Rename struct sudo_user -> struct sudo_user_context.

Also rename the sudo_user global to user_ctx.

plugins/sudoers/audit.c

@@ -355,7 +355,7 @@ sudoers_audit_accept(const char *plugin_name, unsigned int plugin_type,
 	ret = false;
 
     if (!ISSET(sudo_mode, MODE_POLICY_INTERCEPTED))
-	uuid_str = sudo_user.uuid_str;
+	uuid_str = user_ctx.uuid_str;
 
     audit_to_eventlog(&evlog, command_info, run_argv, run_envp, uuid_str);
     if (!log_allowed(&evlog) && !def_ignore_logfile_errors)

plugins/sudoers/callbacks.c

@@ -409,7 +409,7 @@ cb_intercept_type(const char *file, int line, int column,
 	/* Set explicitly in sudoers. */
 	if (sd_un->tuple == dso) {
 	    /* Reset intercept_allow_setid default value. */
-	    if (!ISSET(sudo_user.flags, USER_INTERCEPT_SETID))
+	    if (!ISSET(user_ctx.flags, USER_INTERCEPT_SETID))
 		def_intercept_allow_setid = false;
 	}
     }
@@ -426,7 +426,7 @@ cb_intercept_allow_setid(const char *file, int line, int column,
     /* Operator will be -1 if set by front-end. */
     if (op != -1) {
 	/* Set explicitly in sudoers. */
-	SET(sudo_user.flags, USER_INTERCEPT_SETID);
+	SET(user_ctx.flags, USER_INTERCEPT_SETID);
     }
 
     debug_return_bool(true);

plugins/sudoers/check.c

@@ -197,7 +197,7 @@ check_user(unsigned int validated, unsigned int mode)
 	goto done;
     }
     if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
-	(!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name)))) {
+	(!runas_gr || user_in_group(user_ctx.pw, runas_gr->gr_name)))) {
 #ifdef HAVE_SELINUX
 	if (user_role == NULL && user_type == NULL)
 #endif
@@ -327,7 +327,7 @@ user_is_exempt(void)
     debug_decl(user_is_exempt, SUDOERS_DEBUG_AUTH);
 
     if (def_exempt_group) {
-	if (user_in_group(sudo_user.pw, def_exempt_group))
+	if (user_in_group(user_ctx.pw, def_exempt_group))
 	    ret = true;
     }
     debug_return_bool(ret);
@@ -336,7 +336,7 @@ user_is_exempt(void)
 /*
  * Get passwd entry for the user we are going to authenticate as.
  * By default, this is the user invoking sudo.  In the most common
- * case, this matches sudo_user.pw or runas_pw.
+ * case, this matches user_ctx.pw or runas_pw.
  */
 static struct passwd *
 get_authpw(unsigned int mode)
@@ -346,8 +346,8 @@ get_authpw(unsigned int mode)
 
     if (ISSET(mode, (MODE_CHECK|MODE_LIST))) {
 	/* In list mode we always prompt for the user's password. */
-	sudo_pw_addref(sudo_user.pw);
+	sudo_pw_addref(user_ctx.pw);
-	pw = sudo_user.pw;
+	pw = user_ctx.pw;
     } else {
 	if (def_rootpw) {
 	    if ((pw = sudo_getpwuid(ROOT_UID)) == NULL) {
@@ -368,8 +368,8 @@ get_authpw(unsigned int mode)
 		pw = runas_pw;
 	    }
 	} else {
-	    sudo_pw_addref(sudo_user.pw);
+	    sudo_pw_addref(user_ctx.pw);
-	    pw = sudo_user.pw;
+	    pw = user_ctx.pw;
 	}
     }
 

plugins/sudoers/cvtsudoers.c

@@ -61,7 +61,7 @@
  * Globals
  */
 struct cvtsudoers_filter *filters;
-struct sudo_user sudo_user;
+struct sudoers_user_context user_ctx;
 struct passwd *list_pw;
 static FILE *logfp;
 static const char short_opts[] =  "b:c:d:ef:hi:I:l:m:Mo:O:pP:s:V";

plugins/sudoers/defaults.c

@@ -706,7 +706,7 @@ default_binding_matches(struct sudoers_parse_tree *parse_tree,
     case DEFAULTS:
 	debug_return_bool(true);
     case DEFAULTS_USER:
-	if (userlist_matches(parse_tree, sudo_user.pw, &d->binding->members) == ALLOW)
+	if (userlist_matches(parse_tree, user_ctx.pw, &d->binding->members) == ALLOW)
 	    debug_return_bool(true);
 	break;
     case DEFAULTS_RUNAS:
@@ -714,7 +714,7 @@ default_binding_matches(struct sudoers_parse_tree *parse_tree,
 	    debug_return_bool(true);
 	break;
     case DEFAULTS_HOST:
-	if (hostlist_matches(parse_tree, sudo_user.pw, &d->binding->members) == ALLOW)
+	if (hostlist_matches(parse_tree, user_ctx.pw, &d->binding->members) == ALLOW)
 	    debug_return_bool(true);
 	break;
     case DEFAULTS_CMND:

plugins/sudoers/display.c

@@ -459,7 +459,7 @@ display_privs(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose)
     struct stat sb;
     debug_decl(display_privs, SUDOERS_DEBUG_PARSER);
 
-    cols = sudo_user.cols;
+    cols = user_ctx.cols;
     if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode))
 	cols = 0;
     sudo_lbuf_init(&def_buf, output, 4, NULL, cols);

plugins/sudoers/logging.c

@@ -156,7 +156,7 @@ log_server_reject(struct eventlog *evlog, const char *message)
 	    debug_return_bool(false);
 
