1 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
5 [edf691539a65] [tip] <1.7>
8 Treat a missing includedir like an empty one and do not return an
12 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
15 Fix ARCH setting in cross-compile Solaris packages.
19 Fix aix version setting.
23 Remove extraneous parens in LDAP filter when sudoers_search_filter
24 is enabled that causes a search error. From Matthew Thomas.
27 2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
30 Added tag SUDO_1_7_6 for changeset fafbb7b0aea2
33 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
34 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
35 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
37 [fafbb7b0aea2] [SUDO_1_7_6] <1.7>
39 * sudo.cat, sudo.man.in:
40 regen man pages for 1.7.6
43 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
45 * configure, configure.in:
46 Fix warnings when -without-skey, --without-opie, --without-kerb4,
47 --without-kerb5 or --without-SecurID were specified.
50 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
53 Mention %#gid support in User_List and Runas_List
57 Merge SETENV and NOSETENV description from 1.8
60 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
63 In dump-only mode, use "root" as the default username instead of
64 "nobody" as the latter may not be available on all systems.
67 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
70 Fix setting of user_args
74 Add '!' token to lex tracing
78 Avoid using pre or post increment in a parameter to a ctype(3)
79 function as it might be a macro that causes the increment to happen
83 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
86 Strip off the beta or release candidate version when building AIX
91 getuserattr(user, ...) will fall back to the "default" entry
92 automatically, there's no need to check "default" manually.
95 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
98 Document parser changes.
102 Add runasgroup support to testsudoers
106 More useful exit codes:
107 * 0 - parsed OK and command matched.
109 * 2 - command not matched
114 If there is an existing sudoers file, only install if it passes a
119 Document %#gid, and %:#nonunix_gid syntax.
123 Add support to user_in_group() for treating group names that begin
127 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
130 Quote first argument to AC_DEFUN(); from Elan Ruusamae
133 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
136 Use bitwise AND instead of modulus to check for length being odd. A
137 newline in the middle of a string is an error unless a line
138 continuation character is used.
142 Add missing include of config.h
145 * gram.c, gram.y, toke.c, toke.l:
146 Move lexer globals initialization into init_lexer.
150 Fix a potential crash when a non-regular file is present in an
151 includedir. Fixes bz #452
155 On some Linux systems, "uname -p" contains detailed processor info
156 so check "uname -m" first and then "uname -p" if needed. Recognize
161 Make an empty group or netgroup a syntax error.
165 Allow a group ID in the User_Spec.
169 Return an error for the empty string when a word is expected. Allow
170 an ID for per-user or per-runas Defaults.
173 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
176 Fix printing "User_Alias FOO = ALL"
179 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
182 Better error message about invalid -C argument
190 Fix placement of equal size ('=') in user specification summary.
193 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
196 If we match a rule anchored to the beginning of a line after parsing
197 a line continuation character, return an ERROR token. It would be
198 nicer to use REJECT instead but that substantially slows down the
203 Allow whitespace after the modifier in a Defaults entry. E.g.
204 "Defaults: username set_home"
207 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
210 Don't set CC when cross-compiling. Use the Sun Studio C compiler on
215 Credit Matthew Thomas for the sudoers_search_filter changes.
219 Update for sudo 1.7.6 beta
223 Save the controlling tty process group before suspending in pty
224 mode. Previously, we assumed that the child pgrp == child pid
225 (which is usually, but not always, the case).
228 * ldap.c, sudoers.ldap.pod:
229 Add support for sudoers_search_filter setting in ldap.conf. This
230 can be used to restrict the set of records returned by the LDAP
234 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
236 * configure, configure.in:
237 Remove the hack to disable -g in CFLAGS unless --with-devel
241 The '@' character does not normally need to be quoted.
245 We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
246 if that whitespace is followed by a comma, we want to treat it as
247 part of a list and not transition.
251 toke_util.c lives in $(srcdir) not $(devdir)
255 Fix parsing of double-quoted names in Defaults and Aliases which was
256 broken in c2b486b12951.
259 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
262 Document major changes for sudo 1.7.6
265 * configure, configure.in:
266 Update version to 1.7.6
270 Be careful not to deref user_stat if it is NULL. This cannot
271 currently happen in sudo but might in other programs using the
276 configure will not add -O2 to CFLAGS if it is already defined to add
277 -O2 to the CFLAGS we pass in when PIE is being used.
281 Warn about the dangers of log_input and mention iolog_dir in the
282 log_input and log_output descriptions.
286 Back out 2b81d57de4a4 and sync with git version
290 Save the controlling tty process group before suspending so we can
291 restore it when we resume. Fixes job control problems on Linux
292 caused by the previous attemp to fix resuming a shell when I/O
297 In handle_signals(), restart the read() on EINTR to make sure we
298 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
299 means we have emptied the pipe.
303 Fix printing of the remainder after a newline. Fixes "sudo -l"
304 output corruption that could occur in some cases.
307 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
310 Fix default setting of osversion variable.
313 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
316 Add --osversion flag to specify OS instead of running "pp
321 Fix expr usage w/ GNU expr
324 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
327 Don't use the beta or release candidate version as the rpm release.
330 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
333 Added tag SUDO_1_7_5 for changeset 9314212577c3
336 * configure, configure.in:
338 [9314212577c3] [SUDO_1_7_5] <1.7>
340 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
342 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
343 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
344 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
348 * parse_args.c, sudo.c, sudo.pod, sudo_usage.h.in, sudoreplay.c,
349 sudoreplay.pod, visudo.c, visudo.pod:
350 add help text to sudo, visudo and sudoreplay for the -h option
353 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
356 avoid using "howmany" for a parameter name since it is a select-
361 add localstatedir; closes bug 471
364 * config.h.in, configure, configure.in, exec.c, exec_pty.c,
366 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
371 SVR5 systems return non-zero for success on socketpair(), check for
372 -1 instead. Closes Bug 469
375 2011-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
378 Move afs includes to be before sudo ones
381 * config.h.in, configure, configure.in:
382 No longer use vhangup
385 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
388 Avoid printing empty "Runas and Command-specific defaults for user"
393 Truncate the buffer at buf.len before printing in the non-wordwrap
398 Remove extra newline when the tty width is very small or unavailable
401 2011-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
403 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
404 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
405 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
410 don't remap numeric uids/gids to names; if the user specified and id
411 instead of a name, they probably mean it
414 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
417 Remove unneeded variable.
420 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
422 * configure, configure.in:
423 Prefer getutxid over getutid
427 Include utmp.h / utmpx.h before missing.h as apparently including it
428 afterwards causes a compilation problem on GNU Hurd.
431 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
433 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
434 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
435 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
439 * exec.c, missing.h, sudo.c, toke.h:
447 * Makefile.in, toke.h, toke.l, toke_util.c:
448 Split tokenizer utility functions out into toke_util.c
451 * alloc.c, bsm_audit.c, check.c, closefrom.c, sudo_nss.c, visudo.c:
452 Cosmetic changes to make diffing against trunk easier.
455 * exec.c, exec_pty.c, mon_systrace.c, sudo.h, sudo_exec.h,
456 sudoreplay.c, tgetpass.c:
457 Use RETSIGTYPE for signal handlers.
461 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
462 SIGUSR2 to indicate whether the child should be continued in the
463 foreground or background.
466 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
473 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
474 SIGUSR2 to indicate whether the child should be continued in the
475 foreground or background.
479 If perform_io() fails, kill the child before exiting so it doesn't
480 complain about connection reset. We can get an I/O error if, for
481 example, and we get EIO reading from stdin.
484 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
486 * error.c, fileops.c, fnmatch.c, getcwd.c, getprogname.c, gettime.c,
487 glob.c, isblank.c, memrchr.c, mksiglist.c, mkstemps.c, nanosleep.c,
488 setsid.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c,
489 strlcat.c, strlcpy.c, strsignal.c, sudo_noexec.c, sudoreplay.c,
490 utimes.c, vasgroups.c, zero_bytes.c:
491 Make local includes consistent; use double quotes for local includes
494 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
496 * error.c, getprogname.c, memrchr.c, sigaction.c, strcasecmp.c,
497 strerror.c, strlcat.c, strlcpy.c, strsignal.c, zero_bytes.c:
498 Must include config.h before any other headers.
501 * aclocal.m4, configure:
502 fix --with-iologdir=no
505 * aclocal.m4, configure:
506 fix typo that broke --with-iologdir
509 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
515 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
516 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
517 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
521 * sudoers.cat, sudoers.man.in, sudoers.pod:
522 Attempt to clarify how users and groups interact in Runas_Specs
525 * exec.c, exec_pty.c:
526 Do not handle SIGARLM specially, just pass it through.
529 * exec.c, exec_pty.c:
530 Pass SIGUSR1/SIGUSR2 through to the child.
534 Made tcsetpgrp() bits conditional on HAVE_TCSETPGRP
538 Use pid_t not int and check the return value of kill()
541 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
544 In non-pty mode before continuing the child, make it the foreground
545 pgrp if possible. Fixes resuming a shell.
549 If we get a signal other than SIGCHLD in the monitor, pass it
550 directly to the child.
553 * exec.c, exec_pty.c, sudo.h:
554 Save signal state before changing handlers and restore before we
558 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
561 match quoted strings the same way whether in a Defaults line or as a
562 user/group/netgroup name. Fixes escaped double quotes in quoted
563 user/group/netgroup names.
567 Use a char array to map a number to a base36 digit.
570 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
571 Be clear about what versions of sudo support new LDAP attributes.
572 Fix up some formatting of attribute names. Minor other tweaks.
575 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
578 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
581 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
584 Mention LDAP attribute compatibility status.
587 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
593 * INSTALL, NEWS, config.h.in, configure, configure.in, defaults.c,
594 sudoers.man.in, sudoers.pod:
595 Add --disable-env-reset configure option.
598 * sudoers.cat, sudoers.man.in, sudoers.pod:
599 Document that sudoers_locale also affects logging and email.
602 * NEWS, config.h.in, configure, configure.in, logging.c:
603 Do logging and email sending in the locale specified by the
604 "sudoers_locale" setting ("C" by default). Email send by sudo
605 includes MIME headers when the sudoers locale is not "C".
608 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
611 Perform command escaping for "sudo -s" and "sudo -i" after
612 validating sudoers so the sudoers entries don't need to have all the
616 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
619 Prepend "list " to the command logged when "sudo -l command" is used
620 to make it clear that the command was listed, not run.
627 * aix.c, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
628 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
629 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
630 auth/securid.c, auth/securid5.c, auth/sia.c, bsm_audit.c, check.c,
631 defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
632 fnmatch.c, get_pty.c, getcwd.c, getline.c, getprogname.c,
633 getspwuid.c, gettime.c, glob.c, goodpath.c, gram.c, gram.y, iolog.c,
634 isblank.c, lbuf.c, ldap.c, list.c, logging.c, match.c, memrchr.c,
635 mkstemps.c, mon_systrace.c, nanosleep.c, parse.c, parse_args.c,
636 pwutil.c, redblack.c, set_perms.c, sigaction.c, snprintf.c,
637 strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
638 sudo_noexec.c, sudo_nss.c, sudoreplay.c, term.c, testsudoers.c,
639 tgetpass.c, timestr.c, toke.c, toke.l, tsgetgrpw.c, utimes.c,
640 vasgroups.c, visudo.c:
641 standardize on "return foo;" rather than "return(foo);" or "return
650 Do not reject sudoers file just because it is root-writable.
653 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
660 When setting default iolog_dir, dynamically allocate the string.
664 For "sudo -U user -l" if user is not authorized on the host, say so.
668 In sudo_ldap_lookup(), always do the initial sudoers check as the
669 invoking user. If we are listing another user's privs we will do a
670 separate lookup using list_pw later.
673 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
676 change an error() to errorx()
679 * sudoers.ldap.man.in, sudoers.ldap.pod:
680 Update copyright year to 2011
683 * LICENSE, Makefile.in, aclocal.m4, check.c, configure.in, ldap.c,
684 match.c, pwutil.c, sudo_nss.c, sudoers.man.in, sudoers.pod, term.c:
685 Update copyright year to 2011
689 Stash pointer to user group vector in LDAP handle and only reuse the
690 query if it has not changed. We always allocate a new buffer when
691 we reset the group vector so a simple pointer check is sufficient.
695 When listing, use separate lbufs for the defaults and the privileges
696 and only print something if the number of privileges is non-zero.
697 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
701 Check initgroups() return value.
704 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
710 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
713 Clear, don't set, OPOST in c_oflag as was intended in e26055d17b72.
716 2011-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
719 delref list_pw before exit
722 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
725 Add Requires line for audit-libs >= 1.4 for RHEL5+
729 sync with git version
732 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
734 * sudoers.cat, sudoers.man.in, sudoers.pod:
738 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
741 Update for sudo 1.7.4p5
744 * schema.OpenLDAP, schema.iPlanet:
745 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
746 to the sudoRole object class. From Andreas Mueller
749 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
752 Mention "sudo -g group" password check fix.
756 If the user is running sudo as himself but as a different group we
757 need to prompt for a password.
760 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
762 * NEWS, config.h.in, configure, configure.in, ldap.c,
763 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
764 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
765 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
766 derived LDAP SDKs but we can pass the timeout parameter to
767 ldap_search_ext_s() or ldap_search_st() when possible.
770 * sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in:
774 * NEWS, ldap.c, sudoers.ldap.pod:
775 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
776 with OpenLDAP ldap.conf files.
780 If user has no supplementary groups, fall back on checking the group
784 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
791 Use "mv -f" when regenerating ChangeLog
795 Fix NULL dereference with "sudo -g group" when the sudoers rule has
796 no runas user or group listed. Fixes RedHat bug Bug 667103.
799 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
802 Clear OPOST from c_oflag like we used to. Fixes screen-based
807 Clarify umask option description. From Reuben Thomas.
810 2010-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
812 * ldap.c, sudoers.ldap.pod:
813 Pick last match in LDAP sudoers too
816 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
818 * aclocal.m4, configure, configure.in, def_data.c, def_data.h,
819 def_data.in, defaults.c, iolog.c, sudoers.pod:
820 Make the iolog dir configurable in sudoers
823 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
826 Add missing '*' that prevented the generic ELF case from matching.
830 If file(1) can't identify the ELF binary type, try readelf(1).
833 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
835 * auth/kerb4.c, check.c, env.c, pwutil.c, sudo.c:
836 Use %u to print uid/gid, not %lu and adjust casts to match.
840 Update with latest changes
844 Clarify ordering of entries and attributes
848 Fix typo and editing goof.
852 Make sure we don't dereference a NULL handle.
855 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
858 Add support for RHEL 6 file modes that include a trailing dot on
859 files with an SELinux security context
862 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
865 fix typo; from Michael T Hunter
869 In sudoedit mode, assume command line arguments are paths and pass
870 FNM_PATHNAME to fnmatch().
873 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
875 * configure, configure.in:
876 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
877 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
878 broken bits of the header file.
882 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
885 * testsudoers.c, tsgetgrpw.c, tsgetgrpw.h:
886 Avoid conflicts with system definitions in grp.h and pwd.h
890 For Tru64, strip off beta version.
894 Include stdio.h after zlib.h, not before. We need the large file
895 defines to come first.
898 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
901 Enlarge the array of entry wrappers int blocks of 100 entries to
902 save on allocation time. From Andreas Mueller
906 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
907 that was mistakenly dropped.
910 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
913 Mention that sudo needs "ar" to build.
916 * configure, configure.in:
917 Fail with a more useful error if "ar" is not found.
920 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
923 Reorder things to avoid most of the extra prototypes.
927 Inline sudo_ldap_result_get_entry(), it is always called in
928 situations where the bounds are already checked.
932 Add user_matches and host_matches to struct ldap_result and set them
933 in sudo_ldap_result_get() which is where the user and host checks
934 live. When iterating through the ordered results, take the first
935 match. Remove allowed flag from struct ldap_entry_wrapper, we just
939 2010-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
941 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
942 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
943 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
944 Bump version and regen man pages
947 * ldap.c, schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet,
949 Merge in ordered LDAP entry support from Andreas Mueller.
952 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
954 * ldap.c, schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet,
956 Add timed entry support from Andreas Mueller.
960 Use efree() not free() and remove malloc.h include since we never
961 directly call malloc() or free().
964 2010-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
966 * Makefile.in, getdate.c, gram.c, toke.c:
967 Include config.h before any other includes to make sure we get the
968 right value for _FILE_OFFSET_BITS.
971 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
974 set PSTAMP for Solaris and move the backend-specific bits to their
975 own %if [xxx] %endif blocks in %set.
982 2010-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
985 remove zlib/zconf.h for distclean
988 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
989 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
990 regen man pages for 1.7.5
998 Update 1.7.5 entries.
1001 2010-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
1004 Include zlib in the tar file.
1005 [3b7900c3f2af] <1.7>
1007 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
1010 Better --enable-zlib description
1011 [0ca9936a7271] <1.7>
1014 Use system zlib on Linux Let configure decide on Solaris For all
1015 others, use builtin zlib
1016 [58e1b4383b58] <1.7>
1018 * LICENSE, Makefile.in, config.h.in, configure, configure.in,
1019 license.pod, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
1020 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
1021 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
1022 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
1023 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
1024 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
1025 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
1026 Add local copy of zlib for systems that lack it.
1027 [060627a4a413] <1.7>
1029 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
1032 Don't overwrite ChangeLog if we can't run hg
1033 [8cad8bfce9ee] <1.7>
1035 * configure, configure.in:
1036 HP-UX 10.20 libc has an incompatible getline()
1037 [6ae1631c6993] <1.7>
1040 Quiet an HP-UX compiler warning.
1041 [b8eb3006d68b] <1.7>
1043 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
1046 Don't use run_as_superuser=false on HP-UX
1047 [2a9ec2750082] <1.7>
1050 Update from git repo. Debian: version numbers now compliant with
1051 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
1053 [cfe38672e358] <1.7>
1055 * configure, configure.in:
1056 Go back to checking whether the compiler is ANSI C when detecting
1057 the HP-UX bundled C compiler.
1058 [563ef7333662] <1.7>
1060 * configure, configure.in:
1062 [96048f77d772] <1.7>
1065 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
1066 useful message and return AUTH_FATAL so sudo does not keep trying to
1068 [fffa5e51ac47] <1.7>
1070 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
1073 don't need ws_col here
1074 [049b4ef9c9ce] <1.7>
1077 Having a timestamp file defined is no longer indicative of tty
1078 tickets being enabled. Check def_tty_tickets directly.
1079 [6c3803c239d9] <1.7>
1081 * exec_pty.c, lbuf.c:
1082 Fix TCGETWINSZ compat.
1083 [62233ba46ec7] <1.7>
1085 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
1087 * exec_pty.c, lbuf.c:
1088 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
1089 [0813e3030b1a] <1.7>
1091 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
1094 Sync set_project() with trunk.
1095 [646fd9bc0537] <1.7>
1098 When iterating over returned LDAP entries, keep looking at remaining
1099 matches even if we have a positive match. This catches negative
1100 matches that may exist in other entries and more closely match the
1101 sudoers file behavior.
1102 [8dce1dedb967] <1.7>
1105 Add support for multiple package instances on Solaris.
1106 [5bcc048375db] <1.7>
1108 * set_perms.c, sudo.c:
1109 Move set_project() into runas_setup(). Fixes a NULL deref when
1110 project support is enabled and sudo's -g flag is used without the
1112 [6ffd892243ab] <1.7>
1115 Add missing signal_pipe[0] to fdsr for the non-pty case.
1116 [3398af88db51] <1.7>
1119 Add --with-project for Solaris
1120 [25bd2aa83884] <1.7>
1123 Need ar and ranlib too
1124 [d09e632d0a93] <1.7>
1126 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
1129 Preserve ODMDIR environment variable by default on AIX.
1130 [75266d18e4a7] <1.7>
1132 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
1135 Ignore ECONNREFUSED from audit_log_user_command() which will occur
1136 if auditd is not running.
1137 [a686884684ca] <1.7>
1139 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
1142 Sync with git version
1143 [9a328aa25c53] <1.7>
1145 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
1147 * defaults.c, fileops.c:
1148 Cast isblank argument to unsigned char.
1149 [64b9f3bed954] <1.7>
1151 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
1153 * INSTALL, config.h.in, configure, configure.in, defaults.c,
1154 sudoers.cat, sudoers.man.in, sudoers.pod:
1155 Implement --with-umask-override configure flag.
1156 [5065008079df] <1.7>
1159 Take MODE_LOGIN_SHELL into account when initially setting reset_home
1160 instead of special-casing it later.
1161 [25e6b8419dea] <1.7>
1164 In login mode, make a copy of the runas user's pw_shell for
1165 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
1167 [4a0851a7688a] <1.7>
1170 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
1171 [8dc31006a428] <1.7>
1174 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
1175 [8751ef94b18d] <1.7>
1178 Reset signal mask at sudo startup time; we need to be able to rely
1179 on normal signal delivery to control the child process.
1180 [c986a4b6a942] <1.7>
1183 Fix SIG_UNBLOCK emulation
1184 [f14264f8a0da] <1.7>
1186 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
1189 Use sed instead of expr to split a flag from its argument. Fixes a
1190 problem with expr interpreting its arguments as a flag when they
1192 [16372da8a286] <1.7>
1195 Back out rev e165f67d3127
1196 [e9b70079698d] <1.7>
1199 Include sys/time.h for utimes() and struct timeval.
1200 [e165f67d3127] <1.7>
1203 Quiet bogus compiler warnings.
1204 [176fceb8db3c] <1.7>
1207 Declare innetgr() for HP-UX which is missing a declaration. Declare
1208 domainname() for HP-UX and Solaris which are missing a declaration.
1209 [0b4c1296d4da] <1.7>
1212 Use __sun for consistency with the rest of the sources.
1213 [8f0db6350b3a] <1.7>
1216 Don't try to delref a NULL group.
1217 [57e94fc5df3e] <1.7>
1220 Include memory.h on systems that need it.
1221 [e43d8d8a0008] <1.7>
1223 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
1226 Quiet gcc warnings on glibc systems that use warn_unused_result for
1228 [f22696affc78] <1.7>
1230 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
1232 * NEWS, README, configure, configure.in:
1233 Update for sudo 1.7.5
1234 [62ed8c6cb7c2] <1.7>
1236 * exec.c, exec_pty.c, list.c, list.h, sudo_exec.h:
1237 Instead of using a array to store received signals, open a pipe and
1238 have the signal handler write the signal number to one end and
1239 select() on the other end. This makes it possible to handle signals
1240 similar to I/O without race conditions.
1241 [2d9dd09a9fce] <1.7>
1244 --with-iologdir not --enable-iologdir
1245 [457471aaeda6] <1.7>
1247 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
1249 * visudo.c, visudo.pod:
1250 Make "visudo -c -f -" check the standard input.
1251 [8ed46ff3141a] <1.7>
1254 set_home and always_set_home have an effect if HOME is present in
1256 [a2b26d62176d] <1.7>
1259 Make -H flag work when HOME is listed in env_keep. Also makes
1260 "set_home" and "always_set_home" override override HOME in env_keep.
1261 [91d842b6adc6] <1.7>
1263 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
1266 Solaris BSM audit return EINVAL when auditing is not enabled,
1267 whereas OpenBSM returns ENOSYS.
1268 [bb9c94a8fa7d] <1.7>
1270 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
1273 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
1274 [0a5519756bf1] <1.7>
1277 Set NewArgv[0] to the name of the pseudo-command we are running.
1278 Fixes a problem with "sudo -l" when auditing is enabled and the user
1279 is not allowed to run any commands on the host. Adapted from a patch
1280 from Daniel Kopecek.
1281 [694ed1a75a4a] <1.7>
1284 Update comment to reality.
1285 [de302f39566b] <1.7>
1288 Need stdio.h for FILE *, not just NULL.
1289 [77cf303f5696] <1.7>
1291 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
1294 When matching the runas user and runas group (-u and -g command line
1295 options), keep track of runas group and runas user matches
1296 separately. Only return a positive match if we have a match for
1297 both runas user and runas group (if specified).
1298 [68d30216c13a] <1.7>
1300 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
1303 Do not return -1 on error from the display functions; the call
1304 expects a return value >= 0.
1305 [e50e6ae4d06d] <1.7>
1308 display_bound_defaults now returns a count so make the stub return
1310 [97293ced4908] <1.7>
1313 Add #include of sys/types.h for .c files that include missing.h to
1314 be sure that size_t and ssize_t are defined.
1315 [a4f3070d0a2b] <1.7>
1317 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
1320 It looks like AIX doesn't need to push STREAMS modules for ptys.
1321 [62c281fcd4ad] <1.7>
1323 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
1325 * error.c, getprogname.c, isblank.c, missing.h, mksiglist.c,
1326 sigaction.c, strerror.c, strsignal.c, sudo_noexec.c:
1327 Add #include of sys/types.h for .c files that include missing.h to
1328 be sure that size_t and ssize_t are defined.
1329 [2ffbbb12f322] <1.7>
1332 Install sudoers file from the build dir not hte src dir.
1333 [a26afd8db531] <1.7>
1335 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
1338 If runas_pw changes, reset the stashed runas aux group vector.
1339 Otherwise, if runas_default is set in a per-command Defaults
1340 statement, the command runs with root's aux group vector (i.e. the
1341 one that was used when locating the command).
1342 [24a695707b67] <1.7>
1345 Add target to generate sudoers file Remove generated sudoers file as
1347 [448627fc35b6] <1.7>
1349 2010-08-23 millert <millert@rh4-x86.home.courtesan.com>
1352 When not logging I/O install a handler for SIGCONT and deliver it to
1353 the command upon resume. Fixes bugzilla #431
1354 [e84690aa67bd] <1.7>
1356 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
1359 g/c unused auth_pw global
1360 [e30778d73c0b] <1.7>
1363 Move get_auth() into check.c where it is actually used.
1364 [3130e37787af] <1.7>
1367 Don't need to fork and wait when compiled with --disable-pam-session
1368 [2ae1bbe4437a] <1.7>
1370 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
1373 Convert a remaining puts() and putchar() to use the output function.
1374 [d68c213feb0f] <1.7>
1376 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
1379 Replace sudoers with sudoers.in in DISTFILES
1380 [616509f85d6c] <1.7>
1383 Set dupcheck to TRUE when setting new HOME value if !env_reset but
1384 always_set_home is true. Prevents a duplicate HOME in the
1385 environment (old value plus the new one) introduced in 9f97e4b43a4b.
1386 [2672ae047984] <1.7>
1388 * configure, configure.in, sudoers, sudoers.in:
1389 Substitute sysconfdir in the installed sudoers file to get the
1390 correct path for sudoers.d.
1391 [ab14a68e546f] <1.7>
1393 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
1395 * boottime.c, get_pty.c:
1396 Fix typos that prevented compilation on Irix; Friedrich Haubensak
1397 [a3e6c5a66890] <1.7>
1399 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
1401 * Makefile.in, aix.c, audit.c, boottime.c, compat.h, error.c,
1402 fnmatch.c, getcwd.c, getdate.c, getdate.y, getline.c, getprogname.c,
1403 gettime.c, glob.c, isblank.c, linux_audit.c, memrchr.c, missing.h,
1404 mksiglist.c, nanosleep.c, sesh.c, setsid.c, sigaction.c, snprintf.c,
1405 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.h,
1406 sudo_noexec.c, sudoreplay.c, timestr.c, utimes.c, vasgroups.c,
1408 Merge compat.h and missing.h into missing.h
1409 [905905c7a8f0] <1.7>
1411 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
1414 If the user hits ^C while a password is being read, error out before
1415 reading any further passwords in the pam conversation function.
1416 Otherwise, if multiple PAM auth methods are required, the user will
1417 have to hit ^C for each one.
1418 [c8f6bc58fd86] <1.7>
1420 2010-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
1423 Fix waitpid() loop termination condition.
1424 [97719b3259f2] <1.7>
1427 Use sudo_waitpid() instead of bare waitpid()
1428 [624a40269189] <1.7>
1430 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
1433 Set pp_kit_version and strip off patchlevel
1434 [814c87778567] <1.7>
1437 Better handling of versions with a patchlevel. For rpm and deb, use
1438 the patchlevel+1 as the release. For AIX, use the patchlevel as the
1439 4th version number. For the rest, just leave the patchlevel in the
1441 [d18ef30f0a72] <1.7>
1443 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
1446 For non-standalone auth methods, stop reading the password if the
1447 user enters ^C at the prompt.
1448 [59d2b1328d1e] <1.7>
1450 * configure, configure.in:
1451 Don't print getspwuid as an auth method.
1452 [d35cf4628d9a] <1.7>
1454 * Makefile.in, auth/passwd.c, auth/secureware.c, auth/sudo_auth.c,
1455 auth/sudo_auth.h, configure, configure.in, pwutil.c:
1456 No need to look up shadow password unless we are doing password-
1457 style authentication. This moves the shadow password lookup to the
1458 auth functions that need it.
1459 [10a85eebbf4c] <1.7>
1462 When removing/resetting the timestamp file ignore the tty ticket
1464 [8b285f601ec0] <1.7>
1466 2010-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
1469 delref sudo_user.pw, runas_pw and runas_gr immediately before we
1471 [220be2de2f31] <1.7>
1474 Move calls to sudo_endgrent() and sudo_endpwent() to be after
1475 set_perms(), which may do passwd or group lookups.
1476 [883f0db94fd4] <1.7>
1478 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
1481 Make sure we don't try to delref NULL.
1482 [19bc5a47db06] <1.7>
1485 Add missing delref in user_in_group()
1486 [fafb278f47a6] <1.7>
1489 delref the old runas group in set_runasgr()
1490 [0a7dd113cb1f] <1.7>
1493 Repair usergr_matches() return value broken in last checkin.
1494 [460b7b6ca2ce] <1.7>
1496 * check.c, get_pty.c, glob.c, ldap.c, match.c, pwutil.c, sudo.c,
1498 Reference count cached passwd and group structs. The cache holds
1499 one reference itself and another is added by sudo_getgr{gid,nam} and
1500 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
1501 group structs are persistent for now.
1502 [e414c67e11fd] <1.7>
1506 [0f443aa22e96] <1.7>
1508 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
1511 Do not produce a warning for "sudo -k" if the ticket file does not
1513 [eeaaa73d7f5b] <1.7>
1516 Instead of caching struct passwd and struct group in the red-black
1517 tree, store a struct cache_item which includes both the key and
1518 datum. This allows us to user the actual name that was looked up as
1519 the key instead of the contents of struct passwd or struct group.
1520 This matters because the name in the database may not match what we
1521 looked up, due either to case folding or truncation (historically at
1522 8 characters). Also mark the disabled calls to sudo_freepwcache()
1523 and sudo_freegrcache() as broken since we use cached data for things
1524 like set_perms() and the logging functions. Fixing this would
1525 require making a copy of the structs for user and runas or adding a
1526 reference count (better).
1527 [2c1d8ec4fa5f] <1.7>
1529 * check.c, exec_pty.c, get_pty.c, logging.c, sudoreplay.c, tgetpass.c,
1531 Quiet gcc warnings on glibc systems that use warn_unused_result for
1532 write(2) and others.
1533 [5faf88695c66] <1.7>
1535 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
1539 [8a5e05d6f71f] <1.7>
1541 * aclocal.m4, configure:
1542 Add cross-compile defaults for remaining AC_TRY_RUN usage.
1543 [fb88d22eabc6] <1.7>
1545 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
1547 * aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
1548 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
1549 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
1550 [5e7cc557a46e] <1.7>
1552 2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
1555 Added tag SUDO_1_7_4 for changeset 2920a3b9d568
1556 [e929004d5102] <1.7>
1559 Debian: Remove dots from decoded release number AIX: looser matching
1560 of file command output for AIX 5.1
1561 [2920a3b9d568] [SUDO_1_7_4] <1.7>
1564 Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
1565 [cf65ddcec602] <1.7>
1567 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
1570 exec_monitor is static
1571 [0d844aa34c1d] <1.7>
1574 Update to latest version
1575 [7b8a00defbd6] <1.7>
1577 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
1580 Let pp determine pp_aix_version itself.
1581 [c5ee7944af03] <1.7>
1583 * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
1584 Add support for Ubuntu admin flag file and enable it when building
1586 [2d97501cda0c] <1.7>
1589 Add commented out SuSE-like targetpw settings
1590 [f4ad331ace46] <1.7>
1592 * configure, configure.in:
1593 Only try to use +DAportable for non-GCC on hppa Check the value of
1594 $pic_flag insteaf of whether the compiler is ANSI C when detecting
1595 the HP-UX bundled C compiler.
1596 [654da0091c16] <1.7>
1598 * configure, configure.in:
1599 Prevent configure from adding the -g flag unless in devel mode
1600 [e3c11f228c56] <1.7>
1602 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
1605 Go back to sudo-flavor to match existing packages and only use an
1606 underscore for those that need it.
1607 [1f78ecf3b990] <1.7>
1610 Use sudo_$flavor instead of sudo-$flavor since that causes the least
1611 amount of trouble for the various package managers.
1612 [7e1e07115788] <1.7>
1615 Fix handling of the ldap flavor Remove destdir unless --debug was
1616 specified Make distclean before running configure if there is a
1618 [2bde3925346d] <1.7>
1620 * configure, configure.in:
1621 Back out version change in 5baf2187a138
1622 [bbc3a81afbba] <1.7>
1625 Pass extra args on to configure on HP-UX, if we don't have the HP C
1626 compiler, disable zlib to prevent gcc from finding it in
1628 [87201c7f1116] <1.7>
1630 * configure, configure.in, mkpkg:
1631 Use the HP ANSI C compiler on HP-UX if possible
1632 [5baf2187a138] <1.7>
1635 Some getline() implementations (FreeBSD 8.0) do not ignore the
1636 length pointer when the line pointer is NULL as they should.
1637 [8652300785ed] <1.7>
1640 Don't need to check for *cp being non-zero, isdigit() will do that.
1641 [107301a99b6a] <1.7>
1644 Add setlocale() so the command line arguments that use floating
1645 point work in different locales. Since sudo now logs the timing
1646 data in the C locale we must Parse the seconds in the timing file
1647 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
1648 the number of seconds with the user's locale so if the decimal point
1649 is not '.' try using the locale-specific version.
1650 [2b8ed181e37c] <1.7>
1653 Do I/O logging in the C locale so the floating point numbers in the
1654 timing file are not locale-dependent.
1655 [18abbca14078] <1.7>
1658 Use errorx() not error() for thingsthat don't set errno.
1659 [a2e7c6793d26] <1.7>
1661 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
1664 Add Tru64 kit support
1665 [40e2d21aa17f] <1.7>
1668 Better support for 1.2.3 style versions in Tru64 kits
1669 [f7133199a711] <1.7>
1672 Remove apparently unnecessary use of sudo
1673 [a667a69eeab0] <1.7>
1676 Create timedir as part of install-dirs target.
1677 [a2e394d694dd] <1.7>
1680 Handle ENXIO from read/write which can occur when reading/writing a
1681 pty that has gone away. Fixes bugzilla 422
1682 [142f4c2efa17] <1.7>
1685 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
1686 [82e5e46bf458] <1.7>
1689 platform is a pp flag not a variable
1690 [9d0ab9b9bf0c] <1.7>
1692 * Makefile.in, mkpkg, sudo.pp:
1693 Add simple arg parsing for mkpkg so we can set debug, flavor or
1695 [8142ab01ccd9] <1.7>
1698 Make rpm backend work on AIX 5.x
1699 [2467a79d0b4d] <1.7>
1701 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
1704 Add commented out Defaults entry for log_output
1705 [b3fe97e59ae0] <1.7>
1707 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
1710 Install binary files with -b~ to make a backup. Fixes "text file
1711 busy" error on HP-UX during install.
1712 [3563e3e0163a] <1.7>
1715 "mv -f" on HP-UX doesn't unlink the destination first so add an
1716 explicit rm before moving the temporary into place.
1717 [3994af813c88] <1.7>
1719 * configure, configure.in:
1720 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
1721 [c214d50c32ec] <1.7>
1723 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
1726 Add missing include of maillock.h for Solaris
1727 [343f04b7a581] <1.7>
1729 * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
1730 sample.syslog.conf, sudoers.cat:
1731 Change the default syslog facility from local2 to authpriv (or auth
1732 if the operating system doesn't support authpriv).
1733 [949f39cf4a59] <1.7>
1735 * Makefile.in, configure, configure.in, sudo.pp:
1736 Install sudoers as /etc/sudoers on RPM and debian systems where the
1737 package manager will not replace a user-modified configuration file.
1738 This fixes upgrades from the vendor sudo packages.
1739 [74c7ff01e880] <1.7>
1742 RPM: use %config(noreplace) instead of %config for volatile This
1743 results in the new file being installed with a .rpmnew suffix
1744 instead of the file being replaced and the old one renamed with a
1746 [166133a4fb9e] <1.7>
1748 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
1750 * boottime.c, mkstemps.c:
1751 Include time.h for struct timeval.
1752 [50446e0b8398] <1.7>
1755 The return value of strsignal() may be const and should be treated
1756 as const regardless.
1757 [c035b17b50e3] <1.7>
1759 * sudoers.cat, sudoers.man.in, sudoers.pod:
1760 Mention that 127.0.0.1 will not match, nor will localhost unless
1761 that is the actual host name.
1762 [e9977ec7ac4f] <1.7>
1766 [f216d653404d] <1.7>
1768 * Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
1769 Rename WHATSNEW -> NEWS
1770 [f3ce0a462ca0] <1.7>
1773 Updated pp with latest patches
1774 [cded68af5ba0] <1.7>
1776 * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
1777 If pam is in use, wait until the process has finished before calling
1778 pam_close_session().
1779 [fb3d7de50a05] <1.7>
1781 * sudoers.cat, sudoers.man.in:
1782 regen sudoers manual
1783 [7498a058eeb1] <1.7>
1785 * UPGRADE, sudoers, sudoers.pod:
1786 Add commented out line to add HOME to env_keep and add a warning to
1787 the note about the HOME change in UPGRADE.
1788 [0f7e08f09b9f] <1.7>
1790 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
1793 Add LINE_MAX define for those without it.
1794 [6248dd44573c] <1.7>
1797 Mention that tty_tickets is now the default.
1798 [4cf26eaee5ba] <1.7>
1800 * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
1801 sudoers.cat, sudoers.man.in, sudoers.pod:
1802 The tty_tickets option is now on by default.
1803 [73dd2b82a3a9] <1.7>
1806 Mention that AIX authdb support has been fixed.
1807 [9331829dc276] <1.7>
1810 setauthdb() only sets the "old" registry if it was set by a previous
1811 call to setauthdb(). To restore the original value, passing NULL
1812 (or an empty string) to setauthdb() is sufficient.
1813 [d956fd763521] <1.7>
1815 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
1817 * sudoers.cat, sudoers.man.in, sudoers.pod:
1818 Mention new handling of HOME in always_set_home and set_home
1820 [a69c9bed3164] <1.7>
1822 * sudo.cat, sudo.man.in, sudo.pod:
1824 [9b90bb3e9187] <1.7>
1826 * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
1827 Reset HOME when env_reset is enabled unless it is in env_keep
1828 [18223dfd1ac3] <1.7>
1830 * sudoers.cat, sudoers.man.in, sudoers.pod:
1831 The default for set_logname has been "true" for some time now.
1832 [9f97e4b43a4b] <1.7>
1834 * sudoers.cat, sudoers.man.in, sudoers.pod:
1835 Document that MAIL it set in env_reset mode.
1836 [dcf9ad98079e] <1.7>
1839 Add missing include of time.h
1840 [57bee414982d] <1.7>
1842 * defaults.c, sudo.c:
1843 Check return value of setdefs() but don't stop setting defaults if
1844 we hit an unknown one.
1845 [a42cb2d6b7ed] <1.7>
1848 Fix check for dup2() return value.
1849 [916cd7fdeba7] <1.7>
1852 Treat an unknown defaults entry as a parse error.
1853 [1f94675835d9] <1.7>
1856 Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
1857 -i and env_reset mode.
1858 [aa6657ccfe01] <1.7>
1861 Add PYTHONUSERBASE to initial_badenv_table
1862 [93058374f0d9] <1.7>
1864 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
1865 pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
1866 If env_reset is enabled, set the MAIL environment variable based on
1867 the target user unless MAIL is explicitly preserved in sudoers.
1868 [d903c904dcd4] <1.7>
1870 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
1873 decode debian code names
1874 [2df0ecbc23b4] <1.7>
1878 [b66a95fa1869] <1.7>
1880 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
1883 Add entry about SuSE bash script fix.
1884 [04af78fa281c] <1.7>
1887 Restore RLIMIT_NPROC after the uid switch if it appears that
1888 runas_setup() did not do it for us. Fixes a bash script problem on
1889 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
1890 [bb14802d48b1] <1.7>
1892 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
1894 * mkpkg, pp, sudo.pp:
1895 Restore the dot removal in the os version reported by polypkg. Adapt
1896 mkpkg and sudo.pp to the change.
1897 [83c7870130fe] <1.7>
1899 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
1903 [c5f6e40bbb58] <1.7>
1906 Update for sudo 1.7.4
1907 [0c688f1f8160] <1.7>
1910 document --with-pam-login
1911 [33ca3f6308ae] <1.7>
1913 * sudoers.cat, sudoers.man.in, sudoers.pod:
1914 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
1915 [95f37e63ca15] <1.7>
1917 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
1920 Include flavor in solaris package name
1921 [b6d56ccf367e] <1.7>
1924 Older shells don't support IFS= so set explictly to space, tab,
1926 [336925525e17] <1.7>
1929 Use '=' not '==' in test
1930 [98c692271cfd] <1.7>
1933 Fix typo that prevented debian from matching
1934 [af4deec35e37] <1.7>
1937 Add missing prefix setting for debian
1938 [d0c1941cb6ec] <1.7>
1941 Use tab indents to reduce the chance of problem with <<- Uncomment
1942 some env_keep lines for RHEL, SLES and Debian to more closely match
1943 the vendor sudoers files.
1944 [74ba26566cdc] <1.7>
1947 Fix indentation Fix the debian %set section, pp does not set
1948 pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
1949 to %files for debian Remove the /etc/sudo-ldap.conf symlink on
1950 debian for ldap flavor
1951 [f15ff41b5afd] <1.7>
1954 Add commented out env_keep entries, sample Aliases and a %sudo line
1956 [8264e4ed42dc] <1.7>
1958 * configure, configure.in:
1959 Remove check for egrep; configure has its own
1960 [27b3d85ebf4f] <1.7>
1963 Use enable_zlib instead of enableval for consistency
1964 [4a15cfd43d3e] <1.7>
1966 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
1969 Enable zlib for linux distros
1970 [fcab91448bb0] <1.7>
1973 Add ldap flavor to default build
1974 [e35a577c8994] <1.7>
1977 Simplify rpm linux distro settings
1978 [f30547765636] <1.7>
1980 * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
1982 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
1983 [8c9440423d98] <1.7>
1985 * Makefile.in, mkpkg, sudo.pp:
1986 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
1987 environment variable.
