1 2012-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
4 Fixed a format string vulnerability when the sudo binary (or a
5 symbolic link to the sudo binary) contains printf format escapes
6 and the -D (debugging) flag is used.
8 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
11 Include parent directories in case they don't already exist. This
12 fixes a directory permissions problem with the AIX package when the
13 /usr/local directories don't already exist.
15 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
17 * plugins/sudoers/Makefile.in:
18 check_addr needs to link with the network libraries on Solaris
21 * plugins/sudoers/match.c:
22 When matching a RunasAlias for a runas group, pass the alias in as
23 the group_list, not the user_list. From Daniel Kopecek.
26 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
27 We need to init the auth system regardless of whether we need a
28 password since we will be closing the PAM session in the monitor
29 process. Fixes a crash in the monitor on Solaris; bugzilla #518
32 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
35 Added tag SUDO_1_8_3 for changeset 82bec4d3a203
38 * Update Japanese sudoers translation from translationproject.org
39 [82bec4d3a203] [SUDO_1_8_3] <1.8>
41 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
43 * configure, configure.in:
44 Override and ignore the --disable-static option. Sudo already runs
45 libtool with -tag=disable-static where applicable and we need non-
46 PIC objects to build the executables.
49 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
55 * plugins/sudoers/po/sudoers.pot:
59 * Ignore set_logname (which is now the default) for sudoedit since we
60 want the LOGNAME, USER and USERNAME environment variables to refer
61 to the calling user since that is who the editor runs as. This
62 allows the editor to find the user's startup files. Fixes bugzilla
66 * Instead of trying to grow the buffer in make_grlist_item(), simply
67 increase the total length, free the old buffer and allocate a new
68 one. This is less error prone and saves us from having to adjust
69 all the pointers in the buffer. This code path is only taken when
70 there are groups longer than the length of the user field in struct
71 utmp or utmpx, which should be quite rare.
74 * Add Italian translation for sudo from translationproject.org
78 Japanese translation for sudo and sudoers from
79 translationproject.org
82 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
84 * sudoreplay depends on timestr.lo too; from Mike Frysinger
87 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
89 * plugins/sudoers/po/sudoers.pot:
90 Regen sudoers pot file.
94 Update with latest sudo 1.8.3 news
97 * ldap_start_tls_s() on Debian (at least) sets the effective and saved
98 uids to the same value as the real uid. This prevents sudo from
99 setting the uid or gid later on. As a workaround, we now set perms
100 to root during sudoers_policy_open().
103 * Better warning message on setuid() failure for the setreuid()
104 version of set_perms().
107 2011-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
110 Combine new translations in NEWS item
113 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
115 * Delref auth_pw at the end of check_user() instead of getting a ref
119 * Make sudo_auth_{init,cleanup} return TRUE on success and check for
120 sudo_auth_init() return value in check_user().
123 * Do not return without restoring permissions.
126 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
131 Update for latest release candidate
134 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
138 * Modify the authentication API such that the init and cleanup
139 functions are always called, regardless of whether or not we are
140 going to verify a password. This is needed for proper PAM session
144 * Add missing dependency for getspwgen other depends.
147 * Fix a PAM_USER mismatch in session open/close. We update PAM_USER
148 to the target user immediately before setting resource limits, which
149 is after the monitor process has forked (so it has the old value).
150 Also, if the user did not authenticate, there is no pamh in the
151 monitor so we need to init pam here too. This means we end up
152 calling pam_start() twice, which should be fixed, but at least the
153 session is always properly closed now.
156 * Add check for old being NULL in utmp_setid(); from Steven McDonald
159 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
161 * If the invoking user cannot be resolved by uid fake the struct
162 passwd and store it in the cache so we can delref it on exit.
165 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
167 * Don't error out if the group plugin cannot be loaded, just warn.
170 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
172 * Quiet a false positive found by several static analysis tools. These
173 tools don't know that log_error() does not return (it longjmps to
174 error_jmp which returns to the sudo front-end).
177 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
179 * Add Italian translation for sudo from translationproject.org Regen
184 Added tag SUDO_1_8_2 for changeset 3682e51af1d0
187 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
189 * Update to current reality and add bit about ssh auth
192 * Make "verbose" static; fixes a namespace clash with
193 pam_ssh_agent_auth (and it doesn't need to be extern these days).
196 * configure, configure.in:
197 FreeBSD has libutil.h not util.h
200 * configure, configure.in:
201 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
204 * Update po files from translationproject.org
207 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
210 Mention DEREF support
213 * plugins/sudoers/po/sudoers.pot:
217 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
218 Add support for DEREF in ldap.conf.
222 install target should depend on ChangeLog too, not just install-doc
225 * NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in:
226 Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
229 * configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
233 * configure, configure.in:
234 Fix some square brackets in case statements that needed to be
235 doubled up. While here, use $OSMAJOR when it makes sense.
238 * Fix a crash in make_grlist_item() on 64-bit machines with strict
242 * Remove list_options() function that is no longer used now that "sudo
246 * configure, configure.in:
247 Error message if user tries --with-CC
250 * configure, configure.in:
251 Check for -libmldap too when looking for ldap libs, which is the
252 Tivoli Directory Server client library.
255 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
256 regen pot files for 1.8.3
259 * NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
260 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
261 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
262 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
264 Update for version 1.8.3
267 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
269 * Honor NOPASSWD tag for denied commands too.
272 * INSTALL, configure, configure.in:
273 Remove --with-CC option; it doesn't work correctly now that we use
274 libtool. Users can get the same effect by setting the CC
275 environment variable when running configure.
278 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
280 * configure, configure.in:
281 Assume all modern systems support fstat(2).
284 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
286 * configure, configure.in:
287 Add configure test for missing errno declaration and only declare it
288 ourselves if it is missing.
291 * Include errno.h before sudo.h to avoid conflicting with the system
295 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
297 * Only print individual check status when there is a failure.
300 * Add calls to setprogname() for test programs.
303 * configure, configure.in:
304 Add -Wall and -Werror after all tests so they don't cause failures.
307 * Actually run check_addr in the check target
310 * Split out address matching into its own file and add regression
314 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
316 * Fix matching a network number with netmask when the network number
317 is not the first address in the CIDR block.
320 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
322 * Don't assume all editors support the +linenumber command line
323 argument, use a whitelist of known good editors.
326 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
328 * Silence compiler warnings on Solaris with gcc 3.4.3
331 * Fix building on RHEL 3
334 * INSTALL, configure, configure.in:
335 Add --enable-werror configure option.
338 * setgroups() proto lives in grp.h on RHEL4, perhaps others.
341 * configure, configure.in:
342 Use PAM by default on AIX 6 and higher.
345 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
347 * Add new Esperanto translation from translationproject.org
350 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
352 * Quiet an innocuous valgrind warning.
355 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
357 * Fix expansion of strftime() escapes in log_dir and add a regress
358 test that exhibited the problem.
361 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
362 Fix "make check" return value.
365 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
367 * plugins/sudoers/po/sudoers.pot:
369 [3682e51af1d0] [SUDO_1_8_2] <1.8>
372 Fix logic inversion in pot file up to date check.
375 * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat,
376 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
377 doc/visudo.cat, doc/visudo.man.in:
381 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
383 * configure, configure.in:
384 Add caching for gettext() checks.
387 * configure, configure.in:
388 Better handling of libintl header and library mismatch.
391 2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
397 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
399 * Also check sudoers gid if sudoers is group writable.
403 Update for 1.8.2 final
406 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
408 * configure, configure.in:
409 If dlopen is present but libtool doesn't find it, error out since it
410 probably means that libtool doesn't support the system.
413 * configure args on the command line should override builtin defaults.
414 Disable NLS for non-Linux/Solaris unless explicitly enabled.
417 * Fix loop that calls authenticate(). If there was an error message
418 from authenticate(), display it.
421 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
423 * configure, configure.in:
424 Update to autoconf 2.68 and libtool 2.4
427 * Fix typo; OPT should be OTP
430 * Rename libsudoers convenience library to libparsesudoers to avoid
434 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
436 * Add Danish sudoers translation from translationproject.org
439 * Add dedicated callback function for runas_default sudoers setting
440 that only sets runas_pw if no runas user or group was specified by
444 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
446 * Update Finish, Polish, Russian and Ukrainian translations from
447 translationproject.org.
451 Go back to using a callback for runas_default to keep runas_pw in
452 sync. This is needed to make per-entry runas_default settings work
453 with LDAP-based sudoers. Instead of declaring it a callback in
454 def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
455 bit naughty, but avoids requiring stub functions in visudo and the
459 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
461 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
466 Add check for out of date message catalogs when doing "make dist".
469 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
471 * configure, configure.in:
472 Make sure compiler supports static-libgcc before using it.
475 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
477 * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
480 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
482 * Add new Russian sudo translation from translationproject.org and
483 rebuild the other translation files.
486 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
488 * Update Finish and Polish translations from translationproject.org
491 * Go back to escaping the command args for "sudo -i" and "sudo -s"
492 before calling the plugin. Otherwise, spaces in the command args
493 are not treated properly. The sudoers plugin will unescape non-
494 spaces to make matching easier.
497 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
499 * Fix some potential problems found by the clang static analyzer, none
503 * Updated Ukranian and Chinese (simplified) po files from
504 translationproject.org
507 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
509 * Updated Polish translation from translationproject.org
512 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
516 * Don't try to audit failure if the runas user does not exist. We
517 don't have the user's command at this point so there is nothing to
518 audit. Add a NULL check in audit_success() and audit_failure() just
519 to be on the safe side.
522 * Add -g to CFLAG for PIE builds.
525 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
527 * Remove fallback to per-group lookup when matching groups in sudoers.
528 The sudo front-end will now use getgrouplist() to get the user's
529 list of groups if getgroups() fails or returns zero groups so we
530 always have a list of the user's groups. For systems with
531 mbr_check_membership() which support more that NGROUPS_MAX groups
532 (Mac OS X), skip the call to getgroups() and use getgrouplist() so
533 we get all the groups.
536 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
538 * Fix setgroups() fallback code on EINVAL.
541 * Fix two PERM_INITIAL cases that were still using user_gids.
544 * Add Polish sudo message catalog
547 * user_group is no longer used, remove it
550 2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
552 * Add Polish translation from translationproject.org
555 * Add a wrapper for setgroups() that trims off extra groups and
556 retries if setgroups() fails. Also add some missing addrefs for
557 PERM_USER and PERM_FULL_USER.
560 * configure, configure.in:
561 Instead of keeping separate groups and gids arrays, create struct
562 group_info and use it to store both, along with a count for each.
563 Cache group info on a per-user basis using getgrouplist() to get the
564 groups. We no longer need special to special case the user or list
565 user for user_in_group() and thus no longer need to reset the groups
566 list when listing another user.
569 * Don't rely on NULL since we don't include a header for it.
575 * Do not shadow global sudo_mode with a local variable in set_cmnd()
578 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
580 * bash 2.x doesd not support the -l flag and exits with an error if it
581 is specified so use --login instead. This causes an error with bash
582 1.x (which uses -login instead) but this version is hopefully less
586 * Add Polish translation from translationproject.org
589 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
591 * Make error strings translatable.
594 * Only run configure with --with-pam-login for RHEL 5 and above.
597 * Fix typo in summary
600 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
602 * Add missing logwrap.c
605 * Split out log file word wrap code into its own file and add unit
606 tests. Fixes an off-by one in the word wrap when the log line
607 length matches loglinelen.
610 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
612 * For SuSE, only use /usr/lib64 as libexec if generating 64-bit
616 * Fix build error when --without-noexec configure option is used.
619 * configure, configure.in:
620 Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
624 2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
627 Document group lookup change and possible side effects.
630 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
632 * Resolve the list of gids passed in from the sudo frontend (the
633 result of getgroups()) to names and store both the group names and
634 ids in the sudo_user struct. When matching groups in the sudoers
635 file, match based on the names in the groups list first and only do
636 a gid-based match when we absolutely have to. By matching on the
637 group name (as it is listed in sudoers) instead of id (which we
638 would have to resolve) we save a lot of group lookups for sudoers
639 files with a lot of groups in them.
642 2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
648 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
650 * Workaround for "sudo -i command" and newer versions of bash which
651 don't go into login mode when -c is specified unless -l is too.
654 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
656 * Rewrite logfile word wrapping code to be more straight-forward and
657 actually wrap at the correct place.
660 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
667 Mention use_pty bug fix
670 * Set use_pty=true in command details when use_pty is set in sudoers.
674 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
676 * Sync Chinese (simplified) PO files from translationproject.org
679 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
681 * Add Danish translation from translationproject.org and add missing
685 * Makefile.in, configure, configure.in:
686 No longer need to specify LINGUAS in configure, "make install-nls"
687 now just installs all the .mo files it finds.
690 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
692 * Build CONTRIBUTORS from newly-added contributors.pod
695 * Rework the wording in the leading paragraph
698 2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
700 * Add a CONTRIBUTORS file with the names of folks who have contributed
701 code or patches to sudo since I started maintaining it (plus the
705 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
707 * Preserve SHELL variable for "sudo -s". Otherwise we can end up with
708 a situation where the SHELL variable and the actual shell being run
712 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
714 * configure, configure.in:
715 Only enable Solaris project support when setproject() is present in
719 * Explicitly set mode and owner of /etc/sudoers instead of relying on
720 "cp -p" to work in the postinstall script. On AIX 6.1 at least the
721 postinstall script runs before the final file permissions are set.
724 * Refer the user to the "Command Environment" section in description
731 * If there is no old dependency for an object file, use the MANIFEST
735 * Remove dependency for getgrouplist.lo as we don't ship that source
739 * Do not declare yyparse() static as the actual function generated by
744 Remove locale files in "make uninstall"
747 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
750 Add Basque translation and sync Finish and Ukranian translations.
754 Update PAM change to reflect latest checkin.
757 * configure, configure.in:
758 FreeBSD no longer needs the main sudo binary to link with -lpam now
759 that plug-ins are loaded with RTLD_GLOBAL.
762 * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
763 problems with pam modules not having access to symbols provided by
764 libpam on some platforms. Affects FreeBSD and SLES 10 at least.
768 Move xgettext invocation out of update-po target into update-pot
771 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
773 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
774 Regenerate .pot files for 1.8.2rc2
778 Move nls targets to the top level Makefile so the paths in the pot
786 * Add compiled version of sudo Finish translation
789 * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
793 * configure, configure.in:
794 Add Finish translation from translationproject.org
797 * The group named by exempt_group should not have a % prefix.
800 * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
803 * Fix compressed io log corruption in background mode by using _exit()
804 instead of exit() to avoid flushing buffers twice.
806 Improved background mode support. When not allocating a pty, the
807 command is run in its own process group. This prevents write access
808 to the tty. When running in a pty, stdin is not hooked up and we
809 never read from /dev/tty, which results in similar behavior.
812 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
814 * Clean up regress files Generate proper dependencies for regress objs
818 * Add missing dependency for check_fill.o.
821 2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
823 * INSTALL, configure, configure.in:
824 Add support for --enable-nls[=location]
827 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
832 * Quiet gcc warnings.
835 * configure, configure.in:
836 Don't install .mo files if gettext was not found.
839 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
841 * Always allocate a pty when running a command in the background but
842 call setsid() after forking to make sure we don't end up with a
846 * Add missing space between command name and the first command line
850 * Quiet a compiler warning on some platforms.
853 * README file that directs people to translationproject.org
856 * Sync translations with TP
860 Add 'sync-po' target to top-level Makefile to rsync the po files
861 from translationproject.org.
864 * install nls files from install target
868 Include .mo files in sudo binary packags.
871 * configure, configure.in:
872 Add simplified chinese translation
875 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
877 * configure, configure.in:
878 Add ukranian translation
881 * refer to siglist.c, not ./siglist.c since not all makes will treat
882 foo and ./foo the same.
885 * Set def_preserve_groups before searching for the command when the -P
890 Add dependency for siglist.lo in compat. This is a generated file
891 so "make depend" needs to depend on it.
894 * More dependency fixes.
897 * Fix a few dependencies.
900 * Place compiled mo files in the src dir, not the build dir. When
901 installing compiled mo files, display a status message.
904 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
906 * Tivoli Directory Server requires that seconds be present in a
907 timestamp, even though RFC 4517 states that they are optional.
910 * Add missing bit of copyright
913 * Mention cycle detection warnings
916 * When checking aliases, also check the contents of the alias in case
917 there are problems with an alias that is referenced inside another.
918 Replace the self reference check with real alias cycle detection.
921 * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
922 ENOENT in alias_find() and alias_remove() if the entry could not be
926 * Increment alias_seqno before calls to alias_remove_recursive() to
927 avoid false positives with the alias loop detection. Fixes spurious
928 warnings about unused aliases when they are nested.
934 * Add dependency on convenience libs to binaries
938 mkdep.pl only works when run from the src dir
942 Auto-generate Makefile dependencies with a perl script.
945 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
947 * If the user specifies a runas group via sudo's -g option that
948 matches the runas user's group in the passwd database and that group
949 is not denied in the Runas_Spec, allow it. Thus, if user root's gid
950 in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
951 no groups are present in the Runas_Spec.
954 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
957 Mention what is new in 1.8.2 (for now)
960 * Add dependencies on gettext.h
963 * Fix install-nls target with HP-UX sh when gettext is not present.
966 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
967 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
968 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
969 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
973 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
975 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
976 regenerate .pot files for lbuf changes
979 * configure, configure.in:
980 Add missing "checking" message for gettext when using the cache.
983 * Add primitive format string support to the lbuf code to make
984 translations simpler.
987 * configure, configure.in, plugins/sudoers/po/sudoers.pot,
989 Bump version to 1.8.2
992 * Add message catalog template files for sudo and the sudoers module.
996 Add gettext.h convenience header. This is similar to but distinct
997 from the one included with the gettext package.
1000 * configure, configure.in:
1001 Add checks for nroff -c and -Tascii flags
1002 [580c21905280] <1.8>
1004 * configure, configure.in:
1005 Add check for HP bundled C Compiler (which cannot create shared
1007 [34f616cbb0f3] <1.8>
1009 * Fix C format warnings.
1010 [f20a43a817f0] <1.8>
1013 [76bf8a4bf075] <1.8>
1015 * Translate help / usage strings.
1016 [16c5b7902d4c] <1.8>
1018 * Set --msgid-bugs-address to the bugzilla url
1019 [3e3cfa7b4ceb] <1.8>
1021 * INSTALL, Makefile.in, README, configure, configure.in:
1022 Add scaffolding to update .po files and install .mo files.
1023 [a51e60b35e47] <1.8>
1025 * Minor warning/error cleanup
1026 [593144ac87ff] <1.8>
1029 Emulate ngettext for the non-nls case
1030 [7cdf82de4dee] <1.8>
1032 * Do not mark untranslatable strings for translation
1033 [088271ed02d0] <1.8>
1035 * Use ROOT_UID not 0.
1036 [f901fa2fdaf2] <1.8>
1038 * Minor warning/error message cleanup
1039 [b99c7ef46236] <1.8>
1041 * cannot -> "unable to" in warning/error messages can't -> "unable to"
1042 in warning/error messages
1043 [5119140fabc7] <1.8>
1045 * configure, configure.in:
1046 FreeBSD needs the main sudo executable to link with -lpam when
1047 loading dynaic pam modules for some reason.
1048 [738b6778a505] <1.8>
1050 * We don't want to translate debugging messages.
1051 [357a575c2dfd] <1.8>
1053 * configure, configure.in:
1054 Add calls to bindtextdomain() and textdomain() Currently there are
1055 two domains, one for the sudo front-end and one for the sudoers
1056 plugin and its associated utilities.
1057 [907f39439d80] <1.8>
1059 * configure, configure.in:
1060 Fix caching of libc gettext check.
1061 [e229c21f412f] <1.8>
1063 * Mark defaults descriptions for translation
1064 [65e03d1f8203] <1.8>
1067 Update for sudo 1.8.1p2
1068 [89c31f2aa11e] <1.8>
1070 * Quiet compiler warning when SELinux is enabled.
1071 [51b1d7c8aa86] <1.8>
1073 * dd missing includes of libintl.h.
1074 [25662143d36d] <1.8>
1076 * Fix gettext marker.
1077 [7618856ba5de] <1.8>
1079 * Include libint.h where needed.
1080 [cc256b297b9d] <1.8>
1082 * Prepare sudoers module messages for translation.
1083 [1b7f0bbaa55f] <1.8>
1085 * Only check gid of sudoers file if it is group-readable.
1086 [f3cae943f35a] <1.8>
1088 * For AIX, keep calling authenticate() until reenter reaches 0.
1089 [e412676bac73] <1.8>
1091 * configure, configure.in:
1092 Cache the status of the initial gettext() check.
1093 [c32281768c0f] <1.8>
1095 * INSTALL, configure, configure.in:
1096 Add --disable-nls flag and improve checks for gettext.
1097 [b39674c1e538] <1.8>
1099 * configure, configure.in:
1100 When building with gcc on HP-UX, use -march=1.1 to produce portable
1101 binaries on a pa-risc2 host. Previously, the +Dportable option was
1102 used for the HP-UX C compiler but gcc always produced native
1104 [41351c23ad41] <1.8>
1106 * Prepare sudo front end messages for translation.
1107 [7807d6f74dac] <1.8>
1109 * configure, configure.in:
1110 Add initial scaffolding to support localization via gettext()
1111 [cdbbff7e6376] <1.8>
1113 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
1116 update copyright year
1117 [d681661f03cc] <1.8>
1120 No need to include version number at the top of these files.
1121 [7e11f673f773] <1.8>
1124 This is sudo 1.8.1 not 1.8.0
1125 [4d674f230d8a] <1.8>
1127 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
1129 * Don't let the fnmatch/glob macros expand the function prototype.
1130 [d449e9a8f447] <1.8>
1132 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
1134 * Resolve namespace collisions on HP-UX ia64 and possibly others by
1135 adding a rpl_ prefix to our fnmatch and glob replacements and
1136 #defining rpl_foo to foo in the header files.
1137 [d23889375b21] <1.8>
1139 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
1141 * Split ALL, ROLE and TYPE into their own actions. Since you can only
1142 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
1143 the non-SELinux case. This is safe because the actions are in one
1144 big switch() statement.
1145 [0bd9b7e37ab1] <1.8>
1147 * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
1148 [8dec97b359e0] <1.8>
1150 * askpass moved from sudoers to sudo.conf in sudo 1.8.0
1151 [1001d87d82ed] <1.8>
1153 * Remove obsolete warning about runas_default and ordering. Move
1154 syslog facility and priority lists into the section where the
1155 relevant options are described.
1156 [1286b9624021] <1.8>
1158 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
1160 * Fix SIA support; we no longer have access to the real argc and argv
1161 so allocate space for a fake one and use the argv passed to the
1162 plugin with "sudo" for argv[0].
1163 [7c11eeffb91c] <1.8>
1165 * Remove useless realloc when trying to get the buffer size right.
1166 [58128e7f4e28] <1.8>
1168 * Be explicit when setting euid to 0 before call to setreuid(0, 0)
1169 [95769a564ab8] <1.8>
1171 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
1174 sudo 1.8.1p1 updates
1175 [de3d688b5bb1] <1.8>
1177 * configure, configure.in:
1178 Need to do checks for krb5_verify_user, krb5_init_secure_context and
1179 krb5_get_init_creds_opt_alloc regardless of whether or
1180 notkrb5-config is present.
1181 [456c4a9cd5d6] <1.8>
1183 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1185 * Work around weird AIX saved uid semantics on setuid() and
1186 setreuid(). On AIX, setuid() will only set the saved uid if the euid
1188 [5d0a69e9d181] <1.8>
1190 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
1192 * update copyright year
1193 [fa8da6d55783] <1.8>
1195 * Treat a missing includedir like an empty one and do not return an
1197 [5fd9fe004728] <1.8>
1199 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1201 * Fix ARCH setting in cross-compile Solaris packages.
1202 [8ce40940f6c9] <1.8>
1204 * Fix aix version setting.
1205 [02a9e25d46ba] <1.8>
1207 * Remove extraneous parens in LDAP filter when sudoers_search_filter
1208 is enabled that causes a search error. From Matthew Thomas.
1209 [b67be9b51ec6] <1.8>
1211 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
1213 * Correct sizeof() to fix test failure.
1214 [a11b89fd13f9] <1.8>
1216 * "install" target should depend on "install-dirs". Fixes "make -j"
1217 problem and closes bz #487. From Chris Coleman.
1218 [06ab0558f848] <1.8>
1220 2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1223 Added tag SUDO_1_8_1 for changeset 0ed6281995f0
1224 [543d41a163e9] <1.8>
1226 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1227 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1228 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1229 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1230 Regen man pages for 1.8.1
1231 [0ed6281995f0] [SUDO_1_8_1] <1.8>
1233 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
1235 * Add HAVE_RFC1938_SKEYCHALLENGE
1236 [c0d7eb39799d] <1.8>
1238 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
1240 * Mention plugin loading and libgcc changes
1241 [b74929cba37c] <1.8>
1243 * Load plugins after parsing arguments and potentially printing the
1244 version. That way, an error loading or initializing a plugin
1245 doesn't break "sudo -h" or "sudo -V".
1246 [c1ecb5979cf0] <1.8>
1249 When using a sub-shell to invoke the sub-make, exec make instead of
1250 running it inside the shell to avoid an extra process.
1251 [9439f016c993] <1.8>
1253 * Stop testing unspecified behavior in fnmatch Make glob test more
1255 [87a91d76fbff] <1.8>
1257 * No need to add current dir to include path and having it breaks the
1258 test programs that expect to get the system glob.h and fnmatch.h
1259 [3ae7f9e7b710] <1.8>
1261 * configure, configure.in:
1262 Fix and document --with-plugindir; partially from Diego Elio Petteno
1263 [0220a0c2606f] <1.8>
1265 * Fix fnmatch and glob tests to not use hard-coded flag values in the
1266 input file. Link test programs with libreplace so we get our
1267 replacement verions as needed.
1268 [66bab80241e0] <1.8>
1271 If make in a subdir fails, fail the target in the upper level
1272 Makefile too. Adapted from a patch from Diego Elio Petteno
1273 [bc35b7813507] <1.8>
1275 * configure, configure.in:
1276 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
1277 has this. Adapted from a patch from Diego Elio Petteno
1278 [bb6228f484b9] <1.8>
1280 * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
1282 [47e6d5fadc6d] <1.8>
1284 * configure, configure.in:
1285 Fix warnings when -without-skey, --without-opie, --without-kerb4,
1286 --without-kerb5 or --without-SecurID were specified.
1287 [1b75035dd129] <1.8>
1289 * Add plugins/sudoers/sudoers_version.h
1290 [1d470c6033ca] <1.8>
1292 * configure, configure.in:
1293 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
1294 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
1295 of @LDFLAGS@ in plugin Makefile.in files.
1296 [dd237f43aa12] <1.8>
1298 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
1300 * Mention %#gid support in User_List and Runas_List
1301 [37e259b9181b] <1.8>
1303 * Keep track of sudoers grammar version and report it in the -V
1305 [0e0b891dd8a4] <1.8>
1307 * Add multiple inclusion guard
1308 [ec6884f51ea8] <1.8>
1310 * configure, configure.in:
1311 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
1312 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
1313 set it to -Wc,-static-libgcc if not using GNU ld so we don't
1314 have a dependency on the shared libgcc in sudoers.so.
1315 [28d03f3eb0d2] <1.8>
1317 * Fix typo; from Petr Uzel
1318 [d19b9bd92bd3] <1.8>
1320 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
1322 * In dump-only mode, use "root" as the default username instead of
1323 "nobody" as the latter may not be available on all systems.
1324 [b304111616dd] <1.8>
1326 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
1328 * Remove NewArgv/NewArgc, they are no longer needed.
1329 [c0a36a42a68c] <1.8>
1331 * Fix setting of user_args
1332 [529e79ea95d1] <1.8>
1334 * Add '!' token to lex tracing
1335 [aef295d428e7] <1.8>
1337 * Use group bin in test, not wheel as most systems have the bin group
1338 but the same is no longer true of wheel.
1339 [350347f09c1a] <1.8>
1341 * Avoid using pre or post increment in a parameter to a ctype(3)
1342 function as it might be a macro that causes the increment to happen
1344 [8a94ebdd53b8] <1.8>
1346 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
1348 * Strip off the beta or release candidate version when building AIX
1350 [00ad950764e2] <1.8>
1352 * configure, configure.in:
1353 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
1354 structure checks for glibc which only has __e_termination visible
1355 when _GNU_SOURCE is *not* defined.
1356 [1d58420a4a4a] <1.8>
1358 * getuserattr(user, ...) will fall back to the "default" entry
1359 automatically, there's no need to check "default" manually.
1360 [cefffa82967d] <1.8>
1362 * Document parser changes.
1363 [5038238f60eb] <1.8>
1365 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
1368 If there is an existing sudoers file, only install if it passes a
1370 [b1e4c9c56fe0] <1.8>
1372 * Add runasgroup support to testsudoers
1373 [30838590e9de] <1.8>
1375 * For "make check", keep going even if a test fails.
1376 [d3a72f67227e] <1.8>
1378 * More useful exit codes:
1379 * 0 - parsed OK and command matched.
1381 * 2 - command not matched
1382 * 3 - command denied
1383 [59301e0769cd] <1.8>
1385 * Document %#gid, and %:#nonunix_gid syntax.
1386 [39ee15af58e9] <1.8>
1388 * Add support to user_in_group() for treating group names that begin
1390 [0eb19980cf5f] <1.8>
1392 * configure, configure.in:
1393 Add explicit check for struct utmpx.ut_exit.e_termination and struct
1394 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
1395 ut_exit if we detect one or the other.
1396 [ab5b665fc04b] <1.8>
1398 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
1400 * Add back missing #include of config.h
1401 [9c82bec81018] <1.8>
1403 * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
1405 [1ae630470f8a] <1.8>
1407 * Quote first argument to AC_DEFUN(); from Elan Ruusamae
1408 [c467e9e3b399] <1.8>
1410 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
1412 * add new sudoers tests
1413 [05f2a0924acc] <1.8>
1415 * Add test for a newline in the middle of a string when no line
1416 continuation character is used.
1417 [24b79be5822b] <1.8>
1419 * Use bitwise AND instead of modulus to check for length being odd. A
1420 newline in the middle of a string is an error unless a line
1421 continuation character is used.
1422 [65c468599688] <1.8>
1424 * Move lexer globals initialization into init_lexer.
1425 [07a1171a1853] <1.8>
1427 * Fix a potential crash when a non-regular file is present in an
1428 includedir. Fixes bz #452
1429 [5057cb9516e4] <1.8>
1431 * On some Linux systems, "uname -p" contains detailed processor info
1432 so check "uname -m" first and then "uname -p" if needed. Recognize
1434 [56226c84a060] <1.8>
1436 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
1438 * Don't need all sudoers.h here.
1439 [43b6ae5999c5] <1.8>
1441 * Print sudo version early, in case policy plugin init fails.
1442 [620f2d0ec4b1] <1.8>
1444 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
1446 * Update to match change in input.
1447 [69540f84721d] <1.8>
1449 * Make an empty group or netgroup a syntax error.
1450 [4b85bddc494e] <1.8>
1452 * An empty group or netgroup should be a syntax error.
1453 [6ec796972eff] <1.8>
1455 * Check that uids work in per-user and per-runas Defaults Check that
1456 uids and gids work in a Command_Spec
1457 [68cf62353420] <1.8>
1459 * Test empty string in User_Alias and Command_Spec
1460 [017d487c31be] <1.8>
1462 * Allow a group ID in the User_Spec.
1463 [37e0bf69c8d8] <1.8>
1465 * Return an error for the empty string when a word is expected. Allow
1466 an ID for per-user or per-runas Defaults.
1467 [4c9020779582] <1.8>
1469 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
1471 * Fix printing "User_Alias FOO = ALL"
1472 [97c9fd7caeb7] <1.8>
1474 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
1476 * Better error message about invalid -C argument
1477 [2301e7a3835b] <1.8>
1480 [c5acde62a309] <1.8>
1482 * Fix placement of equal size ('=') in user specification summary.
1483 [4d0ffef77ae4] <1.8>
1485 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
1487 * update to match sudoers regress
1488 [0efb8dc9092a] <1.8>
1490 * Restore ability to define TRACELEXER and have trace output go to
1492 [441c8b372217] <1.8>
1494 * Restore old behavior of setting sawspace = TRUE for command line
1495 args when a line continuation character is hit to avoid causing
1496 problems for existing sudoers files.
1497 [963ded6ce070] <1.8>
1499 * Add test for line continuation and aliases
1500 [5703d11a3c46] <1.8>
1502 * Make test output line up nicely for parse vs. toke
1503 [15321ce2d7d9] <1.8>
1505 * plugins/sudoers/regress/testsudoers/test1.ok,
1506 plugins/sudoers/regress/testsudoers/test2.out,
1507 plugins/sudoers/regress/testsudoers/test2.sh,
1508 plugins/sudoers/regress/testsudoers/test3.ok,
1509 plugins/sudoers/regress/testsudoers/test3.sh,
1510 plugins/sudoers/regress/visudo/test1.ok,
1511 plugins/sudoers/regress/visudo/test1.sh:
1512 Move parser tests to sudoers directory and test the tokenizer output
1514 [111c1ccda334] <1.8>
1516 * If we match a rule anchored to the beginning of a line after parsing
1517 a line continuation character, return an ERROR token. It would be
1518 nicer to use REJECT instead but that substantially slows down the
1520 [67e54b14aa9d] <1.8>
1522 * Move LEXTRACE macro to toke.h so we can use it in yyerror().
1523 [e6e04037deed] <1.8>
1525 * Make lex tracing settable at run-time in testsudoers via the -t
1526 flag. Trace output goes to stderr. Will be used by regress tests
1528 [a973f43cc0c2] <1.8>
1530 * Allow whitespace after the modifier in a Defaults entry. E.g.
1531 "Defaults: username set_home"
1532 [bf876c9fc5bb] <1.8>
1534 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
1536 * Don't set CC when cross-compiling.
1537 [d3c33dcb02f2] <1.8>
1539 * Credit Matthew Thomas for the sudoers_search_filter changes.
1540 [2209b80664af] <1.8>
1542 * Add the .sym files to the MANIFEST
1543 [bb452b28a009] <1.8>
1545 * Update for sudo 1.8.1 beta
1546 [700d42d80e00] <1.8>
1548 * user_shell -> run_shell to avoid confusion with the user's SHELL
1550 [451b96d5f97e] <1.8>
1552 * Save the controlling tty process group before suspending in pty
1553 mode. Previously, we assumed that the child pgrp == child pid
1554 (which is usually, but not always, the case).
1555 [b0841d861191] <1.8>
1557 * Add support for sudoers_search_filter setting in ldap.conf. This
1558 can be used to restrict the set of records returned by the LDAP
1560 [70c5f496e2b3] <1.8>
1562 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
1564 * configure, configure.in:
1565 Remove the hack to disable -g in CFLAGS unless --with-devel
1566 [9459839f50ba] <1.8>
1568 * The '@' character does not normally need to be quoted.
1569 [e66c4c64e514] <1.8>
1571 * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
1572 if that whitespace is followed by a comma, we want to treat it as
1573 part of a list and not transition.
1574 [52ae2df9959d] <1.8>
1576 * Add check for whitespace when a User_List is used for a per-user
1578 [44a4db95be86] <1.8>
1580 * Expand quoted name checks to cover recent fixes.
1581 [bd494b5c2bed] <1.8>
1583 * Fix parsing of double-quoted names in Defaults and Aliases which was
1584 broken in 601d97ea8792.
1585 [dfdd58c3eb3b] <1.8>
1587 * toke_util.c lives in $(srcdir) not $(devdir)
1588 [94f8f024782e] <1.8>
1590 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
1592 * configure, configure.in:
1593 Update version to 1.8.1
1594 [531a7d520f18] <1.8>
1596 * Document major changes in 1.8.1 and add upgrade notes.
1597 [116821646140] <1.8>
1599 * Be careful not to deref user_stat if it is NULL. This cannot
1600 currently happen in sudo but might in other programs using the
1602 [d72a9c7151c4] <1.8>
1604 * configure will not add -O2 to CFLAGS if it is already defined to add
1605 -O2 to the CFLAGS we pass in when PIE is being used.
1606 [2c7fe82be93d] <1.8>
1608 * Warn about the dangers of log_input and mention iolog_file and
1609 iolog_dir in the log_input and log_output descriptions.
1610 [edc6aa59aa45] <1.8>
1612 * sync with git version
1613 [b121cf739c77] <1.8>
1615 * It seems that h comes after i
1616 [99ad15015f05] <1.8>
1618 * Move log_input and log_output to their proper, sorted, location.
1619 Document set_utmp and utmp_runas.
1620 [216ce8b0ae1a] <1.8>
1622 * Save the controlling tty process group before suspending so we can
1623 restore it when we resume. Fixes job control problems on Linux
1624 caused by the previous attemp to fix resuming a shell when I/O
1625 logging not enabled.
1626 [dfe038f733be] <1.8>
1628 * Fix printing of the remainder after a newline. Fixes "sudo -l"
1629 output corruption that could occur in some cases.
1630 [ab2f0a629e0d] <1.8>
1632 * Add support for ut_exit
1633 [7039ec6a73fa] <1.8>
1635 * Add support for controlling whether utmp is updated and which user
1636 is listed in the entry.
1637 [1b008ce71eab] <1.8>
1639 * Fix typo; tupple vs. tuple
1640 [67bb5c67ae3d] <1.8>
1642 * For legacy utmp, strip the /dev/ prefix before trying to determine
1643 slot since the ttys file does not include the /dev/ prefix.
1644 [8f597114381d] <1.8>
1646 * Add check for _PATH_UTMP
1647 [fe7e2456f017] <1.8>
1649 * Adapt check_iolog_path to sessid changes
1650 [3016201869b6] <1.8>
1652 * Redo utmp handling. If no getutent()/getutxent() is available,
1653 assume a ttyslot-based utmp. If getttyent() is available, use that
1654 directly instead of ttyslot() so we don't have to do the stdin dup2
1656 [817490c7c20e] <1.8>
1658 * Move utmp handling into utmp.c
1659 [e4729d9259e9] <1.8>
1661 * Update copyright years.
1662 [1065afc00233] <1.8>
1664 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
1666 * Add "user_shell" boolean as a way to indicate to the plugin that the
1668 [6e8bc49b7ea7] <1.8>
1670 * Move sessid out of sudo_user.
1671 [00d67d5ba894] <1.8>
1673 * Log the TSID even if it is not a simple session ID.
1674 [490cf0adae29] <1.8>
1676 * Document noexec in sample.sudo.conf and add back noexec_file section
1677 in sudoers with a note that it is deprecated.
1678 [c7a2d8d0c563] <1.8>
1680 * Fix running commands as non-root on systems where setreuid() changes
1681 the saved uid based on the effective uid we are changing to.
1682 [f3b27db56ba6] <1.8>
1684 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
1686 * Move noexec path into sudo.conf now that sudo itself handles noexec.
1687 Currently can be configured in sudoers too but is now undocumented
1688 and will be removed in a future release.
1689 [9c5f64709994] <1.8>
1691 * Document "Path noexec ..." in sudo.conf. No longer document
1692 noexec_file in sudoers, it will be removed in a future release.
1693 [959fa6b5217b] <1.8>
1695 * Move noexec handling to sudo front-end where it is documented as
1697 [ef6cd4a40c61] <1.8>
1699 * Add support for disabling exec via solaris privileges. Includes
1700 preparation for moving noexec support out of sudoers and into front
1702 [d9c05ba9a24f] <1.8>
1704 * Only export the symbols corresponding to the plugin structs.
1705 [cb07af1d9b39] <1.8>
1707 * Install plugins manually instead of using libtool. This works
1708 around a problem on AIX where libtool will install a .a file
1709 containing the .so file instead of the .so file itself.
1710 [1ccf5af58c05] <1.8>
1713 Move check into its own rule since some versions of make will run
1714 both targets as the default rule.
1715 [7159f37eb552] <1.8>
1717 * Update to libtool 2.2.10
1718 [9e49773b32b7] <1.8>
1720 * In handle_signals(), restart the read() on EINTR to make sure we
1721 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
1722 means we have emptied the pipe.
1723 [dc2926097b2d] <1.8>
1725 * Reorder functions to quiet a compiler warning.
1726 [5201367e5db4] <1.8>
1728 * Use the Sun Studio C compiler on Solaris if possible
1729 [b8d43b423fb9] <1.8>
1731 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
1733 * Fix default setting of osversion variable.
1734 [e12905851be5] <1.8>
1736 * Make two login_class entris consistent.
1737 [0671d7b204be] <1.8>
1739 * Add support for adding a utmp entry when allocating a new pty.
1740 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
1741 Currently only creates a new entry if the existing tty has a utmp
1743 [40ff30099e79] <1.8>
1745 * Avoid pulling in headers we don't need on Linux For getutx?id(),
1746 call setutx?ent() first and always call endutx?ent().
1747 [b86f7a13aae9] <1.8>
1749 * Add some more libs to SUDOERS_LIBS instead of relying on them to be
1750 pulled in by SUDO_LIBS.
1751 [bcbd16ec56c6] <1.8>
1753 * Fix return value of "sudo -l command" when command is not allowed,
1754 broken in [c7097ea22111]. The default return value is now TRUE and
1755 a bad: label is used when permission is denied. Also fixed missing
1756 permissions restoration on certain errors. On error()/errorx(), the
1757 password and group files are now closed before returning.
1758 [757c941a47b2] <1.8>
1760 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
1762 * Fix passing of login class back to sudo front end.
1763 [5e649de6b7f5] <1.8>
1765 * Add --osversion flag to specify OS instead of running "pp
1767 [8a03943ac5e8] <1.8>
1769 * Fix expr usage w/ GNU expr
1770 [bdecfa1f54fc] <1.8>
1772 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
1774 * Fix exit value for validate and list mode.
1775 [6f8b20199935] <1.8>
1777 * Fix non-interactive mode with sudoers plugin.
1778 [cf5aca4fcbcf] <1.8>
1780 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
1782 * sudoreplay can now find IDs other than %{seq} and display the
1784 [60396b417633] <1.8>
1786 * Add support for replaying sessions when iolog_file is set to
1787 something other than %{seq}.
1788 [1cd2baa74d56] <1.8>
1790 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
1792 * If we are killed by a signal, display the name of the signal that
1794 [1b38c4d42282] <1.8>
1796 * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
1798 [78e97a921104] <1.8>
1800 * Fix bug in skey/opie check that could cause a shell warning.
1801 [f20229a04f30] <1.8>
1803 * No longer need sudo_getepw() stubs.
1804 [795631ac7db0] <1.8>
1806 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
1808 * Fix exit value of "sudo -l command" in sudoers module.
1809 [4a05d6019b3d] <1.8>
1811 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
1813 * Use fgets() not fgetln() for portability.
1814 [1f2050745096] <1.8>
1816 * Don't use the beta or release candidate version as the rpm release.
1817 [a5b049477646] <1.8>
1819 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1822 Adjust ChangeLog rule now that 1.8 is branched
1823 [a994ac361e44] <1.8>
1826 Added tag SUDO_1_8_0 for changeset f6530d56f6ae
1827 [99a2b3801419] <1.8>
1829 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1831 * configure, configure.in:
1833 [f6530d56f6ae] [SUDO_1_8_0]
1836 update sudo 1.8 section
1839 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
1841 * plugins/sudoers/regress/testsudoers/test2.sh:
1842 fix test description
1845 * plugins/sudoers/regress/testsudoers/test2.out,
1846 plugins/sudoers/regress/testsudoers/test2.sh,
1847 plugins/sudoers/regress/visudo/test2.out,
1848 plugins/sudoers/regress/visudo/test2.sh:
1849 convert test2 to use testsudoers
1852 * include/sudo_plugin.h, src/sudo_plugin_int.h:
1853 Move struct generic_plugin to sudo_plugin_int.h
1856 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1857 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
1858 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
1859 plugins/sudoers/sudoers.h:
1860 Allow sudoers file name, mode, uid and gid to be specified in the
1861 settings list. The sudo front end does not currently set these but
1865 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
1867 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
1868 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
1869 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
1870 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
1875 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
1876 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
1877 src/parse_args.c, src/sudo.h:
1878 add help text to sudo, visudo and sudoreplay for the -h option
1881 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
1883 * compat/snprintf.c:
1884 avoid using "howmany" for a parameter name since it is a select-
1889 mention group_plugin when describing nonunix_group
1892 * doc/sudo_plugin.pod:
1893 Add missing period at end of sentence
1896 * Makefile.in, doc/Makefile.in, include/Makefile.in,
1897 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1898 plugins/sudoers/Makefile.in, src/Makefile.in:
1899 add localstatedir; closes bug 471
1902 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
1903 src/exec.c, src/exec_pty.c:
1904 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
1909 add missing AH_TEMPLATE for ENV_RESET
1913 SVR5 systems return non-zero for success on socketpair(), check for
1914 -1 instead. Closes Bug 469
1917 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
1919 * configure, configure.in:
1923 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1924 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1925 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1926 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1931 Document that a sudo.conf file with no Pligin lines uses the default
1935 * src/load_plugins.c:
1936 If sudo.conf contains no Plugin lines, use the default sudoers
1937 policy and I/O plugins.
1940 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
1942 * plugins/sudoers/sudo_nss.c:
1943 Avoid printing empty "Runas and Command-specific defaults for user"
1948 Truncate the buffer at buf.len before printing in the non-wordwrap
1953 Remove extra newline when the tty width is very small or unavailable
1956 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
1958 * plugins/sudoers/alias.c:
1959 Remove unneeded variable.
1962 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1964 * configure, configure.in:
1965 Prefer getutxid over getutid
1968 * plugins/sudoers/boottime.c:
1969 Include utmp.h / utmpx.h before missing.h as apparently including it
1970 afterwards causes a compilation problem on GNU Hurd.
1973 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
1975 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
1976 #include "foo.h", not <foo.h> for local includes.
1983 * compat/mksiglist.c:
1987 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
1988 plugins/sudoers/match.c:
1989 return foo not return(foo)
1992 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1995 Remove duplicate FD_SET of signal_pipe[0]
1998 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
2000 * compat/mksiglist.c:
2001 Use "missing.h" not <missing.h> in generated code.
2004 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
2006 * aclocal.m4, configure:
2007 fix --with-iologdir=no
2010 * aclocal.m4, configure:
2011 fix typo that broke --with-iologdir
2014 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
2016 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2017 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
2018 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
2019 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
2021 Bump version to 1.8.0b4
2028 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2029 Attempt to clarify how users and groups interact in Runas_Specs
2032 * plugins/sudoers/regress/visudo/test2.out,
2033 plugins/sudoers/regress/visudo/test2.sh:
2034 Add test for quoted group that contains escaped double quotes
2037 * src/exec.c, src/exec_pty.c:
2038 Pass SIGUSR1/SIGUSR2 through to the child.
2041 * src/exec_pty.c, src/sudo_exec.h:
2042 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
2043 SIGUSR2 to indicate whether the child should be continued in the
2044 foreground or background.
2048 Use pid_t not int and check the return value of kill()
2051 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
2054 Remove obsolete comment
2058 In non-pty mode before continuing the child, make it the foreground
2059 pgrp if possible. Fixes resuming a shell.
2063 If we get a signal other than SIGCHLD in the monitor, pass it
2064 directly to the child.
2067 * src/exec.c, src/exec_pty.c, src/sudo.h:
2068 Save signal state before changing handlers and restore before we
2069 execute the command.
2072 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
2074 * plugins/sudoers/iolog.c:
2075 Use a char array to map a number to a base36 digit.
2078 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
2079 Be clear about what versions of sudo support new LDAP attributes.
2080 Fix up some formatting of attribute names. Minor other tweaks.
2083 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
2085 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2086 match quoted strings the same way whether in a Defaults line or as a
2087 user/group/netgroup name. Fixes escaped double quotes in quoted
2088 user/group/netgroup names.
2091 * plugins/sudoers/Makefile.in:
2092 'make check' depends on visudo and testsudoers
2095 * plugins/sudoers/sudoers2ldif:
2096 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
2099 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
2102 Mention LDAP attribute compatibility status.
2105 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
2111 * INSTALL, NEWS, config.h.in, configure, configure.in,
2112 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
2113 Add --disable-env-reset configure option.
2116 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2117 Document that sudoers_locale also affects logging and email.
2120 * NEWS, config.h.in, configure, configure.in,
2121 plugins/sudoers/logging.c:
2122 Do logging and email sending in the locale specified by the
2123 "sudoers_locale" setting ("C" by default). Email send by sudo
2124 includes MIME headers when the sudoers locale is not "C".
2127 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
2129 * plugins/sudoers/check.c:
2133 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
2135 * NEWS, src/parse_args.c, src/sudo.c:
2136 Perform command escaping for "sudo -s" and "sudo -i" after
2137 validating sudoers so the sudoers entries don't need to have all the
2141 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
2143 * plugins/sudoers/logging.c:
2144 Prepend "list " to the command logged when "sudo -l command" is used
2145 to make it clear that the command was listed, not run.
2148 * plugins/sudoers/parse.c:
2152 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
2153 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
2154 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
2155 compat/nanosleep.c, compat/regress/glob/globtest.c,
2156 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
2157 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
2158 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
2159 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
2160 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
2161 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
2162 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
2163 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
2164 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
2165 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
2166 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
2167 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2168 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
2169 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2170 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
2171 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
2172 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
2173 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
2174 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
2175 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2176 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
2177 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2178 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
2179 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
2180 src/sudo_noexec.c, src/tgetpass.c:
2181 standardize on "return foo;" rather than "return(foo);" or "return
2185 * plugins/sudoers/sudoers.c:
2186 Do not reject sudoers file just because it is root-writable.
2189 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
2195 * plugins/sudoers/sudo_nss.c:
2196 For "sudo -U user -l" if user is not authorized on the host, say so.
2199 * plugins/sudoers/ldap.c:
2200 In sudo_ldap_lookup(), always do the initial sudoers check as the
2201 invoking user. If we are listing another user's privs we will do a
2202 separate lookup using list_pw later.
2205 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
2208 add parser fill tests
2211 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
2212 Don't test features not supported by the bundled glob()
2215 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
2216 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
2217 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
2218 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
2219 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
2220 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2221 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2222 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2223 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
2224 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
2225 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
2226 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
2227 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2228 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
2229 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
2230 Update copyright year to 2011
2233 * plugins/sudoers/sudo_nss.c:
2234 When listing, use separate lbufs for the defaults and the privileges
2235 and only print something if the number of privileges is non-zero.
2236 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
2239 * plugins/sudoers/ldap.c:
2240 Stash pointer to user group vector in LDAP handle and only reuse the
2241 query if it has not changed. We always allocate a new buffer when
2242 we reset the group vector so a simple pointer check is sufficient.
2245 * plugins/sudoers/sudo_nss.c:
2246 Check initgroups() return value.
2249 * plugins/sudoers/Makefile.in,
2250 plugins/sudoers/regress/parser/check_fill.c:
2251 Add tests for the fill functions in toke_util.c
2254 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
2256 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
2264 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
2267 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
2270 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
2273 Add Requires line for audit-libs >= 1.4 for RHEL5+
2277 sync with git version
2280 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
2282 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2286 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
2289 Update for sudo 1.7.4p5
2292 * doc/schema.OpenLDAP, doc/schema.iPlanet:
2293 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
2294 to the sudoRole object class. From Andreas Mueller
2297 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
2300 Mention "sudo -g group" password check fix.
2303 * plugins/sudoers/sudoers.c:
2304 Fix "sudo -g" support in the sudoers module.
2307 * plugins/sudoers/check.c:
2308 If the user is running sudo as himself but as a different group we
2309 need to prompt for a password.
2312 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
2314 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
2315 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
2316 plugins/sudoers/ldap.c:
2317 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
2318 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
2319 derived LDAP SDKs but we can pass the timeout parameter to
2320 ldap_search_ext_s() or ldap_search_st() when possible.
2323 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
2327 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2328 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
2329 with OpenLDAP ldap.conf files.
2332 * plugins/sudoers/pwutil.c:
2333 If user has no supplementary groups, fall back on checking the group
2337 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
2339 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
2343 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
2344 plugins/sudoers/toke.l:
2345 Move fill macro to toke.h
2348 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
2349 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
2350 plugins/sudoers/toke_util.c:
2351 Split tokenizer utility functions out into toke_util.c
2354 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2355 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2359 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
2365 * plugins/sudoers/Makefile.in:
2366 Add visudo tests to check target
2369 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
2370 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
2371 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
2372 Add my regress tests for fnmatch() and glob() from OpenBSD.
2375 * plugins/sudoers/regress/testsudoers/test1.sh,
2376 plugins/sudoers/regress/visudo/test1.ok,
2377 plugins/sudoers/regress/visudo/test1.sh:
2378 Add regress test for command tags using visudo -c
2381 * plugins/sudoers/Makefile.in,
2382 plugins/sudoers/regress/testsudoers/test1.ok,
2383 plugins/sudoers/regress/testsudoers/test1.sh:
2384 Add support for regress tests using testsudoers
2387 * plugins/sudoers/testsudoers.c:
2388 Need to set user_name explicitly due to internal changes made when
2389 converting sudoers to a plugin.
2392 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
2394 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
2395 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2396 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2397 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2398 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
2400 Add regression tests for iolog_path()
2403 * Makefile.in, common/Makefile.in, compat/Makefile.in,
2404 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2405 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2406 src/Makefile.in, zlib/Makefile.in:
2407 Add support for "make Makefile" to regenerate Makefile from
2411 * plugins/sudoers/iolog_path.c:
2412 Quiest a bogus compiler warning.
2415 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
2417 * plugins/sudoers/iolog_path.c:
2418 Protect call to setlocale() with HAVE_SETLOCALE
2421 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
2424 mkstemps.c was renamed mktemp.c
2428 Update from 1.7 branch
2432 Use "mv -f" when regenerating ChangeLog
2435 * plugins/sudoers/match.c:
2436 Fix NULL dereference with "sudo -g group" when the sudoers rule has
2437 no runas user or group listed. Fixes RedHat bug Bug 667103.
2440 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
2442 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2443 Correct the default sudo.conf example
2446 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
2448 * plugins/sudoers/iolog_path.c:
2449 Reset slashp if we allocate a new buffer for strftime()
2452 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
2453 plugins/sudoers/sudoers.h:
2454 Add extra out parameter to expand_iolog_path() to allow the caller
2455 to split the path into dir and file components if needed.
2458 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
2460 * plugins/sudoers/iolog.c:
2461 mkdir_iopath() returns size_t now that it uses strlcpy() and not
2465 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
2466 Trim leading slashes from iolog_file and trailing slashes from
2470 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
2471 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
2472 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2473 Pass a single I/O log file name in command_details instead of
2474 separate dir + file parameters.
2477 * plugins/sudoers/sudoreplay.c:
2478 change an error() to errorx()
2481 * plugins/sudoers/iolog.c:
2482 Add missing cwd line to I/O log info file that got dropped when
2483 iolog_deserialize_info() was added
2486 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
2488 * plugins/sudoers/iolog.c:
2489 Avoid relying on globals filled in by the sudoers policy module for
2490 the sudoers I/O log module. The I/O log open function now pulls the
2491 bits it needs out of user_info and command_info.
2494 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
2495 plugins/sudoers/sudoers.h:
2496 If no iolog file is specified by the policy plugin, use io_nextid()
2497 to determine the next file in the sequence.
2500 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
2502 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2503 Document iolog_compress in command_info
2506 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2507 Add support for the iolog_compress variable in command_info.
2510 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2511 Add sigsetjmp() calls to all plugin entry points just to be safe.
2514 * src/sudo.c, src/sudo.h:
2515 Don't need iolog variables in struct command_details, they are for
2516 the I/O log plugins to handle.
2519 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
2521 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2522 Document use of mkdtemp() for iolog path teplates
2525 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
2526 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2527 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
2528 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
2532 * doc/sudo_plugin.pod, doc/sudoers.pod:
2533 Document iolog_file and supported escape sequences for sudoers.
2534 Clarify that iolog_file can contain directories.
2537 * compat/Makefile.in, configure, configure.in:
2538 Fix building of mkstemps/mkdtemp replacements.
2541 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
2542 configure.in, include/missing.h:
2543 Provide mkdtemp() for systems without it.
2546 * plugins/sudoers/iolog_path.c:
2550 * plugins/sudoers/iolog.c:
2551 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
2552 glibc mkdtemp() returns EINVAL.
