The sudo plugin API defines sudo_hook_fn_t as a function with
unspecified arguments. This is no longer supported in C23 so use
a variadic function for sudo_hook_fn_t instead. Moving to a union
may be a better long-term fix. GitHub issue #420.
If one of std{in,out,err} matches the specified device, try to
resolve it to a path by using /proc/self/fd/{0,1,2}. This avoids
searching all of /dev and works in a chroot where /proc is mounted
but /dev/pts is not. GitHub issue #421.
If sudo cannot map the device number to a device file, set name to
the empty string. The caller now checks for an empty name and only
passes the tty path to the plugin if it is non-empty. This allows
sudo to run without warnings in a chroot() jail where the terminal
device files are not present. GitHub issue #421.
This avoids sending mail for users running "sudo -nv" or "sudo -nl"
even when mail_badpass or mail_always are enabled. We already avoid
logging in that case but mailing was not disabled when that change
was made. Bug #1072.
PAM modules can change the user during their execution, in such case,
sudo would still use the user that has been provided giving potentially
access to another user with the credentials of another one.
So prevent this to happen, by ensuring that the final PAM user is
matching the one which started the transaction
This adds support for --with-secure-path-value=no to allow packagers
to ship the sudoers configuration file with the secure path
line commented out if required.
The change to always get the current time when building a struct
evlog in sudoers broke the data and time written for exit records.
This only affected file-based logs, not syslog. GitHub issue #405.
We want to avoid calling AX_FUNC_SNPRINTF entirely if cross-compiling
since it is not possible to undo the setting of PREFER_PORTABLE_SNPRINTF.
The previous attempt to do this failed to take into account that
PREFER_PORTABLE_SNPRINTF would still be defined. GitHub issue #969
Now that we parse ttydev as a long long it makes more sense to
format it the same way. This completely avoids the sign extension
issue on systems where dev_t is signed.
Fixes building on systems that lack strtoull(). While dev_t is
unsigned on most systems, we can still use sudo_strtonum() here as
long as we allow the full range of values [LLONG_MIN,LLONG_MAX].
We don't use strtoul() here since some 32-bit systems have 64-bit
dev_t.
