1 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
3 * plugins/sudoers/po/sudoers.pot:
5 [3682e51af1d0] [tip] <1.8>
8 Fix logic inversion in pot file up to date check.
11 * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat,
12 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
13 doc/visudo.cat, doc/visudo.man.in:
17 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
19 * configure, configure.in:
20 Add caching for gettext() checks.
23 * configure, configure.in:
24 Better handling of libintl header and library mismatch.
27 2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
33 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
35 * Also check sudoers gid if sudoers is group writable.
39 Update for 1.8.2 final
42 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
44 * configure, configure.in:
45 If dlopen is present but libtool doesn't find it, error out since it
46 probably means that libtool doesn't support the system.
49 * configure args on the command line should override builtin defaults.
50 Disable NLS for non-Linux/Solaris unless explicitly enabled.
53 * Fix loop that calls authenticate(). If there was an error message
54 from authenticate(), display it.
57 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
59 * configure, configure.in:
60 Update to autoconf 2.68 and libtool 2.4
63 * Fix typo; OPT should be OTP
66 * Rename libsudoers convenience library to libparsesudoers to avoid
70 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
72 * Add Danish sudoers translation from translationproject.org
75 * Add dedicated callback function for runas_default sudoers setting
76 that only sets runas_pw if no runas user or group was specified by
80 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
82 * Update Finish, Polish, Russian and Ukrainian translations from
83 translationproject.org.
87 Go back to using a callback for runas_default to keep runas_pw in
88 sync. This is needed to make per-entry runas_default settings work
89 with LDAP-based sudoers. Instead of declaring it a callback in
90 def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
91 bit naughty, but avoids requiring stub functions in visudo and the
95 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
97 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
102 Add check for out of date message catalogs when doing "make dist".
105 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
107 * configure, configure.in:
108 Make sure compiler supports static-libgcc before using it.
111 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
113 * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
116 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
118 * Add new Russian sudo translation from translationproject.org and
119 rebuild the other translation files.
122 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
124 * Update Finish and Polish translations from translationproject.org
127 * Go back to escaping the command args for "sudo -i" and "sudo -s"
128 before calling the plugin. Otherwise, spaces in the command args
129 are not treated properly. The sudoers plugin will unescape non-
130 spaces to make matching easier.
133 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
135 * Fix some potential problems found by the clang static analyzer, none
139 * Updated Ukranian and Chinese (simplified) po files from
140 translationproject.org
143 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
145 * Updated Polish translation from translationproject.org
148 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
152 * Don't try to audit failure if the runas user does not exist. We
153 don't have the user's command at this point so there is nothing to
154 audit. Add a NULL check in audit_success() and audit_failure() just
155 to be on the safe side.
158 * Add -g to CFLAG for PIE builds.
161 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
163 * Remove fallback to per-group lookup when matching groups in sudoers.
164 The sudo front-end will now use getgrouplist() to get the user's
165 list of groups if getgroups() fails or returns zero groups so we
166 always have a list of the user's groups. For systems with
167 mbr_check_membership() which support more that NGROUPS_MAX groups
168 (Mac OS X), skip the call to getgroups() and use getgrouplist() so
169 we get all the groups.
172 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
174 * Fix setgroups() fallback code on EINVAL.
177 * Fix two PERM_INITIAL cases that were still using user_gids.
180 * Add Polish sudo message catalog
183 * user_group is no longer used, remove it
186 2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
188 * Add Polish translation from translationproject.org
191 * Add a wrapper for setgroups() that trims off extra groups and
192 retries if setgroups() fails. Also add some missing addrefs for
193 PERM_USER and PERM_FULL_USER.
196 * configure, configure.in:
197 Instead of keeping separate groups and gids arrays, create struct
198 group_info and use it to store both, along with a count for each.
199 Cache group info on a per-user basis using getgrouplist() to get the
200 groups. We no longer need special to special case the user or list
201 user for user_in_group() and thus no longer need to reset the groups
202 list when listing another user.
205 * Don't rely on NULL since we don't include a header for it.
211 * Do not shadow global sudo_mode with a local variable in set_cmnd()
214 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
216 * bash 2.x doesd not support the -l flag and exits with an error if it
217 is specified so use --login instead. This causes an error with bash
218 1.x (which uses -login instead) but this version is hopefully less
222 * Add Polish translation from translationproject.org
225 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
227 * Make error strings translatable.
230 * Only run configure with --with-pam-login for RHEL 5 and above.
233 * Fix typo in summary
236 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
238 * Add missing logwrap.c
241 * Split out log file word wrap code into its own file and add unit
242 tests. Fixes an off-by one in the word wrap when the log line
243 length matches loglinelen.
246 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
248 * For SuSE, only use /usr/lib64 as libexec if generating 64-bit
252 * Fix build error when --without-noexec configure option is used.
255 * configure, configure.in:
256 Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
260 2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
263 Document group lookup change and possible side effects.
266 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
268 * Resolve the list of gids passed in from the sudo frontend (the
269 result of getgroups()) to names and store both the group names and
270 ids in the sudo_user struct. When matching groups in the sudoers
271 file, match based on the names in the groups list first and only do
272 a gid-based match when we absolutely have to. By matching on the
273 group name (as it is listed in sudoers) instead of id (which we
274 would have to resolve) we save a lot of group lookups for sudoers
275 files with a lot of groups in them.
278 2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
284 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
286 * Workaround for "sudo -i command" and newer versions of bash which
287 don't go into login mode when -c is specified unless -l is too.
290 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
292 * Rewrite logfile word wrapping code to be more straight-forward and
293 actually wrap at the correct place.
296 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
303 Mention use_pty bug fix
306 * Set use_pty=true in command details when use_pty is set in sudoers.
310 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
312 * Sync Chinese (simplified) PO files from translationproject.org
315 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
317 * Add Danish translation from translationproject.org and add missing
321 * Makefile.in, configure, configure.in:
322 No longer need to specify LINGUAS in configure, "make install-nls"
323 now just installs all the .mo files it finds.
326 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
328 * Build CONTRIBUTORS from newly-added contributors.pod
331 * Rework the wording in the leading paragraph
334 2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
336 * Add a CONTRIBUTORS file with the names of folks who have contributed
337 code or patches to sudo since I started maintaining it (plus the
341 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
343 * Preserve SHELL variable for "sudo -s". Otherwise we can end up with
344 a situation where the SHELL variable and the actual shell being run
348 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
350 * configure, configure.in:
351 Only enable Solaris project support when setproject() is present in
355 * Explicitly set mode and owner of /etc/sudoers instead of relying on
356 "cp -p" to work in the postinstall script. On AIX 6.1 at least the
357 postinstall script runs before the final file permissions are set.
360 * Refer the user to the "Command Environment" section in description
367 * If there is no old dependency for an object file, use the MANIFEST
371 * Remove dependency for getgrouplist.lo as we don't ship that source
375 * Do not declare yyparse() static as the actual function generated by
380 Remove locale files in "make uninstall"
383 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
386 Add Basque translation and sync Finish and Ukranian translations.
390 Update PAM change to reflect latest checkin.
393 * configure, configure.in:
394 FreeBSD no longer needs the main sudo binary to link with -lpam now
395 that plug-ins are loaded with RTLD_GLOBAL.
398 * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
399 problems with pam modules not having access to symbols provided by
400 libpam on some platforms. Affects FreeBSD and SLES 10 at least.
404 Move xgettext invocation out of update-po target into update-pot
407 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
409 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
410 Regenerate .pot files for 1.8.2rc2
414 Move nls targets to the top level Makefile so the paths in the pot
422 * Add compiled version of sudo Finish translation
425 * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
429 * configure, configure.in:
430 Add Finish translation from translationproject.org
433 * The group named by exempt_group should not have a % prefix.
436 * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
439 * Fix compressed io log corruption in background mode by using _exit()
440 instead of exit() to avoid flushing buffers twice.
442 Improved background mode support. When not allocating a pty, the
443 command is run in its own process group. This prevents write access
444 to the tty. When running in a pty, stdin is not hooked up and we
445 never read from /dev/tty, which results in similar behavior.
448 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
450 * Clean up regress files Generate proper dependencies for regress objs
454 * Add missing dependency for check_fill.o.
457 2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
459 * INSTALL, configure, configure.in:
460 Add support for --enable-nls[=location]
463 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
468 * Quiet gcc warnings.
471 * configure, configure.in:
472 Don't install .mo files if gettext was not found.
475 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
477 * Always allocate a pty when running a command in the background but
478 call setsid() after forking to make sure we don't end up with a
482 * Add missing space between command name and the first command line
486 * Quiet a compiler warning on some platforms.
489 * README file that directs people to translationproject.org
492 * Sync translations with TP
496 Add 'sync-po' target to top-level Makefile to rsync the po files
497 from translationproject.org.
500 * install nls files from install target
504 Include .mo files in sudo binary packags.
507 * configure, configure.in:
508 Add simplified chinese translation
511 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
513 * configure, configure.in:
514 Add ukranian translation
517 * refer to siglist.c, not ./siglist.c since not all makes will treat
518 foo and ./foo the same.
521 * Set def_preserve_groups before searching for the command when the -P
526 Add dependency for siglist.lo in compat. This is a generated file
527 so "make depend" needs to depend on it.
530 * More dependency fixes.
533 * Fix a few dependencies.
536 * Place compiled mo files in the src dir, not the build dir. When
537 installing compiled mo files, display a status message.
540 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
542 * Tivoli Directory Server requires that seconds be present in a
543 timestamp, even though RFC 4517 states that they are optional.
546 * Add missing bit of copyright
549 * Mention cycle detection warnings
552 * When checking aliases, also check the contents of the alias in case
553 there are problems with an alias that is referenced inside another.
554 Replace the self reference check with real alias cycle detection.
557 * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
558 ENOENT in alias_find() and alias_remove() if the entry could not be
562 * Increment alias_seqno before calls to alias_remove_recursive() to
563 avoid false positives with the alias loop detection. Fixes spurious
564 warnings about unused aliases when they are nested.
570 * Add dependency on convenience libs to binaries
574 mkdep.pl only works when run from the src dir
578 Auto-generate Makefile dependencies with a perl script.
581 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
583 * If the user specifies a runas group via sudo's -g option that
584 matches the runas user's group in the passwd database and that group
585 is not denied in the Runas_Spec, allow it. Thus, if user root's gid
586 in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
587 no groups are present in the Runas_Spec.
590 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
593 Mention what is new in 1.8.2 (for now)
596 * Add dependencies on gettext.h
599 * Fix install-nls target with HP-UX sh when gettext is not present.
602 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
603 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
604 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
605 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
609 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
611 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
612 regenerate .pot files for lbuf changes
615 * configure, configure.in:
616 Add missing "checking" message for gettext when using the cache.
619 * Add primitive format string support to the lbuf code to make
620 translations simpler.
623 * configure, configure.in, plugins/sudoers/po/sudoers.pot,
625 Bump version to 1.8.2
628 * Add message catalog template files for sudo and the sudoers module.
632 Add gettext.h convenience header. This is similar to but distinct
633 from the one included with the gettext package.
636 * configure, configure.in:
637 Add checks for nroff -c and -Tascii flags
640 * configure, configure.in:
641 Add check for HP bundled C Compiler (which cannot create shared
645 * Fix C format warnings.
651 * Translate help / usage strings.
654 * Set --msgid-bugs-address to the bugzilla url
657 * INSTALL, Makefile.in, README, configure, configure.in:
658 Add scaffolding to update .po files and install .mo files.
661 * Minor warning/error cleanup
665 Emulate ngettext for the non-nls case
668 * Do not mark untranslatable strings for translation
671 * Use ROOT_UID not 0.
674 * Minor warning/error message cleanup
677 * cannot -> "unable to" in warning/error messages can't -> "unable to"
678 in warning/error messages
681 * configure, configure.in:
682 FreeBSD needs the main sudo executable to link with -lpam when
683 loading dynaic pam modules for some reason.
686 * We don't want to translate debugging messages.
689 * configure, configure.in:
690 Add calls to bindtextdomain() and textdomain() Currently there are
691 two domains, one for the sudo front-end and one for the sudoers
692 plugin and its associated utilities.
695 * configure, configure.in:
696 Fix caching of libc gettext check.
699 * Mark defaults descriptions for translation
703 Update for sudo 1.8.1p2
706 * Quiet compiler warning when SELinux is enabled.
709 * dd missing includes of libintl.h.
712 * Fix gettext marker.
715 * Include libint.h where needed.
718 * Prepare sudoers module messages for translation.
721 * Only check gid of sudoers file if it is group-readable.
724 * For AIX, keep calling authenticate() until reenter reaches 0.
727 * configure, configure.in:
728 Cache the status of the initial gettext() check.
731 * INSTALL, configure, configure.in:
732 Add --disable-nls flag and improve checks for gettext.
735 * configure, configure.in:
736 When building with gcc on HP-UX, use -march=1.1 to produce portable
737 binaries on a pa-risc2 host. Previously, the +Dportable option was
738 used for the HP-UX C compiler but gcc always produced native
742 * Prepare sudo front end messages for translation.
745 * configure, configure.in:
746 Add initial scaffolding to support localization via gettext()
749 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
752 update copyright year
756 No need to include version number at the top of these files.
760 This is sudo 1.8.1 not 1.8.0
763 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
765 * Don't let the fnmatch/glob macros expand the function prototype.
768 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
770 * Resolve namespace collisions on HP-UX ia64 and possibly others by
771 adding a rpl_ prefix to our fnmatch and glob replacements and
772 #defining rpl_foo to foo in the header files.
775 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
777 * Split ALL, ROLE and TYPE into their own actions. Since you can only
778 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
779 the non-SELinux case. This is safe because the actions are in one
780 big switch() statement.
783 * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
786 * askpass moved from sudoers to sudo.conf in sudo 1.8.0
789 * Remove obsolete warning about runas_default and ordering. Move
790 syslog facility and priority lists into the section where the
791 relevant options are described.
794 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
796 * Fix SIA support; we no longer have access to the real argc and argv
797 so allocate space for a fake one and use the argv passed to the
798 plugin with "sudo" for argv[0].
801 * Remove useless realloc when trying to get the buffer size right.
804 * Be explicit when setting euid to 0 before call to setreuid(0, 0)
807 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
813 * configure, configure.in:
814 Need to do checks for krb5_verify_user, krb5_init_secure_context and
815 krb5_get_init_creds_opt_alloc regardless of whether or
816 notkrb5-config is present.
819 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
821 * Work around weird AIX saved uid semantics on setuid() and
822 setreuid(). On AIX, setuid() will only set the saved uid if the euid
826 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
828 * update copyright year
831 * Treat a missing includedir like an empty one and do not return an
835 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
837 * Fix ARCH setting in cross-compile Solaris packages.
840 * Fix aix version setting.
843 * Remove extraneous parens in LDAP filter when sudoers_search_filter
844 is enabled that causes a search error. From Matthew Thomas.
847 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
849 * Correct sizeof() to fix test failure.
852 * "install" target should depend on "install-dirs". Fixes "make -j"
853 problem and closes bz #487. From Chris Coleman.
856 2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
859 Added tag SUDO_1_8_1 for changeset 0ed6281995f0
862 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
863 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
864 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
865 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
866 Regen man pages for 1.8.1
867 [0ed6281995f0] [SUDO_1_8_1] <1.8>
869 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
871 * Add HAVE_RFC1938_SKEYCHALLENGE
874 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
876 * Mention plugin loading and libgcc changes
879 * Load plugins after parsing arguments and potentially printing the
880 version. That way, an error loading or initializing a plugin
881 doesn't break "sudo -h" or "sudo -V".
885 When using a sub-shell to invoke the sub-make, exec make instead of
886 running it inside the shell to avoid an extra process.
889 * Stop testing unspecified behavior in fnmatch Make glob test more
893 * No need to add current dir to include path and having it breaks the
894 test programs that expect to get the system glob.h and fnmatch.h
897 * configure, configure.in:
898 Fix and document --with-plugindir; partially from Diego Elio Petteno
901 * Fix fnmatch and glob tests to not use hard-coded flag values in the
902 input file. Link test programs with libreplace so we get our
903 replacement verions as needed.
907 If make in a subdir fails, fail the target in the upper level
908 Makefile too. Adapted from a patch from Diego Elio Petteno
911 * configure, configure.in:
912 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
913 has this. Adapted from a patch from Diego Elio Petteno
916 * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
920 * configure, configure.in:
921 Fix warnings when -without-skey, --without-opie, --without-kerb4,
922 --without-kerb5 or --without-SecurID were specified.
925 * Add plugins/sudoers/sudoers_version.h
928 * configure, configure.in:
929 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
930 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
931 of @LDFLAGS@ in plugin Makefile.in files.
934 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
936 * Mention %#gid support in User_List and Runas_List
939 * Keep track of sudoers grammar version and report it in the -V
943 * Add multiple inclusion guard
946 * configure, configure.in:
947 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
948 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
949 set it to -Wc,-static-libgcc if not using GNU ld so we don't
950 have a dependency on the shared libgcc in sudoers.so.
953 * Fix typo; from Petr Uzel
956 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
958 * In dump-only mode, use "root" as the default username instead of
959 "nobody" as the latter may not be available on all systems.
962 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
964 * Remove NewArgv/NewArgc, they are no longer needed.
967 * Fix setting of user_args
970 * Add '!' token to lex tracing
973 * Use group bin in test, not wheel as most systems have the bin group
974 but the same is no longer true of wheel.
977 * Avoid using pre or post increment in a parameter to a ctype(3)
978 function as it might be a macro that causes the increment to happen
982 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
984 * Strip off the beta or release candidate version when building AIX
988 * configure, configure.in:
989 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
990 structure checks for glibc which only has __e_termination visible
991 when _GNU_SOURCE is *not* defined.
994 * getuserattr(user, ...) will fall back to the "default" entry
995 automatically, there's no need to check "default" manually.
998 * Document parser changes.
1001 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
1004 If there is an existing sudoers file, only install if it passes a
1006 [b1e4c9c56fe0] <1.8>
1008 * Add runasgroup support to testsudoers
1009 [30838590e9de] <1.8>
1011 * For "make check", keep going even if a test fails.
1012 [d3a72f67227e] <1.8>
1014 * More useful exit codes:
1015 * 0 - parsed OK and command matched.
1017 * 2 - command not matched
1018 * 3 - command denied
1019 [59301e0769cd] <1.8>
1021 * Document %#gid, and %:#nonunix_gid syntax.
1022 [39ee15af58e9] <1.8>
1024 * Add support to user_in_group() for treating group names that begin
1026 [0eb19980cf5f] <1.8>
1028 * configure, configure.in:
1029 Add explicit check for struct utmpx.ut_exit.e_termination and struct
1030 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
1031 ut_exit if we detect one or the other.
1032 [ab5b665fc04b] <1.8>
1034 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
1036 * Add back missing #include of config.h
1037 [9c82bec81018] <1.8>
1039 * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
1041 [1ae630470f8a] <1.8>
1043 * Quote first argument to AC_DEFUN(); from Elan Ruusamae
1044 [c467e9e3b399] <1.8>
1046 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
1048 * add new sudoers tests
1049 [05f2a0924acc] <1.8>
1051 * Add test for a newline in the middle of a string when no line
1052 continuation character is used.
1053 [24b79be5822b] <1.8>
1055 * Use bitwise AND instead of modulus to check for length being odd. A
1056 newline in the middle of a string is an error unless a line
1057 continuation character is used.
1058 [65c468599688] <1.8>
1060 * Move lexer globals initialization into init_lexer.
1061 [07a1171a1853] <1.8>
1063 * Fix a potential crash when a non-regular file is present in an
1064 includedir. Fixes bz #452
1065 [5057cb9516e4] <1.8>
1067 * On some Linux systems, "uname -p" contains detailed processor info
1068 so check "uname -m" first and then "uname -p" if needed. Recognize
1070 [56226c84a060] <1.8>
1072 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
1074 * Don't need all sudoers.h here.
1075 [43b6ae5999c5] <1.8>
1077 * Print sudo version early, in case policy plugin init fails.
1078 [620f2d0ec4b1] <1.8>
1080 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
1082 * Update to match change in input.
1083 [69540f84721d] <1.8>
1085 * Make an empty group or netgroup a syntax error.
1086 [4b85bddc494e] <1.8>
1088 * An empty group or netgroup should be a syntax error.
1089 [6ec796972eff] <1.8>
1091 * Check that uids work in per-user and per-runas Defaults Check that
1092 uids and gids work in a Command_Spec
1093 [68cf62353420] <1.8>
1095 * Test empty string in User_Alias and Command_Spec
1096 [017d487c31be] <1.8>
1098 * Allow a group ID in the User_Spec.
1099 [37e0bf69c8d8] <1.8>
1101 * Return an error for the empty string when a word is expected. Allow
1102 an ID for per-user or per-runas Defaults.
1103 [4c9020779582] <1.8>
1105 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
1107 * Fix printing "User_Alias FOO = ALL"
1108 [97c9fd7caeb7] <1.8>
1110 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
1112 * Better error message about invalid -C argument
1113 [2301e7a3835b] <1.8>
1116 [c5acde62a309] <1.8>
1118 * Fix placement of equal size ('=') in user specification summary.
1119 [4d0ffef77ae4] <1.8>
1121 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
1123 * update to match sudoers regress
1124 [0efb8dc9092a] <1.8>
1126 * Restore ability to define TRACELEXER and have trace output go to
1128 [441c8b372217] <1.8>
1130 * Restore old behavior of setting sawspace = TRUE for command line
1131 args when a line continuation character is hit to avoid causing
1132 problems for existing sudoers files.
1133 [963ded6ce070] <1.8>
1135 * Add test for line continuation and aliases
1136 [5703d11a3c46] <1.8>
1138 * Make test output line up nicely for parse vs. toke
1139 [15321ce2d7d9] <1.8>
1141 * plugins/sudoers/regress/testsudoers/test1.ok,
1142 plugins/sudoers/regress/testsudoers/test2.out,
1143 plugins/sudoers/regress/testsudoers/test2.sh,
1144 plugins/sudoers/regress/testsudoers/test3.ok,
1145 plugins/sudoers/regress/testsudoers/test3.sh,
1146 plugins/sudoers/regress/visudo/test1.ok,
1147 plugins/sudoers/regress/visudo/test1.sh:
1148 Move parser tests to sudoers directory and test the tokenizer output
1150 [111c1ccda334] <1.8>
1152 * If we match a rule anchored to the beginning of a line after parsing
1153 a line continuation character, return an ERROR token. It would be
1154 nicer to use REJECT instead but that substantially slows down the
1156 [67e54b14aa9d] <1.8>
1158 * Move LEXTRACE macro to toke.h so we can use it in yyerror().
1159 [e6e04037deed] <1.8>
1161 * Make lex tracing settable at run-time in testsudoers via the -t
1162 flag. Trace output goes to stderr. Will be used by regress tests
1164 [a973f43cc0c2] <1.8>
1166 * Allow whitespace after the modifier in a Defaults entry. E.g.
1167 "Defaults: username set_home"
1168 [bf876c9fc5bb] <1.8>
1170 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
1172 * Don't set CC when cross-compiling.
1173 [d3c33dcb02f2] <1.8>
1175 * Credit Matthew Thomas for the sudoers_search_filter changes.
1176 [2209b80664af] <1.8>
1178 * Add the .sym files to the MANIFEST
1179 [bb452b28a009] <1.8>
1181 * Update for sudo 1.8.1 beta
1182 [700d42d80e00] <1.8>
1184 * user_shell -> run_shell to avoid confusion with the user's SHELL
1186 [451b96d5f97e] <1.8>
1188 * Save the controlling tty process group before suspending in pty
1189 mode. Previously, we assumed that the child pgrp == child pid
1190 (which is usually, but not always, the case).
1191 [b0841d861191] <1.8>
1193 * Add support for sudoers_search_filter setting in ldap.conf. This
1194 can be used to restrict the set of records returned by the LDAP
1196 [70c5f496e2b3] <1.8>
1198 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
1200 * configure, configure.in:
1201 Remove the hack to disable -g in CFLAGS unless --with-devel
1202 [9459839f50ba] <1.8>
1204 * The '@' character does not normally need to be quoted.
1205 [e66c4c64e514] <1.8>
1207 * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
1208 if that whitespace is followed by a comma, we want to treat it as
1209 part of a list and not transition.
1210 [52ae2df9959d] <1.8>
1212 * Add check for whitespace when a User_List is used for a per-user
1214 [44a4db95be86] <1.8>
1216 * Expand quoted name checks to cover recent fixes.
1217 [bd494b5c2bed] <1.8>
1219 * Fix parsing of double-quoted names in Defaults and Aliases which was
1220 broken in 601d97ea8792.
1221 [dfdd58c3eb3b] <1.8>
1223 * toke_util.c lives in $(srcdir) not $(devdir)
1224 [94f8f024782e] <1.8>
1226 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
1228 * configure, configure.in:
1229 Update version to 1.8.1
1230 [531a7d520f18] <1.8>
1232 * Document major changes in 1.8.1 and add upgrade notes.
1233 [116821646140] <1.8>
1235 * Be careful not to deref user_stat if it is NULL. This cannot
1236 currently happen in sudo but might in other programs using the
1238 [d72a9c7151c4] <1.8>
1240 * configure will not add -O2 to CFLAGS if it is already defined to add
1241 -O2 to the CFLAGS we pass in when PIE is being used.
1242 [2c7fe82be93d] <1.8>
1244 * Warn about the dangers of log_input and mention iolog_file and
1245 iolog_dir in the log_input and log_output descriptions.
1246 [edc6aa59aa45] <1.8>
1248 * sync with git version
1249 [b121cf739c77] <1.8>
1251 * It seems that h comes after i
1252 [99ad15015f05] <1.8>
1254 * Move log_input and log_output to their proper, sorted, location.
1255 Document set_utmp and utmp_runas.
1256 [216ce8b0ae1a] <1.8>
1258 * Save the controlling tty process group before suspending so we can
1259 restore it when we resume. Fixes job control problems on Linux
1260 caused by the previous attemp to fix resuming a shell when I/O
1261 logging not enabled.
1262 [dfe038f733be] <1.8>
1264 * Fix printing of the remainder after a newline. Fixes "sudo -l"
1265 output corruption that could occur in some cases.
1266 [ab2f0a629e0d] <1.8>
1268 * Add support for ut_exit
1269 [7039ec6a73fa] <1.8>
1271 * Add support for controlling whether utmp is updated and which user
1272 is listed in the entry.
1273 [1b008ce71eab] <1.8>
1275 * Fix typo; tupple vs. tuple
1276 [67bb5c67ae3d] <1.8>
1278 * For legacy utmp, strip the /dev/ prefix before trying to determine
1279 slot since the ttys file does not include the /dev/ prefix.
1280 [8f597114381d] <1.8>
1282 * Add check for _PATH_UTMP
1283 [fe7e2456f017] <1.8>
1285 * Adapt check_iolog_path to sessid changes
1286 [3016201869b6] <1.8>
1288 * Redo utmp handling. If no getutent()/getutxent() is available,
1289 assume a ttyslot-based utmp. If getttyent() is available, use that
1290 directly instead of ttyslot() so we don't have to do the stdin dup2
1292 [817490c7c20e] <1.8>
1294 * Move utmp handling into utmp.c
1295 [e4729d9259e9] <1.8>
1297 * Update copyright years.
1298 [1065afc00233] <1.8>
1300 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
1302 * Add "user_shell" boolean as a way to indicate to the plugin that the
1304 [6e8bc49b7ea7] <1.8>
1306 * Move sessid out of sudo_user.
1307 [00d67d5ba894] <1.8>
1309 * Log the TSID even if it is not a simple session ID.
1310 [490cf0adae29] <1.8>
1312 * Document noexec in sample.sudo.conf and add back noexec_file section
1313 in sudoers with a note that it is deprecated.
1314 [c7a2d8d0c563] <1.8>
1316 * Fix running commands as non-root on systems where setreuid() changes
1317 the saved uid based on the effective uid we are changing to.
1318 [f3b27db56ba6] <1.8>
1320 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
1322 * Move noexec path into sudo.conf now that sudo itself handles noexec.
1323 Currently can be configured in sudoers too but is now undocumented
1324 and will be removed in a future release.
1325 [9c5f64709994] <1.8>
1327 * Document "Path noexec ..." in sudo.conf. No longer document
1328 noexec_file in sudoers, it will be removed in a future release.
1329 [959fa6b5217b] <1.8>
1331 * Move noexec handling to sudo front-end where it is documented as
1333 [ef6cd4a40c61] <1.8>
1335 * Add support for disabling exec via solaris privileges. Includes
1336 preparation for moving noexec support out of sudoers and into front
1338 [d9c05ba9a24f] <1.8>
1340 * Only export the symbols corresponding to the plugin structs.
1341 [cb07af1d9b39] <1.8>
1343 * Install plugins manually instead of using libtool. This works
1344 around a problem on AIX where libtool will install a .a file
1345 containing the .so file instead of the .so file itself.
1346 [1ccf5af58c05] <1.8>
1349 Move check into its own rule since some versions of make will run
1350 both targets as the default rule.
1351 [7159f37eb552] <1.8>
1353 * Update to libtool 2.2.10
1354 [9e49773b32b7] <1.8>
1356 * In handle_signals(), restart the read() on EINTR to make sure we
1357 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
1358 means we have emptied the pipe.
1359 [dc2926097b2d] <1.8>
1361 * Reorder functions to quiet a compiler warning.
1362 [5201367e5db4] <1.8>
1364 * Use the Sun Studio C compiler on Solaris if possible
1365 [b8d43b423fb9] <1.8>
1367 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
1369 * Fix default setting of osversion variable.
1370 [e12905851be5] <1.8>
1372 * Make two login_class entris consistent.
1373 [0671d7b204be] <1.8>
1375 * Add support for adding a utmp entry when allocating a new pty.
1376 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
1377 Currently only creates a new entry if the existing tty has a utmp
1379 [40ff30099e79] <1.8>
1381 * Avoid pulling in headers we don't need on Linux For getutx?id(),
1382 call setutx?ent() first and always call endutx?ent().
1383 [b86f7a13aae9] <1.8>
1385 * Add some more libs to SUDOERS_LIBS instead of relying on them to be
1386 pulled in by SUDO_LIBS.
1387 [bcbd16ec56c6] <1.8>
1389 * Fix return value of "sudo -l command" when command is not allowed,
1390 broken in [c7097ea22111]. The default return value is now TRUE and
1391 a bad: label is used when permission is denied. Also fixed missing
1392 permissions restoration on certain errors. On error()/errorx(), the
1393 password and group files are now closed before returning.
1394 [757c941a47b2] <1.8>
1396 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
1398 * Fix passing of login class back to sudo front end.
1399 [5e649de6b7f5] <1.8>
1401 * Add --osversion flag to specify OS instead of running "pp
1403 [8a03943ac5e8] <1.8>
1405 * Fix expr usage w/ GNU expr
1406 [bdecfa1f54fc] <1.8>
1408 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
1410 * Fix exit value for validate and list mode.
1411 [6f8b20199935] <1.8>
1413 * Fix non-interactive mode with sudoers plugin.
1414 [cf5aca4fcbcf] <1.8>
1416 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
1418 * sudoreplay can now find IDs other than %{seq} and display the
1420 [60396b417633] <1.8>
1422 * Add support for replaying sessions when iolog_file is set to
1423 something other than %{seq}.
1424 [1cd2baa74d56] <1.8>
1426 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
1428 * If we are killed by a signal, display the name of the signal that
1430 [1b38c4d42282] <1.8>
1432 * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
1434 [78e97a921104] <1.8>
1436 * Fix bug in skey/opie check that could cause a shell warning.
1437 [f20229a04f30] <1.8>
1439 * No longer need sudo_getepw() stubs.
1440 [795631ac7db0] <1.8>
1442 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
1444 * Fix exit value of "sudo -l command" in sudoers module.
1445 [4a05d6019b3d] <1.8>
1447 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
1449 * Use fgets() not fgetln() for portability.
1450 [1f2050745096] <1.8>
1452 * Don't use the beta or release candidate version as the rpm release.
1453 [a5b049477646] <1.8>
1455 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1458 Adjust ChangeLog rule now that 1.8 is branched
1459 [a994ac361e44] <1.8>
1462 Added tag SUDO_1_8_0 for changeset f6530d56f6ae
1463 [99a2b3801419] <1.8>
1465 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1467 * configure, configure.in:
1469 [f6530d56f6ae] [SUDO_1_8_0]
1472 update sudo 1.8 section
1475 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
1477 * plugins/sudoers/regress/testsudoers/test2.sh:
1478 fix test description
1481 * plugins/sudoers/regress/testsudoers/test2.out,
1482 plugins/sudoers/regress/testsudoers/test2.sh,
1483 plugins/sudoers/regress/visudo/test2.out,
1484 plugins/sudoers/regress/visudo/test2.sh:
1485 convert test2 to use testsudoers
1488 * include/sudo_plugin.h, src/sudo_plugin_int.h:
1489 Move struct generic_plugin to sudo_plugin_int.h
1492 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1493 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
1494 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
1495 plugins/sudoers/sudoers.h:
1496 Allow sudoers file name, mode, uid and gid to be specified in the
1497 settings list. The sudo front end does not currently set these but
1501 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
1503 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
1504 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
1505 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
1506 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
1511 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
1512 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
1513 src/parse_args.c, src/sudo.h:
1514 add help text to sudo, visudo and sudoreplay for the -h option
1517 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
1519 * compat/snprintf.c:
1520 avoid using "howmany" for a parameter name since it is a select-
1525 mention group_plugin when describing nonunix_group
1528 * doc/sudo_plugin.pod:
1529 Add missing period at end of sentence
1532 * Makefile.in, doc/Makefile.in, include/Makefile.in,
1533 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1534 plugins/sudoers/Makefile.in, src/Makefile.in:
1535 add localstatedir; closes bug 471
1538 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
1539 src/exec.c, src/exec_pty.c:
1540 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
1545 add missing AH_TEMPLATE for ENV_RESET
1549 SVR5 systems return non-zero for success on socketpair(), check for
1550 -1 instead. Closes Bug 469
1553 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
1555 * configure, configure.in:
1559 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1560 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1561 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1562 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1567 Document that a sudo.conf file with no Pligin lines uses the default
1571 * src/load_plugins.c:
1572 If sudo.conf contains no Plugin lines, use the default sudoers
1573 policy and I/O plugins.
1576 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
1578 * plugins/sudoers/sudo_nss.c:
1579 Avoid printing empty "Runas and Command-specific defaults for user"
1584 Truncate the buffer at buf.len before printing in the non-wordwrap
1589 Remove extra newline when the tty width is very small or unavailable
1592 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
1594 * plugins/sudoers/alias.c:
1595 Remove unneeded variable.
1598 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1600 * configure, configure.in:
1601 Prefer getutxid over getutid
1604 * plugins/sudoers/boottime.c:
1605 Include utmp.h / utmpx.h before missing.h as apparently including it
1606 afterwards causes a compilation problem on GNU Hurd.
1609 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
1611 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
1612 #include "foo.h", not <foo.h> for local includes.
1619 * compat/mksiglist.c:
1623 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
1624 plugins/sudoers/match.c:
1625 return foo not return(foo)
1628 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1631 Remove duplicate FD_SET of signal_pipe[0]
1634 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
1636 * compat/mksiglist.c:
1637 Use "missing.h" not <missing.h> in generated code.
1640 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
1642 * aclocal.m4, configure:
1643 fix --with-iologdir=no
1646 * aclocal.m4, configure:
1647 fix typo that broke --with-iologdir
1650 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
1652 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
1653 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
1654 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
1655 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
1657 Bump version to 1.8.0b4
1664 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
1665 Attempt to clarify how users and groups interact in Runas_Specs
1668 * plugins/sudoers/regress/visudo/test2.out,
1669 plugins/sudoers/regress/visudo/test2.sh:
1670 Add test for quoted group that contains escaped double quotes
1673 * src/exec.c, src/exec_pty.c:
1674 Pass SIGUSR1/SIGUSR2 through to the child.
1677 * src/exec_pty.c, src/sudo_exec.h:
1678 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
1679 SIGUSR2 to indicate whether the child should be continued in the
1680 foreground or background.
1684 Use pid_t not int and check the return value of kill()
1687 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
1690 Remove obsolete comment
1694 In non-pty mode before continuing the child, make it the foreground
1695 pgrp if possible. Fixes resuming a shell.
1699 If we get a signal other than SIGCHLD in the monitor, pass it
1700 directly to the child.
1703 * src/exec.c, src/exec_pty.c, src/sudo.h:
1704 Save signal state before changing handlers and restore before we
1705 execute the command.
1708 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
1710 * plugins/sudoers/iolog.c:
1711 Use a char array to map a number to a base36 digit.
1714 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
1715 Be clear about what versions of sudo support new LDAP attributes.
1716 Fix up some formatting of attribute names. Minor other tweaks.
1719 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
1721 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1722 match quoted strings the same way whether in a Defaults line or as a
1723 user/group/netgroup name. Fixes escaped double quotes in quoted
1724 user/group/netgroup names.
1727 * plugins/sudoers/Makefile.in:
1728 'make check' depends on visudo and testsudoers
1731 * plugins/sudoers/sudoers2ldif:
1732 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
1735 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
1738 Mention LDAP attribute compatibility status.
1741 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
1747 * INSTALL, NEWS, config.h.in, configure, configure.in,
1748 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
1749 Add --disable-env-reset configure option.
1752 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
1753 Document that sudoers_locale also affects logging and email.
1756 * NEWS, config.h.in, configure, configure.in,
1757 plugins/sudoers/logging.c:
1758 Do logging and email sending in the locale specified by the
1759 "sudoers_locale" setting ("C" by default). Email send by sudo
1760 includes MIME headers when the sudoers locale is not "C".
1763 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
1765 * plugins/sudoers/check.c:
1769 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
1771 * NEWS, src/parse_args.c, src/sudo.c:
1772 Perform command escaping for "sudo -s" and "sudo -i" after
1773 validating sudoers so the sudoers entries don't need to have all the
1777 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
1779 * plugins/sudoers/logging.c:
1780 Prepend "list " to the command logged when "sudo -l command" is used
1781 to make it clear that the command was listed, not run.
1784 * plugins/sudoers/parse.c:
1788 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
1789 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
1790 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
1791 compat/nanosleep.c, compat/regress/glob/globtest.c,
1792 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
1793 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
1794 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
1795 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
1796 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
1797 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
1798 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
1799 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
1800 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
1801 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
1802 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
1803 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
1804 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
1805 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1806 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
1807 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
1808 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
1809 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
1810 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
1811 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
1812 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
1813 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
1814 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
1815 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
1816 src/sudo_noexec.c, src/tgetpass.c:
1817 standardize on "return foo;" rather than "return(foo);" or "return
1821 * plugins/sudoers/sudoers.c:
1822 Do not reject sudoers file just because it is root-writable.
1825 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
1831 * plugins/sudoers/sudo_nss.c:
1832 For "sudo -U user -l" if user is not authorized on the host, say so.
1835 * plugins/sudoers/ldap.c:
1836 In sudo_ldap_lookup(), always do the initial sudoers check as the
1837 invoking user. If we are listing another user's privs we will do a
1838 separate lookup using list_pw later.
1841 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
1844 add parser fill tests
1847 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
1848 Don't test features not supported by the bundled glob()
1851 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
1852 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
1853 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
1854 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
1855 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
1856 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1857 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
1858 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1859 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
1860 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
1861 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
1862 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
1863 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
1864 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
1865 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
1866 Update copyright year to 2011
1869 * plugins/sudoers/sudo_nss.c:
1870 When listing, use separate lbufs for the defaults and the privileges
1871 and only print something if the number of privileges is non-zero.
1872 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
1875 * plugins/sudoers/ldap.c:
1876 Stash pointer to user group vector in LDAP handle and only reuse the
1877 query if it has not changed. We always allocate a new buffer when
1878 we reset the group vector so a simple pointer check is sufficient.
1881 * plugins/sudoers/sudo_nss.c:
1882 Check initgroups() return value.
1885 * plugins/sudoers/Makefile.in,
1886 plugins/sudoers/regress/parser/check_fill.c:
1887 Add tests for the fill functions in toke_util.c
1890 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
1892 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
1900 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
1903 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
1906 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
1909 Add Requires line for audit-libs >= 1.4 for RHEL5+
1913 sync with git version
1916 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
1918 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
1922 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
1925 Update for sudo 1.7.4p5
1928 * doc/schema.OpenLDAP, doc/schema.iPlanet:
1929 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
1930 to the sudoRole object class. From Andreas Mueller
1933 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
1936 Mention "sudo -g group" password check fix.
1939 * plugins/sudoers/sudoers.c:
1940 Fix "sudo -g" support in the sudoers module.
1943 * plugins/sudoers/check.c:
1944 If the user is running sudo as himself but as a different group we
1945 need to prompt for a password.
1948 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
1950 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
1951 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
1952 plugins/sudoers/ldap.c:
1953 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
1954 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
1955 derived LDAP SDKs but we can pass the timeout parameter to
1956 ldap_search_ext_s() or ldap_search_st() when possible.
1959 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
1963 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
1964 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
1965 with OpenLDAP ldap.conf files.
1968 * plugins/sudoers/pwutil.c:
1969 If user has no supplementary groups, fall back on checking the group
1973 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
1975 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
1979 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
1980 plugins/sudoers/toke.l:
1981 Move fill macro to toke.h
1984 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
1985 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
1986 plugins/sudoers/toke_util.c:
1987 Split tokenizer utility functions out into toke_util.c
1990 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1991 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1995 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
2001 * plugins/sudoers/Makefile.in:
2002 Add visudo tests to check target
2005 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
2006 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
2007 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
2008 Add my regress tests for fnmatch() and glob() from OpenBSD.
2011 * plugins/sudoers/regress/testsudoers/test1.sh,
2012 plugins/sudoers/regress/visudo/test1.ok,
2013 plugins/sudoers/regress/visudo/test1.sh:
2014 Add regress test for command tags using visudo -c
2017 * plugins/sudoers/Makefile.in,
2018 plugins/sudoers/regress/testsudoers/test1.ok,
2019 plugins/sudoers/regress/testsudoers/test1.sh:
2020 Add support for regress tests using testsudoers
2023 * plugins/sudoers/testsudoers.c:
2024 Need to set user_name explicitly due to internal changes made when
2025 converting sudoers to a plugin.
2028 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
2030 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
2031 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2032 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2033 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2034 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
2036 Add regression tests for iolog_path()
2039 * Makefile.in, common/Makefile.in, compat/Makefile.in,
2040 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2041 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2042 src/Makefile.in, zlib/Makefile.in:
2043 Add support for "make Makefile" to regenerate Makefile from
2047 * plugins/sudoers/iolog_path.c:
2048 Quiest a bogus compiler warning.
2051 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
2053 * plugins/sudoers/iolog_path.c:
2054 Protect call to setlocale() with HAVE_SETLOCALE
2057 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
2060 mkstemps.c was renamed mktemp.c
2064 Update from 1.7 branch
2068 Use "mv -f" when regenerating ChangeLog
2071 * plugins/sudoers/match.c:
2072 Fix NULL dereference with "sudo -g group" when the sudoers rule has
2073 no runas user or group listed. Fixes RedHat bug Bug 667103.
2076 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
2078 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2079 Correct the default sudo.conf example
2082 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
2084 * plugins/sudoers/iolog_path.c:
2085 Reset slashp if we allocate a new buffer for strftime()
2088 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
2089 plugins/sudoers/sudoers.h:
2090 Add extra out parameter to expand_iolog_path() to allow the caller
2091 to split the path into dir and file components if needed.
2094 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
2096 * plugins/sudoers/iolog.c:
2097 mkdir_iopath() returns size_t now that it uses strlcpy() and not
2101 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
2102 Trim leading slashes from iolog_file and trailing slashes from
2106 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
2107 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
2108 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2109 Pass a single I/O log file name in command_details instead of
2110 separate dir + file parameters.
2113 * plugins/sudoers/sudoreplay.c:
2114 change an error() to errorx()
2117 * plugins/sudoers/iolog.c:
2118 Add missing cwd line to I/O log info file that got dropped when
2119 iolog_deserialize_info() was added
2122 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
2124 * plugins/sudoers/iolog.c:
2125 Avoid relying on globals filled in by the sudoers policy module for
2126 the sudoers I/O log module. The I/O log open function now pulls the
2127 bits it needs out of user_info and command_info.
2130 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
2131 plugins/sudoers/sudoers.h:
2132 If no iolog file is specified by the policy plugin, use io_nextid()
2133 to determine the next file in the sequence.
2136 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
2138 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2139 Document iolog_compress in command_info
2142 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2143 Add support for the iolog_compress variable in command_info.
2146 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2147 Add sigsetjmp() calls to all plugin entry points just to be safe.
2150 * src/sudo.c, src/sudo.h:
2151 Don't need iolog variables in struct command_details, they are for
2152 the I/O log plugins to handle.
2155 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
2157 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2158 Document use of mkdtemp() for iolog path teplates
2161 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
2162 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2163 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
2164 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
2168 * doc/sudo_plugin.pod, doc/sudoers.pod:
2169 Document iolog_file and supported escape sequences for sudoers.
2170 Clarify that iolog_file can contain directories.
2173 * compat/Makefile.in, configure, configure.in:
2174 Fix building of mkstemps/mkdtemp replacements.
2177 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
2178 configure.in, include/missing.h:
2179 Provide mkdtemp() for systems without it.
2182 * plugins/sudoers/iolog_path.c:
2186 * plugins/sudoers/iolog.c:
2187 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
2188 glibc mkdtemp() returns EINVAL.
2191 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
2192 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2193 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
2194 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
2195 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2196 Allow sudoers to specify the iolog file in addition to the iolog
2197 dir. Add escape sequence support to iolog file and dir: sequence
2198 number, user, group, runas_user, runas_group, hostname and
2199 command in addition to any escape sequence recognized by
2203 * plugins/sudoers/iolog.c:
2204 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
2205 crash when the I/O plugin calls error(), errorx() or log_error().
2208 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
2210 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
2211 plugins/sudoers/sudoers.c:
2212 Give the policy module fine-grained control over what the I/O plugin
2217 Clear OPOST from c_oflag like we used to. Fixes screen-based
2222 Clarify umask option description. From Reuben Thomas.
2225 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
2227 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2228 Pick last match in LDAP sudoers too
2231 * doc/sudo_plugin.pod:
2232 Document iolog_file, iolog_dir and use_pty
2235 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
2236 plugins/sudoers/sudoers.c:
2237 Adapt plugins to version I/O logging ABI 1.1
2240 * src/exec.c, src/sudo.h:
2241 Add use_pty command_info flag for policies to indicate that a pty
2242 should be allocated even if no I/O logging is performed.
2246 Add remaining plugin convenience functions
2249 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
2250 src/sudo_plugin_int.h:
2251 Change I/O log API to pass in command info to the I/O log open
2252 function. Add iolog_file and iolog_dir parameters to command info.
2253 This allows the policy plugin to specify the I/O log pathname. Add
2254 convenience functions for calling plugin functions that handle ABI
2255 backwards compatibility.
2262 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
2264 * configure, configure.in:
2265 Bump version to 1.8.0b3
2268 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
2271 Remove extraneous newline
2274 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
2276 * doc/sudoers.pod, plugins/sudoers/def_data.c,
2277 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2278 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
2279 Make I/O log dir configurable.
2282 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
2283 Rename io_logdir to iolog_dir
2286 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
2289 Add missing '*' that prevented the generic ELF case from matching.
2293 If file(1) can't identify the ELF binary type, try readelf(1).
2296 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
2298 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
2299 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
2300 plugins/sudoers/sudoers.c, src/sudo.c:
2301 Use %u to print uid/gid, not %lu and adjust casts to match.
2304 * doc/sudoers.ldap.pod:
2305 Clarify ordering of entries and attributes.
2308 * doc/sudoers.ldap.pod:
2309 Fix typo and editing goof.
2312 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2313 doc/sudoers.ldap.pod:
2314 Merge in ordered LDAP entry support from Andreas Mueller.
2317 * plugins/sudoers/ldap.c:
2318 Make sure we don't dereference a NULL handle.
2321 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
2324 Add support for RHEL 6 file modes that include a trailing dot on
2325 files with an SELinux security context
2328 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
2331 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
2335 * plugins/sudoers/sudoers.c:
2336 create_admin_success_flag() should use restore_perms() rather than
2337 set_perms() to restore the uid.
2341 In exec_setup() call setuid(0) to make certain the subsequent uid
2342 and gid changes will succeed. Fixes a problem on Ubuntu.
2346 Error out if we cannot change to root's uid so we catch the failure
2350 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
2353 fix typo; from Michael T Hunter
2356 * plugins/sudoers/match.c:
2357 In sudoedit mode, assume command line arguments are paths and pass
2358 FNM_PATHNAME to fnmatch().
2361 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
2363 * configure, configure.in:
2364 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
2365 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
2366 broken bits of the header file.
2370 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
2374 For Tru64, strip off beta version.
2377 * MANIFEST, plugins/sudoers/testsudoers.c,
2378 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
2379 Avoid conflicts with system definitions in grp.h and pwd.h
2383 Include stdio.h after zlib.h, not before. We need the large file
2384 defines to come first.
2387 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
2389 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
2394 Don't clean ChangeLog
2397 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2398 Add prototype for cleanup()
2401 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
2403 * plugins/sudoers/group_plugin.c:
2404 Avoid deferencing group_plugin if it is NULL in
2405 group_plugin_query(). This should not happen.
2408 * plugins/sudoers/group_plugin.c:
2409 group plugin init function return TRUE when successful
2412 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
2414 * plugins/sudoers/ldap.c:
2415 Enlarge the array of entry wrappers int blocks of 100 entries to
2416 save on allocation time. From Andreas Mueller
2419 * plugins/sudoers/ldap.c:
2420 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
2421 that was mistakenly dropped.
2424 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
2426 * doc/TROUBLESHOOTING:
2427 Mention that sudo needs "ar" to build.
2430 * configure, configure.in:
2431 Fail with a more useful error if "ar" is not found.
2434 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
2436 * plugins/sudoers/ldap.c:
2437 Merge in ordered LDAP entry support from Andreas Mueller and add
2438 local changes from the 1.7 branch.
2441 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
2443 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2444 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2445 Add timed entry support from Andreas Mueller.
2448 * plugins/sudoers/group_plugin.c:
2449 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
2450 group_handle is NULL
2453 * plugins/sudoers/sudoers.h:
2454 It is now plugin_cleanup(), not cleanup()
2457 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
2458 Call plugin_cleanup(), not cleanup()
2461 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
2463 * plugins/sudoers/ldap.c:
2464 Use efree() not free() and remove malloc.h include since we never
2465 directly call malloc() or free().
2468 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
2471 set PSTAMP for Solaris and move the backend-specific bits to their
2472 own %if [xxx] %endif blocks in %set.
2479 * configure, configure.in:
2480 Only substitute file zlib files when using the builtin zlib
2483 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
2484 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2485 src/Makefile.in, zlib/Makefile.in:
2486 Give up on using VPATH to find sources as it is implemented
2487 inconsistenly in different versions of make.
2490 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
2491 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
2492 Include config.h before any other includes to make sure we get the
2493 right value for _FILE_OFFSET_BITS.
2505 g/c unused $(GENERATED)
2508 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
2510 * plugins/sudoers/group_plugin.c:
2511 Zero out group_plugin on unload just to be safe.
2514 * plugins/sudoers/group_plugin.c:
2515 Unload group plugin if its init function fails.
2519 Only chdir to cwd if it is different from the current cwd or there
2520 is a new root (chroot).
2523 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2524 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
2525 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
2526 Bump version to 1.8.0b2
2529 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
2532 Better --enable-zlib description
2536 Use system zlib on Linux Let configure decide on Solaris For all
2537 others, use builtin zlib
2541 Add large file support.
2545 Add large file support.
2548 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
2549 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
2550 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
2551 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
2552 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
2553 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
2554 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
2555 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
2556 Add local copy of zlib for systems that lack it.
2559 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
2562 If perform_io() fails, kill the child before exiting so it doesn't
2563 complain about connection reset. We can get an I/O error if, for
2564 example, and we get EIO reading from stdin.
2567 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2569 * plugins/sudoers/sudoers.c, src/sudo.c:
2570 Fix complilation on systems with set_auth_parameters() Sprinkle
2571 volatile to quiet warnings from gcc 2.8.0
2574 * compat/dlfcn.h, compat/dlopen.c:
2575 Avoid potential namespace issues with dlopen() emulation.
2582 * plugins/sudoers/interfaces.c:
2583 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
2588 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
2591 * configure, configure.in:
2592 HP-UX 10.20 libc has an incompatible getline
2595 * plugins/sudoers/visudo.c:
2596 Quiet an HP-UX compiler warning.
2599 * configure, configure.in:
2600 Check for vi even with --with-editor specified; the sample plugin
2604 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
2607 Fix remaining syntax errors.
2611 sudo binary depends on the libtool-generated libs
2614 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
2615 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
2616 include the local or system dlfcn.h
2620 Don't use run_as_superuser=false on HP-UX
2624 Use memset() instead of zero_bytes() since we don't include
2628 * plugins/sudoers/interfaces.c:
2629 Fix pasto; AF_INET not AF_INET6
2633 Actually call shl_load()
2637 Update from git repo. Debian: version numbers now compliant with
2638 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
2642 * configure, configure.in:
2643 Fix dlopen() detection for systems where dlopen() is in a separate
2647 * plugins/sudoers/auth/pam.c:
2648 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
2649 useful message and return AUTH_FATAL so sudo does not keep trying to
2654 sudo_preload_table is an array
2658 Quiet a compiler warning and fix sudo_preload_table external
2663 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
2666 * plugins/sudoers/group_plugin.c:
2667 Make this compile correctly when no dlopen is available.
2670 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
2672 * plugins/sudoers/check.c:
2673 Having a timestamp file defined is no longer indicative of tty
2674 tickets being enabled. Check def_tty_tickets directly.
2677 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
2678 Fix TCGETWINSZ compat.
2681 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
2683 * src/exec_pty.c, src/ttysize.c:
2684 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
2687 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
2689 * plugins/sudoers/sudoers.c, src/sudo.c:
2690 Move set_project() from sudoers module into sudo proper.
2693 * configure, configure.in:
2694 Fix typo and regenerate
2697 * plugins/sudoers/ldap.c:
2698 When iterating over returned LDAP entries, keep looking at remaining
2699 matches even if we have a positive match. This catches negative
2700 matches that may exist in other entries and more closely match the
2701 sudoers file behavior.
2705 Add support for multiple package instances on Solaris.
2709 Add missing signal_pipe[0] to fdsr for the non-pty case.
2713 Add --with-project for Solaris
2717 Need ar and ranlib too
2720 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
2722 * plugins/sudoers/env.c:
2723 Preserve ODMDIR environment variable by default on AIX.
2726 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
2728 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
2729 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
2730 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2731 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
2732 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
2734 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
2735 using shl_load(). For others, link sudoers plugin statically and use
2736 a lookup table to emulate dlsym().