2555 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
2556 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2557 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
2558 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
2559 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2560 Allow sudoers to specify the iolog file in addition to the iolog
2561 dir. Add escape sequence support to iolog file and dir: sequence
2562 number, user, group, runas_user, runas_group, hostname and
2563 command in addition to any escape sequence recognized by
2567 * plugins/sudoers/iolog.c:
2568 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
2569 crash when the I/O plugin calls error(), errorx() or log_error().
2572 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
2574 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
2575 plugins/sudoers/sudoers.c:
2576 Give the policy module fine-grained control over what the I/O plugin
2581 Clear OPOST from c_oflag like we used to. Fixes screen-based
2586 Clarify umask option description. From Reuben Thomas.
2589 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
2591 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2592 Pick last match in LDAP sudoers too
2595 * doc/sudo_plugin.pod:
2596 Document iolog_file, iolog_dir and use_pty
2599 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
2600 plugins/sudoers/sudoers.c:
2601 Adapt plugins to version I/O logging ABI 1.1
2604 * src/exec.c, src/sudo.h:
2605 Add use_pty command_info flag for policies to indicate that a pty
2606 should be allocated even if no I/O logging is performed.
2610 Add remaining plugin convenience functions
2613 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
2614 src/sudo_plugin_int.h:
2615 Change I/O log API to pass in command info to the I/O log open
2616 function. Add iolog_file and iolog_dir parameters to command info.
2617 This allows the policy plugin to specify the I/O log pathname. Add
2618 convenience functions for calling plugin functions that handle ABI
2619 backwards compatibility.
2626 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
2628 * configure, configure.in:
2629 Bump version to 1.8.0b3
2632 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
2635 Remove extraneous newline
2638 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
2640 * doc/sudoers.pod, plugins/sudoers/def_data.c,
2641 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2642 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
2643 Make I/O log dir configurable.
2646 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
2647 Rename io_logdir to iolog_dir
2650 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
2653 Add missing '*' that prevented the generic ELF case from matching.
2657 If file(1) can't identify the ELF binary type, try readelf(1).
2660 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
2662 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
2663 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
2664 plugins/sudoers/sudoers.c, src/sudo.c:
2665 Use %u to print uid/gid, not %lu and adjust casts to match.
2668 * doc/sudoers.ldap.pod:
2669 Clarify ordering of entries and attributes.
2672 * doc/sudoers.ldap.pod:
2673 Fix typo and editing goof.
2676 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2677 doc/sudoers.ldap.pod:
2678 Merge in ordered LDAP entry support from Andreas Mueller.
2681 * plugins/sudoers/ldap.c:
2682 Make sure we don't dereference a NULL handle.
2685 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
2688 Add support for RHEL 6 file modes that include a trailing dot on
2689 files with an SELinux security context
2692 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
2695 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
2699 * plugins/sudoers/sudoers.c:
2700 create_admin_success_flag() should use restore_perms() rather than
2701 set_perms() to restore the uid.
2705 In exec_setup() call setuid(0) to make certain the subsequent uid
2706 and gid changes will succeed. Fixes a problem on Ubuntu.
2710 Error out if we cannot change to root's uid so we catch the failure
2714 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
2717 fix typo; from Michael T Hunter
2720 * plugins/sudoers/match.c:
2721 In sudoedit mode, assume command line arguments are paths and pass
2722 FNM_PATHNAME to fnmatch().
2725 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
2727 * configure, configure.in:
2728 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
2729 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
2730 broken bits of the header file.
2734 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
2738 For Tru64, strip off beta version.
2741 * MANIFEST, plugins/sudoers/testsudoers.c,
2742 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
2743 Avoid conflicts with system definitions in grp.h and pwd.h
2747 Include stdio.h after zlib.h, not before. We need the large file
2748 defines to come first.
2751 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
2753 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
2758 Don't clean ChangeLog
2761 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2762 Add prototype for cleanup()
2765 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
2767 * plugins/sudoers/group_plugin.c:
2768 Avoid deferencing group_plugin if it is NULL in
2769 group_plugin_query(). This should not happen.
2772 * plugins/sudoers/group_plugin.c:
2773 group plugin init function return TRUE when successful
2776 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
2778 * plugins/sudoers/ldap.c:
2779 Enlarge the array of entry wrappers int blocks of 100 entries to
2780 save on allocation time. From Andreas Mueller
2783 * plugins/sudoers/ldap.c:
2784 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
2785 that was mistakenly dropped.
2788 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
2790 * doc/TROUBLESHOOTING:
2791 Mention that sudo needs "ar" to build.
2794 * configure, configure.in:
2795 Fail with a more useful error if "ar" is not found.
2798 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
2800 * plugins/sudoers/ldap.c:
2801 Merge in ordered LDAP entry support from Andreas Mueller and add
2802 local changes from the 1.7 branch.
2805 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
2807 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2808 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2809 Add timed entry support from Andreas Mueller.
2812 * plugins/sudoers/group_plugin.c:
2813 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
2814 group_handle is NULL
2817 * plugins/sudoers/sudoers.h:
2818 It is now plugin_cleanup(), not cleanup()
2821 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
2822 Call plugin_cleanup(), not cleanup()
2825 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
2827 * plugins/sudoers/ldap.c:
2828 Use efree() not free() and remove malloc.h include since we never
2829 directly call malloc() or free().
2832 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
2835 set PSTAMP for Solaris and move the backend-specific bits to their
2836 own %if [xxx] %endif blocks in %set.
2843 * configure, configure.in:
2844 Only substitute file zlib files when using the builtin zlib
2847 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
2848 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2849 src/Makefile.in, zlib/Makefile.in:
2850 Give up on using VPATH to find sources as it is implemented
2851 inconsistenly in different versions of make.
2854 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
2855 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
2856 Include config.h before any other includes to make sure we get the
2857 right value for _FILE_OFFSET_BITS.
2869 g/c unused $(GENERATED)
2872 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
2874 * plugins/sudoers/group_plugin.c:
2875 Zero out group_plugin on unload just to be safe.
2878 * plugins/sudoers/group_plugin.c:
2879 Unload group plugin if its init function fails.
2883 Only chdir to cwd if it is different from the current cwd or there
2884 is a new root (chroot).
2887 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2888 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
2889 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
2890 Bump version to 1.8.0b2
2893 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
2896 Better --enable-zlib description
2900 Use system zlib on Linux Let configure decide on Solaris For all
2901 others, use builtin zlib
2905 Add large file support.
2909 Add large file support.
2912 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
2913 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
2914 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
2915 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
2916 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
2917 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
2918 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
2919 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
2920 Add local copy of zlib for systems that lack it.
2923 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
2926 If perform_io() fails, kill the child before exiting so it doesn't
2927 complain about connection reset. We can get an I/O error if, for
2928 example, and we get EIO reading from stdin.
2931 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2933 * plugins/sudoers/sudoers.c, src/sudo.c:
2934 Fix complilation on systems with set_auth_parameters() Sprinkle
2935 volatile to quiet warnings from gcc 2.8.0
2938 * compat/dlfcn.h, compat/dlopen.c:
2939 Avoid potential namespace issues with dlopen() emulation.
2946 * plugins/sudoers/interfaces.c:
2947 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
2952 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
2955 * configure, configure.in:
2956 HP-UX 10.20 libc has an incompatible getline
2959 * plugins/sudoers/visudo.c:
2960 Quiet an HP-UX compiler warning.
2963 * configure, configure.in:
2964 Check for vi even with --with-editor specified; the sample plugin
2968 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
2971 Fix remaining syntax errors.
2975 sudo binary depends on the libtool-generated libs
2978 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
2979 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
2980 include the local or system dlfcn.h
2984 Don't use run_as_superuser=false on HP-UX
2988 Use memset() instead of zero_bytes() since we don't include
2992 * plugins/sudoers/interfaces.c:
2993 Fix pasto; AF_INET not AF_INET6
2997 Actually call shl_load()
3001 Update from git repo. Debian: version numbers now compliant with
3002 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
3006 * configure, configure.in:
3007 Fix dlopen() detection for systems where dlopen() is in a separate
3011 * plugins/sudoers/auth/pam.c:
3012 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
3013 useful message and return AUTH_FATAL so sudo does not keep trying to
3018 sudo_preload_table is an array
3022 Quiet a compiler warning and fix sudo_preload_table external
3027 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
3030 * plugins/sudoers/group_plugin.c:
3031 Make this compile correctly when no dlopen is available.
3034 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
3036 * plugins/sudoers/check.c:
3037 Having a timestamp file defined is no longer indicative of tty
3038 tickets being enabled. Check def_tty_tickets directly.
3041 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
3042 Fix TCGETWINSZ compat.
3045 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
3047 * src/exec_pty.c, src/ttysize.c:
3048 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
3051 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
3053 * plugins/sudoers/sudoers.c, src/sudo.c:
3054 Move set_project() from sudoers module into sudo proper.
3057 * configure, configure.in:
3058 Fix typo and regenerate
3061 * plugins/sudoers/ldap.c:
3062 When iterating over returned LDAP entries, keep looking at remaining
3063 matches even if we have a positive match. This catches negative
3064 matches that may exist in other entries and more closely match the
3065 sudoers file behavior.
3069 Add support for multiple package instances on Solaris.
3073 Add missing signal_pipe[0] to fdsr for the non-pty case.
3077 Add --with-project for Solaris
3081 Need ar and ranlib too
3084 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
3086 * plugins/sudoers/env.c:
3087 Preserve ODMDIR environment variable by default on AIX.
3090 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3092 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
3093 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
3094 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3095 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
3096 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
3098 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
3099 using shl_load(). For others, link sudoers plugin statically and use
3100 a lookup table to emulate dlsym().
3103 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
3105 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
3106 compat/nanosleep.c, compat/utimes.c:
3107 When including compat headers, use the compat dir as part of the
3108 path so we are sure to get the correct header.
3111 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
3113 * plugins/sudoers/linux_audit.c:
3114 Ignore ECONNREFUSED from audit_log_user_command() which will occur
3115 if auditd is not running.
3118 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
3121 Sync with git version
3124 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3126 * common/fileops.c, plugins/sudoers/defaults.c:
3127 Cast isblank argument to unsigned char.
3130 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3132 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
3133 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
3134 Implement --with-umask-override configure flag.
3137 * plugins/sudoers/env.c:
3138 Take MODE_LOGIN_SHELL into account when initially setting reset_home
3139 instead of special-casing it later.
3142 * plugins/sudoers/sudoers.c:
3143 In login mode, make a copy of the runas user's pw_shell for
3144 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
3148 * plugins/sudoers/env.c:
3149 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
3153 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
3157 Reset signal mask at sudo startup time; we need to be able to rely
3158 on normal signal delivery to control the child process.
3161 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
3164 Use sed instead of expr to split a flag from its argument. Fixes a
3165 problem with expr interpreting its arguments as a flag when they
3170 Do not need sys/time.h after all
3174 Include sys/time.h for utimes() and struct timeval. No longer need
3175 ioctl.h or termios.h
3178 * compat/snprintf.c:
3179 Quiet bogus compiler warnings.
3182 * include/missing.h:
3183 Declare innetgr() for HP-UX which is missing a declaration. Declare
3184 domainname() for HP-UX and Solaris which are missing a declaration.
3187 * plugins/sudoers/bsm_audit.c:
3188 Use __sun for consistency with the rest of the sources.
3191 * plugins/sudoers/group_plugin.c:
3192 Quiet a bogus compiler warning.
3195 * plugins/sudoers/pwutil.c:
3196 Don't try to delref a NULL group.
3199 * common/alloc.c, common/lbuf.c:
3200 Include memory.h on systems that need it.
3203 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
3206 Quiet gcc warnings on glibc systems that use warn_unused_result for
3210 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3211 sudo_plugin is in section 8; from Ted Percival
3214 * plugins/sudoers/Makefile.in:
3215 testsudoers depends on libsudoers.la, not sudoreplay
3218 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
3221 Read as many signals on the signal pipe as we can before returning.
3224 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
3225 Instead of using a array to store received signals, open a pipe and
3226 have the signal handler write the signal number to one end and
3227 select() on the other end. This makes it possible to handle signals
3228 similar to I/O without race conditions.
3231 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
3233 * doc/visudo.pod, plugins/sudoers/visudo.c:
3234 Make "visudo -c -f -" check the standard input.
3238 set_home and always_set_home have an effect if HOME is present in
3242 * plugins/sudoers/env.c:
3243 Make -H flag work when HOME is listed in env_keep. Also makes
3244 "set_home" and "always_set_home" override override HOME in env_keep.
3247 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
3249 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
3250 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
3251 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
3252 plugins/sudoers/visudo.c, src/net_ifs.c:
3253 Convert sudoers plugin to use interface list passed in settings.
3256 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
3257 src/parse_args.c, src/sudo.h:
3258 Query local network interfaces in the main sudo driver and pass to
3259 the plugin as "network_addrs" in the settings list.
3262 * plugins/sudoers/bsm_audit.c:
3263 Solaris BSM audit return EINVAL when auditing is not enabled,
3264 whereas OpenBSM returns ENOSYS.
3267 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
3270 missing.h should come before most local includes
3273 * plugins/sudoers/sudoreplay.c:
3274 missing.h should come before most local includes
3277 * plugins/sudoers/sudoers.h:
3278 Make local includes consistent; use double quotes for local includes
3279 except for generated ones where we use angle brackets.
3282 * plugins/sudoers/sudoers.c:
3283 Always fill in NewArgv for audit code.
3286 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3287 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
3290 * common/alloc.c, common/atobool.c, common/fileops.c,
3291 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
3292 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
3293 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
3294 compat/getprogname.c, compat/glob.c, compat/isblank.c,
3295 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
3296 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
3297 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
3298 compat/unsetenv.c, compat/utimes.c, include/compat.h,
3299 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
3300 plugins/sample_group/plugin_test.c,
3301 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
3302 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
3303 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3304 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
3305 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
3306 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
3307 src/sudo_noexec.c, src/ttysize.c:
3308 Make local includes consistent; use double quotes for local includes
3309 except for generated ones where we use angle brackets. Also g/c
3313 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
3315 * plugins/sudoers/match.c:
3316 When matching the runas user and runas group (-u and -g command line
3317 options), keep track of runas group and runas user matches
3318 separately. Only return a positive match if we have a match for
3319 both runas user and runas group (if specified).
3322 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
3324 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3325 Add support for multiple URI lines by joining the contents and
3326 passing the result to ldap_initialize.
3329 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
3330 Do not return -1 on error from the display functions; the caller
3331 expects a return value >= 0.
3334 * plugins/sudoers/sudoers.c:
3335 Do not set both MODE_EDIT and MODE_RUN
3338 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
3340 * include/missing.h:
3341 Move includes to the top of the file.
3344 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
3346 * plugins/sudoers/Makefile.in:
3347 Add missing definition of timedir
3350 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
3351 compat/mksiglist.c, compat/strsignal.c,
3352 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
3353 Add #include of sys/types.h for .c files that include missing.h to
3354 be sure that size_t and ssize_t are defined.
3357 * plugins/sudoers/Makefile.in:
3358 Install sudoers file from the build dir not hte src dir.
3361 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
3363 * plugins/sudoers/set_perms.c:
3364 If runas_pw changes, reset the stashed runas aux group vector.
3365 Otherwise, if runas_default is set in a per-command Defaults
3366 statement, the command runs with root's aux group vector (i.e. the
3367 one that was used when locating the command).
3370 * plugins/sudoers/Makefile.in:
3371 Add target to generate sudoers file Remove generated sudoers file as
3375 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
3378 When not logging I/O install a handler for SIGCONT and deliver it to
3379 the command upon resume. Fixes bugzilla #431
3382 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
3384 * plugins/sudoers/sudoers.h:
3385 g/c unused auth_pw extern definition
3388 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
3389 Move get_auth() into check.c where it is actually used.
3392 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
3395 Convert a remaining puts() and putchar() to use the output function.
3398 * plugins/sudoers/plugin_error.c:
3402 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
3404 * plugins/sudoers/env.c:
3405 Set dupcheck to TRUE when setting new HOME value if !env_reset but
3406 always_set_home is true. Prevents a duplicate HOME in the
3407 environment (old value plus the new one) introduced in f421f8827340.
3410 * configure, configure.in, plugins/sudoers/sudoers,
3411 plugins/sudoers/sudoers.in:
3412 Substitute sysconfdir in the installed sudoers file to get the
3413 correct path for sudoers.d.
3416 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
3419 Fix typo that prevented compilation on Irix; Friedrich Haubensak
3422 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
3424 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
3425 common/atobool.c, common/fileops.c, common/fmt_string.c,
3426 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
3427 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
3428 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
3429 compat/getprogname.c, compat/glob.c, compat/isblank.c,
3430 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
3431 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
3432 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
3433 compat/unsetenv.c, compat/utimes.c, include/compat.h,
3434 include/missing.h, plugins/sample/sample_plugin.c,
3435 plugins/sample_group/getgrent.c,
3436 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
3437 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
3438 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3439 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
3440 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
3441 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
3442 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
3443 Merge compat.h and missing.h into missing.h
3446 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
3448 * plugins/sudoers/auth/pam.c:
3449 If the user hits ^C while a password is being read, error out before
3450 reading any further passwords in the pam conversation function.
3451 Otherwise, if multiple PAM auth methods are required, the user will
3452 have to hit ^C for each one.
3455 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
3457 * plugins/sudoers/check.c:
3461 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3462 Document sudo_conv_t function and sudo_printf_t return values.
3465 * src/conversation.c:
3466 Make _sudo_printf return the number of characters printed on success
3470 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
3472 * plugins/sudoers/sudoers.c:
3473 sudoers.h includes sudo_plugin.h for us
3476 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
3477 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
3479 Use gettimeofday() directly instead of via the gettime() wrapper.
3482 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
3483 compat/strerror.c, config.h.in, configure, configure.in,
3484 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
3485 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
3486 Remove some obsolete configure tests, ancient Unix systems are no
3490 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
3493 Set pp_kit_version and strip off patch level
3497 Better handling of versions with a patchlevel. For rpm and deb, use
3498 the patchlevel+1 as the release. For AIX, use the patchlevel as the
3499 4th version number. For the rest, just leave the patchlevel in the
3503 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
3505 * plugins/sudoers/auth/sudo_auth.c:
3506 For non-standalone auth methods, stop reading the password if the
3507 user enters ^C at the prompt.
3510 * configure, configure.in, plugins/sudoers/Makefile.in,
3511 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
3512 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
3513 plugins/sudoers/pwutil.c:
3514 No need to look up shadow password unless we are doing password-
3515 style authentication. This moves the shadow password lookup to the
3516 auth functions that need it.
3519 * plugins/sudoers/sudoers.c:
3520 Retain final passwd/group refs until the policy close() function.
3521 Note that this doesn't get called in all cases so putting this in a
3522 cleanup function is probably better.
3525 * plugins/sudoers/check.c:
3529 * plugins/sudoers/check.c:
3530 When removing/resetting the timestamp file ignore the tty ticket
3534 * plugins/sudoers/sudoers.c:
3535 delref sudo_user.pw, runas_pw and runas_gr immediately before we
3539 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
3541 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
3542 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
3543 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3544 Reference count cached passwd and group structs. The cache holds
3545 one reference itself and another is added by sudo_getgr{gid,nam} and
3546 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
3547 group structs are persistent for now.
3554 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
3556 * plugins/sudoers/check.c:
3557 Do not produce a warning for "sudo -k" if the ticket file does not
3561 * plugins/sudoers/pwutil.c:
3562 Instead of caching struct passwd and struct group in the red-black
3563 tree, store a struct cache_item which includes both the key and
3564 datum. This allows us to user the actual name that was looked up as
3565 the key instead of the contents of struct passwd or struct group.
3566 This matters because the name in the database may not match what we
3567 looked up, due either to case folding or truncation (historically at
3568 8 characters). Also mark the disabled calls to sudo_freepwcache()
3569 and sudo_freegrcache() as broken since we use cached data for things
3570 like set_perms() and the logging functions. Fixing this would
3571 require making a copy of the structs for user and runas or adding a
3572 reference count (better).
3575 * plugins/sudoers/Makefile.in:
3576 Fix path to mkinstalldirs
3579 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
3580 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
3581 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
3582 Quiet gcc warnings on glibc systems that use warn_unused_result for
3583 write(2) and others.
3586 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
3588 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3592 * aclocal.m4, configure, configure.in:
3593 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
3594 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
3598 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
3600 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
3601 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
3602 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
3605 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
3608 Update to latest version
3611 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
3614 Let pp determine pp_aix_version itself.
3617 * INSTALL, config.h.in, configure, configure.in, mkpkg,
3618 plugins/sudoers/sudoers.c:
3619 Add support for Ubuntu admin flag file and enable it when building
3623 * plugins/sudoers/sudoers, sudo.pp:
3624 Add commented out SuSE-like targetpw settings
3627 * configure, configure.in:
3628 Only try to use +DAportable for non-GCC on hppa
3631 * configure, configure.in:
3632 Prevent configure from adding the -g flag unless in devel mode
3635 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
3638 Go back to sudo-flavor to match existing packages and only use an
3639 underscore for those that need it.
3643 Use sudo_$flavor instead of sudo-$flavor since that causes the least
3644 amount of trouble for the various package managers.
3648 Fix handling of the ldap flavor Remove destdir unless --debug was
3649 specified Make distclean before running configure if there is a
3654 Add back include file.
3658 Pass extra args on to configure on HP-UX, if we don't have the HP C
3659 compiler, disable zlib to prevent gcc from finding it in
3664 Use the HP ANSI C compiler on HP-UX if possible
3667 * plugins/sudoers/sudoreplay.c:
3668 Some getline() implementations (FreeBSD 8.0) do not ignore the
3669 length pointer when the line pointer is NULL as they should.
3672 * plugins/sudoers/sudoreplay.c:
3673 Don't need to check for *cp being non-zero, isdigit() will do that.
3676 * plugins/sudoers/sudoreplay.c:
3677 Add setlocale() so the command line arguments that use floating
3678 point work in different locales. Since sudo now logs the timing
3679 data in the C locale we must Parse the seconds in the timing file
3680 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
3681 the number of seconds with the user's locale so if the decimal point
3682 is not '.' try using the locale-specific version.
3686 Do I/O logging in the C locale so the floating point numbers in the
3687 timing file are not locale-dependent.
3690 * plugins/sudoers/sudoreplay.c:
3691 Use errorx() not error() for thingsthat don't set errno.
3694 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
3697 Better support for 1.2.3 style versions in Tru64 kits
3701 Add Tru64 kit support
3705 Remove apparently unnecessary use of sudo
3708 * Makefile.in, plugins/sudoers/Makefile.in:
3709 Create timedir as part of install-dirs target.
3713 Handle ENXIO from read/write which can occur when reading/writing a
3714 pty that has gone away.
3717 * plugins/sudoers/pwutil.c:
3718 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
3722 platform is a pp flag not a variable
3725 * Makefile.in, mkpkg, sudo.pp:
3726 Add simple arg parsing for mkpkg so we can set debug, flavor or
3731 Make rpm backend work on AIX 5.x
3734 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
3736 * plugins/sudoers/sudoers:
3737 Add commented out Defaults entry for log_output
3740 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3743 Remove sudo docdir completely
3746 * doc/sample.sudo.conf:
3747 Add sample sudo.conf
3750 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3752 * plugins/sudoers/Makefile.in:
3753 Add PACKAGE_TARNAME for docdir
3756 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3759 Pass install-sh -b~ here too.
3762 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3763 plugins/sudoers/Makefile.in, src/Makefile.in:
3764 Install binary files with -b~ to make a backup. Fixes "text file
3765 busy" error on HP-UX during install.
3769 "mv -f" on HP-UX doesn't unlink the destination first so add an
3770 explicit rm before moving the temporary into place.
3773 * configure, configure.in:
3774 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
3777 * doc/Makefile.in, plugins/sudoers/Makefile.in:
3778 Install sudoers2ldif in the doc dir
3781 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3784 Add missing include of maillock.h for Solaris
3787 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
3788 doc/sample.syslog.conf, doc/sudoers.cat:
3789 Change the default syslog facility from local2 to authpriv (or auth
3790 if the operating system doesn't support authpriv).
3793 * Makefile.in, sudo.pp:
3794 Install sudoers as /etc/sudoers on RPM and debian systems where the
3795 package manager will not replace a user-modified configuration file.
3796 This fixes upgrades from the vendor sudo packages.
3800 RPM: use %config(noreplace) instead of %config for volatile This
3801 results in the new file being installed with a .rpmnew suffix
3802 instead of the file being replaced and the old one renamed with a
3806 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
3808 * compat/mkstemps.c, plugins/sudoers/boottime.c:
3809 Include time.h for struct timeval
3813 The return value of strsignal() may be const and should be treated
3814 as const regardless.
3817 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3818 Mention that 127.0.0.1 will not match, nor will localhost unless
3819 that is the actual host name.
3822 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
3823 Rename WHATSNEW -> NEWS
3827 Updated pp with latest patches
3834 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3835 plugins/sudoers/sudoers:
3836 Add commented out line to add HOME to env_keep and add a warning to
3837 the note about the HOME change in UPGRADE.
3840 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
3842 * plugins/sudoers/sudoreplay.c:
3843 Add LINE_MAX define for those without it.
3846 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
3847 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3848 plugins/sudoers/defaults.c:
3849 The tty_tickets option is now on by default.
3853 Mention that AIX authdb support has been fixed.
3857 setauthdb() only sets the "old" registry if it was set by a previous
3858 call to setauthdb(). To restore the original value, passing NULL
3859 (or an empty string) to setauthdb() is sufficient.
3862 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
3864 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
3865 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3866 plugins/sudoers/env.c:
3867 Reset HOME when env_reset is enabled unless it is in env_keep
3870 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3871 The default for set_logname has been "true" for some time now.
3874 * plugins/sudoers/boottime.c:
3875 Add missing include of time.h
3878 * plugins/sudoers/logging.c:
3879 Fix check for dup2() return value.
3882 * plugins/sudoers/env.c:
3883 Add PYTHONUSERBASE to initial_badenv_table
3886 * plugins/sudoers/visudo.c:
3887 Treat an unknown defaults entry as a parse error.
3890 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
3891 Check return value of setdefs() but don't stop setting defaults if
3892 we hit an unknown one.
3895 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
3896 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
3897 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
3898 plugins/sudoers/env.c:
3899 If env_reset is enabled, set the MAIL environment variable based on
3900 the target user unless MAIL is explicitly preserved in sudoers.
3903 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
3906 decode debian code names
3913 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3920 Restore RLIMIT_NPROC after the uid switch if it appears that
3921 runas_setup() did not do it for us. Fixes a bash script problem on
3922 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
3925 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3927 * mkpkg, pp, sudo.pp:
3928 Restore the dot removal in the os version reported by polypkg. Adapt
3929 mkpkg and sudo.pp to the change.
3932 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3935 document --with-pam-login
3938 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3939 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
3942 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3945 Include flavor in solaris package name
3949 Older shells don't support IFS= so set explictly to space, tab,
3954 Use '=' not '==' in test
3958 Fix typo that prevented debian from matching
3962 Add missing prefix setting for debian
3966 Use tab indents to reduce the chance of problem with <<- Fix the
3967 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
3968 line in sudoers for debian Uncomment some env_keep lines for RHEL,
3969 SLES and debian to more closely match the vendor sudoers files.
3970 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
3971 debian for ldap flavor
3974 * plugins/sudoers/sudoers:
3975 Add commented out env_keep entries, sample Aliases and a %sudo line
3979 * configure, configure.in:
3980 Move zlib check later on in the script to avoid a strange shell
3985 Remove check for egrep; configure has its own
3988 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
3991 Enable zlib for linux distros
3995 Add ldap flavor to default build
3999 Simplify rpm linux distro settings
4002 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
4003 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
4007 Fix ChangeLog creation from build dir
4010 * plugins/sudoers/sudoers.c:
4011 Handle getcwd() failure.
4014 * doc/Makefile.in, mkpkg, sudo.pp:
4015 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
4016 environment variable.
4020 Create sudo group on debian
4024 Add debian 4/5/6 and use the dot when doing version matches
4027 * aclocal.m4, configure:
4028 Use a loop when searching for mv, sendmail and sh
4031 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4032 Remove spurious "and"; from debian
4035 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
4036 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
4037 doc/visudo.man.in, doc/visudo.pod:
4038 Substitute the value of EDITOR into the sudoers and visudo manuals.
4041 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
4043 * mkpkg, pp, sudo.pp:
4044 Initial support for debian 4.0
4048 Some platforms need -fPIE instead of -fpie
4051 * plugins/sudoers/auth/pam.c:
4052 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
4053 On Linux it causes a DNS lookup via libaudit.
4057 Update MANIFEST to match packaging changes
4061 We now use pp to generate HP-UX packages
4064 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
4065 Remove vestiges of old binary package bits.
4068 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
4069 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4070 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4072 install-man -> install-doc
4075 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
4076 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
4077 Use http://rc.quest.com/topics/polypkg/ for packaging
4081 Just ignore the -c option, it is the default Add support for -d
4085 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
4087 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
4088 Use _PATH_STDPATH instead of _PATH_DEFPATH
4091 * plugins/sudoers/Makefile.in, src/Makefile.in:
4092 Do not strip binaries.
4095 * INSTALL, configure, configure.in:
4096 Add --insults=disabled configure option to allow people to build in
4097 insult support but have the insults disabled unless explicitly
4101 * compat/mkstemps.c:
4102 Add prototype for gettime()
4105 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
4106 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
4107 plugins/sudoers/sudoers.h:
4108 Add support for a sudo-i pam.d file to be used for "sudo -i".
4109 Adapted from a RedHat patch.
4112 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
4114 * include/missing.h:
4115 Fix mkstemps() prototype
4118 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
4119 config.h.in, configure, configure.in, include/missing.h,
4121 Use mkstemps() instead of mkstemp() in sudoedit. This allows
4122 sudoedit to preserve the file extension (if any) which may be used
4123 by the editor (like emacs) to choose the editing mode.
4126 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
4128 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
4129 plugins/sudoers/ldap.c:
4130 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
4131 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
4132 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
4133 should avoid disabling TLS_CHECKPEER is possible.
4136 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
4138 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4139 Make sudo_plugin format a bit more like a man page
4142 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4143 Add suport for negated user/host/command lists in a Defaults entry.
4144 E.g. Defaults:!baduser noexec
4147 * Makefile.in, common/Makefile.in, compat/Makefile.in,
4148 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4149 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4151 Add uninstall target
4154 * common/Makefile.in, compat/Makefile.in:
4155 Remove unused AR, SED and RANLIB variables
4159 Do not install sample plugins
4162 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
4164 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
4165 configure.in, plugins/sudoers/env.c:
4166 Now that sudoers is a dynamically loaded module we cannot override
4167 the libc environment functions because the symbols may already have
4168 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
4169 replacements from sudoers and add replacements for setenv/unsetenv
4170 for systems that lack them.
4173 * configure, configure.in, plugins/sudoers/Makefile.in:
4174 Link testsudoers with -ldl when needed
4177 * plugins/sample_group/plugin_test.c:
4178 Remove unused time.h and add limits.h for PATH_MAX
4181 * doc/sudoers.ldap.pod:
4185 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
4187 * plugins/sample_group/plugin_test.c:
4188 Do not depend on strlcpy/strlcat
4191 * plugins/sample_group/plugin_test.c:
4192 Standalone test driver for sudoers group plugin.
4195 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
4197 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
4198 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
4202 * plugins/sample_group/sample_group.c:
4203 Fix style nit in function declarations
4206 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4207 Document group_plugin syntax.
4210 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4211 Document the sudoers group plugin.
4214 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
4215 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
4216 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
4217 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
4218 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4219 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
4220 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
4221 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
4222 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
4223 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
4224 Replace built-in non-unix group support with a sudoers group plugin.
4225 Include a sample plugin that can read Unix-format group files.
4228 * configure, configure.in, src/load_plugins.c:
4229 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
4232 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
4234 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
4235 doc/sudoers.man.in, doc/sudoers.pod:
4236 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
4239 * aclocal.m4, configure, configure.in:
4240 Substitute @io_logdir@ for the sudoers I/O log directory.
4243 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
4245 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
4246 common/atobool.c, common/fileops.c, common/fmt_string.c,
4247 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
4248 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
4249 compat/snprintf.c, config.h.in, configure, configure.in,
4250 include/fileops.h, plugins/sample/sample_plugin.c,
4251 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
4252 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
4253 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
4254 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
4255 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4256 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4257 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4258 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
4259 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
4260 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
4261 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
4262 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
4263 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
4264 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
4265 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4266 plugins/sudoers/logging.c, plugins/sudoers/match.c,
4267 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
4268 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4269 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4270 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4271 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
4272 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
4273 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
4274 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
4275 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
4276 Set usrinfo for AIX Set adminstrative domain for the process when
4277 looking up user's password or group info and when preparing for
4278 execve(). Include strings.h even if string.h exists since they may
4279 define different things. Fixes warnings on AIX and others.
4283 Add a separate all target for AIX make which was using the entire
4284 LHS (not just the first entry) of the first target as the implicit
4288 * plugins/sudoers/env.c:
4289 Do not rely on env.env_len when unsetting a variable, just use the
4293 * plugins/sudoers/env.c:
4294 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
4297 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
4299 * plugins/sudoers/vasgroups.c:
4300 Use warningx() instead of log_error() since the latter is not
4301 available to visudo or testsudoers. This does mean that they don't
4305 * plugins/sudoers/sudoers.c:
4306 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
4307 closed the sudoers sources. From Quest sudo.
4310 * plugins/sudoers/pwutil.c:
4311 Ignore case when matching user/group names in the cache. From Quest
4315 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
4317 * config.h.in, configure, configure.in, src/selinux.c:
4318 Add check for setkeycreatecon() when --with-selinux is specified.
4321 * configure, configure.in:
4322 Error out if libaudit.h is missing or ununable when --with-linux-
4326 * doc/HISTORY, doc/history.pod:
4327 Add =head3 entries, mostly for the html version
4330 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
4332 * doc/HISTORY, doc/history.pod:
4333 Mention when LDAP was incorporate.
4336 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
4338 * configure, configure.in:
4339 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
4340 not covered by _ALL_SOURCE.
4343 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
4345 * plugins/sudoers/iolog.c:
4346 Add a cast to quiet a compiler warning.
4349 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4350 Quiet a compiler warning.
4353 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
4354 Call set_fqdn() after sudoers has parsed instead of inline as a
4358 * WHATSNEW, plugins/sudoers/sudoers.c:
4359 Do not call set_fqdn() until sudoers parses (where is gets run as a
4364 mention the change in tty ticket behavior when there is no tty
4367 * plugins/sudoers/check.c:
4368 Do not update tty ticket if there is no tty.
4371 * doc/LICENSE, doc/license.pod:
4372 Update copyright year
4376 Do not rely on BSD make's $>
4379 * configure, configure.in:
4380 Set timedir to /var/db/sudo for darwin to match Apple sudo's
4384 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
4386 * plugins/sudoers/sudoers.h:
4387 Add stub declarations for struct stat and struct timeval
4391 Remove compat/sigaction.c
4394 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
4395 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4396 Check for zlib.h in addition to libz.
4399 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
4401 Move functions and symbols shared between exec.c and exec_pty.c into
4406 Comment out rules to build .man.in and .cat files unless --with-
4411 Comment out rules to build .man.in and .cat files unless --with-
4416 Quote any non-alphanumeric characters other than '_' or '-' when
4417 passing a command to be run via the shell for the -s and -i options.
4421 Add back .man suffix
4424 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
4425 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
4426 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
4427 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
4429 Add Linux audit support.
4432 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
4434 * plugins/sudoers/iolog.c:
4438 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
4439 plugins/sudoers/sudoreplay.c:
4440 Add -f (filter) option to sudoreplay to allow certain streams to be
4441 replayed and others ignored.
4444 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
4446 Fix -A flag when askpass is specified in sudo.conf or if sudo
4447 doesn't need to read a password.
4450 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
4451 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
4455 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4456 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4457 Add support for multiple sudoers_base entries in ldap.conf. From
4461 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
4463 remove setsid check, we require a POSIX system
4466 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
4467 src/sudo.c, src/tgetpass.c:
4468 Check for dup2() failure.
4471 * config.h.in, configure, configure.in:
4472 Remove dup2() check, it is not optional.
4475 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
4478 sync with sudo 1.7.3
4482 SunOS does not ship with an ANSI compiler
4486 Update OS specific notes. Delete some really ancient ones and move
4487 older ones to the end of the list.
4491 Sudo can be downloaded from the web site too Mention "OS dependent
4492 notes" section in INSTALL
4495 * src/exec_pty.c, src/selinux.c:
4496 Call selinux_restore_tty() as part of cleanup() so it gets called
4497 from error()/errorx()
4500 * MANIFEST, doc/PORTING:
4501 Remove obsolete porting guide
4504 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
4505 Move union sudo_in_addr_un into interfaces.h
4509 Remove useless circular dependencies
4512 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
4513 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
4514 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
4515 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
4516 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
4517 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
4518 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
4519 Convert to ANSI C function declarations
4522 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
4523 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
4524 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
4525 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
4526 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
4527 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
4528 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
4529 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
4530 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
4531 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
4532 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
4533 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
4534 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
4535 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
4536 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
4537 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
4538 plugins/sudoers/logging.h, plugins/sudoers/match.c,
4539 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
4540 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
4541 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
4542 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
4543 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
4544 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
4545 src/conversation.c, src/error.c, src/load_plugins.c,
4546 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
4547 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
4548 Update copyright year
4552 Fix commented DEVDOCS when not in devel mode.
4555 * plugins/sudoers/match.c:
4556 Quiet a compiler warning.
4559 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4560 Quiet a compiler warning.
4563 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
4564 Make all functions in ldap.c static
4567 * doc/schema.ActiveDirectory:
4568 Updates from Alain Roy to provide better examples for importing the
4569 schema and to fix problems caused by Windows validating attributes
4570 which have not yet been added before committing the changes.
4573 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
4575 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
4576 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4577 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4578 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
4579 doc/visudo.cat, doc/visudo.man.in:
4580 Leave rules to build .man.in and .cat files uncommented but only
4581 make them part of the "all" rule in devel mode. Generate .cat files
4582 directly from .man.in instead of .man using default values in
4586 * configure, configure.in:
4587 Bump sudo version to 1.8.0b1
4590 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
4591 Print configure args with verbose version information.
4594 * TODO, plugins/sudoers/visudo.c:
4595 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
4596 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
4597 Use tq_append to append sudoers entries to the tail queue.
4600 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
4603 Describe tty timestamp improvements
4606 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4607 A comment character may not be part of a command line argument
4608 unless it is quoted with a backslash. Fixes parsing of:
4609 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
4613 Make this read a little bit better when passwd_timeout is 0.
4616 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
4617 Attempt to handle a default password prompt timeout of zero more
4621 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4622 Do not override value of keepopen global, instead restore it to the
4623 value we pushed onto the stack when popping.
4626 * plugins/sudoers/Makefile.in:
4627 Add dependency for utility programs on libreplace and libcommon
4630 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
4631 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
4632 src/exec.c, src/exec_pty.c, src/tgetpass.c:
4633 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
4636 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
4637 We don't use getgrouplist() at the moment so there's no need to
4638 provide a compat version.
4645 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4646 src/conversation.c, src/sudo.h, src/tgetpass.c:
4647 Fix visiblepw sudoers option; the plugin API portion still needs
4652 Print sudo version as well.
4655 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
4656 Use sudo_printf for I/O log version Clarify policy plugin version
4660 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
4661 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
4662 Silence some compiler warnings
4665 * src/load_plugins.c, src/tgetpass.c:
4666 Store askpass path in a global instead of uses setenv() which many
4670 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4672 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4673 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4674 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
4675 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4676 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
4677 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
4679 Move askpass path specification from sudoers to sudo.conf.
4682 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4683 Use a flag bit in struct command_details for selinux instead of a
4687 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4688 Implement background mode. If I/O logging we use pipes instead of a
4692 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
4693 src/exec.c, src/exec_pty.c, src/tgetpass.c:
4694 Move compat definition of NSIG to compat.h
4697 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4698 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4699 Mention plugins in the sudo manual and add some missing path
4700 substitution in the sudo_plugin manual.
4704 Set _PATH_SUDO_CONF based on $(sysconfdir)
4707 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
4708 src/exec.c, src/exec_pty.c, src/ttysize.c:
4709 Require POSIX termios to build sudo
4713 Ignore SIGPIPE for "sudo -S"
4717 Fix uninitialized variable in TGP_ECHO case and print a newline if
4718 the user interrupted password input.
4722 Make TGP_ECHO override TGP_MASK and don't try to restore the
4723 terminal if we didn't modify it.
4726 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4727 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4728 src/conversation.c, src/sudo.h, src/tgetpass.c:
4729 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
4730 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
4735 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
4738 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4740 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
4741 Add selinux_enabled flag into struct command_details and set it in
4742 command_info_to_details(). Return an error from selinux_setup()
4743 instead of exiting. Call selinux_setup() from exec_setup().
4746 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4749 Remove commented out copy of old sudo_execve() function.
4752 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4754 * plugins/sudoers/sudoers.c:
4755 Fix setting selinux type on command line.
4758 * plugins/sudoers/iolog.c:
4759 In sudoers_io_close(), skip NULL io_fds[] elements.
4763 No longer need NGROUPS_MAX define
4766 * compat/nanosleep.c, config.h.in, configure, configure.in,
4767 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
4768 plugins/sudoers/visudo.c, src/sudo_edit.c:
4769 Replace timerfoo macros with timevalfoo since the timer macros are
4770 known to be busted on some systems.
4774 Remove duplicate call to selinux_setup().
4777 * plugins/sudoers/auth/pam.c:
4778 If pam_open_session() fails, pass its status to pam_end.
4781 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4782 If a file in a #includedir has improper permissions or owner just
4783 skip it. This prevents packages that incorrectly install a file
4784 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
4785 #includedir files still result in a parse error (for now).
4788 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4789 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4790 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
4791 Add use_pty sudoers option to force use of a pty even when not
4795 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
4796 Make env_init() void as it never fails.
4799 * plugins/sudoers/env.c:
4800 No longer use _NSGetEnviron so don't need crt_externs.h
4803 * plugins/sudoers/env.c:
4804 Remove unused VNULL define
4807 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
4809 * plugins/sudoers/iolog.c:
4810 Add #define for maximum session id
4813 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
4814 Split exec.c into exec.c and exec_pty.c
4818 Sync with source file moves.
4821 * src/Makefile.in, src/get_pty.c, src/pty.c:
4822 Rename pty.c -> get_pty.c
4825 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
4827 * plugins/sudoers/iolog.c:
4828 Only use I/O input log file if def_log_input is set and output file
4829 if def_log_output is set.
4832 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
4834 * compat/strsignal.c:
4835 Update copyright year
4842 * plugins/sudoers/sudoers.c:
4843 For sudoedit, make a local copy of editor string si become part of
4844 argv. If no editor environment variable, split def_editor on ':'
4845 since it may be a colon-delimited path.
4849 Remove unneeded endpwent()/endgrent()
4853 Use value of nroff from configure
4857 Add missing const to I/O log action function
4860 * plugins/sudoers/check.c:
4861 Update copyright year and fix whitespace
4864 * configure, configure.in:
4868 * plugins/sudoers/iolog.c:
4869 Remove redundant tty signal blocking in log function.
4872 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
4874 * plugins/sudoers/iolog.c:
4875 Place static keyword where it belongs
4878 * plugins/sudoers/logging.c:
4879 Always use a printf format string for send_mail()
4882 * common/atobool.c, plugins/sudoers/ldap.c:
4883 Extend atobool() so we can use it in the LDAP code.
4886 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
4887 Sudo now stashes tty ctime for tty_tickets on Solaris too.
4890 * plugins/sudoers/boottime.c:
4891 Fix dummy version of get_boottime()
4894 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
4896 * plugins/sudoers/check.c:
4897 Enable tty_is_devpts() support for Solaris with the "devices"
4902 Unbreak the non-io logging case.
4905 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
4906 Fix symbol name conflict with sudo_printf.
4909 * plugins/sudoers/auth/pam.c:
4910 Fix OpenPAM detection for newer versions.
4913 * plugins/sudoers/vasgroups.c:
4914 Sync with Quest sudo git repo
4917 * aclocal.m4, configure, configure.in:
4918 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
4919 Add missing template for ENV_DEBUG Adapted from Quest sudo
4923 Fix typos; from Quest Sudo
4926 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
4928 * plugins/sudoers/Makefile.in:
4929 Add back -I$(top_srcdir); we need it for including compat/foo.h
4930 since we cannot rely on "foo.h" being found relative to the source
4931 file when the cwd is different.
4935 Fix a bug where we could treat EAGAIN as a permanent error. Also set
4936 cstat if perform_io() returns an error.
4939 * common/alloc.c, plugins/sudoers/boottime.c,
4940 plugins/sudoers/sudoers.c:
4941 Add casts to quiet compiler warnings.
4944 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4945 plugins/sudoers/visudo.c:
4946 Fix typo in ternary operator usage.
4949 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
4951 * INSTALL, configure, configure.in:
4952 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
4955 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4956 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
4957 Update docs to match sudoers I/O logging changes
4960 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
4961 pathnames.h.in, plugins/sudoers/def_data.c,
4962 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4963 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
4964 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
4965 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
4966 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
4967 plugins/sudoers/sudoreplay.c:
4968 Break sudoers transcript feature up into log_input and log_output.
4971 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4972 plugins/sudoers/visudo.c:
4973 Use setprogname() as needed.
4976 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4977 Adapt sudoreplay to iolog changes.
4980 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4982 * plugins/sudoers/iolog.c:
4983 Log all input and output into separate files and store a number on
4984 each timing file line to indicate which file the data is in.
4987 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4988 plugins/sudoers/sudoers.h:
4989 Make sudoers_io functions static to iolog.c
4992 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
4994 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
4995 src/sudo_usage.h.in:
4996 Completely remove the -L flag from the sudo front end.
4999 * plugins/sudoers/sudoreplay.c:
5000 Fix EAGAIN handling when writing to stdout.
5003 * plugins/sudoers/sudoers.c:
5004 Eliminate unused variables
5007 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
5008 Re-enable cleanup functions in sudoers plugin and sudo driver for
5012 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
5013 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
5014 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
5015 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5016 Use sudo_printf to display verbose version information.
5019 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
5020 plugins/sudoers/Makefile.in, src/Makefile.in:
5021 Minor Makefile cleanup: fix a typo, change the removal order in the
5022 clean targets, and remove a superfluous include path for the sudoers
5026 * plugins/sudoers/env.c:
5027 Handle duplicate variables in the environment. For unsetenv(), keep
5028 looking even after remove the first instance. For sudo_putenv(),
5029 check for and remove dupes after we replace an existing value.
5032 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
5034 * plugins/sudoers/Makefile.in:
5035 Use explicit path to source file instead of $< for files that live
5036 in devdir and top_srcdir.
5039 * plugins/sudoers/Makefile.in:
5040 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
5041 ending LIBSUDOERS_OBJS with a backslash
5044 * plugins/sudoers/Makefile.in, src/Makefile.in:
5045 Link libcommon before libreplace since libcommon may use functions
5046 only present in libreplace.
5049 * common/Makefile.in:
5050 Move code common to sudo and the sudoers plugin to a convenience
5051 library, libcommon. Removes the need to make links in the sudoers
5052 plugin dir and reduces re-compilation of duplicate object files.
5055 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
5056 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
5057 common/term.c, common/zero_bytes.c, configure, configure.in,
5058 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
5059 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
5060 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
5062 Move code common to sudo and the sudoers plugin to a convenience
5063 library, libcommon. Removes the need to make links in the sudoers
5064 plugin dir and reduces re-compilation of duplicate object files.
5067 * src/exec.c, src/sudo.c, src/sudo.h:
5068 Rename script_execve to sudo_execve and rename script_foo in exec.c
5071 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
5072 rename script.c exec.c and fix up the MANIFEST file
5075 * src/script.c, src/sudo.c, src/sudo.h:
5076 Rename script_setup() to pty_setup() and call from script_execve()
5080 * configure, configure.in:
5081 bump version to 1.8.0a2
5084 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5085 Document init_session
5088 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
5089 plugins/sudoers/auth/sudo_auth.h:
5090 Clean up the sudoers auth API a bit and update the docs.
5093 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
5094 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
5095 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
5096 Add init_session function to struct policy_plugin that gets called
5097 before the uid/gid/etc changes. A struct passwd pointer is passed
5098 in,which may be NULL if the user does not exist in the passwd
5099 database.The sudoers module uses init_session to open the pam
5103 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
5105 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
5106 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
5107 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5108 Add open/close session to sudo auth, only used by PAM. This allows
5109 us to open (and close) the PAM session from sudoers.
5112 * plugins/sudoers/Makefile.in:
5113 Add explicit rule to build getdate.o for HP-UX make.
5116 * plugins/sudoers/Makefile.in:
5117 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
5118 rules as an alternate way to prevent HP-UX make (and others) from
5119 trying to rebuild the parser in non-dev mode.
5122 * plugins/sudoers/sudoers.c:
5123 Re-enable PATH_MAX check for command
5127 For distclean, clean the main directory last since the subdirs need
5128 to be able to run libtool to clean things.
5131 * compat/Makefile.in:
5132 Fix generation of mksiglist.h
5136 Now that we defer sending cstat until the end of script_child() we
5137 cannot reuse cstat when reading command status from parent.
5140 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
5142 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
5143 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
5144 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
5145 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
5146 Use numeric registers to handle conditionals instead of trying to do
5147 it all with text processing.
5151 Document per-command SELinux settings
5154 * plugins/sudoers/sudoers.c:
5155 Repair "sudo -l -U username"
5158 * plugins/sudoers/sudoers.c:
5159 Set selinux role and type in command details.
5162 * src/script.c, src/selinux.c, src/sudo.h:
5163 Rework SELinux support.
5166 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
5168 * src/script.c, src/selinux.c, src/sudo.h:
5169 Make SELinux support compile again. Needs more work to be complete.
5172 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5173 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5174 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
5176 Bring back closefrom settings.
5179 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
5180 plugins/sudoers/sudoers.h:
5181 If running a command or sudoedit in transcript mode, call
5182 io_nextid() before log_allowed() so the session id is logged.
5185 * configure, configure.in:
5186 Use mandoc(1) if nroff(1) is not present.
5190 Use the --file argument to config.status instead of setting
5191 CONFIG_FILES in the environment.
5194 * plugins/sudoers/Makefile.in:
5195 We cannot conditionally update gram.h or the dependency ordering
5196 gets messed up in devel mode.
5199 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
5201 * Makefile.in, compat/Makefile.in, configure, configure.in,
5202 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5203 plugins/sudoers/Makefile.in, src/Makefile.in:
5204 Substitute @SHELL@ into Makefiles
5211 * config.guess, config.sub, configure, configure.in:
5212 Update to autoconf 2.65
5216 Fix libtool target (space vs. tabs)
5219 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
5220 Remove use of RETSIGTYPE; all modern systems have signal handlers
5224 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
5225 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
5226 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
5227 plugins/sudoers/Makefile.in, src/Makefile.in:
5228 Update to libtool-2.2.6b. I haven't made any local modifications
5229 this time, which should be OK since we install sudo_noexec.so by
5233 * compat/Makefile.in, plugins/sample/Makefile.in,
5234 plugins/sudoers/Makefile.in, src/Makefile.in:
5235 Use libtool to clean objects
5238 * include/Makefile.in:
5239 Install sudo_plugin.h as part of "make install" and make other
5240 install targets callable from the top-level Makefile
5243 * configure, configure.in:
5244 regen with autoupdate to eliminate AC_TRY_LINK
5247 * Makefile.in, compat/Makefile.in, configure, configure.in,
5248 doc/Makefile.in, plugins/sample/Makefile.in,
5249 plugins/sudoers/Makefile.in, src/Makefile.in:
5250 Install sudo_plugin.h as part of "make install" and make other
5251 install targets callable from the top-level Makefile
5254 * plugins/sample/sample_plugin.c:
5255 The sample plugin doesn't support being run with no args so return a
5256 usage error in this case.
5259 * plugins/sudoers/iolog.c:
5260 Set close on exec flag for descriptors used for I/O logging so they
5261 are not present in the command being run.
5264 * plugins/sudoers/tsgetgrpw.c:
5265 Set close on exec flag in private versions of setpwent() and
5270 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
5271 Fixes extra fds being present in the command when it is part of a
5275 * plugins/sudoers/sudoers.c:
5276 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
5277 is used when logging). Note that user_ttypath will still be NULL if
5281 * src/script.c, src/sudo.h:
5282 Cosmetic changes: add comments, remove orphaned prototype and
5283 make a global static.
5286 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
5289 Move check for maxfd == -1 to flush_output where it belongs.
5293 Break out of select loop if all the fds we want to select on are -1.
5297 Avoid possible malloc(0) if plugin returns an empty groups list.
5301 Add debugging info when calling plugin close function
5305 Avoid closing stdin/stdout/stderr when we are piping output.
5309 When execve() of the command fails, it is possible to receive
5310 SIGCHLD before we've read the error status from the pipe. Re-order
5311 things such that we send the final status at the very end and prefer
5312 error status over wait status.
5315 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
5317 * plugins/sudoers/auth/sudo_auth.c:
5318 Fix compilation for non PAM/BSD auth/AIX auth
5321 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
5324 Additional checks to make sure we don't close /dev/tty by mistake.
5325 When flushing, sleep in select as long as we have buffers that need
5330 Now that we can use pipes for stdin/stdout/stderr there is no longer
5331 a need to error out when there is no tty. We just need to make sure
5332 we don't try to use the tty fd if it is -1.
5335 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
5337 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5338 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5339 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
5340 Add argc and argv to I/O logger open function.
5343 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
5344 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
5345 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
5346 Remove check_sudoedit function pointer in struct sudo_policy.
5347 Instead, sudo will set sudoedit=true in the settings array. The
5348 plugin should check for this and modify argv_out as appropriate in
5352 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
5354 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
5356 If plugin sets "sudoedit=true" in the command info, enable sudoedit
5357 mode even if not invoked as sudoedit. This allows a plugin to
5358 enable sudoedit when the user runs an editor.
5361 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
5363 * plugins/sudoers/Makefile.in:
5364 gram.h must not depend on gram.y if we want to avoid unnecessary
5365 rebuilding of targets dependent on gram.h when gram.y changes.
5368 * plugins/sample/sample_plugin.c:
5369 Refactor common bits of check_policy and check_edit
5372 * plugins/sample/sample_plugin.c:
5373 Add sudoedit support
5376 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
5378 * plugins/sudoers/Makefile.in:
5379 Rely more on VPATH; fixes a dependency issue with the parser.
5383 Fix typo introduced in last commit
5387 Emulate seteuid using setreuid() or setresuid() as needed. There are
5388 still a few places that call seteuid() directly.
5391 * src/parse_args.c, src/sudo_edit.c:
5392 Attempt to fix building on systems that only have setuid.
5395 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5396 Clarify sudoedit a tad.
5399 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
5402 Fix compilation on HP-UX
5405 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5409 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
5410 Change how we handle the sudoedit argv. We now require that there
5411 be a "--" in argv to separate the editor and any command line
5412 arguments from the files to be edited.
5415 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5416 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
5417 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5418 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
5419 src/sudo.h, src/sudo_edit.c:
5420 Work in progress support for sudoedit. The actual interface used by
5421 the plugin for sudoedit is likely to change.
5424 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
5425 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
5426 Make find_path() a little more generic by not checking def_foo
5427 variables inside it. Instead, pass in ignore_dot as a function
5431 * plugins/sudoers/env.c:
5432 Add version of getenv(3) that uses our own environ pointer.
5435 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
5438 Avoid a potential race condition if SIGCHLD is received immediately
5439 before we call select().
5442 * plugins/sudoers/sudoers.c:
5443 Call env_init() before we open the sudoers sources as those may call
5444 our setenv() replacement.
5447 * plugins/sudoers/env.c:
5448 Initialize env_len in env_init()
5451 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
5453 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
5454 Document time stamp shortcomings under SECURITY NOTES Use "time
5455 stamp" instead of timestamp.
5459 Make sed substitution of mansectsu and mansectform global.
5462 * plugins/sudoers/check.c:
5463 If the tty lives on a devpts filesystem, stash the ctime in the tty
5464 ticket file, as it is not updated when the tty is written to. This
5465 helps us determine when a tty has been reused without the user
5466 authenticating again with sudo.