1988 [9f418defc08a] <1.7>
1991 Create sudo group on debian
1992 [4b0cc7b8b0b5] <1.7>
1995 Add debian 4/5/6 and use the dot when doing version matches
1996 [d5184f0a1efc] <1.7>
1998 * sudoers.cat, sudoers.man.in, sudoers.pod:
1999 Remove spurious "and"; from debian
2000 [8b9f2a5937bc] <1.7>
2002 * aclocal.m4, configure:
2003 Use a loop when searching for mv, sendmail and sh
2004 [a1c7d19721a4] <1.7>
2006 * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
2007 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
2008 Substitute the value of EDITOR into the sudoers and visudo manuals.
2009 [f00dc9343f94] <1.7>
2011 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
2013 * mkpkg, pp, sudo.pp:
2014 Initial debian 4.0 support
2015 [6d73c000723f] <1.7>
2018 Some platforms need -fPIE instead of -fpie
2019 [8533a29633e8] <1.7>
2022 Add packaging bits to DISTFILES
2023 [dea9f374f28b] <1.7>
2026 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
2027 On Linux it causes a DNS lookup via libaudit.
2028 [22e04d2f5f0f] <1.7>
2031 We now use pp to generate HP-UX packages
2032 [6c9f8ae6bc11] <1.7>
2034 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
2038 [e52e9e6338d5] <1.7>
2040 * INSTALL, Makefile.in:
2041 isntall-man -> install-doc
2042 [02cc8198ea7a] <1.7>
2044 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
2045 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
2046 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
2047 Bump version to 1.7.4
2048 [df6ce4ea908a] <1.7>
2050 * INSTALL.binary, Makefile.binary.in, Makefile.in:
2051 Remove remaining bits of the old binary package
2052 [8d4f82c23c22] <1.7>
2055 Use http://rc.quest.com/topics/polypkg/ for packaging
2056 [d71793085629] <1.7>
2058 * Makefile.in, mkpkg, pp:
2059 Use http://rc.quest.com/topics/polypkg/ for packaging
2060 [675e505758c5] <1.7>
2063 Just ignore the -c option, it is the default Add support for -d
2065 [2adfb3a63231] <1.7>
2067 * env.c, logging.c, pathnames.h.in:
2068 Use _PATH_STDPATH instead of _PATH_DEFPATH
2069 [2c22d54a1f02] <1.7>
2072 Do not strip binaries.
2073 [bc84682b372c] <1.7>
2075 * INSTALL, configure, configure.in:
2076 Add --insults=disabled configure option to allow people to build in
2077 insult support but have the insults disabled unless explicitly
2079 [6d9f40db9cca] <1.7>
2081 2010-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
2083 * env.c, sudoreplay.c:
2085 [e44d3be7ab85] <1.7>
2087 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
2089 * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
2091 Add support for a sudo-i pam.d file to be used for "sudo -i".
2092 Adapted from a RedHat patch.
2093 [2984c3831d88] <1.7>
2096 Fix installation of sudo_noexec.so
2097 [d1f7ca8331b6] <1.7>
2099 * Makefile.in, config.h.in, configure, configure.in, missing.h,
2100 mkstemp.c, mkstemps.c, sudo_edit.c:
2101 Use mkstemps() instead of mkstemp() in sudoedit. This allows
2102 sudoedit to preserve the file extension (if any) which may be used
2103 by the editor (like emacs) to choose the editing mode.
2104 [46399679d9ae] <1.7>
2106 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
2108 * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
2109 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
2110 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
2111 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
2112 should avoid disabling TLS_CHECKPEER is possible.
2113 [1d626a5cf8c0] <1.7>
2115 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
2118 Add suport for negated user/host/command lists in a Defaults entry.
2119 E.g. Defaults:!baduser noexec
2120 [24f07a805dce] <1.7>
2122 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
2126 [d5f2922cecf2] <1.7>
2128 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
2131 Added tag SUDO_1_7_3 for changeset 72fd1f510a08
2132 [cc8b2277e17e] <1.7>
2134 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
2135 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
2136 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
2138 [72fd1f510a08] [SUDO_1_7_3] <1.7>
2140 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
2141 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
2142 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
2143 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
2144 defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
2145 fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
2146 getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
2147 iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
2148 pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
2149 sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
2150 tsgetgrpw.c, visudo.c:
2151 Include strings.h even if string.h exists since they may define
2152 different things. Fixes warnings on AIX and others.
2153 [7c6de7fb5dba] <1.7>
2156 Do not rely on env.env_len when unsetting a variable, just use the
2158 [faf088613ce5] <1.7>
2161 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
2162 [47f8dfcc7a48] <1.7>
2164 2010-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
2166 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
2167 Mention that multiple URI lines are merged into a single one.
2168 [1dc0ac5929bf] <1.7>
2172 [be36e8a6dddd] <1.7>
2174 2010-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
2176 * env.c, sudo.c, sudo.h:
2177 For env_init() just use environ not the envp from main().
2178 [d4f3e374caeb] <1.7>
2180 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
2182 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
2183 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
2184 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
2185 Update version to 1.7.3rc1
2186 [fe43fe79070d] <1.7>
2189 fqdn issue is resolved
2190 [f35cb63eb74b] <1.7>
2193 In unsetenv(), assign ep in the for loop instead of doing it
2194 earlier. This version of the code does not change env.envp in
2195 between when ep is assigned and when it is used but older versions
2197 [a4cd29c862c9] <1.7>
2200 Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
2201 getuserattr() when fetching the administrative domain to be used by
2202 setauthdb(). This was suggested by AIX support and is consistent
2203 with what OpenSSH does.
2204 [d3109706ec85] <1.7>
2207 Use warningx() instead of log_error() since the latter is not
2208 available to visudo or testsudoers. This does mean that they don't
2210 [0174e89f983b] <1.7>
2213 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
2214 closed the sudoers sources. From Quest sudo.
2215 [c1b33e3e0f9e] <1.7>
2218 Ignore case when matching user/group names in the cache. From Quest
2220 [72df368a8a0e] <1.7>
2222 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
2224 * config.h.in, configure, configure.in, selinux.c:
2225 Add check for setkeycreatecon() when --with-selinux is specified.
2226 [24144c52c0cc] <1.7>
2228 * configure, configure.in:
2229 Bump version to 1.7.3b5 Error out if libaudit.h is missing or
2230 ununable when --with-linux-audit was specified
2231 [215c7653d9bc] <1.7>
2234 K&R function declaration for aix_setauthdb()
2235 [82da12d222a6] <1.7>
2237 * env.c, sudo.c, sudo.h:
2238 If env_init() was called implicitly via getenv(), setenv() or
2239 putenv() just use the specified envp instead of mallocing a new
2240 copy. This prevents an infinite loop on OpenBSD which calls
2241 getenv() from malloc() to get MALLOC_OPTIONS.
2242 [8e82ce63f774] <1.7>
2245 Add support for multiple URI lines by joining the contents and
2246 passing the result to ldap_initialize.
2247 [b4e10b2ffdb1] <1.7>
2249 2010-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
2251 * pwutil.c, set_perms.c, sudo_nss.c:
2252 Bracket initgroups with calls to aix_setauthdb() and
2254 [363dbe449f1c] <1.7>
2257 Include compat.h before alloc.h to get __P
2258 [819a2667ffd7] <1.7>
2261 Include usersec.h for authenticate() prototype
2262 [2b8dd2b67131] <1.7>
2265 Add missing includes Add missing trailing NUL in userinfo string
2266 [8deaedf44943] <1.7>
2268 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
2270 * HISTORY, history.pod:
2271 Mention when LDAP was incorporated.
2272 [4e6c8ec4f67c] <1.7>
2274 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
2277 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
2278 not covered by _ALL_SOURCE.
2279 [3657f1b181b9] <1.7>
2282 Include usersec.h on AIX to get IDtouser() prototype.
2283 [11483bbe15c7] <1.7>
2286 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
2287 not covered by _ALL_SOURCE.
2288 [fd48e6e2136b] <1.7>
2290 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
2293 Add a cast to quiet a compiler warning.
2294 [51e9d419bd83] <1.7>
2297 Use memset() instead of zero_bytes() since we don't include sudo.h
2298 [f310b2123ba9] <1.7>
2301 getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
2302 [c8750c2d75ab] <1.7>
2304 * getdate.c, getdate.y:
2305 Quiet a compiler warning.
2306 [9f231be15958] <1.7>
2308 * defaults.c, sudo.c:
2309 Call set_fqdn() after sudoers has parsed instead of inline as a
2311 [26d413ddb6dd] <1.7>
2314 Do not call set_fqdn() until sudoers parses (where is gets run as a
2316 [582453a993a1] <1.7>
2319 Do not call set_fqdn() until sudoers parses (where is gets run as a
2320 callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
2321 set even if !fqdn is set in sudoers.
2322 [aa01e867d1bb] <1.7>
2324 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
2325 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
2326 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
2327 Bump version to 1.7.3b4
2328 [c1c5a73766b6] <1.7>
2331 mention the change in tty ticket behavior when there is no tty
2332 [93ddde63e453] <1.7>
2336 [9601b2e8dcef] <1.7>
2339 Remove comment; NAME in usrinfo should be user name.
2340 [eb46f1e8ea08] <1.7>
2343 Do not update tty ticket if there is no tty.
2344 [e64e8c8f2286] <1.7>
2346 * sudo.cat, sudo.man.in, sudo.pod:
2347 No longer need to use -- with the -s flag
2348 [e45c18dd79dc] <1.7>
2351 Add missing $(srcdir) to sudo.man.in target
2352 [2bd89f6ca9f3] <1.7>
2355 Do not rely on BSD make's $>
2356 [cb328b82cb92] <1.7>
2358 * configure, configure.in:
2359 Set timedir to /var/db/sudo for darwin to match Apple sudo's
2361 [860c7f1b001f] <1.7>
2363 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
2365 * Makefile.in, configure, configure.in:
2366 Move aix.o from SUDO_OBJS to COMMON_OBJS
2367 [f8a9bdf346c1] <1.7>
2369 * config.h.in, configure, configure.in, defaults.c, iolog.c,
2371 Check for zlib.h in addition to libz.
2372 [fb77e44d5196] <1.7>
2374 * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
2375 Move functions and symbols shared between exec.c and exec_pty.c into
2377 [e798d945424e] <1.7>
2380 Add missing prototypes for aix_setauthdb and aix_restoreauthdb
2381 [8bc2af6d4e17] <1.7>
2384 Comment out rules to build .man.in and .cat files unless --with-
2386 [81d6726a19ab] <1.7>
2388 * aix.c, pwutil.c, set_perms.c, sudo.h:
2389 Fix AIX compilation problems.
2390 [7d95f73eca42] <1.7>
2393 Cast isalnum() arg to unsigned char.
2394 [5fff9a81af00] <1.7>
2397 Add Linux audit support.
2398 [e59e0670ba79] <1.7>
2401 Quote any non-alphanumeric characters other than '_' or '-' when
2402 passing a command to be run via the shell for the -s and -i options.
2403 [d35a3f4cb3c0] <1.7>
2406 Add missing braces that broke -i mode.
2407 [7fe124b078ec] <1.7>
2410 Fix linux_audit_command() return value
2411 [0c582476181c] <1.7>
2413 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
2415 * Makefile.in, linux_audit.c, linux_audit.h:
2416 Add Linux audit support.
2417 [b207dc9960de] <1.7>
2419 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
2421 * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
2422 logging.h, selinux.c:
2423 Add Linux audit support.
2424 [26ae31d7ff93] <1.7>
2426 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
2428 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2429 Sync sudoreplay with trunk
2430 [65b780cccfa5] <1.7>
2434 [8304ac649241] <1.7>
2436 * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
2437 Set usrinfo for AIX Set adminstrative domain for the process when
2438 looking up user's password info and when preparing for execve().
2439 [52b48cbe97fd] <1.7>
2442 Better prefix determination now that we can't rely on len==0 to tell
2443 the beginning on an entry.
2444 [32f1875d9605] <1.7>
2446 * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
2448 Add support for multiple sudoers_base entries in ldap.conf. From
2450 [3c0b59fce7b4] <1.7>
2452 * configure, configure.in:
2453 Remove duplicate setsid check
2454 [7712d6d52da1] <1.7>
2456 * Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
2457 logging.c, missing.h, setsid.c:
2458 Move setsid emulation into setsid.c
2459 [f24743c9e4e9] <1.7>
2461 * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
2462 Check for dup2() failure.
2463 [b1b6ba761b61] <1.7>
2465 * config.h.in, configure, configure.in:
2466 Remove dup2 check, it is not optional.
2467 [cfbe5f3b5956] <1.7>
2469 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
2472 Add mbr_check_membership support and SELinux fixes
2473 [af1936a7cf2f] <1.7>
2476 Sync SRCS and DISTFILES with reality
2477 [0971b5dcb1be] <1.7>
2480 Update OS specific notes. Delete some really ancient ones and move
2481 older ones to the end of the list.
2482 [872dd8b437a8] <1.7>
2485 Bump for sudo 1.7.3 Merge some changes from trunk
2486 [a3088c75bf22] <1.7>
2488 * selinux.c, sudo.c:
2489 Call selinux_restore_tty() as part of cleanup() so it gets called
2490 from error()/errorx()
2491 [0197c07d4c1e] <1.7>
2494 No longer use SA_NOCLDSTOP
2495 [73ca654cd3f8] <1.7>
2497 * interfaces.h, match.c:
2498 Move union sudo_in_addr_un into interfaces.h
2499 [c84bda7c332a] <1.7>
2502 Update copyright year
2503 [94871f44206b] <1.7>
2505 * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
2506 compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
2507 gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
2508 match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
2509 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
2510 sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
2511 visudo.man.in, visudo.pod:
2512 Update copyright year
2513 [4cfb47c799b8] <1.7>
2516 Remove varsub as part of clean
2517 [61f04a21b0bb] <1.7>
2520 Quiet a compiler warning.
2521 [06d8cfe916c8] <1.7>
2523 * getdate.c, getdate.y:
2524 Quiet a compiler warning.
2525 [473d2b7d44a1] <1.7>
2528 Make the remaining functions in ldap.c static
2529 [ba555565b30a] <1.7>
2532 Make private functions static. Diff from Joachim Henke
2533 [1603035b1863] <1.7>
2535 * schema.ActiveDirectory:
2536 Updates from Alain Roy to provide better examples for importing the
2537 schema and to fix problems caused by Windows validating attributes
2538 which have not yet been added before committing the changes.
2539 [83f11ae00f19] <1.7>
2541 2010-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
2543 * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
2544 Generate .cat files directly from .man.in instead of .man using
2545 default values in configure.in
2546 [0a92b41c5ce5] <1.7>
2548 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
2550 * configure, configure.in, sudo.c, sudo_usage.h.in:
2551 Print configure args with verbose version information.
2552 [ca4a5fcf0af8] <1.7>
2555 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
2556 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
2557 Use tq_append to append sudoers entries to the tail queue.
2558 [344c631d0d43] <1.7>
2560 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
2563 Describe tty timestamp improvements
2564 [136b0f832903] <1.7>
2567 A comment character may not be part of a command line argument
2568 unless it is quoted with a backslash. Fixes parsing of:
2569 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
2570 [2a0c82ffedde] <1.7>
2572 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
2574 [c9fddd23c7e1] <1.7>
2577 Make this read a little bit better when passwd_timeout is 0.
2578 [51644950823f] <1.7>
2581 Use the --file argument to config.status instead of setting
2583 [fc2b42c60b5d] <1.7>
2585 * sudo.man.pl, sudo.pod:
2586 Attempt to handle a default password prompt timeout of zero more
2588 [478b8e720993] <1.7>
2591 Do not override value of keepopen global, instead restore it to the
2592 value we pushed onto the stack when popping.
2593 [dc370d57a668] <1.7>
2595 * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
2596 Use SA_INTERRUPT in sa_flags
2597 [3845c6637361] <1.7>
2599 * getdate.c, getdate.y, ldap.c, sudoreplay.c:
2600 Silence some compiler warnings
2601 [112ac65afd0c] <1.7>
2603 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
2605 * exec.c, exec_pty.c, sudo.c, sudo.h:
2606 Implement background mode. If I/O logging we use pipes instead of a
2608 [8d448eaf2aaa] <1.7>
2610 * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
2611 Move compat definition of NSIG to compat.h
2612 [cae72a4c9dec] <1.7>
2615 Ignore SIGPIPE for "sudo -S"
2616 [c6595c8527c4] <1.7>
2619 Properly handle TGP_ECHO again. Print a newline if the user
2620 interrupted password input.
2621 [15acbe4fb535] <1.7>
2624 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
2625 [dd041fc9554c] <1.7>
2627 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
2629 * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
2630 Return an error from selinux_setup() instead of exiting. Call
2631 selinux_setup() from exec_setup().
2632 [b518225cafba] <1.7>
2635 Add definition of WCOREDUMP for systems without it. This is known
2636 to work on AIX and SunOS 4, but may be incorrect on other systems
2637 that lack WCOREDUMP.
2638 [365e56db7cd5] <1.7>
2640 * check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
2641 nanosleep.c, sudo_edit.c, visudo.c:
2642 Replace timerfoo macros with timevalfoo since the timer macros are
2643 known to be busted on some systems.
2644 [4bb5228606c5] <1.7>
2647 If a file in a #includedir has improper permissions or owner just
2648 skip it. This prevents packages that incorrectly install a file
2649 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
2650 #includedir files still result in a parse error (for now).
2651 [b7fb75eddb77] <1.7>
2653 * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
2654 Defer call to pam_close_session() until after the command finishes
2655 if there is a monitor process.
2656 [0a39c8e6a81b] <1.7>
2658 * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
2659 sudoers.man.in, sudoers.pod:
2660 Add use_pty sudoers option to force use of a pty even when not
2662 [aea971f1456a] <1.7>
2664 * env.c, sudo.c, sudo.h:
2665 Instead of trying to keep the global environment in sync with our
2666 private copy, provide our own getenv() that returns values from the
2667 private environment and use env_get() to pass the environment in to
2669 [58c85c5695dc] <1.7>
2673 [0f677fcdde04] <1.7>
2675 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
2678 Rename pty.c -> get_pty.c
2679 [39137dcc4420] <1.7>
2682 Add #define for maximum session id
2683 [2a487437f013] <1.7>
2685 * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
2686 selinux.c, sudo.c, sudo.h, sudo_edit.c:
2687 Split exec.c into exec.c and exec_pty.c Pass a flag in to
2688 sudo_execve to indicate whether we need to wait for the command
2689 to finish (fork + execve vs. execve).
2690 [b197515585db] <1.7>
2692 * Makefile.in, configure, configure.in, get_pty.c, pty.c:
2693 Rename pty.c -> get_pty.c
2694 [c0e5270bb28a] <1.7>
2696 * aclocal.m4, configure, configure.in:
2697 Fix --without-iologdir
2698 [dcd6c5907b10] <1.7>
2700 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
2703 Only use I/O input log file if def_log_input is set and output file
2704 if def_log_output is set.
2705 [96cdd49be996] <1.7>
2707 2010-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
2709 * parse_args.c, sudo.c:
2710 Include sudo_usage.h after sudo.h now that it has function
2711 prototypes to guarantee that __P is defined.
2712 [c67b77f8d6b1] <1.7>
2714 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
2717 Do signal setup after turning off echo, not before. If we are using
2718 a tty but are not the foreground pgrp this will generate SIGTTOU so
2719 we want the default action to be taken (suspend process). Use an
2720 array for signals received instead of a single variable so we don't
2721 lose any when there are multiple different signals.
2722 [de356064ea01] <1.7>
2724 * defaults.h, lbuf.h, sudo.h:
2725 Reorg function prototypes a bit
2726 [5c40f58bb28e] <1.7>
2728 * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
2729 Move argument parsing into parse_args.c
2730 [fad7b8737c12] <1.7>
2732 * Makefile.in, config.h.in, configure, configure.in, missing.h,
2733 mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
2734 Build our own sys_siglist for systems that lack it.
2735 [3b5f671936dc] <1.7>
2737 * exec.c, iolog.c, missing.h, sudo_edit.c:
2739 [dad62986f2fe] <1.7>
2741 * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
2742 Log sudoedit sessions as well; adapted from trunk
2743 [2c5d9695022b] <1.7>
2747 [9b319e89a6c4] <1.7>
2749 * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
2750 def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
2751 gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
2752 script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
2753 sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
2754 sudoreplay.pod, term.c:
2755 Merge I/O logging changes from trunk. Disabling I/O log support at
2756 compile time does not currently work. Sudoedit is not yet hooked up
2758 [968c2c74c69b] <1.7>
2760 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
2762 * INSTALL, configure, configure.in:
2763 Add --enable-warnings configure option
2764 [19cf967c36d1] <1.7>
2766 * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
2767 Fix K&R compilation issues on HP-UX.
2768 [c01a547cdcf8] <1.7>
2770 * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
2771 Pass in output function to lbuf_init() instead of writing to stdout.
2772 A side effect is that the usage info can now go to stderr as it
2773 should. Add support for embedded newlines in lbuf and use that
2774 instead of multiple calls to lbuf_print.
2775 [596a427ff873] <1.7>
2777 * configure, configure.in, sudo.man.pl, sudoers.man.pl:
2778 Use numeric registers to handle conditionals instead of trying to do
2779 it all with text processing.
2780 [31570c372e0e] <1.7>
2783 Document per-command SELinux settings
2784 [bbce5acad1be] <1.7>
2787 timestamp -> time stamp
2788 [d7335ce6286f] <1.7>
2791 Set close on exec flag in private versions of setpwent() and
2793 [954814bdbd56] <1.7>
2796 Make send_mail() take a printf-style argument list
2797 [0783ad585062] <1.7>
2799 * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
2800 config.guess, config.h.in, config.sub, configure, configure.in,
2801 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
2802 m4/ltversion.m4, m4/lt~obsolete.m4:
2803 Update to autoconf 2.65 and libtool 2.2.6b
2804 [3544dd2f1a94] <1.7>
2807 Don't use TRUE/FALSE which may not be defined.
2808 [8649bf22b3b2] <1.7>
2810 * sudo.cat, sudo.man.in, sudo.pod:
2811 Document new tty_ticket behavior
2812 [0663e0390338] <1.7>
2814 * find_path.c, sudo.c, sudo.h, visudo.c:
2815 Make find_path() a little more generic by not checking def_foo
2816 variables inside it. Instead, pass in ignore_dot as a function
2818 [16c3f27cd9b9] <1.7>
2821 Store info from stat(2)ing the tty in the tty ticket when tty
2822 tickets are in use. If the tty lives on a devpts (Linux) or devices
2823 (Solaris) filesystem, stash the ctime in the tty ticket file, as it
2824 is not updated when the tty is written to. This helps us determine
2825 when a tty has been reused without the user authenticating again
2827 [f9aec9ab9054] <1.7>
2829 * boottime.c, check.c, sudo.h:
2830 get_boottime() now fills in a timeval struct
2831 [dbd2003659c0] <1.7>
2833 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
2835 * check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
2836 gettime.c, sudo.h, sudo_edit.c, visudo.c:
2837 Use timeval directly instead of converting to timespec when dealing
2838 with file times and time of day.
2839 [c85bf3e41839] <1.7>
2842 Fix OpenPAM detection for newer versions.
2843 [67f29a0703d0] <1.7>
2846 Sync with Quest sudo git repo
2847 [2680ad9762c2] <1.7>
2849 * aclocal.m4, configure, configure.in:
2850 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
2851 libvas may need libdl for dlopen() Add missing template for
2852 ENV_DEBUG Adapted from Quest sudo
2853 [6c886eb9070a] <1.7>
2856 Fix typos; from Quest Sudo
2857 [cf258fc69f1a] <1.7>
2859 * Makefile.in, configure.in:
2860 Use value of SHELL from configure in Makefile
2861 [08aaf12221d6] <1.7>
2863 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
2866 Handle duplicate variables in the environment. For unsetenv(), keep
2867 looking even after remove the first instance. For sudo_putenv(),
2868 check for and remove dupes after we replace an existing value.
2869 [086c6397d8cd] <1.7>
2871 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
2874 Fix a crash when checking a sudoers file that has aliases that
2875 reference themselves. Based on a diff from David Wood.
2876 [5efc702a3b35] <1.7>
2878 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
2881 Fix use after free in error message when a duplicate alias exists.
2882 [9eaac49bd22b] <1.7>
2884 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
2887 Set errorfile to the sudoers path if we set parse_error manually.
2888 This prevents a NULL dereference in printf() when checking a sudoers
2889 file in strict mode when alias errors are present.
2890 [b4eed2f0615d] <1.7>
2892 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
2894 * TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
2896 [57198cae9cf5] <1.7>
2898 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
2901 Qualify the command even if it is in the current working directory,
2902 e.g. "./foo" instead of just returning "foo". This removes an
2903 ambiguity between real commands and possible pseudo-commands in
2905 [fb4d571495fa] <1.7>
2907 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
2909 * sudoers.cat, sudoers.man.in, sudoers.pod:
2910 Add a note about the security implications of the fast_glob option.
2911 [84f8097553d9] <1.7>
2914 Remove duplicate includes
2915 [3e8d90f4c30f] <1.7>
2917 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
2919 * configure, configure.in:
2920 Fix installation of sudoers.ldap in "make install" when --with-ldap
2921 was specified without a directory. From Prof. Dr. Andreas Mueller
2922 [5177a284b9ff] <1.7>
2924 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
2927 When doing a glob match, short circuit if gl.gl_pathc is 0. From
2929 [549f8f7c2463] <1.7>
2931 2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
2934 Use parent process group id instead of parent process id when
2935 checking foreground status and suspending parent. Fixes an issue
2936 when running commands under /usr/bin/time and others.
2937 [eac86126e335] <1.7>
2940 In setenv(), if the var is empty, return 1 and set errno to EINVAL
2941 instead of returning EINVAL directly.
2942 [d202091ec15e] <1.7>
2944 2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
2947 Check for pseudo-command by looking at the first character of the
2948 command in sudoers instead of checking the user-supplied command for
2950 [88f3181692fe] <1.7>
2952 2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
2955 Avoid a duplicate fclose() of the sudoers file.
2956 [164d39108dde] <1.7>
2959 Fix size arg when realloc()ing include stack. From Daniel Kopecek
2960 [8900bccef219] <1.7>
2962 2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
2964 * aix.c, config.h.in, configure, configure.in:
2965 Use setrlimit64(), if available, instead of setrlimit() when setting
2966 AIX resource limits since rlim_t is 32bits.
2967 [2cbb14d98fc1] <1.7>
2970 Fix use after free when sending error messages. From Timo Juhani
2972 [caf183fd9d94] <1.7>
2974 2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
2976 * ChangeLog, Makefile.in:
2977 Generate the ChangeLog as part of "make dist" instead of having it
2979 [836c31615859] <1.7>
2981 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
2984 Generate correct ChangeLog for 1.7 branch.
2985 [586dd90b8878] <1.7>
2987 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
2989 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
2990 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
2991 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
2992 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
2993 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
2994 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
2995 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
2996 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
2997 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
2998 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
2999 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
3000 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
3001 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
3002 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
3003 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
3004 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
3005 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
3006 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
3007 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
3008 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
3009 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
3010 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
3011 Remove CVS $Sudo$ tags.
3014 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
3017 make this match sudoers SYNOPSIS
3021 Print a newline between Runas and Command-specific defaults in sudo
3026 Use SET and CLR macros in term_raw
3030 Set stdin to non-blocking mode early instead of in check_input. Use
3031 term_raw instead of term_cbreak since the data we get has already
3032 been expanded via OPOST.
3035 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
3038 Enable/disable all postprocessing instead of just nl->crnl
3039 processing since things like tab expansion matter too. However, if
3040 stdout is a tty leave postprocessing on in the pty since we run into
3041 problems doing it only on the real stdout with .e.g nvi.
3044 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
3047 If tty_tickets is enabled and there is no tty, prompt for a
3048 password. Do not lecture user for "sudo -k command" if user has a
3053 Document missing options: --with-efence and --with-bsm-audit
3056 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
3057 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
3058 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
3059 visudo.man.in, visudo.pod:
3060 username -> user name groupname -> group name hostname -> host name
3063 * INSTALL, README.LDAP, sudoers.pod:
3064 filename -> file name like the rest of the docs
3067 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
3070 Fix printing of entries with multiple host entries on a single line.
3073 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
3076 Mention that targetpw affects the timestamp file name.
3079 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
3081 Add compress_transcript option.
3084 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
3086 * configure, configure.in:
3090 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
3091 Better split of membership vs. traditional group check in
3092 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
3095 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
3098 Fix pasto and add default return value.
3101 * check.c, match.c, pwutil.c, sudo.h:
3102 refactor group member checking into user_in_group()
3105 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
3107 Add support for mbr_check_membership() as present in darwin.
3110 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
3113 Rename label to be accurate
3116 * Makefile.in, boottime.c, check.c, config.h.in, configure,
3117 configure.in, sudo.h:
3118 Treat timestamp files from before we booted as old. Idea from and
3122 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
3124 * sudo.c, sudo.pod, sudo_usage.h.in:
3125 Allow the -u flag to be used in conjunction with the -v flag as per
3126 older versions of sudo.
3130 fix typo in last commit
3133 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
3136 Convert fmt_first and fmt_confd into macros.
3140 timeouts can be floats now
3143 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
3144 defaults.h, mkdefaults:
3145 Add support for floating point timeout values (e.g. 2.5 minutes).
3148 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
3151 The -L flag will be removed in sudo 1.7.4
3154 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
3157 Fix a bug due to order of operators.
3160 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
3163 cmnd_matches() already deals with negation so _cmndlist_matches()
3164 does not need to do so itself. Fixes a bug with negated entries in
3168 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
3171 Don't exit() from open_sudoers, just return NULL for all errors.
3175 Can't rely on the shell sending us SIGCONT when transitioning from
3176 backgroup to foreground process.
3180 Add missing extern def for parse_error
3183 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
3186 Avoid a parse error when #includedir doesn't find any files. Closes
3191 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
3194 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
3197 Start command out in foreground mode if stdout is a tty. Works
3198 around issues with some curses-based programs that don't handle
3199 tcsetattr getting interrupted by a signal. Still allows us to avoid
3200 hogging the tty if the command is part of a pipeline.
3203 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
3204 Use a socketpair to pass signals from parent to child. Child will
3205 now pass command status change info back via the socketpair. This
3206 allows the parent to distinguish between signals it has been sent
3207 directly and signals the command has received. It also means the
3208 parent can once again print the signal notifications to the tty so
3209 all writes to the pty master occur in the parent. The command is
3210 now always started in background mode with tty signals handled by
3214 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
3216 * configure, configure.in:
3217 Fix a few typos in the descriptions; from Jeff Makey Only do the
3218 check for krb5_get_init_creds_opt_free() taking two arguments if we
3219 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
3220 positive when using our own krb5_get_init_creds_opt_free which takes
3221 only a single argument.
3224 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
3226 * configure, configure.in:
3227 Remove a spurious comma in the kerb5 bits.
3231 Call krb5_get_init_creds_opt_init() in our emulated
3232 krb5_get_init_creds_opt_alloc() for MIT kerberos.
3235 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
3242 Need to ignore SIGTT{IN,OU} in child when running the command in the
3243 background. Also some minor cleanup.
3246 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
3249 Instead of calling sigsuspend when waiting for SIGUSR[12] from
3250 parent, install the signal handlers w/o SA_RESTART and let them
3251 interrupt waitpid().
3255 Pass along SIGHUP and SIGTERM from parent to child.
3259 Close unused bits of script_fds in processes that don't need them.
3260 Restore default SIGCONT handler in child.
3264 Update foreground/background status in SIGCONT handler in parent
3268 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
3271 Defer setting terminal into raw mode until just before we fork() and
3272 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
3273 and sudo is already in the foreground be sure to set raw mode before
3274 continuing the child.
3277 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
3280 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
3281 give the command the controlling tty if the main sudo process is the
3286 Don't bother with sudo_waitpid() here for now.
3293 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
3296 Remove non-wroking code that crept into rev 1.55
3299 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
3301 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
3302 First pass at zlib support for transcript data files
3306 remove vestiges of ZLDFLAGS
3310 Add missing variable declaration for when TIOCSCTTY is not defined.
3311 Need to include sys/termio.h for TIOCSCTTY on some systems.
3315 when resuming command, send SIGCONT to its pgrp not just pid
3319 remove unused variable
3323 include selinux.h for is_selinux_enabled() proto
3327 Don't use log_error() in the child process.
3331 Do I/O in parent instead of child since the parent can have both
3332 /dev/tty as well as the pty fds open. The child just sets things up
3333 and waits for its grandchild and writes the signal description to
3334 the pty master if the command was killed by a signal.
3337 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
3339 * missing.h, sudo.h:
3340 Move two struct forward declarations from sudo.h to missing.h
3344 Make comment at the top of script_exec() match reality.
3348 if neither stdin nor stdout is a tty, check stderr
3352 Add back dependecy of gram.h on gram.y
3356 Make transcript mode work as long as we can figure out our tty, even
3357 if it is not stdin. We'd like to use /dev/tty but that won't be
3358 valid after the setsid().
3361 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
3363 * config.h.in, configure, configure.in, pty.c:
3364 Add support for IRIX-style dynamic ptys
3367 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
3368 Move alloc.c protos into alloc.h
3372 Move prototypes for missing libc functions to missing.h
3375 * Makefile.in, sudo.h, sudoreplay.c:
3376 Move prototypes for missing libc functions to missing.h
3379 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
3381 * config.h.in, configure, configure.in:
3382 Disable transcript support if no tcsetpgrp until we support older
3383 BSD-style job control.
3386 * configure, configure.in, pty.c, script.c:
3387 Break out pty code into pty.c
3390 * compat.h, config.h.in, configure, configure.in:
3391 add killpg macro if no killpg function
3394 * config.h.in, configure, configure.in, script.c:
3395 Push ptem and ldterm for STERAMS-based systems when allocating a
3399 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
3402 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
3406 Call tcgetpgrp() in the parent, not the child and have the child
3407 spin until it is granted. Fixes a race on darwin.
3411 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
3415 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
3418 In script mode, if the command is killed by a signal, print the
3419 signal description as well as a core dump notification like the
3423 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
3425 Add check for strsignal() and a simple implementation if it is not
3426 there but sys_siglist is
3430 Add missing WUNTRACED and store the signal that stopped the
3431 grandchild in suspended, not signo.
3439 Associate the grandchild's pgrp with the tty instead of the child's
3440 and just get suspend notifications via SIGCHLD instead of directly.
3441 This fixes a hang with programs that try to set terminal attributes
3442 and is more consistent with how the shell handles things.
3445 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
3448 Move setpgid() of child into the parent side of the fork() where it
3452 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
3459 Run command in its own pgrp (like the shell does) for easier
3460 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
3461 to grandchild. Don't want grandchild stopped events in the child
3462 (only termination). Flush output after suspending grandchild before
3467 Back out revision 1.34; the problem lies elsewhere.
3471 Don't set stdout to blocking mode when flushing remaining output.
3472 It can cause us to hang when trying to exit. Need to investigate
3477 Handle SIGTTOU and remove some debugging.
3481 Back out revision 1.10 as the signal that interrupts us may be
3482 SIGTTOU or SIGTTIN which the caller must handle.
3486 Apparently we need to send SIGSTOP to the command as well as ourself
3487 when we get SIGTSTP, the kernel doesn't automatically stop the
3492 Use an extra process to act as the glue bewteen the sessions
3493 associated with the user's controlling tty (what the shell uses) and
3494 the tty that sudo is using to do its logging. Basically, this means
3495 that if we get, e.g. SIGTSTP from the process sudo is running, we
3496 relay the signal to the parent so it's shell can do the job control.
3500 Handle getting/setting terminal attributes when the fd is in non-
3504 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
3506 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
3507 Add support for pausing and changing the speed in interactive mode.
3511 Already define O_NOCTTY in compat.h, don't need it here
3514 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
3520 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
3523 Always update the stashed mtime of the temp file instead of using
3524 what we have for the original because the time resolution of the
3525 filesystem the temporary is on may not match that of the filesystem
3526 that holds the original. Should fix bz #371 found by Philippe Levan.
3530 Use cbreak mode instead of raw mode and add signal handlers to
3531 restore the tty on interrupt.
3534 * script.c, sudo.h, term.c:
3535 Retain NL to NLCR conversion on the real tty and skip it on the pty
3536 we allocate. That way, if stdout is not a pty there are no extra
3541 Fix log_output(); just pass in a string and a length.
3544 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
3547 do not use errno when complaining out lack of a tty
3550 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
3552 * Makefile.in, sudoreplay.c, term.c:
3553 Instead of messing with line endings, just set terminal to raw mode
3558 When copying the terminal attributes to the pty, be sure not to set
3559 ONLCR. This prevents extra carriage returns from ending up in the
3564 Convert a do {} while into a while
3568 Use if then instead of test && when installing binaries that may not
3573 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
3574 old tty before associatng with new one.
3577 * script.c, selinux.c, sudo.c, sudo.h:
3578 First cut at refactoring some of the selinux code so it can be used
3579 in conjunction with sudo's transcript support.
3582 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3584 * aclocal.m4, configure, configure.in:
3585 Fix default case of transcript_enabled being unset.
3588 * script.c, sudoreplay.c:
3589 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
3592 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
3593 Hook up --disable-transcript and --enable-transcript=DIR
3596 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
3598 * aclocal.m4, configure, configure.in, pathnames.h.in:
3599 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
3600 transcript=DIR option to specify the directory
3603 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
3607 * configure, configure.in, sudoers.man.pl, sudoers.pod:
3608 Substitute in default value for secure_path
3612 Mention that the password must be followed by a newline with the -S
3616 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
3619 Go back to dropping out of the select() loop when the process dies;
3620 Linux ptys apparently don't behave the same as BSD in regards to
3621 select(). No need to flush remaining output to the transcript, only
3622 to stdout. Add back code to check the master pty for additional data
3623 when we exit the main select loop.
3626 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
3629 Add getline.o to COMMON_OBJS
3633 sudoreplay depends on libsudo.a
3637 More pwutil.o into COMMON_OBJS
3640 * pwutil.c, testsudoers.c, tsgetgrpw.c:
3641 Remove my_* redirection in pwutil.c for testsudoers and just use the
3642 normal libc get{pw,gr}* names.
3645 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
3646 More time and date examples
3649 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
3650 Move nanosleep() emulation into its own file Check librt.a for
3651 nanosleep if we don't find it in libc
3654 * Makefile.in, configure, configure.in:
3655 Build libsudo with the common bits and link things against that.
3663 Keep reading from the pty master -> log file until read returns <=
3664 0. Do our best to write everything to stdout when flushing any
3669 Use unbuffered I/O when writing to stdout and make sure we write the
3673 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
3676 Only use max_wait if it is non-zero
3679 * getdate.c, getdate.y, getline.c:
3684 Fix nanosleep emulation
3688 Fix comment after #endif
3692 Add protos for missing libc bits
3695 * configure, configure.in:
3696 add missing line continuation char
3699 * config.h.in, configure, configure.in, getline.c:
3700 Implement getline() in terms of fgetln() if we have it.
3704 Print year when formatting log line
3708 Document cwd, attempt to document time/date formats.
3712 Fix getline return value check.
3715 * Makefile.in, config.h.in, configure, configure.in, getline.c,
3717 Use getline() if the system has it, else use provide our own for
3722 Refactor code to update output and timing files.
3725 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
3728 Make sudo_getln() behave more like glibc getline.
3732 When flushing remaining output, also update timing file.
3736 Use get_timestr() and make the -l output look like the regular sudo
3740 * logging.c, sudo.h, timestr.c:
3741 Make get_timestr() take a time_t so we can use it properly in
3746 Create session dir earlier now that we update the seq number early.
3749 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3752 Use fromdate and todate as the keywords instead of from and to; the
3753 short forms will still be accepted.
3757 Fix reading long liensin sudo_getln()
3760 * script.c, sudoreplay.c:
3761 Log the cwd in the script log file. Add sudo_getln() to read
3762 arbitrarily long lines.
3765 * Makefile.in, logging.c, sudo.h, timestr.c:
3766 Move get_timestr() into its own source file so sudoreplay can use
3770 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
3773 Add to and from perdicates (date ranges); needs documentation
3776 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3778 * Makefile.in, getdate.c, getdate.y:
3779 Fix warning and add generated getdate.c
3782 * Makefile.in, getdate.y:
3783 Add getdate.y to be used for sudoreplay date parsing.
3786 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
3789 Check more than just the first character of a predicate
3792 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
3793 Add examples, sort predicates
3796 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
3798 Implement search expressions in sudoreplay similar in concept to
3799 what find or tcpdump uses. TODO: date ranges
3802 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
3805 Remove vhangup as it was hanging up the wrong tty. Should really
3806 vhangup in the child after it as set its tty.
3810 Fix cut at documenting transcript support.
3814 ID= -> TSID= for transcript ID
3817 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
3820 Move fast_glob description to where it belongs in sorted order
3823 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
3824 parse.c, parse.h, sudo.c:
3825 Rename script -> transcript
3828 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
3831 Add timeradd and timersub for those without them
3835 Sanity check sessid before using it.
3839 Only set the session id if we are running a command or editing a
3844 Actually. qsort is fine since most versions fal back to a cheaper
3845 sort when the number of elements to sort is small (like in our
3849 * config.h.in, configure, configure.in, script.c:
3850 Check for dup2 and use dup instead if we don't have it.
3853 * script.c, sudo.c, sudo.h:
3854 Move the code to dup2 the script fds to low numbered descriptors
3855 into script_duplow() and fix the fd sorting.
3858 * script.c, sudo.c, sudo.h:
3859 Move script_setup() back to immediately before we drop privs and
3860 call the new script_nextid() in its place, which will set
3861 sudo_user.sessid for the logging functions.
3864 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
3871 remove unused variable
3874 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
3876 * logging.c, script.c, sudo.c, sudo.h:
3877 Log the session ID, if there is one. Currently logs ID=XXXXXX,
3878 perhaps should be SESSIONID or SESSID.
3881 * Makefile.in, configure, configure.in, sudoreplay.cat,
3882 sudoreplay.man.in, sudoreplay.pod:
3887 add -V (version) flag
3894 * script.c, sudoreplay.c:
3895 Use base36 number for the ID and store script files with paths like
3896 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
3897 (2,176,782,336) unique IDs.
3900 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
3902 * config.h.in, configure.in:
3903 Add check for regcomp
3907 Add support for selecting by pattern and tty when listing.
3910 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
3913 The beginnings of a list mode.
3916 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
3922 * Makefile.in, config.h.in, configure.in:
3923 Add scaffolding for building sudoreplay
3927 include error.h first arg to nanotime is const
3931 Initial cut at sudoreplay; replay a sudo session.
3934 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
3937 Fix wait() usage and use correct wait status.
3940 * sudo.c, sudo.h, tgetpass.c:
3941 Add protos for term_* to sudo.h
3945 Fix detection of the child process exiting. Since the child is in
3946 its own session we should only ever get SIGCHLD for that process but
3947 better safe than sorry.