 	/* Open connection to log server, send hello and reject messages. */
-	client_closure = log_server_open(&details, &sudo_user.submit_time,
+	client_closure = log_server_open(&details, &user_ctx.submit_time,
 	    false, SEND_REJECT, message);
 	if (client_closure != NULL) {
 	    client_closure_free(client_closure);
@@ -256,7 +256,7 @@ log_reject(const char *message, bool logit, bool mailit)
     debug_decl(log_reject, SUDOERS_DEBUG_LOGGING);
 
     if (!ISSET(sudo_mode, MODE_POLICY_INTERCEPTED))
-	uuid_str = sudo_user.uuid_str;
+	uuid_str = user_ctx.uuid_str;
 
     if (mailit) {
 	SET(evl_flags, EVLOG_MAIL);
@@ -604,7 +604,7 @@ log_exit_status(int status)
 	    ret = false;
 	    goto done;
 	}
-	sudo_timespecsub(&run_time, &sudo_user.submit_time, &run_time);
+	sudo_timespecsub(&run_time, &user_ctx.submit_time, &run_time);
 
         if (WIFEXITED(status)) {
 	    exit_value = WEXITSTATUS(status);
@@ -625,7 +625,7 @@ log_exit_status(int status)
 	sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
 
 	sudoers_to_eventlog(&evlog, saved_cmnd, saved_argv, env_get(),
-	    sudo_user.uuid_str);
+	    user_ctx.uuid_str);
 	if (def_mail_always) {
 	    SET(evl_flags, EVLOG_MAIL);
 	    if (!def_log_exit_status)
@@ -728,7 +728,7 @@ vlog_warning(unsigned int flags, int errnum, const char * restrict fmt,
 		SET(evl_flags, EVLOG_MAIL_ONLY);
 	}
 	sudoers_to_eventlog(&evlog, safe_cmnd, NewArgv, env_get(),
-	    sudo_user.uuid_str);
+	    user_ctx.uuid_str);
 	if (!eventlog_alert(&evlog, evl_flags, &now, message, errstr))
 	    ret = false;
 	if (!log_server_alert(&evlog, &now, message, errstr))
@@ -843,7 +843,7 @@ mail_parse_errors(void)
 	goto done;
     }
     sudoers_to_eventlog(&evlog, safe_cmnd, NewArgv, env_get(),
-	sudo_user.uuid_str);
+	user_ctx.uuid_str);
 
     /* Convert parse_error_list to a string vector. */
     n = 0;
@@ -955,12 +955,12 @@ sudoers_to_eventlog(struct eventlog *evlog, const char *cmnd,
     debug_decl(sudoers_to_eventlog, SUDOERS_DEBUG_LOGGING);
 
     /* We rely on the reference held by the group cache. */
-    if ((grp = sudo_getgrgid(sudo_user.pw->pw_gid)) != NULL)
+    if ((grp = sudo_getgrgid(user_ctx.pw->pw_gid)) != NULL)
 	sudo_gr_delref(grp);
 
     memset(evlog, 0, sizeof(*evlog));
-    evlog->iolog_file = sudo_user.iolog_file;
+    evlog->iolog_file = user_ctx.iolog_file;
-    evlog->iolog_path = sudo_user.iolog_path;
+    evlog->iolog_path = user_ctx.iolog_path;
     evlog->command = cmnd ? (char *)cmnd : (argv ? argv[0] : NULL);
     evlog->cwd = user_cwd;
     if (def_runchroot != NULL && strcmp(def_runchroot, "*") != 0) {
@@ -973,19 +973,19 @@ sudoers_to_eventlog(struct eventlog *evlog, const char *cmnd,
     } else {
 	evlog->runcwd = user_cwd;
     }
-    evlog->rungroup = runas_gr ? runas_gr->gr_name : sudo_user.runas_group;
+    evlog->rungroup = runas_gr ? runas_gr->gr_name : user_ctx.runas_group;
-    evlog->source = sudo_user.source;
+    evlog->source = user_ctx.source;
     evlog->submithost = user_host;
     evlog->submituser = user_name;
     if (grp != NULL)
 	evlog->submitgroup = grp->gr_name;
     evlog->ttyname = user_ttypath;
     evlog->argv = (char **)argv;
-    evlog->env_add = (char **)sudo_user.env_vars;
+    evlog->env_add = (char **)user_ctx.env_vars;
     evlog->envp = (char **)envp;
-    evlog->submit_time = sudo_user.submit_time;
+    evlog->submit_time = user_ctx.submit_time;
-    evlog->lines = sudo_user.lines;
+    evlog->lines = user_ctx.lines;
-    evlog->columns = sudo_user.cols;
+    evlog->columns = user_ctx.cols;
     if (runas_pw != NULL) {
 	evlog->rungid = runas_pw->pw_gid;
 	evlog->runuid = runas_pw->pw_uid;
@@ -993,7 +993,7 @@ sudoers_to_eventlog(struct eventlog *evlog, const char *cmnd,
     } else {
 	evlog->rungid = (gid_t)-1;
 	evlog->runuid = (uid_t)-1;
-	evlog->runuser = sudo_user.runas_user;
+	evlog->runuser = user_ctx.runas_user;
     }
     if (uuid_str == NULL) {
 	unsigned char uuid[16];
@@ -1009,7 +1009,7 @@ sudoers_to_eventlog(struct eventlog *evlog, const char *cmnd,
 	if (sudo_gettime_real(&now) == -1) {
 	    sudo_warn("%s", U_("unable to get time of day"));
 	} else {
-	    sudo_timespecsub(&now, &sudo_user.submit_time, &evlog->iolog_offset);
+	    sudo_timespecsub(&now, &user_ctx.submit_time, &evlog->iolog_offset);
 	}
     }
 

plugins/sudoers/lookup.c

@@ -291,13 +291,13 @@ sudoers_lookup_check(struct sudo_nss *nss, struct passwd *pw,
 		if (cmnd_match != UNSPEC) {
 		    /*
 		     * If user is running command as themselves,
-		     * set runas_pw = sudo_user.pw.
+		     * set runas_pw = user_ctx.pw.
 		     * XXX - hack, want more general solution
 		     */
 		    if (matching_user && matching_user->type == MYSELF) {
 			sudo_pw_delref(runas_pw);
-			sudo_pw_addref(sudo_user.pw);
+			sudo_pw_addref(user_ctx.pw);
-			runas_pw = sudo_user.pw;
+			runas_pw = user_ctx.pw;
 		    }
 		    *matching_cs = cs;
 		    *defs = &priv->defaults;

plugins/sudoers/match.c

@@ -135,7 +135,7 @@ runas_getgroups(void)
     }
 
     /* Only use results from a group db query, not the front end. */
-    pw = runas_pw ? runas_pw : sudo_user.pw;
+    pw = runas_pw ? runas_pw : user_ctx.pw;
     debug_return_ptr(sudo_get_gidlist(pw, ENTRY_TYPE_QUERIED));
 }
 