5470 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
5471 is what our compat checks set.
5474 * configure, configure.in:
5475 Add check for whether sudo need to link with -ldl to get dlopen().
5476 This is a bit of a hack that will get reworked when libtool is
5480 * plugins/sudoers/check.c:
5481 Fix timestamp removal with -k/-K
5484 * plugins/sudoers/Makefile.in:
5485 audit.c is now private to the sudoers plugin
5488 * configure, configure.in:
5489 Link with -lpthread on HP-UX since a plugin may be linked with
5490 -lpthread and dlopen() will fail if the shared object has a
5491 dependency on -lpthread but the main program is not linked with it.
5494 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
5495 Add separate test for getresuid() since HP-UX has setresuid() but no
5500 Remove errant backslash
5504 Fix SIGPIPE handling. Now that we use may use pipes for
5505 stdin/stdout we need to pass any SIGPIPE we receive to the running
5510 Also start the command in the background if stdin is not a tty.
5513 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
5515 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
5516 No need to use pseudo-cbreak mode now that we use pipes when stdout
5517 is not a tty. Instead, check whether stdin is a tty and if not,
5518 delay setting the tty to raw mode until the command tries to access
5519 it itself (and receives SIGTTIN or SIGTTOU).
5523 Use an array for signals received instead of a single variable so we
5524 don't lose any when there are multiple different signals.
5528 Do signal setup after turning off echo, not before. If we are using
5529 a tty but are not the foreground pgrp this will generate SIGTTOU so
5530 we want the default action to be taken (suspend process).
5533 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
5536 Flush the iobufs on suspend or child exit using the same logic as
5537 the main event loop.
5541 Free memory after we are done with it.
5544 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
5547 Quest now sponsors Sudo development
5550 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
5553 Install sudo_plugin man page.
5557 Go back to reseting io_buffer offset and length (and now also the
5558 EOF handling) in the loop we do the FD_SET, not after we drain the
5559 buffer after write() since we don't know what order reads and writes
5564 audit files moved to sudoers plugin directory
5567 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5568 Document plugin_printf and new logging functions.
5572 Add support for logging stdin when it is not a tty. There is still a
5573 bug where "cat | sudo cat" has problems because both cat and sudo
5574 are trying to read from the tty.
5577 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5578 plugins/sudoers/sudoers.c, src/script.c:
5579 Add separate I/O logging functions for tty in/out and
5580 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
5581 is disabled for now.
5584 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
5586 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5587 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5588 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5589 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5590 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
5591 Add pointer to a printf like function to plugin open functon. This
5592 can be used instead of the conversation function to display info and
5597 Stop if make in a subdir fails
5601 Only set user's tty to blocking mode when doing the final flush.
5602 Flush pipes as well as pty master when the process is done.
5605 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
5607 * plugins/sudoers/ldap.c:
5608 Use print_error() when displaying ldap config info in debugging
5612 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
5613 No longer need strdup() or strndup() replacements.
5616 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5617 plugins/sudoers/sudoers.h:
5618 Add print_error() function that uses the conversation function to
5619 print a variable number of error strings and use it in log_error().
5622 * src/script.c, src/sudo.h, src/term.c:
5623 Do not need the opost flag to term_copy() now that we use pipes for
5624 stdout/stderr when they are not a tty.
5628 Use pipes to the sudo process if stdout or stderr is not a tty.
5629 Still needs some polishing and a decision as to whether it is
5630 desirable to add additonal entry points for logging
5631 stdout/stderr/stdin when they are not ttys. That would allow a
5632 replay program to keep things separate and to know whether the
5633 terminal needs to be in raw mode at replay time.
5636 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
5638 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
5639 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
5640 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
5641 Move audit sources into the sudoers plugin dir; the driver does not
5645 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
5646 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
5647 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
5648 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
5649 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
5650 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
5651 src/term.c, src/ttysize.c:
5652 Use angle brackets when including headers that can only be found
5653 when an -I flag is specified. The files in the compat dir could get
5654 away with double quotes here but I've converted all the source files
5655 to use angle brackets for consistency.
5658 * plugins/sudoers/Makefile.in:
5659 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
5660 dir can be found when building outside the source tree.
5663 * plugins/sudoers/Makefile.in:
5664 Clean up links in distclean
5667 * plugins/sudoers/Makefile.in:
5668 Hack around VPATH semantic differences by symlinking files we need
5669 from ../../src into the current directory and build those. A better
5670 fix would be to either make a .a or .la file with those files in it
5671 or simply use a single, flat, Makefile instead of per-subdirs
5675 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
5676 fmt_string is used by the sudoers plugin too so do not include
5677 sudo.h (which is not really needed here anyway)
5680 * compat/Makefile.in, plugins/sample/Makefile.in,
5681 plugins/sudoers/Makefile.in, src/Makefile.in:
5682 Fix building with non-BSD versions of make such as GNU make.
5683 Requires VPATH support, which should be in any non-neolithic make.
5686 * configure, configure.in, plugins/sudoers/Makefile.in,
5687 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
5689 Re-enable bsm audit. Currently auditing is done within the sudoers
5690 plugin itself. If possible, this should really be done in the main
5691 driver but we don't presently have the needed data to do that. This
5692 will be re-evaluated when Linux audit support is added.
5695 * compat/Makefile.in, plugins/sample/Makefile.in,
5696 plugins/sudoers/Makefile.in, src/Makefile.in:
5697 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
5698 of explicit rules in the dependency.
5701 * plugins/sudoers/visudo.c:
5702 Fix mismerge; alias_remove_recursive() now returns int
5705 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
5707 * plugins/sudoers/visudo.c:
5708 Fix a crash when checking a sudoers file that has aliases that
5709 reference themselves. Based on a diff from David Wood.
5713 Print signal info after restoring the tty mode, not before.
5717 Defer call to alarm() until after we fork the child. Pass correct
5718 pid to terminate_child() If the command exits due to signal, set
5719 alive to false like we do when it exits normally. Add missing
5720 check for errpipe[0] != -1 before using it in FD_ISSET
5723 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
5725 * plugins/sudoers/boottime.c:
5726 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
5729 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
5732 Simplify dependencies by using .c.o and .c.lo rules.
5735 * configure, configure.in, plugins/sudoers/Makefile.in,
5737 Substitute in @PROGS@ into src/Makefile to add sesh
5740 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
5742 * plugins/sudoers/sudoers.c:
5743 Add back calls to log_denial() if sudoers does not allow the
5747 * plugins/sudoers/sudoers.c:
5748 Pass in correct pwflag for list and validate.
5751 * plugins/sudoers/env.c:
5752 Add missing check for NULL in validate_env_vars
5756 Add sudo_noexec.la to "all" target, otherwise it only gets built at
5760 * plugins/sudoers/sudoers.c:
5761 Only set sudo_user.env_vars if the env_add list is empty.
5764 * plugins/sudoers/sudoers.c:
5765 Set sudo_user.env_vars so that environment variables specified on
5766 the command line get logged correctly.
5769 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
5770 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5771 Re-enable environment files and setting environment variables on the
5775 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
5777 * plugins/sudoers/check.c:
5778 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
5779 a pointer to time_t as tv_sec in struct timeval may be long.
5782 * plugins/sudoers/check.c:
5783 Don't stash ctime in on-disk tty ticket info for now; on many
5784 (most?) systems the ctime is updated when the tty is written to.
5785 Once I have a better idea of what systems do not update ctime on
5786 ttys (and have a way to test for this) the ctime stash will be
5787 conditionally re-enabled.
5790 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
5792 * MANIFEST, Makefile.in:
5793 Add back "dist" target, this time using a MANIFEST file
5797 Remove Makefile in distclean target
5800 * Makefile.in, src/Makefile.in:
5801 Update clean and cleandir targets
5804 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
5806 Move fileops.c defines and prototypes to filesops.h
5809 * plugins/sudoers/check.c:
5810 Lock the tty timestamp when writing. We shouldn't have to lock when
5811 reading since the file is updated via a single write system call.
5814 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
5816 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
5817 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
5818 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
5819 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
5820 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5821 plugins/sudoers/logging.c, plugins/sudoers/match.c,
5822 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
5823 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
5824 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
5825 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5826 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
5827 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
5828 Convert to ANSI C function declarations
5831 * plugins/sudoers/sudoers.h:
5832 Remove extraneous bits and classify by source file.
5836 Add timercmp macro for systems without it
5839 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
5840 plugins/sudoers/sudoers.h:
5841 get_boottime() now fills in a timeval struct
5844 * plugins/sudoers/check.c:
5845 Store info from stat(2)ing the tty in the tty ticket when tty
5846 tickets are in use. On most systems, this closes the loophole
5847 whereby a user can log out of a tty, log back in and still have the
5851 * config.h.in, configure.in:
5852 Add timespec2timeval and use it when getting ctime/mtime
5855 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
5857 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
5858 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5859 plugins/sudoers/testsudoers.c:
5860 Convert perm setting to push/pop model; still needs some work Use
5861 the stashed runas groups instead of using getgrouplist() Reset perms
5862 to the initial value on error
5865 * config.h.in, configure.in:
5866 fix ctim_get and mtim_get macros
5869 * config.h.in, configure, configure.in, include/compat.h,
5870 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
5871 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
5872 Use timeval directly instead of converting to timespec when dealing
5873 with file times and time of day.
5876 * plugins/sudoers/Makefile.in:
5877 Don't like sudoreplay with libsudoers.la due to a yacc symbol
5881 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
5883 * configure, configure.in:
5884 Darwin >= 9.x has real setreuid(2)
5887 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
5889 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
5893 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
5894 plugins/sudoers/sudoers.h:
5895 Remove remaining references to the environ pointer.
5898 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
5900 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5901 Don't change the environ directly in the sudoers plugin
5904 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
5906 * plugins/sudoers/sudoers.c:
5910 * plugins/sudoers/alias.c:
5911 Fix use after free in error message when a duplicate alias exists.
5914 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
5916 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5918 Add a "noninteractive" boolean to the settings passed in to the
5919 plugin's open function that is set when the user specifies the -n
5923 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5924 Add workaround for the lack of the environ pointer on Mac OS X in
5925 dlopen()ed modules. Use of environ in the sudoers plugin should
5926 ultimately be removed but this will do for the moment.
5929 * plugins/sudoers/visudo.c:
5930 Set errorfile to the sudoers path if we set parse_error manually.
5931 This prevents a NULL dereference in printf() when checking a sudoers
5932 file in strict mode when alias errors are present.
5935 * plugins/sudoers/sudoers.c:
5936 Main sudo no longer print "unable to execute" on exec failure so do
5940 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
5943 Use a pipe to pass back errno to the parent if execve() fails. If we
5944 get an error in script_child(), kill the command and exit.
5947 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5948 src/parse_args.c, src/sudo.c:
5949 Handle plugin's open function returning -2 (usage error).
5953 If execve() fails, leave it to the plugin to print an error string.
5957 If execve fails in logging mode, pass the errno directly to the
5958 grandparent on the backchannel and exit. The immediate parent will
5959 get SIGCHLD and try to report that status but its parent will no
5960 longer be listening. It would probably be cleaner to pass this over
5961 a pipe in script_child().
5964 * plugins/sudoers/sudoers.c:
5965 Don't override rval with results of check_user() unless it failed.
5968 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
5970 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5975 NULL-terminate env_add
5978 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
5981 Call the I/O log open function before the I/O version function.
5984 * plugins/sudoers/iolog.c:
5985 Remove io_conv and just use sudo_conv
5988 * plugins/sudoers/set_perms.c:
5989 Fix set/restore perms for systems w/o setresuid
5992 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
5994 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
5995 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
5996 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5997 Primitive set/restore permissions. Will be replaced by a push/pop
6002 Only need to take action on SIGCHLD in parent if no I/O logger. If
6003 there is an I/O logger we will receive ECONNRESET or EPIPE when we
6004 try to read from the socketpair.
6007 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
6009 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
6010 doc/sudoers.pod, plugins/sudoers/find_path.c:
6011 Merge fb4d571495fa from the 1.7 branch to trunk.
6014 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
6017 Don't set SA_RESTART when registering SIGALRM handler. Do set
6018 SA_RESTART when registering SIGWINCH handler.
6022 Add dev targets for *.man.in and *.cat that don't specfify the
6027 If log_input or log_output returns false, terminate the command.
6031 Better signal handling. Instead of using a single variable to store
6032 the received signal, use an array so we can't lose a signal when
6033 multiple are sent. Fix process termination by SIGALRM in non-I/O
6034 logger mode. Fix relaying terminal signals to the child in non-I/O
6039 Fix a race between when we get the child pid in the parent and when
6040 the child process exits. The problem exhibited as a hang after a
6041 short-lived process, e.g. "sudo id" when no IO logger was enabled.
6044 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
6046 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6047 Add a note about the security implications of the fast_glob option.
6050 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
6052 * config.h.in, configure, configure.in:
6053 Fix up some AC_DEFINE descriptions and regen config.h.in
6056 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
6058 * include/missing.h:
6059 No longer check for strdup or strndup for LIBOBJ replacement.
6063 Avoid installing signal handlers that are io-logger specific. Fixes
6064 job control when no io logger is enabled.
6068 Only regen man pages from pod when configured with --with-devel
6071 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
6073 * Makefile, Makefile.in, configure, configure.in:
6074 Top-level Makefile.in. Nothing is currently substituted but this is
6075 needed for separate build dirs.
6078 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
6079 plugins/sudoers/Makefile.in, src/Makefile.in:
6080 Fix out-of-tree builds
6087 We always install sudoreplay in 1.8
6090 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
6092 * compat/siglist.in:
6093 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
6096 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
6098 * configure, configure.in:
6099 No need to provide strdup() or strndup(), sudo uses estrdup() and
6103 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
6105 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
6106 Free str after using it in the version method. Use sudo_conv, not
6107 io_conv since we don't have the IO conversation function pointer in
6108 the I/O version method anymore now that io_open is delayed.
6111 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
6113 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
6115 Add license to mksiglist.c and note that the bits from pdksh are
6119 * compat/Makefile.in:
6120 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
6123 * plugins/sudoers/Makefile.in:
6124 Add sudoreplay testsudoers and visudo to clean target
6127 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
6128 compat/siglist.in, compat/strsignal.c, configure, configure.in,
6129 include/missing.h, src/script.c:
6130 Create our own sys_siglist for systems without it for use by
6134 * compat/Makefile.in:
6135 Remove duplicate $(LIBOBJDIR)
6138 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
6140 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
6141 Main sudo should not block signals; the plugin should do this in
6145 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
6148 Fix a sizeof(ptr) vs. sizeof(*ptr)
6152 Unlike most operating systems, HP-UX select() is not interrupted by
6153 SIGCHLD when the signal is registered with SA_RESTART. If we clear
6154 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
6155 behavior and the code in the select() loops already handles EINTR
6159 * compat/getprogname.c:
6160 progname should be const
6163 * plugins/sudoers/Makefile.in:
6164 Move --tag=disable-static to when we link sudoers.la, not when we
6168 * src/load_plugins.c:
6169 Load the sudoers I/O plugin by default too now that it is hooked up.
6172 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
6175 It looks like AIX doesn't need to push STREAMS modules for ptys.
6178 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
6180 * src/parse_args.c, src/sudo.c:
6181 Delay calling the I/O plugin open function until the policy plugin
6185 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
6187 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
6188 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
6189 plugins/sudoers/sudoers.h:
6190 Add back io logging (transcript) support. Currently, the open
6191 function runs too early and it is not possible to use the io module
6192 independently of the policy module.
6195 * plugins/sudoers/set_perms.c:
6196 Comment out dead code; will be removed when set_perms is rewritten.
6199 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
6201 * plugins/sudoers/sudoers.c:
6202 Fix off by one error when allocating user_groups.
6205 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
6207 * configure, configure.in, plugins/sudoers/Makefile.in:
6208 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
6211 * plugins/sudoers/sudoers.c:
6212 Fix typo in preserve groups case
6215 * plugins/sudoers/sudoers.c:
6216 In command_info it is "runas_groups" not "groups".
6220 Fix iteration over runas_groups list.
6223 * configure, configure.in, plugins/sudoers/env.c,
6224 plugins/sudoers/match.c, src/script.c:
6225 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
6228 * compat/getgrouplist.c:
6229 getgrouplist(3) for those without it
6232 * plugins/sudoers/sudoers.c:
6233 Set preserve_groups or groups list in command_info
6237 Fix setting of groups list
6240 * config.h.in, configure, configure.in, include/compat.h,
6242 Add checks for getgrset and getgrouplist and use replacement
6243 getgrouplist if the system doesn't support it.
6247 Pass in preserve_groups when the -P flag is specified as per the
6251 * plugins/sudoers/sudoers.c:
6252 Check preserve_groups and ignore_ticket args with atobool instead of
6253 assuming they are true if present.
6256 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
6258 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
6259 plugins/sudoers/plugin_error.c:
6260 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
6261 sudoreplay and testsudoers in the build
6264 * src/Makefile.in, src/term.c:
6265 term.c does not needto include sudo.h
6268 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
6269 doc/sudo_plugin.pod:
6270 Document the -2 return in the check_policy section too
6273 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6274 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6275 src/parse_args.c, src/sudo.c, src/sudo.h:
6276 Fix the -s and -i flags and add support for the "implied_shell"
6277 option. If the user does not specify a command, sudo will now pass
6278 in the path to the user's shell and set impied_shell=true. The
6279 plugin can them either check the command normally or return -2 to
6280 cause sudo to print a usage message and exit.
6283 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
6285 * config.h.in, configure, configure.in, src/load_plugins.c:
6286 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
6287 Darwin where libraries end in .dylib but modules end in .so
6290 * plugins/sudoers/parse.c:
6291 Better prefix determination now that we can't rely on len==0 to tell
6292 the beginning on an entry.
6295 * plugins/sudoers/ldap.c:
6296 display_bound_defaults() stub should return 0, not 1 since it is a
6297 count, not a boolean.
6300 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6301 Document progname in settings
6304 * compat/getprogname.c, include/compat.h,
6305 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
6306 src/parse_args.c, src/sudo.c:
6307 Rewrite compat/getprogname.c and add setprogname(). The progname is
6308 now passed to the plugin via the settings array.
6311 * configure, configure.in, plugins/sudoers/Makefile.in:
6315 * plugins/sudoers/sudo_nss.c:
6316 Add missing whitespace for Runas and Command-specific defaults
6319 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
6320 plugins/sudoers/sudo_nss.c:
6321 Use embedded newlines in lbuf instead of multiple calls to
6326 Add support for embedded newlines.
6329 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
6331 * compat/getprogname.c:
6332 If system doesn't support getprogname or __programe and we are
6333 building a shared object don't bother with Argc/Argv, just return
6337 * config.h.in, configure, configure.in, src/load_plugins.c:
6338 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
6339 appears to always install a shared object with the .so suffix.
6342 * compat/Makefile.in, configure, configure.in,
6343 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
6345 Play more nicely with libtool and let it build libreplace (was
6349 * include/missing.h:
6350 Include stdarg.h for va_list rather than requiring all consumers of
6351 missing.h to include stdarg.h themselves.
6354 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
6355 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
6356 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
6358 Pass in output function to lbuf_init() instead of writing to stdout.
6359 A side effect is that the usage info can now go to stderr as it
6363 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
6365 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
6366 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
6367 src/parse_args.c, src/sudo.c:
6368 Use number of tty columns that is passed in user_info instead of
6369 getting it directly in the lbuf code.
6372 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
6373 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6374 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
6375 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6376 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6377 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
6378 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6379 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
6380 plugins/sudoers/logging.h, plugins/sudoers/match.c,
6381 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
6382 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6383 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6384 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
6385 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6386 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6387 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
6388 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
6389 plugins/sudoers/visudo.c:
6393 * config.h.in, configure, configure.in, src/load_plugins.c:
6394 Set the sudoers plugin name in configure so we get the extension
6398 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6399 Document lines/cols in user_info
6402 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
6403 Add tty size to user info
6407 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
6410 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
6412 * plugins/sudoers/sudoers.c:
6413 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
6414 out if we fail to lookup the user's name that is passed in
6417 * plugins/sudoers/error.c:
6418 Pass the error value back via siglongjmp.
6421 * plugins/sudoers/check.c:
6422 Use conversation function for lecture.
6425 * plugins/sudoers/check.c:
6426 Don't update ticket file if verify_user returns FALSE.
6429 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
6431 * plugins/sudoers/sudoers.c, src/sudo.c:
6432 Wire up invalidate and validate methods for sudoers
6435 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
6436 plugins/sudoers/sudoers.h:
6437 Add support for -k flag with a command.
6441 Allow -k to be specified with a command.
6444 * plugins/sudoers/sudoers.c:
6448 * plugins/sudoers/error.c:
6449 Add newline at the end of message and space after the colon in
6453 * plugins/sudoers/auth/sudo_auth.c:
6454 Add missing newline after pass password warning
6457 * plugins/sudoers/sudoers.c:
6458 Set user_groups and user_ngroups based on user_info
6461 * plugins/sudoers/error.c:
6465 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
6466 Make _warning in error.c use the conversation function and remove
6467 commented out warning/warningx in sudoers.c.
6470 * plugins/sudoers/logging.c:
6471 Use siglongjmp() in log_error for fatal errors
6474 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
6475 Quiet a libtool warning
6479 Build sudoers plugin
6482 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
6483 Use warningx in yyerror() so the conversation function gets used
6484 when built as part of sudoers.
6487 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
6489 * plugins/sudoers/auth/pam.c:
6490 Rename sudo_conv to conversation to avoid a namespace conflict.
6493 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
6494 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6495 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6496 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6497 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6498 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6499 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6500 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6501 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6502 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6503 plugins/sudoers/env.c, plugins/sudoers/error.c,
6504 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
6505 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6506 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
6507 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
6508 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
6509 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6510 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
6511 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
6512 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
6513 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
6514 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
6515 Initial bits of sudoers plugin; still needs work.
6519 Add HAVE_STRDUP and HAVE_STRNDUP
6522 * compat/Makefile.in, configure, configure.in:
6523 Build libmissing in two flavors (one PIC one non-PIC) and link with
6524 the appropriate one.
6527 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6528 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
6529 Build libmissing in two flavors (one PIC one non-PIC) and link with
6530 the appropriate one.
6533 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
6535 * include/missing.h:
6536 Add strdup and strndup and fix strsignal
6539 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
6541 * compat/strdup.c, compat/strndup.c, configure, configure.in,
6542 plugins/sample/Makefile.in, src/Makefile.in:
6543 Add strdup and strndup to compat
6546 * plugins/sample/sample_plugin.c:
6547 Need to include compat.h before missing.h
6550 * compat/strsignal.c:
6551 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
6552 it doesn't exist configure will set it to 0.
6556 Fix botched ANSI C coversion of globexp2()
6559 * configure, configure.in:
6560 Remove redundant getgroups check
6563 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
6564 Require either termios or termio, no more sgtty.
6567 * compat/strsignal.c, config.h.in, configure, configure.in:
6568 Change the sys_siglist check to use AC_CHECK_DECLS and also check
6569 for _sys_siglist and__sys_siglist
6572 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
6574 * configure, configure.in, src/Makefile.in:
6575 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
6576 use SUDO_OBJS for the main driver as part of OBJS.
6579 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6580 Mention in the conversation function section that a newline is not
6585 Add definition of WCOREDUMP for systems without it. This is known
6586 to work on AIX and SunOS 4, but may be incorrect on other systems
6587 that lack WCOREDUMP.
6590 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
6592 * plugins/sample/sample_plugin.c, src/conversation.c:
6593 conversation function no longer puts a newline at the end of info or
6597 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
6600 Use parent process group id instead of parent process id when
6601 checking foreground status and suspending parent. Fixes an issue
6602 when running commands under /usr/bin/time and others.
6605 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
6608 transcript option is now --with not --enable
6611 * plugins/sample/sample_plugin.c:
6612 Add support to -u and -g flags Check fmt_string retval Add timeout
6613 for debugging purposes
6616 * src/script.c, src/sudo.c:
6617 Wire up SIGALRM handler Set close on exec flag for child side of the
6618 socketpair Fix signal handling when not doing I/O logging
6622 g/c unused SIGCHLD handler
6625 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
6626 Don't use emalloc() in fmt_string(); we want to be able to use it
6631 tq_remove not list_remove
6634 * configure, configure.in:
6635 AUTH_OBJS should contain .lo files not .o files.
6638 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
6641 Simplify conversion of command line args to name=value pairs.
6644 * plugins/sample/sample_plugin.c:
6645 Handle NULL reply from conversation function
6649 Don't depend on emalloc/erealloc
6652 * plugins/sample/Makefile.in:
6653 Use $(OBJS) instead of sample_plugin.lo
6656 * plugins/sample/sample_plugin.c:
6657 runas_user is in settings not user_info
6661 Fix a mismatch between sudo_settings and settings_pairs that causes
6662 some settings to get the wrong values.
6665 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
6667 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
6668 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
6669 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
6673 * src/load_plugins.c:
6674 Fix strlcpy() return value check.
6677 * INSTALL, configure, configure.in:
6678 No longer need to substitute in script.o and pty.o; I/O logging
6679 support is always built.
6682 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
6685 Add fallback to /bin/sh when execve() fails with ENOEXEC.
6688 * include/alloc.h, src/alloc.c:
6692 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
6694 * src/script.c, src/sudo.c:
6695 Refactor script_execve() a bit so that it can be used in non-script
6696 mode. Needs more cleanup.
6700 Ignore empty entries in command_info list
6703 * include/list.h, src/list.c:
6707 * src/conversation.c:
6708 Pass timeout to tgetpass()
6712 Add ChangeLog target
6716 Bump version and update things slightly for sudo 1.8.0
6719 * configure, configure.in:
6720 Sudo now requires an ANSI/ISO C compiler
6723 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
6728 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6729 include/list.h, include/missing.h:
6733 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
6734 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
6735 compat/getprogname.c, compat/glob.c, compat/glob.h,
6736 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6737 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6738 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6739 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
6744 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
6746 * src/sudo.c, src/tgetpass.c:
6747 Make user_details extern so tgetpass can get at the uid and gid. Set
6748 uid/gid to user before executing askpass program. Check environment
6749 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
6750 set the askpass program itself
6754 No longer need sudo_usage.h in sudo.c
6757 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
6758 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
6759 src/sudo_usage.h.in:
6760 Document -D level command line flag which maps to the debug_level
6764 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6765 Document debug_level in plugin doc. Still need to document the -D
6766 flag in sudo itself.
6769 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
6771 * plugins/sample/sample_plugin.c:
6772 include missing,h for vasprintf
6775 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
6776 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6777 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
6780 * plugins/sample/sample_plugin.c:
6781 Need to include limits.h
6788 * plugins/sample/Makefile.in, src/Makefile.in:
6789 Add missing compat bits
6792 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
6793 compat files should not include sudo.h wire up compat in sample
6797 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
6798 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
6801 * configure, configure.in:
6805 * plugins/sample/sample_plugin.c:
6806 Log input and output to temp files for proof of concept.
6809 * Makefile, configure, configure.in, doc/Makefile.in:
6810 Add doc Makefile.in and wire it up
6814 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
6815 suspending a shell with the "suspend" builtint.
6819 In child, handle parent side of the pipe going away.
6823 No longer need to check for explicit death of the child (process #2)
6824 since if it dies we will get EPIPE from the socketpair. Fix a
6825 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
6830 Make sudo_debug do a single vfprintf() which will result in a single
6831 write call on most systems. Avoids problems with interleaved debug
6832 printf from different processes. Also remove an extraneous error
6833 case since recv() can't return a short read and add some more XXX.
6836 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
6839 Fix uninitialized variable.
6843 Fix sudo install target
6846 * src/parse_args.c, src/sudo.c, src/sudo.h:
6854 * configure, configure.in:
6855 Fix setting of plugin dir
6863 Add missing source for sudo front end
6866 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
6867 Sample plugin demonstrating the sudo plugin API
6870 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
6871 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
6872 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
6873 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
6874 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
6876 Modular sudo front-end which loads policy and I/O plugins that do
6877 most the actual work. Currently relies on dynamic loading using
6878 dlopen(). See doc/plugin.pod for the plugin API.
6881 * doc/plugin.pod, include/sudo_plugin.h:
6885 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6886 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
6887 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
6888 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
6889 src/fileops.c, src/sudo_edit.c:
6890 Replace emul/include.h with compat/include.h to match new source
6895 Include missing.h for memrchr() proto
6898 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
6899 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
6900 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
6901 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
6902 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
6903 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
6904 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
6905 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
6906 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
6907 compat/getline.c, compat/getprogname.c, compat/glob.c,
6908 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6909 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6910 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6911 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
6912 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
6913 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
6914 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
6915 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
6916 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
6917 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
6918 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
6919 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6920 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
6921 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
6922 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
6923 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
6924 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
6925 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
6926 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
6927 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6928 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
6929 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
6930 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
6931 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
6932 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
6933 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
6934 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
6935 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
6936 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6937 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6938 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6939 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6940 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6941 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6942 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6943 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6944 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
6945 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
6946 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
6947 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6948 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
6949 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
6950 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
6951 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
6952 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
6953 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
6954 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
6955 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
6956 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
6957 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
6958 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
6959 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
6960 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
6961 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6962 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6963 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6964 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
6965 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6966 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
6967 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
6968 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6969 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
6970 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
6971 sample.pam, sample.sudoers, sample.syslog.conf,
6972 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
6973 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
6974 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
6975 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
6976 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
6977 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
6978 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
6979 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
6980 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
6981 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
6982 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
6983 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
6984 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
6985 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
6986 visudo.man.in, visudo.pod, zero_bytes.c:
6987 Rework source layout in preparation for modular sudo.
6990 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
6992 * Avoid a duplicate fclose() of the sudoers file.
6995 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
6998 * Use setrlimit64(), if available, instead of setrlimit() when setting
6999 AIX resource limits since rlim_t is 32bits.
7002 * Fix use after free when sending error messages. From Timo Juhani
7006 * ChangeLog, Makefile.in:
7007 Generate the ChangeLog as part of "make dist" instead of having it
7011 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
7013 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
7014 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
7015 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
7016 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
7017 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
7018 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
7019 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
7020 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
7021 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
7022 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
7023 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
7024 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
7025 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
7026 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
7027 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
7028 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
7029 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
7030 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
7031 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
7032 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
7033 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
7034 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
7035 Remove CVS $Sudo$ tags.
7038 2010-01-18 convert-repo <convert-repo>
7044 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
7047 make this match sudoers SYNOPSIS
7051 Print a newline between Runas and Command-specific defaults in sudo
7056 Use SET and CLR macros in term_raw
7060 Set stdin to non-blocking mode early instead of in check_input. Use
7061 term_raw instead of term_cbreak since the data we get has already
7062 been expanded via OPOST.
7065 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
7068 Enable/disable all postprocessing instead of just nl->crnl
7069 processing since things like tab expansion matter too. However, if
7070 stdout is a tty leave postprocessing on in the pty since we run into
7071 problems doing it only on the real stdout with .e.g nvi.
7074 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
7077 If tty_tickets is enabled and there is no tty, prompt for a
7078 password. Do not lecture user for "sudo -k command" if user has a
7083 Document missing options: --with-efence and --with-bsm-audit
7086 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
7087 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
7088 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
7089 visudo.man.in, visudo.pod:
7090 username -> user name groupname -> group name hostname -> host name
7093 * INSTALL, README.LDAP, sudoers.pod:
7094 filename -> file name like the rest of the docs
7097 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
7100 Fix printing of entries with multiple host entries on a single line.
7103 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
7106 Mention that targetpw affects the timestamp file name.
7109 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
7111 Add compress_transcript option.
7114 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
7116 * configure, configure.in:
7120 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
7121 Better split of membership vs. traditional group check in
7122 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
7125 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
7128 Fix pasto and add default return value.
7131 * check.c, match.c, pwutil.c, sudo.h:
7132 refactor group member checking into user_in_group()
7135 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
7137 Add support for mbr_check_membership() as present in darwin.
7140 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
7143 Rename label to be accurate
7146 * Makefile.in, boottime.c, check.c, config.h.in, configure,
7147 configure.in, sudo.h:
7148 Treat timestamp files from before we booted as old. Idea from and
7152 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
7154 * sudo.c, sudo.pod, sudo_usage.h.in:
7155 Allow the -u flag to be used in conjunction with the -v flag as per
7156 older versions of sudo.
7160 fix typo in last commit
7163 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
7166 Convert fmt_first and fmt_confd into macros.
7170 timeouts can be floats now
7173 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
7174 defaults.h, mkdefaults:
7175 Add support for floating point timeout values (e.g. 2.5 minutes).
7178 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
7181 The -L flag will be removed in sudo 1.7.4
7184 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
7187 Fix a bug due to order of operators.
7190 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
7193 cmnd_matches() already deals with negation so _cmndlist_matches()
7194 does not need to do so itself. Fixes a bug with negated entries in
7198 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
7201 Don't exit() from open_sudoers, just return NULL for all errors.
7205 Can't rely on the shell sending us SIGCONT when transitioning from
7206 backgroup to foreground process.
7210 Add missing extern def for parse_error
7213 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
7216 Avoid a parse error when #includedir doesn't find any files. Closes
7221 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
7224 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
7227 Start command out in foreground mode if stdout is a tty. Works
7228 around issues with some curses-based programs that don't handle
7229 tcsetattr getting interrupted by a signal. Still allows us to avoid
7230 hogging the tty if the command is part of a pipeline.
7233 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
7234 Use a socketpair to pass signals from parent to child. Child will
7235 now pass command status change info back via the socketpair. This
7236 allows the parent to distinguish between signals it has been sent
7237 directly and signals the command has received. It also means the
7238 parent can once again print the signal notifications to the tty so
7239 all writes to the pty master occur in the parent. The command is
7240 now always started in background mode with tty signals handled by
7244 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
7246 * configure, configure.in:
7247 Fix a few typos in the descriptions; from Jeff Makey Only do the
7248 check for krb5_get_init_creds_opt_free() taking two arguments if we
7249 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
7250 positive when using our own krb5_get_init_creds_opt_free which takes
7251 only a single argument.
7254 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
7256 * configure, configure.in:
7257 Remove a spurious comma in the kerb5 bits.
7261 Call krb5_get_init_creds_opt_init() in our emulated
7262 krb5_get_init_creds_opt_alloc() for MIT kerberos.
7265 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
7272 Need to ignore SIGTT{IN,OU} in child when running the command in the
7273 background. Also some minor cleanup.
7276 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
7279 Instead of calling sigsuspend when waiting for SIGUSR[12] from
7280 parent, install the signal handlers w/o SA_RESTART and let them
7281 interrupt waitpid().
7285 Pass along SIGHUP and SIGTERM from parent to child.
7289 Close unused bits of script_fds in processes that don't need them.
7290 Restore default SIGCONT handler in child.
7294 Update foreground/background status in SIGCONT handler in parent
7298 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
7301 Defer setting terminal into raw mode until just before we fork() and
7302 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
7303 and sudo is already in the foreground be sure to set raw mode before
7304 continuing the child.
7307 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
7310 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
7311 give the command the controlling tty if the main sudo process is the
7316 Don't bother with sudo_waitpid() here for now.
7323 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
7326 Remove non-wroking code that crept into rev 1.55
7329 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
7331 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
7332 First pass at zlib support for transcript data files
7336 remove vestiges of ZLDFLAGS
7340 Add missing variable declaration for when TIOCSCTTY is not defined.
7341 Need to include sys/termio.h for TIOCSCTTY on some systems.
7345 when resuming command, send SIGCONT to its pgrp not just pid
7349 remove unused variable
7353 include selinux.h for is_selinux_enabled() proto
7357 Don't use log_error() in the child process.
7361 Do I/O in parent instead of child since the parent can have both
7362 /dev/tty as well as the pty fds open. The child just sets things up
7363 and waits for its grandchild and writes the signal description to
7364 the pty master if the command was killed by a signal.
7367 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
7369 * missing.h, sudo.h:
7370 Move two struct forward declarations from sudo.h to missing.h
7374 Make comment at the top of script_exec() match reality.
7378 if neither stdin nor stdout is a tty, check stderr
7382 Add back dependecy of gram.h on gram.y
7386 Make transcript mode work as long as we can figure out our tty, even
7387 if it is not stdin. We'd like to use /dev/tty but that won't be
7388 valid after the setsid().
7391 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
7393 * config.h.in, configure, configure.in, pty.c:
7394 Add support for IRIX-style dynamic ptys
7397 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
7398 Move alloc.c protos into alloc.h
7402 Move prototypes for missing libc functions to missing.h
7405 * Makefile.in, sudo.h, sudoreplay.c:
7406 Move prototypes for missing libc functions to missing.h
7409 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
7411 * config.h.in, configure, configure.in:
7412 Disable transcript support if no tcsetpgrp until we support older
7413 BSD-style job control.
7416 * configure, configure.in, pty.c, script.c:
7417 Break out pty code into pty.c
7420 * compat.h, config.h.in, configure, configure.in:
7421 add killpg macro if no killpg function
7424 * config.h.in, configure, configure.in, script.c:
7425 Push ptem and ldterm for STERAMS-based systems when allocating a
7429 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
7432 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
7436 Call tcgetpgrp() in the parent, not the child and have the child
7437 spin until it is granted. Fixes a race on darwin.
7441 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
7445 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
7448 In script mode, if the command is killed by a signal, print the
7449 signal description as well as a core dump notification like the
7453 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
7455 Add check for strsignal() and a simple implementation if it is not
7456 there but sys_siglist is
7460 Add missing WUNTRACED and store the signal that stopped the
7461 grandchild in suspended, not signo.
7469 Associate the grandchild's pgrp with the tty instead of the child's
7470 and just get suspend notifications via SIGCHLD instead of directly.
7471 This fixes a hang with programs that try to set terminal attributes
7472 and is more consistent with how the shell handles things.
7475 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
7478 Move setpgid() of child into the parent side of the fork() where it
7482 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
7489 Run command in its own pgrp (like the shell does) for easier
7490 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
7491 to grandchild. Don't want grandchild stopped events in the child
7492 (only termination). Flush output after suspending grandchild before
7497 Back out revision 1.34; the problem lies elsewhere.
7501 Don't set stdout to blocking mode when flushing remaining output.
7502 It can cause us to hang when trying to exit. Need to investigate
7507 Handle SIGTTOU and remove some debugging.
7511 Back out revision 1.10 as the signal that interrupts us may be
7512 SIGTTOU or SIGTTIN which the caller must handle.
7516 Apparently we need to send SIGSTOP to the command as well as ourself
7517 when we get SIGTSTP, the kernel doesn't automatically stop the
7522 Use an extra process to act as the glue bewteen the sessions
7523 associated with the user's controlling tty (what the shell uses) and
7524 the tty that sudo is using to do its logging. Basically, this means
7525 that if we get, e.g. SIGTSTP from the process sudo is running, we
7526 relay the signal to the parent so it's shell can do the job control.
7530 Handle getting/setting terminal attributes when the fd is in non-
7534 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
7536 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7537 Add support for pausing and changing the speed in interactive mode.
7541 Already define O_NOCTTY in compat.h, don't need it here
7544 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
7550 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
7553 Always update the stashed mtime of the temp file instead of using
7554 what we have for the original because the time resolution of the
7555 filesystem the temporary is on may not match that of the filesystem
7556 that holds the original. Should fix bz #371 found by Philippe Levan.
7560 Use cbreak mode instead of raw mode and add signal handlers to
7561 restore the tty on interrupt.
7564 * script.c, sudo.h, term.c:
7565 Retain NL to NLCR conversion on the real tty and skip it on the pty
7566 we allocate. That way, if stdout is not a pty there are no extra
7571 Fix log_output(); just pass in a string and a length.
7574 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
7577 do not use errno when complaining out lack of a tty
7580 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
7582 * Makefile.in, sudoreplay.c, term.c:
7583 Instead of messing with line endings, just set terminal to raw mode
7588 When copying the terminal attributes to the pty, be sure not to set
7589 ONLCR. This prevents extra carriage returns from ending up in the
7594 Convert a do {} while into a while
7598 Use if then instead of test && when installing binaries that may not
7603 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
7604 old tty before associatng with new one.
7607 * script.c, selinux.c, sudo.c, sudo.h:
7608 First cut at refactoring some of the selinux code so it can be used
7609 in conjunction with sudo's transcript support.
7612 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
7614 * aclocal.m4, configure, configure.in:
7615 Fix default case of transcript_enabled being unset.
7618 * script.c, sudoreplay.c:
7619 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
7622 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
7623 Hook up --disable-transcript and --enable-transcript=DIR
7626 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
7628 * aclocal.m4, configure, configure.in, pathnames.h.in:
7629 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
7630 transcript=DIR option to specify the directory
7633 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
7637 * configure, configure.in, sudoers.man.pl, sudoers.pod:
7638 Substitute in default value for secure_path
7642 Mention that the password must be followed by a newline with the -S
7646 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
7649 Go back to dropping out of the select() loop when the process dies;
7650 Linux ptys apparently don't behave the same as BSD in regards to
7651 select(). No need to flush remaining output to the transcript, only
7652 to stdout. Add back code to check the master pty for additional data
7653 when we exit the main select loop.
7656 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
7659 Add getline.o to COMMON_OBJS
7663 sudoreplay depends on libsudo.a
7667 More pwutil.o into COMMON_OBJS
7670 * pwutil.c, testsudoers.c, tsgetgrpw.c:
7671 Remove my_* redirection in pwutil.c for testsudoers and just use the
7672 normal libc get{pw,gr}* names.
7675 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7676 More time and date examples
7679 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
7680 Move nanosleep() emulation into its own file Check librt.a for
7681 nanosleep if we don't find it in libc
7684 * Makefile.in, configure, configure.in:
7685 Build libsudo with the common bits and link things against that.
7693 Keep reading from the pty master -> log file until read returns <=
7694 0. Do our best to write everything to stdout when flushing any
7699 Use unbuffered I/O when writing to stdout and make sure we write the
7703 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
7706 Only use max_wait if it is non-zero
7709 * getdate.c, getdate.y, getline.c:
7714 Fix nanosleep emulation
7718 Fix comment after #endif
7722 Add protos for missing libc bits
7725 * configure, configure.in:
7726 add missing line continuation char
7729 * config.h.in, configure, configure.in, getline.c:
7730 Implement getline() in terms of fgetln() if we have it.
7734 Print year when formatting log line
7738 Document cwd, attempt to document time/date formats.
7742 Fix getline return value check.
7745 * Makefile.in, config.h.in, configure, configure.in, getline.c,
7747 Use getline() if the system has it, else use provide our own for
7752 Refactor code to update output and timing files.
7755 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
7758 Make sudo_getln() behave more like glibc getline.
7762 When flushing remaining output, also update timing file.
7766 Use get_timestr() and make the -l output look like the regular sudo
7770 * logging.c, sudo.h, timestr.c:
7771 Make get_timestr() take a time_t so we can use it properly in
7776 Create session dir earlier now that we update the seq number early.
7779 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
7782 Use fromdate and todate as the keywords instead of from and to; the
7783 short forms will still be accepted.
7787 Fix reading long liensin sudo_getln()
7790 * script.c, sudoreplay.c:
7791 Log the cwd in the script log file. Add sudo_getln() to read
7792 arbitrarily long lines.
7795 * Makefile.in, logging.c, sudo.h, timestr.c:
7796 Move get_timestr() into its own source file so sudoreplay can use
7800 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
7803 Add to and from perdicates (date ranges); needs documentation
7806 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
7808 * Makefile.in, getdate.c, getdate.y:
7809 Fix warning and add generated getdate.c
7812 * Makefile.in, getdate.y:
7813 Add getdate.y to be used for sudoreplay date parsing.
7816 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
7819 Check more than just the first character of a predicate
7822 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7823 Add examples, sort predicates
7826 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
7828 Implement search expressions in sudoreplay similar in concept to
7829 what find or tcpdump uses. TODO: date ranges
7832 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
7835 Remove vhangup as it was hanging up the wrong tty. Should really
7836 vhangup in the child after it as set its tty.
7840 Fix cut at documenting transcript support.
7844 ID= -> TSID= for transcript ID
7847 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
7850 Move fast_glob description to where it belongs in sorted order
7853 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
7854 parse.c, parse.h, sudo.c:
7855 Rename script -> transcript
7858 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
7861 Add timeradd and timersub for those without them
7865 Sanity check sessid before using it.
7869 Only set the session id if we are running a command or editing a
7874 Actually. qsort is fine since most versions fal back to a cheaper
7875 sort when the number of elements to sort is small (like in our
7879 * config.h.in, configure, configure.in, script.c:
7880 Check for dup2 and use dup instead if we don't have it.
7883 * script.c, sudo.c, sudo.h:
7884 Move the code to dup2 the script fds to low numbered descriptors
7885 into script_duplow() and fix the fd sorting.
7888 * script.c, sudo.c, sudo.h:
7889 Move script_setup() back to immediately before we drop privs and
7890 call the new script_nextid() in its place, which will set
7891 sudo_user.sessid for the logging functions.
7894 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
7901 remove unused variable
7904 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
7906 * logging.c, script.c, sudo.c, sudo.h:
7907 Log the session ID, if there is one. Currently logs ID=XXXXXX,
7908 perhaps should be SESSIONID or SESSID.
7911 * Makefile.in, configure, configure.in, sudoreplay.cat,
7912 sudoreplay.man.in, sudoreplay.pod:
7917 add -V (version) flag
7924 * script.c, sudoreplay.c:
7925 Use base36 number for the ID and store script files with paths like
7926 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
7927 (2,176,782,336) unique IDs.
7930 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
7932 * config.h.in, configure.in:
7933 Add check for regcomp
7937 Add support for selecting by pattern and tty when listing.
7940 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7943 The beginnings of a list mode.
7946 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
7952 * Makefile.in, config.h.in, configure.in:
7953 Add scaffolding for building sudoreplay
7957 include error.h first arg to nanotime is const
7961 Initial cut at sudoreplay; replay a sudo session.
7964 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
7967 Fix wait() usage and use correct wait status.
7970 * sudo.c, sudo.h, tgetpass.c:
7971 Add protos for term_* to sudo.h
7975 Fix detection of the child process exiting. Since the child is in
7976 its own session we should only ever get SIGCHLD for that process but
7977 better safe than sorry.
7981 Add UNIX98 pty support.
7984 * configure, configure.in, script.c:
7985 Add UNIX98 pty support.
7988 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
7991 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
7996 Set PAM_RUSER and PAM_RHOST early so they can be used during
7997 authentication. Based on a patch from Jamie Beverly.
8001 Close dir before returning if strlcpy() reports overflow. From
8005 * config.h.in, configure, configure.in, script.c:
8006 On Linux, the openpty proto libes in pty.h
8010 Call vhangup on exit if the system has it Use setpgrp() if no
8014 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
8016 * config.h.in, configure, configure.in:
8017 Add checks for revoke and vhangup if we don't have openpty
8021 Session logging guts that got forgotten in the previous commit.
8024 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
8025 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
8026 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
8028 First cut at session logging for sudo. Still need to write
8029 get_pty() for Unix 98 and old-style BSD ptys. Also needs
8030 documentation and general cleanup.
8033 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
8035 * sudo.c, sudo_edit.c:
8036 Fix a bug introduced with def_closefrom. The value of def_closefrom
8037 already includes the +1.
8040 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
8043 Generate sudo distributions with pax in ustar mode. No longer need
8044 to use a temp file or have the source dir name match the version.
8047 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
8050 Fix expansion of %h in #include names. Fixes bugzilla 363
8053 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
8056 If no arg assume def_data.in
8061 [f5ad45f69f05] [SUDO_1_7_2]
8067 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
8069 * sudoers.cat, sudoers.man.in, sudoers.pod:
8070 Add missing single quotes around a colon in Runas_Spec definition.
8074 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
8076 * sudo.man.in, sudoers.man.in:
8081 In rbrepair, re-color the root or the first non-block node we find
8082 to be black. Re-coloring the root is probably not needed but won't
8086 * sudo.cat, sudoers.cat:
8090 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
8093 When repairing the tree, don't touch the root node.
8096 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
8099 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
8100 Reported by Josef Schmid.
8103 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
8106 Document that we accept env_pam-style environment files
8110 Adapt to accept pam_env-style /etc/environment which allows shell-
8111 style lines such as: export EDITOR="/usr/bin/vi"
8115 Make it clear that env_delete only works when !env_reset. From Lo??c
8119 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
8121 * sudo.pod, sudoers.pod:
8122 Add non-unix group bits, adapted from Quest
8126 build the .cat page in the current working dir, not the src dir
8130 Return EINVAL in setenv() if var is NULL or the empty string to
8131 match glibc behavior.
8134 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
8136 * configure, configure.in:
8137 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
8140 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
8142 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8143 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8147 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
8150 Document --with-libvas and --with-libvas-rpath
8153 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
8155 * ldap.c, sudoers.ldap.pod:
8156 For netscape-derived LDAP SDKs the cert and key paths may be a
8157 directory or a file. However, version 5.0 of the SDK only seems to
8158 support using a directory. If ldapssl_clientauth_init fails and the
8159 cert or key paths look like they could be files, strip off the last
8160 path element and try again.
8164 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
8167 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
8169 * configure, configure.in, match.c, sudo.c, vasgroups.c:
8170 Update non-Unix group support from Quest, as reworked by me.
8178 Add support for escaped hex chars in names, e.g. \x20 for space.
8181 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
8183 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
8184 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
8185 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
8186 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
8187 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
8188 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
8189 tgetpass.c, toke.l, visudo.c:
8190 Update copyright years.
8193 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
8195 * interfaces.c, lbuf.c:
8196 Minor fixes for Minix-3
8199 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
8202 Handle getgroups() returning 0. Also add missing check for
8206 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
8208 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
8209 version.h, visudo.c:
8210 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
8213 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
8216 Remove group setting code in setusercontext case, we will do it
8217 ourselves later on in runas_setup. Set the gid after
8218 initgroups/setgroups is called, since on Mac OS X it seems to change
8222 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
8224 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
8226 Initial bits of non-unix group support using Quest Authentication
8231 Accept %:foo as a non-Unix group
8235 Allow user/group to be double quoted in the case of non-Unix groups
8236 which contain spaces.
8239 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
8242 Don't allow the user to specify the default runas user if their
8243 sudoers entry only allows them to run as a group.
8246 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
8249 Must call audit_success before we change uids.
8252 * logging.c, set_perms.c, sudo.h, testsudoers.c:
8253 Add option for set_perm to not exit on failure and use this in the
8258 In -l mode, if the user is only allowed to run as a group, display
8259 the user's name, not root's before the allowed group.
8263 Fix -g mode, broken by rev 1.503 which had the side effect of
8264 setting the runas user to root unilaterally.
8267 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
8270 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
8274 Only cache by the method we fetched for pwd and grp lookups.
8275 Previously we cached both by namd and id but this can cause problems
8276 for entries that share the same id. Also add more info in the error
8277 message in case the insert fails (which should now be impossible).
8280 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
8283 Add a clarification from Nick Sieger
8286 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
8289 Inline the setting of the environment string.
8292 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
8295 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
8296 in BSD doesn't return an error if the name has '=' in it, it just
8297 treats the '=' as end of string.
8300 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
8303 Not all systems have d_namlen
8306 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
8309 Fix up some pod2html issues.
8312 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
8315 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
8320 Ignore files ending in '~' in sudo.d (emacs backup files)
8324 Ignore files ending in '~' in sudo.d (emacs backup files)
8327 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
8329 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
8330 For #includedir, ignore any file containing a dot
8333 * Makefile.in, version.h:
8337 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
8338 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
8340 Implement #includedir directive. Files in an includedir are not
8341 edited by visudo unless they contain a syntax error.
8346 [8741ed61a78b] [SUDO_1_7_1]
8349 Forgot umask_override
8356 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
8359 Rewind stream if we fdopen sudoers since it may not be at the
8360 beginning. Set the keepopen flag on already-open files too so the
8361 lexer doesn't close them out from under us.
8365 Print the proper file name when there is a parse error in an include
8369 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8375 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8377 * configure, configure.in:
8378 Fix a warning when --without-ldap is specified.
8381 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8383 * alias.c, parse.h, visudo.c:
8384 Store aliases that we remove during check_aliases in a freelist and
8385 free them at the end so we don't leak memory.
8388 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
8391 Check aliases in -c mode too.
8394 * alias.c, parse.h, visudo.c:
8395 Make alias_remove return the alias struct instead of freeing it
8396 directly. Fixes a use after free in alias_remove_recursive, the only
8400 * alias.c, match.c, parse.c, parse.h, visudo.c:
8401 Rename find_alias -> alias_find for consistency.
8404 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8407 When checking for unused aliases, recurse if the alias points to
8411 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
8414 Back out rev 1.105 for now. Real ldapux_client.conf support will be
8415 done later after some refactoring.
8418 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
8421 Treat ldap_hostport the same as "host" for ldapux.
8424 * configure, configure.in:
8425 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
8426 Fixes compilation with ldapux.
8429 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
8435 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
8438 remove errant carriage returns
8445 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8446 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8450 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
8453 Add missing HAVE_BSM_AUDIT
8461 Mention --with-netsvc
8465 Document netsvc.conf support
8468 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
8470 Add support for AIX netsvc.conf (like nsswitch.conf).
8473 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
8475 * config.h.in, configure, configure.in, env.c:
8476 Add --enable-env-debug flag to enable environment sanity checks.
8479 * sudoers.ldap.pod, sudoers.pod:
8480 Work around some pod2html issue.
8483 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
8486 Only sync environ for putenv, setenv, and unsetenv. We need to make
8487 sure that sudo_putenv and sudo_setenv only modify env.envp, not
8491 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
8494 Really fix UNSETENV_VOID
8498 Fix unsetenv when UNSETENV_VOID
8501 * aclocal.m4, configure:
8502 Fix SUDO_FUNC_PUTENV_CONST
8506 tivoli-based ldap does not have ldapssl_err2string
8513 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
8515 * config.h.in, configure, configure.in, ldap.c:
8516 Add support for Tivoli-based LDAP start TLS as seen in AIX.
8521 Add sanity checks for setenv/unsetenv
8525 Include bsm_audit.h in the tarball
8528 * Makefile.in, version.h:
8529 bump version for sudo 1.7.1
8532 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
8533 env.c, ldap.c, sudo.h:
8534 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
8535 provide our own setenv/unsetenv/putenv that operates on own env
8536 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
8539 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
8542 Make "sudoedit -h" work as expected
8546 Make sure def_prompt is always defined. This is a workaround for
8547 pam configs that prompt for a password in the session but don't have
8548 an auth line. A better fix is to expand the sudo prompt earlier and
8549 set def_prompt to that when initializing.
8553 Mention that the helper for -A may be graphical.
8557 Document what happens if there is no tty.
8569 Fix "sudo -k" with no other args
8572 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
8574 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
8575 Allow the -k flag to be specified in conjunction with a command or
8576 another option that may require authentication.
8579 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
8581 * configure, configure.in:
8582 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
8586 Parallel make fix. From Diego E. 'Flameeyes'
8589 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
8591 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8592 Implement umask_override
8599 * sudoers.pod, toke.l, visudo.c:
8600 Implement %h escape in sudoers include filenames.
8604 Need to include compat.h
8607 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
8608 Make audit_success and audit_failure generic functions in
8609 preparation for integrating linux audit support.
8613 remove duplicate include
8616 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
8623 May need to update the runas user after parsing command-based
8627 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
8630 Add missing pair of braces introduced with character class support.
8633 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
8635 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
8636 Rename pwstars to pwfeedback
8639 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
8641 * bsm_audit.c, bsm_audit.h:
8642 Add const to make MacOS happy.
8645 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
8646 configure.in, sudo.c:
8647 Add bsm audit support from Christian S.J. Peron
8651 This is new code, no DARPA notice.
8654 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
8656 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8657 Rename simple_glob -> fast_glob
8664 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8665 Add simple_glob option to use fnmatch() instead of glob(). This is
8666 useful when you need to specify patterns that reference network file
8678 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
8681 Delete any pwstars we wrote after the user hits return. That way
8682 there is no record on screen as to the user's password length.
8685 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
8688 Move terminal setting bits from tgetpass.c to term.c
8691 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
8693 Add pwstars sudoers option that causes sudo to print a star every
8694 time the user presses a key.
8697 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
8700 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
8703 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
8706 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
8707 indicate no limit. From Mark Janssen.
