfk6nG?lR zPfPSh<4Lk|V+dZOW2 zAnA6Kx0i1?&=-x{0VketqofnGwa%89)01?99Msv%qp3(Rcc1LrrTM-p8xCx-o8r+_ zERmb)DMMu6C~Na&-Y=dpF2POQ%Uvg!wUdf`%+tCF8+H>3l_c5g*o{5CPEY8v;k0LE zwoaOyZJ7N1{Or5sOME3RgC+*U-O+w;lx$t)>!Z%_=9nCehjCbtQ?u-_6?ysX-OZV`XDw}=*U&V-p{d0-H~Hr`(Qj%hT;0{M#u;!` zl7(xxx+TM`deDEPn@;NH~s9w^$nd)#EA!z(YW7sCgXufqF)ELrEx)X zV_UXu<_n+PS{K$-6^FPc6tyuo5s36T*+19(ByV0Sw;ke6Fc8v8#Nw_^9oyw50|Wdf zrQ=Y4A7?@V`{K4cs}nD78_MplYw_iWqTQLNX4j>!3`Cr8AfD=T!ZtV%O(f%~kZae@ zUG~wn+gnOF3;@yv&(%Q5ywr$;;IK5F_dt_f&PeVyW`P57CjaFs4l0>En8Z@(^nLZKK6*i za~KH>IEl_VuCHR@O%Xau@=lusG>)LDp delta 3834 zcmYk<3vg6d9mnyrd65Ss%{vfmZc2cpB-?D>*_u+)2T-6Iv=o%4U6KVh$?i>eH$b3u zp$`yJ)Upkb!$^E1ts^oWTYxqOMA;8}C3HRgqVbkC|pePUc;-@L#IGGOFgRCD@6| zv>zF)*^AuU97RpdStK{}CQ>wW#Z@=adF80Z?B#!-vt5Nax3K?{F_y79-T#L75H*Eb^T)T}}!x(PYOM39e}V56x_ zoT6jV`4#F0*H9HGWL~t&n~_6i6Y?=T*(lMYs1bY@b=@o~k$clb%1L-wlB-Kgv0 zt|zgB{mZDSEGGMmj073d$>Ts5@0K#{Mcr^1HL^+MW6rSA9RCuP@Dyy8+}Uz#K!3^fYQJrZEHGLp|Ux zcn{|AYN+IEu?YK7iAPY0CUFIR8+o?*7!xW<4e9H~8&D&Uqe}fUPU1AGv=8&8j=zXH z|3|1B{Smbm3iwhF@}f$=-raxN^%Uy8{~0Rrf8Wac&%I40OHtm5+{=VqlgPQ|d#-;* zm9~^$D?PXunNG7E*Ww}U!?&>q8+e)$*@oRXg`M~oHsf3`_19wQ;jUa`!l;T&p)U9Z z>OC&tB$aXnDxs~YDS6i2|0eP=zhy&JO#yem9a~W&wUK9<3DgvQ2Q_6sP0-PZi+$-e za62lI9jJ<&KxKRpwI;F{juPuaE;UiqRGdJ)em_9HW;3X%xQZ55aIpr~i8>xZou4>D zM;V?$m2w(u@Cv40L;eux2c#Y??7v7v(Eue*l?1vlA^m zfh3SH=jrGMv#8ASNmHfrqDs6O_1f*ha(oVz`DrY}3s`}dQ3?FbwV1Lod&Y;Vk z;a#$9lEt#&_gr=Gu`PCjwH9ipQ$Yvk+PgY$8X+aJWk#1L`NJtkE0 z;v4o=LEGIQx#9Ru`mD{=FKDO6e>Xc16Iq0s=1lF&M3C4)EFdi6#`XnvjuYG6gPK#l z(`wmiQrk(k`b|*#67d2tS37E|e?1W)KI`s7>R&-x{kw=Kh!wgx6|u-pX*v|Aa)ZgiA}_(2{pZX zYSn2{|7Vz@uXp@;qLwHpx(T(d#J#DWHZ0jEVHHt9bP#F>h>}!~KOQ(rJV4BGUYqy4 z#}|qW*x}JYJhWvbXpPzMFy?dczBCFVl9rPzD%C0t;jTf z%XzZsu?)vslIJ;*Tjp_YEBAVwLltv9&c({JnK|KL*p7}n+o~V*II{~cXC-H9mpaY2 zRApp#Y-vlbsk>)hOH*@KldswGwfdX8k}uU&yGL5BmKJ||n{%OVoo7M*#-^3QNH7|R z+fl!@)*cRwgmwolpSR6vT{7cIu4}3DqerN8 zqA|9q5(jyXDzK*h^$e$XS%W8gD`$)(BaIEtWK)&L`IGm6$2s0y>T%xnEy>DF6(ck> Y=3Hx^@Hi(sU&&66_bhYX>S@UMKfhVY6951J diff --git a/src/po/hr.po b/src/po/hr.po index c5359ab..cef76b7 100644 --- a/src/po/hr.po +++ b/src/po/hr.po @@ -1,21 +1,21 @@ # Translation of sudo to Croatian. # This file is put in the public domain. +# Tomislav Krznar , 2012, 2013. # -# Tomislav Krznar , 2012. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6b4\n" +"Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-13 22:54+0200\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-18 15:22+0200\n" "Last-Translator: Tomislav Krznar \n" "Language-Team: Croatian \n" "Language: hr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n" -"X-Generator: Lokalize 1.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Gtranslator 2.91.6\n" #: common/aix.c:150 #, c-format @@ -36,14 +36,6 @@ msgstr "ne mogu vratiti registar" msgid "internal error, tried to emalloc(0)" msgstr "interna greška, pokušao sam emalloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "ne mogu alocirati memoriju" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "interna greška, pokušao sam emalloc2(0)" @@ -69,76 +61,86 @@ msgstr "interna greška, pokušao sam erealloc3(0)" msgid "internal error, tried to erecalloc(0)" msgstr "interna greška, pokušao sam erecalloc(0)" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "nepodržani izvor grupe „%s” u %s, redak %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "neispravan maksimalni broj grupa „%s” u %s, redak %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "ne mogu izvršiti stat %s" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s nije obična datoteka" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "vlasnik %s je uid %u, treba biti %u" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s ima dozvole za pisanje svih korisnika" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s ima dozvole za pisanje svih grupa" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "ne mogu otvoriti %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Nepoznat signal" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "priključak police nije uspio inicijalizirati sjednicu" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "ne mogu razdvojiti" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "ne mogu napraviti utičnice" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "ne mogu napraviti cjevovod" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "odabir nije uspio" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "ne mogu vratiti tty oznaku" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "ne mogu ukloniti PRIV_PROC_EXEC iz PRIV_LIMIT" @@ -148,148 +150,176 @@ msgstr "ne mogu ukloniti PRIV_PROC_EXEC iz PRIV_LIMIT" msgid "unable to allocate pty" msgstr "ne mogu alocirati pty" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "ne mogu napraviti cjevovod" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "ne mogu postaviti terminal u sirovi način" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "ne mogu postaviti kontrolni tty" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "greška čitanja iz cjevovoda signala" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "greška čitanja iz cjevovoda" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "greška čitanja iz para utičnica" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "neočekivana vrsta odgovora na povratnom kanalu: %d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "greška u %s, redak %d pri učitavanju priključka „%s”" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "vlasnik %s mora biti uid %d" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "samo vlasnik smije imati dozvole za pisanje %s" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "ne mogu izvršiti dlopen %s: %s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "ne mogu pronaći simbol „%s” u %s" + +#: src/load_plugins.c:201 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: ne mogu pronaći simbol %s" +msgid "unknown policy type %d found in %s" +msgstr "nepoznata vrsta police %d pronađena u %s" -#: src/load_plugins.c:112 +#: src/load_plugins.c:207 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: nepoznata vrsta police %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "nekompatibilna glavna inačica police %d (očekujem %d) pronađena u %s" -#: src/load_plugins.c:116 +#: src/load_plugins.c:216 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: nekompatibilna glavna inačica police %d, očekujem %d" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "zanemarujem priključak police „%s” u %s, redak %d" -#: src/load_plugins.c:123 +#: src/load_plugins.c:218 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: može se učitati samo jedan priključak police" +msgid "only a single policy plugin may be specified" +msgstr "možete navesti samo jedan priključak police" -#: src/load_plugins.c:200 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "zanemarujem dvostruki priključak police „%s” u %s, redak %d" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "zanemarujem dvostruki U/I priključak „%s” u %s, redak %d" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "priključak police %s ne uključuje metodu check_policy" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: otkriven preljev" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "ne mogu otvoriti utičnicu" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument za -C mora biti broj veći ili jednak 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "nepoznat korisnik: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "ne možete navesti opcije „-i” i „-s” zajedno" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "ne možete navesti opcije „-i” i „-E” zajedno" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "opcija „-E” nije ispravna u načinu uređivanja" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "ne možete navesti varijable okoline u načinu uređivanja" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "opciju „-U” možete koristiti samo uz opciju „-l”" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "ne možete koristiti opcije „-A” i „-S” zajedno" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit nije podržan na ovoj platformi" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Smijete navesti samo jednu od opcija -e, -h, -i, -K, -l, -s, -v i -V " -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -298,7 +328,7 @@ msgstr "" "%s - uredi datoteke kao drugi korisnik\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -307,7 +337,7 @@ msgstr "" "%s - izvrši naredbu kao drugi korisnik\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -316,103 +346,103 @@ msgstr "" "\n" "Opcije:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "koristi pomoćni program za traženje lozinke\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "koristi navedenu vrstu BSD provjere\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "pokreni naredbu u pozadini\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "zatvori sve opisnike datoteka >= fd\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "pokreni naredbu s navedenim razredom prijave\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "očuvaj korisničku okolinu pri izvršavanju naredbe\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "uredi datoteke umjesto pokretanja naredbe\n" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "izvrši naredbu kao navedena grupa\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "postavi HOME varijablu na početni direktorij odredišnog korisnika.\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "prikaži ovu pomoć i izađi\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "pokreni ljusku prijave kao odredišni korisnik\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "potpuno ukloni datoteku vremenskih oznaka\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "učini datoteku vremenskih oznaka nevažećom\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "ispiši dostupne korisničke naredbe\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "neinteraktivni način, neće ispitivati korisnika\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "očuvaj grupni vektor umjesto postavljanja na odredišni\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "koristi navedeno traženje lozinke\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "stvori SELinux sigurnosni kontekst s navedenom ulogom\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "čitaj lozinku sa standardnog ulaza\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "pokreni ljusku kao odredišni korisnik\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "pri ispisu, ispiši navedene korisničke ovlasti\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "pokreni naredbu (ili uredi datoteku) kao navedeni korisnik\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "prikaži informacije o inačici i izađi\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "ažuriraj korisničku vremensku oznaku bez pokretanja naredbe\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "zaustavi obradu argumenata naredbenog retka\n" @@ -501,257 +531,262 @@ msgstr "ne mogu odrediti način provedbe." msgid "unable to setup tty context for %s" msgstr "ne mogu postaviti tty kontekst za %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "ne mogu postaviti izvršni kontekst u %s" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "ne mogu postaviti kontekst stvaranja ključa u %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "zahtijeva barem jedan argument" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "ne mogu izvršiti %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "dosegnuta je granica upravljanja resursima" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "korisnik „%s” nije član projekta „%s”" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "pozivanje zadatka je konačno" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "ne mogu pridružiti projektu „%s”" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "ne postoji skladište resursa koje prihvaća zadane poveznice za projekt „%s”" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "ne postoji navedeno skladište resursa za projekt „%s”" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "ne mogu povezati na zadano skladište resursa za projekt „%s”" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "setproject nije uspio za projekt „%s”" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "upozorenje, zadatak upravljanja resursima nije uspio za projekt „%s”" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo inačica %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Konfiguracijske opcije: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" -msgstr "fatalna greška, ne mogu učitati priključke" +msgstr "kobna greška, ne mogu učitati priključke" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "ne mogu inicijalizirati priključak police" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "greška inicijalizacije U/I priključka %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neočekivani sudo mod 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "ne mogu dohvatiti grupni vektor" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "nepoznat uid %u: tko ste vi?" -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "vlasnik %s mora biti uid %d i mora imati postavljen setuid bit" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektivni uid nije %d, je li %s na datotečnom sustavu s postavljenom opcijom „nosuid” ili NFS datotečnom sustavu bez administratorskih ovlasti?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektivni uid nije %d, je li sudo instaliran uz setuid root?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "dosegnuta je granica upravljanja resursima" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "korisnik „%s” nije član projekta „%s”" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "pozivanje zadatka je konačno" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "ne mogu pridružiti projektu „%s”" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "ne postoji skladište resursa koje prihvaća zadane poveznice za projekt „%s”" - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "ne postoji navedeno skladište resursa za projekt „%s”" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "ne mogu povezati na zadano skladište resursa za projekt „%s”" - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "setproject nije uspio za projekt „%s”" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "upozorenje, zadatak upravljanja resursima nije uspio za projekt „%s”" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "nepoznat razred prijave %s" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "ne mogu postaviti korisnički kontekst" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "ne mogu postaviti dopunske grupne identifikatore" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "ne mogu postaviti efektivni gid u runas gid %u" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ne mogu postaviti gid u runas (pokreni kao) gid %u" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "ne mogu postaviti prioritet procesa" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "ne mogu promijeniti korijen u %s" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ne mogu promijeniti u runas (pokreni kao) uid (%u, %u)" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "ne mogu promijeniti direktorij u %s" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "neočekivani uvjet završavanja djeteta: %d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "priključak police %s nema metodu „check_policy”" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "priključak police %s ne podržava ispis ovlasti" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "priključak police %s ne podržava opciju -v" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "priključak police %s ne podržava opcije -k/-K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "ne mogu promijeniti uid u root (%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "greška priključka: nedostaje popis datoteka za sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: nije obična datoteka" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: kratko pisanje" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s nepromijenjen" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s nepromijenjen" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "ne mogu pisati u %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "sadržaj uređivanja ostavljen u %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "ne mogu čitati privremenu datoteku" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "nije prisutan tty i nije naveden program za traženje lozinke" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nije naveden program za traženje lozinke, pokušajte postaviti SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "ne mogu postaviti gid u %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "ne mogu postaviti uid u %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "ne mogu pokrenuti %s" @@ -771,6 +806,12 @@ msgstr "ne mogu izvršiti dup2 stdin" msgid "unable to restore stdin" msgstr "ne mogu vratiti stdin" +#~ msgid "unable to allocate memory" +#~ msgstr "ne mogu alocirati memoriju" + +#~ msgid ": " +#~ msgstr ": " + #~ msgid "internal error, emalloc2() overflow" #~ msgstr "interna greška, emalloc2() preljev" diff --git a/src/po/it.mo b/src/po/it.mo index 3f7e2cb953a64e6045182370a889c68d619b5c4a..4afaf489be9b7b56fad591ee441f77f02e12f65a 100644 GIT binary patch delta 4632 zcmb8xeQ;FO8OQOnNk||_A_)m3yyTLY4JiqEC4mqWh=M2(!17WNVUt~w8|$0Ya4Jr~1}wl~F)x>_3G!kzMW|G6c6=N)@E07+wUZ!&{iX?pup9aVP5jA3OV(Q4_Q%5IuM$YDs!0kbkA@Ne(Dg zKX6W*N6lDytAt6Y>+V8bXCw7z_BrQ|pgR5~HsVL9>!wj*%H(pa#jRM5-$M=b_l4wN zDbC_)95YLiNtsTxFpB({qx>k9KSGWCB9bgKf>(yInu(~TsYfPj)*{(ALC5W=>kguY zaa3`hiPF$WE}|Y#K;>v4^H3>Uhnm@Lq~6T)s5L%~8rb`&fuxZhS%@4m)u<&|h87N@ z`aOag;3?Go(cjXb(9NGwBff@=#f+m;)KLv;EnCsTt*8zTp)zp-^_HAPU4ISf!c4Z3 z18qi4pbd53cGN%)BgdoWBn{2%9IB%aP&3J=cdcCo>i8ODS>G%?6;AzyC@#m-qo<%+x=3~@M(@EblEJbBDf;ztoqk7QOG&IB4aUotq&2%9r zZ^JIsb_lbs zIO=u%6*77AKI*w8>kL0p$6b0uW~wa z$gDyY?LO4~FQYPg0q0>Jqu2S>s3m*^mHOjY$Mela8oF`(t;q+^My**JD)oC&9XyAH zc+NS01vQhB+miRMMvMJ^)RG)P74vJDkC#!`yXGZpqaLGV&pbebESvA3*6I>!0QvKi z)!%~pE*wC{YW|2!&P?H*)LXI+DGT#0bfNm#L5w2~5{C(G7NI4J5!$#sn)qfb&D#=( z_$L*&IPI;drPxUn5hIBw32pu)iT}8)q0QtHTessp+(;ZEhPF(nLE_9H(W>>=##>_c z5c{+2i)9wbVgW9u--Y3r4J%xQnkaVj>c ztx+8%1_*6o;whq&&_^Vjc!Zcj2jb}^Z>HQ(JY(I(u?}~3{HN}lQyZLR z4%r2Pq)qF{xfOuJr$3-VzutF(N10Q zJ_X|WGm2cXl&VRw&KWsb#l!2VI9^xv-L&|%x+AXG4tH*bGlkfSIR)`=&peqPJL)dV rvXZ0nB%c+#zj;n=Vo(7}C)B~3`2IaAr?~z#hYHKdaeROCvnl@s)6TJ0 delta 3794 zcmYk<3vg7`9mnyrNeCo70+Bp0f!ttXcx6dKUTh@+1qpU0y|9 z9)b#53yV?EPOF`cf}K+4%8WBI4x^aP=`u0+Rk)ZbtooVU!w|g?!n;1MjvVXVh% zScElvXyVPt4b3Xd!6<6Hi_35iPQ(kyrRF27=K1DxI+|%Q-?n2bR-lW`xDTh{DXhg| zR0T$n{xk;b%&n*ithXjnn`kd;DPBbfKS1618`Q)mGf3CZLH4QXLQQlnGQ`A?KeLYy zEoJHm9f!_E)D5noDlma{(JpU5PMNjHpV`cZCOU-5;3Vq0Vbnyvw&#o4fl90eb)TiE zga%Pdw;-66uDkeR>c7EhlHoeGKW)o`WFJca! zLRH`$T!|l}O5DgRqU)BTCU7q*^WAtmoj{piQv<39WXS73@k zs?2#*WxhqeGUcobRW*xH--nPtv!4&1Wlo|t+uu=%P2@lmUp$-lzkyDO6Y?PH^*C+) z8a1Jr{5r{Xs0uxURN1_S+JqNyIevjX*ugBi@F32|%cuvJk=6IG8yDf@e(J9^Jj)3^ zz{kSffz8;BkD&%$KxIv1 zbeOcciXB+REHrREat||vEqKQIUu@@i9_cK=C|2Q7>p9d9(Z5i8CYRrF2WO&|W;tr9 zx1cJSdYO)P?_0!=$qV5i-Q{m2~58(4y$ zqDr4bcB)VZa-Wn5(@`l?_KO#hB+Wa>@|$a@wVqDe)wmS31Q9I51E}kdq9$<0dIj~s z3O0c5vj%njE@ZCe*SJvs{{O`es0?J+unSfCEvO8Rpf0?Odhm7BlFi`mDt!;?0UPl~ zdF{R`@xffod&uO?MCz&~S%$jdHtfMyQSb5p zkUz78jic*#q27X1NVUz_PBt_K3ALXQ8o!;`K|}~WKeO@Dm>`mbvR6AukgR!v2objt z4-rL#)_xVCrgDxU^akuEatZAn63?`Itou=ksI4Rx>iK)<6cQtCFCA?VZMN^*lT%Qy zqgo&FH1QzuBr(#o1d~P%P0``Qy~ox~l)K4KPeFQE;%l}PpS(MYTzZXli`4iF=40-eX~ z!A8_8_mn*zVJe-6?Li#<#C^n%i7GvHP~oJstI zSW2uV?j+RotEN_wCG-Cbhw1Cpd!DE!N{IP{+6F>zPqwjTchT!2N{QC&S@Sp++kQU| z59ACL_JkurugJBcZL%K=45~?raLj6A?G&)b`DB!dnKzp=7v^ zgY>$h%JhAuH?>FIU|+b;)FuK>;sH0FbT-E$$#CX)V=SoKC0%DjB-ZC7whr{VQKvSM z`7(XHx-{1W9B)_A!#SS6xWMN>AsdU;N6Yj1P9yJpGwruv5V`o;#QabBRIJ^k~V3VUXr)6^JfYDu52sV@u# z6T$v?FxD6LuGL(~NvGab|e~};{=n*aKcq~7we{{-*32iOeh$Sgn~&o zeWk8smU4^?47!O#q?hqdGVX2)#=}k|>Len{jZ1BEhdQe=$&H#ZDc8Gu_Cr4JVtu#I yTRHa$pI6X0&F6)ij^-6cgH9&FNYMMH^@K0IqP@WTsQr!n^qJ0p*SzpZ&i?_*#KMID diff --git a/src/po/it.po b/src/po/it.po index 0182690..3e62460 100644 --- a/src/po/it.po +++ b/src/po/it.po @@ -1,15 +1,14 @@ # Italian translations for sudo package -# Copyright (c) 2011, 2012 The Free Software Foundation -# This file is distributed under the same license as the sudo package. -# Milo Casagrande , 2011, 2012. +# This file is put in the public domain. +# Milo Casagrande , 2011, 2012, 2013. # msgid "" msgstr "" -"Project-Id-Version: sudo-1.8.6b4\n" +"Project-Id-Version: sudo-1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-13 21:25+0200\n" -"Last-Translator: Milo Casagrande \n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-16 21:40+0200\n" +"Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" @@ -36,14 +35,6 @@ msgstr "impossibile ripristinare il registro" msgid "internal error, tried to emalloc(0)" msgstr "errore interno, tentativo di chiamare emalloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "impossibile allocare la memoria" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "errore interno, tentativo di chiamare emalloc2(0)" @@ -69,76 +60,86 @@ msgstr "errore interno, tentativo di chiamare erealloc3(0)" msgid "internal error, tried to erecalloc(0)" msgstr "errore interno, tentativo di chiamare erecalloc(0)" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "gruppo sorgente \"%s\" non supportato in %s, riga %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "gruppi massimi \"%s\" non validi in %s, riga %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "impossibile eseguire stat su %s" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s non è un file regolare" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s è di proprietà dello uid %u, dovrebbe essere di %u" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s è scrivibile da tutti" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s è scrivibile dal gruppo" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "impossibile aprire %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Segnale sconosciuto" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "inizializzazione della sessione non riuscita da parte del plugin della politica" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "impossibile eseguire fork" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "impossibile creare socket" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "impossibile creare una pipe" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "select non riuscita" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "impossibile ripristinare l'etichetta tty" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "impossibile rimuovere PRIV_PROC_EXEC da PRIV_LIMIT" @@ -148,148 +149,176 @@ msgstr "impossibile rimuovere PRIV_PROC_EXEC da PRIV_LIMIT" msgid "unable to allocate pty" msgstr "impossibile allocare pty" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "impossibile creare una pipe" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "impossibile impostare il terminale in modalità raw" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "impossibile impostare il tty di controllo" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "errore nel leggere dalla pipe di segnale" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "errore nel leggere dalla pipe" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "errore nel leggere dal socketpair" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipologia di risposta inattesa sul backchannel: %d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "errore in %s, riga %d, durante il caricamento del plugin \"%s\"" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s deve essere di proprietà dello uid %d" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s deve essere scrivibile solo dal proprietario" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "impossibile eseguire dlopen su %s: %s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "impossibile trovare il simbolo \"%s\" in %s" + +#: src/load_plugins.c:201 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: impossibile trovare il simbolo %s" +msgid "unknown policy type %d found in %s" +msgstr "politica di tipo %d sconosciuta trovata in %s" -#: src/load_plugins.c:112 +#: src/load_plugins.c:207 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: politica di tipo %d sconosciuta" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "numero principale di versione del plugin %d non compatibile (atteso %d) trovato in %s" -#: src/load_plugins.c:116 +#: src/load_plugins.c:216 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: numero principale di versione %d non compatibile, atteso %d" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "viene ignorato il plugin di politica \"%s\" in %s, riga %d" -#: src/load_plugins.c:123 +#: src/load_plugins.c:218 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: solo un plugin di politica può essere caricato" +msgid "only a single policy plugin may be specified" +msgstr "solo un plugin di politica può essere specificato" -#: src/load_plugins.c:200 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "viene ignorato il plugin di politica duplicato \"%s\" in %s, riga %d" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "viene ignorato il plugin di I/O duplicato \"%s\" in %s, riga %d" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "il plugin di politica %s non include un metodo check_policy" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: rilevato overflow" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "impossibile aprire socket" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "l'argomento di -C deve essere un numero maggiore o uguale a 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "utente sconosciuto: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "non è possibile specificare entrambe le opzioni \"-i\" e \"-s\"" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "non è possibile specificare entrambe le opzioni \"-i\" ed \"-E\"" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "l'opzione \"-E\" non è valida in modalità di modifica" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "non è possibile specificare variabili d'ambiente in modalità di modifica" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "l'opzione \"-U\" può essere usata solo con l'opzione \"-l\"" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "non è possibile usare assieme le opzioni \"-A\" e \"-S\"" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit non è supportato su questa piattaforma" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Solo una delle opzioni -e, -h, -i, -K, -l, -s, -v o -V può essere specificata" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -298,7 +327,7 @@ msgstr "" "%s - modifica file come un altro utente\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -307,7 +336,7 @@ msgstr "" "%s - esegue un comando come un altro utente\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -316,103 +345,103 @@ msgstr "" "\n" "Opzioni:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "Utilizza un programma d'aiuto per richiedere la password\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "Utilizza la tipologia di autenticazione BSD specificata\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "Esegue il comando in background\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "Chiude tutti i descrittori di file >= fd\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "Esegue il comando con la classe di accesso specificata\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "Mantiene l'ambiente dell'utente quando viene eseguito il comando\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "Modifica i file invece di eseguire un comando\n" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "Esegue il comando come il gruppo specificato\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "Imposta la variabile HOME alla directory dell'utente finale\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "Visualizza il messaggio di aiuto ed esce\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "Esegue una shell di login come l'utente finale\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "Rimuove completamente il file temporale\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "Invalida il file temporale\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "Elenca i comandi utente disponibili\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "Modalità non interattiva, non richiede nulla all'utente\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "Mantiene il vettore di gruppo invece di impostarlo a quello dell'obiettivo\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "Utilizza la richiesta della password specificata\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "Crea il contesto di sicurezza SELinux con il ruolo specificato\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "Legge la password dallo standard input\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "Esegue una shell come l'utente finale\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "Durante l'elencazione, visualizza i privilegi dell'utente specificato\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "Esegue un comando (o modifica un file) come l'utente specificato\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "Visualizza le informazioni sulla versione ed esce\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "Aggiorna il timestamp dell'utente senza eseguire un comando\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "Ferma l'elaborazione degli argomenti a riga di comando\n" @@ -501,258 +530,263 @@ msgstr "impossibile determinare la modalità di rispetto." msgid "unable to setup tty context for %s" msgstr "impossibile impostare il contesto tty per %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "impossibile impostare il contesto exec a %s" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "impossibile impostare il contesto di creazione della chiave a %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "richiede almeno un argomento" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "impossibile eseguire %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "raggiunto il limite di controllo delle risorse" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "l'utente \"%s\" non fa parte del progetto \"%s\"" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "il task chiamante è definitivo" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "impossibile unirsi al progetto \"%s\"" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "non esiste alcun pool di risorse per il progetto \"%s\" che accetti binding predefiniti" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "il pool di risorse specificato non esiste per il progetto \"%s\"" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "impossibile unirsi al pool di risorse predefinito per il progetto \"%s\"" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "setproject per il progetto \"%s\" non riuscita" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "attenzione, assegnazione della risorsa di controllo per il progetto \"%s\" non riuscita" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Versione di sudo: %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Opzioni di configurazione: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "errore irreversibile, impossibile caricare i plugin" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "impossibile inizializzare il plugin delle politiche" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "errore nell'inizializzare il plugin di I/O %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modalità 0x%x di sudo non attesa" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "impossibile ottenere il vettore di gruppo" # (ndt) mah... andrebbe resa meglio... -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "uid %u sconosciuto: identificarsi." -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s deve essere di proprietà dello uid %d e avere il bit setuid impostato" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "lo uid effettivo non è %d. %s si trova su un file system con l'opzione \"nosuid\" impostata o su un file system NFS senza privilegi di root?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "lo uid effettivo non è %d. Il programma sudo è installato con setuid root?