@@ -193,8 +193,8 @@ runas_userlist_matches(const struct sudoers_parse_tree *parse_tree,
 		 * was specified on the command line without a user _or_
 		 * the user specified their own name on the command line.
 		 */
-		if ((!ISSET(sudo_user.flags, RUNAS_USER_SPECIFIED) &&
+		if ((!ISSET(user_ctx.flags, RUNAS_USER_SPECIFIED) &&
-			ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED)) ||
+			ISSET(user_ctx.flags, RUNAS_GROUP_SPECIFIED)) ||
 			strcmp(user_name, runas_pw->pw_name) == 0)
 		    user_matched = !m->negated;
 		break;
@@ -303,7 +303,7 @@ runaslist_matches(const struct sudoers_parse_tree *parse_tree,
     }
 
     user_matched = runas_userlist_matches(parse_tree, user_list, matching_user);
-    if (ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED)) {
+    if (ISSET(user_ctx.flags, RUNAS_GROUP_SPECIFIED)) {
 	group_matched = runas_grouplist_matches(parse_tree, group_list,
 	    matching_group);
     }

plugins/sudoers/policy.c

@@ -91,7 +91,7 @@ parse_bool(const char *line, int varlen, unsigned int *flags, unsigned int fval)
 
 /*
  * Deserialize args, settings and user_info arrays.
- * Fills in struct sudo_user and other common sudoers state.
+ * Fills in struct sudoers_user_context and other common sudoers state.
  */
 unsigned int
 sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
@@ -119,7 +119,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
     } \
 } while (0)
 
-    if (sudo_gettime_real(&sudo_user.submit_time) == -1) {
+    if (sudo_gettime_real(&user_ctx.submit_time) == -1) {
 	sudo_warn("%s", U_("unable to get time of day"));
 	goto bad;
     }
@@ -183,7 +183,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
     sudoers_conf.sudoers_path = path_sudoers;
 
     /* Parse command line settings. */
-    sudo_user.flags = 0;
+    user_ctx.flags = 0;
     user_closefrom = -1;
     sudoedit_nfiles = 0;
     sudo_mode = 0;
@@ -218,14 +218,14 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
 	}
 	if (MATCHES(*cur, "runas_user=")) {
 	    CHECK(*cur, "runas_user=");
-	    sudo_user.runas_user = *cur + sizeof("runas_user=") - 1;
+	    user_ctx.runas_user = *cur + sizeof("runas_user=") - 1;
-	    SET(sudo_user.flags, RUNAS_USER_SPECIFIED);
+	    SET(user_ctx.flags, RUNAS_USER_SPECIFIED);
 	    continue;
 	}
 	if (MATCHES(*cur, "runas_group=")) {
 	    CHECK(*cur, "runas_group=");
-	    sudo_user.runas_group = *cur + sizeof("runas_group=") - 1;
+	    user_ctx.runas_group = *cur + sizeof("runas_group=") - 1;
-	    SET(sudo_user.flags, RUNAS_GROUP_SPECIFIED);
+	    SET(user_ctx.flags, RUNAS_GROUP_SPECIFIED);
 	    continue;
 	}
 	if (MATCHES(*cur, "prompt=")) {
@@ -303,13 +303,13 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
 	    continue;
 	}
 	if (MATCHES(*cur, "intercept_ptrace=")) {
-	    if (parse_bool(*cur, sizeof("intercept_ptrace") - 1, &sudo_user.flags,
+	    if (parse_bool(*cur, sizeof("intercept_ptrace") - 1, &user_ctx.flags,
 		    HAVE_INTERCEPT_PTRACE) == -1)
 		goto bad;
 	    continue;
 	}
 	if (MATCHES(*cur, "intercept_setid=")) {
-	    if (parse_bool(*cur, sizeof("intercept_setid") - 1, &sudo_user.flags,
+	    if (parse_bool(*cur, sizeof("intercept_setid") - 1, &user_ctx.flags,
 		    CAN_INTERCEPT_SETID) == -1)
 		goto bad;
 	    continue;
@@ -361,8 +361,8 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
 	if (MATCHES(*cur, "max_groups=")) {
 	    errno = 0;
 	    p = *cur + sizeof("max_groups=") - 1;
-	    sudo_user.max_groups = (int)sudo_strtonum(p, 1, 1024, &errstr);
+	    user_ctx.max_groups = (int)sudo_strtonum(p, 1, 1024, &errstr);
-	    if (sudo_user.max_groups == 0) {
+	    if (user_ctx.max_groups == 0) {
 		sudo_warnx(U_("%s: %s"), *cur, U_(errstr));
 		goto bad;
 	    }
@@ -473,8 +473,8 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
 	if (MATCHES(*cur, "lines=")) {
 	    errno = 0;
 	    p = *cur + sizeof("lines=") - 1;
-	    sudo_user.lines = (int)sudo_strtonum(p, 1, INT_MAX, &errstr);
+	    user_ctx.lines = (int)sudo_strtonum(p, 1, INT_MAX, &errstr);
-	    if (sudo_user.lines == 0) {
+	    if (user_ctx.lines == 0) {
 		sudo_warnx(U_("%s: %s"), *cur, U_(errstr));
 		goto bad;
 	    }
@@ -483,8 +483,8 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
 	if (MATCHES(*cur, "cols=")) {
 	    errno = 0;
 	    p = *cur + sizeof("cols=") - 1;
-	    sudo_user.cols = (int)sudo_strtonum(p, 1, INT_MAX, &errstr);
+	    user_ctx.cols = (int)sudo_strtonum(p, 1, INT_MAX, &errstr);
-	    if (sudo_user.cols == 0) {
+	    if (user_ctx.cols == 0) {
 		sudo_warnx(U_("%s: %s"), *cur, U_(errstr));
 		goto bad;
 	    }
@@ -510,7 +510,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
 	}
 	if (MATCHES(*cur, "umask=")) {
 	    p = *cur + sizeof("umask=") - 1;
-	    sudo_user.umask = sudo_strtomode(p, &errstr);
+	    user_ctx.umask = sudo_strtomode(p, &errstr);
 	    if (errstr != NULL) {
 		sudo_warnx(U_("%s: %s"), *cur, U_(errstr));
 		goto bad;
@@ -581,7 +581,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
 
