+2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Don't let the fnmatch/glob macros expand the function prototype.
+ [d449e9a8f447] <1.8>
+
+2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Resolve namespace collisions on HP-UX ia64 and possibly others by
+ adding a rpl_ prefix to our fnmatch and glob replacements and
+ #defining rpl_foo to foo in the header files.
+ [d23889375b21] <1.8>
+
+2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Split ALL, ROLE and TYPE into their own actions. Since you can only
+ have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
+ the non-SELinux case. This is safe because the actions are in one
+ big switch() statement.
+ [0bd9b7e37ab1] <1.8>
+
+ * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
+ [8dec97b359e0] <1.8>
+
+ * askpass moved from sudoers to sudo.conf in sudo 1.8.0
+ [1001d87d82ed] <1.8>
+
+ * Remove obsolete warning about runas_default and ordering. Move
+ syslog facility and priority lists into the section where the
+ relevant options are described.
+ [1286b9624021] <1.8>
+
+2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Fix SIA support; we no longer have access to the real argc and argv
+ so allocate space for a fake one and use the argv passed to the
+ plugin with "sudo" for argv[0].
+ [7c11eeffb91c] <1.8>
+
+ * Remove useless realloc when trying to get the buffer size right.
+ [58128e7f4e28] <1.8>
+
+ * Be explicit when setting euid to 0 before call to setreuid(0, 0)
+ [95769a564ab8] <1.8>
+
+2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sudo 1.8.1p1 updates
+ [de3d688b5bb1] <1.8>
+
+ * configure, configure.in:
+ Need to do checks for krb5_verify_user, krb5_init_secure_context and
+ krb5_get_init_creds_opt_alloc regardless of whether or
+ notkrb5-config is present.
+ [456c4a9cd5d6] <1.8>
+
+2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Work around weird AIX saved uid semantics on setuid() and
+ setreuid(). On AIX, setuid() will only set the saved uid if the euid
+ is already 0.
+ [5d0a69e9d181] <1.8>
+
2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pp:
- update copyright year
- [edf691539a65] [tip] <1.7>
+ * update copyright year
+ [fa8da6d55783] <1.8>
- * toke.c, toke.l:
- Treat a missing includedir like an empty one and do not return an
+ * Treat a missing includedir like an empty one and do not return an
error.
- [9c770ff2d0bc] <1.7>
+ [5fd9fe004728] <1.8>
2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * pp:
- Fix ARCH setting in cross-compile Solaris packages.
- [057d743bd1a2] <1.7>
+ * Fix ARCH setting in cross-compile Solaris packages.
+ [8ce40940f6c9] <1.8>
- * sudo.pp:
- Fix aix version setting.
- [1a2621321f5c] <1.7>
+ * Fix aix version setting.
+ [02a9e25d46ba] <1.8>
- * ldap.c:
- Remove extraneous parens in LDAP filter when sudoers_search_filter
+ * Remove extraneous parens in LDAP filter when sudoers_search_filter
is enabled that causes a search error. From Matthew Thomas.
- [7a5a2d021d32] <1.7>
+ [b67be9b51ec6] <1.8>
+
+2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Correct sizeof() to fix test failure.
+ [a11b89fd13f9] <1.8>
+
+ * "install" target should depend on "install-dirs". Fixes "make -j"
+ problem and closes bz #487. From Chris Coleman.
+ [06ab0558f848] <1.8>
2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
* .hgtags:
- Added tag SUDO_1_7_6 for changeset fafbb7b0aea2
- [6f5c74a8a6ac] <1.7>
+ Added tag SUDO_1_8_1 for changeset 0ed6281995f0
+ [543d41a163e9] <1.8>
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- regen for 1.7.6
- [fafbb7b0aea2] [SUDO_1_7_6] <1.7>
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Regen man pages for 1.8.1
+ [0ed6281995f0] [SUDO_1_8_1] <1.8>
- * sudo.cat, sudo.man.in:
- regen man pages for 1.7.6
- [94d851285f31] <1.7>
+2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Add HAVE_RFC1938_SKEYCHALLENGE
+ [c0d7eb39799d] <1.8>
2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Mention plugin loading and libgcc changes
+ [b74929cba37c] <1.8>
+
+ * Load plugins after parsing arguments and potentially printing the
+ version. That way, an error loading or initializing a plugin
+ doesn't break "sudo -h" or "sudo -V".
+ [c1ecb5979cf0] <1.8>
+
+ * Makefile.in:
+ When using a sub-shell to invoke the sub-make, exec make instead of
+ running it inside the shell to avoid an extra process.
+ [9439f016c993] <1.8>
+
+ * Stop testing unspecified behavior in fnmatch Make glob test more
+ portable
+ [87a91d76fbff] <1.8>
+
+ * No need to add current dir to include path and having it breaks the
+ test programs that expect to get the system glob.h and fnmatch.h
+ [3ae7f9e7b710] <1.8>
+
+ * configure, configure.in:
+ Fix and document --with-plugindir; partially from Diego Elio Petteno
+ [0220a0c2606f] <1.8>
+
+ * Fix fnmatch and glob tests to not use hard-coded flag values in the
+ input file. Link test programs with libreplace so we get our
+ replacement verions as needed.
+ [66bab80241e0] <1.8>
+
+ * Makefile.in:
+ If make in a subdir fails, fail the target in the upper level
+ Makefile too. Adapted from a patch from Diego Elio Petteno
+ [bc35b7813507] <1.8>
+
+ * configure, configure.in:
+ Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
+ has this. Adapted from a patch from Diego Elio Petteno
+ [bb6228f484b9] <1.8>
+
+ * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
+ directly.
+ [47e6d5fadc6d] <1.8>
+
* configure, configure.in:
Fix warnings when -without-skey, --without-opie, --without-kerb4,
--without-kerb5 or --without-SecurID were specified.
- [83a99d369286] <1.7>
+ [1b75035dd129] <1.8>
+
+ * Add plugins/sudoers/sudoers_version.h
+ [1d470c6033ca] <1.8>
+
+ * configure, configure.in:
+ Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
+ now include LDFLAGS in the sudoers Makefile.in. Add missing settng
+ of @LDFLAGS@ in plugin Makefile.in files.
+ [dd237f43aa12] <1.8>
2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * NEWS:
- Mention %#gid support in User_List and Runas_List
- [8ff14765d7df] <1.7>
+ * Mention %#gid support in User_List and Runas_List
+ [37e259b9181b] <1.8>
- * sudoers.pod:
- Merge SETENV and NOSETENV description from 1.8
- [dd44e79b53a0] <1.7>
+ * Keep track of sudoers grammar version and report it in the -V
+ output.
+ [0e0b891dd8a4] <1.8>
+
+ * Add multiple inclusion guard
+ [ec6884f51ea8] <1.8>
+
+ * configure, configure.in:
+ The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
+ LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
+ set it to -Wc,-static-libgcc if not using GNU ld so we don't
+ have a dependency on the shared libgcc in sudoers.so.
+ [28d03f3eb0d2] <1.8>
+
+ * Fix typo; from Petr Uzel
+ [d19b9bd92bd3] <1.8>
2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c:
- In dump-only mode, use "root" as the default username instead of
+ * In dump-only mode, use "root" as the default username instead of
"nobody" as the latter may not be available on all systems.
- [8082b8a1374c] <1.7>
+ [b304111616dd] <1.8>
2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c:
- Fix setting of user_args
- [0669612feeb1] <1.7>
+ * Remove NewArgv/NewArgc, they are no longer needed.
+ [c0a36a42a68c] <1.8>
- * toke.c, toke.l:
- Add '!' token to lex tracing
- [7738d002a8d0] <1.7>
+ * Fix setting of user_args
+ [529e79ea95d1] <1.8>
- * toke.c, toke.l:
- Avoid using pre or post increment in a parameter to a ctype(3)
+ * Add '!' token to lex tracing
+ [aef295d428e7] <1.8>
+
+ * Use group bin in test, not wheel as most systems have the bin group
+ but the same is no longer true of wheel.
+ [350347f09c1a] <1.8>
+
+ * Avoid using pre or post increment in a parameter to a ctype(3)
function as it might be a macro that causes the increment to happen
more than once.
- [2d23161e06dc] <1.7>
+ [8a94ebdd53b8] <1.8>
2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pp:
- Strip off the beta or release candidate version when building AIX
+ * Strip off the beta or release candidate version when building AIX
packages.
- [246ebb79e64f] <1.7>
+ [00ad950764e2] <1.8>
- * aix.c:
- getuserattr(user, ...) will fall back to the "default" entry
+ * configure, configure.in:
+ We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
+ structure checks for glibc which only has __e_termination visible
+ when _GNU_SOURCE is *not* defined.
+ [1d58420a4a4a] <1.8>
+
+ * getuserattr(user, ...) will fall back to the "default" entry
automatically, there's no need to check "default" manually.
- [dd233ca1092a] <1.7>
+ [cefffa82967d] <1.8>
+
+ * Document parser changes.
+ [5038238f60eb] <1.8>
2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * UPGRADE:
- Document parser changes.
- [f767c045e6c0] <1.7>
+ * Makefile.in:
+ If there is an existing sudoers file, only install if it passes a
+ syntax check.
+ [b1e4c9c56fe0] <1.8>
- * testsudoers.c:
- Add runasgroup support to testsudoers
- [23f060665d23] <1.7>
+ * Add runasgroup support to testsudoers
+ [30838590e9de] <1.8>
- * testsudoers.c:
- More useful exit codes:
+ * For "make check", keep going even if a test fails.
+ [d3a72f67227e] <1.8>
+
+ * More useful exit codes:
* 0 - parsed OK and command matched.
* 1 - parse error
* 2 - command not matched
* 3 - command denied
- [bda610d9f6da] <1.7>
-
- * Makefile.in:
- If there is an existing sudoers file, only install if it passes a
- syntax check.
- [189eaeea562e] <1.7>
+ [59301e0769cd] <1.8>
- * sudoers.pod:
- Document %#gid, and %:#nonunix_gid syntax.
- [59e7df4c91e4] <1.7>
+ * Document %#gid, and %:#nonunix_gid syntax.
+ [39ee15af58e9] <1.8>
- * pwutil.c:
- Add support to user_in_group() for treating group names that begin
+ * Add support to user_in_group() for treating group names that begin
with a '#' as gids.
- [3926017fbf95] <1.7>
+ [0eb19980cf5f] <1.8>
+
+ * configure, configure.in:
+ Add explicit check for struct utmpx.ut_exit.e_termination and struct
+ utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
+ ut_exit if we detect one or the other.
+ [ab5b665fc04b] <1.8>
2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4:
- Quote first argument to AC_DEFUN(); from Elan Ruusamae
- [a245e4891bab] <1.7>
+ * Add back missing #include of config.h
+ [9c82bec81018] <1.8>
+
+ * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
+ strftime() does.
+ [1ae630470f8a] <1.8>
+
+ * Quote first argument to AC_DEFUN(); from Elan Ruusamae
+ [c467e9e3b399] <1.8>
2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l:
- Use bitwise AND instead of modulus to check for length being odd. A
- newline in the middle of a string is an error unless a line
+ * add new sudoers tests
+ [05f2a0924acc] <1.8>
+
+ * Add test for a newline in the middle of a string when no line
continuation character is used.
- [37a7f1fc54b7] <1.7>
+ [24b79be5822b] <1.8>
- * gram.c, toke.c:
- Add missing include of config.h
- [b13da7baee1e] <1.7>
+ * Use bitwise AND instead of modulus to check for length being odd. A
+ newline in the middle of a string is an error unless a line
+ continuation character is used.
+ [65c468599688] <1.8>
- * gram.c, gram.y, toke.c, toke.l:
- Move lexer globals initialization into init_lexer.
- [b7c124212d05] <1.7>
+ * Move lexer globals initialization into init_lexer.
+ [07a1171a1853] <1.8>
- * toke.c, toke.l:
- Fix a potential crash when a non-regular file is present in an
+ * Fix a potential crash when a non-regular file is present in an
includedir. Fixes bz #452
- [f1209a710607] <1.7>
+ [5057cb9516e4] <1.8>
- * pp:
- On some Linux systems, "uname -p" contains detailed processor info
+ * On some Linux systems, "uname -p" contains detailed processor info
so check "uname -m" first and then "uname -p" if needed. Recognize
PLD Linux.
- [83af85a391df] <1.7>
+ [56226c84a060] <1.8>
- * toke.c, toke.l:
- Make an empty group or netgroup a syntax error.
- [e88aa7b31a43] <1.7>
+2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l:
- Allow a group ID in the User_Spec.
- [3e58bc732e33] <1.7>
+ * Don't need all sudoers.h here.
+ [43b6ae5999c5] <1.8>
- * toke.c, toke.l:
- Return an error for the empty string when a word is expected. Allow
+ * Print sudo version early, in case policy plugin init fails.
+ [620f2d0ec4b1] <1.8>
+
+2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Update to match change in input.
+ [69540f84721d] <1.8>
+
+ * Make an empty group or netgroup a syntax error.
+ [4b85bddc494e] <1.8>
+
+ * An empty group or netgroup should be a syntax error.
+ [6ec796972eff] <1.8>
+
+ * Check that uids work in per-user and per-runas Defaults Check that
+ uids and gids work in a Command_Spec
+ [68cf62353420] <1.8>
+
+ * Test empty string in User_Alias and Command_Spec
+ [017d487c31be] <1.8>
+
+ * Allow a group ID in the User_Spec.
+ [37e0bf69c8d8] <1.8>
+
+ * Return an error for the empty string when a word is expected. Allow
an ID for per-user or per-runas Defaults.
- [83bb1a9c80ad] <1.7>
+ [4c9020779582] <1.8>
2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c:
- Fix printing "User_Alias FOO = ALL"
- [8e6e810e89ce] <1.7>
+ * Fix printing "User_Alias FOO = ALL"
+ [97c9fd7caeb7] <1.8>
2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse_args.c:
- Better error message about invalid -C argument
- [fc14f8dc03d2] <1.7>
+ * Better error message about invalid -C argument
+ [2301e7a3835b] <1.8>
- * NEWS:
- fix typo
- [f789649fdeaf] <1.7>
+ * fix typo
+ [c5acde62a309] <1.8>
- * sudoers.pod:
- Fix placement of equal size ('=') in user specification summary.
- [51861d678ac1] <1.7>
+ * Fix placement of equal size ('=') in user specification summary.
+ [4d0ffef77ae4] <1.8>
2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.l:
- If we match a rule anchored to the beginning of a line after parsing
+ * update to match sudoers regress
+ [0efb8dc9092a] <1.8>
+
+ * Restore ability to define TRACELEXER and have trace output go to
+ stderr.
+ [441c8b372217] <1.8>
+
+ * Restore old behavior of setting sawspace = TRUE for command line
+ args when a line continuation character is hit to avoid causing
+ problems for existing sudoers files.
+ [963ded6ce070] <1.8>
+
+ * Add test for line continuation and aliases
+ [5703d11a3c46] <1.8>
+
+ * Make test output line up nicely for parse vs. toke
+ [15321ce2d7d9] <1.8>
+
+ * plugins/sudoers/regress/testsudoers/test1.ok,
+ plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/visudo/test1.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Move parser tests to sudoers directory and test the tokenizer output
+ too.
+ [111c1ccda334] <1.8>
+
+ * If we match a rule anchored to the beginning of a line after parsing
a line continuation character, return an ERROR token. It would be
nicer to use REJECT instead but that substantially slows down the
lexer.
- [f31c6622aaf9] <1.7>
+ [67e54b14aa9d] <1.8>
- * toke.c, toke.l:
- Allow whitespace after the modifier in a Defaults entry. E.g.
+ * Move LEXTRACE macro to toke.h so we can use it in yyerror().
+ [e6e04037deed] <1.8>
+
+ * Make lex tracing settable at run-time in testsudoers via the -t
+ flag. Trace output goes to stderr. Will be used by regress tests
+ to check lexer.
+ [a973f43cc0c2] <1.8>
+
+ * Allow whitespace after the modifier in a Defaults entry. E.g.
"Defaults: username set_home"
- [57c09139d10c] <1.7>
+ [bf876c9fc5bb] <1.8>
2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * mkpkg:
- Don't set CC when cross-compiling. Use the Sun Studio C compiler on
- Solaris if possible.
- [b91feb0678c1] <1.7>
+ * Don't set CC when cross-compiling.
+ [d3c33dcb02f2] <1.8>
- * NEWS:
- Credit Matthew Thomas for the sudoers_search_filter changes.
- [4b3f239e114d] <1.7>
+ * Credit Matthew Thomas for the sudoers_search_filter changes.
+ [2209b80664af] <1.8>
- * NEWS:
- Update for sudo 1.7.6 beta
- [26cdd6578c23] <1.7>
+ * Add the .sym files to the MANIFEST
+ [bb452b28a009] <1.8>
+
+ * Update for sudo 1.8.1 beta
+ [700d42d80e00] <1.8>
- * exec_pty.c:
- Save the controlling tty process group before suspending in pty
+ * user_shell -> run_shell to avoid confusion with the user's SHELL
+ variable.
+ [451b96d5f97e] <1.8>
+
+ * Save the controlling tty process group before suspending in pty
mode. Previously, we assumed that the child pgrp == child pid
(which is usually, but not always, the case).
- [670657004784] <1.7>
+ [b0841d861191] <1.8>
- * ldap.c, sudoers.ldap.pod:
- Add support for sudoers_search_filter setting in ldap.conf. This
+ * Add support for sudoers_search_filter setting in ldap.conf. This
can be used to restrict the set of records returned by the LDAP
query.
- [c941bb5f68f2] <1.7>
+ [70c5f496e2b3] <1.8>
2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
* configure, configure.in:
Remove the hack to disable -g in CFLAGS unless --with-devel
- [933300bf3848] <1.7>
+ [9459839f50ba] <1.8>
- * sudoers.pod:
- The '@' character does not normally need to be quoted.
- [7e96569aed54] <1.7>
+ * The '@' character does not normally need to be quoted.
+ [e66c4c64e514] <1.8>
- * toke.c, toke.l:
- We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
+ * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
if that whitespace is followed by a comma, we want to treat it as
part of a list and not transition.
- [6dd87c25c79c] <1.7>
+ [52ae2df9959d] <1.8>
- * Makefile.in:
- toke_util.c lives in $(srcdir) not $(devdir)
- [b1b59d72f026] <1.7>
+ * Add check for whitespace when a User_List is used for a per-user
+ Defaults entry.
+ [44a4db95be86] <1.8>
- * toke.c, toke.l:
- Fix parsing of double-quoted names in Defaults and Aliases which was
- broken in c2b486b12951.
- [30b2fdbafdc2] <1.7>
+ * Expand quoted name checks to cover recent fixes.
+ [bd494b5c2bed] <1.8>
-2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix parsing of double-quoted names in Defaults and Aliases which was
+ broken in 601d97ea8792.
+ [dfdd58c3eb3b] <1.8>
- * NEWS:
- Document major changes for sudo 1.7.6
- [d474a2aeb411] <1.7>
+ * toke_util.c lives in $(srcdir) not $(devdir)
+ [94f8f024782e] <1.8>
+
+2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
* configure, configure.in:
- Update version to 1.7.6
- [c1c80b99ed82] <1.7>
+ Update version to 1.8.1
+ [531a7d520f18] <1.8>
- * match.c:
- Be careful not to deref user_stat if it is NULL. This cannot
+ * Document major changes in 1.8.1 and add upgrade notes.
+ [116821646140] <1.8>
+
+ * Be careful not to deref user_stat if it is NULL. This cannot
currently happen in sudo but might in other programs using the
parser.
- [0926b1653e20] <1.7>
+ [d72a9c7151c4] <1.8>
- * mkpkg:
- configure will not add -O2 to CFLAGS if it is already defined to add
+ * configure will not add -O2 to CFLAGS if it is already defined to add
-O2 to the CFLAGS we pass in when PIE is being used.
- [a4444e287bcb] <1.7>
+ [2c7fe82be93d] <1.8>
- * sudoers.pod:
- Warn about the dangers of log_input and mention iolog_dir in the
- log_input and log_output descriptions.
- [68c3615f7487] <1.7>
+ * Warn about the dangers of log_input and mention iolog_file and
+ iolog_dir in the log_input and log_output descriptions.
+ [edc6aa59aa45] <1.8>
- * pp:
- Back out 2b81d57de4a4 and sync with git version
- [5a2443567b9c] <1.7>
+ * sync with git version
+ [b121cf739c77] <1.8>
+
+ * It seems that h comes after i
+ [99ad15015f05] <1.8>
- * exec.c:
- Save the controlling tty process group before suspending so we can
+ * Move log_input and log_output to their proper, sorted, location.
+ Document set_utmp and utmp_runas.
+ [216ce8b0ae1a] <1.8>
+
+ * Save the controlling tty process group before suspending so we can
restore it when we resume. Fixes job control problems on Linux
caused by the previous attemp to fix resuming a shell when I/O
logging not enabled.
- [3e4e26b79f59] <1.7>
+ [dfe038f733be] <1.8>
+
+ * Fix printing of the remainder after a newline. Fixes "sudo -l"
+ output corruption that could occur in some cases.
+ [ab2f0a629e0d] <1.8>
+
+ * Add support for ut_exit
+ [7039ec6a73fa] <1.8>
+
+ * Add support for controlling whether utmp is updated and which user
+ is listed in the entry.
+ [1b008ce71eab] <1.8>
+
+ * Fix typo; tupple vs. tuple
+ [67bb5c67ae3d] <1.8>
+
+ * For legacy utmp, strip the /dev/ prefix before trying to determine
+ slot since the ttys file does not include the /dev/ prefix.
+ [8f597114381d] <1.8>
+
+ * Add check for _PATH_UTMP
+ [fe7e2456f017] <1.8>
+
+ * Adapt check_iolog_path to sessid changes
+ [3016201869b6] <1.8>
+
+ * Redo utmp handling. If no getutent()/getutxent() is available,
+ assume a ttyslot-based utmp. If getttyent() is available, use that
+ directly instead of ttyslot() so we don't have to do the stdin dup2
+ dance.
+ [817490c7c20e] <1.8>
+
+ * Move utmp handling into utmp.c
+ [e4729d9259e9] <1.8>
+
+ * Update copyright years.
+ [1065afc00233] <1.8>
+
+2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Add "user_shell" boolean as a way to indicate to the plugin that the
+ -s flag was given.
+ [6e8bc49b7ea7] <1.8>
+
+ * Move sessid out of sudo_user.
+ [00d67d5ba894] <1.8>
+
+ * Log the TSID even if it is not a simple session ID.
+ [490cf0adae29] <1.8>
+
+ * Document noexec in sample.sudo.conf and add back noexec_file section
+ in sudoers with a note that it is deprecated.
+ [c7a2d8d0c563] <1.8>
+
+ * Fix running commands as non-root on systems where setreuid() changes
+ the saved uid based on the effective uid we are changing to.
+ [f3b27db56ba6] <1.8>
+
+2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Move noexec path into sudo.conf now that sudo itself handles noexec.
+ Currently can be configured in sudoers too but is now undocumented
+ and will be removed in a future release.
+ [9c5f64709994] <1.8>
+
+ * Document "Path noexec ..." in sudo.conf. No longer document
+ noexec_file in sudoers, it will be removed in a future release.
+ [959fa6b5217b] <1.8>
+
+ * Move noexec handling to sudo front-end where it is documented as
+ being.
+ [ef6cd4a40c61] <1.8>
- * exec.c:
- In handle_signals(), restart the read() on EINTR to make sure we
+ * Add support for disabling exec via solaris privileges. Includes
+ preparation for moving noexec support out of sudoers and into front
+ end as documented.
+ [d9c05ba9a24f] <1.8>
+
+ * Only export the symbols corresponding to the plugin structs.
+ [cb07af1d9b39] <1.8>
+
+ * Install plugins manually instead of using libtool. This works
+ around a problem on AIX where libtool will install a .a file
+ containing the .so file instead of the .so file itself.
+ [1ccf5af58c05] <1.8>
+
+ * Makefile.in:
+ Move check into its own rule since some versions of make will run
+ both targets as the default rule.
+ [7159f37eb552] <1.8>
+
+ * Update to libtool 2.2.10
+ [9e49773b32b7] <1.8>
+
+ * In handle_signals(), restart the read() on EINTR to make sure we
keep up with the signal pipe. Don't return -1 on EAGAIN, it just
means we have emptied the pipe.
- [5bcfe5a061c2] <1.7>
+ [dc2926097b2d] <1.8>
- * lbuf.c:
- Fix printing of the remainder after a newline. Fixes "sudo -l"
- output corruption that could occur in some cases.
- [41e5595f0559] <1.7>
+ * Reorder functions to quiet a compiler warning.
+ [5201367e5db4] <1.8>
+
+ * Use the Sun Studio C compiler on Solaris if possible
+ [b8d43b423fb9] <1.8>
2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * mkpkg:
- Fix default setting of osversion variable.
- [c67d9d3bfa2b] <1.7>
+ * Fix default setting of osversion variable.
+ [e12905851be5] <1.8>
+
+ * Make two login_class entris consistent.
+ [0671d7b204be] <1.8>
+
+ * Add support for adding a utmp entry when allocating a new pty.
+ Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
+ Currently only creates a new entry if the existing tty has a utmp
+ entry.
+ [40ff30099e79] <1.8>
+
+ * Avoid pulling in headers we don't need on Linux For getutx?id(),
+ call setutx?ent() first and always call endutx?ent().
+ [b86f7a13aae9] <1.8>
+
+ * Add some more libs to SUDOERS_LIBS instead of relying on them to be
+ pulled in by SUDO_LIBS.
+ [bcbd16ec56c6] <1.8>
+
+ * Fix return value of "sudo -l command" when command is not allowed,
+ broken in [c7097ea22111]. The default return value is now TRUE and
+ a bad: label is used when permission is denied. Also fixed missing
+ permissions restoration on certain errors. On error()/errorx(), the
+ password and group files are now closed before returning.
+ [757c941a47b2] <1.8>
2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * mkpkg:
- Add --osversion flag to specify OS instead of running "pp
+ * Fix passing of login class back to sudo front end.
+ [5e649de6b7f5] <1.8>
+
+ * Add --osversion flag to specify OS instead of running "pp
--probeonly"
- [550104604d4b] <1.7>
+ [8a03943ac5e8] <1.8>
- * sudo.pp:
- Fix expr usage w/ GNU expr
- [c2161988dec9] <1.7>
+ * Fix expr usage w/ GNU expr
+ [bdecfa1f54fc] <1.8>
+
+2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Fix exit value for validate and list mode.
+ [6f8b20199935] <1.8>
+
+ * Fix non-interactive mode with sudoers plugin.
+ [cf5aca4fcbcf] <1.8>
+
+2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay can now find IDs other than %{seq} and display the
+ session.
+ [60396b417633] <1.8>
+
+ * Add support for replaying sessions when iolog_file is set to
+ something other than %{seq}.
+ [1cd2baa74d56] <1.8>
+
+2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * If we are killed by a signal, display the name of the signal that
+ got us.
+ [1b38c4d42282] <1.8>
+
+ * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
+ where they belong.
+ [78e97a921104] <1.8>
+
+ * Fix bug in skey/opie check that could cause a shell warning.
+ [f20229a04f30] <1.8>
+
+ * No longer need sudo_getepw() stubs.
+ [795631ac7db0] <1.8>
+
+2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Fix exit value of "sudo -l command" in sudoers module.
+ [4a05d6019b3d] <1.8>
2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pp:
- Don't use the beta or release candidate version as the rpm release.
- [56f8c0b1eb46] <1.7>
+ * Use fgets() not fgetln() for portability.
+ [1f2050745096] <1.8>
+
+ * Don't use the beta or release candidate version as the rpm release.
+ [a5b049477646] <1.8>
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Makefile.in:
+ Adjust ChangeLog rule now that 1.8 is branched
+ [a994ac361e44] <1.8>
+
* .hgtags:
- Added tag SUDO_1_7_5 for changeset 9314212577c3
- [75f9d661ea03] <1.7>
+ Added tag SUDO_1_8_0 for changeset f6530d56f6ae
+ [99a2b3801419] <1.8>
+
+2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
* configure, configure.in:
- version 1.7.5
- [9314212577c3] [SUDO_1_7_5] <1.7>
+ version 1.8.0
+ [f6530d56f6ae] [SUDO_1_8_0]
-2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+ * NEWS:
+ update sudo 1.8 section
+ [f2ee2cf95d18]
+
+2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/testsudoers/test2.sh:
+ fix test description
+ [cd5730fa9f09]
+
+ * plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/visudo/test2.out,
+ plugins/sudoers/regress/visudo/test2.sh:
+ convert test2 to use testsudoers
+ [b5ec3f0b69f1]
+
+ * include/sudo_plugin.h, src/sudo_plugin_int.h:
+ Move struct generic_plugin to sudo_plugin_int.h
+ [6f7bc629329c]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Allow sudoers file name, mode, uid and gid to be specified in the
+ settings list. The sudo front end does not currently set these but
+ may in the future.
+ [22f38a0fda2a]
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- 1.7.5rc1
- [216ab95b5de0] <1.7>
+2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse_args.c, sudo.c, sudo.pod, sudo_usage.h.in, sudoreplay.c,
- sudoreplay.pod, visudo.c, visudo.pod:
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ 1.8.0rc1
+ [5d4588b9c057]
+
+ * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/parse_args.c, src/sudo.h:
add help text to sudo, visudo and sudoreplay for the -h option
- [141d348c660b] <1.7>
+ [52e7378d8476]
2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * snprintf.c:
+ * compat/snprintf.c:
avoid using "howmany" for a parameter name since it is a select-
related macro
- [6b6c2d504103] <1.7>
+ [a14d565401a1]
- * Makefile.in:
+ * doc/sudoers.pod:
+ mention group_plugin when describing nonunix_group
+ [e0d1d0034b17]
+
+ * doc/sudo_plugin.pod:
+ Add missing period at end of sentence
+ [6744d7e9056d]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
add localstatedir; closes bug 471
- [a4778228ae54] <1.7>
+ [7aefcab85088]
- * config.h.in, configure, configure.in, exec.c, exec_pty.c,
- sudoreplay.c:
+ * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
+ src/exec.c, src/exec_pty.c:
The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
Bug 470
- [be5dff63ff5d] <1.7>
+ [927ed6740f32]
+
+ * configure.in:
+ add missing AH_TEMPLATE for ENV_RESET
+ [16300010c986]
- * exec.c:
+ * src/exec.c:
SVR5 systems return non-zero for success on socketpair(), check for
-1 instead. Closes Bug 469
- [13ac9d0e0934] <1.7>
+ [4d276494bf8e]
-2011-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/afs.c:
- Move afs includes to be before sudo ones
- [fbe0bdcf5798] <1.7>
+ * configure, configure.in:
+ 1.8.0b5
+ [d611cd5d73d3]
- * config.h.in, configure, configure.in:
- No longer use vhangup
- [9fce94512df9] <1.7>
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [85e96eeaed82]
+
+ * doc/sudo.pod:
+ Document that a sudo.conf file with no Pligin lines uses the default
+ sudoers plugins.
+ [88bd52da977f]
+
+ * src/load_plugins.c:
+ If sudo.conf contains no Plugin lines, use the default sudoers
+ policy and I/O plugins.
+ [fd8f4cb811ab]
2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_nss.c:
+ * plugins/sudoers/sudo_nss.c:
Avoid printing empty "Runas and Command-specific defaults for user"
line.
- [3df2925f9982] <1.7>
+ [2dd330fe4f8b]
- * lbuf.c:
+ * common/lbuf.c:
Truncate the buffer at buf.len before printing in the non-wordwrap
case.
- [23a31b8d95b8] <1.7>
+ [901e9833f80d]
- * lbuf.c:
+ * common/lbuf.c:
Remove extra newline when the tty width is very small or unavailable
- [32fa0b3ea47a] <1.7>
-
-2011-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- 1.7.5b5
- [0937b9bff020] <1.7>
-
- * pp:
- don't remap numeric uids/gids to names; if the user specified and id
- instead of a name, they probably mean it
- [2b81d57de4a4] <1.7>
+ [245c05506c0e]
2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c:
+ * plugins/sudoers/alias.c:
Remove unneeded variable.
- [23329353f964] <1.7>
+ [2c086d30b796]
2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
* configure, configure.in:
Prefer getutxid over getutid
- [e89811f0e4da] <1.7>
+ [3f3322e9c93e]
- * boottime.c:
+ * plugins/sudoers/boottime.c:
Include utmp.h / utmpx.h before missing.h as apparently including it
afterwards causes a compilation problem on GNU Hurd.
- [d62781e31b27] <1.7>
+ [a528029ae962]
2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- 1.7.5b4
- [4b8a9632fe59] <1.7>
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
+ #include "foo.h", not <foo.h> for local includes.
+ [f65ec693998e]
- * exec.c, missing.h, sudo.c, toke.h:
- fix K&R compilation
- [23ebea9c2183] <1.7>
+ * src/parse_args.c:
+ remove bogus XXX
+ [9136c17d53ce]
- * mksiglist.c:
+ * compat/mksiglist.c:
Fix typo
- [1587615a186f] <1.7>
-
- * Makefile.in, toke.h, toke.l, toke_util.c:
- Split tokenizer utility functions out into toke_util.c
- [88148d0b9338] <1.7>
+ [1a3bb7b455c9]
- * alloc.c, bsm_audit.c, check.c, closefrom.c, sudo_nss.c, visudo.c:
- Cosmetic changes to make diffing against trunk easier.
- [95bdfcc29a22] <1.7>
-
- * exec.c, exec_pty.c, mon_systrace.c, sudo.h, sudo_exec.h,
- sudoreplay.c, tgetpass.c:
- Use RETSIGTYPE for signal handlers.
- [5ea1f34d1aab] <1.7>
-
- * sudo_exec.h:
- Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
- SIGUSR2 to indicate whether the child should be continued in the
- foreground or background.
- [9fec5a258d57] <1.7>
+ * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c:
+ return foo not return(foo)
+ [5c9e0647359a]
2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * getspwuid.c:
- Merge trunk version
- [cd44ef67e57d] <1.7>
-
- * exec_pty.c:
- Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
- SIGUSR2 to indicate whether the child should be continued in the
- foreground or background.
- [6305babcf6bd] <1.7>
-
- * exec.c:
- If perform_io() fails, kill the child before exiting so it doesn't
- complain about connection reset. We can get an I/O error if, for
- example, and we get EIO reading from stdin.
- [ca28e0a25698] <1.7>
+ * src/exec.c:
+ Remove duplicate FD_SET of signal_pipe[0]
+ [3096527d2215]
2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * error.c, fileops.c, fnmatch.c, getcwd.c, getprogname.c, gettime.c,
- glob.c, isblank.c, memrchr.c, mksiglist.c, mkstemps.c, nanosleep.c,
- setsid.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c,
- strlcat.c, strlcpy.c, strsignal.c, sudo_noexec.c, sudoreplay.c,
- utimes.c, vasgroups.c, zero_bytes.c:
- Make local includes consistent; use double quotes for local includes
- [ec9d52fff4b3] <1.7>
+ * compat/mksiglist.c:
+ Use "missing.h" not <missing.h> in generated code.
+ [d8e09cffbe09]
2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * error.c, getprogname.c, memrchr.c, sigaction.c, strcasecmp.c,
- strerror.c, strlcat.c, strlcpy.c, strsignal.c, zero_bytes.c:
- Must include config.h before any other headers.
- [3c23ec625df0] <1.7>
-
* aclocal.m4, configure:
fix --with-iologdir=no
- [ef60ca8b3789] <1.7>
+ [a89699cb5f5f]
* aclocal.m4, configure:
fix typo that broke --with-iologdir
- [fca175fdfd81] <1.7>
+ [91b54eb22403]
2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * NEWS:
- sync for 1.7.5b3
- [744e2e78ef5a] <1.7>
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ Bump version to 1.8.0b4
+ [e2b7f2cdc02e]
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- 1.7.5b3
- [7a24576e35ac] <1.7>
+ * NEWS:
+ sync
+ [decf5a0a8a33]
- * sudoers.cat, sudoers.man.in, sudoers.pod:
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
Attempt to clarify how users and groups interact in Runas_Specs
- [9e8c2fb328d0] <1.7>
+ [e6fb3a2dbd77]
- * exec.c, exec_pty.c:
- Do not handle SIGARLM specially, just pass it through.
- [944978b640b5] <1.7>
+ * plugins/sudoers/regress/visudo/test2.out,
+ plugins/sudoers/regress/visudo/test2.sh:
+ Add test for quoted group that contains escaped double quotes
+ [44596c48c629]
- * exec.c, exec_pty.c:
+ * src/exec.c, src/exec_pty.c:
Pass SIGUSR1/SIGUSR2 through to the child.
- [774506c977df] <1.7>
+ [c3108a827b01]
- * exec.c:
- Made tcsetpgrp() bits conditional on HAVE_TCSETPGRP
- [386f69132ad4] <1.7>
+ * src/exec_pty.c, src/sudo_exec.h:
+ Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
+ SIGUSR2 to indicate whether the child should be continued in the
+ foreground or background.
+ [35ca47cc6785]
- * exec.c:
+ * src/exec.c:
Use pid_t not int and check the return value of kill()
- [5f15c3304a1d] <1.7>
+ [36ae7d37d7f9]
2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * exec.c:
+ * src/exec_pty.c:
+ Remove obsolete comment
+ [baebef4919f6]
+
+ * src/exec.c:
In non-pty mode before continuing the child, make it the foreground
pgrp if possible. Fixes resuming a shell.
- [dfaadefcc6c6] <1.7>
+ [fef5b1d02ddb]
- * exec_pty.c:
+ * src/exec_pty.c:
If we get a signal other than SIGCHLD in the monitor, pass it
directly to the child.
- [7e638105bfaf] <1.7>
+ [b3ecb28163a0]
- * exec.c, exec_pty.c, sudo.h:
+ * src/exec.c, src/exec_pty.c, src/sudo.h:
Save signal state before changing handlers and restore before we
execute the command.
- [83278957e630] <1.7>
+ [faf7475dc4bf]
2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l:
- match quoted strings the same way whether in a Defaults line or as a
- user/group/netgroup name. Fixes escaped double quotes in quoted
- user/group/netgroup names.
- [c2b486b12951] <1.7>
-
- * iolog.c:
+ * plugins/sudoers/iolog.c:
Use a char array to map a number to a base36 digit.
- [d626ded3312d] <1.7>
+ [257576c51f8b]
- * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
Be clear about what versions of sudo support new LDAP attributes.
Fix up some formatting of attribute names. Minor other tweaks.
- [f7bd586ec755] <1.7>
+ [39f65df71f65]
2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers2ldif:
- Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
- [05a0d25b0f8d] <1.7>
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ match quoted strings the same way whether in a Defaults line or as a
+ user/group/netgroup name. Fixes escaped double quotes in quoted
+ user/group/netgroup names.
+ [601d97ea8792]
+
+ * plugins/sudoers/Makefile.in:
+ 'make check' depends on visudo and testsudoers
+ [127c5a24df8f]
+
+ * plugins/sudoers/sudoers2ldif:
+ Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
+ [9029163a58c3]
2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * UPGRADE:
+ * doc/UPGRADE:
Mention LDAP attribute compatibility status.
- [adb74ad2331b] <1.7>
+ [2c3595aaec63]
2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
* README.LDAP:
Mention phpQLAdmin
- [5d80d6291142] <1.7>
+ [9304c9064fbe]
- * INSTALL, NEWS, config.h.in, configure, configure.in, defaults.c,
- sudoers.man.in, sudoers.pod:
+ * INSTALL, NEWS, config.h.in, configure, configure.in,
+ doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
Add --disable-env-reset configure option.
- [803ce2f4d85c] <1.7>
+ [8a753aa13a46]
- * sudoers.cat, sudoers.man.in, sudoers.pod:
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
Document that sudoers_locale also affects logging and email.
- [080dd4338374] <1.7>
+ [998d6ac11277]
- * NEWS, config.h.in, configure, configure.in, logging.c:
+ * NEWS, config.h.in, configure, configure.in,
+ plugins/sudoers/logging.c:
Do logging and email sending in the locale specified by the
"sudoers_locale" setting ("C" by default). Email send by sudo
includes MIME headers when the sudoers locale is not "C".
- [592e5b2a3d10] <1.7>
+ [cb7e55408400]
+
+2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Fix indentation
+ [65ae7e92b9e4]
2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * NEWS, sudo.c:
+ * NEWS, src/parse_args.c, src/sudo.c:
Perform command escaping for "sudo -s" and "sudo -i" after
validating sudoers so the sudoers entries don't need to have all the
backslashes.
- [7d39ea9924e4] <1.7>
+ [4e168c103f4b]
2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c:
+ * plugins/sudoers/logging.c:
Prepend "list " to the command logged when "sudo -l command" is used
to make it clear that the command was listed, not run.
- [9bcd40c1bfe9] <1.7>
+ [f392a6056cd6]
- * parse.c:
+ * plugins/sudoers/parse.c:
cosmetic change
- [8ce3d60d910d] <1.7>
-
- * aix.c, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
- auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
- auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
- auth/securid.c, auth/securid5.c, auth/sia.c, bsm_audit.c, check.c,
- defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
- fnmatch.c, get_pty.c, getcwd.c, getline.c, getprogname.c,
- getspwuid.c, gettime.c, glob.c, goodpath.c, gram.c, gram.y, iolog.c,
- isblank.c, lbuf.c, ldap.c, list.c, logging.c, match.c, memrchr.c,
- mkstemps.c, mon_systrace.c, nanosleep.c, parse.c, parse_args.c,
- pwutil.c, redblack.c, set_perms.c, sigaction.c, snprintf.c,
- strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
- sudo_noexec.c, sudo_nss.c, sudoreplay.c, term.c, testsudoers.c,
- tgetpass.c, timestr.c, toke.c, toke.l, tsgetgrpw.c, utimes.c,
- vasgroups.c, visudo.c:
+ [7c0951dbc2dd]
+
+ * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
+ common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
+ compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/regress/glob/globtest.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
+ src/sudo_noexec.c, src/tgetpass.c:
standardize on "return foo;" rather than "return(foo);" or "return
(foo);"
- [e05dd17dcec4] <1.7>
-
- * NEWS:
- sync
- [bedc1e1bc7f8] <1.7>
+ [32d76c5aaf8c]
- * sudo.c:
+ * plugins/sudoers/sudoers.c:
Do not reject sudoers file just because it is root-writable.
- [26634f322b04] <1.7>
+ [0febc579185b]
2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
* NEWS:
sync
- [c69b7537a020] <1.7>
-
- * defaults.c:
- When setting default iolog_dir, dynamically allocate the string.
- [7ad2c0cbe865] <1.7>
+ [1ab03f8278ff]
- * sudo_nss.c:
+ * plugins/sudoers/sudo_nss.c:
For "sudo -U user -l" if user is not authorized on the host, say so.
- [9eb5673f2f22] <1.7>
+ [289afe6dd15c]
- * ldap.c:
+ * plugins/sudoers/ldap.c:
In sudo_ldap_lookup(), always do the initial sudoers check as the
invoking user. If we are listing another user's privs we will do a
separate lookup using list_pw later.
- [9b3ab41de717] <1.7>
+ [e52bc15de76d]
2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoreplay.c:
- change an error() to errorx()
- [5a0409f6c52b] <1.7>
-
- * sudoers.ldap.man.in, sudoers.ldap.pod:
+ * MANIFEST:
+ add parser fill tests
+ [4f65140d3515]
+
+ * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
+ Don't test features not supported by the bundled glob()
+ [8ec7ace11949]
+
+ * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
+ compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
+ doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
Update copyright year to 2011
- [8959c05dc270] <1.7>
+ [ac1b45cb1809]
- * LICENSE, Makefile.in, aclocal.m4, check.c, configure.in, ldap.c,
- match.c, pwutil.c, sudo_nss.c, sudoers.man.in, sudoers.pod, term.c:
- Update copyright year to 2011
- [6367fb76120e] <1.7>
+ * plugins/sudoers/sudo_nss.c:
+ When listing, use separate lbufs for the defaults and the privileges
+ and only print something if the number of privileges is non-zero.
+ Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
+ [d0854d39f8ef]
- * ldap.c:
+ * plugins/sudoers/ldap.c:
Stash pointer to user group vector in LDAP handle and only reuse the
query if it has not changed. We always allocate a new buffer when
we reset the group vector so a simple pointer check is sufficient.
- [c129d1acf7d6] <1.7>
+ [88861d4eba69]
- * sudo_nss.c:
- When listing, use separate lbufs for the defaults and the privileges
- and only print something if the number of privileges is non-zero.
- Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
- [66aaa54f2865] <1.7>
-
- * sudo_nss.c:
+ * plugins/sudoers/sudo_nss.c:
Check initgroups() return value.
- [973a67304e3b] <1.7>
+ [3bdaf58408a7]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Add tests for the fill functions in toke_util.c
+ [bca587ab4956]
2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
+ fix copyright year
+ [e2038cdaf055]
+
* NEWS:
sync
- [deb822cce3dd] <1.7>
+ [56ca5d5eaebe]
2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * term.c:
- Clear, don't set, OPOST in c_oflag as was intended in e26055d17b72.
- [eacd774c37c0] <1.7>
-
-2011-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * sudo.c:
- delref list_pw before exit
- [0df5a53f3484] <1.7>
+ * common/term.c:
+ Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
+ [b91f266624ec]
2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
* mkpkg, sudo.pp:
Add Requires line for audit-libs >= 1.4 for RHEL5+
- [a1b544018f5b] <1.7>
+ [6c02f976171b]
* pp:
sync with git version
- [eb187023bb73] <1.7>
+ [d301c32d5865]
2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in, sudoers.pod:
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
fix typo
- [075e92a756a1] <1.7>
+ [39353f92976f]
2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
* NEWS:
Update for sudo 1.7.4p5
- [11cb87598478] <1.7>
+ [b444da76901f]
- * schema.OpenLDAP, schema.iPlanet:
+ * doc/schema.OpenLDAP, doc/schema.iPlanet:
Add sudoNotBefore and sudoNotAfter attributes as optional attributes
to the sudoRole object class. From Andreas Mueller
- [73357eb1b269] <1.7>
+ [dacfad7e7a95]
2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
* NEWS:
Mention "sudo -g group" password check fix.
- [8299a2d939e8] <1.7>
+ [1eb8fb14e53b]
- * check.c:
+ * plugins/sudoers/sudoers.c:
+ Fix "sudo -g" support in the sudoers module.
+ [07d1b0ce530e]
+
+ * plugins/sudoers/check.c:
If the user is running sudo as himself but as a different group we
need to prompt for a password.
- [fe8a94f96542] <1.7>
+ [caf1fcc9a117]
2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * NEWS, config.h.in, configure, configure.in, ldap.c,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ plugins/sudoers/ldap.c:
Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
derived LDAP SDKs but we can pass the timeout parameter to
ldap_search_ext_s() or ldap_search_st() when possible.
- [8f9303326db7] <1.7>
+ [5537049991f7]
- * sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in:
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
regen
- [d56ad7169e67] <1.7>
+ [5b361c3c4324]
- * NEWS, ldap.c, sudoers.ldap.pod:
+ * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
with OpenLDAP ldap.conf files.
- [85e33e42c008] <1.7>
+ [e97843bd16fb]
- * pwutil.c:
+ * plugins/sudoers/pwutil.c:
If user has no supplementary groups, fall back on checking the group
- file explicitly.
- [c536ddb16bb6] <1.7>
+ file expliticly.
+ [5223ad4eb690]
+
+2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
+ constify
+ [6e132a4cca61]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Move fill macro to toke.h
+ [623d430798cf]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Split tokenizer utility functions out into toke_util.c
+ [89a97bd51618]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ ANSIfy
+ [ca0eba1dfaa9]
+
+2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ sync
+ [a43f94064bb3]
+
+ * plugins/sudoers/Makefile.in:
+ Add visudo tests to check target
+ [8c82fb4ed40f]
+
+ * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
+ compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
+ compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
+ Add my regress tests for fnmatch() and glob() from OpenBSD.
+ [6e8c1f211723]
+
+ * plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/visudo/test1.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Add regress test for command tags using visudo -c
+ [18b0ef207c0f]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test1.ok,
+ plugins/sudoers/regress/testsudoers/test1.sh:
+ Add support for regress tests using testsudoers
+ [1fa94bd2671b]
+
+ * plugins/sudoers/testsudoers.c:
+ Need to set user_name explicitly due to internal changes made when
+ converting sudoers to a plugin.
+ [1fa54e86a364]
+
+2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
+ zlib/Makefile.in:
+ Add regression tests for iolog_path()
+ [afa4b416e559]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Add support for "make Makefile" to regenerate Makefile from
+ Makefile.in
+ [98bd2dda3294]
+
+ * plugins/sudoers/iolog_path.c:
+ Quiest a bogus compiler warning.
+ [5ff932a7ad67]
+
+2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Protect call to setlocale() with HAVE_SETLOCALE
+ [2c29ee3ccc81]
2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+ * MANIFEST:
+ mkstemps.c was renamed mktemp.c
+ [ae299c3b1827]
+
* NEWS:
- update
- [9f6e0ec3142a] <1.7>
+ Update from 1.7 branch
+ [20817d79717b]
* Makefile.in:
Use "mv -f" when regenerating ChangeLog
- [b322b5995e7f] <1.7>
+ [c163635206c6]
- * match.c:
+ * plugins/sudoers/match.c:
Fix NULL dereference with "sudo -g group" when the sudoers rule has
no runas user or group listed. Fixes RedHat bug Bug 667103.
- [c51e2be737b2] <1.7>
+ [41a6a1243d9e]
+
+2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Correct the default sudo.conf example
+ [4e791698cad1]
+
+2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Reset slashp if we allocate a new buffer for strftime()
+ [e491daa4203b]
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add extra out parameter to expand_iolog_path() to allow the caller
+ to split the path into dir and file components if needed.
+ [88346bc5ae39]
+
+2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ mkdir_iopath() returns size_t now that it uses strlcpy() and not
+ snprintf()
+ [3c4c64d265eb]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
+ Trim leading slashes from iolog_file and trailing slashes from
+ iolog_dir
+ [a803b51f8948]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Pass a single I/O log file name in command_details instead of
+ separate dir + file parameters.