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "raggiunto il limite di controllo delle risorse" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "l'utente \"%s\" non fa parte del progetto \"%s\"" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "il task chiamante è definitivo" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "impossibile unirsi al progetto \"%s\"" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "non esiste alcun pool di risorse per il progetto \"%s\" che accetti binding predefiniti" - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "il pool di risorse specificato non esiste per il progetto \"%s\"" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "impossibile unirsi al pool di risorse predefinito per il progetto \"%s\"" - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "setproject per il progetto \"%s\" non riuscita" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "attenzione, assegnazione della risorsa di controllo per il progetto \"%s\" non riuscita" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "classe di accesso %s sconosciuta" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "impossibile impostare il contesto utente" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "impossibile impostare ID di gruppo supplementari" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "impossibile impostare il gid effettivo per eseguire come %u" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "impossibile impostare il gid per eseguire come gid %u" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "impossibile impostare la priorità del processo" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "impossibile modificare root a %s" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "impossibile passare a un diverso uid (%u, %u)" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "impossibile passare alla directory %s" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "condizione di uscita del figlio inattesa: %d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "il plugin di politica %s non include un metodo \"check_policy\"" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "il plugin di politica %s non supporta l'elencazione dei privilegi" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "il plugin di politica %s non supporta l'opzione -v" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "il plguind di politica %s non supporta le opzioni -k/-K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "impossibile modificare lo uid a root (%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "errore di plugin: elenco file mancante per sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: non è un file regolare" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: scrittura breve" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s lasciato non modificato" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s non modificato" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "impossibile scrivere su %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "contenuto della sessione di modifica tralasciato in %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "impossibile leggere il file temporaneo" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "nessun tty presente e nessun programma di richiesta password specificato" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nessun programma di richiesta password specificato, impostare SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "impossibile impostare lo gid a %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "impossibile impostare lo uid a %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "impossibile eseguire %s" @@ -772,6 +806,12 @@ msgstr "impossibile eseguire dup2 sullo stdin" msgid "unable to restore stdin" msgstr "impossibile ripristinare lo stdin" +#~ msgid "unable to allocate memory" +#~ msgstr "impossibile allocare la memoria" + +#~ msgid ": " +#~ msgstr ": " + #~ msgid "%s: at least one policy plugin must be specified" #~ msgstr "%s: almeno un plugin di politica deve essere specificato" diff --git a/src/po/nl.mo b/src/po/nl.mo new file mode 100644 index 0000000000000000000000000000000000000000..9594222aca76a91fe07c1b94b051f60fc3b181da GIT binary patch literal 15526 zcmcJVd5|1eeaD*{55@-B26KhBVIv84Rx8QK_TpQTv9N_?OLAi7hd4mxs8r>sR1s2v0&-AEr3gn73X&pFNf98BqC!63_g?q( z%&uhRk4){`?@sqSe(!g`-`lTjd*Zu1KJTMFpZ47+dfpen&z{3CJ{LdT^IG6@z)Qdv zgFC<*!DoUgcp>-zcro}e_#E(K;ETXdyZ7G)xAFb)=P?I(5%^qi1>6Uo0M7;A3O*Hl z5BOy8gW$`+N5E%+Uj^IX_rdeQ7xPPWUj}NvTfxVJF{u72cnEwDd0=1w2 z07d6EUS0w21D^+`;AP-L;7@>m3NCdU~J!QJ2k zpw{^vQ2hKmQ2YJ?sQo@0X6X5~p!OAjlHcn<_4_EOexCtR5$`+hy_8AwE`gVWw}R^T zX7DB8C%`@6m%yFi`7l*fH}Awf8V6xqJ+SH17)_Ec5=&p(atki$Lks5-2*Z1~qRE($#w}D1QAOsD1qlh^lxk zlvi?mKFA~Q22ktY?XUo)KW_mghmU|h`1hdZ{UIp2E~JyjFM_D3cM~W&?*!@MB_KcE zL;R8)9|3*vZ$XX!KB)blhft*7%OH=uJ3)TD3BN?=!=UK@BT(bM3W|>Za?iJ+eA?H` zK+W?CQ2QB!lG}ss`6och<%^)?@?B7LKFzoE?*Jv=D?yEmLGkn5AWM0F0!r>*2Co92 z0`cO{0Z`)#haU#_@%@XS1dVNm<* zgR+kYK+*I2py>ZHsP(@K`rwOU)=l6+Pi0bT(<3W^Wk0Hq(ARO{^l zwa=SD$zc_IJoqM1e18bM1N;zpKKLV0az7U%k$heNik|DhYrruG3%rkkSA%~IN?*=L zNZRL1!4>cb_)hRG;4R?uVKSt75vX^ifdbzXYBDe+>QcD0Zx?tyco!%=ct0pQz5t?{-VZ<@ycnj6k5__B;oSwo zdhgBP0r2CX#(fXeI?sjZZQx;0{JaO$`$s|1{Wl<@@LmFu4DoIQC5P98Y{C0u_x+pT zA-*p#sq7?m_*PKzc?6U^{t}cNz70w)=fVuFw-3AkybF}Rrl9!vAgKP2fQZ2R3sCm@ zpP>4kgR*O0AG{sB280#fyFefOGxz-Kp!jkX%-aUu4NC9s1vUQTpyvC$!>@xr-+u%` zs`r9@Ru7JX+Ft=mU)~97-j9M8fu94Vw_gK&@W-I`>0fT;{7O*rd@ZPXJ_1TUp900# zZ-MH+9plryw}RSt4r*T?05$G&p!oJp_x}7Vtsbm^lFO?>>E#6?kT23oysGs@#3cp3yn`m8{*1nf^KJ7Nztu%cQ zm+@oL)nA}JfhPSEjr!bS!T1pINuO8IuA@CjYtgFDTlhnJe-Z7ldnlgCj`iu$ev!6H zdo!*2h(FJ)zJQWb>b}Q~=M(-$Esftq?8ZJ%f={IBgNmEa+xZ>R)@jeB`LyQeXZi9z z+R#0eejIdvKgprsT{PLUK5wJFhjy;MxDPJXOK8VwKj)r39hCi@qP?DWJ?#+fcG|_X zSJR$Bdzhxr>ns>u8@ay`z4=_r?<2H_XwvDsXwr=hT8D-UF+S%4@ZGduqE(;s_~Yl@ zmlBk&zSVuNKzjUI_ay_DXg@<+qsd3=a}Vtt+S6!1O?wUPZrX*k>T}Hfaf8EGI=ltk zNxP5s3fi5tqcnZm7L0A_&nMH~OOs9fD(w=Q{KJ(refqQ;&0qG{8-SZ=&!X+KkGwa6 z+uYv+a7;Tvdy1a5j*N>aP4bnNw~+g7KkP+?-;d%j_XB>Cv>1k&U*=)fs(PFXyJZpj zf!|F>qaf*R-LX3il0n$>xk5p?3vJ!B0g%fdk!2bo!W=EZst zM?Ka`ittq7-lUU+sXH5f$*YBO(a(oz8S^CMo9i=4GoCcpio<^4m&qvYMg1u3so$u~ z3yn&Xctcoq*W6kpo9Q&O>g@R0S1_*U4}TdX>U^UJB^)SnkmcP(j^utr*uv@@}1yQo%Z^_0LyR*R0qhv6h zZ5)?_C}C2w={OB~h8-*7V^$b0NIEMJDna>0id@)IzA@^gaYb&KtR*n1BC*&Q!~UMP z;(Pnkq#q5+48}V3Vob|BA}*&1Py2>3?Qqd=4`~tYW?D?kY3n|lZQovvt_aQ9u@&91 zvX@S|!PF-lEqOFZg4pZEX^x7aE(-(9 z=h(qpqNF^9Ms!Q;VWZM;e-af#zuu{zrE%EudQm=(k=8Jb$NmUPg8|!vrtnl$OkY>} z5hai`LW9tiX|INDM@e3UK~I~{$|ONKruN+O!hWBvM5wRy7P}P-q;vd<_G(hg*L;I% zMwVo0`t~Hv8M568PUbbAVSeoy*Ulw%k&a+dd}mjh zf^k{KN>LIO5f0-%?dZ_1BfisgglRj#{GQ(RvvlN-qj9*^bE`zBf1P&M!eSgmnHM@| z*l>l$;wwe997v+8KzKmliW~`ew_+ge)F=HP>nHV@=hh z+=L7nSrK6?MKBs0-D`Pqgu7QT+fHm-M<&L*IpN_&#KDt>bN!$j;{Pg^VfcmdwqBAF z@7Bgap3AHUSumO!>!M#|8&blcKX&uc>yI7NuvwoGbh{zGk$#m=k&oef zE}PDAOq;w4a}+p=F%yLeF%$DY6E&=vw9RG$Ys>^b9PT8-E6SiDe>Ar2XnD>~j83ii zqX=IpD?w|0!!!{i^OFzpTuiEM%jdau5`?a}?3v_X74DMM1fP6%1h z&>fN*5F>E;ajK*tCkDmJ`RwLwZs>ZP{$1rDcfhMU4(-%5(@v03KEMdvD#$Y8cq^p_ymO_zBVit{-WuZCi z8JW#6UZbiYXHpnhlk(cxwbZTYQ|H!IYIOE%)=s-VLD^{4nA9q_-pY&WuPu7@9cVmOi63dOJOc44g$7LiTkJDTI6oTI;dYT*=9*z!apEwFpAkHw{ha)tbh zj2^?;NXu*MF=Cae$CTrqVvN3%BTUZ|3VY`Ky7}}>Uvo}}*+|@+5ajUcRE~$_-6(v^ zQ`c!Gal^3#*b1>UDWa}bHtl-8+uTIvb!NFwm{hzE6cZI=Io`9{v@S6TGM)7oN$lnl zKXN82Cnh01UCLt;RhOVI+Ec-lcE_M;-rn+HXq|!Bj#QhdClc|MutZhDQl}yLSr5sp zOk?XI&GfoT_^3ZN^BO~(ihmVlR3H_RB&q6{ebln9eW=&I-4@;`kf{W*d+Ca$eVxl% zw}m>iv=8UFkoFDbAa5T}SNvg7j8}H;noK53>b*3{cXfEzI(p=Id%yD{?E`4lioa)h z_n!9h746;2{_edi{IPu5@-iLUw}tDGs!`K^d)v!<+k5u<%gZZ!mtVTPn|`;D&$o|f zL6VaSrs(U@CI6;iM7A*SuNo_H7}{^w4Mv=Gm&i4*VNfzCsUEeDhrwvYKTyhyuc9(Q zNr8dat!L3{-W_I9zgSAM!E^u>#<+F((BXqqX6#;CZtYiLHh~T_bp?YyRqP@&jgpu9 zSZRjGy86WN8{1b*`-$Fun6(d5<jZFQP{0qJ?`E@+j$1d0J-;Wsjp& zfvMU`PHH@2zJ=1iFIqJV)x=PtVcQV0B|Ry%cDEI#Lme!cqky^|wK9eonXdLb0X23_ z?yqZ$Y~0YqQ?L5N636L5v>7kiv*c{qVKeczH~Fe&M*%d2YTw8jVZs+Nqd_oVUFzC^ zBnpc*3Tw*XVa(|)?f1Az2%}zZs+=k{FRBDQk*smi1PzTpon$aw^4lSG6>-DOq@0iv z32tg&*d{?+{+hX%brOSaUvE54*+YT>3B?u%G|o$`(0x@zv7a1B9oaZZH+UQU7AaKT{FCPZ8ZaCYM$5jD?Ok z>bMi2R?e9!kFBN1{i)!yMYTLih;}`r8P+fnW^M{3R1@H8NS(uIoxJQq?ukK`D`BR( z7JMDSBU`{w1!Gvo;|?W|gf~VLXX2EGHy_x!@__h+nZpxr6a;H^4ZVX|MsY-SVvtwq znU+Ipwh-G5$-P5)cs~e|mZ#N=a1HlgP!Az4AWjbEoT6Hu$C{PJq$;*77P0op3 zHJ@md5S?KVU7My~STXOB$Q)FV_0E2)WITgfcglbLPmf`zKiaOCM(z~z*9dj!QnMVd%4b}z6`r{uVUt#b$fcZE{lRygp-+`N)O}2;UTH;HEE>0A{FC!L zIZ;PG!`AAnUhuWjSf`rb2x+xY1?4PJh}ijWYcfeaKj5tMsSu(i@hCPaXxMV>Vp^U;sKWmfW$L zsbGW*fF<}|{#7s{*`ipdX&cFG>)5X^R+E3E2(qzeMJL9F6@ z8Afb?@1ZVoSTBf}8#L4$iW(VVBzjjs){D{?{jZm$+he6K=*Ttf4LfwWIjCetUw;_T1y zF{NxCt*&8!!Pp3^rc^!!ek*?uliBMBH@`JET+;L?|NrHD%msz0;q--2E6z|gB*Amq zp){$oeUp$ni=CP<*A%duq`$tUfcG}r^|$M;f~mLbs$!JN0U5I@v;-WQPjNjnj_wo+ zsvL=)=&x8jO-GGmt2=XL(K!9ohbEgf`zDn%*-JHfyxo(1R$DX@(zS&SLDFuj(-hsz z$%%@PvIu;t-@~j?Oh>r<=w4{_q-a5+m@ZZe6#01aZ#$aV3Tii^>F&vTfEugUPF}X^tM&+`f8)zj?y!D zj@C?f;Vv{9kAr@1qLZMGHAZ4~c6)kS^6I;cTGY}Isf8)WX)$xHVMv;~Mzn3t_Zb=p zM6(^e*_)0!O{+IS_j01(&jp>P%yg30+aZk5fxZ$)bYnk8 zb&TmdL1(LDu%@l4Zkwvp+-%nFb!>5BoryAYou^#qh0@iEl8V%`rxF&-k~tTy&B}F( zJi}_;jyRT8+_#S&i!+d<4BY)oz}$f_5PrCw8Y$X>@vz42Jl&pH>AvFSf2 z6voUM!jM0A&tl%n3!31GZ7F^??p-9hnypHOs=ac%TBV2TV=r596lTJ?m*%o$%Quze zOi^mf9@Toa37B0tCQ%P$ZQ~B?g^WnC>>SB)l37$6B;qJRRtLk;D$e7JFwlw)w4u2x zcP*oAQkN%YuDS=(uy>?wy;~^F+>T6Et`F#&M^!q$<&YJ6 zdBbU!=fzgWGuz*6N^afV<%EQ~Eqbu>da1JlytJmkfN&`J}Tn@P_|l1)je9rR6UN@tCUvRVqv)X(ZQQC%T2S%;34)8nZ*bSX<|h+ujGn2xNEu|8KyZTQMR&FVrawAV?FQViaf z$81SqI*~aZ*RzGwyCvfx^xxQG@k}-<@gUPup?$F~?iHymN;|7J7c8gGXvLcPdZ{2? zZk+iX7iY_PHOILEGszw{ROgsnFQHu~X*3#FXP07*s`#fL!tK(Th8QkXN3`7DFOjGz eSGE-, 2013 +msgid "" +msgstr "" +"Project-Id-Version: sudo 1.8.6b4\n" +"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" +"POT-Creation-Date: 2012-08-10 13:08-0400\n" +"PO-Revision-Date: 2013-03-23 00:30+0100\n" +"Last-Translator: P. Hamming \n" +"Language-Team: Dutch \n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: common/aix.c:150 +#, c-format +msgid "unable to open userdb" +msgstr "kan userdb niet openen" + +#: common/aix.c:153 +#, c-format +msgid "unable to switch to registry \"%s\" for %s" +msgstr "kan niet wijzigen naar register \"%s\" voor %s" + +#: common/aix.c:170 +#, c-format +msgid "unable to restore registry" +msgstr "kan register niet herstellen" + +#: common/alloc.c:82 +msgid "internal error, tried to emalloc(0)" +msgstr "interne fout, probeerde emalloc(0)" + +#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 +#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 +#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 +#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 +#, c-format +msgid "unable to allocate memory" +msgstr "kan geen geheugen reserveren" + +#: common/alloc.c:99 +msgid "internal error, tried to emalloc2(0)" +msgstr "interne fout, probeerde emalloc2(0)" + +#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 +#, c-format +msgid "internal error, %s overflow" +msgstr "interne fout, %s overloop" + +#: common/alloc.c:120 +msgid "internal error, tried to ecalloc(0)" +msgstr "interne fout, probeerde ecalloc(0)" + +#: common/alloc.c:142 +msgid "internal error, tried to erealloc(0)" +msgstr "interne fout, probeerde erealloc(0)" + +#: common/alloc.c:161 +msgid "internal error, tried to erealloc3(0)" +msgstr "interne fout, probeerde erealloc3(0)" + +#: common/alloc.c:185 +msgid "internal error, tried to erecalloc(0)" +msgstr "interne fout, probeerde erecalloc(0)" + +#: common/sudo_conf.c:305 +#, c-format +msgid "unable to stat %s" +msgstr "kan status niet opvragen van %s" + +#: common/sudo_conf.c:308 +#, c-format +msgid "%s is not a regular file" +msgstr "%s geen regulier bestand" + +#: common/sudo_conf.c:311 +#, c-format +msgid "%s is owned by uid %u, should be %u" +msgstr "%s is eigendom van %u, moet gebruikersnummer %u zijn" + +#: common/sudo_conf.c:315 +#, c-format +msgid "%s is world writable" +msgstr "%s kan door iedereen worden geschreven" + +#: common/sudo_conf.c:318 +#, c-format +msgid "%s is group writable" +msgstr "%s kan door groep worden geschreven" + +#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#, c-format +msgid "unable to open %s" +msgstr "kan %s niet openen" + +#: compat/strsignal.c:47 +msgid "Unknown signal" +msgstr "Onbekend signaal" + +#: src/error.c:82 src/error.c:86 +msgid ": " +msgstr ": " + +#: src/exec.c:113 src/exec_pty.c:674 +#, c-format +msgid "policy plugin failed session initialization" +msgstr "beleidsplugin kon sessie niet initialiseren" + +#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#, c-format +msgid "unable to fork" +msgstr "kan geen nieuw proces starten" + +#: src/exec.c:268 +#, c-format +msgid "unable to create sockets" +msgstr "kan geen sockets maken" + +#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 +#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 +#, c-format +msgid "unable to create pipe" +msgstr "kan geen pijp maken" + +#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#, c-format +msgid "select failed" +msgstr "selecteren mislukt" + +#: src/exec.c:467 +#, c-format +msgid "unable to restore tty label" +msgstr "kan terminallabel niet herstellen" + +#: src/exec_common.c:69 +#, c-format +msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" +msgstr "kan PRIV_PROC_EXEC niet verwijderen van PRIV_LIMIT" + +#: src/exec_pty.c:183 +#, c-format +msgid "unable to allocate pty" +msgstr "kan geen virtuele terminal reserveren" + +#: src/exec_pty.c:665 +#, c-format +msgid "unable to set terminal to raw mode" +msgstr "kan de terminal niet op de raw-modus instellen" + +#: src/exec_pty.c:1013 +#, c-format +msgid "unable to set controlling tty" +msgstr "kan geen controlerende terminal instellen" + +#: src/exec_pty.c:1111 +#, c-format +msgid "error reading from signal pipe" +msgstr "fout met het lezen van signaalpijp" + +#: src/exec_pty.c:1132 +#, c-format +msgid "error reading from pipe" +msgstr "fout met lezen van pijp" + +#: src/exec_pty.c:1148 +#, c-format +msgid "error reading from socketpair" +msgstr "fout met lezen van socketpaar" + +#: src/exec_pty.c:1152 +#, c-format +msgid "unexpected reply type on backchannel: %d" +msgstr "onverwachte soort beantwoording van het achterkanaal: %d" + +#: src/load_plugins.c:74 +#, c-format +msgid "%s: %s" +msgstr "%s: %s" + +#: src/load_plugins.c:80 +#, c-format +msgid "%s%s: %s" +msgstr "%s%s: %s" + +#: src/load_plugins.c:90 +#, c-format +msgid "%s must be owned by uid %d" +msgstr "eigenaar van %s moet uid %d zijn" + +#: src/load_plugins.c:94 +#, c-format +msgid "%s must be only be writable by owner" +msgstr "%s mag alleen schrijfbaar zijn voor de eigenaar" + +#: src/load_plugins.c:101 +#, c-format +msgid "unable to dlopen %s: %s" +msgstr "dlopen %s is niet mogelijk: %s" + +#: src/load_plugins.c:106 +#, c-format +msgid "%s: unable to find symbol %s" +msgstr "%s: kan symbool %s niet vinden" + +#: src/load_plugins.c:112 +#, c-format +msgid "%s: unknown policy type %d" +msgstr "%s: onbekende beleidssoort %d" + +#: src/load_plugins.c:116 +#, c-format +msgid "%s: incompatible policy major version %d, expected %d" +msgstr "%s: niet-compatibel hoofdbeleidsversie %d, verwachtte %d" + +#: src/load_plugins.c:123 +#, c-format +msgid "%s: only a single policy plugin may be loaded" +msgstr "%s: slechts een beleidsplug-in mag geladen worden" + +#: src/load_plugins.c:200 +#, c-format +msgid "policy plugin %s does not include a check_policy method" +msgstr "beleidsplug-in %s heeft geen check_policy methode" + +#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 +#: src/net_ifs.c:298 src/net_ifs.c:322 +#, c-format +msgid "load_interfaces: overflow detected" +msgstr "load_interfaces: overloop gevonden" + +#: src/net_ifs.c:227 +#, c-format +msgid "unable to open socket" +msgstr "kan geen socket openen" + +#: src/parse_args.c:187 +#, c-format +msgid "the argument to -C must be a number greater than or equal to 3" +msgstr "het argument van -C moet een getal zijn dat groter dan of gelijk aan 3 is" + +#: src/parse_args.c:276 +#, c-format +msgid "unknown user: %s" +msgstr "onbekende gebruiker: %s" + +#: src/parse_args.c:335 +#, c-format +msgid "you may not specify both the `-i' and `-s' options" +msgstr "u mag de opties '-i' en '-s' niet tegelijk opgeven" + +#: src/parse_args.c:339 +#, c-format +msgid "you may not specify both the `-i' and `-E' options" +msgstr "u mag de opties '-i' en '-E' niet tegelijk opgeven" + +#: src/parse_args.c:349 +#, c-format +msgid "the `-E' option is not valid in edit mode" +msgstr "optie '-E' is niet geldig in bewerkingsmodus" + +#: src/parse_args.c:351 +#, c-format +msgid "you may not specify environment variables in edit mode" +msgstr "u mag geen omgevingsvariabelen opgeven in de bewerkingsmodus" + +#: src/parse_args.c:359 +#, c-format +msgid "the `-U' option may only be used with the `-l' option" +msgstr "optie '-U' mag alleen worden gebruikt samen met optie '-l'" + +#: src/parse_args.c:363 +#, c-format +msgid "the `-A' and `-S' options may not be used together" +msgstr "de opties '-A' en '-S' mogen niet tegelijk worden gebruikt" + +#: src/parse_args.c:443 +#, c-format +msgid "sudoedit is not supported on this platform" +msgstr "sudoedit wordt niet ondersteund op dit platform" + +#: src/parse_args.c:516 +#, c-format +msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" +msgstr "Slechts een van de volgende opties mag worden gebruikt: -e, -h, -i, -K, -l, -s, -v of -V" + +#: src/parse_args.c:530 +#, c-format +msgid "" +"%s - edit files as another user\n" +"\n" +msgstr "" +"%s - bewerk bestanden als een andere gebruiker\n" +"\n" + +#: src/parse_args.c:532 +#, c-format +msgid "" +"%s - execute a command as another user\n" +"\n" +msgstr "" +"%s - voer een opdracht uit als een andere gebruiker\n" +"\n" + +#: src/parse_args.c:537 +#, c-format +msgid "" +"\n" +"Options:\n" +msgstr "" +"\n" +"Opties:\n" + +#: src/parse_args.c:540 +msgid "use helper program for password prompting\n" +msgstr "gebruik een hulpprogramma voor het vragen van wachtwoord\n" + +#: src/parse_args.c:543 +msgid "use specified BSD authentication type\n" +msgstr "gebruik opgegeven BSD-verificatietype\n" + +#: src/parse_args.c:545 +msgid "run command in the background\n" +msgstr "voer opdracht op de achtergrond uit\n" + +#: src/parse_args.c:547 +msgid "close all file descriptors >= fd\n" +msgstr "sluit alle file descriptors >= fd\n" + +#: src/parse_args.c:550 +msgid "run command with specified login class\n" +msgstr "voer opdracht uit met gespecificeerde inlogklasse\n" + +#: src/parse_args.c:553 +msgid "preserve user environment when executing command\n" +msgstr "behoud gebruikersomgeving bij uitvoeren van opdracht\n" + +#: src/parse_args.c:555 +msgid "edit files instead of running a command\n" +msgstr "bewerk bestanden in plaats van uitvoeren van een opdracht\n" + +#: src/parse_args.c:557 +msgid "execute command as the specified group\n" +msgstr "voer opdracht uit als de opgegeven groep\n" + +#: src/parse_args.c:559 +msgid "set HOME variable to target user's home dir.\n" +msgstr "stel HOME variabele in om naar persoonlijke map van gebruiker te verwijzen.\n" + +#: src/parse_args.c:561 +msgid "display help message and exit\n" +msgstr "hulptekst tonen en stoppen\n" + +#: src/parse_args.c:563 +msgid "run a login shell as target user\n" +msgstr "voer een inlogshell uit als beoogd gebruiker\n" + +#: src/parse_args.c:565 +msgid "remove timestamp file completely\n" +msgstr "verwijder tijdbestand volledig\n" + +#: src/parse_args.c:567 +msgid "invalidate timestamp file\n" +msgstr "maak tijdbestand ongeldig\n" + +#: src/parse_args.c:569 +msgid "list user's available commands\n" +msgstr "geef voor gebruiker beschikbare opdrachten weer\n" + +#: src/parse_args.c:571 +msgid "non-interactive mode, will not prompt user\n" +msgstr "niet-interactieve modus, geen vragen aan gebruiker\n" + +#: src/parse_args.c:573 +msgid "preserve group vector instead of setting to target's\n" +msgstr "behoud groepsvector in plaats van die van het doel in te stellen\n" + +#: src/parse_args.c:575 +msgid "use specified password prompt\n" +msgstr "gebruik gespecifeerde wachtwoordvraag\n" + +#: src/parse_args.c:578 src/parse_args.c:586 +msgid "create SELinux security context with specified role\n" +msgstr "maak SELinux beveiligingscontext met gespecificeerde rol aan\n" + +#: src/parse_args.c:581 +msgid "read password from standard input\n" +msgstr "lees wachtwoord van standaardinvoer\n" + +#: src/parse_args.c:583 +msgid "run a shell as target user\n" +msgstr "voer een shell uit als doel-gebruiker\n" + +#: src/parse_args.c:589 +msgid "when listing, list specified user's privileges\n" +msgstr "bij listing, toon privileges van gespecificeerde gebruiker\n" + +#: src/parse_args.c:591 +msgid "run command (or edit file) as specified user\n" +msgstr "voer opdracht uit (of bewerk bestand) als gespecificeerde gebruiker\n" + +#: src/parse_args.c:593 +msgid "display version information and exit\n" +msgstr "versie-informatie tonen en stoppen\n" + +#: src/parse_args.c:595 +msgid "update user's timestamp without running a command\n" +msgstr "werk tijd van gebruiker bij zonder opdracht uit te voeren\n" + +#: src/parse_args.c:597 +msgid "stop processing command line arguments\n" +msgstr "stop verwerken opdrachtregelargumenten\n" + +#: src/selinux.c:77 +#, c-format +msgid "unable to open audit system" +msgstr "kan audit-systeem niet openen" + +#: src/selinux.c:85 +#, c-format +msgid "unable to send audit message" +msgstr "kan audit-melding niet verzenden" + +#: src/selinux.c:113 +#, c-format +msgid "unable to fgetfilecon %s" +msgstr "fgetfilecon %s mislukt" + +#: src/selinux.c:118 +#, c-format +msgid "%s changed labels" +msgstr "%s gewijzigde labels" + +#: src/selinux.c:123 +#, c-format +msgid "unable to restore context for %s" +msgstr "kan context voor %s niet herstellen" + +#: src/selinux.c:163 +#, c-format +msgid "unable to open %s, not relabeling tty" +msgstr "kan %s niet openen, terminaltitel wordt niet opnieuw ingesteld" + +#: src/selinux.c:172 +#, c-format +msgid "unable to get current tty context, not relabeling tty" +msgstr "kan huidige terminalcontext niet verkrijgen, terminaltitel wordt niet opniew ingesteld" + +#: src/selinux.c:179 +#, c-format +msgid "unable to get new tty context, not relabeling tty" +msgstr "kan geen nieuwe terminalcontext verkrijgen, terminaltitel wordt niet opnieuw ingesteld" + +#: src/selinux.c:186 +#, c-format +msgid "unable to set new tty context" +msgstr "kan nieuwe terminalcontext niet instellen" + +#: src/selinux.c:252 +#, c-format +msgid "you must specify a role for type %s" +msgstr "u moet een rol kiezen voor type %s" + +#: src/selinux.c:258 +#, c-format +msgid "unable to get default type for role %s" +msgstr "kan standaard-type niet verkrijgen voor rol %s" + +#: src/selinux.c:276 +#, c-format +msgid "failed to set new role %s" +msgstr "instellen van nieuwe rol %s mislukt" + +#: src/selinux.c:280 +#, c-format +msgid "failed to set new type %s" +msgstr "instellen van nieuw type %s mislukt" + +#: src/selinux.c:289 +#, c-format +msgid "%s is not a valid context" +msgstr "%s is geen geldige context" + +#: src/selinux.c:324 +#, c-format +msgid "failed to get old_context" +msgstr "verkrijgen old_context mislukt" + +#: src/selinux.c:330 +#, c-format +msgid "unable to determine enforcing mode." +msgstr "kan afdwingende modus niet vinden." + +#: src/selinux.c:342 +#, c-format +msgid "unable to setup tty context for %s" +msgstr "kan terminalcontext niet instellen voor %s" + +#: src/selinux.c:373 +#, c-format +msgid "unable to set exec context to %s" +msgstr "kan uitvoeringscontext niet instellen op %s" + +#: src/selinux.c:380 +#, c-format +msgid "unable to set key creation context to %s" +msgstr "kan context voor aanmaak van sleutels niet instellen op %s" + +#: src/sesh.c:70 +#, c-format +msgid "requires at least one argument" +msgstr "tenminste één argument vereist" + +#: src/sesh.c:91 +#, c-format +msgid "unable to execute %s" +msgstr "kan %s niet uitvoeren" + +#: src/sudo.c:211 +#, c-format +msgid "Sudo version %s\n" +msgstr "Sudo versie %s\n" + +#: src/sudo.c:213 +#, c-format +msgid "Configure options: %s\n" +msgstr "Configuratieopties: %s\n" + +#: src/sudo.c:218 +#, c-format +msgid "fatal error, unable to load plugins" +msgstr "fatale fout, kan geen plug-ins laden" + +#: src/sudo.c:226 +#, c-format +msgid "unable to initialize policy plugin" +msgstr "kan beleidsplug-in niet instellen" + +#: src/sudo.c:281 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "fout bij initialiseren-I/O plug-in %s" + +#: src/sudo.c:306 +#, c-format +msgid "unexpected sudo mode 0x%x" +msgstr "onverwachte sudo modus 0x%x" + +#: src/sudo.c:400 +#, c-format +msgid "unable to get group vector" +msgstr "kan groepsvector niet verkrijgen" + +#: src/sudo.c:452 +#, c-format +msgid "unknown uid %u: who are you?" +msgstr "onbekende uid %u: wie bent u?" + +#: src/sudo.c:782 +#, c-format +msgid "%s must be owned by uid %d and have the setuid bit set" +msgstr "eigenaar van %s moet gebruikersnummer %d zijn en de setuid bit ingesteld" + +#: src/sudo.c:785 +#, c-format +msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" +msgstr "gebruikt gebruikersnummer is niet %d, is %s op een bestandssysteem met de 'nosuid' optie ingesteld of een NFS bestandssysteem zonder rootrechten?" + +#: src/sudo.c:791 +#, c-format +msgid "effective uid is not %d, is sudo installed setuid root?" +msgstr "gebruikt gebruikersnummer is niet %d, is sudo geinstalleerd met setuid root?" + +#: src/sudo.c:860 +#, c-format +msgid "resource control limit has been reached" +msgstr "hulpbroncontrolelimiet is bereikt" + +#: src/sudo.c:863 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "gebruiker \"%s\" is geen lid van project \"%s\"" + +#: src/sudo.c:867 +#, c-format +msgid "the invoking task is final" +msgstr "de aanroepende taak is klaar" + +#: src/sudo.c:870 +#, c-format +msgid "could not join project \"%s\"" +msgstr "kan project \"%s\" niet samenvoegen" + +#: src/sudo.c:875 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "er bestaat geen hulpbronnengroep voor project \"%s\" die de standaardbindingen accepteert" + +#: src/sudo.c:879 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "er bestaat geen hulpbronnengroep voor project \"%s\" die de standaardbindingen accepteert" + +#: src/sudo.c:883 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "kan niet verbinden met standaard hulpbronnen voor project \"%s\"" + +#: src/sudo.c:889 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "setproject mislukt voor project \"%s\"" + +#: src/sudo.c:891 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "waarschuwing, hulpbrontoewijzingscontrole mislukt voor project \"%s\"" + +#: src/sudo.c:959 +#, c-format +msgid "unknown login class %s" +msgstr "onbekende inlog-klasse %s" + +#: src/sudo.c:973 src/sudo.c:976 +#, c-format +msgid "unable to set user context" +msgstr "kan gebruikerscontext niet instellen" + +#: src/sudo.c:988 +#, c-format +msgid "unable to set supplementary group IDs" +msgstr "kan aanvullende groeps-ID's niet instellen" + +#: src/sudo.c:995 +#, c-format +msgid "unable to set effective gid to runas gid %u" +msgstr "kan effectieve gid niet instellen op runas-gid %u" + +#: src/sudo.c:1001 +#, c-format +msgid "unable to set gid to runas gid %u" +msgstr "kan gid niet instellen op runas-gid %u" + +#: src/sudo.c:1008 +#, c-format +msgid "unable to set process priority" +msgstr "kan taakprioriteit niet instellen" + +#: src/sudo.c:1016 +#, c-format +msgid "unable to change root to %s" +msgstr "kan root niet wijzigen naar %s" + +#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#, c-format +msgid "unable to change to runas uid (%u, %u)" +msgstr "kan niet wijzigen naar runas uid (%u, %u)" + +#: src/sudo.c:1049 +#, c-format +msgid "unable to change directory to %s" +msgstr "kan map niet wijzigen naar %s" + +#: src/sudo.c:1133 +#, c-format +msgid "unexpected child termination condition: %d" +msgstr "onverwachte dochter-afsluitvoorwaarde: %d" + +#: src/sudo.c:1194 +#, c-format +msgid "policy plugin %s does not support listing privileges" +msgstr "beleidsplug-in %s ondersteunt niet het tonen van privileges" + +#: src/sudo.c:1206 +#, c-format +msgid "policy plugin %s does not support the -v option" +msgstr "beleidsplug-in %s ondersteunt niet de -v optie" + +#: src/sudo.c:1218 +#, c-format +msgid "policy plugin %s does not support the -k/-K options" +msgstr "beleidsplug-in %s ondersteunt niet de -k/-K opties" + +#: src/sudo_edit.c:111 +#, c-format +msgid "unable to change uid to root (%u)" +msgstr "kan uid niet wijzigen naar root (%u)" + +#: src/sudo_edit.c:143 +#, c-format +msgid "plugin error: missing file list for sudoedit" +msgstr "plug-infout: missende bestandslijst voor sudoedit" + +#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: geen regulier bestand" + +#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#, c-format +msgid "%s: short write" +msgstr "%s: te weinig geschreven" + +#: src/sudo_edit.c:272 +#, c-format +msgid "%s left unmodified" +msgstr "%s ongewijzigd gelaten" + +#: src/sudo_edit.c:285 +#, c-format +msgid "%s unchanged" +msgstr "%s ongewijzigd" + +#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#, c-format +msgid "unable to write to %s" +msgstr "kan niet schrijven naar %s" + +#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#, c-format +msgid "contents of edit session left in %s" +msgstr "inhoud van bewerkingssessie achtergelaten in %s" + +#: src/sudo_edit.c:315 +#, c-format +msgid "unable to read temporary file" +msgstr "kan tijdelijk bestand niet lezen" + +#: src/tgetpass.c:90 +#, c-format +msgid "no tty present and no askpass program specified" +msgstr "geen terminal aanwezig en geen wachtwoordvraag(askpass)-programma opgegeven" + +#: src/tgetpass.c:99 +#, c-format +msgid "no askpass program specified, try setting SUDO_ASKPASS" +msgstr "geen wachtwoordvraag(askpass)-programma opgegeven, probeer SUDO_ASKPASS in te stellen" + +#: src/tgetpass.c:231 +#, c-format +msgid "unable to set gid to %u" +msgstr "kan gid niet instellen op %u" + +#: src/tgetpass.c:235 +#, c-format +msgid "unable to set uid to %u" +msgstr "kan uid niet instellen op %u" + +#: src/tgetpass.c:240 +#, c-format +msgid "unable to run %s" +msgstr "kan %s niet uitvoeren" + +#: src/utmp.c:278 +#, c-format +msgid "unable to save stdin" +msgstr "kan niet opslaan naar stdin" + +#: src/utmp.c:280 +#, c-format +msgid "unable to dup2 stdin" +msgstr "kan dup2 niet uitvoeren op standaardinvoer" + +#: src/utmp.c:283 +#, c-format +msgid "unable to restore stdin" +msgstr "kan stdin niet herstellen" diff --git a/src/po/pl.mo b/src/po/pl.mo index e9177136e0452c25cea7a73e53c9c73fba4d4f78..e82aa3a120b9f46aa47fc71ee173de8631764fc1 100644 GIT binary patch delta 4674 zcma*pdvKK18OQOn;Svav$Sptu;c!VHl7s}303k)LA}WN7RH{YT>@LYmlHF}~!;+w^ z0s#vKFIyE53erD1bXt@yDzzvx5;~o6da<>gPO-E?OFP&K&M4Z>bm;fD`!Y?TQ+sBg ze9n72m*<@Kom_u(cc&+QesJ&S4CM$hiYV!0%Be6Yy2cGbV0+OQo6gOCh4=|-rg=5Q-Rf}fi&VBco1jf zk1-!J$+KoK-gOZwl})ZsqXzz}>p3jq*fT7ZYBLGPa6BK!p%3Fq{SGSg@lBk99`ZXG zE3gFDxb8w_;B~CTD>w}&Fnv9@8msUL)bnq-$CptPv}_P{yaKf(Z6nCPQuYETl&aU< z3+GWYR^Ccs6zaZvQ1>~={xi?G*AJl@{s~UUtEl@XvBQ+fWjGZ#V=*2>4fHp8)+CCH>qBU+3jKXaHrO64ik$S)$vGJSYu7^}%gElnjdS+g3+z6rZ_qVC&|7L%yW z`CgogMsg9=!AN$F1~LbgvWHMJ>q7RMc?Gq`Z=(kG7t}y{lOCCeoHFI8C0U9Vx1icR zgc{%*sORIqpu$EsAE8Ek9T|%m%1%*36{xkWLyMbH4IDsa;soj~`8DeP>qrx3v`r7R z7Bzu-)N`GvfgD86$IVG9n%Oy2Lw`ffB$w8;b|t9u4K@sTJtHWcIr_X?m`Xl1QzT4|0R`LPW%&oU(o7oH07{W$nT4oKY(Rcy=VbD)j*}cQX>%SK ztm#AV>Yx!9If1(VN1TZxNRzIwK+W`V)N|j%8oY?w zQw4E`J%`FFB0hJV;3r;M{zX1izDy~DntF|q%$}h<67fRDw^5rs1MI2)Y|sv z>!VFpi)7#IKy`T9^%LZ0iuq`a!6x*e+T1}5CH4~s2^C9dZzTv7ZjYzFM8i4Qo;t<5 zk1@Bt8MT&A5bB^G@dBX|Oq2S@)Uc=ioZx0CA&axfK$a`f%0h`>&!|?IE7g zL60(!`U>}WDXw+v4cOw=H)0pj+dclO>mgLy`x46uFYy?WO*~1c6siBc#FvSui8i8) z&<LTy&do#H=@gSk{5;2j`Ua2Q;6m7~TVlFYkJ(=rTi`vwyh)&{hVu9BG2o;qKLa&E5 zoQiht24WwvnpjADh3Huv4*Cx5pr0mP$339*t`Mm$XPB9;((b=AM|rz+`x zIy$J2C&C1;dFmgIK{%bzH$bI2joIY-6n=wvgeY{+J%oeZdLHg}>(9E5#TwN$s>4J( zp%NipBpM05t2xA0qJS7es1&C$QP&%2FFltWHgK;er!bOb3L`Z(9a)L<*`o$T8bhs7 z8*6ov)taJJ>%T^L^#Bw?f=(9H{V(pnRrVFL0_mP?2S70jN2V= zi+4k))ou*5Mw}4C@!Ls(P2qqq8t`*aY}bd{g8o!H$*Y5VdB)fl?wJv?U(?$3uqP(A49iWH z=Dyr3d2Qr;&mf0RBke8qp=P(2WO4rG-oxEFM%%-w1-LP|M5diKIT&dRhgmKLo*JKx zgxXqt^uvPOJjxk1FQeD=`ijJ=aSN-am6lhQmQS@60?hH|#``-zxe; zMnx>O+%at+$5F1sA-}J~8?iB8M|-qA<_$Vt8;iF4I+~pHM%rAw#uM+*#)yWv9O8*s z^h~m~BNXiJbZ_n6XJdgWvG(*#Z|=i<@zcs`wB7B}-qJv2s)g2c|LM`uws4e6WOBe6t9RY5XVH83-u4fgK|vQ9UK+iqitSnaH;pcAm6 d`pDU>yz-iqJ^KdB?LWIU^uLCAymo2EzW|~y&UgR- delta 3775 zcmYkl zROz;O4x$qJvFAIe3Ve)}n8UhMV;!o(58{1z81KXjm|95Zb2^K#syH)~b=bu5FfPV7 zQ8!#iU0+FEm*5&~z{9A4T+|-<*Q&oVD(9+s z*o?|_H!@i>ggo1fpqAz=lAC!SDVq7nQxDN~#i-2{KqYby>bZT$rRFrMVq>U@{Ub$( z{bHuEg|(Iy$SJcNmB4P#1Zoo?tcZ(r{~~0cn$@U8wr#%@$eUqHq(zd^12U+`|sA$wJ5 z1?s+p=g%<2@g>w!7LffRUy2Or=m+OKXLZ9{s5QEQnprjPoGQ?UN^BcixF0pp2$HjT z2UUT;qwe=nCRJ!L-iupM6&Xd1_bN_deB;t-!8cF?eTsVh3YaFZvRR3m;SN*+N70Wz zK_&PyuE253M<1_<*1iC>#?`3Gt;6M*M7{3gm};l#3oP!{u?#md_Ks@Y(j=G1E}YoK|SY#J9z(9^8a!|HgLCoaJoE4 zQI)vp=_7637{Va#L_PQCMe`MXewL{Jqxf~=Ntz3;E$ zYL2I~(0blxRHcsN-FOyT_3!`3bd>2l7EpWOVN@bRr~!Y8y73BXpec7{t`DIS>p~6i z6zT`*E!5Io_Rh~>G*w_Zmg6I+#0RlV@Bb+}D%tC(HNAWsiS$OsEJAyM0;JnE&mW*FtG13mZWL@S~8D51A4)7Y{{=&dG7h*0LNIfjK^|1s<# zHWNAS*o;wMLp0uL$9lqvXh(O%>an|{ok=Se-fQ<-k4Jj@qITS>?OJ3-p6H2mCL&!N zI6LzzoLwbzTe|IVSES3-_O)4kd+gqX)!!RUMAFCm<6%86VOx(z<6Tx?GS*>tTeW@Z zFP(E$C0VA;a*yO6@VkM+T;ETp7Wv#eivvFQc*%61d$IIv)|6NzX7?uD$I7?*+=+@y z+0NyvIyYEd=FbXsG&yT(?w`?EA8e^_2wDw`+k!35OEu-0GmV^SZ3{NJ7izBios#<6 znTssDb0D%W+8>VFOh8FE8|KX^Y_nqah4F~hk$n4@)!