     /* Create a UUID to store in the event log. */
     sudo_uuid_create(uuid);
-    if (sudo_uuid_to_string(uuid, sudo_user.uuid_str, sizeof(sudo_user.uuid_str)) == NULL) {
+    if (sudo_uuid_to_string(uuid, user_ctx.uuid_str, sizeof(user_ctx.uuid_str)) == NULL) {
 	sudo_warnx("%s", U_("unable to generate UUID"));
 	goto bad;
     }
@@ -590,11 +590,11 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
      * Set intercept defaults based on flags set above.
      * We pass -1 as the operator to indicate it is set by the front end.
      */
-    if (ISSET(sudo_user.flags, HAVE_INTERCEPT_PTRACE)) {
+    if (ISSET(user_ctx.flags, HAVE_INTERCEPT_PTRACE)) {
 	if (!append_default("intercept_type", "trace", -1, NULL, defaults))
 	    goto oom;
     }
-    if (ISSET(sudo_user.flags, CAN_INTERCEPT_SETID)) {
+    if (ISSET(user_ctx.flags, CAN_INTERCEPT_SETID)) {
 	if (!append_default("intercept_allow_setid", NULL, -1, NULL, defaults))
 	    goto oom;
     }
@@ -1002,8 +1002,8 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
         if ((command_info[info_len++] = sudo_new_key_val("rlimit_stack", def_rlimit_stack)) == NULL)
             goto oom;
     }
-    if (sudo_user.source != NULL) {
+    if (user_ctx.source != NULL) {
-	command_info[info_len] = sudo_new_key_val("source", sudo_user.source);
+	command_info[info_len] = sudo_new_key_val("source", user_ctx.source);
 	if (command_info[info_len++] == NULL)
 	    goto oom;
     }
@@ -1139,7 +1139,7 @@ sudoers_policy_close(int exit_status, int error_code)
     /* Free stashed copy of the environment. */
     (void)env_init(NULL);
 
-    /* Free sudoers sources, sudo_user and passwd/group caches. */
+    /* Free sudoers sources, user_ctx and passwd/group caches. */
     sudoers_cleanup();
 
     /* command_info was freed by the g/c code. */

plugins/sudoers/pwutil_impl.c

@@ -264,7 +264,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs,
      * Ignore supplied gids if the entry type says we must query the group db.
      */
     if (type != ENTRY_TYPE_QUERIED && (gidstrs != NULL ||
-	    (pw == sudo_user.pw && sudo_user.gids != NULL))) {
+	    (pw == user_ctx.pw && user_ctx.gids != NULL))) {
 	if (gidstrs != NULL) {
 	    /* Use supplied gids list (string format). */
 	    ngids = 1;
@@ -290,7 +290,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs,
 		    gids[ngids++] = gid;
 	    }
 	} else {
-	    /* Adopt sudo_user.gids. */
+	    /* Adopt user_ctx.gids. */
 	    gids = user_gids;
 	    ngids = user_ngids;
 	    user_gids = NULL;
@@ -299,8 +299,8 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs,
 	type = ENTRY_TYPE_FRONTEND;
     } else {
 	type = ENTRY_TYPE_QUERIED;
-	if (sudo_user.max_groups > 0) {
+	if (user_ctx.max_groups > 0) {
-	    ngids = sudo_user.max_groups;
+	    ngids = user_ctx.max_groups;
 	    gids = reallocarray(NULL, (size_t)ngids, sizeof(GETGROUPS_T));
 	    if (gids == NULL) {
 		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
@@ -309,7 +309,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs,
 	    }
 	    /* Clamp to max_groups if insufficient space for all groups. */
 	    if (PREFIX(getgrouplist2)(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1)
-		ngids = sudo_user.max_groups;
+		ngids = user_ctx.max_groups;
 	} else {
 	    gids = NULL;
 	    if (PREFIX(getgrouplist2)(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1) {

plugins/sudoers/regress/exptilde/check_exptilde.c

@@ -31,7 +31,7 @@
 
 #include <def_data.c>
 
-struct sudo_user sudo_user;
+struct sudoers_user_context user_ctx;
 
 struct test_data {
     const char *input;

plugins/sudoers/regress/fuzz/fuzz_sudoers.c

@@ -49,7 +49,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 static const char *orig_cmnd;
 
 /* Required to link with parser. */
-struct sudo_user sudo_user;
+struct sudoers_user_context user_ctx;
 struct passwd *list_pw;
 sudo_conv_t sudo_conv = fuzz_conversation;
 sudo_printf_t sudo_printf = fuzz_printf;
@@ -326,10 +326,10 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
 	    /* Invoking user. */
 	    user_name = (char *)ud->user;
-	    if (sudo_user.pw != NULL)
+	    if (user_ctx.pw != NULL)
-		sudo_pw_delref(sudo_user.pw);
+		sudo_pw_delref(user_ctx.pw);
-	    sudo_user.pw = sudo_getpwnam(user_name);
+	    user_ctx.pw = sudo_getpwnam(user_name);
-	    if (sudo_user.pw == NULL) {
+	    if (user_ctx.pw == NULL) {
 		sudo_warnx_nodebug("unknown user %s", user_name);
 		continue;
 	    }
@@ -338,16 +338,16 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	    if (runas_pw != NULL)
 		sudo_pw_delref(runas_pw);
 	    if (ud->runuser != NULL) {
-		sudo_user.runas_user = (char *)ud->runuser;
+		user_ctx.runas_user = (char *)ud->runuser;
-		SET(sudo_user.flags, RUNAS_USER_SPECIFIED);
+		SET(user_ctx.flags, RUNAS_USER_SPECIFIED);
-		runas_pw = sudo_getpwnam(sudo_user.runas_user);
+		runas_pw = sudo_getpwnam(user_ctx.runas_user);
 	    } else {
-		sudo_user.runas_user = NULL;
+		user_ctx.runas_user = NULL;
-		CLR(sudo_user.flags, RUNAS_USER_SPECIFIED);
+		CLR(user_ctx.flags, RUNAS_USER_SPECIFIED);
 		runas_pw = sudo_getpwnam("root");
 	    }
 	    if (runas_pw == NULL) {
-		sudo_warnx_nodebug("unknown run user %s", sudo_user.runas_user);
+		sudo_warnx_nodebug("unknown run user %s", user_ctx.runas_user);
 		continue;
 	    }
 
