Both the plugin API and the main event loop expect lines/cols to
refer to the user's terminal, so...

For sudoreplay we open /dev/tty, so use that instead of stderr when
determining the terminal size.

Starting with macOS 13, the linker warns when "-undefined dynamic_lookup"
is used. This is adde...

GitHub issue #258

This splits the code to find the command, perform a sudoers lookup,
ask for a password as needed...

It is possible, though unlikely, for "root_sudo" to be used in
a per-command Defaults statement.

Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers
locale would still be in effect ...

This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared
at the top of the fuction. M...

The audit plugin already has the correct value for iolog_file, don't
overwrite it with basename(i...

Prior to sudo 1.8 this was after a getpwuid() but now we use
getpwnam().

This also makes it possible to include the location of the line in
the sudoers file in the warnin...

The EBNF made it appear that this is allowed when it really is not.

This eliminates a dependency on the user_details global.

This eliminates use of the user_details global from exec_setup().

We can use details->tty to access the pty follower path.

The pty_cleanup hook needs access to the closure so add
pty_cleanup_init() to store a pointer to...

We want it to execute in the main sudo process, not the monitor.

Also make pipeline flag private to exec_pty() and remove the unneeded
check_foreground() prototype.

Changes made to the terminal settings while the command is suspended
are now reflected in the pt...

This should be more portable as it handles the quirks of some older
systems.

Historically, pid_t was a long on some 32-bit systems like Solaris.

Previously, we only did this when running in the foreground but
this can cause problems when runn...

Also use SFD_LEADER for sudo_term_copy() in exec_pty() for consistency.
From Duncan Overbruck.

Also set sa.sa_handler to SIG_DFL instead of SIG_IGN. There is no
difference for SIGCONT but it ...

While we cannot catch SIGSTOP, we _can_ catch SIGCONT and set
/dev/tty to raw mode when running i...

It is mostly used for debug logging.

We can use the leader file descriptor with TIOCGWINSZ to set the
window size of the pty. Thanks ...

Otherwise, visudo will get SIGTTOU if it tries to write to the
terminal after the editor finishes...

This is now an int, with values > 1 reserved for visudo.

This moves the "isdir" function argument to the internal version.

Any operating system supported by sudo already includes getcwd(3).

Also switch to doing everything in terms of struct timespec except
for the actual select(2) call.

We already check for a NULL value above so "str == NULL" is always
false. Found by PVS-Studio.

Fixes a build error on musl-based systems like Alpine.

It will be used in the upcoming log output tests.

This is a regression introduced in sudo 1.9.13.
GitHub issue #254.

Previously, it only performed netgroup queries to determine the
list of netgroups a user was a me...

Avoids a double free in fuzz_policy.

Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP. Previously, LDAP was qu...

These will be used by the LDAP innetgr() implementation.

fix typo in uninstall target

This will be used to implement LDAP-specific netgroup lookups when
netgroup_base is set in ldap.c...

This uses the NIST byte-oriented short message test vectors.

A user with "sudo ALL" for root _is_ allowed to list any user.

This change introduced in sudo 1.9.13 is not actually needed. The
"list" pseudo-command checks a...

The value of user_args should not contain the command to be run in
"sudo -l command args", only t...

Calling sudo_pow2_roundup(INT_MAX+2) will return since there is no
power of 2 larger than INT_MAX...

This fixes a hang when there is /dev/tty data in a buffer to be
flushed by the final call to del_...

The special handling of "list" in the lexer meant it could not
be used as a user, group or host, ...

Found by oss-fuzz.