3951 Add UNIX98 pty support.
3954 * configure, configure.in, script.c:
3955 Add UNIX98 pty support.
3958 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
3961 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
3966 Set PAM_RUSER and PAM_RHOST early so they can be used during
3967 authentication. Based on a patch from Jamie Beverly.
3971 Close dir before returning if strlcpy() reports overflow. From
3975 * config.h.in, configure, configure.in, script.c:
3976 On Linux, the openpty proto libes in pty.h
3980 Call vhangup on exit if the system has it Use setpgrp() if no
3984 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
3986 * config.h.in, configure, configure.in:
3987 Add checks for revoke and vhangup if we don't have openpty
3991 Session logging guts that got forgotten in the previous commit.
3994 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
3995 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
3996 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
3998 First cut at session logging for sudo. Still need to write
3999 get_pty() for Unix 98 and old-style BSD ptys. Also needs
4000 documentation and general cleanup.
4003 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
4005 * sudo.c, sudo_edit.c:
4006 Fix a bug introduced with def_closefrom. The value of def_closefrom
4007 already includes the +1.
4010 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
4013 Generate sudo distributions with pax in ustar mode. No longer need
4014 to use a temp file or have the source dir name match the version.
4017 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
4020 Fix expansion of %h in #include names. Fixes bugzilla 363
4023 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
4026 If no arg assume def_data.in
4031 [f5ad45f69f05] [SUDO_1_7_2]
4037 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
4039 * sudoers.cat, sudoers.man.in, sudoers.pod:
4040 Add missing single quotes around a colon in Runas_Spec definition.
4044 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
4046 * sudo.man.in, sudoers.man.in:
4051 In rbrepair, re-color the root or the first non-block node we find
4052 to be black. Re-coloring the root is probably not needed but won't
4056 * sudo.cat, sudoers.cat:
4060 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
4063 When repairing the tree, don't touch the root node.
4066 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
4069 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
4070 Reported by Josef Schmid.
4073 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
4076 Document that we accept env_pam-style environment files
4080 Adapt to accept pam_env-style /etc/environment which allows shell-
4081 style lines such as: export EDITOR="/usr/bin/vi"
4085 Make it clear that env_delete only works when !env_reset. From Lo??c
4089 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
4091 * sudo.pod, sudoers.pod:
4092 Add non-unix group bits, adapted from Quest
4096 build the .cat page in the current working dir, not the src dir
4100 Return EINVAL in setenv() if var is NULL or the empty string to
4101 match glibc behavior.
4104 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
4106 * configure, configure.in:
4107 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
4110 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
4112 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4113 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4117 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4120 Document --with-libvas and --with-libvas-rpath
4123 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4125 * ldap.c, sudoers.ldap.pod:
4126 For netscape-derived LDAP SDKs the cert and key paths may be a
4127 directory or a file. However, version 5.0 of the SDK only seems to
4128 support using a directory. If ldapssl_clientauth_init fails and the
4129 cert or key paths look like they could be files, strip off the last
4130 path element and try again.
4134 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
4137 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
4139 * configure, configure.in, match.c, sudo.c, vasgroups.c:
4140 Update non-Unix group support from Quest, as reworked by me.
4148 Add support for escaped hex chars in names, e.g. \x20 for space.
4151 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
4153 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
4154 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
4155 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
4156 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
4157 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
4158 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
4159 tgetpass.c, toke.l, visudo.c:
4160 Update copyright years.
4163 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
4165 * interfaces.c, lbuf.c:
4166 Minor fixes for Minix-3
4169 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
4172 Handle getgroups() returning 0. Also add missing check for
4176 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
4178 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
4179 version.h, visudo.c:
4180 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
4183 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
4186 Remove group setting code in setusercontext case, we will do it
4187 ourselves later on in runas_setup. Set the gid after
4188 initgroups/setgroups is called, since on Mac OS X it seems to change
4192 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
4194 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
4196 Initial bits of non-unix group support using Quest Authentication
4201 Accept %:foo as a non-Unix group
4205 Allow user/group to be double quoted in the case of non-Unix groups
4206 which contain spaces.
4209 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
4212 Don't allow the user to specify the default runas user if their
4213 sudoers entry only allows them to run as a group.
4216 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
4219 Must call audit_success before we change uids.
4222 * logging.c, set_perms.c, sudo.h, testsudoers.c:
4223 Add option for set_perm to not exit on failure and use this in the
4228 In -l mode, if the user is only allowed to run as a group, display
4229 the user's name, not root's before the allowed group.
4233 Fix -g mode, broken by rev 1.503 which had the side effect of
4234 setting the runas user to root unilaterally.
4237 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
4240 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
4244 Only cache by the method we fetched for pwd and grp lookups.
4245 Previously we cached both by namd and id but this can cause problems
4246 for entries that share the same id. Also add more info in the error
4247 message in case the insert fails (which should now be impossible).
4250 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
4253 Add a clarification from Nick Sieger
4256 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
4259 Inline the setting of the environment string.
4262 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
4265 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
4266 in BSD doesn't return an error if the name has '=' in it, it just
4267 treats the '=' as end of string.
4270 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
4273 Not all systems have d_namlen
4276 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
4279 Fix up some pod2html issues.
4282 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
4285 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
4290 Ignore files ending in '~' in sudo.d (emacs backup files)
4294 Ignore files ending in '~' in sudo.d (emacs backup files)
4297 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
4299 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
4300 For #includedir, ignore any file containing a dot
4303 * Makefile.in, version.h:
4307 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
4308 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
4310 Implement #includedir directive. Files in an includedir are not
4311 edited by visudo unless they contain a syntax error.
4316 [8741ed61a78b] [SUDO_1_7_1]
4319 Forgot umask_override
4326 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
4329 Rewind stream if we fdopen sudoers since it may not be at the
4330 beginning. Set the keepopen flag on already-open files too so the
4331 lexer doesn't close them out from under us.
4335 Print the proper file name when there is a parse error in an include
4339 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
4345 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
4347 * configure, configure.in:
4348 Fix a warning when --without-ldap is specified.
4351 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
4353 * alias.c, parse.h, visudo.c:
4354 Store aliases that we remove during check_aliases in a freelist and
4355 free them at the end so we don't leak memory.
4358 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
4361 Check aliases in -c mode too.
4364 * alias.c, parse.h, visudo.c:
4365 Make alias_remove return the alias struct instead of freeing it
4366 directly. Fixes a use after free in alias_remove_recursive, the only
4370 * alias.c, match.c, parse.c, parse.h, visudo.c:
4371 Rename find_alias -> alias_find for consistency.
4374 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
4377 When checking for unused aliases, recurse if the alias points to
4381 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
4384 Back out rev 1.105 for now. Real ldapux_client.conf support will be
4385 done later after some refactoring.
4388 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
4391 Treat ldap_hostport the same as "host" for ldapux.
4394 * configure, configure.in:
4395 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
4396 Fixes compilation with ldapux.
4399 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
4405 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
4408 remove errant carriage returns
4415 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4416 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4420 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
4423 Add missing HAVE_BSM_AUDIT
4431 Mention --with-netsvc
4435 Document netsvc.conf support
4438 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
4440 Add support for AIX netsvc.conf (like nsswitch.conf).
4443 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
4445 * config.h.in, configure, configure.in, env.c:
4446 Add --enable-env-debug flag to enable environment sanity checks.
4449 * sudoers.ldap.pod, sudoers.pod:
4450 Work around some pod2html issue.
4453 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
4456 Only sync environ for putenv, setenv, and unsetenv. We need to make
4457 sure that sudo_putenv and sudo_setenv only modify env.envp, not
4461 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4464 Really fix UNSETENV_VOID
4468 Fix unsetenv when UNSETENV_VOID
4471 * aclocal.m4, configure:
4472 Fix SUDO_FUNC_PUTENV_CONST
4476 tivoli-based ldap does not have ldapssl_err2string
4483 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
4485 * config.h.in, configure, configure.in, ldap.c:
4486 Add support for Tivoli-based LDAP start TLS as seen in AIX.
4491 Add sanity checks for setenv/unsetenv
4495 Include bsm_audit.h in the tarball
4498 * Makefile.in, version.h:
4499 bump version for sudo 1.7.1
4502 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
4503 env.c, ldap.c, sudo.h:
4504 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
4505 provide our own setenv/unsetenv/putenv that operates on own env
4506 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
4509 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
4512 Make "sudoedit -h" work as expected
4516 Make sure def_prompt is always defined. This is a workaround for
4517 pam configs that prompt for a password in the session but don't have
4518 an auth line. A better fix is to expand the sudo prompt earlier and
4519 set def_prompt to that when initializing.
4523 Mention that the helper for -A may be graphical.
4527 Document what happens if there is no tty.
4539 Fix "sudo -k" with no other args
4542 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
4544 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
4545 Allow the -k flag to be specified in conjunction with a command or
4546 another option that may require authentication.
4549 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
4551 * configure, configure.in:
4552 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
4556 Parallel make fix. From Diego E. 'Flameeyes'
4559 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
4561 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
4562 Implement umask_override
4569 * sudoers.pod, toke.l, visudo.c:
4570 Implement %h escape in sudoers include filenames.
4574 Need to include compat.h
4577 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
4578 Make audit_success and audit_failure generic functions in
4579 preparation for integrating linux audit support.
4583 remove duplicate include
4586 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
4593 May need to update the runas user after parsing command-based
4597 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
4600 Add missing pair of braces introduced with character class support.
4603 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
4605 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
4606 Rename pwstars to pwfeedback
4609 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
4611 * bsm_audit.c, bsm_audit.h:
4612 Add const to make MacOS happy.
4615 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
4616 configure.in, sudo.c:
4617 Add bsm audit support from Christian S.J. Peron
4621 This is new code, no DARPA notice.
4624 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
4626 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
4627 Rename simple_glob -> fast_glob
4634 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
4635 Add simple_glob option to use fnmatch() instead of glob(). This is
4636 useful when you need to specify patterns that reference network file
4648 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4651 Delete any pwstars we wrote after the user hits return. That way
4652 there is no record on screen as to the user's password length.
4655 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
4658 Move terminal setting bits from tgetpass.c to term.c
4661 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
4663 Add pwstars sudoers option that causes sudo to print a star every
4664 time the user presses a key.
4667 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
4670 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
4673 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
4676 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
4677 indicate no limit. From Mark Janssen.
4680 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
4683 Comments that begin with #- should not be parsed as uids.
4686 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
4689 Do not try to set the close on exec flag if we didn't actually open
4693 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
4697 [e11f0e4c1bdd] [SUDO_1_7_0]
4699 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
4705 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
4708 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
4712 * configure, configure.in:
4713 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
4714 as it cannot generate shared objects.
4717 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
4718 K&R compilation fixes
4722 Use tq_foreach_fwd when checking pseudo-commands to make it clear
4723 that we are not short-circuiting on last match. When pwcheck is
4724 'all', initialize nopass to TRUE and override it with the first non-
4728 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
4731 Do not short circuit pseudo commands when we get a match since,
4732 depending on the settings, we may need to examine all commands for
4736 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
4738 * sudoers.cat, sudoers.man.in:
4743 hostnames may also contain wildcards
4747 remove stamp-* files and linux core files in clean target
4750 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
4752 * auth/sudo_auth.h, config.h.in, configure, configure.in:
4753 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
4756 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
4758 * configure, configure.in:
4759 correctly enable SIA on Digital UNIX
4770 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
4772 * check.c, sudo.h, tgetpass.c:
4773 Even if neither stdin nor stdout are ttys we may still have /dev/tty
4777 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
4779 * sudoers.cat, sudoers.man.in:
4784 fix typos; Markus Lude
4796 Fix matching of a line that only consists of a comment char
4799 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
4802 MacOS pam will retry conversation function if it fails so just treat
4803 ^C as an empty password.
4807 When checking for alias use, also check defaults bindings.
4815 Replace my rbdelete with Emin's version (which actually works ;-)
4818 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
4825 malloc options in devel mode for visudo too
4828 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
4831 fix compilation on non-C99; from Theo
4839 when destroying an alias, free the correct data pointer
4843 add proto for aixauth_cleanup; from Dale King
4846 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
4848 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
4853 * sudo.pod, sudoers.pod, visudo.pod:
4854 standardize on the term 'option' for command line options (not flag)
4857 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
4860 Add note on configuring HP-UX pam
4863 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
4866 Move tty checks into check_user() so we only do them if we actually
4871 Don't error out if no tty or askpass unless we actually need to
4875 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
4881 * pathnames.h.in, sudo.c:
4882 s/overriden/overridden/; from Tobias Stoeckmann
4885 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
4887 * WHATSNEW, visudo.c:
4888 check sudoers owner and mode in strict mode
4895 * sudo.man.in, sudoers.man.in, visudo.man.in:
4896 Update copyright years.
4899 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
4900 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
4901 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
4902 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
4903 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
4904 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
4905 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
4906 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
4907 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
4908 visudo.pod, zero_bytes.c:
4909 Update copyright years.
4912 * emul/charclass.h, fnmatch.c, glob.c:
4916 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
4919 The loop in fill_cmnd() was going one byte too far past the end,
4920 resulting in a NUL being written immediately after the buffer end.
4923 * UPGRADE, WHATSNEW:
4924 add sections on tgetpass changes
4928 Treat EOF w/o newline as an error.
4931 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
4934 Fix "sudo -v" when NOPASSWD is set.
4937 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
4939 No longer treat an empty password at the prompt as special. To quit
4940 out of sudo you now need to hit ^C at the password prompt.
4943 * sudoers.cat, sudoers.man.in:
4947 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
4948 Sudo will now refuse to run if no tty is present unless the new
4949 visiblepw sudoers flag is set.
4952 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
4955 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
4960 fix fallback value for RLIM_SAVED_MAX
4963 * auth/aix_auth.c, auth/sudo_auth.h:
4964 Move clearing of AUTHSTATE into aixauth_cleanup.
4967 * auth/aix_auth.c, env.c:
4968 Unset AUTHSTATE after calling authenticate() as it may not be
4969 correct for the user we are running the command as.
4973 Add isblank() function for systems without it. Needed for POSIX
4974 character class matching in fnmatch.c and glob.c.
4977 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
4980 expound on sudo and cd
4983 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
4989 * sudoers.cat, sudoers.man.in:
4994 mention defauts parse order
4997 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
4999 * Makefile.in, aclocal.m4, compat.h, configure:
5000 Add isblank() function for systems without it. Needed for POSIX
5001 character class matching in fnmatch.c and glob.c.
5005 add emul/charclass.h to HDRS
5008 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
5014 * defaults.c, parse.c, testsudoers.c, visudo.c:
5015 Move update_defaults into defaults.c and call it properly from
5016 visudo and testsudoers.
5019 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
5021 use zero_bytes() instead of memset() for consistency
5024 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
5026 Zero out sigaction_t before use in case it has non-standard entries.
5034 Short circuit glob() checks if basename(pattern) !=
5035 basename(command). Refactor code that checks for a command in a
5036 directory and use it in the glob case if the resolved pattern ends
5040 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
5042 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
5043 Defer setting runas defaults until after runaspw/gr is setup.
5046 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
5048 * match.c, sudo.c, testsudoers.c:
5049 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
5050 systems do not include space for the NUL in the size. Also manually
5051 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
5055 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
5057 * sudo.c, sudoers.pod:
5058 When setting the umask, use the union of the user's umask and the
5059 default value set in sudoers so that we never lower the user's umask
5060 when running a command.
5064 Don't try to read from a zero-length sudoers file. Remove the bogus
5065 Solaris work-around for EAGAIN. Since we now use fgetc() it should
5069 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
5072 In update_defaults() check the return value of user*_matches against
5073 ALLOW so we don't inadvertantly match on UNSPEC.
5076 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
5078 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
5079 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
5080 regen man pages; no more hyphenation
5084 Don't error out on a zero-length sudoers file. With the advent of
5085 #include the user could create a situation where sudo is unusable.
5088 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
5090 * auth/kerb5.c, config.h.in, configure, configure.in:
5091 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
5092 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
5093 all. Add configure tests to handle all the cases.
5096 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
5103 document sudoers_locale
5106 * sudo.pod, sudo_edit.c:
5107 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
5112 In fill_cmnd(), collapse any escaped sudo-specific characters.
5113 Allows character classes to be used in pathnames.
5116 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
5119 fix typo in non-C89 function declaration
5123 Mention POSIX characters classes now that out fnmatch() and glob()
5127 * sample.sudoers, sudoers.pod:
5128 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
5133 use __signed char if we are going to assign a negative value since
5134 on Power, char is unsigned by default
5137 * config.h.in, configure, configure.in:
5138 Add tests for __signed char and signed char.
5142 Fix AIX limit setting. getuserattr() returns values in disk blocks
5143 rather than bytes. The default hard stack size in newer AIX is
5144 RLIM_SAVED_MAX. From Dale King.
5147 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
5149 * emul/charclass.h, fnmatch.c, glob.c:
5150 Add character class support to included glob(3) and fnmatch(3).
5153 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
5156 Remove UCB advertising clause and some compatibility defines.
5159 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
5162 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
5163 or sudo. This allows one to set EDITOR to sudoedit without getting
5164 into an infinite loop of sudoedit running itself until the path gets
5168 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
5169 Add sudoers_locale Defaults option to override the default sudoers
5173 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
5176 Set locale to system default except for during sudoers parse.
5179 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
5182 Redo change in 1.34 to use pointer arithmetic.
5185 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
5188 Fix a dereference (read) of a freed pointer. Reported by Patrick
5192 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
5195 Set locale to "C" to avoid interpretation issues with character
5196 ranges in sudoers. May want to make the locale a sudoers option in
5200 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
5203 we no longer use setproctitle
5210 * LICENSE, mkstemp.c:
5211 Use my replacement mkstemp() from the mktemp package.
5214 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
5217 regen with yacc skeleton bug fixed
5221 Remove duplicate "as root". From Martin Toft.
5224 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
5226 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
5227 Flesh out the fake passwd entry used for running commands as a uid
5228 not listed in the passwd database. Fixes an issue with some PAM
5232 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
5235 Error out in -i mode if the user has no shell. This can happen when
5236 running commands as a uid with no password entry.
5239 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
5242 Better fix for line continuation inside double quotes. Now accepts
5243 whitespace between the backslash and the newline like the main
5247 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
5250 Fix line continuation in strings. It was only being honored if
5251 preceded by whitespace.
5254 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
5256 * config.h.in, configure, configure.in, logging.c:
5257 Replace the double fork with a fork + daemonize.
5260 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
5263 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
5266 * logging.c, sudo.c, sudo_edit.c, visudo.c:
5267 Change how the mailer is waited for. Instead of having a SIGCHLD
5268 handler, use the double fork trick to orphan the child that opens
5269 the pipe to sendmail. Fixes a problem running su on some Linux
5273 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
5275 * configure, configure.in:
5276 Fix configure test for dirfd() on Linux where DIR is opaque.
5279 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
5282 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
5283 this problem we'll need to revisit this again.
5286 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
5289 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
5290 we only block the signal it may be delivered later when we unblock.
5291 Also, there is no need to block SIGCHLD since we no longer do the
5292 double fork. The normal SIGCHLD handler is sufficient.
5295 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
5297 * configure, configure.in:
5298 Add description for NO_PAM_SESSION, from a redhat patch.
5301 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
5303 * sudo.cat, sudo.man.in, sudo.pod:
5304 Fix typos in -i usage
5307 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
5309 * configure, configure.in:
5310 Redo the test for dgettext() in a way that hopefully will work
5311 around the libintl_dgettext() undefined problem.
5314 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
5316 * schema.ActiveDirectory:
5317 change filename in comment
5320 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
5322 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
5324 Reference schema.ActiveDirectory
5327 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
5329 * schema.OpenLDAP, schema.iPlanet:
5330 Mark sudoRunAs as deprecated.
5333 * schema.ActiveDirectory:
5334 add sudoRunAsUser and sudoRunAsGroup
5337 * schema.ActiveDirectory:
5338 Active Directory schema by Chantal Paradis and Eric Paquet
5341 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
5344 remove an XXX that was fixed
5352 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
5353 fixes a problem where the tag value printed was influenced by
5354 defaults set in the first pass through the parser.
5357 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
5359 * Makefile.in, sudo.psf:
5360 No point in packaging the TODO file
5367 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
5369 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
5370 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
5371 Add env_file Defaults option that is similar to /etc/environment on
5375 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
5377 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
5378 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
5379 version.h, visudo.cat, visudo.man.in:
5380 change version to 1.7.0
5384 initial valgrind pass done
5387 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
5390 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
5393 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
5396 define LDAPS_PORT if the system headers do not
5399 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
5402 Fix another memory leak in init_parser().
5405 * configure, configure.in:
5406 There was a missing space before the ldap libs in SUDO_LIBS for some
5410 * alias.c, gram.c, gram.y, toke.c, toke.l:
5411 Clean up some memory leaks pointed out by valgrind.
5414 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
5417 fix "sudo -s" broken by mode/flags breakout
5420 * configure, configure.in:
5421 remove duplicate check for dgettext
5424 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
5427 Fall back to default stanza if no user-specific limit is found.
5430 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
5433 include stdint.h if present
5437 Use LLONG_MAX, not the old QUAD_MAX
5440 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
5446 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
5452 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
5458 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
5469 Split MODE_* defines into primary and flags.
5472 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
5475 It turns out the logic for getting AIX limits is more convoluted
5476 than I realized and differs depending on whether the soft and/or
5477 hard limits are defined.
5480 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
5482 * Makefile.in, configure, configure.in:
5483 Back out AIX-specific change to set the sudo_noexec path to the .a
5484 file, we do really want to use the .so file. Since libtool doesn't
5485 do that correctly, just install the .so file ourselves in the
5490 If the file given to install is a path, only use the basename of the
5491 file when building the destination path.
5494 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
5497 parse_args() cleanup: Sort command line options in the getopt()
5498 switch The -U option requires a parameter Normalize a few ISSET
5499 calls Split mode into mode and flags and retire the now-obsolete
5503 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
5505 Add -n (non-interactive) flag.
5509 Move version printing, etc. into a separate function.
5513 Don't try to cleanup nsswitch if it has not been initialized.
5516 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
5519 Block SIGPIPE in send_mail() so sudo is not killed by a problem
5520 executing the mailer.
5523 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
5525 * configure, configure.in:
5526 AIX shared libs end in .a, not .so.
5529 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
5532 Preserve HOME by default too. Matches documentation and previous
5536 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
5539 Use getopt() to parse the command line. We need to be able to
5540 intersperse env variables and options yet still honor "--"" which
5541 complicates things slightly.
5544 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
5550 * acsite.m4, configure, ltmain.sh:
5551 update to libtool-1.5.26
5554 * config.guess, config.sub:
5555 update from libtool-1.5.26 distribution
5559 attempt to fix compilation errors on AIX
5563 fix typo in last commit
5567 Add WHATSNEW file to the distribution
5571 use warningx instead of fprintf(stderr, ...)
5575 add DEBUG to list2tq
5586 * Makefile.in, aix.c, config.h.in, configure, configure.in,
5587 set_perms.c, sudo.h:
5588 Add aix_setlimits() to set resource limits on AIX using a
5589 combination of getuserattr() and setrlimit(). Currently untested.
5592 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
5594 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
5595 sudoers.man.in, sudoers.pod:
5596 Add mailfrom Defaults option that sets the value of the From: field
5597 in the warning/error mail. If unset the login name of the invoking
5602 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
5606 When adding a default, only call list2tq() once to do the list to tq
5607 conversion. It is not legal to call list2tq multiple times on the
5608 same list since list2tq consumes and modifies the list argument.
5611 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
5612 comment out XXXs for now
5619 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
5622 Error out if both -A and -S are specified Error out if -A is
5623 specified but no askpass is configured
5626 * configure, configure.in:
5627 we are not going to ship a sudo-specific askpass
5630 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
5633 fix definition of TGP_ASKPASS
5636 * def_data.c, def_data.in:
5637 make askpass boolean-capable
5641 document --with-askpass
5644 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
5645 sudoers.man.in, visudo.cat:
5649 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
5651 * sudo.pod, sudo_usage.h.in, sudoers.pod:
5652 document -A and askpass
5655 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
5656 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
5657 sudo_usage.h.in, tgetpass.c:
5658 Add support for running a helper program to read the password when
5659 no tty is present (or when specified with the -A flag). TODO: docs.
5662 * def_data.c, def_data.in:
5663 add missing printf format to SELinux role and type strings
5666 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
5668 * INSTALL, configure, configure.in:
5669 Disable use of gss_krb5_ccache_name() by default and add
5670 --enable-gss-krb5-ccache-name configure option to enable it. It
5671 seems that gss_krb5_ccache_name() doesn't work properly with some
5672 combinations of Heimdal and OpenLDAP.
5675 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
5678 Ignore setexeccon() failing in permissive mode. Also add a call to
5679 setkeycreatecon() (though this is probably insufficient). From Dan
5684 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
5685 function may be called for non-password reading purposes so we must
5686 be careful not to use def_prompt in cases where it may not be set.
5689 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
5692 Don't free the new tty context, we need to keep it around when we
5693 restore the tty context after the command completes
5696 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
5702 * sudo.man.pl, sudo.pod:
5703 Only put login_cap(3) in SEE ALSO section if we have login.conf
5707 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
5709 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
5710 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
5715 Substitute in comment characters for lines partaining to login.conf,
5716 BSD auth and SELinux and only enable them if pertinent.
5720 Substitute in comment characters for lines partaining to login.conf,
5721 BSD auth and SELinux and only enable them if pertinent.
5725 Substitute in comment characters for lines partaining to login.conf,
5726 BSD auth and SELinux and only enable them if pertinent.
5730 Substitute in comment characters for lines partaining to login.conf,
5731 BSD auth and SELinux and only enable them if pertinent.
5734 * Makefile.in, configure, configure.in:
5735 Substitute in comment characters for lines partaining to login.conf,
5736 BSD auth and SELinux and only enable them if pertinent.
5739 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
5740 Remove the =cut on the first line (above the copyright notice) to
5741 quiet pod2man. Also remove the hackery in the FILES section and
5742 just deal with the fact that there will a newline between each
5746 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
5749 run sudo.man.pl when generating sudo.man.in
5752 * configure, configure.in, sudo.man.pl:
5753 comment out SELinux manual bits unless --with-selinux was specified
5757 document role and type defaults for SELinux
5760 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
5761 Document "sudo -ll" and make "sudo -l -l" be equivalent.
5764 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
5766 * configure, configure.in:
5767 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
5768 Debian GNU/kFreeBSD.
5771 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
5774 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
5778 * logging.c, logging.h, sudo.c:
5779 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
5780 log_auth() into log_allowed() and log_denial() Replace mail_auth()
5781 with should_mail() and a call to send_mail()
5784 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
5787 Add debugging so we can tell if the krb5 ccache is accessible
5791 mention --with-selinux
5794 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
5804 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
5805 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
5806 testsudoers.c, toke.c, toke.l:
5807 Add support for SELinux RBAC. Sudoers entries may specify a role
5808 and type. There are also role and type defaults that may be used.
5809 To make sure a transition occurs, when using RBAC commands are
5810 executed via the new sesh binary. Based on initial changes from Dan
5815 Add support for SELinux RBAC. Sudoers entries may specify a role
5816 and type. There are also role and type defaults that may be used.
5817 To make sure a transition occurs, when using RBAC commands are
5818 executed via the new sesh binary. Based on initial changes from Dan
5822 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
5823 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
5824 pathnames.h.in, selinux.c:
5825 Add support for SELinux RBAC. Sudoers entries may specify a role
5826 and type. There are also role and type defaults that may be used.
5827 To make sure a transition occurs, when using RBAC commands are
5828 executed via the new sesh binary. Based on initial changes from Dan
5832 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
5834 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
5835 Add long list (sudo -ll) support for printing verbose LDAP and
5836 sudoers file entries. Still need to update manual.
5839 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
5841 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
5842 Unify the -l output for file and ldap based sudoers and use lbufs
5843 for both. The ldap output does not currently include options that
5844 cannot be represented as tags. This will be remedied in a long list
5845 output mode to come.
5848 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
5851 Use a specific error message for errno == EAGAIN when setuid() et al
5852 fails. On Linux systems setuid() will fail with errno set to EAGAIN
5853 if changing to the new uid would result in a resource limit
5858 Unlimit nproc on Linux systems where calling the setuid() family of
5859 syscalls causes the nroc resource limit to be checked. The limits
5860 will be reset by pam_limits.so when PAM is used. In the non-PAM
5861 case the nproc limit will remain unlimited but there doesn't seem to
5862 be a way around that other than having sudo parse
5863 /etc/security/limits.conf directly.
5866 * env.c, sudo.c, sudo.pod:
5867 Only read /etc/environment on Linux and AIX
5870 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
5872 * configure, configure.in:
5873 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
5874 ldap.conf and ldap.secret paths from going into config.h. Avoid
5875 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
5876 since in some versions of bash they will end up literally in the
5880 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
5883 mention --with-nsswitch=no
5886 * configure, configure.in:
5887 ldap_ssl.h depends on ldap.h being included first
5890 * config.h.in, configure, configure.in, ldap.c:
5891 Include ldap_ssl.h if we can find it. Needed for the
5892 ldapssl_set_strength defines on HP-UX at least.
5903 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
5904 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
5909 Use 78n line length when formatting cat pages.
5913 Remove redundant info that is now in sudoers.ldap.pod
5916 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
5918 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
5919 Reorganize the first section a bit. Substitute the proper path for
5923 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
5924 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
5925 schema into EXAMPLES
5928 * configure, configure.in:
5929 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
5933 * configure, configure.in:
5934 substitute for sudoers.ldap.man
5938 Fix cut & pasto introduced when adding sudoers.ldap man page.
5941 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
5942 Fill in some of the missing pieces. Still needs some reorganization
5946 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
5948 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
5950 Beginnings of a sudoers.ldap man page. Currently, much of the
5951 information is adapted from README.LDAP.
5954 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
5957 When copying gr_mem we must guarantee that the storage space for
5958 gr_mem is properly aligned. The simplest way to do this is to
5959 simply store gr_mem directly after struct group. This is not a
5960 problem for gr_passwd or gr_name as they are simple strings.
5964 Fix a typo/thinko in one of the calls to
5965 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
5968 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
5970 * config.h.in, configure, configure.in, ldap.c:
5971 include <mps/ldap_ssl.h> in ldap.c if available
5974 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
5977 Make sure we define SIZE_MAX for yacc's skeleton.c
5981 Use TCSAFLUSH when restoring terminal settings (and echo) to
5982 guarantee that any pending output is discarded
5985 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
5988 no longer need to specify SETENV when user has sudo ALL
5992 sync user_args size calculation with sudo.c Add -g group option,
5993 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
5998 Make set_runaspw static void
6001 * testsudoers.c, visudo.c:
6002 g/c set_runaspw stub
6005 * configure, configure.in:
6006 Don't add -llber twice.
6009 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
6015 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
6021 * configure, configure.in:
6022 Fix check that determines whether -llber is required.
6025 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
6026 For netscape-based LDAP, use ldapssl_set_strength() to implement the
6027 checkpeer ldap.conf option.
6031 Delay krb5_cc_initialize() until we actually need to use the cred
6032 cache, which is what krb5_verify_user() does. Better cleanup on
6036 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
6039 Rewrite verify_krb_v5_tgt() based on what heimdal's
6040 krb5_verify_user() does.
6043 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
6046 The U suffix on constants is an ANSI feature
6049 * configure, configure.in:
6050 Add check for ber_set_option() in -llber
6053 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
6056 default if no nsswitch.conf is files only
6059 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
6062 don't tell people to mail aaron about LDAP stuff
6066 timelimit and bind_timelimit
6074 Move ldap.secret reading into a separate function.
6078 user_runas -> runas_pw
6081 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
6087 * check.c, sudo.pod, sudoers.pod:
6088 Add and document the %p escape in the password prompt. Based on a
6089 patch from Patrick Schoenfeld.
6093 Check strlcpy() return values.
6097 refactor ldap binding code into sudo_ldap_bind_s()
6101 Make it clear that host and uri can take multiple parameters. URI is
6102 now supported for more than just openldap nsswitch.conf does't
6107 comment cleanup and update (c) year
6110 * parse.c, sudo_nss.c:
6111 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
6112 This should make it possible to build an LDAP-only sudo binary.
6115 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
6116 Improve chaining of multiple sudoers sources by passing in the
6117 previous return value to the next in the chain
6121 Free up parser data structures in sudo_file_close().
6125 Free up parser data structures in sudo_file_close().
6129 Parse uri ourself if no ldap_initialize() is present Use
6130 ldap_create() instead of deprecated ldap_init() Use
6131 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
6134 * config.h.in, configure, configure.in:
6135 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
6139 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
6141 * config.h.in, configure, configure.in:
6142 add check for ldap_create
6145 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
6147 * config.h.in, configure, configure.in, ldap.c:
6148 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
6149 dn using the mechanism appropriate for the LDAP SDK in use. Use
6150 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
6151 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
6158 * config.h.in, configure.in:
6159 fix typo in mtim_getnsec
6162 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
6164 * config.h.in, configure, configure.in:
6165 add check for st__tim in struct stat as used by SCO
6169 use ldap_search_ext_s instead of deprecated ldap_search_s
6172 * Makefile.in, TODO, sudo.cat, sudo.man.in:
6173 add sudo_nss.h to HDRS
6177 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
6181 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
6184 Use ldap_get_values_len()/ldap_value_free_len() instead of the
6185 deprecated ldap_get_values()/ldap_value_free().
6196 * gettime.c, sudo.c:
6197 Remove some already fixed XXXs
6201 Same return value as non-existent sudoers if LDAP was unable to
6206 mention /etc/environment
6209 * README.LDAP, UPGRADE, WHATSNEW:
6210 Update to reflect recent developments.
6214 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
6218 When building up a query don't list groups in the aux group vector
6219 that are the same as the passwd file group. On most systems the
6220 first gid in the group vector is the same as the passwd entry gid.
6224 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
6225 ldaprc and system defaults that could affect how LDAP works.
6228 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
6229 sudo_nss.c, sudo_nss.h:
6230 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
6231 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
6232 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
6233 file and --with-ldap-secret-file
6237 Honor def_ignore_local_sudoers
6240 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
6243 no longer need to check def_ignore_local_sudoers here
6247 Refactor group vector resetting into a function and also call it
6248 from display_cmnd. Stop after the first sucessful match in
6249 display_cmnd. Print a newline between each display_privs method.
6253 fix double free introduced in rev 1.218
6257 belt and suspenders; zero out result after freeing it
6260 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
6261 Refactor line reading into a separate function, sudo_parseln(),
6262 which removes comments, leading/trailing whitespace and newlines.
6263 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
6267 Make the inability to read the sudoers file a non-fatal error if
6268 there are other sudoers sources available. sudoers_file_lookup now
6269 returns "not OK" if sudoers was not present
6273 make it clear that the global options are from LDAP
6277 allocate proper amount of space for error string
6280 * sudo_nss.c, sudo_nss.h:
6281 actual sudo nss code
6284 * ldap.c, parse.c, sudo.c, sudo.h:
6285 nss-ify display_privs and display_cmnd.
6288 * defaults.c, parse.c, testsudoers.c, visudo.c:
6289 move update_defaults() to parse.c
6292 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
6293 Use nsswitch to hide some sudoers vs. ldap implementation details
6294 and reduce the number of #ifdef LDAP TODO: fix display routines and
6298 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
6300 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
6301 First cut at nsswitch.conf support. Further reorganizaton and
6302 related changes are forthcoming.
6305 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
6307 * env.c, pathnames.h.in, sudo.c, sudo.h:
6308 Add support for reading and /etc/environment file. Still needs to
6309 be documented and should probably only applies to OSes that have it
6310 (AIX and Linux, maybe others).
6317 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
6323 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
6330 Add an example sudoRole, clarify netscape vs. openldap a bit more
6334 Be clear on what is OpenLDAP vs. Netscape-derived
6337 * config.h.in, configure, configure.in, ldap.c:
6338 Use ldapssl_init() for ldaps support instead of trying to do it
6339 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
6340 and tls_key for cert7.db and key3.db respectively. Don't print
6341 debugging info for options that are not set. Add warning if
6342 start_tls specified when not supported.
6346 fix compilation on solaris
6350 add missing .h and .c files for missing lib objs
6353 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
6356 fix LDAP_OPT_NETWORK_TIMEOUT setting
6360 fix compilation on Solaris
6363 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
6365 * configure, configure.in:
6370 try to clear up which variables are for OpenLDAP and which are for
6371 netscape-derived SDKs
6374 * config.h.in, configure, configure.in, ldap.c:
6375 Add support for "ssl on" in both netscape and openldap flavors. Only
6376 the OpenLDAP flavor has been tested.
6379 * logging.c, sudo.c, sudo.h:
6380 Call cleanup() before exit in log_error() instead of calling
6381 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
6388 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
6390 * logging.c, sudo.c, sudo.h:
6391 Better ldap cleanup.
6395 Distinguish between LDAP conf settings that are connection-specific
6396 (which take an ld pointer) and those that are default settings
6400 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
6403 Improved warnings on error.
6407 Make ldap config table driven and set the config *after* we open the
6411 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
6414 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
6417 * configure, configure.in:
6418 some operating systems need to link with -lkrb5support when using
6422 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
6428 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
6432 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
6438 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
6439 add -g support for LDAP
6442 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
6444 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
6445 The -i and -s flags can now take an optional command.
6448 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
6450 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
6452 Add passprompt_override flag to sudoers that will cause the prompt
6453 to be overridden in all cases. This flag is also set when the user
6454 specifies the -p flag.
6458 Move setting of login class until after sudoers has been parsed. Set
6459 NewArgv[0] for -i after runas_pw has been set.
6462 * configure, configure.in:
6463 Move the dgettext check.
6466 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
6468 * auth/pam.c, config.h.in, configure, configure.in:
6469 Add basic support for looking up the string "Password: " in the PAM
6470 localized text db. This allows us to determine whether the PAM
6471 prompt is the default "Password: " one even if it has been
6474 TODO: concatenate non-std PAM prompts and user-specified sudo
6478 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
6480 * Makefile.in, config.h.in, configure, configure.in, parse.c,
6481 set_perms.c, sudo.c, sudo.h:
6482 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
6486 * acsite.m4, configure, interfaces.c, memrchr.c:
6487 Fix typos; Martynas Venckus
6490 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
6493 Don't assume runas_pw is set; it may not be in the -g case.
6496 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
6498 * logging.c, set_perms.c:
6499 Set aux group vector for PERM_RUNAS and restore group vector for
6500 PERM_ROOT if we previously changed it. Stash the runas group vector
6501 so we don't have to call initgroups more than once. Also add no-op
6502 check to check_perms.
6505 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
6507 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
6508 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
6509 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
6510 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
6511 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
6512 Add support for runas groups. This allows the user to run a command
6513 with a different effective group. If the -g option is specified
6514 without -u the command will be run as the current user (only the
6515 group will change). the -g and -u options may be used together.
6516 TODO: implement runas group for ldap improve runas group
6517 documentation add testsudoers support
6520 * configure, configure.in:
6521 fix setting of mandir
6524 * sudo.pod, sudoers.pod:
6525 document that ALL implies SETENV
6529 s/setenv_ok/setenv_implied/g
6533 hostname_matches() returns TRUE on match in sudo 1.7.
6537 use strcmp, not strcasecmp when comparing ALL
6541 Make sudo ALL imply setenv. Note that unlike with file-based
6542 sudoers this does affect all the commands in the sudoRole.
6545 * gram.c, gram.y, parse.c, parse.h:
6546 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
6547 it is not passed on to other commands in the list.
6551 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
6552 sudo_getpwuid() instead of getpwuid().
6555 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
6558 Expand on the dangers of not using visudo to edit sudoers.
6561 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
6564 Don't quote *?[]! on output since the lexer does not strip off the
6565 backslash when reading those in.
6568 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
6571 expand "u_foo" types to "unsigned foo" to avoid compatibility
6575 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
6578 Refactor log line generation in to new_logline().
6581 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
6587 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
6589 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
6591 Add configure check for struct in6_addr instead of relying on
6592 AF_INET6 since some systems define AF_INET6 but do not include IPv6
6596 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
6598 * configure, configure.in:
6599 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
6603 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
6605 * configure, configure.in:
6606 POSIX states that struct timespec be declared in time.h so check
6607 there regardless of the value of TIME_WITH_SYS_TIME.
6610 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
6613 Instead of defining a macro to call the appropriate method for
6614 turning on/off echo, just define tc[gs]etattr() and the related
6615 defines that use the correct terminal ioctls if needed. Also go back
6616 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
6619 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
6629 * INSTALL, auth/pam.c, config.h.in, configure.in:
6630 Add --disable-pam-session configure option to disable calling
6631 pam_{open,close}_session. May work around bugs in some PAM
6635 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
6642 Avoid printing the prompt if we are already backgrounded. E.g. if
6643 the user runs "sudo foo &" from the shell. In this case, the call
6644 to tcsetattr() will cause SIGTTOU to be delivered.
6647 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
6649 * def_data.c, def_data.h, def_data.in:
6650 Reorder things such that the definition of env_reset come right
6651 before the env variable lists.
6655 Shrink type and seqno in struct alias from int to u_short
6658 * alias.c, match.c, parse.c, parse.h:
6659 Add a sequence number in the aliases for loop detection. If we find
6660 an alias with the seqno already set to the current (global) value we
6661 know we've visited it before so ignore it.
6664 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
6666 * TODO, auth/pam.c, sudo.c, sudo.h:
6667 PAM wants the full tty path so add user_ttypath which holds the full
6668 path to the tty or is NULL if no tty was present.
6672 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
6676 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
6682 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
6683 parse.h, testsudoers.c, visudo.c:
6687 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
6690 remove some useless casts
6694 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
6695 predates the final C99 spec and the standard specifies that it shall
6696 include stdint.h anyway
6699 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
6701 * Makefile.in, alloca.c, configure.in:
6702 Since we ship with a pre-generated parser there is no need to ship a
6703 bogus alloca implementation.
6711 remove initial setting of CHECKSIA, we require that it be unset if
6724 only do SIA checks on Digital Unix
6727 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
6729 * sudoers.cat, sudoers.man.in:
6738 Remove call to krb5_cc_register() as it is not needed for modern
6746 * aclocal.m4, configure.in:
6747 New method for setting the default authentication type and avoiding
6748 conflicts in auth types.
6751 * match.c, parse.c, testsudoers.c:
6752 Each entry in a cmndlist now has an associated runaslist so no need
6753 to keep track of the most recent non-NULL one.
6756 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
6759 back out partial ldaps support mistakenly committed
6763 Add support for unix groups and netgroups in sudoRunas
6766 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
6769 Fix sudoedit of a non-existent file. From Tilo Stritzky.
6772 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
6779 update --passprompt escape info
6783 remove now-bogus comment and update copyright date
6787 Fix up use of with_passwd
6790 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
6791 Update to autoconf-2.61 andf libtool-1.5.24
6795 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
6798 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
6805 move tags and runaslist propagation to be earlier
6809 If -f flag given use the permissions of the original file as a
6814 prevent a double free() when re-initing the parser
6817 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
6823 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
6824 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
6825 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
6826 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
6827 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
6828 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
6829 Remove support for compilers that don't support void *
6836 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
6837 parse.c, parse.h, testsudoers.c, visudo.c:
6838 Move list manipulation macros to list.h and create C versions of the
6839 more complex ones in list.c. The names have been down-cased so they
6840 appear more like normal functions.