8710 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
8713 Comments that begin with #- should not be parsed as uids.
8716 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
8719 Do not try to set the close on exec flag if we didn't actually open
8723 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
8727 [e11f0e4c1bdd] [SUDO_1_7_0]
8729 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
8735 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
8738 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
8742 * configure, configure.in:
8743 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
8744 as it cannot generate shared objects.
8747 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
8748 K&R compilation fixes
8752 Use tq_foreach_fwd when checking pseudo-commands to make it clear
8753 that we are not short-circuiting on last match. When pwcheck is
8754 'all', initialize nopass to TRUE and override it with the first non-
8758 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
8761 Do not short circuit pseudo commands when we get a match since,
8762 depending on the settings, we may need to examine all commands for
8766 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
8768 * sudoers.cat, sudoers.man.in:
8773 hostnames may also contain wildcards
8777 remove stamp-* files and linux core files in clean target
8780 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
8782 * auth/sudo_auth.h, config.h.in, configure, configure.in:
8783 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
8786 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
8788 * configure, configure.in:
8789 correctly enable SIA on Digital UNIX
8800 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
8802 * check.c, sudo.h, tgetpass.c:
8803 Even if neither stdin nor stdout are ttys we may still have /dev/tty
8807 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
8809 * sudoers.cat, sudoers.man.in:
8814 fix typos; Markus Lude
8826 Fix matching of a line that only consists of a comment char
8829 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
8832 MacOS pam will retry conversation function if it fails so just treat
8833 ^C as an empty password.
8837 When checking for alias use, also check defaults bindings.
8845 Replace my rbdelete with Emin's version (which actually works ;-)
8848 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
8855 malloc options in devel mode for visudo too
8858 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
8861 fix compilation on non-C99; from Theo
8869 when destroying an alias, free the correct data pointer
8873 add proto for aixauth_cleanup; from Dale King
8876 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
8878 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8883 * sudo.pod, sudoers.pod, visudo.pod:
8884 standardize on the term 'option' for command line options (not flag)
8887 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
8890 Add note on configuring HP-UX pam
8893 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
8896 Move tty checks into check_user() so we only do them if we actually
8901 Don't error out if no tty or askpass unless we actually need to
8905 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
8911 * pathnames.h.in, sudo.c:
8912 s/overriden/overridden/; from Tobias Stoeckmann
8915 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
8917 * WHATSNEW, visudo.c:
8918 check sudoers owner and mode in strict mode
8925 * sudo.man.in, sudoers.man.in, visudo.man.in:
8926 Update copyright years.
8929 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
8930 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
8931 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
8932 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
8933 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
8934 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
8935 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
8936 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
8937 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
8938 visudo.pod, zero_bytes.c:
8939 Update copyright years.
8942 * emul/charclass.h, fnmatch.c, glob.c:
8946 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
8949 The loop in fill_cmnd() was going one byte too far past the end,
8950 resulting in a NUL being written immediately after the buffer end.
8953 * UPGRADE, WHATSNEW:
8954 add sections on tgetpass changes
8958 Treat EOF w/o newline as an error.
8961 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
8964 Fix "sudo -v" when NOPASSWD is set.
8967 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
8969 No longer treat an empty password at the prompt as special. To quit
8970 out of sudo you now need to hit ^C at the password prompt.
8973 * sudoers.cat, sudoers.man.in:
8977 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8978 Sudo will now refuse to run if no tty is present unless the new
8979 visiblepw sudoers flag is set.
8982 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
8985 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
8990 fix fallback value for RLIM_SAVED_MAX
8993 * auth/aix_auth.c, auth/sudo_auth.h:
8994 Move clearing of AUTHSTATE into aixauth_cleanup.
8997 * auth/aix_auth.c, env.c:
8998 Unset AUTHSTATE after calling authenticate() as it may not be
8999 correct for the user we are running the command as.
9003 Add isblank() function for systems without it. Needed for POSIX
9004 character class matching in fnmatch.c and glob.c.
9007 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
9010 expound on sudo and cd
9013 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
9019 * sudoers.cat, sudoers.man.in:
9024 mention defauts parse order
9027 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
9029 * Makefile.in, aclocal.m4, compat.h, configure:
9030 Add isblank() function for systems without it. Needed for POSIX
9031 character class matching in fnmatch.c and glob.c.
9035 add emul/charclass.h to HDRS
9038 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
9044 * defaults.c, parse.c, testsudoers.c, visudo.c:
9045 Move update_defaults into defaults.c and call it properly from
9046 visudo and testsudoers.
9049 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
9051 use zero_bytes() instead of memset() for consistency
9054 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
9056 Zero out sigaction_t before use in case it has non-standard entries.
9064 Short circuit glob() checks if basename(pattern) !=
9065 basename(command). Refactor code that checks for a command in a
9066 directory and use it in the glob case if the resolved pattern ends
9070 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
9072 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
9073 Defer setting runas defaults until after runaspw/gr is setup.
9076 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
9078 * match.c, sudo.c, testsudoers.c:
9079 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
9080 systems do not include space for the NUL in the size. Also manually
9081 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
9085 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
9087 * sudo.c, sudoers.pod:
9088 When setting the umask, use the union of the user's umask and the
9089 default value set in sudoers so that we never lower the user's umask
9090 when running a command.
9094 Don't try to read from a zero-length sudoers file. Remove the bogus
9095 Solaris work-around for EAGAIN. Since we now use fgetc() it should
9099 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
9102 In update_defaults() check the return value of user*_matches against
9103 ALLOW so we don't inadvertantly match on UNSPEC.
9106 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
9108 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9109 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9110 regen man pages; no more hyphenation
9114 Don't error out on a zero-length sudoers file. With the advent of
9115 #include the user could create a situation where sudo is unusable.
9118 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
9120 * auth/kerb5.c, config.h.in, configure, configure.in:
9121 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
9122 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
9123 all. Add configure tests to handle all the cases.
9126 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
9133 document sudoers_locale
9136 * sudo.pod, sudo_edit.c:
9137 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
9142 In fill_cmnd(), collapse any escaped sudo-specific characters.
9143 Allows character classes to be used in pathnames.
9146 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
9149 fix typo in non-C89 function declaration
9153 Mention POSIX characters classes now that out fnmatch() and glob()
9157 * sample.sudoers, sudoers.pod:
9158 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
9163 use __signed char if we are going to assign a negative value since
9164 on Power, char is unsigned by default
9167 * config.h.in, configure, configure.in:
9168 Add tests for __signed char and signed char.
9172 Fix AIX limit setting. getuserattr() returns values in disk blocks
9173 rather than bytes. The default hard stack size in newer AIX is
9174 RLIM_SAVED_MAX. From Dale King.
9177 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
9179 * emul/charclass.h, fnmatch.c, glob.c:
9180 Add character class support to included glob(3) and fnmatch(3).
9183 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
9186 Remove UCB advertising clause and some compatibility defines.
9189 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
9192 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
9193 or sudo. This allows one to set EDITOR to sudoedit without getting
9194 into an infinite loop of sudoedit running itself until the path gets
9198 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
9199 Add sudoers_locale Defaults option to override the default sudoers
9203 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
9206 Set locale to system default except for during sudoers parse.
9209 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
9212 Redo change in 1.34 to use pointer arithmetic.
9215 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
9218 Fix a dereference (read) of a freed pointer. Reported by Patrick
9222 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
9225 Set locale to "C" to avoid interpretation issues with character
9226 ranges in sudoers. May want to make the locale a sudoers option in
9230 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
9233 we no longer use setproctitle
9240 * LICENSE, mkstemp.c:
9241 Use my replacement mkstemp() from the mktemp package.
9244 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
9247 regen with yacc skeleton bug fixed
9251 Remove duplicate "as root". From Martin Toft.
9254 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
9256 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
9257 Flesh out the fake passwd entry used for running commands as a uid
9258 not listed in the passwd database. Fixes an issue with some PAM
9262 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
9265 Error out in -i mode if the user has no shell. This can happen when
9266 running commands as a uid with no password entry.
9269 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
9272 Better fix for line continuation inside double quotes. Now accepts
9273 whitespace between the backslash and the newline like the main
9277 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
9280 Fix line continuation in strings. It was only being honored if
9281 preceded by whitespace.
9284 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
9286 * config.h.in, configure, configure.in, logging.c:
9287 Replace the double fork with a fork + daemonize.
9290 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
9293 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
9296 * logging.c, sudo.c, sudo_edit.c, visudo.c:
9297 Change how the mailer is waited for. Instead of having a SIGCHLD
9298 handler, use the double fork trick to orphan the child that opens
9299 the pipe to sendmail. Fixes a problem running su on some Linux
9303 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
9305 * configure, configure.in:
9306 Fix configure test for dirfd() on Linux where DIR is opaque.
9309 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
9312 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
9313 this problem we'll need to revisit this again.
9316 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
9319 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
9320 we only block the signal it may be delivered later when we unblock.
9321 Also, there is no need to block SIGCHLD since we no longer do the
9322 double fork. The normal SIGCHLD handler is sufficient.
9325 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
9327 * configure, configure.in:
9328 Add description for NO_PAM_SESSION, from a redhat patch.
9331 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
9333 * sudo.cat, sudo.man.in, sudo.pod:
9334 Fix typos in -i usage
9337 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
9339 * configure, configure.in:
9340 Redo the test for dgettext() in a way that hopefully will work
9341 around the libintl_dgettext() undefined problem.
9344 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
9346 * schema.ActiveDirectory:
9347 change filename in comment
9350 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
9352 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
9354 Reference schema.ActiveDirectory
9357 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
9359 * schema.OpenLDAP, schema.iPlanet:
9360 Mark sudoRunAs as deprecated.
9363 * schema.ActiveDirectory:
9364 add sudoRunAsUser and sudoRunAsGroup
9367 * schema.ActiveDirectory:
9368 Active Directory schema by Chantal Paradis and Eric Paquet
9371 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
9374 remove an XXX that was fixed
9382 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
9383 fixes a problem where the tag value printed was influenced by
9384 defaults set in the first pass through the parser.
9387 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
9389 * Makefile.in, sudo.psf:
9390 No point in packaging the TODO file
9397 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
9399 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
9400 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
9401 Add env_file Defaults option that is similar to /etc/environment on
9405 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
9407 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
9408 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
9409 version.h, visudo.cat, visudo.man.in:
9410 change version to 1.7.0
9414 initial valgrind pass done
9417 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
9420 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
9423 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
9426 define LDAPS_PORT if the system headers do not
9429 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
9432 Fix another memory leak in init_parser().
9435 * configure, configure.in:
9436 There was a missing space before the ldap libs in SUDO_LIBS for some
9440 * alias.c, gram.c, gram.y, toke.c, toke.l:
9441 Clean up some memory leaks pointed out by valgrind.
9444 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
9447 fix "sudo -s" broken by mode/flags breakout
9450 * configure, configure.in:
9451 remove duplicate check for dgettext
9454 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9457 Fall back to default stanza if no user-specific limit is found.
9460 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
9463 include stdint.h if present
9467 Use LLONG_MAX, not the old QUAD_MAX
9470 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
9476 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
9482 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
9488 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
9499 Split MODE_* defines into primary and flags.
9502 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
9505 It turns out the logic for getting AIX limits is more convoluted
9506 than I realized and differs depending on whether the soft and/or
9507 hard limits are defined.
9510 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
9512 * Makefile.in, configure, configure.in:
9513 Back out AIX-specific change to set the sudo_noexec path to the .a
9514 file, we do really want to use the .so file. Since libtool doesn't
9515 do that correctly, just install the .so file ourselves in the
9520 If the file given to install is a path, only use the basename of the
9521 file when building the destination path.
9524 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
9527 parse_args() cleanup: Sort command line options in the getopt()
9528 switch The -U option requires a parameter Normalize a few ISSET
9529 calls Split mode into mode and flags and retire the now-obsolete
9533 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
9535 Add -n (non-interactive) flag.
9539 Move version printing, etc. into a separate function.
9543 Don't try to cleanup nsswitch if it has not been initialized.
9546 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
9549 Block SIGPIPE in send_mail() so sudo is not killed by a problem
9550 executing the mailer.
9553 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
9555 * configure, configure.in:
9556 AIX shared libs end in .a, not .so.
9559 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
9562 Preserve HOME by default too. Matches documentation and previous
9566 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
9569 Use getopt() to parse the command line. We need to be able to
9570 intersperse env variables and options yet still honor "--"" which
9571 complicates things slightly.
9574 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
9580 * acsite.m4, configure, ltmain.sh:
9581 update to libtool-1.5.26
9584 * config.guess, config.sub:
9585 update from libtool-1.5.26 distribution
9589 attempt to fix compilation errors on AIX
9593 fix typo in last commit
9597 Add WHATSNEW file to the distribution
9601 use warningx instead of fprintf(stderr, ...)
9605 add DEBUG to list2tq
9616 * Makefile.in, aix.c, config.h.in, configure, configure.in,
9617 set_perms.c, sudo.h:
9618 Add aix_setlimits() to set resource limits on AIX using a
9619 combination of getuserattr() and setrlimit(). Currently untested.
9622 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
9624 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
9625 sudoers.man.in, sudoers.pod:
9626 Add mailfrom Defaults option that sets the value of the From: field
9627 in the warning/error mail. If unset the login name of the invoking
9632 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
9636 When adding a default, only call list2tq() once to do the list to tq
9637 conversion. It is not legal to call list2tq multiple times on the
9638 same list since list2tq consumes and modifies the list argument.
9641 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9642 comment out XXXs for now
9649 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
9652 Error out if both -A and -S are specified Error out if -A is
9653 specified but no askpass is configured
9656 * configure, configure.in:
9657 we are not going to ship a sudo-specific askpass
9660 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
9663 fix definition of TGP_ASKPASS
9666 * def_data.c, def_data.in:
9667 make askpass boolean-capable
9671 document --with-askpass
9674 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9675 sudoers.man.in, visudo.cat:
9679 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
9681 * sudo.pod, sudo_usage.h.in, sudoers.pod:
9682 document -A and askpass
9685 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
9686 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
9687 sudo_usage.h.in, tgetpass.c:
9688 Add support for running a helper program to read the password when
9689 no tty is present (or when specified with the -A flag). TODO: docs.
9692 * def_data.c, def_data.in:
9693 add missing printf format to SELinux role and type strings
9696 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
9698 * INSTALL, configure, configure.in:
9699 Disable use of gss_krb5_ccache_name() by default and add
9700 --enable-gss-krb5-ccache-name configure option to enable it. It
9701 seems that gss_krb5_ccache_name() doesn't work properly with some
9702 combinations of Heimdal and OpenLDAP.
9705 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
9708 Ignore setexeccon() failing in permissive mode. Also add a call to
9709 setkeycreatecon() (though this is probably insufficient). From Dan
9714 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
9715 function may be called for non-password reading purposes so we must
9716 be careful not to use def_prompt in cases where it may not be set.
9719 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
9722 Don't free the new tty context, we need to keep it around when we
9723 restore the tty context after the command completes
9726 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
9732 * sudo.man.pl, sudo.pod:
9733 Only put login_cap(3) in SEE ALSO section if we have login.conf
9737 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
9739 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9740 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9745 Substitute in comment characters for lines partaining to login.conf,
9746 BSD auth and SELinux and only enable them if pertinent.
9750 Substitute in comment characters for lines partaining to login.conf,
9751 BSD auth and SELinux and only enable them if pertinent.
9755 Substitute in comment characters for lines partaining to login.conf,
9756 BSD auth and SELinux and only enable them if pertinent.
9760 Substitute in comment characters for lines partaining to login.conf,
9761 BSD auth and SELinux and only enable them if pertinent.
9764 * Makefile.in, configure, configure.in:
9765 Substitute in comment characters for lines partaining to login.conf,
9766 BSD auth and SELinux and only enable them if pertinent.
9769 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
9770 Remove the =cut on the first line (above the copyright notice) to
9771 quiet pod2man. Also remove the hackery in the FILES section and
9772 just deal with the fact that there will a newline between each
9776 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
9779 run sudo.man.pl when generating sudo.man.in
9782 * configure, configure.in, sudo.man.pl:
9783 comment out SELinux manual bits unless --with-selinux was specified
9787 document role and type defaults for SELinux
9790 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
9791 Document "sudo -ll" and make "sudo -l -l" be equivalent.
9794 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
9796 * configure, configure.in:
9797 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
9798 Debian GNU/kFreeBSD.
9801 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9804 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
9808 * logging.c, logging.h, sudo.c:
9809 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
9810 log_auth() into log_allowed() and log_denial() Replace mail_auth()
9811 with should_mail() and a call to send_mail()
9814 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
9817 Add debugging so we can tell if the krb5 ccache is accessible
9821 mention --with-selinux
9824 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
9834 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
9835 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
9836 testsudoers.c, toke.c, toke.l:
9837 Add support for SELinux RBAC. Sudoers entries may specify a role
9838 and type. There are also role and type defaults that may be used.
9839 To make sure a transition occurs, when using RBAC commands are
9840 executed via the new sesh binary. Based on initial changes from Dan
9845 Add support for SELinux RBAC. Sudoers entries may specify a role
9846 and type. There are also role and type defaults that may be used.
9847 To make sure a transition occurs, when using RBAC commands are
9848 executed via the new sesh binary. Based on initial changes from Dan
9852 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
9853 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
9854 pathnames.h.in, selinux.c:
9855 Add support for SELinux RBAC. Sudoers entries may specify a role
9856 and type. There are also role and type defaults that may be used.
9857 To make sure a transition occurs, when using RBAC commands are
9858 executed via the new sesh binary. Based on initial changes from Dan
9862 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9864 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
9865 Add long list (sudo -ll) support for printing verbose LDAP and
9866 sudoers file entries. Still need to update manual.
9869 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
9871 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
9872 Unify the -l output for file and ldap based sudoers and use lbufs
9873 for both. The ldap output does not currently include options that
9874 cannot be represented as tags. This will be remedied in a long list
9875 output mode to come.
9878 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
9881 Use a specific error message for errno == EAGAIN when setuid() et al
9882 fails. On Linux systems setuid() will fail with errno set to EAGAIN
9883 if changing to the new uid would result in a resource limit
9888 Unlimit nproc on Linux systems where calling the setuid() family of
9889 syscalls causes the nroc resource limit to be checked. The limits
9890 will be reset by pam_limits.so when PAM is used. In the non-PAM
9891 case the nproc limit will remain unlimited but there doesn't seem to
9892 be a way around that other than having sudo parse
9893 /etc/security/limits.conf directly.
9896 * env.c, sudo.c, sudo.pod:
9897 Only read /etc/environment on Linux and AIX
9900 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
9902 * configure, configure.in:
9903 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
9904 ldap.conf and ldap.secret paths from going into config.h. Avoid
9905 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
9906 since in some versions of bash they will end up literally in the
9910 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
9913 mention --with-nsswitch=no
9916 * configure, configure.in:
9917 ldap_ssl.h depends on ldap.h being included first
9920 * config.h.in, configure, configure.in, ldap.c:
9921 Include ldap_ssl.h if we can find it. Needed for the
9922 ldapssl_set_strength defines on HP-UX at least.
9933 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9934 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9939 Use 78n line length when formatting cat pages.
9943 Remove redundant info that is now in sudoers.ldap.pod
9946 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
9948 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9949 Reorganize the first section a bit. Substitute the proper path for
9953 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9954 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
9955 schema into EXAMPLES
9958 * configure, configure.in:
9959 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
9963 * configure, configure.in:
9964 substitute for sudoers.ldap.man
9968 Fix cut & pasto introduced when adding sudoers.ldap man page.
9971 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9972 Fill in some of the missing pieces. Still needs some reorganization
9976 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
9978 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
9980 Beginnings of a sudoers.ldap man page. Currently, much of the
9981 information is adapted from README.LDAP.
9984 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
9987 When copying gr_mem we must guarantee that the storage space for
9988 gr_mem is properly aligned. The simplest way to do this is to
9989 simply store gr_mem directly after struct group. This is not a
9990 problem for gr_passwd or gr_name as they are simple strings.
9994 Fix a typo/thinko in one of the calls to
9995 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
9998 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
10000 * config.h.in, configure, configure.in, ldap.c:
10001 include <mps/ldap_ssl.h> in ldap.c if available
10004 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
10007 Make sure we define SIZE_MAX for yacc's skeleton.c
10011 Use TCSAFLUSH when restoring terminal settings (and echo) to
10012 guarantee that any pending output is discarded
10015 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
10018 no longer need to specify SETENV when user has sudo ALL
10022 sync user_args size calculation with sudo.c Add -g group option,
10023 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
10028 Make set_runaspw static void
10031 * testsudoers.c, visudo.c:
10032 g/c set_runaspw stub
10035 * configure, configure.in:
10036 Don't add -llber twice.
10039 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
10045 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
10051 * configure, configure.in:
10052 Fix check that determines whether -llber is required.
10055 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
10056 For netscape-based LDAP, use ldapssl_set_strength() to implement the
10057 checkpeer ldap.conf option.
10061 Delay krb5_cc_initialize() until we actually need to use the cred
10062 cache, which is what krb5_verify_user() does. Better cleanup on
10066 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
10069 Rewrite verify_krb_v5_tgt() based on what heimdal's
10070 krb5_verify_user() does.
10073 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
10076 The U suffix on constants is an ANSI feature
10079 * configure, configure.in:
10080 Add check for ber_set_option() in -llber
10083 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
10086 default if no nsswitch.conf is files only
10089 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
10092 don't tell people to mail aaron about LDAP stuff
10096 timelimit and bind_timelimit
10104 Move ldap.secret reading into a separate function.
10108 user_runas -> runas_pw
10111 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
10117 * check.c, sudo.pod, sudoers.pod:
10118 Add and document the %p escape in the password prompt. Based on a
10119 patch from Patrick Schoenfeld.
10123 Check strlcpy() return values.
10127 refactor ldap binding code into sudo_ldap_bind_s()
10131 Make it clear that host and uri can take multiple parameters. URI is
10132 now supported for more than just openldap nsswitch.conf does't
10137 comment cleanup and update (c) year
10140 * parse.c, sudo_nss.c:
10141 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
10142 This should make it possible to build an LDAP-only sudo binary.
10145 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
10146 Improve chaining of multiple sudoers sources by passing in the
10147 previous return value to the next in the chain
10151 Free up parser data structures in sudo_file_close().
10155 Free up parser data structures in sudo_file_close().
10159 Parse uri ourself if no ldap_initialize() is present Use
10160 ldap_create() instead of deprecated ldap_init() Use
10161 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
10164 * config.h.in, configure, configure.in:
10165 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
10169 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
10171 * config.h.in, configure, configure.in:
10172 add check for ldap_create
10175 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
10177 * config.h.in, configure, configure.in, ldap.c:
10178 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
10179 dn using the mechanism appropriate for the LDAP SDK in use. Use
10180 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
10181 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
10188 * config.h.in, configure.in:
10189 fix typo in mtim_getnsec
10192 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
10194 * config.h.in, configure, configure.in:
10195 add check for st__tim in struct stat as used by SCO
10199 use ldap_search_ext_s instead of deprecated ldap_search_s
10202 * Makefile.in, TODO, sudo.cat, sudo.man.in:
10203 add sudo_nss.h to HDRS
10207 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
10211 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
10214 Use ldap_get_values_len()/ldap_value_free_len() instead of the
10215 deprecated ldap_get_values()/ldap_value_free().
10226 * gettime.c, sudo.c:
10227 Remove some already fixed XXXs
10231 Same return value as non-existent sudoers if LDAP was unable to
10236 mention /etc/environment
10239 * README.LDAP, UPGRADE, WHATSNEW:
10240 Update to reflect recent developments.
10244 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
10248 When building up a query don't list groups in the aux group vector
10249 that are the same as the passwd file group. On most systems the
10250 first gid in the group vector is the same as the passwd entry gid.
10254 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
10255 ldaprc and system defaults that could affect how LDAP works.
10258 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
10259 sudo_nss.c, sudo_nss.h:
10260 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
10261 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
10262 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
10263 file and --with-ldap-secret-file
10267 Honor def_ignore_local_sudoers
10270 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
10273 no longer need to check def_ignore_local_sudoers here
10277 Refactor group vector resetting into a function and also call it
10278 from display_cmnd. Stop after the first sucessful match in
10279 display_cmnd. Print a newline between each display_privs method.
10283 fix double free introduced in rev 1.218
10287 belt and suspenders; zero out result after freeing it
10290 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
10291 Refactor line reading into a separate function, sudo_parseln(),
10292 which removes comments, leading/trailing whitespace and newlines.
10293 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
10297 Make the inability to read the sudoers file a non-fatal error if
10298 there are other sudoers sources available. sudoers_file_lookup now
10299 returns "not OK" if sudoers was not present
10303 make it clear that the global options are from LDAP
10307 allocate proper amount of space for error string
10310 * sudo_nss.c, sudo_nss.h:
10311 actual sudo nss code
10314 * ldap.c, parse.c, sudo.c, sudo.h:
10315 nss-ify display_privs and display_cmnd.
10318 * defaults.c, parse.c, testsudoers.c, visudo.c:
10319 move update_defaults() to parse.c
10322 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
10323 Use nsswitch to hide some sudoers vs. ldap implementation details
10324 and reduce the number of #ifdef LDAP TODO: fix display routines and
10328 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
10330 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
10331 First cut at nsswitch.conf support. Further reorganizaton and
10332 related changes are forthcoming.
10335 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
10337 * env.c, pathnames.h.in, sudo.c, sudo.h:
10338 Add support for reading and /etc/environment file. Still needs to
10339 be documented and should probably only applies to OSes that have it
10340 (AIX and Linux, maybe others).
10347 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
10353 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
10360 Add an example sudoRole, clarify netscape vs. openldap a bit more
10364 Be clear on what is OpenLDAP vs. Netscape-derived
10367 * config.h.in, configure, configure.in, ldap.c:
10368 Use ldapssl_init() for ldaps support instead of trying to do it
10369 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
10370 and tls_key for cert7.db and key3.db respectively. Don't print
10371 debugging info for options that are not set. Add warning if
10372 start_tls specified when not supported.
10376 fix compilation on solaris
10380 add missing .h and .c files for missing lib objs
10383 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
10386 fix LDAP_OPT_NETWORK_TIMEOUT setting
10390 fix compilation on Solaris
10393 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
10395 * configure, configure.in:
10400 try to clear up which variables are for OpenLDAP and which are for
10401 netscape-derived SDKs
10404 * config.h.in, configure, configure.in, ldap.c:
10405 Add support for "ssl on" in both netscape and openldap flavors. Only
10406 the OpenLDAP flavor has been tested.
10409 * logging.c, sudo.c, sudo.h:
10410 Call cleanup() before exit in log_error() instead of calling
10411 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
10418 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
10420 * logging.c, sudo.c, sudo.h:
10421 Better ldap cleanup.
10425 Distinguish between LDAP conf settings that are connection-specific
10426 (which take an ld pointer) and those that are default settings
10430 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
10433 Improved warnings on error.
10437 Make ldap config table driven and set the config *after* we open the
10441 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
10444 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
10447 * configure, configure.in:
10448 some operating systems need to link with -lkrb5support when using
10452 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
10458 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
10462 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
10468 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
10469 add -g support for LDAP
10472 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
10474 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
10475 The -i and -s flags can now take an optional command.
10478 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
10480 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
10482 Add passprompt_override flag to sudoers that will cause the prompt
10483 to be overridden in all cases. This flag is also set when the user
10484 specifies the -p flag.
10488 Move setting of login class until after sudoers has been parsed. Set
10489 NewArgv[0] for -i after runas_pw has been set.
10492 * configure, configure.in:
10493 Move the dgettext check.
10496 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
10498 * auth/pam.c, config.h.in, configure, configure.in:
10499 Add basic support for looking up the string "Password: " in the PAM
10500 localized text db. This allows us to determine whether the PAM
10501 prompt is the default "Password: " one even if it has been
10504 TODO: concatenate non-std PAM prompts and user-specified sudo
10508 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
10510 * Makefile.in, config.h.in, configure, configure.in, parse.c,
10511 set_perms.c, sudo.c, sudo.h:
10512 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
10516 * acsite.m4, configure, interfaces.c, memrchr.c:
10517 Fix typos; Martynas Venckus
10520 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
10523 Don't assume runas_pw is set; it may not be in the -g case.
10526 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
10528 * logging.c, set_perms.c:
10529 Set aux group vector for PERM_RUNAS and restore group vector for
10530 PERM_ROOT if we previously changed it. Stash the runas group vector
10531 so we don't have to call initgroups more than once. Also add no-op
10532 check to check_perms.
10535 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
10537 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
10538 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
10539 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
10540 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
10541 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
10542 Add support for runas groups. This allows the user to run a command
10543 with a different effective group. If the -g option is specified
10544 without -u the command will be run as the current user (only the
10545 group will change). the -g and -u options may be used together.
10546 TODO: implement runas group for ldap improve runas group
10547 documentation add testsudoers support
10550 * configure, configure.in:
10551 fix setting of mandir
10554 * sudo.pod, sudoers.pod:
10555 document that ALL implies SETENV
10559 s/setenv_ok/setenv_implied/g
10563 hostname_matches() returns TRUE on match in sudo 1.7.
10567 use strcmp, not strcasecmp when comparing ALL
10571 Make sudo ALL imply setenv. Note that unlike with file-based
10572 sudoers this does affect all the commands in the sudoRole.
10575 * gram.c, gram.y, parse.c, parse.h:
10576 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
10577 it is not passed on to other commands in the list.
10581 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
10582 sudo_getpwuid() instead of getpwuid().
10585 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
10588 Expand on the dangers of not using visudo to edit sudoers.
10591 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
10594 Don't quote *?[]! on output since the lexer does not strip off the
10595 backslash when reading those in.
10598 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
10601 expand "u_foo" types to "unsigned foo" to avoid compatibility
10605 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
10608 Refactor log line generation in to new_logline().
10611 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
10617 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
10619 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
10621 Add configure check for struct in6_addr instead of relying on
10622 AF_INET6 since some systems define AF_INET6 but do not include IPv6
10626 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
10628 * configure, configure.in:
10629 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
10633 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
10635 * configure, configure.in:
10636 POSIX states that struct timespec be declared in time.h so check
10637 there regardless of the value of TIME_WITH_SYS_TIME.
10640 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
10643 Instead of defining a macro to call the appropriate method for
10644 turning on/off echo, just define tc[gs]etattr() and the related
10645 defines that use the correct terminal ioctls if needed. Also go back
10646 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
10649 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
10659 * INSTALL, auth/pam.c, config.h.in, configure.in:
10660 Add --disable-pam-session configure option to disable calling
10661 pam_{open,close}_session. May work around bugs in some PAM
10665 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
10672 Avoid printing the prompt if we are already backgrounded. E.g. if
10673 the user runs "sudo foo &" from the shell. In this case, the call
10674 to tcsetattr() will cause SIGTTOU to be delivered.
10677 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
10679 * def_data.c, def_data.h, def_data.in:
10680 Reorder things such that the definition of env_reset come right
10681 before the env variable lists.
10685 Shrink type and seqno in struct alias from int to u_short
10688 * alias.c, match.c, parse.c, parse.h:
10689 Add a sequence number in the aliases for loop detection. If we find
10690 an alias with the seqno already set to the current (global) value we
10691 know we've visited it before so ignore it.
10694 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10696 * TODO, auth/pam.c, sudo.c, sudo.h:
10697 PAM wants the full tty path so add user_ttypath which holds the full
10698 path to the tty or is NULL if no tty was present.
10702 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
10706 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
10712 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
10713 parse.h, testsudoers.c, visudo.c:
10717 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
10720 remove some useless casts
10724 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
10725 predates the final C99 spec and the standard specifies that it shall
10726 include stdint.h anyway
10729 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10731 * Makefile.in, alloca.c, configure.in:
10732 Since we ship with a pre-generated parser there is no need to ship a
10733 bogus alloca implementation.
10741 remove initial setting of CHECKSIA, we require that it be unset if
10754 only do SIA checks on Digital Unix
10757 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
10759 * sudoers.cat, sudoers.man.in:
10768 Remove call to krb5_cc_register() as it is not needed for modern
10776 * aclocal.m4, configure.in:
10777 New method for setting the default authentication type and avoiding
10778 conflicts in auth types.
10781 * match.c, parse.c, testsudoers.c:
10782 Each entry in a cmndlist now has an associated runaslist so no need
10783 to keep track of the most recent non-NULL one.
10786 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
10789 back out partial ldaps support mistakenly committed
10793 Add support for unix groups and netgroups in sudoRunas
10796 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
10799 Fix sudoedit of a non-existent file. From Tilo Stritzky.
10802 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
10809 update --passprompt escape info
10813 remove now-bogus comment and update copyright date
10817 Fix up use of with_passwd
10820 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
10821 Update to autoconf-2.61 andf libtool-1.5.24
10825 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
10828 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
10835 move tags and runaslist propagation to be earlier
10839 If -f flag given use the permissions of the original file as a
10844 prevent a double free() when re-initing the parser
10847 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
10853 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
10854 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
10855 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
10856 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
10857 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
10858 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
10859 Remove support for compilers that don't support void *
10866 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
10867 parse.c, parse.h, testsudoers.c, visudo.c:
10868 Move list manipulation macros to list.h and create C versions of the
10869 more complex ones in list.c. The names have been down-cased so they
10870 appear more like normal functions.
10874 Fix cmp command when regenerating parser. Make gram.o the first
10875 dependency for all programs so gram.h will be generated before
10876 anything that needs it.
10880 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
10883 * match.c, parse.c, testsudoers.c:
10884 Use LH_FOREACH_REV when checking permission and short-circuit on the
10885 first non-UNSPEC hit we get for the command. This means that
10886 instead of cycling through the all the parsed sudoers entries we
10887 start at the end and work backwards and quit after the first
10888 positive or negative match.
10895 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
10896 Change list head macros to take a pointer, not a struct.
10904 Propagate the runasspec from one command to the next in a cmndspec.
10907 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
10910 Replace has_meta() with a macro that calls strpbrk().
10916 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
10917 testsudoers.c, visudo.c:
10918 Use a list head struct when storing the semi-circular lists and
10919 convert to tail queues in the process. This will allow us to
10920 reverse foreach loops more easily and it makes it clearer which
10921 functions expect a list as opposed to a single member.
10923 Add macros for manipulating lists. Some of these should become
10926 When freeing up a list, just pop off the last item in the queue
10927 instead of going from head to tail. This is simpler since we don't
10928 have to stash a pointer to the next member, we always just use the
10929 last one in the queue until the queue is empty.
10931 Rename match functions that take a list to have list in the name.
10932 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
10936 Fix pasto, append "!" not negated (which is an int) for sudo -l
10941 Remove the dependency of gram .h on gram.y, the .c dependency is
10942 enough. Only move y.tab.h to gram.h if it is different; avoids
10943 needless rebuilding.
10946 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
10949 Defaults lines may be associated with lists of users, hosts,
10950 commands and runas users, not just single entries.
10953 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
10956 Revert the "cmp" portion of the last diff, it doesn't make sense.
10960 Remove *.lo for clean: When generating the parser, only move the
10961 generated files into place if they differ from the existing ones.
10964 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
10967 Replace IPV6 regexp with a much simpler (readable) one and add an
10968 extra check when it matches to make sure we have a valid address.
10972 Fix thinko introduced when merging IPV6 support.
10975 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
10977 * HISTORY, LICENSE:
10986 mention #uid vs. comment pitfall
10990 Merge in a patch from the libtool cvs that fixes a problem with the
10991 latest autoconf. From Stepan Kasal.
10995 Back out he XOR swap trick, it is slower than a temp variable on
11004 Convert the tail queue to a semi-circle queue and use the XOR swap
11005 trick to swap the prev pointers during append.
11008 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
11011 remove useless statement
11015 Refactor #include parsing into a separate function and return
11016 unparsed chars (such as newline or comment) back to the lexer.
11019 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
11022 mention better uid support
11026 Users may now consist of a uid.
11029 * gram.c, gram.h, toke.c:
11034 Use lbuf_append_quoted() for sudo -l output to quote characters that
11035 would require quoting in sudoers.
11039 Add lbuf_append_quoted() which takes a set of characters which
11040 should be quoted with a backslash when displayed.
11044 Require that the first character after a comment not be a digit or a
11045 dash. This allows us to remove the GOTRUNAS state and treat
11046 uid/gids similar to other words. It also means that we can now
11047 specify uids in User_Lists and a User_Spec may now contain a uid.
11051 Replace RUNAS token with '(' and ')' tokens to make the runas
11052 portion of the grammar more natural.
11056 The BUGS file is history
11059 * Makefile.in, README:
11060 The BUGS file is history
11063 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
11066 Allow comments after a RunasAlias as long as the character after the
11067 pound sign isn't a digit or a dash.
11071 Glob support was back-ported to 1.6.9
11074 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
11077 remove sudo_usage.h in distclean
11081 If a Defaults value contains a blank, double-quote the string.
11085 Properly deal with Defaults double-quoted strings that span multiple
11086 lines using the line continuation char. Previously, the entire
11087 thing, including the continuation char, newline, and spaces was
11092 Be consistent when using single quotes and backticks.
11095 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
11097 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
11098 sudo.c, sudo_usage.h.in:
11099 Add new linebuf code to do appends of dynamically allocated strings
11100 and word-wrapped output. Currently used for sudo's usage() and sudo
11101 -l output. Sudo usage strings are now in sudo_usage.h which is
11102 generated at configure time.
11105 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
11107 * parse.c, sudo.c, sudo.h:
11108 Fix line wrapping in usage() and use the actual tty width instead of
11112 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11119 Mentioned Chris Jepeway's parser and also the new one that is in
11123 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
11125 * sudo.pod, visudo.pod:
11126 For the options list, add flag args where appropriate and increase
11127 the indent level so there is room for them.
11130 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
11133 Fix some spacing in "sudo -l" and add a comment about some bogosity
11134 in the line wrapping.
11137 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11142 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
11143 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
11144 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
11145 testsudoers.c, toke.c, toke.l:
11146 Remove monitor support until there is a versino of systrace that
11147 uses a lookaside buffer (or we have a better mechanism to use).
11150 * config.h.in, configure, configure.in, sudo.c:
11151 use getaddrinfo() instead of gethostbyname() if it is available
11154 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
11157 Deal with OSes where sizeof(gid_t) < sizeof(int).
11161 repair non-getifaddrs() code after ipv6 integration
11165 If we can open sudoers but fail to read the first byte, close the
11166 file stream before trying again.
11169 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
11175 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
11176 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
11179 * sudo.pod, sudoers.pod, visudo.pod:
11180 Add some missing markup Update copyright
11183 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
11185 * configure, configure.in:
11186 fix sudo_noexec extension which got broken in the libtool update
11189 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
11192 explicitly specify -Tascii to nroff
11195 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
11198 remove an ANSI-ism that crept in
11201 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
11204 Adjust list indents Prevent -- from being turned into an em dash Use
11205 a list for the environment instead of a literal paragraph
11209 Use a list for the environment instead of an indented literal
11214 Adjust list indentation
11221 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
11224 mention that when specifying a uid for the -u option the shell may
11225 require that the # be escaped
11228 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
11231 Fix off by one in group matching.
11234 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
11237 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
11240 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
11242 * configure, configure.in:
11243 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
11244 -lgssapi_krb5 case.
11247 * aclocal.m4, configure, configure.in:
11248 Fix link tests such that new gcc doesn't optimize away the test.
11251 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
11253 * sudo.pod, sudoers.pod, visudo.pod:
11254 add missing over/back
11257 * sudo.pod, sudoers.pod, visudo.pod:
11258 Change FILES section to use =item
11262 Add back allocation of the env struct in rebuild_env but save a copy
11263 of the old pointer and free it before returning.
11267 Don't init the private environment in rebuild_env() since it may
11268 have already been done implicitly sudo_setenv/sudo_unsetenv.
11270 Multiply length by sizeof(char *) in memcpy/memmove when copying the
11271 environment so we copy the full thing.
11273 Add missing set of parens so we deref the right pointer in
11274 sudo_unsetenv when searching for a matching variable.
11277 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
11279 * sudo.pod, sudoers.pod, visudo.pod:
11280 Use file markup for paths in the FILES section
11283 * sudo.pod, sudoers.pod, visudo.pod:
11284 Don't capitalize sudo/visudo
11288 Sort sudoers options; based on a diff from Igor Sobrado.
11291 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
11293 * sudo.pod, sudoers.pod, visudo.pod:
11294 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
11295 latter confuses pod2man. The Makefile rules for the .man.in file
11296 will add @mansectsu@ and @mansectform@ back in after pod2man is done
11300 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
11302 * LICENSE, Makefile.in, license.pod:
11303 Move license info to pod format
11306 * configure, configure.in, sudoers.pod:
11307 Substitute value of path_info into sudoers man page.
11311 remove features that were back-ported to 1.6.9
11314 * sudo.c, sudo.pod, visudo.c, visudo.pod:
11315 Sort SYNOPSIS and sync usage. From Igor Sobrado.
11319 Only need sudo_setenv/sudo_unsetenv if we are going to use
11320 ldap_sasl_interactive_bind_s() but don't have
11321 gss_krb5_ccache_name().
11325 rebuild without branch info
11329 Add ChangeLog target
11333 Run cleanup code if the user hits ^C at the password prompt.
11337 Some versions of pam_lastlog have a bug that will cause a crash if
11338 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
11342 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
11345 ChageLog not Changelog
11353 CHANGE -> Changelog
11360 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
11362 * config.h.in, configure, configure.in, ldap.c:
11363 Add configure hooks for gss_krb5_ccache_name() and the gssapi
11367 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
11370 rebuild_env() and insert_env_vars() no longer return environment
11371 pointer, they set environ directly.
11373 No longer need to pass around an envp pointer since we just operate
11376 Add dosync argument to insert_env() that indicates whether it should
11377 reset environ when realloc()ing env.envp.
11379 Use an initial size of 128 for the environment.
11383 Split sudo_setenv() into an external version and a version only for
11384 use by rebuild_env().
11387 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
11390 Add support for using gss_krb5_ccache_name() instead of setting
11391 KRB5CCNAME. Also use sudo_unsetenv() in the non-
11392 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
11393 original environment. TODO: configure setup for
11394 gss_krb5_ccache_name()
11401 * README.LDAP, ldap.c:
11402 Add support for sasl_secprops in ldap.conf
11406 Add sudo_unsetenv() and refactor private env syncing code into
11410 * README.LDAP, ldap.c:
11411 The ldap.conf variable is sasl_auth_id not sasl_authid.
11414 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
11416 * ldap.c, sudo.c, sudo.h:
11417 Add support for krb5_ccname in ldap.conf. If specified, it will
11418 override the default value of KRB5CCNAME in the environment for the
11419 duration of the call to ldap_sasl_interactive_bind_s().
11423 Remove format_env() Add sudo_setenv() to replace most format_env() +
11424 insert_env() combinations. insert_env() no longer takes a struct
11429 Fix use_sasl vs. rootuse_sasl logic.
11432 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
11433 Add support for SASL auth when connecting to an LDAP server. Adapted
11434 from a diff by Tom McLaughlin.
11437 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
11439 * configure, configure.in:
11440 Only enable AIX or BSD auth if no other exclusive auth method has
11441 been chosen. Allows people to e.g., use PAM on AIX without adding
11442 --without-aixauth. A better solution is needed to deal with default
11443 authentication since if a non-exclusive method is chosen we will
11444 still get an error.
11447 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
11449 * HISTORY, Makefile.in, history.pod:
11450 Generate HISTORY from history.pod (which is also used for web pages)
11453 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
11455 * sudo.man.in, sudoers.man.in:
11460 Better explanation of environment handling in the sudo man page.
11464 Defer setting user-specified env vars until after authentication.
11468 honor def_default_path for PATH set on the command line
11471 * env.c, sudo.c, sudo.pod, sudoers.pod:
11472 Allow user to set environment variables on the command line as long
11473 as they are allowed by env_keep and env_check. Ie: apply the same
11474 restrictions as normal environment variables. TODO: deal with
11478 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
11480 * sudo.c, sudo_edit.c:
11481 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
11482 Don't allow -E or env var setting in sudoedit mode. More accurate
11483 usage() when called as sudoedit.
11491 add -c option to sudoedit synopsis
11499 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
11500 value from {user,host,runas,cmnd}_matches(). Rename *matches
11501 variables -> *match. Purely cosmetic.
11505 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
11513 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
11516 Make pwcheck local to the pwflag block. Use pwcheck even if user
11517 didn't match since Defaults options may still apply.
11521 Do not update timestamp if user not validated by sudoers.
11525 for PERM_RUNAS, set the egid to the runas user's gid and restore to
11526 the user's original in PERM_ROOT
11529 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
11530 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
11535 don't check timestamp mtime if we are just going to remove it
11539 Move sudoers defaults parameters into their own section.
11543 Reduce a level of indent by a few placed continue statements.
11547 Make matching but negated commands/hosts/runas entries override a
11548 previous match as expected. Also reduce some levels of indent by a
11549 few placed continue statements.
11552 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
11555 Print default runas in "sudo -l" if sudoers don't specify one.
11559 Less hacky way of testing whether the domain was set.
11562 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
11565 Mention pam-devel and openldap-devel for Linux
11568 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
11574 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
11577 fix typo in Solaris project support
11585 Make -- on the command line match the manual page. The implied shell
11586 case has been simplified as a result.
11589 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
11592 add simplistic support for sudoRunas; note that if a sudoers entry
11593 contains multiple Runas users, all will apply to the sudoRole
11597 honor SETENV and NOSETENV tags
11600 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
11603 Redo setting of user_args. We now build up a private copy of argv
11604 first and then replace the NULs?with spaces.
11608 getcwd() returns NULL on failure, not 0 on success
11612 allow chunksiz to reach 1 before erroring out
11615 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11620 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
11622 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
11623 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
11625 Add support for setting environment variables on the command line.
11626 This is only allowed if the setenv sudoers options is enabled or if
11627 the command is prefixed with the SETENV tag.
11631 replace Aaron's email address with the sudo-workers list
11638 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
11640 * schema.OpenLDAP, schema.iPlanet:
11641 Break schema out into separate files.
11644 * Makefile.in, README.LDAP:
11645 Break schema out into separate files.
11648 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
11651 free message if set by authenticate()
11655 deal with NULL gr_mem
11658 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
11665 add template for HAVE_PROJECT_H
11672 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
11675 mention --with-project
11678 * config.h.in, configure.in, sudo.c:
11679 Add Solaris 10 "project" support. From Michael Brantley.
11691 Fix preservation of LDFLAGS in the LDAP case.
11695 Remove dependecy on NULL
11702 * aclocal.m4, configure.in:
11703 Can't use the regular autoconf fnmatch() check since we need
11704 FNM_CASEFOLD so go back to our custom one.
11708 Fix preserving of variables in env_keep.
11716 expand upon env resetting and mention that it began in 1.6.9 not
11721 Update descriptions of env_keep and env_check to match current
11725 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
11728 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
11729 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
11732 * env.c, logging.c:
11733 Treat USERNAME environemnt variable like LOGNAME/USER
11737 Don't need to populate keepenv table with the contents of the
11742 Don't force sudo into the C locale.
11746 Make env_check apply when env_reset it true. Environment variables
11747 are passed through unless they contain '/' or '%'. There is no need
11748 to have a variable in both env_check and env_keep.
11751 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
11754 Remove an duplicate lock_file() call and add a comment.
11758 Add sudo 1.6.9 upgrade note.
11761 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
11764 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
11765 small. From Klaus Wagner.
11768 * logging.c, sudo.h:
11769 Redo the long syslog line splitting based on a patch from Eygene
11770 Ryabinkin. Include memrchr() for systems without it.
11774 Redo the long syslog line splitting based on a patch from Eygene
11775 Ryabinkin. Include memrchr() for systems without it.
11778 * Makefile.in, config.h.in, configure, configure.in:
11779 Redo the long syslog line splitting based on a patch from Eygene
11780 Ryabinkin. Include memrchr() for systems without it.
11784 Since we need to be able to convert timespec to timeval for utimes()
11785 the last 3 digits in the tv_nsec are not significant. This makes the
11786 sudoedit file date comparison work again.
11789 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
11791 * aclocal.m4, configure, configure.in:
11792 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
11793 This deals with exclusive authentication methods in a simple way.
11796 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
11799 mkstemp.c is BSD code too.
11802 * sudo.pod, sudoers.pod, visudo.pod:
11803 No commercial support for now.
11806 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
11809 cleanenv() is no more.
11812 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
11815 Display branch info in Changelog
11819 Include config.h early so we have it for TIME_WITH_SYS_TIME
11823 Fix Changelog generation and update.
11826 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11829 Use /proc/self/fd instead of /proc/$$/fd
11831 Move old-style fd closing into closefrom_fallback() and call that if
11832 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
11835 * auth/kerb5.c, config.h.in, configure.in:
11836 o use krb5_verify_user() if available instead of doing it by hand o
11837 use krb5_init_secure_context() if we have it o pass an encryption
11838 type of 0 to krb5_kt_read_service_key() instead of
11839 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
11843 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
11847 Fix closefrom() substitution in the Makefile
11851 Mention alternate sudo pronunciation.
11854 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
11857 Remove KRB5_KTNAME from environment. Allow COLORTERM.
11861 If we cannot get a valid service key using the default keytab it is
11862 a fatal error. Fixes a bug where sudo could be tricked into
11863 allowing access when it should not by a fake KDC. From Thor Lancelot
11867 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
11869 * aclocal.m4, configure, configure.in:
11870 Update long long checks to use AC_CHECK_TYPES and to cache values.
11873 * aclocal.m4, configure.in:
11874 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
11875 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
11879 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
11881 * configure, configure.in:
11882 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
11883 need it for visudo now too.
11886 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
11889 Attempt to clarify the bit talking about network numbers w/o
11894 Clarify timestamp dir ownership sentence.
11897 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
11900 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
11904 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11907 -i is also one of the mutually exclusive options to list it in the
11908 warning message. Noted by Chris Pepper.
11911 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
11914 The sudoers variable is env_editor, not enveditor. From Jean-
11918 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
11921 I tracked down the original author so credit him and include his
11925 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
11927 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
11929 Fix typos; from Jason McIntyre.
11933 Restore signal mask before calling reapchild(). Fixes a possible
11934 race condition that could prevent sudo from properly waiting for the
11938 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
11941 Don't declare pw_free() if we are not going to use it.
11945 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
11946 LDR_PRELOAD64. The 64-bit version is not currently supported.
11947 Remove zero_env() prototype as it no longer exists.
11950 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
11953 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
11956 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
11959 If the user enters ^C at the password prompt, abort instead of
11960 trying to authenticate with an empty password (which causes an
11964 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11966 * closefrom.c, config.h.in, configure, configure.in:
11967 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
11972 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
11975 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
11977 * config.guess, config.sub:
11978 Update to latest versions from cvs.savannah.gnu.org
11981 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
11983 * pwutil.c, sudo_edit.c:
11984 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
11985 we can close the passwd/group files early.
11988 * config.h.in, configure, configure.in, set_perms.c:
11989 Add seteuid() flavor of set_perms() for systems without setreuid()
11990 or setresuid() that have a working seteuid(). Tested on Darwin.
11993 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
11996 systrace_read() returns ssize_t
11999 * configure, configure.in:
12000 Fix typo, -lldap vs. -ldap; from Tim Knox.
12003 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
12006 Fix typo; Matt Ackeret
12009 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
12012 Print sudoers path in -V mode for root.
12015 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
12018 Do a sub tree search instead of a base search (one level in the tree
12019 only) for sudo right objects. This allows system administrators to
12020 categorize the rights in a tree to make them easier to manage.
12023 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
12029 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
12032 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
12033 bind_timelimit support; adapted from gentoo.
12036 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
12039 Support comments that start in the middle of a line
12042 * configure, configure.in:
12043 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
12046 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12049 Silence gcc -Wsign-compare; djm@openbsd.org
12052 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12053 cleanup() now takes an int as an arg so it can be used as a signal
12058 Make a copy of the shell field in the passwd struct for NewArgv to
12059 avoid a use after free situation after sudo_endpwent() is called.
12062 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
12064 * config.h.in, configure, configure.in:
12065 Add mkstemp() for those poor souls without it.
12069 Add mkstemp() for those poor souls without it.
12073 Add mkstemp() for those poor souls without it.
12076 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
12079 Add PERL5DB to list of environment variables to remove.
12082 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
12084 * mon_systrace.c, mon_systrace.h:
12085 Instead of calling the check function twice with a state cookie use
12086 separate check/log functions.
12088 Check more ioctl() calls for failure.
12090 systrace_{read,write} now return the number of bytes read/written or
12095 Add more environment variables to remove; from gentoo linux Add some
12096 comments about what bad env variables go to what (more to do)
12099 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
12101 * sudo.c, sudo_edit.c:
12102 Move sudo_end{gr,pw}ent() until just before the exec since they free
12103 up our cached copy of the passwd structs, including sudo_user and
12104 sudo_runas. Fixes a use-after-free bug.
12108 Close all fd's before executing editor.
12112 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
12116 Fix fd leak when lecture file option is enabled. From Jerry Brown
12119 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
12122 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
12123 environment variables to remove. From Charles Morris
12126 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
12129 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
12132 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
12135 add PS4 and SHELLOPTS to initial_badenv_table for bash
12138 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
12141 Fix typo; Toby Peterson
12144 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
12147 Make return buffers static so they don't get clobbered
12150 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
12153 Fix securid5 authentication, was not checking for ACM_OK. Also add
12154 default cases for the two switch()es. Problem noted by ccon at
12158 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
12161 Remove ncat() in favor of just counting bytes and pre-allocating
12165 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
12168 Fix up some comments Add missing fclose() for the rootbinddn case
12172 align struct ldap_config
12176 use LINE_MAX for max conf file line size
12180 add _PATH_LDAP_SECRET
12184 Mention rootbinddn Give example ou=SUDOers container
12187 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
12189 * INSTALL, configure, configure.in, ldap.c:
12190 Support rootbinddn in ldap.conf
12193 * env.c, sudo.pod, sudoers.pod:
12194 Preserve DISPLAY environment variable by default.
12197 * acsite.m4, configure:
12198 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
12201 * acsite.m4, configure:
12202 set need_version=no for all cases; this is safe for LD_PRELOAD
12209 * configure, configure.in:
12214 Fix call to pam_end() when pam_open_session() fails.
12222 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
12223 ltsugar.m4 ltversion.m4
12226 * config.guess, config.sub, ltmain.sh:
12227 merge in local changes: config.guess: o better openbsd support
12228 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
12229 libs must begin with "lib" o don't print a bunch of crap about
12230 library installs o don't run ldconfig
12233 * config.guess, config.sub, ltmain.sh:
12238 Update with autoupdate and make minor changes for libtool 1.9f
12241 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
12244 don't call sudo_ldap_display_cmnd if ldap not setup
12247 * sudo_edit.c, visudo.c:
12248 Move declatation of struct timespec to its own include files for
12249 systems without it since it needs time_t defined.
12253 Move declatation of struct timespec to its own include files for
12254 systems without it since it needs time_t defined.
12258 Move declatation of struct timespec to its own include files for
12259 systems without it since it needs time_t defined.
12263 Move declatation of struct timespec to its own include files for
12264 systems without it since it needs time_t defined.
12267 * check.c, compat.h:
12268 Move declatation of struct timespec to its own include files for
12269 systems without it since it needs time_t defined.
12273 Don't set safe_cmnd for the "sudo ALL" case.
12276 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
12279 Call pam_open_session() and pam_close_session() to give pam_limits a
12280 chance to run. Idea from Karel Zak.
12283 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12286 Add explicit cast from mode_t -> u_int in printf to silence warnings
12291 include grp.h to silence a warning on Solaris
12294 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12297 Fix printing of += and -= defaults.
12300 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
12303 Sanity check number of syscall args with argsize. Not really needed
12304 but a little paranoia never hurts.
12307 * mon_systrace.c, mon_systrace.h:
12308 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
12309 for systrace lengths (since it uses int)
12312 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
12315 Add some memsets for paranoia Fix namespace collsion w/ error Check
12316 rval of decode_args() and update_env() Remove improper setting of
12320 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
12322 * parse.c, sudo.c, sudo.h:
12323 In -l mode, only check local sudoers file if def_ignore_sudoers is
12324 not set and call LDAP versions from display_privs() and
12325 display_cmnd() instead of directly from main(). Because of this we
12326 need to defer closing the ldap connection until after -l processing
12327 has ocurred and we must pass in the ldap pointer to display_privs()
12328 and display_cmnd().