@@ -355,32 +355,32 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	    if (runas_gr != NULL)
 		sudo_gr_delref(runas_gr);
 	    if (ud->rungroup != NULL) {
-		sudo_user.runas_group = (char *)ud->rungroup;
+		user_ctx.runas_group = (char *)ud->rungroup;
-		SET(sudo_user.flags, RUNAS_GROUP_SPECIFIED);
+		SET(user_ctx.flags, RUNAS_GROUP_SPECIFIED);
-		runas_gr = sudo_getgrnam(sudo_user.runas_group);
+		runas_gr = sudo_getgrnam(user_ctx.runas_group);
 		if (runas_gr == NULL) {
 		    sudo_warnx_nodebug("unknown run group %s",
-			sudo_user.runas_group);
+			user_ctx.runas_group);
 		    continue;
 		}
 	    } else {
-		sudo_user.runas_group = NULL;
+		user_ctx.runas_group = NULL;
-		CLR(sudo_user.flags, RUNAS_GROUP_SPECIFIED);
+		CLR(user_ctx.flags, RUNAS_GROUP_SPECIFIED);
 		runas_gr = NULL;
 	    }
 
 	    update_defaults(&parse_tree, NULL, SETDEF_ALL, false);
 
-	    sudoers_lookup(&snl, sudo_user.pw, now, NULL, NULL, &cmnd_status,
+	    sudoers_lookup(&snl, user_ctx.pw, now, NULL, NULL, &cmnd_status,
 		false);
 
 	    /* Match again as a pseudo-command (list, validate, etc). */
-	    sudoers_lookup(&snl, sudo_user.pw, now, NULL, NULL, &cmnd_status,
+	    sudoers_lookup(&snl, user_ctx.pw, now, NULL, NULL, &cmnd_status,
 		true);
 
 	    /* Display privileges. */
-	    display_privs(&snl, sudo_user.pw, false);
+	    display_privs(&snl, user_ctx.pw, false);
-	    display_privs(&snl, sudo_user.pw, true);
+	    display_privs(&snl, user_ctx.pw, true);
 	}
 
 	/* Expand tildes in runcwd and runchroot. */
@@ -403,8 +403,8 @@ done:
     fclose(fp);
     free_parse_tree(&parse_tree);
     reset_parser();
-    if (sudo_user.pw != NULL)
+    if (user_ctx.pw != NULL)
-	sudo_pw_delref(sudo_user.pw);
+	sudo_pw_delref(user_ctx.pw);
     if (runas_pw != NULL)
 	sudo_pw_delref(runas_pw);
     if (runas_gr != NULL)
@@ -414,7 +414,7 @@ done:
     free(user_cmnd);
     free(safe_cmnd);
     free(list_cmnd);
-    memset(&sudo_user, 0, sizeof(sudo_user));
+    memset(&user_ctx, 0, sizeof(user_ctx));
     sudoers_setlocale(SUDOERS_LOCALE_USER, NULL);
     sudoers_debug_deregister();
     fflush(stdout);

plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c

@@ -32,7 +32,7 @@ static int fuzz_printf(int msg_type, const char * restrict fmt, ...);
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 
 /* Required to link with parser. */
-struct sudo_user sudo_user;
+struct sudoers_user_context user_ctx;
 struct passwd *list_pw;
 sudo_printf_t sudo_printf = fuzz_printf;
 

plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c

@@ -36,7 +36,7 @@
 
 extern struct io_plugin sudoers_io;
 
-struct sudo_user sudo_user;
+struct sudoers_user_context user_ctx;
 struct passwd *list_pw;
 sudo_printf_t sudo_printf;
 sudo_conv_t sudo_conv;
@@ -385,15 +385,15 @@ main(int argc, char *argv[], char *envp[])
 	if ((tpw = getpwnam("root")) == NULL)
 	    sudo_fatalx("unable to look up uid 0 or root");
     }
-    sudo_user._runas_pw = pw_dup(tpw);
+    user_ctx._runas_pw = pw_dup(tpw);
 
     /* Set invoking user. */
     if ((tpw = getpwuid(geteuid())) == NULL)
 	sudo_fatalx("unable to look up invoking user's uid");
-    sudo_user.pw = pw_dup(tpw);
+    user_ctx.pw = pw_dup(tpw);
 
     /* Set iolog uid/gid to invoking user. */
-    iolog_set_owner(sudo_user.pw->pw_uid, sudo_user.pw->pw_gid);
+    iolog_set_owner(user_ctx.pw->pw_uid, user_ctx.pw->pw_gid);
 
     test_endpoints(&tests, &errors, iolog_dir, envp);
 

plugins/sudoers/sssd.c

@@ -754,8 +754,8 @@ sudo_sss_getdefs(const struct sudo_nss *nss)
     sudo_debug_printf(SUDO_DEBUG_DIAG, "Looking for cn=defaults");
 
     /* NOTE: these are global defaults, user-ID and name are not used. */
-    rc = handle->fn_send_recv_defaults(sudo_user.pw->pw_uid,
+    rc = handle->fn_send_recv_defaults(user_ctx.pw->pw_uid,
-	sudo_user.pw->pw_name, &sss_error, &handle->domainname, &sss_result);
+	user_ctx.pw->pw_name, &sss_error, &handle->domainname, &sss_result);
     switch (rc) {
     case 0:
 	break;

plugins/sudoers/sudoers.c

@@ -79,7 +79,7 @@ static bool tty_present(void);
 /*
  * Globals
  */
-struct sudo_user sudo_user;
+struct sudoers_user_context user_ctx;
 struct passwd *list_pw;
 unsigned int sudo_mode;
 
@@ -268,7 +268,7 @@ sudoers_init(void *info, sudoers_logger_t logger, char * const envp[])
     }
 
     /* Set login class if applicable (after sudoers is parsed). */
-    if (set_loginclass(runas_pw ? runas_pw : sudo_user.pw))
+    if (set_loginclass(runas_pw ? runas_pw : user_ctx.pw))
 	ret = true;
 
 cleanup:
@@ -287,7 +287,7 @@ cleanup:
 /*
  * Expand I/O log dir and file into a full path.
  * Returns the full I/O log path prefixed with "iolog_path=".
- * Sets sudo_user.iolog_file as a side effect.
+ * Sets user_ctx.iolog_file as a side effect.
  */
 static char *
 format_iolog_path(void)
@@ -316,8 +316,8 @@ format_iolog_path(void)
     }
 