2739 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
2741 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
2742 compat/nanosleep.c, compat/utimes.c:
2743 When including compat headers, use the compat dir as part of the
2744 path so we are sure to get the correct header.
2747 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
2749 * plugins/sudoers/linux_audit.c:
2750 Ignore ECONNREFUSED from audit_log_user_command() which will occur
2751 if auditd is not running.
2754 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
2757 Sync with git version
2760 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2762 * common/fileops.c, plugins/sudoers/defaults.c:
2763 Cast isblank argument to unsigned char.
2766 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
2768 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
2769 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
2770 Implement --with-umask-override configure flag.
2773 * plugins/sudoers/env.c:
2774 Take MODE_LOGIN_SHELL into account when initially setting reset_home
2775 instead of special-casing it later.
2778 * plugins/sudoers/sudoers.c:
2779 In login mode, make a copy of the runas user's pw_shell for
2780 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
2784 * plugins/sudoers/env.c:
2785 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
2789 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
2793 Reset signal mask at sudo startup time; we need to be able to rely
2794 on normal signal delivery to control the child process.
2797 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
2800 Use sed instead of expr to split a flag from its argument. Fixes a
2801 problem with expr interpreting its arguments as a flag when they
2806 Do not need sys/time.h after all
2810 Include sys/time.h for utimes() and struct timeval. No longer need
2811 ioctl.h or termios.h
2814 * compat/snprintf.c:
2815 Quiet bogus compiler warnings.
2818 * include/missing.h:
2819 Declare innetgr() for HP-UX which is missing a declaration. Declare
2820 domainname() for HP-UX and Solaris which are missing a declaration.
2823 * plugins/sudoers/bsm_audit.c:
2824 Use __sun for consistency with the rest of the sources.
2827 * plugins/sudoers/group_plugin.c:
2828 Quiet a bogus compiler warning.
2831 * plugins/sudoers/pwutil.c:
2832 Don't try to delref a NULL group.
2835 * common/alloc.c, common/lbuf.c:
2836 Include memory.h on systems that need it.
2839 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
2842 Quiet gcc warnings on glibc systems that use warn_unused_result for
2846 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2847 sudo_plugin is in section 8; from Ted Percival
2850 * plugins/sudoers/Makefile.in:
2851 testsudoers depends on libsudoers.la, not sudoreplay
2854 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
2857 Read as many signals on the signal pipe as we can before returning.
2860 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
2861 Instead of using a array to store received signals, open a pipe and
2862 have the signal handler write the signal number to one end and
2863 select() on the other end. This makes it possible to handle signals
2864 similar to I/O without race conditions.
2867 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
2869 * doc/visudo.pod, plugins/sudoers/visudo.c:
2870 Make "visudo -c -f -" check the standard input.
2874 set_home and always_set_home have an effect if HOME is present in
2878 * plugins/sudoers/env.c:
2879 Make -H flag work when HOME is listed in env_keep. Also makes
2880 "set_home" and "always_set_home" override override HOME in env_keep.
2883 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
2885 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
2886 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
2887 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
2888 plugins/sudoers/visudo.c, src/net_ifs.c:
2889 Convert sudoers plugin to use interface list passed in settings.
2892 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
2893 src/parse_args.c, src/sudo.h:
2894 Query local network interfaces in the main sudo driver and pass to
2895 the plugin as "network_addrs" in the settings list.
2898 * plugins/sudoers/bsm_audit.c:
2899 Solaris BSM audit return EINVAL when auditing is not enabled,
2900 whereas OpenBSM returns ENOSYS.
2903 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
2906 missing.h should come before most local includes
2909 * plugins/sudoers/sudoreplay.c:
2910 missing.h should come before most local includes
2913 * plugins/sudoers/sudoers.h:
2914 Make local includes consistent; use double quotes for local includes
2915 except for generated ones where we use angle brackets.
2918 * plugins/sudoers/sudoers.c:
2919 Always fill in NewArgv for audit code.
2922 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2923 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
2926 * common/alloc.c, common/atobool.c, common/fileops.c,
2927 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
2928 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
2929 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
2930 compat/getprogname.c, compat/glob.c, compat/isblank.c,
2931 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
2932 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
2933 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
2934 compat/unsetenv.c, compat/utimes.c, include/compat.h,
2935 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
2936 plugins/sample_group/plugin_test.c,
2937 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
2938 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
2939 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
2940 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
2941 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
2942 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
2943 src/sudo_noexec.c, src/ttysize.c:
2944 Make local includes consistent; use double quotes for local includes
2945 except for generated ones where we use angle brackets. Also g/c
2949 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
2951 * plugins/sudoers/match.c:
2952 When matching the runas user and runas group (-u and -g command line
2953 options), keep track of runas group and runas user matches
2954 separately. Only return a positive match if we have a match for
2955 both runas user and runas group (if specified).
2958 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
2960 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2961 Add support for multiple URI lines by joining the contents and
2962 passing the result to ldap_initialize.
2965 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
2966 Do not return -1 on error from the display functions; the caller
2967 expects a return value >= 0.
2970 * plugins/sudoers/sudoers.c:
2971 Do not set both MODE_EDIT and MODE_RUN
2974 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
2976 * include/missing.h:
2977 Move includes to the top of the file.
2980 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2982 * plugins/sudoers/Makefile.in:
2983 Add missing definition of timedir
2986 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
2987 compat/mksiglist.c, compat/strsignal.c,
2988 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
2989 Add #include of sys/types.h for .c files that include missing.h to
2990 be sure that size_t and ssize_t are defined.
2993 * plugins/sudoers/Makefile.in:
2994 Install sudoers file from the build dir not hte src dir.
2997 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
2999 * plugins/sudoers/set_perms.c:
3000 If runas_pw changes, reset the stashed runas aux group vector.
3001 Otherwise, if runas_default is set in a per-command Defaults
3002 statement, the command runs with root's aux group vector (i.e. the
3003 one that was used when locating the command).
3006 * plugins/sudoers/Makefile.in:
3007 Add target to generate sudoers file Remove generated sudoers file as
3011 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
3014 When not logging I/O install a handler for SIGCONT and deliver it to
3015 the command upon resume. Fixes bugzilla #431
3018 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
3020 * plugins/sudoers/sudoers.h:
3021 g/c unused auth_pw extern definition
3024 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
3025 Move get_auth() into check.c where it is actually used.
3028 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
3031 Convert a remaining puts() and putchar() to use the output function.
3034 * plugins/sudoers/plugin_error.c:
3038 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
3040 * plugins/sudoers/env.c:
3041 Set dupcheck to TRUE when setting new HOME value if !env_reset but
3042 always_set_home is true. Prevents a duplicate HOME in the
3043 environment (old value plus the new one) introduced in f421f8827340.
3046 * configure, configure.in, plugins/sudoers/sudoers,
3047 plugins/sudoers/sudoers.in:
3048 Substitute sysconfdir in the installed sudoers file to get the
3049 correct path for sudoers.d.
3052 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
3055 Fix typo that prevented compilation on Irix; Friedrich Haubensak
3058 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
3060 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
3061 common/atobool.c, common/fileops.c, common/fmt_string.c,
3062 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
3063 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
3064 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
3065 compat/getprogname.c, compat/glob.c, compat/isblank.c,
3066 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
3067 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
3068 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
3069 compat/unsetenv.c, compat/utimes.c, include/compat.h,
3070 include/missing.h, plugins/sample/sample_plugin.c,
3071 plugins/sample_group/getgrent.c,
3072 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
3073 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
3074 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3075 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
3076 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
3077 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
3078 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
3079 Merge compat.h and missing.h into missing.h
3082 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
3084 * plugins/sudoers/auth/pam.c:
3085 If the user hits ^C while a password is being read, error out before
3086 reading any further passwords in the pam conversation function.
3087 Otherwise, if multiple PAM auth methods are required, the user will
3088 have to hit ^C for each one.
3091 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
3093 * plugins/sudoers/check.c:
3097 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3098 Document sudo_conv_t function and sudo_printf_t return values.
3101 * src/conversation.c:
3102 Make _sudo_printf return the number of characters printed on success
3106 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
3108 * plugins/sudoers/sudoers.c:
3109 sudoers.h includes sudo_plugin.h for us
3112 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
3113 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
3115 Use gettimeofday() directly instead of via the gettime() wrapper.
3118 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
3119 compat/strerror.c, config.h.in, configure, configure.in,
3120 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
3121 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
3122 Remove some obsolete configure tests, ancient Unix systems are no
3126 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
3129 Set pp_kit_version and strip off patch level
3133 Better handling of versions with a patchlevel. For rpm and deb, use
3134 the patchlevel+1 as the release. For AIX, use the patchlevel as the
3135 4th version number. For the rest, just leave the patchlevel in the
3139 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
3141 * plugins/sudoers/auth/sudo_auth.c:
3142 For non-standalone auth methods, stop reading the password if the
3143 user enters ^C at the prompt.
3146 * configure, configure.in, plugins/sudoers/Makefile.in,
3147 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
3148 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
3149 plugins/sudoers/pwutil.c:
3150 No need to look up shadow password unless we are doing password-
3151 style authentication. This moves the shadow password lookup to the
3152 auth functions that need it.
3155 * plugins/sudoers/sudoers.c:
3156 Retain final passwd/group refs until the policy close() function.
3157 Note that this doesn't get called in all cases so putting this in a
3158 cleanup function is probably better.
3161 * plugins/sudoers/check.c:
3165 * plugins/sudoers/check.c:
3166 When removing/resetting the timestamp file ignore the tty ticket
3170 * plugins/sudoers/sudoers.c:
3171 delref sudo_user.pw, runas_pw and runas_gr immediately before we
3175 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
3177 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
3178 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
3179 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3180 Reference count cached passwd and group structs. The cache holds
3181 one reference itself and another is added by sudo_getgr{gid,nam} and
3182 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
3183 group structs are persistent for now.
3190 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
3192 * plugins/sudoers/check.c:
3193 Do not produce a warning for "sudo -k" if the ticket file does not
3197 * plugins/sudoers/pwutil.c:
3198 Instead of caching struct passwd and struct group in the red-black
3199 tree, store a struct cache_item which includes both the key and
3200 datum. This allows us to user the actual name that was looked up as
3201 the key instead of the contents of struct passwd or struct group.
3202 This matters because the name in the database may not match what we
3203 looked up, due either to case folding or truncation (historically at
3204 8 characters). Also mark the disabled calls to sudo_freepwcache()
3205 and sudo_freegrcache() as broken since we use cached data for things
3206 like set_perms() and the logging functions. Fixing this would
3207 require making a copy of the structs for user and runas or adding a
3208 reference count (better).
3211 * plugins/sudoers/Makefile.in:
3212 Fix path to mkinstalldirs
3215 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
3216 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
3217 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
3218 Quiet gcc warnings on glibc systems that use warn_unused_result for
3219 write(2) and others.
3222 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
3224 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3228 * aclocal.m4, configure, configure.in:
3229 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
3230 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
3234 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
3236 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
3237 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
3238 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
3241 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
3244 Update to latest version
3247 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
3250 Let pp determine pp_aix_version itself.
3253 * INSTALL, config.h.in, configure, configure.in, mkpkg,
3254 plugins/sudoers/sudoers.c:
3255 Add support for Ubuntu admin flag file and enable it when building
3259 * plugins/sudoers/sudoers, sudo.pp:
3260 Add commented out SuSE-like targetpw settings
3263 * configure, configure.in:
3264 Only try to use +DAportable for non-GCC on hppa
3267 * configure, configure.in:
3268 Prevent configure from adding the -g flag unless in devel mode
3271 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
3274 Go back to sudo-flavor to match existing packages and only use an
3275 underscore for those that need it.
3279 Use sudo_$flavor instead of sudo-$flavor since that causes the least
3280 amount of trouble for the various package managers.
3284 Fix handling of the ldap flavor Remove destdir unless --debug was
3285 specified Make distclean before running configure if there is a
3290 Add back include file.
3294 Pass extra args on to configure on HP-UX, if we don't have the HP C
3295 compiler, disable zlib to prevent gcc from finding it in
3300 Use the HP ANSI C compiler on HP-UX if possible
3303 * plugins/sudoers/sudoreplay.c:
3304 Some getline() implementations (FreeBSD 8.0) do not ignore the
3305 length pointer when the line pointer is NULL as they should.
3308 * plugins/sudoers/sudoreplay.c:
3309 Don't need to check for *cp being non-zero, isdigit() will do that.
3312 * plugins/sudoers/sudoreplay.c:
3313 Add setlocale() so the command line arguments that use floating
3314 point work in different locales. Since sudo now logs the timing
3315 data in the C locale we must Parse the seconds in the timing file
3316 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
3317 the number of seconds with the user's locale so if the decimal point
3318 is not '.' try using the locale-specific version.
3322 Do I/O logging in the C locale so the floating point numbers in the
3323 timing file are not locale-dependent.
3326 * plugins/sudoers/sudoreplay.c:
3327 Use errorx() not error() for thingsthat don't set errno.
3330 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
3333 Better support for 1.2.3 style versions in Tru64 kits
3337 Add Tru64 kit support
3341 Remove apparently unnecessary use of sudo
3344 * Makefile.in, plugins/sudoers/Makefile.in:
3345 Create timedir as part of install-dirs target.
3349 Handle ENXIO from read/write which can occur when reading/writing a
3350 pty that has gone away.
3353 * plugins/sudoers/pwutil.c:
3354 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
3358 platform is a pp flag not a variable
3361 * Makefile.in, mkpkg, sudo.pp:
3362 Add simple arg parsing for mkpkg so we can set debug, flavor or
3367 Make rpm backend work on AIX 5.x
3370 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
3372 * plugins/sudoers/sudoers:
3373 Add commented out Defaults entry for log_output
3376 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3379 Remove sudo docdir completely
3382 * doc/sample.sudo.conf:
3383 Add sample sudo.conf
3386 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3388 * plugins/sudoers/Makefile.in:
3389 Add PACKAGE_TARNAME for docdir
3392 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3395 Pass install-sh -b~ here too.
3398 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3399 plugins/sudoers/Makefile.in, src/Makefile.in:
3400 Install binary files with -b~ to make a backup. Fixes "text file
3401 busy" error on HP-UX during install.
3405 "mv -f" on HP-UX doesn't unlink the destination first so add an
3406 explicit rm before moving the temporary into place.
3409 * configure, configure.in:
3410 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
3413 * doc/Makefile.in, plugins/sudoers/Makefile.in:
3414 Install sudoers2ldif in the doc dir
3417 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3420 Add missing include of maillock.h for Solaris
3423 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
3424 doc/sample.syslog.conf, doc/sudoers.cat:
3425 Change the default syslog facility from local2 to authpriv (or auth
3426 if the operating system doesn't support authpriv).
3429 * Makefile.in, sudo.pp:
3430 Install sudoers as /etc/sudoers on RPM and debian systems where the
3431 package manager will not replace a user-modified configuration file.
3432 This fixes upgrades from the vendor sudo packages.
3436 RPM: use %config(noreplace) instead of %config for volatile This
3437 results in the new file being installed with a .rpmnew suffix
3438 instead of the file being replaced and the old one renamed with a
3442 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
3444 * compat/mkstemps.c, plugins/sudoers/boottime.c:
3445 Include time.h for struct timeval
3449 The return value of strsignal() may be const and should be treated
3450 as const regardless.
3453 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3454 Mention that 127.0.0.1 will not match, nor will localhost unless
3455 that is the actual host name.
3458 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
3459 Rename WHATSNEW -> NEWS
3463 Updated pp with latest patches
3470 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3471 plugins/sudoers/sudoers:
3472 Add commented out line to add HOME to env_keep and add a warning to
3473 the note about the HOME change in UPGRADE.
3476 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
3478 * plugins/sudoers/sudoreplay.c:
3479 Add LINE_MAX define for those without it.
3482 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
3483 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3484 plugins/sudoers/defaults.c:
3485 The tty_tickets option is now on by default.
3489 Mention that AIX authdb support has been fixed.
3493 setauthdb() only sets the "old" registry if it was set by a previous
3494 call to setauthdb(). To restore the original value, passing NULL
3495 (or an empty string) to setauthdb() is sufficient.
3498 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
3500 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
3501 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3502 plugins/sudoers/env.c:
3503 Reset HOME when env_reset is enabled unless it is in env_keep
3506 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3507 The default for set_logname has been "true" for some time now.
3510 * plugins/sudoers/boottime.c:
3511 Add missing include of time.h
3514 * plugins/sudoers/logging.c:
3515 Fix check for dup2() return value.
3518 * plugins/sudoers/env.c:
3519 Add PYTHONUSERBASE to initial_badenv_table
3522 * plugins/sudoers/visudo.c:
3523 Treat an unknown defaults entry as a parse error.
3526 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
3527 Check return value of setdefs() but don't stop setting defaults if
3528 we hit an unknown one.
3531 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
3532 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
3533 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
3534 plugins/sudoers/env.c:
3535 If env_reset is enabled, set the MAIL environment variable based on
3536 the target user unless MAIL is explicitly preserved in sudoers.
3539 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
3542 decode debian code names
3549 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3556 Restore RLIMIT_NPROC after the uid switch if it appears that
3557 runas_setup() did not do it for us. Fixes a bash script problem on
3558 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
3561 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3563 * mkpkg, pp, sudo.pp:
3564 Restore the dot removal in the os version reported by polypkg. Adapt
3565 mkpkg and sudo.pp to the change.
3568 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3571 document --with-pam-login
3574 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3575 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
3578 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3581 Include flavor in solaris package name
3585 Older shells don't support IFS= so set explictly to space, tab,
3590 Use '=' not '==' in test
3594 Fix typo that prevented debian from matching
3598 Add missing prefix setting for debian
3602 Use tab indents to reduce the chance of problem with <<- Fix the
3603 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
3604 line in sudoers for debian Uncomment some env_keep lines for RHEL,
3605 SLES and debian to more closely match the vendor sudoers files.
3606 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
3607 debian for ldap flavor
3610 * plugins/sudoers/sudoers:
3611 Add commented out env_keep entries, sample Aliases and a %sudo line
3615 * configure, configure.in:
3616 Move zlib check later on in the script to avoid a strange shell
3621 Remove check for egrep; configure has its own
3624 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
3627 Enable zlib for linux distros
3631 Add ldap flavor to default build
3635 Simplify rpm linux distro settings
3638 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
3639 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
3643 Fix ChangeLog creation from build dir
3646 * plugins/sudoers/sudoers.c:
3647 Handle getcwd() failure.
3650 * doc/Makefile.in, mkpkg, sudo.pp:
3651 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
3652 environment variable.
3656 Create sudo group on debian
3660 Add debian 4/5/6 and use the dot when doing version matches
3663 * aclocal.m4, configure:
3664 Use a loop when searching for mv, sendmail and sh
3667 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3668 Remove spurious "and"; from debian
3671 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
3672 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
3673 doc/visudo.man.in, doc/visudo.pod:
3674 Substitute the value of EDITOR into the sudoers and visudo manuals.
3677 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
3679 * mkpkg, pp, sudo.pp:
3680 Initial support for debian 4.0
3684 Some platforms need -fPIE instead of -fpie
3687 * plugins/sudoers/auth/pam.c:
3688 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
3689 On Linux it causes a DNS lookup via libaudit.
3693 Update MANIFEST to match packaging changes
3697 We now use pp to generate HP-UX packages
3700 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
3701 Remove vestiges of old binary package bits.
3704 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
3705 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3706 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3708 install-man -> install-doc
3711 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
3712 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
3713 Use http://rc.quest.com/topics/polypkg/ for packaging
3717 Just ignore the -c option, it is the default Add support for -d
3721 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
3723 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
3724 Use _PATH_STDPATH instead of _PATH_DEFPATH
3727 * plugins/sudoers/Makefile.in, src/Makefile.in:
3728 Do not strip binaries.
3731 * INSTALL, configure, configure.in:
3732 Add --insults=disabled configure option to allow people to build in
3733 insult support but have the insults disabled unless explicitly
3737 * compat/mkstemps.c:
3738 Add prototype for gettime()
3741 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
3742 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
3743 plugins/sudoers/sudoers.h:
3744 Add support for a sudo-i pam.d file to be used for "sudo -i".
3745 Adapted from a RedHat patch.
3748 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
3750 * include/missing.h:
3751 Fix mkstemps() prototype
3754 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
3755 config.h.in, configure, configure.in, include/missing.h,
3757 Use mkstemps() instead of mkstemp() in sudoedit. This allows
3758 sudoedit to preserve the file extension (if any) which may be used
3759 by the editor (like emacs) to choose the editing mode.
3762 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
3764 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
3765 plugins/sudoers/ldap.c:
3766 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
3767 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
3768 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
3769 should avoid disabling TLS_CHECKPEER is possible.
3772 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
3774 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3775 Make sudo_plugin format a bit more like a man page
3778 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3779 Add suport for negated user/host/command lists in a Defaults entry.
3780 E.g. Defaults:!baduser noexec
3783 * Makefile.in, common/Makefile.in, compat/Makefile.in,
3784 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3785 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3787 Add uninstall target
3790 * common/Makefile.in, compat/Makefile.in:
3791 Remove unused AR, SED and RANLIB variables
3795 Do not install sample plugins
3798 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
3800 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
3801 configure.in, plugins/sudoers/env.c:
3802 Now that sudoers is a dynamically loaded module we cannot override
3803 the libc environment functions because the symbols may already have
3804 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
3805 replacements from sudoers and add replacements for setenv/unsetenv
3806 for systems that lack them.
3809 * configure, configure.in, plugins/sudoers/Makefile.in:
3810 Link testsudoers with -ldl when needed
3813 * plugins/sample_group/plugin_test.c:
3814 Remove unused time.h and add limits.h for PATH_MAX
3817 * doc/sudoers.ldap.pod:
3821 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
3823 * plugins/sample_group/plugin_test.c:
3824 Do not depend on strlcpy/strlcat
3827 * plugins/sample_group/plugin_test.c:
3828 Standalone test driver for sudoers group plugin.
3831 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
3833 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
3834 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
3838 * plugins/sample_group/sample_group.c:
3839 Fix style nit in function declarations
3842 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3843 Document group_plugin syntax.
3846 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3847 Document the sudoers group plugin.
3850 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
3851 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
3852 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
3853 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
3854 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
3855 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
3856 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
3857 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
3858 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
3859 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
3860 Replace built-in non-unix group support with a sudoers group plugin.
3861 Include a sample plugin that can read Unix-format group files.
3864 * configure, configure.in, src/load_plugins.c:
3865 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
3868 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
3870 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
3871 doc/sudoers.man.in, doc/sudoers.pod:
3872 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
3875 * aclocal.m4, configure, configure.in:
3876 Substitute @io_logdir@ for the sudoers I/O log directory.
3879 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
3881 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
3882 common/atobool.c, common/fileops.c, common/fmt_string.c,
3883 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
3884 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
3885 compat/snprintf.c, config.h.in, configure, configure.in,
3886 include/fileops.h, plugins/sample/sample_plugin.c,
3887 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
3888 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
3889 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
3890 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
3891 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
3892 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
3893 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
3894 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
3895 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
3896 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
3897 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
3898 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
3899 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
3900 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
3901 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
3902 plugins/sudoers/logging.c, plugins/sudoers/match.c,
3903 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
3904 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
3905 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3906 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3907 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
3908 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
3909 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
3910 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
3911 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
3912 Set usrinfo for AIX Set adminstrative domain for the process when
3913 looking up user's password or group info and when preparing for
3914 execve(). Include strings.h even if string.h exists since they may
3915 define different things. Fixes warnings on AIX and others.
3919 Add a separate all target for AIX make which was using the entire
3920 LHS (not just the first entry) of the first target as the implicit
3924 * plugins/sudoers/env.c:
3925 Do not rely on env.env_len when unsetting a variable, just use the
3929 * plugins/sudoers/env.c:
3930 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
3933 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
3935 * plugins/sudoers/vasgroups.c:
3936 Use warningx() instead of log_error() since the latter is not
3937 available to visudo or testsudoers. This does mean that they don't
3941 * plugins/sudoers/sudoers.c:
3942 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
3943 closed the sudoers sources. From Quest sudo.
3946 * plugins/sudoers/pwutil.c:
3947 Ignore case when matching user/group names in the cache. From Quest
3951 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
3953 * config.h.in, configure, configure.in, src/selinux.c:
3954 Add check for setkeycreatecon() when --with-selinux is specified.
3957 * configure, configure.in:
3958 Error out if libaudit.h is missing or ununable when --with-linux-
3962 * doc/HISTORY, doc/history.pod:
3963 Add =head3 entries, mostly for the html version
3966 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3968 * doc/HISTORY, doc/history.pod:
3969 Mention when LDAP was incorporate.
3972 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
3974 * configure, configure.in:
3975 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
3976 not covered by _ALL_SOURCE.
3979 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
3981 * plugins/sudoers/iolog.c:
3982 Add a cast to quiet a compiler warning.
3985 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
3986 Quiet a compiler warning.
3989 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
3990 Call set_fqdn() after sudoers has parsed instead of inline as a
3994 * WHATSNEW, plugins/sudoers/sudoers.c:
3995 Do not call set_fqdn() until sudoers parses (where is gets run as a
4000 mention the change in tty ticket behavior when there is no tty
4003 * plugins/sudoers/check.c:
4004 Do not update tty ticket if there is no tty.
4007 * doc/LICENSE, doc/license.pod:
4008 Update copyright year
4012 Do not rely on BSD make's $>
4015 * configure, configure.in:
4016 Set timedir to /var/db/sudo for darwin to match Apple sudo's
4020 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
4022 * plugins/sudoers/sudoers.h:
4023 Add stub declarations for struct stat and struct timeval
4027 Remove compat/sigaction.c
4030 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
4031 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4032 Check for zlib.h in addition to libz.
4035 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
4037 Move functions and symbols shared between exec.c and exec_pty.c into
4042 Comment out rules to build .man.in and .cat files unless --with-
4047 Comment out rules to build .man.in and .cat files unless --with-
4052 Quote any non-alphanumeric characters other than '_' or '-' when
4053 passing a command to be run via the shell for the -s and -i options.
4057 Add back .man suffix
4060 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
4061 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
4062 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
4063 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
4065 Add Linux audit support.
4068 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
4070 * plugins/sudoers/iolog.c:
4074 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
4075 plugins/sudoers/sudoreplay.c:
4076 Add -f (filter) option to sudoreplay to allow certain streams to be
4077 replayed and others ignored.
4080 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
4082 Fix -A flag when askpass is specified in sudo.conf or if sudo
4083 doesn't need to read a password.
4086 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
4087 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
4091 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4092 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4093 Add support for multiple sudoers_base entries in ldap.conf. From
4097 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
4099 remove setsid check, we require a POSIX system
4102 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
4103 src/sudo.c, src/tgetpass.c:
4104 Check for dup2() failure.
4107 * config.h.in, configure, configure.in:
4108 Remove dup2() check, it is not optional.
4111 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
4114 sync with sudo 1.7.3
4118 SunOS does not ship with an ANSI compiler
4122 Update OS specific notes. Delete some really ancient ones and move
4123 older ones to the end of the list.
4127 Sudo can be downloaded from the web site too Mention "OS dependent
4128 notes" section in INSTALL
4131 * src/exec_pty.c, src/selinux.c:
4132 Call selinux_restore_tty() as part of cleanup() so it gets called
4133 from error()/errorx()
4136 * MANIFEST, doc/PORTING:
4137 Remove obsolete porting guide
4140 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
4141 Move union sudo_in_addr_un into interfaces.h
4145 Remove useless circular dependencies
4148 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
4149 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
4150 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
4151 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
4152 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
4153 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
4154 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
4155 Convert to ANSI C function declarations
4158 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
4159 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
4160 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
4161 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
4162 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
4163 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
4164 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
4165 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
4166 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
4167 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
4168 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
4169 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
4170 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
4171 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
4172 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
4173 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
4174 plugins/sudoers/logging.h, plugins/sudoers/match.c,
4175 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
4176 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
4177 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
4178 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
4179 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
4180 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
4181 src/conversation.c, src/error.c, src/load_plugins.c,
4182 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
4183 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
4184 Update copyright year
4188 Fix commented DEVDOCS when not in devel mode.
4191 * plugins/sudoers/match.c:
4192 Quiet a compiler warning.
4195 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4196 Quiet a compiler warning.
4199 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
4200 Make all functions in ldap.c static
4203 * doc/schema.ActiveDirectory:
4204 Updates from Alain Roy to provide better examples for importing the
4205 schema and to fix problems caused by Windows validating attributes
4206 which have not yet been added before committing the changes.
4209 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
4211 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
4212 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4213 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4214 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
4215 doc/visudo.cat, doc/visudo.man.in:
4216 Leave rules to build .man.in and .cat files uncommented but only
4217 make them part of the "all" rule in devel mode. Generate .cat files
4218 directly from .man.in instead of .man using default values in
4222 * configure, configure.in:
4223 Bump sudo version to 1.8.0b1
4226 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
4227 Print configure args with verbose version information.
4230 * TODO, plugins/sudoers/visudo.c:
4231 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
4232 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
4233 Use tq_append to append sudoers entries to the tail queue.
4236 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
4239 Describe tty timestamp improvements
4242 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4243 A comment character may not be part of a command line argument
4244 unless it is quoted with a backslash. Fixes parsing of:
4245 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
4249 Make this read a little bit better when passwd_timeout is 0.
4252 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
4253 Attempt to handle a default password prompt timeout of zero more
4257 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4258 Do not override value of keepopen global, instead restore it to the
4259 value we pushed onto the stack when popping.
4262 * plugins/sudoers/Makefile.in:
4263 Add dependency for utility programs on libreplace and libcommon
4266 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
4267 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
4268 src/exec.c, src/exec_pty.c, src/tgetpass.c:
4269 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
4272 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
4273 We don't use getgrouplist() at the moment so there's no need to
4274 provide a compat version.
4281 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4282 src/conversation.c, src/sudo.h, src/tgetpass.c:
4283 Fix visiblepw sudoers option; the plugin API portion still needs
4288 Print sudo version as well.
4291 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
4292 Use sudo_printf for I/O log version Clarify policy plugin version
4296 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
4297 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
4298 Silence some compiler warnings
4301 * src/load_plugins.c, src/tgetpass.c:
4302 Store askpass path in a global instead of uses setenv() which many
4306 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4308 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4309 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4310 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
4311 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4312 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
4313 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
4315 Move askpass path specification from sudoers to sudo.conf.
4318 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4319 Use a flag bit in struct command_details for selinux instead of a
4323 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4324 Implement background mode. If I/O logging we use pipes instead of a
4328 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
4329 src/exec.c, src/exec_pty.c, src/tgetpass.c:
4330 Move compat definition of NSIG to compat.h
4333 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4334 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4335 Mention plugins in the sudo manual and add some missing path
4336 substitution in the sudo_plugin manual.
4340 Set _PATH_SUDO_CONF based on $(sysconfdir)
4343 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
4344 src/exec.c, src/exec_pty.c, src/ttysize.c:
4345 Require POSIX termios to build sudo
4349 Ignore SIGPIPE for "sudo -S"
4353 Fix uninitialized variable in TGP_ECHO case and print a newline if
4354 the user interrupted password input.
4358 Make TGP_ECHO override TGP_MASK and don't try to restore the
4359 terminal if we didn't modify it.
4362 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4363 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4364 src/conversation.c, src/sudo.h, src/tgetpass.c:
4365 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
4366 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
4371 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
4374 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4376 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
4377 Add selinux_enabled flag into struct command_details and set it in
4378 command_info_to_details(). Return an error from selinux_setup()
4379 instead of exiting. Call selinux_setup() from exec_setup().
4382 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4385 Remove commented out copy of old sudo_execve() function.
4388 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4390 * plugins/sudoers/sudoers.c:
4391 Fix setting selinux type on command line.
4394 * plugins/sudoers/iolog.c:
4395 In sudoers_io_close(), skip NULL io_fds[] elements.
4399 No longer need NGROUPS_MAX define
4402 * compat/nanosleep.c, config.h.in, configure, configure.in,
4403 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
4404 plugins/sudoers/visudo.c, src/sudo_edit.c:
4405 Replace timerfoo macros with timevalfoo since the timer macros are
4406 known to be busted on some systems.
4410 Remove duplicate call to selinux_setup().
4413 * plugins/sudoers/auth/pam.c:
4414 If pam_open_session() fails, pass its status to pam_end.
4417 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4418 If a file in a #includedir has improper permissions or owner just
4419 skip it. This prevents packages that incorrectly install a file
4420 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
4421 #includedir files still result in a parse error (for now).
4424 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4425 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4426 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
4427 Add use_pty sudoers option to force use of a pty even when not
4431 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
4432 Make env_init() void as it never fails.
4435 * plugins/sudoers/env.c:
4436 No longer use _NSGetEnviron so don't need crt_externs.h
4439 * plugins/sudoers/env.c:
4440 Remove unused VNULL define
4443 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
4445 * plugins/sudoers/iolog.c:
4446 Add #define for maximum session id
4449 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
4450 Split exec.c into exec.c and exec_pty.c
4454 Sync with source file moves.
4457 * src/Makefile.in, src/get_pty.c, src/pty.c:
4458 Rename pty.c -> get_pty.c
4461 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
4463 * plugins/sudoers/iolog.c:
4464 Only use I/O input log file if def_log_input is set and output file
4465 if def_log_output is set.
4468 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
4470 * compat/strsignal.c:
4471 Update copyright year
4478 * plugins/sudoers/sudoers.c:
4479 For sudoedit, make a local copy of editor string si become part of
4480 argv. If no editor environment variable, split def_editor on ':'
4481 since it may be a colon-delimited path.
4485 Remove unneeded endpwent()/endgrent()
4489 Use value of nroff from configure
4493 Add missing const to I/O log action function
4496 * plugins/sudoers/check.c:
4497 Update copyright year and fix whitespace
4500 * configure, configure.in:
4504 * plugins/sudoers/iolog.c:
4505 Remove redundant tty signal blocking in log function.
4508 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
4510 * plugins/sudoers/iolog.c:
4511 Place static keyword where it belongs
4514 * plugins/sudoers/logging.c:
4515 Always use a printf format string for send_mail()
4518 * common/atobool.c, plugins/sudoers/ldap.c:
4519 Extend atobool() so we can use it in the LDAP code.
4522 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
4523 Sudo now stashes tty ctime for tty_tickets on Solaris too.
4526 * plugins/sudoers/boottime.c:
4527 Fix dummy version of get_boottime()
4530 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
4532 * plugins/sudoers/check.c:
4533 Enable tty_is_devpts() support for Solaris with the "devices"
4538 Unbreak the non-io logging case.
4541 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
4542 Fix symbol name conflict with sudo_printf.
4545 * plugins/sudoers/auth/pam.c:
4546 Fix OpenPAM detection for newer versions.
4549 * plugins/sudoers/vasgroups.c:
4550 Sync with Quest sudo git repo
4553 * aclocal.m4, configure, configure.in:
4554 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
4555 Add missing template for ENV_DEBUG Adapted from Quest sudo
4559 Fix typos; from Quest Sudo
4562 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
4564 * plugins/sudoers/Makefile.in:
4565 Add back -I$(top_srcdir); we need it for including compat/foo.h
4566 since we cannot rely on "foo.h" being found relative to the source
4567 file when the cwd is different.
4571 Fix a bug where we could treat EAGAIN as a permanent error. Also set
4572 cstat if perform_io() returns an error.
4575 * common/alloc.c, plugins/sudoers/boottime.c,
4576 plugins/sudoers/sudoers.c:
4577 Add casts to quiet compiler warnings.
4580 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4581 plugins/sudoers/visudo.c:
4582 Fix typo in ternary operator usage.
4585 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
4587 * INSTALL, configure, configure.in:
4588 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
4591 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4592 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
4593 Update docs to match sudoers I/O logging changes
4596 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
4597 pathnames.h.in, plugins/sudoers/def_data.c,
4598 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4599 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
4600 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
4601 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
4602 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
4603 plugins/sudoers/sudoreplay.c:
4604 Break sudoers transcript feature up into log_input and log_output.
4607 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4608 plugins/sudoers/visudo.c:
4609 Use setprogname() as needed.
4612 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4613 Adapt sudoreplay to iolog changes.
4616 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4618 * plugins/sudoers/iolog.c:
4619 Log all input and output into separate files and store a number on
4620 each timing file line to indicate which file the data is in.
4623 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4624 plugins/sudoers/sudoers.h:
4625 Make sudoers_io functions static to iolog.c
4628 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
4630 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
4631 src/sudo_usage.h.in:
4632 Completely remove the -L flag from the sudo front end.
4635 * plugins/sudoers/sudoreplay.c:
4636 Fix EAGAIN handling when writing to stdout.
4639 * plugins/sudoers/sudoers.c:
4640 Eliminate unused variables
4643 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
4644 Re-enable cleanup functions in sudoers plugin and sudo driver for
4648 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
4649 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
4650 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
4651 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
4652 Use sudo_printf to display verbose version information.
4655 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
4656 plugins/sudoers/Makefile.in, src/Makefile.in:
4657 Minor Makefile cleanup: fix a typo, change the removal order in the
4658 clean targets, and remove a superfluous include path for the sudoers
4662 * plugins/sudoers/env.c:
4663 Handle duplicate variables in the environment. For unsetenv(), keep
4664 looking even after remove the first instance. For sudo_putenv(),
4665 check for and remove dupes after we replace an existing value.
4668 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
4670 * plugins/sudoers/Makefile.in:
4671 Use explicit path to source file instead of $< for files that live
4672 in devdir and top_srcdir.
4675 * plugins/sudoers/Makefile.in:
4676 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
4677 ending LIBSUDOERS_OBJS with a backslash
4680 * plugins/sudoers/Makefile.in, src/Makefile.in:
4681 Link libcommon before libreplace since libcommon may use functions
4682 only present in libreplace.
4685 * common/Makefile.in:
4686 Move code common to sudo and the sudoers plugin to a convenience
4687 library, libcommon. Removes the need to make links in the sudoers
4688 plugin dir and reduces re-compilation of duplicate object files.
4691 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
4692 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
4693 common/term.c, common/zero_bytes.c, configure, configure.in,
4694 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
4695 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
4696 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
4698 Move code common to sudo and the sudoers plugin to a convenience
4699 library, libcommon. Removes the need to make links in the sudoers
4700 plugin dir and reduces re-compilation of duplicate object files.
4703 * src/exec.c, src/sudo.c, src/sudo.h:
4704 Rename script_execve to sudo_execve and rename script_foo in exec.c
4707 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
4708 rename script.c exec.c and fix up the MANIFEST file
4711 * src/script.c, src/sudo.c, src/sudo.h:
4712 Rename script_setup() to pty_setup() and call from script_execve()
4716 * configure, configure.in:
4717 bump version to 1.8.0a2
4720 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4721 Document init_session
4724 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
4725 plugins/sudoers/auth/sudo_auth.h:
4726 Clean up the sudoers auth API a bit and update the docs.
4729 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
4730 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
4731 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
4732 Add init_session function to struct policy_plugin that gets called
4733 before the uid/gid/etc changes. A struct passwd pointer is passed
4734 in,which may be NULL if the user does not exist in the passwd
4735 database.The sudoers module uses init_session to open the pam
4739 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
4741 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
4742 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
4743 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4744 Add open/close session to sudo auth, only used by PAM. This allows
4745 us to open (and close) the PAM session from sudoers.
4748 * plugins/sudoers/Makefile.in:
4749 Add explicit rule to build getdate.o for HP-UX make.
4752 * plugins/sudoers/Makefile.in:
4753 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
4754 rules as an alternate way to prevent HP-UX make (and others) from
4755 trying to rebuild the parser in non-dev mode.
4758 * plugins/sudoers/sudoers.c:
4759 Re-enable PATH_MAX check for command
4763 For distclean, clean the main directory last since the subdirs need
4764 to be able to run libtool to clean things.
4767 * compat/Makefile.in:
4768 Fix generation of mksiglist.h
4772 Now that we defer sending cstat until the end of script_child() we
4773 cannot reuse cstat when reading command status from parent.
4776 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
4778 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
4779 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4780 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
4781 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
4782 Use numeric registers to handle conditionals instead of trying to do
4783 it all with text processing.
4787 Document per-command SELinux settings
4790 * plugins/sudoers/sudoers.c:
4791 Repair "sudo -l -U username"
4794 * plugins/sudoers/sudoers.c:
4795 Set selinux role and type in command details.
4798 * src/script.c, src/selinux.c, src/sudo.h:
4799 Rework SELinux support.
4802 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
4804 * src/script.c, src/selinux.c, src/sudo.h:
4805 Make SELinux support compile again. Needs more work to be complete.
4808 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4809 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4810 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
4812 Bring back closefrom settings.
4815 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4816 plugins/sudoers/sudoers.h:
4817 If running a command or sudoedit in transcript mode, call
4818 io_nextid() before log_allowed() so the session id is logged.
4821 * configure, configure.in:
4822 Use mandoc(1) if nroff(1) is not present.
4826 Use the --file argument to config.status instead of setting
4827 CONFIG_FILES in the environment.
4830 * plugins/sudoers/Makefile.in:
4831 We cannot conditionally update gram.h or the dependency ordering
4832 gets messed up in devel mode.
4835 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
4837 * Makefile.in, compat/Makefile.in, configure, configure.in,
4838 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4839 plugins/sudoers/Makefile.in, src/Makefile.in:
4840 Substitute @SHELL@ into Makefiles
4847 * config.guess, config.sub, configure, configure.in:
4848 Update to autoconf 2.65
4852 Fix libtool target (space vs. tabs)
4855 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
4856 Remove use of RETSIGTYPE; all modern systems have signal handlers
4860 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
4861 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
4862 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
4863 plugins/sudoers/Makefile.in, src/Makefile.in:
4864 Update to libtool-2.2.6b. I haven't made any local modifications
4865 this time, which should be OK since we install sudo_noexec.so by
4869 * compat/Makefile.in, plugins/sample/Makefile.in,
4870 plugins/sudoers/Makefile.in, src/Makefile.in:
4871 Use libtool to clean objects
4874 * include/Makefile.in:
4875 Install sudo_plugin.h as part of "make install" and make other
4876 install targets callable from the top-level Makefile
4879 * configure, configure.in:
4880 regen with autoupdate to eliminate AC_TRY_LINK
4883 * Makefile.in, compat/Makefile.in, configure, configure.in,
4884 doc/Makefile.in, plugins/sample/Makefile.in,
4885 plugins/sudoers/Makefile.in, src/Makefile.in:
4886 Install sudo_plugin.h as part of "make install" and make other
4887 install targets callable from the top-level Makefile
4890 * plugins/sample/sample_plugin.c:
4891 The sample plugin doesn't support being run with no args so return a
4892 usage error in this case.
4895 * plugins/sudoers/iolog.c:
4896 Set close on exec flag for descriptors used for I/O logging so they
4897 are not present in the command being run.
4900 * plugins/sudoers/tsgetgrpw.c:
4901 Set close on exec flag in private versions of setpwent() and
4906 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
4907 Fixes extra fds being present in the command when it is part of a
4911 * plugins/sudoers/sudoers.c:
4912 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
4913 is used when logging). Note that user_ttypath will still be NULL if
4917 * src/script.c, src/sudo.h:
4918 Cosmetic changes: add comments, remove orphaned prototype and
4919 make a global static.
4922 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
4925 Move check for maxfd == -1 to flush_output where it belongs.
4929 Break out of select loop if all the fds we want to select on are -1.
4933 Avoid possible malloc(0) if plugin returns an empty groups list.
4937 Add debugging info when calling plugin close function
4941 Avoid closing stdin/stdout/stderr when we are piping output.
4945 When execve() of the command fails, it is possible to receive
4946 SIGCHLD before we've read the error status from the pipe. Re-order
4947 things such that we send the final status at the very end and prefer
4948 error status over wait status.
4951 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
4953 * plugins/sudoers/auth/sudo_auth.c:
4954 Fix compilation for non PAM/BSD auth/AIX auth
4957 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
4960 Additional checks to make sure we don't close /dev/tty by mistake.
4961 When flushing, sleep in select as long as we have buffers that need
4966 Now that we can use pipes for stdin/stdout/stderr there is no longer
4967 a need to error out when there is no tty. We just need to make sure
4968 we don't try to use the tty fd if it is -1.
4971 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
4973 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4974 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
4975 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
4976 Add argc and argv to I/O logger open function.
4979 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
4980 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
4981 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
4982 Remove check_sudoedit function pointer in struct sudo_policy.
4983 Instead, sudo will set sudoedit=true in the settings array. The
4984 plugin should check for this and modify argv_out as appropriate in
4988 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
4990 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
4992 If plugin sets "sudoedit=true" in the command info, enable sudoedit
4993 mode even if not invoked as sudoedit. This allows a plugin to
4994 enable sudoedit when the user runs an editor.
4997 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
4999 * plugins/sudoers/Makefile.in:
5000 gram.h must not depend on gram.y if we want to avoid unnecessary
5001 rebuilding of targets dependent on gram.h when gram.y changes.
5004 * plugins/sample/sample_plugin.c:
5005 Refactor common bits of check_policy and check_edit
5008 * plugins/sample/sample_plugin.c:
5009 Add sudoedit support
5012 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
5014 * plugins/sudoers/Makefile.in:
5015 Rely more on VPATH; fixes a dependency issue with the parser.
5019 Fix typo introduced in last commit
5023 Emulate seteuid using setreuid() or setresuid() as needed. There are
5024 still a few places that call seteuid() directly.
5027 * src/parse_args.c, src/sudo_edit.c:
5028 Attempt to fix building on systems that only have setuid.
5031 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5032 Clarify sudoedit a tad.
5035 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
5038 Fix compilation on HP-UX
5041 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5045 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
5046 Change how we handle the sudoedit argv. We now require that there
5047 be a "--" in argv to separate the editor and any command line
5048 arguments from the files to be edited.
5051 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5052 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
5053 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5054 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
5055 src/sudo.h, src/sudo_edit.c:
5056 Work in progress support for sudoedit. The actual interface used by
5057 the plugin for sudoedit is likely to change.
5060 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
5061 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
5062 Make find_path() a little more generic by not checking def_foo
5063 variables inside it. Instead, pass in ignore_dot as a function
5067 * plugins/sudoers/env.c:
5068 Add version of getenv(3) that uses our own environ pointer.
5071 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
5074 Avoid a potential race condition if SIGCHLD is received immediately
5075 before we call select().
5078 * plugins/sudoers/sudoers.c:
5079 Call env_init() before we open the sudoers sources as those may call
5080 our setenv() replacement.
5083 * plugins/sudoers/env.c:
5084 Initialize env_len in env_init()
5087 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
5089 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
5090 Document time stamp shortcomings under SECURITY NOTES Use "time
5091 stamp" instead of timestamp.
5095 Make sed substitution of mansectsu and mansectform global.
5098 * plugins/sudoers/check.c:
5099 If the tty lives on a devpts filesystem, stash the ctime in the tty
5100 ticket file, as it is not updated when the tty is written to. This
5101 helps us determine when a tty has been reused without the user
5102 authenticating again with sudo.
5106 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
5107 is what our compat checks set.
5110 * configure, configure.in:
5111 Add check for whether sudo need to link with -ldl to get dlopen().
5112 This is a bit of a hack that will get reworked when libtool is
5116 * plugins/sudoers/check.c:
5117 Fix timestamp removal with -k/-K
5120 * plugins/sudoers/Makefile.in:
5121 audit.c is now private to the sudoers plugin
5124 * configure, configure.in:
5125 Link with -lpthread on HP-UX since a plugin may be linked with
5126 -lpthread and dlopen() will fail if the shared object has a
5127 dependency on -lpthread but the main program is not linked with it.
5130 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
5131 Add separate test for getresuid() since HP-UX has setresuid() but no
5136 Remove errant backslash
5140 Fix SIGPIPE handling. Now that we use may use pipes for
5141 stdin/stdout we need to pass any SIGPIPE we receive to the running
5146 Also start the command in the background if stdin is not a tty.
5149 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
5151 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
5152 No need to use pseudo-cbreak mode now that we use pipes when stdout
5153 is not a tty. Instead, check whether stdin is a tty and if not,
5154 delay setting the tty to raw mode until the command tries to access
5155 it itself (and receives SIGTTIN or SIGTTOU).
5159 Use an array for signals received instead of a single variable so we
5160 don't lose any when there are multiple different signals.
5164 Do signal setup after turning off echo, not before. If we are using
5165 a tty but are not the foreground pgrp this will generate SIGTTOU so
5166 we want the default action to be taken (suspend process).
5169 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
5172 Flush the iobufs on suspend or child exit using the same logic as
5173 the main event loop.
5177 Free memory after we are done with it.
5180 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
5183 Quest now sponsors Sudo development
5186 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
5189 Install sudo_plugin man page.
5193 Go back to reseting io_buffer offset and length (and now also the
5194 EOF handling) in the loop we do the FD_SET, not after we drain the
5195 buffer after write() since we don't know what order reads and writes
5200 audit files moved to sudoers plugin directory
5203 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5204 Document plugin_printf and new logging functions.
5208 Add support for logging stdin when it is not a tty. There is still a
5209 bug where "cat | sudo cat" has problems because both cat and sudo
5210 are trying to read from the tty.
5213 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5214 plugins/sudoers/sudoers.c, src/script.c:
5215 Add separate I/O logging functions for tty in/out and
5216 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
5217 is disabled for now.
5220 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
5222 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5223 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5224 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5225 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5226 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
5227 Add pointer to a printf like function to plugin open functon. This
5228 can be used instead of the conversation function to display info and
5233 Stop if make in a subdir fails
5237 Only set user's tty to blocking mode when doing the final flush.
5238 Flush pipes as well as pty master when the process is done.
5241 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
5243 * plugins/sudoers/ldap.c:
5244 Use print_error() when displaying ldap config info in debugging
5248 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
5249 No longer need strdup() or strndup() replacements.
5252 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5253 plugins/sudoers/sudoers.h:
5254 Add print_error() function that uses the conversation function to
5255 print a variable number of error strings and use it in log_error().
5258 * src/script.c, src/sudo.h, src/term.c:
5259 Do not need the opost flag to term_copy() now that we use pipes for
5260 stdout/stderr when they are not a tty.
5264 Use pipes to the sudo process if stdout or stderr is not a tty.
5265 Still needs some polishing and a decision as to whether it is
5266 desirable to add additonal entry points for logging
5267 stdout/stderr/stdin when they are not ttys. That would allow a
5268 replay program to keep things separate and to know whether the
5269 terminal needs to be in raw mode at replay time.
5272 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
5274 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
5275 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
5276 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
5277 Move audit sources into the sudoers plugin dir; the driver does not
5281 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
5282 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
5283 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
5284 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
5285 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
5286 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
5287 src/term.c, src/ttysize.c:
5288 Use angle brackets when including headers that can only be found
5289 when an -I flag is specified. The files in the compat dir could get
5290 away with double quotes here but I've converted all the source files
5291 to use angle brackets for consistency.
5294 * plugins/sudoers/Makefile.in:
5295 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
5296 dir can be found when building outside the source tree.
5299 * plugins/sudoers/Makefile.in:
5300 Clean up links in distclean
5303 * plugins/sudoers/Makefile.in:
5304 Hack around VPATH semantic differences by symlinking files we need
5305 from ../../src into the current directory and build those. A better
5306 fix would be to either make a .a or .la file with those files in it
5307 or simply use a single, flat, Makefile instead of per-subdirs
5311 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
5312 fmt_string is used by the sudoers plugin too so do not include
5313 sudo.h (which is not really needed here anyway)
5316 * compat/Makefile.in, plugins/sample/Makefile.in,
5317 plugins/sudoers/Makefile.in, src/Makefile.in:
5318 Fix building with non-BSD versions of make such as GNU make.
5319 Requires VPATH support, which should be in any non-neolithic make.
5322 * configure, configure.in, plugins/sudoers/Makefile.in,
5323 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
5325 Re-enable bsm audit. Currently auditing is done within the sudoers
5326 plugin itself. If possible, this should really be done in the main
5327 driver but we don't presently have the needed data to do that. This
5328 will be re-evaluated when Linux audit support is added.
5331 * compat/Makefile.in, plugins/sample/Makefile.in,
5332 plugins/sudoers/Makefile.in, src/Makefile.in:
5333 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
5334 of explicit rules in the dependency.
5337 * plugins/sudoers/visudo.c:
5338 Fix mismerge; alias_remove_recursive() now returns int
5341 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
5343 * plugins/sudoers/visudo.c:
5344 Fix a crash when checking a sudoers file that has aliases that
5345 reference themselves. Based on a diff from David Wood.
5349 Print signal info after restoring the tty mode, not before.
5353 Defer call to alarm() until after we fork the child. Pass correct
5354 pid to terminate_child() If the command exits due to signal, set
5355 alive to false like we do when it exits normally. Add missing
5356 check for errpipe[0] != -1 before using it in FD_ISSET
5359 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
5361 * plugins/sudoers/boottime.c:
5362 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
5365 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
5368 Simplify dependencies by using .c.o and .c.lo rules.
5371 * configure, configure.in, plugins/sudoers/Makefile.in,
5373 Substitute in @PROGS@ into src/Makefile to add sesh
5376 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
5378 * plugins/sudoers/sudoers.c:
5379 Add back calls to log_denial() if sudoers does not allow the
5383 * plugins/sudoers/sudoers.c:
5384 Pass in correct pwflag for list and validate.
5387 * plugins/sudoers/env.c:
5388 Add missing check for NULL in validate_env_vars
5392 Add sudo_noexec.la to "all" target, otherwise it only gets built at
5396 * plugins/sudoers/sudoers.c:
5397 Only set sudo_user.env_vars if the env_add list is empty.
5400 * plugins/sudoers/sudoers.c:
5401 Set sudo_user.env_vars so that environment variables specified on
5402 the command line get logged correctly.
5405 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
5406 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5407 Re-enable environment files and setting environment variables on the
5411 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
5413 * plugins/sudoers/check.c:
5414 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
5415 a pointer to time_t as tv_sec in struct timeval may be long.
5418 * plugins/sudoers/check.c:
5419 Don't stash ctime in on-disk tty ticket info for now; on many
5420 (most?) systems the ctime is updated when the tty is written to.
5421 Once I have a better idea of what systems do not update ctime on
5422 ttys (and have a way to test for this) the ctime stash will be
5423 conditionally re-enabled.
5426 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
5428 * MANIFEST, Makefile.in:
5429 Add back "dist" target, this time using a MANIFEST file
5433 Remove Makefile in distclean target
5436 * Makefile.in, src/Makefile.in:
5437 Update clean and cleandir targets
5440 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
5442 Move fileops.c defines and prototypes to filesops.h
5445 * plugins/sudoers/check.c:
5446 Lock the tty timestamp when writing. We shouldn't have to lock when
5447 reading since the file is updated via a single write system call.