+ [d672a3e46e80]
+
+ * plugins/sudoers/sudoreplay.c:
+ change an error() to errorx()
+ [8013dcfdd69d]
+
+ * plugins/sudoers/iolog.c:
+ Add missing cwd line to I/O log info file that got dropped when
+ iolog_deserialize_info() was added
+ [7cf84f208423]
+
+2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Avoid relying on globals filled in by the sudoers policy module for
+ the sudoers I/O log module. The I/O log open function now pulls the
+ bits it needs out of user_info and command_info.
+ [c02f6951b0cc]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ If no iolog file is specified by the policy plugin, use io_nextid()
+ to determine the next file in the sequence.
+ [faa1130b1020]
+
+2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document iolog_compress in command_info
+ [58895c7d12f5]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Add support for the iolog_compress variable in command_info.
+ [36f13a2fd1c1]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Add sigsetjmp() calls to all plugin entry points just to be safe.
+ [3fa482355bc4]
+
+ * src/sudo.c, src/sudo.h:
+ Don't need iolog variables in struct command_details, they are for
+ the I/O log plugins to handle.
+ [5111579ffd9d]
+
+2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document use of mkdtemp() for iolog path teplates
+ [5db6101408a9]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [1ee11fd6d4eb]
+
+ * doc/sudo_plugin.pod, doc/sudoers.pod:
+ Document iolog_file and supported escape sequences for sudoers.
+ Clarify that iolog_file can contain directories.
+ [da611dedcbdb]
+
+ * compat/Makefile.in, configure, configure.in:
+ Fix building of mkstemps/mkdtemp replacements.
+ [793a5e303122]
+
+ * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
+ configure.in, include/missing.h:
+ Provide mkdtemp() for systems without it.
+ [b0527dfa965c]
+
+ * plugins/sudoers/iolog_path.c:
+ Fix typo
+ [277f6c514cba]
+
+ * plugins/sudoers/iolog.c:
+ Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
+ glibc mkdtemp() returns EINVAL.
+ [2e7323b05579]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Allow sudoers to specify the iolog file in addition to the iolog
+ dir. Add escape sequence support to iolog file and dir: sequence
+ number, user, group, runas_user, runas_group, hostname and
+ command in addition to any escape sequence recognized by
+ strftime(3).
+ [75cd32ee0435]
+
+ * plugins/sudoers/iolog.c:
+ Add missing sigsetjmp() call in I/O plugin open function. Fixes a
+ crash when the I/O plugin calls error(), errorx() or log_error().
+ [1a6718bd817d]
2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * term.c:
+ * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
+ plugins/sudoers/sudoers.c:
+ Give the policy module fine-grained control over what the I/O plugin
+ logs.
+ [d29784fd2a66]
+
+ * common/term.c:
Clear OPOST from c_oflag like we used to. Fixes screen-based
editors such as vi.
- [e26055d17b72] <1.7>
+ [506ad5ae9b4e]
- * sudoers.pod:
+ * doc/sudoers.pod:
Clarify umask option description. From Reuben Thomas.
- [fb8bdcb54feb] <1.7>
+ [1294ac84222b]
-2010-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c, sudoers.ldap.pod:
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
Pick last match in LDAP sudoers too
- [607801b83e25] <1.7>
+ [fbfd8e85703b]
+
+ * doc/sudo_plugin.pod:
+ Document iolog_file, iolog_dir and use_pty
+ [26120a59c20e]
+
+ * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/sudoers.c:
+ Adapt plugins to version I/O logging ABI 1.1
+ [880dd64bc1e8]
+
+ * src/exec.c, src/sudo.h:
+ Add use_pty command_info flag for policies to indicate that a pty
+ should be allocated even if no I/O logging is performed.
+ [e7b167f8a6e5]
+
+ * src/sudo.c:
+ Add remaining plugin convenience functions
+ [ffeaf96da031]
+
+ * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h:
+ Change I/O log API to pass in command info to the I/O log open
+ function. Add iolog_file and iolog_dir parameters to command info.
+ This allows the policy plugin to specify the I/O log pathname. Add
+ convenience functions for calling plugin functions that handle ABI
+ backwards compatibility.
+ [9b81dce76ce5]
+
+ * compat/dlopen.c:
+ Remove useless cast
+ [7cecce969739]
+
+2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Bump version to 1.8.0b3
+ [1dc9f040aae0]
+
+2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Remove extraneous newline
+ [71c94551eea5]
2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4, configure, configure.in, def_data.c, def_data.h,
- def_data.in, defaults.c, iolog.c, sudoers.pod:
- Make the iolog dir configurable in sudoers
- [2630b2dba1b5] <1.7>
+ * doc/sudoers.pod, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
+ Make I/O log dir configurable.
+ [99b576667a38]
+
+ * aclocal.m4, configure, configure.in, doc/sudoers.pod:
+ Rename io_logdir to iolog_dir
+ [0731662acc8d]
2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
* pp:
Add missing '*' that prevented the generic ELF case from matching.
- [b35bbb42736f] <1.7>
+ [be77ca26bfb2]
* pp:
If file(1) can't identify the ELF binary type, try readelf(1).
- [8a73092d8898] <1.7>
+ [38a18d32a9e3]
2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/kerb4.c, check.c, env.c, pwutil.c, sudo.c:
+ * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, src/sudo.c:
Use %u to print uid/gid, not %lu and adjust casts to match.
- [e4eb94705a54] <1.7>
-
- * NEWS:
- Update with latest changes
- [2c4209b20e3d] <1.7>
+ [03c43b8749cf]
- * sudoers.ldap.pod:
- Clarify ordering of entries and attributes
- [598748ec3804] <1.7>
+ * doc/sudoers.ldap.pod:
+ Clarify ordering of entries and attributes.
+ [924e2a6bb603]
- * sudoers.ldap.pod:
+ * doc/sudoers.ldap.pod:
Fix typo and editing goof.
- [197a2fe65be5] <1.7>
+ [79dc7ccd85a8]
- * ldap.c:
+ * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
+ doc/sudoers.ldap.pod:
+ Merge in ordered LDAP entry support from Andreas Mueller.
+ [ea5885989bad]
+
+ * plugins/sudoers/ldap.c:
Make sure we don't dereference a NULL handle.
- [b0026541de1e] <1.7>
+ [1a9f9ee15371]
2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
* pp:
Add support for RHEL 6 file modes that include a trailing dot on
files with an SELinux security context
- [fcc1daaf4df0] <1.7>
+ [dc09be959547]
+
+2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ exec_setup() does not need to setuid(0), the Ubuntu issue was in the
+ sudoers module.
+ [d6dd99fc6062]
+
+ * plugins/sudoers/sudoers.c:
+ create_admin_success_flag() should use restore_perms() rather than
+ set_perms() to restore the uid.
+ [eba7a91c1f57]
+
+ * src/sudo.c:
+ In exec_setup() call setuid(0) to make certain the subsequent uid
+ and gid changes will succeed. Fixes a problem on Ubuntu.
+ [c5d32abf0645]
+
+ * src/sudo_edit.c:
+ Error out if we cannot change to root's uid so we catch the failure
+ early.
+ [7a2e7f8f2c80]
2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod:
+ * doc/sudoers.pod:
fix typo; from Michael T Hunter
- [46e70e2063af] <1.7>
+ [a574a9d0db5b]
- * match.c:
+ * plugins/sudoers/match.c:
In sudoedit mode, assume command line arguments are paths and pass
FNM_PATHNAME to fnmatch().
- [6087ba0064ff] <1.7>
+ [ce0abff8ce9f]
2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
Add workaround for an error in sys/types.h on HP-UX 11.23 when large
file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
broken bits of the header file.
- [12da5b3249a3] <1.7>
+ [e337217f097a]
* aclocal.m4:
Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
- [c0105d26574a] <1.7>
-
- * testsudoers.c, tsgetgrpw.c, tsgetgrpw.h:
- Avoid conflicts with system definitions in grp.h and pwd.h
- [a152522c9f13] <1.7>
+ [fbbcee28961f]
* sudo.pp:
For Tru64, strip off beta version.
- [a16213ec9c27] <1.7>
+ [eeccd762df5e]
+
+ * MANIFEST, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
+ Avoid conflicts with system definitions in grp.h and pwd.h
+ [b219ffe1da09]
* zlib/gzguts.h:
Include stdio.h after zlib.h, not before. We need the large file
defines to come first.
- [389ea592d6c2] <1.7>
+ [21d6df39790f]
+
+2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
+ regen
+ [3ff8750d0aac]
+
+ * Makefile.in:
+ Don't clean ChangeLog
+ [ab0d30d289d4]
+
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Add prototype for cleanup()
+ [75626fd3769a]
+
+2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c:
+ Avoid deferencing group_plugin if it is NULL in
+ group_plugin_query(). This should not happen.
+ [4f2933c8da7e]
+
+ * plugins/sudoers/group_plugin.c:
+ group plugin init function return TRUE when successful
+ [198024477030]
2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c:
+ * plugins/sudoers/ldap.c:
Enlarge the array of entry wrappers int blocks of 100 entries to
save on allocation time. From Andreas Mueller
- [db8da143e803] <1.7>
+ [375c916bb03b]
- * ldap.c:
+ * plugins/sudoers/ldap.c:
Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
that was mistakenly dropped.
- [f6f1103f9971] <1.7>
+ [1555f5bc132d]
2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * TROUBLESHOOTING:
+ * doc/TROUBLESHOOTING:
Mention that sudo needs "ar" to build.
- [eef95d0abfbe] <1.7>
+ [65582ace2d09]
* configure, configure.in:
Fail with a more useful error if "ar" is not found.
- [1ef3c8501bf5] <1.7>
+ [d1cb83719c17]
2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c:
- Reorder things to avoid most of the extra prototypes.
- [0541a55deb86] <1.7>
+ * plugins/sudoers/ldap.c:
+ Merge in ordered LDAP entry support from Andreas Mueller and add
+ local changes from the 1.7 branch.
+ [bca29e461618]
- * ldap.c:
- Inline sudo_ldap_result_get_entry(), it is always called in
- situations where the bounds are already checked.
- [fa65cf4eaf5e] <1.7>
+2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c:
- Add user_matches and host_matches to struct ldap_result and set them
- in sudo_ldap_result_get() which is where the user and host checks
- live. When iterating through the ordered results, take the first
- match. Remove allowed flag from struct ldap_entry_wrapper, we just
- use first match.
- [9a008cd81685] <1.7>
-
-2010-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- Bump version and regen man pages
- [918433185f26] <1.7>
-
- * ldap.c, schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet,
- sudoers.ldap.pod:
- Merge in ordered LDAP entry support from Andreas Mueller.
- [21b8071c2f28] <1.7>
+ * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
+ doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add timed entry support from Andreas Mueller.
+ [e18d1df46a8d]
-2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/group_plugin.c:
+ Don't try to unload if group_plugin is NULL. Don't call dlclose() if
+ group_handle is NULL
+ [de2273da37d5]
- * ldap.c, schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet,
- sudoers.ldap.pod:
- Add timed entry support from Andreas Mueller.
- [10b121c46a1c] <1.7>
+ * plugins/sudoers/sudoers.h:
+ It is now plugin_cleanup(), not cleanup()
+ [da62a4e1a78c]
- * ldap.c:
- Use efree() not free() and remove malloc.h include since we never
- directly call malloc() or free().
- [f2184b2a0646] <1.7>
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ Call plugin_cleanup(), not cleanup()
+ [e800ad8b33ad]
-2010-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, getdate.c, gram.c, toke.c:
- Include config.h before any other includes to make sure we get the
- right value for _FILE_OFFSET_BITS.
- [5a8c12426942] <1.7>
+ * plugins/sudoers/ldap.c:
+ Use efree() not free() and remove malloc.h include since we never
+ directly call malloc() or free().
+ [107fffd134bb]
2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo.pp:
set PSTAMP for Solaris and move the backend-specific bits to their
own %if [xxx] %endif blocks in %set.
- [0d93cb5d009a] <1.7>
+ [a94ebe8920c1]
* pp:
sync with git repo
- [e052d78dde35] <1.7>
+ [75ff509696b4]
-2010-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Only substitute file zlib files when using the builtin zlib
+ [6c8145b2deb4]
+
+ * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Give up on using VPATH to find sources as it is implemented
+ inconsistenly in different versions of make.
+ [60517c69aaee]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
+ plugins/sudoers/gram.c, plugins/sudoers/toke.c:
+ Include config.h before any other includes to make sure we get the
+ right value for _FILE_OFFSET_BITS.
+ [8fb007ca832e]
- * Makefile.in:
- remove zlib/zconf.h for distclean
- [5cf14594d014] <1.7>
+ * MANIFEST:
+ Add zlib
+ [04a3e23dfaa9]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
- regen man pages for 1.7.5
- [29253a721cfd] <1.7>
+ * zlib/Makefile.in:
+ Add missing targets
+ [40e45a177168]
- * configure:
- regen
- [5b09c0dd9279] <1.7>
+ * src/Makefile.in:
+ g/c unused $(GENERATED)
+ [c8758068c1bc]
- * NEWS:
- Update 1.7.5 entries.
- [73a7b2c01db4] <1.7>
+2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2010-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/group_plugin.c:
+ Zero out group_plugin on unload just to be safe.
+ [0b10f4d101ca]
- * Makefile.in:
- Include zlib in the tar file.
- [3b7900c3f2af] <1.7>
+ * plugins/sudoers/group_plugin.c:
+ Unload group plugin if its init function fails.
+ [6552cdac4b7c]
+
+ * src/sudo.c:
+ Only chdir to cwd if it is different from the current cwd or there
+ is a new root (chroot).
+ [b8203e875e84]
+
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Bump version to 1.8.0b2
+ [6dadeb75a878]
2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
* INSTALL:
Better --enable-zlib description
- [0ca9936a7271] <1.7>
+ [e0da54fa59a6]
* mkpkg:
Use system zlib on Linux Let configure decide on Solaris For all
others, use builtin zlib
- [58e1b4383b58] <1.7>
+ [3d52eddb523c]
+
+ * zlib/zconf.h.in:
+ Add large file support.
+ [bec01215270d]
+
+ * config.h.in:
+ Add large file support.
+ [244e95b034ec]
- * LICENSE, Makefile.in, config.h.in, configure, configure.in,
- license.pod, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
+ * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
+ zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
Add local copy of zlib for systems that lack it.
- [060627a4a413] <1.7>
+ [7542ca465c5a]
+
+2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ If perform_io() fails, kill the child before exiting so it doesn't
+ complain about connection reset. We can get an I/O error if, for
+ example, and we get EIO reading from stdin.
+ [e59a05fa729f]
2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Fix complilation on systems with set_auth_parameters() Sprinkle
+ volatile to quiet warnings from gcc 2.8.0
+ [a34c2b924ba7]
+
+ * compat/dlfcn.h, compat/dlopen.c:
+ Avoid potential namespace issues with dlopen() emulation.
+ [aedfababd6ca]
+
+ * MANIFEST:
+ sync
+ [6afb97e6d308]
+
+ * plugins/sudoers/interfaces.c:
+ Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
+ exist).
+ [ddfca5af1a36]
+
* Makefile.in:
- Don't overwrite ChangeLog if we can't run hg
- [8cad8bfce9ee] <1.7>
+ Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
+ [e9d04bfa4505]
* configure, configure.in:
- HP-UX 10.20 libc has an incompatible getline()
- [6ae1631c6993] <1.7>
+ HP-UX 10.20 libc has an incompatible getline
+ [2e7bc202e78d]
- * visudo.c:
+ * plugins/sudoers/visudo.c:
Quiet an HP-UX compiler warning.
- [b8eb3006d68b] <1.7>
+ [55b9d587ac8c]
+
+ * configure, configure.in:
+ Check for vi even with --with-editor specified; the sample plugin
+ needs it.
+ [94dfc3643f76]
2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+ * compat/dlopen.c:
+ Fix remaining syntax errors.
+ [9d729b5b577e]
+
+ * src/Makefile.in:
+ sudo binary depends on the libtool-generated libs
+ [9e6148406adb]
+
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
+ include the local or system dlfcn.h
+ [68cfe4c1089b]
+
* pp:
Don't use run_as_superuser=false on HP-UX
- [2a9ec2750082] <1.7>
+ [532242370b09]
+
+ * src/net_ifs.c:
+ Use memset() instead of zero_bytes() since we don't include
+ sudoers.h
+ [a187c18c2472]
+
+ * plugins/sudoers/interfaces.c:
+ Fix pasto; AF_INET not AF_INET6
+ [2d2e9d7dc6f9]
+
+ * compat/dlopen.c:
+ Actually call shl_load()
+ [ed8153b8a3cd]
* pp:
Update from git repo. Debian: version numbers now compliant with
policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
10.20
- [cfe38672e358] <1.7>
-
- * configure, configure.in:
- Go back to checking whether the compiler is ANSI C when detecting
- the HP-UX bundled C compiler.
- [563ef7333662] <1.7>
+ [ecf2692bceeb]
* configure, configure.in:
- Fix syntax error
- [96048f77d772] <1.7>
+ Fix dlopen() detection for systems where dlopen() is in a separate
+ library.
+ [fa6b175582b6]
- * auth/pam.c:
+ * plugins/sudoers/auth/pam.c:
If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
useful message and return AUTH_FATAL so sudo does not keep trying to
validate the user.
- [fffa5e51ac47] <1.7>
+ [1be8857e5291]
-2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+ * src/preload.c:
+ sudo_preload_table is an array
+ [b7704e72a9da]
+
+ * compat/dlopen.c:
+ Quiet a compiler warning and fix sudo_preload_table external
+ definition.
+ [8234987664cc]
- * exec_pty.c:
- don't need ws_col here
- [049b4ef9c9ce] <1.7>
+ * compat/dlfcn.h:
+ Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
+ [8bab6a4053cc]
- * check.c:
+ * plugins/sudoers/group_plugin.c:
+ Make this compile correctly when no dlopen is available.
+ [57643879bd2b]
+
+2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
Having a timestamp file defined is no longer indicative of tty
tickets being enabled. Check def_tty_tickets directly.
- [6c3803c239d9] <1.7>
+ [efcc11ad157f]
- * exec_pty.c, lbuf.c:
+ * src/exec_pty.c, src/sudo.h, src/ttysize.c:
Fix TCGETWINSZ compat.
- [62233ba46ec7] <1.7>
+ [da3a8b17cf7a]
2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * exec_pty.c, lbuf.c:
+ * src/exec_pty.c, src/ttysize.c:
Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
- [0813e3030b1a] <1.7>
+ [926492dd10a6]
2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c:
- Sync set_project() with trunk.
- [646fd9bc0537] <1.7>
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Move set_project() from sudoers module into sudo proper.
+ [beabafac03b4]
- * ldap.c:
+ * configure, configure.in:
+ Fix typo and regenerate
+ [4a3caf4234f3]
+
+ * plugins/sudoers/ldap.c:
When iterating over returned LDAP entries, keep looking at remaining
matches even if we have a positive match. This catches negative
matches that may exist in other entries and more closely match the
sudoers file behavior.
- [8dce1dedb967] <1.7>
+ [f47db6e609b0]
* pp:
Add support for multiple package instances on Solaris.
- [5bcc048375db] <1.7>
-
- * set_perms.c, sudo.c:
- Move set_project() into runas_setup(). Fixes a NULL deref when
- project support is enabled and sudo's -g flag is used without the
- -u flag.
- [6ffd892243ab] <1.7>
+ [7f2a8b942545]
- * exec.c:
+ * src/exec.c:
Add missing signal_pipe[0] to fdsr for the non-pty case.
- [3398af88db51] <1.7>
+ [79d01e11b19c]
* mkpkg:
Add --with-project for Solaris
- [25bd2aa83884] <1.7>
+ [ffa4c2bb93f7]
* README:
Need ar and ranlib too
- [d09e632d0a93] <1.7>
+ [5c2f679172ef]
2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c:
+ * plugins/sudoers/env.c:
Preserve ODMDIR environment variable by default on AIX.
- [75266d18e4a7] <1.7>
+ [bd47cb1e804f]
+
+2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
+ config.h.in, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
+ src/preload.c:
+ Add dlopen() emulation for systems without it. For HP-UX 10, emulate
+ using shl_load(). For others, link sudoers plugin statically and use
+ a lookup table to emulate dlsym().
+ [e92edfb3c642]
+
+2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
+ compat/nanosleep.c, compat/utimes.c:
+ When including compat headers, use the compat dir as part of the
+ path so we are sure to get the correct header.
+ [6c2a45da6af5]
2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * linux_audit.c:
+ * plugins/sudoers/linux_audit.c:
Ignore ECONNREFUSED from audit_log_user_command() which will occur
if auditd is not running.
- [a686884684ca] <1.7>
+ [d314fe4c8d03]
2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
* pp:
Sync with git version
- [9a328aa25c53] <1.7>
+ [1c0357744222]
2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c, fileops.c:
+ * common/fileops.c, plugins/sudoers/defaults.c:
Cast isblank argument to unsigned char.
- [64b9f3bed954] <1.7>
+ [c822dbb3ca54]
2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, config.h.in, configure, configure.in, defaults.c,
- sudoers.cat, sudoers.man.in, sudoers.pod:
+ * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
Implement --with-umask-override configure flag.
- [5065008079df] <1.7>
+ [863e3047df22]
- * env.c:
+ * plugins/sudoers/env.c:
Take MODE_LOGIN_SHELL into account when initially setting reset_home
instead of special-casing it later.
- [25e6b8419dea] <1.7>
+ [5d6b16480fd6]
- * sudo.c:
+ * plugins/sudoers/sudoers.c:
In login mode, make a copy of the runas user's pw_shell for
NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
freed before exec.
- [4a0851a7688a] <1.7>
+ [1d1ccb568dfa]
- * env.c:
+ * plugins/sudoers/env.c:
Reset HOME for "sudo -i" even if HOME was listed in env_keep.
- [8dc31006a428] <1.7>
+ [c1c1c65a2d63]
- * sudo.c:
+ * src/sudo.c:
Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
- [8751ef94b18d] <1.7>
+ [7443454e5f88]
- * sudo.c:
+ * src/sudo.c:
Reset signal mask at sudo startup time; we need to be able to rely
on normal signal delivery to control the child process.
- [c986a4b6a942] <1.7>
-
- * sigaction.c:
- Fix SIG_UNBLOCK emulation
- [f14264f8a0da] <1.7>
+ [95800163ff94]
2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
Use sed instead of expr to split a flag from its argument. Fixes a
problem with expr interpreting its arguments as a flag when they
start with a dash.
- [16372da8a286] <1.7>
+ [736065e14301]
- * lbuf.c:
- Back out rev e165f67d3127
- [e9b70079698d] <1.7>
+ * common/lbuf.c:
+ Do not need sys/time.h after all
+ [91f6f668ccda]
- * lbuf.c:
- Include sys/time.h for utimes() and struct timeval.
- [e165f67d3127] <1.7>
+ * common/lbuf.c:
+ Include sys/time.h for utimes() and struct timeval. No longer need
+ ioctl.h or termios.h
+ [2d75273d3213]
- * snprintf.c:
+ * compat/snprintf.c:
Quiet bogus compiler warnings.
- [176fceb8db3c] <1.7>
+ [fe252e1968f5]
- * missing.h:
+ * include/missing.h:
Declare innetgr() for HP-UX which is missing a declaration. Declare
domainname() for HP-UX and Solaris which are missing a declaration.
- [0b4c1296d4da] <1.7>
+ [b37c50751138]
- * bsm_audit.c:
+ * plugins/sudoers/bsm_audit.c:
Use __sun for consistency with the rest of the sources.
- [8f0db6350b3a] <1.7>
+ [6b086b61ccb6]
- * pwutil.c:
+ * plugins/sudoers/group_plugin.c:
+ Quiet a bogus compiler warning.
+ [ebc069842c4a]
+
+ * plugins/sudoers/pwutil.c:
Don't try to delref a NULL group.
- [57e94fc5df3e] <1.7>
+ [f6ff0838be21]
- * alloc.c, lbuf.c:
+ * common/alloc.c, common/lbuf.c:
Include memory.h on systems that need it.
- [e43d8d8a0008] <1.7>
+ [4e676da81c6f]
2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * exec.c:
+ * src/exec.c:
Quiet gcc warnings on glibc systems that use warn_unused_result for
write(2).
- [f22696affc78] <1.7>
+ [0532da0b7cf7]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ sudo_plugin is in section 8; from Ted Percival
+ [b4506a0de87e]
+
+ * plugins/sudoers/Makefile.in:
+ testsudoers depends on libsudoers.la, not sudoreplay
+ [cdb1cc3bf06a]
2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * NEWS, README, configure, configure.in:
- Update for sudo 1.7.5
- [62ed8c6cb7c2] <1.7>
+ * src/exec.c:
+ Read as many signals on the signal pipe as we can before returning.
+ [b181671da047]
- * exec.c, exec_pty.c, list.c, list.h, sudo_exec.h:
+ * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
Instead of using a array to store received signals, open a pipe and
have the signal handler write the signal number to one end and
select() on the other end. This makes it possible to handle signals
similar to I/O without race conditions.
