If there is only a single source (usually the sudoers file), the
open function provide enough of...

There's no need to look up the name of user's primary group (pw_gid),
we always include the prim...

We still need AUTH_INTR to know when to break out of the password
prompt loop.

This is not intended to be used in a production environment.

Clang has dropped support for K&R function definitions so rewrite
the test to require a unsetenv...

We use SUDOERS_NAME_MATCH for fuzzing when we want to avoid searching
the file system for commands.

We now explicitly check for ALLOW and DENY when checking return
values and negating values.

The two were treated identically by the caller.

This function is policy-dependent. For the modern sudo front-end
it will simply check tcpgid an...

This means that lecture_status_dir and timestampdir are only set
if _PATH_SUDO_LECTURE_DIR and _...

Otherwise, sudo will not send mail if "mail_always" or "mail_all_cmnds"
is set.

* modify ret type from int to bool

* change debug_return_int to debug_return_bool

* modify...

set_perms() is only called with a NULL ctx for PERM_ROOT, PERM_SUDOERS
and PERM_TIMESTAMP.

They are not really specific to the user or user-specified.

The timestamp unlink code does not need the user's struct passwd
pointer, just the user name (wh...

set_perms() is only called with a NULL ctx for PERM_ROOT, PERM_SUDOERS
and PERM_TIMESTAMP.

Quiets PVS-Studio warning V1028.

This is safer than storing a pointer to a stack variable in the
cleanup function since we don't ...

Found by the clang 15 analyzer.

There's now no need to pass this directly to init_parser() since we
already pass in a pointer to...

This removes the need for the getters in policy.c.

This replaces sudoers_user_ctx_free() and sudoers_runas_ctx_free().

We now pass a pointer to the context where necessary. There are a
few cases where we need to re...

The user is expected to pass in an initialized and empty parse_tree
so there is no need to free ...

Otherwise, we end up with ngids set to the number of gids the user
belongs to which may be large...

It is only used by the local password pwutil implementation.

This way we do not rely on the runas_ctx global.

Also rename the sudo_user global to user_ctx.

We need to preserve the contents of the struct stat if the fd is
some other type so the check fo...

Otherwise, check_iolog_plugin will not link.

This fixes some -Wconversion warnings and fixes an inconsistency
between the libsudo_util event ...

The output of "sudo -ll command" consists of the matching sudoers
rule (in long form) with the a...

These have a boolean-style return value. However, our emulated
versions can return -1 on error,...

The JSON logs will store the matching rule source.

This makes it possible to tell which rule resulted in a match.

The single callback now receives all the match info (or UNSPEC if
no match was attempted). This...

This is an API change, sudo_digest_getlen_v1 remains for binary
compatibility.

It is not used anywhere else.

PolyPkg uses "sudo installp -l" to list the built package by default
but we may not have sudo pr...

This will be used to avoid building the entire package when we just
want the 32 or 64 bit sudo_i...

We want to be able to build without python and to specify the memory
model when building 32-bit ...

This makes it possible to run an arbitrary script between "make
install" and the polypkg run. T...

The noexec and intercept DSO settings may now include both a 32-bit
DSO and a 64-bit DSO specifi...

If visudo is used to create a new file, the file will only be created
if the user writes to the ...

This prevents visudo from creating a new zero-length sudoers file
if the user exited the editor ...

GitHub issue #292

Previously, sudo only checked that the fd was a terminal, not that
it matched sudo's idea of the...

This makes it possible to test "sudo -l" and "sudo -v" using
testsudoers.

This makes sudoers_lookup_pseudo(), which is used for pseudo-command
like "list" and "validate" ...

Reported by the sudo-rs project.

There was a missing space between "list" and the actual command...