6844 Fix cmp command when regenerating parser. Make gram.o the first
6845 dependency for all programs so gram.h will be generated before
6846 anything that needs it.
6850 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
6853 * match.c, parse.c, testsudoers.c:
6854 Use LH_FOREACH_REV when checking permission and short-circuit on the
6855 first non-UNSPEC hit we get for the command. This means that
6856 instead of cycling through the all the parsed sudoers entries we
6857 start at the end and work backwards and quit after the first
6858 positive or negative match.
6865 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
6866 Change list head macros to take a pointer, not a struct.
6874 Propagate the runasspec from one command to the next in a cmndspec.
6877 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
6880 Replace has_meta() with a macro that calls strpbrk().
6886 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
6887 testsudoers.c, visudo.c:
6888 Use a list head struct when storing the semi-circular lists and
6889 convert to tail queues in the process. This will allow us to
6890 reverse foreach loops more easily and it makes it clearer which
6891 functions expect a list as opposed to a single member.
6893 Add macros for manipulating lists. Some of these should become
6896 When freeing up a list, just pop off the last item in the queue
6897 instead of going from head to tail. This is simpler since we don't
6898 have to stash a pointer to the next member, we always just use the
6899 last one in the queue until the queue is empty.
6901 Rename match functions that take a list to have list in the name.
6902 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
6906 Fix pasto, append "!" not negated (which is an int) for sudo -l
6911 Remove the dependency of gram .h on gram.y, the .c dependency is
6912 enough. Only move y.tab.h to gram.h if it is different; avoids
6913 needless rebuilding.
6916 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
6919 Defaults lines may be associated with lists of users, hosts,
6920 commands and runas users, not just single entries.
6923 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
6926 Revert the "cmp" portion of the last diff, it doesn't make sense.
6930 Remove *.lo for clean: When generating the parser, only move the
6931 generated files into place if they differ from the existing ones.
6934 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
6937 Replace IPV6 regexp with a much simpler (readable) one and add an
6938 extra check when it matches to make sure we have a valid address.
6942 Fix thinko introduced when merging IPV6 support.
6945 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
6956 mention #uid vs. comment pitfall
6960 Merge in a patch from the libtool cvs that fixes a problem with the
6961 latest autoconf. From Stepan Kasal.
6965 Back out he XOR swap trick, it is slower than a temp variable on
6974 Convert the tail queue to a semi-circle queue and use the XOR swap
6975 trick to swap the prev pointers during append.
6978 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
6981 remove useless statement
6985 Refactor #include parsing into a separate function and return
6986 unparsed chars (such as newline or comment) back to the lexer.
6989 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
6992 mention better uid support
6996 Users may now consist of a uid.
6999 * gram.c, gram.h, toke.c:
7004 Use lbuf_append_quoted() for sudo -l output to quote characters that
7005 would require quoting in sudoers.
7009 Add lbuf_append_quoted() which takes a set of characters which
7010 should be quoted with a backslash when displayed.
7014 Require that the first character after a comment not be a digit or a
7015 dash. This allows us to remove the GOTRUNAS state and treat
7016 uid/gids similar to other words. It also means that we can now
7017 specify uids in User_Lists and a User_Spec may now contain a uid.
7021 Replace RUNAS token with '(' and ')' tokens to make the runas
7022 portion of the grammar more natural.
7026 The BUGS file is history
7029 * Makefile.in, README:
7030 The BUGS file is history
7033 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
7036 Allow comments after a RunasAlias as long as the character after the
7037 pound sign isn't a digit or a dash.
7041 Glob support was back-ported to 1.6.9
7044 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
7047 remove sudo_usage.h in distclean
7051 If a Defaults value contains a blank, double-quote the string.
7055 Properly deal with Defaults double-quoted strings that span multiple
7056 lines using the line continuation char. Previously, the entire
7057 thing, including the continuation char, newline, and spaces was
7062 Be consistent when using single quotes and backticks.
7065 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
7067 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
7068 sudo.c, sudo_usage.h.in:
7069 Add new linebuf code to do appends of dynamically allocated strings
7070 and word-wrapped output. Currently used for sudo's usage() and sudo
7071 -l output. Sudo usage strings are now in sudo_usage.h which is
7072 generated at configure time.
7075 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
7077 * parse.c, sudo.c, sudo.h:
7078 Fix line wrapping in usage() and use the actual tty width instead of
7082 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7089 Mentioned Chris Jepeway's parser and also the new one that is in
7093 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
7095 * sudo.pod, visudo.pod:
7096 For the options list, add flag args where appropriate and increase
7097 the indent level so there is room for them.
7100 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
7103 Fix some spacing in "sudo -l" and add a comment about some bogosity
7104 in the line wrapping.
7107 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
7112 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
7113 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
7114 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
7115 testsudoers.c, toke.c, toke.l:
7116 Remove monitor support until there is a versino of systrace that
7117 uses a lookaside buffer (or we have a better mechanism to use).
7120 * config.h.in, configure, configure.in, sudo.c:
7121 use getaddrinfo() instead of gethostbyname() if it is available
7124 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
7127 Deal with OSes where sizeof(gid_t) < sizeof(int).
7131 repair non-getifaddrs() code after ipv6 integration
7135 If we can open sudoers but fail to read the first byte, close the
7136 file stream before trying again.
7139 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
7145 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
7146 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
7149 * sudo.pod, sudoers.pod, visudo.pod:
7150 Add some missing markup Update copyright
7153 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
7155 * configure, configure.in:
7156 fix sudo_noexec extension which got broken in the libtool update
7159 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
7162 explicitly specify -Tascii to nroff
7165 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
7168 remove an ANSI-ism that crept in
7171 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
7174 Adjust list indents Prevent -- from being turned into an em dash Use
7175 a list for the environment instead of a literal paragraph
7179 Use a list for the environment instead of an indented literal
7184 Adjust list indentation
7191 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
7194 mention that when specifying a uid for the -u option the shell may
7195 require that the # be escaped
7198 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
7201 Fix off by one in group matching.
7204 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
7207 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
7210 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
7212 * configure, configure.in:
7213 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
7217 * aclocal.m4, configure, configure.in:
7218 Fix link tests such that new gcc doesn't optimize away the test.
7221 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
7223 * sudo.pod, sudoers.pod, visudo.pod:
7224 add missing over/back
7227 * sudo.pod, sudoers.pod, visudo.pod:
7228 Change FILES section to use =item
7232 Add back allocation of the env struct in rebuild_env but save a copy
7233 of the old pointer and free it before returning.
7237 Don't init the private environment in rebuild_env() since it may
7238 have already been done implicitly sudo_setenv/sudo_unsetenv.
7240 Multiply length by sizeof(char *) in memcpy/memmove when copying the
7241 environment so we copy the full thing.
7243 Add missing set of parens so we deref the right pointer in
7244 sudo_unsetenv when searching for a matching variable.
7247 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
7249 * sudo.pod, sudoers.pod, visudo.pod:
7250 Use file markup for paths in the FILES section
7253 * sudo.pod, sudoers.pod, visudo.pod:
7254 Don't capitalize sudo/visudo
7258 Sort sudoers options; based on a diff from Igor Sobrado.
7261 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
7263 * sudo.pod, sudoers.pod, visudo.pod:
7264 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
7265 latter confuses pod2man. The Makefile rules for the .man.in file
7266 will add @mansectsu@ and @mansectform@ back in after pod2man is done
7270 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
7272 * LICENSE, Makefile.in, license.pod:
7273 Move license info to pod format
7276 * configure, configure.in, sudoers.pod:
7277 Substitute value of path_info into sudoers man page.
7281 remove features that were back-ported to 1.6.9
7284 * sudo.c, sudo.pod, visudo.c, visudo.pod:
7285 Sort SYNOPSIS and sync usage. From Igor Sobrado.
7289 Only need sudo_setenv/sudo_unsetenv if we are going to use
7290 ldap_sasl_interactive_bind_s() but don't have
7291 gss_krb5_ccache_name().
7295 rebuild without branch info
7299 Add ChangeLog target
7303 Run cleanup code if the user hits ^C at the password prompt.
7307 Some versions of pam_lastlog have a bug that will cause a crash if
7308 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
7312 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
7315 ChageLog not Changelog
7330 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
7332 * config.h.in, configure, configure.in, ldap.c:
7333 Add configure hooks for gss_krb5_ccache_name() and the gssapi
7337 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
7340 rebuild_env() and insert_env_vars() no longer return environment
7341 pointer, they set environ directly.
7343 No longer need to pass around an envp pointer since we just operate
7346 Add dosync argument to insert_env() that indicates whether it should
7347 reset environ when realloc()ing env.envp.
7349 Use an initial size of 128 for the environment.
7353 Split sudo_setenv() into an external version and a version only for
7354 use by rebuild_env().
7357 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
7360 Add support for using gss_krb5_ccache_name() instead of setting
7361 KRB5CCNAME. Also use sudo_unsetenv() in the non-
7362 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
7363 original environment. TODO: configure setup for
7364 gss_krb5_ccache_name()
7371 * README.LDAP, ldap.c:
7372 Add support for sasl_secprops in ldap.conf
7376 Add sudo_unsetenv() and refactor private env syncing code into
7380 * README.LDAP, ldap.c:
7381 The ldap.conf variable is sasl_auth_id not sasl_authid.
7384 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
7386 * ldap.c, sudo.c, sudo.h:
7387 Add support for krb5_ccname in ldap.conf. If specified, it will
7388 override the default value of KRB5CCNAME in the environment for the
7389 duration of the call to ldap_sasl_interactive_bind_s().
7393 Remove format_env() Add sudo_setenv() to replace most format_env() +
7394 insert_env() combinations. insert_env() no longer takes a struct
7399 Fix use_sasl vs. rootuse_sasl logic.
7402 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
7403 Add support for SASL auth when connecting to an LDAP server. Adapted
7404 from a diff by Tom McLaughlin.
7407 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
7409 * configure, configure.in:
7410 Only enable AIX or BSD auth if no other exclusive auth method has
7411 been chosen. Allows people to e.g., use PAM on AIX without adding
7412 --without-aixauth. A better solution is needed to deal with default
7413 authentication since if a non-exclusive method is chosen we will
7417 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
7419 * HISTORY, Makefile.in, history.pod:
7420 Generate HISTORY from history.pod (which is also used for web pages)
7423 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
7425 * sudo.man.in, sudoers.man.in:
7430 Better explanation of environment handling in the sudo man page.
7434 Defer setting user-specified env vars until after authentication.
7438 honor def_default_path for PATH set on the command line
7441 * env.c, sudo.c, sudo.pod, sudoers.pod:
7442 Allow user to set environment variables on the command line as long
7443 as they are allowed by env_keep and env_check. Ie: apply the same
7444 restrictions as normal environment variables. TODO: deal with
7448 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
7450 * sudo.c, sudo_edit.c:
7451 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
7452 Don't allow -E or env var setting in sudoedit mode. More accurate
7453 usage() when called as sudoedit.
7461 add -c option to sudoedit synopsis
7469 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
7470 value from {user,host,runas,cmnd}_matches(). Rename *matches
7471 variables -> *match. Purely cosmetic.
7475 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
7483 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
7486 Make pwcheck local to the pwflag block. Use pwcheck even if user
7487 didn't match since Defaults options may still apply.
7491 Do not update timestamp if user not validated by sudoers.
7495 for PERM_RUNAS, set the egid to the runas user's gid and restore to
7496 the user's original in PERM_ROOT
7499 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
7500 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
7505 don't check timestamp mtime if we are just going to remove it
7509 Move sudoers defaults parameters into their own section.
7513 Reduce a level of indent by a few placed continue statements.
7517 Make matching but negated commands/hosts/runas entries override a
7518 previous match as expected. Also reduce some levels of indent by a
7519 few placed continue statements.
7522 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
7525 Print default runas in "sudo -l" if sudoers don't specify one.
7529 Less hacky way of testing whether the domain was set.
7532 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
7535 Mention pam-devel and openldap-devel for Linux
7538 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
7544 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
7547 fix typo in Solaris project support
7555 Make -- on the command line match the manual page. The implied shell
7556 case has been simplified as a result.
7559 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
7562 add simplistic support for sudoRunas; note that if a sudoers entry
7563 contains multiple Runas users, all will apply to the sudoRole
7567 honor SETENV and NOSETENV tags
7570 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
7573 Redo setting of user_args. We now build up a private copy of argv
7574 first and then replace the NULs?with spaces.
7578 getcwd() returns NULL on failure, not 0 on success
7582 allow chunksiz to reach 1 before erroring out
7585 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
7590 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
7592 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
7593 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
7595 Add support for setting environment variables on the command line.
7596 This is only allowed if the setenv sudoers options is enabled or if
7597 the command is prefixed with the SETENV tag.
7601 replace Aaron's email address with the sudo-workers list
7608 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
7610 * schema.OpenLDAP, schema.iPlanet:
7611 Break schema out into separate files.
7614 * Makefile.in, README.LDAP:
7615 Break schema out into separate files.
7618 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
7621 free message if set by authenticate()
7625 deal with NULL gr_mem
7628 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
7635 add template for HAVE_PROJECT_H
7642 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
7645 mention --with-project
7648 * config.h.in, configure.in, sudo.c:
7649 Add Solaris 10 "project" support. From Michael Brantley.
7661 Fix preservation of LDFLAGS in the LDAP case.
7665 Remove dependecy on NULL
7672 * aclocal.m4, configure.in:
7673 Can't use the regular autoconf fnmatch() check since we need
7674 FNM_CASEFOLD so go back to our custom one.
7678 Fix preserving of variables in env_keep.
7686 expand upon env resetting and mention that it began in 1.6.9 not
7691 Update descriptions of env_keep and env_check to match current
7695 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
7698 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
7699 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
7703 Treat USERNAME environemnt variable like LOGNAME/USER
7707 Don't need to populate keepenv table with the contents of the
7712 Don't force sudo into the C locale.
7716 Make env_check apply when env_reset it true. Environment variables
7717 are passed through unless they contain '/' or '%'. There is no need
7718 to have a variable in both env_check and env_keep.
7721 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
7724 Remove an duplicate lock_file() call and add a comment.
7728 Add sudo 1.6.9 upgrade note.
7731 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
7734 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
7735 small. From Klaus Wagner.
7738 * logging.c, sudo.h:
7739 Redo the long syslog line splitting based on a patch from Eygene
7740 Ryabinkin. Include memrchr() for systems without it.
7744 Redo the long syslog line splitting based on a patch from Eygene
7745 Ryabinkin. Include memrchr() for systems without it.
7748 * Makefile.in, config.h.in, configure, configure.in:
7749 Redo the long syslog line splitting based on a patch from Eygene
7750 Ryabinkin. Include memrchr() for systems without it.
7754 Since we need to be able to convert timespec to timeval for utimes()
7755 the last 3 digits in the tv_nsec are not significant. This makes the
7756 sudoedit file date comparison work again.
7759 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
7761 * aclocal.m4, configure, configure.in:
7762 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
7763 This deals with exclusive authentication methods in a simple way.
7766 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
7769 mkstemp.c is BSD code too.
7772 * sudo.pod, sudoers.pod, visudo.pod:
7773 No commercial support for now.
7776 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
7779 cleanenv() is no more.
7782 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
7785 Display branch info in Changelog
7789 Include config.h early so we have it for TIME_WITH_SYS_TIME
7793 Fix Changelog generation and update.
7796 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7799 Use /proc/self/fd instead of /proc/$$/fd
7801 Move old-style fd closing into closefrom_fallback() and call that if
7802 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
7805 * auth/kerb5.c, config.h.in, configure.in:
7806 o use krb5_verify_user() if available instead of doing it by hand o
7807 use krb5_init_secure_context() if we have it o pass an encryption
7808 type of 0 to krb5_kt_read_service_key() instead of
7809 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
7813 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
7817 Fix closefrom() substitution in the Makefile
7821 Mention alternate sudo pronunciation.
7824 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
7827 Remove KRB5_KTNAME from environment. Allow COLORTERM.
7831 If we cannot get a valid service key using the default keytab it is
7832 a fatal error. Fixes a bug where sudo could be tricked into
7833 allowing access when it should not by a fake KDC. From Thor Lancelot
7837 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
7839 * aclocal.m4, configure, configure.in:
7840 Update long long checks to use AC_CHECK_TYPES and to cache values.
7843 * aclocal.m4, configure.in:
7844 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
7845 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
7849 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
7851 * configure, configure.in:
7852 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
7853 need it for visudo now too.
7856 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
7859 Attempt to clarify the bit talking about network numbers w/o
7864 Clarify timestamp dir ownership sentence.
7867 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
7870 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
7874 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
7877 -i is also one of the mutually exclusive options to list it in the
7878 warning message. Noted by Chris Pepper.
7881 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
7884 The sudoers variable is env_editor, not enveditor. From Jean-
7888 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
7891 I tracked down the original author so credit him and include his
7895 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
7897 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
7899 Fix typos; from Jason McIntyre.
7903 Restore signal mask before calling reapchild(). Fixes a possible
7904 race condition that could prevent sudo from properly waiting for the
7908 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
7911 Don't declare pw_free() if we are not going to use it.
7915 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
7916 LDR_PRELOAD64. The 64-bit version is not currently supported.
7917 Remove zero_env() prototype as it no longer exists.
7920 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
7923 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
7926 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
7929 If the user enters ^C at the password prompt, abort instead of
7930 trying to authenticate with an empty password (which causes an
7934 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7936 * closefrom.c, config.h.in, configure, configure.in:
7937 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
7942 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
7945 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
7947 * config.guess, config.sub:
7948 Update to latest versions from cvs.savannah.gnu.org
7951 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
7953 * pwutil.c, sudo_edit.c:
7954 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
7955 we can close the passwd/group files early.
7958 * config.h.in, configure, configure.in, set_perms.c:
7959 Add seteuid() flavor of set_perms() for systems without setreuid()
7960 or setresuid() that have a working seteuid(). Tested on Darwin.
7963 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
7966 systrace_read() returns ssize_t
7969 * configure, configure.in:
7970 Fix typo, -lldap vs. -ldap; from Tim Knox.
7973 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
7976 Fix typo; Matt Ackeret
7979 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
7982 Print sudoers path in -V mode for root.
7985 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
7988 Do a sub tree search instead of a base search (one level in the tree
7989 only) for sudo right objects. This allows system administrators to
7990 categorize the rights in a tree to make them easier to manage.
7993 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
7999 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
8002 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
8003 bind_timelimit support; adapted from gentoo.
8006 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
8009 Support comments that start in the middle of a line
8012 * configure, configure.in:
8013 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
8016 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
8019 Silence gcc -Wsign-compare; djm@openbsd.org
8022 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
8023 cleanup() now takes an int as an arg so it can be used as a signal
8028 Make a copy of the shell field in the passwd struct for NewArgv to
8029 avoid a use after free situation after sudo_endpwent() is called.
8032 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
8034 * config.h.in, configure, configure.in:
8035 Add mkstemp() for those poor souls without it.
8039 Add mkstemp() for those poor souls without it.
8043 Add mkstemp() for those poor souls without it.
8046 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
8049 Add PERL5DB to list of environment variables to remove.
8052 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
8054 * mon_systrace.c, mon_systrace.h:
8055 Instead of calling the check function twice with a state cookie use
8056 separate check/log functions.
8058 Check more ioctl() calls for failure.
8060 systrace_{read,write} now return the number of bytes read/written or
8065 Add more environment variables to remove; from gentoo linux Add some
8066 comments about what bad env variables go to what (more to do)
8069 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
8071 * sudo.c, sudo_edit.c:
8072 Move sudo_end{gr,pw}ent() until just before the exec since they free
8073 up our cached copy of the passwd structs, including sudo_user and
8074 sudo_runas. Fixes a use-after-free bug.
8078 Close all fd's before executing editor.
8082 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
8086 Fix fd leak when lecture file option is enabled. From Jerry Brown
8089 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
8092 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
8093 environment variables to remove. From Charles Morris
8096 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
8099 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
8102 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
8105 add PS4 and SHELLOPTS to initial_badenv_table for bash
8108 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
8111 Fix typo; Toby Peterson
8114 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
8117 Make return buffers static so they don't get clobbered
8120 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
8123 Fix securid5 authentication, was not checking for ACM_OK. Also add
8124 default cases for the two switch()es. Problem noted by ccon at
8128 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
8131 Remove ncat() in favor of just counting bytes and pre-allocating
8135 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
8138 Fix up some comments Add missing fclose() for the rootbinddn case
8142 align struct ldap_config
8146 use LINE_MAX for max conf file line size
8150 add _PATH_LDAP_SECRET
8154 Mention rootbinddn Give example ou=SUDOers container
8157 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
8159 * INSTALL, configure, configure.in, ldap.c:
8160 Support rootbinddn in ldap.conf
8163 * env.c, sudo.pod, sudoers.pod:
8164 Preserve DISPLAY environment variable by default.
8167 * acsite.m4, configure:
8168 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
8171 * acsite.m4, configure:
8172 set need_version=no for all cases; this is safe for LD_PRELOAD
8179 * configure, configure.in:
8184 Fix call to pam_end() when pam_open_session() fails.
8192 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
8193 ltsugar.m4 ltversion.m4
8196 * config.guess, config.sub, ltmain.sh:
8197 merge in local changes: config.guess: o better openbsd support
8198 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
8199 libs must begin with "lib" o don't print a bunch of crap about
8200 library installs o don't run ldconfig
8203 * config.guess, config.sub, ltmain.sh:
8208 Update with autoupdate and make minor changes for libtool 1.9f
8211 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
8214 don't call sudo_ldap_display_cmnd if ldap not setup
8217 * sudo_edit.c, visudo.c:
8218 Move declatation of struct timespec to its own include files for
8219 systems without it since it needs time_t defined.
8223 Move declatation of struct timespec to its own include files for
8224 systems without it since it needs time_t defined.
8228 Move declatation of struct timespec to its own include files for
8229 systems without it since it needs time_t defined.
8233 Move declatation of struct timespec to its own include files for
8234 systems without it since it needs time_t defined.
8237 * check.c, compat.h:
8238 Move declatation of struct timespec to its own include files for
8239 systems without it since it needs time_t defined.
8243 Don't set safe_cmnd for the "sudo ALL" case.
8246 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
8249 Call pam_open_session() and pam_close_session() to give pam_limits a
8250 chance to run. Idea from Karel Zak.
8253 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
8256 Add explicit cast from mode_t -> u_int in printf to silence warnings
8261 include grp.h to silence a warning on Solaris
8264 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
8267 Fix printing of += and -= defaults.
8270 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
8273 Sanity check number of syscall args with argsize. Not really needed
8274 but a little paranoia never hurts.
8277 * mon_systrace.c, mon_systrace.h:
8278 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
8279 for systrace lengths (since it uses int)
8282 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
8285 Add some memsets for paranoia Fix namespace collsion w/ error Check
8286 rval of decode_args() and update_env() Remove improper setting of
8290 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
8292 * parse.c, sudo.c, sudo.h:
8293 In -l mode, only check local sudoers file if def_ignore_sudoers is
8294 not set and call LDAP versions from display_privs() and
8295 display_cmnd() instead of directly from main(). Because of this we
8296 need to defer closing the ldap connection until after -l processing
8297 has ocurred and we must pass in the ldap pointer to display_privs()
8302 Reorganize LDAP code to better match normal sudoers parsing.
8303 Instead of storing strings for later printing in -l mode we do
8304 another query since the authenticating user and the user being
8305 listed may not be the same (the new -U flag). Also add support for
8308 There is still a fair bit if duplicated code that can probably be
8312 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8315 Replace pass variable with do_netgr for better readability.
8326 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8329 Add macro to test if the tag changed to improve readability.
8333 Avoid printing defaults header if there are no defaults to print...
8337 Fix a warning on systems without strlcpy().
8341 Use macros where possible for sudo_grdup() like sudo_pwdup().
8344 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
8347 It is possible for tv_usec to hold >= 1000000 usecs so add in
8351 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
8354 The component in krb5_principal_get_comp_string() should be 1, not 0
8355 for Heimdal. From Alex Plotnick.
8358 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
8360 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
8361 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
8362 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
8363 Add efree() for consistency with emalloc() et al. Allows us to rely
8364 on C89 behavior (free(NULL) is valid) even on K&R.
8368 Move initgroups() for -U option into display_privs() so group
8369 matching in sudoers works correctly.
8372 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8375 Removed duplicate call to ldap_unbind_s introduced along with
8380 Add missing space in Defaults printing
8383 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
8386 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
8390 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
8393 Zero old pw_passwd before replacing with version from shadow file.
8396 * configure, configure.in:
8397 Only attempt shadow password detection if PAM is not being used Add
8398 shadow_* variables to make shadow password detection more generic.
8402 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
8405 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
8408 use a non-breaking space to avoid a double space after e.g.
8412 commna, not colon after e.g.
8415 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
8418 Add __ variants of the exec functions. GNU libc at least uses
8419 __execve() internally.
8423 Match reality a bit more.
8427 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
8431 Store shadow password after making a local copy of struct passwd in
8432 case normal and shadow routines use the same internal buffer in
8436 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
8438 * alloc.c, logging.c:
8439 Make varargs usage consistent with the rest of the code.
8442 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
8445 Wrap more of the exec family since on Linux the others do not appear
8446 to go through the normal execve() path.
8450 make print_unused static like proto says
8454 silence a warning on K&R systems
8458 make this build in K&R land
8462 make this build in K&R land
8465 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
8471 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
8474 return(foo) not return foo optimize _atobool() slightly
8482 Reformat to match the rest of sudo's code.
8486 I am the primary author
8489 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
8491 * Makefile.in, README, RUNSON:
8492 The RUNSON file is toast--it confused too many people and really
8493 isn't needed in a configure-oriented world.
8497 alternate -> alternative
8501 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
8506 Allow leading blanks before Defaults and Foo_Alias definitions
8510 fix rules to build toke.o and gram.o in devel mode
8513 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
8516 env_keep overrides set_logname
8520 Fix disabling set_logname and make env_keep override set_logname.
8523 * compat.h, config.h.in, configure, configure.in:
8524 No longer need memmove()
8528 Just clean the environment once. This assumes that any further
8529 setenv/putenv will be able to handle the fact that we replaced
8530 environ with our own malloc'd copy but all the implementations I've
8534 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
8537 In -i mode, base the value of insert_env()'s dupcheck flag on
8538 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
8541 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
8544 Move setting of user_path, user_shell, user_prompt and prev_user
8545 into init_vars() since user_shell at least is needed there.
8548 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
8555 Fix some printf format mismatches on error.
8559 Fix some printf format mismatches on error.
8562 * configure, gram.c, toke.c:
8566 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
8567 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
8568 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
8569 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
8570 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
8571 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
8572 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
8573 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
8574 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
8575 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
8576 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
8577 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
8578 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
8579 visudo.pod, zero_bytes.c:
8580 Update copyright years.
8583 * Makefile.binary.in:
8584 Update copyright years.
8588 Update copyright years.
8591 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
8596 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
8599 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
8601 * compat.h, logging.h, sudo.h:
8602 Add __printflike and use it with gcc to warn about printf-like
8606 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
8608 * CHANGES, ChangeLog:
8609 Replaced CHANGES file with ChangeLog generated from cvs logs
8613 Use warning/error instead of perror/fatal.
8617 Update OpenBSD section
8621 Add upgrading noted for 1.7
8624 * env.c, sudo.c, sudoers.pod:
8625 Instead of zeroing out the environment, just prune out entries based
8626 on the env_delete and env_check lists. Base building up the new
8627 environment on the current environment and the variables we removed
8631 * config.h.in, configure, configure.in, sudo.c:
8632 Set locale to "C" if locales are supported, just to be safe.
8636 Cast?argument to ctype functions to unsigned char.
8639 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
8642 correct value for DID_USER
8645 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
8646 #include <compat.h> not "compat.h"
8650 Reset the environment by default.
8654 Alloc an extra slot in NewArgv. Removes the need to malloc an new
8655 vector if execve() fails.
8658 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
8660 * INSTALL, config.h.in, configure, configure.in, sudo.c:
8661 Use execve(2) and wrap the command in sh if we get ENOEXEC.
8664 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
8667 Only include time.h on systems that lack struct timespec which gets
8668 defind in compat.h (using time_t).
8672 Include time.h for time_t in compat.h for systems w/o struct
8676 * compat.h, config.h.in, configure, configure.in:
8677 use bcopy on systems w/o memmove
8681 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
8686 Add explicit rule to build sudo_noexec.lo
8689 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
8691 * INSTALL.configure, Makefile.in:
8692 No longer depend on VPATH; pointed out a bunch of missed
8697 Help for PAM when account section is missing
8701 Give user a clue when there is a missing "account" section in the
8706 Better error handling.
8709 * config.h.in, configure, configure.in:
8710 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
8711 possible. Silences a warning about isblank() on linux.
8715 Fix typo (missing comma) that caused an incorrect number of args to
8716 be passed to log_error().
8719 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
8722 Don't try to destroy a tree we didn't create.
8725 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
8727 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
8728 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
8729 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
8730 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
8731 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
8732 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
8733 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
8734 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
8735 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
8736 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
8737 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
8738 Add __unused to rcsids
8741 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
8743 * configure, configure.in:
8744 Fix error message when mixing invalid auth types
8748 PAM, AIX auth, BSD auth and login_cap are now on by default if the
8752 * auth/sudo_auth.h, config.h.in:
8753 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
8757 Better checking for conflicting authentication methods Display the
8758 authentication methods used at the end of configure Rename --with-
8759 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
8760 --with-pam, --with-logincap by default on systems that support them
8761 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
8762 OSREV has full version number
8765 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
8767 * def_data.c, def_data.in, sudo.c, sudoers.pod:
8771 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
8774 Replace: test -n "$FOO" || FOO="bar"
8776 With: : ${FOO='bar'}
8779 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
8781 * pwutil.c, testsudoers.c, tsgetgrpw.c:
8782 Use function pointers to only call private passwd/group routines
8783 when using a nonstandard passwd/group file.
8786 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
8793 Can't use strtok() since it doesn't handle empty fields so add
8794 getpwent()/getgrent() functions and call those.
8797 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
8800 Fix dummied out toke.c and gram.c dependencies.
8804 Rename PARSESRCS -> GENERATED since it is only used in the clean
8805 target Add devdir variable and use it to specify the path to parser
8814 Add a devdir variables that defaults to $(srcdir) and is set to . if
8815 --devel was specified. Allows for proper dependecies building the
8820 Add support for custom passwd/group files.
8824 Build private copy of pwutil.o for testsudoers with MYPW defined so
8825 it uses our own passwd/group routines.
8829 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
8830 stubs instead. We can now just use the caching sudo_*{pw,gr}*
8831 functions in pwutil.c Add comment about wanting to call
8832 sudo_endpwent/sudo_endgrent in cleanup()
8836 Remove caching; we will just use what is in pwutil.c Use global
8837 buffers for passwd/group structs Rename functions from sudo_* to
8841 * logging.c, sudo.c:
8842 g/c pwcache_init/pwcache_destroy
8846 Undo last commit and add sudo_setspent and sudo_endspent instead.
8849 * getspwuid.c, pwutil.c:
8850 Move all but the shadow stuff from getspwuid.c to pwutil.c and
8851 pwcache_get and pwcache_put as they are no longer needed. Also add
8852 preprocessor magic to use private versions of the passwd and group
8853 routines if MYPW is defined (for use by testsudoers).
8857 zero out struct passwd/group before filling it in so if there are
8858 fields we don't handle they end up as 0.
8861 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
8866 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
8871 Passwd and group lookup routines for testsudoers that support
8872 alternate passwd and group files.
8875 * getspwuid.c, pwutil.c:
8876 Split off pw/gr cache and dup code into its own file. This allows
8877 visudo and testsudoers to use the pw/gr cache too.
8880 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
8883 Print Defaults info in "sudo -l" output and wrap lines based on the
8887 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
8889 * match.c, testsudoers.c, visudo.c:
8890 Only check group vector in usergr_matches() if we are matching the
8891 invoking or list user. Always check the group members, even if
8892 there was a group vector.
8895 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
8897 * LICENSE, Makefile.in, fnmatch.3:
8898 No longer bundle fnmatch.3
8905 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
8912 Sort command line options
8915 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
8916 sudo.pod, sudoers.pod:
8917 Add closefrom sudoers option to start closing at a point other than
8918 3. Add closefrom_override sudoers option and -C sudo flag to allow
8919 the user to specify a different closefrom starting point.
8923 Add _PATH_DEVNULL for those without it.
8927 no more UCB strcasecmp
8931 replace BSD licensed one with version derived from pdksh
8934 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
8941 Make sure stdin, stdout and stderr are open and dup them to
8945 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
8947 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
8951 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
8952 Use TIME_WITH_SYS_TIME
8955 * config.h.in, configure, configure.in:
8956 Add TIME_WITH_SYS_TIME_H
8959 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
8962 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
8963 unconditionally on darwin. From Toby Peterson.
8967 Check rbinsert() return value. In the case of faked up entries
8968 there is usually a negative response cached that we need to
8971 In pwfree() don't try to zero out a NULL pw_passwd pointer.
8975 Use the double fork trick to avoid the monitor process being waited
8976 for by the main program run through sudo.
8979 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
8982 Call initgroups() in -U mode so group matches work normally.
8985 * def_data.h, mkdefaults:
8986 Don't print a trailing comma for the last entry in enum def_tupple
8989 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
8991 * sudoers.cat, sudoers.man.in, sudoers.pod:
8992 Mention values when lecture, listpw and verifypw are used in boolean
8996 * def_data.c, def_data.in:
8997 verifypw when used in a boolean TRUE context should be "all", not
9001 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
9003 * def_data.in, defaults.c:
9004 Allow tuples that can be used as booleans to be used as boolean
9005 TRUE. In this case the 2nd possible value of the tuple is used for
9009 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
9011 * configure, configure.in:
9012 Correct the test for 2-parameter timespecsub
9016 Add strub struct definitions for passwd, timeval and timespec
9019 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
9020 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
9021 and fix a typo in the gettimeofday check.
9024 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
9026 * match.c, testsudoers.c:
9027 Deal with user_stat being NULL as it is for visudo and testsudoers.
9030 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
9031 Add -U option to use in conjunction with -l instead of -u. Add
9032 support for "sudo -l command" to test a specific command.
9035 * gram.c, gram.y, sudo.c:
9036 Set safe_cmnd after sudoers_lookup() if it has not been set.
9037 Previously it was set by sudo "ALL" in the parser but at that point
9038 the fully-qualified pathname has not yet been found.
9041 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
9043 * parse.c, testsudoers.c:
9044 Correctly handle multiple privileges per userspec and runas
9048 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
9051 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
9054 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
9057 make per-command defaults work with sudoedit
9060 * ldap.c, parse.c, sudo.c, sudo.h:
9061 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
9062 Instead, we just set the approriate defaults variable.
9065 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
9066 Document per-command Defaults.
9069 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
9070 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
9071 Add support for command-specific Defaults entries. E.g.
9072 Defaults!/usr/bin/vi noexec
9075 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
9076 Change an occurence of user_matches() -> runas_matches() missed
9077 previously runas_matches(), host_matches() and cmnd_matches() only
9078 really need to pass in a list of members. user_matches() still
9079 needs to pass in a passwd struct because of "sudo -l"
9083 Check def_authenticate, def_noexec and def_monitor when setting
9084 return flags. XXX May be better to just set the defaults directly
9085 and get rid of those flags.
9088 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
9089 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
9090 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
9091 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
9092 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
9093 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
9094 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
9095 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
9096 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
9097 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
9098 visudo.c, zero_bytes.c:
9099 Use: #include <config.h> Not: #include "config.h" That way we get
9100 the correct config.h when build dir != src dir
9104 Back out part of rev 1.263; fix -I order
9108 More robust parsing if #include; could be much better still.
9111 * sudo_edit.c, visudo.c:
9112 Make arg splitting in visudo and sudoedit consistent.
9115 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
9116 Split alias routines out into their own file.
9120 __attribute__ is already defined in compat.h
9124 quit() should not be __noreturn__ as it is non-void on some
9128 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
9129 Add local error/warning functions like err/warn but that call an
9130 additional cleanup routine in the error case. This means we no
9131 longer need to compile a special version of alloc.o for visudo.
9135 Clarify comments about the data structures
9138 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
9141 Add support for VISUAL and EDITOR containing command line args. If
9142 env_editor is not set any args in VISUAL and EDITOR are ignored.
9143 Arguments are also now supported in def_editor.
9146 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
9149 alias_matches() is no more
9157 When regenerating the parser, don't replace gram.h unless it has
9162 remove Makefile.binary for distclean
9166 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
9167 sure we can't overflow new_env.
9171 paranoia when stripping trailing slashes from tempdir.
9175 Set user_ngroups to 0 if getgroups() returns an error.
9178 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
9180 * config.h.in, configure, configure.in, sudo.c:
9181 Add configure check for getgroups()
9185 Use supplementary group vector in struct sudo_user.
9189 Only do string comparisons on the group members if there is no
9190 supplemental group list.
9198 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
9199 chop off any trailing slashes we see and add an explicit one.
9203 remove bogus XXX comment
9207 Get rid of alias_matches and correctly fall through to the non-alias
9208 cases when there is no alias with the specified name.
9212 Cache non-existent passwd/group entries too.
9223 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
9224 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
9225 Implement group caching and use the passwd and group caches
9229 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
9232 Properly negate the return value of alias_matches() when
9237 Make hostname_matches() return TRUE for a match, else FALSE like the
9242 Add missing dependencies on gram.h
9246 Use runas_matches in alias_matches() now that we have it.
9250 Expand aliases in "sudo -l" mode
9254 Use ALIAS for the member type when storing an alias instead of
9255 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
9256 more generic type. Expand runas_matches instead of calling
9257 user_matches() inside of it since user_matches() looks up
9258 USERALIASes, not RUNASALIASes.
9261 * CHANGES, getspwuid.c:
9262 Paranoia; zero out pw_passwd before freeing passwd entry.
9265 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
9266 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
9267 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
9268 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
9269 Add local error/warning functions like err/warn but that call an
9270 additional cleanup routine in the error case. This means we no
9271 longer need to compile a special version of alloc.o for visudo.
9275 Use userpw_matches() to compare usernames, not strcmp(), since the
9276 latter checks for "#uid".
9279 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
9280 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
9281 the other by user name. The data returned from the cache should be
9282 considered read-only and is destroyed by sudo_endpwent().
9290 missing free in alias_destroy
9294 Can't use rbapply() for rbdestroy since the destructor is passed a
9295 data pointer, not a node pointer.
9298 * getspwuid.c, logging.c, sudo.c, sudo.h:
9299 Create and use private versions of setpwent() and endpwent() that
9300 set/end the shadow password file too.
9303 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
9304 Store aliases in a red-black tree.
9307 * Makefile.in, redblack.c, redblack.h:
9308 red-black tree implementation
9312 Edit all sudoers file if there were unused or undefined aliases and
9313 we are in strict mode.
9316 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
9318 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
9319 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
9320 Bring back the "secure_path" Defaults option now that Defaults take
9321 effect before the path is searched.
9324 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
9326 * logging.c, parse.c:
9327 A user can always list their own entries, even with -u. Better error
9328 message when failing to list another user's entries.
9331 * parse.c, sudo.c, sudo.h:
9332 The syntax to list another user's entries is now "-u otheruser -l".
9333 Only root or users with sudo "ALL" may list other user's entries.
9336 * sudo.cat, sudo.man.in, sudo.pod:
9337 Update env variable info in SECURITY NOTES
9345 strip exported bash functions from the environment.
9348 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
9351 Only reset sudo_user.pw based on SUDO_USER environment variables for
9352 real commands and sudoedit. This avoids a confusing message when a
9353 user tries "sudo -l" or "sudo -v" and is denied.
9356 * gram.c, gram.y, parse.h:
9357 Extend LIST_APPEND to deal with appending lists too
9360 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
9363 Convert some bitwise AND to ISSET
9367 toke.c replaces lex.yy.c
9375 new parser fixes most of the outstanding bugs
9383 Rework for the new parser. Now checks for unused aliases in sudoers.
9387 Rewrite for the new parser. Now supports a -d flag (dump) and adds
9388 a -h flag (host). It now defaults to the local hostname unless
9389 otherwise specified.
9393 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
9397 Update for new parse. We now call find_path() *after* we have
9398 updated the global defaults based on sudoers. Also adds support for
9399 listing other user's privs if you are root.
9403 Working LDAP support; also remove a now-unneeded rewind().
9406 * logging.c, logging.h:
9411 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
9412 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
9413 connecto to LDAP, apply the default options, find the command in the
9414 user's path, and then check whether the user is allowed to run it.
9415 The important thing here is that the default runas user may be
9416 specified as a default option and that needs to be set before we
9417 search for the command.
9421 Add casts to unsigned char for isspace() to quiet a gcc warning.
9425 Add prototype for update_defaults()
9429 Don't warn about line numbers now that we operate on a set of data
9430 structures (or LDAP) and not a file.
9434 No long use lsearch()
9438 Update for new and changed file names.
9442 no more BSD lsearch.c
9446 foo_matches() routines now live in match.c Added user_matches(),
9447 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
9448 that operate on the parsed sudoers file.
9451 * parse.lex, toke.l:
9452 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
9453 WORD no longer needs to exclude '@' kill yywrap()
9456 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
9458 Rewritten parser that converts sudoers into a set of data
9459 structures. This eliminates ordering issues and makes it possible to
9460 apply sudoers Defaults entries before searching for the command.
9463 * configure.in, emul/search.h, lsearch.c:
9464 We won't be using lsearch() any longer.
9468 sudo should not send mail if someone who runs 'sudo -l' has no
9472 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
9478 Update warnings to match new visudo
9482 The new parser doesn't have the old ordering constraints.
9486 Document that -l now takes an optional username argument
9489 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
9496 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
9497 a compilation problem with Solaris 9's native LDAP.
9499 Set FLAG_MONITOR when needed.
9502 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
9505 Call sudo_goodpath() *after* changing the cwd to match the traced
9506 process. Fixes relative paths.
9509 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
9512 Kill set_perms() stub--it is no longer needed.
9515 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
9517 * sudoers.cat, sudoers.man.in, sudoers.pod:
9518 stay_setuid now requires set_reuid() or setresuid()
9521 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
9522 configure.in, set_perms.c, sudo.c, sudo.h:
9523 Kill use of POSIX saved uids; they aren't worth bothering with.
9526 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
9529 remove call to issetugid()
9532 * sudoers.cat, sudoers.man.in, sudoers.pod:
9533 Remove warning about wildcards. Now that we use glob() the bug is
9538 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
9539 each result that matches the basename of the user's command. This
9540 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
9541 /usr/bin/blah. Fixes bug #143.
9544 * config.h.in, configure, configure.in:
9545 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
9549 * config.h.in, configure, configure.in:
9550 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
9558 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
9563 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
9567 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
9570 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
9571 means we are out of space in the stack gap...