- [2d9dd09a9fce] <1.7>
-
- * INSTALL:
- --with-iologdir not --enable-iologdir
- [457471aaeda6] <1.7>
+ [ee84d65c16b6]
2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c, visudo.pod:
+ * doc/visudo.pod, plugins/sudoers/visudo.c:
Make "visudo -c -f -" check the standard input.
- [8ed46ff3141a] <1.7>
+ [195a3d2a9a26]
- * sudoers.pod:
+ * doc/sudoers.pod:
set_home and always_set_home have an effect if HOME is present in
the env_keep list.
- [a2b26d62176d] <1.7>
+ [159d0b9dc5c8]
- * env.c:
+ * plugins/sudoers/env.c:
Make -H flag work when HOME is listed in env_keep. Also makes
"set_home" and "always_set_home" override override HOME in env_keep.
- [91d842b6adc6] <1.7>
+ [a3e5b966193f]
2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * bsm_audit.c:
+ * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/net_ifs.c:
+ Convert sudoers plugin to use interface list passed in settings.
+ [87d9b5f4f586]
+
+ * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
+ src/parse_args.c, src/sudo.h:
+ Query local network interfaces in the main sudo driver and pass to
+ the plugin as "network_addrs" in the settings list.
+ [7f35bcfe77a7]
+
+ * plugins/sudoers/bsm_audit.c:
Solaris BSM audit return EINVAL when auditing is not enabled,
whereas OpenBSM returns ENOSYS.
- [bb9c94a8fa7d] <1.7>
+ [411b980ec58b]
2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l:
- Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
- [0a5519756bf1] <1.7>
+ * compat/fnmatch.c:
+ missing.h should come before most local includes
+ [53921a7b8b5b]
- * sudo.c:
- Set NewArgv[0] to the name of the pseudo-command we are running.
- Fixes a problem with "sudo -l" when auditing is enabled and the user
- is not allowed to run any commands on the host. Adapted from a patch
- from Daniel Kopecek.
- [694ed1a75a4a] <1.7>
+ * plugins/sudoers/sudoreplay.c:
+ missing.h should come before most local includes
+ [e9abb0db1aac]
- * sudo.c:
- Update comment to reality.
- [de302f39566b] <1.7>
+ * plugins/sudoers/sudoers.h:
+ Make local includes consistent; use double quotes for local includes
+ except for generated ones where we use angle brackets.
+ [09de4faa9547]
- * missing.h:
- Need stdio.h for FILE *, not just NULL.
- [77cf303f5696] <1.7>
+ * plugins/sudoers/sudoers.c:
+ Always fill in NewArgv for audit code.
+ [7c3aca60519f]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
+ [007cf6560f92]
+
+ * common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
+ common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
+ compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
+ compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/unsetenv.c, compat/utimes.c, include/compat.h,
+ plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
+ src/sudo_noexec.c, src/ttysize.c:
+ Make local includes consistent; use double quotes for local includes
+ except for generated ones where we use angle brackets. Also g/c
+ unused compat.h.
+ [e57070dc8f04]
2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c:
+ * plugins/sudoers/match.c:
When matching the runas user and runas group (-u and -g command line
options), keep track of runas group and runas user matches
separately. Only return a positive match if we have a match for
both runas user and runas group (if specified).
- [68d30216c13a] <1.7>
+ [815219e04cc8]
2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c, parse.c:
- Do not return -1 on error from the display functions; the call
- expects a return value >= 0.
- [e50e6ae4d06d] <1.7>
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for multiple URI lines by joining the contents and
+ passing the result to ldap_initialize.
+ [a47cae3b72e8]
- * ldap.c:
- display_bound_defaults now returns a count so make the stub return
- 0, not 1.
- [97293ced4908] <1.7>
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
+ Do not return -1 on error from the display functions; the caller
+ expects a return value >= 0.
+ [101456a7dd00]
- * fnmatch.c:
- Add #include of sys/types.h for .c files that include missing.h to
- be sure that size_t and ssize_t are defined.
- [a4f3070d0a2b] <1.7>
+ * plugins/sudoers/sudoers.c:
+ Do not set both MODE_EDIT and MODE_RUN
+ [8faa36694d54]
2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * get_pty.c:
- It looks like AIX doesn't need to push STREAMS modules for ptys.
- [62c281fcd4ad] <1.7>
+ * include/missing.h:
+ Move includes to the top of the file.
+ [a51436798e8c]
2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * error.c, getprogname.c, isblank.c, missing.h, mksiglist.c,
- sigaction.c, strerror.c, strsignal.c, sudo_noexec.c:
+ * plugins/sudoers/Makefile.in:
+ Add missing definition of timedir
+ [458a749c2c5e]
+
+ * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
+ compat/mksiglist.c, compat/strsignal.c,
+ plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
Add #include of sys/types.h for .c files that include missing.h to
be sure that size_t and ssize_t are defined.
- [2ffbbb12f322] <1.7>
+ [08e3132dbf4f]
- * Makefile.in:
+ * plugins/sudoers/Makefile.in:
Install sudoers file from the build dir not hte src dir.
- [a26afd8db531] <1.7>
+ [ca89e962dbf4]
2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c:
+ * plugins/sudoers/set_perms.c:
If runas_pw changes, reset the stashed runas aux group vector.
Otherwise, if runas_default is set in a per-command Defaults
statement, the command runs with root's aux group vector (i.e. the
one that was used when locating the command).
- [24a695707b67] <1.7>
+ [24f9107cedd2]
- * Makefile.in:
+ * plugins/sudoers/Makefile.in:
Add target to generate sudoers file Remove generated sudoers file as
part of distclean
- [448627fc35b6] <1.7>
+ [fb7422e90f03]
-2010-08-23 millert <millert@rh4-x86.home.courtesan.com>
+2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * exec.c:
+ * src/exec.c:
When not logging I/O install a handler for SIGCONT and deliver it to
the command upon resume. Fixes bugzilla #431
- [e84690aa67bd] <1.7>
+ [495dce52a5aa]
2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, sudo.h:
- g/c unused auth_pw global
- [e30778d73c0b] <1.7>
+ * plugins/sudoers/sudoers.h:
+ g/c unused auth_pw extern definition
+ [40eb7477ba17]
- * check.c, sudo.c:
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
Move get_auth() into check.c where it is actually used.
- [3130e37787af] <1.7>
-
- * sudo.c:
- Don't need to fork and wait when compiled with --disable-pam-session
- [2ae1bbe4437a] <1.7>
+ [e31db0ce3a61]
2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * lbuf.c:
+ * common/lbuf.c:
Convert a remaining puts() and putchar() to use the output function.
- [d68c213feb0f] <1.7>
+ [d69e363a506b]
-2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/plugin_error.c:
+ Plug memory leak
+ [68895469ea8d]
- * Makefile.in:
- Replace sudoers with sudoers.in in DISTFILES
- [616509f85d6c] <1.7>
+2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c:
+ * plugins/sudoers/env.c:
Set dupcheck to TRUE when setting new HOME value if !env_reset but
always_set_home is true. Prevents a duplicate HOME in the
- environment (old value plus the new one) introduced in 9f97e4b43a4b.
- [2672ae047984] <1.7>
+ environment (old value plus the new one) introduced in f421f8827340.
+ [9ca19183794f]
- * configure, configure.in, sudoers, sudoers.in:
+ * configure, configure.in, plugins/sudoers/sudoers,
+ plugins/sudoers/sudoers.in:
Substitute sysconfdir in the installed sudoers file to get the
correct path for sudoers.d.
- [ab14a68e546f] <1.7>
+ [86072b6cd55d]
2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * boottime.c, get_pty.c:
- Fix typos that prevented compilation on Irix; Friedrich Haubensak
- [a3e6c5a66890] <1.7>
+ * src/get_pty.c:
+ Fix typo that prevented compilation on Irix; Friedrich Haubensak
+ [b48be51b65fc]
2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, aix.c, audit.c, boottime.c, compat.h, error.c,
- fnmatch.c, getcwd.c, getdate.c, getdate.y, getline.c, getprogname.c,
- gettime.c, glob.c, isblank.c, linux_audit.c, memrchr.c, missing.h,
- mksiglist.c, nanosleep.c, sesh.c, setsid.c, sigaction.c, snprintf.c,
- strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.h,
- sudo_noexec.c, sudoreplay.c, timestr.c, utimes.c, vasgroups.c,
- zero_bytes.c:
+ * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
+ common/atobool.c, common/fileops.c, common/fmt_string.c,
+ common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
+ compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
+ compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
+ compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/unsetenv.c, compat/utimes.c, include/compat.h,
+ include/missing.h, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
+ src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
Merge compat.h and missing.h into missing.h
- [905905c7a8f0] <1.7>
+ [572909ae9716]
2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c:
+ * plugins/sudoers/auth/pam.c:
If the user hits ^C while a password is being read, error out before
reading any further passwords in the pam conversation function.
Otherwise, if multiple PAM auth methods are required, the user will
have to hit ^C for each one.
- [c8f6bc58fd86] <1.7>
+ [23782631748c]
-2010-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * exec.c:
- Fix waitpid() loop termination condition.
- [97719b3259f2] <1.7>
+ * plugins/sudoers/check.c:
+ Update comment
+ [a5296cb3a20a]
- * exec_pty.c:
- Use sudo_waitpid() instead of bare waitpid()
- [624a40269189] <1.7>
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document sudo_conv_t function and sudo_printf_t return values.
+ [745c0017814c]
+
+ * src/conversation.c:
+ Make _sudo_printf return the number of characters printed on success
+ like printf(3).
+ [8eeefe8d7e77]
+
+2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ sudoers.h includes sudo_plugin.h for us
+ [cabe68e07807]
+
+ * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
+ src/sudo_edit.c:
+ Use gettimeofday() directly instead of via the gettime() wrapper.
+ [7490426c99ae]
+
+ * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
+ compat/strerror.c, config.h.in, configure, configure.in,
+ include/compat.h, include/missing.h, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Remove some obsolete configure tests, ancient Unix systems are no
+ longer supported.
+ [2be6218c3a36]
2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo.pp:
- Set pp_kit_version and strip off patchlevel
- [814c87778567] <1.7>
+ Set pp_kit_version and strip off patch level
+ [aacfda1b676d]
* sudo.pp:
Better handling of versions with a patchlevel. For rpm and deb, use
the patchlevel+1 as the release. For AIX, use the patchlevel as the
4th version number. For the rest, just leave the patchlevel in the
version string.
- [d18ef30f0a72] <1.7>
+ [638bd35f2346]
2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/sudo_auth.c:
+ * plugins/sudoers/auth/sudo_auth.c:
For non-standalone auth methods, stop reading the password if the
user enters ^C at the prompt.
- [59d2b1328d1e] <1.7>
-
- * configure, configure.in:
- Don't print getspwuid as an auth method.
- [d35cf4628d9a] <1.7>
+ [82c2911bb264]
- * Makefile.in, auth/passwd.c, auth/secureware.c, auth/sudo_auth.c,
- auth/sudo_auth.h, configure, configure.in, pwutil.c:
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/pwutil.c:
No need to look up shadow password unless we are doing password-
style authentication. This moves the shadow password lookup to the
auth functions that need it.
- [10a85eebbf4c] <1.7>
+ [ba9e3eba2b72]
- * check.c:
+ * plugins/sudoers/sudoers.c:
+ Retain final passwd/group refs until the policy close() function.
+ Note that this doesn't get called in all cases so putting this in a
+ cleanup function is probably better.
+ [bbe214cb4119]
+
+ * plugins/sudoers/check.c:
+ Fix mismerge
+ [395115f89dd6]
+
+ * plugins/sudoers/check.c:
When removing/resetting the timestamp file ignore the tty ticket
contents.
- [8b285f601ec0] <1.7>
-
-2010-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+ [b709f5667a0b]
- * sudo.c:
+ * plugins/sudoers/sudoers.c:
delref sudo_user.pw, runas_pw and runas_gr immediately before we
- exec.
- [220be2de2f31] <1.7>
-
- * sudo.c:
- Move calls to sudo_endgrent() and sudo_endpwent() to be after
- set_perms(), which may do passwd or group lookups.
- [883f0db94fd4] <1.7>
+ return.
+ [4d67d15dfd3b]
2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c:
- Make sure we don't try to delref NULL.
- [19bc5a47db06] <1.7>
-
- * pwutil.c:
- Add missing delref in user_in_group()
- [fafb278f47a6] <1.7>
-
- * sudo.c:
- delref the old runas group in set_runasgr()
- [0a7dd113cb1f] <1.7>
-
- * match.c:
- Repair usergr_matches() return value broken in last checkin.
- [460b7b6ca2ce] <1.7>
-
- * check.c, get_pty.c, glob.c, ldap.c, match.c, pwutil.c, sudo.c,
- sudo.h:
+ * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
Reference count cached passwd and group structs. The cache holds
one reference itself and another is added by sudo_getgr{gid,nam} and
sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
group structs are persistent for now.
- [e414c67e11fd] <1.7>
+ [e544685523c3]
- * UPGRADE:
- Fix typo
- [0f443aa22e96] <1.7>
+ * doc/UPGRADE:
+ fix typo
+ [e32f2d35e6c9]
2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c:
+ * plugins/sudoers/check.c:
Do not produce a warning for "sudo -k" if the ticket file does not
exist.
- [eeaaa73d7f5b] <1.7>
+ [1598f6061b75]
- * pwutil.c:
+ * plugins/sudoers/pwutil.c:
Instead of caching struct passwd and struct group in the red-black
tree, store a struct cache_item which includes both the key and
datum. This allows us to user the actual name that was looked up as
like set_perms() and the logging functions. Fixing this would
require making a copy of the structs for user and runas or adding a
reference count (better).
- [2c1d8ec4fa5f] <1.7>
+ [225d4a22f60e]
- * check.c, exec_pty.c, get_pty.c, logging.c, sudoreplay.c, tgetpass.c,
- visudo.c:
+ * plugins/sudoers/Makefile.in:
+ Fix path to mkinstalldirs
+ [b4968379b12d]
+
+ * plugins/sudoers/check.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
Quiet gcc warnings on glibc systems that use warn_unused_result for
write(2) and others.
- [5faf88695c66] <1.7>
+ [c99f138960e0]
2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l:
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Add %option noinput
- [8a5e05d6f71f] <1.7>
+ [72b9cd49b4f1]
- * aclocal.m4, configure:
- Add cross-compile defaults for remaining AC_TRY_RUN usage.
- [fb88d22eabc6] <1.7>
+ * aclocal.m4, configure, configure.in:
+ Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
+ back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
+ cross-compiling.
+ [e385c176d0ee]
2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
+ * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
- [5e7cc557a46e] <1.7>
-
-2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * .hgtags:
- Added tag SUDO_1_7_4 for changeset 2920a3b9d568
- [e929004d5102] <1.7>
-
- * pp:
- Debian: Remove dots from decoded release number AIX: looser matching
- of file command output for AIX 5.1
- [2920a3b9d568] [SUDO_1_7_4] <1.7>
-
- * .hgtags:
- Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
- [cf65ddcec602] <1.7>
+ [cf3e60d9c440]
2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * exec_pty.c:
- exec_monitor is static
- [0d844aa34c1d] <1.7>
-
* pp:
Update to latest version
- [7b8a00defbd6] <1.7>
+ [32f93be33961]
2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo.pp:
Let pp determine pp_aix_version itself.
- [c5ee7944af03] <1.7>
+ [7cf0245d84ed]
- * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
+ * INSTALL, config.h.in, configure, configure.in, mkpkg,
+ plugins/sudoers/sudoers.c:
Add support for Ubuntu admin flag file and enable it when building
Ubuntu packages.
- [2d97501cda0c] <1.7>
+ [00e27cff2dfb]
- * sudo.pp, sudoers:
+ * plugins/sudoers/sudoers, sudo.pp:
Add commented out SuSE-like targetpw settings
- [f4ad331ace46] <1.7>
+ [4605d47b7413]
* configure, configure.in:
- Only try to use +DAportable for non-GCC on hppa Check the value of
- $pic_flag insteaf of whether the compiler is ANSI C when detecting
- the HP-UX bundled C compiler.
- [654da0091c16] <1.7>
+ Only try to use +DAportable for non-GCC on hppa
+ [75d0f284ccf7]
* configure, configure.in:
Prevent configure from adding the -g flag unless in devel mode
- [e3c11f228c56] <1.7>
+ [b1fd3f8d45c0]
2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo.pp:
Go back to sudo-flavor to match existing packages and only use an
underscore for those that need it.
- [1f78ecf3b990] <1.7>
+ [d737069d1e1c]
* sudo.pp:
Use sudo_$flavor instead of sudo-$flavor since that causes the least
amount of trouble for the various package managers.
- [7e1e07115788] <1.7>
+ [71f547af35fc]
* mkpkg:
Fix handling of the ldap flavor Remove destdir unless --debug was
specified Make distclean before running configure if there is a
Makefile present
- [2bde3925346d] <1.7>
+ [6316f08de7d3]
- * configure, configure.in:
- Back out version change in 5baf2187a138
- [bbc3a81afbba] <1.7>
+ * sudo.pp:
+ Add back include file.
+ [195627bf68b8]
* mkpkg:
Pass extra args on to configure on HP-UX, if we don't have the HP C
compiler, disable zlib to prevent gcc from finding it in
/usr/local/lib.
- [87201c7f1116] <1.7>
+ [473efa0e2bac]
- * configure, configure.in, mkpkg:
+ * mkpkg:
Use the HP ANSI C compiler on HP-UX if possible
- [5baf2187a138] <1.7>
+ [fb249b6b175d]
- * sudoreplay.c:
+ * plugins/sudoers/sudoreplay.c:
Some getline() implementations (FreeBSD 8.0) do not ignore the
length pointer when the line pointer is NULL as they should.
- [8652300785ed] <1.7>
+ [2410a1a3543c]
- * sudoreplay.c:
+ * plugins/sudoers/sudoreplay.c:
Don't need to check for *cp being non-zero, isdigit() will do that.
- [107301a99b6a] <1.7>
+ [7df11ea8a487]
- * sudoreplay.c:
+ * plugins/sudoers/sudoreplay.c:
Add setlocale() so the command line arguments that use floating
point work in different locales. Since sudo now logs the timing
data in the C locale we must Parse the seconds in the timing file
manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
the number of seconds with the user's locale so if the decimal point
is not '.' try using the locale-specific version.
- [2b8ed181e37c] <1.7>
+ [4d385765f23b]
- * exec.c:
+ * src/exec.c:
Do I/O logging in the C locale so the floating point numbers in the
timing file are not locale-dependent.
- [18abbca14078] <1.7>
+ [5961cec044ec]
- * sudoreplay.c:
+ * plugins/sudoers/sudoreplay.c:
Use errorx() not error() for thingsthat don't set errno.
- [a2e7c6793d26] <1.7>
+ [0fe5e692af84]
2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pp:
- Add Tru64 kit support
- [40e2d21aa17f] <1.7>
-
* pp:
Better support for 1.2.3 style versions in Tru64 kits
- [f7133199a711] <1.7>
+ [997c549bb777]
+
+ * sudo.pp:
+ Add Tru64 kit support
+ [e273a954f981]
* pp:
Remove apparently unnecessary use of sudo
- [a667a69eeab0] <1.7>
+ [be8840d85125]
- * Makefile.in:
+ * Makefile.in, plugins/sudoers/Makefile.in:
Create timedir as part of install-dirs target.
- [a2e394d694dd] <1.7>
+ [c736bc2fb14f]
- * exec_pty.c:
+ * src/exec_pty.c:
Handle ENXIO from read/write which can occur when reading/writing a
- pty that has gone away. Fixes bugzilla 422
- [142f4c2efa17] <1.7>
+ pty that has gone away.
+ [fa2e8059879f]
- * pwutil.c:
+ * plugins/sudoers/pwutil.c:
sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
- [82e5e46bf458] <1.7>
+ [3a045475d5ee]
* mkpkg:
platform is a pp flag not a variable
- [9d0ab9b9bf0c] <1.7>
+ [12eba39a47c1]
* Makefile.in, mkpkg, sudo.pp:
Add simple arg parsing for mkpkg so we can set debug, flavor or
platform.
- [8142ab01ccd9] <1.7>
+ [ada839fe252d]
* pp:
Make rpm backend work on AIX 5.x
- [2467a79d0b4d] <1.7>
+ [549a76d11393]
2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers:
+ * plugins/sudoers/sudoers:
Add commented out Defaults entry for log_output
- [b3fe97e59ae0] <1.7>
+ [7e67d7588900]
2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in:
+ * doc/Makefile.in:
+ Remove sudo docdir completely
+ [dce8e82878ef]
+
+ * doc/sample.sudo.conf:
+ Add sample sudo.conf
+ [aafdba3fc411]
+
+2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Add PACKAGE_TARNAME for docdir
+ [930c92b8f8f0]
+
+2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in:
+ Pass install-sh -b~ here too.
+ [c3f5eb446c38]
+
+ * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
Install binary files with -b~ to make a backup. Fixes "text file
busy" error on HP-UX during install.
- [3563e3e0163a] <1.7>
+ [81f306f54f8c]
* install-sh:
"mv -f" on HP-UX doesn't unlink the destination first so add an
explicit rm before moving the temporary into place.
- [3994af813c88] <1.7>
+ [fb719a79582d]
* configure, configure.in:
Some more ${foo} -> $(foo) conversion for consistent Makefiles.
- [c214d50c32ec] <1.7>
+ [0aa098770074]
+
+ * doc/Makefile.in, plugins/sudoers/Makefile.in:
+ Install sudoers2ldif in the doc dir
+ [33ac3b53d7f5]
2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
* pathnames.h.in:
Add missing include of maillock.h for Solaris
- [343f04b7a581] <1.7>
+ [5a58883be23a]
- * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
- sample.syslog.conf, sudoers.cat:
+ * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
+ doc/sample.syslog.conf, doc/sudoers.cat:
Change the default syslog facility from local2 to authpriv (or auth
if the operating system doesn't support authpriv).
- [949f39cf4a59] <1.7>
+ [3b70ba514f49]
- * Makefile.in, configure, configure.in, sudo.pp:
+ * Makefile.in, sudo.pp:
Install sudoers as /etc/sudoers on RPM and debian systems where the
package manager will not replace a user-modified configuration file.
This fixes upgrades from the vendor sudo packages.
- [74c7ff01e880] <1.7>
+ [d886b6d60b5b]
* pp:
RPM: use %config(noreplace) instead of %config for volatile This
results in the new file being installed with a .rpmnew suffix
instead of the file being replaced and the old one renamed with a
.rpmsave suffix.
- [166133a4fb9e] <1.7>
+ [58be2119f8e8]
2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * boottime.c, mkstemps.c:
- Include time.h for struct timeval.
- [50446e0b8398] <1.7>
+ * compat/mkstemps.c, plugins/sudoers/boottime.c:
+ Include time.h for struct timeval
+ [ddf8b04f0276]
- * exec_pty.c:
+ * src/exec_pty.c:
The return value of strsignal() may be const and should be treated
as const regardless.
- [c035b17b50e3] <1.7>
+ [620074ae1e77]
- * sudoers.cat, sudoers.man.in, sudoers.pod:
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
Mention that 127.0.0.1 will not match, nor will localhost unless
that is the actual host name.
- [e9977ec7ac4f] <1.7>
-
- * Makefile.in:
- fix typo
- [f216d653404d] <1.7>
+ [8b574122eb8f]
- * Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
+ * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
Rename WHATSNEW -> NEWS
- [f3ce0a462ca0] <1.7>
+ [d1a2c8c47d89]
* pp:
Updated pp with latest patches
- [cded68af5ba0] <1.7>
+ [98e16b9b8f62]
- * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
- If pam is in use, wait until the process has finished before calling
- pam_close_session().
- [fb3d7de50a05] <1.7>
-
- * sudoers.cat, sudoers.man.in:
- regen sudoers manual
- [7498a058eeb1] <1.7>
+ * WHATSNEW:
+ Sync with 1.7.4
+ [65ac4dafeef7]
- * UPGRADE, sudoers, sudoers.pod:
+ * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/sudoers:
Add commented out line to add HOME to env_keep and add a warning to
the note about the HOME change in UPGRADE.
- [0f7e08f09b9f] <1.7>
+ [0d6a775bb6c8]
2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoreplay.c:
+ * plugins/sudoers/sudoreplay.c:
Add LINE_MAX define for those without it.
- [6248dd44573c] <1.7>
+ [446d9dbe7859]
- * WHATSNEW:
- Mention that tty_tickets is now the default.
- [4cf26eaee5ba] <1.7>
-
- * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
- sudoers.cat, sudoers.man.in, sudoers.pod:
+ * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
+ doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/defaults.c:
The tty_tickets option is now on by default.
- [73dd2b82a3a9] <1.7>
+ [a01c48206d80]
* WHATSNEW:
Mention that AIX authdb support has been fixed.
- [9331829dc276] <1.7>
+ [87bd7f4eba6a]
- * aix.c:
+ * common/aix.c:
setauthdb() only sets the "old" registry if it was set by a previous
call to setauthdb(). To restore the original value, passing NULL
(or an empty string) to setauthdb() is sufficient.
- [d956fd763521] <1.7>
+ [470da190a254]
2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in, sudoers.pod:
- Mention new handling of HOME in always_set_home and set_home
- descriptions.