5450 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
5452 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
5453 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
5454 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
5455 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
5456 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5457 plugins/sudoers/logging.c, plugins/sudoers/match.c,
5458 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
5459 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
5460 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
5461 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5462 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
5463 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
5464 Convert to ANSI C function declarations
5467 * plugins/sudoers/sudoers.h:
5468 Remove extraneous bits and classify by source file.
5472 Add timercmp macro for systems without it
5475 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
5476 plugins/sudoers/sudoers.h:
5477 get_boottime() now fills in a timeval struct
5480 * plugins/sudoers/check.c:
5481 Store info from stat(2)ing the tty in the tty ticket when tty
5482 tickets are in use. On most systems, this closes the loophole
5483 whereby a user can log out of a tty, log back in and still have the
5487 * config.h.in, configure.in:
5488 Add timespec2timeval and use it when getting ctime/mtime
5491 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
5493 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
5494 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5495 plugins/sudoers/testsudoers.c:
5496 Convert perm setting to push/pop model; still needs some work Use
5497 the stashed runas groups instead of using getgrouplist() Reset perms
5498 to the initial value on error
5501 * config.h.in, configure.in:
5502 fix ctim_get and mtim_get macros
5505 * config.h.in, configure, configure.in, include/compat.h,
5506 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
5507 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
5508 Use timeval directly instead of converting to timespec when dealing
5509 with file times and time of day.
5512 * plugins/sudoers/Makefile.in:
5513 Don't like sudoreplay with libsudoers.la due to a yacc symbol
5517 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
5519 * configure, configure.in:
5520 Darwin >= 9.x has real setreuid(2)
5523 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
5525 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
5529 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
5530 plugins/sudoers/sudoers.h:
5531 Remove remaining references to the environ pointer.
5534 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
5536 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5537 Don't change the environ directly in the sudoers plugin
5540 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
5542 * plugins/sudoers/sudoers.c:
5546 * plugins/sudoers/alias.c:
5547 Fix use after free in error message when a duplicate alias exists.
5550 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
5552 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5554 Add a "noninteractive" boolean to the settings passed in to the
5555 plugin's open function that is set when the user specifies the -n
5559 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5560 Add workaround for the lack of the environ pointer on Mac OS X in
5561 dlopen()ed modules. Use of environ in the sudoers plugin should
5562 ultimately be removed but this will do for the moment.
5565 * plugins/sudoers/visudo.c:
5566 Set errorfile to the sudoers path if we set parse_error manually.
5567 This prevents a NULL dereference in printf() when checking a sudoers
5568 file in strict mode when alias errors are present.
5571 * plugins/sudoers/sudoers.c:
5572 Main sudo no longer print "unable to execute" on exec failure so do
5576 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
5579 Use a pipe to pass back errno to the parent if execve() fails. If we
5580 get an error in script_child(), kill the command and exit.
5583 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5584 src/parse_args.c, src/sudo.c:
5585 Handle plugin's open function returning -2 (usage error).
5589 If execve() fails, leave it to the plugin to print an error string.
5593 If execve fails in logging mode, pass the errno directly to the
5594 grandparent on the backchannel and exit. The immediate parent will
5595 get SIGCHLD and try to report that status but its parent will no
5596 longer be listening. It would probably be cleaner to pass this over
5597 a pipe in script_child().
5600 * plugins/sudoers/sudoers.c:
5601 Don't override rval with results of check_user() unless it failed.
5604 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
5606 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5611 NULL-terminate env_add
5614 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
5617 Call the I/O log open function before the I/O version function.
5620 * plugins/sudoers/iolog.c:
5621 Remove io_conv and just use sudo_conv
5624 * plugins/sudoers/set_perms.c:
5625 Fix set/restore perms for systems w/o setresuid
5628 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
5630 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
5631 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
5632 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5633 Primitive set/restore permissions. Will be replaced by a push/pop
5638 Only need to take action on SIGCHLD in parent if no I/O logger. If
5639 there is an I/O logger we will receive ECONNRESET or EPIPE when we
5640 try to read from the socketpair.
5643 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
5645 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
5646 doc/sudoers.pod, plugins/sudoers/find_path.c:
5647 Merge fb4d571495fa from the 1.7 branch to trunk.
5650 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
5653 Don't set SA_RESTART when registering SIGALRM handler. Do set
5654 SA_RESTART when registering SIGWINCH handler.
5658 Add dev targets for *.man.in and *.cat that don't specfify the
5663 If log_input or log_output returns false, terminate the command.
5667 Better signal handling. Instead of using a single variable to store
5668 the received signal, use an array so we can't lose a signal when
5669 multiple are sent. Fix process termination by SIGALRM in non-I/O
5670 logger mode. Fix relaying terminal signals to the child in non-I/O
5675 Fix a race between when we get the child pid in the parent and when
5676 the child process exits. The problem exhibited as a hang after a
5677 short-lived process, e.g. "sudo id" when no IO logger was enabled.
5680 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
5682 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5683 Add a note about the security implications of the fast_glob option.
5686 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
5688 * config.h.in, configure, configure.in:
5689 Fix up some AC_DEFINE descriptions and regen config.h.in
5692 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
5694 * include/missing.h:
5695 No longer check for strdup or strndup for LIBOBJ replacement.
5699 Avoid installing signal handlers that are io-logger specific. Fixes
5700 job control when no io logger is enabled.
5704 Only regen man pages from pod when configured with --with-devel
5707 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
5709 * Makefile, Makefile.in, configure, configure.in:
5710 Top-level Makefile.in. Nothing is currently substituted but this is
5711 needed for separate build dirs.
5714 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
5715 plugins/sudoers/Makefile.in, src/Makefile.in:
5716 Fix out-of-tree builds
5723 We always install sudoreplay in 1.8
5726 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
5728 * compat/siglist.in:
5729 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
5732 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
5734 * configure, configure.in:
5735 No need to provide strdup() or strndup(), sudo uses estrdup() and
5739 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
5741 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
5742 Free str after using it in the version method. Use sudo_conv, not
5743 io_conv since we don't have the IO conversation function pointer in
5744 the I/O version method anymore now that io_open is delayed.
5747 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
5749 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
5751 Add license to mksiglist.c and note that the bits from pdksh are
5755 * compat/Makefile.in:
5756 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
5759 * plugins/sudoers/Makefile.in:
5760 Add sudoreplay testsudoers and visudo to clean target
5763 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
5764 compat/siglist.in, compat/strsignal.c, configure, configure.in,
5765 include/missing.h, src/script.c:
5766 Create our own sys_siglist for systems without it for use by
5770 * compat/Makefile.in:
5771 Remove duplicate $(LIBOBJDIR)
5774 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
5776 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
5777 Main sudo should not block signals; the plugin should do this in
5781 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
5784 Fix a sizeof(ptr) vs. sizeof(*ptr)
5788 Unlike most operating systems, HP-UX select() is not interrupted by
5789 SIGCHLD when the signal is registered with SA_RESTART. If we clear
5790 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
5791 behavior and the code in the select() loops already handles EINTR
5795 * compat/getprogname.c:
5796 progname should be const
5799 * plugins/sudoers/Makefile.in:
5800 Move --tag=disable-static to when we link sudoers.la, not when we
5804 * src/load_plugins.c:
5805 Load the sudoers I/O plugin by default too now that it is hooked up.
5808 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
5811 It looks like AIX doesn't need to push STREAMS modules for ptys.
5814 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
5816 * src/parse_args.c, src/sudo.c:
5817 Delay calling the I/O plugin open function until the policy plugin
5821 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
5823 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
5824 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5825 plugins/sudoers/sudoers.h:
5826 Add back io logging (transcript) support. Currently, the open
5827 function runs too early and it is not possible to use the io module
5828 independently of the policy module.
5831 * plugins/sudoers/set_perms.c:
5832 Comment out dead code; will be removed when set_perms is rewritten.
5835 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
5837 * plugins/sudoers/sudoers.c:
5838 Fix off by one error when allocating user_groups.
5841 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
5843 * configure, configure.in, plugins/sudoers/Makefile.in:
5844 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
5847 * plugins/sudoers/sudoers.c:
5848 Fix typo in preserve groups case
5851 * plugins/sudoers/sudoers.c:
5852 In command_info it is "runas_groups" not "groups".
5856 Fix iteration over runas_groups list.
5859 * configure, configure.in, plugins/sudoers/env.c,
5860 plugins/sudoers/match.c, src/script.c:
5861 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
5864 * compat/getgrouplist.c:
5865 getgrouplist(3) for those without it
5868 * plugins/sudoers/sudoers.c:
5869 Set preserve_groups or groups list in command_info
5873 Fix setting of groups list
5876 * config.h.in, configure, configure.in, include/compat.h,
5878 Add checks for getgrset and getgrouplist and use replacement
5879 getgrouplist if the system doesn't support it.
5883 Pass in preserve_groups when the -P flag is specified as per the
5887 * plugins/sudoers/sudoers.c:
5888 Check preserve_groups and ignore_ticket args with atobool instead of
5889 assuming they are true if present.
5892 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
5894 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
5895 plugins/sudoers/plugin_error.c:
5896 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
5897 sudoreplay and testsudoers in the build
5900 * src/Makefile.in, src/term.c:
5901 term.c does not needto include sudo.h
5904 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
5905 doc/sudo_plugin.pod:
5906 Document the -2 return in the check_policy section too
5909 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5910 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5911 src/parse_args.c, src/sudo.c, src/sudo.h:
5912 Fix the -s and -i flags and add support for the "implied_shell"
5913 option. If the user does not specify a command, sudo will now pass
5914 in the path to the user's shell and set impied_shell=true. The
5915 plugin can them either check the command normally or return -2 to
5916 cause sudo to print a usage message and exit.
5919 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
5921 * config.h.in, configure, configure.in, src/load_plugins.c:
5922 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
5923 Darwin where libraries end in .dylib but modules end in .so
5926 * plugins/sudoers/parse.c:
5927 Better prefix determination now that we can't rely on len==0 to tell
5928 the beginning on an entry.
5931 * plugins/sudoers/ldap.c:
5932 display_bound_defaults() stub should return 0, not 1 since it is a
5933 count, not a boolean.
5936 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5937 Document progname in settings
5940 * compat/getprogname.c, include/compat.h,
5941 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
5942 src/parse_args.c, src/sudo.c:
5943 Rewrite compat/getprogname.c and add setprogname(). The progname is
5944 now passed to the plugin via the settings array.
5947 * configure, configure.in, plugins/sudoers/Makefile.in:
5951 * plugins/sudoers/sudo_nss.c:
5952 Add missing whitespace for Runas and Command-specific defaults
5955 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
5956 plugins/sudoers/sudo_nss.c:
5957 Use embedded newlines in lbuf instead of multiple calls to
5962 Add support for embedded newlines.
5965 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
5967 * compat/getprogname.c:
5968 If system doesn't support getprogname or __programe and we are
5969 building a shared object don't bother with Argc/Argv, just return
5973 * config.h.in, configure, configure.in, src/load_plugins.c:
5974 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
5975 appears to always install a shared object with the .so suffix.
5978 * compat/Makefile.in, configure, configure.in,
5979 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
5981 Play more nicely with libtool and let it build libreplace (was
5985 * include/missing.h:
5986 Include stdarg.h for va_list rather than requiring all consumers of
5987 missing.h to include stdarg.h themselves.
5990 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
5991 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
5992 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
5994 Pass in output function to lbuf_init() instead of writing to stdout.
5995 A side effect is that the usage info can now go to stderr as it
5999 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
6001 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
6002 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
6003 src/parse_args.c, src/sudo.c:
6004 Use number of tty columns that is passed in user_info instead of
6005 getting it directly in the lbuf code.
6008 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
6009 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6010 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
6011 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6012 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6013 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
6014 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6015 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
6016 plugins/sudoers/logging.h, plugins/sudoers/match.c,
6017 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
6018 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6019 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6020 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
6021 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6022 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6023 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
6024 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
6025 plugins/sudoers/visudo.c:
6029 * config.h.in, configure, configure.in, src/load_plugins.c:
6030 Set the sudoers plugin name in configure so we get the extension
6034 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6035 Document lines/cols in user_info
6038 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
6039 Add tty size to user info
6043 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
6046 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
6048 * plugins/sudoers/sudoers.c:
6049 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
6050 out if we fail to lookup the user's name that is passed in
6053 * plugins/sudoers/error.c:
6054 Pass the error value back via siglongjmp.
6057 * plugins/sudoers/check.c:
6058 Use conversation function for lecture.
6061 * plugins/sudoers/check.c:
6062 Don't update ticket file if verify_user returns FALSE.
6065 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
6067 * plugins/sudoers/sudoers.c, src/sudo.c:
6068 Wire up invalidate and validate methods for sudoers
6071 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
6072 plugins/sudoers/sudoers.h:
6073 Add support for -k flag with a command.
6077 Allow -k to be specified with a command.
6080 * plugins/sudoers/sudoers.c:
6084 * plugins/sudoers/error.c:
6085 Add newline at the end of message and space after the colon in
6089 * plugins/sudoers/auth/sudo_auth.c:
6090 Add missing newline after pass password warning
6093 * plugins/sudoers/sudoers.c:
6094 Set user_groups and user_ngroups based on user_info
6097 * plugins/sudoers/error.c:
6101 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
6102 Make _warning in error.c use the conversation function and remove
6103 commented out warning/warningx in sudoers.c.
6106 * plugins/sudoers/logging.c:
6107 Use siglongjmp() in log_error for fatal errors
6110 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
6111 Quiet a libtool warning
6115 Build sudoers plugin
6118 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
6119 Use warningx in yyerror() so the conversation function gets used
6120 when built as part of sudoers.
6123 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
6125 * plugins/sudoers/auth/pam.c:
6126 Rename sudo_conv to conversation to avoid a namespace conflict.
6129 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
6130 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6131 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6132 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6133 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6134 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6135 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6136 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6137 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6138 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6139 plugins/sudoers/env.c, plugins/sudoers/error.c,
6140 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
6141 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6142 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
6143 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
6144 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
6145 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6146 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
6147 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
6148 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
6149 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
6150 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
6151 Initial bits of sudoers plugin; still needs work.
6155 Add HAVE_STRDUP and HAVE_STRNDUP
6158 * compat/Makefile.in, configure, configure.in:
6159 Build libmissing in two flavors (one PIC one non-PIC) and link with
6160 the appropriate one.
6163 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6164 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
6165 Build libmissing in two flavors (one PIC one non-PIC) and link with
6166 the appropriate one.
6169 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
6171 * include/missing.h:
6172 Add strdup and strndup and fix strsignal
6175 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
6177 * compat/strdup.c, compat/strndup.c, configure, configure.in,
6178 plugins/sample/Makefile.in, src/Makefile.in:
6179 Add strdup and strndup to compat
6182 * plugins/sample/sample_plugin.c:
6183 Need to include compat.h before missing.h
6186 * compat/strsignal.c:
6187 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
6188 it doesn't exist configure will set it to 0.
6192 Fix botched ANSI C coversion of globexp2()
6195 * configure, configure.in:
6196 Remove redundant getgroups check
6199 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
6200 Require either termios or termio, no more sgtty.
6203 * compat/strsignal.c, config.h.in, configure, configure.in:
6204 Change the sys_siglist check to use AC_CHECK_DECLS and also check
6205 for _sys_siglist and__sys_siglist
6208 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
6210 * configure, configure.in, src/Makefile.in:
6211 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
6212 use SUDO_OBJS for the main driver as part of OBJS.
6215 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6216 Mention in the conversation function section that a newline is not
6221 Add definition of WCOREDUMP for systems without it. This is known
6222 to work on AIX and SunOS 4, but may be incorrect on other systems
6223 that lack WCOREDUMP.
6226 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
6228 * plugins/sample/sample_plugin.c, src/conversation.c:
6229 conversation function no longer puts a newline at the end of info or
6233 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
6236 Use parent process group id instead of parent process id when
6237 checking foreground status and suspending parent. Fixes an issue
6238 when running commands under /usr/bin/time and others.
6241 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
6244 transcript option is now --with not --enable
6247 * plugins/sample/sample_plugin.c:
6248 Add support to -u and -g flags Check fmt_string retval Add timeout
6249 for debugging purposes
6252 * src/script.c, src/sudo.c:
6253 Wire up SIGALRM handler Set close on exec flag for child side of the
6254 socketpair Fix signal handling when not doing I/O logging
6258 g/c unused SIGCHLD handler
6261 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
6262 Don't use emalloc() in fmt_string(); we want to be able to use it
6267 tq_remove not list_remove
6270 * configure, configure.in:
6271 AUTH_OBJS should contain .lo files not .o files.
6274 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
6277 Simplify conversion of command line args to name=value pairs.
6280 * plugins/sample/sample_plugin.c:
6281 Handle NULL reply from conversation function
6285 Don't depend on emalloc/erealloc
6288 * plugins/sample/Makefile.in:
6289 Use $(OBJS) instead of sample_plugin.lo
6292 * plugins/sample/sample_plugin.c:
6293 runas_user is in settings not user_info
6297 Fix a mismatch between sudo_settings and settings_pairs that causes
6298 some settings to get the wrong values.
6301 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
6303 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
6304 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
6305 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
6309 * src/load_plugins.c:
6310 Fix strlcpy() return value check.
6313 * INSTALL, configure, configure.in:
6314 No longer need to substitute in script.o and pty.o; I/O logging
6315 support is always built.
6318 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
6321 Add fallback to /bin/sh when execve() fails with ENOEXEC.
6324 * include/alloc.h, src/alloc.c:
6328 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
6330 * src/script.c, src/sudo.c:
6331 Refactor script_execve() a bit so that it can be used in non-script
6332 mode. Needs more cleanup.
6336 Ignore empty entries in command_info list
6339 * include/list.h, src/list.c:
6343 * src/conversation.c:
6344 Pass timeout to tgetpass()
6348 Add ChangeLog target
6352 Bump version and update things slightly for sudo 1.8.0
6355 * configure, configure.in:
6356 Sudo now requires an ANSI/ISO C compiler
6359 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
6364 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6365 include/list.h, include/missing.h:
6369 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
6370 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
6371 compat/getprogname.c, compat/glob.c, compat/glob.h,
6372 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6373 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6374 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6375 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
6380 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
6382 * src/sudo.c, src/tgetpass.c:
6383 Make user_details extern so tgetpass can get at the uid and gid. Set
6384 uid/gid to user before executing askpass program. Check environment
6385 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
6386 set the askpass program itself
6390 No longer need sudo_usage.h in sudo.c
6393 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
6394 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
6395 src/sudo_usage.h.in:
6396 Document -D level command line flag which maps to the debug_level
6400 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6401 Document debug_level in plugin doc. Still need to document the -D
6402 flag in sudo itself.
6405 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
6407 * plugins/sample/sample_plugin.c:
6408 include missing,h for vasprintf
6411 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
6412 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6413 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
6416 * plugins/sample/sample_plugin.c:
6417 Need to include limits.h
6424 * plugins/sample/Makefile.in, src/Makefile.in:
6425 Add missing compat bits
6428 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
6429 compat files should not include sudo.h wire up compat in sample
6433 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
6434 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
6437 * configure, configure.in:
6441 * plugins/sample/sample_plugin.c:
6442 Log input and output to temp files for proof of concept.
6445 * Makefile, configure, configure.in, doc/Makefile.in:
6446 Add doc Makefile.in and wire it up
6450 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
6451 suspending a shell with the "suspend" builtint.
6455 In child, handle parent side of the pipe going away.
6459 No longer need to check for explicit death of the child (process #2)
6460 since if it dies we will get EPIPE from the socketpair. Fix a
6461 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
6466 Make sudo_debug do a single vfprintf() which will result in a single
6467 write call on most systems. Avoids problems with interleaved debug
6468 printf from different processes. Also remove an extraneous error
6469 case since recv() can't return a short read and add some more XXX.
6472 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
6475 Fix uninitialized variable.
6479 Fix sudo install target
6482 * src/parse_args.c, src/sudo.c, src/sudo.h:
6490 * configure, configure.in:
6491 Fix setting of plugin dir
6499 Add missing source for sudo front end
6502 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
6503 Sample plugin demonstrating the sudo plugin API
6506 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
6507 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
6508 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
6509 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
6510 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
6512 Modular sudo front-end which loads policy and I/O plugins that do
6513 most the actual work. Currently relies on dynamic loading using
6514 dlopen(). See doc/plugin.pod for the plugin API.
6517 * doc/plugin.pod, include/sudo_plugin.h:
6521 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6522 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
6523 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
6524 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
6525 src/fileops.c, src/sudo_edit.c:
6526 Replace emul/include.h with compat/include.h to match new source
6531 Include missing.h for memrchr() proto
6534 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
6535 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
6536 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
6537 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
6538 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
6539 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
6540 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
6541 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
6542 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
6543 compat/getline.c, compat/getprogname.c, compat/glob.c,
6544 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6545 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6546 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6547 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
6548 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
6549 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
6550 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
6551 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
6552 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
6553 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
6554 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
6555 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6556 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
6557 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
6558 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
6559 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
6560 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
6561 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
6562 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
6563 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6564 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
6565 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
6566 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
6567 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
6568 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
6569 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
6570 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
6571 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
6572 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6573 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6574 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6575 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6576 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6577 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6578 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6579 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6580 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
6581 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
6582 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
6583 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6584 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
6585 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
6586 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
6587 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
6588 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
6589 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
6590 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
6591 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
6592 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
6593 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
6594 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
6595 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
6596 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
6597 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6598 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6599 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6600 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
6601 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6602 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
6603 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
6604 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6605 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
6606 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
6607 sample.pam, sample.sudoers, sample.syslog.conf,
6608 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
6609 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
6610 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
6611 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
6612 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
6613 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
6614 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
6615 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
6616 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
6617 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
6618 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
6619 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
6620 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
6621 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
6622 visudo.man.in, visudo.pod, zero_bytes.c:
6623 Rework source layout in preparation for modular sudo.
6626 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
6628 * Avoid a duplicate fclose() of the sudoers file.
6631 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
6634 * Use setrlimit64(), if available, instead of setrlimit() when setting
6635 AIX resource limits since rlim_t is 32bits.
6638 * Fix use after free when sending error messages. From Timo Juhani
6642 * ChangeLog, Makefile.in:
6643 Generate the ChangeLog as part of "make dist" instead of having it
6647 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
6649 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
6650 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
6651 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
6652 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
6653 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
6654 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
6655 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
6656 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
6657 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
6658 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
6659 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
6660 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
6661 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
6662 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
6663 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
6664 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
6665 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
6666 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
6667 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
6668 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
6669 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
6670 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
6671 Remove CVS $Sudo$ tags.
6674 2010-01-18 convert-repo <convert-repo>
6680 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
6683 make this match sudoers SYNOPSIS
6687 Print a newline between Runas and Command-specific defaults in sudo
6692 Use SET and CLR macros in term_raw
6696 Set stdin to non-blocking mode early instead of in check_input. Use
6697 term_raw instead of term_cbreak since the data we get has already
6698 been expanded via OPOST.
6701 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
6704 Enable/disable all postprocessing instead of just nl->crnl
6705 processing since things like tab expansion matter too. However, if
6706 stdout is a tty leave postprocessing on in the pty since we run into
6707 problems doing it only on the real stdout with .e.g nvi.
6710 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
6713 If tty_tickets is enabled and there is no tty, prompt for a
6714 password. Do not lecture user for "sudo -k command" if user has a
6719 Document missing options: --with-efence and --with-bsm-audit
6722 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
6723 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
6724 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
6725 visudo.man.in, visudo.pod:
6726 username -> user name groupname -> group name hostname -> host name
6729 * INSTALL, README.LDAP, sudoers.pod:
6730 filename -> file name like the rest of the docs
6733 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
6736 Fix printing of entries with multiple host entries on a single line.
6739 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
6742 Mention that targetpw affects the timestamp file name.
6745 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
6747 Add compress_transcript option.
6750 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
6752 * configure, configure.in:
6756 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
6757 Better split of membership vs. traditional group check in
6758 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
6761 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
6764 Fix pasto and add default return value.
6767 * check.c, match.c, pwutil.c, sudo.h:
6768 refactor group member checking into user_in_group()
6771 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
6773 Add support for mbr_check_membership() as present in darwin.
6776 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
6779 Rename label to be accurate
6782 * Makefile.in, boottime.c, check.c, config.h.in, configure,
6783 configure.in, sudo.h:
6784 Treat timestamp files from before we booted as old. Idea from and
6788 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
6790 * sudo.c, sudo.pod, sudo_usage.h.in:
6791 Allow the -u flag to be used in conjunction with the -v flag as per
6792 older versions of sudo.
6796 fix typo in last commit
6799 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
6802 Convert fmt_first and fmt_confd into macros.
6806 timeouts can be floats now
6809 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
6810 defaults.h, mkdefaults:
6811 Add support for floating point timeout values (e.g. 2.5 minutes).
6814 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
6817 The -L flag will be removed in sudo 1.7.4
6820 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
6823 Fix a bug due to order of operators.
6826 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
6829 cmnd_matches() already deals with negation so _cmndlist_matches()
6830 does not need to do so itself. Fixes a bug with negated entries in
6834 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
6837 Don't exit() from open_sudoers, just return NULL for all errors.
6841 Can't rely on the shell sending us SIGCONT when transitioning from
6842 backgroup to foreground process.
6846 Add missing extern def for parse_error
6849 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
6852 Avoid a parse error when #includedir doesn't find any files. Closes
6857 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
6860 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
6863 Start command out in foreground mode if stdout is a tty. Works
6864 around issues with some curses-based programs that don't handle
6865 tcsetattr getting interrupted by a signal. Still allows us to avoid
6866 hogging the tty if the command is part of a pipeline.
6869 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
6870 Use a socketpair to pass signals from parent to child. Child will
6871 now pass command status change info back via the socketpair. This
6872 allows the parent to distinguish between signals it has been sent
6873 directly and signals the command has received. It also means the
6874 parent can once again print the signal notifications to the tty so
6875 all writes to the pty master occur in the parent. The command is
6876 now always started in background mode with tty signals handled by
6880 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
6882 * configure, configure.in:
6883 Fix a few typos in the descriptions; from Jeff Makey Only do the
6884 check for krb5_get_init_creds_opt_free() taking two arguments if we
6885 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
6886 positive when using our own krb5_get_init_creds_opt_free which takes
6887 only a single argument.
6890 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
6892 * configure, configure.in:
6893 Remove a spurious comma in the kerb5 bits.
6897 Call krb5_get_init_creds_opt_init() in our emulated
6898 krb5_get_init_creds_opt_alloc() for MIT kerberos.
6901 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
6908 Need to ignore SIGTT{IN,OU} in child when running the command in the
6909 background. Also some minor cleanup.
6912 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
6915 Instead of calling sigsuspend when waiting for SIGUSR[12] from
6916 parent, install the signal handlers w/o SA_RESTART and let them
6917 interrupt waitpid().
6921 Pass along SIGHUP and SIGTERM from parent to child.
6925 Close unused bits of script_fds in processes that don't need them.
6926 Restore default SIGCONT handler in child.
6930 Update foreground/background status in SIGCONT handler in parent
6934 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
6937 Defer setting terminal into raw mode until just before we fork() and
6938 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
6939 and sudo is already in the foreground be sure to set raw mode before
6940 continuing the child.
6943 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
6946 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
6947 give the command the controlling tty if the main sudo process is the
6952 Don't bother with sudo_waitpid() here for now.
6959 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
6962 Remove non-wroking code that crept into rev 1.55
6965 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
6967 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
6968 First pass at zlib support for transcript data files
6972 remove vestiges of ZLDFLAGS
6976 Add missing variable declaration for when TIOCSCTTY is not defined.
6977 Need to include sys/termio.h for TIOCSCTTY on some systems.
6981 when resuming command, send SIGCONT to its pgrp not just pid
6985 remove unused variable
6989 include selinux.h for is_selinux_enabled() proto
6993 Don't use log_error() in the child process.
6997 Do I/O in parent instead of child since the parent can have both
6998 /dev/tty as well as the pty fds open. The child just sets things up
6999 and waits for its grandchild and writes the signal description to
7000 the pty master if the command was killed by a signal.
7003 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
7005 * missing.h, sudo.h:
7006 Move two struct forward declarations from sudo.h to missing.h
7010 Make comment at the top of script_exec() match reality.
7014 if neither stdin nor stdout is a tty, check stderr
7018 Add back dependecy of gram.h on gram.y
7022 Make transcript mode work as long as we can figure out our tty, even
7023 if it is not stdin. We'd like to use /dev/tty but that won't be
7024 valid after the setsid().
7027 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
7029 * config.h.in, configure, configure.in, pty.c:
7030 Add support for IRIX-style dynamic ptys
7033 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
7034 Move alloc.c protos into alloc.h
7038 Move prototypes for missing libc functions to missing.h
7041 * Makefile.in, sudo.h, sudoreplay.c:
7042 Move prototypes for missing libc functions to missing.h
7045 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
7047 * config.h.in, configure, configure.in:
7048 Disable transcript support if no tcsetpgrp until we support older
7049 BSD-style job control.
7052 * configure, configure.in, pty.c, script.c:
7053 Break out pty code into pty.c
7056 * compat.h, config.h.in, configure, configure.in:
7057 add killpg macro if no killpg function
7060 * config.h.in, configure, configure.in, script.c:
7061 Push ptem and ldterm for STERAMS-based systems when allocating a
7065 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
7068 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
7072 Call tcgetpgrp() in the parent, not the child and have the child
7073 spin until it is granted. Fixes a race on darwin.
7077 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
7081 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
7084 In script mode, if the command is killed by a signal, print the
7085 signal description as well as a core dump notification like the
7089 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
7091 Add check for strsignal() and a simple implementation if it is not
7092 there but sys_siglist is
7096 Add missing WUNTRACED and store the signal that stopped the
7097 grandchild in suspended, not signo.
7105 Associate the grandchild's pgrp with the tty instead of the child's
7106 and just get suspend notifications via SIGCHLD instead of directly.
7107 This fixes a hang with programs that try to set terminal attributes
7108 and is more consistent with how the shell handles things.
7111 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
7114 Move setpgid() of child into the parent side of the fork() where it
7118 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
7125 Run command in its own pgrp (like the shell does) for easier
7126 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
7127 to grandchild. Don't want grandchild stopped events in the child
7128 (only termination). Flush output after suspending grandchild before
7133 Back out revision 1.34; the problem lies elsewhere.
7137 Don't set stdout to blocking mode when flushing remaining output.
7138 It can cause us to hang when trying to exit. Need to investigate
7143 Handle SIGTTOU and remove some debugging.
7147 Back out revision 1.10 as the signal that interrupts us may be
7148 SIGTTOU or SIGTTIN which the caller must handle.
7152 Apparently we need to send SIGSTOP to the command as well as ourself
7153 when we get SIGTSTP, the kernel doesn't automatically stop the
7158 Use an extra process to act as the glue bewteen the sessions
7159 associated with the user's controlling tty (what the shell uses) and
7160 the tty that sudo is using to do its logging. Basically, this means
7161 that if we get, e.g. SIGTSTP from the process sudo is running, we
7162 relay the signal to the parent so it's shell can do the job control.
7166 Handle getting/setting terminal attributes when the fd is in non-
7170 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
7172 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7173 Add support for pausing and changing the speed in interactive mode.
7177 Already define O_NOCTTY in compat.h, don't need it here
7180 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
7186 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
7189 Always update the stashed mtime of the temp file instead of using
7190 what we have for the original because the time resolution of the
7191 filesystem the temporary is on may not match that of the filesystem
7192 that holds the original. Should fix bz #371 found by Philippe Levan.
7196 Use cbreak mode instead of raw mode and add signal handlers to
7197 restore the tty on interrupt.
7200 * script.c, sudo.h, term.c:
7201 Retain NL to NLCR conversion on the real tty and skip it on the pty
7202 we allocate. That way, if stdout is not a pty there are no extra
7207 Fix log_output(); just pass in a string and a length.
7210 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
7213 do not use errno when complaining out lack of a tty
7216 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
7218 * Makefile.in, sudoreplay.c, term.c:
7219 Instead of messing with line endings, just set terminal to raw mode
7224 When copying the terminal attributes to the pty, be sure not to set
7225 ONLCR. This prevents extra carriage returns from ending up in the
7230 Convert a do {} while into a while
7234 Use if then instead of test && when installing binaries that may not
7239 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
7240 old tty before associatng with new one.
7243 * script.c, selinux.c, sudo.c, sudo.h:
7244 First cut at refactoring some of the selinux code so it can be used
7245 in conjunction with sudo's transcript support.
7248 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
7250 * aclocal.m4, configure, configure.in:
7251 Fix default case of transcript_enabled being unset.
7254 * script.c, sudoreplay.c:
7255 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
7258 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
7259 Hook up --disable-transcript and --enable-transcript=DIR
7262 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
7264 * aclocal.m4, configure, configure.in, pathnames.h.in:
7265 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
7266 transcript=DIR option to specify the directory
7269 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
7273 * configure, configure.in, sudoers.man.pl, sudoers.pod:
7274 Substitute in default value for secure_path
7278 Mention that the password must be followed by a newline with the -S
7282 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
7285 Go back to dropping out of the select() loop when the process dies;
7286 Linux ptys apparently don't behave the same as BSD in regards to
7287 select(). No need to flush remaining output to the transcript, only
7288 to stdout. Add back code to check the master pty for additional data
7289 when we exit the main select loop.
7292 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
7295 Add getline.o to COMMON_OBJS
7299 sudoreplay depends on libsudo.a
7303 More pwutil.o into COMMON_OBJS
7306 * pwutil.c, testsudoers.c, tsgetgrpw.c:
7307 Remove my_* redirection in pwutil.c for testsudoers and just use the
7308 normal libc get{pw,gr}* names.
7311 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7312 More time and date examples
7315 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
7316 Move nanosleep() emulation into its own file Check librt.a for
7317 nanosleep if we don't find it in libc
7320 * Makefile.in, configure, configure.in:
7321 Build libsudo with the common bits and link things against that.
7329 Keep reading from the pty master -> log file until read returns <=
7330 0. Do our best to write everything to stdout when flushing any
7335 Use unbuffered I/O when writing to stdout and make sure we write the
7339 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
7342 Only use max_wait if it is non-zero
7345 * getdate.c, getdate.y, getline.c:
7350 Fix nanosleep emulation
7354 Fix comment after #endif
7358 Add protos for missing libc bits
7361 * configure, configure.in:
7362 add missing line continuation char
7365 * config.h.in, configure, configure.in, getline.c:
7366 Implement getline() in terms of fgetln() if we have it.
7370 Print year when formatting log line
7374 Document cwd, attempt to document time/date formats.
7378 Fix getline return value check.
7381 * Makefile.in, config.h.in, configure, configure.in, getline.c,
7383 Use getline() if the system has it, else use provide our own for
7388 Refactor code to update output and timing files.
7391 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
7394 Make sudo_getln() behave more like glibc getline.
7398 When flushing remaining output, also update timing file.
7402 Use get_timestr() and make the -l output look like the regular sudo
7406 * logging.c, sudo.h, timestr.c:
7407 Make get_timestr() take a time_t so we can use it properly in
7412 Create session dir earlier now that we update the seq number early.
7415 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
7418 Use fromdate and todate as the keywords instead of from and to; the
7419 short forms will still be accepted.
7423 Fix reading long liensin sudo_getln()
7426 * script.c, sudoreplay.c:
7427 Log the cwd in the script log file. Add sudo_getln() to read
7428 arbitrarily long lines.
7431 * Makefile.in, logging.c, sudo.h, timestr.c:
7432 Move get_timestr() into its own source file so sudoreplay can use
7436 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
7439 Add to and from perdicates (date ranges); needs documentation
7442 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
7444 * Makefile.in, getdate.c, getdate.y:
7445 Fix warning and add generated getdate.c
7448 * Makefile.in, getdate.y:
7449 Add getdate.y to be used for sudoreplay date parsing.
7452 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
7455 Check more than just the first character of a predicate
7458 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7459 Add examples, sort predicates
7462 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
7464 Implement search expressions in sudoreplay similar in concept to
7465 what find or tcpdump uses. TODO: date ranges
7468 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
7471 Remove vhangup as it was hanging up the wrong tty. Should really
7472 vhangup in the child after it as set its tty.
7476 Fix cut at documenting transcript support.
7480 ID= -> TSID= for transcript ID
7483 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
7486 Move fast_glob description to where it belongs in sorted order
7489 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
7490 parse.c, parse.h, sudo.c:
7491 Rename script -> transcript
7494 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
7497 Add timeradd and timersub for those without them
7501 Sanity check sessid before using it.
7505 Only set the session id if we are running a command or editing a
7510 Actually. qsort is fine since most versions fal back to a cheaper
7511 sort when the number of elements to sort is small (like in our
7515 * config.h.in, configure, configure.in, script.c:
7516 Check for dup2 and use dup instead if we don't have it.
7519 * script.c, sudo.c, sudo.h:
7520 Move the code to dup2 the script fds to low numbered descriptors
7521 into script_duplow() and fix the fd sorting.
7524 * script.c, sudo.c, sudo.h:
7525 Move script_setup() back to immediately before we drop privs and
7526 call the new script_nextid() in its place, which will set
7527 sudo_user.sessid for the logging functions.
7530 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
7537 remove unused variable
7540 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
7542 * logging.c, script.c, sudo.c, sudo.h:
7543 Log the session ID, if there is one. Currently logs ID=XXXXXX,
7544 perhaps should be SESSIONID or SESSID.
7547 * Makefile.in, configure, configure.in, sudoreplay.cat,
7548 sudoreplay.man.in, sudoreplay.pod:
7553 add -V (version) flag
7560 * script.c, sudoreplay.c:
7561 Use base36 number for the ID and store script files with paths like
7562 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
7563 (2,176,782,336) unique IDs.
7566 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
7568 * config.h.in, configure.in:
7569 Add check for regcomp
7573 Add support for selecting by pattern and tty when listing.
7576 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7579 The beginnings of a list mode.
7582 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
7588 * Makefile.in, config.h.in, configure.in:
7589 Add scaffolding for building sudoreplay
7593 include error.h first arg to nanotime is const
7597 Initial cut at sudoreplay; replay a sudo session.
7600 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
7603 Fix wait() usage and use correct wait status.
7606 * sudo.c, sudo.h, tgetpass.c:
7607 Add protos for term_* to sudo.h
7611 Fix detection of the child process exiting. Since the child is in
7612 its own session we should only ever get SIGCHLD for that process but
7613 better safe than sorry.
7617 Add UNIX98 pty support.
7620 * configure, configure.in, script.c:
7621 Add UNIX98 pty support.
7624 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
7627 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
7632 Set PAM_RUSER and PAM_RHOST early so they can be used during
7633 authentication. Based on a patch from Jamie Beverly.
7637 Close dir before returning if strlcpy() reports overflow. From
7641 * config.h.in, configure, configure.in, script.c:
7642 On Linux, the openpty proto libes in pty.h
7646 Call vhangup on exit if the system has it Use setpgrp() if no
7650 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
7652 * config.h.in, configure, configure.in:
7653 Add checks for revoke and vhangup if we don't have openpty
7657 Session logging guts that got forgotten in the previous commit.
7660 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
7661 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
7662 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
7664 First cut at session logging for sudo. Still need to write
7665 get_pty() for Unix 98 and old-style BSD ptys. Also needs
7666 documentation and general cleanup.
7669 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
7671 * sudo.c, sudo_edit.c:
7672 Fix a bug introduced with def_closefrom. The value of def_closefrom
7673 already includes the +1.
7676 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
7679 Generate sudo distributions with pax in ustar mode. No longer need
7680 to use a temp file or have the source dir name match the version.
7683 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
7686 Fix expansion of %h in #include names. Fixes bugzilla 363
7689 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
7692 If no arg assume def_data.in
7697 [f5ad45f69f05] [SUDO_1_7_2]
7703 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
7705 * sudoers.cat, sudoers.man.in, sudoers.pod:
7706 Add missing single quotes around a colon in Runas_Spec definition.
7710 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
7712 * sudo.man.in, sudoers.man.in:
7717 In rbrepair, re-color the root or the first non-block node we find
7718 to be black. Re-coloring the root is probably not needed but won't
7722 * sudo.cat, sudoers.cat:
7726 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
7729 When repairing the tree, don't touch the root node.
7732 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
7735 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
7736 Reported by Josef Schmid.
7739 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
7742 Document that we accept env_pam-style environment files
7746 Adapt to accept pam_env-style /etc/environment which allows shell-
7747 style lines such as: export EDITOR="/usr/bin/vi"
7751 Make it clear that env_delete only works when !env_reset. From Lo??c
7755 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
7757 * sudo.pod, sudoers.pod:
7758 Add non-unix group bits, adapted from Quest
7762 build the .cat page in the current working dir, not the src dir
7766 Return EINVAL in setenv() if var is NULL or the empty string to
7767 match glibc behavior.
7770 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
7772 * configure, configure.in:
7773 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
7776 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
7778 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
7779 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
7783 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7786 Document --with-libvas and --with-libvas-rpath
7789 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
7791 * ldap.c, sudoers.ldap.pod:
7792 For netscape-derived LDAP SDKs the cert and key paths may be a
7793 directory or a file. However, version 5.0 of the SDK only seems to
7794 support using a directory. If ldapssl_clientauth_init fails and the
7795 cert or key paths look like they could be files, strip off the last
7796 path element and try again.
7800 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
7803 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
7805 * configure, configure.in, match.c, sudo.c, vasgroups.c:
7806 Update non-Unix group support from Quest, as reworked by me.
7814 Add support for escaped hex chars in names, e.g. \x20 for space.
7817 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
7819 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
7820 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
7821 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
7822 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
7823 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
7824 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
7825 tgetpass.c, toke.l, visudo.c:
7826 Update copyright years.
7829 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
7831 * interfaces.c, lbuf.c:
7832 Minor fixes for Minix-3
7835 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
7838 Handle getgroups() returning 0. Also add missing check for
7842 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
7844 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
7845 version.h, visudo.c:
7846 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
7849 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
7852 Remove group setting code in setusercontext case, we will do it
7853 ourselves later on in runas_setup. Set the gid after
7854 initgroups/setgroups is called, since on Mac OS X it seems to change
7858 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
7860 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
7862 Initial bits of non-unix group support using Quest Authentication
7867 Accept %:foo as a non-Unix group
7871 Allow user/group to be double quoted in the case of non-Unix groups
7872 which contain spaces.
7875 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
7878 Don't allow the user to specify the default runas user if their
7879 sudoers entry only allows them to run as a group.
7882 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
7885 Must call audit_success before we change uids.
7888 * logging.c, set_perms.c, sudo.h, testsudoers.c:
7889 Add option for set_perm to not exit on failure and use this in the
7894 In -l mode, if the user is only allowed to run as a group, display
7895 the user's name, not root's before the allowed group.
7899 Fix -g mode, broken by rev 1.503 which had the side effect of
7900 setting the runas user to root unilaterally.
7903 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
7906 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
7910 Only cache by the method we fetched for pwd and grp lookups.
7911 Previously we cached both by namd and id but this can cause problems
7912 for entries that share the same id. Also add more info in the error
7913 message in case the insert fails (which should now be impossible).
7916 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
7919 Add a clarification from Nick Sieger
7922 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
7925 Inline the setting of the environment string.
7928 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
7931 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
7932 in BSD doesn't return an error if the name has '=' in it, it just
7933 treats the '=' as end of string.
7936 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
7939 Not all systems have d_namlen
7942 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
7945 Fix up some pod2html issues.
7948 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
7951 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
7956 Ignore files ending in '~' in sudo.d (emacs backup files)
7960 Ignore files ending in '~' in sudo.d (emacs backup files)
7963 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
7965 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
7966 For #includedir, ignore any file containing a dot
7969 * Makefile.in, version.h:
7973 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
7974 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
7976 Implement #includedir directive. Files in an includedir are not
7977 edited by visudo unless they contain a syntax error.
7982 [8741ed61a78b] [SUDO_1_7_1]
7985 Forgot umask_override
7992 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
7995 Rewind stream if we fdopen sudoers since it may not be at the
7996 beginning. Set the keepopen flag on already-open files too so the
7997 lexer doesn't close them out from under us.
8001 Print the proper file name when there is a parse error in an include
8005 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8011 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8013 * configure, configure.in:
8014 Fix a warning when --without-ldap is specified.
8017 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8019 * alias.c, parse.h, visudo.c:
8020 Store aliases that we remove during check_aliases in a freelist and
8021 free them at the end so we don't leak memory.
8024 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
8027 Check aliases in -c mode too.
8030 * alias.c, parse.h, visudo.c:
8031 Make alias_remove return the alias struct instead of freeing it
8032 directly. Fixes a use after free in alias_remove_recursive, the only
8036 * alias.c, match.c, parse.c, parse.h, visudo.c:
8037 Rename find_alias -> alias_find for consistency.
8040 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8043 When checking for unused aliases, recurse if the alias points to
8047 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
8050 Back out rev 1.105 for now. Real ldapux_client.conf support will be
8051 done later after some refactoring.
8054 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
8057 Treat ldap_hostport the same as "host" for ldapux.
8060 * configure, configure.in:
8061 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
8062 Fixes compilation with ldapux.
8065 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
8071 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
8074 remove errant carriage returns
8081 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8082 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8086 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
8089 Add missing HAVE_BSM_AUDIT
8097 Mention --with-netsvc
8101 Document netsvc.conf support
8104 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
8106 Add support for AIX netsvc.conf (like nsswitch.conf).
8109 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
8111 * config.h.in, configure, configure.in, env.c:
8112 Add --enable-env-debug flag to enable environment sanity checks.
8115 * sudoers.ldap.pod, sudoers.pod:
8116 Work around some pod2html issue.
8119 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
8122 Only sync environ for putenv, setenv, and unsetenv. We need to make
8123 sure that sudo_putenv and sudo_setenv only modify env.envp, not
8127 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
8130 Really fix UNSETENV_VOID
8134 Fix unsetenv when UNSETENV_VOID
8137 * aclocal.m4, configure:
8138 Fix SUDO_FUNC_PUTENV_CONST
8142 tivoli-based ldap does not have ldapssl_err2string
8149 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
8151 * config.h.in, configure, configure.in, ldap.c:
8152 Add support for Tivoli-based LDAP start TLS as seen in AIX.
8157 Add sanity checks for setenv/unsetenv
8161 Include bsm_audit.h in the tarball
8164 * Makefile.in, version.h:
8165 bump version for sudo 1.7.1
8168 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
8169 env.c, ldap.c, sudo.h:
8170 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
8171 provide our own setenv/unsetenv/putenv that operates on own env
8172 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
8175 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
8178 Make "sudoedit -h" work as expected
8182 Make sure def_prompt is always defined. This is a workaround for
8183 pam configs that prompt for a password in the session but don't have
8184 an auth line. A better fix is to expand the sudo prompt earlier and
8185 set def_prompt to that when initializing.
8189 Mention that the helper for -A may be graphical.
8193 Document what happens if there is no tty.
8205 Fix "sudo -k" with no other args
8208 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
8210 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
8211 Allow the -k flag to be specified in conjunction with a command or
8212 another option that may require authentication.
8215 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
8217 * configure, configure.in:
8218 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
8222 Parallel make fix. From Diego E. 'Flameeyes'
8225 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
8227 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8228 Implement umask_override
8235 * sudoers.pod, toke.l, visudo.c:
8236 Implement %h escape in sudoers include filenames.
8240 Need to include compat.h
8243 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
8244 Make audit_success and audit_failure generic functions in
8245 preparation for integrating linux audit support.
8249 remove duplicate include
8252 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
8259 May need to update the runas user after parsing command-based
8263 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
8266 Add missing pair of braces introduced with character class support.
8269 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
8271 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
8272 Rename pwstars to pwfeedback
8275 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
8277 * bsm_audit.c, bsm_audit.h:
8278 Add const to make MacOS happy.
8281 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
8282 configure.in, sudo.c:
8283 Add bsm audit support from Christian S.J. Peron
8287 This is new code, no DARPA notice.
8290 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
8292 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8293 Rename simple_glob -> fast_glob
8300 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8301 Add simple_glob option to use fnmatch() instead of glob(). This is
8302 useful when you need to specify patterns that reference network file
8314 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
8317 Delete any pwstars we wrote after the user hits return. That way
8318 there is no record on screen as to the user's password length.
8321 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
8324 Move terminal setting bits from tgetpass.c to term.c
8327 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
8329 Add pwstars sudoers option that causes sudo to print a star every
8330 time the user presses a key.
8333 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
8336 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
8339 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
8342 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
8343 indicate no limit. From Mark Janssen.
8346 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
8349 Comments that begin with #- should not be parsed as uids.
8352 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
8355 Do not try to set the close on exec flag if we didn't actually open
8359 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
8363 [e11f0e4c1bdd] [SUDO_1_7_0]
8365 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
8371 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
8374 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
8378 * configure, configure.in:
8379 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
8380 as it cannot generate shared objects.
8383 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
8384 K&R compilation fixes
8388 Use tq_foreach_fwd when checking pseudo-commands to make it clear
8389 that we are not short-circuiting on last match. When pwcheck is
8390 'all', initialize nopass to TRUE and override it with the first non-
8394 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
8397 Do not short circuit pseudo commands when we get a match since,
8398 depending on the settings, we may need to examine all commands for
8402 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
8404 * sudoers.cat, sudoers.man.in:
8409 hostnames may also contain wildcards
8413 remove stamp-* files and linux core files in clean target
8416 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
8418 * auth/sudo_auth.h, config.h.in, configure, configure.in:
8419 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
8422 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
8424 * configure, configure.in:
8425 correctly enable SIA on Digital UNIX
8436 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
8438 * check.c, sudo.h, tgetpass.c:
8439 Even if neither stdin nor stdout are ttys we may still have /dev/tty
8443 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
8445 * sudoers.cat, sudoers.man.in:
8450 fix typos; Markus Lude
8462 Fix matching of a line that only consists of a comment char
8465 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
8468 MacOS pam will retry conversation function if it fails so just treat
8469 ^C as an empty password.
8473 When checking for alias use, also check defaults bindings.
8481 Replace my rbdelete with Emin's version (which actually works ;-)
8484 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
8491 malloc options in devel mode for visudo too
8494 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
8497 fix compilation on non-C99; from Theo
8505 when destroying an alias, free the correct data pointer
8509 add proto for aixauth_cleanup; from Dale King
8512 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
8514 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8519 * sudo.pod, sudoers.pod, visudo.pod:
8520 standardize on the term 'option' for command line options (not flag)
8523 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
8526 Add note on configuring HP-UX pam
8529 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
8532 Move tty checks into check_user() so we only do them if we actually
8537 Don't error out if no tty or askpass unless we actually need to
8541 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
8547 * pathnames.h.in, sudo.c:
8548 s/overriden/overridden/; from Tobias Stoeckmann
8551 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
8553 * WHATSNEW, visudo.c:
8554 check sudoers owner and mode in strict mode
8561 * sudo.man.in, sudoers.man.in, visudo.man.in:
8562 Update copyright years.
8565 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
8566 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
8567 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
8568 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
8569 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
8570 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
8571 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
8572 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
8573 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
8574 visudo.pod, zero_bytes.c:
8575 Update copyright years.
8578 * emul/charclass.h, fnmatch.c, glob.c:
8582 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
8585 The loop in fill_cmnd() was going one byte too far past the end,
8586 resulting in a NUL being written immediately after the buffer end.
8589 * UPGRADE, WHATSNEW:
8590 add sections on tgetpass changes
8594 Treat EOF w/o newline as an error.
8597 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
8600 Fix "sudo -v" when NOPASSWD is set.
8603 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
8605 No longer treat an empty password at the prompt as special. To quit
8606 out of sudo you now need to hit ^C at the password prompt.
8609 * sudoers.cat, sudoers.man.in:
8613 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8614 Sudo will now refuse to run if no tty is present unless the new
8615 visiblepw sudoers flag is set.
8618 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
8621 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
8626 fix fallback value for RLIM_SAVED_MAX
8629 * auth/aix_auth.c, auth/sudo_auth.h:
8630 Move clearing of AUTHSTATE into aixauth_cleanup.
8633 * auth/aix_auth.c, env.c:
8634 Unset AUTHSTATE after calling authenticate() as it may not be
8635 correct for the user we are running the command as.
8639 Add isblank() function for systems without it. Needed for POSIX
8640 character class matching in fnmatch.c and glob.c.
8643 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
8646 expound on sudo and cd
8649 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
8655 * sudoers.cat, sudoers.man.in:
8660 mention defauts parse order
8663 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
8665 * Makefile.in, aclocal.m4, compat.h, configure:
8666 Add isblank() function for systems without it. Needed for POSIX
8667 character class matching in fnmatch.c and glob.c.
8671 add emul/charclass.h to HDRS
8674 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
8680 * defaults.c, parse.c, testsudoers.c, visudo.c:
8681 Move update_defaults into defaults.c and call it properly from
8682 visudo and testsudoers.
8685 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
8687 use zero_bytes() instead of memset() for consistency
8690 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
8692 Zero out sigaction_t before use in case it has non-standard entries.
8700 Short circuit glob() checks if basename(pattern) !=
8701 basename(command). Refactor code that checks for a command in a
8702 directory and use it in the glob case if the resolved pattern ends
8706 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
8708 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
8709 Defer setting runas defaults until after runaspw/gr is setup.
8712 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
8714 * match.c, sudo.c, testsudoers.c:
8715 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
8716 systems do not include space for the NUL in the size. Also manually
8717 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
8721 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
8723 * sudo.c, sudoers.pod:
8724 When setting the umask, use the union of the user's umask and the
8725 default value set in sudoers so that we never lower the user's umask
8726 when running a command.
8730 Don't try to read from a zero-length sudoers file. Remove the bogus
8731 Solaris work-around for EAGAIN. Since we now use fgetc() it should
8735 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
8738 In update_defaults() check the return value of user*_matches against
8739 ALLOW so we don't inadvertantly match on UNSPEC.
8742 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
8744 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8745 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8746 regen man pages; no more hyphenation
8750 Don't error out on a zero-length sudoers file. With the advent of
8751 #include the user could create a situation where sudo is unusable.
8754 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
8756 * auth/kerb5.c, config.h.in, configure, configure.in:
8757 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
8758 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
8759 all. Add configure tests to handle all the cases.
8762 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
8769 document sudoers_locale
8772 * sudo.pod, sudo_edit.c:
8773 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
8778 In fill_cmnd(), collapse any escaped sudo-specific characters.
8779 Allows character classes to be used in pathnames.
8782 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
8785 fix typo in non-C89 function declaration
8789 Mention POSIX characters classes now that out fnmatch() and glob()
8793 * sample.sudoers, sudoers.pod:
8794 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
8799 use __signed char if we are going to assign a negative value since
8800 on Power, char is unsigned by default
8803 * config.h.in, configure, configure.in:
8804 Add tests for __signed char and signed char.
8808 Fix AIX limit setting. getuserattr() returns values in disk blocks
8809 rather than bytes. The default hard stack size in newer AIX is
8810 RLIM_SAVED_MAX. From Dale King.
8813 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
8815 * emul/charclass.h, fnmatch.c, glob.c:
8816 Add character class support to included glob(3) and fnmatch(3).
8819 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
8822 Remove UCB advertising clause and some compatibility defines.
8825 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
8828 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
8829 or sudo. This allows one to set EDITOR to sudoedit without getting
8830 into an infinite loop of sudoedit running itself until the path gets
8834 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
8835 Add sudoers_locale Defaults option to override the default sudoers
8839 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
8842 Set locale to system default except for during sudoers parse.
8845 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
8848 Redo change in 1.34 to use pointer arithmetic.
8851 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
8854 Fix a dereference (read) of a freed pointer. Reported by Patrick
8858 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
8861 Set locale to "C" to avoid interpretation issues with character
8862 ranges in sudoers. May want to make the locale a sudoers option in
8866 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
8869 we no longer use setproctitle
8876 * LICENSE, mkstemp.c:
8877 Use my replacement mkstemp() from the mktemp package.
8880 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
8883 regen with yacc skeleton bug fixed
8887 Remove duplicate "as root". From Martin Toft.
8890 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
8892 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
8893 Flesh out the fake passwd entry used for running commands as a uid
8894 not listed in the passwd database. Fixes an issue with some PAM
8898 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
8901 Error out in -i mode if the user has no shell. This can happen when
8902 running commands as a uid with no password entry.