#XgOgK)k%DGxsl&wiQyIbZ~ zdpXCWk%4$Pp0pClo^+KG$$e2hi)nmb_cy, 2011-2012. +# Jakub Bogusz , 2011-2013. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6b4\n" +"Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-20 19:04+0200\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-03 19:05+0200\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" @@ -34,14 +34,6 @@ msgstr "nie udało się odtworzyć rejestru" msgid "internal error, tried to emalloc(0)" msgstr "błąd wewnętrzny, próbowano wykonać emalloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "nie udało się przydzielić pamięci" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "błąd wewnętrzny, próbowano wykonać emalloc2(0)" @@ -67,76 +59,86 @@ msgstr "błąd wewnętrzny, próbowano wykonać erealloc3(0)" msgid "internal error, tried to erecalloc(0)" msgstr "błąd wewnętrzny, próbowano wykonać erecalloc(0)" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "nie obsługiwane źródło grup `%s' w %s, w linii %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "błędna liczba maksymalna grup `%s' w %s, w linii %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "nie udało się wykonać stat na %s" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s nie jest zwykłym plikiem" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "właścicielem %s jest uid %u, powinien być %u" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s jest zapisywalny dla świata" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s jest zapisywalny dla grupy" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "nie udało się otworzyć %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Nieznany sygnał" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "nie udało się zainicjować sesji przez wtyczkę polityki" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "nie udało się wykonać fork" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "nie udało się utworzyć gniazd" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "nie udało się utworzyć potoku" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "wywołanie select nie powiodło się" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "nie udało się przywrócić etykiety tty" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "nie udało się usunąć PRIV_PROC_EXEC z PRIV_LIMIT" @@ -146,148 +148,176 @@ msgstr "nie udało się usunąć PRIV_PROC_EXEC z PRIV_LIMIT" msgid "unable to allocate pty" msgstr "nie udało się przydzielić pty" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "nie udało się utworzyć potoku" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "nie udało się przestawić terminala w tryb surowy" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "nie udało się ustawić sterującego tty" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "błąd odczytu z potoku sygnałowego" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "błąd odczytu z potoku" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "błąd odczytu z pary gniazd" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "nieoczekiwany typ odpowiedzi z kanału zwrotnego: %d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "błąd w %s, w linii %d podczas wczytywania wtyczki `%s'" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "właścicielem %s musi być uid %d" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "prawo zapisu do %s może mieć tylko właściciel" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "nie udało się wykonać dlopen %s: %s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "nie udało się odnaleźć symbolu `%s' w %s" + +#: src/load_plugins.c:201 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: nie udało się odnaleźć symbolu %s" +msgid "unknown policy type %d found in %s" +msgstr "nieznany typ polityki %d napotkany w %s" -#: src/load_plugins.c:112 +#: src/load_plugins.c:207 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: nieznany typ polityki %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "niezgodna główna wersja polityki %d (zamiast oczekiwanej %d) napotkana w %s" -#: src/load_plugins.c:116 +#: src/load_plugins.c:216 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: niezgodna główna wersja polityki %d, oczekiwano %d" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "zignorowano wtyczkę polityki `%s' w %s, w linii %d" -#: src/load_plugins.c:123 +#: src/load_plugins.c:218 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: może być wczytana tylko jedna wtyczka polityki" +msgid "only a single policy plugin may be specified" +msgstr "może być podana tylko jedna wtyczka polityki" -#: src/load_plugins.c:200 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "zignotowano powtórzoną wtyczkę polityki `%s' w %s, w linii %d" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "zignotowano powtórzoną wtyczkę we/wy `%s' w %s, w linii %d" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "wtyczka polityki %s nie zawiera metody check_policy" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: wykryto przepełnienie" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "nie udało się otworzyć gniazda" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument opcji -C musi być większy lub równy 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "nieznany użytkownik: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "nie można podać jednocześnie opcji `-i' oraz `-s'" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "nie można podać jednocześnie opcji `-i' oraz `-E'" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "opcja `-E' nie jest poprawna w trybie edycji" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "w trybie edycji nie można przekazywać zmiennych środowiskowych" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "opcji `-U' można używać tylko wraz z opcją `-l'" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "opcji `-A' oraz `-S' nie można używać jednocześnie" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit nie jest obsługiwane na tej platformie" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Można podać tylko jedną z opcji -e, -h, -i, -K, -l, -s, -v lub -V" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -296,7 +326,7 @@ msgstr "" "%s - modyfikowanie plików jako inny użytkownik\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -305,7 +335,7 @@ msgstr "" "%s - wykonywanie poleceń jako inny użytkownik\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -314,103 +344,103 @@ msgstr "" "\n" "Opcje:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "użycie programu pomocniczego do pytań o hasło\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "użycie podanego rodzaju uwierzytelnienia BSD\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "uruchomienie polecenia w tle\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "zamknięcie wszystkich deskryptorów >= fd\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "uruchomienie polecenia z podaną klasą logowania\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "zachowanie środowiska użytkownika przy uruchamianiu polecenia\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "modyfikowanie plików zamiast uruchomienia polecenia\n" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "wywołanie polecenia jako określona grupa\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "ustawienie zmiennej HOME na katalog domowy użytkownika docelowego.\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "wyświetlenie opisu i zakończenie\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "uruchomienie powłoki logowania jako docelowy użytkownik\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "całkowite usunięcie pliku znacznika czasu\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "unieważnienie pliku znacznika czasu\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "wypisanie poleceń dostępnych dla użytkownika\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "tryb nieinteraktywny, użytkownik nie będzie pytany\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "zachowanie wektora grup zamiast ustawiania docelowych\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "użycie podanego pytania o hasło\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "utworzenie kontekstu bezpieczeństwa SELinuksa z podaną rolą\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "odczyt hasła ze standardowego wejścia\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "uruchomienie powłoki jako użytkownik docelowy\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "przy wypisywaniu podanie uprawnień danego użytkownika\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "uruchomienie polecenia (lub modyfikowanie pliku) jako podany użytkownik\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "wyświetlenie informacji o wersji i zakończenie\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "uaktualnienie znacznika czasu użytkownika bez uruchamiania polecenia\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "zakończenie przetwarzania argumentów linii poleceń\n" @@ -499,257 +529,262 @@ msgstr "nie udało się określić trybu wymuszenia." msgid "unable to setup tty context for %s" msgstr "nie udało się ustawić kontekstu tty dla %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "nie udało się ustawić kontekstu wykonywania na %s" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "nie udało się ustawić kontekstu tworzenia klucza na %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "wymagany jest przynajmniej jeden argument" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "nie udało się wykonać %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "osiągnięto limit kontroli zasobów" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "użytkownik \"%s\" nie jest członkiem projektu \"%s\"" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "zadanie uruchamiające jest ostatnim" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "nie udało się dołączyć do projektu \"%s\"" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "nie istnieje pula zasobów akceptująca domyślne przypisania dla projektu \"%s\"" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "podana pula zasobów nie istnieje w projekcie \"%s\"" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "nie można przypisać do domyślnej puli zasobów w projekcie \"%s\"" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "setproject dla projektu \"%s\" nie powiodło się" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "uwaga: przypisanie kontroli zasobów dla projektu \"%s\" nie powiodło się" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo wersja %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Opcje konfiguracji: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "błąd krytyczny, nie udało się załadować wtyczek" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "nie udało się zainicjować wtyczki polityki" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "błąd inicjalizacji wtyczki we/wy %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "nieoczekiwany tryb sudo 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "nie udało się uzyskać wektora grup" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "nieznany uid %u: kim jesteś?" -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s musi mieć uid %d jako właściciela oraz ustawiony bit setuid" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektywny uid nie wynosi %d, czy %s jest na systemie plików z opcją 'nosuid' albo systemie plików NFS bez uprawnień roota?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektywny uid nie wynosi %d, czy sudo jest zainstalowane z setuid root?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "osiągnięto limit kontroli zasobów" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "użytkownik \"%s\" nie jest członkiem projektu \"%s\"" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "zadanie uruchamiające jest ostatnim" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "nie udało się dołączyć do projektu \"%s\"" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "nie istnieje pula zasobów akceptująca domyślne przypisania dla projektu \"%s\"" - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "podana pula zasobów nie istnieje w projekcie \"%s\"" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "nie można przypisać do domyślnej puli zasobów w projekcie \"%s\"" - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "setproject dla projektu \"%s\" nie powiodło się" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "uwaga: przypisanie kontroli zasobów dla projektu \"%s\" nie powiodło się" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "nieznana klasa logowania %s" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "nie udało się ustawić kontekstu użytkownika" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "nie udało się ustawić ID dodatkowych grup" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "nie udało się ustawić efektywnego gid-a w celu działania jako gid %u" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "nie udało się ustawić gid-a w celu działania jako gid %u" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "nie udało się ustawić priorytetu procesu" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "nie udało się zmienić katalogu głównego na %s" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "nie udało się zmienić uid-ów, aby działać jako (%u, %u)" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "nie udało się zmienić katalogu na %s" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "nieoczekiwane zakończenie procesu potomnego: %d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "wtyczka polityki %s nie zawiera metody `check_policy'" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "wtyczka polityki %s nie obsługuje wypisywania uprawnień" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "wtyczka polityki %s nie obsługuje opcji -v" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "wtyczka polityki %s nie obsługuje opcji -k/-K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "nie udało się zmienić uid-a na roota (%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "błąd wtyczki: brak listy plików dla sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: nie jest zwykłym plikiem" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: skrócony zapis" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "pozostawiono bez zmian: %s" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "nie zmieniono: %s" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "nie udało się zapisać do %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "zawartość sesji edycji pozostawiono w %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "nie udało się odczytać pliku tymczasowego" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "brak tty i nie podano programu pytającego o hasło" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nie podano programu pytającego o hasło, proszę spróbować ustawić SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "nie udało się ustawić gid-a na %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "nie udało się ustawić uid-a na %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "nie udało się uruchomić %s" @@ -768,12 +803,3 @@ msgstr "nie udało się wykonać dup2 na standardowym wejściu" #, c-format msgid "unable to restore stdin" msgstr "nie udało się przywrócić standardowego wejścia" - -#~ msgid "internal error, emalloc2() overflow" -#~ msgstr "błąd wewnętrzny, przepełnienie emalloc2()" - -#~ msgid "internal error, erealloc3() overflow" -#~ msgstr "błąd wewnętrzny, przepełnienie erealloc3()" - -#~ msgid "%s: at least one policy plugin must be specified" -#~ msgstr "%s: musi być wczytana przynajmniej jedna wtyczka polityki" diff --git a/src/po/ru.mo b/src/po/ru.mo index bef4e829bf340c6eff49f4952cfd9a93f01171ec..b98f8d910e05b9e6487f82021c5637bbb6aa050c 100644 GIT binary patch delta 4843 zcma*odvH|M9l-Ikc@Q9kM?w;k@VF2{b|HaH$O9v4AXr|8U_^m}lGj2OlI%9S0n#YT zQ{*Me7DXU}FsL&QZD2t{NP^AyM`viqyVlkR9hlaUX=Al^3f9tA`~BT}<7A+t9`f7I zId|{9=bYa;XSsFKw(GPla4kOSprV{0MiW`lN?pg9gZZGe$0;S%i#Q(NMmyfX5jbq9 zQX_FZj=};=!7@xoxApx#jHi79C*pZbRVtu9qEf(xTQ~%>hAA}=@4*2$8)I-j#^S@6 zgpVVC%5Sx|<9ymja5#Q~yi$FMGVo|F%78L)1}?-j`d8bjX?$2Hr%OX)4of z!4fRQ%QzMPi5gB~TFE#U<@r@O1~*|Q9!1H>+m_cXzru9-SMdo-n*x15WT%5|2{p$z=IjgTG??N?Gl`T)fkY}KTV|syKoxX$nO-) z!7O~-ayLo_E?^%14X5KorZ3Me!+d-O<@s)_-HS3ojSV6lm!m96(-%FUFa8Y{;uk3Q+1X)|$;Ft9E$G0XqYU(eRPrw= z9!hUqQ>DnHR4r;4K>pNmJ|vZ$C?o$ENtTM{$S_uwhO#ty$Yj+rB>T#1xdY|C!>C~h zWpln4pdusr7^Q<0c8(0B7$s#ZP-eCd*>9>1WsQ4K2KHx^fkcrWF%`L_oG44O2sPY< z^4?=81MEO~KJYFTHoE#8WyIegV^Jg7De|Hml(j5F4O>uNa1H50~N+Jcte0i;{`utczU#B{pFazdrZlUX%{6Sf-Kh#kAL1cH+ad zdBZGdFJu+YhKbu&B<@g%PlHJBd_}D$> z08gQ0=r+oI9Gh_=2HvN#oJu-xS&2`fr1~S2)X!$&n4CI; z>`T>)OiCp%T2@7sB4bklBuT0h*$(O^vg~RCM?eNpj?7V=M9K7ZWd872Xsu1P+4$Q*$QBoeo zMY5~%a0)gf2Sc60D*OEl$N;3&nHXzbLH(%J76w~&*&myTGUH59;rBs3OFU2XFL5;F{7PX}j4VlA zPDs5}D3XDFM3gira*CuJBSsMe2r{lJiOs}NVlN?OQh<*`gdBVvel;2`W+|2-&Ti zLZgh~b1m@_A)8T7glxY4#Z6-nk!D@=;4VT=O)T*gAt!@4cY%Bbh>sAPNaNT2cy3)JDtw_%q^3BE!120^_ZED(Y|>NwF% zNbwOzh*~0_7)ER*#u5pH6o-lOTlOJ)>0l@^?vQO*hHtRS@D*uh3=Uo!Iy%-@>uL0B z8yekySEymwlM$2nHcP8>H@LKn8f`)h3qewQ|XT3P?wG;Z(rKIOjq39pAon}5(lcivj&%enqoK8nyMVMxWcmaB4KWYopgy?RVACaA>PNO${~1dqQ8tN7}||^_3g7HI1Go zug{q39bJSzO(?JhZx2l$(VN!YhBgrR++=j z3~owH3S}q#A~N)4N{MZRn@)Yr^;MoatCx@?tv4#!nxntjYb-$D;DRyQ^eGL#Ca;&} zV&KO3G@qxbv6_BZkUK{?LraZ_EUd~2K04vS{OQ@wyliK#mg6kSb5eIY2QMzmE_bbW zOG>imuyRFOt~1BHFOOAfS?|_6 z^foe@rRkSxwrlzYy-g2=H;1=T>(I|@dM7uXqj@R3U+Z}z!`E{u)Ht;)BG9gf^e(+y zo-%Gf&kMJ3kA9g4&W5)dUv-7|=okCHW3Q&4^1a4)32N*{s1zdt!{k>^xYUn;E*{ zv_%BEc%nn{Lei*_BNAxlxQ*r(CfUiWFNOE^eQ`m02=6p{YL`3D8S7xJ&}IGd_ob~{ zKNH>^-cOd>!=ZoVu8#<|+DAo_{9w1eFjSlWrY(4-AT8LNKYDo28~wLF%N$=gYG7#P z14kl)`n>31o+Dw{s&qjlvpsNM(mcJ>+ymyO eV#u;R2)0GL>_YOflUcUw9p62d&}*fOqW%XFL%P`j delta 3778 zcmYk+dvH|c8OQN=Hx~jV1aikjIe}atCL#CBDi}h-B_K3f1s?GPbeW(LbmoLxI+IEdBm=4>P=z=X~Dx zcA~T@2k#=Q^E2%ubEWWCK<(K8WS`3)Br? zqOM;+T`O@Nmg0WYiyYJ*`4Bbpf1_rcPC0b`KGeioP)qnkI`!9ur#Ybue~0W7bJe{- zJ4z2O#%gRvT{nUSIEH2T5iY?*>Z-(QaXAK26?qH!Gw*RAC-W&<_#f3@8D(-+9#*3= z-GNNj3?a`p$52ai7Rk+gfE3MKcGW|4T`FpG6{8YahI(!va;Z6qs@OPcVxNcTuwTq9 zwy@SR3pr)#Q3>pD?MH2*QPfhrffoJ=_292iiKTFn?k`04sab(%gX~qI2Go81 zu0O;o#+Oh_IgjiwdqQMLN10{wZFOQbw&E!y7ZbyD8!#93RdixKzJeq83D#kNtTfXz zxD`Ldby&uZeH5QW?UBzg4sT*C?>BMWr3(_#!U5cd$B|^sb<|AKnWi>X6MAt7Rgq!b zfp4KElE6vLa1qwwYTSf}Z~#BXwYZrL5Nf4!icT@c@FP%%6{s8bV3Nm}-{T96Kjx#| zh<#kF&2s_k@k>-`%c%PU*nuTDf%oATxD1Op`Ayu7%kg{(-~UEBH#s3U@@;$rUva&H z&5TzteLdL5M*IvP#zKCb^q^tv#b4p`SjjqRFZ>qUFq*PyNp|4|{52|(ZYK-gZ7w3kGBMPf?P98t9L!GC z`IE?_%td4_W@cUFCpff%4$EVL7%n}Mi@Ac~5|cjr$_yh_GiOk1{wa=P9s^xBhN?&$ zWg5iQsEWRWd>|%;Psoox)OD{S+bLwG>F5Os)Ugh$k!PE|xEgP^)xruk0BlsXr;#SOA6Pef$suB~}t3~^Y4u2-FHuB(c+|5{T(IyF?D)J7h zLSG{}nGLLu5<808r0-(^T4Z@Yu0x$afrWS(Rp|`=c{i@Xa^7$H>Ga_n*oj$egm2^1 zsF{6^o3WTrJjuLEGbBJgoRMzhhiG^t&&ynheTRX>R2vuq%d?s>GN$1@*&Y>T4$AR0<574h5yhOF;&;ARS zI~vu>BbaB=PpG7K5EgNJdy>J+#4h(_7HVIp#Y6}nU*wqYj=zs5h#nlL+2@Xum{tLBkuSXchY&>9rR)`v7OjWEFjc&5;KX}#5Q6du|xAs zp>wM}=yvK|n_So965_iApL2NEv)RL~$Tib77Ecmo#Bm~8IPNL!=xz&k^|bVNvrZx4qEv@9puo_50fy*xM4b?CoibY68KQc7MCc?ekfEyMn#_)AmZlbaoYAy+k8?5o zY*cKQzbn`~=scRa$>U6CU5d6p%FcI67G`*(s#+`Tbvca*Wkn@5MWrQHX}PbY#{NN0 zrhBHsDl73-mOAg|G{o4s|lASol%gVJu!K1@~4yIQwOZcv8lsT2d0i# zlRumM@uV{~G&QXM*cWQ5ZC}B{XwA)j?f&`p*~aA9NcwhNb6Gh1tpzuuozqL}y!Ot@ zT<0g{95c?>rZ>_k*2xMKN}ln+YQYr O_H)fm&awyANB, 2011. -# Yuri Kozlov , 2011, 2012. +# Yuri Kozlov , 2011, 2012, 2013. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6b4\n" +"Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-14 20:51+0400\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-04 20:56+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" @@ -38,14 +38,6 @@ msgstr "не удаётся восстановить реестр" msgid "internal error, tried to emalloc(0)" msgstr "внутренняя ошибка, попытка выполнить emalloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "не удаётся выделить память" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "внутренняя ошибка, попытка выполнить emalloc2(0)" @@ -71,76 +63,86 @@ msgstr "внутренняя ошибка, попытка выполнить ere msgid "internal error, tried to erecalloc(0)" msgstr "внутренняя ошибка, попытка выполнить ereсalloc(0)" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "неподдерживаемый групповой источник «%s» в %s, строка %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "некорректное максимальное значение для групп «%s» в %s, строка %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "не удалось выполнить вызов stat %s" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s не является обычным файлом" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s принадлежит пользователю с uid %u, а должен принадлежать пользователю с uid %u" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "доступ на запись в %s разрешена всем" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "доступ на запись в %s разрешена группе" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "не удаётся открыть %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Неизвестный сигнал" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "модулю политик не удалось инициализировать сеанс" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "не удаётся создать дочерний процесс" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "не удаётся создать сокеты" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "не удаётся создать канал" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "ошибка select" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "не удаётся создать восстановить метку tty" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "не удаётся удалить PRIV_PROC_EXEC из PRIV_LIMIT" @@ -150,148 +152,176 @@ msgstr "не удаётся удалить PRIV_PROC_EXEC из PRIV_LIMIT" msgid "unable to allocate pty" msgstr "не удаётся выделить pty" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "не удаётся создать канал" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "не удаётся перевести терминал в «сырой» режим" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "не удаётся установить управляющий tty" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "ошибка чтения из сигнального канала" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "ошибка чтения из канала" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "ошибка чтения из пары сокетов" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "неожиданный тип ответа в резервном канале: %d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "ошибка в %s, строка %d, при загрузке модуля «%s»" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s должен принадлежать пользователю с uid %d" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s должен быть доступен на запись только владельцу" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "не удаётся выполнить dlopen для %s: %s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "не удаётся найти символ «%s» в %s" + +#: src/load_plugins.c:201 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: не удаётся найти символ %s" +msgid "unknown policy type %d found in %s" +msgstr "найден неизвестный тип политики %d в %s" -#: src/load_plugins.c:112 +#: src/load_plugins.c:207 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: неизвестный тип политики %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "найдена несовместимая основная версия модуля %d (ожидалась %d) в %s" -#: src/load_plugins.c:116 +#: src/load_plugins.c:216 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: несовместимая основная версия политики %d, ожидалась %d" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "игнорируется модуль политики «%s» в %s, строка %d" -#: src/load_plugins.c:123 +#: src/load_plugins.c:218 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: может быть загружен только один модуль политики" +msgid "only a single policy plugin may be specified" +msgstr "может быть задан только один модуль политики" -#: src/load_plugins.c:200 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "игнорируется повторный модуль политики «%s» в %s, строка %d" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "игнорируется повторный модуль ввода-вывода «%s» в %s, строка %d" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "модуль политики %s не содержит метод check_policy" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: обнаружено переполнение" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "не удаётся открыть сокет" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "аргумент для -C должен быть числом, которое больше или равно 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "неизвестный пользователь: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "параметры «-i» и «-s» являются взаимоисключающими" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "параметры «-i» и «-E» являются взаимоисключающими" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "параметр «-E» не действует в режиме редактирования" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "переменные окружения нельзя определять в режиме редактирования" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "параметр «-U» можно использовать только с параметром «-l»" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "параметры «-A» и «-S» являются взаимоисключающими" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit не поддерживается на этой платформе" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Можно указать только параметры -e, -h, -i, -K, -l, -s, -v или -V" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -300,7 +330,7 @@ msgstr "" "%s — редактирование файлов от имени другого пользователя\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -309,7 +339,7 @@ msgstr "" "%s — выполнение команд от имени другого пользователя\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -318,103 +348,103 @@ msgstr "" "\n" "Параметры:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "использовать вспомогательную программу для ввода пароля\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "использовать указанный тип проверки подлинности BSD\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "выполнить команду в фоновом режиме\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "закрыть все дескрипторы файлов >= fd\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "выполнить команду с указанным классом входа в систему\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "сохранить пользовательскую среду при выполнении команды\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "редактировать файлы вместо выполнения команды\n" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "выполнить команду от имени указанной группы\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "установить для переменной HOME домашний каталог указанного пользователя\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "показать справку и выйти\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "запустить оболочку входа в систему от имени указанного пользователя\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "полностью удалить файл timestamp\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "объявить недействительным файл timestamp\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "вывести список команд, доступных пользователю\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "автономный режим без не вывода запросов пользователю\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "сохранить вектор группы вместо установки целевой группы\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "использовать указанный запрос пароля\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "создать контекст безопасности SELinux с указанной ролью\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "читать пароль из стандартного ввода\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "запустить оболочку от имени указанного пользователя\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "при выводе списка показать привилегии пользователя\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "выполнить команду (или редактировать файл) от имени указанного пользователя\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "показать сведения о версии и выйти\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "обновить временную метку пользователя без выполнения команды\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "прекратить обработку аргументов командной строки\n" @@ -503,257 +533,262 @@ msgstr "не удаётся определить принудительный р msgid "unable to setup tty context for %s" msgstr "не удаётся настроить контекст tty для %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "не удаётся установить для контекста exec значение %s" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "не удаётся установить для контекста создания ключа значение %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "укажите не менее одного аргумента" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "не удаётся выполнить %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "достигнут лимит управления ресурсами" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "пользователь «%s» не является членом проекта «%s»" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "вызывающе задание — последнее" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "не удалось присоединиться к проекту «%s»" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "для проекта «%s» не существует пула ресурсов, принимающих привязки по умолчанию" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "у проекта «%s» нет указанного пула ресурсов" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "не удаётся подключиться к пулу ресурсов по умолчанию проекта «%s»" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "setproject завершилась с ошибкой для проекта «%s»" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "предупреждение: назначение контроля за ресурсами завершилось с ошибкой для проекта «%s»" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo версия %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Параметры настройки: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "фатальная ошибка, не удалось загрузить модули" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "не удаётся инициализировать модуль политики" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "ошибка инициализации модуля ввода-вывода %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "неожиданный режим sudo: 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "не удаётся получить вектор группы" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "неизвестный uid %u: кто вы?" -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s должен принадлежать пользователю с uid %d и иметь бит setuid" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "эффективный uid не равен %d, возможно, %s находится в файловой системе, смонтированной с битом «nosuid» или в файловой системе NFS без прав суперпользователя?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "эффективный uid не равен %d, программа sudo установлена с битом setuid и принадлежит root?