9579 Take a stab at ldap sudoers support here.
9582 * mon_systrace.c, mon_systrace.h:
9583 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
9584 doesn't cause reboot to inadvertanly kill itself.
9588 put "monitor" in the proctitle, not "systrace"
9592 When modifying the environment, don't replace envp when we can get
9593 away with just rewriting pointers in the traced process.
9596 * mon_systrace.c, mon_systrace.h:
9597 Add environment updating via STRIOCINJECT (if available).
9600 * sudoers.cat, sudoers.man.in:
9604 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
9611 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
9615 Include file is now mon_systrace.h
9618 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
9619 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
9620 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
9621 No longer call it tracing, it is now "monitoring" which should be
9622 more a obvious name to non-hackers.
9625 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
9627 * mon_systrace.c, mon_systrace.h:
9631 * mon_systrace.c, mon_systrace.h:
9632 No need to include syscall.h, use 1024 as the max # of entries (the
9633 max that systrace(4) allows).
9635 Only need to use SYSTR_POLICY_ASSIGN once
9637 Change check_syscall() -> find_handler() and have it return the
9638 handler instead of just running it. We need this since handler now
9639 have two parts: one part that generates and answer and another that
9640 gets called after the answer is accepted (to do logging).
9642 Add some missing check_exec for emul execv
9645 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
9650 Add missing HAVE_LINUX_SYSTRACE_H
9654 add trace_systrace.o dependency
9657 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
9659 * configure, configure.in:
9660 Also look for systrace.h in /usr/include/linux
9663 * mon_systrace.c, mon_systrace.h:
9664 Move all struct defs and prototypes into trace_systrace.h and mark
9665 all but systace_attach() static.
9668 * mon_systrace.c, mon_systrace.h:
9669 Add support for tracing emulations. At the moment, all emulations
9670 are compiled in. It might make sense to #ifdef them in the future,
9671 though this impeeds readability.
9674 * Makefile.in, configure, configure.in:
9675 rename systrace.c -> trace_systrace.c
9678 * parse.yacc, sudo.tab.c:
9679 Allow this to build with a K&R compiler again
9686 * compat.h, sudo.c, visudo.c:
9687 Use __attribute__((__noreturn__))
9691 Exit() takes a negative value to indicate it was not called via
9695 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
9700 * Makefile.in, visudo.c:
9701 Define Err() and Errx() that are like err() and errx() but call
9702 Exit() instead of exit(). Build private copy of alloc.o for visudo
9703 that calls Err() and Errx().
9706 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
9708 * lex.yy.c, sudo.tab.c:
9717 Overhaul visudo for editing multiple files: o visudo has been
9718 broken out into functions (more work needed here) o each file is
9719 now edited before sudoers is re-parsed o if a #include line is
9720 added that file will be edited too
9722 TODO: o cleanup temp files when exiting via err() or errx() o
9723 continue breaking things out into separate functions
9726 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
9727 Add keepopen arg to open_sudoers that open_sudoers can use to
9728 indicate to the caller that the fd should not be closed when it is
9729 done with it. To be used by visudo to keep locked fds from being
9730 closed prematurely (and thus losing the lock).
9733 * parse.yacc, sudo.c:
9734 Add errorfile global that contains the name of the file that caused
9739 return COMMENT to yacc grammar for a #include line
9743 Remove us of unput() in favor of yyless() which is cheaper.
9747 Allow an empty sudoers file.
9750 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
9753 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
9756 * lex.yy.c, sudo.tab.c:
9761 Do signal setup before calling edit_sudoers(). Don't shadow the
9766 If a sudoers file includes other files, edit those too. Does not yes
9767 deal with creating the new includes files itself.
9771 init_parser now takes a path
9774 * parse.c, parse.h, parse.lex, parse.yacc:
9775 More scaffolding for dealing with multiple sudoers files: o
9776 init_parser() now takes a path used to populate the sudoers global
9777 o the sudoers global is used to print the correct file in yyerror()
9778 o when switching to a new sudoers file, perserve old file name and
9782 * Makefile.in, pathnames.h.in:
9783 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
9784 multiple sudoers files.
9788 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
9789 we start at the right file position when reading include files.
9801 Add max depth of 128 for the include stack to avoid loops.
9803 Since yyerror() doesn't stop parsing, pass return values back to
9804 yylex and call yyterminate() on error.
9807 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
9814 Mention PREVENTING SHELL ESCAPES section of sudoers man page
9817 * lex.yy.c, sudo.tab.c:
9822 Add support for #include in sudoers (visudo support TBD)
9826 make yyerror()'s argument const
9829 * testsudoers.c, visudo.c:
9830 Add open_sudoers() stubs.
9834 Rename check_sudoers() open_sudoers() and make it return a FILE *
9837 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
9839 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
9844 * Makefile.in, sudo.psf:
9845 Better HP-UX depot construction
9848 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
9851 o Made children global so check_exec() can lookup a child. o
9852 Replaced uid in struct childinfo with struct passwd * (for runas) o
9853 new_child() now takes a parent pid so the runas info can be
9854 inherited o Added find_child() to lookup a child by its pid o
9855 update_child() now fills in a struct passwd o Converted the big
9856 if/else mess in set_policy to a switch o Syscalls that change uid
9857 are now "ask" so we get SYSTR_MSG_UGID events
9861 Add flag to sudo_pwdup that indicates whether or not to lookup the
9862 shadow password. Will be used to a struct passwd that has the
9863 shadow password already filled in.
9867 add missing increment of addr in read_string()
9871 Remove bogus call to update_child() and some cosmetic fixes
9875 Don't leak /dev/systrace fd to tracee Make initialized global for
9876 simplicity If STRIOCATTACH returns EBUSY we are already being traced
9877 Check for user_args == NULL in setproctitle() call Add missing calls
9882 g/c sudo_pwdup proto
9885 * Makefile.in, sudo.psf:
9886 Add target for building a depot file
9893 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
9895 * lex.yy.c, sudo.tab.c, sudo.tab.h:
9900 document --with-systrace
9903 * config.h.in, configure, configure.in:
9904 Add check for setproctitle
9908 pass struct str_msg_ask in to syscall checker so it can set the
9913 systrace(4) support for sudo. On systems with the systrace(4)
9914 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
9915 intercept exec calls and check the exec args against the sudoers
9916 file. In other words, sudo can now control subcommands and shell
9921 Call systrace_attach() if FLAG_TRACE is set.
9924 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
9925 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
9929 Don't close sudoers_fp, keep it open and set close on exec flag
9933 * def_data.c, def_data.h, def_data.in:
9942 SunOS /bin/sh blows up with configure
9945 * configure, configure.in:
9946 Include sys/param.h before systrace.h
9958 line up options in --help
9961 * config.h.in, configure.in:
9965 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
9971 * aclocal.m4, configure.in:
9972 make this work with autoconf-2.59
9975 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
9978 Simplify logic around open & stat of files and do sanity on edited
9979 file even if we lack fstat (still racable but worth doing).
9982 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
9990 [b84ebfaf1552] [SUDO_1_6_8p1]
9993 more changes for 1.6.8p1
10000 * CHANGES, sudo_edit.c:
10001 Add sanity check so we don't try to edit something other than a
10005 2004-09-15 Aaron Spangler <aaron777@gmail.com>
10012 document --with-ldap-conf-file
10015 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
10017 * CHANGES, ins_csops.h:
10018 political correctness strikes again
10025 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
10027 * Makefile.binary.in, Makefile.in:
10028 Install sudoedit man link
10032 Update PAM note and mention where HP-UX users can download gcc
10037 libtool wants to install stuff from .libs so fake one up for binary
10041 * Makefile.binary.in:
10042 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
10046 Deal with "uname -m" having slashes in it rm -f old sudoedit link
10047 instead of using ln -f
10050 * Makefile.binary, Makefile.binary.in:
10051 Makefile.binary -> Makefile.binary.in for config.status substitution
10052 Add support for installing noexec bits
10056 Copy noexec bits into binary dists too No longer use my old arch
10057 script for making binary dists
10061 Install sudoedit link.
10064 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
10067 avoid __P so there is no need for compat.h to be included
10071 Don't use HAVE_UTIME_H before including config.h.
10074 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
10077 Fix Solatis futimes macro
10080 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
10083 Rename ots -> omtim for improved readability.
10086 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
10089 Redo changes in revision 1.7. Don't really need to keep the temp
10090 file open; re-opening it with the invoking user's euid is
10098 * sudo.cat, sudo.man.in:
10103 back out revision 1.70; it is no long applicable
10107 Let the loader initialize nep
10110 * config.h.in, configure, configure.in:
10111 Removed unneed check for fchown Add check for gettimeofday Move
10112 autoheader template stuff into separate AH_TEMPLATE lines
10115 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
10116 Use timespec throughout.
10124 function to return the current time in a struct timespec
10128 Not a darpa-sponsored file.
10131 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
10133 * compat.h, config.h.in, configure, configure.in:
10134 Add a check for struct timespec and provide it for those without.
10137 * config.h.in, configure, configure.in, sudo_edit.c:
10138 Add checks for st_mtim and st_mtimespec and add macros for pulling
10139 the mtime sec and nsec out of struct stat. These are used in
10140 sudo_edit() to better tell whether or not the file has changed.
10143 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
10144 Add an extra param to touch() for nsec
10148 Call mkstemp() as the in invoking user so we don't have to chown the
10149 file later. Only touch() the temp file if we can do it via the file
10150 descriptor. Don't check for modification of the temp file if we lack
10151 fstat(). Catch errors read()ing the temp file.
10155 If path is NULL and fd == -1 return -1.
10159 closefrom() is overkill, the only extra fds are the ones we opened
10160 so just close those in the child.
10163 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
10164 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
10166 Use utimes() and futimes() instead of utime() in touch(), emulating
10167 as needed. Not all systems are able to support setting the times of
10168 an fd so touch() takes both an fd and a file name as arguments.
10171 2004-09-07 Aaron Spangler <aaron777@gmail.com>
10177 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10179 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
10184 * sudo.pod, sudoers.pod, visudo.pod:
10185 Add SUPPORT section and re-order some of the sections to match the
10186 order we use in OpenBSD.
10189 2004-09-06 Aaron Spangler <aaron777@gmail.com>
10192 Openldap ~/.ldaprc fix
10195 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10198 Talk about how the editor must write its changes to the original
10199 file and not just use rename(2).
10207 Keep the temp file open instead of re-opening after the editor has
10212 Update for current redhat/fedora core.
10215 2004-09-03 Aaron Spangler <aaron777@gmail.com>
10221 2004-09-02 Aaron Spangler <aaron777@gmail.com>
10224 config tls_* options
10227 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
10229 * configure, configure.in:
10230 No need for -lcrypt when using pam.
10233 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
10239 2004-08-27 Aaron Spangler <aaron777@gmail.com>
10241 * configure.in, ldap.c, pathnames.h.in:
10242 Allow --with-ldap-conf-file option to override LDAP_CONF
10246 cleanup debug message
10249 2004-08-26 Aaron Spangler <aaron777@gmail.com>
10255 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
10257 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
10258 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
10259 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
10260 longer use gross statics in command_matches(). Also rename some
10261 variables for improved clarity.
10264 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
10267 document HP's crippled compiler deficiency.
10271 Fix some thinkos in --with-editor and --with-env-editor
10272 descriptions. Noticed by Norihiko Murase.
10275 * configure, configure.in:
10276 --with-noexec takes an optional PATH argument.
10280 document --with-noexec
10283 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
10287 [f2503bd13373] [SUDO_1_6_8]
10290 Better warning message when sudoedit is unable to write to the
10294 * sudo.cat, sudo.man.in:
10299 Don't italicize the string "sudoedit"
10302 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
10308 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
10315 Reset used_runas to FALSE when re-intializing the parser.
10318 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
10321 Correct OpenBSD mips support
10328 2004-08-07 Aaron Spangler <aaron777@gmail.com>
10331 More behavior notes
10335 Updates on current behavior
10338 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
10341 =back does not take an indentlevel (makes no difference to formatted
10346 =back does not take an indentlevel (makes no difference to formatted
10355 Consistency. Use same error for bad -u #uid when targetpw is set as
10356 we do when a bad -u username is specified.
10360 Add checksum idea from Steve Mancini
10363 * sudoers.cat, sudoers.man.in:
10367 * sudo.cat, sudo.man.in:
10371 * sudo.pod, sudoers.pod:
10372 Document the restriction on uids specified via -u when targetpw is
10377 Error out when targetpw is enabled and sudo is run with -u #uid but
10378 #uid does not exist in the passwd database. We can't do target
10379 authentication when the target is not in passwd!
10382 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
10387 Some more todo for the next release.
10391 Make it clear that PAM should be used for DCE support when possible.
10395 o Document problems with wildcards and relative paths. o Make the
10396 order requirements more prominent. o Change a "set" to "reset" for
10400 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
10403 Mention --with-secure-path, not SECURE_PATH.
10406 2004-08-03 Aaron Spangler <aaron777@gmail.com>
10409 reflect changes to parse.c
10412 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
10418 * parse.c, parse.h, testsudoers.c, visudo.c:
10419 Don't pass user_cmnd and user_args to command_matches(), just use
10420 the globals there. Since we keep state with statics anyway it is
10421 misleading to pretend that passing in different cmnd and cmnd_args
10426 Don't pass user_cmnd and user_args to command_matches(), just use
10427 the globals there. Since we keep state with statics anyway it is
10428 misleading to pretend that passing in different cmnd and cmnd_args
10433 Fix a bug introduced in rev. 1.149. When checking for pseudo-
10434 commands check for a '/' anywhere in cmnd, not just the first
10438 2004-07-31 Aaron Spangler <aaron777@gmail.com>
10440 * sudo.man.in, sudo.pod:
10441 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
10444 * sudoers.man.in, sudoers.pod:
10445 Add ignore_local_sudoers
10449 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
10453 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
10459 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
10466 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
10467 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
10470 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
10476 2004-07-08 Aaron Spangler <aaron777@gmail.com>
10479 Better debugging of ALL command
10482 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
10485 When matching for "sudoedit" in sudoers check both the command the
10486 user typed *and* the command that is listed in the sudoers entry.
10489 2004-07-04 Aaron Spangler <aaron777@gmail.com>
10492 Added !command feature
10495 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
10498 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
10501 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
10504 License is ISC-style, not BSD-style
10511 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
10513 * sudo.cat, sudo.man.in:
10518 o Update some out of date bits to reality o Change the shell promt
10519 in examples to bourne-shell style o Clarify some details o Add a
10520 CAVEAT about "sudo cd /foo"
10524 Don't ask for a password if invoking user == target user.
10531 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
10533 * sudoers.cat, sudoers.man.in:
10538 Expand on NOEXEC a little.
10545 * visudo.cat, visudo.man.in:
10554 Add a check in visudo for runas_default being set after it has
10558 * CHANGES, parse.yacc, visudo.c:
10559 Add a check in visudo for runas_default being set after it has
10568 Add a MATCHED macro for testing whether foo_matches has been set to
10569 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
10570 Doesn't change the actual code generated.
10573 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
10584 Correct description of where Defaults specs should go.
10588 Correct description of where Defaults specs should go.
10591 * testsudoers.c, visudo.c:
10611 * auth/bsdauth.c, auth/kerb5.c:
10615 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
10621 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
10622 Remove trailing spaces, no actual code changes.
10626 Remove trailing spaces, no actual code changes.
10629 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
10630 Remove trailing spaces, no actual code changes.
10634 Remove trailing spaces, no actual code changes.
10638 Remove trailing spaces, no actual code changes.
10641 * compat.h, defaults.c, env.c:
10642 Remove trailing spaces, no actual code changes.
10646 Remove trailing spaces, no actual code changes.
10654 Fix a >=0 that should be <0 that was improperly converted when
10659 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
10660 NOMATCH when resetting it.
10664 Fix pastos introduced in SETNMATCH addition.
10667 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
10670 Update for configure changes
10678 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
10679 these in parse.yacc. Also in parse.yacc initialize the *_matches
10680 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
10681 when setting *_matches to a value that may be
10682 NOMATCH/UNSPEC/TRUE/FALSE.
10686 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
10687 these in parse.yacc. Also in parse.yacc initialize the *_matches
10688 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
10689 when setting *_matches to a value that may be
10690 NOMATCH/UNSPEC/TRUE/FALSE.
10694 Initialize runas to -2, not -1 since we need to be able to
10695 distinguish between the initialized value and the value of a non-
10696 match when passing along the runas value to multiple commands.
10698 The result of this is that an unmatched runas is now set to -1, not
10699 0. This is required now that parse.c treats a FALSE value for runas
10700 as being explicitly denied.
10703 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
10705 * sudo.c, visudo.c:
10706 Error out if argc < 1.
10710 Error out if argc < 1.
10713 * configure, configure.in:
10714 Add tests for what libs we need to link with for ldap and for
10715 whether or not lber.h needs to be explicitly included.
10718 2004-06-03 Aaron Spangler <aaron777@gmail.com>
10721 Solaris native LDAP build fix
10724 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
10727 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
10732 Add prototype for sudo_ldap_list_matches
10735 * configure, configure.in:
10736 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
10737 version too. Added check for dd_fd in `DIR' if no dirfd is found;
10738 this is now used to confitionally define the dirfd macro in
10743 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
10744 version too. Added check for dd_fd in `DIR' if no dirfd is found;
10745 this is now used to confitionally define the dirfd macro in
10750 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
10751 version too. Added check for dd_fd in `DIR' if no dirfd is found;
10752 this is now used to confitionally define the dirfd macro in
10757 Only check /proc/$$/fd if we have the dirfd function/macro.
10760 * compat.h, config.h.in, configure, configure.in:
10761 Add a check for a dirfd() function (like Linux) and add a dirfd
10762 macro in compat.h if there is no dirfd() function or macro.
10765 * closefrom.c, getcwd.c:
10766 dirfd() is now defined in compat.h as needed.
10770 Clarify closefrom() note.
10774 When checking for a command in the directory, only copy the base dir
10779 If there is a /proc/$$/fd directory, behave like the Solaris
10780 closefrom() and only close the descriptors listed therein.
10784 compat.h guarantees INT_MAX is defined.
10788 Add definitions of OPEN_MAX and INT_MAX for those without it and
10789 remove definition of RLIM_INFINITY (now unused).
10792 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
10793 sudo.c, sudo.h, visudo.c:
10794 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
10797 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
10804 Add some entries that were mailed in a while ago
10808 o sysconf returns a long, not an int. o check for negative return
10809 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
10810 define OPEN_MAX to 256 for those without it (a fair guess...)
10813 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
10816 Mention change in parse order for RunAs entries.
10823 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
10825 * INSTALL, README.LDAP, config.h.in, configure.in:
10826 o --with-ldap now takes an optional dir as a parameter o added
10827 check for ldap_initialize() and start_tls_s()
10831 Fix some typos, word choice and formatting issues.
10834 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
10837 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
10838 read/write as it is simpler.
10841 * configure, configure.in:
10842 Remove hack overriding cross-compiler check. It should no longer be
10847 Remove select() compat bits since we no longer use select().
10850 * CHANGES, tgetpass.c:
10851 Use alarm() instead of select() for the timeout for systems that
10852 don't fully/properly implement select().
10855 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
10866 Deal with systems that have no way of setting the effective uid such
10870 * configure, configure.in:
10871 Define NO_SAVED_IDS if we don't find seteuid()
10874 * config.h.in, configure, configure.in:
10875 Add back check for setreuid() since NSK doesn't have it.
10878 * sudoers.cat, sudoers.man.in:
10891 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
10892 explicitly denied and the command matched. This fixes a long-
10893 standing bug and makes: foo machine = (ALL) /usr/bin/blah
10894 foo machine = (!bar) /usr/bin/blah
10896 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
10900 Clarify mail_noperm
10903 2004-05-20 Aaron Spangler <aaron777@gmail.com>
10906 Missing DESTDIR in make install for sudo_noexec.la
10909 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
10911 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
10921 Remove fastboot/fasthalt (who still remembers these?) and add a
10922 minimal sudoedit example.
10926 Remove fastboot/fasthalt (who still remembers these?) and add a
10927 minimal sudoedit example.
10930 * UPGRADE, sudo.c, visudo.c:
10931 filesystem -> file system
10935 filesystem -> file system
10938 * CHANGES, INSTALL:
10939 filesystem -> file system
10942 * sudo.pod, sudoers.pod:
10943 Fix some minor typos and formatting goofs
10951 remove my email addr
10954 * sudo.pod, sudoers.pod, visudo.pod:
10955 Use @mansectform@ and @mansectsu@ everywhere Make man page
10956 references links with L<>
10960 Accept quoted globbing characters and pass them verbatim for
10965 Document that /tmp/.odus is gone.
10969 No longer use /tmp/.odus as a possible timestamp dir unless
10970 specifically configured to do so. Instead, if no /var/run exists,
10971 use /var/adm/sudo or /usr/adm/sudo.
10975 No longer use /tmp/.odus as a possible timestamp dir unless
10976 specifically configured to do so. Instead, if no /var/run exists,
10977 use /var/adm/sudo or /usr/adm/sudo.
10981 No longer use /tmp/.odus as a possible timestamp dir unless
10982 specifically configured to do so. Instead, if no /var/run exists,
10983 use /var/adm/sudo or /usr/adm/sudo.
10987 No longer use /tmp/.odus as a possible timestamp dir unless
10988 specifically configured to do so. Instead, if no /var/run exists,
10989 use /var/adm/sudo or /usr/adm/sudo.
10992 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
10993 Preliminary changes to support nsr-tandem-nsk. Based on patches
10998 Preliminary changes to support nsr-tandem-nsk. Based on patches
11002 * check.c, compat.h:
11003 Preliminary changes to support nsr-tandem-nsk. Based on patches
11007 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
11010 There was no 1.6.7p6.
11018 add missing files to DISTFILES
11021 * sudo.cat, sudoers.cat, visudo.cat:
11030 Fix some line wrap and update (c) year
11033 2004-04-28 Aaron Spangler <aaron777@gmail.com>
11039 2004-04-07 Aaron Spangler <aaron777@gmail.com>
11045 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
11052 In Exit() when used as a signal handler, emsg is a pointer so
11053 sizeof() is wrong so make it a #define instead. Also avoid using a
11054 negative exit value. Found by Aaron Campbell
11057 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
11060 Remove bogus sentence about uids in a User_List. Document usernames
11061 vs. uid parsing in a Runas_List.
11064 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
11065 If the user specified a uid with the -u flag and the uid exists in
11066 the passwd file, set runas_user to the name, not the uid.
11068 When comparing usernames in sudoers, if a name is really a uid
11069 (starts with '#') compare it numerically to pw_uid.
11072 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
11075 krb5_mcc_ops should be const; Johnny C. Lam
11078 2004-02-28 Aaron Spangler <aaron777@gmail.com>
11080 * CHANGES, config.h.in, ldap.c:
11081 Added start_tls support
11084 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
11087 Clean up libtool stuff for 'make distclean' and add def_data.c,
11088 def_data.h to PARSESRCS.
11091 2004-02-14 Aaron Spangler <aaron777@gmail.com>
11093 * strlcat.c, strlcpy.c:
11094 Un-Fix last license munge
11097 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
11103 * CHANGES, RUNSON, TODO:
11107 * lex.yy.c, sudo.tab.c:
11111 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
11112 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
11113 emul/search.h, emul/utime.h:
11114 More to a less restrictive, ISC-style license.
11117 * auth/kerb5.c, auth/pam.c:
11118 More to a less restrictive, ISC-style license.
11121 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
11122 More to a less restrictive, ISC-style license.
11126 More to a less restrictive, ISC-style license.
11129 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
11130 More to a less restrictive, ISC-style license.
11133 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
11134 visudo.man.in, visudo.pod:
11135 More to a less restrictive, ISC-style license.
11139 More to a less restrictive, ISC-style license.
11142 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
11144 More to a less restrictive, ISC-style license.
11147 * sigaction.c, strerror.c:
11148 More to a less restrictive, ISC-style license.
11151 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
11153 More to a less restrictive, ISC-style license.
11156 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
11157 ins_goons.h, insults.h, interfaces.c, interfaces.h:
11158 More to a less restrictive, ISC-style license.
11161 * find_path.c, getprogname.c:
11162 More to a less restrictive, ISC-style license.
11166 More to a less restrictive, ISC-style license.
11170 More to a less restrictive, ISC-style license.
11174 More to a less restrictive, ISC-style license.
11177 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
11179 More to a less restrictive, ISC-style license.
11182 * utime.c, version.h:
11183 More to a less restrictive, ISC-style license.
11186 * parse.lex, parse.yacc:
11187 More to a less restrictive, ISC-style license.
11191 More to a less restrictive, ISC-style license.
11194 2004-02-13 Aaron Spangler <aaron777@gmail.com>
11197 Merged in LDAP Support
11200 * ldap.c, sudo.c, sudo.h:
11201 Merged in LDAP Support
11204 * def_data.c, def_data.h, def_data.in:
11205 Merged in LDAP Support
11208 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
11209 Merged in LDAP Support
11212 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
11214 * sudo.h, sudo_noexec.c:
11215 Only do "extern int errno" if errno is not a macro.
11218 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
11221 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
11222 euid first, then just call setuid(0) to set the real uid too.
11226 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
11227 instead of seteuid() which may not exist.
11230 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
11236 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
11237 Add --with-pc-insults configure option
11241 Prefer VISUAL over EDITOR like old vipw did.
11244 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
11246 * sudo.man.in, sudoers.man.in:
11251 Add a note that noexec is not a cure-all.
11255 Mention that disabling "root_sudo" is pretty pointless.
11258 * configure, configure.in:
11259 Substitute for root_sudo in sudoers.pod
11263 Add sudoedit to the NAME section
11267 Document that fact that setting ignore_dot in sudoers has no effect
11268 due to the fact that find_path() is called *before* sudoers is read.
11271 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
11274 Do not require _PATH_USRTMP to be set.
11277 * BUGS, CHANGES, TODO:
11286 Clarify that when sudo is run by root with the SUDO_USER variable
11287 set, the sudoers lookup happens for root and not the SUDO_USER user.
11290 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
11292 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
11293 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
11294 Use the SET, CLR and ISSET macros.
11298 Use the SET, CLR and ISSET macros.
11301 * defaults.c, env.c:
11302 Use the SET, CLR and ISSET macros.
11306 MAIN was replaced with _SUDO_MAIN some time ago.
11310 Don't look at prev_user until after we've parsed sudoers and done
11311 the password check. That way, if sudo/sudoedit is run from a root
11312 process that was invoked by sudo, we check sudoers for root, not the
11313 previous user. This makes sudoedit much more useful and means that
11314 for the sudo case, we get correct logging on who actually ran the
11318 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
11321 Add a comment describing why we need to be notified about our child
11325 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
11327 * def_data.c, def_data.in:
11328 Update the noexec variable descriptions
11331 * sudoers.man.in, sudoers.pod:
11332 noexec now replaces more than just execve()
11336 Alas, all the world does not go through execve(2). Many systems
11337 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
11338 and it is not uncommon for libc to have underscore ('_') versions of
11339 the functions to be used internally by the library. Instead of
11340 stubbing all these out by hand, define a macro and let it do the
11341 work. Extra exec functions pointed out by Reznic Valery.
11344 * sudo.c, sudo_edit.c:
11345 Fix suspending the editor in -e mode. Because we do a fork() first
11346 we need to be notified when the child has been stopped and then send
11347 that same signal to ourself so the shell can do its job control
11352 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
11353 there that want to run sudo that still don't support these we can
11354 try to deal with that later.
11361 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
11362 Document sudo -e / sudoedit
11365 * configure, configure.in:
11369 * config.h.in, configure.in:
11373 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
11376 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
11377 long usage() line to not wrap (assumes 80 char display)
11380 * Makefile.in, sudo.c:
11381 If sudo is invoked as "sudoedit" the -e flag is implied and no other
11382 flags are permitted.
11386 Add a new flag, -e, that makes it possible to give users the ability
11387 to edit files with the editor of their choice as the invoking user,
11388 not the runas user. Temporary files are used for the actual edit
11389 and the temp file is copied over the original after the editor is
11393 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
11394 Add a new flag, -e, that makes it possible to give users the ability
11395 to edit files with the editor of their choice as the invoking user,
11396 not the runas user. Temporary files are used for the actual edit
11397 and the temp file is copied over the original after the editor is
11402 If real uid == 0 and the SUDO_USER environment variables is set, use
11403 that to determine the invoking user's true identity. That way the
11404 proper info gets logged by someone who has done "sudo su" but still
11405 uses sudo to as root. We can't do this for non-root users since
11406 that would open up a security hole, though perhaps it would be
11407 acceptable to use getlogin(2) on OSes where this a system call (and
11408 doesn't just look in the utmp file).
11412 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
11415 * config.h.in, configure, configure.in:
11416 Add check for fchown(2)
11419 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
11422 Back out portions of the -i commit that set NewArgv[0] in
11423 set_runaspw. It is far to late to set NewArgv[0] there and will have
11424 no effect anyway as cmnd and safe_cmnd have already been set.
11427 * visudo.c, visudo.pod:
11428 Prefer VISUAL over EDITOR like old vipw did.
11431 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
11434 In -i mode always set new environment based on the runas user's
11438 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
11440 * sudo.man.in, sudo.pod:
11441 Document the new -i flag and sync SYNOPSIS section with usage() in
11442 sudo.c. Also sort the flags in the OPTIONS section.
11446 o Add -i that acts similar to "su -", based on patches from David J.
11447 MacKenzie o Sort the flags in the usage message
11450 * sudoers.man.in, sudoers.pod:
11451 Add a missing @runas_default@ substitution.
11454 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11457 Change euid to runas user before calling find_path().
11458 Unfortunately, though runas_user can be modified in sudoers we
11459 haven't parsed sudoers yet.
11462 * sudoers.man.in, sudoers.pod:
11463 Add missing defintion of Parameter_List and use single pipes in the
11464 Defaults EBNF definition.
11468 Fix a bug when set_runaspw() is used as a callback. We don't want
11469 to reset the contents of runas_pw if the user specified a user via
11472 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
11473 already have the info in runas_pw.
11476 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
11479 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
11483 Update sudo_getepw() proto and add one for set_runaspw()
11487 If we can't stat the command as root, try as the runas user instead.
11490 * testsudoers.c, visudo.c:
11491 Add stub set_runaspw() function
11495 Add set_runaspw() function to fill in runas_pw. This will be used
11496 as a callback to update runas_pw when the runas user changes.
11500 PERM_RUNAS -> PERM_FULL_RUNAS
11503 * set_perms.c, sudo.h:
11504 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
11509 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
11510 one chunk for easy free()ing. Also change it from static to extern.
11513 * defaults.c, defaults.h:
11514 Add callback support
11518 Add a callback field and use it for runas_default
11521 * def_data.c, def_data.in:
11522 Add a callback field and use it for runas_default
11525 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
11528 Add support for chalnecho and display server responses used by fwtk
11532 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
11534 * sudoers.man.in, sudoers.pod:
11535 ld.so is ld.so.1 on solaris
11538 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
11539 Use closefrom() instead of doing the equivalent inline.
11543 closefrom(3) for systems w/o it
11546 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11549 Update from .pod file.
11552 * configure, configure.in:
11553 Substitute noexec_file for the sudoers man page
11556 * sudo.man.in, sudo.pod:
11560 * sudoers.man.in, sudoers.pod:
11564 * auth/pam.c, config.h.in, configure.in:
11565 Move PAM_CONST macro definition from config.h to pam.c where it
11566 belongs. We can't have this in config.h since that gets included too
11570 * auth/pam.c, config.h.in, configure, configure.in:
11571 Some PAM implementations put their headers in /usr/include/pam
11572 instead of /usr/include/security.
11576 I missed changing the EXEC macro -> EXECV here when I changed this
11577 in config.h.in and sudo.c a while ago.
11581 OpenBSD vax/m88k/hppa don't do shared libs
11584 * configure, configure.in:
11585 o merge the hpux case entries into a single entry w/ its own sub-
11586 case statement. o HP-UX >= 11 support getspnam(), use it in
11587 preference to getprpwuid()
11590 * configure, configure.in:
11591 eval $shrext so that it expands nicely on MacOS X
11595 Don't lie about making a module, it does the wrong thing on mach
11599 Remove requirement that libs must begin with "lib". They don't when
11600 we point directly at the lib using LD_PRELOAD or its equivalent.
11604 Disable support for c++, f77 and java. We don't need it, it takes a
11605 lot of time, and it hosed our check for shared lib support.
11613 Call AC_ENABLE_SHARED and check the status of enable_shared to know
11614 when shared libs are available.
11618 Duh, OpenBSD suports shared libs too
11621 * config.h.in, configure.in:
11622 Only OpenPAM and Linux PAM use const qualifiers.
11625 * configure, configure.in:
11626 o No need to check for sed, libtool config does that for us o move
11627 check for --with-noexec until after libtool magic is run so we can
11628 use $can_build_shared and $shrext
11632 Don't print a bunch of crap about library installs since we are not
11633 really installing a library.
11637 Make format_env() varargs Add noexec support for Darwin, MacOS X,
11641 * acsite.m4, ltconfig, ltmain.sh:
11642 Update to libtool 1.5 with local changes: o no ldconfig in the
11643 finish step o assume no libprefix or version is needed
11647 Fix compilation under K&R
11650 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
11657 stub execve() that just returns EACCES; used for noexec
11662 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
11667 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
11671 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
11673 * def_data.c, def_data.h, def_data.in:
11674 Move the environment defaults to the end and shorten a few of the
11678 * configure, configure.in:
11679 no shared libs on ultris or convexos
11682 * Makefile.in, configure, configure.in:
11683 Build sudo_noexec shared object using libtool; could use some
11687 * acsite.m4, ltconfig, ltmain.sh:
11688 libtool scaffolding
11691 * parse.yacc, sudo.tab.c:
11692 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
11696 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
11697 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
11698 update copyright year
11701 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
11702 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
11703 option. The default value of noexec_file is set to this.
11706 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
11707 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
11709 Add support for preloading a shared object containing a dummy
11710 execve() function that just sets error and returns -1. This adds a
11711 "noexec_file" option to load the filename as well as a "noexec" flag
11712 to enable it unconditionally. There is also a NOEXEC tag that can
11713 be attached to specific commands and an EXEC tag to disable it.
11717 add missing newline to usage statement
11720 * config.h.in, sudo.c:
11721 Rename EXEC macro -> EXECV
11725 Don't truncate usernames to 8 characters in the log message.
11728 * check.c, sudoers.man.in, sudoers.pod:
11729 Update copyright year
11732 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
11734 Add a new option, lecture_file, that can be used to point to a
11735 custom sudo lecture.
11738 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
11740 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
11742 Add a zero_bytes() function to do the equivalent of bzero in such a
11743 way that will heopfully not be optimized away by sneaky compilers.
11747 Add a zero_bytes() function to do the equivalent of bzero in such a
11748 way that will heopfully not be optimized away by sneaky compilers.
11751 * Makefile.in, sudo.h:
11752 Add a zero_bytes() function to do the equivalent of bzero in such a
11753 way that will heopfully not be optimized away by sneaky compilers.
11757 Use #ifdef __STDC__, not #if __STDC__.
11760 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
11763 Always put at least one space between the def_* macro name and its
11767 * configure, configure.in:
11768 Adjust code for --without-lecture to match new values.
11772 regen after pasto fix
11775 * sudoers.man.in, sudoers.pod:
11776 Document that "lecture" has changed from a flag to a tuple.
11779 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
11780 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
11781 Add support for tuples in def_data.in; these are implemented as an
11782 enum type. Currently there is only a single tuple enum but in the
11783 future we may have one tuple enum per T_TUPLE entry in def_data.in.
11784 Currently listpw, verifypw and lecture are tuples. This avoids the
11785 need to have two entries (one ival, one str) for pwflags and syslog
11788 lecture is now a tuple with the following values: never, once,
11791 We no longer use both an int and string entry for syslog facilities
11792 and priorities. Instead, there are logfac2str() and logpri2str()
11793 functions that get used when we need to print the string values.
11796 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
11797 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
11798 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
11799 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
11800 sudo.tab.c, visudo.c:
11801 Create def_* macros for each defaults value so we no longer need the
11802 def_{flag,ival,str,list,mode} macros (which have been removed). This
11803 is a step toward more flexible data types in def_data.in.
11810 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
11813 If we are in -k/-K mode, just spew to stderr. It is not unusual for
11814 users to place "sudo -k" in a .logout file which can cause sudo to
11815 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
11816 Previously, this would result in useless mail and logging.
11819 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
11822 fix pasto in VISUAL description
11825 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
11836 Some OSes (like Solaris) allow export w/ nosuid too
11839 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
11842 We don't use FD_ZERO anymore so just define FD_SET (if not already
11846 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
11849 Fix a core dump on Solaris by preserving the pam_handle_t we used
11850 during authentication for pam_prep_user(). If we didn't
11851 authenticate (ie: ticket still valid), we call pam_init() from
11852 pam_prep_user(). This is something of a hack; it may be better to
11853 change the auth API and add an auth_final() function that acts like
11857 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
11860 Add explicit declaration of printerr variable in function header
11861 (was defaulting to int which is OK but oh so K&R :-). From Theo.
11864 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11866 * config.h.in, configure.in:
11867 s/HAVE_STOW/USE_STOW/
11871 Also exit waitpid() loop when pid == 0. Fixes a problem where the
11872 sudo process would spin eating up CPU until sendmail finished when
11873 it has to send mail.
11876 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
11879 Remove advertising clause, UCB has disavowed it
11883 Remove advertising clause, UCB has disavowed it
11886 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
11889 Don't assume that getgrnam() calls don't modify contents of struct
11890 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
11891 Based on a patch from Kirk Webb.
11894 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
11901 darwin has a broken setreuid() in at least some versions
11905 Fix an off by one error when reallocating the environment; Kevin Pye
11908 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
11911 Fix User_Spec definition; SEKINE Tatsuo
11914 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
11917 More info on the early days from Coggs.
11920 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
11923 remove errant semicolon that prevented compilation under heimdal
11926 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11928 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
11929 add DARPA credit on affected files
11933 add DARPA credit on affected files
11936 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
11938 add DARPA credit on affected files
11942 add DARPA credit on affected files
11946 add DARPA credit on affected files
11949 * logging.c, parse.c:
11950 add DARPA credit on affected files
11953 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
11954 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
11955 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
11957 add DARPA credit on affected files
11960 * auth/kerb5.c, auth/pam.c:
11961 add DARPA credit on affected files
11964 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
11965 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
11967 add DARPA credit on affected files
11971 add DARPA credit on affected files
11974 * defaults.c, defaults.h:
11975 add DARPA credit on affected files
11979 add DARPA credit on affected files
11982 * Makefile.in, alloc.c, check.c:
11983 add DARPA credit on affected files
11987 slightly different wording for the darpa credit
11990 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
11996 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
11999 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
12000 Kerberos like we did before I messed things up ;-)
12002 Use krb5_principal_get_comp_string() to do the same thing w/
12003 Heimdal. I'm not sure if the component should be 0 or 1 in this
12006 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
12007 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
12008 should be a configure check for this I guess.
12011 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
12014 builtin -> built-in; Jason McIntyre
12017 * TROUBLESHOOTING, config.h.in, configure, configure.in:
12018 builtin -> built-in; Jason McIntyre
12022 built in -> built-in; Jason McIntyre
12025 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
12028 checkpoint for 1.6.7p3
12032 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
12033 Amazingly, sudo source from 1985 is available via groups.google.com
12037 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
12038 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
12039 RLIMIT_CORE restoration on some OSes.
12042 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
12045 Make this compile on Heimdal and MIT Kerberos 5
12048 * config.h.in, configure, configure.in:
12049 Check for heimdal even if we found krb5-config and define
12054 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
12055 no longer defined by MIT kerb5 (though it used to be and indeed
12056 remains so in Heimdal).
12059 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
12062 Remove newer stuff that passes multiple (possibly duplicate)
12063 directories to "mkdir -p" since that seems to break on Tru64 Unix at
12064 least. This basically brings back what shipped with sudo 1.6.6.
12067 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
12070 Correct number of args to krb5_principal_get_realm() and fix an
12071 unclosed comment that hid the bug.
12098 * CHANGES, version.h:
12107 use krb5-config to determine Kerberos V details if it exists
12110 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
12111 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
12112 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
12113 testsudoers.c, visudo.c:
12114 Use warn/err and getprogname() throughout. The main exception is
12115 openlog(). Since the admin may be filtering logs based on the
12116 program name in the log files, hard code this to "sudo".
12120 Add getprogname.c and err.c
12127 * config.h.in, configure.in:
12128 Add checks for getprognam(), __progname and err.h
12132 For systems withour err/warn functions.
12136 For systems withour err/warn functions.
12140 For systems neither getprogname() nor __progname; uses Argv[0].
12143 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
12146 checkpoint for 1.6.7p1
12149 * sudo.c, testsudoers.c:
12150 fix strlcpy() rval check (innocuous)
12154 oflow detection in expand_prompt() was faulty (false positives). The
12155 count was based on strlcat() return value which includes the length
12156 of the entire string.
12159 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
12162 checkpoint for the sudo 1.6.7 release
12163 [096bab4da29a] [SUDO_1_6_7]
12166 checkpoint for the sudo 1.6.7 release
12169 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
12172 g/c unused variable
12180 use man sections 8 and 5 for csops
12183 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
12190 Add -lskey or -lopie directly to SUDO_LIBS instead of having
12191 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
12199 Add --with-blibpath for AIX. An alternate libpath may be specified
12201 -blibpath support can be disabled. Also change conifgure such that
12202 -blibpath is not specified if no -L libpaths were added to
12207 Add --with-blibpath for AIX. An alternate libpath may be specified
12209 -blibpath support can be disabled. Also change conifgure such that
12210 -blibpath is not specified if no -L libpaths were added to
12215 Add --with-blibpath for AIX. An alternate libpath may be specified
12217 -blibpath support can be disabled. Also change conifgure such that
12218 -blibpath is not specified if no -L libpaths were added to
12223 add AIX blibpath support
12226 * INSTALL, configure.in:
12227 --with-skey and --with-opie now take an option directory argument
12228 This obsoletes a --with-csops hack (/tools/cs/skey)
12230 Also remove the remaining direct uses of "echo"
12233 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
12236 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
12237 for KTH Kerberos IV and V.
12241 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
12242 -R/path/to/dir if $with_rpath) to the specified variable.
12245 * INSTALL, configure.in:
12246 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
12247 option, --with-rpath to control this behavior.
12251 for kerb4 put libdes after libkrb on the link line
12259 fix kerberos lib check when a path is specified
12263 Fix boolean thinko in SIGCHLD reaper and call reapchild after
12264 sending mail instead of doing a conditional sudo_waitpid.
12267 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
12274 replace =DIR with [=DIR] where sensible
12278 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
12279 detection based on openssh's configure.in
12283 --with-kerb4 and --with-kerb5 now take an optional argument.