8905 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
8908 Better fix for line continuation inside double quotes. Now accepts
8909 whitespace between the backslash and the newline like the main
8913 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
8916 Fix line continuation in strings. It was only being honored if
8917 preceded by whitespace.
8920 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
8922 * config.h.in, configure, configure.in, logging.c:
8923 Replace the double fork with a fork + daemonize.
8926 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
8929 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
8932 * logging.c, sudo.c, sudo_edit.c, visudo.c:
8933 Change how the mailer is waited for. Instead of having a SIGCHLD
8934 handler, use the double fork trick to orphan the child that opens
8935 the pipe to sendmail. Fixes a problem running su on some Linux
8939 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
8941 * configure, configure.in:
8942 Fix configure test for dirfd() on Linux where DIR is opaque.
8945 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
8948 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
8949 this problem we'll need to revisit this again.
8952 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
8955 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
8956 we only block the signal it may be delivered later when we unblock.
8957 Also, there is no need to block SIGCHLD since we no longer do the
8958 double fork. The normal SIGCHLD handler is sufficient.
8961 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
8963 * configure, configure.in:
8964 Add description for NO_PAM_SESSION, from a redhat patch.
8967 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
8969 * sudo.cat, sudo.man.in, sudo.pod:
8970 Fix typos in -i usage
8973 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
8975 * configure, configure.in:
8976 Redo the test for dgettext() in a way that hopefully will work
8977 around the libintl_dgettext() undefined problem.
8980 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
8982 * schema.ActiveDirectory:
8983 change filename in comment
8986 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
8988 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
8990 Reference schema.ActiveDirectory
8993 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
8995 * schema.OpenLDAP, schema.iPlanet:
8996 Mark sudoRunAs as deprecated.
8999 * schema.ActiveDirectory:
9000 add sudoRunAsUser and sudoRunAsGroup
9003 * schema.ActiveDirectory:
9004 Active Directory schema by Chantal Paradis and Eric Paquet
9007 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
9010 remove an XXX that was fixed
9018 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
9019 fixes a problem where the tag value printed was influenced by
9020 defaults set in the first pass through the parser.
9023 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
9025 * Makefile.in, sudo.psf:
9026 No point in packaging the TODO file
9033 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
9035 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
9036 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
9037 Add env_file Defaults option that is similar to /etc/environment on
9041 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
9043 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
9044 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
9045 version.h, visudo.cat, visudo.man.in:
9046 change version to 1.7.0
9050 initial valgrind pass done
9053 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
9056 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
9059 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
9062 define LDAPS_PORT if the system headers do not
9065 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
9068 Fix another memory leak in init_parser().
9071 * configure, configure.in:
9072 There was a missing space before the ldap libs in SUDO_LIBS for some
9076 * alias.c, gram.c, gram.y, toke.c, toke.l:
9077 Clean up some memory leaks pointed out by valgrind.
9080 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
9083 fix "sudo -s" broken by mode/flags breakout
9086 * configure, configure.in:
9087 remove duplicate check for dgettext
9090 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9093 Fall back to default stanza if no user-specific limit is found.
9096 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
9099 include stdint.h if present
9103 Use LLONG_MAX, not the old QUAD_MAX
9106 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
9112 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
9118 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
9124 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
9135 Split MODE_* defines into primary and flags.
9138 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
9141 It turns out the logic for getting AIX limits is more convoluted
9142 than I realized and differs depending on whether the soft and/or
9143 hard limits are defined.
9146 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
9148 * Makefile.in, configure, configure.in:
9149 Back out AIX-specific change to set the sudo_noexec path to the .a
9150 file, we do really want to use the .so file. Since libtool doesn't
9151 do that correctly, just install the .so file ourselves in the
9156 If the file given to install is a path, only use the basename of the
9157 file when building the destination path.
9160 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
9163 parse_args() cleanup: Sort command line options in the getopt()
9164 switch The -U option requires a parameter Normalize a few ISSET
9165 calls Split mode into mode and flags and retire the now-obsolete
9169 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
9171 Add -n (non-interactive) flag.
9175 Move version printing, etc. into a separate function.
9179 Don't try to cleanup nsswitch if it has not been initialized.
9182 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
9185 Block SIGPIPE in send_mail() so sudo is not killed by a problem
9186 executing the mailer.
9189 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
9191 * configure, configure.in:
9192 AIX shared libs end in .a, not .so.
9195 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
9198 Preserve HOME by default too. Matches documentation and previous
9202 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
9205 Use getopt() to parse the command line. We need to be able to
9206 intersperse env variables and options yet still honor "--"" which
9207 complicates things slightly.
9210 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
9216 * acsite.m4, configure, ltmain.sh:
9217 update to libtool-1.5.26
9220 * config.guess, config.sub:
9221 update from libtool-1.5.26 distribution
9225 attempt to fix compilation errors on AIX
9229 fix typo in last commit
9233 Add WHATSNEW file to the distribution
9237 use warningx instead of fprintf(stderr, ...)
9241 add DEBUG to list2tq
9252 * Makefile.in, aix.c, config.h.in, configure, configure.in,
9253 set_perms.c, sudo.h:
9254 Add aix_setlimits() to set resource limits on AIX using a
9255 combination of getuserattr() and setrlimit(). Currently untested.
9258 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
9260 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
9261 sudoers.man.in, sudoers.pod:
9262 Add mailfrom Defaults option that sets the value of the From: field
9263 in the warning/error mail. If unset the login name of the invoking
9268 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
9272 When adding a default, only call list2tq() once to do the list to tq
9273 conversion. It is not legal to call list2tq multiple times on the
9274 same list since list2tq consumes and modifies the list argument.
9277 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9278 comment out XXXs for now
9285 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
9288 Error out if both -A and -S are specified Error out if -A is
9289 specified but no askpass is configured
9292 * configure, configure.in:
9293 we are not going to ship a sudo-specific askpass
9296 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
9299 fix definition of TGP_ASKPASS
9302 * def_data.c, def_data.in:
9303 make askpass boolean-capable
9307 document --with-askpass
9310 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9311 sudoers.man.in, visudo.cat:
9315 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
9317 * sudo.pod, sudo_usage.h.in, sudoers.pod:
9318 document -A and askpass
9321 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
9322 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
9323 sudo_usage.h.in, tgetpass.c:
9324 Add support for running a helper program to read the password when
9325 no tty is present (or when specified with the -A flag). TODO: docs.
9328 * def_data.c, def_data.in:
9329 add missing printf format to SELinux role and type strings
9332 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
9334 * INSTALL, configure, configure.in:
9335 Disable use of gss_krb5_ccache_name() by default and add
9336 --enable-gss-krb5-ccache-name configure option to enable it. It
9337 seems that gss_krb5_ccache_name() doesn't work properly with some
9338 combinations of Heimdal and OpenLDAP.
9341 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
9344 Ignore setexeccon() failing in permissive mode. Also add a call to
9345 setkeycreatecon() (though this is probably insufficient). From Dan
9350 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
9351 function may be called for non-password reading purposes so we must
9352 be careful not to use def_prompt in cases where it may not be set.
9355 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
9358 Don't free the new tty context, we need to keep it around when we
9359 restore the tty context after the command completes
9362 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
9368 * sudo.man.pl, sudo.pod:
9369 Only put login_cap(3) in SEE ALSO section if we have login.conf
9373 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
9375 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9376 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9381 Substitute in comment characters for lines partaining to login.conf,
9382 BSD auth and SELinux and only enable them if pertinent.
9386 Substitute in comment characters for lines partaining to login.conf,
9387 BSD auth and SELinux and only enable them if pertinent.
9391 Substitute in comment characters for lines partaining to login.conf,
9392 BSD auth and SELinux and only enable them if pertinent.
9396 Substitute in comment characters for lines partaining to login.conf,
9397 BSD auth and SELinux and only enable them if pertinent.
9400 * Makefile.in, configure, configure.in:
9401 Substitute in comment characters for lines partaining to login.conf,
9402 BSD auth and SELinux and only enable them if pertinent.
9405 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
9406 Remove the =cut on the first line (above the copyright notice) to
9407 quiet pod2man. Also remove the hackery in the FILES section and
9408 just deal with the fact that there will a newline between each
9412 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
9415 run sudo.man.pl when generating sudo.man.in
9418 * configure, configure.in, sudo.man.pl:
9419 comment out SELinux manual bits unless --with-selinux was specified
9423 document role and type defaults for SELinux
9426 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
9427 Document "sudo -ll" and make "sudo -l -l" be equivalent.
9430 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
9432 * configure, configure.in:
9433 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
9434 Debian GNU/kFreeBSD.
9437 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9440 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
9444 * logging.c, logging.h, sudo.c:
9445 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
9446 log_auth() into log_allowed() and log_denial() Replace mail_auth()
9447 with should_mail() and a call to send_mail()
9450 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
9453 Add debugging so we can tell if the krb5 ccache is accessible
9457 mention --with-selinux
9460 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
9470 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
9471 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
9472 testsudoers.c, toke.c, toke.l:
9473 Add support for SELinux RBAC. Sudoers entries may specify a role
9474 and type. There are also role and type defaults that may be used.
9475 To make sure a transition occurs, when using RBAC commands are
9476 executed via the new sesh binary. Based on initial changes from Dan
9481 Add support for SELinux RBAC. Sudoers entries may specify a role
9482 and type. There are also role and type defaults that may be used.
9483 To make sure a transition occurs, when using RBAC commands are
9484 executed via the new sesh binary. Based on initial changes from Dan
9488 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
9489 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
9490 pathnames.h.in, selinux.c:
9491 Add support for SELinux RBAC. Sudoers entries may specify a role
9492 and type. There are also role and type defaults that may be used.
9493 To make sure a transition occurs, when using RBAC commands are
9494 executed via the new sesh binary. Based on initial changes from Dan
9498 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9500 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
9501 Add long list (sudo -ll) support for printing verbose LDAP and
9502 sudoers file entries. Still need to update manual.
9505 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
9507 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
9508 Unify the -l output for file and ldap based sudoers and use lbufs
9509 for both. The ldap output does not currently include options that
9510 cannot be represented as tags. This will be remedied in a long list
9511 output mode to come.
9514 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
9517 Use a specific error message for errno == EAGAIN when setuid() et al
9518 fails. On Linux systems setuid() will fail with errno set to EAGAIN
9519 if changing to the new uid would result in a resource limit
9524 Unlimit nproc on Linux systems where calling the setuid() family of
9525 syscalls causes the nroc resource limit to be checked. The limits
9526 will be reset by pam_limits.so when PAM is used. In the non-PAM
9527 case the nproc limit will remain unlimited but there doesn't seem to
9528 be a way around that other than having sudo parse
9529 /etc/security/limits.conf directly.
9532 * env.c, sudo.c, sudo.pod:
9533 Only read /etc/environment on Linux and AIX
9536 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
9538 * configure, configure.in:
9539 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
9540 ldap.conf and ldap.secret paths from going into config.h. Avoid
9541 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
9542 since in some versions of bash they will end up literally in the
9546 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
9549 mention --with-nsswitch=no
9552 * configure, configure.in:
9553 ldap_ssl.h depends on ldap.h being included first
9556 * config.h.in, configure, configure.in, ldap.c:
9557 Include ldap_ssl.h if we can find it. Needed for the
9558 ldapssl_set_strength defines on HP-UX at least.
9569 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9570 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9575 Use 78n line length when formatting cat pages.
9579 Remove redundant info that is now in sudoers.ldap.pod
9582 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
9584 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9585 Reorganize the first section a bit. Substitute the proper path for
9589 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9590 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
9591 schema into EXAMPLES
9594 * configure, configure.in:
9595 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
9599 * configure, configure.in:
9600 substitute for sudoers.ldap.man
9604 Fix cut & pasto introduced when adding sudoers.ldap man page.
9607 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9608 Fill in some of the missing pieces. Still needs some reorganization
9612 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
9614 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
9616 Beginnings of a sudoers.ldap man page. Currently, much of the
9617 information is adapted from README.LDAP.
9620 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
9623 When copying gr_mem we must guarantee that the storage space for
9624 gr_mem is properly aligned. The simplest way to do this is to
9625 simply store gr_mem directly after struct group. This is not a
9626 problem for gr_passwd or gr_name as they are simple strings.
9630 Fix a typo/thinko in one of the calls to
9631 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
9634 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
9636 * config.h.in, configure, configure.in, ldap.c:
9637 include <mps/ldap_ssl.h> in ldap.c if available
9640 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
9643 Make sure we define SIZE_MAX for yacc's skeleton.c
9647 Use TCSAFLUSH when restoring terminal settings (and echo) to
9648 guarantee that any pending output is discarded
9651 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
9654 no longer need to specify SETENV when user has sudo ALL
9658 sync user_args size calculation with sudo.c Add -g group option,
9659 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
9664 Make set_runaspw static void
9667 * testsudoers.c, visudo.c:
9668 g/c set_runaspw stub
9671 * configure, configure.in:
9672 Don't add -llber twice.
9675 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
9681 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
9687 * configure, configure.in:
9688 Fix check that determines whether -llber is required.
9691 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
9692 For netscape-based LDAP, use ldapssl_set_strength() to implement the
9693 checkpeer ldap.conf option.
9697 Delay krb5_cc_initialize() until we actually need to use the cred
9698 cache, which is what krb5_verify_user() does. Better cleanup on
9702 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
9705 Rewrite verify_krb_v5_tgt() based on what heimdal's
9706 krb5_verify_user() does.
9709 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
9712 The U suffix on constants is an ANSI feature
9715 * configure, configure.in:
9716 Add check for ber_set_option() in -llber
9719 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
9722 default if no nsswitch.conf is files only
9725 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
9728 don't tell people to mail aaron about LDAP stuff
9732 timelimit and bind_timelimit
9740 Move ldap.secret reading into a separate function.
9744 user_runas -> runas_pw
9747 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
9753 * check.c, sudo.pod, sudoers.pod:
9754 Add and document the %p escape in the password prompt. Based on a
9755 patch from Patrick Schoenfeld.
9759 Check strlcpy() return values.
9763 refactor ldap binding code into sudo_ldap_bind_s()
9767 Make it clear that host and uri can take multiple parameters. URI is
9768 now supported for more than just openldap nsswitch.conf does't
9773 comment cleanup and update (c) year
9776 * parse.c, sudo_nss.c:
9777 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
9778 This should make it possible to build an LDAP-only sudo binary.
9781 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
9782 Improve chaining of multiple sudoers sources by passing in the
9783 previous return value to the next in the chain
9787 Free up parser data structures in sudo_file_close().
9791 Free up parser data structures in sudo_file_close().
9795 Parse uri ourself if no ldap_initialize() is present Use
9796 ldap_create() instead of deprecated ldap_init() Use
9797 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
9800 * config.h.in, configure, configure.in:
9801 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
9805 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
9807 * config.h.in, configure, configure.in:
9808 add check for ldap_create
9811 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
9813 * config.h.in, configure, configure.in, ldap.c:
9814 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
9815 dn using the mechanism appropriate for the LDAP SDK in use. Use
9816 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
9817 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
9824 * config.h.in, configure.in:
9825 fix typo in mtim_getnsec
9828 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
9830 * config.h.in, configure, configure.in:
9831 add check for st__tim in struct stat as used by SCO
9835 use ldap_search_ext_s instead of deprecated ldap_search_s
9838 * Makefile.in, TODO, sudo.cat, sudo.man.in:
9839 add sudo_nss.h to HDRS
9843 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
9847 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
9850 Use ldap_get_values_len()/ldap_value_free_len() instead of the
9851 deprecated ldap_get_values()/ldap_value_free().
9862 * gettime.c, sudo.c:
9863 Remove some already fixed XXXs
9867 Same return value as non-existent sudoers if LDAP was unable to
9872 mention /etc/environment
9875 * README.LDAP, UPGRADE, WHATSNEW:
9876 Update to reflect recent developments.
9880 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
9884 When building up a query don't list groups in the aux group vector
9885 that are the same as the passwd file group. On most systems the
9886 first gid in the group vector is the same as the passwd entry gid.
9890 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
9891 ldaprc and system defaults that could affect how LDAP works.
9894 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
9895 sudo_nss.c, sudo_nss.h:
9896 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
9897 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
9898 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
9899 file and --with-ldap-secret-file
9903 Honor def_ignore_local_sudoers
9906 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
9909 no longer need to check def_ignore_local_sudoers here
9913 Refactor group vector resetting into a function and also call it
9914 from display_cmnd. Stop after the first sucessful match in
9915 display_cmnd. Print a newline between each display_privs method.
9919 fix double free introduced in rev 1.218
9923 belt and suspenders; zero out result after freeing it
9926 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
9927 Refactor line reading into a separate function, sudo_parseln(),
9928 which removes comments, leading/trailing whitespace and newlines.
9929 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
9933 Make the inability to read the sudoers file a non-fatal error if
9934 there are other sudoers sources available. sudoers_file_lookup now
9935 returns "not OK" if sudoers was not present
9939 make it clear that the global options are from LDAP
9943 allocate proper amount of space for error string
9946 * sudo_nss.c, sudo_nss.h:
9947 actual sudo nss code
9950 * ldap.c, parse.c, sudo.c, sudo.h:
9951 nss-ify display_privs and display_cmnd.
9954 * defaults.c, parse.c, testsudoers.c, visudo.c:
9955 move update_defaults() to parse.c
9958 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
9959 Use nsswitch to hide some sudoers vs. ldap implementation details
9960 and reduce the number of #ifdef LDAP TODO: fix display routines and
9964 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
9966 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
9967 First cut at nsswitch.conf support. Further reorganizaton and
9968 related changes are forthcoming.
9971 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
9973 * env.c, pathnames.h.in, sudo.c, sudo.h:
9974 Add support for reading and /etc/environment file. Still needs to
9975 be documented and should probably only applies to OSes that have it
9976 (AIX and Linux, maybe others).
9983 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
9989 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
9996 Add an example sudoRole, clarify netscape vs. openldap a bit more
10000 Be clear on what is OpenLDAP vs. Netscape-derived
10003 * config.h.in, configure, configure.in, ldap.c:
10004 Use ldapssl_init() for ldaps support instead of trying to do it
10005 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
10006 and tls_key for cert7.db and key3.db respectively. Don't print
10007 debugging info for options that are not set. Add warning if
10008 start_tls specified when not supported.
10012 fix compilation on solaris
10016 add missing .h and .c files for missing lib objs
10019 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
10022 fix LDAP_OPT_NETWORK_TIMEOUT setting
10026 fix compilation on Solaris
10029 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
10031 * configure, configure.in:
10036 try to clear up which variables are for OpenLDAP and which are for
10037 netscape-derived SDKs
10040 * config.h.in, configure, configure.in, ldap.c:
10041 Add support for "ssl on" in both netscape and openldap flavors. Only
10042 the OpenLDAP flavor has been tested.
10045 * logging.c, sudo.c, sudo.h:
10046 Call cleanup() before exit in log_error() instead of calling
10047 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
10054 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
10056 * logging.c, sudo.c, sudo.h:
10057 Better ldap cleanup.
10061 Distinguish between LDAP conf settings that are connection-specific
10062 (which take an ld pointer) and those that are default settings
10066 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
10069 Improved warnings on error.
10073 Make ldap config table driven and set the config *after* we open the
10077 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
10080 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
10083 * configure, configure.in:
10084 some operating systems need to link with -lkrb5support when using
10088 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
10094 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
10098 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
10104 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
10105 add -g support for LDAP
10108 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
10110 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
10111 The -i and -s flags can now take an optional command.
10114 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
10116 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
10118 Add passprompt_override flag to sudoers that will cause the prompt
10119 to be overridden in all cases. This flag is also set when the user
10120 specifies the -p flag.
10124 Move setting of login class until after sudoers has been parsed. Set
10125 NewArgv[0] for -i after runas_pw has been set.
10128 * configure, configure.in:
10129 Move the dgettext check.
10132 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
10134 * auth/pam.c, config.h.in, configure, configure.in:
10135 Add basic support for looking up the string "Password: " in the PAM
10136 localized text db. This allows us to determine whether the PAM
10137 prompt is the default "Password: " one even if it has been
10140 TODO: concatenate non-std PAM prompts and user-specified sudo
10144 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
10146 * Makefile.in, config.h.in, configure, configure.in, parse.c,
10147 set_perms.c, sudo.c, sudo.h:
10148 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
10152 * acsite.m4, configure, interfaces.c, memrchr.c:
10153 Fix typos; Martynas Venckus
10156 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
10159 Don't assume runas_pw is set; it may not be in the -g case.
10162 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
10164 * logging.c, set_perms.c:
10165 Set aux group vector for PERM_RUNAS and restore group vector for
10166 PERM_ROOT if we previously changed it. Stash the runas group vector
10167 so we don't have to call initgroups more than once. Also add no-op
10168 check to check_perms.
10171 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
10173 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
10174 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
10175 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
10176 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
10177 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
10178 Add support for runas groups. This allows the user to run a command
10179 with a different effective group. If the -g option is specified
10180 without -u the command will be run as the current user (only the
10181 group will change). the -g and -u options may be used together.
10182 TODO: implement runas group for ldap improve runas group
10183 documentation add testsudoers support
10186 * configure, configure.in:
10187 fix setting of mandir
10190 * sudo.pod, sudoers.pod:
10191 document that ALL implies SETENV
10195 s/setenv_ok/setenv_implied/g
10199 hostname_matches() returns TRUE on match in sudo 1.7.
10203 use strcmp, not strcasecmp when comparing ALL
10207 Make sudo ALL imply setenv. Note that unlike with file-based
10208 sudoers this does affect all the commands in the sudoRole.
10211 * gram.c, gram.y, parse.c, parse.h:
10212 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
10213 it is not passed on to other commands in the list.
10217 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
10218 sudo_getpwuid() instead of getpwuid().
10221 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
10224 Expand on the dangers of not using visudo to edit sudoers.
10227 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
10230 Don't quote *?[]! on output since the lexer does not strip off the
10231 backslash when reading those in.
10234 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
10237 expand "u_foo" types to "unsigned foo" to avoid compatibility
10241 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
10244 Refactor log line generation in to new_logline().
10247 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
10253 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
10255 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
10257 Add configure check for struct in6_addr instead of relying on
10258 AF_INET6 since some systems define AF_INET6 but do not include IPv6
10262 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
10264 * configure, configure.in:
10265 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
10269 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
10271 * configure, configure.in:
10272 POSIX states that struct timespec be declared in time.h so check
10273 there regardless of the value of TIME_WITH_SYS_TIME.
10276 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
10279 Instead of defining a macro to call the appropriate method for
10280 turning on/off echo, just define tc[gs]etattr() and the related
10281 defines that use the correct terminal ioctls if needed. Also go back
10282 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
10285 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
10295 * INSTALL, auth/pam.c, config.h.in, configure.in:
10296 Add --disable-pam-session configure option to disable calling
10297 pam_{open,close}_session. May work around bugs in some PAM
10301 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
10308 Avoid printing the prompt if we are already backgrounded. E.g. if
10309 the user runs "sudo foo &" from the shell. In this case, the call
10310 to tcsetattr() will cause SIGTTOU to be delivered.
10313 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
10315 * def_data.c, def_data.h, def_data.in:
10316 Reorder things such that the definition of env_reset come right
10317 before the env variable lists.
10321 Shrink type and seqno in struct alias from int to u_short
10324 * alias.c, match.c, parse.c, parse.h:
10325 Add a sequence number in the aliases for loop detection. If we find
10326 an alias with the seqno already set to the current (global) value we
10327 know we've visited it before so ignore it.
10330 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10332 * TODO, auth/pam.c, sudo.c, sudo.h:
10333 PAM wants the full tty path so add user_ttypath which holds the full
10334 path to the tty or is NULL if no tty was present.
10338 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
10342 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
10348 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
10349 parse.h, testsudoers.c, visudo.c:
10353 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
10356 remove some useless casts
10360 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
10361 predates the final C99 spec and the standard specifies that it shall
10362 include stdint.h anyway
10365 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10367 * Makefile.in, alloca.c, configure.in:
10368 Since we ship with a pre-generated parser there is no need to ship a
10369 bogus alloca implementation.
10377 remove initial setting of CHECKSIA, we require that it be unset if
10390 only do SIA checks on Digital Unix
10393 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
10395 * sudoers.cat, sudoers.man.in:
10404 Remove call to krb5_cc_register() as it is not needed for modern
10412 * aclocal.m4, configure.in:
10413 New method for setting the default authentication type and avoiding
10414 conflicts in auth types.
10417 * match.c, parse.c, testsudoers.c:
10418 Each entry in a cmndlist now has an associated runaslist so no need
10419 to keep track of the most recent non-NULL one.
10422 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
10425 back out partial ldaps support mistakenly committed
10429 Add support for unix groups and netgroups in sudoRunas
10432 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
10435 Fix sudoedit of a non-existent file. From Tilo Stritzky.
10438 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
10445 update --passprompt escape info
10449 remove now-bogus comment and update copyright date
10453 Fix up use of with_passwd
10456 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
10457 Update to autoconf-2.61 andf libtool-1.5.24
10461 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
10464 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
10471 move tags and runaslist propagation to be earlier
10475 If -f flag given use the permissions of the original file as a
10480 prevent a double free() when re-initing the parser
10483 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
10489 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
10490 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
10491 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
10492 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
10493 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
10494 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
10495 Remove support for compilers that don't support void *
10502 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
10503 parse.c, parse.h, testsudoers.c, visudo.c:
10504 Move list manipulation macros to list.h and create C versions of the
10505 more complex ones in list.c. The names have been down-cased so they
10506 appear more like normal functions.
10510 Fix cmp command when regenerating parser. Make gram.o the first
10511 dependency for all programs so gram.h will be generated before
10512 anything that needs it.
10516 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
10519 * match.c, parse.c, testsudoers.c:
10520 Use LH_FOREACH_REV when checking permission and short-circuit on the
10521 first non-UNSPEC hit we get for the command. This means that
10522 instead of cycling through the all the parsed sudoers entries we
10523 start at the end and work backwards and quit after the first
10524 positive or negative match.
10531 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
10532 Change list head macros to take a pointer, not a struct.
10540 Propagate the runasspec from one command to the next in a cmndspec.
10543 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
10546 Replace has_meta() with a macro that calls strpbrk().
10552 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
10553 testsudoers.c, visudo.c:
10554 Use a list head struct when storing the semi-circular lists and
10555 convert to tail queues in the process. This will allow us to
10556 reverse foreach loops more easily and it makes it clearer which
10557 functions expect a list as opposed to a single member.
10559 Add macros for manipulating lists. Some of these should become
10562 When freeing up a list, just pop off the last item in the queue
10563 instead of going from head to tail. This is simpler since we don't
10564 have to stash a pointer to the next member, we always just use the
10565 last one in the queue until the queue is empty.
10567 Rename match functions that take a list to have list in the name.
10568 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
10572 Fix pasto, append "!" not negated (which is an int) for sudo -l
10577 Remove the dependency of gram .h on gram.y, the .c dependency is
10578 enough. Only move y.tab.h to gram.h if it is different; avoids
10579 needless rebuilding.
10582 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
10585 Defaults lines may be associated with lists of users, hosts,
10586 commands and runas users, not just single entries.
10589 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
10592 Revert the "cmp" portion of the last diff, it doesn't make sense.
10596 Remove *.lo for clean: When generating the parser, only move the
10597 generated files into place if they differ from the existing ones.
10600 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
10603 Replace IPV6 regexp with a much simpler (readable) one and add an
10604 extra check when it matches to make sure we have a valid address.
10608 Fix thinko introduced when merging IPV6 support.
10611 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
10613 * HISTORY, LICENSE:
10622 mention #uid vs. comment pitfall
10626 Merge in a patch from the libtool cvs that fixes a problem with the
10627 latest autoconf. From Stepan Kasal.
10631 Back out he XOR swap trick, it is slower than a temp variable on
10640 Convert the tail queue to a semi-circle queue and use the XOR swap
10641 trick to swap the prev pointers during append.
10644 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
10647 remove useless statement
10651 Refactor #include parsing into a separate function and return
10652 unparsed chars (such as newline or comment) back to the lexer.
10655 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
10658 mention better uid support
10662 Users may now consist of a uid.
10665 * gram.c, gram.h, toke.c:
10670 Use lbuf_append_quoted() for sudo -l output to quote characters that
10671 would require quoting in sudoers.
10675 Add lbuf_append_quoted() which takes a set of characters which
10676 should be quoted with a backslash when displayed.
10680 Require that the first character after a comment not be a digit or a
10681 dash. This allows us to remove the GOTRUNAS state and treat
10682 uid/gids similar to other words. It also means that we can now
10683 specify uids in User_Lists and a User_Spec may now contain a uid.
10687 Replace RUNAS token with '(' and ')' tokens to make the runas
10688 portion of the grammar more natural.
10692 The BUGS file is history
10695 * Makefile.in, README:
10696 The BUGS file is history
10699 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
10702 Allow comments after a RunasAlias as long as the character after the
10703 pound sign isn't a digit or a dash.
10707 Glob support was back-ported to 1.6.9
10710 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
10713 remove sudo_usage.h in distclean
10717 If a Defaults value contains a blank, double-quote the string.
10721 Properly deal with Defaults double-quoted strings that span multiple
10722 lines using the line continuation char. Previously, the entire
10723 thing, including the continuation char, newline, and spaces was
10728 Be consistent when using single quotes and backticks.
10731 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
10733 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
10734 sudo.c, sudo_usage.h.in:
10735 Add new linebuf code to do appends of dynamically allocated strings
10736 and word-wrapped output. Currently used for sudo's usage() and sudo
10737 -l output. Sudo usage strings are now in sudo_usage.h which is
10738 generated at configure time.
10741 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
10743 * parse.c, sudo.c, sudo.h:
10744 Fix line wrapping in usage() and use the actual tty width instead of
10748 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
10755 Mentioned Chris Jepeway's parser and also the new one that is in
10759 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
10761 * sudo.pod, visudo.pod:
10762 For the options list, add flag args where appropriate and increase
10763 the indent level so there is room for them.
10766 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
10769 Fix some spacing in "sudo -l" and add a comment about some bogosity
10770 in the line wrapping.
10773 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
10778 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
10779 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
10780 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
10781 testsudoers.c, toke.c, toke.l:
10782 Remove monitor support until there is a versino of systrace that
10783 uses a lookaside buffer (or we have a better mechanism to use).
10786 * config.h.in, configure, configure.in, sudo.c:
10787 use getaddrinfo() instead of gethostbyname() if it is available
10790 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
10793 Deal with OSes where sizeof(gid_t) < sizeof(int).
10797 repair non-getifaddrs() code after ipv6 integration
10801 If we can open sudoers but fail to read the first byte, close the
10802 file stream before trying again.
10805 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
10811 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
10812 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
10815 * sudo.pod, sudoers.pod, visudo.pod:
10816 Add some missing markup Update copyright
10819 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
10821 * configure, configure.in:
10822 fix sudo_noexec extension which got broken in the libtool update
10825 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
10828 explicitly specify -Tascii to nroff
10831 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
10834 remove an ANSI-ism that crept in
10837 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
10840 Adjust list indents Prevent -- from being turned into an em dash Use
10841 a list for the environment instead of a literal paragraph
10845 Use a list for the environment instead of an indented literal
10850 Adjust list indentation
10857 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
10860 mention that when specifying a uid for the -u option the shell may
10861 require that the # be escaped
10864 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
10867 Fix off by one in group matching.
10870 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
10873 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
10876 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
10878 * configure, configure.in:
10879 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
10880 -lgssapi_krb5 case.
10883 * aclocal.m4, configure, configure.in:
10884 Fix link tests such that new gcc doesn't optimize away the test.
10887 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
10889 * sudo.pod, sudoers.pod, visudo.pod:
10890 add missing over/back
10893 * sudo.pod, sudoers.pod, visudo.pod:
10894 Change FILES section to use =item
10898 Add back allocation of the env struct in rebuild_env but save a copy
10899 of the old pointer and free it before returning.
10903 Don't init the private environment in rebuild_env() since it may
10904 have already been done implicitly sudo_setenv/sudo_unsetenv.
10906 Multiply length by sizeof(char *) in memcpy/memmove when copying the
10907 environment so we copy the full thing.
10909 Add missing set of parens so we deref the right pointer in
10910 sudo_unsetenv when searching for a matching variable.
10913 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
10915 * sudo.pod, sudoers.pod, visudo.pod:
10916 Use file markup for paths in the FILES section
10919 * sudo.pod, sudoers.pod, visudo.pod:
10920 Don't capitalize sudo/visudo
10924 Sort sudoers options; based on a diff from Igor Sobrado.
10927 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
10929 * sudo.pod, sudoers.pod, visudo.pod:
10930 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
10931 latter confuses pod2man. The Makefile rules for the .man.in file
10932 will add @mansectsu@ and @mansectform@ back in after pod2man is done
10936 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
10938 * LICENSE, Makefile.in, license.pod:
10939 Move license info to pod format
10942 * configure, configure.in, sudoers.pod:
10943 Substitute value of path_info into sudoers man page.
10947 remove features that were back-ported to 1.6.9
10950 * sudo.c, sudo.pod, visudo.c, visudo.pod:
10951 Sort SYNOPSIS and sync usage. From Igor Sobrado.
10955 Only need sudo_setenv/sudo_unsetenv if we are going to use
10956 ldap_sasl_interactive_bind_s() but don't have
10957 gss_krb5_ccache_name().
10961 rebuild without branch info
10965 Add ChangeLog target
10969 Run cleanup code if the user hits ^C at the password prompt.
10973 Some versions of pam_lastlog have a bug that will cause a crash if
10974 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
10978 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
10981 ChageLog not Changelog
10989 CHANGE -> Changelog
10996 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
10998 * config.h.in, configure, configure.in, ldap.c:
10999 Add configure hooks for gss_krb5_ccache_name() and the gssapi
11003 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
11006 rebuild_env() and insert_env_vars() no longer return environment
11007 pointer, they set environ directly.
11009 No longer need to pass around an envp pointer since we just operate
11012 Add dosync argument to insert_env() that indicates whether it should
11013 reset environ when realloc()ing env.envp.
11015 Use an initial size of 128 for the environment.
11019 Split sudo_setenv() into an external version and a version only for
11020 use by rebuild_env().
11023 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
11026 Add support for using gss_krb5_ccache_name() instead of setting
11027 KRB5CCNAME. Also use sudo_unsetenv() in the non-
11028 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
11029 original environment. TODO: configure setup for
11030 gss_krb5_ccache_name()
11037 * README.LDAP, ldap.c:
11038 Add support for sasl_secprops in ldap.conf
11042 Add sudo_unsetenv() and refactor private env syncing code into
11046 * README.LDAP, ldap.c:
11047 The ldap.conf variable is sasl_auth_id not sasl_authid.
11050 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
11052 * ldap.c, sudo.c, sudo.h:
11053 Add support for krb5_ccname in ldap.conf. If specified, it will
11054 override the default value of KRB5CCNAME in the environment for the
11055 duration of the call to ldap_sasl_interactive_bind_s().
11059 Remove format_env() Add sudo_setenv() to replace most format_env() +
11060 insert_env() combinations. insert_env() no longer takes a struct
11065 Fix use_sasl vs. rootuse_sasl logic.
11068 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
11069 Add support for SASL auth when connecting to an LDAP server. Adapted
11070 from a diff by Tom McLaughlin.
11073 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
11075 * configure, configure.in:
11076 Only enable AIX or BSD auth if no other exclusive auth method has
11077 been chosen. Allows people to e.g., use PAM on AIX without adding
11078 --without-aixauth. A better solution is needed to deal with default
11079 authentication since if a non-exclusive method is chosen we will
11080 still get an error.
11083 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
11085 * HISTORY, Makefile.in, history.pod:
11086 Generate HISTORY from history.pod (which is also used for web pages)
11089 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
11091 * sudo.man.in, sudoers.man.in:
11096 Better explanation of environment handling in the sudo man page.
11100 Defer setting user-specified env vars until after authentication.
11104 honor def_default_path for PATH set on the command line
11107 * env.c, sudo.c, sudo.pod, sudoers.pod:
11108 Allow user to set environment variables on the command line as long
11109 as they are allowed by env_keep and env_check. Ie: apply the same
11110 restrictions as normal environment variables. TODO: deal with
11114 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
11116 * sudo.c, sudo_edit.c:
11117 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
11118 Don't allow -E or env var setting in sudoedit mode. More accurate
11119 usage() when called as sudoedit.
11127 add -c option to sudoedit synopsis
11135 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
11136 value from {user,host,runas,cmnd}_matches(). Rename *matches
11137 variables -> *match. Purely cosmetic.
11141 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
11149 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
11152 Make pwcheck local to the pwflag block. Use pwcheck even if user
11153 didn't match since Defaults options may still apply.
11157 Do not update timestamp if user not validated by sudoers.
11161 for PERM_RUNAS, set the egid to the runas user's gid and restore to
11162 the user's original in PERM_ROOT
11165 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
11166 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
11171 don't check timestamp mtime if we are just going to remove it
11175 Move sudoers defaults parameters into their own section.
11179 Reduce a level of indent by a few placed continue statements.
11183 Make matching but negated commands/hosts/runas entries override a
11184 previous match as expected. Also reduce some levels of indent by a
11185 few placed continue statements.
11188 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
11191 Print default runas in "sudo -l" if sudoers don't specify one.
11195 Less hacky way of testing whether the domain was set.
11198 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
11201 Mention pam-devel and openldap-devel for Linux
11204 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
11210 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
11213 fix typo in Solaris project support
11221 Make -- on the command line match the manual page. The implied shell
11222 case has been simplified as a result.
11225 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
11228 add simplistic support for sudoRunas; note that if a sudoers entry
11229 contains multiple Runas users, all will apply to the sudoRole
11233 honor SETENV and NOSETENV tags
11236 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
11239 Redo setting of user_args. We now build up a private copy of argv
11240 first and then replace the NULs?with spaces.
11244 getcwd() returns NULL on failure, not 0 on success
11248 allow chunksiz to reach 1 before erroring out
11251 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11256 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
11258 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
11259 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
11261 Add support for setting environment variables on the command line.
11262 This is only allowed if the setenv sudoers options is enabled or if
11263 the command is prefixed with the SETENV tag.
11267 replace Aaron's email address with the sudo-workers list
11274 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
11276 * schema.OpenLDAP, schema.iPlanet:
11277 Break schema out into separate files.
11280 * Makefile.in, README.LDAP:
11281 Break schema out into separate files.
11284 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
11287 free message if set by authenticate()
11291 deal with NULL gr_mem
11294 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
11301 add template for HAVE_PROJECT_H
11308 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
11311 mention --with-project
11314 * config.h.in, configure.in, sudo.c:
11315 Add Solaris 10 "project" support. From Michael Brantley.
11327 Fix preservation of LDFLAGS in the LDAP case.
11331 Remove dependecy on NULL
11338 * aclocal.m4, configure.in:
11339 Can't use the regular autoconf fnmatch() check since we need
11340 FNM_CASEFOLD so go back to our custom one.
11344 Fix preserving of variables in env_keep.
11352 expand upon env resetting and mention that it began in 1.6.9 not
11357 Update descriptions of env_keep and env_check to match current
11361 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
11364 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
11365 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
11368 * env.c, logging.c:
11369 Treat USERNAME environemnt variable like LOGNAME/USER
11373 Don't need to populate keepenv table with the contents of the
11378 Don't force sudo into the C locale.
11382 Make env_check apply when env_reset it true. Environment variables
11383 are passed through unless they contain '/' or '%'. There is no need
11384 to have a variable in both env_check and env_keep.
11387 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
11390 Remove an duplicate lock_file() call and add a comment.
11394 Add sudo 1.6.9 upgrade note.
11397 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
11400 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
11401 small. From Klaus Wagner.
11404 * logging.c, sudo.h:
11405 Redo the long syslog line splitting based on a patch from Eygene
11406 Ryabinkin. Include memrchr() for systems without it.
11410 Redo the long syslog line splitting based on a patch from Eygene
11411 Ryabinkin. Include memrchr() for systems without it.
11414 * Makefile.in, config.h.in, configure, configure.in:
11415 Redo the long syslog line splitting based on a patch from Eygene
11416 Ryabinkin. Include memrchr() for systems without it.
11420 Since we need to be able to convert timespec to timeval for utimes()
11421 the last 3 digits in the tv_nsec are not significant. This makes the
11422 sudoedit file date comparison work again.
11425 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
11427 * aclocal.m4, configure, configure.in:
11428 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
11429 This deals with exclusive authentication methods in a simple way.
11432 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
11435 mkstemp.c is BSD code too.
11438 * sudo.pod, sudoers.pod, visudo.pod:
11439 No commercial support for now.
11442 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
11445 cleanenv() is no more.
11448 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
11451 Display branch info in Changelog
11455 Include config.h early so we have it for TIME_WITH_SYS_TIME
11459 Fix Changelog generation and update.
11462 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11465 Use /proc/self/fd instead of /proc/$$/fd
11467 Move old-style fd closing into closefrom_fallback() and call that if
11468 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
11471 * auth/kerb5.c, config.h.in, configure.in:
11472 o use krb5_verify_user() if available instead of doing it by hand o
11473 use krb5_init_secure_context() if we have it o pass an encryption
11474 type of 0 to krb5_kt_read_service_key() instead of
11475 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
11479 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
11483 Fix closefrom() substitution in the Makefile
11487 Mention alternate sudo pronunciation.
11490 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
11493 Remove KRB5_KTNAME from environment. Allow COLORTERM.
11497 If we cannot get a valid service key using the default keytab it is
11498 a fatal error. Fixes a bug where sudo could be tricked into
11499 allowing access when it should not by a fake KDC. From Thor Lancelot
11503 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
11505 * aclocal.m4, configure, configure.in:
11506 Update long long checks to use AC_CHECK_TYPES and to cache values.
11509 * aclocal.m4, configure.in:
11510 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
11511 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
11515 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
11517 * configure, configure.in:
11518 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
11519 need it for visudo now too.
11522 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
11525 Attempt to clarify the bit talking about network numbers w/o
11530 Clarify timestamp dir ownership sentence.
11533 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
11536 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
11540 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11543 -i is also one of the mutually exclusive options to list it in the
11544 warning message. Noted by Chris Pepper.
11547 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
11550 The sudoers variable is env_editor, not enveditor. From Jean-
11554 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
11557 I tracked down the original author so credit him and include his
11561 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
11563 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
11565 Fix typos; from Jason McIntyre.
11569 Restore signal mask before calling reapchild(). Fixes a possible
11570 race condition that could prevent sudo from properly waiting for the
11574 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
11577 Don't declare pw_free() if we are not going to use it.
11581 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
11582 LDR_PRELOAD64. The 64-bit version is not currently supported.
11583 Remove zero_env() prototype as it no longer exists.
11586 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
11589 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
11592 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
11595 If the user enters ^C at the password prompt, abort instead of
11596 trying to authenticate with an empty password (which causes an
11600 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11602 * closefrom.c, config.h.in, configure, configure.in:
11603 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
11608 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
11611 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
11613 * config.guess, config.sub:
11614 Update to latest versions from cvs.savannah.gnu.org
11617 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
11619 * pwutil.c, sudo_edit.c:
11620 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
11621 we can close the passwd/group files early.
11624 * config.h.in, configure, configure.in, set_perms.c:
11625 Add seteuid() flavor of set_perms() for systems without setreuid()
11626 or setresuid() that have a working seteuid(). Tested on Darwin.
11629 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
11632 systrace_read() returns ssize_t
11635 * configure, configure.in:
11636 Fix typo, -lldap vs. -ldap; from Tim Knox.
11639 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
11642 Fix typo; Matt Ackeret
11645 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
11648 Print sudoers path in -V mode for root.
11651 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
11654 Do a sub tree search instead of a base search (one level in the tree
11655 only) for sudo right objects. This allows system administrators to
11656 categorize the rights in a tree to make them easier to manage.
11659 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
11665 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
11668 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
11669 bind_timelimit support; adapted from gentoo.
11672 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
11675 Support comments that start in the middle of a line
11678 * configure, configure.in:
11679 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
11682 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
11685 Silence gcc -Wsign-compare; djm@openbsd.org
11688 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
11689 cleanup() now takes an int as an arg so it can be used as a signal
11694 Make a copy of the shell field in the passwd struct for NewArgv to
11695 avoid a use after free situation after sudo_endpwent() is called.
11698 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
11700 * config.h.in, configure, configure.in:
11701 Add mkstemp() for those poor souls without it.
11705 Add mkstemp() for those poor souls without it.
11709 Add mkstemp() for those poor souls without it.
11712 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
11715 Add PERL5DB to list of environment variables to remove.
11718 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
11720 * mon_systrace.c, mon_systrace.h:
11721 Instead of calling the check function twice with a state cookie use
11722 separate check/log functions.
11724 Check more ioctl() calls for failure.
11726 systrace_{read,write} now return the number of bytes read/written or
11731 Add more environment variables to remove; from gentoo linux Add some
11732 comments about what bad env variables go to what (more to do)
11735 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
11737 * sudo.c, sudo_edit.c:
11738 Move sudo_end{gr,pw}ent() until just before the exec since they free
11739 up our cached copy of the passwd structs, including sudo_user and
11740 sudo_runas. Fixes a use-after-free bug.
11744 Close all fd's before executing editor.
11748 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
11752 Fix fd leak when lecture file option is enabled. From Jerry Brown
11755 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
11758 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
11759 environment variables to remove. From Charles Morris
11762 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
11765 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
11768 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
11771 add PS4 and SHELLOPTS to initial_badenv_table for bash
11774 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
11777 Fix typo; Toby Peterson
11780 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
11783 Make return buffers static so they don't get clobbered
11786 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
11789 Fix securid5 authentication, was not checking for ACM_OK. Also add
11790 default cases for the two switch()es. Problem noted by ccon at
11794 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
11797 Remove ncat() in favor of just counting bytes and pre-allocating
11801 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
11804 Fix up some comments Add missing fclose() for the rootbinddn case
11808 align struct ldap_config
11812 use LINE_MAX for max conf file line size
11816 add _PATH_LDAP_SECRET
11820 Mention rootbinddn Give example ou=SUDOers container
11823 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
11825 * INSTALL, configure, configure.in, ldap.c:
11826 Support rootbinddn in ldap.conf
11829 * env.c, sudo.pod, sudoers.pod:
11830 Preserve DISPLAY environment variable by default.
11833 * acsite.m4, configure:
11834 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
11837 * acsite.m4, configure:
11838 set need_version=no for all cases; this is safe for LD_PRELOAD
11845 * configure, configure.in:
11850 Fix call to pam_end() when pam_open_session() fails.
11858 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
11859 ltsugar.m4 ltversion.m4
11862 * config.guess, config.sub, ltmain.sh:
11863 merge in local changes: config.guess: o better openbsd support
11864 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
11865 libs must begin with "lib" o don't print a bunch of crap about
11866 library installs o don't run ldconfig
11869 * config.guess, config.sub, ltmain.sh:
11874 Update with autoupdate and make minor changes for libtool 1.9f
11877 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
11880 don't call sudo_ldap_display_cmnd if ldap not setup
11883 * sudo_edit.c, visudo.c:
11884 Move declatation of struct timespec to its own include files for
11885 systems without it since it needs time_t defined.
11889 Move declatation of struct timespec to its own include files for
11890 systems without it since it needs time_t defined.
11894 Move declatation of struct timespec to its own include files for
11895 systems without it since it needs time_t defined.
11899 Move declatation of struct timespec to its own include files for
11900 systems without it since it needs time_t defined.
11903 * check.c, compat.h:
11904 Move declatation of struct timespec to its own include files for
11905 systems without it since it needs time_t defined.
11909 Don't set safe_cmnd for the "sudo ALL" case.
11912 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
11915 Call pam_open_session() and pam_close_session() to give pam_limits a
11916 chance to run. Idea from Karel Zak.
11919 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
11922 Add explicit cast from mode_t -> u_int in printf to silence warnings
11927 include grp.h to silence a warning on Solaris
11930 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
11933 Fix printing of += and -= defaults.
11936 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
11939 Sanity check number of syscall args with argsize. Not really needed
11940 but a little paranoia never hurts.
11943 * mon_systrace.c, mon_systrace.h:
11944 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
11945 for systrace lengths (since it uses int)
11948 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11951 Add some memsets for paranoia Fix namespace collsion w/ error Check
11952 rval of decode_args() and update_env() Remove improper setting of
11956 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
11958 * parse.c, sudo.c, sudo.h:
11959 In -l mode, only check local sudoers file if def_ignore_sudoers is
11960 not set and call LDAP versions from display_privs() and
11961 display_cmnd() instead of directly from main(). Because of this we
11962 need to defer closing the ldap connection until after -l processing
11963 has ocurred and we must pass in the ldap pointer to display_privs()
11964 and display_cmnd().
11968 Reorganize LDAP code to better match normal sudoers parsing.
11969 Instead of storing strings for later printing in -l mode we do
11970 another query since the authenticating user and the user being
11971 listed may not be the same (the new -U flag). Also add support for
11974 There is still a fair bit if duplicated code that can probably be
11978 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
11981 Replace pass variable with do_netgr for better readability.
11989 estrdup, not strdup
11992 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
11995 Add macro to test if the tag changed to improve readability.
11999 Avoid printing defaults header if there are no defaults to print...
12003 Fix a warning on systems without strlcpy().
12007 Use macros where possible for sudo_grdup() like sudo_pwdup().
12010 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
12013 It is possible for tv_usec to hold >= 1000000 usecs so add in
12017 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12020 The component in krb5_principal_get_comp_string() should be 1, not 0
12021 for Heimdal. From Alex Plotnick.
12024 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12026 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
12027 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
12028 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
12029 Add efree() for consistency with emalloc() et al. Allows us to rely
12030 on C89 behavior (free(NULL) is valid) even on K&R.
12034 Move initgroups() for -U option into display_privs() so group
12035 matching in sudoers works correctly.
12038 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12041 Removed duplicate call to ldap_unbind_s introduced along with
12046 Add missing space in Defaults printing
12049 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
12052 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
12056 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
12059 Zero old pw_passwd before replacing with version from shadow file.
12062 * configure, configure.in:
12063 Only attempt shadow password detection if PAM is not being used Add
12064 shadow_* variables to make shadow password detection more generic.
12068 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
12071 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12074 use a non-breaking space to avoid a double space after e.g.
12078 commna, not colon after e.g.
12081 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12084 Add __ variants of the exec functions. GNU libc at least uses
12085 __execve() internally.
12089 Match reality a bit more.
12093 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
12097 Store shadow password after making a local copy of struct passwd in
12098 case normal and shadow routines use the same internal buffer in
12102 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
12104 * alloc.c, logging.c:
12105 Make varargs usage consistent with the rest of the code.
12108 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
12111 Wrap more of the exec family since on Linux the others do not appear
12112 to go through the normal execve() path.
12116 make print_unused static like proto says
12120 silence a warning on K&R systems
12123 * alias.c, error.c:
12124 make this build in K&R land
12128 make this build in K&R land
12131 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
12137 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
12140 return(foo) not return foo optimize _atobool() slightly
12148 Reformat to match the rest of sudo's code.
12152 I am the primary author
12155 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12157 * Makefile.in, README, RUNSON:
12158 The RUNSON file is toast--it confused too many people and really
12159 isn't needed in a configure-oriented world.
12163 alternate -> alternative
12167 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
12172 Allow leading blanks before Defaults and Foo_Alias definitions
12176 fix rules to build toke.o and gram.o in devel mode
12179 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12182 env_keep overrides set_logname
12186 Fix disabling set_logname and make env_keep override set_logname.
12189 * compat.h, config.h.in, configure, configure.in:
12190 No longer need memmove()
12194 Just clean the environment once. This assumes that any further
12195 setenv/putenv will be able to handle the fact that we replaced
12196 environ with our own malloc'd copy but all the implementations I've
12200 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
12203 In -i mode, base the value of insert_env()'s dupcheck flag on
12204 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
12207 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
12210 Move setting of user_path, user_shell, user_prompt and prev_user
12211 into init_vars() since user_shell at least is needed there.
12214 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
12221 Fix some printf format mismatches on error.
12225 Fix some printf format mismatches on error.
12228 * configure, gram.c, toke.c:
12232 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
12233 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
12234 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12235 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
12236 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
12237 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
12238 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
12239 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
12240 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
12241 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
12242 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
12243 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
12244 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
12245 visudo.pod, zero_bytes.c:
12246 Update copyright years.
12249 * Makefile.binary.in:
12250 Update copyright years.
12254 Update copyright years.
12257 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
12262 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
12265 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
12267 * compat.h, logging.h, sudo.h:
12268 Add __printflike and use it with gcc to warn about printf-like
12272 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12274 * CHANGES, ChangeLog:
12275 Replaced CHANGES file with ChangeLog generated from cvs logs
12279 Use warning/error instead of perror/fatal.
12283 Update OpenBSD section
12287 Add upgrading noted for 1.7
12290 * env.c, sudo.c, sudoers.pod:
12291 Instead of zeroing out the environment, just prune out entries based
12292 on the env_delete and env_check lists. Base building up the new
12293 environment on the current environment and the variables we removed
12297 * config.h.in, configure, configure.in, sudo.c:
12298 Set locale to "C" if locales are supported, just to be safe.
12302 Cast?argument to ctype functions to unsigned char.
12305 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12308 correct value for DID_USER
12311 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
12312 #include <compat.h> not "compat.h"
12316 Reset the environment by default.
12320 Alloc an extra slot in NewArgv. Removes the need to malloc an new
12321 vector if execve() fails.
12324 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
12326 * INSTALL, config.h.in, configure, configure.in, sudo.c:
12327 Use execve(2) and wrap the command in sh if we get ENOEXEC.
12330 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
12333 Only include time.h on systems that lack struct timespec which gets
12334 defind in compat.h (using time_t).
12338 Include time.h for time_t in compat.h for systems w/o struct
12342 * compat.h, config.h.in, configure, configure.in:
12343 use bcopy on systems w/o memmove
12347 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
12352 Add explicit rule to build sudo_noexec.lo
12355 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
12357 * INSTALL.configure, Makefile.in:
12358 No longer depend on VPATH; pointed out a bunch of missed
12363 Help for PAM when account section is missing
12367 Give user a clue when there is a missing "account" section in the
12372 Better error handling.
12375 * config.h.in, configure, configure.in:
12376 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
12377 possible. Silences a warning about isblank() on linux.