     /* Stash pointer to the I/O log for the event log. */
-    sudo_user.iolog_path = iolog_path + sizeof("iolog_path=") - 1;
+    user_ctx.iolog_path = iolog_path + sizeof("iolog_path=") - 1;
-    sudo_user.iolog_file = sudo_user.iolog_path + 1 + strlen(dir);
+    user_ctx.iolog_file = user_ctx.iolog_path + 1 + strlen(dir);
 
 done:
     debug_return_str(iolog_path);
@@ -389,7 +389,7 @@ sudoers_check_common(int pwflag)
      */
     time(&now);
     sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
-    validated = sudoers_lookup(snl, sudo_user.pw, now, cb_lookup, &match_info,
+    validated = sudoers_lookup(snl, user_ctx.pw, now, cb_lookup, &match_info,
 	&cmnd_status, pwflag);
     sudoers_setlocale(oldlocale, NULL);
     if (ISSET(validated, VALIDATE_ERROR)) {
@@ -398,15 +398,15 @@ sudoers_check_common(int pwflag)
     }
 
     if (match_info.us != NULL && match_info.us->file != NULL) {
-	free(sudo_user.source);
+	free(user_ctx.source);
 	if (match_info.us->line != 0) {
-	    if (asprintf(&sudo_user.source, "%s:%d:%d", match_info.us->file,
+	    if (asprintf(&user_ctx.source, "%s:%d:%d", match_info.us->file,
 		    match_info.us->line, match_info.us->column) == -1)
-		sudo_user.source = NULL;
+		user_ctx.source = NULL;
 	} else {
-	    sudo_user.source = strdup(match_info.us->file);
+	    user_ctx.source = strdup(match_info.us->file);
 	}
-	if (sudo_user.source == NULL) {
+	if (user_ctx.source == NULL) {
 	    sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
 	    goto done;
 	}
@@ -515,16 +515,16 @@ sudoers_check_common(int pwflag)
 	goto done;
     }
 
-    /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
+    /* If run as root with SUDO_USER set, set user_ctx.pw to that user. */
     /* XXX - causes confusion when root is not listed in sudoers */
     if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT) && prev_user != NULL) {
 	if (user_uid == 0 && strcmp(prev_user, "root") != 0) {
 	    struct passwd *pw;
 
 	    if ((pw = sudo_getpwnam(prev_user)) != NULL) {
-		    if (sudo_user.pw != NULL)
+		    if (user_ctx.pw != NULL)
-			sudo_pw_delref(sudo_user.pw);
+			sudo_pw_delref(user_ctx.pw);
-		    sudo_user.pw = pw;
+		    user_ctx.pw = pw;
 	    }
 	}
     }
@@ -584,7 +584,7 @@ sudoers_check_common(int pwflag)
 		U_("sorry, you are not allowed to preserve the environment"));
 	    goto bad;
 	} else {
-	    if (!validate_env_vars(sudo_user.env_vars))
+	    if (!validate_env_vars(user_ctx.env_vars))
 		goto bad;
 	}
     }
@@ -643,7 +643,7 @@ sudoers_check_cmnd(int argc, char * const argv[], char *env_add[],
 
     /* Environment variables specified on the command line. */
     if (env_add != NULL && env_add[0] != NULL)
-	sudo_user.env_vars = env_add;
+	user_ctx.env_vars = env_add;
 
     /*
      * Make a local copy of argc/argv, with special handling for the
@@ -754,7 +754,7 @@ sudoers_check_cmnd(int argc, char * const argv[], char *env_add[],
     }
 
     /* Insert user-specified environment variables. */
-    if (!insert_env_vars(sudo_user.env_vars)) {
+    if (!insert_env_vars(user_ctx.env_vars)) {
 	sudo_warnx("%s",
 	    U_("error setting user-specified environment variables"));
 	goto error;
@@ -943,9 +943,9 @@ sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose)
 	goto done;
 
     if (ISSET(sudo_mode, MODE_CHECK))
-	ret = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw, verbose);
+	ret = display_cmnd(snl, list_pw ? list_pw : user_ctx.pw, verbose);
     else
-	ret = display_privs(snl, list_pw ? list_pw : sudo_user.pw, verbose);
+	ret = display_privs(snl, list_pw ? list_pw : user_ctx.pw, verbose);
 
 done:
     mail_parse_errors();
@@ -970,7 +970,7 @@ done:
 }
 
 /*
- * Initialize timezone and fill in sudo_user struct.
+ * Initialize timezone and fill in user_ctx.
  */
 static bool
 init_vars(char * const envp[])
@@ -1015,8 +1015,8 @@ init_vars(char * const envp[])
      * Get a local copy of the user's passwd struct and group list if we
      * don't already have them.
      */
-    if (sudo_user.pw == NULL) {
+    if (user_ctx.pw == NULL) {
-	if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) {
+	if ((user_ctx.pw = sudo_getpwnam(user_name)) == NULL) {
 	    /*
 	     * It is not unusual for users to place "sudo -k" in a .logout
 	     * file which can cause sudo to be run during reboot after the
@@ -1028,12 +1028,12 @@ init_vars(char * const envp[])
 	    }
 
 	    /* Need to make a fake struct passwd for the call to log_warningx(). */
-	    sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL);
+	    user_ctx.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL);
 	    unknown_user = true;
 	}
     }
     if (user_gid_list == NULL)
-	user_gid_list = sudo_get_gidlist(sudo_user.pw, ENTRY_TYPE_ANY);
+	user_gid_list = sudo_get_gidlist(user_ctx.pw, ENTRY_TYPE_ANY);
 
     /* Store initialize permissions so we can restore them later. */
     if (!set_perms(PERM_INITIAL))
@@ -1053,15 +1053,15 @@ init_vars(char * const envp[])
      * Note that if runas_group was specified without runas_user we
      * run the command as the invoking user.
      */
-    if (sudo_user.runas_group != NULL) {
+    if (user_ctx.runas_group != NULL) {
-	if (!set_runasgr(sudo_user.runas_group, false))
+	if (!set_runasgr(user_ctx.runas_group, false))
 	    debug_return_bool(false);
-	if (!set_runaspw(sudo_user.runas_user ?
+	if (!set_runaspw(user_ctx.runas_user ?
-		sudo_user.runas_user : user_name, false))
+		user_ctx.runas_user : user_name, false))
 	    debug_return_bool(false);
     } else {
-	if (!set_runaspw(sudo_user.runas_user ?
+	if (!set_runaspw(user_ctx.runas_user ?
-		sudo_user.runas_user : def_runas_default, false))
+		user_ctx.runas_user : def_runas_default, false))
 	    debug_return_bool(false);
     }
 
@@ -1483,7 +1483,7 @@ cb_runas_default(const char *file, int line, int column,
     debug_decl(cb_runas_default, SUDOERS_DEBUG_PLUGIN);
 