- [a69c9bed3164] <1.7>
-
- * sudo.cat, sudo.man.in, sudo.pod:
- fix typo
- [9b90bb3e9187] <1.7>
-
- * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
+ * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
+ doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/env.c:
Reset HOME when env_reset is enabled unless it is in env_keep
- [18223dfd1ac3] <1.7>
+ [f421f8827340]
- * sudoers.cat, sudoers.man.in, sudoers.pod:
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
The default for set_logname has been "true" for some time now.
- [9f97e4b43a4b] <1.7>
-
- * sudoers.cat, sudoers.man.in, sudoers.pod:
- Document that MAIL it set in env_reset mode.
- [dcf9ad98079e] <1.7>
+ [f489da5674c3]
- * boottime.c:
+ * plugins/sudoers/boottime.c:
Add missing include of time.h
- [57bee414982d] <1.7>
+ [624d7014932f]
- * defaults.c, sudo.c:
- Check return value of setdefs() but don't stop setting defaults if
- we hit an unknown one.
- [a42cb2d6b7ed] <1.7>
-
- * logging.c:
+ * plugins/sudoers/logging.c:
Fix check for dup2() return value.
- [916cd7fdeba7] <1.7>
+ [140ea2d50d20]
- * visudo.c:
- Treat an unknown defaults entry as a parse error.
- [1f94675835d9] <1.7>
+ * plugins/sudoers/env.c:
+ Add PYTHONUSERBASE to initial_badenv_table
+ [3149aae5b12c]
- * env.c:
- Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
- -i and env_reset mode.
- [aa6657ccfe01] <1.7>
+ * plugins/sudoers/visudo.c:
+ Treat an unknown defaults entry as a parse error.
+ [b3ebad73efb2]
- * env.c:
- Add PYTHONUSERBASE to initial_badenv_table
- [93058374f0d9] <1.7>
+ * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
+ Check return value of setdefs() but don't stop setting defaults if
+ we hit an unknown one.
+ [945e752239ab]
- * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
- pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
+ * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
+ plugins/sudoers/env.c:
If env_reset is enabled, set the MAIL environment variable based on
the target user unless MAIL is explicitly preserved in sudoers.
- [d903c904dcd4] <1.7>
+ [a1b03e2e0e96]
2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
* pp:
decode debian code names
- [2df0ecbc23b4] <1.7>
+ [8741280d9960]
* WHATSNEW:
fix typo
- [b66a95fa1869] <1.7>
+ [a8a19451110b]
2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
* WHATSNEW:
- Add entry about SuSE bash script fix.
- [04af78fa281c] <1.7>
+ Merge with 1.7.4
+ [9348fa7e15b8]
- * sudo.c:
+ * src/sudo.c:
Restore RLIMIT_NPROC after the uid switch if it appears that
runas_setup() did not do it for us. Fixes a bash script problem on
SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
- [bb14802d48b1] <1.7>
+ [786fb272e5fd]
2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
* mkpkg, pp, sudo.pp:
Restore the dot removal in the os version reported by polypkg. Adapt
mkpkg and sudo.pp to the change.
- [83c7870130fe] <1.7>
+ [dcafdd53b88f]
2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * WHATSNEW:
- Mention polypkg
- [c5f6e40bbb58] <1.7>
-
- * README, WHATSNEW:
- Update for sudo 1.7.4
- [0c688f1f8160] <1.7>
-
* INSTALL:
document --with-pam-login
- [33ca3f6308ae] <1.7>
+ [ea93e4c6873c]
- * sudoers.cat, sudoers.man.in, sudoers.pod:
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
The tag is NOSETENV, not UNSETENV. From Petr Uzel.
- [95f37e63ca15] <1.7>
+ [2ac90d8de36e]
2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo.pp:
Include flavor in solaris package name
- [b6d56ccf367e] <1.7>
+ [e605f6364c9f]
* mkpkg:
Older shells don't support IFS= so set explictly to space, tab,
newline.
- [336925525e17] <1.7>
+ [7773960bc8a0]
* mkpkg:
Use '=' not '==' in test
- [98c692271cfd] <1.7>
+ [c99d42bc48e6]
* mkpkg:
Fix typo that prevented debian from matching
- [af4deec35e37] <1.7>
+ [84421078fcb7]
* mkpkg:
Add missing prefix setting for debian
- [d0c1941cb6ec] <1.7>
-
- * sudo.pp:
- Use tab indents to reduce the chance of problem with <<- Uncomment
- some env_keep lines for RHEL, SLES and Debian to more closely match
- the vendor sudoers files.
- [74ba26566cdc] <1.7>
+ [6466f23de4aa]
* sudo.pp:
- Fix indentation Fix the debian %set section, pp does not set
- pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
- to %files for debian Remove the /etc/sudo-ldap.conf symlink on
+ Use tab indents to reduce the chance of problem with <<- Fix the
+ debian %set section, pp does not set pp_deb_distro Uncomment %sudo
+ line in sudoers for debian Uncomment some env_keep lines for RHEL,
+ SLES and debian to more closely match the vendor sudoers files.
+ Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
debian for ldap flavor
- [f15ff41b5afd] <1.7>
+ [c5b49feb1a0c]
- * sudoers:
+ * plugins/sudoers/sudoers:
Add commented out env_keep entries, sample Aliases and a %sudo line
for debian.
- [8264e4ed42dc] <1.7>
+ [387719e52d0f]
* configure, configure.in:
- Remove check for egrep; configure has its own
- [27b3d85ebf4f] <1.7>
+ Move zlib check later on in the script to avoid a strange shell
+ problem on SLES11.
+ [1a3153bb1291]
* configure.in:
- Use enable_zlib instead of enableval for consistency
- [4a15cfd43d3e] <1.7>
+ Remove check for egrep; configure has its own
+ [a3b9d98cb5d2]
2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
* mkpkg:
Enable zlib for linux distros
- [fcab91448bb0] <1.7>
+ [8fa51a1405a4]
* mkpkg:
Add ldap flavor to default build
- [e35a577c8994] <1.7>
+ [97644f5a555f]
* mkpkg, sudo.pp:
Simplify rpm linux distro settings
- [f30547765636] <1.7>
+ [b9dcf10cdf20]
- * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
- sudoers.cat:
+ * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
- [8c9440423d98] <1.7>
+ [2c549c1acde9]
- * Makefile.in, mkpkg, sudo.pp:
+ * Makefile.in:
+ Fix ChangeLog creation from build dir
+ [3d0c7904f173]
+
+ * plugins/sudoers/sudoers.c:
+ Handle getcwd() failure.
+ [aef7bef87394]
+
+ * doc/Makefile.in, mkpkg, sudo.pp:
Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
environment variable.
- [9f418defc08a] <1.7>
+ [be6ed611b7a8]
* sudo.pp:
Create sudo group on debian
- [4b0cc7b8b0b5] <1.7>
+ [6ed6c032042e]
* mkpkg, sudo.pp:
Add debian 4/5/6 and use the dot when doing version matches
- [d5184f0a1efc] <1.7>
-
- * sudoers.cat, sudoers.man.in, sudoers.pod:
- Remove spurious "and"; from debian
- [8b9f2a5937bc] <1.7>
+ [6bcb664d1f4f]
* aclocal.m4, configure:
Use a loop when searching for mv, sendmail and sh
- [a1c7d19721a4] <1.7>
+ [d5e9369f8d13]
- * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
- sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Remove spurious "and"; from debian
+ [a21e6f7c5b99]
+
+ * aclocal.m4, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.pod:
Substitute the value of EDITOR into the sudoers and visudo manuals.
- [f00dc9343f94] <1.7>
+ [cd79e587dd7f]
2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
* mkpkg, pp, sudo.pp:
- Initial debian 4.0 support
- [6d73c000723f] <1.7>
+ Initial support for debian 4.0
+ [ac6707915fa8]
* mkpkg:
Some platforms need -fPIE instead of -fpie
- [8533a29633e8] <1.7>
-
- * Makefile.in:
- Add packaging bits to DISTFILES
- [dea9f374f28b] <1.7>
+ [fd6be19e5bc2]
- * auth/pam.c:
+ * plugins/sudoers/auth/pam.c:
Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
On Linux it causes a DNS lookup via libaudit.
- [22e04d2f5f0f] <1.7>
+ [1e10105ade5b]
+
+ * MANIFEST:
+ Update MANIFEST to match packaging changes
+ [ef86ee557b5b]
* sudo.psf:
We now use pp to generate HP-UX packages
- [6c9f8ae6bc11] <1.7>
-
-2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+ [f7aa8da7844e]
- * auth/pam.c:
- Fix indentation
- [e52e9e6338d5] <1.7>
-
- * INSTALL, Makefile.in:
- isntall-man -> install-doc
- [02cc8198ea7a] <1.7>
+ * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
+ Remove vestiges of old binary package bits.
+ [afffd005452f]
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- Bump version to 1.7.4
- [df6ce4ea908a] <1.7>
-
- * INSTALL.binary, Makefile.binary.in, Makefile.in:
- Remove remaining bits of the old binary package
- [8d4f82c23c22] <1.7>
-
- * sudo.pp:
- Use http://rc.quest.com/topics/polypkg/ for packaging
- [d71793085629] <1.7>
+ * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ install-man -> install-doc
+ [99b5fa05567c]
- * Makefile.in, mkpkg, pp:
+ * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
+ plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
Use http://rc.quest.com/topics/polypkg/ for packaging
- [675e505758c5] <1.7>
+ [5ca8eb75b223]
* install-sh:
Just ignore the -c option, it is the default Add support for -d
option
- [2adfb3a63231] <1.7>
+ [a8b6b0a131e8]
- * env.c, logging.c, pathnames.h.in:
+2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
Use _PATH_STDPATH instead of _PATH_DEFPATH
- [2c22d54a1f02] <1.7>
+ [137fa911908e]
- * Makefile.in:
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
Do not strip binaries.
- [bc84682b372c] <1.7>
+ [20166e287176]
* INSTALL, configure, configure.in:
Add --insults=disabled configure option to allow people to build in
insult support but have the insults disabled unless explicitly
enabled in sudoers.
- [6d9f40db9cca] <1.7>
-
-2010-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
+ [523b8c552e90]
- * env.c, sudoreplay.c:
- Fix K&R compilation
- [e44d3be7ab85] <1.7>
+ * compat/mkstemps.c:
+ Add prototype for gettime()
+ [275eee40473b]
-2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
- sudo.h:
+ * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
Add support for a sudo-i pam.d file to be used for "sudo -i".
Adapted from a RedHat patch.
- [2984c3831d88] <1.7>
+ [06d34f16520b]
- * Makefile.in:
- Fix installation of sudo_noexec.so
- [d1f7ca8331b6] <1.7>
+2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Fix mkstemps() prototype
+ [2421841e815b]
- * Makefile.in, config.h.in, configure, configure.in, missing.h,
- mkstemp.c, mkstemps.c, sudo_edit.c:
+ * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
+ config.h.in, configure, configure.in, include/missing.h,
+ src/sudo_edit.c:
Use mkstemps() instead of mkstemp() in sudoedit. This allows
sudoedit to preserve the file extension (if any) which may be used
by the editor (like emacs) to choose the editing mode.
- [46399679d9ae] <1.7>
+ [d33172d2c086]
2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ plugins/sudoers/ldap.c:
TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
should avoid disabling TLS_CHECKPEER is possible.
- [1d626a5cf8c0] <1.7>
+ [196622436212]
2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l:
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Make sudo_plugin format a bit more like a man page
+ [048d596e32da]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Add suport for negated user/host/command lists in a Defaults entry.
E.g. Defaults:!baduser noexec
- [24f07a805dce] <1.7>
+ [d41112cf0342]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Add uninstall target
+ [fea66ebf136a]
+
+ * common/Makefile.in, compat/Makefile.in:
+ Remove unused AR, SED and RANLIB variables
+ [2ff9928bfdb3]
+
+ * Makefile.in:
+ Do not install sample plugins
+ [5443b87bd1c3]
+
+2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
+ configure.in, plugins/sudoers/env.c:
+ Now that sudoers is a dynamically loaded module we cannot override
+ the libc environment functions because the symbols may already have
+ been resolved via libc. Remove getenv/putenv/setenv/unsetenv
+ replacements from sudoers and add replacements for setenv/unsetenv
+ for systems that lack them.
+ [3f2b43cb8851]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Link testsudoers with -ldl when needed
+ [f79606f9fcd7]
+
+ * plugins/sample_group/plugin_test.c:
+ Remove unused time.h and add limits.h for PATH_MAX
+ [3f5d0074d621]
+
+ * doc/sudoers.ldap.pod:
+ Fix typo.
+ [bc855fd57397]
+
+2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample_group/plugin_test.c:
+ Do not depend on strlcpy/strlcat
+ [6e7e2b5af051]
+
+ * plugins/sample_group/plugin_test.c:
+ Standalone test driver for sudoers group plugin.
+ [eb1235fc3b8e]
+
+2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
+ aid.
+ [2a34e616229b]
+
+ * plugins/sample_group/sample_group.c:
+ Fix style nit in function declarations
+ [ab87c7c76bf9]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document group_plugin syntax.
+ [ed1faf72ddcb]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document the sudoers group plugin.
+ [f19a62dc8cfc]
+
+ * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
+ configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
+ plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Replace built-in non-unix group support with a sudoers group plugin.
+ Include a sample plugin that can read Unix-format group files.
+ [8fc58ce0b1a8]
+
+ * configure, configure.in, src/load_plugins.c:
+ Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
+ [5c491dddb8ef]
2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.ldap.pod:
- fix typo.
- [d5f2922cecf2] <1.7>
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod:
+ Move sudoers-specific bits out of sudo(8) and into sudoers(5)
+ [e8a5a5830cfe]
-2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * aclocal.m4, configure, configure.in:
+ Substitute @io_logdir@ for the sudoers I/O log directory.
+ [21a75ca7b0ab]
- * .hgtags:
- Added tag SUDO_1_7_3 for changeset 72fd1f510a08
- [cc8b2277e17e] <1.7>
+2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- Sudo 1.7.3 GA
- [72fd1f510a08] [SUDO_1_7_3] <1.7>
+ * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
+ common/atobool.c, common/fileops.c, common/fmt_string.c,
+ common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
+ compat/getgrouplist.c, compat/getline.c, compat/glob.c,
+ compat/snprintf.c, config.h.in, configure, configure.in,
+ include/fileops.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
+ src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
+ src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
+ Set usrinfo for AIX Set adminstrative domain for the process when
+ looking up user's password or group info and when preparing for
+ execve(). Include strings.h even if string.h exists since they may
+ define different things. Fixes warnings on AIX and others.
+ [cf8b93e872c9]
- * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
- auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
- auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
- defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
- fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
- getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
- iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
- pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
- sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
- tsgetgrpw.c, visudo.c:
- Include strings.h even if string.h exists since they may define
- different things. Fixes warnings on AIX and others.
- [7c6de7fb5dba] <1.7>
+ * Makefile.in:
+ Add a separate all target for AIX make which was using the entire
+ LHS (not just the first entry) of the first target as the implicit
+ target.
+ [a45b980a01ef]
- * env.c:
+ * plugins/sudoers/env.c:
Do not rely on env.env_len when unsetting a variable, just use the
NULL terminator.
- [faf088613ce5] <1.7>
+ [ca6eb239c829]
- * env.c:
+ * plugins/sudoers/env.c:
In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
- [47f8dfcc7a48] <1.7>
-
-2010-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
- Mention that multiple URI lines are merged into a single one.
- [1dc0ac5929bf] <1.7>
-
- * WHATSNEW:
- Document AIX fixes
- [be36e8a6dddd] <1.7>
-
-2010-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * env.c, sudo.c, sudo.h:
- For env_init() just use environ not the envp from main().
- [d4f3e374caeb] <1.7>
+ [7046ba7caa4e]
2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- Update version to 1.7.3rc1
- [fe43fe79070d] <1.7>
-
- * TODO:
- fqdn issue is resolved
- [f35cb63eb74b] <1.7>
-
- * env.c:
- In unsetenv(), assign ep in the for loop instead of doing it
- earlier. This version of the code does not change env.envp in
- between when ep is assigned and when it is used but older versions
- (e.g. 1.7.2) do.
- [a4cd29c862c9] <1.7>
-
- * aix.c:
- Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
- getuserattr() when fetching the administrative domain to be used by
- setauthdb(). This was suggested by AIX support and is consistent
- with what OpenSSH does.
- [d3109706ec85] <1.7>
-
- * vasgroups.c:
+ * plugins/sudoers/vasgroups.c:
Use warningx() instead of log_error() since the latter is not
available to visudo or testsudoers. This does mean that they don't
end up in syslog.
- [0174e89f983b] <1.7>
+ [152b7c50f426]
- * sudo.c:
+ * plugins/sudoers/sudoers.c:
Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
closed the sudoers sources. From Quest sudo.
- [c1b33e3e0f9e] <1.7>
+ [c1cd573bab94]
- * pwutil.c:
+ * plugins/sudoers/pwutil.c:
Ignore case when matching user/group names in the cache. From Quest
sudo.
- [72df368a8a0e] <1.7>
+ [2aa4ecc7d7f5]
2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.in, selinux.c:
+ * config.h.in, configure, configure.in, src/selinux.c:
Add check for setkeycreatecon() when --with-selinux is specified.
- [24144c52c0cc] <1.7>
+ [affae247b4e0]
* configure, configure.in:
- Bump version to 1.7.3b5 Error out if libaudit.h is missing or
- ununable when --with-linux-audit was specified
- [215c7653d9bc] <1.7>
-
- * aix.c:
- K&R function declaration for aix_setauthdb()
- [82da12d222a6] <1.7>
-
- * env.c, sudo.c, sudo.h:
- If env_init() was called implicitly via getenv(), setenv() or
- putenv() just use the specified envp instead of mallocing a new
- copy. This prevents an infinite loop on OpenBSD which calls
- getenv() from malloc() to get MALLOC_OPTIONS.
- [8e82ce63f774] <1.7>
-
- * ldap.c:
- Add support for multiple URI lines by joining the contents and
- passing the result to ldap_initialize.
- [b4e10b2ffdb1] <1.7>
-
-2010-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * pwutil.c, set_perms.c, sudo_nss.c:
- Bracket initgroups with calls to aix_setauthdb() and
- aix_restoreauthdb()
- [363dbe449f1c] <1.7>
-
- * aix.c:
- Include compat.h before alloc.h to get __P
- [819a2667ffd7] <1.7>
-
- * auth/aix_auth.c:
- Include usersec.h for authenticate() prototype
- [2b8dd2b67131] <1.7>
+ Error out if libaudit.h is missing or ununable when --with-linux-
+ audit was specified
+ [d82e743fac04]
- * aix.c:
- Add missing includes Add missing trailing NUL in userinfo string
- [8deaedf44943] <1.7>
+ * doc/HISTORY, doc/history.pod:
+ Add =head3 entries, mostly for the html version
+ [ee93112d0308]
2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * HISTORY, history.pod:
- Mention when LDAP was incorporated.
- [4e6c8ec4f67c] <1.7>
+ * doc/HISTORY, doc/history.pod:
+ Mention when LDAP was incorporate.
+ [2923dc17f79c]
2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure:
- Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
- not covered by _ALL_SOURCE.
- [3657f1b181b9] <1.7>
-
- * pwutil.c:
- Include usersec.h on AIX to get IDtouser() prototype.
- [11483bbe15c7] <1.7>
-
- * configure.in:
+ * configure, configure.in:
Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
not covered by _ALL_SOURCE.
- [fd48e6e2136b] <1.7>
+ [c92fd69809d0]
2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * iolog.c:
+ * plugins/sudoers/iolog.c:
Add a cast to quiet a compiler warning.
- [51e9d419bd83] <1.7>
+ [a200e07ee1bc]
- * boottime.c:
- Use memset() instead of zero_bytes() since we don't include sudo.h
- [f310b2123ba9] <1.7>
-
- * Makefile.in:
- getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
- [c8750c2d75ab] <1.7>
-
- * getdate.c, getdate.y:
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
Quiet a compiler warning.
- [9f231be15958] <1.7>
+ [c9acfc927cea]
- * defaults.c, sudo.c:
+ * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
Call set_fqdn() after sudoers has parsed instead of inline as a
callback.
- [26d413ddb6dd] <1.7>
+ [5f4e5d075f2d]
- * WHATSNEW:
+ * WHATSNEW, plugins/sudoers/sudoers.c:
Do not call set_fqdn() until sudoers parses (where is gets run as a
callback).
- [582453a993a1] <1.7>
-
- * sudo.c:
- Do not call set_fqdn() until sudoers parses (where is gets run as a
- callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
- set even if !fqdn is set in sudoers.
- [aa01e867d1bb] <1.7>
-
- * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
- sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
- Bump version to 1.7.3b4
- [c1c5a73766b6] <1.7>
+ [09040fca6d40]
* WHATSNEW:
mention the change in tty ticket behavior when there is no tty
- [93ddde63e453] <1.7>
-
- * TODO:
- remove done items
- [9601b2e8dcef] <1.7>
-
- * aix.c:
- Remove comment; NAME in usrinfo should be user name.
- [eb46f1e8ea08] <1.7>
+ [575a1fd98f05]
- * check.c:
+ * plugins/sudoers/check.c:
Do not update tty ticket if there is no tty.
- [e64e8c8f2286] <1.7>
-
- * sudo.cat, sudo.man.in, sudo.pod:
- No longer need to use -- with the -s flag
- [e45c18dd79dc] <1.7>
+ [63f9c33ce6a7]
- * Makefile.in:
- Add missing $(srcdir) to sudo.man.in target
- [2bd89f6ca9f3] <1.7>
+ * doc/LICENSE, doc/license.pod:
+ Update copyright year
+ [0722ab5d404b]
- * Makefile.in:
+ * doc/Makefile.in:
Do not rely on BSD make's $>
- [cb328b82cb92] <1.7>
+ [936a86398bd9]
* configure, configure.in:
Set timedir to /var/db/sudo for darwin to match Apple sudo's
location
- [860c7f1b001f] <1.7>
+ [d5b9b03096f1]
2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, configure, configure.in:
- Move aix.o from SUDO_OBJS to COMMON_OBJS
- [f8a9bdf346c1] <1.7>
+ * plugins/sudoers/sudoers.h:
+ Add stub declarations for struct stat and struct timeval
+ [f6d90551a4fd]
- * config.h.in, configure, configure.in, defaults.c, iolog.c,
- sudoreplay.c:
+ * MANIFEST:
+ Remove compat/sigaction.c
+ [d0ed6d9a770e]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
Check for zlib.h in addition to libz.
- [fb77e44d5196] <1.7>
+ [6e191b4a6065]
- * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
+ src/sudo_exec.h:
Move functions and symbols shared between exec.c and exec_pty.c into
sudo_exec.h.
- [e798d945424e] <1.7>
-
- * sudo.h:
- Add missing prototypes for aix_setauthdb and aix_restoreauthdb
- [8bc2af6d4e17] <1.7>
+ [14ae63403544]
- * Makefile.in:
+ * doc/Makefile.in:
Comment out rules to build .man.in and .cat files unless --with-
devel
- [81d6726a19ab] <1.7>
+ [3cf7e5606a85]
- * aix.c, pwutil.c, set_perms.c, sudo.h:
- Fix AIX compilation problems.
- [7d95f73eca42] <1.7>
-
- * sudo.c:
- Cast isalnum() arg to unsigned char.
- [5fff9a81af00] <1.7>
-
- * WHATSNEW:
- Add Linux audit support.
- [e59e0670ba79] <1.7>
+ * doc/Makefile.in:
+ Comment out rules to build .man.in and .cat files unless --with-
+ devel
+ [d30495b0e29e]
- * sudo.c:
+ * src/parse_args.c:
Quote any non-alphanumeric characters other than '_' or '-' when
passing a command to be run via the shell for the -s and -i options.
- [d35a3f4cb3c0] <1.7>
+ [d633f74fe2d9]
- * sudo.c:
- Add missing braces that broke -i mode.
- [7fe124b078ec] <1.7>
+ * doc/Makefile.in:
+ Add back .man suffix
+ [6e63b60a2739]
- * linux_audit.c:
- Fix linux_audit_command() return value
- [0c582476181c] <1.7>
+ * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
+ src/selinux.c:
+ Add Linux audit support.
+ [5a2f445e0bd4]
2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, linux_audit.c, linux_audit.h:
- Add Linux audit support.
- [b207dc9960de] <1.7>
+ * plugins/sudoers/iolog.c:
+ Remove an XXX
+ [a170cbe651d1]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
+ plugins/sudoers/sudoreplay.c:
+ Add -f (filter) option to sudoreplay to allow certain streams to be
+ replayed and others ignored.
+ [62e51b432ea1]
+
+ * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
+ src/tgetpass.c:
+ Fix -A flag when askpass is specified in sudo.conf or if sudo
+ doesn't need to read a password.
+ [2e401e4a00e3]
+
+ * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
+ Clean up some XXXs
+ [689f0b002d3d]
+
+ * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for multiple sudoers_base entries in ldap.conf. From
+ Joachim Henke
+ [e3e4a3c2bd5b]
-2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+ * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
+ src/exec_pty.c:
+ remove setsid check, we require a POSIX system
+ [cc73cb9e22c0]
- * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
- logging.h, selinux.c:
- Add Linux audit support.