12381 Fix typo (missing comma) that caused an incorrect number of args to
12382 be passed to log_error().
12385 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
12388 Don't try to destroy a tree we didn't create.
12391 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12393 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
12394 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
12395 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
12396 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
12397 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
12398 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
12399 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
12400 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
12401 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
12402 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
12403 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
12404 Add __unused to rcsids
12407 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
12409 * configure, configure.in:
12410 Fix error message when mixing invalid auth types
12414 PAM, AIX auth, BSD auth and login_cap are now on by default if the
12418 * auth/sudo_auth.h, config.h.in:
12419 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
12423 Better checking for conflicting authentication methods Display the
12424 authentication methods used at the end of configure Rename --with-
12425 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
12426 --with-pam, --with-logincap by default on systems that support them
12427 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
12428 OSREV has full version number
12431 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
12433 * def_data.c, def_data.in, sudo.c, sudoers.pod:
12437 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
12440 Replace: test -n "$FOO" || FOO="bar"
12442 With: : ${FOO='bar'}
12445 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12447 * pwutil.c, testsudoers.c, tsgetgrpw.c:
12448 Use function pointers to only call private passwd/group routines
12449 when using a nonstandard passwd/group file.
12452 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
12459 Can't use strtok() since it doesn't handle empty fields so add
12460 getpwent()/getgrent() functions and call those.
12463 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
12466 Fix dummied out toke.c and gram.c dependencies.
12470 Rename PARSESRCS -> GENERATED since it is only used in the clean
12471 target Add devdir variable and use it to specify the path to parser
12480 Add a devdir variables that defaults to $(srcdir) and is set to . if
12481 --devel was specified. Allows for proper dependecies building the
12486 Add support for custom passwd/group files.
12490 Build private copy of pwutil.o for testsudoers with MYPW defined so
12491 it uses our own passwd/group routines.
12495 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
12496 stubs instead. We can now just use the caching sudo_*{pw,gr}*
12497 functions in pwutil.c Add comment about wanting to call
12498 sudo_endpwent/sudo_endgrent in cleanup()
12502 Remove caching; we will just use what is in pwutil.c Use global
12503 buffers for passwd/group structs Rename functions from sudo_* to
12507 * logging.c, sudo.c:
12508 g/c pwcache_init/pwcache_destroy
12512 Undo last commit and add sudo_setspent and sudo_endspent instead.
12515 * getspwuid.c, pwutil.c:
12516 Move all but the shadow stuff from getspwuid.c to pwutil.c and
12517 pwcache_get and pwcache_put as they are no longer needed. Also add
12518 preprocessor magic to use private versions of the passwd and group
12519 routines if MYPW is defined (for use by testsudoers).
12523 zero out struct passwd/group before filling it in so if there are
12524 fields we don't handle they end up as 0.
12527 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12532 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
12537 Passwd and group lookup routines for testsudoers that support
12538 alternate passwd and group files.
12541 * getspwuid.c, pwutil.c:
12542 Split off pw/gr cache and dup code into its own file. This allows
12543 visudo and testsudoers to use the pw/gr cache too.
12546 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
12549 Print Defaults info in "sudo -l" output and wrap lines based on the
12553 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
12555 * match.c, testsudoers.c, visudo.c:
12556 Only check group vector in usergr_matches() if we are matching the
12557 invoking or list user. Always check the group members, even if
12558 there was a group vector.
12561 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
12563 * LICENSE, Makefile.in, fnmatch.3:
12564 No longer bundle fnmatch.3
12571 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
12578 Sort command line options
12581 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
12582 sudo.pod, sudoers.pod:
12583 Add closefrom sudoers option to start closing at a point other than
12584 3. Add closefrom_override sudoers option and -C sudo flag to allow
12585 the user to specify a different closefrom starting point.
12589 Add _PATH_DEVNULL for those without it.
12593 no more UCB strcasecmp
12597 replace BSD licensed one with version derived from pdksh
12600 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
12607 Make sure stdin, stdout and stderr are open and dup them to
12611 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
12613 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
12614 add sudo_ldap_close
12617 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
12618 Use TIME_WITH_SYS_TIME
12621 * config.h.in, configure, configure.in:
12622 Add TIME_WITH_SYS_TIME_H
12625 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
12628 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
12629 unconditionally on darwin. From Toby Peterson.
12633 Check rbinsert() return value. In the case of faked up entries
12634 there is usually a negative response cached that we need to
12637 In pwfree() don't try to zero out a NULL pw_passwd pointer.
12641 Use the double fork trick to avoid the monitor process being waited
12642 for by the main program run through sudo.
12645 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
12648 Call initgroups() in -U mode so group matches work normally.
12651 * def_data.h, mkdefaults:
12652 Don't print a trailing comma for the last entry in enum def_tupple
12655 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
12657 * sudoers.cat, sudoers.man.in, sudoers.pod:
12658 Mention values when lecture, listpw and verifypw are used in boolean
12662 * def_data.c, def_data.in:
12663 verifypw when used in a boolean TRUE context should be "all", not
12667 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
12669 * def_data.in, defaults.c:
12670 Allow tuples that can be used as booleans to be used as boolean
12671 TRUE. In this case the 2nd possible value of the tuple is used for
12675 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
12677 * configure, configure.in:
12678 Correct the test for 2-parameter timespecsub
12682 Add strub struct definitions for passwd, timeval and timespec
12685 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
12686 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
12687 and fix a typo in the gettimeofday check.
12690 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
12692 * match.c, testsudoers.c:
12693 Deal with user_stat being NULL as it is for visudo and testsudoers.
12696 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
12697 Add -U option to use in conjunction with -l instead of -u. Add
12698 support for "sudo -l command" to test a specific command.
12701 * gram.c, gram.y, sudo.c:
12702 Set safe_cmnd after sudoers_lookup() if it has not been set.
12703 Previously it was set by sudo "ALL" in the parser but at that point
12704 the fully-qualified pathname has not yet been found.
12707 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
12709 * parse.c, testsudoers.c:
12710 Correctly handle multiple privileges per userspec and runas
12714 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
12717 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
12720 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
12723 make per-command defaults work with sudoedit
12726 * ldap.c, parse.c, sudo.c, sudo.h:
12727 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
12728 Instead, we just set the approriate defaults variable.
12731 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
12732 Document per-command Defaults.
12735 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
12736 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
12737 Add support for command-specific Defaults entries. E.g.
12738 Defaults!/usr/bin/vi noexec
12741 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
12742 Change an occurence of user_matches() -> runas_matches() missed
12743 previously runas_matches(), host_matches() and cmnd_matches() only
12744 really need to pass in a list of members. user_matches() still
12745 needs to pass in a passwd struct because of "sudo -l"
12749 Check def_authenticate, def_noexec and def_monitor when setting
12750 return flags. XXX May be better to just set the defaults directly
12751 and get rid of those flags.
12754 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
12755 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
12756 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
12757 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
12758 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
12759 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
12760 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
12761 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
12762 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
12763 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
12764 visudo.c, zero_bytes.c:
12765 Use: #include <config.h> Not: #include "config.h" That way we get
12766 the correct config.h when build dir != src dir
12770 Back out part of rev 1.263; fix -I order
12774 More robust parsing if #include; could be much better still.
12777 * sudo_edit.c, visudo.c:
12778 Make arg splitting in visudo and sudoedit consistent.
12781 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
12782 Split alias routines out into their own file.
12786 __attribute__ is already defined in compat.h
12790 quit() should not be __noreturn__ as it is non-void on some
12794 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
12795 Add local error/warning functions like err/warn but that call an
12796 additional cleanup routine in the error case. This means we no
12797 longer need to compile a special version of alloc.o for visudo.
12801 Clarify comments about the data structures
12804 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12807 Add support for VISUAL and EDITOR containing command line args. If
12808 env_editor is not set any args in VISUAL and EDITOR are ignored.
12809 Arguments are also now supported in def_editor.
12812 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
12815 alias_matches() is no more
12823 When regenerating the parser, don't replace gram.h unless it has
12828 remove Makefile.binary for distclean
12832 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
12833 sure we can't overflow new_env.
12837 paranoia when stripping trailing slashes from tempdir.
12841 Set user_ngroups to 0 if getgroups() returns an error.
12844 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
12846 * config.h.in, configure, configure.in, sudo.c:
12847 Add configure check for getgroups()
12851 Use supplementary group vector in struct sudo_user.
12855 Only do string comparisons on the group members if there is no
12856 supplemental group list.
12864 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
12865 chop off any trailing slashes we see and add an explicit one.
12869 remove bogus XXX comment
12873 Get rid of alias_matches and correctly fall through to the non-alias
12874 cases when there is no alias with the specified name.
12878 Cache non-existent passwd/group entries too.
12889 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
12890 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
12891 Implement group caching and use the passwd and group caches
12895 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
12898 Properly negate the return value of alias_matches() when
12903 Make hostname_matches() return TRUE for a match, else FALSE like the
12908 Add missing dependencies on gram.h
12912 Use runas_matches in alias_matches() now that we have it.
12915 * parse.c, parse.h:
12916 Expand aliases in "sudo -l" mode
12920 Use ALIAS for the member type when storing an alias instead of
12921 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
12922 more generic type. Expand runas_matches instead of calling
12923 user_matches() inside of it since user_matches() looks up
12924 USERALIASes, not RUNASALIASes.
12927 * CHANGES, getspwuid.c:
12928 Paranoia; zero out pw_passwd before freeing passwd entry.
12931 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
12932 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
12933 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
12934 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
12935 Add local error/warning functions like err/warn but that call an
12936 additional cleanup routine in the error case. This means we no
12937 longer need to compile a special version of alloc.o for visudo.
12941 Use userpw_matches() to compare usernames, not strcmp(), since the
12942 latter checks for "#uid".
12945 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
12946 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
12947 the other by user name. The data returned from the cache should be
12948 considered read-only and is destroyed by sudo_endpwent().
12956 missing free in alias_destroy
12960 Can't use rbapply() for rbdestroy since the destructor is passed a
12961 data pointer, not a node pointer.
12964 * getspwuid.c, logging.c, sudo.c, sudo.h:
12965 Create and use private versions of setpwent() and endpwent() that
12966 set/end the shadow password file too.
12969 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
12970 Store aliases in a red-black tree.
12973 * Makefile.in, redblack.c, redblack.h:
12974 red-black tree implementation
12978 Edit all sudoers file if there were unused or undefined aliases and
12979 we are in strict mode.
12982 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
12984 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
12985 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
12986 Bring back the "secure_path" Defaults option now that Defaults take
12987 effect before the path is searched.
12990 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
12992 * logging.c, parse.c:
12993 A user can always list their own entries, even with -u. Better error
12994 message when failing to list another user's entries.
12997 * parse.c, sudo.c, sudo.h:
12998 The syntax to list another user's entries is now "-u otheruser -l".
12999 Only root or users with sudo "ALL" may list other user's entries.
13002 * sudo.cat, sudo.man.in, sudo.pod:
13003 Update env variable info in SECURITY NOTES
13011 strip exported bash functions from the environment.
13014 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
13017 Only reset sudo_user.pw based on SUDO_USER environment variables for
13018 real commands and sudoedit. This avoids a confusing message when a
13019 user tries "sudo -l" or "sudo -v" and is denied.
13022 * gram.c, gram.y, parse.h:
13023 Extend LIST_APPEND to deal with appending lists too
13026 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13029 Convert some bitwise AND to ISSET
13032 * lex.yy.c, toke.c:
13033 toke.c replaces lex.yy.c
13041 new parser fixes most of the outstanding bugs
13049 Rework for the new parser. Now checks for unused aliases in sudoers.
13053 Rewrite for the new parser. Now supports a -d flag (dump) and adds
13054 a -h flag (host). It now defaults to the local hostname unless
13055 otherwise specified.
13059 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
13063 Update for new parse. We now call find_path() *after* we have
13064 updated the global defaults based on sudoers. Also adds support for
13065 listing other user's privs if you are root.
13069 Working LDAP support; also remove a now-unneeded rewind().
13072 * logging.c, logging.h:
13073 Add NO_STDERR flag.
13077 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
13078 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
13079 connecto to LDAP, apply the default options, find the command in the
13080 user's path, and then check whether the user is allowed to run it.
13081 The important thing here is that the default runas user may be
13082 specified as a default option and that needs to be set before we
13083 search for the command.
13087 Add casts to unsigned char for isspace() to quiet a gcc warning.
13091 Add prototype for update_defaults()
13095 Don't warn about line numbers now that we operate on a set of data
13096 structures (or LDAP) and not a file.
13100 No long use lsearch()
13104 Update for new and changed file names.
13108 no more BSD lsearch.c
13112 foo_matches() routines now live in match.c Added user_matches(),
13113 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
13114 that operate on the parsed sudoers file.
13117 * parse.lex, toke.l:
13118 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
13119 WORD no longer needs to exclude '@' kill yywrap()
13122 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
13124 Rewritten parser that converts sudoers into a set of data
13125 structures. This eliminates ordering issues and makes it possible to
13126 apply sudoers Defaults entries before searching for the command.
13129 * configure.in, emul/search.h, lsearch.c:
13130 We won't be using lsearch() any longer.
13134 sudo should not send mail if someone who runs 'sudo -l' has no
13138 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13144 Update warnings to match new visudo
13148 The new parser doesn't have the old ordering constraints.
13152 Document that -l now takes an optional username argument
13155 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13162 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
13163 a compilation problem with Solaris 9's native LDAP.
13165 Set FLAG_MONITOR when needed.
13168 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
13171 Call sudo_goodpath() *after* changing the cwd to match the traced
13172 process. Fixes relative paths.
13175 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
13178 Kill set_perms() stub--it is no longer needed.
13181 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
13183 * sudoers.cat, sudoers.man.in, sudoers.pod:
13184 stay_setuid now requires set_reuid() or setresuid()
13187 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
13188 configure.in, set_perms.c, sudo.c, sudo.h:
13189 Kill use of POSIX saved uids; they aren't worth bothering with.
13192 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
13195 remove call to issetugid()
13198 * sudoers.cat, sudoers.man.in, sudoers.pod:
13199 Remove warning about wildcards. Now that we use glob() the bug is
13204 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
13205 each result that matches the basename of the user's command. This
13206 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
13207 /usr/bin/blah. Fixes bug #143.
13210 * config.h.in, configure, configure.in:
13211 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
13215 * config.h.in, configure, configure.in:
13216 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
13224 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13229 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13233 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
13236 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
13237 means we are out of space in the stack gap...
13245 Take a stab at ldap sudoers support here.
13248 * mon_systrace.c, mon_systrace.h:
13249 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
13250 doesn't cause reboot to inadvertanly kill itself.
13254 put "monitor" in the proctitle, not "systrace"
13258 When modifying the environment, don't replace envp when we can get
13259 away with just rewriting pointers in the traced process.
13262 * mon_systrace.c, mon_systrace.h:
13263 Add environment updating via STRIOCINJECT (if available).
13266 * sudoers.cat, sudoers.man.in:
13270 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
13277 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
13281 Include file is now mon_systrace.h
13284 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
13285 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
13286 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
13287 No longer call it tracing, it is now "monitoring" which should be
13288 more a obvious name to non-hackers.
13291 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
13293 * mon_systrace.c, mon_systrace.h:
13297 * mon_systrace.c, mon_systrace.h:
13298 No need to include syscall.h, use 1024 as the max # of entries (the
13299 max that systrace(4) allows).
13301 Only need to use SYSTR_POLICY_ASSIGN once
13303 Change check_syscall() -> find_handler() and have it return the
13304 handler instead of just running it. We need this since handler now
13305 have two parts: one part that generates and answer and another that
13306 gets called after the answer is accepted (to do logging).
13308 Add some missing check_exec for emul execv
13311 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
13316 Add missing HAVE_LINUX_SYSTRACE_H
13320 add trace_systrace.o dependency
13323 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
13325 * configure, configure.in:
13326 Also look for systrace.h in /usr/include/linux
13329 * mon_systrace.c, mon_systrace.h:
13330 Move all struct defs and prototypes into trace_systrace.h and mark
13331 all but systace_attach() static.
13334 * mon_systrace.c, mon_systrace.h:
13335 Add support for tracing emulations. At the moment, all emulations
13336 are compiled in. It might make sense to #ifdef them in the future,
13337 though this impeeds readability.
13340 * Makefile.in, configure, configure.in:
13341 rename systrace.c -> trace_systrace.c
13344 * parse.yacc, sudo.tab.c:
13345 Allow this to build with a K&R compiler again
13352 * compat.h, sudo.c, visudo.c:
13353 Use __attribute__((__noreturn__))
13357 Exit() takes a negative value to indicate it was not called via
13361 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13366 * Makefile.in, visudo.c:
13367 Define Err() and Errx() that are like err() and errx() but call
13368 Exit() instead of exit(). Build private copy of alloc.o for visudo
13369 that calls Err() and Errx().
13372 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
13374 * lex.yy.c, sudo.tab.c:
13383 Overhaul visudo for editing multiple files: o visudo has been
13384 broken out into functions (more work needed here) o each file is
13385 now edited before sudoers is re-parsed o if a #include line is
13386 added that file will be edited too
13388 TODO: o cleanup temp files when exiting via err() or errx() o
13389 continue breaking things out into separate functions
13392 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
13393 Add keepopen arg to open_sudoers that open_sudoers can use to
13394 indicate to the caller that the fd should not be closed when it is
13395 done with it. To be used by visudo to keep locked fds from being
13396 closed prematurely (and thus losing the lock).
13399 * parse.yacc, sudo.c:
13400 Add errorfile global that contains the name of the file that caused
13405 return COMMENT to yacc grammar for a #include line
13409 Remove us of unput() in favor of yyless() which is cheaper.
13413 Allow an empty sudoers file.
13416 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
13419 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
13422 * lex.yy.c, sudo.tab.c:
13427 Do signal setup before calling edit_sudoers(). Don't shadow the
13432 If a sudoers file includes other files, edit those too. Does not yes
13433 deal with creating the new includes files itself.
13437 init_parser now takes a path
13440 * parse.c, parse.h, parse.lex, parse.yacc:
13441 More scaffolding for dealing with multiple sudoers files: o
13442 init_parser() now takes a path used to populate the sudoers global
13443 o the sudoers global is used to print the correct file in yyerror()
13444 o when switching to a new sudoers file, perserve old file name and
13448 * Makefile.in, pathnames.h.in:
13449 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
13450 multiple sudoers files.
13454 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
13455 we start at the right file position when reading include files.
13467 Add max depth of 128 for the include stack to avoid loops.
13469 Since yyerror() doesn't stop parsing, pass return values back to
13470 yylex and call yyterminate() on error.
13473 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
13480 Mention PREVENTING SHELL ESCAPES section of sudoers man page
13483 * lex.yy.c, sudo.tab.c:
13488 Add support for #include in sudoers (visudo support TBD)
13492 make yyerror()'s argument const
13495 * testsudoers.c, visudo.c:
13496 Add open_sudoers() stubs.
13500 Rename check_sudoers() open_sudoers() and make it return a FILE *
13503 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
13505 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
13510 * Makefile.in, sudo.psf:
13511 Better HP-UX depot construction
13514 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
13517 o Made children global so check_exec() can lookup a child. o
13518 Replaced uid in struct childinfo with struct passwd * (for runas) o
13519 new_child() now takes a parent pid so the runas info can be
13520 inherited o Added find_child() to lookup a child by its pid o
13521 update_child() now fills in a struct passwd o Converted the big
13522 if/else mess in set_policy to a switch o Syscalls that change uid
13523 are now "ask" so we get SYSTR_MSG_UGID events
13527 Add flag to sudo_pwdup that indicates whether or not to lookup the
13528 shadow password. Will be used to a struct passwd that has the
13529 shadow password already filled in.
13533 add missing increment of addr in read_string()
13537 Remove bogus call to update_child() and some cosmetic fixes
13541 Don't leak /dev/systrace fd to tracee Make initialized global for
13542 simplicity If STRIOCATTACH returns EBUSY we are already being traced
13543 Check for user_args == NULL in setproctitle() call Add missing calls
13548 g/c sudo_pwdup proto
13551 * Makefile.in, sudo.psf:
13552 Add target for building a depot file
13559 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
13561 * lex.yy.c, sudo.tab.c, sudo.tab.h:
13566 document --with-systrace
13569 * config.h.in, configure, configure.in:
13570 Add check for setproctitle
13574 pass struct str_msg_ask in to syscall checker so it can set the
13579 systrace(4) support for sudo. On systems with the systrace(4)
13580 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
13581 intercept exec calls and check the exec args against the sudoers
13582 file. In other words, sudo can now control subcommands and shell
13587 Call systrace_attach() if FLAG_TRACE is set.
13590 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
13591 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
13595 Don't close sudoers_fp, keep it open and set close on exec flag
13599 * def_data.c, def_data.h, def_data.in:
13608 SunOS /bin/sh blows up with configure
13611 * configure, configure.in:
13612 Include sys/param.h before systrace.h
13624 line up options in --help
13627 * config.h.in, configure.in:
13628 Add --with-systrace
13631 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
13637 * aclocal.m4, configure.in:
13638 make this work with autoconf-2.59
13641 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
13644 Simplify logic around open & stat of files and do sanity on edited
13645 file even if we lack fstat (still racable but worth doing).
13648 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
13656 [b84ebfaf1552] [SUDO_1_6_8p1]
13659 more changes for 1.6.8p1
13666 * CHANGES, sudo_edit.c:
13667 Add sanity check so we don't try to edit something other than a
13671 2004-09-15 Aaron Spangler <aaron777@gmail.com>
13678 document --with-ldap-conf-file
13681 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
13683 * CHANGES, ins_csops.h:
13684 political correctness strikes again
13691 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
13693 * Makefile.binary.in, Makefile.in:
13694 Install sudoedit man link
13698 Update PAM note and mention where HP-UX users can download gcc
13703 libtool wants to install stuff from .libs so fake one up for binary
13707 * Makefile.binary.in:
13708 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
13712 Deal with "uname -m" having slashes in it rm -f old sudoedit link
13713 instead of using ln -f
13716 * Makefile.binary, Makefile.binary.in:
13717 Makefile.binary -> Makefile.binary.in for config.status substitution
13718 Add support for installing noexec bits
13722 Copy noexec bits into binary dists too No longer use my old arch
13723 script for making binary dists
13727 Install sudoedit link.
13730 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
13733 avoid __P so there is no need for compat.h to be included
13737 Don't use HAVE_UTIME_H before including config.h.
13740 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
13743 Fix Solatis futimes macro
13746 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
13749 Rename ots -> omtim for improved readability.
13752 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
13755 Redo changes in revision 1.7. Don't really need to keep the temp
13756 file open; re-opening it with the invoking user's euid is
13764 * sudo.cat, sudo.man.in:
13769 back out revision 1.70; it is no long applicable
13773 Let the loader initialize nep
13776 * config.h.in, configure, configure.in:
13777 Removed unneed check for fchown Add check for gettimeofday Move
13778 autoheader template stuff into separate AH_TEMPLATE lines
13781 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
13782 Use timespec throughout.
13790 function to return the current time in a struct timespec
13794 Not a darpa-sponsored file.
13797 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
13799 * compat.h, config.h.in, configure, configure.in:
13800 Add a check for struct timespec and provide it for those without.
13803 * config.h.in, configure, configure.in, sudo_edit.c:
13804 Add checks for st_mtim and st_mtimespec and add macros for pulling
13805 the mtime sec and nsec out of struct stat. These are used in
13806 sudo_edit() to better tell whether or not the file has changed.
13809 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
13810 Add an extra param to touch() for nsec
13814 Call mkstemp() as the in invoking user so we don't have to chown the
13815 file later. Only touch() the temp file if we can do it via the file
13816 descriptor. Don't check for modification of the temp file if we lack
13817 fstat(). Catch errors read()ing the temp file.
13821 If path is NULL and fd == -1 return -1.
13825 closefrom() is overkill, the only extra fds are the ones we opened
13826 so just close those in the child.
13829 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
13830 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
13832 Use utimes() and futimes() instead of utime() in touch(), emulating
13833 as needed. Not all systems are able to support setting the times of
13834 an fd so touch() takes both an fd and a file name as arguments.
13837 2004-09-07 Aaron Spangler <aaron777@gmail.com>
13843 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
13845 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13850 * sudo.pod, sudoers.pod, visudo.pod:
13851 Add SUPPORT section and re-order some of the sections to match the
13852 order we use in OpenBSD.
13855 2004-09-06 Aaron Spangler <aaron777@gmail.com>
13858 Openldap ~/.ldaprc fix
13861 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
13864 Talk about how the editor must write its changes to the original
13865 file and not just use rename(2).
13873 Keep the temp file open instead of re-opening after the editor has
13878 Update for current redhat/fedora core.
13881 2004-09-03 Aaron Spangler <aaron777@gmail.com>
13887 2004-09-02 Aaron Spangler <aaron777@gmail.com>
13890 config tls_* options
13893 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
13895 * configure, configure.in:
13896 No need for -lcrypt when using pam.
13899 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
13905 2004-08-27 Aaron Spangler <aaron777@gmail.com>
13907 * configure.in, ldap.c, pathnames.h.in:
13908 Allow --with-ldap-conf-file option to override LDAP_CONF
13912 cleanup debug message
13915 2004-08-26 Aaron Spangler <aaron777@gmail.com>
13921 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
13923 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
13924 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
13925 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
13926 longer use gross statics in command_matches(). Also rename some
13927 variables for improved clarity.
13930 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
13933 document HP's crippled compiler deficiency.
13937 Fix some thinkos in --with-editor and --with-env-editor
13938 descriptions. Noticed by Norihiko Murase.
13941 * configure, configure.in:
13942 --with-noexec takes an optional PATH argument.
13946 document --with-noexec
13949 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
13953 [f2503bd13373] [SUDO_1_6_8]
13956 Better warning message when sudoedit is unable to write to the
13960 * sudo.cat, sudo.man.in:
13965 Don't italicize the string "sudoedit"
13968 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
13974 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
13981 Reset used_runas to FALSE when re-intializing the parser.
13984 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
13987 Correct OpenBSD mips support
13994 2004-08-07 Aaron Spangler <aaron777@gmail.com>
13997 More behavior notes
14001 Updates on current behavior
14004 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14007 =back does not take an indentlevel (makes no difference to formatted
14012 =back does not take an indentlevel (makes no difference to formatted
14021 Consistency. Use same error for bad -u #uid when targetpw is set as
14022 we do when a bad -u username is specified.
14026 Add checksum idea from Steve Mancini
14029 * sudoers.cat, sudoers.man.in:
14033 * sudo.cat, sudo.man.in:
14037 * sudo.pod, sudoers.pod:
14038 Document the restriction on uids specified via -u when targetpw is
14043 Error out when targetpw is enabled and sudo is run with -u #uid but
14044 #uid does not exist in the passwd database. We can't do target
14045 authentication when the target is not in passwd!
14048 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14053 Some more todo for the next release.
14057 Make it clear that PAM should be used for DCE support when possible.
14061 o Document problems with wildcards and relative paths. o Make the
14062 order requirements more prominent. o Change a "set" to "reset" for
14066 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14069 Mention --with-secure-path, not SECURE_PATH.
14072 2004-08-03 Aaron Spangler <aaron777@gmail.com>
14075 reflect changes to parse.c
14078 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
14084 * parse.c, parse.h, testsudoers.c, visudo.c:
14085 Don't pass user_cmnd and user_args to command_matches(), just use
14086 the globals there. Since we keep state with statics anyway it is
14087 misleading to pretend that passing in different cmnd and cmnd_args
14092 Don't pass user_cmnd and user_args to command_matches(), just use
14093 the globals there. Since we keep state with statics anyway it is
14094 misleading to pretend that passing in different cmnd and cmnd_args
14099 Fix a bug introduced in rev. 1.149. When checking for pseudo-
14100 commands check for a '/' anywhere in cmnd, not just the first
14104 2004-07-31 Aaron Spangler <aaron777@gmail.com>
14106 * sudo.man.in, sudo.pod:
14107 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
14110 * sudoers.man.in, sudoers.pod:
14111 Add ignore_local_sudoers
14115 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
14119 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
14125 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
14132 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
14133 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
14136 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14142 2004-07-08 Aaron Spangler <aaron777@gmail.com>
14145 Better debugging of ALL command
14148 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14151 When matching for "sudoedit" in sudoers check both the command the
14152 user typed *and* the command that is listed in the sudoers entry.
14155 2004-07-04 Aaron Spangler <aaron777@gmail.com>
14158 Added !command feature
14161 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
14164 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
14167 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14170 License is ISC-style, not BSD-style
14177 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
14179 * sudo.cat, sudo.man.in:
14184 o Update some out of date bits to reality o Change the shell promt
14185 in examples to bourne-shell style o Clarify some details o Add a
14186 CAVEAT about "sudo cd /foo"
14190 Don't ask for a password if invoking user == target user.
14197 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
14199 * sudoers.cat, sudoers.man.in:
14204 Expand on NOEXEC a little.
14211 * visudo.cat, visudo.man.in:
14220 Add a check in visudo for runas_default being set after it has
14224 * CHANGES, parse.yacc, visudo.c:
14225 Add a check in visudo for runas_default being set after it has
14234 Add a MATCHED macro for testing whether foo_matches has been set to
14235 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
14236 Doesn't change the actual code generated.
14239 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
14250 Correct description of where Defaults specs should go.
14254 Correct description of where Defaults specs should go.
14257 * testsudoers.c, visudo.c:
14277 * auth/bsdauth.c, auth/kerb5.c:
14281 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
14287 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
14288 Remove trailing spaces, no actual code changes.
14292 Remove trailing spaces, no actual code changes.
14295 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
14296 Remove trailing spaces, no actual code changes.
14300 Remove trailing spaces, no actual code changes.
14304 Remove trailing spaces, no actual code changes.
14307 * compat.h, defaults.c, env.c:
14308 Remove trailing spaces, no actual code changes.
14312 Remove trailing spaces, no actual code changes.
14320 Fix a >=0 that should be <0 that was improperly converted when
14325 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
14326 NOMATCH when resetting it.
14330 Fix pastos introduced in SETNMATCH addition.
14333 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
14336 Update for configure changes
14344 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14345 these in parse.yacc. Also in parse.yacc initialize the *_matches
14346 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14347 when setting *_matches to a value that may be
14348 NOMATCH/UNSPEC/TRUE/FALSE.
14352 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14353 these in parse.yacc. Also in parse.yacc initialize the *_matches
14354 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14355 when setting *_matches to a value that may be
14356 NOMATCH/UNSPEC/TRUE/FALSE.
14360 Initialize runas to -2, not -1 since we need to be able to
14361 distinguish between the initialized value and the value of a non-
14362 match when passing along the runas value to multiple commands.
14364 The result of this is that an unmatched runas is now set to -1, not
14365 0. This is required now that parse.c treats a FALSE value for runas
14366 as being explicitly denied.
14369 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
14371 * sudo.c, visudo.c:
14372 Error out if argc < 1.
14376 Error out if argc < 1.
14379 * configure, configure.in:
14380 Add tests for what libs we need to link with for ldap and for
14381 whether or not lber.h needs to be explicitly included.
14384 2004-06-03 Aaron Spangler <aaron777@gmail.com>
14387 Solaris native LDAP build fix
14390 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
14393 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
14398 Add prototype for sudo_ldap_list_matches
14401 * configure, configure.in:
14402 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14403 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14404 this is now used to confitionally define the dirfd macro in
14409 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14410 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14411 this is now used to confitionally define the dirfd macro in
14416 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14417 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14418 this is now used to confitionally define the dirfd macro in
14423 Only check /proc/$$/fd if we have the dirfd function/macro.
14426 * compat.h, config.h.in, configure, configure.in:
14427 Add a check for a dirfd() function (like Linux) and add a dirfd
14428 macro in compat.h if there is no dirfd() function or macro.
14431 * closefrom.c, getcwd.c:
14432 dirfd() is now defined in compat.h as needed.
14436 Clarify closefrom() note.
14440 When checking for a command in the directory, only copy the base dir
14445 If there is a /proc/$$/fd directory, behave like the Solaris
14446 closefrom() and only close the descriptors listed therein.
14450 compat.h guarantees INT_MAX is defined.
14454 Add definitions of OPEN_MAX and INT_MAX for those without it and
14455 remove definition of RLIM_INFINITY (now unused).
14458 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
14459 sudo.c, sudo.h, visudo.c:
14460 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
14463 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
14470 Add some entries that were mailed in a while ago
14474 o sysconf returns a long, not an int. o check for negative return
14475 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
14476 define OPEN_MAX to 256 for those without it (a fair guess...)
14479 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
14482 Mention change in parse order for RunAs entries.
14489 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
14491 * INSTALL, README.LDAP, config.h.in, configure.in:
14492 o --with-ldap now takes an optional dir as a parameter o added
14493 check for ldap_initialize() and start_tls_s()
14497 Fix some typos, word choice and formatting issues.
14500 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
14503 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
14504 read/write as it is simpler.
14507 * configure, configure.in:
14508 Remove hack overriding cross-compiler check. It should no longer be
14513 Remove select() compat bits since we no longer use select().
14516 * CHANGES, tgetpass.c:
14517 Use alarm() instead of select() for the timeout for systems that
14518 don't fully/properly implement select().
14521 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14532 Deal with systems that have no way of setting the effective uid such
14536 * configure, configure.in:
14537 Define NO_SAVED_IDS if we don't find seteuid()
14540 * config.h.in, configure, configure.in:
14541 Add back check for setreuid() since NSK doesn't have it.
14544 * sudoers.cat, sudoers.man.in:
14557 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
14558 explicitly denied and the command matched. This fixes a long-
14559 standing bug and makes: foo machine = (ALL) /usr/bin/blah
14560 foo machine = (!bar) /usr/bin/blah
14562 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
14566 Clarify mail_noperm
14569 2004-05-20 Aaron Spangler <aaron777@gmail.com>
14572 Missing DESTDIR in make install for sudo_noexec.la
14575 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
14577 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14587 Remove fastboot/fasthalt (who still remembers these?) and add a
14588 minimal sudoedit example.
14592 Remove fastboot/fasthalt (who still remembers these?) and add a
14593 minimal sudoedit example.
14596 * UPGRADE, sudo.c, visudo.c:
14597 filesystem -> file system
14601 filesystem -> file system
14604 * CHANGES, INSTALL:
14605 filesystem -> file system
14608 * sudo.pod, sudoers.pod:
14609 Fix some minor typos and formatting goofs
14617 remove my email addr
14620 * sudo.pod, sudoers.pod, visudo.pod:
14621 Use @mansectform@ and @mansectsu@ everywhere Make man page
14622 references links with L<>
14626 Accept quoted globbing characters and pass them verbatim for
14631 Document that /tmp/.odus is gone.
14635 No longer use /tmp/.odus as a possible timestamp dir unless
14636 specifically configured to do so. Instead, if no /var/run exists,
14637 use /var/adm/sudo or /usr/adm/sudo.
14641 No longer use /tmp/.odus as a possible timestamp dir unless
14642 specifically configured to do so. Instead, if no /var/run exists,
14643 use /var/adm/sudo or /usr/adm/sudo.
14647 No longer use /tmp/.odus as a possible timestamp dir unless
14648 specifically configured to do so. Instead, if no /var/run exists,
14649 use /var/adm/sudo or /usr/adm/sudo.
14653 No longer use /tmp/.odus as a possible timestamp dir unless
14654 specifically configured to do so. Instead, if no /var/run exists,
14655 use /var/adm/sudo or /usr/adm/sudo.
14658 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
14659 Preliminary changes to support nsr-tandem-nsk. Based on patches
14664 Preliminary changes to support nsr-tandem-nsk. Based on patches
14668 * check.c, compat.h:
14669 Preliminary changes to support nsr-tandem-nsk. Based on patches
14673 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
14676 There was no 1.6.7p6.
14684 add missing files to DISTFILES
14687 * sudo.cat, sudoers.cat, visudo.cat:
14696 Fix some line wrap and update (c) year
14699 2004-04-28 Aaron Spangler <aaron777@gmail.com>
14705 2004-04-07 Aaron Spangler <aaron777@gmail.com>
14711 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
14718 In Exit() when used as a signal handler, emsg is a pointer so
14719 sizeof() is wrong so make it a #define instead. Also avoid using a
14720 negative exit value. Found by Aaron Campbell
14723 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
14726 Remove bogus sentence about uids in a User_List. Document usernames
14727 vs. uid parsing in a Runas_List.
14730 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
14731 If the user specified a uid with the -u flag and the uid exists in
14732 the passwd file, set runas_user to the name, not the uid.
14734 When comparing usernames in sudoers, if a name is really a uid
14735 (starts with '#') compare it numerically to pw_uid.
14738 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
14741 krb5_mcc_ops should be const; Johnny C. Lam
14744 2004-02-28 Aaron Spangler <aaron777@gmail.com>
14746 * CHANGES, config.h.in, ldap.c:
14747 Added start_tls support
14750 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
14753 Clean up libtool stuff for 'make distclean' and add def_data.c,
14754 def_data.h to PARSESRCS.
14757 2004-02-14 Aaron Spangler <aaron777@gmail.com>
14759 * strlcat.c, strlcpy.c:
14760 Un-Fix last license munge
14763 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
14769 * CHANGES, RUNSON, TODO:
14773 * lex.yy.c, sudo.tab.c:
14777 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
14778 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
14779 emul/search.h, emul/utime.h:
14780 More to a less restrictive, ISC-style license.
14783 * auth/kerb5.c, auth/pam.c:
14784 More to a less restrictive, ISC-style license.
14787 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
14788 More to a less restrictive, ISC-style license.
14792 More to a less restrictive, ISC-style license.
14795 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
14796 More to a less restrictive, ISC-style license.
14799 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
14800 visudo.man.in, visudo.pod:
14801 More to a less restrictive, ISC-style license.
14805 More to a less restrictive, ISC-style license.
14808 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
14810 More to a less restrictive, ISC-style license.
14813 * sigaction.c, strerror.c:
14814 More to a less restrictive, ISC-style license.
14817 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
14819 More to a less restrictive, ISC-style license.
14822 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
14823 ins_goons.h, insults.h, interfaces.c, interfaces.h:
14824 More to a less restrictive, ISC-style license.
14827 * find_path.c, getprogname.c:
14828 More to a less restrictive, ISC-style license.
14832 More to a less restrictive, ISC-style license.
14836 More to a less restrictive, ISC-style license.
14840 More to a less restrictive, ISC-style license.
14843 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
14845 More to a less restrictive, ISC-style license.
14848 * utime.c, version.h:
14849 More to a less restrictive, ISC-style license.
14852 * parse.lex, parse.yacc:
14853 More to a less restrictive, ISC-style license.
14857 More to a less restrictive, ISC-style license.
14860 2004-02-13 Aaron Spangler <aaron777@gmail.com>
14863 Merged in LDAP Support
14866 * ldap.c, sudo.c, sudo.h:
14867 Merged in LDAP Support
14870 * def_data.c, def_data.h, def_data.in:
14871 Merged in LDAP Support
14874 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
14875 Merged in LDAP Support
14878 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
14880 * sudo.h, sudo_noexec.c:
14881 Only do "extern int errno" if errno is not a macro.
14884 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
14887 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
14888 euid first, then just call setuid(0) to set the real uid too.
14892 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
14893 instead of seteuid() which may not exist.
14896 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
14902 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
14903 Add --with-pc-insults configure option
14907 Prefer VISUAL over EDITOR like old vipw did.
14910 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
14912 * sudo.man.in, sudoers.man.in:
14917 Add a note that noexec is not a cure-all.
14921 Mention that disabling "root_sudo" is pretty pointless.
14924 * configure, configure.in:
14925 Substitute for root_sudo in sudoers.pod
14929 Add sudoedit to the NAME section
14933 Document that fact that setting ignore_dot in sudoers has no effect
14934 due to the fact that find_path() is called *before* sudoers is read.
14937 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
14940 Do not require _PATH_USRTMP to be set.
14943 * BUGS, CHANGES, TODO:
14952 Clarify that when sudo is run by root with the SUDO_USER variable
14953 set, the sudoers lookup happens for root and not the SUDO_USER user.
14956 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
14958 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
14959 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
14960 Use the SET, CLR and ISSET macros.
14964 Use the SET, CLR and ISSET macros.
14967 * defaults.c, env.c:
14968 Use the SET, CLR and ISSET macros.
14972 MAIN was replaced with _SUDO_MAIN some time ago.
14976 Don't look at prev_user until after we've parsed sudoers and done
14977 the password check. That way, if sudo/sudoedit is run from a root
14978 process that was invoked by sudo, we check sudoers for root, not the
14979 previous user. This makes sudoedit much more useful and means that
14980 for the sudo case, we get correct logging on who actually ran the
14984 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
14987 Add a comment describing why we need to be notified about our child
14991 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
14993 * def_data.c, def_data.in:
14994 Update the noexec variable descriptions
14997 * sudoers.man.in, sudoers.pod:
14998 noexec now replaces more than just execve()
15002 Alas, all the world does not go through execve(2). Many systems
15003 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
15004 and it is not uncommon for libc to have underscore ('_') versions of
15005 the functions to be used internally by the library. Instead of
15006 stubbing all these out by hand, define a macro and let it do the
15007 work. Extra exec functions pointed out by Reznic Valery.
15010 * sudo.c, sudo_edit.c:
15011 Fix suspending the editor in -e mode. Because we do a fork() first
15012 we need to be notified when the child has been stopped and then send
15013 that same signal to ourself so the shell can do its job control
15018 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
15019 there that want to run sudo that still don't support these we can
15020 try to deal with that later.
15027 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
15028 Document sudo -e / sudoedit
15031 * configure, configure.in:
15035 * config.h.in, configure.in:
15039 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
15042 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
15043 long usage() line to not wrap (assumes 80 char display)
15046 * Makefile.in, sudo.c:
15047 If sudo is invoked as "sudoedit" the -e flag is implied and no other
15048 flags are permitted.
15052 Add a new flag, -e, that makes it possible to give users the ability
15053 to edit files with the editor of their choice as the invoking user,
15054 not the runas user. Temporary files are used for the actual edit
15055 and the temp file is copied over the original after the editor is
15059 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
15060 Add a new flag, -e, that makes it possible to give users the ability
15061 to edit files with the editor of their choice as the invoking user,
15062 not the runas user. Temporary files are used for the actual edit
15063 and the temp file is copied over the original after the editor is
15068 If real uid == 0 and the SUDO_USER environment variables is set, use
15069 that to determine the invoking user's true identity. That way the
15070 proper info gets logged by someone who has done "sudo su" but still
15071 uses sudo to as root. We can't do this for non-root users since
15072 that would open up a security hole, though perhaps it would be
15073 acceptable to use getlogin(2) on OSes where this a system call (and
15074 doesn't just look in the utmp file).
15078 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
15081 * config.h.in, configure, configure.in:
15082 Add check for fchown(2)
15085 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15088 Back out portions of the -i commit that set NewArgv[0] in
15089 set_runaspw. It is far to late to set NewArgv[0] there and will have
15090 no effect anyway as cmnd and safe_cmnd have already been set.
15093 * visudo.c, visudo.pod:
15094 Prefer VISUAL over EDITOR like old vipw did.
15097 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
15100 In -i mode always set new environment based on the runas user's
15104 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15106 * sudo.man.in, sudo.pod:
15107 Document the new -i flag and sync SYNOPSIS section with usage() in
15108 sudo.c. Also sort the flags in the OPTIONS section.
15112 o Add -i that acts similar to "su -", based on patches from David J.
15113 MacKenzie o Sort the flags in the usage message
15116 * sudoers.man.in, sudoers.pod:
15117 Add a missing @runas_default@ substitution.
15120 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15123 Change euid to runas user before calling find_path().
15124 Unfortunately, though runas_user can be modified in sudoers we
15125 haven't parsed sudoers yet.
15128 * sudoers.man.in, sudoers.pod:
15129 Add missing defintion of Parameter_List and use single pipes in the
15130 Defaults EBNF definition.
15134 Fix a bug when set_runaspw() is used as a callback. We don't want
15135 to reset the contents of runas_pw if the user specified a user via
15138 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
15139 already have the info in runas_pw.
15142 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
15145 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
15149 Update sudo_getepw() proto and add one for set_runaspw()
15153 If we can't stat the command as root, try as the runas user instead.
15156 * testsudoers.c, visudo.c:
15157 Add stub set_runaspw() function
15161 Add set_runaspw() function to fill in runas_pw. This will be used
15162 as a callback to update runas_pw when the runas user changes.
15166 PERM_RUNAS -> PERM_FULL_RUNAS
15169 * set_perms.c, sudo.h:
15170 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
15175 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
15176 one chunk for easy free()ing. Also change it from static to extern.
15179 * defaults.c, defaults.h:
15180 Add callback support
15184 Add a callback field and use it for runas_default
15187 * def_data.c, def_data.in:
15188 Add a callback field and use it for runas_default
15191 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
15194 Add support for chalnecho and display server responses used by fwtk
15198 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
15200 * sudoers.man.in, sudoers.pod:
15201 ld.so is ld.so.1 on solaris
15204 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
15205 Use closefrom() instead of doing the equivalent inline.
15209 closefrom(3) for systems w/o it
15212 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15215 Update from .pod file.
15218 * configure, configure.in:
15219 Substitute noexec_file for the sudoers man page
15222 * sudo.man.in, sudo.pod:
15226 * sudoers.man.in, sudoers.pod:
15230 * auth/pam.c, config.h.in, configure.in:
15231 Move PAM_CONST macro definition from config.h to pam.c where it
15232 belongs. We can't have this in config.h since that gets included too
15236 * auth/pam.c, config.h.in, configure, configure.in:
15237 Some PAM implementations put their headers in /usr/include/pam
15238 instead of /usr/include/security.
15242 I missed changing the EXEC macro -> EXECV here when I changed this
15243 in config.h.in and sudo.c a while ago.
15247 OpenBSD vax/m88k/hppa don't do shared libs
15250 * configure, configure.in:
15251 o merge the hpux case entries into a single entry w/ its own sub-
15252 case statement. o HP-UX >= 11 support getspnam(), use it in
15253 preference to getprpwuid()
15256 * configure, configure.in:
15257 eval $shrext so that it expands nicely on MacOS X
15261 Don't lie about making a module, it does the wrong thing on mach
15265 Remove requirement that libs must begin with "lib". They don't when
15266 we point directly at the lib using LD_PRELOAD or its equivalent.
15270 Disable support for c++, f77 and java. We don't need it, it takes a
15271 lot of time, and it hosed our check for shared lib support.
15279 Call AC_ENABLE_SHARED and check the status of enable_shared to know
15280 when shared libs are available.
15284 Duh, OpenBSD suports shared libs too
15287 * config.h.in, configure.in:
15288 Only OpenPAM and Linux PAM use const qualifiers.
15291 * configure, configure.in:
15292 o No need to check for sed, libtool config does that for us o move
15293 check for --with-noexec until after libtool magic is run so we can
15294 use $can_build_shared and $shrext
15298 Don't print a bunch of crap about library installs since we are not
15299 really installing a library.
15303 Make format_env() varargs Add noexec support for Darwin, MacOS X,
15307 * acsite.m4, ltconfig, ltmain.sh:
15308 Update to libtool 1.5 with local changes: o no ldconfig in the
15309 finish step o assume no libprefix or version is needed
15313 Fix compilation under K&R
15316 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
15323 stub execve() that just returns EACCES; used for noexec
15328 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15333 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15337 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
15339 * def_data.c, def_data.h, def_data.in:
15340 Move the environment defaults to the end and shorten a few of the
15344 * configure, configure.in:
15345 no shared libs on ultris or convexos
15348 * Makefile.in, configure, configure.in:
15349 Build sudo_noexec shared object using libtool; could use some
15353 * acsite.m4, ltconfig, ltmain.sh:
15354 libtool scaffolding
15357 * parse.yacc, sudo.tab.c:
15358 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
15362 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
15363 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
15364 update copyright year
15367 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
15368 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
15369 option. The default value of noexec_file is set to this.
15372 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
15373 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
15375 Add support for preloading a shared object containing a dummy
15376 execve() function that just sets error and returns -1. This adds a
15377 "noexec_file" option to load the filename as well as a "noexec" flag
15378 to enable it unconditionally. There is also a NOEXEC tag that can
15379 be attached to specific commands and an EXEC tag to disable it.
15383 add missing newline to usage statement
15386 * config.h.in, sudo.c:
15387 Rename EXEC macro -> EXECV
15391 Don't truncate usernames to 8 characters in the log message.
15394 * check.c, sudoers.man.in, sudoers.pod:
15395 Update copyright year
15398 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
15400 Add a new option, lecture_file, that can be used to point to a
15401 custom sudo lecture.
15404 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
15406 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15408 Add a zero_bytes() function to do the equivalent of bzero in such a
15409 way that will heopfully not be optimized away by sneaky compilers.
15413 Add a zero_bytes() function to do the equivalent of bzero in such a
15414 way that will heopfully not be optimized away by sneaky compilers.
15417 * Makefile.in, sudo.h:
15418 Add a zero_bytes() function to do the equivalent of bzero in such a
15419 way that will heopfully not be optimized away by sneaky compilers.
15423 Use #ifdef __STDC__, not #if __STDC__.
15426 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
15429 Always put at least one space between the def_* macro name and its
15433 * configure, configure.in:
15434 Adjust code for --without-lecture to match new values.
15438 regen after pasto fix
15441 * sudoers.man.in, sudoers.pod:
15442 Document that "lecture" has changed from a flag to a tuple.
15445 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
15446 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
15447 Add support for tuples in def_data.in; these are implemented as an
15448 enum type. Currently there is only a single tuple enum but in the
15449 future we may have one tuple enum per T_TUPLE entry in def_data.in.
15450 Currently listpw, verifypw and lecture are tuples. This avoids the
15451 need to have two entries (one ival, one str) for pwflags and syslog
15454 lecture is now a tuple with the following values: never, once,
15457 We no longer use both an int and string entry for syslog facilities
15458 and priorities. Instead, there are logfac2str() and logpri2str()
15459 functions that get used when we need to print the string values.
15462 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15463 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
15464 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
15465 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
15466 sudo.tab.c, visudo.c:
15467 Create def_* macros for each defaults value so we no longer need the
15468 def_{flag,ival,str,list,mode} macros (which have been removed). This
15469 is a step toward more flexible data types in def_data.in.
15476 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
15479 If we are in -k/-K mode, just spew to stderr. It is not unusual for
15480 users to place "sudo -k" in a .logout file which can cause sudo to
15481 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
15482 Previously, this would result in useless mail and logging.
15485 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
15488 fix pasto in VISUAL description
15491 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
15502 Some OSes (like Solaris) allow export w/ nosuid too
15505 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
15508 We don't use FD_ZERO anymore so just define FD_SET (if not already
15512 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
15515 Fix a core dump on Solaris by preserving the pam_handle_t we used
15516 during authentication for pam_prep_user(). If we didn't
15517 authenticate (ie: ticket still valid), we call pam_init() from
15518 pam_prep_user(). This is something of a hack; it may be better to
15519 change the auth API and add an auth_final() function that acts like
15523 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
15526 Add explicit declaration of printerr variable in function header
15527 (was defaulting to int which is OK but oh so K&R :-). From Theo.
15530 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
15532 * config.h.in, configure.in:
15533 s/HAVE_STOW/USE_STOW/
15537 Also exit waitpid() loop when pid == 0. Fixes a problem where the
15538 sudo process would spin eating up CPU until sendmail finished when
15539 it has to send mail.
15542 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
15545 Remove advertising clause, UCB has disavowed it
15549 Remove advertising clause, UCB has disavowed it
15552 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
15555 Don't assume that getgrnam() calls don't modify contents of struct
15556 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
15557 Based on a patch from Kirk Webb.
15560 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
15567 darwin has a broken setreuid() in at least some versions
15571 Fix an off by one error when reallocating the environment; Kevin Pye
15574 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
15577 Fix User_Spec definition; SEKINE Tatsuo
15580 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
15583 More info on the early days from Coggs.
15586 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
15589 remove errant semicolon that prevented compilation under heimdal
15592 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
15594 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
15595 add DARPA credit on affected files
15599 add DARPA credit on affected files
15602 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
15604 add DARPA credit on affected files
15608 add DARPA credit on affected files
15612 add DARPA credit on affected files
15615 * logging.c, parse.c:
15616 add DARPA credit on affected files
15619 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15620 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
15621 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
15623 add DARPA credit on affected files
15626 * auth/kerb5.c, auth/pam.c:
15627 add DARPA credit on affected files
15630 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
15631 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
15633 add DARPA credit on affected files
15637 add DARPA credit on affected files
15640 * defaults.c, defaults.h:
15641 add DARPA credit on affected files
15645 add DARPA credit on affected files
15648 * Makefile.in, alloc.c, check.c:
15649 add DARPA credit on affected files
15653 slightly different wording for the darpa credit
15656 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
15662 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
15665 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
15666 Kerberos like we did before I messed things up ;-)
15668 Use krb5_principal_get_comp_string() to do the same thing w/
15669 Heimdal. I'm not sure if the component should be 0 or 1 in this
15672 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
15673 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
15674 should be a configure check for this I guess.
15677 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
15680 builtin -> built-in; Jason McIntyre
15683 * TROUBLESHOOTING, config.h.in, configure, configure.in:
15684 builtin -> built-in; Jason McIntyre
15688 built in -> built-in; Jason McIntyre
15691 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
15694 checkpoint for 1.6.7p3
15698 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
15699 Amazingly, sudo source from 1985 is available via groups.google.com
15703 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
15704 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
15705 RLIMIT_CORE restoration on some OSes.
15708 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
15711 Make this compile on Heimdal and MIT Kerberos 5
15714 * config.h.in, configure, configure.in:
15715 Check for heimdal even if we found krb5-config and define
15720 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
15721 no longer defined by MIT kerb5 (though it used to be and indeed
15722 remains so in Heimdal).
15725 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
15728 Remove newer stuff that passes multiple (possibly duplicate)
15729 directories to "mkdir -p" since that seems to break on Tru64 Unix at
15730 least. This basically brings back what shipped with sudo 1.6.6.
15733 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
15736 Correct number of args to krb5_principal_get_realm() and fix an
15737 unclosed comment that hid the bug.
15764 * CHANGES, version.h:
15773 use krb5-config to determine Kerberos V details if it exists
15776 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
15777 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
15778 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
15779 testsudoers.c, visudo.c:
15780 Use warn/err and getprogname() throughout. The main exception is
15781 openlog(). Since the admin may be filtering logs based on the
15782 program name in the log files, hard code this to "sudo".
15786 Add getprogname.c and err.c
15793 * config.h.in, configure.in:
15794 Add checks for getprognam(), __progname and err.h
15798 For systems withour err/warn functions.
15802 For systems withour err/warn functions.
15806 For systems neither getprogname() nor __progname; uses Argv[0].
15809 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
15812 checkpoint for 1.6.7p1
15815 * sudo.c, testsudoers.c:
15816 fix strlcpy() rval check (innocuous)
15820 oflow detection in expand_prompt() was faulty (false positives). The
15821 count was based on strlcat() return value which includes the length
15822 of the entire string.