     /* Only reset runaspw if user didn't specify one. */
-    if (sudo_user.runas_user == NULL && sudo_user.runas_group == NULL)
+    if (user_ctx.runas_user == NULL && user_ctx.runas_group == NULL)
 	debug_return_bool(set_runaspw(sd_un->str, true));
     debug_return_bool(true);
 }
@@ -1515,7 +1515,7 @@ sudoers_cleanup(void)
     need_reinit = false;
     if (def_group_plugin)
 	group_plugin_unload();
-    sudo_user_free();
+    sudoers_user_ctx_free();
     sudo_freepwcache();
     sudo_freegrcache();
     canon_path_free_cache();
@@ -1552,16 +1552,16 @@ tty_present(void)
 }
 
 /*
- * Free memory allocated for struct sudo_user.
+ * Free memory allocated for struct sudoers_user_context.
  */
 void
-sudo_user_free(void)
+sudoers_user_ctx_free(void)
 {
-    debug_decl(sudo_user_free, SUDOERS_DEBUG_PLUGIN);
+    debug_decl(sudoers_user_ctx_free, SUDOERS_DEBUG_PLUGIN);
 
     /* Free remaining references to password and group entries. */
-    if (sudo_user.pw != NULL)
+    if (user_ctx.pw != NULL)
-	sudo_pw_delref(sudo_user.pw);
+	sudo_pw_delref(user_ctx.pw);
     if (runas_pw != NULL)
 	sudo_pw_delref(runas_pw);
     if (runas_gr != NULL)
@@ -1569,7 +1569,7 @@ sudo_user_free(void)
     if (user_gid_list != NULL)
 	sudo_gidlist_delref(user_gid_list);
 
-    /* Free dynamic contents of sudo_user. */
+    /* Free dynamic contents of user_ctx. */
     free(user_cwd);
     free(user_name);
     free(user_gids);
@@ -1589,7 +1589,7 @@ sudo_user_free(void)
     free(list_cmnd);
     free(safe_cmnd);
     free(saved_cmnd);
-    free(sudo_user.source);
+    free(user_ctx.source);
     free(user_stat);
 #ifdef HAVE_SELINUX
     free(user_role);
@@ -1602,7 +1602,7 @@ sudo_user_free(void)
     free(runas_privs);
     free(runas_limitprivs);
 #endif
-    memset(&sudo_user, 0, sizeof(sudo_user));
+    memset(&user_ctx, 0, sizeof(user_ctx));
 
     debug_return;
 }

plugins/sudoers/sudoers.h

@@ -79,7 +79,7 @@ struct group_list {
  * Info pertaining to the invoking user.
  * XXX - can we embed struct eventlog here or use it instead?
  */
-struct sudo_user {
+struct sudoers_user_context {
     struct timespec submit_time;
     struct passwd *pw;
     struct passwd *_runas_pw;
@@ -149,7 +149,7 @@ struct sudo_user {
 #define ENTRY_TYPE_FRONTEND	0x02
 
 /*
- * sudo_user flag values
+ * user_ctx.flag values
  */
 #define RUNAS_USER_SPECIFIED	0x01U
 #define RUNAS_GROUP_SPECIFIED	0x02U
@@ -224,50 +224,50 @@ struct sudo_user {
 #define PERM_IOLOG		0x07
 
 /*
- * Shortcuts for sudo_user contents.
+ * Shortcuts for user_ctx contents.
  */
-#define user_name		(sudo_user.name)
+#define user_name		(user_ctx.name)
-#define user_uid		(sudo_user.uid)
+#define user_uid		(user_ctx.uid)
-#define user_gid		(sudo_user.gid)
+#define user_gid		(user_ctx.gid)
-#define user_sid		(sudo_user.sid)
+#define user_sid		(user_ctx.sid)
-#define user_tcpgid		(sudo_user.tcpgid)
+#define user_tcpgid		(user_ctx.tcpgid)
-#define user_umask		(sudo_user.umask)
+#define user_umask		(user_ctx.umask)
-#define user_passwd		(sudo_user.pw->pw_passwd)
+#define user_passwd		(user_ctx.pw->pw_passwd)
-#define user_dir		(sudo_user.pw->pw_dir)
+#define user_dir		(user_ctx.pw->pw_dir)
-#define user_gids		(sudo_user.gids)
+#define user_gids		(user_ctx.gids)
-#define user_ngids		(sudo_user.ngids)
+#define user_ngids		(user_ctx.ngids)
-#define user_gid_list		(sudo_user.gid_list)
+#define user_gid_list		(user_ctx.gid_list)
-#define user_tty		(sudo_user.tty)
+#define user_tty		(user_ctx.tty)
-#define user_ttypath		(sudo_user.ttypath)
+#define user_ttypath		(user_ctx.ttypath)
-#define user_cwd		(sudo_user.cwd)
+#define user_cwd		(user_ctx.cwd)
-#define user_cmnd		(sudo_user.cmnd)
+#define user_cmnd		(user_ctx.cmnd)
-#define user_cmnd_dir		(sudo_user.cmnd_dir)
+#define user_cmnd_dir		(user_ctx.cmnd_dir)
-#define user_args		(sudo_user.cmnd_args)
+#define user_args		(user_ctx.cmnd_args)
-#define user_base		(sudo_user.cmnd_base)
+#define user_base		(user_ctx.cmnd_base)
-#define user_stat		(sudo_user.cmnd_stat)
+#define user_stat		(user_ctx.cmnd_stat)
-#define user_path		(sudo_user.path)
+#define user_path		(user_ctx.path)
-#define user_prompt		(sudo_user.prompt)
+#define user_prompt		(user_ctx.prompt)
-#define user_host		(sudo_user.host)
+#define user_host		(user_ctx.host)
-#define user_shost		(sudo_user.shost)
+#define user_shost		(user_ctx.shost)
-#define user_runhost		(sudo_user.runhost)
+#define user_runhost		(user_ctx.runhost)
-#define user_srunhost		(sudo_user.srunhost)
+#define user_srunhost		(user_ctx.srunhost)
-#define user_ccname		(sudo_user.krb5_ccname)
+#define user_ccname		(user_ctx.krb5_ccname)
-#define list_cmnd		(sudo_user.cmnd_list)
+#define list_cmnd		(user_ctx.cmnd_list)
-#define safe_cmnd		(sudo_user.cmnd_safe)
+#define safe_cmnd		(user_ctx.cmnd_safe)
-#define saved_cmnd		(sudo_user.cmnd_saved)
+#define saved_cmnd		(user_ctx.cmnd_saved)
-#define cmnd_fd			(sudo_user.execfd)
+#define cmnd_fd			(user_ctx.execfd)
-#define login_class		(sudo_user.class_name)
+#define login_class		(user_ctx.class_name)
-#define runas_pw		(sudo_user._runas_pw)
+#define runas_pw		(user_ctx._runas_pw)
-#define runas_gr		(sudo_user._runas_gr)
+#define runas_gr		(user_ctx._runas_gr)
-#define user_role		(sudo_user.role)
+#define user_role		(user_ctx.role)
-#define user_type		(sudo_user.type)
+#define user_type		(user_ctx.type)
-#define user_apparmor_profile		(sudo_user.apparmor_profile)
+#define user_apparmor_profile	(user_ctx.apparmor_profile)
-#define user_closefrom		(sudo_user.closefrom)
+#define user_closefrom		(user_ctx.closefrom)
-#define	runas_privs		(sudo_user.privs)
+#define	runas_privs		(user_ctx.privs)
-#define	runas_limitprivs	(sudo_user.limitprivs)
+#define	runas_limitprivs	(user_ctx.limitprivs)
-#define user_timeout		(sudo_user.timeout)
+#define user_timeout		(user_ctx.timeout)
-#define user_runchroot		(sudo_user.runchroot)
+#define user_runchroot		(user_ctx.runchroot)
-#define user_runcwd		(sudo_user.runcwd)
+#define user_runcwd		(user_ctx.runcwd)
 