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "достигнут лимит управления ресурсами" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "пользователь «%s» не является членом проекта «%s»" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "вызывающе задание — последнее" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "не удалось присоединиться к проекту «%s»" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "для проекта «%s» не существует пула ресурсов, принимающих привязки по умолчанию" - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "у проекта «%s» нет указанного пула ресурсов" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "не удаётся подключиться к пулу ресурсов по умолчанию проекта «%s»" - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "setproject завершилась с ошибкой для проекта «%s»" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "предупреждение: назначение контроля за ресурсами завершилось с ошибкой для проекта «%s»" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "неизвестный класс входа %s" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "не удаётся назначить контекст пользователя" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "не удаётся назначить дополнительные идентификаторы групп" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "не удаётся назначить эффективный gid на runas gid %u" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "не удаётся назначить gid на runas gid %u" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "не удаётся назначить приоритет процесса" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "не удаётся изменить root на %s" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "не удаётся изменить на runas uid (%u, %u)" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "не удаётся сменить каталог на %s" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "неожиданное условие завершения потомка: %d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "модуль политики %s не содержит метод «check_policy»" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "модуль политики %s не поддерживает списка прав" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "модуль политики %s не поддерживает параметр -v" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "модуль политики %s не поддерживает параметры -k/-K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "Не удалось изменить uid на root (%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "ошибка модуля: отсутствует список файлов для sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: не обычный файл" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: неполная запись" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s осталось неизменным" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s не изменено" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "не удаётся записать в %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "содержимое сеанса редактирования сохранено в %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "не удаётся прочесть временный файл" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "нет tty и не указана программа askpass" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "не указана программа askpass, попробуйте задать значение в SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "не удаётся назначить gid равным %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "не удаётся назначить uid равным %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "не удаётся выполнить %s" @@ -773,6 +808,12 @@ msgstr "не удаётся выполнить dup2 для стандартно msgid "unable to restore stdin" msgstr "не удаётся восстановить стандартный ввод" +#~ msgid "unable to allocate memory" +#~ msgstr "не удаётся выделить память" + +#~ msgid ": " +#~ msgstr ": " + #~ msgid "internal error, emalloc2() overflow" #~ msgstr "внутренняя ошибка, переполнение emalloc2()" diff --git a/src/po/sl.mo b/src/po/sl.mo index 95cfc4e99a61176227812b54efb97cda975ed30f..d0bcacb61de33459937427554286abe7cd6c668b 100644 GIT binary patch delta 4689 zcma*oeQ;FO8OQOnfe=6m1WkB12SVN?8xs-|2&ia80u%$Z2=%41$zGDX+3aq2H>)Aa z(khCURP2IUA)>Tn|8T0s6>A-9#}3y1V{0i^2RpRY(Y98t%v9|-gZBH|y>wEUvEIqE zpL6cZd3nycH+Kv^y~CG2Id$wl!*Ph1P1F?{^Cw(3kspqyCmEyS&u}gt#TtAYOK@_r zG3Vo4oQ^Fx13R$-UGMrZPNjYb=i?EaX-wLjpwPmJ5Aj^An{3Q@T!Q29axB7Ccn+?| zGQ1x7GfA(08?K_hAE)43NR#Fx)W8clsR32vVqAl>=-=E%p_vm8;RW~#R^q=3$wV;ZpqHIQDs5J&J5 z{58(PBJ!*mRCumLrLxa+4{G2?JYUBu>b}xks!a`+Q*Xz4*o|qW{&ouO_;b7nedKom zHewxK?|Bz013$%P{3kZye5SAGHsd1Pg?j!uul^2df|d=UjyIr|WMDe^SIX|=gi`gC zci|*z#>$%?W~1&~jk?c8_Mf@OyM7SW@JrZ=AE555VTUP`>u@0sVJ$v}8t7{?$-h!u zOmCbsYmrHrUbL7-{>(%CD3#BmM*b#}EK|rU!&uEM)Y3E~lQo->?3A$0LC1Zt)SaUZ^by6;-@ybAXqb1)}RsrK;@$u-uq9o6sF1>|2h?(!}? z?s*LPGavGE3C?9fSKt<0ijQC$zJXfXIea9vWF4sb5bF6yJdYu_noqs@0>0mBXHz}- z*Mk{OFbVT3`+kHP$V;AoMGe5mtVo)fk8}0@Z=#?t*C5Wo`%t^~Fsk8~z4LFQI@Hdy zP>btvHEK-{pqA!EY{z$zWS9nang+BLm5JS`J(k7X`~L<7tVI(Kj7P?gxL+%KBF2^mz0piRt(JL??vz_SF`s>iFzDwMr z%BW)!y)~jFVc@VW6;|T4O0I`E8CUz4#s?`7e#MQ(eVt}Y8 zt|Zv7#v!!1bZjN=&6V;$Yv3zhy=c_=xL1B~)HyAqj<4l0-FQ8bzKfsL#7aW1#T~?% z@y-r=knL}T+KH@S$`$kf#i1xi!s>xgd)R+-5HW(cGWR_w!B#>aAssDw%uSwm<6h!sqS8BeEl%~yGx0lK`Foyou}x)- z>LFr~(2*ea6TO5!9+Qc06BiKY5jtw~n55?!w3qf}ODEm$n_QWgXetwJHXjo+CyQsF zljx1cllI2An{={~$u}2Nakb8d-H2l=gZ9Q=H|*GOG!S$nJvJ5|=y4-n3c!n@A`n$zI29>F#y9`)UBgZ*96u-8krcGf#%r+ITs4#si|aAt6sBHOeek{F1^SS|*h z8=p-?2jboI!-9N%l#A`mf-$XKjhT(}Rx~&H8=CzM3vFXVTXO^DhK7mjI{h1*l&h5Z zuVCfc?81h|{CzF9VM$w4<~Q^F6P7eKE$`_MxZzA;#S=3&`&T*+zNn44i9jUeWQVGLP_QaxgEWzJ`dsC#CKXR4**v+m z2(f5!_l1YUQ5%ffNFWyIb8J8JjReAh9yQT#Q;B3C)yMsb?3~&TUpf{IrlKJy;^wb7 zeYs6Y%m3R?iVo^+zBAW$F{Ze)EuJ)IKOTz*Qf@fn=KA=*trX^($^6bgZOfPIFyd?r z#s^+_E*x@G0UHl&3%f^$m4N?Fj2%iAjt&RRTFdQcgG&NO2(& z2&J5(!=Zpp^bN#Z-TH;o&OW%{USH;PWo>q$zsQ$4;V;SD;;+drssH}3lN`7#|< v#p9~An^M{1O`&m_?yAxPo60n|Ep3W8WGcqDBIU-t?%1JU++Cz?M!|moAzsdb delta 3822 zcmYk<3vg7`9mnyrNeB>uNX!cY=Efuh3EAuh^0YjvyaXRb3Wy@@l3iiRW^deG0^#8X zZG#4(*lmJht(~f4wKHYt#f}|24jqN59qe?lb}U6Reav(mi#lr2(#Q1s+dY}#O#b(C z?%i|G{h!CZ46h9O4i2Q>FDV!?l&6SU#ODRZyp883bD&gCHKqt>U=7ycTwH7a|>+wU~!7RC^b1#UZ>Fe}~*^{){y|-+V$vnU?Tt2ex4qy0{Pz;q`bL>v0S< z0}~kjUi4!-zJw0`1uHP0;p)CBoQ+-BfOn&2Xi)NebKG7yg-YbNs02Q>=hLpsU2j26 z-3IGkR6;+ro<+^TKd>4nvMx7Z18Rm><1KgqoAC^$8>#%0%6zOT%Z=m?T*&zlF2Gk& zH++n0U(LL>;u;L%0n~#$)E@Z*YUE#{MqI&k==u`Wz(S}c++V@`tKm<$poYIe_KEq_ zHqeez$9`OQ$$^~AU(vxUntx?fMXNd3 zj>>ckGFUT+^le5_OLGFr&Ag3Fn)%SGPSmapwYmJLL>8g?O(IRrany{xj2hVA(^S|m zrid-9wVZ`qGB=|V*kVngHqkI@DSnI&zKiPkU#P@NX{7t-Bm2~>LM6HhX=38YpE<-q zOPPL=ibLfcR0o$)Gcb*H(Jl`lm&_*Q&+Ou$L`P90_$BJTF;pU7*y|3a)-8_Pt zf!9%+^nKLG3+e23Y(_1~ew>6yu#o4QV^kL74^T7l9{TYMmEPkqx<+T2#WT?0Fi~de5Ju!k_sg2W<);Y4dE;gd?~P)$RkN zPjfxfq^VzyOr8l_527CU5~|%fd;K$OIqRqXJ5fs+naBIDH9Bf9ylxwOWSvQCeVA6D zZcK7e`)80o&3V*J{RdZLBaQFGeq4fQk)KQ<>!a7M1v@Z|8qm{C%zuE&c`op0^68Cd zn;`1?X4C@@qc+WH)aLpdYA=*>lAS43qU%soJ&2w7JZi6u+21dtUdLKG*OGUnsc7nV zp%QooX=C0(t@(ek6=#!v_5rB#LDU0&j(S@@K`qHtveoN2A9epSRN`UO$R9!NfnTBa zPWnqK>Y#)Vz1FN5wWb@a1E>zakLu_YY6S11ru-5r;ST0gGqD|4;1OiIn0HWb(f?2n zE+u=lTZ1H!HV@<~<`C+^&m%dRU!ykDzfm8c+1#y+Z$gc9J(gk0ULQt1@HuqwEnJHq zp_X)Mdv0lZ@D|RGVypiB|2-9DRK)yf1_H?PnvJL>8A2`5DeFa4y8`B4HljA!U099} zBF{7<$mE!FsDw>dZqHPs2G)V4Jm1_yg&d5Fy5R-XCi)X9F>_PSIkiRC~nzcNlUE^Oyp-=`|L>q{ltAl4^d61e3O_=TtjRo_7Yn({!%LAWu2|uY+Y@=4R0j&5G#pI#McNF zy`m~rIkNv}I8I&PkSB;5Lf?r_Lgjv9MYg5`TlQgCMU)e5gvvppBwOP(!aia>G0}T@ z>Jz?TG~Vs@_JvZ>t+9yH=f`A%eaU!*$~33HO!Ts$jt zUwLgu%ngMjVN;*%a+2HKM9SHfh^8Xh^PTaKx=Xpv{n2>XNe=XGbz@F_GW%oZWKDU# z>2kb>i}&Su{*uYQXD5~Vyyh~$&l@hE;`7c`oX9Wijr6*S0dHH?MxQq}>q0^1Voie= zxS=vHzisQn%$mC8Q(Kw>9ZkW26I{?0=*T=>S2ZPfWr5Su(iP0SQP))D?{SmS#L{iO zyE9kne&(I6|IpVJkL(F2cAj}Hwj5C>q@g2EQXQsE$sJDaUDRJG^pGc<0`;13> z)QyIIso~i?@4~#5zRdZi60f;wuFuQ(M||G8zyzQ7c<_V#Np5dE8siSHyY&}7Z%O;T Pg_&0u1wChRW#0b*mXF35 diff --git a/src/po/sl.po b/src/po/sl.po index ea42d93..a7c1010 100644 --- a/src/po/sl.po +++ b/src/po/sl.po @@ -3,20 +3,21 @@ # This file is distributed under the same license as the sudo package. # # Damir Jerovšek , 2012. -# Klemen Košir , 2012. +# Klemen Košir , 2012 - 2013. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6b4\n" +"Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-13 22:13+0100\n" -"Last-Translator: Klemen Košir \n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-06 09:33+0100\n" +"Last-Translator: Klemen Košir \n" "Language-Team: Slovenian \n" "Language: sl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.5.5\n" #: common/aix.c:150 #, c-format @@ -37,14 +38,6 @@ msgstr "ni mogoče obnoviti vpisnika" msgid "internal error, tried to emalloc(0)" msgstr "notranja napaka, poskus uporabe emalloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "ni mogoče dodeliti pomnilnika" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "notranja napaka, poskus uporabe emalloc2(0)" @@ -70,76 +63,86 @@ msgstr "notranja napaka, poskus uporabe erealloc3(0)" msgid "internal error, tried to erecalloc(0)" msgstr "notranja napaka, poskus uporabe erealloc(0)" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "nepodprt vir skupine %s v datoteki %s v %d. vrstici" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "neveljavna največja skupina %s v datoteki %s v %d. vrstici" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "stanja datoteke %s ni mogoče izpisati" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s ni običajna datoteka" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s je v lasti uporabnika z ID-jem %u, moral bi biti %u" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "v datoteko %s lahko zapisujejo vsi uporabniki" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "ni mogoče odpreti %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Neznan signal" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "vstavek za pravilnik ni mogel zagnati seje" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "ni mogoče razvejiti" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "ni mogoče ustvariti vtičev" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "ni mogoče ustvariti cevi" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "izbira je spodletela" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "ni mogoče obnoviti oznake tty" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "ni mogoče odstraniti PRIV_PROC_EXEC iz PRIV_LIMIT" @@ -149,148 +152,176 @@ msgstr "ni mogoče odstraniti PRIV_PROC_EXEC iz PRIV_LIMIT" msgid "unable to allocate pty" msgstr "ni mogoče dodeliti pty" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "ni mogoče ustvariti cevi" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "ni mogoče postaviti terminala v surov način" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "ni mogoče nastaviti nadzora tty" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "napaka med branjem iz cevi signala" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "napaka med branjem iz cevovoda" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "napaka med branjem iz para vtičev" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "nepričakovana vrsta odgovora na ozadnem kanalu: %d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "v datoteki %s (vrstica %d) je prišlo do napake med nalaganjem vstavka %s" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s mora biti v lasti ID-ja uporabnika %d" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s mora biti zapisljiv samo za lastnika" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "ni mogoče uporabiti dlopen %s: %s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "ni mogoče najti simbola '%s' v %s" + +#: src/load_plugins.c:201 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: ni mogoče najti simbola %s" +msgid "unknown policy type %d found in %s" +msgstr "neznana vrsta pravilnika %d v %s" -#: src/load_plugins.c:112 +#: src/load_plugins.c:207 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: neznana vrsta pravilnika %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "nezdružljiva različica vstavka %d (pričakovana %d) v %s" -#: src/load_plugins.c:116 +#: src/load_plugins.c:216 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: nezdružljiva glavna različica pravil %d, pričakovana %d" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "vstavek pravilnika %s v datoteki %s v %d. vrstici bo prezrt" -#: src/load_plugins.c:123 +#: src/load_plugins.c:218 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: naložen je lahko le en vstavek pravilnika" +msgid "only a single policy plugin may be specified" +msgstr "naložen je lahko le en vstavek pravilnika" -#: src/load_plugins.c:200 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "podvojeni vstavek pravilnika %s v datoteki %s v %d. vrstici bo prezrt" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "podvojeni vstavek I/O %s v datoteki %s v %d. vrstici bo prezrt" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "vstavek pravilnika %s ne vključuje načina check_policy" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: zaznana je bila prekoračitev" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "ni mogoče odpreti vtiča" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument k -C mora biti številka, večja kot ali enaka 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "neznan uporabnik: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "možnosti `-i' in `-s' ne smeta biti navedeni hkrati" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "možnosti `-i' in `-E' ne smeta biti navedeni hkrati" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "možnost `-E' ni veljavna v načinu urejanja" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "v načinu urejanja se ne sme podati spremenljivk okolja" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "možnost `-U' se lahko uporabi samo z možnostjo `-l'" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "možnosti `-A' in `-S' se ne smeta uporabljati hkrati" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit ni podprt v tem okolju" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Od -e, -h, -i, -K, -l, -s, -v ali -V je lahko navedena samo ena možnost" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -299,7 +330,7 @@ msgstr "" "%s - urejaj datoteke kot drug uporabnik\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -308,7 +339,7 @@ msgstr "" "%s - izvedi ukaz kot drug uporabnik\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -317,103 +348,103 @@ msgstr "" "\n" "Možnosti:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "uporabi program pomagalnik za pozive za vnos gesla\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "uporabi navedeno vrsto urejanja BSD\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "zaženi ukaz v ozadju\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "zapri vse opisnike datotek >= fd\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "zaženi ukaz z navedenim prijavnim razredom\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "ohrani okolje uporabnika, kadar se izvajajo ukazi\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "namesto izvedbe ukaza uredi datoteke\n" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "izvedi ukaz kot navedena skupina\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "nastavi spremenljivko HOME kot cilj v domači mapi uporabnika\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "prikaži sporočilo pomoči in končaj\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "zaženi lupino prijave kot ciljni uporabnik\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "popolnoma odstrani datoteko s časovnimi žigi\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "razveljavi veljavnost datoteke s časovnimi žigi\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "prikaži razpoložljive ukaze uporabnika\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "nevzajemni način, ne bo poziva uporabnika\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "ohrani vektor skupine namesto nastavitve tarči\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "uporabi določen poziv za vnos gesla\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "ustvari varnostno vsebino SELinux z določeno vlogo\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "preberi geslo s standardnega vnosa\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "zaženi lupino kot ciljni uporabnik\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "med naštevanjem prikaži določena dovoljenja uporabnika\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "zaženi ukaz (ali uredi datoteko) kot določen uporabnik\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "prikaži podrobnosti različice in končaj\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "posodobi časovni žig uporabnika brez izvajanja ukaza\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "zaustavi obdelovanje argumentov ukazne vrstice\n" @@ -502,257 +533,262 @@ msgstr "ni mogoče določiti načina vsiljenja" msgid "unable to setup tty context for %s" msgstr "ni mogoče nastaviti vsebine tty za %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "ni mogoče nastavite izvedene vsebine k %s" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "ni mogoče nastaviti vsebine ustvarjenja ključa k %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "zahteva vsaj en argument" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "ni mogoče izvršiti %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "meja omejitve virov je bila dosežena" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "uporabnik \"%s\" ni član projekta \"%s\"" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "priklicana naloga je končna" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "ni mogoče pridružiti projekta \"%s\"" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "nobene zaloge virov, ki sprejemajo privzete vezi, ne obstajajo za projekt \"% s\"" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "določen vir zalog ne obstaja za projekt \"%s\"" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "ni mogoče vezati na privzet vir zalog za projekt \"%s\"" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "setproject je spodletel za projekt \"%s\"" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "opozorilo, naloga nadzora virov je spodletela za projekt \"%s\"" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo različica %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Nastavitev možnosti: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "usodna napaka, ni mogoče naložiti vstavka" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "ni mogoče začenjati vstavka pravilnika" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "napaka med začenjanjem I/O vstavka %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "nepričakovan način sudo 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "ni mogoče pridobiti vektorja skupine" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "neznan ID uporabnika %u: kdo ste?" -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s si mora lastiti uporabnik z ID-jem %d and mora imeti nastavljen bit setuid" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "trenutni ID uporabnika ni %d. Ali je %s na datotečnem sistemu z nastavljeno možnostjo \"nosuid\" ali datotečnem sistemu NFS brez dovoljenj skrbnika?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "trenutni uid ni %d. Ali je sudo pravilno nameščen?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "meja omejitve virov je bila dosežena" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "uporabnik \"%s\" ni član projekta \"%s\"" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "priklicana naloga je končna" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "ni mogoče pridružiti projekta \"%s\"" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "nobene zaloge virov, ki sprejemajo privzete vezi, ne obstajajo za projekt \"% s\"" - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "določen vir zalog ne obstaja za projekt \"%s\"" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "ni mogoče vezati na privzet vir zalog za projekt \"%s\"" - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "setproject je spodletel za projekt \"%s\"" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "opozorilo, naloga nadzora virov je spodletela za projekt \"%s\"" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "neznan razred prijave %s" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "ni mogoče nastaviti vsebine uporabnika" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "ni mogoče nastaviti dopolnilnih ID-jev skupin" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "ni mogoče nastaviti učinkovitega ID-ja skupine, da se zažene kot ID skupine %u" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ni mogoče nastaviti ID-ja skupine, da se zažene kot ID skupine %u" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "ni mogoče nastaviti prednosti opravil" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "ni mogoče spremeniti skrbnika v %s" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ni mogoče spremeniti ID uporabnika zaženi kot (%u, %u)" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "ni mogoče spremeniti mape v %s" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "nepričakovan pogoj uničenja podrejenega opravila: %d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "vstavek pravilnika %s ne vključuje načina check_policy" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "vstavek pravilnika %s ne podpira navajanja dovoljenj" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "vstavek pravilnika %s ne podpira možnosti -v" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "vstavek pravilnika %s ne podpira možnosti -k/-K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "ni mogoče spremeniti ID-ja uporabnika v skrbnika (%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "napaka vstavka: manjka seznam datotek za sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: ni običajna datoteka" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: kratko pisanje" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s je ostalo nespremenjeno" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s nespremenjeno" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "ni mogoče pisati v %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "vsebina seje urejanja je ostala v %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "ni mogoče brati začasne datoteke" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "prisotnega ni nobenega tty in določen ni noben program askpass" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "določenega ni nobenega programa askpass, poskusite nastaviti SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "ni mogoče nastaviti ID skupine v %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "ni mogoče nastaviti ID uporabnika v %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "ni mogoče zagnati %s" @@ -771,12 +807,3 @@ msgstr "ni mogoče uporabiti dup2 za stdin" #, c-format msgid "unable to restore stdin" msgstr "ni mogoče obnoviti stdin" - -#~ msgid "internal error, emalloc2() overflow" -#~ msgstr "notranja napaka, prekoračitev emalloc2(0)" - -#~ msgid "internal error, erealloc3() overflow" -#~ msgstr "notranja napaka, prekoračitev erealloc3(0)" - -#~ msgid "%s: at least one policy plugin must be specified" -#~ msgstr "%s: naveden mora biti vsaj en vstavek pravilnika" diff --git a/src/po/sudo.pot b/src/po/sudo.pot index 4f3731d..c483174 100644 --- a/src/po/sudo.pot +++ b/src/po/sudo.pot @@ -1,13 +1,13 @@ -# SOME DESCRIPTIVE TITLE. +# Portable object template file for sudo # This file is put in the public domain. -# FIRST AUTHOR , YEAR. +# Todd C. Miller , 2011-2013 # #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6\n" +"Project-Id-Version: sudo 1.8.7\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -35,14 +35,6 @@ msgstr "" msgid "internal error, tried to emalloc(0)" msgstr "" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "" @@ -68,76 +60,86 @@ msgstr "" msgid "internal error, tried to erecalloc(0)" msgstr "" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr "" - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "" @@ -147,266 +149,294 @@ msgstr "" msgid "unable to allocate pty" msgstr "" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 #, c-format -msgid "%s: unable to find symbol %s" +msgid "unable to find symbol `%s' in %s" msgstr "" -#: src/load_plugins.c:112 +#: src/load_plugins.c:201 #, c-format -msgid "%s: unknown policy type %d" +msgid "unknown policy type %d found in %s" msgstr "" -#: src/load_plugins.c:116 +#: src/load_plugins.c:207 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "" -#: src/load_plugins.c:123 +#: src/load_plugins.c:216 #, c-format -msgid "%s: only a single policy plugin may be loaded" +msgid "ignoring policy plugin `%s' in %s, line %d" msgstr "" -#: src/load_plugins.c:200 +#: src/load_plugins.c:218 +#, c-format +msgid "only a single policy plugin may be specified" +msgstr "" + +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "" "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" "Options:\n" msgstr "" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "" @@ -495,259 +525,264 @@ msgstr "" msgid "unable to setup tty context for %s" msgstr "" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "" -#: src/sudo.c:211 +#: src/solaris.c:88 #, c-format -msgid "Sudo version %s\n" +msgid "resource control limit has been reached" msgstr "" -#: src/sudo.c:213 +#: src/solaris.c:91 #, c-format -msgid "Configure options: %s\n" +msgid "user \"%s\" is not a member of project \"%s\"" msgstr "" -#: src/sudo.c:218 +#: src/solaris.c:95 #, c-format -msgid "fatal error, unable to load plugins" +msgid "the invoking task is final" msgstr "" -#: src/sudo.c:226 +#: src/solaris.c:98 #, c-format -msgid "unable to initialize policy plugin" +msgid "could not join project \"%s\"" msgstr "" -#: src/sudo.c:281 +#: src/solaris.c:103 #, c-format -msgid "error initializing I/O plugin %s" +msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "" -#: src/sudo.c:306 +#: src/solaris.c:107 #, c-format -msgid "unexpected sudo mode 0x%x" +msgid "specified resource pool does not exist for project \"%s\"" msgstr "" -#: src/sudo.c:400 +#: src/solaris.c:111 #, c-format -msgid "unable to get group vector" +msgid "could not bind to default resource pool for project \"%s\"" msgstr "" -#: src/sudo.c:452 +#: src/solaris.c:117 #, c-format -msgid "unknown uid %u: who are you?" +msgid "setproject failed for project \"%s\"" msgstr "" -#: src/sudo.c:782 +#: src/solaris.c:119 #, c-format -msgid "%s must be owned by uid %d and have the setuid bit set" +msgid "warning, resource control assignment failed for project \"%s\"" msgstr "" -#: src/sudo.c:785 +#: src/sudo.c:196 #, c-format -msgid "" -"effective uid is not %d, is %s on a file system with the 'nosuid' option set " -"or an NFS file system without root privileges?" +msgid "Sudo version %s\n" msgstr "" -#: src/sudo.c:791 +#: src/sudo.c:198 #, c-format -msgid "effective uid is not %d, is sudo installed setuid root?" +msgid "Configure options: %s\n" msgstr "" -#: src/sudo.c:860 +#: src/sudo.c:203 #, c-format -msgid "resource control limit has been reached" +msgid "fatal error, unable to load plugins" msgstr "" -#: src/sudo.c:863 +#: src/sudo.c:211 #, c-format -msgid "user \"%s\" is not a member of project \"%s\"" +msgid "unable to initialize policy plugin" msgstr "" -#: src/sudo.c:867 +#: src/sudo.c:268 #, c-format -msgid "the invoking task is final" +msgid "error initializing I/O plugin %s" msgstr "" -#: src/sudo.c:870 +#: src/sudo.c:293 #, c-format -msgid "could not join project \"%s\"" +msgid "unexpected sudo mode 0x%x" msgstr "" -#: src/sudo.c:875 +#: src/sudo.c:413 #, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgid "unable to get group vector" msgstr "" -#: src/sudo.c:879 +#: src/sudo.c:465 #, c-format -msgid "specified resource pool does not exist for project \"%s\"" +msgid "unknown uid %u: who are you?" msgstr "" -#: src/sudo.c:883 +#: src/sudo.c:802 #, c-format -msgid "could not bind to default resource pool for project \"%s\"" +msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "" -#: src/sudo.c:889 +#: src/sudo.c:805 #, c-format -msgid "setproject failed for project \"%s\"" +msgid "" +"effective uid is not %d, is %s on a file system with the 'nosuid' option set " +"or an NFS file system without root privileges?" msgstr "" -#: src/sudo.c:891 +#: src/sudo.c:811 #, c-format -msgid "warning, resource control assignment failed for project \"%s\"" +msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "" -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "" diff --git a/src/po/tr.mo b/src/po/tr.mo new file mode 100644 index 0000000000000000000000000000000000000000..1d4430b8acca08a73694ab825f99bc2343a68c5c GIT binary patch literal 16424 zcmbW7eUM#eUB^$6(z=wlQc7tloKlt~vNzc@ePf%xrfCRinvhLG0c&#h-m`a4@44q( z&dY9gtANOxK$R*LEG&+Z%@HX%~a4+~w@U`H@;5{J!yu$r{JGhtM9|oTb{xisw-VZ_T`&=GsKbyeo!F}Lm z;M>8g!HJU?TfrZJKKKd_^+IqDsPV_Z%fUB;o4|)b z(PPcw;|~85)P62}zUOTRuLZS_1@LFUN5GrFKLxeV^B}VNU+HiUC^~i=z8}=SKj-ip z;4Aoj&I>G^H-j(b_b%{dU=tMG-wEyl{}9{;o&#}T32q0czy`IB&fa>=U=!2gDC6`|XwU2Ls zn*T)zjrMU1D0;mS)Vb~l5jF2qp!oa8p!W4`Q2Tf~#1UQ!^2nP8#gDr{AAB>Yc~64c z-xooR|0@s?_x=sket!b874IU1MDuJ1#m57n58elA{KKH=@L5p$@ikEWe*!Xvce!u( zxf9g>=Rl2n2dI5K0_yqaL7nRxpyv55sB>J*US`bW_Z*m{_cwr&hgtVK0a?m>C%7B@l*1o_qVG;q-@3h+Ac zcR|U)KZ2$oi!j972WsEw6cNvTB z0q+ELz7K%f$7lKP`QW!f@$r8^o$nepqw&WJ1bO;O~Q?-}gX`e<_F3IyZnmxCE;Ihd}M)lc4DKHBfZ;0eBI3K8M$OmxG$` zI#By;yXWr(FX8vcL7neQ?)l$?8vi3ubiM%M=sZ&(Tk>Yz@Ao?VG${K1EeJ`yXR=w1 zy9E@zjyrrCh^g^@2Sil8KLN$}CqVJ#3XIW(;2u!tdINYF_%2ZT_uKCISHMg8{a>ID zUUZ{f{~A#9wn4pr5abBnr$FiHcR=xd$4z$K7O4HaA5^-CCH#Pe-VulI z12x|&DEay^cn+wuzmq1KJw$tirjJiU6un=k=_B0|-(E<2J58T+X-nptjj?pjchg=< zJD>JJnm&mI6Q{h6?<{RTvBO)yg7! zWA1w!?7HuZ;Qh3xyWc=ucy^N5kG#KCVkK+rTsEZ^7u^JFVLoFv$TV>pQHU0Z9h%2uTRT@ z@u@3(zmnFYp?=0rJP*8%CR?G;wHCY+4u2K=0PW{#lkV9YLFueM(z*AVZ=UyS4zB=b z-1m=y%kFy)ewemE!>pP-=563hXwRqVv&Di}IIQ3;e0fkmCJyw9C{6O232!p@8-Cb| z3V%L|!`u(}m!!o)nE7QMW)oG96JfI~LO<}EX}23Bt@S%L7lNc6w){Al3*%gqN4ek5 z(z53-Wl<5##i4u18cddj?J^EBv-Z%7#UPGatd$huiNd`}mlCF)TlPy{O_o!BzL1tN zPeOjVK1*rFlloe5IA8c>(oI{@d=$3SuUqDYMx{x-EUda~ZY`1xbsAcAc>M4y2-or# zg2m8>e10Al+UFdU<*Q~a6Gt9?Oy)EGqzF_4ky=01?DutvG^2B8h1qrJ?MjpRs9k29 z#_`mQKA@we2~X$EZW`f~-&mkUw0*RgmeUsfH1iurtI>WpFeJ%)VbjuUwrr*TVwmL! zjG6jK(n+9_pGWN^h`nZ<=Ey}H8z%a#FmGm2uSm1pzv)JQzBS<)E+$2;y%xv>#!j`&$)T!31rchCm7h%xS;j=PHqNF`gq6sgYpXVqMG9zI@Sww=#)|9>?GMd!V zHD6|$uHCZ4Yg3Zu4B6xuCm9nbgT%kJ`1-yX`>L1>W2F z;FTFVpQT;D7xlvRo?Dqa^Xs(P35#A3WnSnER?S=)t*qqQTBQkZK49NQ;M$^K+&Wen zoxvN?HVK!EfJj)!-xSL|sGv6x%r^&`Lf>WYB+DX;J8m!lTB6Mx%E@s z;DnW@+=%=b{}R(poGv0vN)dE>MnxyQIKmal(Qd-;E+UIYWSr3A1tdAg3=!vpW{7L3 zD2sh83_H9e#TR#aL7vO{wX>i*uxV3%ku6Jm3klrpk=qX(yLEQo!CPl%HEh_l2F+%O z3z1+t(<@WV?_8!Y$9|6)U*;&Vr#&VL6Z|KhC3~ zfo4D6tes{PPHmmzIGa|v<|uLI+ITk4a5%$D*;sB7$ulmX@7gL6L$iw@!<249c>ALy z;C`4aMp>G4B`He_VS-dCrWC!Lyia&?0=`6ZPnPK3Z9%SjH&xz z*L@nApscSy#!ifziM&XAQf>^G(aY*6CU&U!qU}2kt>Pf3RyYjepke{3CNe7&Z+S+n z8@FyUHs^R_wu*xgd}22fM-o!y#@8T?q%&^F?y6_Ch_&Dl-Ec@2$@M(a@2M%PT*1s~ zcwn~>SG~-r>M-(fja~gjBk+^5JBJRm5iXpiUyvs$Ttiavn{?h`hDXU_+L1yOSafZ0 zK2nH12qcUblOO37%eBWguMi`RVlHb&qLINk*TIBYu+=i$Em0Lng05=cv2yWE|_0u17(+H~xxQ~Rm#ko+N&`I6IfVd9h#wk$Lm zuVLK~XEdsErzS|0QYq0G-i*4{P3y?I3O>(%&A#m(ahtVC9aYDlJjrp)xS&+Iz$PT4 zGgvl{K9!Mc&DEYF6NpjR#cKuxC}PmiTVvu69@=~K*ug^wb{*S&_wHTR8<=Nz?%lul z@KAp&3>mOvi7`M!LV&q49Vj>8p|iT`RIf&bsd_H58{XE}!yFIIpDXDfoq>>uDv6<$ zOCxJj$TmCwgB3*KhonYt2bp2pshrVH{g^CAW|HLhPd}>Pn#@fxHt@-(?u3ZCR9Fda zMd0<87?IJD9Xji;$cW@;?69)*aVYmJaj=@O_x8HA&?&6Fum&>=mW;I+S;v{Dv4cti ztL+aDp)^%ft#R2Q{vabC+6v~sxnQiIlP6P(7$2&-lF9$f@P7W(BvqF5%lP%_ib_FY zNA1hV8w7>{-|`MRv9KYe2I1XI`=O)WaGXRwc5Tx+vd;;dRS zSB(@QC(9WkHPQ=oYdI}%?oTUfs!GL!fseLabFtO&b<)_f*OKefU_y^UCM0ia3KZkz z5&D`!49r7`wxAjcG3sFNjzEJXV#0&^ z{lLa{q)JDXmOz5=z7bV%P(QlK&w2>u23I*;cSt>Iui{9my7h3$Y)&QBYG>4S<>ACB zD`L5K(2}mPx79dmYl)OGRb$$|_4=*X&267J6e@#i?9VYtjoZq0-Z-4j_zOkRo7uK) zX=!PzdT(9Ix6Scx;^2Y9ja|+vHEu_$X8fzBx9@07U)`9#%HKXcbM-Xer>E)II20~M zDmRYy+u?72)y($oubkdazdK128i%tW$%!yig!^b3cZkvUge%D2&c(Qsv{$lQ+Ferg zt;DZ4F(PS~)CL=e!=O9kA1<>_lrQ)@+ez6dvPQZ6s^AteHs5N+18TIxtw~r6hR%?k zPwd~jfA@eU+qX_n>{8V`VLJ#cT_}KWBkqlo8+?>M!w}whj(X`?fEck?52*R zgnh=pp0e}A!MMzVxN!&ZGKGVL9GRc_joWWfjfbx{PTw$bcVkaT!P}ns&a|TnT?kXI zneZlN!_`mlvJ<21?i!$#=F0&E`?XUf8CfR=J7pXP$=azV-&0-%9ly1DdL>LKrn*sc zQRa8jZdsHYjavOgzoP!O7?>JwNs>@WPrg! zgo{eF88ae{sZOn(vh!n+&$K0mgysZ}ICC5?=&<>g9h?WPkm|PPpBrAXenv=JEywDu zr?B5Jj@aWg(LX^gemfa}0<>y3?=HseF1 zJg`*ldan<9;&%eksJ64QzGz1Fx@3b3j>QmZ;EJO@C~1*aIMO3Bhz4}Z3gS>JQnRv6 z`ReIx^>o+QbwNo7uc}F;CNx<#;K*|J~vCyESu?mbDXnvQ&EJF~sTr)Nm@whN4 zNRZbTf7HS%HNu_`E=U~PrO-n%Jg^iwW*Qw8?TxG~Ymq!!fvO!@G^_l^wCHlh^1L>v z8*wReR{Jt8&uNuOp+)y@Xclm=3Of?rghP4yxnWWzjHej)&0%@m2oisQ{W~^lU_O+HD>!2(?(*?_> z@t4lT*M&=_+S$E2ld0|wE?T%d#KtVtkqG84rp5P%DHZqcRx$;{08$6;oZw^`@ zC|x52LvN~Unk}eSA^{y981`>yHhiz!nKN`Ch%+}cPx5}p<}-J2_c4PGhPG|v^rgkY zN`Q(HHq5E0)wi>Cp3(y!-wL{Ik-%y=Uu47w^T=sWc(r(k*8@}Jf)N|&^j&}=KxA&6 ziyTXExS02-rciv0A@0aU4$D{CWL@jj&>fDmXOt(kXZVAF57~X^Fcy$v6N3eHUqLi) zrJa)_1#r^Db)5hKBHXenqtw_4RJTMWWVxSgi^dYh;bSMGu87}>dQ(H@+S*$Dx*R%N z51N5IhK+)Xkh15nQd9(Rj@jv1WwLA*VM@0~Rnfy7$7M~lA%3p#XJpbTW6SHeB3KH% zDt5vui9P(-IFqTtPJFoW5%Sy^EB@wzjq})8nekEfc4sL3IEz7xRltJhdh$i=kw$KM z);p99J}Sq6@wapvr8?$7;(!vYc-)4B^KjlofHengBJstrQxHSoQ7}K9G%HaN8|&9C zzVkjc<)QqI&{-X`!+HT}qmgBI=cBq+){2~`;cqV#*DDwwR#$1M&(#&7r9JC6;0A->19JFq@xmnzF8)TlNK+dhGoXT+TGJ!*}r9ic$I3C_bGxnt}7>u zpt*6XE3_nyh?(+MCE|*;SG zQ5DwG*XA;4I`&6w%~NU%>pWlKuL)tJWu40rjrFh7VyoA`rE*@)O=~KogPW@1mvTzO z2C~1K;VY~0VHj-uj!6$}7@Jd}ObLRmr>+jg?E331#mV-ReL*u$y`S3E!f*au1cocn zmd&*#7Xs#iW3$=fx{0WX%-vjWJw^Y0_fUoT_MHvp6^eXQfEY>HDI6w(IDMEex2 zJy8C;@iF^O!9^;=Q&~|Nex`zLYi?vsQ9Ej))utFlp4I2W;0|jObv}ROn#*~x;oVyw zU6rnIWc}=~QaEWT{&M_{xt3b*g;;G_OmI9t?#%LOXT*iJ6t%hyR8%wSMskXzkUvrr za__a8>0|V#3MFtl!*<1{(I&8{6rBot?dGe}beGE4SnlFKU4_+z%2utaZbK8R?&l2D z$ZSL1p4$4T+X8jNzA-U|v#O$uEOTZhaAt{Q7b#M~r%8FLR>7#wL%2NHD-kGiF|tN! zLVv8^0yR(Lf~r8SFOTb5*E7v##vl@W_G%oHRI7hF<5>u?CG zF*-&0(IyWS5j0*(rU=Fr4EvgIb6{Jy3;1hdoSLE{>(La>P#VEbx4hcj+9v#decZB& zZQMSZqL%G!vJg9~?