- [26ae31d7ff93] <1.7>
+ * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
+ src/sudo.c, src/tgetpass.c:
+ Check for dup2() failure.
+ [5d46d66794f5]
-2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
- Sync sudoreplay with trunk
- [65b780cccfa5] <1.7>
-
- * exec_pty.c:
- Remove an XXX
- [8304ac649241] <1.7>
-
- * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
- Set usrinfo for AIX Set adminstrative domain for the process when
- looking up user's password info and when preparing for execve().
- [52b48cbe97fd] <1.7>
-
- * ldap.c, parse.c:
- Better prefix determination now that we can't rely on len==0 to tell
- the beginning on an entry.
- [32f1875d9605] <1.7>
-
- * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
- sudoers.ldap.pod:
- Add support for multiple sudoers_base entries in ldap.conf. From
- Joachim Henke
- [3c0b59fce7b4] <1.7>
-
- * configure, configure.in:
- Remove duplicate setsid check
- [7712d6d52da1] <1.7>
-
- * Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
- logging.c, missing.h, setsid.c:
- Move setsid emulation into setsid.c
- [f24743c9e4e9] <1.7>
-
- * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
- Check for dup2() failure.
- [b1b6ba761b61] <1.7>
-
- * config.h.in, configure, configure.in:
- Remove dup2 check, it is not optional.
- [cfbe5f3b5956] <1.7>
+ * config.h.in, configure, configure.in:
+ Remove dup2() check, it is not optional.
+ [5f1d56de4384]
2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
* WHATSNEW:
- Add mbr_check_membership support and SELinux fixes
- [af1936a7cf2f] <1.7>
+ sync with sudo 1.7.3
+ [88e5c0bd6d59]
- * Makefile.in:
- Sync SRCS and DISTFILES with reality
- [0971b5dcb1be] <1.7>
+ * INSTALL:
+ SunOS does not ship with an ANSI compiler
+ [f13c85c67069]
* INSTALL:
Update OS specific notes. Delete some really ancient ones and move
older ones to the end of the list.
- [872dd8b437a8] <1.7>
+ [59ce592c4c52]
* README:
- Bump for sudo 1.7.3 Merge some changes from trunk
- [a3088c75bf22] <1.7>
+ Sudo can be downloaded from the web site too Mention "OS dependent
+ notes" section in INSTALL
+ [191871538984]
- * selinux.c, sudo.c:
+ * src/exec_pty.c, src/selinux.c:
Call selinux_restore_tty() as part of cleanup() so it gets called
from error()/errorx()
- [0197c07d4c1e] <1.7>
+ [bb017da6b6da]
- * compat.h:
- No longer use SA_NOCLDSTOP
- [73ca654cd3f8] <1.7>
+ * MANIFEST, doc/PORTING:
+ Remove obsolete porting guide
+ [321e35591344]
- * interfaces.h, match.c:
+ * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
Move union sudo_in_addr_un into interfaces.h
- [c84bda7c332a] <1.7>
-
- * pathnames.h.in:
+ [b2c8b19ee094]
+
+ * doc/Makefile.in:
+ Remove useless circular dependencies
+ [5682181b59cf]
+
+ * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
+ Convert to ANSI C function declarations
+ [a4f76927d034]
+
+ * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
+ common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
+ compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
+ compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
+ compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
+ compat/strlcpy.c, compat/timespec.h, compat/utime.h,
+ compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
+ include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
+ include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/match.c,
+ plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
+ src/conversation.c, src/error.c, src/load_plugins.c,
+ src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
+ src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
Update copyright year
- [94871f44206b] <1.7>
+ [26ac7991f7d8]
- * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
- compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
- gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
- match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
- sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
- sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
- visudo.man.in, visudo.pod:
- Update copyright year
- [4cfb47c799b8] <1.7>
+ * doc/Makefile.in:
+ Fix commented DEVDOCS when not in devel mode.
+ [e0a97eaf3793]
- * Makefile.in:
- Remove varsub as part of clean
- [61f04a21b0bb] <1.7>
-
- * match.c:
+ * plugins/sudoers/match.c:
Quiet a compiler warning.
- [06d8cfe916c8] <1.7>
+ [b2a17ebd5d38]
- * getdate.c, getdate.y:
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
Quiet a compiler warning.
- [473d2b7d44a1] <1.7>
+ [687843bc593d]
- * ldap.c, sudo.h:
- Make the remaining functions in ldap.c static
- [ba555565b30a] <1.7>
+ * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
+ Make all functions in ldap.c static
+ [b2111e89eeba]
- * ldap.c:
- Make private functions static. Diff from Joachim Henke
- [1603035b1863] <1.7>
-
- * schema.ActiveDirectory:
+ * doc/schema.ActiveDirectory:
Updates from Alain Roy to provide better examples for importing the
schema and to fix problems caused by Windows validating attributes
which have not yet been added before committing the changes.
- [83f11ae00f19] <1.7>
+ [69f4c5ccaf89]
-2010-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
- Generate .cat files directly from .man.in instead of .man using
- default values in configure.in
- [0a92b41c5ce5] <1.7>
+ * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
+ doc/visudo.cat, doc/visudo.man.in:
+ Leave rules to build .man.in and .cat files uncommented but only
+ make them part of the "all" rule in devel mode. Generate .cat files
+ directly from .man.in instead of .man using default values in
+ configure.in
+ [c3054a44f6a5]
-2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Bump sudo version to 1.8.0b1
+ [8f79c85135e1]
- * configure, configure.in, sudo.c, sudo_usage.h.in:
+ * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
Print configure args with verbose version information.
- [ca4a5fcf0af8] <1.7>
+ [1ce690660ed2]
- * visudo.c:
+ * TODO, plugins/sudoers/visudo.c:
Remove tfd from struct sudoersfile; it is not used. Add prev pointer
to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
Use tq_append to append sudoers entries to the tail queue.
- [344c631d0d43] <1.7>
+ [1743f9a286e4]
2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
* WHATSNEW:
Describe tty timestamp improvements
- [136b0f832903] <1.7>
+ [e214e863a313]
- * toke.c, toke.l:
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
A comment character may not be part of a command line argument
unless it is quoted with a backslash. Fixes parsing of:
testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
- [2a0c82ffedde] <1.7>
-
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
- regen
- [c9fddd23c7e1] <1.7>
+ [ea2e990f85ed]
- * sudoers.pod:
+ * doc/sudoers.pod:
Make this read a little bit better when passwd_timeout is 0.
- [51644950823f] <1.7>
+ [39d362757f31]
- * Makefile.in:
- Use the --file argument to config.status instead of setting
- CONFIG_FILES
- [fc2b42c60b5d] <1.7>
-
- * sudo.man.pl, sudo.pod:
+ * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
Attempt to handle a default password prompt timeout of zero more
gracefully.
- [478b8e720993] <1.7>
+ [ea47d43acf5b]
- * toke.c, toke.l:
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Do not override value of keepopen global, instead restore it to the
value we pushed onto the stack when popping.
- [dc370d57a668] <1.7>
+ [fe282e5a3402]
+
+ * plugins/sudoers/Makefile.in:
+ Add dependency for utility programs on libreplace and libcommon
+ [2339aba64928]
- * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
- Use SA_INTERRUPT in sa_flags
- [3845c6637361] <1.7>
+ * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
+ plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
+ src/exec.c, src/exec_pty.c, src/tgetpass.c:
+ Remove sigaction emulation Use SA_INTERRUPT in sa_flags
+ [7dd61f1bd8d2]
- * getdate.c, getdate.y, ldap.c, sudoreplay.c:
+ * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
+ We don't use getgrouplist() at the moment so there's no need to
+ provide a compat version.
+ [1597536fbada]
+
+ * TODO:
+ sync with reality
+ [9e1a874e7885]
+
+ * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
+ src/conversation.c, src/sudo.h, src/tgetpass.c:
+ Fix visiblepw sudoers option; the plugin API portion still needs
+ documenting
+ [60b6933ef5e0]
+
+ * src/sudo.c:
+ Print sudo version as well.
+ [987ed459b459]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Use sudo_printf for I/O log version Clarify policy plugin version
+ string
+ [5a58b7e8c80b]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
Silence some compiler warnings
- [112ac65afd0c] <1.7>
+ [afb1eba90915]
+
+ * src/load_plugins.c, src/tgetpass.c:
+ Store askpass path in a global instead of uses setenv() which many
+ systems lack.
+ [b440bcc0e660]
2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * exec.c, exec_pty.c, sudo.c, sudo.h:
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/check.c, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
+ src/tgetpass.c:
+ Move askpass path specification from sudoers to sudo.conf.
+ [5507ab867c26]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Use a flag bit in struct command_details for selinux instead of a
+ separate field.
+ [c59ca4acded9]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
Implement background mode. If I/O logging we use pipes instead of a
pty.
- [8d448eaf2aaa] <1.7>
+ [c07a4b356cbd]
- * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
+ * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
+ src/exec.c, src/exec_pty.c, src/tgetpass.c:
Move compat definition of NSIG to compat.h
- [cae72a4c9dec] <1.7>
+ [ab0385467f25]
- * tgetpass.c:
- Ignore SIGPIPE for "sudo -S"
- [c6595c8527c4] <1.7>
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Mention plugins in the sudo manual and add some missing path
+ substitution in the sudo_plugin manual.
+ [570f831f47a3]
- * tgetpass.c:
- Properly handle TGP_ECHO again. Print a newline if the user
- interrupted password input.
- [15acbe4fb535] <1.7>
+ * src/Makefile.in:
+ Set _PATH_SUDO_CONF based on $(sysconfdir)
+ [fde51869cf07]
- * exec_pty.c:
+ * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
+ src/exec.c, src/exec_pty.c, src/ttysize.c:
+ Require POSIX termios to build sudo
+ [9ec6b41f3f95]
+
+ * src/tgetpass.c:
+ Ignore SIGPIPE for "sudo -S"
+ [7ad27fde0c06]
+
+ * src/tgetpass.c:
+ Fix uninitialized variable in TGP_ECHO case and print a newline if
+ the user interrupted password input.
+ [ce19204d8dd4]
+
+ * src/tgetpass.c:
+ Make TGP_ECHO override TGP_MASK and don't try to restore the
+ terminal if we didn't modify it.
+ [a7e11abfe7e4]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
+ src/conversation.c, src/sudo.h, src/tgetpass.c:
+ Add SUDO_CONV_PROMPT_MASK define which corresponds to the
+ "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
+ set.
+ [e0550590cabe]
+
+ * src/exec_pty.c:
Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
- [dd041fc9554c] <1.7>
+ [762448182fe3]
2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
- Return an error from selinux_setup() instead of exiting. Call
- selinux_setup() from exec_setup().
- [b518225cafba] <1.7>
+ * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
+ Add selinux_enabled flag into struct command_details and set it in
+ command_info_to_details(). Return an error from selinux_setup()
+ instead of exiting. Call selinux_setup() from exec_setup().
+ [011bea23a5a0]
- * compat.h:
- Add definition of WCOREDUMP for systems without it. This is known
- to work on AIX and SunOS 4, but may be incorrect on other systems
- that lack WCOREDUMP.
- [365e56db7cd5] <1.7>
+2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Remove commented out copy of old sudo_execve() function.
+ [9c5e21380472]
+
+2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
- nanosleep.c, sudo_edit.c, visudo.c:
+ * plugins/sudoers/sudoers.c:
+ Fix setting selinux type on command line.
+ [814b20a0b3be]
+
+ * plugins/sudoers/iolog.c:
+ In sudoers_io_close(), skip NULL io_fds[] elements.
+ [4011ff7d4daf]
+
+ * include/compat.h:
+ No longer need NGROUPS_MAX define
+ [cae4c49d7077]
+
+ * compat/nanosleep.c, config.h.in, configure, configure.in,
+ include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/visudo.c, src/sudo_edit.c:
Replace timerfoo macros with timevalfoo since the timer macros are
known to be busted on some systems.
- [4bb5228606c5] <1.7>
+ [4f97d79f2d41]
- * toke.c, toke.l:
+ * src/exec_pty.c:
+ Remove duplicate call to selinux_setup().
+ [82bd52764e21]
+
+ * plugins/sudoers/auth/pam.c:
+ If pam_open_session() fails, pass its status to pam_end.
+ [1d8de4cf8ff3]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
If a file in a #includedir has improper permissions or owner just
skip it. This prevents packages that incorrectly install a file
into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
#includedir files still result in a parse error (for now).
- [b7fb75eddb77] <1.7>
+ [ade99a4549a4]
- * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
- Defer call to pam_close_session() until after the command finishes
- if there is a monitor process.
- [0a39c8e6a81b] <1.7>
-
- * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
- sudoers.man.in, sudoers.pod:
+ * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
Add use_pty sudoers option to force use of a pty even when not
logging I/O.
- [aea971f1456a] <1.7>
+ [b280a8972a79]
- * env.c, sudo.c, sudo.h:
- Instead of trying to keep the global environment in sync with our
- private copy, provide our own getenv() that returns values from the
- private environment and use env_get() to pass the environment in to
- run_command().
- [58c85c5695dc] <1.7>
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
+ Make env_init() void as it never fails.
+ [d3890e55daa7]
- * set_perms.c:
- Fix typo
- [0f677fcdde04] <1.7>
+ * plugins/sudoers/env.c:
+ No longer use _NSGetEnviron so don't need crt_externs.h
+ [9b4e0e139881]
-2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/env.c:
+ Remove unused VNULL define
+ [a42cacb263e3]
- * sudo.h:
- Rename pty.c -> get_pty.c
- [39137dcc4420] <1.7>
+2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * iolog.c:
+ * plugins/sudoers/iolog.c:
Add #define for maximum session id
- [2a487437f013] <1.7>
+ [9e18c17a28c2]
- * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
- selinux.c, sudo.c, sudo.h, sudo_edit.c:
- Split exec.c into exec.c and exec_pty.c Pass a flag in to
- sudo_execve to indicate whether we need to wait for the command
- to finish (fork + execve vs. execve).
- [b197515585db] <1.7>
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
+ Split exec.c into exec.c and exec_pty.c
+ [d52376327332]
- * Makefile.in, configure, configure.in, get_pty.c, pty.c:
- Rename pty.c -> get_pty.c
- [c0e5270bb28a] <1.7>
+ * MANIFEST:
+ Sync with source file moves.
+ [4a62c6c9e846]
- * aclocal.m4, configure, configure.in:
- Fix --without-iologdir
- [dcd6c5907b10] <1.7>
+ * src/Makefile.in, src/get_pty.c, src/pty.c:
+ Rename pty.c -> get_pty.c
+ [5696a12bd29b]
2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * iolog.c:
+ * plugins/sudoers/iolog.c:
Only use I/O input log file if def_log_input is set and output file
if def_log_output is set.
- [96cdd49be996] <1.7>
+ [d866992f1681]
-2010-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse_args.c, sudo.c:
- Include sudo_usage.h after sudo.h now that it has function
- prototypes to guarantee that __P is defined.
- [c67b77f8d6b1] <1.7>
+ * compat/strsignal.c:
+ Update copyright year
+ [a96f2593fd4e]
-2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+ * src/pty.c:
+ uid -> ttyuid
+ [c3454d74ebcb]
- * tgetpass.c:
- Do signal setup after turning off echo, not before. If we are using
- a tty but are not the foreground pgrp this will generate SIGTTOU so
- we want the default action to be taken (suspend process). Use an
- array for signals received instead of a single variable so we don't
- lose any when there are multiple different signals.
- [de356064ea01] <1.7>
+ * plugins/sudoers/sudoers.c:
+ For sudoedit, make a local copy of editor string si become part of
+ argv. If no editor environment variable, split def_editor on ':'
+ since it may be a colon-delimited path.
+ [2ee298506a6e]
- * defaults.h, lbuf.h, sudo.h:
- Reorg function prototypes a bit
- [5c40f58bb28e] <1.7>
+ * src/sudo_edit.c:
+ Remove unneeded endpwent()/endgrent()
+ [623f6743d101]
- * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
- Move argument parsing into parse_args.c
- [fad7b8737c12] <1.7>
+ * doc/Makefile.in:
+ Use value of nroff from configure
+ [b2ce649125ab]
- * Makefile.in, config.h.in, configure, configure.in, missing.h,
- mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
- Build our own sys_siglist for systems that lack it.
- [3b5f671936dc] <1.7>
+ * src/exec.c:
+ Add missing const to I/O log action function
+ [d764a3955e04]
- * exec.c, iolog.c, missing.h, sudo_edit.c:
- K&R fixes
- [dad62986f2fe] <1.7>
+ * plugins/sudoers/check.c:
+ Update copyright year and fix whitespace
+ [e648c35b16be]
- * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
- Log sudoedit sessions as well; adapted from trunk
- [2c5d9695022b] <1.7>
+ * configure, configure.in:
+ Fix typo
+ [8e0bdfc47da4]
- * configure:
- regen
- [9b319e89a6c4] <1.7>
-
- * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
- def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
- gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
- script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
- sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
- sudoreplay.pod, term.c:
- Merge I/O logging changes from trunk. Disabling I/O log support at
- compile time does not currently work. Sudoedit is not yet hooked up
- to I/O logging.
- [968c2c74c69b] <1.7>
+ * plugins/sudoers/iolog.c:
+ Remove redundant tty signal blocking in log function.
+ [f17f575dabd4]
2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/iolog.c:
+ Place static keyword where it belongs
+ [b01aec7c86b4]
+
+ * plugins/sudoers/logging.c:
+ Always use a printf format string for send_mail()
+ [13b1ada644c9]
+
+ * common/atobool.c, plugins/sudoers/ldap.c:
+ Extend atobool() so we can use it in the LDAP code.
+ [73f8e6807044]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
+ Sudo now stashes tty ctime for tty_tickets on Solaris too.
+ [e82df13ad3fd]
+
+ * plugins/sudoers/boottime.c:
+ Fix dummy version of get_boottime()
+ [01d69c06013b]
+
+2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Enable tty_is_devpts() support for Solaris with the "devices"
+ filesystem.
+ [237c6b25fa84]
+
+ * src/exec.c:
+ Unbreak the non-io logging case.
+ [4822b9f709fb]
+
+ * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
+ Fix symbol name conflict with sudo_printf.
+ [0d44eab0a8f6]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix OpenPAM detection for newer versions.
+ [1b2abed232d8]
+
+ * plugins/sudoers/vasgroups.c:
+ Sync with Quest sudo git repo
+ [f1d98b3cba02]
+
+ * aclocal.m4, configure, configure.in:
+ HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
+ Add missing template for ENV_DEBUG Adapted from Quest sudo
+ [695dbd7b28f4]
+
+ * README.LDAP:
+ Fix typos; from Quest Sudo
+ [4eba9da33b8e]
+
+2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Add back -I$(top_srcdir); we need it for including compat/foo.h
+ since we cannot rely on "foo.h" being found relative to the source
+ file when the cwd is different.
+ [bbf24695f325]
+
+ * src/exec.c:
+ Fix a bug where we could treat EAGAIN as a permanent error. Also set
+ cstat if perform_io() returns an error.
+ [200475c4326f]
+
+ * common/alloc.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/sudoers.c:
+ Add casts to quiet compiler warnings.
+ [85eb1c336697]
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Fix typo in ternary operator usage.
+ [6492ac1450e2]
+
+2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
* INSTALL, configure, configure.in:
- Add --enable-warnings configure option
- [19cf967c36d1] <1.7>
+ Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
+ [92121d693b30]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
+ Update docs to match sudoers I/O logging changes
+ [18d651989e49]
+
+ * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
+ pathnames.h.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c:
+ Break sudoers transcript feature up into log_input and log_output.
+ [db3c1248d2ad]
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Use setprogname() as needed.
+ [6beee63a4553]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
+ Adapt sudoreplay to iolog changes.
+ [581f52c05f0f]
+
+2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Log all input and output into separate files and store a number on
+ each timing file line to indicate which file the data is in.
+ [fb460c5273dd]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Make sudoers_io functions static to iolog.c
+ [b2df3cc3eecb]
- * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
- Fix K&R compilation issues on HP-UX.
- [c01a547cdcf8] <1.7>
+2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
- Pass in output function to lbuf_init() instead of writing to stdout.
- A side effect is that the usage info can now go to stderr as it
- should. Add support for embedded newlines in lbuf and use that
- instead of multiple calls to lbuf_print.
- [596a427ff873] <1.7>
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
+ src/sudo_usage.h.in:
+ Completely remove the -L flag from the sudo front end.
+ [3d220030b720]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix EAGAIN handling when writing to stdout.
+ [4766d77cea49]
+
+ * plugins/sudoers/sudoers.c:
+ Eliminate unused variables
+ [83bd711e79c4]
+
+ * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
+ Re-enable cleanup functions in sudoers plugin and sudo driver for
+ error()/errorx().
+ [43093f937dd8]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Use sudo_printf to display verbose version information.
+ [435cc9f8d4a2]
+
+ * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Minor Makefile cleanup: fix a typo, change the removal order in the
+ clean targets, and remove a superfluous include path for the sudoers
+ plugin.
+ [6e3b2d6b4437]
+
+ * plugins/sudoers/env.c:
+ Handle duplicate variables in the environment. For unsetenv(), keep
+ looking even after remove the first instance. For sudo_putenv(),
+ check for and remove dupes after we replace an existing value.
+ [c1bbb88d0435]
+
+2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Use explicit path to source file instead of $< for files that live
+ in devdir and top_srcdir.
+ [358ab7f6cc64]
+
+ * plugins/sudoers/Makefile.in:
+ Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
+ ending LIBSUDOERS_OBJS with a backslash
+ [481a5c96d47e]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Link libcommon before libreplace since libcommon may use functions
+ only present in libreplace.
+ [1847c496ff5b]
+
+ * common/Makefile.in:
+ Move code common to sudo and the sudoers plugin to a convenience
+ library, libcommon. Removes the need to make links in the sudoers
+ plugin dir and reduces re-compilation of duplicate object files.
+ [4c8986352937]
+
+ * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
+ common/term.c, common/zero_bytes.c, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
+ src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
+ src/zero_bytes.c:
+ Move code common to sudo and the sudoers plugin to a convenience
+ library, libcommon. Removes the need to make links in the sudoers
+ plugin dir and reduces re-compilation of duplicate object files.
+ [1d1d98bd55b9]
+
+ * src/exec.c, src/sudo.c, src/sudo.h:
+ Rename script_execve to sudo_execve and rename script_foo in exec.c
+ [a35ec80de96a]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
+ rename script.c exec.c and fix up the MANIFEST file
+ [36bc3bff9578]
+
+ * src/script.c, src/sudo.c, src/sudo.h:
+ Rename script_setup() to pty_setup() and call from script_execve()
+ directly.
+ [899b0fb2a14d]
+
+ * configure, configure.in:
+ bump version to 1.8.0a2
+ [0b1c1ca9d4e5]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document init_session
+ [b5324785a406]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ Clean up the sudoers auth API a bit and update the docs.
+ [c40fd4cb6e68]
+
+ * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
+ Add init_session function to struct policy_plugin that gets called
+ before the uid/gid/etc changes. A struct passwd pointer is passed
+ in,which may be NULL if the user does not exist in the passwd
+ database.The sudoers module uses init_session to open the pam
+ session as needed.
+ [d71723320ee8]
+
+2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add open/close session to sudo auth, only used by PAM. This allows
+ us to open (and close) the PAM session from sudoers.
+ [2665e2920d0d]
+
+ * plugins/sudoers/Makefile.in:
+ Add explicit rule to build getdate.o for HP-UX make.
+ [7f049e989956]
+
+ * plugins/sudoers/Makefile.in:
+ Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
+ rules as an alternate way to prevent HP-UX make (and others) from
+ trying to rebuild the parser in non-dev mode.
+ [f84badad98c5]
+
+ * plugins/sudoers/sudoers.c:
+ Re-enable PATH_MAX check for command
+ [40d8a50da136]
+
+ * Makefile.in:
+ For distclean, clean the main directory last since the subdirs need
+ to be able to run libtool to clean things.
+ [8949a9861634]
+
+ * compat/Makefile.in:
+ Fix generation of mksiglist.h
+ [b7cdc9b36650]
+
+ * src/script.c:
+ Now that we defer sending cstat until the end of script_child() we
+ cannot reuse cstat when reading command status from parent.
+ [25c882643466]
- * configure, configure.in, sudo.man.pl, sudoers.man.pl:
+2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
Use numeric registers to handle conditionals instead of trying to do
it all with text processing.
- [31570c372e0e] <1.7>
+ [478079c3fd4b]
- * sudoers.pod:
+ * doc/sudoers.pod:
Document per-command SELinux settings
- [bbce5acad1be] <1.7>
+ [13840d566805]
- * sudo.pod:
- timestamp -> time stamp
- [d7335ce6286f] <1.7>
+ * plugins/sudoers/sudoers.c:
+ Repair "sudo -l -U username"
+ [10a0dcdf2ddf]
- * tsgetgrpw.c:
- Set close on exec flag in private versions of setpwent() and
- setgrent().
- [954814bdbd56] <1.7>
+ * plugins/sudoers/sudoers.c:
+ Set selinux role and type in command details.