12286 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
12289 Kill remaining strcpy(), the programmer's guide says username is 32
12294 trat uid_t as unsigned long for printf and use snprintf, not sprintf
12301 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
12303 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
12304 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12305 auth/rfc1938.c, auth/sudo_auth.c:
12306 update copyright year
12309 * sudo.man.in, sudoers.man.in, visudo.man.in:
12310 update copyright year
12313 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
12314 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
12315 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
12316 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
12317 update copyright year
12320 * check.c, env.c, sudo.c:
12321 Cast [ug]ids to unsigned long and printf with %lu
12329 correct error messages for --with-sudoers-{mode,uid,gid}
12333 make the malloc(0) error specific to each function to aid tracking
12338 deal with platforms where size_t is signed and there is no SIZE_MAX
12343 Make this compile w/ Heimdal and fix some gcc warnings.
12347 Use stat_sudoers macro so --with-stow can work
12350 * INSTALL, config.h.in, configure, configure.in:
12351 Add support for --with-stow based on patches from Robert Uhl
12367 use strlcpy, not strncpy
12371 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
12378 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
12380 * strlcat.c, strlcpy.c:
12381 Make gcc shutup about unused rcsid
12385 Move the n == 0 check for the non-getifaddrs cas
12389 skeychallenge() on NetBSD take a size parameter
12397 put -ldl after -lpam, not before; fixes static linking on Linux
12401 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
12405 * sudo.cat, sudoers.cat, visudo.cat:
12409 * sudo.man.in, sudoers.man.in, visudo.man.in:
12414 Preserve copyright notice from .pod file in .man.in file
12418 Add sudoers(5) to SEE ALSO
12421 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12428 Don't assume libc can realloc() a NULL string. If malloc/realloc
12429 fails, make sure we just return; yyerror() is not terminal.
12437 simplify fill_args a little and use strlcpy for paranoia
12444 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
12446 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
12447 cases the strings were either pre-allocated to the correct size of
12448 length checks were done before the copy but a little paranoia can go
12453 Add strlc{at,py} protos
12456 * env.c, interfaces.c:
12465 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
12466 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
12470 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
12475 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
12478 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12481 Use snprintf() for paranoia
12485 Use emalloc2 and erealloc3
12489 strlc{at,py} for those w/o it
12492 * strlcat.c, strlcpy.c:
12493 stlc{at,py} for those w/o it.
12496 * config.h.in, configure, configure.in:
12497 Add stlc{at,py} for those w/o it.
12501 Add erealloc3(), a realloc() version of emalloc2().
12504 * interfaces.c, sudo.c:
12505 Use emalloc2() to allocate N things of a certain size.
12509 Add emalloc2() -- like calloc() but w/o the bzero and with
12510 error/oflow checking.
12514 Error out on malloc(0); suggested by theo
12517 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
12519 * configure, configure.in:
12520 fix a typo; David Krause
12523 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
12529 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
12532 Remove DYLD_ from the environment for MacOS X; from bbraun
12535 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
12537 * config.h.in, configure.in:
12538 not not; Anil Madhavapeddy
12541 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
12543 * sudo.pod, sudoers.pod, visudo.pod:
12544 typos; jmc@openbsd.org
12547 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
12550 Add some missing ';' rule terminators that bison warns about.
12554 fix typo I introduced in last merge
12558 regenerate with autoconf 2.57
12562 Add missing "$HOME"
12566 Add some more square backets to make autoconf 2.57 happy
12569 * config.sub, mkinstalldirs:
12570 Updates from autoconf-2.57
12574 Updates from autoconf-2.57
12577 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12583 * lex.yy.c, sudo.tab.c:
12587 * parse.lex, parse.yacc, sudoers.pod:
12588 Add support for Defaults>RunasUser
12591 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
12594 fclose() yyin after each yyparse() is done and use fopen() instead
12595 of using freopen().
12599 Better fix for sudoers files w/o a newline before EOF. It looks
12600 like the issue is that yyrestart() does not reset the start
12601 condition to INITIAL which is an issue since we parse sudoers
12605 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
12608 Work around what appears to be a flex bug when dealing with files
12609 that lack a final newline before EOF. This adds a rule to match EOF
12610 in the non-initial states which resets the state to INITIAL and
12615 o The parser needs sudoers to end with a newline but some editors
12616 (emacs) may not add one. Check for a missing newline at EOF and
12617 add one if needed. o Set quiet flag during initial sudoers parse (to
12618 get options) o Move yyrestart() call and always use freopen() to
12619 open yyin after initial sudoers parse.
12622 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
12625 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
12626 effective gid, not real gid, when reading sudoers.
12630 don't compile set_perms_posix if we have setreuid or setresuid
12633 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
12635 * sudo.pod, sudoers.pod:
12636 document new prompt escapes
12640 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
12641 collapsed to "%" as was originally intended. This also gets rid of
12642 lastchar (does lookahead instead of lookback) which should simplify
12643 the logic slightly.
12646 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
12649 Write the prompt *after* turning off echo to avoid some password
12650 characters being echoed on heavily-loaded machines with fast
12655 Add support for mipseb; wiz@danbala.tuwien.ac.at
12659 Fix IRIX fallout from name changes in man dir/sect Makefile
12660 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
12664 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
12665 the global copy. Problem noted by Peter Pentchev.
12668 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
12675 Add missing yyerror() calls; YYERROR does not seem to call this for
12679 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
12682 fix typo in comment; Pedro Bastos
12685 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
12688 document --disable-setresuid
12691 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
12693 Sprinkle some volatile qualifiers to prevent over-enthusiastic
12694 optimizers from removing memset() calls.
12697 * logging.c, parse.yacc:
12698 minor sign fixes pointed out by gcc -Wsign-compare
12701 * set_perms.c, sudo.c, sudo.h:
12702 Revamp set_perms. We now use a version based on setresuid() or
12703 setreuid() when possible since that allows us to support the
12704 stay_setuid option and we always know exactly what the semantics
12705 will be (various Linux kernels have broken POSIX saved uid support).
12708 * config.h.in, configure:
12709 regen from configure.in
12713 Add checks for setresuid() and a way to disable using it
12717 No long need to emulate set*[ug]id() via setres[ug]id() or
12718 setre[ug]id(). The new set_perms stuff only uses things it knows are
12723 Before exec, restore state of signal handlers to be the same as when
12724 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
12725 a problem when using sudo with nohup. Based on a patch from Paul
12730 o timestamp_uid should be uid_t, not int o clarify error message
12731 when sudo is run by root and no_root_sudo is set
12734 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
12737 update ftp link for bison
12740 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
12743 Error out if setusercontext() fails and the runas user is not root.
12746 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
12753 Fix SecurID API test
12756 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
12763 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
12764 but I don't see a better way at the moment.
12767 * Makefile.in, auth/securid5.c:
12768 SecurID API version 5 support from Michael Stroucken
12772 Add check for SecurID 5.0 API
12775 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
12778 We actually do still need config.h to get the 'const' definition for
12782 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
12785 regen with autoconf 2.5.3
12789 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
12793 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
12794 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
12797 * env.c, sudo.c, sudo.h:
12798 No need for dump_badenv() now that dump_defaults() knows how to dump
12802 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
12808 document timestampowner
12812 Don't call set_perms() when doing timestamp stuff unless
12813 timestamp_uid != 0.
12816 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
12817 sudo.h, testsudoers.c:
12818 g/c second arg to set_perms--it is no longer used
12821 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
12823 * check.c, set_perms.c, sudo.c, sudo.h:
12824 Add support for non-root timestamp dirs. This allows the timestamp
12825 dir to be shared via NFS (though this is not recommended).
12828 * def_data.c, def_data.h, def_data.in:
12829 Add timestampowner, "Owner of the authentication timestamp dir"
12832 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
12835 Don't try to pre-compute the size of the new envp, just allocate
12836 space up front and realloc as needed. Changes to the new env
12837 pointer must all be made through insert_env() which now keeps track
12838 of spaced used and allocates as needed.
12841 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
12848 Fix two typo/pastos; from jrj@purdue.edu
12851 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
12853 * INSTALL.binary, README:
12855 [a1e33027278c] [SUDO_1_6_6]
12857 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
12858 visudo.cat, visudo.man.in:
12862 * CHANGES, RUNSON, TODO:
12867 The the loop used to expand %h and %u, the lastchar variable was not
12868 being initialized. This means that if the last char in the prompt
12869 is '%' and the first char is 'h' or 'u' a extra copy of the host or
12870 user name would be copied, for which space had not been allocated.
12873 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
12875 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
12876 crank version to 1.6.6
12880 #undef VOID to get rid of an AFS warning
12884 Use easprintf instead of emalloc + sprintf for some things.
12887 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
12889 * lex.yy.c, sudo.tab.c:
12893 * parse.c, parse.lex, parse.yacc, testsudoers.c:
12894 Remove Chris Jepeway's email address so people don't bug him ;-)
12897 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12900 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
12901 endgrent() at the same time.
12904 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
12907 Make it clear which configure options take arguments.
12910 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
12913 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
12914 RLIM_INFINITY, just pretend it is -1. This works because we only
12915 check for RLIM_INFINITY and do not set anything to that value.
12918 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
12921 Zero and free allocated memory when there is a conversation error.
12925 Use sigaction() not signal()
12929 Mention that some linux kernels have broken POSIX saved ID support
12933 checkpoint for 1.6.5p2
12941 Add --disable-setreuid flag
12945 Document new --disable-setreuid option and change description for
12946 --disable-saved-ids to match new error message.
12950 fatal() now takes an argument that determines whether or not to call
12955 Update for new error messages from set_perms()
12959 Update for new error messages from set_perms()
12962 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
12965 Make this compile w/o warnings
12969 Mention that we can't use pam_acct_mgmt()
12972 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
12973 The user's password was not zeroed after use when AIX
12974 authentication, BSD authentication, FWTK or PAM was in use.
12977 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
12980 Avoid giving PAM a NULL password response, use the empty string
12981 instead. This avoids a log warning when the user hits ^C at the
12982 password prompt when PAM is in use.
12986 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
12987 pam_setcred() returns the last saved return code, not the return
12988 code for the setcred module. Because we haven't called
12989 pam_authenticate(), this is not set and so pam_setcred() returns
12994 Don't need a '/' between $(DESTDIR) and a directory.
12998 Don't need a '/' between $(DESTDIR) and a directory.
13001 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
13008 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
13009 setreuid() o new NetBSD has a real setreuid() o add check for
13010 freeifaddrs() if getifaddrs() exists.
13013 * config.h.in, interfaces.c:
13014 Older BSDi releases lack freeifaddrs() so add a test for that and if
13015 it is not present just use free().
13018 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
13021 Checkpoint for 1.6.5p1
13025 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
13026 to normal passwords, not AUTH_FATAL (which just causes an exit).
13030 Don't use memory after it has been freed.
13034 skeyaccess() wants a struct passwd * not a char *; Patch from
13036 [65a1d3806fcd] [SUDO_1_6_5]
13042 * CHANGES, RUNSON, TODO:
13043 checkpoint for sudo 1.6.5
13046 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
13052 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
13056 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13062 o when invoking the mailer as root use a hard-coded environment that
13063 doesn't include any info from the user's environment. Basically
13066 o Add support for the NO_ROOT_MAILER compile-time option and run the
13067 mailer as the user and not root if NO_ROOT_MAILER is defined.
13070 * set_perms.c, sudo.h:
13071 Bring back PERM_FULL_USER
13082 * INSTALL, config.h.in, configure.in:
13083 Add --disable-root-mailer option to run the mailer as the user and
13088 checkpoint for 1.6.4p2
13092 Mention the "seteuid(0): Operation not permitted" problem here too
13093 just for good measure.
13096 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
13098 * env.c, getspwuid.c, sudo.c:
13099 The SHELL environment variable was preserved from the user's
13100 environment instead of being reset based on the passwd database when
13101 the "env_reset" option was used. Now it is reset as it should be.
13108 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
13110 Add a configure option to turn off use of POSIX saved IDs
13118 add --with-efence option
13122 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
13123 "sudo -l" would not work if always_set_home was set.
13131 Quoted commas were not being treated correctly in command line
13136 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
13137 Otherwise, the set_home option has no effect.
13139 o Fix use of freed memory when the "fqdn" flag is set. This was
13140 introduced by the fix for the "segv when gethostbynam() fails" bug.
13141 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
13142 there is no need to check the "fqdn" flag in set_fqdn() itself.
13146 Add 'continue' statements to optimize the switch statement. From
13150 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
13152 * sudoers.cat, sudoers.man.in:
13153 Regen from new sudoers.pod
13154 [6ecc07b3d0e1] [SUDO_1_6_4]
13157 Add caveat about stay_setuid flag
13161 If set_perms == set_perms_posix and the stay_setuid flag is not set,
13162 set all uids to 0 and use set_perms_fallback().
13165 * set_perms.c, sudo.h:
13166 Remove PERM_FULL_USER (which is no longer used) and add
13167 PERM_FULL_ROOT (used when exec'ing the mailer).
13171 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
13172 never want to run the mailer setuid.
13175 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
13177 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
13179 Use sudo.ws instead of courtesan.com in URLs
13182 * Makefile.binary, Makefile.in:
13183 Fix mansect substitution
13187 Substitute man sections in Makefile.binary
13191 Sync install targets with Makefile.in and substitute in man
13195 * INSTALL, INSTALL.binary:
13200 Repair bindist target
13207 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
13210 Fix case where neither whoami nor id are found
13213 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
13216 If neither whoami nor id exists, just assume we are root.
13220 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
13221 on AIX which for some reason isn't pulling in the malloc prototype.
13224 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
13226 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
13235 Defer assigning new environment until right before the exec.
13239 kill extra blank line
13242 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
13249 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
13250 compiler doesn't recognise -O2.
13254 Clarify origins of Root Group sudo a bit based on info from
13255 billp@rootgroup.com
13258 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
13265 checkpoint for 1.6.4rc1
13268 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
13271 now generated via autoheader
13279 Move in some stuff that was previously in config.h.
13282 * aclocal.m4, configure.in:
13283 Add info for autoheader.
13286 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
13289 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
13290 -g to facilitate non-root installs
13294 Add -M option (like -m but only for root) If we can't find "whoami",
13295 use "id" w/ some sed.
13303 allow user to always override mansectsu and mansectform
13306 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
13309 update from autoconf 2.52
13312 * config.guess, config.sub:
13313 Update from autoconf 2.52
13317 regen with autoconf 2.52
13321 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
13322 mode o Remove compiler-specific checks for HP-UX now that we use
13331 o Add pam_prep_user function to call pam_setcred() for the target
13332 user; on Linux this often sets resource limits. o When calling
13333 pam_end(), try to convert the auth->result to a PAM_FOO value.
13334 This is a hack--we really need to stash the last PAM_FOO value
13335 received and use that instead.
13338 * set_perms.c, sudo.h:
13339 o Add pam_prep_user function to call pam_setcred() for the target
13340 user; on Linux this often sets resource limits.
13344 Fix off by one error in number of bytes allocated via malloc (does
13345 not affected any released version of sudo).
13348 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
13355 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
13356 requiring that they be quoted.
13359 * sudoers.cat, sudoers.man.in, sudoers.pod:
13360 Mention that no double quotes are needed when
13361 adding/deleting/assigning a single value to a list.
13365 Don't rely on mkdefaults being executable, call perl explicitly.
13373 Remove some XXX that are no longer relevant.
13377 o Roll our own loop instead of using strpbrk() for better
13378 grokability o When adding to a list we must malloc() and use
13379 memcpy(), not strdup() since we must only copy len bytes from str.
13382 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
13392 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
13403 avoid the -g flag unless --with-devel was specified
13407 mkdefaults, def_data.in and sigaction.c were missing from the
13412 def_data.c was missing
13415 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
13418 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
13419 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
13427 Add comment for Default section so folks know where it should go.
13430 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
13433 Use TCSETAF, not TCSETA to set terminal in termio case
13436 * sudoers.cat, sudoers.man.in:
13437 regen from sudoers.pod
13441 o Typo, Runas_User_List should be Runas_List o a User_List can not
13442 contain a uid o mention that the Defaults section should come after
13443 Alias definitions but before the user specifications
13446 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
13448 * sudoers.cat, sudoers.man.in:
13453 Fix listpw and verifypw sections, they were not being formatted
13457 * sudoers.cat, sudoers.man.in:
13469 * config.h.in, configure.in:
13470 use AC_SYS_POSIX_TERMIOS instead of rolling our own
13474 Reference sudo.ws not courtesan.com
13478 Add notes on shadow passwords
13482 In list mode (sudo -l), characters escaped with a backslash are
13483 shown verbatim with the backslash.
13487 Add simple examples from OpenBSD (Marc Espie)
13491 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
13495 minor prettyification
13503 Fix CIDR handling here too.
13507 Apparently a NULL response is OK
13511 Checkpoint for upcoming beta release
13515 Many people believe that adding a runas spec should obviate the need
13516 for the -u flag. It does not.
13520 checkpoint update for upcoming 1.6.4 beta
13524 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
13525 if HAVE_STRING_H is defined -- this is safe now
13529 Add signals section
13537 Fix check for sigaction_t
13541 XXX - should call find_path() as runas user, not root. Can't do
13542 that until the parser changes though.
13546 If find_path() fails as root, try again as the invoking user (useful
13547 for NFS). Idea from Chip Capelik.
13550 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
13551 Regenerate after pod file changes
13554 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
13555 sudo.pod, sudoers.pod:
13556 Add new sudoers option "preserve_groups". Previously sudo would not
13557 call initgroups() if the target user was root. Now it always calls
13558 initgroups() unless the -P command line option or the
13559 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
13562 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
13564 * compat.h, config.h.in:
13565 Use new HAVE_SIGACTION_T define
13569 Fix compilation on K&C
13577 Add check for sigaction_t -- IRIX already defines this so don't
13586 need stdlib.h here too
13594 Remove redundant checks for string.h, strings.h and unistd.h
13597 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13599 Regen from pod files
13606 * configure, lex.yy.c, sudo.tab.c:
13611 Return EINVAL if errnum > sys_nerr
13614 * auth/sudo_auth.h:
13615 o Update copyright year
13618 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
13619 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
13621 o Update copyright year
13625 o Don't define STDC_HEADERS unconditionally for IRIX o Update
13633 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
13634 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
13635 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
13636 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
13637 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
13639 o Reorder some headers and use STDC_HEADERS define properly o Update
13644 o Reorder some headers and use STDC_HEADERS define properly o Update
13648 * getspwuid.c, goodpath.c, interfaces.c:
13649 o Reorder some headers and use STDC_HEADERS define properly o Update
13654 o Reorder some headers and use STDC_HEADERS define properly o Update
13658 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
13660 o Reorder some headers and use STDC_HEADERS define properly o Update
13669 flags set in signal handlers should be volatile sig_atomic_t
13672 * config.h.in, configure.in:
13673 Add checks for volatile and sig_atomic_t
13676 * configure, lex.yy.c:
13680 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
13681 sudo.c, sudoers.pod:
13682 Remove "secure_path" Defaults option since it cannot work with the
13686 * find_path.c, sudo.c:
13687 Unset "secure_path" if user_is_exempt()
13690 * env.c, pathnames.h.in:
13691 o Remove assumption that PATH and TERM are not listed in env_keep o
13692 If no PATH is in the environment use a default value o If TERM is
13693 not set in the non-reset case also give it a default value.
13696 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
13697 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
13698 systems that define in paths.h
13701 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
13702 Add support for skeyaccess(3) if it is present in libskey.
13705 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
13708 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
13712 '\\' is a perfectly legal character to have in a command line
13717 o Defer call to set_fqdn() until it is safe to use log_error() o
13718 Don't print errno string value if gethostbyname fails, it is not
13723 Fix CIDR -> in_addr_t conversion.
13726 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
13729 Remove an extra "User_List" in the User_Spec definition From
13730 ybertrand AT snoopymail.com
13734 Make 'listpw=never' work for users who are not explicitly mentioned
13739 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
13743 Document new list Defaults type and convert env_keep and env_delete
13744 to lists. Document new env_check option.
13747 * lex.yy.c, sudo.tab.c, sudo.tab.h:
13752 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
13761 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
13764 * config.h.in, configure.in:
13765 Add check for skeyaccess(3)
13769 Document new -c, -f, and -q options
13773 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
13780 * aclocal.m4, config.h.in, configure.in:
13781 Add check for isblank and a replacement macro if it doesn't exist.
13784 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
13787 In check-only mode, don't create sudoers if it does not already
13792 o Add a new token, DEFVAR, to indicate a Defaults variable name o
13793 Add support for "+=" and "-=" list operators o replace some 1 and 0
13794 with TRUE and FALSE for greater legibility.
13798 o Use exclusive start conditions to remove some ambiguity in the
13799 lexer. Also reorder some things for clarity. o Add support for
13800 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
13801 a Defaults variable name.
13805 Prototype init_envtables()
13809 o Convert environment handling to use lists instead of strings.
13810 This greatly simplifies routines that need to do "foreach" type
13811 operations. o Add new init_envtables() function to set env_check
13812 and env_delete defaults based on initial_badenv_table and
13813 initial_checkenv_table (formerly sudo_badenv_table).
13816 * defaults.c, defaults.h:
13817 o Add a new LIST type and functions to manipulate it. o This is for
13818 use with environment handling variables. o Call new
13819 init_envtables() routine inside init_defaults() to initialize the
13823 * def_data.c, def_data.h, def_data.in:
13824 Convert environment options to use the new LIST type and add a new
13825 one, env_check that only deletes if the sanity check fails.
13829 Add dummy version of init_envtables()
13837 Add check-only mode
13841 Fix generation of entries with NULL descriptions.
13844 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
13847 Use sigaction_t and quiet a gcc warning.
13851 Must reset signal handlers before we exec
13854 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
13856 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
13857 version needs testing. Set SIGTSTP to SIG_DFL during password entry
13858 so user can suspend us.
13862 Add support for interrupting/suspending tgetpass via keyboard input.
13863 If you suspend sudo from the password prompt and resume it will re-
13868 Don't block keyboard interrupt signals, just set them to SIG_IGN.
13871 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
13874 add back HAVE_SIGACTION
13881 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
13882 Kill POSIX_SIGNALS define and old signal support now that we emulate
13883 POSIX ones Also be sure to correctly initialize struct sigaction.
13887 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
13891 Add scaffolding for POSIX signal emulation
13895 o Add missing ';' so this compiles o Can't use NULL since we don't
13900 Emulate sigaction() using sigvec()
13903 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
13906 Document new behavior of negative values of timestamp_timeout Fix a
13911 Add security note about command not being logged after 'sudo su' and
13916 Mention that -V prints default values when run as root, including
13917 the list of environment variables to clear.
13921 Run pod2man with --quotes=none to avoid stupid quoting of C<>
13925 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
13927 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
13928 Add mail_badpass option Also modify mail_always behavior to also
13929 send mail when the password is wrong
13932 * env.c, sudo.c, sudo.h:
13933 Dump default bad env table when 'sudo -V' is run by root.
13937 document env_delete
13941 Add support for '*' in env_keep when not resetting the environment
13942 (ie: the normal case).
13946 Add env_delete variable that lets the user replace/add to the
13947 bad_env_table. Allow '*' wildcard in env_keep entries.
13950 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
13953 Force umask to 022 to guarantee sane directory permissions.
13956 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
13959 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
13963 fix breakage in last commit
13967 acsite.m4 -> aclocal.m4
13971 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
13975 regenerated from def_data.in
13978 * check.c, defaults.c, defaults.h:
13979 Add new T_UINT type that most things use instead of T_INT If
13980 timestamp_timeout is < 0 then treat the ticket as never expiring (to
13981 be expired manually by the user).
13985 change most T_INT -> T_UINT
13989 fix warning when no args
13993 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
13994 we are a signal handler. We no longer print the signal number but
13995 the user can just check the exit value for that.
13998 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
14001 when setting up pipes in child process check for case where stdin ==
14005 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
14008 Ignore editor exit value since XPG4 says vi's exit value is the
14009 count of editing errors made (failed searches, etc).
14012 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
14019 sco now is identified by config.guess as *-sco-*
14023 Check for getspnam() in -lgen if not in -lc for UnixWare.
14026 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
14028 * sudoers.pod, visudo.pod:
14029 "upper case" -> "uppercase"
14033 fix typos and grammar; pjanzen@foatdi.harvard.edu
14036 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
14039 Missing word (specify); krapht@secureops.com
14042 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
14045 If we fail to lookup a login class, apply the default one.
14049 In log_error() free message, not logline unconditionally, then free
14050 logline if it is not the same as message. No function change but
14051 this mirrors how they are allocated.
14054 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
14061 remove some backslash quotes that are unneeded
14065 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
14066 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
14067 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
14068 to AC_DEFINE things manually.
14071 * config.guess, config.sub:
14072 Updated from autoconf-2.50
14075 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
14078 Update mailing list section. We use mailman now, not majordomo.
14081 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
14083 * getspwuid.c, logging.c, sudo.c:
14084 Use setpwent()/endpwent() + all the shadow variants to make sure we
14085 don't inadvertantly leak an fd to the child. Apparently Linux's
14086 shadow routines leave the fd open even if you don't call setspent().
14087 Reported by mike@gistnet.com; different patch used.
14090 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
14097 select() may return EAGAIN. If so, continue like we do for EINTR.
14101 Fix a non-exploitable buffer overflow in the word splitting code.
14102 This should really be rewritten.
14110 Tell people to look in sample.syslog.conf for examples, not FAQ
14114 Update list of env vars that are cleared
14118 remove struct env_table decl since that stuff has all moved to env.c
14121 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
14124 Fix a pasto in flock-style unlocking and include <sys/file.h> for
14125 flock on older systems; twetzel@gwdg.de
14129 regen to get NeXT lockf/flock fix
14133 force NeXT to use flock since lockf is broken
14136 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
14139 Use stashed user_gid when checking against exempt gid since sudo
14140 sets its gid to a a value that makes sudoers readable. Previously
14141 if you used gid 0 as the exempt group everyone would be exempt. From
14142 Paul Kranenburg <pk@cs.few.eur.nl>
14145 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
14152 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
14153 some types (such as ssize_t) therein.
14156 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
14159 Fix negation of paths in a boolean context. Problem found by
14163 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
14169 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
14172 SA_RESETHAND means the opposite of what I was thinking--oops To
14173 block all signals in old-style signals use ~0, not 0xffffffff
14176 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
14179 coerce difference of pointers to int when used in a string length
14180 printf format; deraadt@openbsd.org
14183 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
14186 Block all signals in Exit() to avoid a signal race. There is still
14187 a tiny window but I'm not going to worry about it.
14190 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
14193 glibc uses the LANGUAGE env var so clear that too; Solar Designer
14197 Regenerate with a fix to flex.skl that preserves errno from
14198 clobbering by isatty().
14201 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
14203 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
14204 auth/sia.c, auth/sudo_auth.c:
14205 Some defaults I_ defines got renamed.
14208 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
14209 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
14210 set_perms.c, sudo.c, sudo.tab.c:
14211 Move defaults info into its own files from which we generate .h and
14212 .c files. This makes adding or rearranging variables much simpler.
14215 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
14217 * configure, configure.in:
14218 fix typo in last commit
14221 * compat.h, config.h.in, configure, configure.in:
14222 Add check + emulation for setegid (like seteuid).
14226 Make env_keep override badenv_table as documented Fix traversal of
14227 badenv_table (broken in last commit)
14230 * set_perms.c, sudo.c, sudo.h:
14231 Don't try and build saved uid version of set_perms on systems w/o
14232 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
14233 set_perms_setreuid simply be set_perms_fallback() and simply include
14234 the appropriate function at compile time (setreuid() vs. setuid()).
14237 * sudoers.cat, sudoers.man.in, sudoers.pod:
14238 PATH is also preserved when env_reset is in effect
14241 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
14242 configure.in, defaults.c, defaults.h, env.c, find_path.c,
14243 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
14244 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
14245 visudo.c, visudo.cat, visudo.man.in:
14246 New Defaults options: o stay_setuid - sudo will remain setuid if
14247 system has saved uids or setreuid(2) o env_reset - reset the
14248 environment to a sane default o env_keep - preserve environment
14249 variables that would otherwise be cleared
14251 No longer use getenv/putenv/setenv functions--do environment munging
14252 by hand. Potentially dangerous environment variables can be cleared
14253 only if they contain '/' pr '%' characters to protect buggy
14254 programs. Moved environment routines into env.c (new file)
14258 Clear up --without-passwd description
14261 * putenv.c, sudo_setenv.c:
14262 We now build up a new environment from scratch and assign it to
14266 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
14268 * sudo.pod, visudo.pod:
14269 Grammatical fixes from Paul Janzen
14272 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
14275 If there was a syntax error and the user just wants to quit, unlink
14276 sudoers if it is zero length.
14280 'Q' means ignore parse error, not 'q'
14284 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
14288 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
14291 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
14294 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
14296 * config.guess, config.sub:
14297 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
14300 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
14302 * sudo.c, visudo.c:
14303 Use exit(127), not exit(-1)
14306 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
14307 Move set_perms() to its own file and use POSIX saved uid or
14308 setreuid() if available.
14310 Added stay_setuid option for systems that have libraries that
14311 perform extra paranoia checks in system libraries for setuid
14312 programs (ie: anything with issetugid(2)).
14316 strip more bits from the environment and add a facility for
14317 stripping things only if they contain '/' or '%' to address printf
14318 format string vulnerabilities in other programs.
14321 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
14328 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
14337 Check for strcasecmp(3) in -lc89 for NCR Unix
14340 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
14343 Define HAVE_INNETGR #ifdef HAVE__INNETGR
14350 * compat.h, config.h.in, configure.in:
14351 Add check for _innetgr(3) since NCR systems have that instead of
14355 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
14358 check return value of creadcfg() call sd_close() after sd_auth()
14359 store username in sd->username so we don't rely on the USER env
14363 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
14366 document --with-bsdauth
14374 --with-bsdauth assumes --with-logincap
14377 * auth/bsdauth.c, auth/fwtk.c:
14378 When prompting for a response to a challenge, if the user just hits
14379 return then reprompt with echo turned on.
14382 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
14385 Remove debugging code that should not have been committed, oops.
14389 Use lower-level routines and get the password ourselves. Checks for
14390 a challenge and if there is one echo is not turned off.
14393 * auth/pam.c, auth/sudo_auth.h:
14394 minor housekeeping, no real code changes
14397 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
14400 Fix a coredump in the logging functions if gethostname(2) fails by
14401 deferring the call to log_error() until things are better setup.
14403 Fix return value of set_loginclass() in non-BSD-auth case.
14405 Hard-code 'sudo' in the usage message so we can fit more options on
14410 Fix errant ';' (typo) that broken MSG_ONLY
14413 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
14415 * sudo.cat, sudo.man.in:
14423 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
14424 configure, configure.in, getspwuid.c, sudo.c:
14425 Add support for BSD authentication.
14428 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
14431 Fix typo; from sato@complex.eng.hokudai.ac.jp
14434 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
14437 Mention negating umask
14441 Allow user to specify umask of 0777 (same as !umask)
14444 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
14446 * sudo.pod, visudo.pod:
14447 Fix a typo and give a URL for the sudo history.
14450 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
14452 * defaults.c, sudo.pod:
14453 fix typos; pepper@reppep.com
14456 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14458 * sudo.c, sudo.h, sudo_setenv.c:
14459 sudo_setenv() now exits on memory alloc failure instead of returning
14463 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
14466 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
14467 and possibly others.
14471 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
14472 that "%m" won't be expanded but we don't use that anyway since the
14473 logging routines may splat to stderr as well.
14476 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
14478 Add always_set_home variable
14481 * configure, configure.in:
14482 Have to hard code default values in help since the defaults are set
14483 _after_ the help stuff.
14486 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
14488 * lex.yy.c, parse.lex:
14489 Allow special characters (including '#') to be embedded in pathnames
14490 if quoted by a '\\'. The quoted chars will be dealt with by
14491 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
14494 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
14497 Better path searching for programs we need.
14501 Add section on "C compiler cannot create executables" errors.
14504 * Makefile.binary, Makefile.in, version.h:
14508 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
14509 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
14510 visudo.man.in, visudo.pod:
14511 Substitute values from configure into man pages.
14514 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
14517 The listpw and verifypw sudoers options would not take effect
14518 because the value of the default was checked *before* sudoers was
14519 parsed. Instead of passing in the value of PWCHECK_* to
14520 sudoers_lookup(), pass in the arg for def_ival() so the check can be
14521 deferred until after sudoers is parsed.
14524 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
14527 When writing prompt, no need to write the NUL as well;
14531 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
14534 When looking for chown, check in /sbin too
14537 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
14540 Remove extraneous call to init_defaults() and set runas_user to NULL
14541 betweem parses so init_defaults will reset it each time, thus
14542 avoiding a reference to free()d data.
14545 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
14547 * config.h.in, interfaces.c, interfaces.h, sudo.c:
14548 Add support for using getifaddrs() to get the list of ip addr /
14549 netmask pairs. Currently IPv4-only.
14553 Add a missing check for UserEditor == NULL Add missing '+' before
14554 line number when invoking editor to fix a syntax error
14557 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
14560 Call clean_env very early in main() for paranoia's sake. Idea from
14564 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
14567 Update proto for evasprintf and easprintf
14571 Make easprintf() and evasprintf() return an int.
14575 If the targetpw flag is set, use target username as part of the
14576 timestamp path. If tty tickets are in effect cat the tty and the
14577 target username with a ':' as the separator.
14580 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
14583 Backout part of last change; setting PAM_USER to the invoking user
14584 breaks things like targetpw.
14588 set tty and username via pam_set_item
14591 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
14592 Fix root, runas, and target authentication for non-passwd file auth
14596 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
14598 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
14599 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
14600 Use B<-Z> not C<-Z> for command line flags in all places. This is
14601 more consistent and works around a bug in Pod::Man.
14604 * sudoers.cat, sudoers.man.in, sudoers.pod:
14605 Fix an occurence of 'semicolon' that should be 'colon'
14608 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
14610 * configure, configure.in:
14611 Fix --with-badpri help line
14614 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
14616 * defaults.c, logging.c, sudo.c:
14617 Bracket calls to syslog with an openlog() and closelog() since some
14618 authentication methods (like PAM) may do their own logging via
14619 syslog. Since we don't use syslog much (usually just once per
14620 session) this doesn't really incur a performance penalty. It also
14621 Fixes a SEGV with pam_kafs.
14624 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
14627 Fix -H flag. runas_homedir is only valid after
14628 set_perms(PERM_RUNAS, mode)
14631 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
14634 Clarify the fact that insults are not enabled just by including them
14638 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
14640 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14642 Regenerated with perl 5.6.0 pod2man
14646 Give date string to pod2man since its default is ugly and it ain't
14651 Do section substitution on the output of pod2man and remove hack
14652 needed for old pod2man.
14655 * sudo.pod, sudoers.pod, visudo.pod:
14656 Put back real man sections, we will do the substitution later.
14659 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
14661 * configure, configure.in:
14662 Don't bother checking for the path to vi if user specified --with-
14666 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
14668 * CHANGES, visudo.c:
14669 Visudo now does its own fork/exec instead of calling system(3).
14672 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
14673 sudoers.pod, visudo.c:
14674 Visudo now checks for the existence of an editor and gives a
14675 sensible error if it does not exist.
14677 The path to the editor for visudo is now a colon-separated list of
14678 allowable editors. If the user has $EDITOR set and it matches one
14679 of the allowed editors that editor will be used. If not, the first
14680 editor in the list that actually exists is used.
14683 * sudo.cat, sudo.man.in, sudo.pod:
14684 Clear up confusion wrt sudo's return value.
14687 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
14690 Strip sudo and visudo for bindist target
14693 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
14694 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
14695 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
14696 [5eb9e60a726f] [SUDO_1_6_3]
14698 * visudo.cat, visudo.man.in, visudo.pod:
14699 Typo: @sysconf@ -> @sysconfdir@
14703 'make dist' should not cause any files to be modified so remove its
14708 Whoops, forgot to add release marker
14711 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
14714 Final change for 1.6.3 (or so I hope)
14717 * sudo.cat, sudoers.cat, visudo.cat:
14718 Use SYSV man sections since BSD systems will have nroff...
14721 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
14723 * parse.yacc, sudo.tab.c:
14724 When checking to see if the host/user matches in a defaults spec,
14725 check against TRUE, not just non-zero since it might be -1.
14728 * configure, configure.in:
14729 OSF/1 puts file formats in section 4, not 5.
14732 * CHANGES, INSTALL, sudo.c:
14733 Make login class support work on BSD/OS
14740 * configure, configure.in:
14741 If there is no inet_addr but there *is* an __inet_addr that's ok
14742 since inet_addr is probably just a macro then. The better thing to
14743 do would be to look for the macro, but this is fine for now.
14746 * configure, configure.in:
14747 Don't use shlicc for BSD/OS 4.x
14750 * Makefile.in, configure, configure.in:
14751 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
14752 configure variable so we can deal with this. Also, only remove *.man
14753 for 'distclean' not 'clean'.
14757 set_loginclass() should be static like the proto says
14760 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
14763 Add #ifdef __STDC__ around the rangematch function header to avoid
14764 promotion of test to int, thus violating the prototype. Gcc handles
14765 this gracefully but more std ANSI compilers will complain.
14769 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
14772 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
14773 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
14774 FNM_CASEFOLD in configure
14781 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
14782 Fully qualified hosts w/ wildcards were not matching the FQHOST
14783 token type. There's really no need for a separate token for fully-
14784 qualified vs. unqualified anymore so FQHOST is now history and
14785 hostname_matches now decides which hostname (short or long) to check
14786 based on whether or not the pattern contains a '.'.
14790 Fully qualified hosts w/ wildcards were not matching the FQHOST
14791 token type. There's really no need for a separate token for fully-
14792 qualified vs. unqualified anymore so FQHOST is now history and
14793 hostname_matches now decides which hostname (short or long) to check
14794 based on whether or not the pattern contains a '.'.
14797 * lex.yy.c, parse.c, parse.lex, parse.yacc:
14798 Fully qualified hosts w/ wildcards were not matching the FQHOST
14799 token type. There's really no need for a separate token for fully-
14800 qualified vs. unqualified anymore so FQHOST is now history and
14801 hostname_matches now decides which hostname (short or long) to check
14802 based on whether or not the pattern contains a '.'.
14805 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
14806 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
14807 Add support for wildcards in the hostname.
14811 Add targets for *.man.in, using config.status to generate *.man from
14815 * sudoers.cat, sudoers.man.in, sudoers.pod:
14816 Document set_logname option and enbolden refs to sudo and visudo.
14819 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
14820 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
14821 visudo.cat, visudo.man.in, visudo.pod:
14822 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
14823 from Michael D. Marchionna. configure now does substitution on the
14824 man pages, allowing us to fix up the paths and set the section
14825 correctly. Based on an idea from Michael D. Marchionna.
14829 Better fix for handling HP-UX aging info.
14833 Add support for set_logname run-time default
14836 * sudo.man.in, sudoers.man.in, visudo.man.in:
14837 configure does substitution on these to produce *.man
14840 * sudo.man, sudoers.man, visudo.man:
14841 These files now get generated from *.man.in at configure time.
14844 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
14846 * defaults.c, defaults.h:
14847 Add set_logname option so users can turn off setting of LOGNAME/USER
14848 environment variables.
14851 * lsearch.c, parse.c, testsudoers.c:
14855 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
14858 HP-UX adds extra info at the end for password aging so when
14859 comparing the result of crypt to pw_passwd we only compare the first
14860 len(epass) bytes *unless* the user entered an empty string for a
14865 Get rid of grandchild hack, it was causing problems and there is
14866 really no need for it. This fixes a bug where we spin eating up CPU
14867 when the user runs a long-running process like a shell.
14870 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
14873 User can always specify a login class if he/she is already root.
14876 * config.h.in, configure, configure.in, defaults.c, defaults.h,
14878 FreeBSD login class (login.conf) support.
14881 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
14883 * auth/sudo_auth.c:
14884 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
14887 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
14890 Truncate unencrypted password to 8 chars if encrypted password is
14891 exactly 13 characters (indicateing standard a DES password). Many
14892 versions of crypt() do this for you, but not all (like HP-UX's).
14895 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
14898 Mention that gcc on dynix may have problems
14901 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
14904 Link visudo with NET_LIBS since we now call syslog via defaults.c
14908 Use Argv[0] as the first arg to openlog() since visudo uses this
14912 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
14915 Stash coredumpsize resource limit and retsore it before the exec()
14916 Otherwise the child ends up with a coredumpsize of 0.
14919 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
14921 * sudo.cat, sudo.man, sudo.pod:
14929 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
14930 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
14931 Added -S flag (read passwd from stdin) and tgetpass_flags global
14932 that holds flags to be passed in to tgetpass(). Change echo_off
14933 param to tgetpass() into a flags field. There are currently 2
14934 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
14935 tgetpass(), abstract the echo set/clear via macros and if (flags &
14936 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
14940 Fixed a bug that caused an infinite loop when the password timeout
14944 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
14946 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
14947 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
14948 Add rootpw, runaspw, and targetpw options.
14951 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
14953 enveditor -> env_editor
14956 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
14958 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
14959 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
14961 crank versino to 1.6.3
14964 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
14965 sudoers.pod, visudo.c:
14966 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
14967 them. This means that visudo will now parse the sudoers file
14968 *before* it is edited so a bogus sudoers file will cause a warning
14969 to go to stderr. Also, visudo checks the variables once--it does not
14970 check them after each editor run since that could be confusing.
14973 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
14979 * check.c, sudo.c, sudo.h:
14980 Move user_is_exempt prototype into sudo.h
14983 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
14985 * configure, configure.in:
14986 Fix thinko, some && should have been || in the last commit
14989 * configure, configure.in:
14990 Don't initialized Makefile variables to be NULL since the user may
14991 want to import variables from their environment.
14994 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
14996 * configure, configure.in:
15000 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
15003 fix a yacc (skeleton.c) warning
15006 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
15008 * INSTALL, RUNSON, configure, configure.in:
15009 Make pam work on HP-UX 11.0;jaearick@colby.edu
15013 recent changes; prepare for 1.6.2p1
15017 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
15020 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
15023 Regen with yacc that has a memory leak plugged.
15026 * sudoers.cat, sudoers.man, sudoers.pod:
15027 Expanded docs on sudoers 'defaults' options based on INSTALL file
15032 Fix some while lies
15035 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
15038 When making a bindist, link FAQ to TROUBLESHOOTING instead of
15042 * sudoers.cat, sudoers.man, sudoers.pod:
15043 Add netgroup caveat
15044 [28d119f466e3] [SUDO_1_6_2]
15047 Last minute updates
15063 Better detection of PAM errors and fix custom prompts with PAM.
15064 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
15067 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15070 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
15074 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
15076 * CHANGES, config.h.in, configure, configure.in, visudo.c:
15077 Fix sudoers locking in visudo. We now lock the sudoers file itself,
15078 not the temp file (since locking the temp file can foul up editors).
15079 The previous locking scheme didn't work because the fd was closed
15083 * config.h.in, configure, configure.in:
15084 Don't need test for ftruncate() any more.
15087 * configure, configure.in:
15088 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
15089 the unbundled HP-UX cc.