%V8DhN$bw5xY8}ImBpmRqtR7nVq(lxR0gkwJGbwuk^!Q)A2)f zww0Uf^VfPCUvykGhe1SRikVh?6kRC-I8%OXvPVVrLq3aQBH==96%zxF2j|4!5@4ml zHpb^qTdG`(VxFrg%DEE;>XJ`x-drn8c(oW%cX}@Eq7ac0QaReK(|2ecV$Z6Jcw$qf zp%{|rD8y*F2&`mBqQy`bD}f`4gUOr6jF?OMRc~Xhs<1pxDO+B&DNw&qU~cnFh&c!o zjb, 2013. +msgid "" +msgstr "" +"Project-Id-Version: sudo 1.8.7b1\n" +"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-03 19:11+0100\n" +"Last-Translator: Volkan Gezer \n" +"Language-Team: Turkish \n" +"Language: tr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Lokalize 1.5\n" + +#: common/aix.c:150 +#, c-format +msgid "unable to open userdb" +msgstr "userdb açılamıyor" + +#: common/aix.c:153 +#, c-format +msgid "unable to switch to registry \"%s\" for %s" +msgstr "\"%s\" kaydına %s için geçiş yapılamıyor" + +#: common/aix.c:170 +#, c-format +msgid "unable to restore registry" +msgstr "kayıt geri yüklenemiyor" + +#: common/alloc.c:82 +msgid "internal error, tried to emalloc(0)" +msgstr "dahili hata, emalloc(0) denendi" + +#: common/alloc.c:99 +msgid "internal error, tried to emalloc2(0)" +msgstr "dahili hata, emalloc2(0) denendi" + +#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187 +#, c-format +msgid "internal error, %s overflow" +msgstr "dahili hata, %s taşması" + +#: common/alloc.c:120 +msgid "internal error, tried to ecalloc(0)" +msgstr "dahili hata, ecalloc() denendi" + +#: common/alloc.c:142 +msgid "internal error, tried to erealloc(0)" +msgstr "dahili hata, erealloc() denendi" + +#: common/alloc.c:161 +msgid "internal error, tried to erealloc3(0)" +msgstr "dahili hata, erealloc3() denendi" + +#: common/alloc.c:185 +msgid "internal error, tried to erecalloc(0)" +msgstr "dahili hata, erecalloc() denendi" + +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "`%s' desteklenmeyen grup kaynağı, %s içinde, satır %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "`%s' geçersiz azami grubu, %s içinde, satır %d" + +#: common/sudo_conf.c:382 +#, c-format +msgid "unable to stat %s" +msgstr "%s durumlanamıyor" + +#: common/sudo_conf.c:385 +#, c-format +msgid "%s is not a regular file" +msgstr "%s düzenli bir dosya değil" + +#: common/sudo_conf.c:388 +#, c-format +msgid "%s is owned by uid %u, should be %u" +msgstr "%s, %u kullanıcı kimliği tarafından sahiplenmiş, %u olmalı" + +#: common/sudo_conf.c:392 +#, c-format +msgid "%s is world writable" +msgstr "%s genel yazılabilir" + +#: common/sudo_conf.c:395 +#, c-format +msgid "%s is group writable" +msgstr "%s grup yazılabilir" + +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 +#, c-format +msgid "unable to open %s" +msgstr "%s açılamıyor" + +#: compat/strsignal.c:50 +msgid "Unknown signal" +msgstr "Bilinmeyen sinyal" + +#: src/exec.c:127 src/exec_pty.c:685 +#, c-format +msgid "policy plugin failed session initialization" +msgstr "oturum başlatma için ilke eklentisi başarısız" + +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 +#, c-format +msgid "unable to fork" +msgstr "çatallanamıyor" + +#: src/exec.c:259 +#, c-format +msgid "unable to create sockets" +msgstr "soket oluşturulamıyor" + +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 +#, c-format +msgid "select failed" +msgstr "seçim başarısız" + +#: src/exec.c:449 +#, c-format +msgid "unable to restore tty label" +msgstr "tty etiketi geri yüklenemiyor" + +#: src/exec_common.c:70 +#, c-format +msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" +msgstr "PRIV_LIMIT'ten PRIV_PROC_EXEC kaldırılamıyor" + +#: src/exec_pty.c:183 +#, c-format +msgid "unable to allocate pty" +msgstr "pty ayırma başarısız" + +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "iletişim tüneli oluşturulamıyor" + +#: src/exec_pty.c:676 +#, c-format +msgid "unable to set terminal to raw mode" +msgstr "uçbirim ham kipine ayarlanamıyor" + +#: src/exec_pty.c:1042 +#, c-format +msgid "unable to set controlling tty" +msgstr "tty denetleme ayarlaması başarısız" + +#: src/exec_pty.c:1139 +#, c-format +msgid "error reading from signal pipe" +msgstr "sinyal tünelinden okuma hatası" + +#: src/exec_pty.c:1160 +#, c-format +msgid "error reading from pipe" +msgstr "tünelden okuma hatası" + +#: src/exec_pty.c:1176 +#, c-format +msgid "error reading from socketpair" +msgstr "sockerpair'den okuma hatası" + +#: src/exec_pty.c:1180 +#, c-format +msgid "unexpected reply type on backchannel: %d" +msgstr "backchannel'da beklenmeyen yanıt türü: %d" + +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "%s içerisinde, satır %d, `%s' eklentisi yüklenirken hata" + +#: src/load_plugins.c:72 +#, c-format +msgid "%s: %s" +msgstr "%s: %s" + +#: src/load_plugins.c:81 +#, c-format +msgid "%s%s: %s" +msgstr "%s%s: %s" + +#: src/load_plugins.c:140 +#, c-format +msgid "%s must be owned by uid %d" +msgstr "%s, %d kullanıcı kimliği tarafından sahiplenmeli" + +#: src/load_plugins.c:146 +#, c-format +msgid "%s must be only be writable by owner" +msgstr "%s sadece sahibi tarafından yazılabilir olmalı" + +#: src/load_plugins.c:187 +#, c-format +msgid "unable to dlopen %s: %s" +msgstr "dlopen %s yapılamıyor: %s" + +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "%s içerisinde `%s' sembolü bulunamıyor" + +#: src/load_plugins.c:201 +#, c-format +msgid "unknown policy type %d found in %s" +msgstr "bilinmeyen ilke türü %d bulundu: %s içerisinde" + +#: src/load_plugins.c:207 +#, c-format +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "uyumsuz temel ilke sürümü %d bulundu (beklenen %d): %s içerisinde" + +#: src/load_plugins.c:216 +#, c-format +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "`%s' ilke eklentisi yoksayılıyor, %s içinde, satır %d" + +#: src/load_plugins.c:218 +#, c-format +msgid "only a single policy plugin may be specified" +msgstr "sadece tek ilke eklentisi belirtilebilir" + +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "yinelenmiş `%s' ilke eklentisi yoksayılıyor, %s içinde, satır %d" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "yinelenmiş `%s' G/Ç eklentisi yoksayılıyor, %s içinde, satır %d" + +#: src/load_plugins.c:313 +#, c-format +msgid "policy plugin %s does not include a check_policy method" +msgstr "%s ilke eklentisi, bir check_policy yöntemi içermiyor" + +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 +#, c-format +msgid "load_interfaces: overflow detected" +msgstr "load_interfaces: taşma tespit edildi" + +#: src/net_ifs.c:226 +#, c-format +msgid "unable to open socket" +msgstr "soket açılamıyor" + +#: src/parse_args.c:197 +#, c-format +msgid "the argument to -C must be a number greater than or equal to 3" +msgstr "-C argümanı 3 veya daha büyük bir sayı olmalıdır" + +#: src/parse_args.c:286 +#, c-format +msgid "unknown user: %s" +msgstr "bilinmeyen kullanıcı: %s" + +#: src/parse_args.c:345 +#, c-format +msgid "you may not specify both the `-i' and `-s' options" +msgstr "`-i' ve `-s' seçeneklerini aynı anda belirtemezsiniz" + +#: src/parse_args.c:349 +#, c-format +msgid "you may not specify both the `-i' and `-E' options" +msgstr "`-i' ve `-E' seçeneklerini aynı anda belirtemezsiniz" + +#: src/parse_args.c:359 +#, c-format +msgid "the `-E' option is not valid in edit mode" +msgstr "düzenleme kipinde `-E' seçeneği geçerli değil" + +#: src/parse_args.c:361 +#, c-format +msgid "you may not specify environment variables in edit mode" +msgstr "düzenleme kipinde ortam değişkenlerini belirtemezsiniz" + +#: src/parse_args.c:369 +#, c-format +msgid "the `-U' option may only be used with the `-l' option" +msgstr "`-U' seçeneği sadece `-l' seçeneği ile kullanılabilir" + +#: src/parse_args.c:373 +#, c-format +msgid "the `-A' and `-S' options may not be used together" +msgstr "`-A' ve `-S' seçenekleri birlikte kullanılamaz" + +#: src/parse_args.c:456 +#, c-format +msgid "sudoedit is not supported on this platform" +msgstr "sudoedit bu platformda desteklenmiyor" + +#: src/parse_args.c:529 +#, c-format +msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" +msgstr "-e, -h, -i, -K, -l, -s, -v veya -V seçeneklerinden sadece biri belirtilebilir" + +#: src/parse_args.c:543 +#, c-format +msgid "" +"%s - edit files as another user\n" +"\n" +msgstr "" +"%s - dosyaları farklı kullanıcı olarak düzenle\n" +"\n" + +#: src/parse_args.c:545 +#, c-format +msgid "" +"%s - execute a command as another user\n" +"\n" +msgstr "" +"%s - bir komutu farklı kullanıcı olarak çalıştır\n" +"\n" + +#: src/parse_args.c:550 +#, c-format +msgid "" +"\n" +"Options:\n" +msgstr "" +"\n" +"Seçenekler:\n" + +#: src/parse_args.c:552 +msgid "use helper program for password prompting\n" +msgstr "parola istemi için yardımcı programı kullan\n" + +#: src/parse_args.c:555 +msgid "use specified BSD authentication type\n" +msgstr "belirtilen BSD yetkilendirme türü kullan\n" + +#: src/parse_args.c:558 +msgid "run command in the background\n" +msgstr "komutu arkaplanda çalıştır\n" + +#: src/parse_args.c:560 +msgid "close all file descriptors >= fd\n" +msgstr "tüm dosya tanımlayıcılarını kapat >= fd\n" + +#: src/parse_args.c:563 +msgid "run command with specified login class\n" +msgstr "komutu belirtilen oturum sınıfında çalıştır\n" + +#: src/parse_args.c:566 +msgid "preserve user environment when executing command\n" +msgstr "komutu çalıştırırken kullanıcı ortamını koru\n" + +#: src/parse_args.c:568 +msgid "edit files instead of running a command\n" +msgstr "komut çalıştırmak yerine dosyaları düzenle\n" + +#: src/parse_args.c:570 +msgid "execute command as the specified group\n" +msgstr "komutu belirtilen grup olarak çalıştır\n" + +#: src/parse_args.c:572 +msgid "set HOME variable to target user's home dir.\n" +msgstr "hedef kullanıcının ev dizinine HOME değişkeni ata.\n" + +#: src/parse_args.c:574 +msgid "display help message and exit\n" +msgstr "yardım iletisini göster ve çık\n" + +#: src/parse_args.c:576 +msgid "run a login shell as target user\n" +msgstr "hedef kullanıcı olarak bir oturum kabuğu çalıştır\n" + +#: src/parse_args.c:578 +msgid "remove timestamp file completely\n" +msgstr "dosyadan zaman damgasını tamamen kaldır\n" + +#: src/parse_args.c:580 +msgid "invalidate timestamp file\n" +msgstr "zaman damgası dosyasını geçersiz kıl\n" + +#: src/parse_args.c:582 +msgid "list user's available commands\n" +msgstr "kullanıcının kullanılabilir komutlarını listele\n" + +#: src/parse_args.c:584 +msgid "non-interactive mode, will not prompt user\n" +msgstr "etkileşimsiz kip, kullanıcı istemi yapılmayacak\n" + +#: src/parse_args.c:586 +msgid "preserve group vector instead of setting to target's\n" +msgstr "hedefe ayarlamak yerine grup vektörünü koru\n" + +#: src/parse_args.c:588 +msgid "use specified password prompt\n" +msgstr "belirtilen parola istemini kullan\n" + +#: src/parse_args.c:591 src/parse_args.c:599 +msgid "create SELinux security context with specified role\n" +msgstr "belirtilen görev ile SELinux güvenlik bağlamı oluştur\n" + +#: src/parse_args.c:594 +msgid "read password from standard input\n" +msgstr "parolayı standart girdiden oku\n" + +#: src/parse_args.c:596 +msgid "run a shell as target user\n" +msgstr "hedef kullanıcı olarak bir kabuk çalıştır\n" + +#: src/parse_args.c:602 +msgid "when listing, list specified user's privileges\n" +msgstr "listelerken, belirtilen kullanıcının haklarını listele\n" + +#: src/parse_args.c:604 +msgid "run command (or edit file) as specified user\n" +msgstr "belirtilen kullanıcı olarak komut çalıştır (veya dosya düzenle)\n" + +#: src/parse_args.c:606 +msgid "display version information and exit\n" +msgstr "sürüm bilgisini görüntüle ve çık\n" + +#: src/parse_args.c:608 +msgid "update user's timestamp without running a command\n" +msgstr "bir komut çalıştırmadan kullanıcının zaman damgasını güncelle\n" + +#: src/parse_args.c:610 +msgid "stop processing command line arguments\n" +msgstr "komut satırı argümanlarını işlemeyi durdur\n" + +#: src/selinux.c:77 +#, c-format +msgid "unable to open audit system" +msgstr "denetim sistemi açılamıyor" + +#: src/selinux.c:85 +#, c-format +msgid "unable to send audit message" +msgstr "denetim iletisi gönderilemiyor" + +#: src/selinux.c:113 +#, c-format +msgid "unable to fgetfilecon %s" +msgstr "fgetfilecon %s yapılamıyor" + +#: src/selinux.c:118 +#, c-format +msgid "%s changed labels" +msgstr "%s değişmiş etiket" + +#: src/selinux.c:123 +#, c-format +msgid "unable to restore context for %s" +msgstr "%s için bağlam geri yüklenemiyor" + +#: src/selinux.c:163 +#, c-format +msgid "unable to open %s, not relabeling tty" +msgstr "%s açılamadı, tty yeniden etiketlenemiyor" + +#: src/selinux.c:172 +#, c-format +msgid "unable to get current tty context, not relabeling tty" +msgstr "geçerli tty bağlamı alınamadı, tty yeniden etiketlenemiyor" + +#: src/selinux.c:179 +#, c-format +msgid "unable to get new tty context, not relabeling tty" +msgstr "yeni tty bağlamı alınamadı, tty yeniden etiketlenemiyor" + +#: src/selinux.c:186 +#, c-format +msgid "unable to set new tty context" +msgstr "yeni tty bağlamı alınamıyor" + +#: src/selinux.c:252 +#, c-format +msgid "you must specify a role for type %s" +msgstr "%s türü için bir görev belirtmelisiniz" + +#: src/selinux.c:258 +#, c-format +msgid "unable to get default type for role %s" +msgstr "%s görevi için öntanımlı tür alınamıyor" + +#: src/selinux.c:276 +#, c-format +msgid "failed to set new role %s" +msgstr "%s yeni görevi atanamadı" + +#: src/selinux.c:280 +#, c-format +msgid "failed to set new type %s" +msgstr "yeni tür %s atanamadı" + +#: src/selinux.c:289 +#, c-format +msgid "%s is not a valid context" +msgstr "%s geçerli bir bağlam değil" + +#: src/selinux.c:324 +#, c-format +msgid "failed to get old_context" +msgstr "old_context alınamadı" + +#: src/selinux.c:330 +#, c-format +msgid "unable to determine enforcing mode." +msgstr "zorlama kipini belirleme başarısız." + +#: src/selinux.c:342 +#, c-format +msgid "unable to setup tty context for %s" +msgstr "%s için tty bağlamı ayarlanamıyor" + +#: src/selinux.c:381 +#, c-format +msgid "unable to set exec context to %s" +msgstr "%s için exec bağlamı ayarlanamıyor" + +#: src/selinux.c:388 +#, c-format +msgid "unable to set key creation context to %s" +msgstr "%s için anahtar oluşturma bağlamı ayarlanamıyor" + +#: src/sesh.c:57 +#, c-format +msgid "requires at least one argument" +msgstr "en az bir argüman gerektirir" + +#: src/sesh.c:78 src/sudo.c:1126 +#, c-format +msgid "unable to execute %s" +msgstr "%s çalıştırılamıyor" + +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "kaynak denetim sınırına ulaşıldı" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "\"%s\", bir \"%s\" projesi üyesi değil" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "çağırılan görev son" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "\"%s\" projesine katılamadı" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "\"%s\" projesi için hiçbir kaynak havuzu varsayılan atamaları kabul etmiyor" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "belirtilen kaynak havuzu \"%s\" projesi için mevcut değil" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "\"%s\" projesi için öntanımlı kaynak havuzu atanamadı" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "\"%s\" projesi için setproject başarısız" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "uyarı, \"%s\" projesi için kaynak denetim ataması başarısız" + +#: src/sudo.c:196 +#, c-format +msgid "Sudo version %s\n" +msgstr "Sudo sürüm %s\n" + +#: src/sudo.c:198 +#, c-format +msgid "Configure options: %s\n" +msgstr "Yapılandırma seçenekleri: %s\n" + +#: src/sudo.c:203 +#, c-format +msgid "fatal error, unable to load plugins" +msgstr "ölümcül hata, eklentiler yüklenemiyor" + +#: src/sudo.c:211 +#, c-format +msgid "unable to initialize policy plugin" +msgstr "ilke eklentisi başlatılamıyor" + +#: src/sudo.c:268 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "G/Ç eklentisi %s başlatılırken hata" + +#: src/sudo.c:293 +#, c-format +msgid "unexpected sudo mode 0x%x" +msgstr "beklenmeyen 0x%x sudo kipi" + +#: src/sudo.c:413 +#, c-format +msgid "unable to get group vector" +msgstr "grup vektörü alınamıyor" + +#: src/sudo.c:465 +#, c-format +msgid "unknown uid %u: who are you?" +msgstr "bilinmeyen kullanıcı kimliği %u: kimsiniz?" + +#: src/sudo.c:802 +#, c-format +msgid "%s must be owned by uid %d and have the setuid bit set" +msgstr "%s, %d kullanıcı kimliği tarafından sahiplenmeli ve setuid biti ayarlanmış olmalı" + +#: src/sudo.c:805 +#, c-format +msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" +msgstr "etkin kullanıcı kimliği %d değil, %s 'nosuid' seçeneği ayarlanmış bir dosya sisteminde veya yetkisiz haklara sahip bir NFS dosya sisteminde mi?" + +#: src/sudo.c:811 +#, c-format +msgid "effective uid is not %d, is sudo installed setuid root?" +msgstr "etkin kullanıcı kimliği %d değil, sudo setuid root ile mi yüklendi?" + +#: src/sudo.c:915 +#, c-format +msgid "unknown login class %s" +msgstr "bilinmeyen \"%s\" oturum sınıfı" + +#: src/sudo.c:929 src/sudo.c:932 +#, c-format +msgid "unable to set user context" +msgstr "kullanıcı bağlamı ayarlama başarısız" + +#: src/sudo.c:944 +#, c-format +msgid "unable to set supplementary group IDs" +msgstr "ek grup kimlikleri ayarlanamıyor" + +#: src/sudo.c:951 +#, c-format +msgid "unable to set effective gid to runas gid %u" +msgstr "etkin grup kimliği, runas gid %u olarak ayarlanamıyor" + +#: src/sudo.c:957 +#, c-format +msgid "unable to set gid to runas gid %u" +msgstr "grup kimliği, runas gid %u olarak ayarlanamıyor" + +#: src/sudo.c:964 +#, c-format +msgid "unable to set process priority" +msgstr "süreç önceliği ayarlanamıyor" + +#: src/sudo.c:972 +#, c-format +msgid "unable to change root to %s" +msgstr "kök %s olarak değiştirilemiyor" + +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 +#, c-format +msgid "unable to change to runas uid (%u, %u)" +msgstr "runas uid (%u, %u) olarak değiştirilemiyor" + +#: src/sudo.c:1005 +#, c-format +msgid "unable to change directory to %s" +msgstr "%s dizinine değiştirilemiyor" + +#: src/sudo.c:1089 +#, c-format +msgid "unexpected child termination condition: %d" +msgstr "beklenmeyen alt sonlandırma şartı: %d" + +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "%s ilke eklentisi, bir `check_policy' yöntemi içermiyor" + +#: src/sudo.c:1159 +#, c-format +msgid "policy plugin %s does not support listing privileges" +msgstr "%s ilke eklentisi listeleme yetkilerini desteklemiyor" + +#: src/sudo.c:1171 +#, c-format +msgid "policy plugin %s does not support the -v option" +msgstr "%s ilke eklentisi -v seçeneğini desteklemiyor" + +#: src/sudo.c:1183 +#, c-format +msgid "policy plugin %s does not support the -k/-K options" +msgstr "%s ilke eklentisi -k/-K seçeneklerini desteklemiyor" + +#: src/sudo_edit.c:110 +#, c-format +msgid "unable to change uid to root (%u)" +msgstr "kullanıcı kimliği yetkili (%u) olarak değiştirilemiyor" + +#: src/sudo_edit.c:142 +#, c-format +msgid "plugin error: missing file list for sudoedit" +msgstr "eklenti hatası: sudoedit için eksik dosya listesi" + +#: src/sudo_edit.c:170 src/sudo_edit.c:270 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: düzenli bir dosya değil" + +#: src/sudo_edit.c:204 src/sudo_edit.c:306 +#, c-format +msgid "%s: short write" +msgstr "%s: kısa yazım" + +#: src/sudo_edit.c:271 +#, c-format +msgid "%s left unmodified" +msgstr "%s düzenlenmemiş olarak bırakıldı" + +#: src/sudo_edit.c:284 +#, c-format +msgid "%s unchanged" +msgstr "%s değiştirilmemiş" + +#: src/sudo_edit.c:296 src/sudo_edit.c:317 +#, c-format +msgid "unable to write to %s" +msgstr "%s dosyasına yazılamıyor" + +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 +#, c-format +msgid "contents of edit session left in %s" +msgstr "düzenleme oturumu içerikleri %s içinde bırakıldı" + +#: src/sudo_edit.c:314 +#, c-format +msgid "unable to read temporary file" +msgstr "geçici dosya okunamıyor" + +#: src/tgetpass.c:89 +#, c-format +msgid "no tty present and no askpass program specified" +msgstr "tty bulunmuyor ve askpass programı belirtilmemiş" + +#: src/tgetpass.c:98 +#, c-format +msgid "no askpass program specified, try setting SUDO_ASKPASS" +msgstr "askpass programı belirtilmemiş, SUDO_ASKPASS ayarlamayı deneyin" + +#: src/tgetpass.c:230 +#, c-format +msgid "unable to set gid to %u" +msgstr "grup kimliği %u olarak ayarlanamıyor" + +#: src/tgetpass.c:234 +#, c-format +msgid "unable to set uid to %u" +msgstr "kullanıcı kimliği %u olarak ayarlanamıyor" + +#: src/tgetpass.c:239 +#, c-format +msgid "unable to run %s" +msgstr "%s çalıştırılamıyor" + +#: src/utmp.c:278 +#, c-format +msgid "unable to save stdin" +msgstr "stdin kaydedilemiyor" + +#: src/utmp.c:280 +#, c-format +msgid "unable to dup2 stdin" +msgstr "dup2 stdin yapılamıyor" + +#: src/utmp.c:283 +#, c-format +msgid "unable to restore stdin" +msgstr "stdin geri yüklenemiyor" + +#~ msgid "unable to allocate memory" +#~ msgstr "bellek ayırma başarısız" + +#~ msgid ": " +#~ msgstr ": " diff --git a/src/po/uk.mo b/src/po/uk.mo index 67f509f14f0418ad74ce5a8d1c7700fb6b9f683c..977d1fd46cd936e090eccc32b000c9a7f852ee64 100644 GIT binary patch delta 4962 zcmb8wdvH|c8OQN=!zJMwArLO%av*oyz-|&kj8u?I5i2BMy#Pfn$wC&A?3ztL#Ighs z(2Ag|qH?Dl$6`wZOCSV8W~iO%A38l-wbQAVYMEZZ*21)2+L@Mqe`gP!40dXLXP^DN z=j^$>@AE$A?3=H8-ap}qUL4%>c|$u&j3T_fjQI^t?aLRfeSk6Qp2cza1{UD&aS)~t zG-e2n!{JzlBd`*)G3frj3kS1(6mzf*M;a3~zoJvdj!&>ZdeeQkPy?yO33veS zz@K6krjlpPAlr2gDwS(p_n-#e=K3DyvF#b^q}mkVShi>4c&x^#Qoo(fOzgx-=pnzi zq947u)b&YJ2F_q9{sl`ghw1CQ2XQj)M4f-$-M)gFphbb`#tTtP(mb5}D`k7xp;VoA zf4GR6vGP^~qfp1)jXExf)Sr3A{rwQ?!f)Xeyox%mfC^J4tFRb1Vj&(!4fK~I$-h!O zkh`(Z%tIz+YSF?d@-c_`QYv3Zjrb2=2d`4~0g>&RHl5Gq9%@}t(W5-r?_y1;%^CQhNAl3$>Xzm8nOjJA>k zor;>kO4NCeqXu#S*&j9SbTqT~P#5|$Y9^UnU2Eq>?SBASRrvM`hKsqs`H+q-Je6rah|6&rp2eN`chrox zP`YXO686TUn2O)Wes}`4RGr8wn9JzHKHR+#D^LUeA?o)ZV{|&5OLXR74rgz}I-HHy zPy?DmK9}PjyjS~i0nX;xypDTuqvW+%j~S%#acsf6FqKg(!Yb7H$8a_N%SZk-!c~;| z*Kn`vySSL`4D!{24Y&rc;yt*8x6U$r74N__-bV9qj_dO{pY2Po#gi#uwp&~i7+`x` zS(HBlIy+bpjqq)(z@jOn8*5P+`3UD?xI8(a4%7gr-j-bZy{L?QireunF0vMXhO6-Q z+l{#ok75KrM@_6QO6BRmk5MUEOd52f3pf+|Gd<0$3U%Rw_%P;9GiEF9#XB);I>+Er zoPo#jS-gf1;5H6gg72dSQqDn|K=f%kO2uXT7FKfCCj0>|#c{Ke#TZ4F-E<+7G=D-p zEqN5m9=soQqd%bbPy2fE1r|cp))CZsmr>Q9&CYy1|BLCcjAjdJEl;Cr;S*ekB~*|y za18aBevVjx8xB~mL-pW`5R_OU}r9(ZKk5Drl z$5mM#Gaq%~CvgIvL_X%%d@%_#fl+-AAI56Tq~b`Lc@%f!d2GP>mC2`|6B&c)%{uA$ z1-OL!n>IQ+aS#!gsLnPKm0EwbQsQai8EtfH1L%`wr?H&QOGg{ZQoTAf73nUb zr#5JMiqsAf!-?L6mQTgEnHWesMX2TJ{x1?r{~n^5m`JF=$_b@i#izE4c){r>zHmhv|$W`V(6Ty)e{{5c$M- zVkL2-`RJ$~?j&;DotdtBbXBC3R`S0AXKDS9(ostxZY5OtYNLrY#7hKqO)FQ+_qL!FUq!U|+F+>KT zR+z+jO}kwO)zb6vp#xs@q~}KZn%qc*m5jczivvgXi`0f1o2>PX!KOgGA^owGJbv|B zb-{*!m0M%2uMO4(th&&Onqb3fD_qySI@n+>&yD2AKO8jJ6J6a9YSa%k&EdLW^@^r| zHFr{F_roj>?{+;C{Nfqm5T|bVzfQXO(8@^u7jDo{9jXtnXbP@m-0pbmSF8y&TI&Lh zkzk17)K~?9N5X;Xra%oFh1RN2b3=`Do%q$kJv?Kr`W25@s~bbj;fOQUn{E;RD5K01 z`^UiSJ`pYwTonw|#I2zNJj~MyMy&c^B%+iw)dsBP)wO}@wab#j&W~*xni((3{85ki zrz2*11_ilkWJCSRP@Q|1cwyF+p2OTZHf;zy3vgp_u~e(%)`m!PILvY}aA$m0B-Gqk z&3#yqn@3r0jZEn=Wu-rM-}u?ZB}Kl{B44rP_f?eo==*$qt162Y2G#|YlA>9xT!mHa z^CyohvHT_9eRI6WQyPCO`$~^5ludd;aqK`rR(wq1h+abyTb%_?Y) zHfhvE`;6UcpCmdHTlhY0x7nTacU#V3r|edCci64gh1YT;7tY11CV68+%7@3-PCS<4 zOT1vmIr=o=WcSAQR`cg|M@)6dCz&S z|3kdp?YnWt7rYZ6dBjlOB9e)(B8|C;H)6O@Mh!J)5RS$aOvMZ=$2bh&2yDku*omX@ zEKbDh-tV7bJZ=9l`oIJnV@%MLQYqxdG8}>jFdC0x6rR8WdlV~H1T|- zL$etDSciH(fKTCW9F8{fs`(?PFuwVmie?(mufhh%DyCsSY6k|e{B4+t zMfhX1@Gd4|1k2TXNjMfuF&&>n?NFO!d~@8paSk<+-=Ze)rPm(zn0r4LwROuqx1lEV zw&yQVJMdQ=j{`ZE37C%B;RX04wqq9l0)tbj{FBNwOi6H8@-*ht-i>*93H8F?QO}QO zUkh*{=3qN&pfD;&{(xHf*QgaIvK_i#hFVw^>Ih#>WdHTxPq?86e}m+S`OC9?Z|t`KXaW6b29hP!hdW3HKQb+nuJBDnXW<> zYub>$O(*JT&LVR&H<3*<_dV5#o=ZR_S0-vAkE8l+MjkcCQ9IUyTG%H+D&&h9L<;LH zlaX6yHfjQ^JX=snv=4O@XVAirP#ymZHL(#qr1z&Gd1~gPCR&L+Vj7TtW6q~Eq4VOs534>y;z6Z(l?Q@%oWtxe~dG5AhXvF%|X4_;`t*i zqy?}it)|6R90dbbtc2vukYdv9FIp)pW_A8XY(2QF^Oeo<2Y=> z3e-Zbq2BulXW`d44@;Q+PHe}y7{y>g&2$l!)p#10=m-87EXEc1KYSOrNk-p=8JQ#& zzK50g5cS?-_I*8`Monxem&b9Y=XTUi{TydvLJr^mx2Y`Un~*2)Y5d%?jD4=4{hH?; zTu3{Uze*Z-E0*H#aRT77k zgZMUTyc}ks`@y|b*llwWl_d93FXpj4Wp_QM<0)j9%?;Fjm%?LO(mw| z5!7dS88zUak*-Vu32+Lx<62Bv;2zm7e4X}nY+!s-Nk;LG`89IS#LAilmVXN2%$t(d5t(m3{gWx`=3EH z5FD3#9ypX3M{FT>5Kj+7_;-7zd?*L}C`7~}R@ q{M=>ts`WZgb%xsKC4_Izx#tgkm@^_AGrxCmXz, 2011, 2012. +# Yuri Chornoivan , 2011, 2012, 2013. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.6b4\n" +"Project-Id-Version: sudo 1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-13 21:36+0300\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-03 13:36+0300\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Lokalize 1.5\n" +"X-Generator: Lokalize 1.4\n" "Plural-Forms: nplurals=1; plural=0;\n" #: common/aix.c:150 @@ -36,14 +36,6 @@ msgstr "не вдалося відновити регістр" msgid "internal error, tried to emalloc(0)" msgstr "внутрішня помилка, спроба виконання emalloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "не вдалося отримати потрібний об’єм пам’яті" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "внутрішня помилка, спроба виконання emalloc2(0)" @@ -69,76 +61,86 @@ msgstr "внутрішня помилка, спроба виконання ereal msgid "internal error, tried to erecalloc(0)" msgstr "внутрішня помилка, спроба виконання erecalloc(0)" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "непідтримуване джерело групи, «%s», у %s, рядок %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "некоректна максимальна кількість груп, «%s», у %s, рядок %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "не вдалося виконати stat для %s" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s не є звичайним файлом" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s належить uid %u, має належати %u" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "Запис до «%s» можливий для довільного користувача" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "Запис до «%s» може здійснювати будь-який користувач з групи" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "не вдалося відкрити %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Невідомий сигнал" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "не вдалося виконати ініціалізацію сеансу через додаток правил" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "не вдалося створити відгалуження" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "не вдалося створити сокети" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "не вдалося створити канал" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "спроба виконати select зазнала невдачі" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "не вдалося відновити позначку tty" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "не вдалося вилучити PRIV_PROC_EXEC з PRIV_LIMIT" @@ -148,148 +150,176 @@ msgstr "не вдалося вилучити PRIV_PROC_EXEC з PRIV_LIMIT" msgid "unable to allocate pty" msgstr "не вдалося розмістити pty" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "не вдалося створити канал" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "не вдалося перевести термінал у режим без обробки" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "не вдалося встановити tty для керування" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "помилка під час спроби читання з каналу сигналів" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "помилка під час спроби читання з каналу" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "помилка під час спроби читання з пари сокетів" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "неочікуваний тип відповіді на зворотному каналі: %d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "помилка у %s, рядок %d під час спроби завантаження додатка «%s»" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s має належати користувачеві з uid %d" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s має бути доступним до запису лише для власника" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "не вдалося виконати dlopen для %s: %s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "у %2$s не вдалося знайти символ «%1$s»" + +#: src/load_plugins.c:201 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: не вдалося знайти символ %s" +msgid "unknown policy type %d found in %s" +msgstr "у %2$s виявлено невідомий тип правил, %1$d" -#: src/load_plugins.c:112 +#: src/load_plugins.c:207 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: невідомий тип правил %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "несумісна основна версія додатка, %d, (мало бути %d) у %s" -#: src/load_plugins.c:116 +#: src/load_plugins.c:216 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: несумісна основна версія правил %d, мало бути — %d" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "ігноруємо додаток правил, «%s», у %s, рядок %d" -#: src/load_plugins.c:123 +#: src/load_plugins.c:218 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: можна завантажувати лише єдиний додаток правил" +msgid "only a single policy plugin may be specified" +msgstr "можна визначати лише один додаток обробки правил" -#: src/load_plugins.c:200 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "ігноруємо повторний запис додатка правил, «%s», у %s, рядок %d" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "ігноруємо повторний запис додатка введення-виведення, «%s», у %s, рядок %d" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "до додатка правил %s не включено метод check_policy" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces: виявлено переповнення" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "не вдалося відкрити сокет" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "аргументом параметра -C mмає бути число не менше за 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "невідомий користувач: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "не можна одночасно вказувати параметри «-i» і «-s»" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "не можна одночасно вказувати параметри «-i» і «-E»" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "не можна використовувати «-E» у режимі редагування" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "не можна вказувати змінні середовища у режимі редагування" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "параметр «-U» можна використовувати лише разом з параметром «-l»" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "параметри «-A» і «-S» не можна використовувати одночасно" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "підтримки sudoedit для цієї платформи не передбачено" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Можна використовувати лише такі параметри: -e, -h, -i, -K, -l, -s, -v та -V" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -298,7 +328,7 @@ msgstr "" "%s — редагувати файли від імені іншого користувача\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -307,7 +337,7 @@ msgstr "" "%s — виконати команду від імені іншого користувача\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -316,103 +346,103 @@ msgstr "" "\n" "Параметри:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "використовувати допоміжну програму для запитів щодо пароля\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "використовувати вказаний тип розпізнавання BSD\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "виконати команду у фоновому режимі\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "закрити всі дескриптори файлів >= fd\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "виконати команду з вказаним класом доступу\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "зберегти середовище користувача на час виконання команди\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "редагувати файли замість виконання команди\n" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "виконати команду від імені вказаної групи користувачів\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "встановити для змінної HOME значення домашнього каталогу вказаного користувача.\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "показати довідкове повідомлення і завершити роботу\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "запустити оболонку для входу до системи від імені вказаного користувача\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "повністю вилучити файл часового штампу\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "позбавити чинності файл часового штампу\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "показати список доступних користувачеві команд\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "неінтерактивний режим, не просити користувача відповідати на питання\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "зберегти вектор групи, не встановлювати вектор вказаного користувача\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "використовувати вказаний інструмент отримання паролів\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "створити контекст захисту SELinux з вказаною роллю\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "прочитати пароль зі стандартного джерела вхідних даних\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "запустити командну оболонку від імені вказаного користувача\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "у списку показати права доступу вказаного користувача\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "виконати команду (або редагувати файл) від імені вказаного користувача\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "показати дані щодо версії і завершити роботу\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "оновити штамп часу користувача без виконання команди\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "зупинити обробку аргументів командного рядка\n" @@ -501,257 +531,262 @@ msgstr "не вдалося визначити режим примушення." msgid "unable to setup tty context for %s" msgstr "не вдалося налаштувати контекст tty для %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "не вдалося встановити контекст виконання у значення %s" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "не вдалося встановити контекст ключа створення у значення %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "потребує принаймні одного аргументу" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "не вдалося виконати %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "перевищено обмеження керування ресурсами" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "користувач «%s» не є учасником проекту «%s»" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "викликане завдання є завершальним" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "не вдалося приєднатися до проекту «%s»" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "для проекту «%s» не існує сховища ресурсів, яке приймає типові прив’язки" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "у проекті «%s» не існує вказаного сховища ресурсів" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "не вдалося виконати прив’язку до типового сховища ресурсів проекту «%s»" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "помилка під час виконання setproject для проекту «%s»" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "попередження, помилка призначення керування ресурсами проекту «%s»" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Версія sudo %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Параметри налаштування: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "критична помилка, не вдалося завантажити додатки" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "не вдалося ініціалізувати додаток правил" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "помилка під час спроби ініціалізації додатка введення/виведення даних %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "неочікуваний режим sudo 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "не вдалося отримати вектор групи" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "невідомий uid %u: хто ви такий?" -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s має належати користувачеві з uid %d, крім того, має бути встановлено біт setuid" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "поточним uid не є %d. Можливо %s зберігається у файловій системі зі встановленим параметром «nosuid» або у файловій системі NFS без прав доступу root?