+ [8ae6d35a126d]
- * logging.c:
- Make send_mail() take a printf-style argument list
- [0783ad585062] <1.7>
+ * src/script.c, src/selinux.c, src/sudo.h:
+ Rework SELinux support.
+ [83279cc94bf2]
- * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
- config.guess, config.h.in, config.sub, configure, configure.in,
- ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
- m4/ltversion.m4, m4/lt~obsolete.m4:
- Update to autoconf 2.65 and libtool 2.2.6b
- [3544dd2f1a94] <1.7>
+2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * boottime.c:
- Don't use TRUE/FALSE which may not be defined.
- [8649bf22b3b2] <1.7>
+ * src/script.c, src/selinux.c, src/sudo.h:
+ Make SELinux support compile again. Needs more work to be complete.
+ [3d3addebcf82]
- * sudo.cat, sudo.man.in, sudo.pod:
- Document new tty_ticket behavior
- [0663e0390338] <1.7>
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
+ src/sudo.h:
+ Bring back closefrom settings.
+ [b1c6257d4bbb]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ If running a command or sudoedit in transcript mode, call
+ io_nextid() before log_allowed() so the session id is logged.
+ [c42f3ae40150]
+
+ * configure, configure.in:
+ Use mandoc(1) if nroff(1) is not present.
+ [daad4bbd04af]
- * find_path.c, sudo.c, sudo.h, visudo.c:
+ * doc/Makefile.in:
+ Use the --file argument to config.status instead of setting
+ CONFIG_FILES in the environment.
+ [c89411a8bf70]
+
+ * plugins/sudoers/Makefile.in:
+ We cannot conditionally update gram.h or the dependency ordering
+ gets messed up in devel mode.
+ [c938953231d9]
+
+2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, compat/Makefile.in, configure, configure.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Substitute @SHELL@ into Makefiles
+ [36aa6a095335]
+
+ * config.sub:
+ Fix typo
+ [16d294d26b58]
+
+ * config.guess, config.sub, configure, configure.in:
+ Update to autoconf 2.65
+ [4fa6ea8caea3]
+
+ * Makefile.in:
+ Fix libtool target (space vs. tabs)
+ [755cf3892618]
+
+ * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
+ Remove use of RETSIGTYPE; all modern systems have signal handlers
+ that return void.
+ [42b4e3aee668]
+
+ * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
+ ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+ m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Update to libtool-2.2.6b. I haven't made any local modifications
+ this time, which should be OK since we install sudo_noexec.so by
+ hand now.
+ [6f79ced593bb]
+
+ * compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Use libtool to clean objects
+ [1581057d6472]
+
+ * include/Makefile.in:
+ Install sudo_plugin.h as part of "make install" and make other
+ install targets callable from the top-level Makefile
+ [aaaeb027d774]
+
+ * configure, configure.in:
+ regen with autoupdate to eliminate AC_TRY_LINK
+ [5d5541c230f5]
+
+ * Makefile.in, compat/Makefile.in, configure, configure.in,
+ doc/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Install sudo_plugin.h as part of "make install" and make other
+ install targets callable from the top-level Makefile
+ [b258b8401b1c]
+
+ * plugins/sample/sample_plugin.c:
+ The sample plugin doesn't support being run with no args so return a
+ usage error in this case.
+ [473b3cf965be]
+
+ * plugins/sudoers/iolog.c:
+ Set close on exec flag for descriptors used for I/O logging so they
+ are not present in the command being run.
+ [2c7e8708df76]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Set close on exec flag in private versions of setpwent() and
+ setgrent().
+ [64fef78cb833]
+
+ * src/script.c:
+ Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
+ Fixes extra fds being present in the command when it is part of a
+ pipeline.
+ [060451617713]
+
+ * plugins/sudoers/sudoers.c:
+ Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
+ is used when logging). Note that user_ttypath will still be NULL if
+ there is no tty.
+ [31b69a6ecda7]
+
+ * src/script.c, src/sudo.h:
+ Cosmetic changes: add comments, remove orphaned prototype and
+ make a global static.
+ [f7851af0143e]
+
+2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Move check for maxfd == -1 to flush_output where it belongs.
+ [b826a95b4491]
+
+ * src/script.c:
+ Break out of select loop if all the fds we want to select on are -1.
+ [f5b387024238]
+
+ * src/sudo.c:
+ Avoid possible malloc(0) if plugin returns an empty groups list.
+ [9765a8fe5ce7]
+
+ * src/sudo.c:
+ Add debugging info when calling plugin close function
+ [95a273c7ff66]
+
+ * src/script.c:
+ Avoid closing stdin/stdout/stderr when we are piping output.
+ [330e76423caf]
+
+ * src/script.c:
+ When execve() of the command fails, it is possible to receive
+ SIGCHLD before we've read the error status from the pipe. Re-order
+ things such that we send the final status at the very end and prefer
+ error status over wait status.
+ [b0dcf825244f]
+
+2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Fix compilation for non PAM/BSD auth/AIX auth
+ [e382b39d2e4f]
+
+2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Additional checks to make sure we don't close /dev/tty by mistake.
+ When flushing, sleep in select as long as we have buffers that need
+ to be written out.
+ [8139cbd3dd54]
+
+ * src/script.c:
+ Now that we can use pipes for stdin/stdout/stderr there is no longer
+ a need to error out when there is no tty. We just need to make sure
+ we don't try to use the tty fd if it is -1.
+ [666621635d26]
+
+2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
+ Add argc and argv to I/O logger open function.
+ [0d7faa007d27]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
+ plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
+ src/parse_args.c, src/sudo.c, src/sudo_edit.c:
+ Remove check_sudoedit function pointer in struct sudo_policy.
+ Instead, sudo will set sudoedit=true in the settings array. The
+ plugin should check for this and modify argv_out as appropriate in
+ check_policy.
+ [c0328e3276b8]
+
+2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
+ src/sudo_edit.c:
+ If plugin sets "sudoedit=true" in the command info, enable sudoedit
+ mode even if not invoked as sudoedit. This allows a plugin to
+ enable sudoedit when the user runs an editor.
+ [96d67b99e42e]
+
+2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ gram.h must not depend on gram.y if we want to avoid unnecessary
+ rebuilding of targets dependent on gram.h when gram.y changes.
+ [9db4b767fdca]
+
+ * plugins/sample/sample_plugin.c:
+ Refactor common bits of check_policy and check_edit
+ [ac4d366a04cf]
+
+ * plugins/sample/sample_plugin.c:
+ Add sudoedit support
+ [a1a6cc4c0cef]
+
+2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Rely more on VPATH; fixes a dependency issue with the parser.
+ [45e406ebdea2]
+
+ * include/compat.h:
+ Fix typo introduced in last commit
+ [3ccb0f853d11]
+
+ * include/compat.h:
+ Emulate seteuid using setreuid() or setresuid() as needed. There are
+ still a few places that call seteuid() directly.
+ [36e8efa3a99d]
+
+ * src/parse_args.c, src/sudo_edit.c:
+ Attempt to fix building on systems that only have setuid.
+ [8e9ba4083318]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Clarify sudoedit a tad.
+ [d39dfaa14ade]
+
+2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Fix compilation on HP-UX
+ [f6e47843d139]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document sudoedit
+ [4cbf5196d993]
+
+ * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
+ Change how we handle the sudoedit argv. We now require that there
+ be a "--" in argv to separate the editor and any command line
+ arguments from the files to be edited.
+ [20623d549a3c]
+
+ * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c:
+ Work in progress support for sudoedit. The actual interface used by
+ the plugin for sudoedit is likely to change.
+ [c31262a31997]
+
+ * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
Make find_path() a little more generic by not checking def_foo
variables inside it. Instead, pass in ignore_dot as a function
argument.
- [16c3f27cd9b9] <1.7>
+ [9c23101a094d]
- * check.c:
- Store info from stat(2)ing the tty in the tty ticket when tty
- tickets are in use. If the tty lives on a devpts (Linux) or devices
- (Solaris) filesystem, stash the ctime in the tty ticket file, as it
- is not updated when the tty is written to. This helps us determine
- when a tty has been reused without the user authenticating again
- with sudo.
- [f9aec9ab9054] <1.7>
-
- * boottime.c, check.c, sudo.h:
- get_boottime() now fills in a timeval struct
- [dbd2003659c0] <1.7>
+ * plugins/sudoers/env.c:
+ Add version of getenv(3) that uses our own environ pointer.
+ [0e3783e63534]
-2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
- gettime.c, sudo.h, sudo_edit.c, visudo.c:
- Use timeval directly instead of converting to timespec when dealing
- with file times and time of day.
- [c85bf3e41839] <1.7>
+ * src/script.c:
+ Avoid a potential race condition if SIGCHLD is received immediately
+ before we call select().
+ [99adc5ea7f0a]
- * auth/pam.c:
- Fix OpenPAM detection for newer versions.
- [67f29a0703d0] <1.7>
+ * plugins/sudoers/sudoers.c:
+ Call env_init() before we open the sudoers sources as those may call
+ our setenv() replacement.
+ [5f82601f5ab0]
- * vasgroups.c:
- Sync with Quest sudo git repo
- [2680ad9762c2] <1.7>
+ * plugins/sudoers/env.c:
+ Initialize env_len in env_init()
+ [7ae02b3029b5]
- * aclocal.m4, configure, configure.in:
- HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
- libvas may need libdl for dlopen() Add missing template for
- ENV_DEBUG Adapted from Quest sudo
- [6c886eb9070a] <1.7>
+2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP:
- Fix typos; from Quest Sudo
- [cf258fc69f1a] <1.7>
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
+ Document time stamp shortcomings under SECURITY NOTES Use "time
+ stamp" instead of timestamp.
+ [2b86120815b2]
- * Makefile.in, configure.in:
- Use value of SHELL from configure in Makefile
- [08aaf12221d6] <1.7>
+ * doc/Makefile.in:
+ Make sed substitution of mansectsu and mansectform global.
+ [94588632dba0]
-2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/check.c:
+ If the tty lives on a devpts filesystem, stash the ctime in the tty
+ ticket file, as it is not updated when the tty is written to. This
+ helps us determine when a tty has been reused without the user
+ authenticating again with sudo.
+ [0e62a31bceb0]
- * env.c:
- Handle duplicate variables in the environment. For unsetenv(), keep
- looking even after remove the first instance. For sudo_putenv(),
- check for and remove dupes after we replace an existing value.
- [086c6397d8cd] <1.7>
+ * src/tgetpass.c:
+ Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
+ is what our compat checks set.
+ [df50f0a040c9]
+
+ * configure, configure.in:
+ Add check for whether sudo need to link with -ldl to get dlopen().
+ This is a bit of a hack that will get reworked when libtool is
+ updated.
+ [63bdcf579533]
+
+ * plugins/sudoers/check.c:
+ Fix timestamp removal with -k/-K
+ [6b4639fef973]
+
+ * plugins/sudoers/Makefile.in:
+ audit.c is now private to the sudoers plugin
+ [1974f342ae0b]
+
+ * configure, configure.in:
+ Link with -lpthread on HP-UX since a plugin may be linked with
+ -lpthread and dlopen() will fail if the shared object has a
+ dependency on -lpthread but the main program is not linked with it.
+ [d42139391263]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
+ Add separate test for getresuid() since HP-UX has setresuid() but no
+ getresuid().
+ [910fe727a374]
+
+ * doc/Makefile.in:
+ Remove errant backslash
+ [dd5464257c69]
+
+ * src/script.c:
+ Fix SIGPIPE handling. Now that we use may use pipes for
+ stdin/stdout we need to pass any SIGPIPE we receive to the running
+ command.
+ [3f6b1991f4fd]
+
+ * src/script.c:
+ Also start the command in the background if stdin is not a tty.
+ [d93bc33a3740]
+
+2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
+ No need to use pseudo-cbreak mode now that we use pipes when stdout
+ is not a tty. Instead, check whether stdin is a tty and if not,
+ delay setting the tty to raw mode until the command tries to access
+ it itself (and receives SIGTTIN or SIGTTOU).
+ [e68315cf8c6b]
+
+ * src/tgetpass.c:
+ Use an array for signals received instead of a single variable so we
+ don't lose any when there are multiple different signals.
+ [2ac726dac864]
+
+ * src/tgetpass.c:
+ Do signal setup after turning off echo, not before. If we are using
+ a tty but are not the foreground pgrp this will generate SIGTTOU so
+ we want the default action to be taken (suspend process).
+ [bebb6209c795]
+
+2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Flush the iobufs on suspend or child exit using the same logic as
+ the main event loop.
+ [c627feee1035]
+
+ * src/script.c:
+ Free memory after we are done with it.
+ [8db9b611b45a]
+
+2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/HISTORY:
+ Quest now sponsors Sudo development
+ [6cc490083bc7]
+
+2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ Install sudo_plugin man page.
+ [c253729790b2]
+
+ * src/script.c:
+ Go back to reseting io_buffer offset and length (and now also the
+ EOF handling) in the loop we do the FD_SET, not after we drain the
+ buffer after write() since we don't know what order reads and writes
+ will occur in.
+ [5f38bfa8497f]
+
+ * MANIFEST:
+ audit files moved to sudoers plugin directory
+ [b1ead182428e]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document plugin_printf and new logging functions.
+ [fe9430b60ab5]
+
+ * src/script.c:
+ Add support for logging stdin when it is not a tty. There is still a
+ bug where "cat | sudo cat" has problems because both cat and sudo
+ are trying to read from the tty.
+ [04c9c59fcfba]
+
+ * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/sudoers.c, src/script.c:
+ Add separate I/O logging functions for tty in/out and
+ stdin/stdout/stderr. NOTE: stdin logging does not currently work and
+ is disabled for now.
+ [a36dfd4ca935]
+
+2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
+ Add pointer to a printf like function to plugin open functon. This
+ can be used instead of the conversation function to display info and
+ error messages.
+ [98734eea8ef1]
+
+ * Makefile.in:
+ Stop if make in a subdir fails
+ [228bb3ad2dbc]
+
+ * src/script.c:
+ Only set user's tty to blocking mode when doing the final flush.
+ Flush pipes as well as pty master when the process is done.
+ [20ff67218666]
+
+2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Use print_error() when displaying ldap config info in debugging
+ mode.
+ [d142e0cacb22]
+
+ * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
+ No longer need strdup() or strndup() replacements.
+ [df53697174ec]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.h:
+ Add print_error() function that uses the conversation function to
+ print a variable number of error strings and use it in log_error().
+ [b1fa2861b575]
+
+ * src/script.c, src/sudo.h, src/term.c:
+ Do not need the opost flag to term_copy() now that we use pipes for
+ stdout/stderr when they are not a tty.
+ [f42811f70a19]
+
+ * src/script.c:
+ Use pipes to the sudo process if stdout or stderr is not a tty.
+ Still needs some polishing and a decision as to whether it is
+ desirable to add additonal entry points for logging
+ stdout/stderr/stdin when they are not ttys. That would allow a
+ replay program to keep things separate and to know whether the
+ terminal needs to be in raw mode at replay time.
+ [1a945e0ab2da]
+
+2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
+ src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
+ Move audit sources into the sudoers plugin dir; the driver does not
+ use them.
+ [50ec36422cd0]
+
+ * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
+ compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
+ src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
+ src/term.c, src/ttysize.c:
+ Use angle brackets when including headers that can only be found
+ when an -I flag is specified. The files in the compat dir could get
+ away with double quotes here but I've converted all the source files
+ to use angle brackets for consistency.
+ [9e30a8fc6d4b]
+
+ * plugins/sudoers/Makefile.in:
+ Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
+ dir can be found when building outside the source tree.
+ [1150934b79dd]
+
+ * plugins/sudoers/Makefile.in:
+ Clean up links in distclean
+ [78595028be8b]
+
+ * plugins/sudoers/Makefile.in:
+ Hack around VPATH semantic differences by symlinking files we need
+ from ../../src into the current directory and build those. A better
+ fix would be to either make a .a or .la file with those files in it
+ or simply use a single, flat, Makefile instead of per-subdirs
+ Makefiles.
+ [892c332d3f05]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
+ fmt_string is used by the sudoers plugin too so do not include
+ sudo.h (which is not really needed here anyway)
+ [231c35e3941f]
+
+ * compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Fix building with non-BSD versions of make such as GNU make.
+ Requires VPATH support, which should be in any non-neolithic make.
+ [dc174f135919]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
+ src/Makefile.in:
+ Re-enable bsm audit. Currently auditing is done within the sudoers
+ plugin itself. If possible, this should really be done in the main
+ driver but we don't presently have the needed data to do that. This
+ will be re-evaluated when Linux audit support is added.
+ [1d05a3236bfe]
+
+ * compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
+ of explicit rules in the dependency.
+ [88f80efd25f0]
+
+ * plugins/sudoers/visudo.c:
+ Fix mismerge; alias_remove_recursive() now returns int
+ [6257a4849641]
2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c:
+ * plugins/sudoers/visudo.c:
Fix a crash when checking a sudoers file that has aliases that
reference themselves. Based on a diff from David Wood.
- [5efc702a3b35] <1.7>
+ [545d194484a7]
+
+ * src/script.c:
+ Print signal info after restoring the tty mode, not before.
+ [a68618e67435]
+
+ * src/script.c:
+ Defer call to alarm() until after we fork the child. Pass correct
+ pid to terminate_child() If the command exits due to signal, set
+ alive to false like we do when it exits normally. Add missing
+ check for errpipe[0] != -1 before using it in FD_ISSET
+ [22f0a1549391]
+
+2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/boottime.c:
+ Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
+ [0e627170c6e8]
+
+2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in:
+ Simplify dependencies by using .c.o and .c.lo rules.
+ [6abcaef5d1ac]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Substitute in @PROGS@ into src/Makefile to add sesh
+ [cc46d3b6208f]
+
+2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Add back calls to log_denial() if sudoers does not allow the
+ command.
+ [9783316207f0]
+
+ * plugins/sudoers/sudoers.c:
+ Pass in correct pwflag for list and validate.
+ [973dd56d4b81]
+
+ * plugins/sudoers/env.c:
+ Add missing check for NULL in validate_env_vars
+ [1d6eb6957824]
+
+ * src/Makefile.in:
+ Add sudo_noexec.la to "all" target, otherwise it only gets built at
+ install time.
+ [644a9694d2ef]
+
+ * plugins/sudoers/sudoers.c:
+ Only set sudo_user.env_vars if the env_add list is empty.
+ [fccdf6f0e0e2]
+
+ * plugins/sudoers/sudoers.c:
+ Set sudo_user.env_vars so that environment variables specified on
+ the command line get logged correctly.
+ [9b51012c491e]
+
+ * plugins/sudoers/env.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Re-enable environment files and setting environment variables on the
+ command line.
+ [5662d5645dbd]
+
+2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
+ a pointer to time_t as tv_sec in struct timeval may be long.
+ [4de0c46e788e]
+
+ * plugins/sudoers/check.c:
+ Don't stash ctime in on-disk tty ticket info for now; on many
+ (most?) systems the ctime is updated when the tty is written to.
+ Once I have a better idea of what systems do not update ctime on
+ ttys (and have a way to test for this) the ctime stash will be
+ conditionally re-enabled.
+ [a90eeec0f648]
+
+2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in:
+ Add back "dist" target, this time using a MANIFEST file
+ [29277c05499f]
+
+ * Makefile.in:
+ Remove Makefile in distclean target
+ [83d695f4f450]
+
+ * Makefile.in, src/Makefile.in:
+ Update clean and cleandir targets
+ [ad7b2afeb9c1]
+
+ * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
+ src/sudo.h:
+ Move fileops.c defines and prototypes to filesops.h
+ [4545e9b6892d]
+
+ * plugins/sudoers/check.c:
+ Lock the tty timestamp when writing. We shouldn't have to lock when
+ reading since the file is updated via a single write system call.
+ [0c7276f02696]
+
+2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/alias.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
+ Convert to ANSI C function declarations
+ [9c45def57cf7]
+
+ * plugins/sudoers/sudoers.h:
+ Remove extraneous bits and classify by source file.
+ [e8ea9f109ebb]
+
+ * include/compat.h:
+ Add timercmp macro for systems without it
+ [d3bf87b1d08e]
+
+ * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/sudoers.h:
+ get_boottime() now fills in a timeval struct
+ [3573c3f44e11]
+
+ * plugins/sudoers/check.c:
+ Store info from stat(2)ing the tty in the tty ticket when tty
+ tickets are in use. On most systems, this closes the loophole
+ whereby a user can log out of a tty, log back in and still have the
+ timestamp be valid.
+ [53380f9f5242]
+
+ * config.h.in, configure.in:
+ Add timespec2timeval and use it when getting ctime/mtime
+ [4cb7f7caec2c]
+
+2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Convert perm setting to push/pop model; still needs some work Use
+ the stashed runas groups instead of using getgrouplist() Reset perms
+ to the initial value on error
+ [09c072ebde8b]
+
+ * config.h.in, configure.in:
+ fix ctim_get and mtim_get macros
+ [58773dc1e360]
+
+ * config.h.in, configure, configure.in, include/compat.h,
+ plugins/sudoers/check.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
+ Use timeval directly instead of converting to timespec when dealing
+ with file times and time of day.
+ [a0ce1ae00a67]
+
+ * plugins/sudoers/Makefile.in:
+ Don't like sudoreplay with libsudoers.la due to a yacc symbol
+ conflict.
+ [f1a59cc63a15]
+
+2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Darwin >= 9.x has real setreuid(2)
+ [7ec942a64275]
+
+2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
+ Ansify env.c
+ [f58551bad10a]
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Remove remaining references to the environ pointer.
+ [96faa530816a]
+
+2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, plugins/sudoers/env.c:
+ Don't change the environ directly in the sudoers plugin
+ [6db48ed3f7e0]
2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c:
+ * plugins/sudoers/sudoers.c:
+ Fix typo
+ [4aa452b07f8f]
+
+ * plugins/sudoers/alias.c:
Fix use after free in error message when a duplicate alias exists.
- [9eaac49bd22b] <1.7>
+ [ce1d2812ee34]
2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c:
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ src/parse_args.c:
+ Add a "noninteractive" boolean to the settings passed in to the
+ plugin's open function that is set when the user specifies the -n
+ flag.
+ [68f8d9d6d4d0]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/env.c:
+ Add workaround for the lack of the environ pointer on Mac OS X in
+ dlopen()ed modules. Use of environ in the sudoers plugin should
+ ultimately be removed but this will do for the moment.
+ [80c61647434f]
+
+ * plugins/sudoers/visudo.c:
Set errorfile to the sudoers path if we set parse_error manually.
This prevents a NULL dereference in printf() when checking a sudoers
file in strict mode when alias errors are present.
- [b4eed2f0615d] <1.7>
+ [45e249ca99f7]
+
+ * plugins/sudoers/sudoers.c:
+ Main sudo no longer print "unable to execute" on exec failure so do
+ it here.
+ [50aaf62b43b5]
+
+2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Use a pipe to pass back errno to the parent if execve() fails. If we
+ get an error in script_child(), kill the command and exit.
+ [dc3bf870f91b]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ src/parse_args.c, src/sudo.c:
+ Handle plugin's open function returning -2 (usage error).
+ [aadf900c1de8]
+
+ * src/script.c:
+ If execve() fails, leave it to the plugin to print an error string.
+ [e25748f2d5b9]
+
+ * src/script.c:
+ If execve fails in logging mode, pass the errno directly to the
+ grandparent on the backchannel and exit. The immediate parent will
+ get SIGCHLD and try to report that status but its parent will no
+ longer be listening. It would probably be cleaner to pass this over
+ a pipe in script_child().
+ [cb122acc81a8]
+
+ * plugins/sudoers/sudoers.c:
+ Don't override rval with results of check_user() unless it failed.
+ [46fb7e87ac7d]
2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
Fix typo
- [57198cae9cf5] <1.7>
+ [ccd0b693f3da]
+
+ * src/parse_args.c:
+ NULL-terminate env_add
+ [2c534368a0c3]
+
+2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ Call the I/O log open function before the I/O version function.
+ [e88bf898990b]
+
+ * plugins/sudoers/iolog.c:
+ Remove io_conv and just use sudo_conv
+ [a280052468eb]
+
+ * plugins/sudoers/set_perms.c:
+ Fix set/restore perms for systems w/o setresuid
+ [4160517f6666]
+
+2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/logging.c,
+ plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Primitive set/restore permissions. Will be replaced by a push/pop
+ model.
+ [aae102290866]
+
+ * src/script.c:
+ Only need to take action on SIGCHLD in parent if no I/O logger. If
+ there is an I/O logger we will receive ECONNRESET or EPIPE when we
+ try to read from the socketpair.
+ [e1e4560401f6]
2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * find_path.c:
- Qualify the command even if it is in the current working directory,
- e.g. "./foo" instead of just returning "foo". This removes an
- ambiguity between real commands and possible pseudo-commands in
- command matching.
- [fb4d571495fa] <1.7>
+ * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.pod, plugins/sudoers/find_path.c:
+ Merge fb4d571495fa from the 1.7 branch to trunk.
+ [c8fb424ad4d2]
+
+2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Don't set SA_RESTART when registering SIGALRM handler. Do set
+ SA_RESTART when registering SIGWINCH handler.