12332 Reorganize LDAP code to better match normal sudoers parsing.
12333 Instead of storing strings for later printing in -l mode we do
12334 another query since the authenticating user and the user being
12335 listed may not be the same (the new -U flag). Also add support for
12338 There is still a fair bit if duplicated code that can probably be
12342 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12345 Replace pass variable with do_netgr for better readability.
12353 estrdup, not strdup
12356 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12359 Add macro to test if the tag changed to improve readability.
12363 Avoid printing defaults header if there are no defaults to print...
12367 Fix a warning on systems without strlcpy().
12371 Use macros where possible for sudo_grdup() like sudo_pwdup().
12374 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
12377 It is possible for tv_usec to hold >= 1000000 usecs so add in
12381 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12384 The component in krb5_principal_get_comp_string() should be 1, not 0
12385 for Heimdal. From Alex Plotnick.
12388 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12390 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
12391 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
12392 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
12393 Add efree() for consistency with emalloc() et al. Allows us to rely
12394 on C89 behavior (free(NULL) is valid) even on K&R.
12398 Move initgroups() for -U option into display_privs() so group
12399 matching in sudoers works correctly.
12402 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12405 Removed duplicate call to ldap_unbind_s introduced along with
12410 Add missing space in Defaults printing
12413 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
12416 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
12420 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
12423 Zero old pw_passwd before replacing with version from shadow file.
12426 * configure, configure.in:
12427 Only attempt shadow password detection if PAM is not being used Add
12428 shadow_* variables to make shadow password detection more generic.
12432 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
12435 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12438 use a non-breaking space to avoid a double space after e.g.
12442 commna, not colon after e.g.
12445 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12448 Add __ variants of the exec functions. GNU libc at least uses
12449 __execve() internally.
12453 Match reality a bit more.
12457 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
12461 Store shadow password after making a local copy of struct passwd in
12462 case normal and shadow routines use the same internal buffer in
12466 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
12468 * alloc.c, logging.c:
12469 Make varargs usage consistent with the rest of the code.
12472 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
12475 Wrap more of the exec family since on Linux the others do not appear
12476 to go through the normal execve() path.
12480 make print_unused static like proto says
12484 silence a warning on K&R systems
12487 * alias.c, error.c:
12488 make this build in K&R land
12492 make this build in K&R land
12495 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
12501 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
12504 return(foo) not return foo optimize _atobool() slightly
12512 Reformat to match the rest of sudo's code.
12516 I am the primary author
12519 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12521 * Makefile.in, README, RUNSON:
12522 The RUNSON file is toast--it confused too many people and really
12523 isn't needed in a configure-oriented world.
12527 alternate -> alternative
12531 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
12536 Allow leading blanks before Defaults and Foo_Alias definitions
12540 fix rules to build toke.o and gram.o in devel mode
12543 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12546 env_keep overrides set_logname
12550 Fix disabling set_logname and make env_keep override set_logname.
12553 * compat.h, config.h.in, configure, configure.in:
12554 No longer need memmove()
12558 Just clean the environment once. This assumes that any further
12559 setenv/putenv will be able to handle the fact that we replaced
12560 environ with our own malloc'd copy but all the implementations I've
12564 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
12567 In -i mode, base the value of insert_env()'s dupcheck flag on
12568 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
12571 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
12574 Move setting of user_path, user_shell, user_prompt and prev_user
12575 into init_vars() since user_shell at least is needed there.
12578 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
12585 Fix some printf format mismatches on error.
12589 Fix some printf format mismatches on error.
12592 * configure, gram.c, toke.c:
12596 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
12597 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
12598 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12599 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
12600 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
12601 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
12602 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
12603 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
12604 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
12605 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
12606 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
12607 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
12608 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
12609 visudo.pod, zero_bytes.c:
12610 Update copyright years.
12613 * Makefile.binary.in:
12614 Update copyright years.
12618 Update copyright years.
12621 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
12626 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
12629 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
12631 * compat.h, logging.h, sudo.h:
12632 Add __printflike and use it with gcc to warn about printf-like
12636 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12638 * CHANGES, ChangeLog:
12639 Replaced CHANGES file with ChangeLog generated from cvs logs
12643 Use warning/error instead of perror/fatal.
12647 Update OpenBSD section
12651 Add upgrading noted for 1.7
12654 * env.c, sudo.c, sudoers.pod:
12655 Instead of zeroing out the environment, just prune out entries based
12656 on the env_delete and env_check lists. Base building up the new
12657 environment on the current environment and the variables we removed
12661 * config.h.in, configure, configure.in, sudo.c:
12662 Set locale to "C" if locales are supported, just to be safe.
12666 Cast?argument to ctype functions to unsigned char.
12669 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12672 correct value for DID_USER
12675 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
12676 #include <compat.h> not "compat.h"
12680 Reset the environment by default.
12684 Alloc an extra slot in NewArgv. Removes the need to malloc an new
12685 vector if execve() fails.
12688 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
12690 * INSTALL, config.h.in, configure, configure.in, sudo.c:
12691 Use execve(2) and wrap the command in sh if we get ENOEXEC.
12694 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
12697 Only include time.h on systems that lack struct timespec which gets
12698 defind in compat.h (using time_t).
12702 Include time.h for time_t in compat.h for systems w/o struct
12706 * compat.h, config.h.in, configure, configure.in:
12707 use bcopy on systems w/o memmove
12711 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
12716 Add explicit rule to build sudo_noexec.lo
12719 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
12721 * INSTALL.configure, Makefile.in:
12722 No longer depend on VPATH; pointed out a bunch of missed
12727 Help for PAM when account section is missing
12731 Give user a clue when there is a missing "account" section in the
12736 Better error handling.
12739 * config.h.in, configure, configure.in:
12740 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
12741 possible. Silences a warning about isblank() on linux.
12745 Fix typo (missing comma) that caused an incorrect number of args to
12746 be passed to log_error().
12749 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
12752 Don't try to destroy a tree we didn't create.
12755 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12757 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
12758 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
12759 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
12760 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
12761 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
12762 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
12763 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
12764 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
12765 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
12766 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
12767 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
12768 Add __unused to rcsids
12771 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
12773 * configure, configure.in:
12774 Fix error message when mixing invalid auth types
12778 PAM, AIX auth, BSD auth and login_cap are now on by default if the
12782 * auth/sudo_auth.h, config.h.in:
12783 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
12787 Better checking for conflicting authentication methods Display the
12788 authentication methods used at the end of configure Rename --with-
12789 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
12790 --with-pam, --with-logincap by default on systems that support them
12791 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
12792 OSREV has full version number
12795 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
12797 * def_data.c, def_data.in, sudo.c, sudoers.pod:
12801 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
12804 Replace: test -n "$FOO" || FOO="bar"
12806 With: : ${FOO='bar'}
12809 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12811 * pwutil.c, testsudoers.c, tsgetgrpw.c:
12812 Use function pointers to only call private passwd/group routines
12813 when using a nonstandard passwd/group file.
12816 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
12823 Can't use strtok() since it doesn't handle empty fields so add
12824 getpwent()/getgrent() functions and call those.
12827 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
12830 Fix dummied out toke.c and gram.c dependencies.
12834 Rename PARSESRCS -> GENERATED since it is only used in the clean
12835 target Add devdir variable and use it to specify the path to parser
12844 Add a devdir variables that defaults to $(srcdir) and is set to . if
12845 --devel was specified. Allows for proper dependecies building the
12850 Add support for custom passwd/group files.
12854 Build private copy of pwutil.o for testsudoers with MYPW defined so
12855 it uses our own passwd/group routines.
12859 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
12860 stubs instead. We can now just use the caching sudo_*{pw,gr}*
12861 functions in pwutil.c Add comment about wanting to call
12862 sudo_endpwent/sudo_endgrent in cleanup()
12866 Remove caching; we will just use what is in pwutil.c Use global
12867 buffers for passwd/group structs Rename functions from sudo_* to
12871 * logging.c, sudo.c:
12872 g/c pwcache_init/pwcache_destroy
12876 Undo last commit and add sudo_setspent and sudo_endspent instead.
12879 * getspwuid.c, pwutil.c:
12880 Move all but the shadow stuff from getspwuid.c to pwutil.c and
12881 pwcache_get and pwcache_put as they are no longer needed. Also add
12882 preprocessor magic to use private versions of the passwd and group
12883 routines if MYPW is defined (for use by testsudoers).
12887 zero out struct passwd/group before filling it in so if there are
12888 fields we don't handle they end up as 0.
12891 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12896 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
12901 Passwd and group lookup routines for testsudoers that support
12902 alternate passwd and group files.
12905 * getspwuid.c, pwutil.c:
12906 Split off pw/gr cache and dup code into its own file. This allows
12907 visudo and testsudoers to use the pw/gr cache too.
12910 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
12913 Print Defaults info in "sudo -l" output and wrap lines based on the
12917 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
12919 * match.c, testsudoers.c, visudo.c:
12920 Only check group vector in usergr_matches() if we are matching the
12921 invoking or list user. Always check the group members, even if
12922 there was a group vector.
12925 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
12927 * LICENSE, Makefile.in, fnmatch.3:
12928 No longer bundle fnmatch.3
12935 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
12942 Sort command line options
12945 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
12946 sudo.pod, sudoers.pod:
12947 Add closefrom sudoers option to start closing at a point other than
12948 3. Add closefrom_override sudoers option and -C sudo flag to allow
12949 the user to specify a different closefrom starting point.
12953 Add _PATH_DEVNULL for those without it.
12957 no more UCB strcasecmp
12961 replace BSD licensed one with version derived from pdksh
12964 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
12971 Make sure stdin, stdout and stderr are open and dup them to
12975 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
12977 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
12978 add sudo_ldap_close
12981 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
12982 Use TIME_WITH_SYS_TIME
12985 * config.h.in, configure, configure.in:
12986 Add TIME_WITH_SYS_TIME_H
12989 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
12992 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
12993 unconditionally on darwin. From Toby Peterson.
12997 Check rbinsert() return value. In the case of faked up entries
12998 there is usually a negative response cached that we need to
13001 In pwfree() don't try to zero out a NULL pw_passwd pointer.
13005 Use the double fork trick to avoid the monitor process being waited
13006 for by the main program run through sudo.
13009 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
13012 Call initgroups() in -U mode so group matches work normally.
13015 * def_data.h, mkdefaults:
13016 Don't print a trailing comma for the last entry in enum def_tupple
13019 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
13021 * sudoers.cat, sudoers.man.in, sudoers.pod:
13022 Mention values when lecture, listpw and verifypw are used in boolean
13026 * def_data.c, def_data.in:
13027 verifypw when used in a boolean TRUE context should be "all", not
13031 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
13033 * def_data.in, defaults.c:
13034 Allow tuples that can be used as booleans to be used as boolean
13035 TRUE. In this case the 2nd possible value of the tuple is used for
13039 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13041 * configure, configure.in:
13042 Correct the test for 2-parameter timespecsub
13046 Add strub struct definitions for passwd, timeval and timespec
13049 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
13050 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
13051 and fix a typo in the gettimeofday check.
13054 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
13056 * match.c, testsudoers.c:
13057 Deal with user_stat being NULL as it is for visudo and testsudoers.
13060 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
13061 Add -U option to use in conjunction with -l instead of -u. Add
13062 support for "sudo -l command" to test a specific command.
13065 * gram.c, gram.y, sudo.c:
13066 Set safe_cmnd after sudoers_lookup() if it has not been set.
13067 Previously it was set by sudo "ALL" in the parser but at that point
13068 the fully-qualified pathname has not yet been found.
13071 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
13073 * parse.c, testsudoers.c:
13074 Correctly handle multiple privileges per userspec and runas
13078 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
13081 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
13084 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
13087 make per-command defaults work with sudoedit
13090 * ldap.c, parse.c, sudo.c, sudo.h:
13091 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
13092 Instead, we just set the approriate defaults variable.
13095 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
13096 Document per-command Defaults.
13099 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
13100 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
13101 Add support for command-specific Defaults entries. E.g.
13102 Defaults!/usr/bin/vi noexec
13105 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
13106 Change an occurence of user_matches() -> runas_matches() missed
13107 previously runas_matches(), host_matches() and cmnd_matches() only
13108 really need to pass in a list of members. user_matches() still
13109 needs to pass in a passwd struct because of "sudo -l"
13113 Check def_authenticate, def_noexec and def_monitor when setting
13114 return flags. XXX May be better to just set the defaults directly
13115 and get rid of those flags.
13118 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
13119 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
13120 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
13121 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
13122 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
13123 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
13124 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
13125 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
13126 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
13127 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
13128 visudo.c, zero_bytes.c:
13129 Use: #include <config.h> Not: #include "config.h" That way we get
13130 the correct config.h when build dir != src dir
13134 Back out part of rev 1.263; fix -I order
13138 More robust parsing if #include; could be much better still.
13141 * sudo_edit.c, visudo.c:
13142 Make arg splitting in visudo and sudoedit consistent.
13145 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
13146 Split alias routines out into their own file.
13150 __attribute__ is already defined in compat.h
13154 quit() should not be __noreturn__ as it is non-void on some
13158 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
13159 Add local error/warning functions like err/warn but that call an
13160 additional cleanup routine in the error case. This means we no
13161 longer need to compile a special version of alloc.o for visudo.
13165 Clarify comments about the data structures
13168 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
13171 Add support for VISUAL and EDITOR containing command line args. If
13172 env_editor is not set any args in VISUAL and EDITOR are ignored.
13173 Arguments are also now supported in def_editor.
13176 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
13179 alias_matches() is no more
13187 When regenerating the parser, don't replace gram.h unless it has
13192 remove Makefile.binary for distclean
13196 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
13197 sure we can't overflow new_env.
13201 paranoia when stripping trailing slashes from tempdir.
13205 Set user_ngroups to 0 if getgroups() returns an error.
13208 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
13210 * config.h.in, configure, configure.in, sudo.c:
13211 Add configure check for getgroups()
13215 Use supplementary group vector in struct sudo_user.
13219 Only do string comparisons on the group members if there is no
13220 supplemental group list.
13228 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
13229 chop off any trailing slashes we see and add an explicit one.
13233 remove bogus XXX comment
13237 Get rid of alias_matches and correctly fall through to the non-alias
13238 cases when there is no alias with the specified name.
13242 Cache non-existent passwd/group entries too.
13253 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
13254 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
13255 Implement group caching and use the passwd and group caches
13259 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13262 Properly negate the return value of alias_matches() when
13267 Make hostname_matches() return TRUE for a match, else FALSE like the
13272 Add missing dependencies on gram.h
13276 Use runas_matches in alias_matches() now that we have it.
13279 * parse.c, parse.h:
13280 Expand aliases in "sudo -l" mode
13284 Use ALIAS for the member type when storing an alias instead of
13285 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
13286 more generic type. Expand runas_matches instead of calling
13287 user_matches() inside of it since user_matches() looks up
13288 USERALIASes, not RUNASALIASes.
13291 * CHANGES, getspwuid.c:
13292 Paranoia; zero out pw_passwd before freeing passwd entry.
13295 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
13296 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
13297 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
13298 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
13299 Add local error/warning functions like err/warn but that call an
13300 additional cleanup routine in the error case. This means we no
13301 longer need to compile a special version of alloc.o for visudo.
13305 Use userpw_matches() to compare usernames, not strcmp(), since the
13306 latter checks for "#uid".
13309 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
13310 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
13311 the other by user name. The data returned from the cache should be
13312 considered read-only and is destroyed by sudo_endpwent().
13320 missing free in alias_destroy
13324 Can't use rbapply() for rbdestroy since the destructor is passed a
13325 data pointer, not a node pointer.
13328 * getspwuid.c, logging.c, sudo.c, sudo.h:
13329 Create and use private versions of setpwent() and endpwent() that
13330 set/end the shadow password file too.
13333 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
13334 Store aliases in a red-black tree.
13337 * Makefile.in, redblack.c, redblack.h:
13338 red-black tree implementation
13342 Edit all sudoers file if there were unused or undefined aliases and
13343 we are in strict mode.
13346 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
13348 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
13349 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
13350 Bring back the "secure_path" Defaults option now that Defaults take
13351 effect before the path is searched.
13354 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
13356 * logging.c, parse.c:
13357 A user can always list their own entries, even with -u. Better error
13358 message when failing to list another user's entries.
13361 * parse.c, sudo.c, sudo.h:
13362 The syntax to list another user's entries is now "-u otheruser -l".
13363 Only root or users with sudo "ALL" may list other user's entries.
13366 * sudo.cat, sudo.man.in, sudo.pod:
13367 Update env variable info in SECURITY NOTES
13375 strip exported bash functions from the environment.
13378 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
13381 Only reset sudo_user.pw based on SUDO_USER environment variables for
13382 real commands and sudoedit. This avoids a confusing message when a
13383 user tries "sudo -l" or "sudo -v" and is denied.
13386 * gram.c, gram.y, parse.h:
13387 Extend LIST_APPEND to deal with appending lists too
13390 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13393 Convert some bitwise AND to ISSET
13396 * lex.yy.c, toke.c:
13397 toke.c replaces lex.yy.c
13405 new parser fixes most of the outstanding bugs
13413 Rework for the new parser. Now checks for unused aliases in sudoers.
13417 Rewrite for the new parser. Now supports a -d flag (dump) and adds
13418 a -h flag (host). It now defaults to the local hostname unless
13419 otherwise specified.
13423 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
13427 Update for new parse. We now call find_path() *after* we have
13428 updated the global defaults based on sudoers. Also adds support for
13429 listing other user's privs if you are root.
13433 Working LDAP support; also remove a now-unneeded rewind().
13436 * logging.c, logging.h:
13437 Add NO_STDERR flag.
13441 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
13442 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
13443 connecto to LDAP, apply the default options, find the command in the
13444 user's path, and then check whether the user is allowed to run it.
13445 The important thing here is that the default runas user may be
13446 specified as a default option and that needs to be set before we
13447 search for the command.
13451 Add casts to unsigned char for isspace() to quiet a gcc warning.
13455 Add prototype for update_defaults()
13459 Don't warn about line numbers now that we operate on a set of data
13460 structures (or LDAP) and not a file.
13464 No long use lsearch()
13468 Update for new and changed file names.
13472 no more BSD lsearch.c
13476 foo_matches() routines now live in match.c Added user_matches(),
13477 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
13478 that operate on the parsed sudoers file.
13481 * parse.lex, toke.l:
13482 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
13483 WORD no longer needs to exclude '@' kill yywrap()
13486 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
13488 Rewritten parser that converts sudoers into a set of data
13489 structures. This eliminates ordering issues and makes it possible to
13490 apply sudoers Defaults entries before searching for the command.
13493 * configure.in, emul/search.h, lsearch.c:
13494 We won't be using lsearch() any longer.
13498 sudo should not send mail if someone who runs 'sudo -l' has no
13502 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13508 Update warnings to match new visudo
13512 The new parser doesn't have the old ordering constraints.
13516 Document that -l now takes an optional username argument
13519 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13526 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
13527 a compilation problem with Solaris 9's native LDAP.
13529 Set FLAG_MONITOR when needed.
13532 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
13535 Call sudo_goodpath() *after* changing the cwd to match the traced
13536 process. Fixes relative paths.
13539 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
13542 Kill set_perms() stub--it is no longer needed.
13545 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
13547 * sudoers.cat, sudoers.man.in, sudoers.pod:
13548 stay_setuid now requires set_reuid() or setresuid()
13551 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
13552 configure.in, set_perms.c, sudo.c, sudo.h:
13553 Kill use of POSIX saved uids; they aren't worth bothering with.
13556 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
13559 remove call to issetugid()
13562 * sudoers.cat, sudoers.man.in, sudoers.pod:
13563 Remove warning about wildcards. Now that we use glob() the bug is
13568 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
13569 each result that matches the basename of the user's command. This
13570 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
13571 /usr/bin/blah. Fixes bug #143.
13574 * config.h.in, configure, configure.in:
13575 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
13579 * config.h.in, configure, configure.in:
13580 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
13588 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13593 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13597 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
13600 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
13601 means we are out of space in the stack gap...
13609 Take a stab at ldap sudoers support here.
13612 * mon_systrace.c, mon_systrace.h:
13613 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
13614 doesn't cause reboot to inadvertanly kill itself.
13618 put "monitor" in the proctitle, not "systrace"
13622 When modifying the environment, don't replace envp when we can get
13623 away with just rewriting pointers in the traced process.
13626 * mon_systrace.c, mon_systrace.h:
13627 Add environment updating via STRIOCINJECT (if available).
13630 * sudoers.cat, sudoers.man.in:
13634 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
13641 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
13645 Include file is now mon_systrace.h
13648 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
13649 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
13650 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
13651 No longer call it tracing, it is now "monitoring" which should be
13652 more a obvious name to non-hackers.
13655 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
13657 * mon_systrace.c, mon_systrace.h:
13661 * mon_systrace.c, mon_systrace.h:
13662 No need to include syscall.h, use 1024 as the max # of entries (the
13663 max that systrace(4) allows).
13665 Only need to use SYSTR_POLICY_ASSIGN once
13667 Change check_syscall() -> find_handler() and have it return the
13668 handler instead of just running it. We need this since handler now
13669 have two parts: one part that generates and answer and another that
13670 gets called after the answer is accepted (to do logging).
13672 Add some missing check_exec for emul execv
13675 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
13680 Add missing HAVE_LINUX_SYSTRACE_H
13684 add trace_systrace.o dependency
13687 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
13689 * configure, configure.in:
13690 Also look for systrace.h in /usr/include/linux
13693 * mon_systrace.c, mon_systrace.h:
13694 Move all struct defs and prototypes into trace_systrace.h and mark
13695 all but systace_attach() static.
13698 * mon_systrace.c, mon_systrace.h:
13699 Add support for tracing emulations. At the moment, all emulations
13700 are compiled in. It might make sense to #ifdef them in the future,
13701 though this impeeds readability.
13704 * Makefile.in, configure, configure.in:
13705 rename systrace.c -> trace_systrace.c
13708 * parse.yacc, sudo.tab.c:
13709 Allow this to build with a K&R compiler again
13716 * compat.h, sudo.c, visudo.c:
13717 Use __attribute__((__noreturn__))
13721 Exit() takes a negative value to indicate it was not called via
13725 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13730 * Makefile.in, visudo.c:
13731 Define Err() and Errx() that are like err() and errx() but call
13732 Exit() instead of exit(). Build private copy of alloc.o for visudo
13733 that calls Err() and Errx().
13736 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
13738 * lex.yy.c, sudo.tab.c:
13747 Overhaul visudo for editing multiple files: o visudo has been
13748 broken out into functions (more work needed here) o each file is
13749 now edited before sudoers is re-parsed o if a #include line is
13750 added that file will be edited too
13752 TODO: o cleanup temp files when exiting via err() or errx() o
13753 continue breaking things out into separate functions
13756 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
13757 Add keepopen arg to open_sudoers that open_sudoers can use to
13758 indicate to the caller that the fd should not be closed when it is
13759 done with it. To be used by visudo to keep locked fds from being
13760 closed prematurely (and thus losing the lock).
13763 * parse.yacc, sudo.c:
13764 Add errorfile global that contains the name of the file that caused
13769 return COMMENT to yacc grammar for a #include line
13773 Remove us of unput() in favor of yyless() which is cheaper.
13777 Allow an empty sudoers file.
13780 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
13783 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
13786 * lex.yy.c, sudo.tab.c:
13791 Do signal setup before calling edit_sudoers(). Don't shadow the
13796 If a sudoers file includes other files, edit those too. Does not yes
13797 deal with creating the new includes files itself.
13801 init_parser now takes a path
13804 * parse.c, parse.h, parse.lex, parse.yacc:
13805 More scaffolding for dealing with multiple sudoers files: o
13806 init_parser() now takes a path used to populate the sudoers global
13807 o the sudoers global is used to print the correct file in yyerror()
13808 o when switching to a new sudoers file, perserve old file name and
13812 * Makefile.in, pathnames.h.in:
13813 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
13814 multiple sudoers files.
13818 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
13819 we start at the right file position when reading include files.
13831 Add max depth of 128 for the include stack to avoid loops.
13833 Since yyerror() doesn't stop parsing, pass return values back to
13834 yylex and call yyterminate() on error.
13837 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
13844 Mention PREVENTING SHELL ESCAPES section of sudoers man page
13847 * lex.yy.c, sudo.tab.c:
13852 Add support for #include in sudoers (visudo support TBD)
13856 make yyerror()'s argument const
13859 * testsudoers.c, visudo.c:
13860 Add open_sudoers() stubs.
13864 Rename check_sudoers() open_sudoers() and make it return a FILE *
13867 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
13869 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
13874 * Makefile.in, sudo.psf:
13875 Better HP-UX depot construction
13878 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
13881 o Made children global so check_exec() can lookup a child. o
13882 Replaced uid in struct childinfo with struct passwd * (for runas) o
13883 new_child() now takes a parent pid so the runas info can be
13884 inherited o Added find_child() to lookup a child by its pid o
13885 update_child() now fills in a struct passwd o Converted the big
13886 if/else mess in set_policy to a switch o Syscalls that change uid
13887 are now "ask" so we get SYSTR_MSG_UGID events
13891 Add flag to sudo_pwdup that indicates whether or not to lookup the
13892 shadow password. Will be used to a struct passwd that has the
13893 shadow password already filled in.
13897 add missing increment of addr in read_string()
13901 Remove bogus call to update_child() and some cosmetic fixes
13905 Don't leak /dev/systrace fd to tracee Make initialized global for
13906 simplicity If STRIOCATTACH returns EBUSY we are already being traced
13907 Check for user_args == NULL in setproctitle() call Add missing calls
13912 g/c sudo_pwdup proto
13915 * Makefile.in, sudo.psf:
13916 Add target for building a depot file
13923 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
13925 * lex.yy.c, sudo.tab.c, sudo.tab.h:
13930 document --with-systrace
13933 * config.h.in, configure, configure.in:
13934 Add check for setproctitle
13938 pass struct str_msg_ask in to syscall checker so it can set the
13943 systrace(4) support for sudo. On systems with the systrace(4)
13944 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
13945 intercept exec calls and check the exec args against the sudoers
13946 file. In other words, sudo can now control subcommands and shell
13951 Call systrace_attach() if FLAG_TRACE is set.
13954 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
13955 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
13959 Don't close sudoers_fp, keep it open and set close on exec flag
13963 * def_data.c, def_data.h, def_data.in:
13972 SunOS /bin/sh blows up with configure
13975 * configure, configure.in:
13976 Include sys/param.h before systrace.h
13988 line up options in --help
13991 * config.h.in, configure.in:
13992 Add --with-systrace
13995 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
14001 * aclocal.m4, configure.in:
14002 make this work with autoconf-2.59
14005 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
14008 Simplify logic around open & stat of files and do sanity on edited
14009 file even if we lack fstat (still racable but worth doing).
14012 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14020 [b84ebfaf1552] [SUDO_1_6_8p1]
14023 more changes for 1.6.8p1
14030 * CHANGES, sudo_edit.c:
14031 Add sanity check so we don't try to edit something other than a
14035 2004-09-15 Aaron Spangler <aaron777@gmail.com>
14042 document --with-ldap-conf-file
14045 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14047 * CHANGES, ins_csops.h:
14048 political correctness strikes again
14055 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
14057 * Makefile.binary.in, Makefile.in:
14058 Install sudoedit man link
14062 Update PAM note and mention where HP-UX users can download gcc
14067 libtool wants to install stuff from .libs so fake one up for binary
14071 * Makefile.binary.in:
14072 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
14076 Deal with "uname -m" having slashes in it rm -f old sudoedit link
14077 instead of using ln -f
14080 * Makefile.binary, Makefile.binary.in:
14081 Makefile.binary -> Makefile.binary.in for config.status substitution
14082 Add support for installing noexec bits
14086 Copy noexec bits into binary dists too No longer use my old arch
14087 script for making binary dists
14091 Install sudoedit link.
14094 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
14097 avoid __P so there is no need for compat.h to be included
14101 Don't use HAVE_UTIME_H before including config.h.
14104 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
14107 Fix Solatis futimes macro
14110 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
14113 Rename ots -> omtim for improved readability.
14116 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
14119 Redo changes in revision 1.7. Don't really need to keep the temp
14120 file open; re-opening it with the invoking user's euid is
14128 * sudo.cat, sudo.man.in:
14133 back out revision 1.70; it is no long applicable
14137 Let the loader initialize nep
14140 * config.h.in, configure, configure.in:
14141 Removed unneed check for fchown Add check for gettimeofday Move
14142 autoheader template stuff into separate AH_TEMPLATE lines
14145 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
14146 Use timespec throughout.
14154 function to return the current time in a struct timespec
14158 Not a darpa-sponsored file.
14161 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
14163 * compat.h, config.h.in, configure, configure.in:
14164 Add a check for struct timespec and provide it for those without.
14167 * config.h.in, configure, configure.in, sudo_edit.c:
14168 Add checks for st_mtim and st_mtimespec and add macros for pulling
14169 the mtime sec and nsec out of struct stat. These are used in
14170 sudo_edit() to better tell whether or not the file has changed.
14173 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
14174 Add an extra param to touch() for nsec
14178 Call mkstemp() as the in invoking user so we don't have to chown the
14179 file later. Only touch() the temp file if we can do it via the file
14180 descriptor. Don't check for modification of the temp file if we lack
14181 fstat(). Catch errors read()ing the temp file.
14185 If path is NULL and fd == -1 return -1.
14189 closefrom() is overkill, the only extra fds are the ones we opened
14190 so just close those in the child.
14193 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
14194 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
14196 Use utimes() and futimes() instead of utime() in touch(), emulating
14197 as needed. Not all systems are able to support setting the times of
14198 an fd so touch() takes both an fd and a file name as arguments.
14201 2004-09-07 Aaron Spangler <aaron777@gmail.com>
14207 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14209 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14214 * sudo.pod, sudoers.pod, visudo.pod:
14215 Add SUPPORT section and re-order some of the sections to match the
14216 order we use in OpenBSD.
14219 2004-09-06 Aaron Spangler <aaron777@gmail.com>
14222 Openldap ~/.ldaprc fix
14225 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14228 Talk about how the editor must write its changes to the original
14229 file and not just use rename(2).
14237 Keep the temp file open instead of re-opening after the editor has
14242 Update for current redhat/fedora core.
14245 2004-09-03 Aaron Spangler <aaron777@gmail.com>
14251 2004-09-02 Aaron Spangler <aaron777@gmail.com>
14254 config tls_* options
14257 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
14259 * configure, configure.in:
14260 No need for -lcrypt when using pam.
14263 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
14269 2004-08-27 Aaron Spangler <aaron777@gmail.com>
14271 * configure.in, ldap.c, pathnames.h.in:
14272 Allow --with-ldap-conf-file option to override LDAP_CONF
14276 cleanup debug message
14279 2004-08-26 Aaron Spangler <aaron777@gmail.com>
14285 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
14287 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
14288 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
14289 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
14290 longer use gross statics in command_matches(). Also rename some
14291 variables for improved clarity.
14294 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
14297 document HP's crippled compiler deficiency.
14301 Fix some thinkos in --with-editor and --with-env-editor
14302 descriptions. Noticed by Norihiko Murase.
14305 * configure, configure.in:
14306 --with-noexec takes an optional PATH argument.
14310 document --with-noexec
14313 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14317 [f2503bd13373] [SUDO_1_6_8]
14320 Better warning message when sudoedit is unable to write to the
14324 * sudo.cat, sudo.man.in:
14329 Don't italicize the string "sudoedit"
14332 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
14338 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
14345 Reset used_runas to FALSE when re-intializing the parser.
14348 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
14351 Correct OpenBSD mips support
14358 2004-08-07 Aaron Spangler <aaron777@gmail.com>
14361 More behavior notes
14365 Updates on current behavior
14368 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14371 =back does not take an indentlevel (makes no difference to formatted
14376 =back does not take an indentlevel (makes no difference to formatted
14385 Consistency. Use same error for bad -u #uid when targetpw is set as
14386 we do when a bad -u username is specified.
14390 Add checksum idea from Steve Mancini
14393 * sudoers.cat, sudoers.man.in:
14397 * sudo.cat, sudo.man.in:
14401 * sudo.pod, sudoers.pod:
14402 Document the restriction on uids specified via -u when targetpw is
14407 Error out when targetpw is enabled and sudo is run with -u #uid but
14408 #uid does not exist in the passwd database. We can't do target
14409 authentication when the target is not in passwd!
14412 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14417 Some more todo for the next release.
14421 Make it clear that PAM should be used for DCE support when possible.
14425 o Document problems with wildcards and relative paths. o Make the
14426 order requirements more prominent. o Change a "set" to "reset" for
14430 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14433 Mention --with-secure-path, not SECURE_PATH.
14436 2004-08-03 Aaron Spangler <aaron777@gmail.com>
14439 reflect changes to parse.c
14442 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
14448 * parse.c, parse.h, testsudoers.c, visudo.c:
14449 Don't pass user_cmnd and user_args to command_matches(), just use
14450 the globals there. Since we keep state with statics anyway it is
14451 misleading to pretend that passing in different cmnd and cmnd_args
14456 Don't pass user_cmnd and user_args to command_matches(), just use
14457 the globals there. Since we keep state with statics anyway it is
14458 misleading to pretend that passing in different cmnd and cmnd_args
14463 Fix a bug introduced in rev. 1.149. When checking for pseudo-
14464 commands check for a '/' anywhere in cmnd, not just the first
14468 2004-07-31 Aaron Spangler <aaron777@gmail.com>
14470 * sudo.man.in, sudo.pod:
14471 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
14474 * sudoers.man.in, sudoers.pod:
14475 Add ignore_local_sudoers
14479 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
14483 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
14489 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
14496 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
14497 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
14500 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14506 2004-07-08 Aaron Spangler <aaron777@gmail.com>
14509 Better debugging of ALL command
14512 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14515 When matching for "sudoedit" in sudoers check both the command the
14516 user typed *and* the command that is listed in the sudoers entry.
14519 2004-07-04 Aaron Spangler <aaron777@gmail.com>
14522 Added !command feature
14525 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
14528 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
14531 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14534 License is ISC-style, not BSD-style
14541 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
14543 * sudo.cat, sudo.man.in:
14548 o Update some out of date bits to reality o Change the shell promt
14549 in examples to bourne-shell style o Clarify some details o Add a
14550 CAVEAT about "sudo cd /foo"
14554 Don't ask for a password if invoking user == target user.
14561 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
14563 * sudoers.cat, sudoers.man.in:
14568 Expand on NOEXEC a little.
14575 * visudo.cat, visudo.man.in:
14584 Add a check in visudo for runas_default being set after it has
14588 * CHANGES, parse.yacc, visudo.c:
14589 Add a check in visudo for runas_default being set after it has
14598 Add a MATCHED macro for testing whether foo_matches has been set to
14599 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
14600 Doesn't change the actual code generated.
14603 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
14614 Correct description of where Defaults specs should go.
14618 Correct description of where Defaults specs should go.
14621 * testsudoers.c, visudo.c:
14641 * auth/bsdauth.c, auth/kerb5.c:
14645 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
14651 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
14652 Remove trailing spaces, no actual code changes.
14656 Remove trailing spaces, no actual code changes.
14659 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
14660 Remove trailing spaces, no actual code changes.
14664 Remove trailing spaces, no actual code changes.
14668 Remove trailing spaces, no actual code changes.
14671 * compat.h, defaults.c, env.c:
14672 Remove trailing spaces, no actual code changes.
14676 Remove trailing spaces, no actual code changes.
14684 Fix a >=0 that should be <0 that was improperly converted when
14689 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
14690 NOMATCH when resetting it.
14694 Fix pastos introduced in SETNMATCH addition.
14697 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
14700 Update for configure changes
14708 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14709 these in parse.yacc. Also in parse.yacc initialize the *_matches
14710 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14711 when setting *_matches to a value that may be
14712 NOMATCH/UNSPEC/TRUE/FALSE.
14716 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14717 these in parse.yacc. Also in parse.yacc initialize the *_matches
14718 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14719 when setting *_matches to a value that may be
14720 NOMATCH/UNSPEC/TRUE/FALSE.
14724 Initialize runas to -2, not -1 since we need to be able to
14725 distinguish between the initialized value and the value of a non-
14726 match when passing along the runas value to multiple commands.
14728 The result of this is that an unmatched runas is now set to -1, not
14729 0. This is required now that parse.c treats a FALSE value for runas
14730 as being explicitly denied.
14733 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
14735 * sudo.c, visudo.c:
14736 Error out if argc < 1.
14740 Error out if argc < 1.
14743 * configure, configure.in:
14744 Add tests for what libs we need to link with for ldap and for
14745 whether or not lber.h needs to be explicitly included.
14748 2004-06-03 Aaron Spangler <aaron777@gmail.com>
14751 Solaris native LDAP build fix
14754 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
14757 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
14762 Add prototype for sudo_ldap_list_matches
14765 * configure, configure.in:
14766 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14767 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14768 this is now used to confitionally define the dirfd macro in
14773 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14774 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14775 this is now used to confitionally define the dirfd macro in
14780 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14781 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14782 this is now used to confitionally define the dirfd macro in
14787 Only check /proc/$$/fd if we have the dirfd function/macro.
14790 * compat.h, config.h.in, configure, configure.in:
14791 Add a check for a dirfd() function (like Linux) and add a dirfd
14792 macro in compat.h if there is no dirfd() function or macro.
14795 * closefrom.c, getcwd.c:
14796 dirfd() is now defined in compat.h as needed.
14800 Clarify closefrom() note.
14804 When checking for a command in the directory, only copy the base dir
14809 If there is a /proc/$$/fd directory, behave like the Solaris
14810 closefrom() and only close the descriptors listed therein.
14814 compat.h guarantees INT_MAX is defined.
14818 Add definitions of OPEN_MAX and INT_MAX for those without it and
14819 remove definition of RLIM_INFINITY (now unused).
14822 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
14823 sudo.c, sudo.h, visudo.c:
14824 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
14827 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
14834 Add some entries that were mailed in a while ago
14838 o sysconf returns a long, not an int. o check for negative return
14839 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
14840 define OPEN_MAX to 256 for those without it (a fair guess...)
14843 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
14846 Mention change in parse order for RunAs entries.
14853 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
14855 * INSTALL, README.LDAP, config.h.in, configure.in:
14856 o --with-ldap now takes an optional dir as a parameter o added
14857 check for ldap_initialize() and start_tls_s()
14861 Fix some typos, word choice and formatting issues.
14864 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
14867 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
14868 read/write as it is simpler.
14871 * configure, configure.in:
14872 Remove hack overriding cross-compiler check. It should no longer be
14877 Remove select() compat bits since we no longer use select().
14880 * CHANGES, tgetpass.c:
14881 Use alarm() instead of select() for the timeout for systems that
14882 don't fully/properly implement select().
14885 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14896 Deal with systems that have no way of setting the effective uid such
14900 * configure, configure.in:
14901 Define NO_SAVED_IDS if we don't find seteuid()
14904 * config.h.in, configure, configure.in:
14905 Add back check for setreuid() since NSK doesn't have it.
14908 * sudoers.cat, sudoers.man.in:
14921 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
14922 explicitly denied and the command matched. This fixes a long-
14923 standing bug and makes: foo machine = (ALL) /usr/bin/blah
14924 foo machine = (!bar) /usr/bin/blah
14926 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
14930 Clarify mail_noperm
14933 2004-05-20 Aaron Spangler <aaron777@gmail.com>
14936 Missing DESTDIR in make install for sudo_noexec.la
14939 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
14941 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14951 Remove fastboot/fasthalt (who still remembers these?) and add a
14952 minimal sudoedit example.
14956 Remove fastboot/fasthalt (who still remembers these?) and add a
14957 minimal sudoedit example.
14960 * UPGRADE, sudo.c, visudo.c:
14961 filesystem -> file system
14965 filesystem -> file system
14968 * CHANGES, INSTALL:
14969 filesystem -> file system
14972 * sudo.pod, sudoers.pod:
14973 Fix some minor typos and formatting goofs
14981 remove my email addr
14984 * sudo.pod, sudoers.pod, visudo.pod:
14985 Use @mansectform@ and @mansectsu@ everywhere Make man page
14986 references links with L<>
14990 Accept quoted globbing characters and pass them verbatim for
14995 Document that /tmp/.odus is gone.
14999 No longer use /tmp/.odus as a possible timestamp dir unless
15000 specifically configured to do so. Instead, if no /var/run exists,
15001 use /var/adm/sudo or /usr/adm/sudo.
15005 No longer use /tmp/.odus as a possible timestamp dir unless
15006 specifically configured to do so. Instead, if no /var/run exists,
15007 use /var/adm/sudo or /usr/adm/sudo.
15011 No longer use /tmp/.odus as a possible timestamp dir unless
15012 specifically configured to do so. Instead, if no /var/run exists,
15013 use /var/adm/sudo or /usr/adm/sudo.
15017 No longer use /tmp/.odus as a possible timestamp dir unless
15018 specifically configured to do so. Instead, if no /var/run exists,
15019 use /var/adm/sudo or /usr/adm/sudo.
15022 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
15023 Preliminary changes to support nsr-tandem-nsk. Based on patches
15028 Preliminary changes to support nsr-tandem-nsk. Based on patches
15032 * check.c, compat.h:
15033 Preliminary changes to support nsr-tandem-nsk. Based on patches
15037 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
15040 There was no 1.6.7p6.
15048 add missing files to DISTFILES
15051 * sudo.cat, sudoers.cat, visudo.cat:
15060 Fix some line wrap and update (c) year
15063 2004-04-28 Aaron Spangler <aaron777@gmail.com>
15069 2004-04-07 Aaron Spangler <aaron777@gmail.com>
15075 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15082 In Exit() when used as a signal handler, emsg is a pointer so
15083 sizeof() is wrong so make it a #define instead. Also avoid using a
15084 negative exit value. Found by Aaron Campbell
15087 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
15090 Remove bogus sentence about uids in a User_List. Document usernames
15091 vs. uid parsing in a Runas_List.
15094 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
15095 If the user specified a uid with the -u flag and the uid exists in
15096 the passwd file, set runas_user to the name, not the uid.
15098 When comparing usernames in sudoers, if a name is really a uid
15099 (starts with '#') compare it numerically to pw_uid.
15102 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
15105 krb5_mcc_ops should be const; Johnny C. Lam
15108 2004-02-28 Aaron Spangler <aaron777@gmail.com>
15110 * CHANGES, config.h.in, ldap.c:
15111 Added start_tls support
15114 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
15117 Clean up libtool stuff for 'make distclean' and add def_data.c,
15118 def_data.h to PARSESRCS.
15121 2004-02-14 Aaron Spangler <aaron777@gmail.com>
15123 * strlcat.c, strlcpy.c:
15124 Un-Fix last license munge
15127 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
15133 * CHANGES, RUNSON, TODO:
15137 * lex.yy.c, sudo.tab.c:
15141 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15142 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
15143 emul/search.h, emul/utime.h:
15144 More to a less restrictive, ISC-style license.
15147 * auth/kerb5.c, auth/pam.c:
15148 More to a less restrictive, ISC-style license.
15151 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
15152 More to a less restrictive, ISC-style license.
15156 More to a less restrictive, ISC-style license.
15159 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
15160 More to a less restrictive, ISC-style license.
15163 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
15164 visudo.man.in, visudo.pod:
15165 More to a less restrictive, ISC-style license.
15169 More to a less restrictive, ISC-style license.
15172 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
15174 More to a less restrictive, ISC-style license.
15177 * sigaction.c, strerror.c:
15178 More to a less restrictive, ISC-style license.
15181 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
15183 More to a less restrictive, ISC-style license.
15186 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
15187 ins_goons.h, insults.h, interfaces.c, interfaces.h:
15188 More to a less restrictive, ISC-style license.
15191 * find_path.c, getprogname.c:
15192 More to a less restrictive, ISC-style license.
15196 More to a less restrictive, ISC-style license.
15200 More to a less restrictive, ISC-style license.
15204 More to a less restrictive, ISC-style license.
15207 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
15209 More to a less restrictive, ISC-style license.
15212 * utime.c, version.h:
15213 More to a less restrictive, ISC-style license.
15216 * parse.lex, parse.yacc:
15217 More to a less restrictive, ISC-style license.
15221 More to a less restrictive, ISC-style license.
15224 2004-02-13 Aaron Spangler <aaron777@gmail.com>
15227 Merged in LDAP Support
15230 * ldap.c, sudo.c, sudo.h:
15231 Merged in LDAP Support
15234 * def_data.c, def_data.h, def_data.in:
15235 Merged in LDAP Support
15238 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
15239 Merged in LDAP Support
15242 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15244 * sudo.h, sudo_noexec.c:
15245 Only do "extern int errno" if errno is not a macro.
15248 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
15251 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
15252 euid first, then just call setuid(0) to set the real uid too.
15256 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
15257 instead of seteuid() which may not exist.
15260 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
15266 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
15267 Add --with-pc-insults configure option
15271 Prefer VISUAL over EDITOR like old vipw did.
15274 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
15276 * sudo.man.in, sudoers.man.in:
15281 Add a note that noexec is not a cure-all.
15285 Mention that disabling "root_sudo" is pretty pointless.
15288 * configure, configure.in:
15289 Substitute for root_sudo in sudoers.pod
15293 Add sudoedit to the NAME section
15297 Document that fact that setting ignore_dot in sudoers has no effect
15298 due to the fact that find_path() is called *before* sudoers is read.
15301 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
15304 Do not require _PATH_USRTMP to be set.
15307 * BUGS, CHANGES, TODO:
15316 Clarify that when sudo is run by root with the SUDO_USER variable
15317 set, the sudoers lookup happens for root and not the SUDO_USER user.
15320 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
15322 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
15323 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
15324 Use the SET, CLR and ISSET macros.
15328 Use the SET, CLR and ISSET macros.
15331 * defaults.c, env.c:
15332 Use the SET, CLR and ISSET macros.
15336 MAIN was replaced with _SUDO_MAIN some time ago.
15340 Don't look at prev_user until after we've parsed sudoers and done
15341 the password check. That way, if sudo/sudoedit is run from a root
15342 process that was invoked by sudo, we check sudoers for root, not the
15343 previous user. This makes sudoedit much more useful and means that
15344 for the sudo case, we get correct logging on who actually ran the
15348 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
15351 Add a comment describing why we need to be notified about our child
15355 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
15357 * def_data.c, def_data.in:
15358 Update the noexec variable descriptions
15361 * sudoers.man.in, sudoers.pod:
15362 noexec now replaces more than just execve()
15366 Alas, all the world does not go through execve(2). Many systems
15367 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
15368 and it is not uncommon for libc to have underscore ('_') versions of
15369 the functions to be used internally by the library. Instead of
15370 stubbing all these out by hand, define a macro and let it do the
15371 work. Extra exec functions pointed out by Reznic Valery.
15374 * sudo.c, sudo_edit.c:
15375 Fix suspending the editor in -e mode. Because we do a fork() first
15376 we need to be notified when the child has been stopped and then send
15377 that same signal to ourself so the shell can do its job control
15382 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
15383 there that want to run sudo that still don't support these we can
15384 try to deal with that later.
15391 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
15392 Document sudo -e / sudoedit
15395 * configure, configure.in:
15399 * config.h.in, configure.in:
15403 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
15406 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
15407 long usage() line to not wrap (assumes 80 char display)
15410 * Makefile.in, sudo.c:
15411 If sudo is invoked as "sudoedit" the -e flag is implied and no other
15412 flags are permitted.
15416 Add a new flag, -e, that makes it possible to give users the ability
15417 to edit files with the editor of their choice as the invoking user,
15418 not the runas user. Temporary files are used for the actual edit
15419 and the temp file is copied over the original after the editor is
15423 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
15424 Add a new flag, -e, that makes it possible to give users the ability
15425 to edit files with the editor of their choice as the invoking user,
15426 not the runas user. Temporary files are used for the actual edit
15427 and the temp file is copied over the original after the editor is
15432 If real uid == 0 and the SUDO_USER environment variables is set, use
15433 that to determine the invoking user's true identity. That way the
15434 proper info gets logged by someone who has done "sudo su" but still
15435 uses sudo to as root. We can't do this for non-root users since
15436 that would open up a security hole, though perhaps it would be
15437 acceptable to use getlogin(2) on OSes where this a system call (and
15438 doesn't just look in the utmp file).
15442 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
15445 * config.h.in, configure, configure.in:
15446 Add check for fchown(2)
15449 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15452 Back out portions of the -i commit that set NewArgv[0] in
15453 set_runaspw. It is far to late to set NewArgv[0] there and will have
15454 no effect anyway as cmnd and safe_cmnd have already been set.
15457 * visudo.c, visudo.pod:
15458 Prefer VISUAL over EDITOR like old vipw did.
15461 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
15464 In -i mode always set new environment based on the runas user's
15468 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15470 * sudo.man.in, sudo.pod:
15471 Document the new -i flag and sync SYNOPSIS section with usage() in
15472 sudo.c. Also sort the flags in the OPTIONS section.
15476 o Add -i that acts similar to "su -", based on patches from David J.
15477 MacKenzie o Sort the flags in the usage message
15480 * sudoers.man.in, sudoers.pod:
15481 Add a missing @runas_default@ substitution.
15484 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15487 Change euid to runas user before calling find_path().
15488 Unfortunately, though runas_user can be modified in sudoers we
15489 haven't parsed sudoers yet.
15492 * sudoers.man.in, sudoers.pod:
15493 Add missing defintion of Parameter_List and use single pipes in the
15494 Defaults EBNF definition.
15498 Fix a bug when set_runaspw() is used as a callback. We don't want
15499 to reset the contents of runas_pw if the user specified a user via
15502 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
15503 already have the info in runas_pw.
15506 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
15509 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
15513 Update sudo_getepw() proto and add one for set_runaspw()
15517 If we can't stat the command as root, try as the runas user instead.
15520 * testsudoers.c, visudo.c:
15521 Add stub set_runaspw() function
15525 Add set_runaspw() function to fill in runas_pw. This will be used
15526 as a callback to update runas_pw when the runas user changes.
15530 PERM_RUNAS -> PERM_FULL_RUNAS
15533 * set_perms.c, sudo.h:
15534 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
15539 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
15540 one chunk for easy free()ing. Also change it from static to extern.
15543 * defaults.c, defaults.h:
15544 Add callback support
15548 Add a callback field and use it for runas_default
15551 * def_data.c, def_data.in:
15552 Add a callback field and use it for runas_default
15555 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
15558 Add support for chalnecho and display server responses used by fwtk
15562 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
15564 * sudoers.man.in, sudoers.pod:
15565 ld.so is ld.so.1 on solaris
15568 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
15569 Use closefrom() instead of doing the equivalent inline.
15573 closefrom(3) for systems w/o it
15576 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15579 Update from .pod file.
15582 * configure, configure.in:
15583 Substitute noexec_file for the sudoers man page
15586 * sudo.man.in, sudo.pod:
15590 * sudoers.man.in, sudoers.pod:
15594 * auth/pam.c, config.h.in, configure.in:
15595 Move PAM_CONST macro definition from config.h to pam.c where it
15596 belongs. We can't have this in config.h since that gets included too
15600 * auth/pam.c, config.h.in, configure, configure.in:
15601 Some PAM implementations put their headers in /usr/include/pam
15602 instead of /usr/include/security.
15606 I missed changing the EXEC macro -> EXECV here when I changed this
15607 in config.h.in and sudo.c a while ago.
15611 OpenBSD vax/m88k/hppa don't do shared libs
15614 * configure, configure.in:
15615 o merge the hpux case entries into a single entry w/ its own sub-
15616 case statement. o HP-UX >= 11 support getspnam(), use it in
15617 preference to getprpwuid()
15620 * configure, configure.in:
15621 eval $shrext so that it expands nicely on MacOS X
15625 Don't lie about making a module, it does the wrong thing on mach
15629 Remove requirement that libs must begin with "lib". They don't when
15630 we point directly at the lib using LD_PRELOAD or its equivalent.
15634 Disable support for c++, f77 and java. We don't need it, it takes a
15635 lot of time, and it hosed our check for shared lib support.
15643 Call AC_ENABLE_SHARED and check the status of enable_shared to know
15644 when shared libs are available.
15648 Duh, OpenBSD suports shared libs too
15651 * config.h.in, configure.in:
15652 Only OpenPAM and Linux PAM use const qualifiers.
15655 * configure, configure.in:
15656 o No need to check for sed, libtool config does that for us o move
15657 check for --with-noexec until after libtool magic is run so we can
15658 use $can_build_shared and $shrext
15662 Don't print a bunch of crap about library installs since we are not
15663 really installing a library.
15667 Make format_env() varargs Add noexec support for Darwin, MacOS X,
15671 * acsite.m4, ltconfig, ltmain.sh:
15672 Update to libtool 1.5 with local changes: o no ldconfig in the
15673 finish step o assume no libprefix or version is needed
15677 Fix compilation under K&R
15680 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
15687 stub execve() that just returns EACCES; used for noexec
15692 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15697 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15701 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
15703 * def_data.c, def_data.h, def_data.in:
15704 Move the environment defaults to the end and shorten a few of the
15708 * configure, configure.in:
15709 no shared libs on ultris or convexos
15712 * Makefile.in, configure, configure.in:
15713 Build sudo_noexec shared object using libtool; could use some
15717 * acsite.m4, ltconfig, ltmain.sh:
15718 libtool scaffolding
15721 * parse.yacc, sudo.tab.c:
15722 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
15726 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
15727 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
15728 update copyright year
15731 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
15732 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
15733 option. The default value of noexec_file is set to this.
15736 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
15737 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
15739 Add support for preloading a shared object containing a dummy
15740 execve() function that just sets error and returns -1. This adds a
15741 "noexec_file" option to load the filename as well as a "noexec" flag
15742 to enable it unconditionally. There is also a NOEXEC tag that can
15743 be attached to specific commands and an EXEC tag to disable it.
15747 add missing newline to usage statement
15750 * config.h.in, sudo.c:
15751 Rename EXEC macro -> EXECV
15755 Don't truncate usernames to 8 characters in the log message.
15758 * check.c, sudoers.man.in, sudoers.pod:
15759 Update copyright year
15762 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
15764 Add a new option, lecture_file, that can be used to point to a
15765 custom sudo lecture.
15768 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
15770 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15772 Add a zero_bytes() function to do the equivalent of bzero in such a
15773 way that will heopfully not be optimized away by sneaky compilers.
15777 Add a zero_bytes() function to do the equivalent of bzero in such a
15778 way that will heopfully not be optimized away by sneaky compilers.
15781 * Makefile.in, sudo.h:
15782 Add a zero_bytes() function to do the equivalent of bzero in such a
15783 way that will heopfully not be optimized away by sneaky compilers.
15787 Use #ifdef __STDC__, not #if __STDC__.
15790 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
15793 Always put at least one space between the def_* macro name and its
15797 * configure, configure.in:
15798 Adjust code for --without-lecture to match new values.
15802 regen after pasto fix
15805 * sudoers.man.in, sudoers.pod:
15806 Document that "lecture" has changed from a flag to a tuple.
15809 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
15810 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
15811 Add support for tuples in def_data.in; these are implemented as an
15812 enum type. Currently there is only a single tuple enum but in the
15813 future we may have one tuple enum per T_TUPLE entry in def_data.in.
15814 Currently listpw, verifypw and lecture are tuples. This avoids the
15815 need to have two entries (one ival, one str) for pwflags and syslog
15818 lecture is now a tuple with the following values: never, once,
15821 We no longer use both an int and string entry for syslog facilities
15822 and priorities. Instead, there are logfac2str() and logpri2str()
15823 functions that get used when we need to print the string values.
15826 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15827 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
15828 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
15829 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
15830 sudo.tab.c, visudo.c:
15831 Create def_* macros for each defaults value so we no longer need the
15832 def_{flag,ival,str,list,mode} macros (which have been removed). This
15833 is a step toward more flexible data types in def_data.in.
15840 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
15843 If we are in -k/-K mode, just spew to stderr. It is not unusual for
15844 users to place "sudo -k" in a .logout file which can cause sudo to
15845 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
15846 Previously, this would result in useless mail and logging.
15849 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
15852 fix pasto in VISUAL description
15855 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
15866 Some OSes (like Solaris) allow export w/ nosuid too
15869 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
15872 We don't use FD_ZERO anymore so just define FD_SET (if not already
15876 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
15879 Fix a core dump on Solaris by preserving the pam_handle_t we used
15880 during authentication for pam_prep_user(). If we didn't
15881 authenticate (ie: ticket still valid), we call pam_init() from
15882 pam_prep_user(). This is something of a hack; it may be better to
15883 change the auth API and add an auth_final() function that acts like
15887 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
15890 Add explicit declaration of printerr variable in function header
15891 (was defaulting to int which is OK but oh so K&R :-). From Theo.