 /* Default sudoers uid/gid/mode if not set by the Makefile. */
 #ifndef SUDOERS_UID
@@ -421,8 +421,8 @@ int sudoers_list(int argc, char *const argv[], const char *list_user, bool verbo
 int sudoers_validate_user(void);
 void sudoers_cleanup(void);
 bool sudoers_override_umask(void);
-void sudo_user_free(void);
+void sudoers_user_ctx_free(void);
-extern struct sudo_user sudo_user;
+extern struct sudoers_user_context user_ctx;
 extern struct passwd *list_pw;
 extern unsigned int sudo_mode;
 extern int sudoedit_nfiles;

plugins/sudoers/testsudoers.c

@@ -79,7 +79,7 @@ static int testsudoers_query(const struct sudo_nss *nss, struct passwd *pw);
 /*
  * Globals
  */
-struct sudo_user sudo_user;
+struct sudoers_user_context user_ctx;
 struct passwd *list_pw;
 static const char *orig_cmnd;
 static char *runas_group, *runas_user;
@@ -149,7 +149,7 @@ main(int argc, char *argv[])
 		break;
 	    case 'g':
 		runas_group = optarg;
-		SET(sudo_user.flags, RUNAS_GROUP_SPECIFIED);
+		SET(user_ctx.flags, RUNAS_GROUP_SPECIFIED);
 		break;
 	    case 'h':
 		user_host = optarg;
@@ -206,7 +206,7 @@ main(int argc, char *argv[])
 		break;
 	    case 'u':
 		runas_user = optarg;
-		SET(sudo_user.flags, RUNAS_USER_SPECIFIED);
+		SET(user_ctx.flags, RUNAS_USER_SPECIFIED);
 		break;
 	    case 'v':
 		if (sudo_mode != MODE_RUN) {
@@ -267,10 +267,10 @@ main(int argc, char *argv[])
 	strlcpy(cwdbuf, "/", sizeof(cwdbuf));
     user_cwd = cwdbuf;
 
-    if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL)
+    if ((user_ctx.pw = sudo_getpwnam(user_name)) == NULL)
 	sudo_fatalx(U_("unknown user %s"), user_name);
-    user_uid = sudo_user.pw->pw_uid;
+    user_uid = user_ctx.pw->pw_uid;
-    user_gid = sudo_user.pw->pw_gid;
+    user_gid = user_ctx.pw->pw_gid;
 
     if (user_host == NULL) {
 	if ((user_host = sudo_gethostname()) == NULL)
@@ -380,7 +380,7 @@ main(int argc, char *argv[])
     testsudoers_nss.parse_tree = &parsed_policy;
 
     printf("\nEntries for user %s:\n", user_name);
-    validated = sudoers_lookup(&snl, sudo_user.pw, now, cb_lookup, NULL,
+    validated = sudoers_lookup(&snl, user_ctx.pw, now, cb_lookup, NULL,
 	&status, pwflag);
 
     /* Validate user-specified chroot or cwd (if any) and runas user shell. */

plugins/sudoers/timestamp.c

@@ -1163,8 +1163,8 @@ create_admin_success_flag(void)
 	debug_return_int(true);
 
     /* Check whether the user is in the sudo or admin group. */
-    if (!user_in_group(sudo_user.pw, "sudo") &&
+    if (!user_in_group(user_ctx.pw, "sudo") &&
-	!user_in_group(sudo_user.pw, "admin"))
+	!user_in_group(user_ctx.pw, "admin"))
 	debug_return_int(true);
 
     /* Build path to flag file. */

plugins/sudoers/visudo.c

@@ -108,7 +108,7 @@ extern void get_hostname(void);
 /*
  * Globals
  */
-struct sudo_user sudo_user;
+struct sudoers_user_context user_ctx;
 struct passwd *list_pw;
 static const char *path_sudoers = _PATH_SUDOERS;
 static struct sudoersfile_list sudoerslist = TAILQ_HEAD_INITIALIZER(sudoerslist);
@@ -258,17 +258,17 @@ main(int argc, char *argv[])
 	export_sudoers(path_sudoers, export_path);
     }
 
-    /* Mock up a fake sudo_user struct. */
+    /* Mock up a fake struct sudoers_user_context. */
     user_cmnd = user_base = strdup("true");
     if (user_cmnd == NULL)
 	sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
     if (geteuid() == 0) {
 	const char *user = getenv("SUDO_USER");
 	if (user != NULL && *user != '\0')
-	    sudo_user.pw = sudo_getpwnam(user);
+	    user_ctx.pw = sudo_getpwnam(user);
     }
-    if (sudo_user.pw == NULL) {
+    if (user_ctx.pw == NULL) {
-	if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL)
+	if ((user_ctx.pw = sudo_getpwuid(getuid())) == NULL)
 	    sudo_fatalx(U_("you do not exist in the %s database"), "passwd");
     }
     get_hostname();