15092 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15094 * sudoers.cat, sudoers.man, sudoers.pod:
15095 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
15098 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15100 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
15101 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
15102 version.h, visudo.c:
15103 update copyright year on changed files
15115 Crank version to 1.6.2
15119 Crank version to 1.6.2
15123 When using rlimit check for RLIM_INFINITY When computing the value
15124 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
15131 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
15132 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
15133 Crank version to 1.6.2
15136 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
15137 Add 'shell_noargs' runtime option back in. We have to defer
15138 checking until after the sudoers file has been parsed but since
15139 there are now other options that operate that way this one can too.
15140 Based on a patch from bguillory@email.com.
15143 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
15144 Add "listpw" and "verifypw" options.
15147 * sudoers.cat, sudoers.man, sudoers.pod:
15148 o Fix some typos/omissions o Add section on verifypw and listpw o
15149 Define how NOPASSWD interacts with the -v and -l flags
15152 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
15154 * configure, configure.in:
15155 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
15156 -D_HPUX_SOURCE to CPPFLAGS.
15159 * defaults.c, defaults.h:
15160 In struct sudo_defs_types, move the union to the end and don't
15161 initialize the union member since that only works with an ANSI
15162 compiler. We set the value of the union by hand in init_defaults()
15163 anyway. This allows sudo to compile on a K&R compiler again.
15166 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
15168 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
15169 netgr_matches needs to check shost as well as host since they may be
15174 End on \r as well as \n
15177 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
15180 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
15181 from 0400 to whatever SUDOERS_MODE is (converting from the old
15182 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
15183 0400 which should always be the case.
15186 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
15187 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
15188 w/o a passwd if there is *any* entry for the user on the host with a
15189 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
15190 the user on the host w/ the specified runas user have the NOPASSWD
15198 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
15201 Treat EOF at whatnow prompt like 'x' instead of looping.
15204 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
15208 [5836a9452568] [SUDO_1_6_1]
15210 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
15212 * config.h.in, configure, configure.in, sudo.c:
15213 Add check for initgroups() since old SYSV lacks this.
15216 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
15217 parse.c, testsudoers.c:
15218 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
15222 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
15224 * auth/sudo_auth.c:
15225 Don't allow insults to be enabled if the insults[] array is empty.
15226 Otherwise there would be division by zero.
15230 Don't allow insults to be enabled if the insults[] array is empty.
15231 Otherwise there would be division by zero.
15235 Don't allow insults to be enabled if the insults[] array is empty.
15236 Otherwise there would be division by zero.
15240 Don't care about USE_INSULTS #define since the insult stuff may be
15241 overridden at runtime.
15244 * auth/sudo_auth.c:
15245 Honor insults flag.
15248 * CHANGES, parse.c:
15249 Don't ask the user for a password if the user is not allowed to run
15250 the command and the authenticate flag (in sudoers) is false.
15253 * CHANGES, RUNSON, lex.yy.c, parse.lex:
15254 o Whenever we get a bare newline we change to the INITIAL state. o
15255 Enter GOTRUNAS when we see Runas_Alias
15257 This allows #uid to work in a RunasAlias.
15260 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
15262 * CHANGES, parse.yacc, sudo.tab.c:
15263 fix parsing of runas lists: o oprunasuser and runaslist now return a
15264 value o in a runasspec, if a runaslist does not return TRUE, set
15265 runas_matches to FALSE. Normally, a runaslist only returns FALSE
15266 for explicitly denied users. o since runaslist does not modify the
15267 stack there is no need for a push/pop in runasalias.
15271 Don't kill the user's tickets until after sudoers has been parsed
15272 since tty_tickets and ticket_dir could be set in sudoers.
15275 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
15276 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
15277 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
15278 crank version to 1.6
15282 add set_fqdn() stub
15285 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
15287 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
15288 sudoers.man, sudoers.pod, visudo.c:
15289 o Kill shell_noargs option, it cannot work since the command needs
15290 to be set before sudoers is parsed. o Fix the "set_home" sudoers
15291 option (only worked at compile time). o Fix "fqdn" sudoers option.
15292 We now set host/shost via set_fqdn which gets called when the
15293 "fqdn" option is set in sudoers. o Move the openlog() to
15294 store_syslogfac() so this gets overridden correctly from the
15299 SecurID support should compile now.
15302 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
15304 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
15305 visudo.man, visudo.pod:
15306 fix some syntactic goofs
15309 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
15311 * Makefile.in, sudo.html, sudoers.html, visudo.html:
15312 No longer need the .html files as they are generated automatically
15316 * CHANGES, LICENSE:
15317 kill characters that made wml unhappy
15324 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
15327 majordomo@cs.colorado.edu -> majordomo@courtesan.com
15330 * Makefile.in, configure:
15331 Wrap script execution w/ /bin/sh for the benefit of ctm
15334 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
15337 Make the -s flag be exclusive too. Also reorder the flags in the
15338 exclusive usage message so they are alphabetical.
15341 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
15344 make pam errors other than PAM_PERM_DENIED fatal
15352 make it clear that /etc/pam.d/sudo is required on linux
15356 fix a warning on redhat and spew an error if pam_authenticate()
15357 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
15360 * sudo.cat, sudo.html, sudo.man, sudo.pod:
15361 Be very clear that the password required is the user's not root's
15364 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
15367 add sample.syslog.conf to DISTFILES and BINFILES
15370 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
15373 updates from Brian Jackson + some formatting
15376 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
15378 * INSTALL.binary, Makefile.binary, README, RUNSON:
15379 o One RUNSon update o Changes for automating real binary releases
15386 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
15389 talk about run-time options in addition to compile-time options
15390 [1eb813ff0a9a] [SUDO_1_6_0]
15397 need sys/time.h if HAVE_SETRLIMIT
15400 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
15401 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
15402 get rid of references to sudo-bugs. Now mention the web site or the
15407 repair pod2html damage
15411 Update for 1.6 release
15414 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
15415 Add warning about using ALL in a command context.
15418 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
15421 Call yyrestart() on a parse error to reset the lexer state.
15424 * lex.yy.c, parse.lex:
15425 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
15426 since it might not get called in yywrap if we get a parse error
15427 (and we only reread the file on error anyway).
15430 * lex.yy.c, parse.lex:
15431 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
15432 might still exist. Call yyrestart() instead of using the deprecated
15436 * lex.yy.c, parse.lex:
15437 flex doesn't need %N table size declarations
15440 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
15441 Mention what characters need to be escaped in names.
15444 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
15451 clarify Mac OS X entry
15459 o Use AC_MSG_ERROR throughout o Check syslog configure options for
15463 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
15466 Fix printing of type T_MODE in dump_defaults()
15470 missing sys/types.h
15474 Break out options that may be overridden at run time into their own
15475 section. Add a not about Max OS X and correct some lies.
15478 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
15480 * CHANGES, config.h.in, configure, configure.in, sudo.c:
15481 o Now use getrlimit to find the highest fd when closing all non-std
15482 fd's o Turn off core dumps via setrlimit for the sake of paranoia
15489 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
15496 When read()'ing, do a single character at a time to be sure we don't
15497 go oast the newline.
15501 For the sudo_root option, check against user_uid, not getuid() since
15502 at this point, ruid == euid == 0.
15510 Fix compilation problem when --with-logging=file was specified.
15511 This means that syslog is now required to build sudo but that should
15512 not be a problem. If it is it can be fixed trivially with a
15513 configure check for syslog() or syslog.h.
15517 Make this work again for things like "sudo echo hi | more" where the
15518 tty gets put into character at a time mode. We read until we read
15519 end of line or we run out of space (similar to fgets(3)).
15522 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
15524 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
15525 change ital to bold
15532 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
15535 Error out if syslog parameters are given without a value. For
15536 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
15537 no facilities in the 4.2BSD syslog.
15540 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
15543 Ignore the syslog facility for systems w/ old syslog like Ultrix.
15547 people with "." early in their path can have problems running sudo
15548 from the build dir ;-)
15551 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
15553 * sudo.cat, sudo.html, sudo.man, sudo.pod:
15554 Remove -r realm option
15557 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
15558 configure.in, sudo.c:
15559 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
15566 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
15569 include <auth.h> to get function prototypes.
15572 * sudo.cat, sudo.html, sudo.man, sudo.pod:
15576 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
15579 in set_perms(), always call setuid(0) before changing the ruid/euid
15580 so we always know it will succeed.
15584 #undef T_FOO to avoid conflicts with system defines (like on
15588 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
15590 Docuement "Defaults" lines in /etc/sudoers. Still needs some
15591 fleshing out but this is a start.
15594 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
15596 * use strtol, not strtoul since not everyone has not strtoul
15600 use strtol, not strtoul since not everyone has not strtoul
15603 * lex.yy.c, parse.lex:
15604 last {WORD} rule should only apply in the INITIAL state
15607 * lex.yy.c, parse.lex:
15608 o Add support for escaped characters in the WORD macro o Modify
15609 fill() to squash escape chars
15612 * defaults.c, defaults.h:
15613 o Add T_PATH flag to allow simple sanity checks for default values
15614 that are supposed to be pathnames. o Fix a duplicate free when
15615 visudo finds an error.
15618 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
15620 * defaults.c, defaults.h, logging.c:
15621 mail_if_foo -> mail_foo
15624 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
15626 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
15627 o Add requiretty option o Move O_NOCTTY to compat.h
15631 The exit() in log_error() was mistakenly removed in a previous
15632 version. Put it back...
15635 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
15637 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
15638 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
15639 configure, configure.in, defaults.c, defaults.h, find_path.c,
15640 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
15641 o Change defaults stuff to put the value right in the struct. o
15642 Implement mailer_flags o Store syslog stuff both in int and string
15643 form. Setting the string form magically updates the int version.
15644 o Add boolean attribute to strings where it makes sense to say !foo
15648 add O_NOCTTY when opening /dev/tty just in case
15651 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
15654 cleanup function no longer takes a status arg
15661 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
15663 * TODO, config.h.in, configure, configure.in, logging.c:
15664 Use strftime() instead of ctime() if it is available.
15667 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
15674 update ReliantUNIX entry
15677 * defaults.c, defaults.h, logging.c:
15678 add log_year option
15681 * configure, configure.in:
15682 add --without-sendmail to help output
15685 * configure, configure.in:
15686 enforce an otctal arg for --with-suoders-mode
15689 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
15691 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
15692 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
15693 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
15694 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
15695 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
15696 testsudoers.c, version.c, visudo.c:
15697 Add support for "Defaults" line in sudoers to make configuration
15698 variables changable at runtime (and on a global, per-host and per-
15699 user basis). Both the names and the internal representation are
15700 still subject to change. It was necessary to make sudo_user.runas
15701 but a char ** instead of a char * since this value can be changed by
15702 a Defaults line. There is a similar (but more complicated) issue
15703 with sudo_user.prompt but it is handled differently at the moment.
15705 Add a "-L" flag to list the name of options with their descriptions.
15706 This may only be temporary.
15708 Move some prototypes to parse.h
15710 Be much less restrictive on what is allowed for a username.
15713 * sample.syslog.conf:
15717 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
15719 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
15721 UCB has dropped the advertising clause from their license.
15724 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
15726 * auth/sudo_auth.h:
15727 move dce_verofy proto to correct section
15734 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
15737 Add fnmatch() prototype
15740 * fnmatch.c, parse.c, testsudoers.c:
15741 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
15745 add strcasecmp proto
15748 * auth/sudo_auth.c:
15749 add check for case where there are no auth methods
15752 * configure, configure.in:
15753 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
15757 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
15758 include strings.h everywhere we include string.h
15762 nicer output when showing auth methods
15766 Add support for SEND_MAIL_WHEN_NO_HOST
15769 * config.h.in, configure, configure.in:
15770 Add _GNU_SOURCE for Linux
15773 * lex.yy.c, parse.lex:
15774 fix definition of OCTECT
15777 * configure, configure.in:
15778 aix_auth.o not authenticate.o
15781 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
15784 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
15785 keyboard). Since we run with ruid/euid == 0 the user can't really
15786 signal us in nasty ways.
15790 Don't need to worry about catching too many signals since we do
15791 locking on the tmp file. If a lockfile is really stale, it will be
15792 detected and overwritten.
15795 * INSTALL, Makefile.in:
15796 include auth/API in tarball
15799 * auth/sudo_auth.c:
15800 move memset() of plaintext pw outside of verify loop and only do the
15801 memset if we are *not* in standalone mode.
15804 * auth/sudo_auth.c, auth/sudo_auth.h:
15805 DCE is not a standalone method
15809 fix --enable-noargs-shell
15813 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
15816 * auth/fwtk.c, auth/sia.c:
15817 _cleanup() function returns an int.
15821 there were still some return(0)'s hanging around, make them
15830 add missing semicolon
15833 * auth/sudo_auth.h:
15837 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
15839 * CHANGES, config.h.in, configure, configure.in:
15840 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
15844 add parse.h to HDRS
15847 * Makefile.in, configure, configure.in:
15848 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
15849 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
15850 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
15851 testsudoers to build on Solaris and is a bit cleaner in general.
15855 mention ptmp -> sudoers.tmp
15858 * config.h.in, configure, configure.in:
15859 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
15867 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
15868 return a value more like a system function
15880 update based on what is in the man page
15883 * parse.yacc, sudo.tab.c:
15884 minor change to first line printed in -l mode
15887 * sudo.cat, sudo.html, sudo.man, sudo.pod:
15888 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
15889 standard and add "EXAMPLES" section
15892 * visudo.cat, visudo.html, visudo.man, visudo.pod:
15893 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
15897 * logging.c, parse.c, sudo.h:
15901 * lex.yy.c, parse.lex:
15902 make an OCTET really be limited to 0-255
15906 mention timestamp changes
15913 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
15914 new sudoers(8) man page
15917 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
15920 Update comments about syslog name tables
15923 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
15924 strcasecmp.c, sudo.tab.c:
15925 include strcasecmp() for those without it
15929 Use the : operator some more and fix a typo
15933 update the history of sudo
15936 * parse.c, parse.lex, testsudoers.c:
15937 CIDR-style netmask support
15944 * sudo.tab.c, sudo.tab.h:
15945 these should be generated with byacc, not bison
15952 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
15953 In "sudo -l" mode, the type of the stored (expanded) alias was not
15954 stored with the contents. This could lead to incorrect output if
15955 the sudoers file had different alias types with the same name.
15956 Normal parsing (ie: not in '-l' mode) is unaffected.
15959 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
15961 * configure, configure.in:
15962 define _XOPEN_SOURCE to get at crypt() proto on some systems
15965 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
15972 don't need limits.h
15976 kill bogus reference to vfprintf
15979 * sample.sudoers, sudoers:
15984 Add some const in the K&R defs. This is safe since we define const
15985 away if the compiler doesn't grok it.
15988 * aclocal.m4, configure:
15989 Better test for working long long support. Ultrix compiler supports
15990 basic long long but not all operations on them.
15993 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
15994 snprintf.c, sudo.c:
15995 Add check for LONG_IS_QUAD #undef MAXINT before including
15996 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
15997 in snprintf.c and use LONG_IS_QUAD
16000 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
16002 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
16004 UCB-derived snprintf + asprintf support. Supports quads if the
16005 compiler does. No floating point yet, perhaps later...
16008 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
16010 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
16011 goodpath.c, logging.c, parse.c, sudo.c:
16012 Run most of the code as root, not the invoking user. It doesn't
16013 really gain us anything to run as the user since an attacker can
16014 just have an setuid(0) in their egg. Running as root solves
16015 potential problems wrt signalling.
16022 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
16024 * logging.c, sudo.c:
16025 Don't wait for child to finish in log_error(), let the signal
16026 handler get it if we are still running, else let init reap it for
16027 us. The extra time it takes to wait lets the user know that mail is
16030 Install SIGCHLD handler in main() and for POSIX signals, block
16035 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
16036 parse.yacc, sudo.c, sudo.h:
16037 sudoers_lookup() now returns a bitmap instead of an int. This makes
16038 it possible to express things like "failed to validate because user
16039 not listed for this host". Some thigns that were previously
16040 VALIDATE_FOO are now FLAG_FOO. This may change later on.
16042 Reorganized code in log_auth() and sudo.c to deal with above
16045 Safer versions of push/pushcp with in the do { ... } while (0) style
16047 parse.yacc now saves info on the stack to allow parse.c to determine
16048 if a user was listed, but not for the host he/she tried to run on.
16050 Added --with-mail-if-no-host option
16053 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
16055 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
16056 visudo.man, visudo.pod:
16057 o NewArgv and NewArgc don't need to be externally visible. o If
16058 pedantic > 1, it is a parse error. o Add -s (strict) option to
16059 visudo which sets pedantic to 2.
16062 * HISTORY, INSTALL:
16063 Just have sudo-bugs contact info in one place
16066 * sudo.cat, sudo.html, sudo.man, sudo.pod:
16070 * Makefile.in, configure, configure.in:
16071 Add testsudoers to default build target if --with-devel Don't clean
16072 generated parser files unless "distclean".
16075 * parse.yacc, sudo.tab.c:
16076 In pedantic mode we need to save *all* the aliases, not just those
16077 that match, or we get spurious warnings.
16081 reference samples.sylog.conf
16084 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
16086 * sample.syslog.conf:
16087 Sample entries for syslog.conf
16094 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
16095 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16096 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
16097 auth/sudo_auth.c, auth/sudo_auth.h:
16098 In struct sudo_auth, turn need_root and configured into flags and
16099 add a flag to specify an auth method is running alone (the only
16100 one). Pass auth methods their sudo_auth pointer, not the data
16101 pointer. This allows us to get at the flags and tell if we are the
16102 only auth method. That, in turn, allows the method to be able to
16103 decide what should/should not be a fatal error. Currently only
16104 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
16105 define and te hackery that went with it. With access to the
16106 sudo_auth struct, methods can also get at a string holding their
16107 cannonical name (useful in error messages).
16110 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
16111 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
16113 o --with-otp deprecated, use --without-passwd instead o real
16114 dependencies in the Makefile o --with-devel option to enable yacc,
16115 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
16116 back to being a token, not a string but don't leak memory o rename
16117 hsotspec -> host in parse.yacc
16120 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
16126 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
16128 o Digital UNIX needs to check for *snprintf() before -ldb is added
16129 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
16130 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
16131 functions in snprintf.c to fix -Wall o Add missing includes to fix
16135 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
16136 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
16138 o Add a "pedentic" flag to the parser. This makes sudo warn in
16139 cases where an alias may be used before it is defined. Only turned
16140 on for visudo and testsudoers. o Add --disable-authentication option
16141 that makes sudo not require authentication by default. The PASSWD
16142 tag can be used to require authentication for an entry. We no
16143 longer overload --without-passwd.
16146 * lex.yy.c, parse.lex:
16147 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
16148 username can contain just about anything so be very permissive. Also
16149 drop the unused \. punctuation.
16152 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
16154 * parse.yacc, sudo.tab.c:
16155 o add a 'val' element to aliasinfo struct and move -> parse.h o
16156 find_alias() now returns an aliasinfo * instead of boolean o
16157 add_alias() now takes a value parameter to store in the
16158 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
16159 return: 1) positive match 0) negative match (due to '!')
16160 -1) no match This means setting $$ explicitly in all cases, which I
16161 should have done in the first place. It also means that we always
16162 store a value that is != -1 and when we see a '!' we can set
16163 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
16164 now works the way it should in lists and some of the rules are more
16165 uniform and sensible.
16169 add parse.h dependency
16173 kill unused *_matched macros
16177 Allow a list of users as the first thing in a user spec, not just a
16178 single entry. This makes things more uniform, though it does allow
16179 you to write user specs that are hard to read.
16191 fix check for crypt() in libufc
16194 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
16197 sudo-users list now exists
16200 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
16204 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
16205 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
16206 version.c, visudo.c:
16207 o Move lock_file() and touch() into fileops.c so visudo can use them
16208 o Visudo now locks the sudoers temp file instead of bailing when the
16209 temp file already exists. This fixes the problem of stale temp
16210 files but it does *require* that you not try to put the temp file in
16211 a world-writable directory. This shoud not be an issue as the temp
16212 file should live in the same dir as sudoers. o Visudo now only
16213 installs the temp file as sudoers if it changed.
16216 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
16222 * config.h.in, configure, configure.in, logging.c:
16226 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
16227 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
16228 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
16229 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
16230 -> _PATH_SUDOERS_TMP
16233 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
16235 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
16236 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
16237 root sudo -V config reporting
16240 * configure, configure.in:
16241 aix_auth.o not authenticate.o
16245 Add --with-goodpri and --with-badpri configure options to specify
16246 the syslog priority to use.
16249 * INSTALL, configure, configure.in, logging.h:
16250 Add --with-goodpri and --with-badpri configure options to specify
16251 the syslog priority to use.
16255 kill crufty AIX stuff
16259 Sigh, some versions of make (like Solaris's) don't deal with $< like
16260 I would expect. Both GNU and BSD makes get this right but... So, we
16261 just expand $< inline at the cost of some ugliness.
16265 If the invoking user is root, sudo will now print configure info in
16266 -V mode. Currently just prints logging info, to be expanded later.
16269 * logging.c, logging.h, sudo.c, sudo.h:
16270 o new defines for syslog facility and priority o use new
16271 print_version() functino for -V mode
16275 Don't need version.c
16278 * aclocal.m4, config.h.in, configure, configure.in:
16279 Add check for syslog facilities and priorities tables in syslog.h
16283 o authenticate -> aix_auth o add version.c
16286 * auth/sudo_auth.c:
16287 Missed a prompt -> user_prompt conversion
16290 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
16293 sudo should lock its logfile
16296 * parse.yacc, sudo.tab.c:
16297 o Add '!' correctly when expanding Aliases. o Add shortcut macros
16298 for append() to make things more readable. o The separator in
16299 append() is now a string instead of a char. o In append(), only
16300 prepend the separator if the last char is not a '!'. This is a
16301 hack but it greatly simplifies '!' handling. o In -l mode, Runas
16302 lists and NOPASSWD/PASSWD tags are now inherited across entries in
16303 a list (matches current behavior). o Fix formatting in -l mode such
16304 that items in a list are separated by a space. Greatlt improves
16305 readability. o Space for name field in struct aliasinfo is now
16306 allocated dyanically instead of using a (big) buffer. o In
16307 add_alias(), only search the list once (lsearch instead of lfind +
16311 * lex.yy.c, sudo.tab.c, sudo.tab.h:
16315 * configure, configure.in:
16316 Solais pam doesn't require anye xtra setup
16320 o Simpler '!' support now that the lexer deals with multiple !'s for
16321 us. o In the case of opFOO, have FOO give a boolean return value and
16322 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
16323 it gets fill()'d in parse.lex--fixes a small memory leak. In the
16324 long run it may be better to just fix parse.lex and make ALL back
16325 into a token. However, having it be a string is useful since it
16326 can be easily passed back to the parent rule if we so desire.
16330 o Remove some unnecessary backslashes o collapse multiple !'s by
16331 using !+ and checking if yyleng is even or odd. this allows us to
16332 simplify ! handling in parse.yacc
16336 -u flag was being ignored
16339 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
16346 work around pod2man stupididy
16350 correct dependencies for .cat
16353 * sudo.cat, sudo.man, visudo.cat, visudo.man:
16357 * sudo.pod, visudo.pod:
16358 Add copyright Update to reality
16361 * parse.c, sudo.c, sudo.h:
16362 rename validate() to the more descriptive sudoers_lookup()
16369 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
16375 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
16376 configure, configure.in, sudo.c:
16381 add 4th term to license similar to term 5 in the apache license
16384 * emul/search.h, emul/utime.h:
16385 add 4th term to license similar to term 5 in the apache license
16388 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
16389 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
16390 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
16391 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
16392 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
16393 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
16394 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
16396 add 4th term to license similar to term 5 in the apache license
16399 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
16400 add 4th term to license similar to term 5 in the apache license
16403 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
16404 getspwuid.c, goodpath.c:
16405 add 4th term to license similar to term 5 in the apache license
16408 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
16409 insults.h, logging.c, sudo.c, sudo.h:
16410 there was a 1995 release too
16413 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
16420 Use dirs instead of files for timestamp. This allows tty and non-
16421 tty schemes to coexist reasonably. Note, however, that when you
16422 update a tty ticket, the mtime on the user dir gets updated as well.
16425 * configure, configure.in:
16426 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
16427 when linking test program, not just -lprot. Also add check for
16428 getspnam(). The SCO docs indicate that /etc/shadow can be used but
16432 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
16435 first cut at auth API description
16438 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
16440 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
16441 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
16443 auth API change. There is now an init method that gets run before
16444 the main loop. This allows auth routines to differentiate between
16445 initialization that happens once vs. setup that needs to run each
16446 time through the loop.
16449 * auth/kerb5.c, logging.c:
16450 use easprintf() and evasprintf()
16454 add easprintf() and evasprintf(), error checking versions of
16455 asprintf() and vasprintf()
16459 remove 2 items. One done, one won't do.
16462 * lex.yy.c, sudo.tab.c:
16466 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
16467 visudo.html, visudo.man:
16476 o Document -K flag and update meaning of -k flag. o BSD-style
16477 copyright o Document clearing of BIND resolver environment variables
16478 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
16479 if your OS gives away files
16487 BSD-style copyright
16491 o BSD copyright o no need to block signals, we now do that in main()
16495 * testsudoers.c, visudo.c:
16496 o BSD-style copyright o Use "struct sudo_user" instead of old
16497 globals. o some cometic cleanup
16501 BSD-style copyright
16505 o BSD copyright o logging and parser bits moved to their own .h
16506 files o new "struct sudo_user" to encapsulate many of the old
16511 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
16512 logging routines o simplified flow of control o BIND resolver
16513 additions to badenv_table
16517 BSD-style copyright
16521 Now compiles on more K&R compilers
16525 BSD-style copyright, cosmetic changes
16529 BSD-style copyright
16532 * parse.c, parse.h, parse.lex, parse.yacc:
16533 BSD-style copyright. Move parser-specific defines and structs into
16534 parse.h + other cosmetic changes
16538 defines for logging routines
16541 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
16542 BSD-style copyright, cosmetic changes
16545 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
16547 BSD-style copyright
16551 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
16552 kill --disable-tgetpass o add --without-passwd o changes to fill in
16553 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
16554 v?asprintf() o replace --with-AuthSRV with --with-fwtk
16558 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
16559 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
16560 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
16564 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
16568 BSD-style copyright
16572 no more --with-getpass
16576 Take out things I've done...
16584 --with-getpass no longer exists
16588 BSD-style copyright. Update to reflect reality wrt new files and
16593 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
16598 Update history a bit
16601 * COPYING, LICENSE:
16602 Now distributed under a BSD-style license
16605 * auth/sudo_auth.c:
16606 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
16607 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
16611 * auth/pam.c, auth/sia.c:
16612 BSD-style copyright and use new log functions
16616 o BSD-style copyright o Use new log functiongs o Use asprintf() and
16617 snprintf() where sensible.
16621 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
16622 done more reasonably--better sanity checks and tty-based stamps are
16623 now done as files in a directory with the same name as the invoking
16624 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
16625 to mix tty and non-tty based ticket schemes but this may change in
16626 the future (it requires sudo to use a directory instead of a file in
16627 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
16628 the epoch and ``sudo -K'' really deletes the file. That way you
16629 don't get the lecture again just because you killed your ticket in
16630 .logout. BSD-style copyright now.
16634 o rewritten logging routines. log_error() now takes printf-style
16635 varargs and log_auth() for the return value of validate(). o BSD-
16639 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
16640 superceded by new auth API
16644 BSD-style copyright
16648 Use snprintf() where it makes sense and add a BSD-style copyright
16651 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
16652 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
16653 BSD-style copyright
16656 * emul/utime.h, utime.c:
16657 BSD-style copyright
16661 this has been rewritten so use my BSD-style copyright
16664 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
16667 include malloc.h if no stdlib.h
16671 KTH snprintf()/asprintf() for systems w/o them
16675 strerror() for systems w/o it
16678 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
16684 * parse.c, parse.lex, parse.yacc:
16685 Add contribution info in the main comment
16688 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
16691 remove missed ref to PAM_nullpw
16694 * auth/sudo_auth.h:
16699 more or less complete now--still untested
16702 * auth/afs.c, auth/pam.c:
16703 don't use user_name macro, it will go away
16706 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
16707 combine skey/opie code into rfc1938.c
16710 * auth/dce.c, auth/sudo_auth.h:
16711 DCE authentication method; basically unchanged from dce_pwent.c
16714 * auth/aix_auth.c, auth/sudo_auth.h:
16715 AIX authenticate() support. Could probably be much better
16719 Fix an uninitialized variable and some cleanup. Now works (tested)
16722 * auth/sia.c, auth/sudo_auth.h:
16723 SIA support for digital unix
16727 don't use prompt global, it will go away
16730 * auth/secureware.c:
16731 correct copyright years
16734 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
16735 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
16736 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
16737 New authentication API and methods
16740 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
16747 only save an entry if user_matches && host_matches, even if the
16748 stack is empty (fix for previous commit)
16756 1) Always save an entry on the stack if it is empty. This fixes the
16757 -l and -v flags that were broken by earlier parser changes.
16759 2) In a Runas list, don't negate FALSE -> TRUE since that would make
16760 !foo match any time the user specified a runas user (via -u) other
16765 interfaces and num_interfaces are now auto, not extern
16768 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
16771 use a static global to keep stae about empty passwords
16775 make PASSWORD_NOT_CORRECT logging consistent with other modules
16778 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
16781 PAM prompt code was wrong, looks like we have to kludge it after
16786 In the PAM code, when a user hits return at the first password
16787 prompt, exit without a warning just like the normal auth code
16790 * configure, configure.in:
16791 kludge around cross-compiler false positives
16794 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
16795 New (correct) PAM code Tgetpass now takes an echo flag for use with
16796 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
16797 useless umask setting Change error from BAD_ALLOCATION ->
16798 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
16803 Some -Wall and kill some trailing spaces
16807 define -D__EXTENSIONS__ for solaris so we get crypt() proto
16810 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
16816 * INSTALL, config.h.in, configure, configure.in:
16817 for kerberos V < version, fall back on old kerb4 auth code
16821 clarify some things
16824 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
16828 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
16831 mention why DONT_LEAK_PATH_INFO is not the default
16834 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
16837 Fix open(2) return value checking, was NULL for fopen, should be -1
16846 better wording for solaris pam notice
16850 document recent changes
16854 Update shadow password section
16858 move authentication code from check.c to auth.c
16861 * Makefile.in, check.c, sudo.h:
16862 move authentication code to auth.c
16865 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
16867 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
16868 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
16869 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
16870 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
16872 Move interface-related defines to interfaces.h so we don't have to
16873 include <netinet/in.h> everywhere.
16876 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
16878 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
16879 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
16880 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
16881 turns out the old DES crypt does the right thing with passwords
16882 longert than 8 characters. o Fix common typo (necesary ->
16883 necessary) o Update TODO list
16886 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
16889 set $LOGNAME when we set $USER
16892 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
16895 add comment about digital unix and interfaces.c warning with gcc
16898 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
16901 use modern paths and give examples for some of the new parser
16905 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
16911 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
16912 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
16913 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
16914 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
16915 Function names should be flush with the start of the line so they
16916 can be found trivially in an editor and with grep
16919 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
16920 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
16921 free(3) is already void, no need to cast it
16924 * logging.c, sudo.c, sudo.h:
16925 catch case where cmnd_safe is not set (this should not be possible)
16928 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
16929 testsudoers.c, visudo.c:
16930 Stash the "safe" path (ie: the one listed in sudoers) to the command
16931 instead of stashing the struct stat. Should be safer.
16934 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
16936 * INSTALL, Makefile.in, UPGRADE:
16937 notes on updating from an earlier release
16944 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
16946 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
16947 sudoers.man, sudoers.pod:
16948 You can now specifiy a host list instead of just a host or alias.
16949 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
16956 * parse.yacc, sudo.tab.c:
16957 Move the push from the beginning of cmndspec to the end. This means
16958 we no longer have to do a push at the end of privilege, just reset
16962 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
16963 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
16964 use "!" most everywhere
16967 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
16970 modernize paths and update su example based on sample.sudoers one
16974 New runas semantics
16977 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
16979 In estrdup(), do the malloc ourselves so we don't need to rely on
16980 the system strdup(3) which may or may not exist. There is now no
16981 need to provide strdup() for those w/o it. Also, the prototype for
16982 estrdup() was wrong, it returns char * and its param is const.
16990 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
16993 * CHANGES, TODO, parse.yacc, sudo.tab.c:
16994 It is now possible to use the '!' operator in a runas list as well
16995 as in a Cmnd_Alias, Host_Alias and User_Alias.
16998 * logging.c, sudo.h:
16999 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
17003 Definitions of *_matched were wrong--user top, not top-2 as
17007 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
17008 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
17009 command but the NOPASSWD flag was set. Make runasspec, runaslist,
17010 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
17011 in the runas list Fix double printing of '%' and '+' for groups and
17012 netgroups respectively Add *_matched macros (no need for local stack
17013 variable). Should only be used directly after a pop (since top must
17017 * aclocal.m4, configure.in:
17018 Add copyright, somewhat silly
17021 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
17023 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
17024 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
17025 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
17026 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
17027 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
17028 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
17029 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
17030 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
17032 Crank version to 1.6 and combine copyright statements
17036 Use ! not ^ to do negation
17039 * lex.yy.c, sudo.tab.c:
17043 * parse.lex, parse.yacc:
17044 Make runas and NOPASSWD tags persistent across entris in a command
17045 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
17046 runas or *PASSWD tag the value given becomes the new default for the
17047 rest of the command list.
17050 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
17054 [a1ae9d4a7d54] [SUDO_1_5_9]
17057 Shift return value of system(3) by 8 to get real exit value and if
17058 it is not 1 or 0 print the retval along with the error message.
17061 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
17064 testsudoers needs LIBOBJS too
17067 * parse.c, parse.yacc, sudo.tab.c:
17068 Fix another parser bug. For a sudoers entry like this: millert
17069 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
17077 * parse.yacc, sudo.tab.c:
17078 Save entries that match a ! command on the matching stack too
17082 Make sudo's usage info better when mutually exclusive args are given
17083 and don't rely on argument order to detect this; nick@zeta.org.au
17086 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
17088 * CHANGES, Makefile.in, RUNSON:
17096 * parse.yacc, sudo.tab.c:
17097 Fix off by one error introduced in *alloc changes
17100 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
17101 check_sia.c, compat.h, config.h.in, configure, configure.in,
17102 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
17103 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17104 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
17105 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
17106 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
17107 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
17108 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
17112 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
17113 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
17114 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
17115 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
17116 Use emalloc/erealloc/estrdup
17120 error checking memory allocation routines
17123 * parse.yacc, sudo.tab.c:
17124 Still not right, this fixes it for real
17127 * parse.yacc, sudo.tab.c:
17128 Fix for previous commit
17131 * CHANGES, INSTALL, parse.yacc:
17132 Fix a parser bug that was exposed when mixing different runas specs
17133 and ! commands. For example: millert ALL=(daemon)
17134 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
17135 as well as daemon when it should just allow daemon. The problem was
17136 that comma-separated commands in a list shared the same entry on the
17137 matching stack. Now they get their own entry iff there is a full
17138 match. It may be better to just make the runas spec persistent
17139 across all commands in a list like the user and host entries of the
17140 matching stack. However, since that is a fairly major change it
17141 should gets its own minor rev increase.
17144 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
17146 * check.c, config.h.in:
17147 Simplify PAM code and fix a PAM-related warning on Linux
17150 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
17164 * check.c, configure.in:
17165 new pam code that works on solaris, should work on linux too;
17169 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
17176 only include strings.h if there is no string.h
17179 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
17182 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
17185 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
17188 shost must be set before log functions are called #ifdef HOST_IN_LOG
17191 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
17193 * CHANGES, lex.yy.c, parse.lex:
17194 Fix a bug wrt quoting characters in command args. Stop processing
17195 an arg when you hit a backslash so the quoted-character detection
17199 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
17202 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
17205 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
17207 * configure, configure.in:
17208 add missing case statement so --without-sendmail works
17211 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
17217 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
17219 * configure, configure.in:
17220 only search for -lsun in irix <= 4.x
17223 * configure, configure.in:
17224 back out last configure.in change now that I've hacked autoconf to
17225 fix the real problem and add a missing newline
17233 add def of dirfd() for those without it
17236 * configure, configure.in:
17237 When falling back to checking for socket() when linking with
17238 "-lsocket -lnsl" check for main() instead since autoconf has already
17239 cached the results of checking for socket() in -lsocket. This is
17240 really an autoconf bug as it should use the extra libs as part of
17241 the cache variable name.
17248 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
17251 fix occurrence of $with_timeout that should be
17252 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
17256 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
17258 * sudo.cat, sudo.html, sudo.man, sudo.pod:
17259 fix grammar; espie@openbsd.org
17260 [7031d9dfbc3e] [SUDO_1_5_8]
17262 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
17264 * parse.yacc, sudo.c, testsudoers.c:
17265 add cast for strdup in places it does not have it
17268 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
17270 * configure, configure.in:
17271 define for_BSD_TYPES irix
17274 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
17276 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
17277 Make it clear that it is the user's password, not root's, that we
17282 If the user enters an empty password and really has no password,
17283 accept the empty password they entered. Perviously, they could
17285 *but* an empty password. Also, add GETPASS macro that calls either
17286 tgetpass() or getpass() depending on how sudo was configured.
17287 Problem noted by jdg@maths.qmw.ac.uk
17290 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
17292 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
17293 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
17294 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17295 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
17296 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
17297 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
17299 add explicate copyright
17303 mention -lsocket, -lnsl configure changes
17306 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
17309 Don't clobber errno after calling check_sudoers().
17312 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
17314 * configure, configure.in:
17315 When linking with both -lsocket and -lnsl be sure to do so in that
17316 order. Also, when we can't find socket() or inet_addr() and have to
17317 try linking with both libs, issue a warning.
17320 * sudo.cat, sudo.man, sudo.pod:
17321 clarify bad timestamp and fmt
17324 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
17327 be clear that pam is linux-only and add a RUNSON entry
17330 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
17332 * CHANGES, INSTALL, configure, configure.in:
17333 fix and correctly document --with-umask; problem noted by
17337 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
17339 * configure, configure.in:
17340 only use /usr/{man,catman}/local to store man pages if suer didn't
17341 override prefix or mandir
17344 * INSTALL, configure, configure.in:
17345 fix typo, make --with-SecurID take an arg
17348 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
17354 * CHANGES, INSTALL, check.c, configure, configure.in:
17355 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
17358 * configure, configure.in:
17359 better fix for the problem of unresolved symbols in -lnsl or
17363 * configure, configure.in:
17364 when checking for functions in -lnsl and -lsocket link with both of
17365 them to avoid unresolved symbols on some weirdo systems
17368 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
17370 * BUGS, CHANGES, RUNSON, TODO:
17371 old changes that didn't make it into RCS before the RCS->CVS switch
17374 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17376 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
17377 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
17378 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
17379 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
17380 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
17381 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
17382 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
17395 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
17396 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
17397 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
17398 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
17399 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
17400 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
17401 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
17402 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
17403 crank version and regen files
17407 kill rcs goop in update_version and fix now that version is a const
17410 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
17411 sudo.c, sudo.h, sudo.pod:
17412 kerb5 support from fcusack@iconnet.net
17415 * realpath.c, sudo_realpath.c:
17416 we no longer use realpath
17420 replaced by find_path.c
17424 all options are now configure flags
17432 superceded by getcwd.c
17436 superceded by tgetpass.c
17440 superceded by RUNSON
17444 No longer used now that we have configure options for everything.
17448 regen based on configure.in
17451 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
17452 sudoers.man, visudo.cat, visudo.html, visudo.man:
17453 regen based on sudo.pod, sudoers.pod, and visudo.pod
17456 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
17459 fix tty tickets in remove_timestamp (didn't use ':')
17462 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
17465 close sock when we are done with it
17468 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
17471 never say "error on line -1"
17474 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
17477 check for -lnsl before -lsocket
17481 quote '[', ']' used in ranges correctly
17484 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
17487 add missing NO_ROOT_SUDO noted by drno@tsd.edu
17490 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
17497 more info for 1.5.7
17505 make increases of cm_list_size and ga_list_size be similar to
17506 increases of stacksize (ie: >= not > in initial compare).
17510 when we get a syntax error, report it for the previous line since
17511 that's generally where the error occurred.
17514 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
17516 * config.h.in, configure.in, interfaces.c:
17517 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
17519 [d197f31fd1e4] [SUDO_1_5_7]
17522 define BSD_COMP for svr4
17525 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
17526 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
17527 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
17528 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17533 kill check for sockio,h
17537 no more HAVE_SYS_SOCKIO_H
17540 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
17541 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
17542 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
17543 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17547 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
17550 add missing inform_user()
17553 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
17556 return NOT_FOUND if given fully qualified path and it does not exist
17557 previously it would perror(ENOENT) which bypasses the option to not
17562 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
17566 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
17569 tty tickets are user:tty now
17573 when using tty tickets make it user:tty not user.tty as a username
17574 could have a '.' in it
17577 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
17580 add "ignoring foo found in ." for auth successful case
17583 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
17586 add missing printf param
17589 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
17591 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
17592 go back to printing "command not found" unless --disable-path-info
17593 specified. Also, tell user when we ignore '.' in their path and it
17594 would have been used but for --with-ignore-dot.
17598 Only one space after a colon, not two, in printf's
17601 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
17604 document setting $USER
17608 fix bugs with prompt expansion
17612 set $USER for root too
17615 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
17622 HP-UX's iscomsec is in -lsec, not libc
17626 remove some entries in the OS case statement that did nothing
17630 add "cd" section and flush out syslog section
17634 no more sudo-lex.yy.c
17638 add custom prompt support
17642 kill perror("malloc") since we already have a good error messages
17643 pw_ent -> pw for brevity
17647 kill perror("malloc") since we already have a good error messages
17648 pw_ent -> pw for brevity set $USER if -u specified
17652 kill perror("malloc") since we already have a good error messages
17656 kill perror("malloc") since we already have a good error messages
17657 pw_ent -> pw for brevity when checking if %group matches, look up
17658 user in password file so that %groups works in a RunAs spec.
17662 kill perror("malloc") since we already have a good error messages
17665 * check.c, getspwuid.c, interfaces.c:
17666 kill perror("malloc") since we already have a good error messages
17667 pw_ent -> pw for brevity
17670 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
17673 the prompt is expanded before tgetpass is called
17677 tgetpass now has the same args as getpass again
17681 add iscomsec, issecure support
17685 we now expand any %h or %u in the prompt before passing to tgetpass
17689 add check for syslog(3) in -lsocket, -lnsl, -linet
17693 add HAVE_ISCOMSEC and HAVE_ISSECURE
17697 add check for iscomsec in HP-UX
17701 check for issecure if we have getpwanam on SunOS some options are
17702 incompatible with DUNIX SIA check for dispcrypt on DUNIX
17705 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
17712 add back support for non-dispcrypt based checking for older DUNIX
17720 SIA becomes the default on Digital UNIX now havbe --disable-sia to
17725 move local includes after system ones
17728 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
17730 * check.c, check_sia.c, sudo.h:
17731 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
17736 fix while loop in sia_attempt_auth() that checks the password. Only
17737 the first iteration was working.