15825 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
15828 checkpoint for the sudo 1.6.7 release
15829 [096bab4da29a] [SUDO_1_6_7]
15832 checkpoint for the sudo 1.6.7 release
15835 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
15838 g/c unused variable
15846 use man sections 8 and 5 for csops
15849 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
15856 Add -lskey or -lopie directly to SUDO_LIBS instead of having
15857 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
15865 Add --with-blibpath for AIX. An alternate libpath may be specified
15867 -blibpath support can be disabled. Also change conifgure such that
15868 -blibpath is not specified if no -L libpaths were added to
15873 Add --with-blibpath for AIX. An alternate libpath may be specified
15875 -blibpath support can be disabled. Also change conifgure such that
15876 -blibpath is not specified if no -L libpaths were added to
15881 Add --with-blibpath for AIX. An alternate libpath may be specified
15883 -blibpath support can be disabled. Also change conifgure such that
15884 -blibpath is not specified if no -L libpaths were added to
15889 add AIX blibpath support
15892 * INSTALL, configure.in:
15893 --with-skey and --with-opie now take an option directory argument
15894 This obsoletes a --with-csops hack (/tools/cs/skey)
15896 Also remove the remaining direct uses of "echo"
15899 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
15902 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
15903 for KTH Kerberos IV and V.
15907 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
15908 -R/path/to/dir if $with_rpath) to the specified variable.
15911 * INSTALL, configure.in:
15912 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
15913 option, --with-rpath to control this behavior.
15917 for kerb4 put libdes after libkrb on the link line
15925 fix kerberos lib check when a path is specified
15929 Fix boolean thinko in SIGCHLD reaper and call reapchild after
15930 sending mail instead of doing a conditional sudo_waitpid.
15933 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15940 replace =DIR with [=DIR] where sensible
15944 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
15945 detection based on openssh's configure.in
15949 --with-kerb4 and --with-kerb5 now take an optional argument.
15952 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
15955 Kill remaining strcpy(), the programmer's guide says username is 32
15960 trat uid_t as unsigned long for printf and use snprintf, not sprintf
15967 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
15969 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
15970 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
15971 auth/rfc1938.c, auth/sudo_auth.c:
15972 update copyright year
15975 * sudo.man.in, sudoers.man.in, visudo.man.in:
15976 update copyright year
15979 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
15980 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
15981 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
15982 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
15983 update copyright year
15986 * check.c, env.c, sudo.c:
15987 Cast [ug]ids to unsigned long and printf with %lu
15995 correct error messages for --with-sudoers-{mode,uid,gid}
15999 make the malloc(0) error specific to each function to aid tracking
16004 deal with platforms where size_t is signed and there is no SIZE_MAX
16009 Make this compile w/ Heimdal and fix some gcc warnings.
16013 Use stat_sudoers macro so --with-stow can work
16016 * INSTALL, config.h.in, configure, configure.in:
16017 Add support for --with-stow based on patches from Robert Uhl
16033 use strlcpy, not strncpy
16037 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
16044 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
16046 * strlcat.c, strlcpy.c:
16047 Make gcc shutup about unused rcsid
16051 Move the n == 0 check for the non-getifaddrs cas
16055 skeychallenge() on NetBSD take a size parameter
16063 put -ldl after -lpam, not before; fixes static linking on Linux
16067 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
16071 * sudo.cat, sudoers.cat, visudo.cat:
16075 * sudo.man.in, sudoers.man.in, visudo.man.in:
16080 Preserve copyright notice from .pod file in .man.in file
16084 Add sudoers(5) to SEE ALSO
16087 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
16094 Don't assume libc can realloc() a NULL string. If malloc/realloc
16095 fails, make sure we just return; yyerror() is not terminal.
16103 simplify fill_args a little and use strlcpy for paranoia
16110 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
16112 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
16113 cases the strings were either pre-allocated to the correct size of
16114 length checks were done before the copy but a little paranoia can go
16119 Add strlc{at,py} protos
16122 * env.c, interfaces.c:
16131 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
16132 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
16136 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
16141 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
16144 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16147 Use snprintf() for paranoia
16151 Use emalloc2 and erealloc3
16155 strlc{at,py} for those w/o it
16158 * strlcat.c, strlcpy.c:
16159 stlc{at,py} for those w/o it.
16162 * config.h.in, configure, configure.in:
16163 Add stlc{at,py} for those w/o it.
16167 Add erealloc3(), a realloc() version of emalloc2().
16170 * interfaces.c, sudo.c:
16171 Use emalloc2() to allocate N things of a certain size.
16175 Add emalloc2() -- like calloc() but w/o the bzero and with
16176 error/oflow checking.
16180 Error out on malloc(0); suggested by theo
16183 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
16185 * configure, configure.in:
16186 fix a typo; David Krause
16189 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
16195 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
16198 Remove DYLD_ from the environment for MacOS X; from bbraun
16201 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
16203 * config.h.in, configure.in:
16204 not not; Anil Madhavapeddy
16207 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16209 * sudo.pod, sudoers.pod, visudo.pod:
16210 typos; jmc@openbsd.org
16213 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16216 Add some missing ';' rule terminators that bison warns about.
16220 fix typo I introduced in last merge
16224 regenerate with autoconf 2.57
16228 Add missing "$HOME"
16232 Add some more square backets to make autoconf 2.57 happy
16235 * config.sub, mkinstalldirs:
16236 Updates from autoconf-2.57
16240 Updates from autoconf-2.57
16243 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16249 * lex.yy.c, sudo.tab.c:
16253 * parse.lex, parse.yacc, sudoers.pod:
16254 Add support for Defaults>RunasUser
16257 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
16260 fclose() yyin after each yyparse() is done and use fopen() instead
16261 of using freopen().
16265 Better fix for sudoers files w/o a newline before EOF. It looks
16266 like the issue is that yyrestart() does not reset the start
16267 condition to INITIAL which is an issue since we parse sudoers
16271 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16274 Work around what appears to be a flex bug when dealing with files
16275 that lack a final newline before EOF. This adds a rule to match EOF
16276 in the non-initial states which resets the state to INITIAL and
16281 o The parser needs sudoers to end with a newline but some editors
16282 (emacs) may not add one. Check for a missing newline at EOF and
16283 add one if needed. o Set quiet flag during initial sudoers parse (to
16284 get options) o Move yyrestart() call and always use freopen() to
16285 open yyin after initial sudoers parse.
16288 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
16291 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
16292 effective gid, not real gid, when reading sudoers.
16296 don't compile set_perms_posix if we have setreuid or setresuid
16299 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
16301 * sudo.pod, sudoers.pod:
16302 document new prompt escapes
16306 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
16307 collapsed to "%" as was originally intended. This also gets rid of
16308 lastchar (does lookahead instead of lookback) which should simplify
16309 the logic slightly.
16312 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
16315 Write the prompt *after* turning off echo to avoid some password
16316 characters being echoed on heavily-loaded machines with fast
16321 Add support for mipseb; wiz@danbala.tuwien.ac.at
16325 Fix IRIX fallout from name changes in man dir/sect Makefile
16326 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
16330 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
16331 the global copy. Problem noted by Peter Pentchev.
16334 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
16341 Add missing yyerror() calls; YYERROR does not seem to call this for
16345 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
16348 fix typo in comment; Pedro Bastos
16351 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
16354 document --disable-setresuid
16357 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
16359 Sprinkle some volatile qualifiers to prevent over-enthusiastic
16360 optimizers from removing memset() calls.
16363 * logging.c, parse.yacc:
16364 minor sign fixes pointed out by gcc -Wsign-compare
16367 * set_perms.c, sudo.c, sudo.h:
16368 Revamp set_perms. We now use a version based on setresuid() or
16369 setreuid() when possible since that allows us to support the
16370 stay_setuid option and we always know exactly what the semantics
16371 will be (various Linux kernels have broken POSIX saved uid support).
16374 * config.h.in, configure:
16375 regen from configure.in
16379 Add checks for setresuid() and a way to disable using it
16383 No long need to emulate set*[ug]id() via setres[ug]id() or
16384 setre[ug]id(). The new set_perms stuff only uses things it knows are
16389 Before exec, restore state of signal handlers to be the same as when
16390 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
16391 a problem when using sudo with nohup. Based on a patch from Paul
16396 o timestamp_uid should be uid_t, not int o clarify error message
16397 when sudo is run by root and no_root_sudo is set
16400 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16403 update ftp link for bison
16406 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
16409 Error out if setusercontext() fails and the runas user is not root.
16412 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
16419 Fix SecurID API test
16422 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
16429 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
16430 but I don't see a better way at the moment.
16433 * Makefile.in, auth/securid5.c:
16434 SecurID API version 5 support from Michael Stroucken
16438 Add check for SecurID 5.0 API
16441 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
16444 We actually do still need config.h to get the 'const' definition for
16448 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
16451 regen with autoconf 2.5.3
16455 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
16459 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
16460 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
16463 * env.c, sudo.c, sudo.h:
16464 No need for dump_badenv() now that dump_defaults() knows how to dump
16468 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
16474 document timestampowner
16478 Don't call set_perms() when doing timestamp stuff unless
16479 timestamp_uid != 0.
16482 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
16483 sudo.h, testsudoers.c:
16484 g/c second arg to set_perms--it is no longer used
16487 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
16489 * check.c, set_perms.c, sudo.c, sudo.h:
16490 Add support for non-root timestamp dirs. This allows the timestamp
16491 dir to be shared via NFS (though this is not recommended).
16494 * def_data.c, def_data.h, def_data.in:
16495 Add timestampowner, "Owner of the authentication timestamp dir"
16498 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
16501 Don't try to pre-compute the size of the new envp, just allocate
16502 space up front and realloc as needed. Changes to the new env
16503 pointer must all be made through insert_env() which now keeps track
16504 of spaced used and allocates as needed.
16507 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
16514 Fix two typo/pastos; from jrj@purdue.edu
16517 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
16519 * INSTALL.binary, README:
16521 [a1e33027278c] [SUDO_1_6_6]
16523 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
16524 visudo.cat, visudo.man.in:
16528 * CHANGES, RUNSON, TODO:
16533 The the loop used to expand %h and %u, the lastchar variable was not
16534 being initialized. This means that if the last char in the prompt
16535 is '%' and the first char is 'h' or 'u' a extra copy of the host or
16536 user name would be copied, for which space had not been allocated.
16539 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
16541 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
16542 crank version to 1.6.6
16546 #undef VOID to get rid of an AFS warning
16550 Use easprintf instead of emalloc + sprintf for some things.
16553 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
16555 * lex.yy.c, sudo.tab.c:
16559 * parse.c, parse.lex, parse.yacc, testsudoers.c:
16560 Remove Chris Jepeway's email address so people don't bug him ;-)
16563 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16566 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
16567 endgrent() at the same time.
16570 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
16573 Make it clear which configure options take arguments.
16576 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
16579 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
16580 RLIM_INFINITY, just pretend it is -1. This works because we only
16581 check for RLIM_INFINITY and do not set anything to that value.
16584 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
16587 Zero and free allocated memory when there is a conversation error.
16591 Use sigaction() not signal()
16595 Mention that some linux kernels have broken POSIX saved ID support
16599 checkpoint for 1.6.5p2
16607 Add --disable-setreuid flag
16611 Document new --disable-setreuid option and change description for
16612 --disable-saved-ids to match new error message.
16616 fatal() now takes an argument that determines whether or not to call
16621 Update for new error messages from set_perms()
16625 Update for new error messages from set_perms()
16628 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16631 Make this compile w/o warnings
16635 Mention that we can't use pam_acct_mgmt()
16638 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
16639 The user's password was not zeroed after use when AIX
16640 authentication, BSD authentication, FWTK or PAM was in use.
16643 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16646 Avoid giving PAM a NULL password response, use the empty string
16647 instead. This avoids a log warning when the user hits ^C at the
16648 password prompt when PAM is in use.
16652 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
16653 pam_setcred() returns the last saved return code, not the return
16654 code for the setcred module. Because we haven't called
16655 pam_authenticate(), this is not set and so pam_setcred() returns
16660 Don't need a '/' between $(DESTDIR) and a directory.
16664 Don't need a '/' between $(DESTDIR) and a directory.
16667 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
16674 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
16675 setreuid() o new NetBSD has a real setreuid() o add check for
16676 freeifaddrs() if getifaddrs() exists.
16679 * config.h.in, interfaces.c:
16680 Older BSDi releases lack freeifaddrs() so add a test for that and if
16681 it is not present just use free().
16684 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16687 Checkpoint for 1.6.5p1
16691 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
16692 to normal passwords, not AUTH_FATAL (which just causes an exit).
16696 Don't use memory after it has been freed.
16700 skeyaccess() wants a struct passwd * not a char *; Patch from
16702 [65a1d3806fcd] [SUDO_1_6_5]
16708 * CHANGES, RUNSON, TODO:
16709 checkpoint for sudo 1.6.5
16712 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
16718 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
16722 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16728 o when invoking the mailer as root use a hard-coded environment that
16729 doesn't include any info from the user's environment. Basically
16732 o Add support for the NO_ROOT_MAILER compile-time option and run the
16733 mailer as the user and not root if NO_ROOT_MAILER is defined.
16736 * set_perms.c, sudo.h:
16737 Bring back PERM_FULL_USER
16748 * INSTALL, config.h.in, configure.in:
16749 Add --disable-root-mailer option to run the mailer as the user and
16754 checkpoint for 1.6.4p2
16758 Mention the "seteuid(0): Operation not permitted" problem here too
16759 just for good measure.
16762 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
16764 * env.c, getspwuid.c, sudo.c:
16765 The SHELL environment variable was preserved from the user's
16766 environment instead of being reset based on the passwd database when
16767 the "env_reset" option was used. Now it is reset as it should be.
16774 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
16776 Add a configure option to turn off use of POSIX saved IDs
16784 add --with-efence option
16788 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
16789 "sudo -l" would not work if always_set_home was set.
16797 Quoted commas were not being treated correctly in command line
16802 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
16803 Otherwise, the set_home option has no effect.
16805 o Fix use of freed memory when the "fqdn" flag is set. This was
16806 introduced by the fix for the "segv when gethostbynam() fails" bug.
16807 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
16808 there is no need to check the "fqdn" flag in set_fqdn() itself.
16812 Add 'continue' statements to optimize the switch statement. From
16816 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
16818 * sudoers.cat, sudoers.man.in:
16819 Regen from new sudoers.pod
16820 [6ecc07b3d0e1] [SUDO_1_6_4]
16823 Add caveat about stay_setuid flag
16827 If set_perms == set_perms_posix and the stay_setuid flag is not set,
16828 set all uids to 0 and use set_perms_fallback().
16831 * set_perms.c, sudo.h:
16832 Remove PERM_FULL_USER (which is no longer used) and add
16833 PERM_FULL_ROOT (used when exec'ing the mailer).
16837 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
16838 never want to run the mailer setuid.
16841 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
16843 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
16845 Use sudo.ws instead of courtesan.com in URLs
16848 * Makefile.binary, Makefile.in:
16849 Fix mansect substitution
16853 Substitute man sections in Makefile.binary
16857 Sync install targets with Makefile.in and substitute in man
16861 * INSTALL, INSTALL.binary:
16866 Repair bindist target
16873 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
16876 Fix case where neither whoami nor id are found
16879 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
16882 If neither whoami nor id exists, just assume we are root.
16886 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
16887 on AIX which for some reason isn't pulling in the malloc prototype.
16890 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
16892 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
16901 Defer assigning new environment until right before the exec.
16905 kill extra blank line
16908 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
16915 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
16916 compiler doesn't recognise -O2.
16920 Clarify origins of Root Group sudo a bit based on info from
16921 billp@rootgroup.com
16924 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
16931 checkpoint for 1.6.4rc1
16934 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
16937 now generated via autoheader
16945 Move in some stuff that was previously in config.h.
16948 * aclocal.m4, configure.in:
16949 Add info for autoheader.
16952 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
16955 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
16956 -g to facilitate non-root installs
16960 Add -M option (like -m but only for root) If we can't find "whoami",
16961 use "id" w/ some sed.
16969 allow user to always override mansectsu and mansectform
16972 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
16975 update from autoconf 2.52
16978 * config.guess, config.sub:
16979 Update from autoconf 2.52
16983 regen with autoconf 2.52
16987 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
16988 mode o Remove compiler-specific checks for HP-UX now that we use
16997 o Add pam_prep_user function to call pam_setcred() for the target
16998 user; on Linux this often sets resource limits. o When calling
16999 pam_end(), try to convert the auth->result to a PAM_FOO value.
17000 This is a hack--we really need to stash the last PAM_FOO value
17001 received and use that instead.
17004 * set_perms.c, sudo.h:
17005 o Add pam_prep_user function to call pam_setcred() for the target
17006 user; on Linux this often sets resource limits.
17010 Fix off by one error in number of bytes allocated via malloc (does
17011 not affected any released version of sudo).
17014 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
17021 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
17022 requiring that they be quoted.
17025 * sudoers.cat, sudoers.man.in, sudoers.pod:
17026 Mention that no double quotes are needed when
17027 adding/deleting/assigning a single value to a list.
17031 Don't rely on mkdefaults being executable, call perl explicitly.
17039 Remove some XXX that are no longer relevant.
17043 o Roll our own loop instead of using strpbrk() for better
17044 grokability o When adding to a list we must malloc() and use
17045 memcpy(), not strdup() since we must only copy len bytes from str.
17048 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17058 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
17069 avoid the -g flag unless --with-devel was specified
17073 mkdefaults, def_data.in and sigaction.c were missing from the
17078 def_data.c was missing
17081 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
17084 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
17085 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
17093 Add comment for Default section so folks know where it should go.
17096 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
17099 Use TCSETAF, not TCSETA to set terminal in termio case
17102 * sudoers.cat, sudoers.man.in:
17103 regen from sudoers.pod
17107 o Typo, Runas_User_List should be Runas_List o a User_List can not
17108 contain a uid o mention that the Defaults section should come after
17109 Alias definitions but before the user specifications
17112 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
17114 * sudoers.cat, sudoers.man.in:
17119 Fix listpw and verifypw sections, they were not being formatted
17123 * sudoers.cat, sudoers.man.in:
17135 * config.h.in, configure.in:
17136 use AC_SYS_POSIX_TERMIOS instead of rolling our own
17140 Reference sudo.ws not courtesan.com
17144 Add notes on shadow passwords
17148 In list mode (sudo -l), characters escaped with a backslash are
17149 shown verbatim with the backslash.
17153 Add simple examples from OpenBSD (Marc Espie)
17157 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
17161 minor prettyification
17169 Fix CIDR handling here too.
17173 Apparently a NULL response is OK
17177 Checkpoint for upcoming beta release
17181 Many people believe that adding a runas spec should obviate the need
17182 for the -u flag. It does not.
17186 checkpoint update for upcoming 1.6.4 beta
17190 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
17191 if HAVE_STRING_H is defined -- this is safe now
17195 Add signals section
17203 Fix check for sigaction_t
17207 XXX - should call find_path() as runas user, not root. Can't do
17208 that until the parser changes though.
17212 If find_path() fails as root, try again as the invoking user (useful
17213 for NFS). Idea from Chip Capelik.
17216 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
17217 Regenerate after pod file changes
17220 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
17221 sudo.pod, sudoers.pod:
17222 Add new sudoers option "preserve_groups". Previously sudo would not
17223 call initgroups() if the target user was root. Now it always calls
17224 initgroups() unless the -P command line option or the
17225 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
17228 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
17230 * compat.h, config.h.in:
17231 Use new HAVE_SIGACTION_T define
17235 Fix compilation on K&C
17243 Add check for sigaction_t -- IRIX already defines this so don't
17252 need stdlib.h here too
17260 Remove redundant checks for string.h, strings.h and unistd.h
17263 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17265 Regen from pod files
17272 * configure, lex.yy.c, sudo.tab.c:
17277 Return EINVAL if errnum > sys_nerr
17280 * auth/sudo_auth.h:
17281 o Update copyright year
17284 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
17285 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
17287 o Update copyright year
17291 o Don't define STDC_HEADERS unconditionally for IRIX o Update
17299 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
17300 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
17301 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
17302 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
17303 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
17305 o Reorder some headers and use STDC_HEADERS define properly o Update
17310 o Reorder some headers and use STDC_HEADERS define properly o Update
17314 * getspwuid.c, goodpath.c, interfaces.c:
17315 o Reorder some headers and use STDC_HEADERS define properly o Update
17320 o Reorder some headers and use STDC_HEADERS define properly o Update
17324 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
17326 o Reorder some headers and use STDC_HEADERS define properly o Update
17335 flags set in signal handlers should be volatile sig_atomic_t
17338 * config.h.in, configure.in:
17339 Add checks for volatile and sig_atomic_t
17342 * configure, lex.yy.c:
17346 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
17347 sudo.c, sudoers.pod:
17348 Remove "secure_path" Defaults option since it cannot work with the
17352 * find_path.c, sudo.c:
17353 Unset "secure_path" if user_is_exempt()
17356 * env.c, pathnames.h.in:
17357 o Remove assumption that PATH and TERM are not listed in env_keep o
17358 If no PATH is in the environment use a default value o If TERM is
17359 not set in the non-reset case also give it a default value.
17362 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
17363 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
17364 systems that define in paths.h
17367 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
17368 Add support for skeyaccess(3) if it is present in libskey.
17371 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
17374 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
17378 '\\' is a perfectly legal character to have in a command line
17383 o Defer call to set_fqdn() until it is safe to use log_error() o
17384 Don't print errno string value if gethostbyname fails, it is not
17389 Fix CIDR -> in_addr_t conversion.
17392 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
17395 Remove an extra "User_List" in the User_Spec definition From
17396 ybertrand AT snoopymail.com
17400 Make 'listpw=never' work for users who are not explicitly mentioned
17405 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
17409 Document new list Defaults type and convert env_keep and env_delete
17410 to lists. Document new env_check option.
17413 * lex.yy.c, sudo.tab.c, sudo.tab.h:
17418 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
17427 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
17430 * config.h.in, configure.in:
17431 Add check for skeyaccess(3)
17435 Document new -c, -f, and -q options
17439 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
17446 * aclocal.m4, config.h.in, configure.in:
17447 Add check for isblank and a replacement macro if it doesn't exist.
17450 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
17453 In check-only mode, don't create sudoers if it does not already
17458 o Add a new token, DEFVAR, to indicate a Defaults variable name o
17459 Add support for "+=" and "-=" list operators o replace some 1 and 0
17460 with TRUE and FALSE for greater legibility.
17464 o Use exclusive start conditions to remove some ambiguity in the
17465 lexer. Also reorder some things for clarity. o Add support for
17466 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
17467 a Defaults variable name.
17471 Prototype init_envtables()
17475 o Convert environment handling to use lists instead of strings.
17476 This greatly simplifies routines that need to do "foreach" type
17477 operations. o Add new init_envtables() function to set env_check
17478 and env_delete defaults based on initial_badenv_table and
17479 initial_checkenv_table (formerly sudo_badenv_table).
17482 * defaults.c, defaults.h:
17483 o Add a new LIST type and functions to manipulate it. o This is for
17484 use with environment handling variables. o Call new
17485 init_envtables() routine inside init_defaults() to initialize the
17489 * def_data.c, def_data.h, def_data.in:
17490 Convert environment options to use the new LIST type and add a new
17491 one, env_check that only deletes if the sanity check fails.
17495 Add dummy version of init_envtables()
17503 Add check-only mode
17507 Fix generation of entries with NULL descriptions.
17510 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
17513 Use sigaction_t and quiet a gcc warning.
17517 Must reset signal handlers before we exec
17520 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
17522 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
17523 version needs testing. Set SIGTSTP to SIG_DFL during password entry
17524 so user can suspend us.
17528 Add support for interrupting/suspending tgetpass via keyboard input.
17529 If you suspend sudo from the password prompt and resume it will re-
17534 Don't block keyboard interrupt signals, just set them to SIG_IGN.
17537 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
17540 add back HAVE_SIGACTION
17547 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
17548 Kill POSIX_SIGNALS define and old signal support now that we emulate
17549 POSIX ones Also be sure to correctly initialize struct sigaction.
17553 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
17557 Add scaffolding for POSIX signal emulation
17561 o Add missing ';' so this compiles o Can't use NULL since we don't
17566 Emulate sigaction() using sigvec()
17569 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
17572 Document new behavior of negative values of timestamp_timeout Fix a
17577 Add security note about command not being logged after 'sudo su' and
17582 Mention that -V prints default values when run as root, including
17583 the list of environment variables to clear.
17587 Run pod2man with --quotes=none to avoid stupid quoting of C<>
17591 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17593 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
17594 Add mail_badpass option Also modify mail_always behavior to also
17595 send mail when the password is wrong
17598 * env.c, sudo.c, sudo.h:
17599 Dump default bad env table when 'sudo -V' is run by root.
17603 document env_delete
17607 Add support for '*' in env_keep when not resetting the environment
17608 (ie: the normal case).
17612 Add env_delete variable that lets the user replace/add to the
17613 bad_env_table. Allow '*' wildcard in env_keep entries.
17616 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
17619 Force umask to 022 to guarantee sane directory permissions.
17622 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
17625 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
17629 fix breakage in last commit
17633 acsite.m4 -> aclocal.m4
17637 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
17641 regenerated from def_data.in
17644 * check.c, defaults.c, defaults.h:
17645 Add new T_UINT type that most things use instead of T_INT If
17646 timestamp_timeout is < 0 then treat the ticket as never expiring (to
17647 be expired manually by the user).
17651 change most T_INT -> T_UINT
17655 fix warning when no args
17659 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
17660 we are a signal handler. We no longer print the signal number but
17661 the user can just check the exit value for that.
17664 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
17667 when setting up pipes in child process check for case where stdin ==
17671 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
17674 Ignore editor exit value since XPG4 says vi's exit value is the
17675 count of editing errors made (failed searches, etc).
17678 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
17685 sco now is identified by config.guess as *-sco-*
17689 Check for getspnam() in -lgen if not in -lc for UnixWare.
17692 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
17694 * sudoers.pod, visudo.pod:
17695 "upper case" -> "uppercase"
17699 fix typos and grammar; pjanzen@foatdi.harvard.edu
17702 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
17705 Missing word (specify); krapht@secureops.com
17708 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
17711 If we fail to lookup a login class, apply the default one.
17715 In log_error() free message, not logline unconditionally, then free
17716 logline if it is not the same as message. No function change but
17717 this mirrors how they are allocated.
17720 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
17727 remove some backslash quotes that are unneeded
17731 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
17732 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
17733 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
17734 to AC_DEFINE things manually.
17737 * config.guess, config.sub:
17738 Updated from autoconf-2.50
17741 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
17744 Update mailing list section. We use mailman now, not majordomo.
17747 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
17749 * getspwuid.c, logging.c, sudo.c:
17750 Use setpwent()/endpwent() + all the shadow variants to make sure we
17751 don't inadvertantly leak an fd to the child. Apparently Linux's
17752 shadow routines leave the fd open even if you don't call setspent().
17753 Reported by mike@gistnet.com; different patch used.
17756 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
17763 select() may return EAGAIN. If so, continue like we do for EINTR.
17767 Fix a non-exploitable buffer overflow in the word splitting code.
17768 This should really be rewritten.
17776 Tell people to look in sample.syslog.conf for examples, not FAQ
17780 Update list of env vars that are cleared
17784 remove struct env_table decl since that stuff has all moved to env.c
17787 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
17790 Fix a pasto in flock-style unlocking and include <sys/file.h> for
17791 flock on older systems; twetzel@gwdg.de
17795 regen to get NeXT lockf/flock fix
17799 force NeXT to use flock since lockf is broken
17802 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
17805 Use stashed user_gid when checking against exempt gid since sudo
17806 sets its gid to a a value that makes sudoers readable. Previously
17807 if you used gid 0 as the exempt group everyone would be exempt. From
17808 Paul Kranenburg <pk@cs.few.eur.nl>
17811 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
17818 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
17819 some types (such as ssize_t) therein.
17822 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
17825 Fix negation of paths in a boolean context. Problem found by
17829 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
17835 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
17838 SA_RESETHAND means the opposite of what I was thinking--oops To
17839 block all signals in old-style signals use ~0, not 0xffffffff
17842 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
17845 coerce difference of pointers to int when used in a string length
17846 printf format; deraadt@openbsd.org
17849 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17852 Block all signals in Exit() to avoid a signal race. There is still
17853 a tiny window but I'm not going to worry about it.
17856 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
17859 glibc uses the LANGUAGE env var so clear that too; Solar Designer
17863 Regenerate with a fix to flex.skl that preserves errno from
17864 clobbering by isatty().
17867 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
17869 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
17870 auth/sia.c, auth/sudo_auth.c:
17871 Some defaults I_ defines got renamed.
17874 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
17875 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
17876 set_perms.c, sudo.c, sudo.tab.c:
17877 Move defaults info into its own files from which we generate .h and
17878 .c files. This makes adding or rearranging variables much simpler.
17881 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
17883 * configure, configure.in:
17884 fix typo in last commit
17887 * compat.h, config.h.in, configure, configure.in:
17888 Add check + emulation for setegid (like seteuid).
17892 Make env_keep override badenv_table as documented Fix traversal of
17893 badenv_table (broken in last commit)
17896 * set_perms.c, sudo.c, sudo.h:
17897 Don't try and build saved uid version of set_perms on systems w/o
17898 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
17899 set_perms_setreuid simply be set_perms_fallback() and simply include
17900 the appropriate function at compile time (setreuid() vs. setuid()).
17903 * sudoers.cat, sudoers.man.in, sudoers.pod:
17904 PATH is also preserved when env_reset is in effect
17907 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
17908 configure.in, defaults.c, defaults.h, env.c, find_path.c,
17909 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
17910 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
17911 visudo.c, visudo.cat, visudo.man.in:
17912 New Defaults options: o stay_setuid - sudo will remain setuid if
17913 system has saved uids or setreuid(2) o env_reset - reset the
17914 environment to a sane default o env_keep - preserve environment
17915 variables that would otherwise be cleared
17917 No longer use getenv/putenv/setenv functions--do environment munging
17918 by hand. Potentially dangerous environment variables can be cleared
17919 only if they contain '/' pr '%' characters to protect buggy
17920 programs. Moved environment routines into env.c (new file)
17924 Clear up --without-passwd description
17927 * putenv.c, sudo_setenv.c:
17928 We now build up a new environment from scratch and assign it to
17932 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
17934 * sudo.pod, visudo.pod:
17935 Grammatical fixes from Paul Janzen
17938 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
17941 If there was a syntax error and the user just wants to quit, unlink
17942 sudoers if it is zero length.
17946 'Q' means ignore parse error, not 'q'
17950 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
17954 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
17957 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
17960 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
17962 * config.guess, config.sub:
17963 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
17966 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
17968 * sudo.c, visudo.c:
17969 Use exit(127), not exit(-1)
17972 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
17973 Move set_perms() to its own file and use POSIX saved uid or
17974 setreuid() if available.
17976 Added stay_setuid option for systems that have libraries that
17977 perform extra paranoia checks in system libraries for setuid
17978 programs (ie: anything with issetugid(2)).
17982 strip more bits from the environment and add a facility for
17983 stripping things only if they contain '/' or '%' to address printf
17984 format string vulnerabilities in other programs.
17987 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
17994 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
18003 Check for strcasecmp(3) in -lc89 for NCR Unix
18006 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
18009 Define HAVE_INNETGR #ifdef HAVE__INNETGR
18016 * compat.h, config.h.in, configure.in:
18017 Add check for _innetgr(3) since NCR systems have that instead of
18021 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
18024 check return value of creadcfg() call sd_close() after sd_auth()
18025 store username in sd->username so we don't rely on the USER env
18029 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
18032 document --with-bsdauth
18040 --with-bsdauth assumes --with-logincap
18043 * auth/bsdauth.c, auth/fwtk.c:
18044 When prompting for a response to a challenge, if the user just hits
18045 return then reprompt with echo turned on.
18048 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
18051 Remove debugging code that should not have been committed, oops.
18055 Use lower-level routines and get the password ourselves. Checks for
18056 a challenge and if there is one echo is not turned off.
18059 * auth/pam.c, auth/sudo_auth.h:
18060 minor housekeeping, no real code changes
18063 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
18066 Fix a coredump in the logging functions if gethostname(2) fails by
18067 deferring the call to log_error() until things are better setup.
18069 Fix return value of set_loginclass() in non-BSD-auth case.
18071 Hard-code 'sudo' in the usage message so we can fit more options on
18076 Fix errant ';' (typo) that broken MSG_ONLY
18079 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
18081 * sudo.cat, sudo.man.in:
18089 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
18090 configure, configure.in, getspwuid.c, sudo.c:
18091 Add support for BSD authentication.
18094 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
18097 Fix typo; from sato@complex.eng.hokudai.ac.jp
18100 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
18103 Mention negating umask
18107 Allow user to specify umask of 0777 (same as !umask)
18110 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
18112 * sudo.pod, visudo.pod:
18113 Fix a typo and give a URL for the sudo history.
18116 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
18118 * defaults.c, sudo.pod:
18119 fix typos; pepper@reppep.com
18122 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
18124 * sudo.c, sudo.h, sudo_setenv.c:
18125 sudo_setenv() now exits on memory alloc failure instead of returning
18129 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
18132 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
18133 and possibly others.
18137 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
18138 that "%m" won't be expanded but we don't use that anyway since the
18139 logging routines may splat to stderr as well.
18142 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
18144 Add always_set_home variable
18147 * configure, configure.in:
18148 Have to hard code default values in help since the defaults are set
18149 _after_ the help stuff.
18152 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
18154 * lex.yy.c, parse.lex:
18155 Allow special characters (including '#') to be embedded in pathnames
18156 if quoted by a '\\'. The quoted chars will be dealt with by
18157 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
18160 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
18163 Better path searching for programs we need.
18167 Add section on "C compiler cannot create executables" errors.
18170 * Makefile.binary, Makefile.in, version.h:
18174 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
18175 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
18176 visudo.man.in, visudo.pod:
18177 Substitute values from configure into man pages.
18180 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
18183 The listpw and verifypw sudoers options would not take effect
18184 because the value of the default was checked *before* sudoers was
18185 parsed. Instead of passing in the value of PWCHECK_* to
18186 sudoers_lookup(), pass in the arg for def_ival() so the check can be
18187 deferred until after sudoers is parsed.
18190 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
18193 When writing prompt, no need to write the NUL as well;
18197 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18200 When looking for chown, check in /sbin too
18203 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
18206 Remove extraneous call to init_defaults() and set runas_user to NULL
18207 betweem parses so init_defaults will reset it each time, thus
18208 avoiding a reference to free()d data.
18211 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
18213 * config.h.in, interfaces.c, interfaces.h, sudo.c:
18214 Add support for using getifaddrs() to get the list of ip addr /
18215 netmask pairs. Currently IPv4-only.
18219 Add a missing check for UserEditor == NULL Add missing '+' before
18220 line number when invoking editor to fix a syntax error
18223 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
18226 Call clean_env very early in main() for paranoia's sake. Idea from
18230 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18233 Update proto for evasprintf and easprintf
18237 Make easprintf() and evasprintf() return an int.
18241 If the targetpw flag is set, use target username as part of the
18242 timestamp path. If tty tickets are in effect cat the tty and the
18243 target username with a ':' as the separator.
18246 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
18249 Backout part of last change; setting PAM_USER to the invoking user
18250 breaks things like targetpw.
18254 set tty and username via pam_set_item
18257 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
18258 Fix root, runas, and target authentication for non-passwd file auth
18262 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
18264 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18265 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18266 Use B<-Z> not C<-Z> for command line flags in all places. This is
18267 more consistent and works around a bug in Pod::Man.
18270 * sudoers.cat, sudoers.man.in, sudoers.pod:
18271 Fix an occurence of 'semicolon' that should be 'colon'
18274 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
18276 * configure, configure.in:
18277 Fix --with-badpri help line
18280 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
18282 * defaults.c, logging.c, sudo.c:
18283 Bracket calls to syslog with an openlog() and closelog() since some
18284 authentication methods (like PAM) may do their own logging via
18285 syslog. Since we don't use syslog much (usually just once per
18286 session) this doesn't really incur a performance penalty. It also
18287 Fixes a SEGV with pam_kafs.
18290 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
18293 Fix -H flag. runas_homedir is only valid after
18294 set_perms(PERM_RUNAS, mode)
18297 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
18300 Clarify the fact that insults are not enabled just by including them
18304 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
18306 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18308 Regenerated with perl 5.6.0 pod2man
18312 Give date string to pod2man since its default is ugly and it ain't
18317 Do section substitution on the output of pod2man and remove hack
18318 needed for old pod2man.
18321 * sudo.pod, sudoers.pod, visudo.pod:
18322 Put back real man sections, we will do the substitution later.
18325 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18327 * configure, configure.in:
18328 Don't bother checking for the path to vi if user specified --with-
18332 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
18334 * CHANGES, visudo.c:
18335 Visudo now does its own fork/exec instead of calling system(3).
18338 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
18339 sudoers.pod, visudo.c:
18340 Visudo now checks for the existence of an editor and gives a
18341 sensible error if it does not exist.
18343 The path to the editor for visudo is now a colon-separated list of
18344 allowable editors. If the user has $EDITOR set and it matches one
18345 of the allowed editors that editor will be used. If not, the first
18346 editor in the list that actually exists is used.
18349 * sudo.cat, sudo.man.in, sudo.pod:
18350 Clear up confusion wrt sudo's return value.
18353 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
18356 Strip sudo and visudo for bindist target
18359 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18360 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18361 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
18362 [5eb9e60a726f] [SUDO_1_6_3]
18364 * visudo.cat, visudo.man.in, visudo.pod:
18365 Typo: @sysconf@ -> @sysconfdir@
18369 'make dist' should not cause any files to be modified so remove its
18374 Whoops, forgot to add release marker
18377 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
18380 Final change for 1.6.3 (or so I hope)
18383 * sudo.cat, sudoers.cat, visudo.cat:
18384 Use SYSV man sections since BSD systems will have nroff...
18387 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
18389 * parse.yacc, sudo.tab.c:
18390 When checking to see if the host/user matches in a defaults spec,
18391 check against TRUE, not just non-zero since it might be -1.
18394 * configure, configure.in:
18395 OSF/1 puts file formats in section 4, not 5.
18398 * CHANGES, INSTALL, sudo.c:
18399 Make login class support work on BSD/OS
18406 * configure, configure.in:
18407 If there is no inet_addr but there *is* an __inet_addr that's ok
18408 since inet_addr is probably just a macro then. The better thing to
18409 do would be to look for the macro, but this is fine for now.
18412 * configure, configure.in:
18413 Don't use shlicc for BSD/OS 4.x
18416 * Makefile.in, configure, configure.in:
18417 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
18418 configure variable so we can deal with this. Also, only remove *.man
18419 for 'distclean' not 'clean'.
18423 set_loginclass() should be static like the proto says
18426 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
18429 Add #ifdef __STDC__ around the rangematch function header to avoid
18430 promotion of test to int, thus violating the prototype. Gcc handles
18431 this gracefully but more std ANSI compilers will complain.
18435 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
18438 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
18439 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
18440 FNM_CASEFOLD in configure
18447 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
18448 Fully qualified hosts w/ wildcards were not matching the FQHOST
18449 token type. There's really no need for a separate token for fully-
18450 qualified vs. unqualified anymore so FQHOST is now history and
18451 hostname_matches now decides which hostname (short or long) to check
18452 based on whether or not the pattern contains a '.'.
18456 Fully qualified hosts w/ wildcards were not matching the FQHOST
18457 token type. There's really no need for a separate token for fully-
18458 qualified vs. unqualified anymore so FQHOST is now history and
18459 hostname_matches now decides which hostname (short or long) to check
18460 based on whether or not the pattern contains a '.'.
18463 * lex.yy.c, parse.c, parse.lex, parse.yacc:
18464 Fully qualified hosts w/ wildcards were not matching the FQHOST
18465 token type. There's really no need for a separate token for fully-
18466 qualified vs. unqualified anymore so FQHOST is now history and
18467 hostname_matches now decides which hostname (short or long) to check
18468 based on whether or not the pattern contains a '.'.
18471 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
18472 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
18473 Add support for wildcards in the hostname.
18477 Add targets for *.man.in, using config.status to generate *.man from
18481 * sudoers.cat, sudoers.man.in, sudoers.pod:
18482 Document set_logname option and enbolden refs to sudo and visudo.
18485 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
18486 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
18487 visudo.cat, visudo.man.in, visudo.pod:
18488 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
18489 from Michael D. Marchionna. configure now does substitution on the
18490 man pages, allowing us to fix up the paths and set the section
18491 correctly. Based on an idea from Michael D. Marchionna.
18495 Better fix for handling HP-UX aging info.
18499 Add support for set_logname run-time default
18502 * sudo.man.in, sudoers.man.in, visudo.man.in:
18503 configure does substitution on these to produce *.man
18506 * sudo.man, sudoers.man, visudo.man:
18507 These files now get generated from *.man.in at configure time.
18510 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
18512 * defaults.c, defaults.h:
18513 Add set_logname option so users can turn off setting of LOGNAME/USER
18514 environment variables.
18517 * lsearch.c, parse.c, testsudoers.c:
18521 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
18524 HP-UX adds extra info at the end for password aging so when
18525 comparing the result of crypt to pw_passwd we only compare the first
18526 len(epass) bytes *unless* the user entered an empty string for a
18531 Get rid of grandchild hack, it was causing problems and there is
18532 really no need for it. This fixes a bug where we spin eating up CPU
18533 when the user runs a long-running process like a shell.
18536 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
18539 User can always specify a login class if he/she is already root.
18542 * config.h.in, configure, configure.in, defaults.c, defaults.h,
18544 FreeBSD login class (login.conf) support.
18547 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
18549 * auth/sudo_auth.c:
18550 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
18553 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
18556 Truncate unencrypted password to 8 chars if encrypted password is
18557 exactly 13 characters (indicateing standard a DES password). Many
18558 versions of crypt() do this for you, but not all (like HP-UX's).
18561 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18564 Mention that gcc on dynix may have problems
18567 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
18570 Link visudo with NET_LIBS since we now call syslog via defaults.c
18574 Use Argv[0] as the first arg to openlog() since visudo uses this
18578 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
18581 Stash coredumpsize resource limit and retsore it before the exec()
18582 Otherwise the child ends up with a coredumpsize of 0.
18585 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
18587 * sudo.cat, sudo.man, sudo.pod:
18595 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
18596 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
18597 Added -S flag (read passwd from stdin) and tgetpass_flags global
18598 that holds flags to be passed in to tgetpass(). Change echo_off
18599 param to tgetpass() into a flags field. There are currently 2
18600 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
18601 tgetpass(), abstract the echo set/clear via macros and if (flags &
18602 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
18606 Fixed a bug that caused an infinite loop when the password timeout
18610 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
18612 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
18613 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
18614 Add rootpw, runaspw, and targetpw options.
18617 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
18619 enveditor -> env_editor
18622 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
18624 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
18625 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
18627 crank versino to 1.6.3
18630 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
18631 sudoers.pod, visudo.c:
18632 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
18633 them. This means that visudo will now parse the sudoers file
18634 *before* it is edited so a bogus sudoers file will cause a warning
18635 to go to stderr. Also, visudo checks the variables once--it does not
18636 check them after each editor run since that could be confusing.
18639 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
18645 * check.c, sudo.c, sudo.h:
18646 Move user_is_exempt prototype into sudo.h
18649 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
18651 * configure, configure.in:
18652 Fix thinko, some && should have been || in the last commit
18655 * configure, configure.in:
18656 Don't initialized Makefile variables to be NULL since the user may
18657 want to import variables from their environment.
18660 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
18662 * configure, configure.in:
18666 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
18669 fix a yacc (skeleton.c) warning
18672 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
18674 * INSTALL, RUNSON, configure, configure.in:
18675 Make pam work on HP-UX 11.0;jaearick@colby.edu
18679 recent changes; prepare for 1.6.2p1
18683 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
18686 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
18689 Regen with yacc that has a memory leak plugged.
18692 * sudoers.cat, sudoers.man, sudoers.pod:
18693 Expanded docs on sudoers 'defaults' options based on INSTALL file
18698 Fix some while lies
18701 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
18704 When making a bindist, link FAQ to TROUBLESHOOTING instead of
18708 * sudoers.cat, sudoers.man, sudoers.pod:
18709 Add netgroup caveat
18710 [28d119f466e3] [SUDO_1_6_2]
18713 Last minute updates
18729 Better detection of PAM errors and fix custom prompts with PAM.
18730 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
18733 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
18736 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
18740 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
18742 * CHANGES, config.h.in, configure, configure.in, visudo.c:
18743 Fix sudoers locking in visudo. We now lock the sudoers file itself,
18744 not the temp file (since locking the temp file can foul up editors).
18745 The previous locking scheme didn't work because the fd was closed
18749 * config.h.in, configure, configure.in:
18750 Don't need test for ftruncate() any more.
18753 * configure, configure.in:
18754 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
18755 the unbundled HP-UX cc.
18758 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
18760 * sudoers.cat, sudoers.man, sudoers.pod:
18761 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
18764 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
18766 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
18767 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
18768 version.h, visudo.c:
18769 update copyright year on changed files
18781 Crank version to 1.6.2
18785 Crank version to 1.6.2
18789 When using rlimit check for RLIM_INFINITY When computing the value
18790 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
18797 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
18798 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
18799 Crank version to 1.6.2
18802 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
18803 Add 'shell_noargs' runtime option back in. We have to defer
18804 checking until after the sudoers file has been parsed but since
18805 there are now other options that operate that way this one can too.
18806 Based on a patch from bguillory@email.com.
18809 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
18810 Add "listpw" and "verifypw" options.
18813 * sudoers.cat, sudoers.man, sudoers.pod:
18814 o Fix some typos/omissions o Add section on verifypw and listpw o
18815 Define how NOPASSWD interacts with the -v and -l flags
18818 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
18820 * configure, configure.in:
18821 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
18822 -D_HPUX_SOURCE to CPPFLAGS.
18825 * defaults.c, defaults.h:
18826 In struct sudo_defs_types, move the union to the end and don't
18827 initialize the union member since that only works with an ANSI
18828 compiler. We set the value of the union by hand in init_defaults()
18829 anyway. This allows sudo to compile on a K&R compiler again.
18832 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
18834 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
18835 netgr_matches needs to check shost as well as host since they may be
18840 End on \r as well as \n
18843 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
18846 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
18847 from 0400 to whatever SUDOERS_MODE is (converting from the old
18848 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
18849 0400 which should always be the case.
18852 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
18853 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
18854 w/o a passwd if there is *any* entry for the user on the host with a
18855 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
18856 the user on the host w/ the specified runas user have the NOPASSWD
18864 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
18867 Treat EOF at whatnow prompt like 'x' instead of looping.
18870 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
18874 [5836a9452568] [SUDO_1_6_1]
18876 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
18878 * config.h.in, configure, configure.in, sudo.c:
18879 Add check for initgroups() since old SYSV lacks this.
18882 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
18883 parse.c, testsudoers.c:
18884 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
18888 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
18890 * auth/sudo_auth.c:
18891 Don't allow insults to be enabled if the insults[] array is empty.
18892 Otherwise there would be division by zero.
18896 Don't allow insults to be enabled if the insults[] array is empty.
18897 Otherwise there would be division by zero.
18901 Don't allow insults to be enabled if the insults[] array is empty.
18902 Otherwise there would be division by zero.
18906 Don't care about USE_INSULTS #define since the insult stuff may be
18907 overridden at runtime.
18910 * auth/sudo_auth.c:
18911 Honor insults flag.
18914 * CHANGES, parse.c:
18915 Don't ask the user for a password if the user is not allowed to run
18916 the command and the authenticate flag (in sudoers) is false.
18919 * CHANGES, RUNSON, lex.yy.c, parse.lex:
18920 o Whenever we get a bare newline we change to the INITIAL state. o
18921 Enter GOTRUNAS when we see Runas_Alias
18923 This allows #uid to work in a RunasAlias.
18926 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
18928 * CHANGES, parse.yacc, sudo.tab.c:
18929 fix parsing of runas lists: o oprunasuser and runaslist now return a
18930 value o in a runasspec, if a runaslist does not return TRUE, set
18931 runas_matches to FALSE. Normally, a runaslist only returns FALSE
18932 for explicitly denied users. o since runaslist does not modify the
18933 stack there is no need for a push/pop in runasalias.
18937 Don't kill the user's tickets until after sudoers has been parsed
18938 since tty_tickets and ticket_dir could be set in sudoers.
18941 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
18942 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
18943 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
18944 crank version to 1.6
18948 add set_fqdn() stub
18951 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
18953 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
18954 sudoers.man, sudoers.pod, visudo.c:
18955 o Kill shell_noargs option, it cannot work since the command needs
18956 to be set before sudoers is parsed. o Fix the "set_home" sudoers
18957 option (only worked at compile time). o Fix "fqdn" sudoers option.
18958 We now set host/shost via set_fqdn which gets called when the
18959 "fqdn" option is set in sudoers. o Move the openlog() to
18960 store_syslogfac() so this gets overridden correctly from the
18965 SecurID support should compile now.
18968 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
18970 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
18971 visudo.man, visudo.pod:
18972 fix some syntactic goofs
18975 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
18977 * Makefile.in, sudo.html, sudoers.html, visudo.html:
18978 No longer need the .html files as they are generated automatically
18982 * CHANGES, LICENSE:
18983 kill characters that made wml unhappy
18990 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
18993 majordomo@cs.colorado.edu -> majordomo@courtesan.com
18996 * Makefile.in, configure:
18997 Wrap script execution w/ /bin/sh for the benefit of ctm
19000 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19003 Make the -s flag be exclusive too. Also reorder the flags in the
19004 exclusive usage message so they are alphabetical.
19007 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19010 make pam errors other than PAM_PERM_DENIED fatal
19018 make it clear that /etc/pam.d/sudo is required on linux
19022 fix a warning on redhat and spew an error if pam_authenticate()
19023 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
19026 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19027 Be very clear that the password required is the user's not root's
19030 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
19033 add sample.syslog.conf to DISTFILES and BINFILES
19036 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
19039 updates from Brian Jackson + some formatting
19042 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
19044 * INSTALL.binary, Makefile.binary, README, RUNSON:
19045 o One RUNSon update o Changes for automating real binary releases
19052 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
19055 talk about run-time options in addition to compile-time options
19056 [1eb813ff0a9a] [SUDO_1_6_0]
19063 need sys/time.h if HAVE_SETRLIMIT
19066 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
19067 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
19068 get rid of references to sudo-bugs. Now mention the web site or the
19073 repair pod2html damage
19077 Update for 1.6 release
19080 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19081 Add warning about using ALL in a command context.
19084 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
19087 Call yyrestart() on a parse error to reset the lexer state.
19090 * lex.yy.c, parse.lex:
19091 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
19092 since it might not get called in yywrap if we get a parse error
19093 (and we only reread the file on error anyway).
19096 * lex.yy.c, parse.lex:
19097 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
19098 might still exist. Call yyrestart() instead of using the deprecated
19102 * lex.yy.c, parse.lex:
19103 flex doesn't need %N table size declarations
19106 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19107 Mention what characters need to be escaped in names.
19110 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
19117 clarify Mac OS X entry
19125 o Use AC_MSG_ERROR throughout o Check syslog configure options for
19129 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
19132 Fix printing of type T_MODE in dump_defaults()
19136 missing sys/types.h
19140 Break out options that may be overridden at run time into their own
19141 section. Add a not about Max OS X and correct some lies.
19144 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
19146 * CHANGES, config.h.in, configure, configure.in, sudo.c:
19147 o Now use getrlimit to find the highest fd when closing all non-std
19148 fd's o Turn off core dumps via setrlimit for the sake of paranoia
19155 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
19162 When read()'ing, do a single character at a time to be sure we don't
19163 go oast the newline.
19167 For the sudo_root option, check against user_uid, not getuid() since
19168 at this point, ruid == euid == 0.
19176 Fix compilation problem when --with-logging=file was specified.
19177 This means that syslog is now required to build sudo but that should
19178 not be a problem. If it is it can be fixed trivially with a
19179 configure check for syslog() or syslog.h.
19183 Make this work again for things like "sudo echo hi | more" where the
19184 tty gets put into character at a time mode. We read until we read
19185 end of line or we run out of space (similar to fgets(3)).
19188 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
19190 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19191 change ital to bold
19198 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
19201 Error out if syslog parameters are given without a value. For
19202 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
19203 no facilities in the 4.2BSD syslog.
19206 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
19209 Ignore the syslog facility for systems w/ old syslog like Ultrix.
19213 people with "." early in their path can have problems running sudo
19214 from the build dir ;-)
19217 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
19219 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19220 Remove -r realm option
19223 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
19224 configure.in, sudo.c:
19225 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
19232 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
19235 include <auth.h> to get function prototypes.
19238 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19242 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
19245 in set_perms(), always call setuid(0) before changing the ruid/euid
19246 so we always know it will succeed.
19250 #undef T_FOO to avoid conflicts with system defines (like on
19254 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
19256 Docuement "Defaults" lines in /etc/sudoers. Still needs some
19257 fleshing out but this is a start.
19260 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
19262 * use strtol, not strtoul since not everyone has not strtoul
19266 use strtol, not strtoul since not everyone has not strtoul
19269 * lex.yy.c, parse.lex:
19270 last {WORD} rule should only apply in the INITIAL state
19273 * lex.yy.c, parse.lex:
19274 o Add support for escaped characters in the WORD macro o Modify
19275 fill() to squash escape chars
19278 * defaults.c, defaults.h:
19279 o Add T_PATH flag to allow simple sanity checks for default values
19280 that are supposed to be pathnames. o Fix a duplicate free when
19281 visudo finds an error.
19284 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
19286 * defaults.c, defaults.h, logging.c:
19287 mail_if_foo -> mail_foo
19290 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
19292 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
19293 o Add requiretty option o Move O_NOCTTY to compat.h
19297 The exit() in log_error() was mistakenly removed in a previous
19298 version. Put it back...
19301 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
19303 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
19304 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
19305 configure, configure.in, defaults.c, defaults.h, find_path.c,
19306 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
19307 o Change defaults stuff to put the value right in the struct. o
19308 Implement mailer_flags o Store syslog stuff both in int and string
19309 form. Setting the string form magically updates the int version.