15894 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
15896 * config.h.in, configure.in:
15897 s/HAVE_STOW/USE_STOW/
15901 Also exit waitpid() loop when pid == 0. Fixes a problem where the
15902 sudo process would spin eating up CPU until sendmail finished when
15903 it has to send mail.
15906 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
15909 Remove advertising clause, UCB has disavowed it
15913 Remove advertising clause, UCB has disavowed it
15916 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
15919 Don't assume that getgrnam() calls don't modify contents of struct
15920 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
15921 Based on a patch from Kirk Webb.
15924 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
15931 darwin has a broken setreuid() in at least some versions
15935 Fix an off by one error when reallocating the environment; Kevin Pye
15938 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
15941 Fix User_Spec definition; SEKINE Tatsuo
15944 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
15947 More info on the early days from Coggs.
15950 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
15953 remove errant semicolon that prevented compilation under heimdal
15956 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
15958 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
15959 add DARPA credit on affected files
15963 add DARPA credit on affected files
15966 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
15968 add DARPA credit on affected files
15972 add DARPA credit on affected files
15976 add DARPA credit on affected files
15979 * logging.c, parse.c:
15980 add DARPA credit on affected files
15983 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15984 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
15985 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
15987 add DARPA credit on affected files
15990 * auth/kerb5.c, auth/pam.c:
15991 add DARPA credit on affected files
15994 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
15995 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
15997 add DARPA credit on affected files
16001 add DARPA credit on affected files
16004 * defaults.c, defaults.h:
16005 add DARPA credit on affected files
16009 add DARPA credit on affected files
16012 * Makefile.in, alloc.c, check.c:
16013 add DARPA credit on affected files
16017 slightly different wording for the darpa credit
16020 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
16026 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
16029 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
16030 Kerberos like we did before I messed things up ;-)
16032 Use krb5_principal_get_comp_string() to do the same thing w/
16033 Heimdal. I'm not sure if the component should be 0 or 1 in this
16036 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
16037 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
16038 should be a configure check for this I guess.
16041 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
16044 builtin -> built-in; Jason McIntyre
16047 * TROUBLESHOOTING, config.h.in, configure, configure.in:
16048 builtin -> built-in; Jason McIntyre
16052 built in -> built-in; Jason McIntyre
16055 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
16058 checkpoint for 1.6.7p3
16062 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
16063 Amazingly, sudo source from 1985 is available via groups.google.com
16067 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
16068 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
16069 RLIMIT_CORE restoration on some OSes.
16072 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
16075 Make this compile on Heimdal and MIT Kerberos 5
16078 * config.h.in, configure, configure.in:
16079 Check for heimdal even if we found krb5-config and define
16084 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
16085 no longer defined by MIT kerb5 (though it used to be and indeed
16086 remains so in Heimdal).
16089 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
16092 Remove newer stuff that passes multiple (possibly duplicate)
16093 directories to "mkdir -p" since that seems to break on Tru64 Unix at
16094 least. This basically brings back what shipped with sudo 1.6.6.
16097 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
16100 Correct number of args to krb5_principal_get_realm() and fix an
16101 unclosed comment that hid the bug.
16128 * CHANGES, version.h:
16137 use krb5-config to determine Kerberos V details if it exists
16140 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
16141 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
16142 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
16143 testsudoers.c, visudo.c:
16144 Use warn/err and getprogname() throughout. The main exception is
16145 openlog(). Since the admin may be filtering logs based on the
16146 program name in the log files, hard code this to "sudo".
16150 Add getprogname.c and err.c
16157 * config.h.in, configure.in:
16158 Add checks for getprognam(), __progname and err.h
16162 For systems withour err/warn functions.
16166 For systems withour err/warn functions.
16170 For systems neither getprogname() nor __progname; uses Argv[0].
16173 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
16176 checkpoint for 1.6.7p1
16179 * sudo.c, testsudoers.c:
16180 fix strlcpy() rval check (innocuous)
16184 oflow detection in expand_prompt() was faulty (false positives). The
16185 count was based on strlcat() return value which includes the length
16186 of the entire string.
16189 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
16192 checkpoint for the sudo 1.6.7 release
16193 [096bab4da29a] [SUDO_1_6_7]
16196 checkpoint for the sudo 1.6.7 release
16199 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
16202 g/c unused variable
16210 use man sections 8 and 5 for csops
16213 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
16220 Add -lskey or -lopie directly to SUDO_LIBS instead of having
16221 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
16229 Add --with-blibpath for AIX. An alternate libpath may be specified
16231 -blibpath support can be disabled. Also change conifgure such that
16232 -blibpath is not specified if no -L libpaths were added to
16237 Add --with-blibpath for AIX. An alternate libpath may be specified
16239 -blibpath support can be disabled. Also change conifgure such that
16240 -blibpath is not specified if no -L libpaths were added to
16245 Add --with-blibpath for AIX. An alternate libpath may be specified
16247 -blibpath support can be disabled. Also change conifgure such that
16248 -blibpath is not specified if no -L libpaths were added to
16253 add AIX blibpath support
16256 * INSTALL, configure.in:
16257 --with-skey and --with-opie now take an option directory argument
16258 This obsoletes a --with-csops hack (/tools/cs/skey)
16260 Also remove the remaining direct uses of "echo"
16263 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
16266 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
16267 for KTH Kerberos IV and V.
16271 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
16272 -R/path/to/dir if $with_rpath) to the specified variable.
16275 * INSTALL, configure.in:
16276 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
16277 option, --with-rpath to control this behavior.
16281 for kerb4 put libdes after libkrb on the link line
16289 fix kerberos lib check when a path is specified
16293 Fix boolean thinko in SIGCHLD reaper and call reapchild after
16294 sending mail instead of doing a conditional sudo_waitpid.
16297 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
16304 replace =DIR with [=DIR] where sensible
16308 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
16309 detection based on openssh's configure.in
16313 --with-kerb4 and --with-kerb5 now take an optional argument.
16316 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
16319 Kill remaining strcpy(), the programmer's guide says username is 32
16324 trat uid_t as unsigned long for printf and use snprintf, not sprintf
16331 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
16333 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
16334 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16335 auth/rfc1938.c, auth/sudo_auth.c:
16336 update copyright year
16339 * sudo.man.in, sudoers.man.in, visudo.man.in:
16340 update copyright year
16343 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
16344 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
16345 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
16346 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
16347 update copyright year
16350 * check.c, env.c, sudo.c:
16351 Cast [ug]ids to unsigned long and printf with %lu
16359 correct error messages for --with-sudoers-{mode,uid,gid}
16363 make the malloc(0) error specific to each function to aid tracking
16368 deal with platforms where size_t is signed and there is no SIZE_MAX
16373 Make this compile w/ Heimdal and fix some gcc warnings.
16377 Use stat_sudoers macro so --with-stow can work
16380 * INSTALL, config.h.in, configure, configure.in:
16381 Add support for --with-stow based on patches from Robert Uhl
16397 use strlcpy, not strncpy
16401 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
16408 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
16410 * strlcat.c, strlcpy.c:
16411 Make gcc shutup about unused rcsid
16415 Move the n == 0 check for the non-getifaddrs cas
16419 skeychallenge() on NetBSD take a size parameter
16427 put -ldl after -lpam, not before; fixes static linking on Linux
16431 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
16435 * sudo.cat, sudoers.cat, visudo.cat:
16439 * sudo.man.in, sudoers.man.in, visudo.man.in:
16444 Preserve copyright notice from .pod file in .man.in file
16448 Add sudoers(5) to SEE ALSO
16451 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
16458 Don't assume libc can realloc() a NULL string. If malloc/realloc
16459 fails, make sure we just return; yyerror() is not terminal.
16467 simplify fill_args a little and use strlcpy for paranoia
16474 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
16476 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
16477 cases the strings were either pre-allocated to the correct size of
16478 length checks were done before the copy but a little paranoia can go
16483 Add strlc{at,py} protos
16486 * env.c, interfaces.c:
16495 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
16496 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
16500 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
16505 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
16508 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16511 Use snprintf() for paranoia
16515 Use emalloc2 and erealloc3
16519 strlc{at,py} for those w/o it
16522 * strlcat.c, strlcpy.c:
16523 stlc{at,py} for those w/o it.
16526 * config.h.in, configure, configure.in:
16527 Add stlc{at,py} for those w/o it.
16531 Add erealloc3(), a realloc() version of emalloc2().
16534 * interfaces.c, sudo.c:
16535 Use emalloc2() to allocate N things of a certain size.
16539 Add emalloc2() -- like calloc() but w/o the bzero and with
16540 error/oflow checking.
16544 Error out on malloc(0); suggested by theo
16547 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
16549 * configure, configure.in:
16550 fix a typo; David Krause
16553 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
16559 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
16562 Remove DYLD_ from the environment for MacOS X; from bbraun
16565 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
16567 * config.h.in, configure.in:
16568 not not; Anil Madhavapeddy
16571 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16573 * sudo.pod, sudoers.pod, visudo.pod:
16574 typos; jmc@openbsd.org
16577 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16580 Add some missing ';' rule terminators that bison warns about.
16584 fix typo I introduced in last merge
16588 regenerate with autoconf 2.57
16592 Add missing "$HOME"
16596 Add some more square backets to make autoconf 2.57 happy
16599 * config.sub, mkinstalldirs:
16600 Updates from autoconf-2.57
16604 Updates from autoconf-2.57
16607 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16613 * lex.yy.c, sudo.tab.c:
16617 * parse.lex, parse.yacc, sudoers.pod:
16618 Add support for Defaults>RunasUser
16621 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
16624 fclose() yyin after each yyparse() is done and use fopen() instead
16625 of using freopen().
16629 Better fix for sudoers files w/o a newline before EOF. It looks
16630 like the issue is that yyrestart() does not reset the start
16631 condition to INITIAL which is an issue since we parse sudoers
16635 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16638 Work around what appears to be a flex bug when dealing with files
16639 that lack a final newline before EOF. This adds a rule to match EOF
16640 in the non-initial states which resets the state to INITIAL and
16645 o The parser needs sudoers to end with a newline but some editors
16646 (emacs) may not add one. Check for a missing newline at EOF and
16647 add one if needed. o Set quiet flag during initial sudoers parse (to
16648 get options) o Move yyrestart() call and always use freopen() to
16649 open yyin after initial sudoers parse.
16652 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
16655 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
16656 effective gid, not real gid, when reading sudoers.
16660 don't compile set_perms_posix if we have setreuid or setresuid
16663 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
16665 * sudo.pod, sudoers.pod:
16666 document new prompt escapes
16670 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
16671 collapsed to "%" as was originally intended. This also gets rid of
16672 lastchar (does lookahead instead of lookback) which should simplify
16673 the logic slightly.
16676 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
16679 Write the prompt *after* turning off echo to avoid some password
16680 characters being echoed on heavily-loaded machines with fast
16685 Add support for mipseb; wiz@danbala.tuwien.ac.at
16689 Fix IRIX fallout from name changes in man dir/sect Makefile
16690 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
16694 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
16695 the global copy. Problem noted by Peter Pentchev.
16698 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
16705 Add missing yyerror() calls; YYERROR does not seem to call this for
16709 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
16712 fix typo in comment; Pedro Bastos
16715 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
16718 document --disable-setresuid
16721 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
16723 Sprinkle some volatile qualifiers to prevent over-enthusiastic
16724 optimizers from removing memset() calls.
16727 * logging.c, parse.yacc:
16728 minor sign fixes pointed out by gcc -Wsign-compare
16731 * set_perms.c, sudo.c, sudo.h:
16732 Revamp set_perms. We now use a version based on setresuid() or
16733 setreuid() when possible since that allows us to support the
16734 stay_setuid option and we always know exactly what the semantics
16735 will be (various Linux kernels have broken POSIX saved uid support).
16738 * config.h.in, configure:
16739 regen from configure.in
16743 Add checks for setresuid() and a way to disable using it
16747 No long need to emulate set*[ug]id() via setres[ug]id() or
16748 setre[ug]id(). The new set_perms stuff only uses things it knows are
16753 Before exec, restore state of signal handlers to be the same as when
16754 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
16755 a problem when using sudo with nohup. Based on a patch from Paul
16760 o timestamp_uid should be uid_t, not int o clarify error message
16761 when sudo is run by root and no_root_sudo is set
16764 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16767 update ftp link for bison
16770 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
16773 Error out if setusercontext() fails and the runas user is not root.
16776 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
16783 Fix SecurID API test
16786 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
16793 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
16794 but I don't see a better way at the moment.
16797 * Makefile.in, auth/securid5.c:
16798 SecurID API version 5 support from Michael Stroucken
16802 Add check for SecurID 5.0 API
16805 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
16808 We actually do still need config.h to get the 'const' definition for
16812 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
16815 regen with autoconf 2.5.3
16819 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
16823 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
16824 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
16827 * env.c, sudo.c, sudo.h:
16828 No need for dump_badenv() now that dump_defaults() knows how to dump
16832 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
16838 document timestampowner
16842 Don't call set_perms() when doing timestamp stuff unless
16843 timestamp_uid != 0.
16846 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
16847 sudo.h, testsudoers.c:
16848 g/c second arg to set_perms--it is no longer used
16851 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
16853 * check.c, set_perms.c, sudo.c, sudo.h:
16854 Add support for non-root timestamp dirs. This allows the timestamp
16855 dir to be shared via NFS (though this is not recommended).
16858 * def_data.c, def_data.h, def_data.in:
16859 Add timestampowner, "Owner of the authentication timestamp dir"
16862 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
16865 Don't try to pre-compute the size of the new envp, just allocate
16866 space up front and realloc as needed. Changes to the new env
16867 pointer must all be made through insert_env() which now keeps track
16868 of spaced used and allocates as needed.
16871 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
16878 Fix two typo/pastos; from jrj@purdue.edu
16881 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
16883 * INSTALL.binary, README:
16885 [a1e33027278c] [SUDO_1_6_6]
16887 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
16888 visudo.cat, visudo.man.in:
16892 * CHANGES, RUNSON, TODO:
16897 The the loop used to expand %h and %u, the lastchar variable was not
16898 being initialized. This means that if the last char in the prompt
16899 is '%' and the first char is 'h' or 'u' a extra copy of the host or
16900 user name would be copied, for which space had not been allocated.
16903 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
16905 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
16906 crank version to 1.6.6
16910 #undef VOID to get rid of an AFS warning
16914 Use easprintf instead of emalloc + sprintf for some things.
16917 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
16919 * lex.yy.c, sudo.tab.c:
16923 * parse.c, parse.lex, parse.yacc, testsudoers.c:
16924 Remove Chris Jepeway's email address so people don't bug him ;-)
16927 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16930 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
16931 endgrent() at the same time.
16934 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
16937 Make it clear which configure options take arguments.
16940 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
16943 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
16944 RLIM_INFINITY, just pretend it is -1. This works because we only
16945 check for RLIM_INFINITY and do not set anything to that value.
16948 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
16951 Zero and free allocated memory when there is a conversation error.
16955 Use sigaction() not signal()
16959 Mention that some linux kernels have broken POSIX saved ID support
16963 checkpoint for 1.6.5p2
16971 Add --disable-setreuid flag
16975 Document new --disable-setreuid option and change description for
16976 --disable-saved-ids to match new error message.
16980 fatal() now takes an argument that determines whether or not to call
16985 Update for new error messages from set_perms()
16989 Update for new error messages from set_perms()
16992 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16995 Make this compile w/o warnings
16999 Mention that we can't use pam_acct_mgmt()
17002 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
17003 The user's password was not zeroed after use when AIX
17004 authentication, BSD authentication, FWTK or PAM was in use.
17007 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
17010 Avoid giving PAM a NULL password response, use the empty string
17011 instead. This avoids a log warning when the user hits ^C at the
17012 password prompt when PAM is in use.
17016 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
17017 pam_setcred() returns the last saved return code, not the return
17018 code for the setcred module. Because we haven't called
17019 pam_authenticate(), this is not set and so pam_setcred() returns
17024 Don't need a '/' between $(DESTDIR) and a directory.
17028 Don't need a '/' between $(DESTDIR) and a directory.
17031 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
17038 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
17039 setreuid() o new NetBSD has a real setreuid() o add check for
17040 freeifaddrs() if getifaddrs() exists.
17043 * config.h.in, interfaces.c:
17044 Older BSDi releases lack freeifaddrs() so add a test for that and if
17045 it is not present just use free().
17048 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17051 Checkpoint for 1.6.5p1
17055 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
17056 to normal passwords, not AUTH_FATAL (which just causes an exit).
17060 Don't use memory after it has been freed.
17064 skeyaccess() wants a struct passwd * not a char *; Patch from
17066 [65a1d3806fcd] [SUDO_1_6_5]
17072 * CHANGES, RUNSON, TODO:
17073 checkpoint for sudo 1.6.5
17076 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17082 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
17086 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17092 o when invoking the mailer as root use a hard-coded environment that
17093 doesn't include any info from the user's environment. Basically
17096 o Add support for the NO_ROOT_MAILER compile-time option and run the
17097 mailer as the user and not root if NO_ROOT_MAILER is defined.
17100 * set_perms.c, sudo.h:
17101 Bring back PERM_FULL_USER
17112 * INSTALL, config.h.in, configure.in:
17113 Add --disable-root-mailer option to run the mailer as the user and
17118 checkpoint for 1.6.4p2
17122 Mention the "seteuid(0): Operation not permitted" problem here too
17123 just for good measure.
17126 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
17128 * env.c, getspwuid.c, sudo.c:
17129 The SHELL environment variable was preserved from the user's
17130 environment instead of being reset based on the passwd database when
17131 the "env_reset" option was used. Now it is reset as it should be.
17138 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
17140 Add a configure option to turn off use of POSIX saved IDs
17148 add --with-efence option
17152 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
17153 "sudo -l" would not work if always_set_home was set.
17161 Quoted commas were not being treated correctly in command line
17166 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
17167 Otherwise, the set_home option has no effect.
17169 o Fix use of freed memory when the "fqdn" flag is set. This was
17170 introduced by the fix for the "segv when gethostbynam() fails" bug.
17171 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
17172 there is no need to check the "fqdn" flag in set_fqdn() itself.
17176 Add 'continue' statements to optimize the switch statement. From
17180 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
17182 * sudoers.cat, sudoers.man.in:
17183 Regen from new sudoers.pod
17184 [6ecc07b3d0e1] [SUDO_1_6_4]
17187 Add caveat about stay_setuid flag
17191 If set_perms == set_perms_posix and the stay_setuid flag is not set,
17192 set all uids to 0 and use set_perms_fallback().
17195 * set_perms.c, sudo.h:
17196 Remove PERM_FULL_USER (which is no longer used) and add
17197 PERM_FULL_ROOT (used when exec'ing the mailer).
17201 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
17202 never want to run the mailer setuid.
17205 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
17207 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
17209 Use sudo.ws instead of courtesan.com in URLs
17212 * Makefile.binary, Makefile.in:
17213 Fix mansect substitution
17217 Substitute man sections in Makefile.binary
17221 Sync install targets with Makefile.in and substitute in man
17225 * INSTALL, INSTALL.binary:
17230 Repair bindist target
17237 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
17240 Fix case where neither whoami nor id are found
17243 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
17246 If neither whoami nor id exists, just assume we are root.
17250 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
17251 on AIX which for some reason isn't pulling in the malloc prototype.
17254 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
17256 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
17265 Defer assigning new environment until right before the exec.
17269 kill extra blank line
17272 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
17279 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
17280 compiler doesn't recognise -O2.
17284 Clarify origins of Root Group sudo a bit based on info from
17285 billp@rootgroup.com
17288 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
17295 checkpoint for 1.6.4rc1
17298 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
17301 now generated via autoheader
17309 Move in some stuff that was previously in config.h.
17312 * aclocal.m4, configure.in:
17313 Add info for autoheader.
17316 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
17319 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
17320 -g to facilitate non-root installs
17324 Add -M option (like -m but only for root) If we can't find "whoami",
17325 use "id" w/ some sed.
17333 allow user to always override mansectsu and mansectform
17336 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
17339 update from autoconf 2.52
17342 * config.guess, config.sub:
17343 Update from autoconf 2.52
17347 regen with autoconf 2.52
17351 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
17352 mode o Remove compiler-specific checks for HP-UX now that we use
17361 o Add pam_prep_user function to call pam_setcred() for the target
17362 user; on Linux this often sets resource limits. o When calling
17363 pam_end(), try to convert the auth->result to a PAM_FOO value.
17364 This is a hack--we really need to stash the last PAM_FOO value
17365 received and use that instead.
17368 * set_perms.c, sudo.h:
17369 o Add pam_prep_user function to call pam_setcred() for the target
17370 user; on Linux this often sets resource limits.
17374 Fix off by one error in number of bytes allocated via malloc (does
17375 not affected any released version of sudo).
17378 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
17385 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
17386 requiring that they be quoted.
17389 * sudoers.cat, sudoers.man.in, sudoers.pod:
17390 Mention that no double quotes are needed when
17391 adding/deleting/assigning a single value to a list.
17395 Don't rely on mkdefaults being executable, call perl explicitly.
17403 Remove some XXX that are no longer relevant.
17407 o Roll our own loop instead of using strpbrk() for better
17408 grokability o When adding to a list we must malloc() and use
17409 memcpy(), not strdup() since we must only copy len bytes from str.
17412 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17422 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
17433 avoid the -g flag unless --with-devel was specified
17437 mkdefaults, def_data.in and sigaction.c were missing from the
17442 def_data.c was missing
17445 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
17448 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
17449 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
17457 Add comment for Default section so folks know where it should go.
17460 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
17463 Use TCSETAF, not TCSETA to set terminal in termio case
17466 * sudoers.cat, sudoers.man.in:
17467 regen from sudoers.pod
17471 o Typo, Runas_User_List should be Runas_List o a User_List can not
17472 contain a uid o mention that the Defaults section should come after
17473 Alias definitions but before the user specifications
17476 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
17478 * sudoers.cat, sudoers.man.in:
17483 Fix listpw and verifypw sections, they were not being formatted
17487 * sudoers.cat, sudoers.man.in:
17499 * config.h.in, configure.in:
17500 use AC_SYS_POSIX_TERMIOS instead of rolling our own
17504 Reference sudo.ws not courtesan.com
17508 Add notes on shadow passwords
17512 In list mode (sudo -l), characters escaped with a backslash are
17513 shown verbatim with the backslash.
17517 Add simple examples from OpenBSD (Marc Espie)
17521 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
17525 minor prettyification
17533 Fix CIDR handling here too.
17537 Apparently a NULL response is OK
17541 Checkpoint for upcoming beta release
17545 Many people believe that adding a runas spec should obviate the need
17546 for the -u flag. It does not.
17550 checkpoint update for upcoming 1.6.4 beta
17554 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
17555 if HAVE_STRING_H is defined -- this is safe now
17559 Add signals section
17567 Fix check for sigaction_t
17571 XXX - should call find_path() as runas user, not root. Can't do
17572 that until the parser changes though.
17576 If find_path() fails as root, try again as the invoking user (useful
17577 for NFS). Idea from Chip Capelik.
17580 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
17581 Regenerate after pod file changes
17584 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
17585 sudo.pod, sudoers.pod:
17586 Add new sudoers option "preserve_groups". Previously sudo would not
17587 call initgroups() if the target user was root. Now it always calls
17588 initgroups() unless the -P command line option or the
17589 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
17592 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
17594 * compat.h, config.h.in:
17595 Use new HAVE_SIGACTION_T define
17599 Fix compilation on K&C
17607 Add check for sigaction_t -- IRIX already defines this so don't
17616 need stdlib.h here too
17624 Remove redundant checks for string.h, strings.h and unistd.h
17627 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17629 Regen from pod files
17636 * configure, lex.yy.c, sudo.tab.c:
17641 Return EINVAL if errnum > sys_nerr
17644 * auth/sudo_auth.h:
17645 o Update copyright year
17648 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
17649 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
17651 o Update copyright year
17655 o Don't define STDC_HEADERS unconditionally for IRIX o Update
17663 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
17664 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
17665 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
17666 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
17667 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
17669 o Reorder some headers and use STDC_HEADERS define properly o Update
17674 o Reorder some headers and use STDC_HEADERS define properly o Update
17678 * getspwuid.c, goodpath.c, interfaces.c:
17679 o Reorder some headers and use STDC_HEADERS define properly o Update
17684 o Reorder some headers and use STDC_HEADERS define properly o Update
17688 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
17690 o Reorder some headers and use STDC_HEADERS define properly o Update
17699 flags set in signal handlers should be volatile sig_atomic_t
17702 * config.h.in, configure.in:
17703 Add checks for volatile and sig_atomic_t
17706 * configure, lex.yy.c:
17710 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
17711 sudo.c, sudoers.pod:
17712 Remove "secure_path" Defaults option since it cannot work with the
17716 * find_path.c, sudo.c:
17717 Unset "secure_path" if user_is_exempt()
17720 * env.c, pathnames.h.in:
17721 o Remove assumption that PATH and TERM are not listed in env_keep o
17722 If no PATH is in the environment use a default value o If TERM is
17723 not set in the non-reset case also give it a default value.
17726 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
17727 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
17728 systems that define in paths.h
17731 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
17732 Add support for skeyaccess(3) if it is present in libskey.
17735 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
17738 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
17742 '\\' is a perfectly legal character to have in a command line
17747 o Defer call to set_fqdn() until it is safe to use log_error() o
17748 Don't print errno string value if gethostbyname fails, it is not
17753 Fix CIDR -> in_addr_t conversion.
17756 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
17759 Remove an extra "User_List" in the User_Spec definition From
17760 ybertrand AT snoopymail.com
17764 Make 'listpw=never' work for users who are not explicitly mentioned
17769 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
17773 Document new list Defaults type and convert env_keep and env_delete
17774 to lists. Document new env_check option.
17777 * lex.yy.c, sudo.tab.c, sudo.tab.h:
17782 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
17791 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
17794 * config.h.in, configure.in:
17795 Add check for skeyaccess(3)
17799 Document new -c, -f, and -q options
17803 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
17810 * aclocal.m4, config.h.in, configure.in:
17811 Add check for isblank and a replacement macro if it doesn't exist.
17814 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
17817 In check-only mode, don't create sudoers if it does not already
17822 o Add a new token, DEFVAR, to indicate a Defaults variable name o
17823 Add support for "+=" and "-=" list operators o replace some 1 and 0
17824 with TRUE and FALSE for greater legibility.
17828 o Use exclusive start conditions to remove some ambiguity in the
17829 lexer. Also reorder some things for clarity. o Add support for
17830 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
17831 a Defaults variable name.
17835 Prototype init_envtables()
17839 o Convert environment handling to use lists instead of strings.
17840 This greatly simplifies routines that need to do "foreach" type
17841 operations. o Add new init_envtables() function to set env_check
17842 and env_delete defaults based on initial_badenv_table and
17843 initial_checkenv_table (formerly sudo_badenv_table).
17846 * defaults.c, defaults.h:
17847 o Add a new LIST type and functions to manipulate it. o This is for
17848 use with environment handling variables. o Call new
17849 init_envtables() routine inside init_defaults() to initialize the
17853 * def_data.c, def_data.h, def_data.in:
17854 Convert environment options to use the new LIST type and add a new
17855 one, env_check that only deletes if the sanity check fails.
17859 Add dummy version of init_envtables()
17867 Add check-only mode
17871 Fix generation of entries with NULL descriptions.
17874 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
17877 Use sigaction_t and quiet a gcc warning.
17881 Must reset signal handlers before we exec
17884 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
17886 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
17887 version needs testing. Set SIGTSTP to SIG_DFL during password entry
17888 so user can suspend us.
17892 Add support for interrupting/suspending tgetpass via keyboard input.
17893 If you suspend sudo from the password prompt and resume it will re-
17898 Don't block keyboard interrupt signals, just set them to SIG_IGN.
17901 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
17904 add back HAVE_SIGACTION
17911 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
17912 Kill POSIX_SIGNALS define and old signal support now that we emulate
17913 POSIX ones Also be sure to correctly initialize struct sigaction.
17917 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
17921 Add scaffolding for POSIX signal emulation
17925 o Add missing ';' so this compiles o Can't use NULL since we don't
17930 Emulate sigaction() using sigvec()
17933 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
17936 Document new behavior of negative values of timestamp_timeout Fix a
17941 Add security note about command not being logged after 'sudo su' and
17946 Mention that -V prints default values when run as root, including
17947 the list of environment variables to clear.
17951 Run pod2man with --quotes=none to avoid stupid quoting of C<>
17955 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17957 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
17958 Add mail_badpass option Also modify mail_always behavior to also
17959 send mail when the password is wrong
17962 * env.c, sudo.c, sudo.h:
17963 Dump default bad env table when 'sudo -V' is run by root.
17967 document env_delete
17971 Add support for '*' in env_keep when not resetting the environment
17972 (ie: the normal case).
17976 Add env_delete variable that lets the user replace/add to the
17977 bad_env_table. Allow '*' wildcard in env_keep entries.
17980 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
17983 Force umask to 022 to guarantee sane directory permissions.
17986 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
17989 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
17993 fix breakage in last commit
17997 acsite.m4 -> aclocal.m4
18001 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
18005 regenerated from def_data.in
18008 * check.c, defaults.c, defaults.h:
18009 Add new T_UINT type that most things use instead of T_INT If
18010 timestamp_timeout is < 0 then treat the ticket as never expiring (to
18011 be expired manually by the user).
18015 change most T_INT -> T_UINT
18019 fix warning when no args
18023 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
18024 we are a signal handler. We no longer print the signal number but
18025 the user can just check the exit value for that.
18028 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
18031 when setting up pipes in child process check for case where stdin ==
18035 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
18038 Ignore editor exit value since XPG4 says vi's exit value is the
18039 count of editing errors made (failed searches, etc).
18042 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
18049 sco now is identified by config.guess as *-sco-*
18053 Check for getspnam() in -lgen if not in -lc for UnixWare.
18056 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
18058 * sudoers.pod, visudo.pod:
18059 "upper case" -> "uppercase"
18063 fix typos and grammar; pjanzen@foatdi.harvard.edu
18066 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
18069 Missing word (specify); krapht@secureops.com
18072 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
18075 If we fail to lookup a login class, apply the default one.
18079 In log_error() free message, not logline unconditionally, then free
18080 logline if it is not the same as message. No function change but
18081 this mirrors how they are allocated.
18084 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
18091 remove some backslash quotes that are unneeded
18095 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
18096 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
18097 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
18098 to AC_DEFINE things manually.
18101 * config.guess, config.sub:
18102 Updated from autoconf-2.50
18105 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
18108 Update mailing list section. We use mailman now, not majordomo.
18111 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18113 * getspwuid.c, logging.c, sudo.c:
18114 Use setpwent()/endpwent() + all the shadow variants to make sure we
18115 don't inadvertantly leak an fd to the child. Apparently Linux's
18116 shadow routines leave the fd open even if you don't call setspent().
18117 Reported by mike@gistnet.com; different patch used.
18120 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
18127 select() may return EAGAIN. If so, continue like we do for EINTR.
18131 Fix a non-exploitable buffer overflow in the word splitting code.
18132 This should really be rewritten.
18140 Tell people to look in sample.syslog.conf for examples, not FAQ
18144 Update list of env vars that are cleared
18148 remove struct env_table decl since that stuff has all moved to env.c
18151 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
18154 Fix a pasto in flock-style unlocking and include <sys/file.h> for
18155 flock on older systems; twetzel@gwdg.de
18159 regen to get NeXT lockf/flock fix
18163 force NeXT to use flock since lockf is broken
18166 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
18169 Use stashed user_gid when checking against exempt gid since sudo
18170 sets its gid to a a value that makes sudoers readable. Previously
18171 if you used gid 0 as the exempt group everyone would be exempt. From
18172 Paul Kranenburg <pk@cs.few.eur.nl>
18175 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
18182 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
18183 some types (such as ssize_t) therein.
18186 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18189 Fix negation of paths in a boolean context. Problem found by
18193 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
18199 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
18202 SA_RESETHAND means the opposite of what I was thinking--oops To
18203 block all signals in old-style signals use ~0, not 0xffffffff
18206 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
18209 coerce difference of pointers to int when used in a string length
18210 printf format; deraadt@openbsd.org
18213 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
18216 Block all signals in Exit() to avoid a signal race. There is still
18217 a tiny window but I'm not going to worry about it.
18220 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
18223 glibc uses the LANGUAGE env var so clear that too; Solar Designer
18227 Regenerate with a fix to flex.skl that preserves errno from
18228 clobbering by isatty().
18231 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
18233 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18234 auth/sia.c, auth/sudo_auth.c:
18235 Some defaults I_ defines got renamed.
18238 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
18239 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
18240 set_perms.c, sudo.c, sudo.tab.c:
18241 Move defaults info into its own files from which we generate .h and
18242 .c files. This makes adding or rearranging variables much simpler.
18245 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
18247 * configure, configure.in:
18248 fix typo in last commit
18251 * compat.h, config.h.in, configure, configure.in:
18252 Add check + emulation for setegid (like seteuid).
18256 Make env_keep override badenv_table as documented Fix traversal of
18257 badenv_table (broken in last commit)
18260 * set_perms.c, sudo.c, sudo.h:
18261 Don't try and build saved uid version of set_perms on systems w/o
18262 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
18263 set_perms_setreuid simply be set_perms_fallback() and simply include
18264 the appropriate function at compile time (setreuid() vs. setuid()).
18267 * sudoers.cat, sudoers.man.in, sudoers.pod:
18268 PATH is also preserved when env_reset is in effect
18271 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
18272 configure.in, defaults.c, defaults.h, env.c, find_path.c,
18273 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
18274 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
18275 visudo.c, visudo.cat, visudo.man.in:
18276 New Defaults options: o stay_setuid - sudo will remain setuid if
18277 system has saved uids or setreuid(2) o env_reset - reset the
18278 environment to a sane default o env_keep - preserve environment
18279 variables that would otherwise be cleared
18281 No longer use getenv/putenv/setenv functions--do environment munging
18282 by hand. Potentially dangerous environment variables can be cleared
18283 only if they contain '/' pr '%' characters to protect buggy
18284 programs. Moved environment routines into env.c (new file)
18288 Clear up --without-passwd description
18291 * putenv.c, sudo_setenv.c:
18292 We now build up a new environment from scratch and assign it to
18296 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
18298 * sudo.pod, visudo.pod:
18299 Grammatical fixes from Paul Janzen
18302 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
18305 If there was a syntax error and the user just wants to quit, unlink
18306 sudoers if it is zero length.
18310 'Q' means ignore parse error, not 'q'
18314 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
18318 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
18321 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
18324 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
18326 * config.guess, config.sub:
18327 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
18330 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
18332 * sudo.c, visudo.c:
18333 Use exit(127), not exit(-1)
18336 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
18337 Move set_perms() to its own file and use POSIX saved uid or
18338 setreuid() if available.
18340 Added stay_setuid option for systems that have libraries that
18341 perform extra paranoia checks in system libraries for setuid
18342 programs (ie: anything with issetugid(2)).
18346 strip more bits from the environment and add a facility for
18347 stripping things only if they contain '/' or '%' to address printf
18348 format string vulnerabilities in other programs.
18351 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
18358 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
18367 Check for strcasecmp(3) in -lc89 for NCR Unix
18370 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
18373 Define HAVE_INNETGR #ifdef HAVE__INNETGR
18380 * compat.h, config.h.in, configure.in:
18381 Add check for _innetgr(3) since NCR systems have that instead of
18385 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
18388 check return value of creadcfg() call sd_close() after sd_auth()
18389 store username in sd->username so we don't rely on the USER env
18393 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
18396 document --with-bsdauth
18404 --with-bsdauth assumes --with-logincap
18407 * auth/bsdauth.c, auth/fwtk.c:
18408 When prompting for a response to a challenge, if the user just hits
18409 return then reprompt with echo turned on.
18412 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
18415 Remove debugging code that should not have been committed, oops.
18419 Use lower-level routines and get the password ourselves. Checks for
18420 a challenge and if there is one echo is not turned off.
18423 * auth/pam.c, auth/sudo_auth.h:
18424 minor housekeeping, no real code changes
18427 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
18430 Fix a coredump in the logging functions if gethostname(2) fails by
18431 deferring the call to log_error() until things are better setup.
18433 Fix return value of set_loginclass() in non-BSD-auth case.
18435 Hard-code 'sudo' in the usage message so we can fit more options on
18440 Fix errant ';' (typo) that broken MSG_ONLY
18443 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
18445 * sudo.cat, sudo.man.in:
18453 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
18454 configure, configure.in, getspwuid.c, sudo.c:
18455 Add support for BSD authentication.
18458 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
18461 Fix typo; from sato@complex.eng.hokudai.ac.jp
18464 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
18467 Mention negating umask
18471 Allow user to specify umask of 0777 (same as !umask)
18474 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
18476 * sudo.pod, visudo.pod:
18477 Fix a typo and give a URL for the sudo history.
18480 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
18482 * defaults.c, sudo.pod:
18483 fix typos; pepper@reppep.com
18486 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
18488 * sudo.c, sudo.h, sudo_setenv.c:
18489 sudo_setenv() now exits on memory alloc failure instead of returning
18493 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
18496 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
18497 and possibly others.
18501 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
18502 that "%m" won't be expanded but we don't use that anyway since the
18503 logging routines may splat to stderr as well.
18506 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
18508 Add always_set_home variable
18511 * configure, configure.in:
18512 Have to hard code default values in help since the defaults are set
18513 _after_ the help stuff.
18516 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
18518 * lex.yy.c, parse.lex:
18519 Allow special characters (including '#') to be embedded in pathnames
18520 if quoted by a '\\'. The quoted chars will be dealt with by
18521 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
18524 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
18527 Better path searching for programs we need.
18531 Add section on "C compiler cannot create executables" errors.
18534 * Makefile.binary, Makefile.in, version.h:
18538 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
18539 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
18540 visudo.man.in, visudo.pod:
18541 Substitute values from configure into man pages.
18544 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
18547 The listpw and verifypw sudoers options would not take effect
18548 because the value of the default was checked *before* sudoers was
18549 parsed. Instead of passing in the value of PWCHECK_* to
18550 sudoers_lookup(), pass in the arg for def_ival() so the check can be
18551 deferred until after sudoers is parsed.
18554 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
18557 When writing prompt, no need to write the NUL as well;
18561 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18564 When looking for chown, check in /sbin too
18567 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
18570 Remove extraneous call to init_defaults() and set runas_user to NULL
18571 betweem parses so init_defaults will reset it each time, thus
18572 avoiding a reference to free()d data.
18575 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
18577 * config.h.in, interfaces.c, interfaces.h, sudo.c:
18578 Add support for using getifaddrs() to get the list of ip addr /
18579 netmask pairs. Currently IPv4-only.
18583 Add a missing check for UserEditor == NULL Add missing '+' before
18584 line number when invoking editor to fix a syntax error
18587 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
18590 Call clean_env very early in main() for paranoia's sake. Idea from
18594 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18597 Update proto for evasprintf and easprintf
18601 Make easprintf() and evasprintf() return an int.
18605 If the targetpw flag is set, use target username as part of the
18606 timestamp path. If tty tickets are in effect cat the tty and the
18607 target username with a ':' as the separator.
18610 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
18613 Backout part of last change; setting PAM_USER to the invoking user
18614 breaks things like targetpw.
18618 set tty and username via pam_set_item
18621 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
18622 Fix root, runas, and target authentication for non-passwd file auth
18626 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
18628 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18629 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18630 Use B<-Z> not C<-Z> for command line flags in all places. This is
18631 more consistent and works around a bug in Pod::Man.
18634 * sudoers.cat, sudoers.man.in, sudoers.pod:
18635 Fix an occurence of 'semicolon' that should be 'colon'
18638 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
18640 * configure, configure.in:
18641 Fix --with-badpri help line
18644 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
18646 * defaults.c, logging.c, sudo.c:
18647 Bracket calls to syslog with an openlog() and closelog() since some
18648 authentication methods (like PAM) may do their own logging via
18649 syslog. Since we don't use syslog much (usually just once per
18650 session) this doesn't really incur a performance penalty. It also
18651 Fixes a SEGV with pam_kafs.
18654 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
18657 Fix -H flag. runas_homedir is only valid after
18658 set_perms(PERM_RUNAS, mode)
18661 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
18664 Clarify the fact that insults are not enabled just by including them
18668 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
18670 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18672 Regenerated with perl 5.6.0 pod2man
18676 Give date string to pod2man since its default is ugly and it ain't
18681 Do section substitution on the output of pod2man and remove hack
18682 needed for old pod2man.
18685 * sudo.pod, sudoers.pod, visudo.pod:
18686 Put back real man sections, we will do the substitution later.
18689 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18691 * configure, configure.in:
18692 Don't bother checking for the path to vi if user specified --with-
18696 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
18698 * CHANGES, visudo.c:
18699 Visudo now does its own fork/exec instead of calling system(3).
18702 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
18703 sudoers.pod, visudo.c:
18704 Visudo now checks for the existence of an editor and gives a
18705 sensible error if it does not exist.
18707 The path to the editor for visudo is now a colon-separated list of
18708 allowable editors. If the user has $EDITOR set and it matches one
18709 of the allowed editors that editor will be used. If not, the first
18710 editor in the list that actually exists is used.
18713 * sudo.cat, sudo.man.in, sudo.pod:
18714 Clear up confusion wrt sudo's return value.
18717 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
18720 Strip sudo and visudo for bindist target
18723 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18724 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18725 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
18726 [5eb9e60a726f] [SUDO_1_6_3]
18728 * visudo.cat, visudo.man.in, visudo.pod:
18729 Typo: @sysconf@ -> @sysconfdir@
18733 'make dist' should not cause any files to be modified so remove its
18738 Whoops, forgot to add release marker
18741 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
18744 Final change for 1.6.3 (or so I hope)
18747 * sudo.cat, sudoers.cat, visudo.cat:
18748 Use SYSV man sections since BSD systems will have nroff...
18751 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
18753 * parse.yacc, sudo.tab.c:
18754 When checking to see if the host/user matches in a defaults spec,
18755 check against TRUE, not just non-zero since it might be -1.
18758 * configure, configure.in:
18759 OSF/1 puts file formats in section 4, not 5.
18762 * CHANGES, INSTALL, sudo.c:
18763 Make login class support work on BSD/OS
18770 * configure, configure.in:
18771 If there is no inet_addr but there *is* an __inet_addr that's ok
18772 since inet_addr is probably just a macro then. The better thing to
18773 do would be to look for the macro, but this is fine for now.
18776 * configure, configure.in:
18777 Don't use shlicc for BSD/OS 4.x
18780 * Makefile.in, configure, configure.in:
18781 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
18782 configure variable so we can deal with this. Also, only remove *.man
18783 for 'distclean' not 'clean'.
18787 set_loginclass() should be static like the proto says
18790 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
18793 Add #ifdef __STDC__ around the rangematch function header to avoid
18794 promotion of test to int, thus violating the prototype. Gcc handles
18795 this gracefully but more std ANSI compilers will complain.
18799 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
18802 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
18803 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
18804 FNM_CASEFOLD in configure
18811 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
18812 Fully qualified hosts w/ wildcards were not matching the FQHOST
18813 token type. There's really no need for a separate token for fully-
18814 qualified vs. unqualified anymore so FQHOST is now history and
18815 hostname_matches now decides which hostname (short or long) to check
18816 based on whether or not the pattern contains a '.'.
18820 Fully qualified hosts w/ wildcards were not matching the FQHOST
18821 token type. There's really no need for a separate token for fully-
18822 qualified vs. unqualified anymore so FQHOST is now history and
18823 hostname_matches now decides which hostname (short or long) to check
18824 based on whether or not the pattern contains a '.'.
18827 * lex.yy.c, parse.c, parse.lex, parse.yacc:
18828 Fully qualified hosts w/ wildcards were not matching the FQHOST
18829 token type. There's really no need for a separate token for fully-
18830 qualified vs. unqualified anymore so FQHOST is now history and
18831 hostname_matches now decides which hostname (short or long) to check
18832 based on whether or not the pattern contains a '.'.
18835 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
18836 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
18837 Add support for wildcards in the hostname.
18841 Add targets for *.man.in, using config.status to generate *.man from
18845 * sudoers.cat, sudoers.man.in, sudoers.pod:
18846 Document set_logname option and enbolden refs to sudo and visudo.
18849 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
18850 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
18851 visudo.cat, visudo.man.in, visudo.pod:
18852 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
18853 from Michael D. Marchionna. configure now does substitution on the
18854 man pages, allowing us to fix up the paths and set the section
18855 correctly. Based on an idea from Michael D. Marchionna.
18859 Better fix for handling HP-UX aging info.
18863 Add support for set_logname run-time default
18866 * sudo.man.in, sudoers.man.in, visudo.man.in:
18867 configure does substitution on these to produce *.man
18870 * sudo.man, sudoers.man, visudo.man:
18871 These files now get generated from *.man.in at configure time.
18874 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
18876 * defaults.c, defaults.h:
18877 Add set_logname option so users can turn off setting of LOGNAME/USER
18878 environment variables.
18881 * lsearch.c, parse.c, testsudoers.c:
18885 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
18888 HP-UX adds extra info at the end for password aging so when
18889 comparing the result of crypt to pw_passwd we only compare the first
18890 len(epass) bytes *unless* the user entered an empty string for a
18895 Get rid of grandchild hack, it was causing problems and there is
18896 really no need for it. This fixes a bug where we spin eating up CPU
18897 when the user runs a long-running process like a shell.
18900 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
18903 User can always specify a login class if he/she is already root.
18906 * config.h.in, configure, configure.in, defaults.c, defaults.h,
18908 FreeBSD login class (login.conf) support.
18911 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
18913 * auth/sudo_auth.c:
18914 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
18917 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
18920 Truncate unencrypted password to 8 chars if encrypted password is
18921 exactly 13 characters (indicateing standard a DES password). Many
18922 versions of crypt() do this for you, but not all (like HP-UX's).
18925 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18928 Mention that gcc on dynix may have problems
18931 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
18934 Link visudo with NET_LIBS since we now call syslog via defaults.c
18938 Use Argv[0] as the first arg to openlog() since visudo uses this
18942 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
18945 Stash coredumpsize resource limit and retsore it before the exec()
18946 Otherwise the child ends up with a coredumpsize of 0.
18949 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
18951 * sudo.cat, sudo.man, sudo.pod:
18959 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
18960 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
18961 Added -S flag (read passwd from stdin) and tgetpass_flags global
18962 that holds flags to be passed in to tgetpass(). Change echo_off
18963 param to tgetpass() into a flags field. There are currently 2
18964 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
18965 tgetpass(), abstract the echo set/clear via macros and if (flags &
18966 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
18970 Fixed a bug that caused an infinite loop when the password timeout
18974 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
18976 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
18977 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
18978 Add rootpw, runaspw, and targetpw options.
18981 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
18983 enveditor -> env_editor
18986 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
18988 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
18989 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
18991 crank versino to 1.6.3
18994 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
18995 sudoers.pod, visudo.c:
18996 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
18997 them. This means that visudo will now parse the sudoers file
18998 *before* it is edited so a bogus sudoers file will cause a warning
18999 to go to stderr. Also, visudo checks the variables once--it does not
19000 check them after each editor run since that could be confusing.
19003 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
19009 * check.c, sudo.c, sudo.h:
19010 Move user_is_exempt prototype into sudo.h
19013 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19015 * configure, configure.in:
19016 Fix thinko, some && should have been || in the last commit
19019 * configure, configure.in:
19020 Don't initialized Makefile variables to be NULL since the user may
19021 want to import variables from their environment.
19024 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19026 * configure, configure.in:
19030 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
19033 fix a yacc (skeleton.c) warning
19036 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
19038 * INSTALL, RUNSON, configure, configure.in:
19039 Make pam work on HP-UX 11.0;jaearick@colby.edu
19043 recent changes; prepare for 1.6.2p1
19047 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
19050 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
19053 Regen with yacc that has a memory leak plugged.
19056 * sudoers.cat, sudoers.man, sudoers.pod:
19057 Expanded docs on sudoers 'defaults' options based on INSTALL file
19062 Fix some while lies
19065 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
19068 When making a bindist, link FAQ to TROUBLESHOOTING instead of
19072 * sudoers.cat, sudoers.man, sudoers.pod:
19073 Add netgroup caveat
19074 [28d119f466e3] [SUDO_1_6_2]
19077 Last minute updates
19093 Better detection of PAM errors and fix custom prompts with PAM.
19094 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
19097 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19100 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
19104 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
19106 * CHANGES, config.h.in, configure, configure.in, visudo.c:
19107 Fix sudoers locking in visudo. We now lock the sudoers file itself,
19108 not the temp file (since locking the temp file can foul up editors).
19109 The previous locking scheme didn't work because the fd was closed
19113 * config.h.in, configure, configure.in:
19114 Don't need test for ftruncate() any more.
19117 * configure, configure.in:
19118 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
19119 the unbundled HP-UX cc.
19122 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19124 * sudoers.cat, sudoers.man, sudoers.pod:
19125 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
19128 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19130 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
19131 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
19132 version.h, visudo.c:
19133 update copyright year on changed files
19145 Crank version to 1.6.2
19149 Crank version to 1.6.2
19153 When using rlimit check for RLIM_INFINITY When computing the value
19154 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
19161 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
19162 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
19163 Crank version to 1.6.2
19166 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
19167 Add 'shell_noargs' runtime option back in. We have to defer
19168 checking until after the sudoers file has been parsed but since
19169 there are now other options that operate that way this one can too.
19170 Based on a patch from bguillory@email.com.
19173 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
19174 Add "listpw" and "verifypw" options.
19177 * sudoers.cat, sudoers.man, sudoers.pod:
19178 o Fix some typos/omissions o Add section on verifypw and listpw o
19179 Define how NOPASSWD interacts with the -v and -l flags
19182 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19184 * configure, configure.in:
19185 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
19186 -D_HPUX_SOURCE to CPPFLAGS.
19189 * defaults.c, defaults.h:
19190 In struct sudo_defs_types, move the union to the end and don't
19191 initialize the union member since that only works with an ANSI
19192 compiler. We set the value of the union by hand in init_defaults()
19193 anyway. This allows sudo to compile on a K&R compiler again.
19196 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
19198 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
19199 netgr_matches needs to check shost as well as host since they may be
19204 End on \r as well as \n
19207 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
19210 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
19211 from 0400 to whatever SUDOERS_MODE is (converting from the old
19212 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
19213 0400 which should always be the case.
19216 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
19217 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
19218 w/o a passwd if there is *any* entry for the user on the host with a
19219 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
19220 the user on the host w/ the specified runas user have the NOPASSWD
19228 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
19231 Treat EOF at whatnow prompt like 'x' instead of looping.
19234 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
19238 [5836a9452568] [SUDO_1_6_1]
19240 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
19242 * config.h.in, configure, configure.in, sudo.c:
19243 Add check for initgroups() since old SYSV lacks this.
19246 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
19247 parse.c, testsudoers.c:
19248 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
19252 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
19254 * auth/sudo_auth.c:
19255 Don't allow insults to be enabled if the insults[] array is empty.
19256 Otherwise there would be division by zero.
19260 Don't allow insults to be enabled if the insults[] array is empty.
19261 Otherwise there would be division by zero.
19265 Don't allow insults to be enabled if the insults[] array is empty.
19266 Otherwise there would be division by zero.
19270 Don't care about USE_INSULTS #define since the insult stuff may be
19271 overridden at runtime.
19274 * auth/sudo_auth.c:
19275 Honor insults flag.
19278 * CHANGES, parse.c:
19279 Don't ask the user for a password if the user is not allowed to run
19280 the command and the authenticate flag (in sudoers) is false.
19283 * CHANGES, RUNSON, lex.yy.c, parse.lex:
19284 o Whenever we get a bare newline we change to the INITIAL state. o
19285 Enter GOTRUNAS when we see Runas_Alias
19287 This allows #uid to work in a RunasAlias.
19290 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
19292 * CHANGES, parse.yacc, sudo.tab.c:
19293 fix parsing of runas lists: o oprunasuser and runaslist now return a
19294 value o in a runasspec, if a runaslist does not return TRUE, set
19295 runas_matches to FALSE. Normally, a runaslist only returns FALSE
19296 for explicitly denied users. o since runaslist does not modify the
19297 stack there is no need for a push/pop in runasalias.
19301 Don't kill the user's tickets until after sudoers has been parsed
19302 since tty_tickets and ticket_dir could be set in sudoers.
19305 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
19306 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
19307 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
19308 crank version to 1.6
19312 add set_fqdn() stub
19315 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
19317 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
19318 sudoers.man, sudoers.pod, visudo.c:
19319 o Kill shell_noargs option, it cannot work since the command needs
19320 to be set before sudoers is parsed. o Fix the "set_home" sudoers
19321 option (only worked at compile time). o Fix "fqdn" sudoers option.
19322 We now set host/shost via set_fqdn which gets called when the
19323 "fqdn" option is set in sudoers. o Move the openlog() to
19324 store_syslogfac() so this gets overridden correctly from the
19329 SecurID support should compile now.
19332 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
19334 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
19335 visudo.man, visudo.pod:
19336 fix some syntactic goofs
19339 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19341 * Makefile.in, sudo.html, sudoers.html, visudo.html:
19342 No longer need the .html files as they are generated automatically
19346 * CHANGES, LICENSE:
19347 kill characters that made wml unhappy
19354 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19357 majordomo@cs.colorado.edu -> majordomo@courtesan.com
19360 * Makefile.in, configure:
19361 Wrap script execution w/ /bin/sh for the benefit of ctm
19364 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19367 Make the -s flag be exclusive too. Also reorder the flags in the
19368 exclusive usage message so they are alphabetical.
19371 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19374 make pam errors other than PAM_PERM_DENIED fatal
19382 make it clear that /etc/pam.d/sudo is required on linux
19386 fix a warning on redhat and spew an error if pam_authenticate()
19387 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
19390 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19391 Be very clear that the password required is the user's not root's
19394 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
19397 add sample.syslog.conf to DISTFILES and BINFILES
19400 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
19403 updates from Brian Jackson + some formatting
19406 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
19408 * INSTALL.binary, Makefile.binary, README, RUNSON:
19409 o One RUNSon update o Changes for automating real binary releases
19416 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
19419 talk about run-time options in addition to compile-time options
19420 [1eb813ff0a9a] [SUDO_1_6_0]
19427 need sys/time.h if HAVE_SETRLIMIT
19430 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
19431 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
19432 get rid of references to sudo-bugs. Now mention the web site or the
19437 repair pod2html damage
19441 Update for 1.6 release
19444 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19445 Add warning about using ALL in a command context.
19448 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
19451 Call yyrestart() on a parse error to reset the lexer state.
19454 * lex.yy.c, parse.lex:
19455 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
19456 since it might not get called in yywrap if we get a parse error
19457 (and we only reread the file on error anyway).
19460 * lex.yy.c, parse.lex:
19461 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
19462 might still exist. Call yyrestart() instead of using the deprecated
19466 * lex.yy.c, parse.lex:
19467 flex doesn't need %N table size declarations
19470 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19471 Mention what characters need to be escaped in names.
19474 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
19481 clarify Mac OS X entry
19489 o Use AC_MSG_ERROR throughout o Check syslog configure options for
19493 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
19496 Fix printing of type T_MODE in dump_defaults()
19500 missing sys/types.h
19504 Break out options that may be overridden at run time into their own
19505 section. Add a not about Max OS X and correct some lies.
19508 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
19510 * CHANGES, config.h.in, configure, configure.in, sudo.c:
19511 o Now use getrlimit to find the highest fd when closing all non-std
19512 fd's o Turn off core dumps via setrlimit for the sake of paranoia
19519 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
19526 When read()'ing, do a single character at a time to be sure we don't
19527 go oast the newline.
19531 For the sudo_root option, check against user_uid, not getuid() since
19532 at this point, ruid == euid == 0.
19540 Fix compilation problem when --with-logging=file was specified.
19541 This means that syslog is now required to build sudo but that should
19542 not be a problem. If it is it can be fixed trivially with a
19543 configure check for syslog() or syslog.h.
