Previously, the user could specify the runas user's home dir for
"sudo -i" or the user's existin...

Also adds -T option to set the value of "now".

This saves instructions that are related to casting as well as compiler warnings.

Avoid compiler casting warnings by assigning to variables of the same type where possible

We should be returning 0, not 1, when logservd finishes without errors

1 is for failure, 0 is for no failure, and this does not look like a failure.

This saves instructions that are related to casting as well as compiler warnings.

macOS does not support direct access to the environ pointer from a
shared object. We need to re...

Previously, check_user_runcwd() would return true if the runcwd
matched the user's cwd, even if ...

Set command_info to NULL once it is freed

The lack of setting to NULL is a holdover from when command_info was a local variable and not a ...

Modify the is_script function for match_command.c

Based on GitHub PR #273 from Ilya Kulakov.

Do variable length arrays the C99 way

correct the return value type of function alias_find_used

Variable length arrays are supported by C99, but having it denoted as "1" confused the compiler ...

"sudo -g" from matching when a Runas_Alias was used in the user or
group portion of a Runas_Spec.

This makes it possible to call the appropriate runas user or group
list match function when reso...

Now that we are guaranteed to have a runas user list for all sudoers
rules that contain a runas ...

When a sudoers rule permits the user to run commands as a group,
not a user, we should set the r...

If a sudoers rule has no runas list, a user-specified runas group
should only be allowed if it m...

We need to undef the SIZEOF_TIME_T from pyconfig.h so it does not
conflict with our own.

Avoid use of variable length arrays and add ctype(3) casts.

Add %n$s support for sudo_lbuf_append_v1

This can be used to support netgroup queries on systems that lack
the innetgr() function and wher...

This allows us to use the LDAP-specific version of innetgr() when
possible. Also enable "use_net...

It unnecessarily complicates things to work around bugs in an OS
almost no one runs.

Nothing else uses it now.

This makes the digest type consistently unsigned instead of a mix
of signed (for the -1 value in ...

I reported this bug to Apple over 12 years ago.

The command is now always run in its own process group. If visudo
is run in the foreground, the...

Since visudo doesn't alter the terminal settings it is possible for
the terminal to have the ONL...

That way we can avoid passing it to init_parser() directly.
We still need sudoers_search_path to...

This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags ...

Coverity CID 314108

Return an error, setting errno to EINVAL, for negative sizes.

Add getter for policy.c.

Add getter (for set_perms.c) and setter (for sudoers.c).

Add a setter for policy.c to handle auth_type from the front-end.

Prefer size_t over int, as casting can take extra instructions

There was only one consumer of the init_parser() wrapper now that
reset_parser() has been introd...

Add getters for both so the ldap code can access them.

We just need a way for the policy (and visudo) to override the
default sudoers path. This adds ...

When adminconfdir is enabled, the destination pathh may be different
from the path we opened. W...

Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instanc...

This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CON...

The first file found is used.

Now that getaddrinfo() is stubbed out while fuzzing we can remove
the hack that set AI_NUMERICSERV.

Also add support for parsing servname. We only need to support a
subset of getaddrinfo() functio...

Implementations of _FORTIFY_SOURCE require the header file to be
included. Also remove the usele...

The ldap_init() function is marked as deprecated and not defined
by default on some systems. Thi...

We may not be able have access to DNS in the fuzzing environment.

This should avoid problems on Linux in cases where sudo does not
have CAP_SYS_RESOURCE which may ...

When a command is run via "sudo -b" it has no access to terminal
input. In non-pty mode, the co...

The user controls these fds so we should avoid calling ioctl(2) on
them unless they correspond t...

Trying to tailor the help and usage output to the terminal width
is simply not worth it and coul...

We still want to initialize rows and cols based on the environment
if possible.

While usage() prints to stderr, help() prints to stdout.