+ [173472b76525]
+
+ * doc/Makefile.in:
+ Add dev targets for *.man.in and *.cat that don't specfify the
+ $(srcdir) prefix.
+ [b62f425da2e4]
+
+ * src/script.c:
+ If log_input or log_output returns false, terminate the command.
+ [074f4c0c34a0]
+
+ * src/script.c:
+ Better signal handling. Instead of using a single variable to store
+ the received signal, use an array so we can't lose a signal when
+ multiple are sent. Fix process termination by SIGALRM in non-I/O
+ logger mode. Fix relaying terminal signals to the child in non-I/O
+ logger mode.
+ [7a4723aca99d]
+
+ * src/script.c:
+ Fix a race between when we get the child pid in the parent and when
+ the child process exits. The problem exhibited as a hang after a
+ short-lived process, e.g. "sudo id" when no IO logger was enabled.
+ [80bcc0aca70b]
2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in, sudoers.pod:
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
Add a note about the security implications of the fast_glob option.
- [84f8097553d9] <1.7>
+ [c37a92ab7c93]
- * memrchr.c:
- Remove duplicate includes
- [3e8d90f4c30f] <1.7>
+2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Fix up some AC_DEFINE descriptions and regen config.h.in
+ [f4655adc0db3]
+
+2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ No longer check for strdup or strndup for LIBOBJ replacement.
+ [fdc764ee8109]
+
+ * src/script.c:
+ Avoid installing signal handlers that are io-logger specific. Fixes
+ job control when no io logger is enabled.
+ [0853dd0906d4]
+
+ * doc/Makefile.in:
+ Only regen man pages from pod when configured with --with-devel
+ [ab1995f8103d]
+
+2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile, Makefile.in, configure, configure.in:
+ Top-level Makefile.in. Nothing is currently substituted but this is
+ needed for separate build dirs.
+ [e80873cbd201]
+
+ * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Fix out-of-tree builds
+ [59a35bef07b8]
+
+ * Merge
+ [386b848047e9]
+
+ * doc/Makefile.in:
+ We always install sudoreplay in 1.8
+ [ce52ba6617c9]
+
+2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/siglist.in:
+ SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
+ [6d69e1b05faf]
+
+2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ No need to provide strdup() or strndup(), sudo uses estrdup() and
+ estrndup()
+ [57ec23b72958]
+
+2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Free str after using it in the version method. Use sudo_conv, not
+ io_conv since we don't have the IO conversation function pointer in
+ the I/O version method anymore now that io_open is delayed.
+ [f2ed132adeb0]
+
+2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
+ compat/siglist.in:
+ Add license to mksiglist.c and note that the bits from pdksh are
+ public domain
+ [d8121a2467e8]
+
+ * compat/Makefile.in:
+ Fix LIBOBJDIR vs. srcdir wrt the siglist bits
+ [164160148421]
+
+ * plugins/sudoers/Makefile.in:
+ Add sudoreplay testsudoers and visudo to clean target
+ [138a17e51c0c]
+
+ * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
+ compat/siglist.in, compat/strsignal.c, configure, configure.in,
+ include/missing.h, src/script.c:
+ Create our own sys_siglist for systems without it for use by
+ strsignal()
+ [2e5da011ebc3]
+
+ * compat/Makefile.in:
+ Remove duplicate $(LIBOBJDIR)
+ [adf9abc9432f]
+
+2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
+ Main sudo should not block signals; the plugin should do this in
+ check_policy.
+ [3f3736a7c5ed]
+
+2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Fix a sizeof(ptr) vs. sizeof(*ptr)
+ [aa1bcf5afcce]
+
+ * src/script.c:
+ Unlike most operating systems, HP-UX select() is not interrupted by
+ SIGCHLD when the signal is registered with SA_RESTART. If we clear
+ SA_RESTART when calling sigaction() for SIGCHLD we get the expected
+ behavior and the code in the select() loops already handles EINTR
+ correctly.
+ [9eba0115e35a]
+
+ * compat/getprogname.c:
+ progname should be const
+ [130228f062b7]
+
+ * plugins/sudoers/Makefile.in:
+ Move --tag=disable-static to when we link sudoers.la, not when we
+ install.
+ [ceb5e6c3b78b]
+
+ * src/load_plugins.c:
+ Load the sudoers I/O plugin by default too now that it is hooked up.
+ [ea38befd0742]
+
+2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/pty.c:
+ It looks like AIX doesn't need to push STREAMS modules for ptys.
+ [22da618ba0a1]
+
+2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c, src/sudo.c:
+ Delay calling the I/O plugin open function until the policy plugin
+ returns success.
+ [f3297c325b48]
+
+2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add back io logging (transcript) support. Currently, the open
+ function runs too early and it is not possible to use the io module
+ independently of the policy module.
+ [9bd932f66226]
+
+ * plugins/sudoers/set_perms.c:
+ Comment out dead code; will be removed when set_perms is rewritten.
+ [af7a995284f8]
+
+2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix off by one error when allocating user_groups.
+ [6281fcf9c3bb]
2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
+ [fbce3e9eda3a]
+
+ * plugins/sudoers/sudoers.c:
+ Fix typo in preserve groups case
+ [1fd72024fb5a]
+
+ * plugins/sudoers/sudoers.c:
+ In command_info it is "runas_groups" not "groups".
+ [5c64dce4f285]
+
+ * src/sudo.c:
+ Fix iteration over runas_groups list.
+ [b3c45a0cd643]
+
+ * configure, configure.in, plugins/sudoers/env.c,
+ plugins/sudoers/match.c, src/script.c:
+ Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
+ [a8108a0776c2]
+
+ * compat/getgrouplist.c:
+ getgrouplist(3) for those without it
+ [4ab4d21e3b16]
+
+ * plugins/sudoers/sudoers.c:
+ Set preserve_groups or groups list in command_info
+ [1266119ad654]
+
+ * src/sudo.c:
+ Fix setting of groups list
+ [e75315e40bd4]
+
+ * config.h.in, configure, configure.in, include/compat.h,
+ include/missing.h:
+ Add checks for getgrset and getgrouplist and use replacement
+ getgrouplist if the system doesn't support it.
+ [a62b8ba50863]
+
+ * src/parse_args.c:
+ Pass in preserve_groups when the -P flag is specified as per the
+ design
+ [7420c5d15474]
+
+ * plugins/sudoers/sudoers.c:
+ Check preserve_groups and ignore_ticket args with atobool instead of
+ assuming they are true if present.
+ [71c905702697]
+
+2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
+ plugins/sudoers/plugin_error.c:
+ Rename plugin-specific error.c to plugin_error.c Wire up visudo,
+ sudoreplay and testsudoers in the build
+ [9d581d5fa4d4]
+
+ * src/Makefile.in, src/term.c:
+ term.c does not needto include sudo.h
+ [f6683cdcd2dd]
+
+ * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.pod:
+ Document the -2 return in the check_policy section too
+ [e9cb4c34bbcf]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/parse_args.c, src/sudo.c, src/sudo.h:
+ Fix the -s and -i flags and add support for the "implied_shell"
+ option. If the user does not specify a command, sudo will now pass
+ in the path to the user's shell and set impied_shell=true. The
+ plugin can them either check the command normally or return -2 to
+ cause sudo to print a usage message and exit.
+ [bf889c38f229]
+
+2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/load_plugins.c:
+ Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
+ Darwin where libraries end in .dylib but modules end in .so
+ [2c56aaa38e21]
+
+ * plugins/sudoers/parse.c:
+ Better prefix determination now that we can't rely on len==0 to tell
+ the beginning on an entry.
+ [622bf18179e9]
+
+ * plugins/sudoers/ldap.c:
+ display_bound_defaults() stub should return 0, not 1 since it is a
+ count, not a boolean.
+ [0327a6c3d55d]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document progname in settings
+ [42031d56a2e3]
+
+ * compat/getprogname.c, include/compat.h,
+ plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
+ src/parse_args.c, src/sudo.c:
+ Rewrite compat/getprogname.c and add setprogname(). The progname is
+ now passed to the plugin via the settings array.
+ [25d8663e6006]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Fix --with-ldap
+ [b64b633f426d]
+
+ * plugins/sudoers/sudo_nss.c:
+ Add missing whitespace for Runas and Command-specific defaults
+ [65f4ddf5545e]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sudo_nss.c:
+ Use embedded newlines in lbuf instead of multiple calls to
+ lbuf_print.
+ [eed3af9cc3e1]
+
+ * src/lbuf.c:
+ Add support for embedded newlines.
+ [e11f79b18deb]
+
+2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/getprogname.c:
+ If system doesn't support getprogname or __programe and we are
+ building a shared object don't bother with Argc/Argv, just return
+ "sudo"
+ [aebde9062be7]
+
+ * config.h.in, configure, configure.in, src/load_plugins.c:
+ Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
+ appears to always install a shared object with the .so suffix.
+ [f9bbd0c0e9d3]
+
+ * compat/Makefile.in, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Play more nicely with libtool and let it build libreplace (was
+ libmissing) for us.
+ [a4c6ebb2495c]
+
+ * include/missing.h:
+ Include stdarg.h for va_list rather than requiring all consumers of
+ missing.h to include stdarg.h themselves.
+ [37382df948de]
+
+ * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
+ src/parse_args.c:
+ Pass in output function to lbuf_init() instead of writing to stdout.
+ A side effect is that the usage info can now go to stderr as it
+ should.
+ [6d261261a072]
+
+2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/lbuf.h, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
+ src/parse_args.c, src/sudo.c:
+ Use number of tty columns that is passed in user_info instead of
+ getting it directly in the lbuf code.
+ [8a16635c2638]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/match.c,
+ plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/visudo.c:
+ Kill __P in sudoers
+ [63601e6cb171]
+
+ * config.h.in, configure, configure.in, src/load_plugins.c:
+ Set the sudoers plugin name in configure so we get the extension
+ right.
+ [edad89924cd1]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document lines/cols in user_info
+ [a808872394f3]
+
+ * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
+ Add tty size to user info
+ [23f3d27e77a7]
+
+ * src/script.c:
+ Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
+ [a2208dd09051]
+
+2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
+ out if we fail to lookup the user's name that is passed in
+ [e4e3728ed482]
+
+ * plugins/sudoers/error.c:
+ Pass the error value back via siglongjmp.
+ [667b8ad575ce]
+
+ * plugins/sudoers/check.c:
+ Use conversation function for lecture.
+ [1ab4719f509b]
+
+ * plugins/sudoers/check.c:
+ Don't update ticket file if verify_user returns FALSE.
+ [2bbc46a39a2b]
+
+2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Wire up invalidate and validate methods for sudoers
+ [c0630c7bca47]
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add support for -k flag with a command.
+ [edad239b098b]
+
+ * src/parse_args.c:
+ Allow -k to be specified with a command.
+ [43a45add9974]
+
+ * plugins/sudoers/sudoers.c:
+ Wire up policy_list
+ [27cc35699eca]
+
+ * plugins/sudoers/error.c:
+ Add newline at the end of message and space after the colon in
+ warning message
+ [5a591aa8e744]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Add missing newline after pass password warning
+ [337dba3870a7]
+
+ * plugins/sudoers/sudoers.c:
+ Set user_groups and user_ngroups based on user_info
+ [61bee85128c8]
+
+ * plugins/sudoers/error.c:
+ Make this compile
+ [7041c441e1c8]
+
+ * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
+ Make _warning in error.c use the conversation function and remove
+ commented out warning/warningx in sudoers.c.
+ [7c9b09024b63]
+
+ * plugins/sudoers/logging.c:
+ Use siglongjmp() in log_error for fatal errors
+ [b50e26f1c73f]
+
+ * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
+ Quiet a libtool warning
+ [b2331fb006bc]
+
+ * Makefile:
+ Build sudoers plugin
+ [5cdf06e66978]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Use warningx in yyerror() so the conversation function gets used
+ when built as part of sudoers.
+ [85f964215eef]
+
+2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Rename sudo_conv to conversation to avoid a namespace conflict.
+ [1ad359d36be9]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/error.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
+ Initial bits of sudoers plugin; still needs work.
+ [af2a2c59a952]
+
+ * config.h.in:
+ Add HAVE_STRDUP and HAVE_STRNDUP
+ [50a3c0dd510f]
+
+ * compat/Makefile.in, configure, configure.in:
+ Build libmissing in two flavors (one PIC one non-PIC) and link with
+ the appropriate one.
+ [b62f411a4c18]
+
+ * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
+ compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
+ Build libmissing in two flavors (one PIC one non-PIC) and link with
+ the appropriate one.
+ [e1e04972b5fe]
+
+2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Add strdup and strndup and fix strsignal
+ [c159babe2896]
+
+2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/strdup.c, compat/strndup.c, configure, configure.in,
+ plugins/sample/Makefile.in, src/Makefile.in:
+ Add strdup and strndup to compat
+ [25c9fd399a4d]
+
+ * plugins/sample/sample_plugin.c:
+ Need to include compat.h before missing.h
+ [c94f7aad380f]
+
+ * compat/strsignal.c:
+ Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
+ it doesn't exist configure will set it to 0.
+ [384580566389]
+
+ * compat/glob.c:
+ Fix botched ANSI C coversion of globexp2()
+ [4a344b8cbe49]
+
* configure, configure.in:
- Fix installation of sudoers.ldap in "make install" when --with-ldap
- was specified without a directory. From Prof. Dr. Andreas Mueller
- [5177a284b9ff] <1.7>
+ Remove redundant getgroups check
+ [0b16ec210c81]
+
+ * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
+ Require either termios or termio, no more sgtty.
+ [9b2fa2f17a1c]
+
+ * compat/strsignal.c, config.h.in, configure, configure.in:
+ Change the sys_siglist check to use AC_CHECK_DECLS and also check
+ for _sys_siglist and__sys_siglist
+ [2e078fed2408]
+
+2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, src/Makefile.in:
+ Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
+ use SUDO_OBJS for the main driver as part of OBJS.
+ [9ae4a80a5ade]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Mention in the conversation function section that a newline is not
+ implicit.
+ [04a233b6c491]
+
+ * include/compat.h:
+ Add definition of WCOREDUMP for systems without it. This is known
+ to work on AIX and SunOS 4, but may be incorrect on other systems
+ that lack WCOREDUMP.
+ [c85b3ce6b77d]
2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c:
- When doing a glob match, short circuit if gl.gl_pathc is 0. From
- Mark Kettenis.
- [549f8f7c2463] <1.7>
+ * plugins/sample/sample_plugin.c, src/conversation.c:
+ conversation function no longer puts a newline at the end of info or
+ error messages.
+ [c534cae1ac4a]
-2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * script.c:
+ * src/script.c:
Use parent process group id instead of parent process id when
checking foreground status and suspending parent. Fixes an issue
when running commands under /usr/bin/time and others.
- [eac86126e335] <1.7>
+ [564f528c3bb7]
- * env.c:
- In setenv(), if the var is empty, return 1 and set errno to EINVAL
- instead of returning EINVAL directly.
- [d202091ec15e] <1.7>
+2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+ * aclocal.m4:
+ transcript option is now --with not --enable
+ [0646fac4cf93]
- * match.c:
- Check for pseudo-command by looking at the first character of the
- command in sudoers instead of checking the user-supplied command for
- a slash.
- [88f3181692fe] <1.7>
+ * plugins/sample/sample_plugin.c:
+ Add support to -u and -g flags Check fmt_string retval Add timeout
+ for debugging purposes
+ [cfefa4fa60b5]
-2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+ * src/script.c, src/sudo.c:
+ Wire up SIGALRM handler Set close on exec flag for child side of the
+ socketpair Fix signal handling when not doing I/O logging
+ [379581ec7272]
- * toke.l:
- Avoid a duplicate fclose() of the sudoers file.
- [164d39108dde] <1.7>
+ * src/sudo.c:
+ g/c unused SIGCHLD handler
+ [0afa03912dce]
- * toke.l:
- Fix size arg when realloc()ing include stack. From Daniel Kopecek
- [8900bccef219] <1.7>
+ * src/fmt_string.c, src/parse_args.c, src/sudo.c:
+ Don't use emalloc() in fmt_string(); we want to be able to use it
+ from a plugin.
+ [ade64d368147]
+
+ * include/list.h:
+ tq_remove not list_remove
+ [0e0e1fd5c31c]
+
+ * configure, configure.in:
+ AUTH_OBJS should contain .lo files not .o files.
+ [c64c82c9d5a2]
+
+2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c:
+ Simplify conversion of command line args to name=value pairs.
+ [75ab127c6a94]
+
+ * plugins/sample/sample_plugin.c:
+ Handle NULL reply from conversation function
+ [6ce09b6cb204]
+
+ * compat/getline.c:
+ Don't depend on emalloc/erealloc
+ [73df09e2109f]
+
+ * plugins/sample/Makefile.in:
+ Use $(OBJS) instead of sample_plugin.lo
+ [2d995db9aa99]
-2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sample/sample_plugin.c:
+ runas_user is in settings not user_info
+ [7ee12068bc57]
+
+ * src/parse_args.c:
+ Fix a mismatch between sudo_settings and settings_pairs that causes
+ some settings to get the wrong values.
+ [b1bc6d81a65f]
+
+2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
+ src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
+ src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
+ Convert to ANSI C
+ [d03b6e4a3b75]
+
+ * src/load_plugins.c:
+ Fix strlcpy() return value check.
+ [7cd66999a374]
+
+ * INSTALL, configure, configure.in:
+ No longer need to substitute in script.o and pty.o; I/O logging
+ support is always built.
+ [45250024c5dc]
- * aix.c, config.h.in, configure, configure.in:
- Use setrlimit64(), if available, instead of setrlimit() when setting
+2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Add fallback to /bin/sh when execve() fails with ENOEXEC.
+ [7684a15a1352]
+
+ * include/alloc.h, src/alloc.c:
+ Add estrndup()
+ [47621c83bed9]
+
+2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c, src/sudo.c:
+ Refactor script_execve() a bit so that it can be used in non-script
+ mode. Needs more cleanup.
+ [f09e022d547c]
+
+ * src/sudo.c:
+ Ignore empty entries in command_info list
+ [1eea9a8de21c]
+
+ * include/list.h, src/list.c:
+ Add tq_remove
+ [40908a617cb2]
+
+ * src/conversation.c:
+ Pass timeout to tgetpass()
+ [9e66c918b771]
+
+ * Makefile:
+ Add ChangeLog target
+ [da4a39150838]
+
+ * README, WHATSNEW:
+ Bump version and update things slightly for sudo 1.8.0
+ [4b73cc45e2d4]
+
+ * configure, configure.in:
+ Sudo now requires an ANSI/ISO C compiler
+ [1e51f72e6964]
+
+ * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
+ src/sudo_noexec.c:
+ Convert to ANSI C
+ [5cbd315dbde8]
+
+ * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
+ include/list.h, include/missing.h:
+ Convert to ANSI C
+ [3f5016ff64f4]
+
+ * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
+ compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/glob.h,
+ compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
+ compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
+ compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
+ compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
+ compat/utimes.c:
+ Convert to ANSI C
+ [0d635c85461c]
+
+2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c, src/tgetpass.c:
+ Make user_details extern so tgetpass can get at the uid and gid. Set
+ uid/gid to user before executing askpass program. Check environment
+ for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
+ set the askpass program itself
+ [d33606396176]
+
+ * src/sudo.c:
+ No longer need sudo_usage.h in sudo.c
+ [063e2946c382]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
+ src/sudo_usage.h.in:
+ Document -D level command line flag which maps to the debug_level
+ setting.
+ [61f1e2ab3ac1]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document debug_level in plugin doc. Still need to document the -D
+ flag in sudo itself.
+ [8c62daea3e9b]
+
+2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c:
+ include missing,h for vasprintf
+ [92503de49b39]
+
+ * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
+ [14cfb4775238]
+
+ * plugins/sample/sample_plugin.c:
+ Need to include limits.h
+ [bda7f74343d2]
+
+ * compat/glob.c:
+ No more sudo_getpw*
+ [232e52907634]
+
+ * plugins/sample/Makefile.in, src/Makefile.in:
+ Add missing compat bits
+ [4843dd000e08]
+
+ * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
+ compat files should not include sudo.h wire up compat in sample
+ plugin
+ [a175b8185e0f]
+
+ * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
+ Fix up compat dependencies. Fix distclean target in doc/Makefile.in
+ [57e49bc20857]
+
+ * configure, configure.in:
+ Fix typo
+ [333655e3d5fe]
+
+ * plugins/sample/sample_plugin.c:
+ Log input and output to temp files for proof of concept.
+ [ae1dfc34f7d6]
+
+ * Makefile, configure, configure.in, doc/Makefile.in:
+ Add doc Makefile.in and wire it up
+ [6a310443c87d]
+
+ * src/script.c:
+ Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
+ suspending a shell with the "suspend" builtint.
+ [3d65f182819a]
+
+ * src/script.c:
+ In child, handle parent side of the pipe going away.
+ [a29c14d78cd9]
+
+ * src/script.c:
+ No longer need to check for explicit death of the child (process #2)
+ since if it dies we will get EPIPE from the socketpair. Fix a
+ sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
+ sudo_debug.
+ [24c55dd4ff60]
+
+ * src/sudo.c:
+ Make sudo_debug do a single vfprintf() which will result in a single
+ write call on most systems. Avoids problems with interleaved debug
+ printf from different processes. Also remove an extraneous error
+ case since recv() can't return a short read and add some more XXX.
+ [b37a8533ef1e]
+
+2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Fix uninitialized variable.
+ [e012a0a30890]
+
+ * src/Makefile.in:
+ Fix sudo install target
+ [1417fa4b4ab9]
+
+ * src/parse_args.c, src/sudo.c, src/sudo.h:
+ Wire up debug_level
+ [144fab289c73]
+
+ * src/Makefile.in:
+ Fix dependencies
+ [5170940af2ce]
+
+ * configure, configure.in:
+ Fix setting of plugin dir
+ [144eda170a72]
+
+ * Makefile:
+ add clean targets
+ [d53f6f6f5c3a]
+
+ * src/atobool.c:
+ Add missing source for sudo front end
+ [42487de9c489]
+
+ * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
+ Sample plugin demonstrating the sudo plugin API
+ [f1fd62d7644f]
+
+ * Makefile, configure, configure.in, install-sh, pathnames.h.in,
+ plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
+ src/fileops.c, src/fmt_string.c, src/load_plugins.c,
+ src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
+ sudo_usage.h.in:
+ Modular sudo front-end which loads policy and I/O plugins that do
+ most the actual work. Currently relies on dynamic loading using
+ dlopen(). See doc/plugin.pod for the plugin API.
+ [924f6eb2fbba]
+
+ * doc/plugin.pod, include/sudo_plugin.h:
+ Sudo plugin API
+ [374ccbbd24ae]
+
+ * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
+ compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/fileops.c, src/sudo_edit.c:
+ Replace emul/include.h with compat/include.h to match new source
+ tree layout.
+ [7eccd10449a1]
+
+ * src/lbuf.c:
+ Include missing.h for memrchr() proto
+ [03abd63a8a33]
+
+ * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
+ TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
+ alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
+ auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
+ auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
+ auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
+ auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
+ closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
+ compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
+ compat/getline.c, compat/getprogname.c, compat/glob.c,
+ compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
+ compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
+ compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
+ compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
+ compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
+ def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
+ doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
+ doc/license.pod, doc/sample.pam, doc/sample.sudoers,
+ doc/sample.syslog.conf, doc/schema.ActiveDirectory,
+ doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
+ doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
+ emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
+ error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
+ getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
+ gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
+ include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
+ include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
+ interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
+ list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
+ mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
+ nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/API,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
+ plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
+ plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
+ plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
+ plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
+ plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
+ plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
+ sample.pam, sample.sudoers, sample.syslog.conf,
+ schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
+ selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
+ src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
+ src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
+ src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
+ src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
+ strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
+ sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
+ sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+ sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
+ sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
+ term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
+ tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
+ visudo.man.in, visudo.pod, zero_bytes.c:
+ Rework source layout in preparation for modular sudo.
+ [7fc1978c6ad5]
+
+2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Avoid a duplicate fclose() of the sudoers file.
+ [5dba851088c1]
+
+ * Fix size arg when realloc()ing include stack. From Daniel Kopecek
+ [0a2935061e33]
+
+ * Use setrlimit64(), if available, instead of setrlimit() when setting
AIX resource limits since rlim_t is 32bits.
- [2cbb14d98fc1] <1.7>
+ [353db89bac61]
- * logging.c:
- Fix use after free when sending error messages. From Timo Juhani
+ * Fix use after free when sending error messages. From Timo Juhani
Lindfors
- [caf183fd9d94] <1.7>
-
-2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ [e50dbd902382]
* ChangeLog, Makefile.in:
Generate the ChangeLog as part of "make dist" instead of having it
in the repo.
- [836c31615859] <1.7>
-
-2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * Makefile.in:
- Generate correct ChangeLog for 1.7 branch.
- [586dd90b8878] <1.7>
+ [251b70964673]
2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
Remove CVS $Sudo$ tags.
[de683a8b31f5]
+2010-01-18 convert-repo <convert-repo>
+
+ * .hgtags:
+ update tags
+ [9b7aa44ae436]
+
2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo_usage.h.in:
projects / debian / sudo / blobdiff