19310 o Add boolean attribute to strings where it makes sense to say !foo
19314 add O_NOCTTY when opening /dev/tty just in case
19317 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
19320 cleanup function no longer takes a status arg
19327 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
19329 * TODO, config.h.in, configure, configure.in, logging.c:
19330 Use strftime() instead of ctime() if it is available.
19333 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
19340 update ReliantUNIX entry
19343 * defaults.c, defaults.h, logging.c:
19344 add log_year option
19347 * configure, configure.in:
19348 add --without-sendmail to help output
19351 * configure, configure.in:
19352 enforce an otctal arg for --with-suoders-mode
19355 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
19357 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
19358 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
19359 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
19360 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
19361 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
19362 testsudoers.c, version.c, visudo.c:
19363 Add support for "Defaults" line in sudoers to make configuration
19364 variables changable at runtime (and on a global, per-host and per-
19365 user basis). Both the names and the internal representation are
19366 still subject to change. It was necessary to make sudo_user.runas
19367 but a char ** instead of a char * since this value can be changed by
19368 a Defaults line. There is a similar (but more complicated) issue
19369 with sudo_user.prompt but it is handled differently at the moment.
19371 Add a "-L" flag to list the name of options with their descriptions.
19372 This may only be temporary.
19374 Move some prototypes to parse.h
19376 Be much less restrictive on what is allowed for a username.
19379 * sample.syslog.conf:
19383 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
19385 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
19387 UCB has dropped the advertising clause from their license.
19390 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
19392 * auth/sudo_auth.h:
19393 move dce_verofy proto to correct section
19400 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
19403 Add fnmatch() prototype
19406 * fnmatch.c, parse.c, testsudoers.c:
19407 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
19411 add strcasecmp proto
19414 * auth/sudo_auth.c:
19415 add check for case where there are no auth methods
19418 * configure, configure.in:
19419 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
19423 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
19424 include strings.h everywhere we include string.h
19428 nicer output when showing auth methods
19432 Add support for SEND_MAIL_WHEN_NO_HOST
19435 * config.h.in, configure, configure.in:
19436 Add _GNU_SOURCE for Linux
19439 * lex.yy.c, parse.lex:
19440 fix definition of OCTECT
19443 * configure, configure.in:
19444 aix_auth.o not authenticate.o
19447 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
19450 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
19451 keyboard). Since we run with ruid/euid == 0 the user can't really
19452 signal us in nasty ways.
19456 Don't need to worry about catching too many signals since we do
19457 locking on the tmp file. If a lockfile is really stale, it will be
19458 detected and overwritten.
19461 * INSTALL, Makefile.in:
19462 include auth/API in tarball
19465 * auth/sudo_auth.c:
19466 move memset() of plaintext pw outside of verify loop and only do the
19467 memset if we are *not* in standalone mode.
19470 * auth/sudo_auth.c, auth/sudo_auth.h:
19471 DCE is not a standalone method
19475 fix --enable-noargs-shell
19479 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
19482 * auth/fwtk.c, auth/sia.c:
19483 _cleanup() function returns an int.
19487 there were still some return(0)'s hanging around, make them
19496 add missing semicolon
19499 * auth/sudo_auth.h:
19503 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
19505 * CHANGES, config.h.in, configure, configure.in:
19506 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
19510 add parse.h to HDRS
19513 * Makefile.in, configure, configure.in:
19514 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
19515 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
19516 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
19517 testsudoers to build on Solaris and is a bit cleaner in general.
19521 mention ptmp -> sudoers.tmp
19524 * config.h.in, configure, configure.in:
19525 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
19533 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
19534 return a value more like a system function
19546 update based on what is in the man page
19549 * parse.yacc, sudo.tab.c:
19550 minor change to first line printed in -l mode
19553 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19554 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19555 standard and add "EXAMPLES" section
19558 * visudo.cat, visudo.html, visudo.man, visudo.pod:
19559 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19563 * logging.c, parse.c, sudo.h:
19567 * lex.yy.c, parse.lex:
19568 make an OCTET really be limited to 0-255
19572 mention timestamp changes
19579 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19580 new sudoers(8) man page
19583 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
19586 Update comments about syslog name tables
19589 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
19590 strcasecmp.c, sudo.tab.c:
19591 include strcasecmp() for those without it
19595 Use the : operator some more and fix a typo
19599 update the history of sudo
19602 * parse.c, parse.lex, testsudoers.c:
19603 CIDR-style netmask support
19610 * sudo.tab.c, sudo.tab.h:
19611 these should be generated with byacc, not bison
19618 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
19619 In "sudo -l" mode, the type of the stored (expanded) alias was not
19620 stored with the contents. This could lead to incorrect output if
19621 the sudoers file had different alias types with the same name.
19622 Normal parsing (ie: not in '-l' mode) is unaffected.
19625 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
19627 * configure, configure.in:
19628 define _XOPEN_SOURCE to get at crypt() proto on some systems
19631 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
19638 don't need limits.h
19642 kill bogus reference to vfprintf
19645 * sample.sudoers, sudoers:
19650 Add some const in the K&R defs. This is safe since we define const
19651 away if the compiler doesn't grok it.
19654 * aclocal.m4, configure:
19655 Better test for working long long support. Ultrix compiler supports
19656 basic long long but not all operations on them.
19659 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
19660 snprintf.c, sudo.c:
19661 Add check for LONG_IS_QUAD #undef MAXINT before including
19662 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
19663 in snprintf.c and use LONG_IS_QUAD
19666 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
19668 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
19670 UCB-derived snprintf + asprintf support. Supports quads if the
19671 compiler does. No floating point yet, perhaps later...
19674 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
19676 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
19677 goodpath.c, logging.c, parse.c, sudo.c:
19678 Run most of the code as root, not the invoking user. It doesn't
19679 really gain us anything to run as the user since an attacker can
19680 just have an setuid(0) in their egg. Running as root solves
19681 potential problems wrt signalling.
19688 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
19690 * logging.c, sudo.c:
19691 Don't wait for child to finish in log_error(), let the signal
19692 handler get it if we are still running, else let init reap it for
19693 us. The extra time it takes to wait lets the user know that mail is
19696 Install SIGCHLD handler in main() and for POSIX signals, block
19701 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
19702 parse.yacc, sudo.c, sudo.h:
19703 sudoers_lookup() now returns a bitmap instead of an int. This makes
19704 it possible to express things like "failed to validate because user
19705 not listed for this host". Some thigns that were previously
19706 VALIDATE_FOO are now FLAG_FOO. This may change later on.
19708 Reorganized code in log_auth() and sudo.c to deal with above
19711 Safer versions of push/pushcp with in the do { ... } while (0) style
19713 parse.yacc now saves info on the stack to allow parse.c to determine
19714 if a user was listed, but not for the host he/she tried to run on.
19716 Added --with-mail-if-no-host option
19719 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
19721 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
19722 visudo.man, visudo.pod:
19723 o NewArgv and NewArgc don't need to be externally visible. o If
19724 pedantic > 1, it is a parse error. o Add -s (strict) option to
19725 visudo which sets pedantic to 2.
19728 * HISTORY, INSTALL:
19729 Just have sudo-bugs contact info in one place
19732 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19736 * Makefile.in, configure, configure.in:
19737 Add testsudoers to default build target if --with-devel Don't clean
19738 generated parser files unless "distclean".
19741 * parse.yacc, sudo.tab.c:
19742 In pedantic mode we need to save *all* the aliases, not just those
19743 that match, or we get spurious warnings.
19747 reference samples.sylog.conf
19750 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
19752 * sample.syslog.conf:
19753 Sample entries for syslog.conf
19760 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
19761 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
19762 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
19763 auth/sudo_auth.c, auth/sudo_auth.h:
19764 In struct sudo_auth, turn need_root and configured into flags and
19765 add a flag to specify an auth method is running alone (the only
19766 one). Pass auth methods their sudo_auth pointer, not the data
19767 pointer. This allows us to get at the flags and tell if we are the
19768 only auth method. That, in turn, allows the method to be able to
19769 decide what should/should not be a fatal error. Currently only
19770 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
19771 define and te hackery that went with it. With access to the
19772 sudo_auth struct, methods can also get at a string holding their
19773 cannonical name (useful in error messages).
19776 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
19777 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
19779 o --with-otp deprecated, use --without-passwd instead o real
19780 dependencies in the Makefile o --with-devel option to enable yacc,
19781 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
19782 back to being a token, not a string but don't leak memory o rename
19783 hsotspec -> host in parse.yacc
19786 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
19792 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
19794 o Digital UNIX needs to check for *snprintf() before -ldb is added
19795 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
19796 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
19797 functions in snprintf.c to fix -Wall o Add missing includes to fix
19801 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
19802 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
19804 o Add a "pedentic" flag to the parser. This makes sudo warn in
19805 cases where an alias may be used before it is defined. Only turned
19806 on for visudo and testsudoers. o Add --disable-authentication option
19807 that makes sudo not require authentication by default. The PASSWD
19808 tag can be used to require authentication for an entry. We no
19809 longer overload --without-passwd.
19812 * lex.yy.c, parse.lex:
19813 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
19814 username can contain just about anything so be very permissive. Also
19815 drop the unused \. punctuation.
19818 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
19820 * parse.yacc, sudo.tab.c:
19821 o add a 'val' element to aliasinfo struct and move -> parse.h o
19822 find_alias() now returns an aliasinfo * instead of boolean o
19823 add_alias() now takes a value parameter to store in the
19824 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
19825 return: 1) positive match 0) negative match (due to '!')
19826 -1) no match This means setting $$ explicitly in all cases, which I
19827 should have done in the first place. It also means that we always
19828 store a value that is != -1 and when we see a '!' we can set
19829 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
19830 now works the way it should in lists and some of the rules are more
19831 uniform and sensible.
19835 add parse.h dependency
19839 kill unused *_matched macros
19843 Allow a list of users as the first thing in a user spec, not just a
19844 single entry. This makes things more uniform, though it does allow
19845 you to write user specs that are hard to read.
19857 fix check for crypt() in libufc
19860 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
19863 sudo-users list now exists
19866 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
19870 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
19871 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
19872 version.c, visudo.c:
19873 o Move lock_file() and touch() into fileops.c so visudo can use them
19874 o Visudo now locks the sudoers temp file instead of bailing when the
19875 temp file already exists. This fixes the problem of stale temp
19876 files but it does *require* that you not try to put the temp file in
19877 a world-writable directory. This shoud not be an issue as the temp
19878 file should live in the same dir as sudoers. o Visudo now only
19879 installs the temp file as sudoers if it changed.
19882 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
19888 * config.h.in, configure, configure.in, logging.c:
19892 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
19893 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
19894 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
19895 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
19896 -> _PATH_SUDOERS_TMP
19899 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
19901 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
19902 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
19903 root sudo -V config reporting
19906 * configure, configure.in:
19907 aix_auth.o not authenticate.o
19911 Add --with-goodpri and --with-badpri configure options to specify
19912 the syslog priority to use.
19915 * INSTALL, configure, configure.in, logging.h:
19916 Add --with-goodpri and --with-badpri configure options to specify
19917 the syslog priority to use.
19921 kill crufty AIX stuff
19925 Sigh, some versions of make (like Solaris's) don't deal with $< like
19926 I would expect. Both GNU and BSD makes get this right but... So, we
19927 just expand $< inline at the cost of some ugliness.
19931 If the invoking user is root, sudo will now print configure info in
19932 -V mode. Currently just prints logging info, to be expanded later.
19935 * logging.c, logging.h, sudo.c, sudo.h:
19936 o new defines for syslog facility and priority o use new
19937 print_version() functino for -V mode
19941 Don't need version.c
19944 * aclocal.m4, config.h.in, configure, configure.in:
19945 Add check for syslog facilities and priorities tables in syslog.h
19949 o authenticate -> aix_auth o add version.c
19952 * auth/sudo_auth.c:
19953 Missed a prompt -> user_prompt conversion
19956 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
19959 sudo should lock its logfile
19962 * parse.yacc, sudo.tab.c:
19963 o Add '!' correctly when expanding Aliases. o Add shortcut macros
19964 for append() to make things more readable. o The separator in
19965 append() is now a string instead of a char. o In append(), only
19966 prepend the separator if the last char is not a '!'. This is a
19967 hack but it greatly simplifies '!' handling. o In -l mode, Runas
19968 lists and NOPASSWD/PASSWD tags are now inherited across entries in
19969 a list (matches current behavior). o Fix formatting in -l mode such
19970 that items in a list are separated by a space. Greatlt improves
19971 readability. o Space for name field in struct aliasinfo is now
19972 allocated dyanically instead of using a (big) buffer. o In
19973 add_alias(), only search the list once (lsearch instead of lfind +
19977 * lex.yy.c, sudo.tab.c, sudo.tab.h:
19981 * configure, configure.in:
19982 Solais pam doesn't require anye xtra setup
19986 o Simpler '!' support now that the lexer deals with multiple !'s for
19987 us. o In the case of opFOO, have FOO give a boolean return value and
19988 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
19989 it gets fill()'d in parse.lex--fixes a small memory leak. In the
19990 long run it may be better to just fix parse.lex and make ALL back
19991 into a token. However, having it be a string is useful since it
19992 can be easily passed back to the parent rule if we so desire.
19996 o Remove some unnecessary backslashes o collapse multiple !'s by
19997 using !+ and checking if yyleng is even or odd. this allows us to
19998 simplify ! handling in parse.yacc
20002 -u flag was being ignored
20005 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
20012 work around pod2man stupididy
20016 correct dependencies for .cat
20019 * sudo.cat, sudo.man, visudo.cat, visudo.man:
20023 * sudo.pod, visudo.pod:
20024 Add copyright Update to reality
20027 * parse.c, sudo.c, sudo.h:
20028 rename validate() to the more descriptive sudoers_lookup()
20035 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20041 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
20042 configure, configure.in, sudo.c:
20047 add 4th term to license similar to term 5 in the apache license
20050 * emul/search.h, emul/utime.h:
20051 add 4th term to license similar to term 5 in the apache license
20054 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
20055 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
20056 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
20057 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
20058 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
20059 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
20060 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
20062 add 4th term to license similar to term 5 in the apache license
20065 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
20066 add 4th term to license similar to term 5 in the apache license
20069 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
20070 getspwuid.c, goodpath.c:
20071 add 4th term to license similar to term 5 in the apache license
20074 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
20075 insults.h, logging.c, sudo.c, sudo.h:
20076 there was a 1995 release too
20079 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
20086 Use dirs instead of files for timestamp. This allows tty and non-
20087 tty schemes to coexist reasonably. Note, however, that when you
20088 update a tty ticket, the mtime on the user dir gets updated as well.
20091 * configure, configure.in:
20092 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
20093 when linking test program, not just -lprot. Also add check for
20094 getspnam(). The SCO docs indicate that /etc/shadow can be used but
20098 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
20101 first cut at auth API description
20104 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
20106 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
20107 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
20109 auth API change. There is now an init method that gets run before
20110 the main loop. This allows auth routines to differentiate between
20111 initialization that happens once vs. setup that needs to run each
20112 time through the loop.
20115 * auth/kerb5.c, logging.c:
20116 use easprintf() and evasprintf()
20120 add easprintf() and evasprintf(), error checking versions of
20121 asprintf() and vasprintf()
20125 remove 2 items. One done, one won't do.
20128 * lex.yy.c, sudo.tab.c:
20132 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
20133 visudo.html, visudo.man:
20142 o Document -K flag and update meaning of -k flag. o BSD-style
20143 copyright o Document clearing of BIND resolver environment variables
20144 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
20145 if your OS gives away files
20153 BSD-style copyright
20157 o BSD copyright o no need to block signals, we now do that in main()
20161 * testsudoers.c, visudo.c:
20162 o BSD-style copyright o Use "struct sudo_user" instead of old
20163 globals. o some cometic cleanup
20167 BSD-style copyright
20171 o BSD copyright o logging and parser bits moved to their own .h
20172 files o new "struct sudo_user" to encapsulate many of the old
20177 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
20178 logging routines o simplified flow of control o BIND resolver
20179 additions to badenv_table
20183 BSD-style copyright
20187 Now compiles on more K&R compilers
20191 BSD-style copyright, cosmetic changes
20195 BSD-style copyright
20198 * parse.c, parse.h, parse.lex, parse.yacc:
20199 BSD-style copyright. Move parser-specific defines and structs into
20200 parse.h + other cosmetic changes
20204 defines for logging routines
20207 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
20208 BSD-style copyright, cosmetic changes
20211 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20213 BSD-style copyright
20217 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
20218 kill --disable-tgetpass o add --without-passwd o changes to fill in
20219 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
20220 v?asprintf() o replace --with-AuthSRV with --with-fwtk
20224 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
20225 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
20226 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
20230 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
20234 BSD-style copyright
20238 no more --with-getpass
20242 Take out things I've done...
20250 --with-getpass no longer exists
20254 BSD-style copyright. Update to reflect reality wrt new files and
20259 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
20264 Update history a bit
20267 * COPYING, LICENSE:
20268 Now distributed under a BSD-style license
20271 * auth/sudo_auth.c:
20272 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
20273 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
20277 * auth/pam.c, auth/sia.c:
20278 BSD-style copyright and use new log functions
20282 o BSD-style copyright o Use new log functiongs o Use asprintf() and
20283 snprintf() where sensible.
20287 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
20288 done more reasonably--better sanity checks and tty-based stamps are
20289 now done as files in a directory with the same name as the invoking
20290 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
20291 to mix tty and non-tty based ticket schemes but this may change in
20292 the future (it requires sudo to use a directory instead of a file in
20293 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
20294 the epoch and ``sudo -K'' really deletes the file. That way you
20295 don't get the lecture again just because you killed your ticket in
20296 .logout. BSD-style copyright now.
20300 o rewritten logging routines. log_error() now takes printf-style
20301 varargs and log_auth() for the return value of validate(). o BSD-
20305 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
20306 superceded by new auth API
20310 BSD-style copyright
20314 Use snprintf() where it makes sense and add a BSD-style copyright
20317 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
20318 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
20319 BSD-style copyright
20322 * emul/utime.h, utime.c:
20323 BSD-style copyright
20327 this has been rewritten so use my BSD-style copyright
20330 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
20333 include malloc.h if no stdlib.h
20337 KTH snprintf()/asprintf() for systems w/o them
20341 strerror() for systems w/o it
20344 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
20350 * parse.c, parse.lex, parse.yacc:
20351 Add contribution info in the main comment
20354 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20357 remove missed ref to PAM_nullpw
20360 * auth/sudo_auth.h:
20365 more or less complete now--still untested
20368 * auth/afs.c, auth/pam.c:
20369 don't use user_name macro, it will go away
20372 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
20373 combine skey/opie code into rfc1938.c
20376 * auth/dce.c, auth/sudo_auth.h:
20377 DCE authentication method; basically unchanged from dce_pwent.c
20380 * auth/aix_auth.c, auth/sudo_auth.h:
20381 AIX authenticate() support. Could probably be much better
20385 Fix an uninitialized variable and some cleanup. Now works (tested)
20388 * auth/sia.c, auth/sudo_auth.h:
20389 SIA support for digital unix
20393 don't use prompt global, it will go away
20396 * auth/secureware.c:
20397 correct copyright years
20400 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
20401 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
20402 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
20403 New authentication API and methods
20406 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20413 only save an entry if user_matches && host_matches, even if the
20414 stack is empty (fix for previous commit)
20422 1) Always save an entry on the stack if it is empty. This fixes the
20423 -l and -v flags that were broken by earlier parser changes.
20425 2) In a Runas list, don't negate FALSE -> TRUE since that would make
20426 !foo match any time the user specified a runas user (via -u) other
20431 interfaces and num_interfaces are now auto, not extern
20434 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
20437 use a static global to keep stae about empty passwords
20441 make PASSWORD_NOT_CORRECT logging consistent with other modules
20444 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
20447 PAM prompt code was wrong, looks like we have to kludge it after
20452 In the PAM code, when a user hits return at the first password
20453 prompt, exit without a warning just like the normal auth code
20456 * configure, configure.in:
20457 kludge around cross-compiler false positives
20460 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
20461 New (correct) PAM code Tgetpass now takes an echo flag for use with
20462 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
20463 useless umask setting Change error from BAD_ALLOCATION ->
20464 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
20469 Some -Wall and kill some trailing spaces
20473 define -D__EXTENSIONS__ for solaris so we get crypt() proto
20476 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
20482 * INSTALL, config.h.in, configure, configure.in:
20483 for kerberos V < version, fall back on old kerb4 auth code
20487 clarify some things
20490 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
20494 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
20497 mention why DONT_LEAK_PATH_INFO is not the default
20500 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
20503 Fix open(2) return value checking, was NULL for fopen, should be -1
20512 better wording for solaris pam notice
20516 document recent changes
20520 Update shadow password section
20524 move authentication code from check.c to auth.c
20527 * Makefile.in, check.c, sudo.h:
20528 move authentication code to auth.c
20531 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
20533 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
20534 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
20535 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
20536 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
20538 Move interface-related defines to interfaces.h so we don't have to
20539 include <netinet/in.h> everywhere.
20542 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
20544 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
20545 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
20546 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
20547 turns out the old DES crypt does the right thing with passwords
20548 longert than 8 characters. o Fix common typo (necesary ->
20549 necessary) o Update TODO list
20552 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
20555 set $LOGNAME when we set $USER
20558 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
20561 add comment about digital unix and interfaces.c warning with gcc
20564 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
20567 use modern paths and give examples for some of the new parser
20571 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
20577 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
20578 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
20579 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
20580 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
20581 Function names should be flush with the start of the line so they
20582 can be found trivially in an editor and with grep
20585 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
20586 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
20587 free(3) is already void, no need to cast it
20590 * logging.c, sudo.c, sudo.h:
20591 catch case where cmnd_safe is not set (this should not be possible)
20594 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
20595 testsudoers.c, visudo.c:
20596 Stash the "safe" path (ie: the one listed in sudoers) to the command
20597 instead of stashing the struct stat. Should be safer.
20600 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
20602 * INSTALL, Makefile.in, UPGRADE:
20603 notes on updating from an earlier release
20610 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
20612 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
20613 sudoers.man, sudoers.pod:
20614 You can now specifiy a host list instead of just a host or alias.
20615 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
20622 * parse.yacc, sudo.tab.c:
20623 Move the push from the beginning of cmndspec to the end. This means
20624 we no longer have to do a push at the end of privilege, just reset
20628 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
20629 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
20630 use "!" most everywhere
20633 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
20636 modernize paths and update su example based on sample.sudoers one
20640 New runas semantics
20643 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
20645 In estrdup(), do the malloc ourselves so we don't need to rely on
20646 the system strdup(3) which may or may not exist. There is now no
20647 need to provide strdup() for those w/o it. Also, the prototype for
20648 estrdup() was wrong, it returns char * and its param is const.
20656 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
20659 * CHANGES, TODO, parse.yacc, sudo.tab.c:
20660 It is now possible to use the '!' operator in a runas list as well
20661 as in a Cmnd_Alias, Host_Alias and User_Alias.
20664 * logging.c, sudo.h:
20665 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
20669 Definitions of *_matched were wrong--user top, not top-2 as
20673 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
20674 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
20675 command but the NOPASSWD flag was set. Make runasspec, runaslist,
20676 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
20677 in the runas list Fix double printing of '%' and '+' for groups and
20678 netgroups respectively Add *_matched macros (no need for local stack
20679 variable). Should only be used directly after a pop (since top must
20683 * aclocal.m4, configure.in:
20684 Add copyright, somewhat silly
20687 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
20689 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
20690 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
20691 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
20692 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
20693 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
20694 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
20695 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
20696 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
20698 Crank version to 1.6 and combine copyright statements
20702 Use ! not ^ to do negation
20705 * lex.yy.c, sudo.tab.c:
20709 * parse.lex, parse.yacc:
20710 Make runas and NOPASSWD tags persistent across entris in a command
20711 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
20712 runas or *PASSWD tag the value given becomes the new default for the
20713 rest of the command list.
20716 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
20720 [a1ae9d4a7d54] [SUDO_1_5_9]
20723 Shift return value of system(3) by 8 to get real exit value and if
20724 it is not 1 or 0 print the retval along with the error message.
20727 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
20730 testsudoers needs LIBOBJS too
20733 * parse.c, parse.yacc, sudo.tab.c:
20734 Fix another parser bug. For a sudoers entry like this: millert
20735 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
20743 * parse.yacc, sudo.tab.c:
20744 Save entries that match a ! command on the matching stack too
20748 Make sudo's usage info better when mutually exclusive args are given
20749 and don't rely on argument order to detect this; nick@zeta.org.au
20752 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
20754 * CHANGES, Makefile.in, RUNSON:
20762 * parse.yacc, sudo.tab.c:
20763 Fix off by one error introduced in *alloc changes
20766 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
20767 check_sia.c, compat.h, config.h.in, configure, configure.in,
20768 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
20769 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20770 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
20771 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
20772 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
20773 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
20774 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
20778 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
20779 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
20780 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
20781 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
20782 Use emalloc/erealloc/estrdup
20786 error checking memory allocation routines
20789 * parse.yacc, sudo.tab.c:
20790 Still not right, this fixes it for real
20793 * parse.yacc, sudo.tab.c:
20794 Fix for previous commit
20797 * CHANGES, INSTALL, parse.yacc:
20798 Fix a parser bug that was exposed when mixing different runas specs
20799 and ! commands. For example: millert ALL=(daemon)
20800 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
20801 as well as daemon when it should just allow daemon. The problem was
20802 that comma-separated commands in a list shared the same entry on the
20803 matching stack. Now they get their own entry iff there is a full
20804 match. It may be better to just make the runas spec persistent
20805 across all commands in a list like the user and host entries of the
20806 matching stack. However, since that is a fairly major change it
20807 should gets its own minor rev increase.
20810 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
20812 * check.c, config.h.in:
20813 Simplify PAM code and fix a PAM-related warning on Linux
20816 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
20830 * check.c, configure.in:
20831 new pam code that works on solaris, should work on linux too;
20835 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
20842 only include strings.h if there is no string.h
20845 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
20848 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
20851 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
20854 shost must be set before log functions are called #ifdef HOST_IN_LOG
20857 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
20859 * CHANGES, lex.yy.c, parse.lex:
20860 Fix a bug wrt quoting characters in command args. Stop processing
20861 an arg when you hit a backslash so the quoted-character detection
20865 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
20868 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
20871 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
20873 * configure, configure.in:
20874 add missing case statement so --without-sendmail works
20877 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
20883 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
20885 * configure, configure.in:
20886 only search for -lsun in irix <= 4.x
20889 * configure, configure.in:
20890 back out last configure.in change now that I've hacked autoconf to
20891 fix the real problem and add a missing newline
20899 add def of dirfd() for those without it
20902 * configure, configure.in:
20903 When falling back to checking for socket() when linking with
20904 "-lsocket -lnsl" check for main() instead since autoconf has already
20905 cached the results of checking for socket() in -lsocket. This is
20906 really an autoconf bug as it should use the extra libs as part of
20907 the cache variable name.
20914 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
20917 fix occurrence of $with_timeout that should be
20918 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
20922 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
20924 * sudo.cat, sudo.html, sudo.man, sudo.pod:
20925 fix grammar; espie@openbsd.org
20926 [7031d9dfbc3e] [SUDO_1_5_8]
20928 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
20930 * parse.yacc, sudo.c, testsudoers.c:
20931 add cast for strdup in places it does not have it
20934 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
20936 * configure, configure.in:
20937 define for_BSD_TYPES irix
20940 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
20942 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
20943 Make it clear that it is the user's password, not root's, that we
20948 If the user enters an empty password and really has no password,
20949 accept the empty password they entered. Perviously, they could
20951 *but* an empty password. Also, add GETPASS macro that calls either
20952 tgetpass() or getpass() depending on how sudo was configured.
20953 Problem noted by jdg@maths.qmw.ac.uk
20956 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
20958 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
20959 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
20960 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20961 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
20962 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
20963 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
20965 add explicate copyright
20969 mention -lsocket, -lnsl configure changes
20972 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
20975 Don't clobber errno after calling check_sudoers().
20978 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
20980 * configure, configure.in:
20981 When linking with both -lsocket and -lnsl be sure to do so in that
20982 order. Also, when we can't find socket() or inet_addr() and have to
20983 try linking with both libs, issue a warning.
20986 * sudo.cat, sudo.man, sudo.pod:
20987 clarify bad timestamp and fmt
20990 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
20993 be clear that pam is linux-only and add a RUNSON entry
20996 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
20998 * CHANGES, INSTALL, configure, configure.in:
20999 fix and correctly document --with-umask; problem noted by
21003 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21005 * configure, configure.in:
21006 only use /usr/{man,catman}/local to store man pages if suer didn't
21007 override prefix or mandir
21010 * INSTALL, configure, configure.in:
21011 fix typo, make --with-SecurID take an arg
21014 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21020 * CHANGES, INSTALL, check.c, configure, configure.in:
21021 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
21024 * configure, configure.in:
21025 better fix for the problem of unresolved symbols in -lnsl or
21029 * configure, configure.in:
21030 when checking for functions in -lnsl and -lsocket link with both of
21031 them to avoid unresolved symbols on some weirdo systems
21034 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21036 * BUGS, CHANGES, RUNSON, TODO:
21037 old changes that didn't make it into RCS before the RCS->CVS switch
21040 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21042 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
21043 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
21044 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
21045 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
21046 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21047 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
21048 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
21061 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
21062 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
21063 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
21064 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
21065 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21066 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
21067 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
21068 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
21069 crank version and regen files
21073 kill rcs goop in update_version and fix now that version is a const
21076 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
21077 sudo.c, sudo.h, sudo.pod:
21078 kerb5 support from fcusack@iconnet.net
21081 * realpath.c, sudo_realpath.c:
21082 we no longer use realpath
21086 replaced by find_path.c
21090 all options are now configure flags
21098 superceded by getcwd.c
21102 superceded by tgetpass.c
21106 superceded by RUNSON
21110 No longer used now that we have configure options for everything.
21114 regen based on configure.in
21117 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
21118 sudoers.man, visudo.cat, visudo.html, visudo.man:
21119 regen based on sudo.pod, sudoers.pod, and visudo.pod
21122 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
21125 fix tty tickets in remove_timestamp (didn't use ':')
21128 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
21131 close sock when we are done with it
21134 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
21137 never say "error on line -1"
21140 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
21143 check for -lnsl before -lsocket
21147 quote '[', ']' used in ranges correctly
21150 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
21153 add missing NO_ROOT_SUDO noted by drno@tsd.edu
21156 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
21163 more info for 1.5.7
21171 make increases of cm_list_size and ga_list_size be similar to
21172 increases of stacksize (ie: >= not > in initial compare).
21176 when we get a syntax error, report it for the previous line since
21177 that's generally where the error occurred.
21180 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
21182 * config.h.in, configure.in, interfaces.c:
21183 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
21185 [d197f31fd1e4] [SUDO_1_5_7]
21188 define BSD_COMP for svr4
21191 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21192 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21193 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21194 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21199 kill check for sockio,h
21203 no more HAVE_SYS_SOCKIO_H
21206 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21207 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21208 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21209 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21213 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
21216 add missing inform_user()
21219 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
21222 return NOT_FOUND if given fully qualified path and it does not exist
21223 previously it would perror(ENOENT) which bypasses the option to not
21228 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
21232 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
21235 tty tickets are user:tty now
21239 when using tty tickets make it user:tty not user.tty as a username
21240 could have a '.' in it
21243 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
21246 add "ignoring foo found in ." for auth successful case
21249 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
21252 add missing printf param
21255 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
21257 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
21258 go back to printing "command not found" unless --disable-path-info
21259 specified. Also, tell user when we ignore '.' in their path and it
21260 would have been used but for --with-ignore-dot.
21264 Only one space after a colon, not two, in printf's
21267 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
21270 document setting $USER
21274 fix bugs with prompt expansion
21278 set $USER for root too
21281 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
21288 HP-UX's iscomsec is in -lsec, not libc
21292 remove some entries in the OS case statement that did nothing
21296 add "cd" section and flush out syslog section
21300 no more sudo-lex.yy.c
21304 add custom prompt support
21308 kill perror("malloc") since we already have a good error messages
21309 pw_ent -> pw for brevity
21313 kill perror("malloc") since we already have a good error messages
21314 pw_ent -> pw for brevity set $USER if -u specified
21318 kill perror("malloc") since we already have a good error messages
21322 kill perror("malloc") since we already have a good error messages
21323 pw_ent -> pw for brevity when checking if %group matches, look up
21324 user in password file so that %groups works in a RunAs spec.
21328 kill perror("malloc") since we already have a good error messages
21331 * check.c, getspwuid.c, interfaces.c:
21332 kill perror("malloc") since we already have a good error messages
21333 pw_ent -> pw for brevity
21336 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
21339 the prompt is expanded before tgetpass is called
21343 tgetpass now has the same args as getpass again
21347 add iscomsec, issecure support
21351 we now expand any %h or %u in the prompt before passing to tgetpass
21355 add check for syslog(3) in -lsocket, -lnsl, -linet
21359 add HAVE_ISCOMSEC and HAVE_ISSECURE
21363 add check for iscomsec in HP-UX
21367 check for issecure if we have getpwanam on SunOS some options are
21368 incompatible with DUNIX SIA check for dispcrypt on DUNIX
21371 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
21378 add back support for non-dispcrypt based checking for older DUNIX
21386 SIA becomes the default on Digital UNIX now havbe --disable-sia to
21391 move local includes after system ones
21394 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
21396 * check.c, check_sia.c, sudo.h:
21397 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
21402 fix while loop in sia_attempt_auth() that checks the password. Only
21403 the first iteration was working.
21406 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
21409 don't trust UID_MAX or MAXUID
21420 * getspwuid.c, secureware.c:
21421 init crypt_type to INT_MAX since it is legal to be negative in DUNX
21426 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
21427 -ldb since DUNX < 4.0 lacks it
21430 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
21432 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
21433 secureware.c, sudo.c, tgetpass.c:
21434 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
21435 minutes if the shadow files don't exist).
21438 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
21441 updated --with-editor blurb
21445 tell how to put sudoers in a different dir
21449 add missing quotes around $with_editor
21453 typo in --with-editor bits
21457 I don't expect it to work on Solaris
21461 add back security/pam_misc.h
21464 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
21467 remove dunix note since configure checks for this now
21471 add check for broken dunix prot.h (4.0 < 4.0D is bad)
21474 * getspwuid.c, secureware.c, tgetpass.c:
21475 new dunix shadow code, use dispcrypt(3)
21483 call initprivs() if we have it for getprpwuid later on
21487 clean pathnames.h too
21491 quote "Sorry, try again." with [] since it has a comma in it set
21492 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
21493 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
21498 update Digital UNIX note about acl.h
21503 --without-root-sudo -> --disable-root-sudo some reordering
21510 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
21518 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
21521 when checking for -lsocket, -lnsl, and -linet, check for the
21522 specific functions we need from them.
21525 * config.h.in, sudo.h:
21526 move Syslog_* defs into sudo.h
21529 * Makefile.in, sudo.h:
21530 added check_secureware
21534 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
21538 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
21539 defined. configure now does that for us
21543 move some --with options around change a bunch of echo's to
21544 AC_MSG_CHECKING, AC_MSG_RESULT pairs
21548 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
21549 syntax error add some echo verbage
21552 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
21555 moved SecureWare stuff into secureware.c
21563 update url to solaris gcc bins
21567 change option formatter and flesh out someentries
21570 * TROUBLESHOOTING, sudo.pod, visudo.pod:
21571 environmental variable -> environment variable
21575 everything is now done via configure
21583 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
21587 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
21591 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
21592 sudoers_mode from configure
21596 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
21597 the Makefile, not config.h
21601 document all --with/--enable options
21604 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
21607 options.h is no more
21611 assimilated options.h
21615 moved options from options.h to configure
21618 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
21619 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
21620 sudo_setenv.c, visudo.c:
21624 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
21625 remove references to options.h
21628 * dce_pwent.c, interfaces.c, sudo.c:
21633 if select return < -1 still prompt for pw
21637 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
21642 FAST_MATCH is no longer an optino
21646 remove_timestamp() if timestamp is preposterous
21650 convert more options to --with/--enable
21653 * INSTALL, aclocal.m4:
21658 convert more options into --with and --enable
21662 catch EINTR in select and restart
21669 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
21672 UMASK -> SUDO_UMASK.
21675 * check.c, logging.c:
21676 time.h, not sys/time.h
21679 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
21682 MAILER -> _PATH_SENDMAIL
21685 * INSTALL, configure.in:
21686 no more --with-C2, now it is --disable-shadow
21689 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
21690 getspwuid.c, sudo.c, tgetpass.c:
21691 new shadow password scheme. Always include shadow support if the
21692 platform supports it and the user did not disable it via configure
21695 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
21698 --with-getpass -> --{enable,disable}-tgetpass
21702 pathnames.h -> pathnames.h.in
21710 move pam_conv to be static to auth function remove pam_misc.h
21711 (solaris doesn't have one)
21715 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
21719 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
21723 convert to pathnames.h.in
21726 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
21729 fix typo in sysv4 matching case /.
21732 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
21735 pam stuff needs to run as root, not user, for shadow passwords
21738 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
21740 * BUGS, INSTALL, README, configure.in:
21744 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
21745 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
21746 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
21747 logging.c, options.h, parse.c, parse.lex, parse.yacc,
21748 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
21749 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21754 user version.h for long message
21758 this is version 1.5.6
21761 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
21764 remove errant backslash
21767 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
21769 * options.h, parse.yacc, pathnames.h.in:
21771 [fdee73255d64] [SUDO_1_5_6]
21773 * BUGS, CHANGES, TODO:
21781 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
21784 kill unused localhost_mask var copy if name to ifr_tmp after we zero
21788 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
21791 Better description of new vs. old sudoers modes fix some typos
21792 better description of /usr/ucb/cc gotchas on slowaris
21800 set NewArgv[0] to user_shell, not basename(user_shell)
21803 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
21806 mention TROUBLESHOOTING more fix some typos
21810 move --enable/--disable to be after --with
21814 document --enable/--disable
21818 document --with-pam
21821 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
21824 Add message for pam users
21835 * check.c, config.h.in, configure.in:
21836 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
21839 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
21842 add HOST_IN_LOG and WRAP_LOG
21846 add WRAP_LOG and HOST_IN_LOG
21850 add --enable-log-host and --enable-log-wrap
21854 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
21857 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
21864 include sys/param.h to get howmany macro
21867 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
21869 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
21873 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
21876 bring in stdio.h for NULL
21880 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
21884 use HAVE_SET_AUTH_PARAMETERS
21888 add HAVE_SET_AUTH_PARAMETERS
21892 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
21896 add support for HI-UX/MPP SR220001 02-03 0 SR2201
21900 initialize previfname
21904 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
21905 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
21914 don't need special build line for sudo.tab.o
21918 don't clean sudo.tab.[ch]
21922 Sudo should prompt for a password before telling the user that a
21923 command could not be found.
21931 no longer require yacc
21939 y.tab -> sudo.tab include pre-yacc'd parse.yacc
21943 include sudo.tab.h, not y.tab.h don't break out of command args if
21951 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
21960 getcwd(3) from OpenBSD for those without it.
21964 HAVE_GETWD -> HAVE_GETCWD
21968 pretend sunos doesn't have getcwd(3) since it opens a pipe to
21977 remove duplicate include of string.h
21981 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
21985 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
21989 add dev_t and ino_t
21992 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
21995 fix OTP_ONLY for opie
21998 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
22000 * testsudoers.c, tgetpass.c:
22001 include stdlib.h for malloc proto
22004 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
22007 make update_version saner
22011 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
22015 check for waitpid and wait3 or no waitpid
22019 used waitpid or wait3 if we have 'em
22022 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
22025 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
22028 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
22031 don't need to explicately mention -lsocket -lnsl for sequent
22034 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
22037 dynix should not link with -linet
22040 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
22043 mention that HP-UX doesn't ship with yacc
22046 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
22049 ignore kerberos if we can't get the local realm
22052 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
22054 * BUGS, INSTALL, README, configure.in:
22062 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
22063 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
22064 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
22065 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
22074 don't use popen/pclose. Do it inline.
22085 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
22086 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
22091 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
22096 getwd.c -> getcwd.c
22108 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
22112 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
22114 * OPTIONS, options.h:
22115 add STUB_LOAD_INTERFACES
22118 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22119 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22120 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22121 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22122 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22123 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22128 support *-ccur-sysv4 and fix two typos
22131 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
22134 don't echo about with_logfile and with_timedir
22138 document --with-logfile and --with-timedir
22142 support --with-logfile and --with-timedir
22146 Add --with-logfile and --with-timedir
22150 change size computation of NewArgv for UNICOS
22153 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
22156 treate -*-sysv4* like *-*-svr4
22159 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
22162 fix spacing for --with-authenticate help
22165 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22166 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22167 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22168 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22169 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22170 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22175 fix off by one error in push macro
22178 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22181 removed bogus alloca hack
22185 added AIX 4.x authenticate() support
22189 include alloca.h if using bison and not gcc and it exists. fixes an
22190 alloca problem on hpux 10.x
22194 mention --with-authenticate
22198 added AIX authenticate() support
22202 add HAVE_AUTHENTICATE
22206 dynamically size ifconf buffer
22213 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22214 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22215 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22216 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22217 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22218 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22226 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
22229 add busy stmp file explanation
22232 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
22235 the name of the cached var that signals whether or not you are cross
22236 compiling changed. It is now ac_cv_prog_cc_cross
22239 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
22242 mention glibc 2.07 is fixed wrt lsearch()\.
22245 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
22247 * sample.sudoers, sudoers.pod:
22248 better example of su but not root su
22251 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22253 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22254 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22255 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22256 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22257 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22258 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22263 correct regexp for updating version
22267 remove bogus flush of stderr spew prompt before turning off echo.
22268 Seems to fix a weird problem where if sudo complained about a bogus
22269 stamp file the user would sometimes not have a chance to enter a
22274 fix bogus flush of stderr
22278 close fd's <=2 not <=3 and move that chunk of code up
22282 support hpux1[0-9] not just hpux10
22285 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
22288 set sudoers_fp to nil after closing
22291 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
22293 * config.guess, config.sub:
22294 updated from autoconf 2.12
22301 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
22304 fix select usage for high fd's (dynamically allocate readfds)
22308 kill extra whitespace
22312 do an initgroups() before running a command, unless the target user
22316 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
22319 tell people to use tabs, not spaces, in syslog.conf
22322 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
22324 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
22325 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
22329 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
22330 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
22334 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22335 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
22340 more tweaks to update_version
22344 fixed up update_version rule
22352 removed supe of check.c
22363 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22364 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
22365 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22366 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22367 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22368 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22378 add rules to update version stuff in files so I don't need to do it
22383 sudoers_fp is now extern
22387 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
22388 don't have to open it again in the parse. This may help with weird
22389 solaris problems where EAGAIN sometime occurrs.
22393 sudoers file open is now done only in check_sudoers() so we just do
22394 a rewind() instead of an open. May help people on solaris who were
22398 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22401 mention that newer glibc is fixed
22404 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
22407 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
22408 _RLD* instead of _RLD_*
22416 fix that bug for real
22420 document Linux's libc6 brokenness.
22429 [4949a1bbd0a9] [SUDO_1_5_4]
22432 remind people to HUP syslogd
22448 remove author's email addr. people should mail sudo-bugs
22455 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
22456 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
22457 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
22458 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22459 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22460 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
22468 * INSTALL, Makefile.in:
22477 exit(1) if user enters no passwd
22485 commands can start with ./* not just /* -- fixes a serious security
22489 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
22492 Don't set the tty variable to NULL when we lack a tty, leave it as
22496 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22499 fix usage of (username) in conjunction with , and !
22503 catch the case where the user is not in the passwd file
22507 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
22512 define tty global to an initial value to avoid dumping core in
22513 logging functions when passwd file is unavailable.
22517 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
22522 talk about problem of ALL
22525 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
22532 fdesc bug is fixed in Open/Net BSD
22536 updates from Nieusma
22539 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22542 move compat.h after the system includes
22545 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22548 save errno from being clobbered by wait(). From Theo
22551 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
22554 fix an occurence of setresuid -> setreuid (typo)
22557 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
22560 check for path to strip
22563 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22566 deal with maxfilelen < 0 case
22573 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
22576 correct error message if mode/owner wrong and not statable by owner
22577 but is statable by root.
22580 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22582 * config.guess, config.sub:
22586 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22588 * CHANGES, RUNSON, TODO:
22592 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
22594 * parse.yacc, sudo.h:
22595 command_alias -> generic_alias
22596 [c404ca8c510d] [SUDO_1_5_3]
22599 added Runas_Alias example and fixed syntax errors
22602 * OPTIONS, options.h:
22603 updated MAILSUBJECT
22610 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22611 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
22612 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22613 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22614 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22615 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22620 * BUGS, emul/utime.h:
22625 document Runas_Alias
22633 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
22638 add size params to sprintf
22642 allow trailing space after '\\' but before '\n'
22646 off by one error in path size check
22653 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
22660 now warns if killed by signal ./
22663 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
22666 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
22671 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
22675 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
22679 Add Runas_Alias and simplify a rule.
22683 always store User_Alias's since they can be used inside of a runas
22684 list. Sigh. Really need a Runas_Alias instead.
22687 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
22690 deal with case where there is no sudoers file
22693 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
22699 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
22701 * HISTORY, testsudoers.c:
22702 developement -> development
22717 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
22720 removed seteuid() notes
22721 [1010a60f281d] [SUDO_1_5_2]
22723 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22726 better seteuid() emulatino
22730 added check for seteuid
22737 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
22740 first stab at sequent support
22744 added HAVE_SYS_SELECT_H
22748 sequent -> _SEQUENT_
22752 added seteuid() macro for DYNIX
22756 _AIX -> HAVE_SYS_SELECT_H
22759 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
22761 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
22762 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
22763 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22767 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
22768 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
22769 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
22770 pathnames.h.in, version.h:
22775 added -H and SUDO_PS1
22779 use SUDO_FUNC_FNMATCH
22783 added SUDO_FUNC_FNMATCH
22791 added MODE_RESET_HOME /
22794 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
22808 * compat.h, config.h.in:
22813 added HAVE_OPIE and changed to *_OTP_*
22820 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
22823 moved fclose() in skey stuff.
22826 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
22829 index -> strchr remove unnecesary stuff
22833 now call skeychallenge() to get challenge instead of making one up
22834 ourselves. this way, we get extra goodies in the prompt.
22837 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
22841 [3f5149357e2a] [SUDO_1_5_1]
22844 allow logins to start with a number (YUCK!)
22847 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
22850 added soalris 2.5 vs 2.4 note
22854 DUNIX doesn't need -lnsl
22858 *** empty log message ***
22861 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
22862 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
22863 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
22864 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
22865 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
22866 utime.c, version.h, visudo.c:
22870 * PORTING, README, RUNSON:
22874 * INSTALL, Makefile.in, TROUBLESHOOTING:
22879 *** empty log message ***
22882 * sudo.pod, visudo.pod:
22886 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
22892 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
22895 added $SUDO_PROMPT support
22898 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
22901 print long skey challemged to stderr, not stdout
22904 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
22914 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22920 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
22923 use shost, not host for tgetpass
22927 documented %u and %h
22931 documented %u and %h
22938 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22939 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22940 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22941 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22942 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22943 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
22951 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
22953 * Makefile.in, configure.in, version.h:
22958 new tgetpass() params
22962 pass use and host to tgetpass
22966 added %u and %h escapes
22969 * OPTIONS, check.c, options.h:
22974 added cray (unicos) support
22977 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
22979 * OPTIONS, options.h, sudo.c:
22980 added SHELL_SETS_HOME
22983 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
22986 added note about "make install"
22990 changed length/size params from int to size_t
22994 now get CSOPS insults as well by default
22998 use csops insults too by default
23001 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
23006 added runas_homedir
23022 added "upgrading" notes
23025 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
23028 now do chmod and chown after edit of temp file and before rename
23029 [de174e34faa7] [SUDO_1_5_0]
23031 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
23034 ++version added INSTALL.configure
23037 * configure.in, version.h:
23042 *** empty log message ***
23050 sets $HOME to pw_dir of runas user
23054 document $HOME change
23057 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
23060 fixed up some wording
23063 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23064 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
23065 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
23070 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
23071 insults.h, options.h, pathnames.h.in, sudo.h:
23080 name nad type changes
23084 now works with new sudo
23092 some variable name changes + comment headers for functions.
23096 added extra paren's to make compilers happy
23100 *** empty log message ***
23104 now uses init_parser() if not in sudoers and tries "list" or
23105 "validate" scold but don't be nasty.
23109 now can use upper case login names
23113 now uses init_parser()
23121 added info about PASSWORD_TIMEOUT
23124 * INSTALL.configure:
23133 now dynamically allocates memory for the stacks -- no more
23138 -l now explands command aliases
23142 hacks to expand command aliases for `sudo -l'
23146 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
23150 added struct command_alias
23158 in compar() key should be first arg
23161 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
23168 can now deal with upcase HOST and USER names
23172 don't yell too loudly at non-sudoers if they do "sudo -l"
23183 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
23185 * parse.c, parse.yacc:
23186 added support for new `sudo -l' stuff
23190 now uses list_matches()
23194 added struct sudo_match
23198 now more -lgnumalloc
23201 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23204 added more paths for chown and whoami
23207 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
23213 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
23216 fixed DUNIX check for shadow pw
23220 now only turn off echo if it is already on. this fixes a race when
23221 you use sudo in a pipelin
23229 changed "test -z $foo && do_this" to if; then construct
23232 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
23235 added missing defines of SHADOW_TYPE
23238 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
23241 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
23246 added AUTH_CRYPT_C1CRYPT support
23250 no longer return VALIDATE_NOT_OK if there was a runas that didn't
23251 match. Now we can have runas stuff on more than one line.
23254 * getspwuid.c, sudo.c, tgetpass.c:
23255 use SHADOW_TYPE instead of HAVE_C2_SECURITY
23259 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
23264 removed HAVE_C2_SECURITY added SPW_BSD
23268 use SHADOW_TYPE instead of HAVE_C2_SECURITY
23272 SHADOW_TYPE is always defined so just against its value
23276 added SUDO_CHECK_SHADOW_DUNIX
23279 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
23282 * -> ?* in one example added another instance of (runas) and one of
23286 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
23289 added back check for config.cache from other host type
23293 removed an instance of \"
23301 updated wrt new wildcard matching
23305 new check for shadow passwords if we don't know anything
23309 new SUDO_CHECK_SHADOW_GENERIC
23313 added back check for -lsocket (oops)
23317 better (working) check for shadow passwd type if we know to use C2.
23321 now uses AC_CANONICAL_HOST to figure out os type
23325 added config.{guess,sub}
23329 removed unused stuff to figure out os type
23345 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23346 pathname. need to check against sudoers_args even if user_args is
23351 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23352 pathname need to check against sudoers_args even if user_args is nil
23355 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
23358 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
23362 now takes command line args and uses cmnd_args
23366 fill_args was adding an extra leading space
23369 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
23372 fixed dummy command_matches()
23384 now uses flat args string
23387 * parse.c, parse.lex:
23388 now uses flat arg string
23392 added cmnd_args def
23396 now sets cmnd_args global
23400 cmnd_args is now exported from sudo.[ch]
23403 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
23406 can't rely on cmnd_matches as much as I thought -- added some $$
23407 stuff back in to prevent namespace pollution problems.
23411 Simplified parse rules wrt runas and NOPASSWD (more consistent).
23414 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
23417 NOPASSWD may now have blanks before the ':' '(' only starts a
23418 'runas' if in the initial state to avoid collision with command args
23422 added checks for specific shadow passwd schemes
23426 added routines to check for specific shadow passwd types
23429 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
23432 added support for ncr boxen
23436 added support for detecting ncr boxen
23439 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
23442 added sinix support
23445 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
23448 added info about "config.cache from other other" error.
23452 now makes sure you don't have a config.cache file from another OS
23456 now sets $LIBS when needed to configure links with libs when doing
23457 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
23458 bigcrypt(3) if SPW_SECUREWARE
23466 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
23474 no more SPW_HPUX10 added HAVE_BIGCRYPT
23478 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
23482 SPW_SECUREWARE now uses bigcrypt
23485 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
23488 fixed 2 syntax errors
23492 root may now run ALL as ALL
23495 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
23498 fixed a typo/thinko that broke BSD's with sa_len
23501 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23503 * check.c, configure.in:
23504 updated AFS support
23508 added entry about /usr/ucb/cc
23512 prep no longer holds gcc binaries
23524 AFS allows long passwords
23528 fixed -u user support
23532 sudo -v now groks VALIDATE_OK_NOPASS
23536 fixed no_passwd vs. runas_matched
23540 took out stuff about NFS-mounting since it is no longer an issue
23544 added --with-libraries > --with-libpath --with-incpath
23548 was setting runas_matches to -1 in wrong place
23552 removed usersec.h which is not present in new AFS versions
23556 now deals with timeout <= 0
23564 BSD/OS >= 2.0 now uses shlicc instead of just gcc
23568 fixed backwards compatibility with sudo 1.4 sudoers mode for root
23569 readable/writable filesystems
23573 now gives INSTALL -c flag
23577 slightly simpler initialization of no_passwd and runas_matches
23581 added -u username support
23585 improved --with-libraries support
23588 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23591 added --with-incpath, --with-libpath, --with-libraries
23595 now initializes some fields that weren't getting set to -1 pretty
23596 gross -- need a rewrite.
23599 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
23606 no longer add -lPW to *_LIBS since we include alloca.c
23610 added HAVE_ALLOCA_H
23625 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
23628 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
23629 not always set to a valid uid.
23633 fixed entry for SUDO_MODE
23637 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
23638 being set to -2. Now beat NFS to the punch and set uid to "nobody"
23639 ourselves, preserving group 0 to read sudoers.
23643 moved set_perms(PERM_ROOT) to be before yyparse()
23651 no longer need AC_PROG_INSTALL
23655 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
23659 make clean -> make distclean
23662 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
23665 removed some unnecsary if's
23668 * Makefile.in, version.h:
23672 * parse.c, testsudoers.c:
23673 now includes netgroup.h
23677 removed cats of ioctl to int since they didn't shut up -Wall
23681 explicately cast ioctl() to int since it it not always declared
23685 added declarations for yyparse() and yylex()
23689 fixed an occurence of '==' -> '='
23692 * config.h.in, configure.in:
23693 added check for netgroup.h
23697 fixed 2 compiler warnings
23701 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
23705 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
23711 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
23714 fixed a formatting thingie
23717 * parse.c, parse.yacc:
23718 fixed -u support with multiple user lists on a line
23722 unixware needs -lgen
23726 updated ftp location
23730 add net_addr/netmask support
23734 added net_addr/mask example
23737 * parse.c, parse.lex:
23738 added support for net_addr/netmask
23741 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
23747 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
23757 * BUGS, TODO, TROUBLESHOOTING:
23762 updated with examples of new stuff
23770 updated wrt -u and NOPASSWD
23774 updated wrt -u and CAVEATS
23777 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
23784 now use :foo: character classes (makes no diff for generated lexer)
23787 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
23790 fixed LONG_SKEY_PROMPT stuff
23793 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
23800 make more like NetBSD one -- now compiles w/o warnings
23804 fixed decls of lsearch()
23807 * config.h.in, configure.in, getspwuid.c:
23812 hpux 10 uses bigcrypt() if C2
23815 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
23818 now always uses fnmatch to match args
23822 back to using stdio instead of raw i/o since that caused some
23826 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
23829 now give usage warning if use -l,-v,-k with args
23832 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
23835 NewArgc is now set to 1 for -l, -v, -k
23839 now sets sudoers to correct group if mode is 0400
23843 updated to version used by inn and bind
23847 now uses -lgnumalloc if it exists
23851 "make install" now sets uid/gid and mode on sudoers if it exists
23855 rmeoved debugging statements
23859 added a missing free()
23863 now uses user_gid instead of getegid (which was wrong anyway) to set
23864 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
23865 (logging.c depends on args being in the environment)
23869 now uses SUDO_COMMAND envariable to get command args rather than
23870 building it up again.