19547 Make this work again for things like "sudo echo hi | more" where the
19548 tty gets put into character at a time mode. We read until we read
19549 end of line or we run out of space (similar to fgets(3)).
19552 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
19554 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19555 change ital to bold
19562 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
19565 Error out if syslog parameters are given without a value. For
19566 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
19567 no facilities in the 4.2BSD syslog.
19570 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
19573 Ignore the syslog facility for systems w/ old syslog like Ultrix.
19577 people with "." early in their path can have problems running sudo
19578 from the build dir ;-)
19581 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
19583 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19584 Remove -r realm option
19587 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
19588 configure.in, sudo.c:
19589 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
19596 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
19599 include <auth.h> to get function prototypes.
19602 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19606 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
19609 in set_perms(), always call setuid(0) before changing the ruid/euid
19610 so we always know it will succeed.
19614 #undef T_FOO to avoid conflicts with system defines (like on
19618 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
19620 Docuement "Defaults" lines in /etc/sudoers. Still needs some
19621 fleshing out but this is a start.
19624 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
19626 * use strtol, not strtoul since not everyone has not strtoul
19630 use strtol, not strtoul since not everyone has not strtoul
19633 * lex.yy.c, parse.lex:
19634 last {WORD} rule should only apply in the INITIAL state
19637 * lex.yy.c, parse.lex:
19638 o Add support for escaped characters in the WORD macro o Modify
19639 fill() to squash escape chars
19642 * defaults.c, defaults.h:
19643 o Add T_PATH flag to allow simple sanity checks for default values
19644 that are supposed to be pathnames. o Fix a duplicate free when
19645 visudo finds an error.
19648 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
19650 * defaults.c, defaults.h, logging.c:
19651 mail_if_foo -> mail_foo
19654 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
19656 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
19657 o Add requiretty option o Move O_NOCTTY to compat.h
19661 The exit() in log_error() was mistakenly removed in a previous
19662 version. Put it back...
19665 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
19667 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
19668 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
19669 configure, configure.in, defaults.c, defaults.h, find_path.c,
19670 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
19671 o Change defaults stuff to put the value right in the struct. o
19672 Implement mailer_flags o Store syslog stuff both in int and string
19673 form. Setting the string form magically updates the int version.
19674 o Add boolean attribute to strings where it makes sense to say !foo
19678 add O_NOCTTY when opening /dev/tty just in case
19681 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
19684 cleanup function no longer takes a status arg
19691 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
19693 * TODO, config.h.in, configure, configure.in, logging.c:
19694 Use strftime() instead of ctime() if it is available.
19697 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
19704 update ReliantUNIX entry
19707 * defaults.c, defaults.h, logging.c:
19708 add log_year option
19711 * configure, configure.in:
19712 add --without-sendmail to help output
19715 * configure, configure.in:
19716 enforce an otctal arg for --with-suoders-mode
19719 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
19721 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
19722 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
19723 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
19724 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
19725 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
19726 testsudoers.c, version.c, visudo.c:
19727 Add support for "Defaults" line in sudoers to make configuration
19728 variables changable at runtime (and on a global, per-host and per-
19729 user basis). Both the names and the internal representation are
19730 still subject to change. It was necessary to make sudo_user.runas
19731 but a char ** instead of a char * since this value can be changed by
19732 a Defaults line. There is a similar (but more complicated) issue
19733 with sudo_user.prompt but it is handled differently at the moment.
19735 Add a "-L" flag to list the name of options with their descriptions.
19736 This may only be temporary.
19738 Move some prototypes to parse.h
19740 Be much less restrictive on what is allowed for a username.
19743 * sample.syslog.conf:
19747 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
19749 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
19751 UCB has dropped the advertising clause from their license.
19754 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
19756 * auth/sudo_auth.h:
19757 move dce_verofy proto to correct section
19764 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
19767 Add fnmatch() prototype
19770 * fnmatch.c, parse.c, testsudoers.c:
19771 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
19775 add strcasecmp proto
19778 * auth/sudo_auth.c:
19779 add check for case where there are no auth methods
19782 * configure, configure.in:
19783 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
19787 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
19788 include strings.h everywhere we include string.h
19792 nicer output when showing auth methods
19796 Add support for SEND_MAIL_WHEN_NO_HOST
19799 * config.h.in, configure, configure.in:
19800 Add _GNU_SOURCE for Linux
19803 * lex.yy.c, parse.lex:
19804 fix definition of OCTECT
19807 * configure, configure.in:
19808 aix_auth.o not authenticate.o
19811 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
19814 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
19815 keyboard). Since we run with ruid/euid == 0 the user can't really
19816 signal us in nasty ways.
19820 Don't need to worry about catching too many signals since we do
19821 locking on the tmp file. If a lockfile is really stale, it will be
19822 detected and overwritten.
19825 * INSTALL, Makefile.in:
19826 include auth/API in tarball
19829 * auth/sudo_auth.c:
19830 move memset() of plaintext pw outside of verify loop and only do the
19831 memset if we are *not* in standalone mode.
19834 * auth/sudo_auth.c, auth/sudo_auth.h:
19835 DCE is not a standalone method
19839 fix --enable-noargs-shell
19843 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
19846 * auth/fwtk.c, auth/sia.c:
19847 _cleanup() function returns an int.
19851 there were still some return(0)'s hanging around, make them
19860 add missing semicolon
19863 * auth/sudo_auth.h:
19867 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
19869 * CHANGES, config.h.in, configure, configure.in:
19870 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
19874 add parse.h to HDRS
19877 * Makefile.in, configure, configure.in:
19878 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
19879 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
19880 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
19881 testsudoers to build on Solaris and is a bit cleaner in general.
19885 mention ptmp -> sudoers.tmp
19888 * config.h.in, configure, configure.in:
19889 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
19897 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
19898 return a value more like a system function
19910 update based on what is in the man page
19913 * parse.yacc, sudo.tab.c:
19914 minor change to first line printed in -l mode
19917 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19918 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19919 standard and add "EXAMPLES" section
19922 * visudo.cat, visudo.html, visudo.man, visudo.pod:
19923 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19927 * logging.c, parse.c, sudo.h:
19931 * lex.yy.c, parse.lex:
19932 make an OCTET really be limited to 0-255
19936 mention timestamp changes
19943 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19944 new sudoers(8) man page
19947 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
19950 Update comments about syslog name tables
19953 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
19954 strcasecmp.c, sudo.tab.c:
19955 include strcasecmp() for those without it
19959 Use the : operator some more and fix a typo
19963 update the history of sudo
19966 * parse.c, parse.lex, testsudoers.c:
19967 CIDR-style netmask support
19974 * sudo.tab.c, sudo.tab.h:
19975 these should be generated with byacc, not bison
19982 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
19983 In "sudo -l" mode, the type of the stored (expanded) alias was not
19984 stored with the contents. This could lead to incorrect output if
19985 the sudoers file had different alias types with the same name.
19986 Normal parsing (ie: not in '-l' mode) is unaffected.
19989 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
19991 * configure, configure.in:
19992 define _XOPEN_SOURCE to get at crypt() proto on some systems
19995 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
20002 don't need limits.h
20006 kill bogus reference to vfprintf
20009 * sample.sudoers, sudoers:
20014 Add some const in the K&R defs. This is safe since we define const
20015 away if the compiler doesn't grok it.
20018 * aclocal.m4, configure:
20019 Better test for working long long support. Ultrix compiler supports
20020 basic long long but not all operations on them.
20023 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
20024 snprintf.c, sudo.c:
20025 Add check for LONG_IS_QUAD #undef MAXINT before including
20026 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
20027 in snprintf.c and use LONG_IS_QUAD
20030 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
20032 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
20034 UCB-derived snprintf + asprintf support. Supports quads if the
20035 compiler does. No floating point yet, perhaps later...
20038 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
20040 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
20041 goodpath.c, logging.c, parse.c, sudo.c:
20042 Run most of the code as root, not the invoking user. It doesn't
20043 really gain us anything to run as the user since an attacker can
20044 just have an setuid(0) in their egg. Running as root solves
20045 potential problems wrt signalling.
20052 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20054 * logging.c, sudo.c:
20055 Don't wait for child to finish in log_error(), let the signal
20056 handler get it if we are still running, else let init reap it for
20057 us. The extra time it takes to wait lets the user know that mail is
20060 Install SIGCHLD handler in main() and for POSIX signals, block
20065 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
20066 parse.yacc, sudo.c, sudo.h:
20067 sudoers_lookup() now returns a bitmap instead of an int. This makes
20068 it possible to express things like "failed to validate because user
20069 not listed for this host". Some thigns that were previously
20070 VALIDATE_FOO are now FLAG_FOO. This may change later on.
20072 Reorganized code in log_auth() and sudo.c to deal with above
20075 Safer versions of push/pushcp with in the do { ... } while (0) style
20077 parse.yacc now saves info on the stack to allow parse.c to determine
20078 if a user was listed, but not for the host he/she tried to run on.
20080 Added --with-mail-if-no-host option
20083 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
20085 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
20086 visudo.man, visudo.pod:
20087 o NewArgv and NewArgc don't need to be externally visible. o If
20088 pedantic > 1, it is a parse error. o Add -s (strict) option to
20089 visudo which sets pedantic to 2.
20092 * HISTORY, INSTALL:
20093 Just have sudo-bugs contact info in one place
20096 * sudo.cat, sudo.html, sudo.man, sudo.pod:
20100 * Makefile.in, configure, configure.in:
20101 Add testsudoers to default build target if --with-devel Don't clean
20102 generated parser files unless "distclean".
20105 * parse.yacc, sudo.tab.c:
20106 In pedantic mode we need to save *all* the aliases, not just those
20107 that match, or we get spurious warnings.
20111 reference samples.sylog.conf
20114 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
20116 * sample.syslog.conf:
20117 Sample entries for syslog.conf
20124 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
20125 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
20126 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
20127 auth/sudo_auth.c, auth/sudo_auth.h:
20128 In struct sudo_auth, turn need_root and configured into flags and
20129 add a flag to specify an auth method is running alone (the only
20130 one). Pass auth methods their sudo_auth pointer, not the data
20131 pointer. This allows us to get at the flags and tell if we are the
20132 only auth method. That, in turn, allows the method to be able to
20133 decide what should/should not be a fatal error. Currently only
20134 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
20135 define and te hackery that went with it. With access to the
20136 sudo_auth struct, methods can also get at a string holding their
20137 cannonical name (useful in error messages).
20140 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
20141 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
20143 o --with-otp deprecated, use --without-passwd instead o real
20144 dependencies in the Makefile o --with-devel option to enable yacc,
20145 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
20146 back to being a token, not a string but don't leak memory o rename
20147 hsotspec -> host in parse.yacc
20150 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
20156 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
20158 o Digital UNIX needs to check for *snprintf() before -ldb is added
20159 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
20160 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
20161 functions in snprintf.c to fix -Wall o Add missing includes to fix
20165 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
20166 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
20168 o Add a "pedentic" flag to the parser. This makes sudo warn in
20169 cases where an alias may be used before it is defined. Only turned
20170 on for visudo and testsudoers. o Add --disable-authentication option
20171 that makes sudo not require authentication by default. The PASSWD
20172 tag can be used to require authentication for an entry. We no
20173 longer overload --without-passwd.
20176 * lex.yy.c, parse.lex:
20177 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
20178 username can contain just about anything so be very permissive. Also
20179 drop the unused \. punctuation.
20182 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
20184 * parse.yacc, sudo.tab.c:
20185 o add a 'val' element to aliasinfo struct and move -> parse.h o
20186 find_alias() now returns an aliasinfo * instead of boolean o
20187 add_alias() now takes a value parameter to store in the
20188 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
20189 return: 1) positive match 0) negative match (due to '!')
20190 -1) no match This means setting $$ explicitly in all cases, which I
20191 should have done in the first place. It also means that we always
20192 store a value that is != -1 and when we see a '!' we can set
20193 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
20194 now works the way it should in lists and some of the rules are more
20195 uniform and sensible.
20199 add parse.h dependency
20203 kill unused *_matched macros
20207 Allow a list of users as the first thing in a user spec, not just a
20208 single entry. This makes things more uniform, though it does allow
20209 you to write user specs that are hard to read.
20221 fix check for crypt() in libufc
20224 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
20227 sudo-users list now exists
20230 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
20234 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
20235 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
20236 version.c, visudo.c:
20237 o Move lock_file() and touch() into fileops.c so visudo can use them
20238 o Visudo now locks the sudoers temp file instead of bailing when the
20239 temp file already exists. This fixes the problem of stale temp
20240 files but it does *require* that you not try to put the temp file in
20241 a world-writable directory. This shoud not be an issue as the temp
20242 file should live in the same dir as sudoers. o Visudo now only
20243 installs the temp file as sudoers if it changed.
20246 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
20252 * config.h.in, configure, configure.in, logging.c:
20256 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
20257 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
20258 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
20259 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
20260 -> _PATH_SUDOERS_TMP
20263 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20265 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
20266 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
20267 root sudo -V config reporting
20270 * configure, configure.in:
20271 aix_auth.o not authenticate.o
20275 Add --with-goodpri and --with-badpri configure options to specify
20276 the syslog priority to use.
20279 * INSTALL, configure, configure.in, logging.h:
20280 Add --with-goodpri and --with-badpri configure options to specify
20281 the syslog priority to use.
20285 kill crufty AIX stuff
20289 Sigh, some versions of make (like Solaris's) don't deal with $< like
20290 I would expect. Both GNU and BSD makes get this right but... So, we
20291 just expand $< inline at the cost of some ugliness.
20295 If the invoking user is root, sudo will now print configure info in
20296 -V mode. Currently just prints logging info, to be expanded later.
20299 * logging.c, logging.h, sudo.c, sudo.h:
20300 o new defines for syslog facility and priority o use new
20301 print_version() functino for -V mode
20305 Don't need version.c
20308 * aclocal.m4, config.h.in, configure, configure.in:
20309 Add check for syslog facilities and priorities tables in syslog.h
20313 o authenticate -> aix_auth o add version.c
20316 * auth/sudo_auth.c:
20317 Missed a prompt -> user_prompt conversion
20320 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
20323 sudo should lock its logfile
20326 * parse.yacc, sudo.tab.c:
20327 o Add '!' correctly when expanding Aliases. o Add shortcut macros
20328 for append() to make things more readable. o The separator in
20329 append() is now a string instead of a char. o In append(), only
20330 prepend the separator if the last char is not a '!'. This is a
20331 hack but it greatly simplifies '!' handling. o In -l mode, Runas
20332 lists and NOPASSWD/PASSWD tags are now inherited across entries in
20333 a list (matches current behavior). o Fix formatting in -l mode such
20334 that items in a list are separated by a space. Greatlt improves
20335 readability. o Space for name field in struct aliasinfo is now
20336 allocated dyanically instead of using a (big) buffer. o In
20337 add_alias(), only search the list once (lsearch instead of lfind +
20341 * lex.yy.c, sudo.tab.c, sudo.tab.h:
20345 * configure, configure.in:
20346 Solais pam doesn't require anye xtra setup
20350 o Simpler '!' support now that the lexer deals with multiple !'s for
20351 us. o In the case of opFOO, have FOO give a boolean return value and
20352 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
20353 it gets fill()'d in parse.lex--fixes a small memory leak. In the
20354 long run it may be better to just fix parse.lex and make ALL back
20355 into a token. However, having it be a string is useful since it
20356 can be easily passed back to the parent rule if we so desire.
20360 o Remove some unnecessary backslashes o collapse multiple !'s by
20361 using !+ and checking if yyleng is even or odd. this allows us to
20362 simplify ! handling in parse.yacc
20366 -u flag was being ignored
20369 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
20376 work around pod2man stupididy
20380 correct dependencies for .cat
20383 * sudo.cat, sudo.man, visudo.cat, visudo.man:
20387 * sudo.pod, visudo.pod:
20388 Add copyright Update to reality
20391 * parse.c, sudo.c, sudo.h:
20392 rename validate() to the more descriptive sudoers_lookup()
20399 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20405 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
20406 configure, configure.in, sudo.c:
20411 add 4th term to license similar to term 5 in the apache license
20414 * emul/search.h, emul/utime.h:
20415 add 4th term to license similar to term 5 in the apache license
20418 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
20419 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
20420 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
20421 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
20422 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
20423 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
20424 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
20426 add 4th term to license similar to term 5 in the apache license
20429 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
20430 add 4th term to license similar to term 5 in the apache license
20433 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
20434 getspwuid.c, goodpath.c:
20435 add 4th term to license similar to term 5 in the apache license
20438 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
20439 insults.h, logging.c, sudo.c, sudo.h:
20440 there was a 1995 release too
20443 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
20450 Use dirs instead of files for timestamp. This allows tty and non-
20451 tty schemes to coexist reasonably. Note, however, that when you
20452 update a tty ticket, the mtime on the user dir gets updated as well.
20455 * configure, configure.in:
20456 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
20457 when linking test program, not just -lprot. Also add check for
20458 getspnam(). The SCO docs indicate that /etc/shadow can be used but
20462 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
20465 first cut at auth API description
20468 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
20470 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
20471 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
20473 auth API change. There is now an init method that gets run before
20474 the main loop. This allows auth routines to differentiate between
20475 initialization that happens once vs. setup that needs to run each
20476 time through the loop.
20479 * auth/kerb5.c, logging.c:
20480 use easprintf() and evasprintf()
20484 add easprintf() and evasprintf(), error checking versions of
20485 asprintf() and vasprintf()
20489 remove 2 items. One done, one won't do.
20492 * lex.yy.c, sudo.tab.c:
20496 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
20497 visudo.html, visudo.man:
20506 o Document -K flag and update meaning of -k flag. o BSD-style
20507 copyright o Document clearing of BIND resolver environment variables
20508 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
20509 if your OS gives away files
20517 BSD-style copyright
20521 o BSD copyright o no need to block signals, we now do that in main()
20525 * testsudoers.c, visudo.c:
20526 o BSD-style copyright o Use "struct sudo_user" instead of old
20527 globals. o some cometic cleanup
20531 BSD-style copyright
20535 o BSD copyright o logging and parser bits moved to their own .h
20536 files o new "struct sudo_user" to encapsulate many of the old
20541 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
20542 logging routines o simplified flow of control o BIND resolver
20543 additions to badenv_table
20547 BSD-style copyright
20551 Now compiles on more K&R compilers
20555 BSD-style copyright, cosmetic changes
20559 BSD-style copyright
20562 * parse.c, parse.h, parse.lex, parse.yacc:
20563 BSD-style copyright. Move parser-specific defines and structs into
20564 parse.h + other cosmetic changes
20568 defines for logging routines
20571 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
20572 BSD-style copyright, cosmetic changes
20575 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20577 BSD-style copyright
20581 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
20582 kill --disable-tgetpass o add --without-passwd o changes to fill in
20583 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
20584 v?asprintf() o replace --with-AuthSRV with --with-fwtk
20588 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
20589 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
20590 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
20594 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
20598 BSD-style copyright
20602 no more --with-getpass
20606 Take out things I've done...
20614 --with-getpass no longer exists
20618 BSD-style copyright. Update to reflect reality wrt new files and
20623 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
20628 Update history a bit
20631 * COPYING, LICENSE:
20632 Now distributed under a BSD-style license
20635 * auth/sudo_auth.c:
20636 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
20637 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
20641 * auth/pam.c, auth/sia.c:
20642 BSD-style copyright and use new log functions
20646 o BSD-style copyright o Use new log functiongs o Use asprintf() and
20647 snprintf() where sensible.
20651 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
20652 done more reasonably--better sanity checks and tty-based stamps are
20653 now done as files in a directory with the same name as the invoking
20654 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
20655 to mix tty and non-tty based ticket schemes but this may change in
20656 the future (it requires sudo to use a directory instead of a file in
20657 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
20658 the epoch and ``sudo -K'' really deletes the file. That way you
20659 don't get the lecture again just because you killed your ticket in
20660 .logout. BSD-style copyright now.
20664 o rewritten logging routines. log_error() now takes printf-style
20665 varargs and log_auth() for the return value of validate(). o BSD-
20669 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
20670 superceded by new auth API
20674 BSD-style copyright
20678 Use snprintf() where it makes sense and add a BSD-style copyright
20681 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
20682 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
20683 BSD-style copyright
20686 * emul/utime.h, utime.c:
20687 BSD-style copyright
20691 this has been rewritten so use my BSD-style copyright
20694 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
20697 include malloc.h if no stdlib.h
20701 KTH snprintf()/asprintf() for systems w/o them
20705 strerror() for systems w/o it
20708 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
20714 * parse.c, parse.lex, parse.yacc:
20715 Add contribution info in the main comment
20718 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20721 remove missed ref to PAM_nullpw
20724 * auth/sudo_auth.h:
20729 more or less complete now--still untested
20732 * auth/afs.c, auth/pam.c:
20733 don't use user_name macro, it will go away
20736 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
20737 combine skey/opie code into rfc1938.c
20740 * auth/dce.c, auth/sudo_auth.h:
20741 DCE authentication method; basically unchanged from dce_pwent.c
20744 * auth/aix_auth.c, auth/sudo_auth.h:
20745 AIX authenticate() support. Could probably be much better
20749 Fix an uninitialized variable and some cleanup. Now works (tested)
20752 * auth/sia.c, auth/sudo_auth.h:
20753 SIA support for digital unix
20757 don't use prompt global, it will go away
20760 * auth/secureware.c:
20761 correct copyright years
20764 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
20765 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
20766 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
20767 New authentication API and methods
20770 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20777 only save an entry if user_matches && host_matches, even if the
20778 stack is empty (fix for previous commit)
20786 1) Always save an entry on the stack if it is empty. This fixes the
20787 -l and -v flags that were broken by earlier parser changes.
20789 2) In a Runas list, don't negate FALSE -> TRUE since that would make
20790 !foo match any time the user specified a runas user (via -u) other
20795 interfaces and num_interfaces are now auto, not extern
20798 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
20801 use a static global to keep stae about empty passwords
20805 make PASSWORD_NOT_CORRECT logging consistent with other modules
20808 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
20811 PAM prompt code was wrong, looks like we have to kludge it after
20816 In the PAM code, when a user hits return at the first password
20817 prompt, exit without a warning just like the normal auth code
20820 * configure, configure.in:
20821 kludge around cross-compiler false positives
20824 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
20825 New (correct) PAM code Tgetpass now takes an echo flag for use with
20826 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
20827 useless umask setting Change error from BAD_ALLOCATION ->
20828 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
20833 Some -Wall and kill some trailing spaces
20837 define -D__EXTENSIONS__ for solaris so we get crypt() proto
20840 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
20846 * INSTALL, config.h.in, configure, configure.in:
20847 for kerberos V < version, fall back on old kerb4 auth code
20851 clarify some things
20854 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
20858 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
20861 mention why DONT_LEAK_PATH_INFO is not the default
20864 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
20867 Fix open(2) return value checking, was NULL for fopen, should be -1
20876 better wording for solaris pam notice
20880 document recent changes
20884 Update shadow password section
20888 move authentication code from check.c to auth.c
20891 * Makefile.in, check.c, sudo.h:
20892 move authentication code to auth.c
20895 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
20897 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
20898 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
20899 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
20900 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
20902 Move interface-related defines to interfaces.h so we don't have to
20903 include <netinet/in.h> everywhere.
20906 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
20908 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
20909 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
20910 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
20911 turns out the old DES crypt does the right thing with passwords
20912 longert than 8 characters. o Fix common typo (necesary ->
20913 necessary) o Update TODO list
20916 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
20919 set $LOGNAME when we set $USER
20922 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
20925 add comment about digital unix and interfaces.c warning with gcc
20928 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
20931 use modern paths and give examples for some of the new parser
20935 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
20941 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
20942 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
20943 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
20944 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
20945 Function names should be flush with the start of the line so they
20946 can be found trivially in an editor and with grep
20949 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
20950 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
20951 free(3) is already void, no need to cast it
20954 * logging.c, sudo.c, sudo.h:
20955 catch case where cmnd_safe is not set (this should not be possible)
20958 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
20959 testsudoers.c, visudo.c:
20960 Stash the "safe" path (ie: the one listed in sudoers) to the command
20961 instead of stashing the struct stat. Should be safer.
20964 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
20966 * INSTALL, Makefile.in, UPGRADE:
20967 notes on updating from an earlier release
20974 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
20976 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
20977 sudoers.man, sudoers.pod:
20978 You can now specifiy a host list instead of just a host or alias.
20979 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
20986 * parse.yacc, sudo.tab.c:
20987 Move the push from the beginning of cmndspec to the end. This means
20988 we no longer have to do a push at the end of privilege, just reset
20992 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
20993 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
20994 use "!" most everywhere
20997 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
21000 modernize paths and update su example based on sample.sudoers one
21004 New runas semantics
21007 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
21009 In estrdup(), do the malloc ourselves so we don't need to rely on
21010 the system strdup(3) which may or may not exist. There is now no
21011 need to provide strdup() for those w/o it. Also, the prototype for
21012 estrdup() was wrong, it returns char * and its param is const.
21020 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
21023 * CHANGES, TODO, parse.yacc, sudo.tab.c:
21024 It is now possible to use the '!' operator in a runas list as well
21025 as in a Cmnd_Alias, Host_Alias and User_Alias.
21028 * logging.c, sudo.h:
21029 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
21033 Definitions of *_matched were wrong--user top, not top-2 as
21037 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
21038 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
21039 command but the NOPASSWD flag was set. Make runasspec, runaslist,
21040 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
21041 in the runas list Fix double printing of '%' and '+' for groups and
21042 netgroups respectively Add *_matched macros (no need for local stack
21043 variable). Should only be used directly after a pop (since top must
21047 * aclocal.m4, configure.in:
21048 Add copyright, somewhat silly
21051 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
21053 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
21054 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
21055 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
21056 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
21057 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
21058 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
21059 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
21060 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
21062 Crank version to 1.6 and combine copyright statements
21066 Use ! not ^ to do negation
21069 * lex.yy.c, sudo.tab.c:
21073 * parse.lex, parse.yacc:
21074 Make runas and NOPASSWD tags persistent across entris in a command
21075 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
21076 runas or *PASSWD tag the value given becomes the new default for the
21077 rest of the command list.
21080 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
21084 [a1ae9d4a7d54] [SUDO_1_5_9]
21087 Shift return value of system(3) by 8 to get real exit value and if
21088 it is not 1 or 0 print the retval along with the error message.
21091 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
21094 testsudoers needs LIBOBJS too
21097 * parse.c, parse.yacc, sudo.tab.c:
21098 Fix another parser bug. For a sudoers entry like this: millert
21099 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
21107 * parse.yacc, sudo.tab.c:
21108 Save entries that match a ! command on the matching stack too
21112 Make sudo's usage info better when mutually exclusive args are given
21113 and don't rely on argument order to detect this; nick@zeta.org.au
21116 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21118 * CHANGES, Makefile.in, RUNSON:
21126 * parse.yacc, sudo.tab.c:
21127 Fix off by one error introduced in *alloc changes
21130 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
21131 check_sia.c, compat.h, config.h.in, configure, configure.in,
21132 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
21133 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21134 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
21135 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
21136 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
21137 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
21138 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
21142 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
21143 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
21144 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
21145 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
21146 Use emalloc/erealloc/estrdup
21150 error checking memory allocation routines
21153 * parse.yacc, sudo.tab.c:
21154 Still not right, this fixes it for real
21157 * parse.yacc, sudo.tab.c:
21158 Fix for previous commit
21161 * CHANGES, INSTALL, parse.yacc:
21162 Fix a parser bug that was exposed when mixing different runas specs
21163 and ! commands. For example: millert ALL=(daemon)
21164 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
21165 as well as daemon when it should just allow daemon. The problem was
21166 that comma-separated commands in a list shared the same entry on the
21167 matching stack. Now they get their own entry iff there is a full
21168 match. It may be better to just make the runas spec persistent
21169 across all commands in a list like the user and host entries of the
21170 matching stack. However, since that is a fairly major change it
21171 should gets its own minor rev increase.
21174 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
21176 * check.c, config.h.in:
21177 Simplify PAM code and fix a PAM-related warning on Linux
21180 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
21194 * check.c, configure.in:
21195 new pam code that works on solaris, should work on linux too;
21199 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
21206 only include strings.h if there is no string.h
21209 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
21212 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
21215 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
21218 shost must be set before log functions are called #ifdef HOST_IN_LOG
21221 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
21223 * CHANGES, lex.yy.c, parse.lex:
21224 Fix a bug wrt quoting characters in command args. Stop processing
21225 an arg when you hit a backslash so the quoted-character detection
21229 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
21232 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
21235 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
21237 * configure, configure.in:
21238 add missing case statement so --without-sendmail works
21241 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
21247 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
21249 * configure, configure.in:
21250 only search for -lsun in irix <= 4.x
21253 * configure, configure.in:
21254 back out last configure.in change now that I've hacked autoconf to
21255 fix the real problem and add a missing newline
21263 add def of dirfd() for those without it
21266 * configure, configure.in:
21267 When falling back to checking for socket() when linking with
21268 "-lsocket -lnsl" check for main() instead since autoconf has already
21269 cached the results of checking for socket() in -lsocket. This is
21270 really an autoconf bug as it should use the extra libs as part of
21271 the cache variable name.
21278 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
21281 fix occurrence of $with_timeout that should be
21282 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
21286 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
21288 * sudo.cat, sudo.html, sudo.man, sudo.pod:
21289 fix grammar; espie@openbsd.org
21290 [7031d9dfbc3e] [SUDO_1_5_8]
21292 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
21294 * parse.yacc, sudo.c, testsudoers.c:
21295 add cast for strdup in places it does not have it
21298 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
21300 * configure, configure.in:
21301 define for_BSD_TYPES irix
21304 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
21306 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
21307 Make it clear that it is the user's password, not root's, that we
21312 If the user enters an empty password and really has no password,
21313 accept the empty password they entered. Perviously, they could
21315 *but* an empty password. Also, add GETPASS macro that calls either
21316 tgetpass() or getpass() depending on how sudo was configured.
21317 Problem noted by jdg@maths.qmw.ac.uk
21320 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
21322 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
21323 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
21324 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21325 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
21326 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
21327 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
21329 add explicate copyright
21333 mention -lsocket, -lnsl configure changes
21336 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
21339 Don't clobber errno after calling check_sudoers().
21342 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
21344 * configure, configure.in:
21345 When linking with both -lsocket and -lnsl be sure to do so in that
21346 order. Also, when we can't find socket() or inet_addr() and have to
21347 try linking with both libs, issue a warning.
21350 * sudo.cat, sudo.man, sudo.pod:
21351 clarify bad timestamp and fmt
21354 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
21357 be clear that pam is linux-only and add a RUNSON entry
21360 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
21362 * CHANGES, INSTALL, configure, configure.in:
21363 fix and correctly document --with-umask; problem noted by
21367 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21369 * configure, configure.in:
21370 only use /usr/{man,catman}/local to store man pages if suer didn't
21371 override prefix or mandir
21374 * INSTALL, configure, configure.in:
21375 fix typo, make --with-SecurID take an arg
21378 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21384 * CHANGES, INSTALL, check.c, configure, configure.in:
21385 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
21388 * configure, configure.in:
21389 better fix for the problem of unresolved symbols in -lnsl or
21393 * configure, configure.in:
21394 when checking for functions in -lnsl and -lsocket link with both of
21395 them to avoid unresolved symbols on some weirdo systems
21398 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21400 * BUGS, CHANGES, RUNSON, TODO:
21401 old changes that didn't make it into RCS before the RCS->CVS switch
21404 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21406 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
21407 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
21408 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
21409 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
21410 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21411 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
21412 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
21425 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
21426 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
21427 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
21428 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
21429 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21430 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
21431 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
21432 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
21433 crank version and regen files
21437 kill rcs goop in update_version and fix now that version is a const
21440 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
21441 sudo.c, sudo.h, sudo.pod:
21442 kerb5 support from fcusack@iconnet.net
21445 * realpath.c, sudo_realpath.c:
21446 we no longer use realpath
21450 replaced by find_path.c
21454 all options are now configure flags
21462 superceded by getcwd.c
21466 superceded by tgetpass.c
21470 superceded by RUNSON
21474 No longer used now that we have configure options for everything.
21478 regen based on configure.in
21481 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
21482 sudoers.man, visudo.cat, visudo.html, visudo.man:
21483 regen based on sudo.pod, sudoers.pod, and visudo.pod
21486 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
21489 fix tty tickets in remove_timestamp (didn't use ':')
21492 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
21495 close sock when we are done with it
21498 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
21501 never say "error on line -1"
21504 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
21507 check for -lnsl before -lsocket
21511 quote '[', ']' used in ranges correctly
21514 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
21517 add missing NO_ROOT_SUDO noted by drno@tsd.edu
21520 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
21527 more info for 1.5.7
21535 make increases of cm_list_size and ga_list_size be similar to
21536 increases of stacksize (ie: >= not > in initial compare).
21540 when we get a syntax error, report it for the previous line since
21541 that's generally where the error occurred.
21544 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
21546 * config.h.in, configure.in, interfaces.c:
21547 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
21549 [d197f31fd1e4] [SUDO_1_5_7]
21552 define BSD_COMP for svr4
21555 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21556 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21557 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21558 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21563 kill check for sockio,h
21567 no more HAVE_SYS_SOCKIO_H
21570 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21571 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21572 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21573 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21577 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
21580 add missing inform_user()
21583 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
21586 return NOT_FOUND if given fully qualified path and it does not exist
21587 previously it would perror(ENOENT) which bypasses the option to not
21592 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
21596 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
21599 tty tickets are user:tty now
21603 when using tty tickets make it user:tty not user.tty as a username
21604 could have a '.' in it
21607 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
21610 add "ignoring foo found in ." for auth successful case
21613 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
21616 add missing printf param
21619 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
21621 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
21622 go back to printing "command not found" unless --disable-path-info
21623 specified. Also, tell user when we ignore '.' in their path and it
21624 would have been used but for --with-ignore-dot.
21628 Only one space after a colon, not two, in printf's
21631 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
21634 document setting $USER
21638 fix bugs with prompt expansion
21642 set $USER for root too
21645 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
21652 HP-UX's iscomsec is in -lsec, not libc
21656 remove some entries in the OS case statement that did nothing
21660 add "cd" section and flush out syslog section
21664 no more sudo-lex.yy.c
21668 add custom prompt support
21672 kill perror("malloc") since we already have a good error messages
21673 pw_ent -> pw for brevity
21677 kill perror("malloc") since we already have a good error messages
21678 pw_ent -> pw for brevity set $USER if -u specified
21682 kill perror("malloc") since we already have a good error messages
21686 kill perror("malloc") since we already have a good error messages
21687 pw_ent -> pw for brevity when checking if %group matches, look up
21688 user in password file so that %groups works in a RunAs spec.
21692 kill perror("malloc") since we already have a good error messages
21695 * check.c, getspwuid.c, interfaces.c:
21696 kill perror("malloc") since we already have a good error messages
21697 pw_ent -> pw for brevity
21700 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
21703 the prompt is expanded before tgetpass is called
21707 tgetpass now has the same args as getpass again
21711 add iscomsec, issecure support
21715 we now expand any %h or %u in the prompt before passing to tgetpass
21719 add check for syslog(3) in -lsocket, -lnsl, -linet
21723 add HAVE_ISCOMSEC and HAVE_ISSECURE
21727 add check for iscomsec in HP-UX
21731 check for issecure if we have getpwanam on SunOS some options are
21732 incompatible with DUNIX SIA check for dispcrypt on DUNIX
21735 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
21742 add back support for non-dispcrypt based checking for older DUNIX
21750 SIA becomes the default on Digital UNIX now havbe --disable-sia to
21755 move local includes after system ones
21758 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
21760 * check.c, check_sia.c, sudo.h:
21761 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
21766 fix while loop in sia_attempt_auth() that checks the password. Only
21767 the first iteration was working.
21770 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
21773 don't trust UID_MAX or MAXUID
21784 * getspwuid.c, secureware.c:
21785 init crypt_type to INT_MAX since it is legal to be negative in DUNX
21790 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
21791 -ldb since DUNX < 4.0 lacks it
21794 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
21796 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
21797 secureware.c, sudo.c, tgetpass.c:
21798 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
21799 minutes if the shadow files don't exist).
21802 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
21805 updated --with-editor blurb
21809 tell how to put sudoers in a different dir
21813 add missing quotes around $with_editor
21817 typo in --with-editor bits
21821 I don't expect it to work on Solaris
21825 add back security/pam_misc.h
21828 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
21831 remove dunix note since configure checks for this now
21835 add check for broken dunix prot.h (4.0 < 4.0D is bad)
21838 * getspwuid.c, secureware.c, tgetpass.c:
21839 new dunix shadow code, use dispcrypt(3)
21847 call initprivs() if we have it for getprpwuid later on
21851 clean pathnames.h too
21855 quote "Sorry, try again." with [] since it has a comma in it set
21856 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
21857 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
21862 update Digital UNIX note about acl.h
21867 --without-root-sudo -> --disable-root-sudo some reordering
21874 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
21882 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
21885 when checking for -lsocket, -lnsl, and -linet, check for the
21886 specific functions we need from them.
21889 * config.h.in, sudo.h:
21890 move Syslog_* defs into sudo.h
21893 * Makefile.in, sudo.h:
21894 added check_secureware
21898 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
21902 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
21903 defined. configure now does that for us
21907 move some --with options around change a bunch of echo's to
21908 AC_MSG_CHECKING, AC_MSG_RESULT pairs
21912 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
21913 syntax error add some echo verbage
21916 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
21919 moved SecureWare stuff into secureware.c
21927 update url to solaris gcc bins
21931 change option formatter and flesh out someentries
21934 * TROUBLESHOOTING, sudo.pod, visudo.pod:
21935 environmental variable -> environment variable
21939 everything is now done via configure
21947 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
21951 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
21955 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
21956 sudoers_mode from configure
21960 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
21961 the Makefile, not config.h
21965 document all --with/--enable options
21968 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
21971 options.h is no more
21975 assimilated options.h
21979 moved options from options.h to configure
21982 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
21983 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
21984 sudo_setenv.c, visudo.c:
21988 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
21989 remove references to options.h
21992 * dce_pwent.c, interfaces.c, sudo.c:
21997 if select return < -1 still prompt for pw
22001 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
22006 FAST_MATCH is no longer an optino
22010 remove_timestamp() if timestamp is preposterous
22014 convert more options to --with/--enable
22017 * INSTALL, aclocal.m4:
22022 convert more options into --with and --enable
22026 catch EINTR in select and restart
22033 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
22036 UMASK -> SUDO_UMASK.
22039 * check.c, logging.c:
22040 time.h, not sys/time.h
22043 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
22046 MAILER -> _PATH_SENDMAIL
22049 * INSTALL, configure.in:
22050 no more --with-C2, now it is --disable-shadow
22053 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
22054 getspwuid.c, sudo.c, tgetpass.c:
22055 new shadow password scheme. Always include shadow support if the
22056 platform supports it and the user did not disable it via configure
22059 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
22062 --with-getpass -> --{enable,disable}-tgetpass
22066 pathnames.h -> pathnames.h.in
22074 move pam_conv to be static to auth function remove pam_misc.h
22075 (solaris doesn't have one)
22079 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
22083 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
22087 convert to pathnames.h.in
22090 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
22093 fix typo in sysv4 matching case /.
22096 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
22099 pam stuff needs to run as root, not user, for shadow passwords
22102 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
22104 * BUGS, INSTALL, README, configure.in:
22108 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22109 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
22110 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
22111 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22112 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22113 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22118 user version.h for long message
22122 this is version 1.5.6
22125 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
22128 remove errant backslash
22131 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
22133 * options.h, parse.yacc, pathnames.h.in:
22135 [fdee73255d64] [SUDO_1_5_6]
22137 * BUGS, CHANGES, TODO:
22145 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
22148 kill unused localhost_mask var copy if name to ifr_tmp after we zero
22152 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
22155 Better description of new vs. old sudoers modes fix some typos
22156 better description of /usr/ucb/cc gotchas on slowaris
22164 set NewArgv[0] to user_shell, not basename(user_shell)
22167 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
22170 mention TROUBLESHOOTING more fix some typos
22174 move --enable/--disable to be after --with
22178 document --enable/--disable
22182 document --with-pam
22185 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
22188 Add message for pam users
22199 * check.c, config.h.in, configure.in:
22200 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
22203 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
22206 add HOST_IN_LOG and WRAP_LOG
22210 add WRAP_LOG and HOST_IN_LOG
22214 add --enable-log-host and --enable-log-wrap
22218 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
22221 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
22228 include sys/param.h to get howmany macro
22231 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
22233 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
22237 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
22240 bring in stdio.h for NULL
22244 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
22248 use HAVE_SET_AUTH_PARAMETERS
22252 add HAVE_SET_AUTH_PARAMETERS
22256 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
22260 add support for HI-UX/MPP SR220001 02-03 0 SR2201
22264 initialize previfname
22268 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
22269 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
22278 don't need special build line for sudo.tab.o
22282 don't clean sudo.tab.[ch]
22286 Sudo should prompt for a password before telling the user that a
22287 command could not be found.
22295 no longer require yacc
22303 y.tab -> sudo.tab include pre-yacc'd parse.yacc
22307 include sudo.tab.h, not y.tab.h don't break out of command args if
22315 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
22324 getcwd(3) from OpenBSD for those without it.
22328 HAVE_GETWD -> HAVE_GETCWD
22332 pretend sunos doesn't have getcwd(3) since it opens a pipe to
22341 remove duplicate include of string.h
22345 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
22349 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
22353 add dev_t and ino_t
22356 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
22359 fix OTP_ONLY for opie
22362 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
22364 * testsudoers.c, tgetpass.c:
22365 include stdlib.h for malloc proto
22368 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
22371 make update_version saner
22375 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
22379 check for waitpid and wait3 or no waitpid
22383 used waitpid or wait3 if we have 'em
22386 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
22389 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
22392 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
22395 don't need to explicately mention -lsocket -lnsl for sequent
22398 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
22401 dynix should not link with -linet
22404 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
22407 mention that HP-UX doesn't ship with yacc
22410 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
22413 ignore kerberos if we can't get the local realm
22416 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
22418 * BUGS, INSTALL, README, configure.in:
22426 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
22427 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
22428 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
22429 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
22438 don't use popen/pclose. Do it inline.
22449 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
22450 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
22455 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
22460 getwd.c -> getcwd.c
22472 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
22476 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
22478 * OPTIONS, options.h:
22479 add STUB_LOAD_INTERFACES
22482 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22483 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22484 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22485 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22486 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22487 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22492 support *-ccur-sysv4 and fix two typos
22495 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
22498 don't echo about with_logfile and with_timedir
22502 document --with-logfile and --with-timedir
22506 support --with-logfile and --with-timedir
22510 Add --with-logfile and --with-timedir
22514 change size computation of NewArgv for UNICOS
22517 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
22520 treate -*-sysv4* like *-*-svr4
22523 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
22526 fix spacing for --with-authenticate help
22529 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22530 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22531 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22532 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22533 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22534 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22539 fix off by one error in push macro
22542 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22545 removed bogus alloca hack
22549 added AIX 4.x authenticate() support
22553 include alloca.h if using bison and not gcc and it exists. fixes an
22554 alloca problem on hpux 10.x
22558 mention --with-authenticate
22562 added AIX authenticate() support
22566 add HAVE_AUTHENTICATE
22570 dynamically size ifconf buffer
22577 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22578 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22579 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22580 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22581 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22582 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22590 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
22593 add busy stmp file explanation
22596 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
22599 the name of the cached var that signals whether or not you are cross
22600 compiling changed. It is now ac_cv_prog_cc_cross
22603 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
22606 mention glibc 2.07 is fixed wrt lsearch()\.
22609 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
22611 * sample.sudoers, sudoers.pod:
22612 better example of su but not root su
22615 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22617 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22618 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22619 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22620 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22621 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22622 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22627 correct regexp for updating version
22631 remove bogus flush of stderr spew prompt before turning off echo.
22632 Seems to fix a weird problem where if sudo complained about a bogus
22633 stamp file the user would sometimes not have a chance to enter a
22638 fix bogus flush of stderr
22642 close fd's <=2 not <=3 and move that chunk of code up
22646 support hpux1[0-9] not just hpux10
22649 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
22652 set sudoers_fp to nil after closing
22655 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
22657 * config.guess, config.sub:
22658 updated from autoconf 2.12
22665 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
22668 fix select usage for high fd's (dynamically allocate readfds)
22672 kill extra whitespace
22676 do an initgroups() before running a command, unless the target user
22680 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
22683 tell people to use tabs, not spaces, in syslog.conf
22686 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
22688 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
22689 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
22693 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
22694 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
22698 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22699 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
22704 more tweaks to update_version
22708 fixed up update_version rule
22716 removed supe of check.c
22727 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22728 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
22729 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22730 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22731 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22732 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22742 add rules to update version stuff in files so I don't need to do it
22747 sudoers_fp is now extern
22751 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
22752 don't have to open it again in the parse. This may help with weird
22753 solaris problems where EAGAIN sometime occurrs.
22757 sudoers file open is now done only in check_sudoers() so we just do
22758 a rewind() instead of an open. May help people on solaris who were
22762 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22765 mention that newer glibc is fixed
22768 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
22771 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
22772 _RLD* instead of _RLD_*
22780 fix that bug for real
22784 document Linux's libc6 brokenness.
22793 [4949a1bbd0a9] [SUDO_1_5_4]
22796 remind people to HUP syslogd
22812 remove author's email addr. people should mail sudo-bugs
22819 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
22820 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
22821 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
22822 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22823 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22824 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
22832 * INSTALL, Makefile.in:
22841 exit(1) if user enters no passwd
22849 commands can start with ./* not just /* -- fixes a serious security
22853 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
22856 Don't set the tty variable to NULL when we lack a tty, leave it as
22860 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22863 fix usage of (username) in conjunction with , and !
22867 catch the case where the user is not in the passwd file
22871 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
22876 define tty global to an initial value to avoid dumping core in
22877 logging functions when passwd file is unavailable.
22881 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
22886 talk about problem of ALL
22889 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
22896 fdesc bug is fixed in Open/Net BSD
22900 updates from Nieusma
22903 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22906 move compat.h after the system includes
22909 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22912 save errno from being clobbered by wait(). From Theo
22915 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
22918 fix an occurence of setresuid -> setreuid (typo)
22921 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
22924 check for path to strip
22927 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22930 deal with maxfilelen < 0 case
22937 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
22940 correct error message if mode/owner wrong and not statable by owner
22941 but is statable by root.
22944 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22946 * config.guess, config.sub:
22950 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22952 * CHANGES, RUNSON, TODO:
22956 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
22958 * parse.yacc, sudo.h:
22959 command_alias -> generic_alias
22960 [c404ca8c510d] [SUDO_1_5_3]
22963 added Runas_Alias example and fixed syntax errors
22966 * OPTIONS, options.h:
22967 updated MAILSUBJECT
22974 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22975 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
22976 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22977 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22978 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22979 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22984 * BUGS, emul/utime.h:
22989 document Runas_Alias
22997 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
23002 add size params to sprintf
23006 allow trailing space after '\\' but before '\n'
23010 off by one error in path size check
23017 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
23024 now warns if killed by signal ./
23027 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
23030 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
23035 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
23039 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
23043 Add Runas_Alias and simplify a rule.
23047 always store User_Alias's since they can be used inside of a runas
23048 list. Sigh. Really need a Runas_Alias instead.
23051 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
23054 deal with case where there is no sudoers file
23057 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
23063 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
23065 * HISTORY, testsudoers.c:
23066 developement -> development
23081 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
23084 removed seteuid() notes
23085 [1010a60f281d] [SUDO_1_5_2]
23087 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
23090 better seteuid() emulatino
23094 added check for seteuid
23101 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
23104 first stab at sequent support
23108 added HAVE_SYS_SELECT_H
23112 sequent -> _SEQUENT_
23116 added seteuid() macro for DYNIX
23120 _AIX -> HAVE_SYS_SELECT_H
23123 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
23125 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
23126 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
23127 testsudoers.c, tgetpass.c, utime.c, visudo.c:
23131 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
23132 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
23133 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
23134 pathnames.h.in, version.h:
23139 added -H and SUDO_PS1
23143 use SUDO_FUNC_FNMATCH
23147 added SUDO_FUNC_FNMATCH
23155 added MODE_RESET_HOME /
23158 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
23172 * compat.h, config.h.in:
23177 added HAVE_OPIE and changed to *_OTP_*
23184 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
23187 moved fclose() in skey stuff.
23190 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
23193 index -> strchr remove unnecesary stuff
23197 now call skeychallenge() to get challenge instead of making one up
23198 ourselves. this way, we get extra goodies in the prompt.
23201 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
23205 [3f5149357e2a] [SUDO_1_5_1]
23208 allow logins to start with a number (YUCK!)
23211 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
23214 added soalris 2.5 vs 2.4 note
23218 DUNIX doesn't need -lnsl
23222 *** empty log message ***
23225 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
23226 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
23227 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
23228 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
23229 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
23230 utime.c, version.h, visudo.c:
23234 * PORTING, README, RUNSON:
23238 * INSTALL, Makefile.in, TROUBLESHOOTING:
23243 *** empty log message ***
23246 * sudo.pod, visudo.pod:
23250 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
23256 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
23259 added $SUDO_PROMPT support
23262 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
23265 print long skey challemged to stderr, not stdout
23268 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
23278 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
23284 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
23287 use shost, not host for tgetpass
23291 documented %u and %h
23295 documented %u and %h
23302 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
23303 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23304 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23305 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
23306 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23307 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
23315 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
23317 * Makefile.in, configure.in, version.h:
23322 new tgetpass() params
23326 pass use and host to tgetpass
23330 added %u and %h escapes
23333 * OPTIONS, check.c, options.h:
23338 added cray (unicos) support
23341 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
23343 * OPTIONS, options.h, sudo.c:
23344 added SHELL_SETS_HOME
23347 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
23350 added note about "make install"
23354 changed length/size params from int to size_t
23358 now get CSOPS insults as well by default
23362 use csops insults too by default
23365 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
23370 added runas_homedir
23386 added "upgrading" notes
23389 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
23392 now do chmod and chown after edit of temp file and before rename
23393 [de174e34faa7] [SUDO_1_5_0]
23395 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
23398 ++version added INSTALL.configure
23401 * configure.in, version.h:
23406 *** empty log message ***
23414 sets $HOME to pw_dir of runas user
23418 document $HOME change
23421 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
23424 fixed up some wording
23427 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23428 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
23429 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
23434 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
23435 insults.h, options.h, pathnames.h.in, sudo.h:
23444 name nad type changes
23448 now works with new sudo
23456 some variable name changes + comment headers for functions.
23460 added extra paren's to make compilers happy
23464 *** empty log message ***
23468 now uses init_parser() if not in sudoers and tries "list" or
23469 "validate" scold but don't be nasty.
23473 now can use upper case login names
23477 now uses init_parser()
23485 added info about PASSWORD_TIMEOUT
23488 * INSTALL.configure:
23497 now dynamically allocates memory for the stacks -- no more
23502 -l now explands command aliases
23506 hacks to expand command aliases for `sudo -l'
23510 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
23514 added struct command_alias
23522 in compar() key should be first arg
23525 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
23532 can now deal with upcase HOST and USER names
23536 don't yell too loudly at non-sudoers if they do "sudo -l"
23547 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
23549 * parse.c, parse.yacc:
23550 added support for new `sudo -l' stuff
23554 now uses list_matches()
23558 added struct sudo_match
23562 now more -lgnumalloc
23565 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23568 added more paths for chown and whoami
23571 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
23577 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
23580 fixed DUNIX check for shadow pw
23584 now only turn off echo if it is already on. this fixes a race when
23585 you use sudo in a pipelin
23593 changed "test -z $foo && do_this" to if; then construct
23596 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
23599 added missing defines of SHADOW_TYPE
23602 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
23605 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
23610 added AUTH_CRYPT_C1CRYPT support
23614 no longer return VALIDATE_NOT_OK if there was a runas that didn't
23615 match. Now we can have runas stuff on more than one line.
23618 * getspwuid.c, sudo.c, tgetpass.c:
23619 use SHADOW_TYPE instead of HAVE_C2_SECURITY
23623 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
23628 removed HAVE_C2_SECURITY added SPW_BSD
23632 use SHADOW_TYPE instead of HAVE_C2_SECURITY
23636 SHADOW_TYPE is always defined so just against its value
23640 added SUDO_CHECK_SHADOW_DUNIX
23643 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
23646 * -> ?* in one example added another instance of (runas) and one of
23650 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
23653 added back check for config.cache from other host type
23657 removed an instance of \"
23665 updated wrt new wildcard matching
23669 new check for shadow passwords if we don't know anything
23673 new SUDO_CHECK_SHADOW_GENERIC
23677 added back check for -lsocket (oops)
23681 better (working) check for shadow passwd type if we know to use C2.
23685 now uses AC_CANONICAL_HOST to figure out os type
23689 added config.{guess,sub}
23693 removed unused stuff to figure out os type
23709 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23710 pathname. need to check against sudoers_args even if user_args is
23715 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23716 pathname need to check against sudoers_args even if user_args is nil
23719 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
23722 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
23726 now takes command line args and uses cmnd_args
23730 fill_args was adding an extra leading space
23733 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
23736 fixed dummy command_matches()
23748 now uses flat args string
23751 * parse.c, parse.lex:
23752 now uses flat arg string
23756 added cmnd_args def
23760 now sets cmnd_args global
23764 cmnd_args is now exported from sudo.[ch]
23767 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
23770 can't rely on cmnd_matches as much as I thought -- added some $$
23771 stuff back in to prevent namespace pollution problems.
23775 Simplified parse rules wrt runas and NOPASSWD (more consistent).
23778 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
23781 NOPASSWD may now have blanks before the ':' '(' only starts a
23782 'runas' if in the initial state to avoid collision with command args
23786 added checks for specific shadow passwd schemes
23790 added routines to check for specific shadow passwd types
23793 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
23796 added support for ncr boxen
23800 added support for detecting ncr boxen
23803 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
23806 added sinix support
23809 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
23812 added info about "config.cache from other other" error.
23816 now makes sure you don't have a config.cache file from another OS
23820 now sets $LIBS when needed to configure links with libs when doing
23821 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
23822 bigcrypt(3) if SPW_SECUREWARE
23830 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
23838 no more SPW_HPUX10 added HAVE_BIGCRYPT
23842 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
23846 SPW_SECUREWARE now uses bigcrypt
23849 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
23852 fixed 2 syntax errors
23856 root may now run ALL as ALL
23859 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
23862 fixed a typo/thinko that broke BSD's with sa_len
23865 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23867 * check.c, configure.in:
23868 updated AFS support
23872 added entry about /usr/ucb/cc
23876 prep no longer holds gcc binaries
23888 AFS allows long passwords
23892 fixed -u user support
23896 sudo -v now groks VALIDATE_OK_NOPASS
23900 fixed no_passwd vs. runas_matched
23904 took out stuff about NFS-mounting since it is no longer an issue
23908 added --with-libraries > --with-libpath --with-incpath
23912 was setting runas_matches to -1 in wrong place
23916 removed usersec.h which is not present in new AFS versions
23920 now deals with timeout <= 0
23928 BSD/OS >= 2.0 now uses shlicc instead of just gcc
23932 fixed backwards compatibility with sudo 1.4 sudoers mode for root
23933 readable/writable filesystems
23937 now gives INSTALL -c flag
23941 slightly simpler initialization of no_passwd and runas_matches
23945 added -u username support
23949 improved --with-libraries support
23952 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23955 added --with-incpath, --with-libpath, --with-libraries
23959 now initializes some fields that weren't getting set to -1 pretty
23960 gross -- need a rewrite.
23963 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
23970 no longer add -lPW to *_LIBS since we include alloca.c
23974 added HAVE_ALLOCA_H
23989 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
23992 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
23993 not always set to a valid uid.
23997 fixed entry for SUDO_MODE
24001 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
24002 being set to -2. Now beat NFS to the punch and set uid to "nobody"
24003 ourselves, preserving group 0 to read sudoers.