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "поточним uid не є %d, sudo встановлено з ідентифікатором користувача root?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "перевищено обмеження керування ресурсами" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "користувач «%s» не є учасником проекту «%s»" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "викликане завдання є завершальним" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "не вдалося приєднатися до проекту «%s»" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "для проекту «%s» не існує сховища ресурсів, яке приймає типові прив’язки" - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "у проекті «%s» не існує вказаного сховища ресурсів" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "не вдалося виконати прив’язку до типового сховища ресурсів проекту «%s»" - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "помилка під час виконання setproject для проекту «%s»" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "попередження, помилка призначення керування ресурсами проекту «%s»" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "невідомий клас входу %s" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "не вдалося встановити контекст користувача" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "не вдалося встановити ідентифікатори додаткових груп" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "не вдалося встановити ефективний ідентифікатор групи для ідентифікатора групи запуску %u" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "не вдалося встановити ідентифікатор групи для ідентифікатора групи запуску %u" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "не вдалося встановити пріоритет процесу" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "не вдалося змінити root на %s" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "не вдалося змінити uid користувача, від імені якого відбувається виконання (%u, %u)" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "не вдалося змінити каталог на %s" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "неочікувана умова переривання дочірнього процесу: %d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "до додатка правил %s не включено метод «check_policy»" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "у додатку правил %s не передбачено підтримки побудови списку прав доступу" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "у додатку правил %s не передбачено підтримки параметра -v" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "у додатку правил %s не передбачено підтримки параметрів -k/-K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "не вдалося змінити значення uid на значення root (%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "помилка додатка: не вистачає списку файлів для sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: не є звичайним файлом" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: короткий запис" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s залишено без змін" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s не змінено" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "не вдалося виконати запис до %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "дані сеансу редагування залишилися у %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "не вдалося виконати читання з файла тимчасових даних" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "не виявлено tty і не вказано програми askpass" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "не вказано програми askpass, спробуйте встановити значення змінної SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "не вдалося встановити gid у значення %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "не вдалося встановити uid у значення %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "не вдалося виконати %s" @@ -771,6 +806,12 @@ msgstr "не вдалося виконати dup2 для stdin" msgid "unable to restore stdin" msgstr "не вдалося відновити stdin" +#~ msgid "unable to allocate memory" +#~ msgstr "не вдалося отримати потрібний об’єм пам’яті" + +#~ msgid ": " +#~ msgstr ": " + #~ msgid "internal error, emalloc2() overflow" #~ msgstr "внутрішня помилка, переповнення emalloc2()" diff --git a/src/po/vi.mo b/src/po/vi.mo index 9195aa4e43090ae7a611833bc00092e93dd26d20..8e899a0aa2376c1a21a5a87a9875252d30c585ca 100644 GIT binary patch delta 5464 zcmbW33vg7`8OP6tr$Jr;f`kAULI{Cu9!LVDfC&LCqViB4J`gvXHG4_2yX*sbSb`|x zqf~H9!6U<=zI2;N0!z^PO&AW8UnD{%q7#8$4raPPjyTWO(8=M7u zz;pf9xHPAs0`J140?LCE;cPgV{mq?p#xt=44u!vix$tjL zC(YuRYhV?e0AGTI@E_2Eqd3+;csbPirEmyb3-e$Tlp;qQo^be2n8W@iqn|M)unZ~? zKO6&_;Z*o491OdmvrdrX@Ny_A>l|)|3VgrA_uweTt^rA@&1g7`aTOc^y|7Wz-$kbi z9)?BGg}!592`qq19Nr71zyUZOegQ9qBRRg-ErzA=Zm9JyI^$2F4royz+IT)xN@ACw zza-nngrxeF^TP?K6H7NY$cB3F3aIyNNd1{D&hL*wIer~ZfTy6|8%>2t$+>VGTm$pr zvrvKlJ`4RNaW8gb&RhjKl<`9gHbVZ)4jz*71*phBfQV(faAknyqd7=NCwmXd(PvO6$;7*IR{%A?2$EK_4k|_4 zp&UO474UJWgM0~9v}ydPoEJg)sfJQ`6I6ivV7~7EF*=i(_y$U{auTV9%N#btGRAL0 z{!BOSTyYwzK;`g8yz0YK2Y&?jLk0RJ)Jc0#iMpnvp#08;#c(aWg#FDPI;dt|g)`wN zP!Sh#?0N8dC`F!z-QmlyD|`)hgGZshjPF8K_eW5H^2s)28zPB4an?*9__4txOmU_H85!J|;uHj~FxI2}%acR)lj zt*`=~bfdo}a`>J~`YWKut6>S;31`A%@LHI~OVeNwE`rZPDVL6(_%vgn0$&V?)vR~M z&p6|^opBn@r|^403Ho12XBiVeh6kV)>XgB8dk zf7{`7_%YP)1*LpbU;t|Tw!=Zvzk-PyAU;eJRCT@y704H`9A=@PxB#NA*$ln#FjR33 zpP2G96Y4{=5h{QkP)dFXrQpCxsp6}LD%QqkI&W!r_BP9*YGSuD{|BhR)45VvuoQAwGuIj41qU+TnHo2mLv#i+aU7}!PC=c>B0&q` z45*EopsM*eoC8lg^E0V1Ia~`7%RC6R{>7UqLC->$22*9#lYALe-yHPe&)*3x~mX zAve%`4Kv}0iqr>Y64d=)2z47)Lk?@6aCj0bz@a3VIx`he0WF78EzNG4!uwcY=Bz0A99t=Um&8G0pvp`nGaR0b&$iEeNgZH70ORGi6@(8D$Ic^p#_^D zf95a`6?57Q@{bum4@vSYRI&UCUJWxTh}qBwweUG-d>UTQcp8OL4V$4-q^Mj#KJLQ$ zW81N2OwGbnf z^qe^^OS0)3pytJvV2$_kxB?@E$$PvJcC_VmvayS?J22&3Z6}t8jlh)uj;5-w!z!_n z&Sa)T6|ky*0k#3V9hPp|^)8cZL#o3KvURT#BOL;sp&C-qO`YWg`?2-Dpjg!RQHV7i)WWht1I4)2FQ z$8N)Now*xehSSf2_c{Fs91e%&>MN=p*eXmdf<1!yF{!LuwFwpRGU5j#jYHP&d~%8<_+_0=%Q zw{8i>0yRlLiBlP!T*Ise&q}K{9E^n`$)kR6i^QM%mAT?y_sY2_f)o1|+gFpY2K01s zPRov14R$0VNuqwAb+gy+^VTg*g`F2)J0LUR&fL=}ae7ddtFO(bkyQ=V!Fp$xME>AU zI}dcu7+n=gCZHp@csJ|Pv4Kb|6e3*&o{Z0m1Y=<@`;d_DM>)~TO6xSCx+K0}#EjBQ z-NobG#pA4!;_~su^oxtr=gx7@_pPuciF-PkE4RiKm!#e+wTdT}k1LM9G2-*8D?NeQ zn5Wj~zSieya4+&zM<|qXYqCEY4V4!aMZ=yzq#n70flxTO3{eY%;o71oFBh$_3;ofC z`l<03a^}WojO^WM!L>6Ji$<Qia$R$L zeg25EgQxN*clKCePyBTL7Z>wNAQ*|+HG1u{G4EB?x3_Myt!Oxi{;Il~w&&HWDRAcM z*dyBBvdgwY{`Qt916Fl=>sBigTYj-h;kE9uyf_H> zE$^>)o78LZuL{O=b-LN^g;zCON4A{5!%FR-n-LAS9iodn+;?pGUjjC4opKZZW6977 zgn8fpxwi3#cB%8X?IWD%D|=trDf-)<@%pVud+Qdd=_Dku+nWe`gsr!Ql zsHe*lZF{S+k&lbzNlJxcO3AuDPJ(#>=a z$%?e?S$Y^j=4{wC!RtVR>=3EuLA_ezws5U9@Vc+Y!bcWnlrjv>ZMs z>ielBX%nb@Wp6T;8s#?K$k{!dP_w(dDA=|;l-xm+B$99%P$p`T+98SOitpEVS(QkN zQN87*SUk66bU&$a?&m`_K73qNMorreJcN~&T5CnyZm&DBV%*zlXCt3idfnNdDuqy)}-?s-E~KrP+he-{HJ_9^YBfze}<{;`=I2<)F6`><<>EoAa}D zrqtqAUjO)SD+iwmDE?XH^s|G~X}2ZivytMAd`ZP#oHl~`QE0k1%76U*X_*(kocx5P HRW8RiKMAHnG*tBCXVRs@B#)TTJ^0ozbdwRIH<&et)|+E#BeT&pBuB zp8K5VoEzJh9`HPVuP6T3+^ju@>i|(ie4b^@+xW&Md~l5%VoWxU!eT7N@z{))V-!c= z795FtaTFfKvG}_C{Xa36e#TJdz&yOdn7C=6QOCfIcp2`*!T1Oc!b4b#M=&4HVg-JQ zIatbv60bofG|MmpL#X?sxCpo5F#H4ZQ`3*dJl}juLz(9C?R2ceLX2V!-iM>{RV>4^ zs0v)f@;6~6PQz!>;@_|UGg+>FSBO_)1D4|oRE0K6o^STM11C_4{2rCSXKsJ!@bvf; zROyzxZbBt=(Df9m0w3WRyqJ9{!E#iE7vntKf>+^d7@tJr3mTKLI4`}DC0Ij$8&1VO z)DJ#E-9Lu9)?y1*;}+C|5~wrsC)CQnLan%fa%g-uYGGc~7T#Gv{dMDW4Cuzw$T=~e zxi{!UY2r$phRaa*ZO4gt9H-#>I0190s}ifnSr|oCm~G8NZPD6Wh2DLYzqcXkJrdKc?wa4|SABIpR-G@BO{1UbIf591eG1;p^ zO{m|+T%X1|`e#sEc{$maWyHylhW6}c-Yxy1Scg~R2~=XAqE?p8vT2$!)WnOi3hzYi z{R>F$=GWMa=THe(lI=2FiK@VJs6TMO!a+RWoTkx&Z=zOmB}ZKS1*pUvY{EmRQl7&M z97c!5nBnNhTGRvfqY^)cTJdSrYwTh2Yq1u|&1}W^5*kNn=rDYRT3IP+>;1n8-@%<2 zz*cV3d;1%lgcJc&B(gV^vOmS7Zjq7wcFuftaMN%#K@SK{Y*4KAss{wnPO z($WndxR&q~_5Ik0PoYY94t3}X=_t_#Y`}o)L1eM!J@nyV%BV9F!baSUIxBCXp8H{( zhAL21Ys^wyjU;D|q7LB)xDboj$hjE6+4v0VZ}~q^m6^;w=t0X-71@NEcOUZ4yv7H) zn{VCms_E$k#8=bM>E4b!%lyRcpTPq9U%34t_34SnqaM_R%Q1+0z^hn{U!h8V1!d9r zI@COekX%hK>i7Rb5{;XDmN}AvDX1@6P>FP)R`3*Rg?~gHn*Sg#fEmrpo{!C_!?p_b zUf+&7%#S0tn$xa>W~LLIi>k06>-69MJv6kJZ=fD{9yL)JN1Wf9MW~f+L(Y?V2DOrR zkvGfaupbo3Oh+x`R@9d5KyEQ_qwdRXOwV&QYW`Jd<21I=_yHcm`Iy1UQw0{Hes~u) zB|Df*z*^PQTbS)to_55u#vWbCf2Mzr( z8B1L24vxYWx9!It6YGfW?wHV?Uw%PfXDRCTLl=y1q|HlbGKgtfze=g{XA!!1byL?a zJ_E!C;tIkN7hZSKIY6|#gGH$A({)jr)aM>PbzpVfPdq|grj9PvUwa%OZgBgM`d>k# z@iyXaVh*v0SWf7WeV-Uc>?L&FnI?4*!){xLSJ!OfI^sS;2mNNEgy0bgdySAuc6uAvO`Kwf+$_2CnPf z#$4CMuGioM;&wuBz)E5%p-Zo7xUD1Liv|32oLh2=oK^W_r-!0mf530bx*BX(d$coVH+BYNfmFXc;?;Dqs9hV3 z_-$8DxHTHGWnHN+o#Vy%nWn)ew&vWCk*LhQ#B+G?2v6dwyh=}ENB(7=#2W=iGY5qO z;b>=1qOI^IPvUIRnJnl1;_^gQ$;gb%y4D(}rF8y~DHT=IE2^t(_0)!{>CR)Nh3-g= zMyA#{ua$o6oG-iXs%yNFwr+1*pusK=24WF!IM5ZyUQw|$8t?~W74xFqkyvLBUoM(| zgIzM`T4%<%QJLMbwTTtu?#gKKwI`pCwA-%a6TWu4zCC#&(q?0)j-7f!@*Sfa`uh$9 zZAW`B`E10t_V*r6mnc3x;WMyY(d#Hr(I$NX$BoHKXGv zcb_`e-*?z&W6Th=Ax*{uP6SgmYikeMNLzpJ(MYO0kO&iPwXx(+!`#~6`(%#|rIJ|R z-}_2TX)>Ym>^yZ0#;3Pof_3-7ouoa;B;8I+Q$cD|Mo$QNvP#OjN}LBLmZTdmPn_X6 z6LOtzCVn!wJQD5d4*JWT^ON37LK@bTkbv13WIDx%p2~ozW%bm zoyXv*Jv0Abe7>GMup`uASCB%eX32v=hNG!{h_tB&j|Hti`SVCycH-NqyFAVpwWYa{ zwv$^Us%YPHUb`WA#Ag$e>i(ROeol7%%5-CW{p~~6RLm*oj)Qhh#r5UR*Yz{9)>O{6J#d z)o*#6@iUVioA_vEXI5sXccatanCEPq``c6=iN*6WJkGYJX->xc;m-Zlqn-NsZ{}BK xo9`~qrglw-Y)*4wdIA3CrgY<2^Bt@tIIt2HFlRxDQ?MZK!qKjB=g|d^{ud9-&oux5 diff --git a/src/po/vi.po b/src/po/vi.po index 8cc972f..1dc0d89 100644 --- a/src/po/vi.po +++ b/src/po/vi.po @@ -1,25 +1,23 @@ # Vietnamese translation for sudo. -# Copyright © 2012 Free Software Foundation, Inc. -# This file is distributed under the same license as the sudo package. -# Trần Ngọc Quân , 2012. +# This file is put in the public domain. +# Trần Ngọc Quân , 2012-2013. # msgid "" msgstr "" -"Project-Id-Version: sudo-1.8.6b4\n" +"Project-Id-Version: sudo-1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-14 13:34+0700\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-05 08:20+0700\n" "Last-Translator: Trần Ngọc Quân \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"Language-Team-Website: \n" "Plural-Forms: nplurals=2; plural=1;\n" "X-Generator: LocFactoryEditor 1.8\n" -"X-Poedit-Language: Vietnamese\n" -"X-Poedit-Country: VIET NAM\n" -"X-Poedit-SourceCharset: utf-8\n" +"X-Poedit-SourceCharset: UTF-8\n" #: common/aix.c:150 #, c-format @@ -29,7 +27,7 @@ msgstr "không thể mở userdb" #: common/aix.c:153 #, c-format msgid "unable to switch to registry \"%s\" for %s" -msgstr "không thể chuyển đến sổ đăng ký \"%s\" cho %s" +msgstr "không thể chuyển đến sổ đăng ký “%s” cho %s" #: common/aix.c:170 #, c-format @@ -40,14 +38,6 @@ msgstr "không thể phục hồi sổ đăng ký" msgid "internal error, tried to emalloc(0)" msgstr "lỗi nội bộ, dùng thử erealloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "không thể cấp phát vùng nhớ" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "lỗi nội bộ, dùng thử erealloc2(0)" @@ -73,76 +63,86 @@ msgstr "lỗi nội bộ, dùng thử erealloc3(0)" msgid "internal error, tried to erecalloc(0)" msgstr "lỗi nội bộ, đã dùng erecalloc(0)" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s: %s: %s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s: %s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "nguồn nhóm không được hỗ trợ “%s” trong %s, dòng %d" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "nhóm tối đa không hợp lệ “%s” trong %s, dòng %d" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "không thể lấy trạng thái về %s" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s không phải tập tin thường" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s được sở hữu bởi uid %u, nên là %u" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s ai ghi cũng được" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s là nhóm có thể ghi" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "không mở được %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "Không hiểu tín hiệu" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ": " - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "phần bổ xung chính sách gặp lỗi khi khởi tạo phiên" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "không thể tạo tiến trình con" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "không thể tạo sockets" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "không tạo được đường ống pipe" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "lựa chọn gặp lỗi" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "không thể phục hồi nhãn cho tty" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "không thể xóa bỏ PRIV_PROC_EXEC từ PRIV_LIMIT" @@ -152,148 +152,176 @@ msgstr "không thể xóa bỏ PRIV_PROC_EXEC từ PRIV_LIMIT" msgid "unable to allocate pty" msgstr "không thể phân bổ pty" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "không tạo được đường ống pipe" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" -msgstr "không thể đặt thiết bị cuối sang chế độ raw" +msgstr "không thể đặt thiết bị cuối sang chế độ thô" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "không thể đặt điều khiển cho tty" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "lỗi khi đọc từ đường ống dẫn tín hiệu" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "gặp lỗi khi đọc từ một đường ống dẫn lệnh" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "gặp lỗi khi đọc từ socketpair" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "kiểu trả về không như mong đợi từ backchannel: %d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "lỗi trong %s, dòng %d, trong khi tải phần bổ sung “%s”" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s phải được sở hữu bởi uid %d" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s phải là những thứ chỉ có thể ghi bởi chủ sở hữu" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "không thể dlopen %s: %s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "không tìm thấy ký hiệu “%s” trong %s" + +#: src/load_plugins.c:201 +#, c-format +msgid "unknown policy type %d found in %s" +msgstr "không hiểu kiểu chính sách %d tìm thấy trong %s" + +#: src/load_plugins.c:207 +#, c-format +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "không tương thích số hiệu phiên bản lớn %d (cần %d) tìm thấy trong %s" + +#: src/load_plugins.c:216 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s: không thể tìm thấy liên kết tượng trưng (symbol) %s" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "lờ đi phần bổ xung chính sách “%s” trong %s, dòng %d" -#: src/load_plugins.c:112 +#: src/load_plugins.c:218 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s: không hiểu kiểu chính sách %d" +msgid "only a single policy plugin may be specified" +msgstr "chỉ được phép chỉ định một phần bổ xung chính sách" -#: src/load_plugins.c:116 +#: src/load_plugins.c:221 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s: chính sách không tương thích với phiên bản %d, mong chờ %d" +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "lờ đi phần bổ xung chính sách bị trùng lặp “%s” trong %s, dòng %d" -#: src/load_plugins.c:123 +#: src/load_plugins.c:236 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s: chỉ có một phần bổ xung chính sách được tải lên thôi" +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "lờ đi phần bổ xung I/O trùng lặp “%s” trong %s, dòng %d" -#: src/load_plugins.c:200 +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "phần bổ xung chính sách %s không bao gồm phương thức kiểm tra chính sách" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" -msgstr "load_interfaces: bị tràn" +msgstr "load_interfaces: đã có chỗ bị tràn" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "không mở được socket" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "đối số cho -C phải là một số lớn hơn hoặc bằng 3" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "không hiểu người dùng: %s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" -msgstr "bạn không thể chỉ định cả hai tùy chọn `-i' và `-s'" +msgstr "bạn không thể chỉ định đồng thời cả hai tùy chọn “-i” và “-s”" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" -msgstr "bạn không thể chỉ định cả hai tùy chọn `-i' và `-E'" +msgstr "bạn không thể chỉ định cả hai tùy chọn “-i” và “-E”" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" -msgstr "tùy chọn `-E' không hợp lệ trong chế độ chỉnh sửa" +msgstr "tùy chọn “-E” không hợp lệ trong chế độ chỉnh sửa" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "bạn có lẽ không được chỉ định biến môi trường trong chế độ soạn thảo" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" -msgstr "tùy chọn `-U' chỉ sử dụng cùng với tùy chọn `-l'" +msgstr "tùy chọn “-U” chỉ sử dụng cùng với tùy chọn “-l”" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" -msgstr "tùy chọn `-A' và `-S' không thể dùng cùng một lúc với nhau" +msgstr "tùy chọn “-A” và “-S” không thể dùng cùng một lúc với nhau" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "sudoedit không được hỗ trợ trên nền tảng này" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Chỉ có một trong số các tùy chọn -e, -h, -i, -K, -l, -s, -v hay -V được chỉ định" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -302,7 +330,7 @@ msgstr "" "%s - sửa chữa các tập tin trên danh nghĩa người dùng khác\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -311,7 +339,7 @@ msgstr "" "%s - thực hiện câu lệnh với người dùng khác\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -320,103 +348,103 @@ msgstr "" "\n" "Tùy chọn:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "sử dụng chương trình trợ giúp cho hỏi đáp mật khẩu\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "sử dụng kiểu xác thực BSD được chỉ ra\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "chạy lệnh ở chế độ nền\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "đóng tất cả các mô tả của tập tin >= fd\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "chạy lệnh với một lớp đăng nhập được chỉ ra\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "ngăn ngừa môi trường người dùng khi thi hành lệnh\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "chỉnh sửa các tập tin thay vì chạy lệnh\n" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "thực hiện câu lệnh như là nhóm được chỉ định\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "đặt biến HOME cho thư mục home của người dùng đích.\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "hiển thị trợ giúp này rồi thoát\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "chạy shell đăng nhập như là người dùng đích\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "gỡ bỏ timestamp tập tin\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" -msgstr "làm mất hiệu lực timestamp của tập tin\n" +msgstr "làm mất hiệu lực dấu vết thời gian (timestamp) của tập tin\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" -msgstr "danh sách các câu lệnh người dùng có thể sử dụng\n" +msgstr "Danh sách các biến câu lệnh người dùng có thể sử dụng\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" -msgstr "chế độ không tương tác, không hỏi tên tài khoản người dùng\n" +msgstr "chế độ không-tương-tác, sẽ không hỏi tên người dùng\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" -msgstr "ngăn ngừa véc tơ nhóm thay vì các cài đặt cho đích\n" +msgstr "dành riêng véc-tơ nhóm thay vì các cài đặt cho đích\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" -msgstr "sử dụng nhắc nhập mật khẩu.\n" +msgstr "sử dụng nhắc nhập mật khẩu đã cho.\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" -msgstr "tạo ngữ cảnh an ninh SELinux với vai trò đã được chỉ định\n" +msgstr "tạo ngữ cảnh an ninh SELinux với vai trò đã đưa ra\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "đọc mật khẩu từ đầu vào tiêu chuẩn\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "chạy shell như là người dùng đích\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "khi liệt kê, liệt kê các đặc quyền của người dùng\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "chạy lệnh (hay sửa chữa tập tin) trên tư cách của người dùng đã chỉ định\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "hiển thị thông tin phiên bản rồi thoát\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" -msgstr "cập nhật dấu thời gian (timestamp) của người dùng mà không chạy một lệnh\n" +msgstr "cập nhật dấu vết thời gian (timestamp) của người dùng mà không chạy một lệnh\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "dừng việc xử lý đối số dòng lệnh\n" @@ -478,12 +506,12 @@ msgstr "không thể lấy kiểu mặc định cho vai trò %s" #: src/selinux.c:276 #, c-format msgid "failed to set new role %s" -msgstr "lỗi khi đặt đặt vai trò mới %s" +msgstr "gặp lỗi khi đặt đặt vai trò mới %s" #: src/selinux.c:280 #, c-format msgid "failed to set new type %s" -msgstr "lỗi khi đặt kiểu mới %s" +msgstr "gặp lỗi khi đặt kiểu mới %s" #: src/selinux.c:289 #, c-format @@ -493,7 +521,7 @@ msgstr "%s không phải là một ngữ cảnh hợp lệ" #: src/selinux.c:324 #, c-format msgid "failed to get old_context" -msgstr "lỗi lấy ngữ cảnh cũ" +msgstr "gặp lỗi khi lấy ngữ cảnh cũ" #: src/selinux.c:330 #, c-format @@ -505,257 +533,262 @@ msgstr "không thể xác định rõ chế độ ép buộc." msgid "unable to setup tty context for %s" msgstr "không thể cài đặt ngữ cảnh tty mới cho %s" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "không thể đặt ngữ cảnh bảo thực thi thành %s" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "không thể đặt ngữ cảnh tạo khóa thành %s" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "cần thiết ít nhất một đối số" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "không thể thực thi %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "giới hạn điều khiển tài nguyên đã tới hạn" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "người dùng “%s” không phải là thành viên của dự án “%s”" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "tác vụ được gọi là cuối cùng" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "không thể gia nhập dự án “%s”" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "không kho tài nguyên chung nào được thừa nhận ràng buộc đã tồn tại sẵn cho dự án “%s”" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "nguồn tài nguyên chung được chỉ ra chưa tồn tại cho dự án “%s”" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "không thể buộc phần tài nguyên chung mặc định cho dự án “%s”" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "đặt dự án cho dự án “%s” gặp lỗi" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "cảnh báo, nguồn điều khiển gán gặp lỗi cho dự án “%s”" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Phiên bản sudo %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "Các tùy chọn cấu hình: %s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "lỗi nghiêm trọng, không thể tải plugins" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "không thể khởi tạo phần bổ xung chính sách" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "Gặp lỗi khi nạp phần bổ sung I/O %s" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "không mong đợi chế độ sudo 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" -msgstr "không thể lấy véc tơ nhóm" +msgstr "không thể lấy véc-tơ nhóm" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "không hiểu uid %u: bạn là ai?" -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s phải được sở hữu bởi uid %d và bít setuid phải được đặt" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" -msgstr "uid hữu hiệu thì không là %d, %s trên hệ thống tập tin với tuỳ chọn 'nosuid' được đặt, hay một hệ thống tập tin NFS không có đặc quyền của root có phải vậy không?" +msgstr "uid hữu hiệu thì không là %d, %s trên hệ thống tập tin với tuỳ chọn “nosuid” được đặt, hay một hệ thống tập tin NFS không có đặc quyền của root có phải vậy không?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "uid hữu hiệu thì không là %d, chương trình sudo có được cài với setuid root không?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "giới hạn điều khiển tài nguyên đã tới hạn" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "người dùng \"%s\" không phải là thành viên của dự án \"%s\"" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "tác vụ được gọi đã kết thúc" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "không thể gia nhập dự án \"%s\"" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "không kho tài nguyên chung nào được thừa nhận ràng buộc đã tồn tại sẵn cho dự án \"%s\"" - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "nguồn tài nguyên chung được chỉ ra chưa tồn tại cho dự án \"%s\"" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "không thể buộc phần tài nguyên chung mặc định cho dự án \"%s\"" - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "đặt dự án cho dự án \"%s\" gặp lỗi" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "cảnh báo, nguồn điều khiển gán gặp lỗi cho dự án \"%s\"" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "không rõ lớp đăng nhập %s" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "không thể đặt ngữ cảnh người dùng" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "không thể đặt nhóm phụ IDs" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "không thể đặt hiệu ứng gid chạy như là gid %u" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "không thể thay đổi gid thành runas gid %u" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "không thể đặt ưu tiên cho quá trình" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "không thể chuyển đổi thư mục gốc thành %s" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "không thể thay đổi thành runas uid (%u, %u)" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "không thể thay đổi thư mục thành %s" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "biểu thức điều kiện con kết thúc không như mong đợi: %d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "phần bổ xung chính sách %s bị thiếu phương thức kiểm tra chính sách “check_policy”" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "phần bổ xung chính sách %s không hỗ trợ liệt kê đặc quyền" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "phần bổ xung chính sách %s không hỗ trợ tùy chọn -v" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "phần bổ xung chính sách %s không hỗ trợ tùy chọn -k/-K" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "không thể thay đổi uid thành root (%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "lỗi phần bổ xung: thiếu danh sách tập tin cho sudoedit" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s: không phải là tập tin thường" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s: ghi ngắn" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s còn lại chưa thay đổi" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s không thay đổi" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "không thể ghi vào %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "nội dung của phiên chỉnh sửa chỉ còn %s" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "Không đọc tập tin tạm thời" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "không có tty hiện diện và không có chương trình hỏi mật khẩu nào được chỉ ra" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "không có chương trình hỏi mật khẩu nào được chỉ ra, hãy thử cài đặt SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "không thể đặt gid thành %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "không thể đặt uid thành %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "không thể chạy %s" @@ -775,6 +808,12 @@ msgstr "không thể dup2 stdin" msgid "unable to restore stdin" msgstr "không thể phục hồi stdin" +#~ msgid "unable to allocate memory" +#~ msgstr "không thể cấp phát vùng nhớ" + +#~ msgid ": " +#~ msgstr ": " + #~ msgid "internal error, emalloc2() overflow" #~ msgstr "lỗi nội bộ, erealloc2() bị tràn" diff --git a/src/po/zh_CN.mo b/src/po/zh_CN.mo index e4078c232d9bc4561b33afd68e420bb42fbe5b45..588d7af983db751499308a7039ed606bbef9c76a 100644 GIT binary patch delta 4755 zcma*p3vg7`9mnyL07jxDBuIFQm&cL>5=qDlQmPcN2#N^RYC#GiyO4#DU9t&^B8w$~ zfP{x30x=O}1d$@(tYQeSspE`wI#pZoF*=2*W;dX;VC$p9*xK)J_b_JAc07~+e$IWJ z$N!vr;dj12EeoDW?b>K4yNQ8BRySkL;nvdW_EW%TG zGk%Q@4rf|@a5C!oxp*V4#B^*%W#l#M8SB4rDE*t%UdH5NA!;CHI09Sn7W_R9zy$KF z84R^fMx}DGbu(($Uy zQ5kpz^YJ3);V`DJ=kCV>tV2D2(jI?`nxMl5QO7e;OH$pJ{3~VKIH6P>u@}yuW~{tr z!$8!1Q&IPMk^N`3*y}q{4gV2~@Dl3240f0@c{h&6M=%o)q6YdwfAX&sC(#?{%rs$~vH**-Z#;>9Vb`CX=uB1oyM^2d>)RNqV4z5JCyAw6QHq`UM zKT~0&o4=z*{4FvTa|1g?4dtTNaymNr2&#c*R3=_Ry(RCV?*A5P!rbV@209Kkf%&NC zYEc7eLCyzFD;3S`BUD3wL(L?O*0pw7sPp$B%W77kmZ%BU@QbJcpGHmObJV7d=c3kp z6sn#1s0`Pm2KW+Y>ivI*$~aE^8S8U>Y(;vq0zR-_%h_#;5ItgUFwGo1dTJ*QhUJ0b9B|PQV1b z6R*X4P;bK=REig)GP)WykVc%0`%wK{Lbaz+2h~vzD%w=}sF}|~tx-K{M*C1He&6~9 zvdkuhcWEu=;#53}Mc9>mE5+kb8JLZl`BK!TTaP5$>>WY=b>R(8Xl*~XeuGL;8aq!* zGX|B3YE%ayyahi)JwJj4cW|QBje5S;`W&jmH>?*hhvVdI@~@7^^OezzW}zN@7}ZfT zPQufu2l|l?WojyFhJI9rHu1wP<|OL+1yp8J*-+|uEb93OQ0>>FzMzMKRP;bQD#eN1 zCDT!SzV3!QY}jy>Fu4hIl>}YNsFez*~_&GmRfs#RRbcpGUQS7NhU~H&n=? z>C3`v#FLOyW-*S%7F37tqt@~=>cO7$F0+u;GPk1!5WrO2fx7b_U)@fl3v_zO(d z`+p62(2Z%R2C`5$%tWod+n#?0b>Hi#f&B&5aG!$MZq7puWISq5EXLkggT1iHo9NRR-s0aM0P1tPx11go5kxzoj z_zC}aKy|W)xPfRQS_l<~VA)Lrp)x`1-;+uoqDE&Z-G~RHwb*~V)Nmc4j9g1>BUCD4 zME~P*AN5=9ak+Io&Lf(MD<#oZ^zB$lOxOCWu$Rn6Vv7zs6}?I`?eSeW*VY%}5?fz} z^+Z>D{D5^QYB{bUW)LOBDk6#4K&T8?|J#XQ5}S!?;%4IK1j}bUgm$&c0^-SNE%tK< z+-Z*!I-Rey^`|?X)7Mkwo*1SS=Mcg5{7fY#6Qc=z&##oFRJ0$iCsq@)2$g4ubV9p( zK5?b+Ei#LVpAp0C$u#RY)Lyxls3jgFCTab5Q&EX0w8^IEfN~?Th}c2gPuxcQis)Rt z9CRo2TB-Pmbp-o2`cLztm__`8xSRMj(S?{s+)k)}qSEr(hAG zcU`40hIz=k3AYj}2$wxK8}%(w=}$Z!tr_!#bubpIu2JnGmJ=!g;whqx;JXxk-+zOH zh+c$BW(-qhy@K{qW2kqJ?QzMjK%#L4ik(;_Hk?TscwL~(S6SseSm~|ugesC(#1H3c zmQ(Jn@Hj5F^I(~`+~bt{O5EOxg^s_xdZD+%ndb_mhyI$98W&tx;j7dIceTIVTUt`( zai)x#-uX6%+dH*qyx)Jq@8i+sKkA{YZ=D`U|6T_brM@Npk}B_f#%;&Dq-2q=(pl!I z40wGE$L(Zz9`buit2}NFGMxp!>I!$XozSJ!E^#+GOG+Mc7FPPI{ekFIuj(T7S+Byl zhRaDqy9a2*yTI#lhn(I$;+Uu74LD1@fq+s{RpxQ#m6mx*7tf6iJH26L@3c^M+MzC? zulh}lOYzcaVEK~yzH-}3D09H4UHjNMRxS5O7vRd^8WNnmkrjbzzn|q|;L-6p0bg}x zDgCe@SC4Xx(?7mT(fr(odxzXske8j4pPe(>$;~Ow&!L`^lX&;^?3tcrUZo^^5-V5i zjLyl8-B;w~j4jU33%xaDYkW#<&s;p-+I~vwz{3m$oL`UPE_7nB(Z5wsj-j^4&&8O|NL~ z?u>BT*7nx6==3v9cunp3)%%$LxkHC8Hf+iKAm@kX9cf+_e)hSJV>OY+!%Apu%8_lm zB8_#SvJts)gTkBkpIdz*vSDrbU{ibRs`l3XoyXg-edL=tJlJ^`YDJzr8VNNr_>SXk z;lo=xKfxXjd9ohv68gue;c>3$x@kSQH?r=eW?6T*ZH}1du0$J$* delta 3805 zcmYk;dr*|u8OQOnK=8&T5V=?|z6gY!#XgpLZX;_H~xDUr;560uqumVqDIu2nGUc+R} zwS11w&Sh%2jo`s7tG=L<{wlv(o}vs7b`IfeOQir@pgO@^Kl53 zfm@jVRxHLU>_Z3tiWwNobah`APDKwE;2Knhc1WIYdTqmNsDb97}O0>Oo=D9=U{?`M*&!&LACXpO2bY4QdIuWsrYe_zN0z;oHbQF=O@u z?I?9zj8(V-b=_{9iKnp)-^Ur4OkOoGH+}{HL=kk750mn z$QIUGW+P2z0crr%)&Ob~?LjTYOX%RAQ5|1L4Qw(O>Hb1wpPHqpfv!a^F-^#i*~>vo z89YJ7p>h$`!8KF{l2{k*@)D%UtVMpzCJq{C7itCrsQZRc1Np+Xr?LYzu?kc_OHdPP zMlD@?v^{7}Q_o`DN5nrZD>Lt{@|%GKq%QXw^vH#A5s#@&=kr-Z_nYmh~RgTCYa>GR?OAASQGE zl5Out4fHb3Ll#^^m}^~(>aZR) zz+I>gk6{&_$3^&GEWrhAan0P1nrIK|!}D9)er*={SBkRv{OLgpQ5~*FeE~aA9Sou} z^s!aFXvR~mZqx%-qWWn?eL0V#HuZa`e#S5nGr3sbfjg9cCTrGU1wM;l5 zf1(CDm94EC7oi(Bq8|7vYA;+sEzK3w{a;!$Ne4+W<*0!?hPpo3MnyMtqi#59&)-IE zzK<{&$838HPgi>;>UEom>hK9vKl@PwJBI4-15Ci{r~$;Y1GV<0$n`<9j0%6S%;WYK z0VGRiKWeSdqB_2asrV_XgRf8n%OKBcFF>_>tPdfRHw~!0as<`i04n2`aJv5fYoWEP zb5SE+fa<6kwHG#_mZZnF{}R>V?