search the EnvOptions list for matching RunOptions and return the match
return true if the inclusion exists and ends with .ini
read password of user via rpassword
should pam require a password, and it is successful, then we set a token
clean environment aside from ~half a dozen vars
common opt arguments
added around easter time
may we execute with this directory
set privs (just call eprivs based on ro)
may we keep environment data
reset privs (just call eprivs based on root)
add a level of escape to strings when they go to the old as “ holds entities
find editor for user. return /usr/bin/vi if EDITOR and VISUAL are unset
turn group list into an indexed list
handler.authenticate without the root privs part for linux
may we execute with this hostname
print output list of acl
return dir or exact_dir
return rule or exact_rule
return target or exact_target
write to syslog a standard log
is the RunOption valid for the dates permitted in the EnvOption
print the usage
print version string
return a lump of random alpha numeric characters
return EnvOptions as a vector of strings
read an ini file and traverse includes
read through an ini config file, appending EnvOptions to vec_eo
hardcoded limit of 10M for confs
check reason. this happens post authorize in order to provide feedback
build a regex and replace %{USER} with the user str, prefix with ^ and suffix with $
remove from disk the users token
escape ’' within an argument
escape ’ ’ within an argument
if binary is not an absolute/relative path, look for it in usual places
return result from search cache lookup
set the environment unless it is permitted to be kept and is specified
set environment for helper scripts
set privs of usr to target_uid and target_gid. return false if fails
set privs of usr to target_uid and target_gid. return false if fails
return the directory that the token should use
return the path of the users token
return our best guess of what the user’s tty is
touch the users token on disk
does the user have a valid token
return false if time stamp is in the future
return true if token was set within 600 seconds of wall and boot time