24007 moved set_perms(PERM_ROOT) to be before yyparse()
24015 no longer need AC_PROG_INSTALL
24019 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
24023 make clean -> make distclean
24026 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
24029 removed some unnecsary if's
24032 * Makefile.in, version.h:
24036 * parse.c, testsudoers.c:
24037 now includes netgroup.h
24041 removed cats of ioctl to int since they didn't shut up -Wall
24045 explicately cast ioctl() to int since it it not always declared
24049 added declarations for yyparse() and yylex()
24053 fixed an occurence of '==' -> '='
24056 * config.h.in, configure.in:
24057 added check for netgroup.h
24061 fixed 2 compiler warnings
24065 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
24069 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
24075 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
24078 fixed a formatting thingie
24081 * parse.c, parse.yacc:
24082 fixed -u support with multiple user lists on a line
24086 unixware needs -lgen
24090 updated ftp location
24094 add net_addr/netmask support
24098 added net_addr/mask example
24101 * parse.c, parse.lex:
24102 added support for net_addr/netmask
24105 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
24111 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
24121 * BUGS, TODO, TROUBLESHOOTING:
24126 updated with examples of new stuff
24134 updated wrt -u and NOPASSWD
24138 updated wrt -u and CAVEATS
24141 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
24148 now use :foo: character classes (makes no diff for generated lexer)
24151 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
24154 fixed LONG_SKEY_PROMPT stuff
24157 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
24164 make more like NetBSD one -- now compiles w/o warnings
24168 fixed decls of lsearch()
24171 * config.h.in, configure.in, getspwuid.c:
24176 hpux 10 uses bigcrypt() if C2
24179 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
24182 now always uses fnmatch to match args
24186 back to using stdio instead of raw i/o since that caused some
24190 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
24193 now give usage warning if use -l,-v,-k with args
24196 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
24199 NewArgc is now set to 1 for -l, -v, -k
24203 now sets sudoers to correct group if mode is 0400
24207 updated to version used by inn and bind
24211 now uses -lgnumalloc if it exists
24215 "make install" now sets uid/gid and mode on sudoers if it exists
24219 rmeoved debugging statements
24223 added a missing free()
24227 now uses user_gid instead of getegid (which was wrong anyway) to set
24228 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
24229 (logging.c depends on args being in the environment)
24233 now uses SUDO_COMMAND envariable to get command args rather than
24234 building it up again.
24242 fixed off by one error in allocation NewArgv
24246 in sudoers, 'command ""' now means command with no args
24250 added check for fnmatch(3) and fnmatch.h
24258 replaced wildcat.* with fnmatch.*
24265 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
24268 now uses fnmatch() instead of wildmat a trailing star (*) by itself
24269 now matches multiple args added support for wildcards in the
24270 pathname in sudoers
24273 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
24276 now includes compat.h and config.h
24280 added HAVE_FNMATCH_H
24284 now checks for alloca() (if needed by bison or dce) and links with
24285 -lPW if it contains alloca() and libv and compiler do not.
24288 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
24292 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
24295 now fixes mode on sudoers if set to 0400 to aid in upgrade
24298 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
24301 fixed pod2man usage
24304 * Makefile.in, configure.in, version.h:
24308 * testsudoers.c, visudo.c:
24309 runas_user is now initialized to "root"
24313 removed PERM_FULL_ROOT
24317 runas_user defaults to "root" so no more need to PERM_RUNAS
24321 will now only running commands as root if there was no runas list
24322 (or if root is in the runas list)
24330 runas_matches is now set to false if we get a negative match
24334 make #uid work + some minor cleanup
24338 added support for NOPASSWD and "runas" from garp@opustel.com /
24342 added support for "runas" from garp@opustel.com replaced
24343 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
24348 added support for "runas" from garp@opustel.com
24352 added support for NO_PASSWD and runas from garp@opustel.com replaced
24353 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
24358 added support for NO_PASSWD and runas from garp@opustel.com replaced
24359 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
24364 added support for NO_PASSWD and runas from garp@opustel.com
24367 * parse.c, parse.lex:
24368 added support for NO_PASSWD and runas from garp@opustel.com
24372 added support for SUDOERS_WRONG_MODE and "runas"
24376 added --with-CC only link with -lshadow on linux (with shadow pw) if
24377 libc lacks getspnam()
24380 * OPTIONS, options.h:
24381 removed NO_PASSWD since it is not possible to do this in the sudoers
24382 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
24383 SUDOERS_GID. Added SUDOERS_MODE.
24387 now uses SUDOERS_UID and SUDOERS_GID
24390 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
24396 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
24399 added double quote support
24403 documented double quoting
24406 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
24413 fixed some indentation
24421 added install-dirs .
24424 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
24427 new version from "Jeff A. Earickson" <jaearick@colby.edu>
24430 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
24433 $CSOPS -> $with_csops (whoops, missed one)
24441 FQHOST now has same constraints as non-FQHOST
24445 added note about OS's w/ shadow passwords turned on by default
24448 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
24455 added support for --without-THING sanitized shadow pw situtation by
24461 fixed a typo wrt placement of an end paren
24465 was closing an fd that may not have been opened
24468 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
24470 * OPTIONS, options.h, sudo.c:
24474 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
24477 now always use shadow pw on some arches
24480 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
24483 added pyramid support
24487 no longer check for C2 if alternate passwd method is used no longer
24488 check for some libs twice
24492 moved fqdn stuff into parse.lex (FQHOST)
24500 now define TCSASOFT in necesary
24504 now uses read/write instead of stdio string goop to avoid problems
24508 * OPTIONS, find_path.c, options.h:
24509 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
24512 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
24515 added note about no shadow auto-detect if using alternate auth
24520 don't check for C2 if AFS or DCE (unless they said --with-C2)
24527 * OPTIONS, find_path.c, options.h:
24531 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
24534 checkdot now works correctly
24537 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
24540 can't have DCE and C2 passwords both...
24543 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
24545 * parse.yacc, sudo.c, sudo.h, visudo.c:
24546 now uses shost even if not FQDN
24550 now looks for skey in /usr/lib and doesn't require libskey to be in
24551 /usr/local/lib just because skey.h is (for my netbsd box :-)
24554 * aclocal.m4, config.h.in, pathnames.h.in:
24555 _SUDO_PATH_ -> _CONFIG_PATH_
24558 * aclocal.m4, sudo.pod:
24559 /var/run/.odus -> /var/run/sudo
24563 now uses _SUDO_PATH_TIMEDIR
24570 * aclocal.m4, configure.in:
24575 added _SUDO_PATH_TIMEDIR
24579 updated wrt /var/run/sudo
24583 added support for shost if FQDN
24586 * parse.yacc, visudo.c:
24587 now uses shost if FQDN
24591 Now use skeylookup() instead off skeychallenge()
24594 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
24597 mail_argv should not contain ALERTMAIL as it includes "-t"
24600 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
24602 * INSTALL, Makefile.in, README, configure.in, version.h:
24607 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
24611 now includes limits.h moved _PASSWD_LEN -> compat.h
24614 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24632 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
24639 done for 1.4.1 (I hope)
24643 added info on wildcards
24647 added wildcard example
24651 now uses *.pod to build *.man and *.cat & *.html
24655 addedSUDO_PROG_BSHELL !ll
24659 fixed up some formatting
24663 redid section describing sample sudoers stuff
24667 fixed some formatting
24671 now treats "" as bourne shell
24675 TESTOBJS nwo includes wildmat.o
24679 now works with NewArg[cv]
24683 removed an XXX (fixed it in getspwuid.c)
24687 added check for bourne shell
24695 added _SUDO_PATH_BSHELL
24698 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
24701 unixware vi returns 256 instead of 0
24709 fixed up some XXX's. file log format now looks a little more like
24710 real syslog(3) format.
24713 * README, TROUBLESHOOTING:
24714 updated wrt lex/flex
24718 commented out rule to build lex.yy.c from parse.lex since we ship
24719 with a pre-flex'd parser
24722 * parse.c, parse.yacc, visudo.c:
24723 path_matches -> command_matches
24727 eliminated some strcat()'s
24731 no longer checks for lex/flex (now assumes flex)
24735 now checks for $kerb_dir_candidate/krb.h instead of just
24739 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24742 now use a 'hook' expression instead of an iffy one :-)
24745 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24748 now works with new sudo arg stuff
24752 fixed dereferencing deadbeef
24756 changed an occurrence of Argv to NewArgv
24760 took out support for quoted commands since there is no need...
24764 fixed a typo in a for() loop
24768 protected against dereferencing rogue pointers
24772 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
24773 also allows us to eliminate some kludges in parse_args() and
24774 eliminate superfluous code.
24778 no longer uses cmnd_args, now uses NewArgv instead.
24782 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
24787 added wildmat.c to SRCS & SUDOBJS
24791 COMMAND is now a struct containing the path and args
24795 replaced append() with fill_cmnd() and fill_args. command args from
24796 a sudoers entry are now stored in an arrary for easy matching.
24800 command line args from sudoers file are now in an array like ones
24801 passed in from the command line
24804 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
24807 wildwat stuff now works
24810 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
24817 ++version added wildmat.*
24820 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
24823 added support for quoted commands (w/ or w/o args)
24826 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24828 * sudo.pod, visudo.pod:
24829 cleaned up formatting
24832 * sudo.pod, visudo.pod:
24836 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
24839 looks reasonable, could be mroe readable
24846 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
24853 updated NO_ROOT_SUDO entry
24856 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
24859 *** empty log message ***
24860 [5b63de579ff7] [SUDO_1_4_0]
24871 AIX aixcrypt.exp now uses $(srcdir)
24875 added entry for anal ansi compilers
24878 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
24881 added info on libcrypt_i for SCO
24885 *** empty log message ***
24900 * INSTALL, OPTIONS, README, config.h.in, configure.in:
24905 ++version and fixed ISC
24908 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
24909 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
24910 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
24911 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
24917 added STUB_LOAD_INTERFACES ++version
24920 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
24926 added info about fd_set in tgetpass added info on interfaces.c
24929 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
24940 tgetpass.o is now only linked in with sudo (not visudo)
24943 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
24945 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
24951 added copyright notice
24954 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
24955 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24956 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
24957 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
24958 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
24963 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
24967 ISC now gets -lcrypt now check for sys/bsdtypes.h
24971 added check for sys/bsdtypes.h
24974 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
24977 removed debugging stuff (setting freed ptr to NULL)
24989 added section on syslog
24993 added AC_ISC_POSIX for better ISC support
25001 added define for _POSIX_SOURCE
25004 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
25007 fixed check for lsearch()
25010 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
25013 fixed for AIX now deal if num_interfaces == 0 (should not happen)
25016 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
25019 now only define HAVE_LSEARCH if there is a corresponding search.h
25026 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
25029 now define HAVE_LSEARCH if we find lsearch() in libcompat
25033 char * -> const char *
25037 now looks in -lcompat for lsearch()
25041 remove sudo.core visudo.core for clan target
25045 added UID_MAX support in check for MAX_UID_T_LEN
25049 fixed another occurence of sudo_getpwuid.*
25052 * Makefile.in, getspwuid.c:
25053 sudo_getpwuid.c -> getspwuid.c
25060 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
25061 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
25062 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25063 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25064 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25065 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25066 version.h, visudo.c:
25071 added group support
25079 documented group support
25082 * parse.c, parse.lex, parse.yacc, visudo.c:
25083 added group support
25086 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
25089 tkfile was too short and overflowed the kerberos realm
25092 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
25095 now copy command args directly from Argv
25099 replaced code to copy cmnd_args so that is does not use realloc
25100 since most realloc()'s really stink
25103 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
25106 syslog() fixed in hpux 10.01
25109 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
25112 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
25116 better error if cannot find skey incs or libs
25120 now use a temp file for determining max len of uid_t in string form.
25121 the old hacky way broke on netbsd
25125 added set of parens and a space
25128 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
25131 fixes from Jeff Earickson <jaearick@colby.edu> ,
25139 fixed up testsudoers target
25143 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
25144 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
25148 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
25152 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25155 fix for C2 on hpux 10 now uses -linet if it exists
25159 LONG_SKEY_PROMPT is less of a klusge /
25163 fixed typos w/ dce stuff
25170 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
25173 amended section on combining authentication mechanisms
25177 minor updates for 1.3.6
25181 added 2 more entries
25193 rewrote for sudo 1.3.6
25200 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
25202 * find_path.c, getspwuid.c, sudo.c:
25203 added explict casts for strdup since many includes don't prototype
25208 removed prototype for sudo_getpwuid() since convex C compiler choked
25213 added prototype for sudo_getpwuid()
25217 now compiles on strict ANSI compilers
25221 added LONG_SKEY_PROMPT support
25225 added extra $'s for make to eat up, yum.
25228 * OPTIONS, options.h:
25229 added LONG_SKEY_PROMPT
25232 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
25235 s/key support now works with normal s/key as well as logdaemon
25238 * OPTIONS, options.h:
25243 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
25247 added DCE note added more AIX notes
25251 now include pthread.h for DCE support
25255 dce_pwent() is ok after all .,
25259 now uses SYSLOG() macro that equates to either syslog() or
25264 minor formatting changes. renamed check() to somthing less generic
25267 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
25269 now uses user_pw_ent and simple macros to get at the contents
25272 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25275 simpler dec unix C2 support
25279 now sets crypt_type for DEC unix C2
25282 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
25285 added csops paths for skey
25289 now includes string.h for strdup() prototype
25297 now includes skey.h
25305 moved a lot of the shadow passwd crap to sudo_getpwuid()
25309 now uses sudo_pw_ent
25313 now uses sudo_pw_ent
25317 now sets sudo_pw_ent
25325 moved dce stuff into compat.h
25328 * logging.c, sudo.h:
25329 now uses sudo_pw_ent
25333 added sudo_getpwuid.c
25341 now uses sudo_pw_ent
25344 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
25347 fixed exempt_group stuff for OS's that don't put base gid in group
25352 S/Key support now works with sunos4 shadow passwords
25359 * config.h.in, configure.in:
25368 first stab at dce support
25372 now smells like sudo
25380 skey'd sudo now works w/ normal password as well
25383 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
25385 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
25386 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25387 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25388 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25389 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25390 version.h, visudo.c:
25391 updated version number
25395 updated to reflect version change
25399 --with options now line up ++version
25403 removed unecesary S/Key stuff
25407 fixed S/Key support
25411 -I stuff now goes in CPPFLAGS
25423 fixed description of EXEMPTGROUP
25427 more people use _RLD_ than just alphas...
25431 replaced $man_prefix with $mandir
25439 now use more GNU'ish dir names
25443 now set *dir correctly (can override from command line)
25447 now deal with situations where we getwd() fails
25450 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
25453 added etc_dir, bin_dir, sbin_dir
25461 now ship a flex-generated lex.yy.c
25465 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
25469 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
25473 no more error for redefining SUDOERS_OWNER
25477 expanded SUDOERS_OWNER section
25480 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25483 now warn if chown(2) failed
25487 better default warning for NO_SUDOERS_FILE
25491 added missing set_perms() no more cryptic message if the sudoers
25492 file is zero length, now just give a parse error
25496 better diagnostics if NO_SUDOERS_FILE
25500 check_sudoers() now catches sudoers files that are not readable (but
25504 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
25507 now add -D__STDC__ for convex cc (not gcc)
25511 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
25515 now uses exec_prefix & prefix from configure
25518 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
25519 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
25521 options.h is now <> instead of "" so shadow build trees can have a
25522 custom copy of options.h
25526 user_is_exempt() is no longer a hack, it now uses getgrnam()
25530 EXEMPTGROUP is now "sudo"
25534 MAN_POSTINSTALL now contains a leading space
25538 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
25539 testsudoers in clean:
25543 includes pwd.h to get _PASSWD_LEN definition
25546 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
25549 unset the KRB_CONF envariable if using kerberos so we don't get
25550 spoofed into using a bogus server
25553 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
25556 now explicately initialize match[] tp be FALSE
25559 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
25562 removed unused variable now passes -Wall
25566 yyerror and dumpaliases are now void's now passes -Wall
25570 added prototype for yyerror
25573 * check.c, logging.c, parse.c:
25578 rmeoved unused cruft now passes -Wall
25582 fixed headers that moved to emul dir
25586 fixed deref of nil pointer if no args
25589 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
25592 added a caveat to FQDN section
25595 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
25598 more $srcdir support for install targets
25601 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
25602 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
25603 don't include malloc.h if we include stdlib.h
25607 local search.h now lives in emul
25610 * check.c, utime.c:
25611 local utime.h now lives in emul dir
25615 local search.h now lives in emul
25619 added support for building in other than the sourcedir
25622 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
25625 annotated CSOPS_INSULTS option
25629 updated shadow passwords blurb
25633 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
25634 passes along foo as the arguments
25637 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
25640 collapsed pathname and dir sections into one -- its now less
25645 fixed spacing quoting [,:\\=] now works correctly append() and
25646 fill() now take args to make the above work
25650 fixed a typo that caused commands with no tty on fd 0 but a tty on
25651 fd 1 to erroneously have "none" as their tty
25654 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
25657 timestampfile is now a global static removed decl of timestampfile
25658 in remove_timestamp since we can just use the global one
25662 created touch() to update timestamps added USE_TTY_TICKETS support
25667 added _S_IFDIR and S_ISDIR
25670 * OPTIONS, options.h:
25671 added USE_TTY_TICKETS
25675 removed const from casts for lsearch() & lfind() to placate irix 4.x
25679 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
25682 now only strip '/dev/' off of a tty if it starts with '/dev/'
25690 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
25695 fixed incorrect #ifdef termio uses "unsigned short" not int for
25699 * parse.lex, parse.yacc:
25700 fixed a spelling error
25707 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
25714 added dotcat() to cat 2 strings w/ a dot effeciently now that we
25715 dynamically allocate strings they need to be free()'d
25719 dynamically allocates space for strings
25723 no more MAXCOMMANDLENGTH
25730 * logging.c, sudo.c:
25731 moved tty stuff into sudo.c
25734 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
25737 fixed a logic bug. Was denying a command if user gave command line
25738 args but there were none in the sudoers file which is wrong.
25742 MAXCOMMMANDLEN dropped down to 1K
25746 return foo; -> return(foo);
25750 fixed netgr_matches() prototype
25754 added support for escaping "termination" characters
25758 buf is now of size MAXPATHLEN+1 since it never holds command args
25766 fixed negation problem (doh!)
25770 fixed 2nd parameter to lfind()
25774 now do bounds checking in fill() and append()
25778 include netdb.h as we should added a missing void cast added
25779 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
25780 realloc actually moved the string instead of shrinking it
25784 updated with examples of new features
25788 now set errno to EACCES if not a regular file or not executable
25792 if given a fully-qualified or relative path we now check it with
25793 sudo_goodpath() and error out with the appropriate error message if
25794 the file does not exist or is not executable
25797 * emul/search.h, lsearch.c:
25798 now use correct args for lfind
25806 added in CSOps insults
25818 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
25822 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
25826 fixed -k load_interfaces() now gets called if FQDN is set
25827 -p now works with -s
25831 don't try to stat() "pseudo commands" like "validate"
25835 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
25839 added SecurID support added other insults to --with-csops
25847 added clobber target added ins_csops.h now gets CFLAGS from
25852 relaxed SUDO_FULL_VOID
25856 function comment blocks are now in same style as rest of code
25860 added support for command line args in /etc/sudoers
25864 updated to have command args in the sudoers file
25868 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
25871 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
25874 PATH renamed to COMMAND
25878 it is now a parse error for directories to have args attached to
25883 now say command args if telling user to buzz off
25887 -s no longer indicates end of args sped up loading on cmnd_args in
25892 removed an unreachable statement
25896 made more efficient by pulling out the terminators when in GOTCMND
25897 state and making them their own rule
25900 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
25903 removed MAXLOGLEN since it is no longer used
25907 now allows command args
25911 now groks command arguments
25915 now sets tty correctly when piped input
25919 fixed loading of cmnd_args (was including command name too)
25923 fixed a core dump due to incorrect if construct
25926 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
25929 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
25933 fixed check for ISC
25937 now sets cmnd_args used by log_error() and that will be used by the
25938 parse to check against command args
25946 now dynamically allocate logline since we can guess at its size
25949 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
25952 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
25953 "register" since the compiler knows more than I do now do a
25954 "basename" of the tty
25957 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
25964 added shell extern changed MODE_* to be bit masks to allow for
25965 several options together
25969 added -s (shell) option made MODE_* masks so we can do bitwise & and
25970 | to see if multiple flags are set.
25974 added securid support
25977 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
25980 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
25983 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
25985 * Makefile.in, version.h:
25989 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
25992 fixed free() of an uninitialized pointer (yuck)
25996 added netgr_matches
26000 cleaned up netgr_matches
26003 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
26009 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
26012 now installs sudoers.man -- really should clean this up though.
26016 added sudoers.cat and sudoers.man
26020 pulled out stuff on the sudoers file format into a separate man page
26028 fixed up my email address
26032 added checks for innetgr and getdomainname
26036 added dummy netgr_matches function
26040 added netgr_matches
26043 * parse.lex, parse.yacc:
26044 added NETGROUP support
26048 added HAVE_INNETGR & HAVE_GETDOMAINNAME
26051 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26054 rewrote clean_env() that has rm_env() builtin
26057 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
26060 now cast uid to long in sprintf
26064 added _INSULTS suffix to HAL & GOONS end
26068 added _INSULTS suffix to HAL & GOONS
26071 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
26072 converted to new scheme of insult "unions" end
26076 now uses MAX_UID_T_LEN
26080 added SUDO_UID_T_LEN !l
26084 added MAX_UID_T_LEN
26088 now use MAX_UID_T_LEN
26092 added check for max len of uid_t fixed sco vs. isc check
26095 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
26106 hack to check for sco
26110 removed #include <net/route.h> since it was hosing some OS's
26113 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
26116 fixed prreadlink() prototype
26120 added parens in #if's
26128 moved SPW_* to config.h.in
26132 added a set of parens
26140 added SPW_* reordered error codes
26144 moved SPW_* to sudo.h
26147 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
26150 SPW_AUTH -> SPW_SECUREWARE
26154 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
26162 SPW_AUTH -> SPW_SECUREWARE
26166 now uses SHADOW_TYPE to make shadow pw support more readable and
26167 modular. It's a start...
26171 added autodetection of shadow passwords
26175 now uses SHADOW_TYPE define
26179 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
26183 added SUDO_CHECK_SHADOW
26186 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
26189 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
26190 memmove() since we dno longer use it...
26198 added BROKEN_SYSLOG support
26202 added BROKEN_SYSLOG
26206 now only bitch it timestamp > time_now + 2 * timeout to allow for a
26207 machine udpating its time from a server
26211 added 2 security notes updated Nieusma's email addr
26215 changed a memmove() to memcpy() since we don't have to worry about
26216 overlapping segments.
26219 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
26222 cleanup up the loop when interfaces are groped in so that it is
26226 * Makefile.in, version.h:
26230 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
26236 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
26239 fixed permissions check on /tmp/.odus
26242 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
26245 fixed some comments
26249 now checks owner & mode of timedir also checks for bogus dates on
26254 updated TIMEOUT info
26257 * logging.c, sudo.h:
26258 added BAD_STAMPDIR and BAD_STAMPFILE
26262 added definition of S_IRWXU
26269 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
26272 added #ifdef to make it compile on strange arches
26275 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
26278 fixed check for fulkl void impl.
26282 added mssing "static"
26286 replaced #elif with #else #if constructs for ancient C compilers
26290 updated irix c2 & kerb5 info
26294 added shadow pw support for irix
26297 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
26304 last changes for sudo 1.3.3
26308 now calls SUDO_SOCK_SA_LEN
26316 added SUDO_SOCK_SA_LEN
26320 now works with ip implementations that use sa_len in sockaddr
26324 added note about buggy AIX compiler
26328 now include sys/time.h for AIX
26331 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
26338 now works for ISC and others. yay.
26341 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
26343 * Makefile.in, version.h:
26347 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
26350 fixed test for full void impl
26354 now check to see that st_dev is non-zero before assuming that we are
26358 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
26360 * aclocal.m4, configure.in:
26361 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
26364 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
26367 fixed include file order for SUDO_FUNC_UTIME_POSIX
26371 added cast for ttyname()
26379 now deal correctly with all known variation of utime() -- yippe
26383 added SUDO_FUNC_UTIME_POSIX
26387 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
26391 added HAVE_UTIME_POSIX
26399 no longer assume !HAVE_UTIME_NULL means old BSD utime()
26403 fixed fascist C compiler warning
26407 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
26408 to 0 (just to be anal)
26411 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
26414 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
26422 reworked the ISC code
26425 * Makefile.in, version.h:
26430 now expect old-style utime(3) if utime() can't take NULL as an arg
26434 added check for utime.h
26442 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
26446 now search for kerb libs and includes
26450 added support for utime(2)'s that can't take a NULL parameter
26454 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
26458 added utime(s) stuff
26466 added HAVE_UTIME and HAVE_UTIME_NULL
26469 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
26472 now use HAVE_UTIME_NULL
26475 * emul/utime.h, utime.c:
26480 need to setuid(0) to make kerb4 stuff work.
26484 no more special case for kerberos
26488 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
26493 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
26498 now use private ticket file for kerberos support to avoid trouncing
26502 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
26505 added SPOOF_ATTEMPT & cmnd_st
26509 added anti-spoofing support
26513 now use global cmnd_st
26517 added SPOOF_ATTEMPT suypport
26520 * testsudoers.c, visudo.c:
26521 added void casts where appropriate
26525 fixed up spacing and added void casts where appropriate
26529 fixed problem with "-p prompt" but no args
26532 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
26535 added BUGS and annotated -l description
26539 validate() now takes a flag
26543 validate() now takes a flag added -l
26547 added support for -l
26551 validate() now takes a flag that says whether or not to check the
26555 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
26558 now deals with Argv == 1
26566 added prompt support reworked parse_args()
26578 now use BUFSIZ as length of kerb password added kpass so pass is
26579 always a char * now use prompt global when asking for a password
26583 now use BUFSIZ as _PASSWD_LEN if using kerberos
26590 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
26593 only look for -lufc or -lcrypt if crypt() not in libc
26597 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
26598 (unknown user) silently fail
26606 HAVE_KERBEROS -> HAVE_KERB4
26610 removed debugging printf
26614 KERBEROS -> KERB4 added checks for setreuid & setresuid
26618 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
26622 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
26623 with setresuid if applic
26627 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
26628 no setreuid() or a broken one
26631 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
26634 added kerberos support
26638 added HAVE_KERBEROS
26642 added KERBEROS support (long passwords)
26646 added kerberos support
26649 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
26652 added MODE_BACKGROUND
26656 escaped dashes added -b option
26664 added crypt() for osf/1 3.x enhanced secuiry
26668 now check for -lcrypt
26672 added ENXIO like EADDRNOTAVAIL
26675 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
26678 now emulate getwd(), not getcwd()
26682 getcwd() -> getwd()
26689 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
26691 * ins_2001.h, ins_classic.h, ins_goons.h:
26696 broke out insults into separate include files
26699 * OPTIONS, options.h:
26704 added ins_2001.h ins_classic.h ins_goons.h
26707 * Makefile.in, version.h:
26712 moved signal handler setup to setup_signals()
26716 added load_interfaces()
26720 moved load_interfaces to interfaces.c
26727 * OPTIONS, options.h:
26732 now uses clearaliases variable
26740 added interfaces.[co]
26744 now uses ip addrs and netmasks via load_interfaces()
26748 now remove IFS instead of setting to "sane" value
26751 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
26757 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
26760 sudo_goodpath.c-> goodpath.c
26764 added Andy's new ISC changes
26767 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
26770 added a sentence to SECURE_PATH info
26785 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
26791 * Makefile.in, version.h:
26796 sendmail is now looked for in
\17/usr/ucblib
26812 added unixware case
26816 user_is_exempt is no longer hidden
26824 isc and riscos changes
26828 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
26832 fixed a typo and added testsudoers stuff
26839 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
26842 applied fixed patch from Chris
26845 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
26852 added a set of braces for bison
26856 merged in Chris' changes to dekludge the parser.
26860 send_mail() was calling find_path() which is wrong since find_path()
26861 stores cmnd in a static var. Anyhow, it doesn't make much sense
26862 since MAILER should always be fully qualified
26865 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
26868 added User_Alias stuff
26872 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
26876 added DEC UNIX 3.0 w/ gcc
26880 Exit was being used in places where exit should be used
26884 added "User alias specification"
26888 fixed probs caused by making nslots and naliases a size_t
26892 added KSR, upped rev to 1.3.1b2
26895 * logging.c, parse.yacc:
26900 void * -> VOID * naliases and nslots are now size_t to appease
26901 lsearch on 64-bit machines
26904 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
26907 did a bunch of things and added a bunch :-)
26915 closer to BSD manpage style
26919 closer to standard BSD man format
26922 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
26923 pathnames.h.in, sudo.h, version.h:
26928 removed crufty #defines that are no longer used
26936 updated based on sudo changes
26940 now allow ALL keyword in User_Aliases now allow ALL keyword as well
26949 now sets SUDO_COMMAND and SUDO_GID envariables.
26953 fixed bug with full void impl check
26957 fixed User_Alias supoprt
26961 added stubs for User_Alias support
26965 now sets removes # bogus interfaces from num_interfaces
26969 added User_Alias support
26972 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
26975 removed extraneous TODO
26978 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
26981 ntwk_matches -> addr_matches
26985 ntwk_matches -> addr_matches
26989 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
26990 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
26995 took out debugging info
26999 OS was being set to unknown before non-uname based host checks.
27000 This caused no checks to happen since $OS was not zero-length.
27004 fixed loading of interfaces struct still has debugging info in
27012 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
27023 removed extraneous extern decl of "top
27031 removed parser_cleanup (no need for it now)
27035 now calls reset_aliases() directly
27038 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
27041 added a sentence to SECURE_PATH description
27045 fixed my stupid bug where I used NAMLEN on something I wanted to
27046 just get the name from. argh.
27049 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
27052 fixed argument order of memmove() that i hosed when converting from
27057 finally fixed DISTFILES line
27065 added missing files to DISTFILES
27069 SUPPORTED -> RUNSON
27072 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
27079 updated for pl5b1 release
27087 fixed bug where if you hit return at first sudo prompt it would
27088 still log as a failure
27096 better test for bogus void * implementation
27100 added PASSWORDS_NOT_CORRECT
27104 added PASSWORDS_NOT_CORRECT stuff]
27108 added PASSWORDS_NOT_CORRECT
27116 removed some unused vars and fixed up uid2str
27123 * getcwd.c, getwd.c:
27127 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
27130 fixed a typo I introduced in the last checkin :-(
27134 can't have #ifdef's where N is defined so just do this the broken
27139 better hack from Chris (but still a hack)
27143 stupid hack for broken aix lex
27147 now includes compat.h
\ 6
27151 now includes fcntl.h
27155 added FD_SET and FD_ZERO for 4.2BSD
27159 dirty hack to fix parser bug. i don't really like this but it works
27164 uid2str is now static like the prototype says
27167 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
27169 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
27178 check_sudoers now returns an error code and sudo calls inform_user
27179 and log_error based on the return value.
27182 * logging.c, sudo.h:
27183 added entries for new errors
27187 now set uid to that of SUDOERS_OWNER while parsing sudoers file
27191 took out testsudoers
\ 6
27195 now explicately checks that it is setuid root
27199 If a user has no passwd entry sudo would segv (writing to a garbage
27200 pointer). Now allocate space before writing :-)
27204 reordered AC_CHECK_FUNCS
27211 * tgetpass.c, visudo.c:
27216 bzero -> memset when a parse error is logged the line number of the
27217 error is now logged too
27221 added Sunos to blurb about c2 security
27225 added a SUN4 define for C2 security
27229 bcopy -> memmove bzero -> memset
27233 bcopy -> memmove char * -> VOID *
27237 added support for sunos with C2 security
27240 * OPTIONS, options.h:
27245 _PATH_SUDO_LOGFILE now set based on configure
27249 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
27253 added _SUDO_PATH_LOGFILE
27257 added SUDO_LOGFILE to find where to put sudo.log added
27258 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
27259 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
27262 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
27269 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
27270 to work around a problem is trusted hpux shadow passwords. yuck.
27274 backed out a change in malloc/realloc
27278 now include stdlib.h
27282 now do an freopen() of the stmp file so that yyin will always point
27283 to the same thing. This is important for flex since we are doing a
27288 replaced yywrap() with parser_cleanup() since yywrap() needs to be
27289 in parse.lex to be able to use YY_NEW_FILE. sigh.
27293 now have a rule that matches anything that doesn't match an
27294 explicite rule. well, you know what i mean (. matches anything not
27295 yet matched). However, this means that there is input still queued
27296 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
27297 into parse.lex and it calls parser_cleanup() which is most of the
27305 * getcwd.c, getwd.c:
27306 moved compat.h to be the last include file
27310 fixed type of aliascmp() args
27318 added casts to lfind and lsearch args for irix
27322 bsdinstall -> install-sh
27326 added info about make realclean
27330 updated VERSION added dependencies for visudo.cat
27342 now there is a real visudo.man and visudo.cat
27346 took out visudo stuff
27353 * parse.c, parse.lex, parse.yacc:
27362 updated Nieusma & Hieb email addresses
27366 updated to include options.h and OPTIONS
27374 eliminated bug #1 (yay)
27378 sunos no longer gets linked statically
27381 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
27384 prototype now uses __P()
27388 make fill() non-ansi
27392 made -v (validate) work
27400 don't check for execute/statable if fq or relative path given
27408 now include ctype.h for islower and tolower macros
27412 moved _S_IFMT & _S_ISREG to compat.h
27416 moved a set of parens
27420 now include compat.h
27428 now cast malloc & realloc return vals added search for HAVE_LSEARCH
27429 now use strcmp if no strcasecmp available
27437 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
27438 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
27442 added _S_IFMT, _S_IFREG, and S_ISREG
27446 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
27447 to most SUDO_* macros
27455 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
27456 AC_INSTALL_PROG instead of custom one added check for fully woorking
27457 void implementation
27461 added lsearch & search.h visudo links into $(LIBOBJS)
27465 partial 1.x to 2.x changes added SUDO_FULL_VOID
27469 whatnow_help was prototyped to be static be was not declared as
27474 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
27475 for dirent/dir/ndir.h
27479 now use groovy gnu autoconf macro AC_HEADER_DIRENT
27482 * getcwd.c, getwd.c:
27483 MAXPATHLEN -> MAXPATHLEN+1
27486 * emul/search.h, lsearch.c:
27490 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
27493 eliminated bison warnings
27501 now iincludes signal.h
27505 only clear data structures on a parse error
27509 whatnow() now gives help on invalid input
27513 added a whatnow() function (sort of like mh)
27517 kill_aliases -> reset_aliases yywrap() now cleans up by calling
27518 reset_aliases() and clearing top took reset stuff out of yyerror()
27519 since it doesn't beling there (and doesn't work anyway). errorlineno
27520 is now initially set to -1 so we can set it to the first error that
27521 occurrs (it was getting set to the last)
27529 rewrote from scratch based on 4.3BSD vipw.c
27532 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
27539 no more sudo_realpath() and find_path() changed params
27543 find_path() changed since no more realpath()
27547 on error, errorlineno is set to the line where the error occurred
27548 added kill_aliases() to free the aliases struct now clean up in
27549 yyerror() so we can reparse cleanly
27552 * options.h, parse.c:
27553 no more USE_REALPATH
27557 changed to use new find_path()
27561 removed all the realpath() stuff
27565 sudo_realpath.c -> sudo_goodpath.c
27569 now works correctly with utk parser
27577 eliminated a compiler warning
27581 elinated compiler warning
27585 added sudo_goodpath()
27589 added prototype for sudo_goodpath
27593 added support for /sys/dir.h
27597 USE_REALPATH turned off
27601 added calls to sudo_goodpath()
27605 added check for dirent.h
27609 added HAVE_DIRENT_H
27613 added in linux shadow pass stuff
\ 6
27616 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
27619 added back host, user, cmnd, parse_error
27623 added in utk changes plus some minor cosmetic changes
27626 * sudo.c, sudo_realpath.c:
27627 added void casts for printf's
27631 added a define of USE_REALPATH
27635 there is no more visudoers/Makefile
27639 added in utk changes (visudo is now built from the toplevel)
27643 added (void) casts to printf's
27646 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
27647 merged in utk changes
27650 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
27653 now check to see that what we are trying to run is a file (or a link
27654 to a file, we do a stat(2) so there is no diff)
27657 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
27664 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
27668 added myself as maintainer
27671 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
27674 changed setegid -> setgid
27677 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
27680 fixed the test for irix 5.x to skip bad libs
27684 now initialize OS and OSREV
27687 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
27694 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
27698 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
27701 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
27702 thing wrt yyrestart (grrrr)
27705 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
27708 added visudoers/compat.h to DISTFILES
27716 added ocmnd declaration adjusted for find_path()'s new parameters
27720 added ocmnd extern adjusted find_path() prototype
27724 cmndcmp() now takes 3 arguments and checks against the qualified as
27725 well as the unqualified pathname. more code that should use
27726 cmndcmp() but did not, now does
27734 changed to use new find_path() parameter passing
27738 find_path() now takes 2 copyout parameters (one for the qualified
27739 pathname and one for the unqualified pathname). The third parameter
27744 no longer munge pathnames.h
27748 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
27749 as a result, pathnames.h does not need to be run through configure
27750 and the user can override the configured values easily.
27754 added _SUDO_PATH_* entries
27758 _PATH* -> _SUDO_PATH_*
27762 updated DISTFILES and HDRS .o's now depend on config.h
27765 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
27768 removed extraneous #endif
27776 added SUDO_PROG_MV added riscos and isc os types took out
27777 -DSHORT_MESSAGE from --with-csops since it is now the default
27781 move the include of id.h to compat.h now includes options.h
27785 moved compatibility #defines to compat.h
27793 move __P to compat.h
27796 * getcwd.c, getwd.c, putenv.c:
27797 now includes compat.h
27804 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
27807 pull user-configurable stuff out and put in options.h
27810 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
27812 * parse.lex, parse.yacc, visudo.c:
27813 now includes options.h
27816 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
27818 now includes options.h
27822 added visudoers/options.h
27825 * OPTIONS, options.h:
27830 added OPTIONS and options.h
27834 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
27838 changed PASSWORD_TIMEOUT to minutes
27841 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
27844 now only do Editor +line_num if line_num != 0
27847 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
27850 now use mv if rename(2) fails
27861 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
27864 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
27867 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
27870 added mips & isc support
27874 added support for non-root owned sudoers file
27878 added exempt group support
27882 added set_perms() support added SUDOERS_OWNER so can have non-root
27883 own sudoers file added exempt group support added isc support
27887 now copy sudoers to temp file via read/write (not stdio) now chown
27888 new sudoers file to SUDOERS_OWNER
27891 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
27902 fixed typo added set_perms support added skey support added
27903 seteuid()/setegid() emulation for AIX
27907 be_* -> setperms() now check to make sure sudoers file is owned by
27908 root nread/write by only root
27911 * logging.c, parse.c:
27916 be_* -> set_perms() added skey support
27919 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
27929 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
27939 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
27945 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
27960 now bail if ARgv[1] > MAXPATHLEN
27964 added function check for tcgetattr(3)
27968 only define HAVE_TERMIOS_H if you have tcgetattr(3)
27972 added check for tcgetattr
27975 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
27981 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
27984 now only include unistd.h for linux
27987 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
27990 added visudo.8 generation
27994 added -Wl,-bI:./aixcrypt.exp to aix flags
27997 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
28008 added mailing list info
28012 now use sudolineno instead of yylineno fixed bison warnings
28016 now use -no_library_replacement for osf don't make a static binary
28021 added string.h/strings.h inclusion
28029 added inclusion of string.h/strings.h
28033 fixed uname | sed (needed to quote the '[')
28037 replaced yylineno with sudolineno fixed bison syntax errors
28041 changed yylineno to sudolineno since yylineno cannot be counted
28050 added code to support command listings
28054 added code for -l flag
28058 fixed typo added info for -l flag
28062 AC_SSIZE_T -> SUDO_SSIZE_T
28077 * find_path.c, sudo_realpath.c:
28078 readlink() is now declared as returning ssize~_t
28082 added -laud for OSF c2
28085 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
28087 * Makefile.in, visudo.c:
28088 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
28091 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
28092 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
28095 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
28096 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
28097 sudo_setenv.c, tgetpass.c, version.h:
28098 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
28101 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
28112 added host to alertmail messages
28120 fixed logging problem where mail would not say which user it was
28124 added -laud for gcc if osf & c2
28128 moved set_auth_parameters to sudo.c
28132 added set_auth_parameters for osf
28136 cleaned up -static stuff
28148 changed setenv() to sudo_setenv()
28164 added osf auth support & removed some extra spaces
28167 * INSTALL, SUPPORTED:
28171 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
28174 added 2 suggestions
28178 removed README.v1.3.1 and added VERSION stuff
28185 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
28196 mention HISTPRY file
28200 use sizeof instead of a constant in 1 place
28219 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
28223 [7dfbb4a810bb] [SUDO_1_3_1]
28230 added unistd.h include
28233 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
28236 added sys/time.h for AIX
28239 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
28242 added check for -lsocket and sys/sockio.h
28246 took out libshadow check and added in sys/sockio.h check
28250 now include sockio.h instead of ioctl.h if it exists "sudo -" now
28251 gets a better error message
28255 now has a dir and subnet entry
28258 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
28269 added network and ip addresses to man page
28273 no error if can't get interfaces or netmask since networking may not
28278 nwo check for interfaces == NULL
28282 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
28283 the last entry in the spec failed (ie: it was only looking at the
28284 last entry). CLeaned things up by adding the cmndcmp() function--all
28292 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
28295 now do two passes to skip bogus interfaces (lo0, etc)
28298 * parse.lex, parse.yacc, visudo.c:
28299 added include of netinet/in.h
28302 * logging.c, sudo_realpath.c, sudo_setenv.c:
28303 added ninclude of netinet/in.h
28306 * check.c, find_path.c, getcwd.c, getwd.c:
28307 added include of netinet/in.h
28315 added interfaces global
28319 now uses new interfaces global
28323 now ip addresses are gleaned fw/o dns
28326 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
28329 added load_ip_addrs() to load the ip_addrs global var
28333 added hostcmp() to compare hostnames, ip addrs, and network addrs
28337 added ip_addrs def added load_ip_addrs prototype
28340 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
28347 removed multiple entries in DISTFILES
28351 ansified the !STDC_HEADERS decls
28354 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
28355 don't do malloc decl if gnuc
28359 can't use getopt(3) since it munges args to the command to be run as
28360 root don't do malloc decl if gnuc
28363 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
28364 sudo_realpath.c, sudo_setenv.c:
28365 ansi-fied !STDC_HEADER function prottypes
28368 * getcwd.c, getwd.c:
28369 added missing paren
28373 added putenv.c to DISTFILES
28377 added params to func decls when STDC_HEADERS is not defined now can
28378 count on putenv() being there
28382 took out errno decl since sudo.h does it for us fixed up a next cc
28383 warning added params to func decls when STDC_HEADERS is not defined
28387 took out environ extern added local declaratio of putenv() if local
28391 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
28392 added params to func decls when STDC_HEADERS is not defined
28396 added memcpy check check to see that ansi vs bsd macros are ntot
28397 already defiend before defining (ie: avoid redefinition)
28401 removed fluff setenv check plus check w/ replace for putenv if also
28409 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
28416 rm'd s realp[ath added sudo_realpath and sudo_setenv
28420 now use sudo_setenvc
28424 added puteenv and setenv, removed realpath
28428 added putenv & setenv
28439 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
28442 added MAN_POSTINSTALL and /usr/share/catman for irix
28446 added MAN_POSTINSTALL
28454 added SUDO_* plus new options
28462 took out shadow lib
28470 now use yyrestart() if flex now reset yylineno to 0
28474 support for installing a cat page instead of a man page if no nroff
28478 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
28479 to determine whether or not to install a cat or man page
28487 not set ret to MODE_RUN initially
28491 made command (and therefor cmnd dynamically allocated)
28503 changed bufs from MAXPATHLEN to MAXPATHLEN+1
28507 added MODE_ removed validate_only and added remove_timestamp()
28511 usage() now takes an int (exit value) added parse_args() to parse
28512 command line arguments moved call to find_path() from load_globals
28513 to new function load_cmnd() removed validate_only global -- now use
28514 the concept of "modes" added -h and -k options
28518 no longer use global validate_only now checks for command called
28519 "validate" removed check for non-fully qualified commands since that
28520 is done by find_path
28524 changed MAXPATHLEN r to MAXPATHLEN+1
28528 fixed off by one error with MAXPATHLEN and fixed a comment
28532 check_timestamp no longer runs reminder(), it is implied in the
28533 return val added remove_timestamp()
28540 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
28554 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
28557 moved send_mail to after syslog
28561 now set SUDO_ envariables
28564 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
28571 now print error if chdir fails
28578 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
28585 no more static binaries for aix
28588 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
28595 took out stuff not needed for sudo now does be_root/be_user itself
28596 now uses cwd global
28603 * logging.c, sudo.c:
28604 be_root/be_user is now down in sudo_realpath()
28607 * logging.c, sudo.h:
28608 now works with 4.2BSD syslog (blech)
28612 now use sudo_realpath()
28616 took out realpth() stuff since we now use sudo_realpath()
28620 ultrix enhanced sec
28624 added ultrix enhanced sec.
28632 ultrix enhanced security suport
28636 added sudo_realpath.c
28644 increased passwd len to 24 for c2 security
28651 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
28654 now use user global var
28661 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
28668 user is now a char * added epasswd
28672 added tzset() to load_globals added epasswd (encrypted password)
28673 global made user dynamically allocated
28685 cleaned up encrypted passwd grab somewhat
28701 can now log to both syslog & a file
28725 removed AFS stuff :-)
28729 include sys/select for AIX
28740 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28742 * CHANGES, SUPPORTED:
28747 can now have MAILER undefined
28751 new sub-note about MAILER
28755 added blurb about password timeout
28763 took out duplicate define of _CONVEX_SOURCE
28775 added a goto if fgets fails
28779 use __hpux not hpux convex c2 stuff
28783 use __hpux not hpux
28791 define ansi-ish cpp os defines if non-ansi are defined for hpux &
28796 updated to say we support sonvex C2
28800 added convex c2 support
28803 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
28806 no more ioctl never returns NULL uses fgets() and select() to
28810 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
28813 things were testing -n "$GCC" instead of -z "$GCC"
28817 now works + uses fgets()
28820 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
28823 select doesn't seem to recognize a single '\n' as input waiting so
28824 we can;t use it, sigh.
28827 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
28830 updated tgetpass() blurb
28834 added --with-getpass
28838 added tgetpass stuff
28849 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
28856 added USE_GETPASS && HAVE_C2_SECURITY
28860 fixed a test aded --with-C2 and --with-tgetpass
28868 took out tgetpass.*
28875 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
28878 no termio(s) for ultrix since it is broken
28882 added a space (yeah, anal)
28885 * realpath.c, sudo_realpath.c:
28886 fixed it (duh, rtfm)
28889 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
28892 took out bsd signal stuff for irix
28900 don't define BSD signals for irix
28911 * realpath.c, sudo_realpath.c:
28912 took out unneeded code by changing where a strings was terminated
28915 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
28917 * realpath.c, sudo_realpath.c:
28918 fix bug where /dirname would return NULL
28922 move __P to config.h
28925 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
28926 added errno definition
28941 * realpath.c, sudo_realpath.c:
28942 now works if no fchdir
28946 define SA_RESETHAND to null if not defined
28950 added check & replace
28954 took out -static for nextstep -- it doesn't work
28957 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
28960 moved #endif to where it belongs
28968 now checks for strdup realpath getcwd bzero
28976 added posic signals
28984 added posix signals
28988 removed BROKEN_GETPASS added new srcs toreplace missing functions
28992 added posix signal stuff
29004 now uses posix signals
29008 updated sto reflect major changes
29016 uses sysconf() if available
29020 added PASSWORD_TIMEOUT + prototypes for new functions
29023 * realpath.c, sudo_realpath.c:
29024 for those w/o this in libc
29027 * getcwd.c, getwd.c:
29032 rewrote to use realpath(3) - nis now all my code
29036 added HAVE_REALPATH
29044 added LIBOBJS use tgetpass.c
29047 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
29061 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
29072 added check for getwd
29076 replace strdup & realpath & getcwd if missing
29084 added SUDO_PROG_PWD
29091 * realpath.c, sudo_realpath.c:
29095 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
29098 quoted quare brackets
29101 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
29104 no need to strdup() a constant
29119 * parse.c, sudo.c, sudo.h:
29120 added validate_only stuff
29123 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
29130 $OSREV is now an int
29133 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
29136 added mtxinu to caser
29144 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
29148 changed mail_argv[] def now use EXEC() macro
29152 took out crypt() definition
29160 always look for -lnsl
29168 SHORT_MESSAGE is now the default
29176 added missing AC_DEFINE(SVR4) for solaris
29180 documented the -v flag
29192 added LIBSHADOW undef
29196 nwo set OS to be lowercase
29199 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
29202 now use SUDO_OSTYPE to set $OS
29206 now use uname to determine os
29210 added prototypes & moved sig handler around
29217 * check.c, logging.c, sudo.c:
29226 nwo use _BSD_SIGNALS not _BSD_COMPAT
29237 * parse.lex, parse.yacc:
29238 moved config.h to top of includes
29241 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
29244 now don't bitch if get EACCESS (treat like EPERM)
29248 added -v flag and usage()
29256 cast Argv to a const for exec added -v flag
29260 mail_argv is now a const
29264 only set RETSIGTYPE if it is not set already
29268 now defines & STDC_HEADERS for Irix
29275 * insults.h, sudo.h:
29276 prevent multiple inclusion
29283 * parse.lex, parse.yacc:
29284 now includes config.h
29288 now talks about sunos 4.x
29292 calls to Exit now pass an arg
29295 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
29298 signal handler now takes an int argument
29306 ok, the getcwd() is now *really* done as the user
29310 changed AIX STATIC_FLAGS
29314 solaris now defines SVR4
29318 added cwd and fixed stupid core dump that makes no sense. sigh.
29322 moved getcwd stuff into load_globals
29326 took out externs that are in suod.h
29330 moved cwd into load_globals
29338 fixed make distclean & realclean
29346 added solaris changes
29350 added solaris changes, need to rework
29354 cleaned up for solaris
29358 reinstall reapchild signal handler for non-bsd signals
29362 took out getdtablesize() emulation for HP-UX (no longer needed)
29366 support for HAVE_SYSCONF
29370 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
29378 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
29381 now tells you what os you are running /.
29388 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
29403 uid seinitialized to -2
29406 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
29409 now removes LIBPATH for AIX
29412 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
29415 now uses ufc if it finds it
29418 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
29421 no longer define yyval & yylval since yacc does it
29425 now defines yylval as extenr
29429 BROKEN_GETPASS is now an OPTION
29433 took out BROKEN_GETPASS
29437 took out big comment
29445 took out README.beta
29453 now reference SUPPORTED .,
29457 now check for convex OR __convex__
29461 now check for convex or __convex__
29473 now use _S_* stat stuff to be ansi-like
29477 updated for configure directions
29481 distclean now removes config.h and pathnames.h
29500 * config.h.in, pathnames.h.in:
29501 added copyright header
29504 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
29505 parse.yacc, sudo.c, sudo.h:
29510 udpated to use configure + pathnames.h
29517 * Makefile.in, config.h.in, configure.in:
29522 now works with configure
29525 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
29526 updated to work with configure + pathnames.h
29533 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
29536 updated gnu general licence to versio 2
29539 * config.h.in, pathnames.h.in:
29544 changed to work with configure
29547 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
29549 * Makefile.in, aclocal.m4, configure.in:
29554 now uses defines used by configure
29557 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
29560 sudo won't bitch about EPERM now, for real
29563 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
29566 renamed exec_argv to eliminate a libc name clash with ksros
29573 * logging.c, sudo.c, sudo.h:
29590 added UMASK and mode_t declaration
29598 now opens log file with mode 077
29602 saved current umask ans restores it
29606 added MAXLOGFILELEN
29610 split long log lines. FOr syslog, split into multiple entries, for
29611 a log file, indent the extra for readability
29614 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
29621 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
29624 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
29627 added input from Brett M Hogden <hogden@rge.com>
29630 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29633 added rmenv() to remove stuff from environ. can now uses execvp()
29634 OR execve() becuase of this.
29638 now uses execvp() OR execve()
29654 moved some func decls out of sudo.h and into sudo.c as statics /.
29665 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
29671 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
29686 added sample.sudoers note
29693 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
29700 took out SAVED_UID garbage
29701 [b7c2d3469661] [SUDO_1_3_0]
29720 more verbose error if mailer not found
29724 now do getpwent as root for soem shadow password systems (bsdi)
29727 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
29730 took out SAVED_UID garbade
29734 took out SAVED_UID garbage since it don't work
29737 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
29744 added a missing space :-)
29748 took out multimax cruft
29760 fixed a typo + indentation
29763 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
29766 took outumoved some defines to the config file ,. ,.
29778 added HAS_SAVED_UID
29785 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
29791 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
29797 * check.c, logging.c, parse.c, sudo.c, sudo.h:
29798 now is only root when abs necesary
29805 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
29820 now removed _RLD_* for alphas
29824 updated for new config scheme
29828 more verbose eror messages
29831 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
29838 define __svr4__ for SOLARIS
29842 added svr4 junk for shadow pws for solaris 2.x
29846 took out setuid(0) and setreuid(udi) garbage. Its not needed since
29847 we start out setuid with the correct perms.
29850 * check.c, sudo.c, sudo.h:
29854 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
29857 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
29862 now uses ENV_EDITOR if you want to use the EDITOR envar
29866 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
29869 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
29872 rewrote most of this
29876 minor update + spell fix
29880 added all options that are in the Makefile
29884 now use USE_TERMIO #define for sgi & hpux
29891 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
29893 * check.c, find_path.c:
29894 always include strings.h
29902 sgi has vi in /usr/bin too
29909 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
29912 sue /usr/bin/vi on some systems
29916 fixed warning (include strings.h)
29920 added John_Rouillard@dl5000.bc.edu's changes (new features)
29924 changes from John_Rouillard@dl5000.bc.edu
29931 * check.c, find_path.c, parse.c, sudo.c:
29932 added patches from John_Rouillard directory spec
29936 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
29939 added flush for hpux
29942 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
29945 no longer assume malloc returns a char *
29949 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
29950 gets removed correctly
29954 added STD_HEADERS macro
29958 now uses STD_HEADERS macor for ansi
29962 now uses STD_HEADERS macro
29966 niceties for C compiler bitches -- no real change
29969 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
29972 now doesn't fclose a file never opened.
29975 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
29982 added error stuff added me in there...
29990 added blurb about reading stuff
29998 corrected somments and removed newlines
30010 added dec syslog note
30014 added real stuff in there
30025 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
30032 updated with changes
30043 * CHANGES, COPYING, INSTALL, README, TODO:
30048 updated version number and took out jeff's old addr since it is no
30052 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
30054 updated version number and took out jeff's email (since it is
30058 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
30064 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
30067 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
30070 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
30077 now sudo.h gets included first
30080 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
30091 hpux 9 fix, removes SHLIB_PATH linux patch
30098 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
30101 stat now ignores EINVAL
30104 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
30106 * find_path.c, sudo.c:
30107 now declare strdup as extern
30110 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
30113 reformatted with indent + by hand
30116 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
30117 used indent to "fix" coding style
30121 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
30122 move the code that does this into the loop body. makes it messier
30126 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
30129 redid the fix for non-executable files in an easier to read way plus
30130 some minor aethetic changes
30134 fixed bug with non-executable tings of same name in path introduced
30135 by checkig errno after stat(2).
30138 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
30141 fixed off by one error
30145 now handles decending below '/' correctly
30149 now actually builds Envp instead of munging envp
30152 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
30155 now includes sys/param.h
30159 now includes sys/param.h
30163 fixed ifndef -> ifdef
30167 make more like find_path.c
30171 rewritten by millert
30175 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
30176 about new defines in the comment
30184 added delc for clean_envp() and Envp
30188 now rips LD_* env vars out of envp and passed sanitized Envp to exec
30196 ENOTDIR is ok now too (in case part of the path is bogus)
30200 now works correctly (ttaltotal rewrite)
30204 now includes sys/param.h didn't match trailing / -- fix from
30208 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
30211 moved around the #ifndef _AIX
30214 * check.c, logging.c, parse.c:
30218 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
30224 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
30227 now works if you do sudo bin/test
30234 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
30244 * parse.lex, parse.yacc:
30248 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
30255 now spews error if exec fails and exits with -1
30263 now only execs files with (an) executable bit set.
30270 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>