search the EnvOptions list for matching RunOptions and return the match

return true if the inclusion exists and ends with .ini

read password of user via rpassword should pam require a password, and it is successful, then we set a token

clean environment aside from ~half a dozen vars

common opt arguments

added around easter time

may we execute with this directory

set privs (just call eprivs based on ro)

may we keep environment data

reset privs (just call eprivs based on root)

add a level of escape to strings when they go to the old as “ holds entities

find editor for user. return /usr/bin/vi if EDITOR and VISUAL are unset

turn group list into an indexed list

handler.authenticate without the root privs part for linux

may we execute with this hostname

print output list of acl

return dir or exact_dir

return rule or exact_rule

return target or exact_target

write to syslog a standard log

is the RunOption valid for the dates permitted in the EnvOption

print the usage

print version string

return a lump of random alpha numeric characters

return EnvOptions as a vector of strings

read an ini file and traverse includes

read through an ini config file, appending EnvOptions to vec_eo hardcoded limit of 10M for confs

check reason. this happens post authorize in order to provide feedback

build a regex and replace %{USER} with the user str, prefix with ^ and suffix with $

remove from disk the users token

escape ’' within an argument escape ’ ’ within an argument

if binary is not an absolute/relative path, look for it in usual places

set the environment unless it is permitted to be kept and is specified

set environment for helper scripts

set privs of usr to target_uid and target_gid. return false if fails

set privs of usr to target_uid and target_gid. return false if fails

return the directory that the token should use

return the path of the users token

return our best guess of what the user’s tty is

touch the users token on disk

does the user have a valid token return false if time stamp is in the future return true if token was set within 600 seconds of wall and boot time