=cClqL%0@)PQDIL|MCe1b zgV;&b6MBB+Ph|-GM1WwaBjpfB579xaBNh@*5t`+L#0o-1gBnjL-ED+EPMXMFgvy#I z<^b{nMalyl@7D9%sZ5MCMGt#GY0D+P8EuNJ+j3j4!~MhtVz+G*%23Kp=X`aI&z?8j z)V_&2D;4=4u}bsT2jej!j!hSWjiO&6HnSkE!DlYev4HcCis9x z$`3jA5PBmbMfulSH4)z-BI|*Pgf``7;#uMz;yz*(p-uE%;#Q)IP}vqG@(*mIt?Ttv znNNI+*h}aYe3;NTV+#?iZ%$~^b%!6 zH<3f65pF_dJ+U}a(}69!3zib;L?xl3zj~>W8ecYSCRP&T!ewJyPHG%rt z2CviXYp7qh#c8bB;A?Rn-Iq9*+x(c9>2*%E#tYqcvplzlla^nOl3xMX@}Ol)Os zd1!gwy@_Q-C3A~POPtaAEoG%nX^E$_GJHPoP)yNq|NfD-fsvE1kM_2X zzS1>%_{HJ=v!lB^t{i!Jr1Muy=jy<|kv9$v_rIa3Z78@sYoxR9lU;)&dyalGI5^zD zW4OOBdf%1KgP~wSx;x*0b)fgk?sMw7, 2011, 2012. +# Wylmer Wang , 2011, 2012, 2013. # msgid "" msgstr "" -"Project-Id-Version: sudo-1.8.6b4\n" +"Project-Id-Version: sudo-1.8.7b1\n" "Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" -"POT-Creation-Date: 2012-08-10 13:08-0400\n" -"PO-Revision-Date: 2012-08-21 10:16+0800\n" +"POT-Creation-Date: 2013-04-02 10:40-0400\n" +"PO-Revision-Date: 2013-04-07 09:43+0800\n" "Last-Translator: Wylmer Wang \n" "Language-Team: Chinese (simplified) \n" "Language: zh_CN\n" @@ -35,14 +35,6 @@ msgstr "无法恢复注册表" msgid "internal error, tried to emalloc(0)" msgstr "内部错误,试图 emalloc(0)" -#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 -#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270 -#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482 -#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759 -#, c-format -msgid "unable to allocate memory" -msgstr "无法分配内存" - #: common/alloc.c:99 msgid "internal error, tried to emalloc2(0)" msgstr "内部错误,试图 emalloc2(0)" @@ -68,76 +60,86 @@ msgstr "内部错误,试图 erealloc3(0)" msgid "internal error, tried to erecalloc(0)" msgstr "内部错误,试图 erecalloc(0)" -#: common/sudo_conf.c:305 +#: common/error.c:154 +#, c-format +msgid "%s: %s: %s\n" +msgstr "%s:%s:%s\n" + +#: common/error.c:157 common/error.c:161 +#, c-format +msgid "%s: %s\n" +msgstr "%s:%s\n" + +#: common/sudo_conf.c:172 +#, c-format +msgid "unsupported group source `%s' in %s, line %d" +msgstr "不支持 %2$s 第 %3$d 行的组来源“%1$s”" + +#: common/sudo_conf.c:186 +#, c-format +msgid "invalid max groups `%s' in %s, line %d" +msgstr "%2$s 第 %3$d 行的最大组数“%1$s”无效" + +#: common/sudo_conf.c:382 #, c-format msgid "unable to stat %s" msgstr "无法 stat %s" -#: common/sudo_conf.c:308 +#: common/sudo_conf.c:385 #, c-format msgid "%s is not a regular file" msgstr "%s 不是常规文件" -#: common/sudo_conf.c:311 +#: common/sudo_conf.c:388 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 属于用户 ID %u,应为 %u" -#: common/sudo_conf.c:315 +#: common/sudo_conf.c:392 #, c-format msgid "%s is world writable" msgstr "%s 可被任何人写" -#: common/sudo_conf.c:318 +#: common/sudo_conf.c:395 #, c-format msgid "%s is group writable" msgstr "%s 可被用户组写" -#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331 +#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328 #, c-format msgid "unable to open %s" msgstr "打不开 %s" -#: compat/strsignal.c:47 +#: compat/strsignal.c:50 msgid "Unknown signal" msgstr "未知信号" -#: src/error.c:82 src/error.c:86 -msgid ": " -msgstr ":" - -#: src/exec.c:113 src/exec_pty.c:674 +#: src/exec.c:127 src/exec_pty.c:685 #, c-format msgid "policy plugin failed session initialization" msgstr "策略插件会话初始化失败" -#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221 +#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220 #, c-format msgid "unable to fork" msgstr "无法执行 fork" -#: src/exec.c:268 +#: src/exec.c:259 #, c-format msgid "unable to create sockets" msgstr "无法创建套接字" -#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630 -#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218 -#, c-format -msgid "unable to create pipe" -msgstr "无法创建管道" - -#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240 +#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268 #, c-format msgid "select failed" msgstr "select 失败" -#: src/exec.c:467 +#: src/exec.c:449 #, c-format msgid "unable to restore tty label" msgstr "无法恢复终端标签" -#: src/exec_common.c:69 +#: src/exec_common.c:70 #, c-format msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "无法从 PRIV_LIMIT 中移除 PRIV_PROC_EXEC" @@ -147,148 +149,176 @@ msgstr "无法从 PRIV_LIMIT 中移除 PRIV_PROC_EXEC" msgid "unable to allocate pty" msgstr "无法分配伪终端" -#: src/exec_pty.c:665 +#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986 +#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217 +#, c-format +msgid "unable to create pipe" +msgstr "无法创建管道" + +#: src/exec_pty.c:676 #, c-format msgid "unable to set terminal to raw mode" msgstr "无法将终端设为原始模式" -#: src/exec_pty.c:1013 +#: src/exec_pty.c:1042 #, c-format msgid "unable to set controlling tty" msgstr "无法设置控制终端" -#: src/exec_pty.c:1111 +#: src/exec_pty.c:1139 #, c-format msgid "error reading from signal pipe" msgstr "从单管道读取出错" -#: src/exec_pty.c:1132 +#: src/exec_pty.c:1160 #, c-format msgid "error reading from pipe" msgstr "从管道读取出错" -#: src/exec_pty.c:1148 +#: src/exec_pty.c:1176 #, c-format msgid "error reading from socketpair" msgstr "从套接字对读取出错" -#: src/exec_pty.c:1152 +#: src/exec_pty.c:1180 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "联络通道的回应类型异常:%d" -#: src/load_plugins.c:74 +#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132 +#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185 +#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205 +#, c-format +msgid "error in %s, line %d while loading plugin `%s'" +msgstr "在加载插件“%3$s”时在 %1$s 第 %2$d 行出错" + +#: src/load_plugins.c:72 #, c-format msgid "%s: %s" msgstr "%s:%s" -#: src/load_plugins.c:80 +#: src/load_plugins.c:81 #, c-format msgid "%s%s: %s" msgstr "%s%s:%s" -#: src/load_plugins.c:90 +#: src/load_plugins.c:140 #, c-format msgid "%s must be owned by uid %d" msgstr "%s 必须属于用户 ID %d(的用户)" -#: src/load_plugins.c:94 +#: src/load_plugins.c:146 #, c-format msgid "%s must be only be writable by owner" msgstr "%s 必须只对其所有者可写" -#: src/load_plugins.c:101 +#: src/load_plugins.c:187 #, c-format msgid "unable to dlopen %s: %s" msgstr "无法 dlopen %s:%s" -#: src/load_plugins.c:106 +#: src/load_plugins.c:194 +#, c-format +msgid "unable to find symbol `%s' in %s" +msgstr "在 %2$s 中找不到符号“%1$s”" + +#: src/load_plugins.c:201 #, c-format -msgid "%s: unable to find symbol %s" -msgstr "%s:找不到符号 %s" +msgid "unknown policy type %d found in %s" +msgstr "%2$s 中的策略类型 %1$d 未知" -#: src/load_plugins.c:112 +#: src/load_plugins.c:207 #, c-format -msgid "%s: unknown policy type %d" -msgstr "%s:未知的策略类型 %d" +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "%3$s 中发现不兼容的插件主版本号 %1$d(应为 %2$d)" -#: src/load_plugins.c:116 +#: src/load_plugins.c:216 #, c-format -msgid "%s: incompatible policy major version %d, expected %d" -msgstr "%s:不兼容的策略主版本号 %d,应为 %d" +msgid "ignoring policy plugin `%s' in %s, line %d" +msgstr "忽略位于 %2$s 第 %3$d 行的策略插件“%1$s”" -#: src/load_plugins.c:123 +#: src/load_plugins.c:218 #, c-format -msgid "%s: only a single policy plugin may be loaded" -msgstr "%s:只能加载一个策略插件" +msgid "only a single policy plugin may be specified" +msgstr "只能指定一个策略插件" -#: src/load_plugins.c:200 +#: src/load_plugins.c:221 +#, c-format +msgid "ignoring duplicate policy plugin `%s' in %s, line %d" +msgstr "忽略位于 %2$s 第 %3$d 行的重复策略插件“%1$s”" + +#: src/load_plugins.c:236 +#, c-format +msgid "ignoring duplicate I/O plugin `%s' in %s, line %d" +msgstr "忽略位于 %2$s 第 %3$d 行的重复 I/O 插件“%1$s”" + +#: src/load_plugins.c:313 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "策略插件 %s 不包含 check_policy 方法" -#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187 -#: src/net_ifs.c:298 src/net_ifs.c:322 +#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186 +#: src/net_ifs.c:297 src/net_ifs.c:321 #, c-format msgid "load_interfaces: overflow detected" msgstr "load_interfaces:检测到溢出" -#: src/net_ifs.c:227 +#: src/net_ifs.c:226 #, c-format msgid "unable to open socket" msgstr "无法打开套接字" -#: src/parse_args.c:187 +#: src/parse_args.c:197 #, c-format msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C 选项的参数必须是一个大于等于 3 的数字" -#: src/parse_args.c:276 +#: src/parse_args.c:286 #, c-format msgid "unknown user: %s" msgstr "未知用户:%s" -#: src/parse_args.c:335 +#: src/parse_args.c:345 #, c-format msgid "you may not specify both the `-i' and `-s' options" msgstr "您不能同时指定“-i”和“-s”选项" -#: src/parse_args.c:339 +#: src/parse_args.c:349 #, c-format msgid "you may not specify both the `-i' and `-E' options" msgstr "您不能同时指定“-i”和“-E”选项" -#: src/parse_args.c:349 +#: src/parse_args.c:359 #, c-format msgid "the `-E' option is not valid in edit mode" msgstr "“-E”选项在编辑模式中无效" -#: src/parse_args.c:351 +#: src/parse_args.c:361 #, c-format msgid "you may not specify environment variables in edit mode" msgstr "在编辑模式中您不能指定环境变量" -#: src/parse_args.c:359 +#: src/parse_args.c:369 #, c-format msgid "the `-U' option may only be used with the `-l' option" msgstr "“-U”选项只能与“-l”选项一起使用" -#: src/parse_args.c:363 +#: src/parse_args.c:373 #, c-format msgid "the `-A' and `-S' options may not be used together" msgstr "“-A”和“-S”选项不可同时使用" -#: src/parse_args.c:443 +#: src/parse_args.c:456 #, c-format msgid "sudoedit is not supported on this platform" msgstr "此平台不支持 sudoedit" -#: src/parse_args.c:516 +#: src/parse_args.c:529 #, c-format msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "只能指定 -e、-h、-i、-K、-l、-s、-v 或 -V 选项中的一个" -#: src/parse_args.c:530 +#: src/parse_args.c:543 #, c-format msgid "" "%s - edit files as another user\n" @@ -297,7 +327,7 @@ msgstr "" "%s - 以其他用户身份编辑文件\n" "\n" -#: src/parse_args.c:532 +#: src/parse_args.c:545 #, c-format msgid "" "%s - execute a command as another user\n" @@ -306,7 +336,7 @@ msgstr "" "%s - 以其他用户身份执行一条命令\n" "\n" -#: src/parse_args.c:537 +#: src/parse_args.c:550 #, c-format msgid "" "\n" @@ -315,103 +345,103 @@ msgstr "" "\n" "选项:\n" -#: src/parse_args.c:540 +#: src/parse_args.c:552 msgid "use helper program for password prompting\n" msgstr "使用助手程序进行密码提示\n" -#: src/parse_args.c:543 +#: src/parse_args.c:555 msgid "use specified BSD authentication type\n" msgstr "使用指定的 BSD 认证类型\n" -#: src/parse_args.c:545 +#: src/parse_args.c:558 msgid "run command in the background\n" msgstr "在后台运行命令\n" -#: src/parse_args.c:547 +#: src/parse_args.c:560 msgid "close all file descriptors >= fd\n" msgstr "关闭所有 >= fd 的文件描述符\n" -#: src/parse_args.c:550 +#: src/parse_args.c:563 msgid "run command with specified login class\n" msgstr "以指定的登录类别运行命令\n" -#: src/parse_args.c:553 +#: src/parse_args.c:566 msgid "preserve user environment when executing command\n" msgstr "在执行命令时保留用户环境\n" -#: src/parse_args.c:555 +#: src/parse_args.c:568 msgid "edit files instead of running a command\n" msgstr "编辑文件而非执行命令\n" -#: src/parse_args.c:557 +#: src/parse_args.c:570 msgid "execute command as the specified group\n" msgstr "以指定的用户组执行命令\n" -#: src/parse_args.c:559 +#: src/parse_args.c:572 msgid "set HOME variable to target user's home dir.\n" msgstr "将 HOME 变量设为目标用户的主目录。\n" -#: src/parse_args.c:561 +#: src/parse_args.c:574 msgid "display help message and exit\n" msgstr "显示帮助消息并退出\n" -#: src/parse_args.c:563 +#: src/parse_args.c:576 msgid "run a login shell as target user\n" msgstr "以目标用户身份运行一个登录 shell\n" -#: src/parse_args.c:565 +#: src/parse_args.c:578 msgid "remove timestamp file completely\n" msgstr "完全移除时间戳文件\n" -#: src/parse_args.c:567 +#: src/parse_args.c:580 msgid "invalidate timestamp file\n" msgstr "无效的时间戳文件\n" -#: src/parse_args.c:569 +#: src/parse_args.c:582 msgid "list user's available commands\n" msgstr "列出用户能执行的命令\n" -#: src/parse_args.c:571 +#: src/parse_args.c:584 msgid "non-interactive mode, will not prompt user\n" msgstr "非交互模式,将不提示用户\n" -#: src/parse_args.c:573 +#: src/parse_args.c:586 msgid "preserve group vector instead of setting to target's\n" msgstr "保留组向量,而非设置为目标的组向量\n" -#: src/parse_args.c:575 +#: src/parse_args.c:588 msgid "use specified password prompt\n" msgstr "使用指定的密码提示\n" -#: src/parse_args.c:578 src/parse_args.c:586 +#: src/parse_args.c:591 src/parse_args.c:599 msgid "create SELinux security context with specified role\n" msgstr "以指定的角色创建 SELinux 安全环境\n" -#: src/parse_args.c:581 +#: src/parse_args.c:594 msgid "read password from standard input\n" msgstr "从标准输入读取密码\n" -#: src/parse_args.c:583 +#: src/parse_args.c:596 msgid "run a shell as target user\n" msgstr "以目标用户身份运行 shell\n" -#: src/parse_args.c:589 +#: src/parse_args.c:602 msgid "when listing, list specified user's privileges\n" msgstr "在列表时,列出指定用户的权限\n" -#: src/parse_args.c:591 +#: src/parse_args.c:604 msgid "run command (or edit file) as specified user\n" msgstr "以指定用户身份运行命令(或编辑文件)\n" -#: src/parse_args.c:593 +#: src/parse_args.c:606 msgid "display version information and exit\n" msgstr "显示版本信息并退出\n" -#: src/parse_args.c:595 +#: src/parse_args.c:608 msgid "update user's timestamp without running a command\n" msgstr "更新用户的时间戳而不执行命令\n" -#: src/parse_args.c:597 +#: src/parse_args.c:610 msgid "stop processing command line arguments\n" msgstr "停止处理命令行参数\n" @@ -500,257 +530,262 @@ msgstr "无法确定强制模式。" msgid "unable to setup tty context for %s" msgstr "无法设置 %s 的终端环境" -#: src/selinux.c:373 +#: src/selinux.c:381 #, c-format msgid "unable to set exec context to %s" msgstr "无法向 %s 设置 exec 环境" -#: src/selinux.c:380 +#: src/selinux.c:388 #, c-format msgid "unable to set key creation context to %s" msgstr "无法向 %s 设置键创建环境" -#: src/sesh.c:70 +#: src/sesh.c:57 #, c-format msgid "requires at least one argument" msgstr "要求至少有一个参数" -#: src/sesh.c:91 +#: src/sesh.c:78 src/sudo.c:1126 #, c-format msgid "unable to execute %s" msgstr "无法执行 %s" -#: src/sudo.c:211 +#: src/solaris.c:88 +#, c-format +msgid "resource control limit has been reached" +msgstr "达到了资源控制限制" + +#: src/solaris.c:91 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "用户“%s”不是项目“%s”的成员" + +#: src/solaris.c:95 +#, c-format +msgid "the invoking task is final" +msgstr "调用的任务是最终的(final)" + +#: src/solaris.c:98 +#, c-format +msgid "could not join project \"%s\"" +msgstr "无法加入项目“%s”" + +#: src/solaris.c:103 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "不存在对应于项目“%s”的、接受默认绑定的资源池" + +#: src/solaris.c:107 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "指定的对应于项目“%s”的资源池不存在" + +#: src/solaris.c:111 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "无法为项目“%s”绑定到默认的资源池" + +#: src/solaris.c:117 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "对项目“%s”执行 setproject 失败" + +#: src/solaris.c:119 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "警告,对项目“%s”的资源控制分配失败" + +#: src/sudo.c:196 #, c-format msgid "Sudo version %s\n" msgstr "Sudo 版本 %s\n" -#: src/sudo.c:213 +#: src/sudo.c:198 #, c-format msgid "Configure options: %s\n" msgstr "当前选项:%s\n" -#: src/sudo.c:218 +#: src/sudo.c:203 #, c-format msgid "fatal error, unable to load plugins" msgstr "致命错误,无法加载插件" -#: src/sudo.c:226 +#: src/sudo.c:211 #, c-format msgid "unable to initialize policy plugin" msgstr "无法初始化策略插件" -#: src/sudo.c:281 +#: src/sudo.c:268 #, c-format msgid "error initializing I/O plugin %s" msgstr "初始化 I/O 插件 %s 出错" -#: src/sudo.c:306 +#: src/sudo.c:293 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "异常的 sudo 模式 0x%x" -#: src/sudo.c:400 +#: src/sudo.c:413 #, c-format msgid "unable to get group vector" msgstr "无法获取组向量" -#: src/sudo.c:452 +#: src/sudo.c:465 #, c-format msgid "unknown uid %u: who are you?" msgstr "未知的用户 ID %u:您是?" -#: src/sudo.c:782 +#: src/sudo.c:802 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s 必须属于用户 ID %d(的用户)并且设置 setuid 位" -#: src/sudo.c:785 +#: src/sudo.c:805 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "有效用户 ID 不是 %d,%s 位于一个设置了“nosuid”选项的文件系统或没有 root 权限的 NFS 文件系统中吗?" -#: src/sudo.c:791 +#: src/sudo.c:811 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "有效用户 ID 不是 %d,sudo 属于 root 并设置了 setuid 位吗?" -#: src/sudo.c:860 -#, c-format -msgid "resource control limit has been reached" -msgstr "达到了资源控制限制" - -#: src/sudo.c:863 -#, c-format -msgid "user \"%s\" is not a member of project \"%s\"" -msgstr "用户“%s”不是项目“%s”的成员" - -#: src/sudo.c:867 -#, c-format -msgid "the invoking task is final" -msgstr "调用的任务是最终的(final)" - -#: src/sudo.c:870 -#, c-format -msgid "could not join project \"%s\"" -msgstr "无法加入项目“%s”" - -#: src/sudo.c:875 -#, c-format -msgid "no resource pool accepting default bindings exists for project \"%s\"" -msgstr "不存在对应于项目“%s”的、接受默认绑定的资源池" - -#: src/sudo.c:879 -#, c-format -msgid "specified resource pool does not exist for project \"%s\"" -msgstr "指定的对应于项目“%s”的资源池不存在" - -#: src/sudo.c:883 -#, c-format -msgid "could not bind to default resource pool for project \"%s\"" -msgstr "无法为项目“%s”绑定到默认的资源池" - -#: src/sudo.c:889 -#, c-format -msgid "setproject failed for project \"%s\"" -msgstr "对项目“%s”执行 setproject 失败" - -#: src/sudo.c:891 -#, c-format -msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "警告,对项目“%s”的资源控制分配失败" - -#: src/sudo.c:959 +#: src/sudo.c:915 #, c-format msgid "unknown login class %s" msgstr "未知的登录类别 %s" -#: src/sudo.c:973 src/sudo.c:976 +#: src/sudo.c:929 src/sudo.c:932 #, c-format msgid "unable to set user context" msgstr "无法设置用户环境" -#: src/sudo.c:988 +#: src/sudo.c:944 #, c-format msgid "unable to set supplementary group IDs" msgstr "无法设置补充组 ID" -#: src/sudo.c:995 +#: src/sudo.c:951 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "无法设置有效组 ID 来以组 ID %u 运行" -#: src/sudo.c:1001 +#: src/sudo.c:957 #, c-format msgid "unable to set gid to runas gid %u" msgstr "无法设置组 ID 来以组 ID %u 运行" -#: src/sudo.c:1008 +#: src/sudo.c:964 #, c-format msgid "unable to set process priority" msgstr "无法设置进程优先级" -#: src/sudo.c:1016 +#: src/sudo.c:972 #, c-format msgid "unable to change root to %s" msgstr "无法从 root 切换到 %s" -#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035 +#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "无法切换到以用户 ID(%u,%u)运行" -#: src/sudo.c:1049 +#: src/sudo.c:1005 #, c-format msgid "unable to change directory to %s" msgstr "无法将目录切换到 %s" -#: src/sudo.c:1133 +#: src/sudo.c:1089 #, c-format msgid "unexpected child termination condition: %d" msgstr "异常的子进程终止条件:%d" -#: src/sudo.c:1194 +#: src/sudo.c:1146 +#, c-format +msgid "policy plugin %s is missing the `check_policy' method" +msgstr "“check_policy”方法中缺少策略插件 %s" + +#: src/sudo.c:1159 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "策略插件 %s 不支持列出权限" -#: src/sudo.c:1206 +#: src/sudo.c:1171 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "策略插件 %s不支持 -v 选项" -#: src/sudo.c:1218 +#: src/sudo.c:1183 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "策略插件 %s 不支持 -k/-K 选项" -#: src/sudo_edit.c:111 +#: src/sudo_edit.c:110 #, c-format msgid "unable to change uid to root (%u)" msgstr "无法将用户 ID 切换到 root(%u)" -#: src/sudo_edit.c:143 +#: src/sudo_edit.c:142 #, c-format msgid "plugin error: missing file list for sudoedit" msgstr "插件错误:缺少 sudoedit 的文件列表" -#: src/sudo_edit.c:171 src/sudo_edit.c:271 +#: src/sudo_edit.c:170 src/sudo_edit.c:270 #, c-format msgid "%s: not a regular file" msgstr "%s:不是常规文件" -#: src/sudo_edit.c:205 src/sudo_edit.c:307 +#: src/sudo_edit.c:204 src/sudo_edit.c:306 #, c-format msgid "%s: short write" msgstr "%s:截短写入" -#: src/sudo_edit.c:272 +#: src/sudo_edit.c:271 #, c-format msgid "%s left unmodified" msgstr "%s 并未修改" -#: src/sudo_edit.c:285 +#: src/sudo_edit.c:284 #, c-format msgid "%s unchanged" msgstr "%s 已更改" -#: src/sudo_edit.c:297 src/sudo_edit.c:318 +#: src/sudo_edit.c:296 src/sudo_edit.c:317 #, c-format msgid "unable to write to %s" msgstr "无法写入 %s" -#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319 +#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318 #, c-format msgid "contents of edit session left in %s" msgstr "编辑会话的内容留在了 %s 中" -#: src/sudo_edit.c:315 +#: src/sudo_edit.c:314 #, c-format msgid "unable to read temporary file" msgstr "无法读取临时文件" -#: src/tgetpass.c:90 +#: src/tgetpass.c:89 #, c-format msgid "no tty present and no askpass program specified" msgstr "没有终端存在,且未指定 askpass 程序" -#: src/tgetpass.c:99 +#: src/tgetpass.c:98 #, c-format msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "没有指定 askpass 程序,尝试设置 SUDO_ASKPASS" -#: src/tgetpass.c:231 +#: src/tgetpass.c:230 #, c-format msgid "unable to set gid to %u" msgstr "无法将组 ID 设为 %u" -#: src/tgetpass.c:235 +#: src/tgetpass.c:234 #, c-format msgid "unable to set uid to %u" msgstr "无法将用户 ID 设为 %u" -#: src/tgetpass.c:240 +#: src/tgetpass.c:239 #, c-format msgid "unable to run %s" msgstr "无法执行 %s" @@ -770,6 +805,12 @@ msgstr "无法 dup2 stdin" msgid "unable to restore stdin" msgstr "无法恢复 stdin" +#~ msgid "unable to allocate memory" +#~ msgstr "无法分配内存" + +#~ msgid ": " +#~ msgstr ":" + #~ msgid "internal error, emalloc2() overflow" #~ msgstr "内部错误,emalloc2() 溢出" diff --git a/src/preload.c b/src/preload.c index cb0bdde..8181109 100644 --- a/src/preload.c +++ b/src/preload.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010, 2011 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/src/regress/ttyname/check_ttyname.c b/src/regress/ttyname/check_ttyname.c new file mode 100644 index 0000000..38a8243 --- /dev/null +++ b/src/regress/ttyname/check_ttyname.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include + +#include "missing.h" +#include "alloc.h" +#include "error.h" + +__dso_public int main(int argc, char *argv[]); + +extern char *get_process_ttyname(void); + +int +main(int argc, char *argv[]) +{ + char *tty_libc, *tty_sudo; + int rval = 0; + +#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) + setprogname(argc > 0 ? argv[0] : "check_ttyname"); +#endif + + /* Lookup tty name via libc. */ + if ((tty_libc = ttyname(STDIN_FILENO)) == NULL && + (tty_libc = ttyname(STDOUT_FILENO)) == NULL && + (tty_libc = ttyname(STDERR_FILENO)) == NULL) + tty_libc = "none"; + tty_libc = estrdup(tty_libc); + + /* Lookup tty name via sudo (using kernel info if possible). */ + if ((tty_sudo = get_process_ttyname()) == NULL) + tty_sudo = estrdup("none"); + + if (strcmp(tty_libc, tty_sudo) == 0) { + printf("%s: OK (%s)\n", getprogname(), tty_sudo); + } else { + printf("%s: FAIL %s (sudo) vs. %s (libc)\n", getprogname(), + tty_sudo, tty_libc); + rval = 1; + } + + efree(tty_libc); + efree(tty_sudo); + exit(rval); +} diff --git a/src/selinux.c b/src/selinux.c index 8050572..30d6949 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2010 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * Copyright (c) 2008 Dan Walsh * * Borrowed heavily from newrole source code @@ -74,7 +74,7 @@ audit_role_change(const security_context_t old_context, /* Kernel may not have audit support. */ if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT ) - error(1, _("unable to open audit system")); + fatal(_("unable to open audit system")); } else { /* audit role change using the same format as newrole(1) */ easprintf(&message, "newrole: old-context=%s new-context=%s", @@ -366,9 +366,17 @@ selinux_execve(const char *path, char *const argv[], char *const envp[], int noexec) { char **nargv; + const char *sesh; int argc, serrno; debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) + sesh = sudo_conf_sesh_path(); + if (sesh == NULL) { + warningx("internal error: sesh path not set"); + errno = EINVAL; + debug_return; + } + if (setexeccon(se_state.new_context)) { warning(_("unable to set exec context to %s"), se_state.new_context); if (se_state.enforcing) @@ -399,7 +407,7 @@ selinux_execve(const char *path, char *const argv[], char *const envp[], memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */ /* sesh will handle noexec for us. */ - sudo_execve(_PATH_SUDO_SESH, nargv, envp, 0); + sudo_execve(sesh, nargv, envp, 0); serrno = errno; free(nargv); errno = serrno; diff --git a/src/sesh.c b/src/sesh.c index e6d57e5..1a1b999 100644 --- a/src/sesh.c +++ b/src/sesh.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2010 Todd C. Miller + * Copyright (c) 2008, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -25,9 +25,6 @@ #include #include #include -#ifdef HAVE_SETLOCALE -# include -#endif #ifdef HAVE_STDBOOL_H # include #else @@ -43,16 +40,7 @@ #include "sudo_exec.h" #include "sudo_plugin.h" -sudo_conv_t sudo_conv; /* NULL in non-plugin */ - -/* - * Cleanup hook for error()/errorx() - */ -void -cleanup(int gotsignal) -{ - return; -} +__dso_public int main(int argc, char *argv[], char *envp[]); int main(int argc, char *argv[], char *envp[]) @@ -61,17 +49,15 @@ main(int argc, char *argv[], char *envp[]) int noexec = 0; debug_decl(main, SUDO_DEBUG_MAIN) -#ifdef HAVE_SETLOCALE setlocale(LC_ALL, ""); -#endif bindtextdomain(PACKAGE_NAME, LOCALEDIR); textdomain(PACKAGE_NAME); if (argc < 2) - errorx(EXIT_FAILURE, _("requires at least one argument")); + fatalx(_("requires at least one argument")); /* Read sudo.conf. */ - sudo_conf_read(); + sudo_conf_read(NULL); /* If argv[0] ends in -noexec, pass the flag to sudo_execve() */ if ((cp = strrchr(argv[0], '-')) != NULL && cp != argv[0]) diff --git a/src/signal.c b/src/signal.c new file mode 100644 index 0000000..2574926 --- /dev/null +++ b/src/signal.c @@ -0,0 +1,176 @@ +/* + * Copyright (c) 2009-2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#include +#include + +#include "sudo.h" + +int signal_pipe[2]; + +static struct signal_state { + int signo; + int restore; + sigaction_t sa; +} saved_signals[] = { + { SIGALRM }, /* SAVED_SIGALRM */ + { SIGCHLD }, /* SAVED_SIGCHLD */ + { SIGCONT }, /* SAVED_SIGCONT */ + { SIGHUP }, /* SAVED_SIGHUP */ + { SIGINT }, /* SAVED_SIGINT */ + { SIGPIPE }, /* SAVED_SIGPIPE */ + { SIGQUIT }, /* SAVED_SIGQUIT */ + { SIGTERM }, /* SAVED_SIGTERM */ + { SIGTSTP }, /* SAVED_SIGTSTP */ + { SIGTTIN }, /* SAVED_SIGTTIN */ + { SIGTTOU }, /* SAVED_SIGTTOU */ + { SIGUSR1 }, /* SAVED_SIGUSR1 */ + { SIGUSR2 }, /* SAVED_SIGUSR2 */ + { -1 } +}; + +/* + * Save signal handler state so it can be restored before exec. + */ +void +save_signals(void) +{ + struct signal_state *ss; + debug_decl(save_signals, SUDO_DEBUG_MAIN) + + for (ss = saved_signals; ss->signo != -1; ss++) + sigaction(ss->signo, NULL, &ss->sa); + + debug_return; +} + +/* + * Restore signal handlers to initial state for exec. + */ +void +restore_signals(void) +{ + struct signal_state *ss; + debug_decl(restore_signals, SUDO_DEBUG_MAIN) + + for (ss = saved_signals; ss->signo != -1; ss++) { + if (ss->restore) + sigaction(ss->signo, &ss->sa, NULL); + } + + debug_return; +} + +static void +sudo_handler(int signo) +{ + /* + * The pipe is non-blocking, if we overflow the kernel's pipe + * buffer we drop the signal. This is not a problem in practice. + */ + ignore_result(write(signal_pipe[1], &signo, sizeof(signo))); +} + +/* + * Trap tty-generated (and other) signals so we can't be killed before + * calling the policy close function. The signal pipe will be drained + * in sudo_execute() before running the command and new handlers will + * be installed in the parent. + */ +void +init_signals(void) +{ + struct sigaction sa; + struct signal_state *ss; + debug_decl(init_signals, SUDO_DEBUG_MAIN) + + /* + * We use a pipe to atomically handle signal notification within + * the select() loop without races (we may not have pselect()). + */ + if (pipe_nonblock(signal_pipe) != 0) + fatal(_("unable to create pipe")); + + memset(&sa, 0, sizeof(sa)); + sigfillset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sa.sa_handler = sudo_handler; + + for (ss = saved_signals; ss->signo > 0; ss++) { + switch (ss->signo) { + case SIGCHLD: + case SIGCONT: + case SIGPIPE: + case SIGTTIN: + case SIGTTOU: + /* Don't install these until exec time. */ + break; + default: + if (ss->sa.sa_handler != SIG_IGN) + sigaction(ss->signo, &sa, NULL); + break; + } + } + debug_return; +} + +/* + * Like sigaction() but sets restore flag in saved_signals[] + * if needed. + */ +int +sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa) +{ + struct signal_state *ss; + int rval; + debug_decl(sudo_sigaction, SUDO_DEBUG_MAIN) + + for (ss = saved_signals; ss->signo > 0; ss++) { + if (ss->signo == signo) { + /* If signal was or now is ignored, restore old handler on exec. */ + if (ss->sa.sa_handler == SIG_IGN || sa->sa_handler == SIG_IGN) { + sudo_debug_printf(SUDO_DEBUG_INFO, + "will restore signal %d on exec", signo); + ss->restore = true; + } + break; + } + } + rval = sigaction(signo, sa, osa); + + debug_return_int(rval); +} diff --git a/src/solaris.c b/src/solaris.c new file mode 100644 index 0000000..7d0104e --- /dev/null +++ b/src/solaris.c @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2009-2012 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#ifdef HAVE_PROJECT_H +# include +# include +#endif +#include +#include +#include + +#include "sudo.h" + +int +os_init(int argc, char *argv[], char *envp[]) +{ + /* + * Solaris 11 is unable to load the per-locale shared objects + * without this. We must keep the handle open for it to work. + * This bug was fixed in Solaris 11 Update 1. + */ + void *handle = dlopen("/usr/lib/locale/common/methods_unicode.so.3", + RTLD_LAZY|RTLD_GLOBAL); + (void)&handle; + + return os_init_common(argc, argv, envp); +} + +#ifdef HAVE_PROJECT_H +void +set_project(struct passwd *pw) +{ + struct project proj; + char buf[PROJECT_BUFSZ]; + int errval; + debug_decl(set_project, SUDO_DEBUG_UTIL) + + /* + * Collect the default project for the user and settaskid + */ + setprojent(); + if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) { + errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL); + switch(errval) { + case 0: + break; + case SETPROJ_ERR_TASK: + switch (errno) { + case EAGAIN: + warningx(_("resource control limit has been reached")); + break; + case ESRCH: + warningx(_("user \"%s\" is not a member of project \"%s\""), + pw->pw_name, proj.pj_name); + break; + case EACCES: + warningx(_("the invoking task is final")); + break; + default: + warningx(_("could not join project \"%s\""), proj.pj_name); + } + case SETPROJ_ERR_POOL: + switch (errno) { + case EACCES: + warningx(_("no resource pool accepting default bindings " + "exists for project \"%s\""), proj.pj_name); + break; + case ESRCH: + warningx(_("specified resource pool does not exist for " + "project \"%s\""), proj.pj_name); + break; + default: + warningx(_("could not bind to default resource pool for " + "project \"%s\""), proj.pj_name); + } + break; + default: + if (errval <= 0) { + warningx(_("setproject failed for project \"%s\""), proj.pj_name); + } else { + warningx(_("warning, resource control assignment failed for " + "project \"%s\""), proj.pj_name); + } + } + } else { + warning("getdefaultproj"); + } + endprojent(); + debug_return; +} +#endif /* HAVE_PROJECT_H */ diff --git a/src/sudo.c b/src/sudo.c index f981e49..0de32d4 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2012 Todd C. Miller + * Copyright (c) 2009-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,6 @@ #include #include -#include #include #include #include @@ -58,9 +57,6 @@ #if TIME_WITH_SYS_TIME # include #endif -#ifdef HAVE_SETLOCALE -# include -#endif #ifdef HAVE_LOGIN_CAP_H # include # ifndef LOGIN_SETENV @@ -86,17 +82,11 @@ # endif /* __hpux */ # include #endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ -#if defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) || defined (HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV) -# include -#elif defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV) -# include -# include -#endif #include "sudo.