23878 fixed off by one error in allocation NewArgv
23882 in sudoers, 'command ""' now means command with no args
23886 added check for fnmatch(3) and fnmatch.h
23894 replaced wildcat.* with fnmatch.*
23901 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
23904 now uses fnmatch() instead of wildmat a trailing star (*) by itself
23905 now matches multiple args added support for wildcards in the
23906 pathname in sudoers
23909 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
23912 now includes compat.h and config.h
23916 added HAVE_FNMATCH_H
23920 now checks for alloca() (if needed by bison or dce) and links with
23921 -lPW if it contains alloca() and libv and compiler do not.
23924 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
23928 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
23931 now fixes mode on sudoers if set to 0400 to aid in upgrade
23934 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
23937 fixed pod2man usage
23940 * Makefile.in, configure.in, version.h:
23944 * testsudoers.c, visudo.c:
23945 runas_user is now initialized to "root"
23949 removed PERM_FULL_ROOT
23953 runas_user defaults to "root" so no more need to PERM_RUNAS
23957 will now only running commands as root if there was no runas list
23958 (or if root is in the runas list)
23966 runas_matches is now set to false if we get a negative match
23970 make #uid work + some minor cleanup
23974 added support for NOPASSWD and "runas" from garp@opustel.com /
23978 added support for "runas" from garp@opustel.com replaced
23979 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
23984 added support for "runas" from garp@opustel.com
23988 added support for NO_PASSWD and runas from garp@opustel.com replaced
23989 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
23994 added support for NO_PASSWD and runas from garp@opustel.com replaced
23995 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
24000 added support for NO_PASSWD and runas from garp@opustel.com
24003 * parse.c, parse.lex:
24004 added support for NO_PASSWD and runas from garp@opustel.com
24008 added support for SUDOERS_WRONG_MODE and "runas"
24012 added --with-CC only link with -lshadow on linux (with shadow pw) if
24013 libc lacks getspnam()
24016 * OPTIONS, options.h:
24017 removed NO_PASSWD since it is not possible to do this in the sudoers
24018 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
24019 SUDOERS_GID. Added SUDOERS_MODE.
24023 now uses SUDOERS_UID and SUDOERS_GID
24026 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
24032 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
24035 added double quote support
24039 documented double quoting
24042 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
24049 fixed some indentation
24057 added install-dirs .
24060 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
24063 new version from "Jeff A. Earickson" <jaearick@colby.edu>
24066 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
24069 $CSOPS -> $with_csops (whoops, missed one)
24077 FQHOST now has same constraints as non-FQHOST
24081 added note about OS's w/ shadow passwords turned on by default
24084 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
24091 added support for --without-THING sanitized shadow pw situtation by
24097 fixed a typo wrt placement of an end paren
24101 was closing an fd that may not have been opened
24104 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
24106 * OPTIONS, options.h, sudo.c:
24110 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
24113 now always use shadow pw on some arches
24116 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
24119 added pyramid support
24123 no longer check for C2 if alternate passwd method is used no longer
24124 check for some libs twice
24128 moved fqdn stuff into parse.lex (FQHOST)
24136 now define TCSASOFT in necesary
24140 now uses read/write instead of stdio string goop to avoid problems
24144 * OPTIONS, find_path.c, options.h:
24145 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
24148 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
24151 added note about no shadow auto-detect if using alternate auth
24156 don't check for C2 if AFS or DCE (unless they said --with-C2)
24163 * OPTIONS, find_path.c, options.h:
24167 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
24170 checkdot now works correctly
24173 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
24176 can't have DCE and C2 passwords both...
24179 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
24181 * parse.yacc, sudo.c, sudo.h, visudo.c:
24182 now uses shost even if not FQDN
24186 now looks for skey in /usr/lib and doesn't require libskey to be in
24187 /usr/local/lib just because skey.h is (for my netbsd box :-)
24190 * aclocal.m4, config.h.in, pathnames.h.in:
24191 _SUDO_PATH_ -> _CONFIG_PATH_
24194 * aclocal.m4, sudo.pod:
24195 /var/run/.odus -> /var/run/sudo
24199 now uses _SUDO_PATH_TIMEDIR
24206 * aclocal.m4, configure.in:
24211 added _SUDO_PATH_TIMEDIR
24215 updated wrt /var/run/sudo
24219 added support for shost if FQDN
24222 * parse.yacc, visudo.c:
24223 now uses shost if FQDN
24227 Now use skeylookup() instead off skeychallenge()
24230 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
24233 mail_argv should not contain ALERTMAIL as it includes "-t"
24236 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
24238 * INSTALL, Makefile.in, README, configure.in, version.h:
24243 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
24247 now includes limits.h moved _PASSWD_LEN -> compat.h
24250 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24268 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
24275 done for 1.4.1 (I hope)
24279 added info on wildcards
24283 added wildcard example
24287 now uses *.pod to build *.man and *.cat & *.html
24291 addedSUDO_PROG_BSHELL !ll
24295 fixed up some formatting
24299 redid section describing sample sudoers stuff
24303 fixed some formatting
24307 now treats "" as bourne shell
24311 TESTOBJS nwo includes wildmat.o
24315 now works with NewArg[cv]
24319 removed an XXX (fixed it in getspwuid.c)
24323 added check for bourne shell
24331 added _SUDO_PATH_BSHELL
24334 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
24337 unixware vi returns 256 instead of 0
24345 fixed up some XXX's. file log format now looks a little more like
24346 real syslog(3) format.
24349 * README, TROUBLESHOOTING:
24350 updated wrt lex/flex
24354 commented out rule to build lex.yy.c from parse.lex since we ship
24355 with a pre-flex'd parser
24358 * parse.c, parse.yacc, visudo.c:
24359 path_matches -> command_matches
24363 eliminated some strcat()'s
24367 no longer checks for lex/flex (now assumes flex)
24371 now checks for $kerb_dir_candidate/krb.h instead of just
24375 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24378 now use a 'hook' expression instead of an iffy one :-)
24381 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24384 now works with new sudo arg stuff
24388 fixed dereferencing deadbeef
24392 changed an occurrence of Argv to NewArgv
24396 took out support for quoted commands since there is no need...
24400 fixed a typo in a for() loop
24404 protected against dereferencing rogue pointers
24408 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
24409 also allows us to eliminate some kludges in parse_args() and
24410 eliminate superfluous code.
24414 no longer uses cmnd_args, now uses NewArgv instead.
24418 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
24423 added wildmat.c to SRCS & SUDOBJS
24427 COMMAND is now a struct containing the path and args
24431 replaced append() with fill_cmnd() and fill_args. command args from
24432 a sudoers entry are now stored in an arrary for easy matching.
24436 command line args from sudoers file are now in an array like ones
24437 passed in from the command line
24440 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
24443 wildwat stuff now works
24446 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
24453 ++version added wildmat.*
24456 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
24459 added support for quoted commands (w/ or w/o args)
24462 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24464 * sudo.pod, visudo.pod:
24465 cleaned up formatting
24468 * sudo.pod, visudo.pod:
24472 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
24475 looks reasonable, could be mroe readable
24482 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
24489 updated NO_ROOT_SUDO entry
24492 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
24495 *** empty log message ***
24496 [5b63de579ff7] [SUDO_1_4_0]
24507 AIX aixcrypt.exp now uses $(srcdir)
24511 added entry for anal ansi compilers
24514 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
24517 added info on libcrypt_i for SCO
24521 *** empty log message ***
24536 * INSTALL, OPTIONS, README, config.h.in, configure.in:
24541 ++version and fixed ISC
24544 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
24545 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
24546 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
24547 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
24553 added STUB_LOAD_INTERFACES ++version
24556 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
24562 added info about fd_set in tgetpass added info on interfaces.c
24565 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
24576 tgetpass.o is now only linked in with sudo (not visudo)
24579 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
24581 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
24587 added copyright notice
24590 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
24591 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24592 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
24593 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
24594 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
24599 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
24603 ISC now gets -lcrypt now check for sys/bsdtypes.h
24607 added check for sys/bsdtypes.h
24610 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
24613 removed debugging stuff (setting freed ptr to NULL)
24625 added section on syslog
24629 added AC_ISC_POSIX for better ISC support
24637 added define for _POSIX_SOURCE
24640 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
24643 fixed check for lsearch()
24646 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
24649 fixed for AIX now deal if num_interfaces == 0 (should not happen)
24652 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
24655 now only define HAVE_LSEARCH if there is a corresponding search.h
24662 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
24665 now define HAVE_LSEARCH if we find lsearch() in libcompat
24669 char * -> const char *
24673 now looks in -lcompat for lsearch()
24677 remove sudo.core visudo.core for clan target
24681 added UID_MAX support in check for MAX_UID_T_LEN
24685 fixed another occurence of sudo_getpwuid.*
24688 * Makefile.in, getspwuid.c:
24689 sudo_getpwuid.c -> getspwuid.c
24696 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
24697 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
24698 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
24699 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
24700 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
24701 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
24702 version.h, visudo.c:
24707 added group support
24715 documented group support
24718 * parse.c, parse.lex, parse.yacc, visudo.c:
24719 added group support
24722 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
24725 tkfile was too short and overflowed the kerberos realm
24728 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
24731 now copy command args directly from Argv
24735 replaced code to copy cmnd_args so that is does not use realloc
24736 since most realloc()'s really stink
24739 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
24742 syslog() fixed in hpux 10.01
24745 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
24748 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
24752 better error if cannot find skey incs or libs
24756 now use a temp file for determining max len of uid_t in string form.
24757 the old hacky way broke on netbsd
24761 added set of parens and a space
24764 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
24767 fixes from Jeff Earickson <jaearick@colby.edu> ,
24775 fixed up testsudoers target
24779 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
24780 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
24784 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
24788 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
24791 fix for C2 on hpux 10 now uses -linet if it exists
24795 LONG_SKEY_PROMPT is less of a klusge /
24799 fixed typos w/ dce stuff
24806 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
24809 amended section on combining authentication mechanisms
24813 minor updates for 1.3.6
24817 added 2 more entries
24829 rewrote for sudo 1.3.6
24836 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
24838 * find_path.c, getspwuid.c, sudo.c:
24839 added explict casts for strdup since many includes don't prototype
24844 removed prototype for sudo_getpwuid() since convex C compiler choked
24849 added prototype for sudo_getpwuid()
24853 now compiles on strict ANSI compilers
24857 added LONG_SKEY_PROMPT support
24861 added extra $'s for make to eat up, yum.
24864 * OPTIONS, options.h:
24865 added LONG_SKEY_PROMPT
24868 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
24871 s/key support now works with normal s/key as well as logdaemon
24874 * OPTIONS, options.h:
24879 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
24883 added DCE note added more AIX notes
24887 now include pthread.h for DCE support
24891 dce_pwent() is ok after all .,
24895 now uses SYSLOG() macro that equates to either syslog() or
24900 minor formatting changes. renamed check() to somthing less generic
24903 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
24905 now uses user_pw_ent and simple macros to get at the contents
24908 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
24911 simpler dec unix C2 support
24915 now sets crypt_type for DEC unix C2
24918 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
24921 added csops paths for skey
24925 now includes string.h for strdup() prototype
24933 now includes skey.h
24941 moved a lot of the shadow passwd crap to sudo_getpwuid()
24945 now uses sudo_pw_ent
24949 now uses sudo_pw_ent
24953 now sets sudo_pw_ent
24961 moved dce stuff into compat.h
24964 * logging.c, sudo.h:
24965 now uses sudo_pw_ent
24969 added sudo_getpwuid.c
24977 now uses sudo_pw_ent
24980 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
24983 fixed exempt_group stuff for OS's that don't put base gid in group
24988 S/Key support now works with sunos4 shadow passwords
24995 * config.h.in, configure.in:
25004 first stab at dce support
25008 now smells like sudo
25016 skey'd sudo now works w/ normal password as well
25019 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
25021 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
25022 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25023 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25024 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25025 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25026 version.h, visudo.c:
25027 updated version number
25031 updated to reflect version change
25035 --with options now line up ++version
25039 removed unecesary S/Key stuff
25043 fixed S/Key support
25047 -I stuff now goes in CPPFLAGS
25059 fixed description of EXEMPTGROUP
25063 more people use _RLD_ than just alphas...
25067 replaced $man_prefix with $mandir
25075 now use more GNU'ish dir names
25079 now set *dir correctly (can override from command line)
25083 now deal with situations where we getwd() fails
25086 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
25089 added etc_dir, bin_dir, sbin_dir
25097 now ship a flex-generated lex.yy.c
25101 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
25105 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
25109 no more error for redefining SUDOERS_OWNER
25113 expanded SUDOERS_OWNER section
25116 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25119 now warn if chown(2) failed
25123 better default warning for NO_SUDOERS_FILE
25127 added missing set_perms() no more cryptic message if the sudoers
25128 file is zero length, now just give a parse error
25132 better diagnostics if NO_SUDOERS_FILE
25136 check_sudoers() now catches sudoers files that are not readable (but
25140 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
25143 now add -D__STDC__ for convex cc (not gcc)
25147 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
25151 now uses exec_prefix & prefix from configure
25154 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
25155 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
25157 options.h is now <> instead of "" so shadow build trees can have a
25158 custom copy of options.h
25162 user_is_exempt() is no longer a hack, it now uses getgrnam()
25166 EXEMPTGROUP is now "sudo"
25170 MAN_POSTINSTALL now contains a leading space
25174 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
25175 testsudoers in clean:
25179 includes pwd.h to get _PASSWD_LEN definition
25182 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
25185 unset the KRB_CONF envariable if using kerberos so we don't get
25186 spoofed into using a bogus server
25189 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
25192 now explicately initialize match[] tp be FALSE
25195 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
25198 removed unused variable now passes -Wall
25202 yyerror and dumpaliases are now void's now passes -Wall
25206 added prototype for yyerror
25209 * check.c, logging.c, parse.c:
25214 rmeoved unused cruft now passes -Wall
25218 fixed headers that moved to emul dir
25222 fixed deref of nil pointer if no args
25225 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
25228 added a caveat to FQDN section
25231 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
25234 more $srcdir support for install targets
25237 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
25238 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
25239 don't include malloc.h if we include stdlib.h
25243 local search.h now lives in emul
25246 * check.c, utime.c:
25247 local utime.h now lives in emul dir
25251 local search.h now lives in emul
25255 added support for building in other than the sourcedir
25258 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
25261 annotated CSOPS_INSULTS option
25265 updated shadow passwords blurb
25269 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
25270 passes along foo as the arguments
25273 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
25276 collapsed pathname and dir sections into one -- its now less
25281 fixed spacing quoting [,:\\=] now works correctly append() and
25282 fill() now take args to make the above work
25286 fixed a typo that caused commands with no tty on fd 0 but a tty on
25287 fd 1 to erroneously have "none" as their tty
25290 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
25293 timestampfile is now a global static removed decl of timestampfile
25294 in remove_timestamp since we can just use the global one
25298 created touch() to update timestamps added USE_TTY_TICKETS support
25303 added _S_IFDIR and S_ISDIR
25306 * OPTIONS, options.h:
25307 added USE_TTY_TICKETS
25311 removed const from casts for lsearch() & lfind() to placate irix 4.x
25315 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
25318 now only strip '/dev/' off of a tty if it starts with '/dev/'
25326 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
25331 fixed incorrect #ifdef termio uses "unsigned short" not int for
25335 * parse.lex, parse.yacc:
25336 fixed a spelling error
25343 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
25350 added dotcat() to cat 2 strings w/ a dot effeciently now that we
25351 dynamically allocate strings they need to be free()'d
25355 dynamically allocates space for strings
25359 no more MAXCOMMANDLENGTH
25366 * logging.c, sudo.c:
25367 moved tty stuff into sudo.c
25370 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
25373 fixed a logic bug. Was denying a command if user gave command line
25374 args but there were none in the sudoers file which is wrong.
25378 MAXCOMMMANDLEN dropped down to 1K
25382 return foo; -> return(foo);
25386 fixed netgr_matches() prototype
25390 added support for escaping "termination" characters
25394 buf is now of size MAXPATHLEN+1 since it never holds command args
25402 fixed negation problem (doh!)
25406 fixed 2nd parameter to lfind()
25410 now do bounds checking in fill() and append()
25414 include netdb.h as we should added a missing void cast added
25415 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
25416 realloc actually moved the string instead of shrinking it
25420 updated with examples of new features
25424 now set errno to EACCES if not a regular file or not executable
25428 if given a fully-qualified or relative path we now check it with
25429 sudo_goodpath() and error out with the appropriate error message if
25430 the file does not exist or is not executable
25433 * emul/search.h, lsearch.c:
25434 now use correct args for lfind
25442 added in CSOps insults
25454 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
25458 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
25462 fixed -k load_interfaces() now gets called if FQDN is set
25463 -p now works with -s
25467 don't try to stat() "pseudo commands" like "validate"
25471 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
25475 added SecurID support added other insults to --with-csops
25483 added clobber target added ins_csops.h now gets CFLAGS from
25488 relaxed SUDO_FULL_VOID
25492 function comment blocks are now in same style as rest of code
25496 added support for command line args in /etc/sudoers
25500 updated to have command args in the sudoers file
25504 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
25507 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
25510 PATH renamed to COMMAND
25514 it is now a parse error for directories to have args attached to
25519 now say command args if telling user to buzz off
25523 -s no longer indicates end of args sped up loading on cmnd_args in
25528 removed an unreachable statement
25532 made more efficient by pulling out the terminators when in GOTCMND
25533 state and making them their own rule
25536 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
25539 removed MAXLOGLEN since it is no longer used
25543 now allows command args
25547 now groks command arguments
25551 now sets tty correctly when piped input
25555 fixed loading of cmnd_args (was including command name too)
25559 fixed a core dump due to incorrect if construct
25562 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
25565 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
25569 fixed check for ISC
25573 now sets cmnd_args used by log_error() and that will be used by the
25574 parse to check against command args
25582 now dynamically allocate logline since we can guess at its size
25585 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
25588 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
25589 "register" since the compiler knows more than I do now do a
25590 "basename" of the tty
25593 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
25600 added shell extern changed MODE_* to be bit masks to allow for
25601 several options together
25605 added -s (shell) option made MODE_* masks so we can do bitwise & and
25606 | to see if multiple flags are set.
25610 added securid support
25613 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
25616 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
25619 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
25621 * Makefile.in, version.h:
25625 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
25628 fixed free() of an uninitialized pointer (yuck)
25632 added netgr_matches
25636 cleaned up netgr_matches
25639 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
25645 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
25648 now installs sudoers.man -- really should clean this up though.
25652 added sudoers.cat and sudoers.man
25656 pulled out stuff on the sudoers file format into a separate man page
25664 fixed up my email address
25668 added checks for innetgr and getdomainname
25672 added dummy netgr_matches function
25676 added netgr_matches
25679 * parse.lex, parse.yacc:
25680 added NETGROUP support
25684 added HAVE_INNETGR & HAVE_GETDOMAINNAME
25687 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
25690 rewrote clean_env() that has rm_env() builtin
25693 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
25696 now cast uid to long in sprintf
25700 added _INSULTS suffix to HAL & GOONS end
25704 added _INSULTS suffix to HAL & GOONS
25707 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
25708 converted to new scheme of insult "unions" end
25712 now uses MAX_UID_T_LEN
25716 added SUDO_UID_T_LEN !l
25720 added MAX_UID_T_LEN
25724 now use MAX_UID_T_LEN
25728 added check for max len of uid_t fixed sco vs. isc check
25731 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
25742 hack to check for sco
25746 removed #include <net/route.h> since it was hosing some OS's
25749 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
25752 fixed prreadlink() prototype
25756 added parens in #if's
25764 moved SPW_* to config.h.in
25768 added a set of parens
25776 added SPW_* reordered error codes
25780 moved SPW_* to sudo.h
25783 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
25786 SPW_AUTH -> SPW_SECUREWARE
25790 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
25798 SPW_AUTH -> SPW_SECUREWARE
25802 now uses SHADOW_TYPE to make shadow pw support more readable and
25803 modular. It's a start...
25807 added autodetection of shadow passwords
25811 now uses SHADOW_TYPE define
25815 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
25819 added SUDO_CHECK_SHADOW
25822 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
25825 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
25826 memmove() since we dno longer use it...
25834 added BROKEN_SYSLOG support
25838 added BROKEN_SYSLOG
25842 now only bitch it timestamp > time_now + 2 * timeout to allow for a
25843 machine udpating its time from a server
25847 added 2 security notes updated Nieusma's email addr
25851 changed a memmove() to memcpy() since we don't have to worry about
25852 overlapping segments.
25855 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
25858 cleanup up the loop when interfaces are groped in so that it is
25862 * Makefile.in, version.h:
25866 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
25872 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
25875 fixed permissions check on /tmp/.odus
25878 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
25881 fixed some comments
25885 now checks owner & mode of timedir also checks for bogus dates on
25890 updated TIMEOUT info
25893 * logging.c, sudo.h:
25894 added BAD_STAMPDIR and BAD_STAMPFILE
25898 added definition of S_IRWXU
25905 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
25908 added #ifdef to make it compile on strange arches
25911 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
25914 fixed check for fulkl void impl.
25918 added mssing "static"
25922 replaced #elif with #else #if constructs for ancient C compilers
25926 updated irix c2 & kerb5 info
25930 added shadow pw support for irix
25933 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
25940 last changes for sudo 1.3.3
25944 now calls SUDO_SOCK_SA_LEN
25952 added SUDO_SOCK_SA_LEN
25956 now works with ip implementations that use sa_len in sockaddr
25960 added note about buggy AIX compiler
25964 now include sys/time.h for AIX
25967 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
25974 now works for ISC and others. yay.
25977 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
25979 * Makefile.in, version.h:
25983 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
25986 fixed test for full void impl
25990 now check to see that st_dev is non-zero before assuming that we are
25994 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
25996 * aclocal.m4, configure.in:
25997 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
26000 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
26003 fixed include file order for SUDO_FUNC_UTIME_POSIX
26007 added cast for ttyname()
26015 now deal correctly with all known variation of utime() -- yippe
26019 added SUDO_FUNC_UTIME_POSIX
26023 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
26027 added HAVE_UTIME_POSIX
26035 no longer assume !HAVE_UTIME_NULL means old BSD utime()
26039 fixed fascist C compiler warning
26043 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
26044 to 0 (just to be anal)
26047 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
26050 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
26058 reworked the ISC code
26061 * Makefile.in, version.h:
26066 now expect old-style utime(3) if utime() can't take NULL as an arg
26070 added check for utime.h
26078 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
26082 now search for kerb libs and includes
26086 added support for utime(2)'s that can't take a NULL parameter
26090 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
26094 added utime(s) stuff
26102 added HAVE_UTIME and HAVE_UTIME_NULL
26105 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
26108 now use HAVE_UTIME_NULL
26111 * emul/utime.h, utime.c:
26116 need to setuid(0) to make kerb4 stuff work.
26120 no more special case for kerberos
26124 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
26129 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
26134 now use private ticket file for kerberos support to avoid trouncing
26138 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
26141 added SPOOF_ATTEMPT & cmnd_st
26145 added anti-spoofing support
26149 now use global cmnd_st
26153 added SPOOF_ATTEMPT suypport
26156 * testsudoers.c, visudo.c:
26157 added void casts where appropriate
26161 fixed up spacing and added void casts where appropriate
26165 fixed problem with "-p prompt" but no args
26168 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
26171 added BUGS and annotated -l description
26175 validate() now takes a flag
26179 validate() now takes a flag added -l
26183 added support for -l
26187 validate() now takes a flag that says whether or not to check the
26191 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
26194 now deals with Argv == 1
26202 added prompt support reworked parse_args()
26214 now use BUFSIZ as length of kerb password added kpass so pass is
26215 always a char * now use prompt global when asking for a password
26219 now use BUFSIZ as _PASSWD_LEN if using kerberos
26226 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
26229 only look for -lufc or -lcrypt if crypt() not in libc
26233 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
26234 (unknown user) silently fail
26242 HAVE_KERBEROS -> HAVE_KERB4
26246 removed debugging printf
26250 KERBEROS -> KERB4 added checks for setreuid & setresuid
26254 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
26258 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
26259 with setresuid if applic
26263 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
26264 no setreuid() or a broken one
26267 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
26270 added kerberos support
26274 added HAVE_KERBEROS
26278 added KERBEROS support (long passwords)
26282 added kerberos support
26285 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
26288 added MODE_BACKGROUND
26292 escaped dashes added -b option
26300 added crypt() for osf/1 3.x enhanced secuiry
26304 now check for -lcrypt
26308 added ENXIO like EADDRNOTAVAIL
26311 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
26314 now emulate getwd(), not getcwd()
26318 getcwd() -> getwd()
26325 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
26327 * ins_2001.h, ins_classic.h, ins_goons.h:
26332 broke out insults into separate include files
26335 * OPTIONS, options.h:
26340 added ins_2001.h ins_classic.h ins_goons.h
26343 * Makefile.in, version.h:
26348 moved signal handler setup to setup_signals()
26352 added load_interfaces()
26356 moved load_interfaces to interfaces.c
26363 * OPTIONS, options.h:
26368 now uses clearaliases variable
26376 added interfaces.[co]
26380 now uses ip addrs and netmasks via load_interfaces()
26384 now remove IFS instead of setting to "sane" value
26387 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
26393 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
26396 sudo_goodpath.c-> goodpath.c
26400 added Andy's new ISC changes
26403 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
26406 added a sentence to SECURE_PATH info
26421 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
26427 * Makefile.in, version.h:
26432 sendmail is now looked for in
\17/usr/ucblib
26448 added unixware case
26452 user_is_exempt is no longer hidden
26460 isc and riscos changes
26464 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
26468 fixed a typo and added testsudoers stuff
26475 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
26478 applied fixed patch from Chris
26481 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
26488 added a set of braces for bison
26492 merged in Chris' changes to dekludge the parser.
26496 send_mail() was calling find_path() which is wrong since find_path()
26497 stores cmnd in a static var. Anyhow, it doesn't make much sense
26498 since MAILER should always be fully qualified
26501 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
26504 added User_Alias stuff
26508 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
26512 added DEC UNIX 3.0 w/ gcc
26516 Exit was being used in places where exit should be used
26520 added "User alias specification"
26524 fixed probs caused by making nslots and naliases a size_t
26528 added KSR, upped rev to 1.3.1b2
26531 * logging.c, parse.yacc:
26536 void * -> VOID * naliases and nslots are now size_t to appease
26537 lsearch on 64-bit machines
26540 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
26543 did a bunch of things and added a bunch :-)
26551 closer to BSD manpage style
26555 closer to standard BSD man format
26558 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
26559 pathnames.h.in, sudo.h, version.h:
26564 removed crufty #defines that are no longer used
26572 updated based on sudo changes
26576 now allow ALL keyword in User_Aliases now allow ALL keyword as well
26585 now sets SUDO_COMMAND and SUDO_GID envariables.
26589 fixed bug with full void impl check
26593 fixed User_Alias supoprt
26597 added stubs for User_Alias support
26601 now sets removes # bogus interfaces from num_interfaces
26605 added User_Alias support
26608 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
26611 removed extraneous TODO
26614 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
26617 ntwk_matches -> addr_matches
26621 ntwk_matches -> addr_matches
26625 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
26626 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
26631 took out debugging info
26635 OS was being set to unknown before non-uname based host checks.
26636 This caused no checks to happen since $OS was not zero-length.
26640 fixed loading of interfaces struct still has debugging info in
26648 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
26659 removed extraneous extern decl of "top
26667 removed parser_cleanup (no need for it now)
26671 now calls reset_aliases() directly
26674 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
26677 added a sentence to SECURE_PATH description
26681 fixed my stupid bug where I used NAMLEN on something I wanted to
26682 just get the name from. argh.
26685 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
26688 fixed argument order of memmove() that i hosed when converting from
26693 finally fixed DISTFILES line
26701 added missing files to DISTFILES
26705 SUPPORTED -> RUNSON
26708 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
26715 updated for pl5b1 release
26723 fixed bug where if you hit return at first sudo prompt it would
26724 still log as a failure
26732 better test for bogus void * implementation
26736 added PASSWORDS_NOT_CORRECT
26740 added PASSWORDS_NOT_CORRECT stuff]
26744 added PASSWORDS_NOT_CORRECT
26752 removed some unused vars and fixed up uid2str
26759 * getcwd.c, getwd.c:
26763 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
26766 fixed a typo I introduced in the last checkin :-(
26770 can't have #ifdef's where N is defined so just do this the broken
26775 better hack from Chris (but still a hack)
26779 stupid hack for broken aix lex
26783 now includes compat.h
\ 6
26787 now includes fcntl.h
26791 added FD_SET and FD_ZERO for 4.2BSD
26795 dirty hack to fix parser bug. i don't really like this but it works
26800 uid2str is now static like the prototype says
26803 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
26805 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
26814 check_sudoers now returns an error code and sudo calls inform_user
26815 and log_error based on the return value.
26818 * logging.c, sudo.h:
26819 added entries for new errors
26823 now set uid to that of SUDOERS_OWNER while parsing sudoers file
26827 took out testsudoers
\ 6
26831 now explicately checks that it is setuid root
26835 If a user has no passwd entry sudo would segv (writing to a garbage
26836 pointer). Now allocate space before writing :-)
26840 reordered AC_CHECK_FUNCS
26847 * tgetpass.c, visudo.c:
26852 bzero -> memset when a parse error is logged the line number of the
26853 error is now logged too
26857 added Sunos to blurb about c2 security
26861 added a SUN4 define for C2 security
26865 bcopy -> memmove bzero -> memset
26869 bcopy -> memmove char * -> VOID *
26873 added support for sunos with C2 security
26876 * OPTIONS, options.h:
26881 _PATH_SUDO_LOGFILE now set based on configure
26885 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
26889 added _SUDO_PATH_LOGFILE
26893 added SUDO_LOGFILE to find where to put sudo.log added
26894 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
26895 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
26898 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
26905 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
26906 to work around a problem is trusted hpux shadow passwords. yuck.
26910 backed out a change in malloc/realloc
26914 now include stdlib.h
26918 now do an freopen() of the stmp file so that yyin will always point
26919 to the same thing. This is important for flex since we are doing a
26924 replaced yywrap() with parser_cleanup() since yywrap() needs to be
26925 in parse.lex to be able to use YY_NEW_FILE. sigh.
26929 now have a rule that matches anything that doesn't match an
26930 explicite rule. well, you know what i mean (. matches anything not
26931 yet matched). However, this means that there is input still queued
26932 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
26933 into parse.lex and it calls parser_cleanup() which is most of the
26941 * getcwd.c, getwd.c:
26942 moved compat.h to be the last include file
26946 fixed type of aliascmp() args
26954 added casts to lfind and lsearch args for irix
26958 bsdinstall -> install-sh
26962 added info about make realclean
26966 updated VERSION added dependencies for visudo.cat
26978 now there is a real visudo.man and visudo.cat
26982 took out visudo stuff
26989 * parse.c, parse.lex, parse.yacc:
26998 updated Nieusma & Hieb email addresses
27002 updated to include options.h and OPTIONS
27010 eliminated bug #1 (yay)
27014 sunos no longer gets linked statically
27017 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
27020 prototype now uses __P()
27024 make fill() non-ansi
27028 made -v (validate) work
27036 don't check for execute/statable if fq or relative path given
27044 now include ctype.h for islower and tolower macros
27048 moved _S_IFMT & _S_ISREG to compat.h
27052 moved a set of parens
27056 now include compat.h
27064 now cast malloc & realloc return vals added search for HAVE_LSEARCH
27065 now use strcmp if no strcasecmp available
27073 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
27074 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
27078 added _S_IFMT, _S_IFREG, and S_ISREG
27082 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
27083 to most SUDO_* macros
27091 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
27092 AC_INSTALL_PROG instead of custom one added check for fully woorking
27093 void implementation
27097 added lsearch & search.h visudo links into $(LIBOBJS)
27101 partial 1.x to 2.x changes added SUDO_FULL_VOID
27105 whatnow_help was prototyped to be static be was not declared as
27110 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
27111 for dirent/dir/ndir.h
27115 now use groovy gnu autoconf macro AC_HEADER_DIRENT
27118 * getcwd.c, getwd.c:
27119 MAXPATHLEN -> MAXPATHLEN+1
27122 * emul/search.h, lsearch.c:
27126 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
27129 eliminated bison warnings
27137 now iincludes signal.h
27141 only clear data structures on a parse error
27145 whatnow() now gives help on invalid input
27149 added a whatnow() function (sort of like mh)
27153 kill_aliases -> reset_aliases yywrap() now cleans up by calling
27154 reset_aliases() and clearing top took reset stuff out of yyerror()
27155 since it doesn't beling there (and doesn't work anyway). errorlineno
27156 is now initially set to -1 so we can set it to the first error that
27157 occurrs (it was getting set to the last)
27165 rewrote from scratch based on 4.3BSD vipw.c
27168 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
27175 no more sudo_realpath() and find_path() changed params
27179 find_path() changed since no more realpath()
27183 on error, errorlineno is set to the line where the error occurred
27184 added kill_aliases() to free the aliases struct now clean up in
27185 yyerror() so we can reparse cleanly
27188 * options.h, parse.c:
27189 no more USE_REALPATH
27193 changed to use new find_path()
27197 removed all the realpath() stuff
27201 sudo_realpath.c -> sudo_goodpath.c
27205 now works correctly with utk parser
27213 eliminated a compiler warning
27217 elinated compiler warning
27221 added sudo_goodpath()
27225 added prototype for sudo_goodpath
27229 added support for /sys/dir.h
27233 USE_REALPATH turned off
27237 added calls to sudo_goodpath()
27241 added check for dirent.h
27245 added HAVE_DIRENT_H
27249 added in linux shadow pass stuff
\ 6
27252 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
27255 added back host, user, cmnd, parse_error
27259 added in utk changes plus some minor cosmetic changes
27262 * sudo.c, sudo_realpath.c:
27263 added void casts for printf's
27267 added a define of USE_REALPATH
27271 there is no more visudoers/Makefile
27275 added in utk changes (visudo is now built from the toplevel)
27279 added (void) casts to printf's
27282 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
27283 merged in utk changes
27286 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
27289 now check to see that what we are trying to run is a file (or a link
27290 to a file, we do a stat(2) so there is no diff)
27293 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
27300 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
27304 added myself as maintainer
27307 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
27310 changed setegid -> setgid
27313 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
27316 fixed the test for irix 5.x to skip bad libs
27320 now initialize OS and OSREV
27323 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
27330 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
27334 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
27337 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
27338 thing wrt yyrestart (grrrr)
27341 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
27344 added visudoers/compat.h to DISTFILES
27352 added ocmnd declaration adjusted for find_path()'s new parameters
27356 added ocmnd extern adjusted find_path() prototype
27360 cmndcmp() now takes 3 arguments and checks against the qualified as
27361 well as the unqualified pathname. more code that should use
27362 cmndcmp() but did not, now does
27370 changed to use new find_path() parameter passing
27374 find_path() now takes 2 copyout parameters (one for the qualified
27375 pathname and one for the unqualified pathname). The third parameter
27380 no longer munge pathnames.h
27384 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
27385 as a result, pathnames.h does not need to be run through configure
27386 and the user can override the configured values easily.
27390 added _SUDO_PATH_* entries
27394 _PATH* -> _SUDO_PATH_*
27398 updated DISTFILES and HDRS .o's now depend on config.h
27401 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
27404 removed extraneous #endif
27412 added SUDO_PROG_MV added riscos and isc os types took out
27413 -DSHORT_MESSAGE from --with-csops since it is now the default
27417 move the include of id.h to compat.h now includes options.h
27421 moved compatibility #defines to compat.h
27429 move __P to compat.h
27432 * getcwd.c, getwd.c, putenv.c:
27433 now includes compat.h
27440 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
27443 pull user-configurable stuff out and put in options.h
27446 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
27448 * parse.lex, parse.yacc, visudo.c:
27449 now includes options.h
27452 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
27454 now includes options.h
27458 added visudoers/options.h
27461 * OPTIONS, options.h:
27466 added OPTIONS and options.h
27470 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
27474 changed PASSWORD_TIMEOUT to minutes
27477 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
27480 now only do Editor +line_num if line_num != 0
27483 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
27486 now use mv if rename(2) fails
27497 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
27500 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
27503 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
27506 added mips & isc support
27510 added support for non-root owned sudoers file
27514 added exempt group support
27518 added set_perms() support added SUDOERS_OWNER so can have non-root
27519 own sudoers file added exempt group support added isc support
27523 now copy sudoers to temp file via read/write (not stdio) now chown
27524 new sudoers file to SUDOERS_OWNER
27527 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
27538 fixed typo added set_perms support added skey support added
27539 seteuid()/setegid() emulation for AIX
27543 be_* -> setperms() now check to make sure sudoers file is owned by
27544 root nread/write by only root
27547 * logging.c, parse.c:
27552 be_* -> set_perms() added skey support
27555 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
27565 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
27575 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
27581 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
27596 now bail if ARgv[1] > MAXPATHLEN
27600 added function check for tcgetattr(3)
27604 only define HAVE_TERMIOS_H if you have tcgetattr(3)
27608 added check for tcgetattr
27611 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
27617 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
27620 now only include unistd.h for linux
27623 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
27626 added visudo.8 generation
27630 added -Wl,-bI:./aixcrypt.exp to aix flags
27633 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
27644 added mailing list info
27648 now use sudolineno instead of yylineno fixed bison warnings
27652 now use -no_library_replacement for osf don't make a static binary
27657 added string.h/strings.h inclusion
27665 added inclusion of string.h/strings.h
27669 fixed uname | sed (needed to quote the '[')
27673 replaced yylineno with sudolineno fixed bison syntax errors
27677 changed yylineno to sudolineno since yylineno cannot be counted
27686 added code to support command listings
27690 added code for -l flag
27694 fixed typo added info for -l flag
27698 AC_SSIZE_T -> SUDO_SSIZE_T
27713 * find_path.c, sudo_realpath.c:
27714 readlink() is now declared as returning ssize~_t
27718 added -laud for OSF c2
27721 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
27723 * Makefile.in, visudo.c:
27724 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
27727 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
27728 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
27731 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
27732 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
27733 sudo_setenv.c, tgetpass.c, version.h:
27734 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
27737 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
27748 added host to alertmail messages
27756 fixed logging problem where mail would not say which user it was
27760 added -laud for gcc if osf & c2
27764 moved set_auth_parameters to sudo.c
27768 added set_auth_parameters for osf
27772 cleaned up -static stuff
27784 changed setenv() to sudo_setenv()
27800 added osf auth support & removed some extra spaces
27803 * INSTALL, SUPPORTED:
27807 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
27810 added 2 suggestions
27814 removed README.v1.3.1 and added VERSION stuff
27821 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
27832 mention HISTPRY file
27836 use sizeof instead of a constant in 1 place
27855 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
27859 [7dfbb4a810bb] [SUDO_1_3_1]
27866 added unistd.h include
27869 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
27872 added sys/time.h for AIX
27875 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
27878 added check for -lsocket and sys/sockio.h
27882 took out libshadow check and added in sys/sockio.h check
27886 now include sockio.h instead of ioctl.h if it exists "sudo -" now
27887 gets a better error message
27891 now has a dir and subnet entry
27894 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
27905 added network and ip addresses to man page
27909 no error if can't get interfaces or netmask since networking may not
27914 nwo check for interfaces == NULL
27918 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
27919 the last entry in the spec failed (ie: it was only looking at the
27920 last entry). CLeaned things up by adding the cmndcmp() function--all
27928 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
27931 now do two passes to skip bogus interfaces (lo0, etc)
27934 * parse.lex, parse.yacc, visudo.c:
27935 added include of netinet/in.h
27938 * logging.c, sudo_realpath.c, sudo_setenv.c:
27939 added ninclude of netinet/in.h
27942 * check.c, find_path.c, getcwd.c, getwd.c:
27943 added include of netinet/in.h
27951 added interfaces global
27955 now uses new interfaces global
27959 now ip addresses are gleaned fw/o dns
27962 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
27965 added load_ip_addrs() to load the ip_addrs global var
27969 added hostcmp() to compare hostnames, ip addrs, and network addrs
27973 added ip_addrs def added load_ip_addrs prototype
27976 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
27983 removed multiple entries in DISTFILES
27987 ansified the !STDC_HEADERS decls
27990 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
27991 don't do malloc decl if gnuc
27995 can't use getopt(3) since it munges args to the command to be run as
27996 root don't do malloc decl if gnuc
27999 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
28000 sudo_realpath.c, sudo_setenv.c:
28001 ansi-fied !STDC_HEADER function prottypes
28004 * getcwd.c, getwd.c:
28005 added missing paren
28009 added putenv.c to DISTFILES
28013 added params to func decls when STDC_HEADERS is not defined now can
28014 count on putenv() being there
28018 took out errno decl since sudo.h does it for us fixed up a next cc
28019 warning added params to func decls when STDC_HEADERS is not defined
28023 took out environ extern added local declaratio of putenv() if local
28027 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
28028 added params to func decls when STDC_HEADERS is not defined
28032 added memcpy check check to see that ansi vs bsd macros are ntot
28033 already defiend before defining (ie: avoid redefinition)
28037 removed fluff setenv check plus check w/ replace for putenv if also
28045 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
28052 rm'd s realp[ath added sudo_realpath and sudo_setenv
28056 now use sudo_setenvc
28060 added puteenv and setenv, removed realpath
28064 added putenv & setenv
28075 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
28078 added MAN_POSTINSTALL and /usr/share/catman for irix
28082 added MAN_POSTINSTALL
28090 added SUDO_* plus new options
28098 took out shadow lib
28106 now use yyrestart() if flex now reset yylineno to 0
28110 support for installing a cat page instead of a man page if no nroff
28114 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
28115 to determine whether or not to install a cat or man page
28123 not set ret to MODE_RUN initially
28127 made command (and therefor cmnd dynamically allocated)
28139 changed bufs from MAXPATHLEN to MAXPATHLEN+1
28143 added MODE_ removed validate_only and added remove_timestamp()
28147 usage() now takes an int (exit value) added parse_args() to parse
28148 command line arguments moved call to find_path() from load_globals
28149 to new function load_cmnd() removed validate_only global -- now use
28150 the concept of "modes" added -h and -k options
28154 no longer use global validate_only now checks for command called
28155 "validate" removed check for non-fully qualified commands since that
28156 is done by find_path
28160 changed MAXPATHLEN r to MAXPATHLEN+1
28164 fixed off by one error with MAXPATHLEN and fixed a comment
28168 check_timestamp no longer runs reminder(), it is implied in the
28169 return val added remove_timestamp()
28176 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
28190 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
28193 moved send_mail to after syslog
28197 now set SUDO_ envariables
28200 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
28207 now print error if chdir fails
28214 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
28221 no more static binaries for aix
28224 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
28231 took out stuff not needed for sudo now does be_root/be_user itself
28232 now uses cwd global
28239 * logging.c, sudo.c:
28240 be_root/be_user is now down in sudo_realpath()
28243 * logging.c, sudo.h:
28244 now works with 4.2BSD syslog (blech)
28248 now use sudo_realpath()
28252 took out realpth() stuff since we now use sudo_realpath()
28256 ultrix enhanced sec
28260 added ultrix enhanced sec.
28268 ultrix enhanced security suport
28272 added sudo_realpath.c
28280 increased passwd len to 24 for c2 security
28287 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
28290 now use user global var
28297 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
28304 user is now a char * added epasswd
28308 added tzset() to load_globals added epasswd (encrypted password)
28309 global made user dynamically allocated
28321 cleaned up encrypted passwd grab somewhat
28337 can now log to both syslog & a file
28361 removed AFS stuff :-)
28365 include sys/select for AIX
28376 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28378 * CHANGES, SUPPORTED:
28383 can now have MAILER undefined
28387 new sub-note about MAILER
28391 added blurb about password timeout
28399 took out duplicate define of _CONVEX_SOURCE
28411 added a goto if fgets fails
28415 use __hpux not hpux convex c2 stuff
28419 use __hpux not hpux
28427 define ansi-ish cpp os defines if non-ansi are defined for hpux &
28432 updated to say we support sonvex C2
28436 added convex c2 support
28439 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
28442 no more ioctl never returns NULL uses fgets() and select() to
28446 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
28449 things were testing -n "$GCC" instead of -z "$GCC"
28453 now works + uses fgets()
28456 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
28459 select doesn't seem to recognize a single '\n' as input waiting so
28460 we can;t use it, sigh.
28463 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
28466 updated tgetpass() blurb
28470 added --with-getpass
28474 added tgetpass stuff
28485 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
28492 added USE_GETPASS && HAVE_C2_SECURITY
28496 fixed a test aded --with-C2 and --with-tgetpass
28504 took out tgetpass.*
28511 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
28514 no termio(s) for ultrix since it is broken
28518 added a space (yeah, anal)
28521 * realpath.c, sudo_realpath.c:
28522 fixed it (duh, rtfm)
28525 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
28528 took out bsd signal stuff for irix
28536 don't define BSD signals for irix
28547 * realpath.c, sudo_realpath.c:
28548 took out unneeded code by changing where a strings was terminated
28551 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
28553 * realpath.c, sudo_realpath.c:
28554 fix bug where /dirname would return NULL
28558 move __P to config.h
28561 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
28562 added errno definition
28577 * realpath.c, sudo_realpath.c:
28578 now works if no fchdir
28582 define SA_RESETHAND to null if not defined
28586 added check & replace
28590 took out -static for nextstep -- it doesn't work
28593 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
28596 moved #endif to where it belongs
28604 now checks for strdup realpath getcwd bzero
28612 added posic signals
28620 added posix signals
28624 removed BROKEN_GETPASS added new srcs toreplace missing functions
28628 added posix signal stuff
28640 now uses posix signals
28644 updated sto reflect major changes
28652 uses sysconf() if available
28656 added PASSWORD_TIMEOUT + prototypes for new functions
28659 * realpath.c, sudo_realpath.c:
28660 for those w/o this in libc
28663 * getcwd.c, getwd.c:
28668 rewrote to use realpath(3) - nis now all my code
28672 added HAVE_REALPATH
28680 added LIBOBJS use tgetpass.c
28683 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
28697 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
28708 added check for getwd
28712 replace strdup & realpath & getcwd if missing
28720 added SUDO_PROG_PWD
28727 * realpath.c, sudo_realpath.c:
28731 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
28734 quoted quare brackets
28737 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
28740 no need to strdup() a constant
28755 * parse.c, sudo.c, sudo.h:
28756 added validate_only stuff
28759 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
28766 $OSREV is now an int
28769 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
28772 added mtxinu to caser
28780 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
28784 changed mail_argv[] def now use EXEC() macro
28788 took out crypt() definition
28796 always look for -lnsl
28804 SHORT_MESSAGE is now the default
28812 added missing AC_DEFINE(SVR4) for solaris
28816 documented the -v flag
28828 added LIBSHADOW undef
28832 nwo set OS to be lowercase
28835 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
28838 now use SUDO_OSTYPE to set $OS
28842 now use uname to determine os
28846 added prototypes & moved sig handler around
28853 * check.c, logging.c, sudo.c:
28862 nwo use _BSD_SIGNALS not _BSD_COMPAT
28873 * parse.lex, parse.yacc:
28874 moved config.h to top of includes
28877 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
28880 now don't bitch if get EACCESS (treat like EPERM)
28884 added -v flag and usage()
28892 cast Argv to a const for exec added -v flag
28896 mail_argv is now a const
28900 only set RETSIGTYPE if it is not set already
28904 now defines & STDC_HEADERS for Irix
28911 * insults.h, sudo.h:
28912 prevent multiple inclusion
28919 * parse.lex, parse.yacc:
28920 now includes config.h
28924 now talks about sunos 4.x
28928 calls to Exit now pass an arg
28931 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
28934 signal handler now takes an int argument
28942 ok, the getcwd() is now *really* done as the user
28946 changed AIX STATIC_FLAGS
28950 solaris now defines SVR4
28954 added cwd and fixed stupid core dump that makes no sense. sigh.
28958 moved getcwd stuff into load_globals
28962 took out externs that are in suod.h
28966 moved cwd into load_globals
28974 fixed make distclean & realclean
28982 added solaris changes
28986 added solaris changes, need to rework
28990 cleaned up for solaris
28994 reinstall reapchild signal handler for non-bsd signals
28998 took out getdtablesize() emulation for HP-UX (no longer needed)
29002 support for HAVE_SYSCONF
29006 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
29014 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
29017 now tells you what os you are running /.
29024 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
29039 uid seinitialized to -2
29042 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
29045 now removes LIBPATH for AIX
29048 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
29051 now uses ufc if it finds it
29054 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
29057 no longer define yyval & yylval since yacc does it
29061 now defines yylval as extenr
29065 BROKEN_GETPASS is now an OPTION
29069 took out BROKEN_GETPASS
29073 took out big comment
29081 took out README.beta
29089 now reference SUPPORTED .,
29093 now check for convex OR __convex__
29097 now check for convex or __convex__
29109 now use _S_* stat stuff to be ansi-like
29113 updated for configure directions
29117 distclean now removes config.h and pathnames.h
29136 * config.h.in, pathnames.h.in:
29137 added copyright header
29140 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
29141 parse.yacc, sudo.c, sudo.h:
29146 udpated to use configure + pathnames.h
29153 * Makefile.in, config.h.in, configure.in:
29158 now works with configure
29161 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
29162 updated to work with configure + pathnames.h
29169 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
29172 updated gnu general licence to versio 2
29175 * config.h.in, pathnames.h.in:
29180 changed to work with configure
29183 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
29185 * Makefile.in, aclocal.m4, configure.in:
29190 now uses defines used by configure
29193 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
29196 sudo won't bitch about EPERM now, for real
29199 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
29202 renamed exec_argv to eliminate a libc name clash with ksros
29209 * logging.c, sudo.c, sudo.h:
29226 added UMASK and mode_t declaration
29234 now opens log file with mode 077
29238 saved current umask ans restores it
29242 added MAXLOGFILELEN
29246 split long log lines. FOr syslog, split into multiple entries, for
29247 a log file, indent the extra for readability
29250 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
29257 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
29260 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
29263 added input from Brett M Hogden <hogden@rge.com>
29266 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29269 added rmenv() to remove stuff from environ. can now uses execvp()
29270 OR execve() becuase of this.
29274 now uses execvp() OR execve()
29290 moved some func decls out of sudo.h and into sudo.c as statics /.
29301 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
29307 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
29322 added sample.sudoers note
29329 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
29336 took out SAVED_UID garbage
29337 [b7c2d3469661] [SUDO_1_3_0]
29356 more verbose error if mailer not found
29360 now do getpwent as root for soem shadow password systems (bsdi)
29363 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
29366 took out SAVED_UID garbade
29370 took out SAVED_UID garbage since it don't work
29373 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
29380 added a missing space :-)
29384 took out multimax cruft
29396 fixed a typo + indentation
29399 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
29402 took outumoved some defines to the config file ,. ,.
29414 added HAS_SAVED_UID
29421 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
29427 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
29433 * check.c, logging.c, parse.c, sudo.c, sudo.h:
29434 now is only root when abs necesary
29441 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
29456 now removed _RLD_* for alphas
29460 updated for new config scheme
29464 more verbose eror messages
29467 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
29474 define __svr4__ for SOLARIS
29478 added svr4 junk for shadow pws for solaris 2.x
29482 took out setuid(0) and setreuid(udi) garbage. Its not needed since
29483 we start out setuid with the correct perms.
29486 * check.c, sudo.c, sudo.h:
29490 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
29493 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
29498 now uses ENV_EDITOR if you want to use the EDITOR envar
29502 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
29505 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
29508 rewrote most of this
29512 minor update + spell fix
29516 added all options that are in the Makefile
29520 now use USE_TERMIO #define for sgi & hpux
29527 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
29529 * check.c, find_path.c:
29530 always include strings.h
29538 sgi has vi in /usr/bin too
29545 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
29548 sue /usr/bin/vi on some systems
29552 fixed warning (include strings.h)
29556 added John_Rouillard@dl5000.bc.edu's changes (new features)
29560 changes from John_Rouillard@dl5000.bc.edu
29567 * check.c, find_path.c, parse.c, sudo.c:
29568 added patches from John_Rouillard directory spec
29572 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
29575 added flush for hpux
29578 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
29581 no longer assume malloc returns a char *
29585 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
29586 gets removed correctly
29590 added STD_HEADERS macro
29594 now uses STD_HEADERS macor for ansi
29598 now uses STD_HEADERS macro
29602 niceties for C compiler bitches -- no real change
29605 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
29608 now doesn't fclose a file never opened.
29611 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
29618 added error stuff added me in there...
29626 added blurb about reading stuff
29634 corrected somments and removed newlines
29646 added dec syslog note
29650 added real stuff in there
29661 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
29668 updated with changes
29679 * CHANGES, COPYING, INSTALL, README, TODO:
29684 updated version number and took out jeff's old addr since it is no
29688 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
29690 updated version number and took out jeff's email (since it is
29694 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
29700 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
29703 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
29706 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
29713 now sudo.h gets included first
29716 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
29727 hpux 9 fix, removes SHLIB_PATH linux patch
29734 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
29737 stat now ignores EINVAL
29740 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
29742 * find_path.c, sudo.c:
29743 now declare strdup as extern
29746 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
29749 reformatted with indent + by hand
29752 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
29753 used indent to "fix" coding style
29757 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
29758 move the code that does this into the loop body. makes it messier
29762 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
29765 redid the fix for non-executable files in an easier to read way plus
29766 some minor aethetic changes
29770 fixed bug with non-executable tings of same name in path introduced
29771 by checkig errno after stat(2).
29774 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
29777 fixed off by one error
29781 now handles decending below '/' correctly
29785 now actually builds Envp instead of munging envp
29788 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
29791 now includes sys/param.h
29795 now includes sys/param.h
29799 fixed ifndef -> ifdef
29803 make more like find_path.c
29807 rewritten by millert
29811 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
29812 about new defines in the comment
29820 added delc for clean_envp() and Envp
29824 now rips LD_* env vars out of envp and passed sanitized Envp to exec
29832 ENOTDIR is ok now too (in case part of the path is bogus)
29836 now works correctly (ttaltotal rewrite)
29840 now includes sys/param.h didn't match trailing / -- fix from
29844 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
29847 moved around the #ifndef _AIX
29850 * check.c, logging.c, parse.c:
29854 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
29860 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
29863 now works if you do sudo bin/test
29870 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
29880 * parse.lex, parse.yacc:
29884 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29891 now spews error if exec fails and exits with -1
29899 now only execs files with (an) executable bit set.
29906 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>