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" -#include +#include "sudo_usage.h" /* * Local variables @@ -105,6 +95,7 @@ struct plugin_container policy_plugin; struct plugin_container_list io_plugins; struct user_details user_details; const char *list_user, *runas_user, *runas_group; /* extern for parse_args.c */ +static struct command_details command_details; static int sudo_mode; /* @@ -147,6 +138,8 @@ static struct rlimit corelimit; static struct rlimit nproclimit; #endif +__dso_public int main(int argc, char *argv[], char *envp[]); + int main(int argc, char *argv[], char *envp[]) { @@ -154,28 +147,19 @@ main(int argc, char *argv[], char *envp[]) char **nargv, **settings, **env_add; char **user_info, **command_info, **argv_out, **user_env_out; struct plugin_container *plugin, *next; - struct command_details command_details; sigset_t mask; debug_decl(main, SUDO_DEBUG_MAIN) -#if defined(SUDO_DEVEL) && defined(__OpenBSD__) - { - extern char *malloc_options; - malloc_options = "AFGJPR"; - } -#endif - -#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) - if (argc > 0) - setprogname(argv[0]); -#endif + os_init(argc, argv, envp); -#ifdef HAVE_SETLOCALE setlocale(LC_ALL, ""); -#endif bindtextdomain(PACKAGE_NAME, LOCALEDIR); textdomain(PACKAGE_NAME); +#ifdef HAVE_TZSET + (void) tzset(); +#endif /* HAVE_TZSET */ + /* Must be done before we do any password lookups */ #if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS) (void) set_auth_parameters(argc, argv); @@ -194,7 +178,7 @@ main(int argc, char *argv[], char *envp[]) fix_fds(); /* Read sudo.conf. */ - sudo_conf_read(); + sudo_conf_read(NULL); /* Fill in user_info with user name, uid, cwd, etc. */ memset(&user_details, 0, sizeof(user_details)); @@ -216,7 +200,7 @@ main(int argc, char *argv[], char *envp[]) /* Load plugins. */ if (!sudo_load_plugins(&policy_plugin, &io_plugins)) - errorx(1, _("fatal error, unable to load plugins")); + fatalx(_("fatal error, unable to load plugins")); /* Open policy plugin. */ ok = policy_open(&policy_plugin, settings, user_info, envp); @@ -224,16 +208,18 @@ main(int argc, char *argv[], char *envp[]) if (ok == -2) usage(1); else - errorx(1, _("unable to initialize policy plugin")); + fatalx(_("unable to initialize policy plugin")); } + init_signals(); + switch (sudo_mode & MODE_MASK) { case MODE_VERSION: policy_show_version(&policy_plugin, !user_details.uid); tq_foreach_fwd(&io_plugins, plugin) { ok = iolog_open(plugin, settings, user_info, NULL, nargc, nargv, envp); - if (ok == 1) + if (ok != -1) iolog_show_version(plugin, !user_details.uid); } break; @@ -279,7 +265,7 @@ main(int argc, char *argv[], char *envp[]) usage(1); break; default: - errorx(1, _("error initializing I/O plugin %s"), + fatalx(_("error initializing I/O plugin %s"), plugin->name); } } @@ -290,7 +276,8 @@ main(int argc, char *argv[], char *envp[]) if (ISSET(sudo_mode, MODE_BACKGROUND)) SET(command_details.flags, CD_BACKGROUND); /* Become full root (not just setuid) so user cannot kill us. */ - (void) setuid(ROOT_UID); + if (setuid(ROOT_UID) == -1) + warning("setuid(%d)", ROOT_UID); /* Restore coredumpsize resource limit before running. */ #ifdef RLIMIT_CORE if (sudo_conf_disable_coredump()) @@ -304,12 +291,22 @@ main(int argc, char *argv[], char *envp[]) /* The close method was called by sudo_edit/run_command. */ break; default: - errorx(1, _("unexpected sudo mode 0x%x"), sudo_mode); + fatalx(_("unexpected sudo mode 0x%x"), sudo_mode); } sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); exit(exitcode); } +int +os_init_common(int argc, char *argv[], char *envp[]) +{ +#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) + if (argc > 0) + setprogname(argv[0]); +#endif + return 0; +} + /* * Ensure that stdin, stdout and stderr are open; set to /dev/null if not. * Some operating systems do this automatically in the kernel or libc. @@ -329,13 +326,13 @@ fix_fds(void) miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1; if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) { if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) == -1) - error(1, _("unable to open %s"), _PATH_DEVNULL); + fatal(_("unable to open %s"), _PATH_DEVNULL); if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1) - error(1, "dup2"); + fatal("dup2"); if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1) - error(1, "dup2"); + fatal("dup2"); if (miss[STDERR_FILENO] && dup2(devnull, STDERR_FILENO) == -1) - error(1, "dup2"); + fatal("dup2"); if (devnull > STDERR_FILENO) close(devnull); } @@ -344,32 +341,38 @@ fix_fds(void) /* * Allocate space for groups and fill in using getgrouplist() - * for when we cannot use getgroups(). + * for when we cannot (or don't want to) use getgroups(). */ static int -fill_group_list(struct user_details *ud) +fill_group_list(struct user_details *ud, int system_maxgroups) { - int maxgroups, tries, rval = -1; + int tries, rval = -1; debug_decl(fill_group_list, SUDO_DEBUG_UTIL) -#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) - maxgroups = (int)sysconf(_SC_NGROUPS_MAX); - if (maxgroups < 0) -#endif - maxgroups = NGROUPS_MAX; - /* - * It is possible to belong to more groups in the group database - * than NGROUPS_MAX. We start off with NGROUPS_MAX * 2 entries - * and double this as needed. + * If user specified a max number of groups, use it, otherwise keep + * trying getgrouplist() until we have enough room in the array. */ - ud->groups = NULL; - ud->ngroups = maxgroups; - for (tries = 0; tries < 10 && rval == -1; tries++) { - ud->ngroups *= 2; - efree(ud->groups); + ud->ngroups = sudo_conf_max_groups(); + if (ud->ngroups != -1) { ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T)); - rval = getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups); + /* No error on insufficient space if user specified max_groups. */ + (void)getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups); + rval = 0; + } else { + /* + * It is possible to belong to more groups in the group database + * than NGROUPS_MAX. We start off with NGROUPS_MAX * 4 entries + * and double this as needed. + */ + ud->groups = NULL; + ud->ngroups = system_maxgroups << 1; + for (tries = 0; tries < 10 && rval == -1; tries++) { + ud->ngroups <<= 1; + efree(ud->groups); + ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T)); + rval = getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups); + } } debug_return_int(rval); } @@ -379,26 +382,36 @@ get_user_groups(struct user_details *ud) { char *cp, *gid_list = NULL; size_t glsize; - int i, len; + int i, len, maxgroups, group_source; debug_decl(get_user_groups, SUDO_DEBUG_UTIL) - /* - * Systems with mbr_check_membership() support more than NGROUPS_MAX - * groups so we cannot use getgroups(). - */ +#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) + maxgroups = (int)sysconf(_SC_NGROUPS_MAX); + if (maxgroups < 0) +#endif + maxgroups = NGROUPS_MAX; + ud->groups = NULL; -#ifndef HAVE_MBR_CHECK_MEMBERSHIP - if ((ud->ngroups = getgroups(0, NULL)) > 0) { - ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T)); - if (getgroups(ud->ngroups, ud->groups) < 0) { - efree(ud->groups); - ud->groups = NULL; + group_source = sudo_conf_group_source(); + if (group_source != GROUP_SOURCE_DYNAMIC) { + if ((ud->ngroups = getgroups(0, NULL)) > 0) { + /* Use groups from kernel if not too many or source is static. */ + if (ud->ngroups < maxgroups || group_source == GROUP_SOURCE_STATIC) { + ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T)); + if (getgroups(ud->ngroups, ud->groups) < 0) { + efree(ud->groups); + ud->groups = NULL; + } + } } } -#endif /* HAVE_MBR_CHECK_MEMBERSHIP */ if (ud->groups == NULL) { - if (fill_group_list(ud) == -1) - error(1, _("unable to get group vector")); + /* + * Query group database if kernel list is too small or disabled. + * Typically, this is because NFS can only support up to 16 groups. + */ + if (fill_group_list(ud, maxgroups) == -1) + fatal(_("unable to get group vector")); } /* @@ -424,7 +437,7 @@ get_user_groups(struct user_details *ud) static char ** get_user_info(struct user_details *ud) { - char *cp, **user_info, cwd[PATH_MAX], host[MAXHOSTNAMELEN]; + char *cp, **user_info, cwd[PATH_MAX], host[HOST_NAME_MAX + 1]; struct passwd *pw; int fd, i = 0; debug_decl(get_user_info, SUDO_DEBUG_UTIL) @@ -450,11 +463,11 @@ get_user_info(struct user_details *ud) pw = getpwuid(ud->uid); if (pw == NULL) - errorx(1, _("unknown uid %u: who are you?"), (unsigned int)ud->uid); + fatalx(_("unknown uid %u: who are you?"), (unsigned int)ud->uid); user_info[i] = fmt_string("user", pw->pw_name); if (user_info[i] == NULL) - errorx(1, _("unable to allocate memory")); + fatalx(NULL); ud->username = user_info[i] + sizeof("user=") - 1; /* Stash user's shell for use with the -s flag; don't pass to plugin. */ @@ -480,14 +493,14 @@ get_user_info(struct user_details *ud) if (getcwd(cwd, sizeof(cwd)) != NULL) { user_info[++i] = fmt_string("cwd", cwd); if (user_info[i] == NULL) - errorx(1, _("unable to allocate memory")); + fatalx(NULL); ud->cwd = user_info[i] + sizeof("cwd=") - 1; } if ((cp = get_process_ttyname()) != NULL) { user_info[++i] = fmt_string("tty", cp); if (user_info[i] == NULL) - errorx(1, _("unable to allocate memory")); + fatalx(NULL); ud->tty = user_info[i] + sizeof("tty=") - 1; efree(cp); } @@ -498,7 +511,7 @@ get_user_info(struct user_details *ud) strlcpy(host, "localhost", sizeof(host)); user_info[++i] = fmt_string("host", host); if (user_info[i] == NULL) - errorx(1, _("unable to allocate memory")); + fatalx(NULL); ud->host = user_info[i] + sizeof("host=") - 1; get_ttysize(&ud->ts_lines, &ud->ts_cols); @@ -554,6 +567,13 @@ command_info_to_details(char * const info[], struct command_details *details) break; } break; + case 'e': + if (strncmp("exec_background=", info[i], sizeof("exec_background=") - 1) == 0) { + if (atobool(info[i] + sizeof("exec_background=") - 1) == true) + SET(details->flags, CD_EXEC_BG); + break; + } + break; case 'l': SET_STRING("login_class=", login_class) break; @@ -757,7 +777,7 @@ command_info_to_details(char * const info[], struct command_details *details) #endif details->pw = getpwuid(details->euid); if (details->pw != NULL && (details->pw = pw_dup(details->pw)) == NULL) - errorx(1, _("unable to allocate memory")); + fatalx(NULL); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif @@ -779,16 +799,16 @@ sudo_check_suid(const char *path) if (strchr(path, '/') != NULL && stat(path, &sb) == 0) { /* Try to determine why sudo was not running as root. */ if (sb.st_uid != ROOT_UID || !ISSET(sb.st_mode, S_ISUID)) { - errorx(1, + fatalx( _("%s must be owned by uid %d and have the setuid bit set"), path, ROOT_UID); } else { - errorx(1, _("effective uid is not %d, is %s on a file system " + fatalx(_("effective uid is not %d, is %s on a file system " "with the 'nosuid' option set or an NFS file system without" " root privileges?"), ROOT_UID, path); } } else { - errorx(1, + fatalx( _("effective uid is not %d, is sudo installed setuid root?"), ROOT_UID); } @@ -837,70 +857,6 @@ disable_coredumps(void) debug_return; } -#ifdef HAVE_PROJECT_H -static void -set_project(struct passwd *pw) -{ - struct project proj; - char buf[PROJECT_BUFSZ]; - int errval; - debug_decl(set_project, SUDO_DEBUG_UTIL) - - /* - * Collect the default project for the user and settaskid - */ - setprojent(); - if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) { - errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL); - switch(errval) { - case 0: - break; - case SETPROJ_ERR_TASK: - switch (errno) { - case EAGAIN: - warningx(_("resource control limit has been reached")); - break; - case ESRCH: - warningx(_("user \"%s\" is not a member of project \"%s\""), - pw->pw_name, proj.pj_name); - break; - case EACCES: - warningx(_("the invoking task is final")); - break; - default: - warningx(_("could not join project \"%s\""), proj.pj_name); - } - case SETPROJ_ERR_POOL: - switch (errno) { - case EACCES: - warningx(_("no resource pool accepting default bindings " - "exists for project \"%s\""), proj.pj_name); - break; - case ESRCH: - warningx(_("specified resource pool does not exist for " - "project \"%s\""), proj.pj_name); - break; - default: - warningx(_("could not bind to default resource pool for " - "project \"%s\""), proj.pj_name); - } - break; - default: - if (errval <= 0) { - warningx(_("setproject failed for project \"%s\""), proj.pj_name); - } else { - warningx(_("warning, resource control assignment failed for " - "project \"%s\""), proj.pj_name); - } - } - } else { - warning("getdefaultproj"); - } - endprojent(); - debug_return; -} -#endif /* HAVE_PROJECT_H */ - /* * Setup the execution environment immediately prior to the call to execve() * Returns true on success and false on failure. @@ -924,23 +880,23 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd) set_project(details->pw); #endif #ifdef HAVE_PRIV_SET - if (details->privs != NULL) { - if (setppriv(PRIV_SET, PRIV_INHERITABLE, details->privs) != 0) { - warning("unable to set privileges"); - goto done; - } - } - if (details->limitprivs != NULL) { - if (setppriv(PRIV_SET, PRIV_LIMIT, details->limitprivs) != 0) { - warning("unable to set limit privileges"); - goto done; + if (details->privs != NULL) { + if (setppriv(PRIV_SET, PRIV_INHERITABLE, details->privs) != 0) { + warning("unable to set privileges"); + goto done; + } } - } else if (details->privs != NULL) { - if (setppriv(PRIV_SET, PRIV_LIMIT, details->privs) != 0) { - warning("unable to set limit privileges"); - goto done; + if (details->limitprivs != NULL) { + if (setppriv(PRIV_SET, PRIV_LIMIT, details->limitprivs) != 0) { + warning("unable to set limit privileges"); + goto done; + } + } else if (details->privs != NULL) { + if (setppriv(PRIV_SET, PRIV_LIMIT, details->privs) != 0) { + warning("unable to set limit privileges"); + goto done; + } } - } #endif /* HAVE_PRIV_SET */ #ifdef HAVE_GETUSERATTR @@ -1165,7 +1121,10 @@ static void policy_close(struct plugin_container *plugin, int exit_status, int error) { debug_decl(policy_close, SUDO_DEBUG_PCOMM) - plugin->u.policy->close(exit_status, error); + if (plugin->u.policy->close != NULL) + plugin->u.policy->close(exit_status, error); + else + warning(_("unable to execute %s"), command_details.command); debug_return; } @@ -1173,6 +1132,8 @@ static int policy_show_version(struct plugin_container *plugin, int verbose) { debug_decl(policy_show_version, SUDO_DEBUG_PCOMM) + if (plugin->u.policy->show_version == NULL) + debug_return_bool(true); debug_return_bool(plugin->u.policy->show_version(verbose)); } @@ -1182,6 +1143,10 @@ policy_check(struct plugin_container *plugin, int argc, char * const argv[], char **user_env_out[]) { debug_decl(policy_check, SUDO_DEBUG_PCOMM) + if (plugin->u.policy->check_policy == NULL) { + fatalx(_("policy plugin %s is missing the `check_policy' method"), + plugin->name); + } debug_return_bool(plugin->u.policy->check_policy(argc, argv, env_add, command_info, argv_out, user_env_out)); } @@ -1216,7 +1181,7 @@ policy_invalidate(struct plugin_container *plugin, int remove) { debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM) if (plugin->u.policy->invalidate == NULL) { - errorx(1, _("policy plugin %s does not support the -k/-K options"), + fatalx(_("policy plugin %s does not support the -k/-K options"), plugin->name); } plugin->u.policy->invalidate(remove); @@ -1280,7 +1245,8 @@ static void iolog_close(struct plugin_container *plugin, int exit_status, int error) { debug_decl(iolog_close, SUDO_DEBUG_PCOMM) - plugin->u.io->close(exit_status, error); + if (plugin->u.io->close != NULL) + plugin->u.io->close(exit_status, error); debug_return; } @@ -1288,6 +1254,8 @@ static int iolog_show_version(struct plugin_container *plugin, int verbose) { debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM) + if (plugin->u.io->show_version == NULL) + debug_return_bool(true); debug_return_bool(plugin->u.io->show_version(verbose)); } diff --git a/src/sudo.h b/src/sudo.h index 87accee..703e398 100644 --- a/src/sudo.h +++ b/src/sudo.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996, 1998-2005, 2007-2012 + * Copyright (c) 1993-1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: sudo.h,v 1.290 2009/12/12 16:12:26 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -46,9 +44,9 @@ #endif #ifdef __TANDEM -# define ROOT_UID 65535 +# define ROOT_UID 65535 #else -# define ROOT_UID 0 +# define ROOT_UID 0 #endif /* @@ -130,6 +128,7 @@ struct user_details { #define CD_RBAC_ENABLED 0x0800 #define CD_USE_PTY 0x1000 #define CD_SET_UTMP 0x2000 +#define CD_EXEC_BG 0x4000 struct command_details { uid_t uid; @@ -172,7 +171,7 @@ struct command_status { struct timeval; -/* For error() and errorx() (XXX - needed?) */ +/* For fatal() and fatalx() (XXX - needed?) */ void cleanup(int); /* tgetpass.c */ @@ -183,9 +182,8 @@ int tty_present(void); void zero_bytes(volatile void *, size_t); /* exec.c */ +int pipe_nonblock(int fds[2]); int sudo_execute(struct command_details *details, struct command_status *cstat); -void save_signals(void); -void restore_signals(void); /* term.c */ int term_cbreak(int); @@ -215,6 +213,7 @@ void get_ttysize(int *rowp, int *colp); bool exec_setup(struct command_details *details, const char *ptyname, int ptyfd); int policy_init_session(struct command_details *details); int run_command(struct command_details *details); +int os_init_common(int argc, char *argv[], char *envp[]); extern const char *list_user, *runas_user, *runas_group; extern struct user_details user_details; @@ -224,6 +223,9 @@ int sudo_edit(struct command_details *details); /* parse_args.c */ void usage(int); +/* openbsd.c */ +int os_init_openbsd(int argc, char *argv[], char *envp[]); + /* selinux.c */ int selinux_restore_tty(void); int selinux_setup(const char *role, const char *type, const char *ttyn, @@ -231,6 +233,10 @@ int selinux_setup(const char *role, const char *type, const char *ttyn, void selinux_execve(const char *path, char *const argv[], char *const envp[], int noexec); +/* solaris.c */ +void set_project(struct passwd *); +int os_init_solaris(int argc, char *argv[], char *envp[]); + /* aix.c */ void aix_prep_user(char *user, const char *tty); void aix_restoreauthdb(void); @@ -258,4 +264,12 @@ int sudo_setgroups(int ngids, const GETGROUPS_T *gids); /* ttyname.c */ char *get_process_ttyname(void); +/* signal.c */ +struct sigaction; +extern int signal_pipe[2]; +int sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa); +void init_signals(void); +void restore_signals(void); +void save_signals(void); + #endif /* _SUDO_SUDO_H */ diff --git a/src/sudo_edit.c b/src/sudo_edit.c index f7df6e8..90864c6 100644 --- a/src/sudo_edit.c +++ b/src/sudo_edit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2008, 2010-2011 Todd C. Miller + * Copyright (c) 2004-2008, 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include #include @@ -63,17 +62,17 @@ switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) /* When restoring root, change euid first; otherwise change it last. */ if (euid == ROOT_UID) { if (seteuid(ROOT_UID) != 0) - error(1, "seteuid(ROOT_UID)"); + fatal("seteuid(ROOT_UID)"); } if (setegid(egid) != 0) - error(1, "setegid(%d)", (int)egid); + fatal("setegid(%d)", (int)egid); if (ngroups != -1) { if (sudo_setgroups(ngroups, groups) != 0) - error(1, "setgroups"); + fatal("setgroups"); } if (euid != ROOT_UID) { if (seteuid(euid) != 0) - error(1, "seteuid(%d)", (int)euid); + fatal("seteuid(%d)", (int)euid); } errno = serrno; @@ -188,10 +187,10 @@ sudo_edit(struct command_details *command_details) easprintf(&tf[j].tfile, "%.*s/%s.XXXXXXXX", tmplen, tmpdir, cp); } if (seteuid(user_details.uid) != 0) - error(1, "seteuid(%d)", (int)user_details.uid); + fatal("seteuid(%d)", (int)user_details.uid); tfd = mkstemps(tf[j].tfile, suff ? strlen(suff) : 0); if (seteuid(ROOT_UID) != 0) - error(1, "seteuid(ROOT_UID)"); + fatal("seteuid(ROOT_UID)"); if (tfd == -1) { warning("mkstemps"); goto cleanup; @@ -258,12 +257,12 @@ sudo_edit(struct command_details *command_details) for (i = 0; i < nfiles; i++) { rc = -1; if (seteuid(user_details.uid) != 0) - error(1, "seteuid(%d)", (int)user_details.uid); + fatal("seteuid(%d)", (int)user_details.uid); if ((tfd = open(tf[i].tfile, O_RDONLY, 0644)) != -1) { rc = fstat(tfd, &sb); } if (seteuid(ROOT_UID) != 0) - error(1, "seteuid(ROOT_UID)"); + fatal("seteuid(ROOT_UID)"); if (rc || !S_ISREG(sb.st_mode)) { if (rc) warning("%s", tf[i].tfile); diff --git a/src/sudo_exec.h b/src/sudo_exec.h index eb104cd..9238fda 100644 --- a/src/sudo_exec.h +++ b/src/sudo_exec.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2011 Todd C. Miller + * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -23,13 +23,29 @@ #define SIGCONT_FG -2 #define SIGCONT_BG -3 +/* + * Positions in saved_signals[] + */ +#define SAVED_SIGALRM 0 +#define SAVED_SIGCHLD 1 +#define SAVED_SIGCONT 2 +#define SAVED_SIGHUP 3 +#define SAVED_SIGINT 4 +#define SAVED_SIGPIPE 5 +#define SAVED_SIGQUIT 6 +#define SAVED_SIGTERM 7 +#define SAVED_SIGTSTP 8 +#define SAVED_SIGTTIN 9 +#define SAVED_SIGTTOU 10 +#define SAVED_SIGUSR1 11 +#define SAVED_SIGUSR2 12 + /* * Symbols shared between exec.c and exec_pty.c */ /* exec.c */ int sudo_execve(const char *path, char *const argv[], char *const envp[], int noexec); -int pipe_nonblock(int fds[2]); extern volatile pid_t cmnd_pid; /* exec_pty.c */ @@ -38,6 +54,8 @@ struct command_status; int fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask); int perform_io(fd_set *fdsr, fd_set *fdsw, struct command_status *cstat); int suspend_parent(int signo); +void exec_cmnd(struct command_details *details, struct command_status *cstat, + int *errfd); void fd_set_iobs(fd_set *fdsr, fd_set *fdsw); #ifdef SA_SIGINFO void handler(int s, siginfo_t *info, void *context); @@ -47,7 +65,6 @@ void handler(int s); void pty_close(struct command_status *cstat); void pty_setup(uid_t uid, const char *tty, const char *utmp_user); void terminate_command(pid_t pid, bool use_pgrp); -extern int signal_pipe[2]; /* utmp.c */ bool utmp_login(const char *from_line, const char *to_line, int ttyfd, diff --git a/src/sudo_noexec.c b/src/sudo_noexec.c index 2872501..1eb2752 100644 --- a/src/sudo_noexec.c +++ b/src/sudo_noexec.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005, 2010-2011 Todd C. Miller + * Copyright (c) 2004-2005, 2010-2012 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/src/sudo_plugin_int.h b/src/sudo_plugin_int.h index aff2344..898ae4f 100644 --- a/src/sudo_plugin_int.h +++ b/src/sudo_plugin_int.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2012 Todd C. Miller + * Copyright (c) 2010-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -97,7 +97,7 @@ struct plugin_container { }; TQ_DECLARE(plugin_container) -extern struct plugin_container_list policy_plugins; +extern struct plugin_container policy_plugin; extern struct plugin_container_list io_plugins; int sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[], diff --git a/src/tgetpass.c b/src/tgetpass.c index b23db4c..31194b9 100644 --- a/src/tgetpass.c +++ b/src/tgetpass.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2011 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -26,7 +26,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -57,7 +56,7 @@ static volatile sig_atomic_t signo[NSIG]; -static void handler(int); +static void tgetpass_handler(int); static char *getln(int, char *, size_t, int); static char *sudo_askpass(const char *, const char *); @@ -96,7 +95,7 @@ tgetpass(const char *prompt, int timeout, int flags) /* If using a helper program to get the password, run it instead. */ if (ISSET(flags, TGP_ASKPASS)) { if (askpass == NULL || *askpass == '\0') - errorx(1, _("no askpass program specified, try setting SUDO_ASKPASS")); + fatalx(_("no askpass program specified, try setting SUDO_ASKPASS")); debug_return_str_masked(sudo_askpass(askpass, prompt)); } @@ -131,7 +130,7 @@ restart: zero_bytes(&sa, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; /* don't restart system calls */ - sa.sa_handler = handler; + sa.sa_handler = tgetpass_handler; (void) sigaction(SIGALRM, &sa, &savealrm); (void) sigaction(SIGINT, &sa, &saveint); (void) sigaction(SIGHUP, &sa, &savehup); @@ -215,10 +214,10 @@ sudo_askpass(const char *askpass, const char *prompt) debug_decl(sudo_askpass, SUDO_DEBUG_CONV) if (pipe(pfd) == -1) - error(1, _("unable to create pipe")); + fatal(_("unable to create pipe")); if ((pid = fork()) == -1) - error(1, _("unable to fork")); + fatal(_("unable to fork")); if (pid == 0) { /* child, point stdout to output side of the pipe and exec askpass */ @@ -226,7 +225,8 @@ sudo_askpass(const char *askpass, const char *prompt) warning("dup2"); _exit(255); } - (void) setuid(ROOT_UID); + if (setuid(ROOT_UID) == -1) + warning("setuid(%d)", ROOT_UID); if (setgid(user_details.gid)) { warning(_("unable to set gid to %u"), (unsigned int)user_details.gid); _exit(255); @@ -316,7 +316,7 @@ getln(int fd, char *buf, size_t bufsiz, int feedback) } static void -handler(int s) +tgetpass_handler(int s) { if (s != SIGALRM) signo[s] = 1; diff --git a/src/ttyname.c b/src/ttyname.c index b86ee55..02480ef 100644 --- a/src/ttyname.c +++ b/src/ttyname.c @@ -23,7 +23,6 @@ #endif #include -#include #include #if defined(MAJOR_IN_MKDEV) # include @@ -71,8 +70,10 @@ # endif #endif #if defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) || defined (HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV) || defined(HAVE_STRUCT_KINFO_PROC2_P_TDEV) +# include # include #elif defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV) +# include # include # include #endif @@ -81,6 +82,10 @@ #elif defined(HAVE_SYS_PROCFS_H) # include #endif +#ifdef HAVE_PSTAT_GETPROC +# include +# include +#endif #include "sudo.h" @@ -155,7 +160,7 @@ sudo_ttyname_dev(dev_t tdev) debug_return_str(estrdup(tty)); } -#else +#elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || defined(__linux__) /* * Devices to search before doing a breadth-first scan. */ @@ -194,6 +199,9 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin) if (dir[0] == '\0' || (d = opendir(dir)) == NULL) goto done; + sudo_debug_printf(SUDO_DEBUG_INFO, "scanning for dev %u in %s", + (unsigned int)rdev, dir); + sdlen = strlen(dir); if (dir[sdlen - 1] == '/') sdlen--; @@ -239,9 +247,12 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin) continue; } # if defined(HAVE_STRUCT_DIRENT_D_TYPE) && defined(DTTOIF) - /* Use d_type to avoid a stat() if possible. */ - /* Convert d_type to stat-style type bits but follow links. */ - if (dp->d_type != DT_LNK && dp->d_type != DT_CHR) + /* + * Convert dp->d_type to sb.st_mode to avoid a stat(2) if possible. + * We can't use it for links (since we want to follow them) or + * char devs (since we need st_rdev to compare the device number). + */ + if (dp->d_type != DT_UNKNOWN && dp->d_type != DT_LNK && dp->d_type != DT_CHR) sb.st_mode = DTTOIF(dp->d_type); else # endif @@ -260,6 +271,8 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin) } if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) { devname = estrdup(pathbuf); + sudo_debug_printf(SUDO_DEBUG_INFO, "resolved dev %u as %s", + (unsigned int)rdev, pathbuf); goto done; } } @@ -304,6 +317,8 @@ sudo_ttyname_dev(dev_t rdev) if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) tty = estrdup(buf); } + sudo_debug_printf(SUDO_DEBUG_INFO, "comparing dev %u to %s: %s", + (unsigned int)rdev, buf, tty ? "yes" : "no"); } else { /* Traverse directory */ tty = sudo_ttyname_scan(devname, rdev, true); @@ -329,9 +344,7 @@ sudo_ttyname_dev(dev_t rdev) #if defined(sudo_kp_tdev) /* * Return a string from ttyname() containing the tty to which the process is - * attached or NULL if there is no tty associated with the process (or its - * parent). First tries sysctl using the current pid, then the parent's pid. - * Falls back on ttyname of std{in,out,err} if that fails. + * attached or NULL if the process has no controlling tty. */ char * get_process_ttyname(void) @@ -339,38 +352,36 @@ get_process_ttyname(void) char *tty = NULL; struct sudo_kinfo_proc *ki_proc = NULL; size_t size = sizeof(*ki_proc); - int i, mib[6], rc; + int mib[6], rc; debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) /* - * Lookup tty for this process and, failing that, our parent. - * Even if we redirect std{in,out,err} the kernel should still know. + * Lookup controlling tty for this process via sysctl. + * This will work even if std{in,out,err} are redirected. */ - for (i = 0; tty == NULL && i < 2; i++) { - mib[0] = CTL_KERN; - mib[1] = SUDO_KERN_PROC; - mib[2] = KERN_PROC_PID; - mib[3] = i ? (int)getppid() : (int)getpid(); - mib[4] = sizeof(*ki_proc); - mib[5] = 1; - do { - size += size / 10; - ki_proc = erealloc(ki_proc, size); - rc = sysctl(mib, sudo_kp_namelen, ki_proc, &size, NULL, 0); - } while (rc == -1 && errno == ENOMEM); - if (rc != -1) { - if (ki_proc->sudo_kp_tdev != (dev_t)-1) { - tty = sudo_ttyname_dev(ki_proc->sudo_kp_tdev); - if (tty == NULL) { - sudo_debug_printf(SUDO_DEBUG_WARN, - "unable to map device number %u to name", - ki_proc->sudo_kp_tdev); - } + mib[0] = CTL_KERN; + mib[1] = SUDO_KERN_PROC; + mib[2] = KERN_PROC_PID; + mib[3] = (int)getpid(); + mib[4] = sizeof(*ki_proc); + mib[5] = 1; + do { + size += size / 10; + ki_proc = erealloc(ki_proc, size); + rc = sysctl(mib, sudo_kp_namelen, ki_proc, &size, NULL, 0); + } while (rc == -1 && errno == ENOMEM); + if (rc != -1) { + if (ki_proc->sudo_kp_tdev != (dev_t)-1) { + tty = sudo_ttyname_dev(ki_proc->sudo_kp_tdev); + if (tty == NULL) { + sudo_debug_printf(SUDO_DEBUG_WARN, + "unable to map device number %u to name", + ki_proc->sudo_kp_tdev); } - } else { - sudo_debug_printf(SUDO_DEBUG_WARN, - "unable to resolve tty via KERN_PROC: %s", strerror(errno)); } + } else { + sudo_debug_printf(SUDO_DEBUG_WARN, + "unable to resolve tty via KERN_PROC: %s", strerror(errno)); } efree(ki_proc); @@ -379,9 +390,7 @@ get_process_ttyname(void) #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) /* * Return a string from ttyname() containing the tty to which the process is - * attached or NULL if there is no tty associated with the process (or its - * parent). First tries /proc/pid/psinfo, then /proc/ppid/psinfo. - * Falls back on ttyname of std{in,out,err} if that fails. + * attached or NULL if the process has no controlling tty. */ char * get_process_ttyname(void) @@ -389,20 +398,17 @@ get_process_ttyname(void) char path[PATH_MAX], *tty = NULL; struct psinfo psinfo; ssize_t nread; - int i, fd; + int fd; debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */ - for (i = 0; tty == NULL && i < 2; i++) { - (void)snprintf(path, sizeof(path), "/proc/%u/psinfo", - i ? (unsigned int)getppid() : (unsigned int)getpid()); - if ((fd = open(path, O_RDONLY, 0)) == -1) - continue; + snprintf(path, sizeof(path), "/proc/%u/psinfo", (unsigned int)getpid()); + if ((fd = open(path, O_RDONLY, 0)) != -1) { nread = read(fd, &psinfo, sizeof(psinfo)); close(fd); if (nread == (ssize_t)sizeof(psinfo)) { dev_t rdev = (dev_t)psinfo.pr_ttydev; -#ifdef DEVNO64 +#if defined(_AIX) && defined(DEVNO64) if (psinfo.pr_ttydev & DEVNO64) rdev = makedev(major64(psinfo.pr_ttydev), minor64(psinfo.pr_ttydev)); #endif @@ -416,27 +422,20 @@ get_process_ttyname(void) #elif defined(__linux__) /* * Return a string from ttyname() containing the tty to which the process is - * attached or NULL if there is no tty associated with the process (or its - * parent). First tries field 7 in /proc/pid/stat, then /proc/ppid/stat. - * Falls back on ttyname of std{in,out,err} if that fails. + * attached or NULL if the process has no controlling tty. */ char * get_process_ttyname(void) { - char *line = NULL, *tty = NULL; + char path[PATH_MAX], *line = NULL, *tty = NULL; size_t linesize = 0; ssize_t len; - int i; + FILE *fp; debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) /* Try to determine the tty from tty_nr in /proc/pid/stat. */ - for (i = 0; tty == NULL && i < 2; i++) { - FILE *fp; - char path[PATH_MAX]; - (void)snprintf(path, sizeof(path), "/proc/%u/stat", - i ? (unsigned int)getppid() : (unsigned int)getpid()); - if ((fp = fopen(path, "r")) == NULL) - continue; + snprintf(path, sizeof(path), "/proc/%u/stat", (unsigned int)getpid()); + if ((fp = fopen(path, "r")) != NULL) { len = getline(&line, &linesize, fp); fclose(fp); if (len != -1) { @@ -454,16 +453,36 @@ get_process_ttyname(void) } } } + efree(line); } - efree(line); debug_return_str(tty); } +#elif HAVE_PSTAT_GETPROC +/* + * Return a string from ttyname() containing the tty to which the process is + * attached or NULL if the process has no controlling tty. + */ +char * +get_process_ttyname(void) +{ + struct pst_status pstat; + char *tty = NULL; + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + + /* Try to determine the tty from psdev in struct pst_status. */ + if (pstat_getproc(&pstat, sizeof(pstat), 0, (int)getpid()) != -1) { + if (pstat.pst_term.psd_major != -1 && pstat.pst_term.psd_minor != -1) { + tty = sudo_ttyname_dev(makedev(pstat.pst_term.psd_major, + pstat.pst_term.psd_minor)); + } + } + debug_return_str(tty); +} #else /* * Return a string from ttyname() containing the tty to which the process is - * attached or NULL if there is no tty associated with the process. - * parent). + * attached or NULL if the process has no controlling tty. */ char * get_process_ttyname(void) diff --git a/src/utmp.c b/src/utmp.c index 97a1ea6..3852cae 100644 --- a/src/utmp.c +++ b/src/utmp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include #include @@ -276,12 +275,12 @@ utmp_slot(const char *line, int ttyfd) * doesn't take an argument. */ if ((sfd = dup(STDIN_FILENO)) == -1) - error(1, _("unable to save stdin")); + fatal(_("unable to save stdin")); if (dup2(ttyfd, STDIN_FILENO) == -1) - error(1, _("unable to dup2 stdin")); + fatal(_("unable to dup2 stdin")); slot = ttyslot(); if (dup2(sfd, STDIN_FILENO) == -1) - error(1, _("unable to restore stdin")); + fatal(_("unable to restore stdin")); close(sfd); debug_return_int(slot); diff --git a/sudo.pp b/sudo.pp index 50307e9..fc4fa79 100644 --- a/sudo.pp +++ b/sudo.pp @@ -12,7 +12,7 @@ limited root privileges to users and log root activity. \ The basic philosophy is to give as few privileges as possible but \ still allow people to get their work done." vendor="Todd C. Miller" - copyright="(c) 1993-1996,1998-2012 Todd C. Miller" + copyright="(c) 1993-1996,1998-2013 Todd C. Miller" sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"` sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'` @@ -262,7 +262,9 @@ still allow people to get their work done." $sbindir/visudo 0755 $bindir/sudoreplay 0755 $includedir/sudo_plugin.h 0644 - $libexecdir/* $shlib_mode optional + $libexecdir/sudo/ 0755 + $libexecdir/sudo/sesh 0755 optional,ignore-others + $libexecdir/sudo/* $shlib_mode optional $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid $timedir/ 0700 root: $docdir/ 0755 -- 2.30.2