17740 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
17743 don't trust UID_MAX or MAXUID
17754 * getspwuid.c, secureware.c:
17755 init crypt_type to INT_MAX since it is legal to be negative in DUNX
17760 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
17761 -ldb since DUNX < 4.0 lacks it
17764 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
17766 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
17767 secureware.c, sudo.c, tgetpass.c:
17768 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
17769 minutes if the shadow files don't exist).
17772 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
17775 updated --with-editor blurb
17779 tell how to put sudoers in a different dir
17783 add missing quotes around $with_editor
17787 typo in --with-editor bits
17791 I don't expect it to work on Solaris
17795 add back security/pam_misc.h
17798 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
17801 remove dunix note since configure checks for this now
17805 add check for broken dunix prot.h (4.0 < 4.0D is bad)
17808 * getspwuid.c, secureware.c, tgetpass.c:
17809 new dunix shadow code, use dispcrypt(3)
17817 call initprivs() if we have it for getprpwuid later on
17821 clean pathnames.h too
17825 quote "Sorry, try again." with [] since it has a comma in it set
17826 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
17827 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
17832 update Digital UNIX note about acl.h
17837 --without-root-sudo -> --disable-root-sudo some reordering
17844 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
17852 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
17855 when checking for -lsocket, -lnsl, and -linet, check for the
17856 specific functions we need from them.
17859 * config.h.in, sudo.h:
17860 move Syslog_* defs into sudo.h
17863 * Makefile.in, sudo.h:
17864 added check_secureware
17868 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
17872 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
17873 defined. configure now does that for us
17877 move some --with options around change a bunch of echo's to
17878 AC_MSG_CHECKING, AC_MSG_RESULT pairs
17882 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
17883 syntax error add some echo verbage
17886 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
17889 moved SecureWare stuff into secureware.c
17897 update url to solaris gcc bins
17901 change option formatter and flesh out someentries
17904 * TROUBLESHOOTING, sudo.pod, visudo.pod:
17905 environmental variable -> environment variable
17909 everything is now done via configure
17917 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
17921 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
17925 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
17926 sudoers_mode from configure
17930 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
17931 the Makefile, not config.h
17935 document all --with/--enable options
17938 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
17941 options.h is no more
17945 assimilated options.h
17949 moved options from options.h to configure
17952 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
17953 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
17954 sudo_setenv.c, visudo.c:
17958 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
17959 remove references to options.h
17962 * dce_pwent.c, interfaces.c, sudo.c:
17967 if select return < -1 still prompt for pw
17971 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
17976 FAST_MATCH is no longer an optino
17980 remove_timestamp() if timestamp is preposterous
17984 convert more options to --with/--enable
17987 * INSTALL, aclocal.m4:
17992 convert more options into --with and --enable
17996 catch EINTR in select and restart
18003 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
18006 UMASK -> SUDO_UMASK.
18009 * check.c, logging.c:
18010 time.h, not sys/time.h
18013 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
18016 MAILER -> _PATH_SENDMAIL
18019 * INSTALL, configure.in:
18020 no more --with-C2, now it is --disable-shadow
18023 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
18024 getspwuid.c, sudo.c, tgetpass.c:
18025 new shadow password scheme. Always include shadow support if the
18026 platform supports it and the user did not disable it via configure
18029 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
18032 --with-getpass -> --{enable,disable}-tgetpass
18036 pathnames.h -> pathnames.h.in
18044 move pam_conv to be static to auth function remove pam_misc.h
18045 (solaris doesn't have one)
18049 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
18053 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
18057 convert to pathnames.h.in
18060 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
18063 fix typo in sysv4 matching case /.
18066 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
18069 pam stuff needs to run as root, not user, for shadow passwords
18072 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
18074 * BUGS, INSTALL, README, configure.in:
18078 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
18079 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
18080 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
18081 logging.c, options.h, parse.c, parse.lex, parse.yacc,
18082 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
18083 testsudoers.c, tgetpass.c, utime.c, visudo.c:
18088 user version.h for long message
18092 this is version 1.5.6
18095 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
18098 remove errant backslash
18101 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
18103 * options.h, parse.yacc, pathnames.h.in:
18105 [fdee73255d64] [SUDO_1_5_6]
18107 * BUGS, CHANGES, TODO:
18115 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
18118 kill unused localhost_mask var copy if name to ifr_tmp after we zero
18122 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
18125 Better description of new vs. old sudoers modes fix some typos
18126 better description of /usr/ucb/cc gotchas on slowaris
18134 set NewArgv[0] to user_shell, not basename(user_shell)
18137 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
18140 mention TROUBLESHOOTING more fix some typos
18144 move --enable/--disable to be after --with
18148 document --enable/--disable
18152 document --with-pam
18155 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
18158 Add message for pam users
18169 * check.c, config.h.in, configure.in:
18170 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
18173 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
18176 add HOST_IN_LOG and WRAP_LOG
18180 add WRAP_LOG and HOST_IN_LOG
18184 add --enable-log-host and --enable-log-wrap
18188 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
18191 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
18198 include sys/param.h to get howmany macro
18201 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
18203 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
18207 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
18210 bring in stdio.h for NULL
18214 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
18218 use HAVE_SET_AUTH_PARAMETERS
18222 add HAVE_SET_AUTH_PARAMETERS
18226 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
18230 add support for HI-UX/MPP SR220001 02-03 0 SR2201
18234 initialize previfname
18238 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
18239 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
18248 don't need special build line for sudo.tab.o
18252 don't clean sudo.tab.[ch]
18256 Sudo should prompt for a password before telling the user that a
18257 command could not be found.
18265 no longer require yacc
18273 y.tab -> sudo.tab include pre-yacc'd parse.yacc
18277 include sudo.tab.h, not y.tab.h don't break out of command args if
18285 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
18294 getcwd(3) from OpenBSD for those without it.
18298 HAVE_GETWD -> HAVE_GETCWD
18302 pretend sunos doesn't have getcwd(3) since it opens a pipe to
18311 remove duplicate include of string.h
18315 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
18319 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
18323 add dev_t and ino_t
18326 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
18329 fix OTP_ONLY for opie
18332 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
18334 * testsudoers.c, tgetpass.c:
18335 include stdlib.h for malloc proto
18338 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
18341 make update_version saner
18345 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
18349 check for waitpid and wait3 or no waitpid
18353 used waitpid or wait3 if we have 'em
18356 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
18359 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
18362 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
18365 don't need to explicately mention -lsocket -lnsl for sequent
18368 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
18371 dynix should not link with -linet
18374 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
18377 mention that HP-UX doesn't ship with yacc
18380 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
18383 ignore kerberos if we can't get the local realm
18386 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
18388 * BUGS, INSTALL, README, configure.in:
18396 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
18397 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
18398 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
18399 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
18408 don't use popen/pclose. Do it inline.
18419 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
18420 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
18425 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
18430 getwd.c -> getcwd.c
18442 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
18446 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
18448 * OPTIONS, options.h:
18449 add STUB_LOAD_INTERFACES
18452 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
18453 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
18454 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
18455 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
18456 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
18457 testsudoers.c, tgetpass.c, utime.c, visudo.c:
18462 support *-ccur-sysv4 and fix two typos
18465 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
18468 don't echo about with_logfile and with_timedir
18472 document --with-logfile and --with-timedir
18476 support --with-logfile and --with-timedir
18480 Add --with-logfile and --with-timedir
18484 change size computation of NewArgv for UNICOS
18487 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
18490 treate -*-sysv4* like *-*-svr4
18493 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
18496 fix spacing for --with-authenticate help
18499 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
18500 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
18501 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
18502 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
18503 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
18504 testsudoers.c, tgetpass.c, utime.c, visudo.c:
18509 fix off by one error in push macro
18512 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
18515 removed bogus alloca hack
18519 added AIX 4.x authenticate() support
18523 include alloca.h if using bison and not gcc and it exists. fixes an
18524 alloca problem on hpux 10.x
18528 mention --with-authenticate
18532 added AIX authenticate() support
18536 add HAVE_AUTHENTICATE
18540 dynamically size ifconf buffer
18547 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
18548 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
18549 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
18550 logging.c, options.h, parse.c, parse.lex, parse.yacc,
18551 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
18552 testsudoers.c, tgetpass.c, utime.c, visudo.c:
18560 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
18563 add busy stmp file explanation
18566 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
18569 the name of the cached var that signals whether or not you are cross
18570 compiling changed. It is now ac_cv_prog_cc_cross
18573 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
18576 mention glibc 2.07 is fixed wrt lsearch()\.
18579 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
18581 * sample.sudoers, sudoers.pod:
18582 better example of su but not root su
18585 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
18587 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
18588 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
18589 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
18590 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
18591 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
18592 testsudoers.c, tgetpass.c, utime.c, visudo.c:
18597 correct regexp for updating version
18601 remove bogus flush of stderr spew prompt before turning off echo.
18602 Seems to fix a weird problem where if sudo complained about a bogus
18603 stamp file the user would sometimes not have a chance to enter a
18608 fix bogus flush of stderr
18612 close fd's <=2 not <=3 and move that chunk of code up
18616 support hpux1[0-9] not just hpux10
18619 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
18622 set sudoers_fp to nil after closing
18625 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
18627 * config.guess, config.sub:
18628 updated from autoconf 2.12
18635 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
18638 fix select usage for high fd's (dynamically allocate readfds)
18642 kill extra whitespace
18646 do an initgroups() before running a command, unless the target user
18650 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
18653 tell people to use tabs, not spaces, in syslog.conf
18656 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
18658 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
18659 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
18663 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
18664 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
18668 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
18669 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
18674 more tweaks to update_version
18678 fixed up update_version rule
18686 removed supe of check.c
18697 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
18698 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
18699 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
18700 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
18701 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
18702 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
18712 add rules to update version stuff in files so I don't need to do it
18717 sudoers_fp is now extern
18721 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
18722 don't have to open it again in the parse. This may help with weird
18723 solaris problems where EAGAIN sometime occurrs.
18727 sudoers file open is now done only in check_sudoers() so we just do
18728 a rewind() instead of an open. May help people on solaris who were
18732 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
18735 mention that newer glibc is fixed
18738 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
18741 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
18742 _RLD* instead of _RLD_*
18750 fix that bug for real
18754 document Linux's libc6 brokenness.
18763 [4949a1bbd0a9] [SUDO_1_5_4]
18766 remind people to HUP syslogd
18782 remove author's email addr. people should mail sudo-bugs
18789 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
18790 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
18791 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
18792 logging.c, options.h, parse.c, parse.lex, parse.yacc,
18793 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
18794 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
18802 * INSTALL, Makefile.in:
18811 exit(1) if user enters no passwd
18819 commands can start with ./* not just /* -- fixes a serious security
18823 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
18826 Don't set the tty variable to NULL when we lack a tty, leave it as
18830 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
18833 fix usage of (username) in conjunction with , and !
18837 catch the case where the user is not in the passwd file
18841 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
18846 define tty global to an initial value to avoid dumping core in
18847 logging functions when passwd file is unavailable.
18851 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
18856 talk about problem of ALL
18859 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
18866 fdesc bug is fixed in Open/Net BSD
18870 updates from Nieusma
18873 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
18876 move compat.h after the system includes
18879 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
18882 save errno from being clobbered by wait(). From Theo
18885 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
18888 fix an occurence of setresuid -> setreuid (typo)
18891 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
18894 check for path to strip
18897 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
18900 deal with maxfilelen < 0 case
18907 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
18910 correct error message if mode/owner wrong and not statable by owner
18911 but is statable by root.
18914 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
18916 * config.guess, config.sub:
18920 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
18922 * CHANGES, RUNSON, TODO:
18926 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
18928 * parse.yacc, sudo.h:
18929 command_alias -> generic_alias
18930 [c404ca8c510d] [SUDO_1_5_3]
18933 added Runas_Alias example and fixed syntax errors
18936 * OPTIONS, options.h:
18937 updated MAILSUBJECT
18944 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
18945 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
18946 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
18947 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
18948 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
18949 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
18954 * BUGS, emul/utime.h:
18959 document Runas_Alias
18967 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
18972 add size params to sprintf
18976 allow trailing space after '\\' but before '\n'
18980 off by one error in path size check
18987 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
18994 now warns if killed by signal ./
18997 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
19000 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
19005 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
19009 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
19013 Add Runas_Alias and simplify a rule.
19017 always store User_Alias's since they can be used inside of a runas
19018 list. Sigh. Really need a Runas_Alias instead.
19021 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
19024 deal with case where there is no sudoers file
19027 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
19033 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
19035 * HISTORY, testsudoers.c:
19036 developement -> development
19051 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
19054 removed seteuid() notes
19055 [1010a60f281d] [SUDO_1_5_2]
19057 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
19060 better seteuid() emulatino
19064 added check for seteuid
19071 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
19074 first stab at sequent support
19078 added HAVE_SYS_SELECT_H
19082 sequent -> _SEQUENT_
19086 added seteuid() macro for DYNIX
19090 _AIX -> HAVE_SYS_SELECT_H
19093 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
19095 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
19096 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
19097 testsudoers.c, tgetpass.c, utime.c, visudo.c:
19101 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
19102 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
19103 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
19104 pathnames.h.in, version.h:
19109 added -H and SUDO_PS1
19113 use SUDO_FUNC_FNMATCH
19117 added SUDO_FUNC_FNMATCH
19125 added MODE_RESET_HOME /
19128 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
19142 * compat.h, config.h.in:
19147 added HAVE_OPIE and changed to *_OTP_*
19154 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
19157 moved fclose() in skey stuff.
19160 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
19163 index -> strchr remove unnecesary stuff
19167 now call skeychallenge() to get challenge instead of making one up
19168 ourselves. this way, we get extra goodies in the prompt.
19171 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
19175 [3f5149357e2a] [SUDO_1_5_1]
19178 allow logins to start with a number (YUCK!)
19181 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
19184 added soalris 2.5 vs 2.4 note
19188 DUNIX doesn't need -lnsl
19192 *** empty log message ***
19195 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
19196 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
19197 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
19198 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
19199 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
19200 utime.c, version.h, visudo.c:
19204 * PORTING, README, RUNSON:
19208 * INSTALL, Makefile.in, TROUBLESHOOTING:
19213 *** empty log message ***
19216 * sudo.pod, visudo.pod:
19220 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
19226 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
19229 added $SUDO_PROMPT support
19232 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
19235 print long skey challemged to stderr, not stdout
19238 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
19248 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
19254 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
19257 use shost, not host for tgetpass
19261 documented %u and %h
19265 documented %u and %h
19272 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
19273 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
19274 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
19275 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
19276 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
19277 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
19285 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
19287 * Makefile.in, configure.in, version.h:
19292 new tgetpass() params
19296 pass use and host to tgetpass
19300 added %u and %h escapes
19303 * OPTIONS, check.c, options.h:
19308 added cray (unicos) support
19311 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
19313 * OPTIONS, options.h, sudo.c:
19314 added SHELL_SETS_HOME
19317 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
19320 added note about "make install"
19324 changed length/size params from int to size_t
19328 now get CSOPS insults as well by default
19332 use csops insults too by default
19335 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
19340 added runas_homedir
19356 added "upgrading" notes
19359 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
19362 now do chmod and chown after edit of temp file and before rename
19363 [de174e34faa7] [SUDO_1_5_0]
19365 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
19368 ++version added INSTALL.configure
19371 * configure.in, version.h:
19376 *** empty log message ***
19384 sets $HOME to pw_dir of runas user
19388 document $HOME change
19391 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
19394 fixed up some wording
19397 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
19398 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
19399 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19404 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
19405 insults.h, options.h, pathnames.h.in, sudo.h:
19414 name nad type changes
19418 now works with new sudo
19426 some variable name changes + comment headers for functions.
19430 added extra paren's to make compilers happy
19434 *** empty log message ***
19438 now uses init_parser() if not in sudoers and tries "list" or
19439 "validate" scold but don't be nasty.
19443 now can use upper case login names
19447 now uses init_parser()
19455 added info about PASSWORD_TIMEOUT
19458 * INSTALL.configure:
19467 now dynamically allocates memory for the stacks -- no more
19472 -l now explands command aliases
19476 hacks to expand command aliases for `sudo -l'
19480 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
19484 added struct command_alias
19492 in compar() key should be first arg
19495 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
19502 can now deal with upcase HOST and USER names
19506 don't yell too loudly at non-sudoers if they do "sudo -l"
19517 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
19519 * parse.c, parse.yacc:
19520 added support for new `sudo -l' stuff
19524 now uses list_matches()
19528 added struct sudo_match
19532 now more -lgnumalloc
19535 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
19538 added more paths for chown and whoami
19541 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
19547 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
19550 fixed DUNIX check for shadow pw
19554 now only turn off echo if it is already on. this fixes a race when
19555 you use sudo in a pipelin
19563 changed "test -z $foo && do_this" to if; then construct
19566 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
19569 added missing defines of SHADOW_TYPE
19572 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
19575 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
19580 added AUTH_CRYPT_C1CRYPT support
19584 no longer return VALIDATE_NOT_OK if there was a runas that didn't
19585 match. Now we can have runas stuff on more than one line.
19588 * getspwuid.c, sudo.c, tgetpass.c:
19589 use SHADOW_TYPE instead of HAVE_C2_SECURITY
19593 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
19598 removed HAVE_C2_SECURITY added SPW_BSD
19602 use SHADOW_TYPE instead of HAVE_C2_SECURITY
19606 SHADOW_TYPE is always defined so just against its value
19610 added SUDO_CHECK_SHADOW_DUNIX
19613 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
19616 * -> ?* in one example added another instance of (runas) and one of
19620 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
19623 added back check for config.cache from other host type
19627 removed an instance of \"
19635 updated wrt new wildcard matching
19639 new check for shadow passwords if we don't know anything
19643 new SUDO_CHECK_SHADOW_GENERIC
19647 added back check for -lsocket (oops)
19651 better (working) check for shadow passwd type if we know to use C2.
19655 now uses AC_CANONICAL_HOST to figure out os type
19659 added config.{guess,sub}
19663 removed unused stuff to figure out os type
19679 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
19680 pathname. need to check against sudoers_args even if user_args is
19685 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
19686 pathname need to check against sudoers_args even if user_args is nil
19689 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
19692 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
19696 now takes command line args and uses cmnd_args
19700 fill_args was adding an extra leading space
19703 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
19706 fixed dummy command_matches()
19718 now uses flat args string
19721 * parse.c, parse.lex:
19722 now uses flat arg string
19726 added cmnd_args def
19730 now sets cmnd_args global
19734 cmnd_args is now exported from sudo.[ch]
19737 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
19740 can't rely on cmnd_matches as much as I thought -- added some $$
19741 stuff back in to prevent namespace pollution problems.
19745 Simplified parse rules wrt runas and NOPASSWD (more consistent).
19748 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
19751 NOPASSWD may now have blanks before the ':' '(' only starts a
19752 'runas' if in the initial state to avoid collision with command args
19756 added checks for specific shadow passwd schemes
19760 added routines to check for specific shadow passwd types
19763 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
19766 added support for ncr boxen
19770 added support for detecting ncr boxen
19773 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
19776 added sinix support
19779 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
19782 added info about "config.cache from other other" error.
19786 now makes sure you don't have a config.cache file from another OS
19790 now sets $LIBS when needed to configure links with libs when doing
19791 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
19792 bigcrypt(3) if SPW_SECUREWARE
19800 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
19808 no more SPW_HPUX10 added HAVE_BIGCRYPT
19812 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
19816 SPW_SECUREWARE now uses bigcrypt
19819 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
19822 fixed 2 syntax errors
19826 root may now run ALL as ALL
19829 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
19832 fixed a typo/thinko that broke BSD's with sa_len
19835 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
19837 * check.c, configure.in:
19838 updated AFS support
19842 added entry about /usr/ucb/cc
19846 prep no longer holds gcc binaries
19858 AFS allows long passwords
19862 fixed -u user support
19866 sudo -v now groks VALIDATE_OK_NOPASS
19870 fixed no_passwd vs. runas_matched
19874 took out stuff about NFS-mounting since it is no longer an issue
19878 added --with-libraries > --with-libpath --with-incpath
19882 was setting runas_matches to -1 in wrong place
19886 removed usersec.h which is not present in new AFS versions
19890 now deals with timeout <= 0
19898 BSD/OS >= 2.0 now uses shlicc instead of just gcc
19902 fixed backwards compatibility with sudo 1.4 sudoers mode for root
19903 readable/writable filesystems
19907 now gives INSTALL -c flag
19911 slightly simpler initialization of no_passwd and runas_matches
19915 added -u username support
19919 improved --with-libraries support
19922 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
19925 added --with-incpath, --with-libpath, --with-libraries
19929 now initializes some fields that weren't getting set to -1 pretty
19930 gross -- need a rewrite.
19933 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
19940 no longer add -lPW to *_LIBS since we include alloca.c
19944 added HAVE_ALLOCA_H
19959 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
19962 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
19963 not always set to a valid uid.
19967 fixed entry for SUDO_MODE
19971 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
19972 being set to -2. Now beat NFS to the punch and set uid to "nobody"
19973 ourselves, preserving group 0 to read sudoers.
19977 moved set_perms(PERM_ROOT) to be before yyparse()
19985 no longer need AC_PROG_INSTALL
19989 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
19993 make clean -> make distclean
19996 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
19999 removed some unnecsary if's
20002 * Makefile.in, version.h:
20006 * parse.c, testsudoers.c:
20007 now includes netgroup.h
20011 removed cats of ioctl to int since they didn't shut up -Wall
20015 explicately cast ioctl() to int since it it not always declared
20019 added declarations for yyparse() and yylex()
20023 fixed an occurence of '==' -> '='
20026 * config.h.in, configure.in:
20027 added check for netgroup.h
20031 fixed 2 compiler warnings
20035 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
20039 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
20045 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
20048 fixed a formatting thingie
20051 * parse.c, parse.yacc:
20052 fixed -u support with multiple user lists on a line
20056 unixware needs -lgen
20060 updated ftp location
20064 add net_addr/netmask support
20068 added net_addr/mask example
20071 * parse.c, parse.lex:
20072 added support for net_addr/netmask
20075 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
20081 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
20091 * BUGS, TODO, TROUBLESHOOTING:
20096 updated with examples of new stuff
20104 updated wrt -u and NOPASSWD
20108 updated wrt -u and CAVEATS
20111 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
20118 now use :foo: character classes (makes no diff for generated lexer)
20121 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
20124 fixed LONG_SKEY_PROMPT stuff
20127 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
20134 make more like NetBSD one -- now compiles w/o warnings
20138 fixed decls of lsearch()
20141 * config.h.in, configure.in, getspwuid.c:
20146 hpux 10 uses bigcrypt() if C2
20149 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
20152 now always uses fnmatch to match args
20156 back to using stdio instead of raw i/o since that caused some
20160 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
20163 now give usage warning if use -l,-v,-k with args
20166 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
20169 NewArgc is now set to 1 for -l, -v, -k
20173 now sets sudoers to correct group if mode is 0400
20177 updated to version used by inn and bind
20181 now uses -lgnumalloc if it exists
20185 "make install" now sets uid/gid and mode on sudoers if it exists
20189 rmeoved debugging statements
20193 added a missing free()
20197 now uses user_gid instead of getegid (which was wrong anyway) to set
20198 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
20199 (logging.c depends on args being in the environment)
20203 now uses SUDO_COMMAND envariable to get command args rather than
20204 building it up again.
20212 fixed off by one error in allocation NewArgv
20216 in sudoers, 'command ""' now means command with no args
20220 added check for fnmatch(3) and fnmatch.h
20228 replaced wildcat.* with fnmatch.*
20235 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
20238 now uses fnmatch() instead of wildmat a trailing star (*) by itself
20239 now matches multiple args added support for wildcards in the
20240 pathname in sudoers
20243 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
20246 now includes compat.h and config.h
20250 added HAVE_FNMATCH_H
20254 now checks for alloca() (if needed by bison or dce) and links with
20255 -lPW if it contains alloca() and libv and compiler do not.
20258 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
20262 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
20265 now fixes mode on sudoers if set to 0400 to aid in upgrade
20268 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
20271 fixed pod2man usage
20274 * Makefile.in, configure.in, version.h:
20278 * testsudoers.c, visudo.c:
20279 runas_user is now initialized to "root"
20283 removed PERM_FULL_ROOT
20287 runas_user defaults to "root" so no more need to PERM_RUNAS
20291 will now only running commands as root if there was no runas list
20292 (or if root is in the runas list)
20300 runas_matches is now set to false if we get a negative match
20304 make #uid work + some minor cleanup
20308 added support for NOPASSWD and "runas" from garp@opustel.com /
20312 added support for "runas" from garp@opustel.com replaced
20313 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
20318 added support for "runas" from garp@opustel.com
20322 added support for NO_PASSWD and runas from garp@opustel.com replaced
20323 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
20328 added support for NO_PASSWD and runas from garp@opustel.com replaced
20329 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
20334 added support for NO_PASSWD and runas from garp@opustel.com
20337 * parse.c, parse.lex:
20338 added support for NO_PASSWD and runas from garp@opustel.com
20342 added support for SUDOERS_WRONG_MODE and "runas"
20346 added --with-CC only link with -lshadow on linux (with shadow pw) if
20347 libc lacks getspnam()
20350 * OPTIONS, options.h:
20351 removed NO_PASSWD since it is not possible to do this in the sudoers
20352 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
20353 SUDOERS_GID. Added SUDOERS_MODE.
20357 now uses SUDOERS_UID and SUDOERS_GID
20360 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
20366 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
20369 added double quote support
20373 documented double quoting
20376 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
20383 fixed some indentation
20391 added install-dirs .
20394 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
20397 new version from "Jeff A. Earickson" <jaearick@colby.edu>
20400 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
20403 $CSOPS -> $with_csops (whoops, missed one)
20411 FQHOST now has same constraints as non-FQHOST
20415 added note about OS's w/ shadow passwords turned on by default
20418 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
20425 added support for --without-THING sanitized shadow pw situtation by
20431 fixed a typo wrt placement of an end paren
20435 was closing an fd that may not have been opened
20438 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
20440 * OPTIONS, options.h, sudo.c:
20444 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
20447 now always use shadow pw on some arches
20450 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
20453 added pyramid support
20457 no longer check for C2 if alternate passwd method is used no longer
20458 check for some libs twice
20462 moved fqdn stuff into parse.lex (FQHOST)
20470 now define TCSASOFT in necesary
20474 now uses read/write instead of stdio string goop to avoid problems
20478 * OPTIONS, find_path.c, options.h:
20479 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
20482 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
20485 added note about no shadow auto-detect if using alternate auth
20490 don't check for C2 if AFS or DCE (unless they said --with-C2)
20497 * OPTIONS, find_path.c, options.h:
20501 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
20504 checkdot now works correctly
20507 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
20510 can't have DCE and C2 passwords both...
20513 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
20515 * parse.yacc, sudo.c, sudo.h, visudo.c:
20516 now uses shost even if not FQDN
20520 now looks for skey in /usr/lib and doesn't require libskey to be in
20521 /usr/local/lib just because skey.h is (for my netbsd box :-)
20524 * aclocal.m4, config.h.in, pathnames.h.in:
20525 _SUDO_PATH_ -> _CONFIG_PATH_
20528 * aclocal.m4, sudo.pod:
20529 /var/run/.odus -> /var/run/sudo
20533 now uses _SUDO_PATH_TIMEDIR
20540 * aclocal.m4, configure.in:
20545 added _SUDO_PATH_TIMEDIR
20549 updated wrt /var/run/sudo
20553 added support for shost if FQDN
20556 * parse.yacc, visudo.c:
20557 now uses shost if FQDN
20561 Now use skeylookup() instead off skeychallenge()
20564 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
20567 mail_argv should not contain ALERTMAIL as it includes "-t"
20570 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
20572 * INSTALL, Makefile.in, README, configure.in, version.h:
20577 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
20581 now includes limits.h moved _PASSWD_LEN -> compat.h
20584 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
20602 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
20609 done for 1.4.1 (I hope)
20613 added info on wildcards
20617 added wildcard example
20621 now uses *.pod to build *.man and *.cat & *.html
20625 addedSUDO_PROG_BSHELL !ll
20629 fixed up some formatting
20633 redid section describing sample sudoers stuff
20637 fixed some formatting
20641 now treats "" as bourne shell
20645 TESTOBJS nwo includes wildmat.o
20649 now works with NewArg[cv]
20653 removed an XXX (fixed it in getspwuid.c)
20657 added check for bourne shell
20665 added _SUDO_PATH_BSHELL
20668 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
20671 unixware vi returns 256 instead of 0
20679 fixed up some XXX's. file log format now looks a little more like
20680 real syslog(3) format.
20683 * README, TROUBLESHOOTING:
20684 updated wrt lex/flex
20688 commented out rule to build lex.yy.c from parse.lex since we ship
20689 with a pre-flex'd parser
20692 * parse.c, parse.yacc, visudo.c:
20693 path_matches -> command_matches
20697 eliminated some strcat()'s
20701 no longer checks for lex/flex (now assumes flex)
20705 now checks for $kerb_dir_candidate/krb.h instead of just
20709 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
20712 now use a 'hook' expression instead of an iffy one :-)
20715 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
20718 now works with new sudo arg stuff
20722 fixed dereferencing deadbeef
20726 changed an occurrence of Argv to NewArgv
20730 took out support for quoted commands since there is no need...
20734 fixed a typo in a for() loop
20738 protected against dereferencing rogue pointers
20742 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
20743 also allows us to eliminate some kludges in parse_args() and
20744 eliminate superfluous code.
20748 no longer uses cmnd_args, now uses NewArgv instead.
20752 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
20757 added wildmat.c to SRCS & SUDOBJS
20761 COMMAND is now a struct containing the path and args
20765 replaced append() with fill_cmnd() and fill_args. command args from
20766 a sudoers entry are now stored in an arrary for easy matching.
20770 command line args from sudoers file are now in an array like ones
20771 passed in from the command line
20774 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
20777 wildwat stuff now works
20780 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
20787 ++version added wildmat.*
20790 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
20793 added support for quoted commands (w/ or w/o args)
20796 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
20798 * sudo.pod, visudo.pod:
20799 cleaned up formatting
20802 * sudo.pod, visudo.pod:
20806 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
20809 looks reasonable, could be mroe readable
20816 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
20823 updated NO_ROOT_SUDO entry
20826 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
20829 *** empty log message ***
20830 [5b63de579ff7] [SUDO_1_4_0]
20841 AIX aixcrypt.exp now uses $(srcdir)
20845 added entry for anal ansi compilers
20848 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
20851 added info on libcrypt_i for SCO
20855 *** empty log message ***
20870 * INSTALL, OPTIONS, README, config.h.in, configure.in:
20875 ++version and fixed ISC
20878 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
20879 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
20880 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
20881 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
20887 added STUB_LOAD_INTERFACES ++version
20890 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
20896 added info about fd_set in tgetpass added info on interfaces.c
20899 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
20910 tgetpass.o is now only linked in with sudo (not visudo)
20913 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
20915 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
20921 added copyright notice
20924 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
20925 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20926 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
20927 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
20928 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
20933 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
20937 ISC now gets -lcrypt now check for sys/bsdtypes.h
20941 added check for sys/bsdtypes.h
20944 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
20947 removed debugging stuff (setting freed ptr to NULL)
20959 added section on syslog
20963 added AC_ISC_POSIX for better ISC support
20971 added define for _POSIX_SOURCE
20974 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
20977 fixed check for lsearch()
20980 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
20983 fixed for AIX now deal if num_interfaces == 0 (should not happen)
20986 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
20989 now only define HAVE_LSEARCH if there is a corresponding search.h
20996 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
20999 now define HAVE_LSEARCH if we find lsearch() in libcompat
21003 char * -> const char *
21007 now looks in -lcompat for lsearch()
21011 remove sudo.core visudo.core for clan target
21015 added UID_MAX support in check for MAX_UID_T_LEN
21019 fixed another occurence of sudo_getpwuid.*
21022 * Makefile.in, getspwuid.c:
21023 sudo_getpwuid.c -> getspwuid.c
21030 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
21031 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
21032 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
21033 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
21034 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
21035 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
21036 version.h, visudo.c:
21041 added group support
21049 documented group support
21052 * parse.c, parse.lex, parse.yacc, visudo.c:
21053 added group support
21056 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
21059 tkfile was too short and overflowed the kerberos realm
21062 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
21065 now copy command args directly from Argv
21069 replaced code to copy cmnd_args so that is does not use realloc
21070 since most realloc()'s really stink
21073 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
21076 syslog() fixed in hpux 10.01
21079 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
21082 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
21086 better error if cannot find skey incs or libs
21090 now use a temp file for determining max len of uid_t in string form.
21091 the old hacky way broke on netbsd
21095 added set of parens and a space
21098 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
21101 fixes from Jeff Earickson <jaearick@colby.edu> ,
21109 fixed up testsudoers target
21113 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
21114 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
21118 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
21122 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
21125 fix for C2 on hpux 10 now uses -linet if it exists
21129 LONG_SKEY_PROMPT is less of a klusge /
21133 fixed typos w/ dce stuff
21140 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
21143 amended section on combining authentication mechanisms
21147 minor updates for 1.3.6
21151 added 2 more entries
21163 rewrote for sudo 1.3.6
21170 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
21172 * find_path.c, getspwuid.c, sudo.c:
21173 added explict casts for strdup since many includes don't prototype
21178 removed prototype for sudo_getpwuid() since convex C compiler choked
21183 added prototype for sudo_getpwuid()
21187 now compiles on strict ANSI compilers
21191 added LONG_SKEY_PROMPT support
21195 added extra $'s for make to eat up, yum.
21198 * OPTIONS, options.h:
21199 added LONG_SKEY_PROMPT
21202 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
21205 s/key support now works with normal s/key as well as logdaemon
21208 * OPTIONS, options.h:
21213 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
21217 added DCE note added more AIX notes
21221 now include pthread.h for DCE support
21225 dce_pwent() is ok after all .,
21229 now uses SYSLOG() macro that equates to either syslog() or
21234 minor formatting changes. renamed check() to somthing less generic
21237 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
21239 now uses user_pw_ent and simple macros to get at the contents
21242 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
21245 simpler dec unix C2 support
21249 now sets crypt_type for DEC unix C2
21252 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
21255 added csops paths for skey
21259 now includes string.h for strdup() prototype
21267 now includes skey.h
21275 moved a lot of the shadow passwd crap to sudo_getpwuid()
21279 now uses sudo_pw_ent
21283 now uses sudo_pw_ent
21287 now sets sudo_pw_ent
21295 moved dce stuff into compat.h
21298 * logging.c, sudo.h:
21299 now uses sudo_pw_ent
21303 added sudo_getpwuid.c
21311 now uses sudo_pw_ent
21314 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
21317 fixed exempt_group stuff for OS's that don't put base gid in group
21322 S/Key support now works with sunos4 shadow passwords
21329 * config.h.in, configure.in:
21338 first stab at dce support
21342 now smells like sudo
21350 skey'd sudo now works w/ normal password as well
21353 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
21355 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
21356 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
21357 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
21358 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
21359 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
21360 version.h, visudo.c:
21361 updated version number
21365 updated to reflect version change
21369 --with options now line up ++version
21373 removed unecesary S/Key stuff
21377 fixed S/Key support
21381 -I stuff now goes in CPPFLAGS
21393 fixed description of EXEMPTGROUP
21397 more people use _RLD_ than just alphas...
21401 replaced $man_prefix with $mandir
21409 now use more GNU'ish dir names
21413 now set *dir correctly (can override from command line)
21417 now deal with situations where we getwd() fails
21420 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
21423 added etc_dir, bin_dir, sbin_dir
21431 now ship a flex-generated lex.yy.c
21435 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
21439 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
21443 no more error for redefining SUDOERS_OWNER
21447 expanded SUDOERS_OWNER section
21450 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
21453 now warn if chown(2) failed
21457 better default warning for NO_SUDOERS_FILE
21461 added missing set_perms() no more cryptic message if the sudoers
21462 file is zero length, now just give a parse error
21466 better diagnostics if NO_SUDOERS_FILE
21470 check_sudoers() now catches sudoers files that are not readable (but
21474 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
21477 now add -D__STDC__ for convex cc (not gcc)
21481 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
21485 now uses exec_prefix & prefix from configure
21488 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
21489 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
21491 options.h is now <> instead of "" so shadow build trees can have a
21492 custom copy of options.h
21496 user_is_exempt() is no longer a hack, it now uses getgrnam()
21500 EXEMPTGROUP is now "sudo"
21504 MAN_POSTINSTALL now contains a leading space
21508 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
21509 testsudoers in clean:
21513 includes pwd.h to get _PASSWD_LEN definition
21516 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
21519 unset the KRB_CONF envariable if using kerberos so we don't get
21520 spoofed into using a bogus server
21523 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
21526 now explicately initialize match[] tp be FALSE
21529 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
21532 removed unused variable now passes -Wall
21536 yyerror and dumpaliases are now void's now passes -Wall
21540 added prototype for yyerror
21543 * check.c, logging.c, parse.c:
21548 rmeoved unused cruft now passes -Wall
21552 fixed headers that moved to emul dir
21556 fixed deref of nil pointer if no args
21559 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
21562 added a caveat to FQDN section
21565 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
21568 more $srcdir support for install targets
21571 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
21572 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
21573 don't include malloc.h if we include stdlib.h
21577 local search.h now lives in emul
21580 * check.c, utime.c:
21581 local utime.h now lives in emul dir
21585 local search.h now lives in emul
21589 added support for building in other than the sourcedir
21592 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
21595 annotated CSOPS_INSULTS option
21599 updated shadow passwords blurb
21603 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
21604 passes along foo as the arguments
21607 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
21610 collapsed pathname and dir sections into one -- its now less
21615 fixed spacing quoting [,:\\=] now works correctly append() and
21616 fill() now take args to make the above work
21620 fixed a typo that caused commands with no tty on fd 0 but a tty on
21621 fd 1 to erroneously have "none" as their tty
21624 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
21627 timestampfile is now a global static removed decl of timestampfile
21628 in remove_timestamp since we can just use the global one
21632 created touch() to update timestamps added USE_TTY_TICKETS support
21637 added _S_IFDIR and S_ISDIR
21640 * OPTIONS, options.h:
21641 added USE_TTY_TICKETS
21645 removed const from casts for lsearch() & lfind() to placate irix 4.x
21649 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
21652 now only strip '/dev/' off of a tty if it starts with '/dev/'
21660 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
21665 fixed incorrect #ifdef termio uses "unsigned short" not int for
21669 * parse.lex, parse.yacc:
21670 fixed a spelling error
21677 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
21684 added dotcat() to cat 2 strings w/ a dot effeciently now that we
21685 dynamically allocate strings they need to be free()'d
21689 dynamically allocates space for strings
21693 no more MAXCOMMANDLENGTH
21700 * logging.c, sudo.c:
21701 moved tty stuff into sudo.c
21704 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
21707 fixed a logic bug. Was denying a command if user gave command line
21708 args but there were none in the sudoers file which is wrong.
21712 MAXCOMMMANDLEN dropped down to 1K
21716 return foo; -> return(foo);
21720 fixed netgr_matches() prototype
21724 added support for escaping "termination" characters
21728 buf is now of size MAXPATHLEN+1 since it never holds command args
21736 fixed negation problem (doh!)
21740 fixed 2nd parameter to lfind()
21744 now do bounds checking in fill() and append()
21748 include netdb.h as we should added a missing void cast added
21749 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
21750 realloc actually moved the string instead of shrinking it
21754 updated with examples of new features
21758 now set errno to EACCES if not a regular file or not executable
21762 if given a fully-qualified or relative path we now check it with
21763 sudo_goodpath() and error out with the appropriate error message if
21764 the file does not exist or is not executable
21767 * emul/search.h, lsearch.c:
21768 now use correct args for lfind
21776 added in CSOps insults
21788 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
21792 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
21796 fixed -k load_interfaces() now gets called if FQDN is set
21797 -p now works with -s
21801 don't try to stat() "pseudo commands" like "validate"
21805 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
21809 added SecurID support added other insults to --with-csops
21817 added clobber target added ins_csops.h now gets CFLAGS from
21822 relaxed SUDO_FULL_VOID
21826 function comment blocks are now in same style as rest of code
21830 added support for command line args in /etc/sudoers
21834 updated to have command args in the sudoers file
21838 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
21841 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
21844 PATH renamed to COMMAND
21848 it is now a parse error for directories to have args attached to
21853 now say command args if telling user to buzz off
21857 -s no longer indicates end of args sped up loading on cmnd_args in
21862 removed an unreachable statement
21866 made more efficient by pulling out the terminators when in GOTCMND
21867 state and making them their own rule
21870 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
21873 removed MAXLOGLEN since it is no longer used
21877 now allows command args
21881 now groks command arguments
21885 now sets tty correctly when piped input
21889 fixed loading of cmnd_args (was including command name too)
21893 fixed a core dump due to incorrect if construct
21896 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
21899 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
21903 fixed check for ISC
21907 now sets cmnd_args used by log_error() and that will be used by the
21908 parse to check against command args
21916 now dynamically allocate logline since we can guess at its size
21919 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
21922 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
21923 "register" since the compiler knows more than I do now do a
21924 "basename" of the tty
21927 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
21934 added shell extern changed MODE_* to be bit masks to allow for
21935 several options together
21939 added -s (shell) option made MODE_* masks so we can do bitwise & and
21940 | to see if multiple flags are set.
21944 added securid support
21947 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
21950 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
21953 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
21955 * Makefile.in, version.h:
21959 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
21962 fixed free() of an uninitialized pointer (yuck)
21966 added netgr_matches
21970 cleaned up netgr_matches
21973 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
21979 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
21982 now installs sudoers.man -- really should clean this up though.
21986 added sudoers.cat and sudoers.man
21990 pulled out stuff on the sudoers file format into a separate man page
21998 fixed up my email address
22002 added checks for innetgr and getdomainname
22006 added dummy netgr_matches function
22010 added netgr_matches
22013 * parse.lex, parse.yacc:
22014 added NETGROUP support
22018 added HAVE_INNETGR & HAVE_GETDOMAINNAME
22021 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
22024 rewrote clean_env() that has rm_env() builtin
22027 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
22030 now cast uid to long in sprintf
22034 added _INSULTS suffix to HAL & GOONS end
22038 added _INSULTS suffix to HAL & GOONS
22041 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
22042 converted to new scheme of insult "unions" end
22046 now uses MAX_UID_T_LEN
22050 added SUDO_UID_T_LEN !l
22054 added MAX_UID_T_LEN
22058 now use MAX_UID_T_LEN
22062 added check for max len of uid_t fixed sco vs. isc check
22065 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
22076 hack to check for sco
22080 removed #include <net/route.h> since it was hosing some OS's
22083 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
22086 fixed prreadlink() prototype
22090 added parens in #if's
22098 moved SPW_* to config.h.in
22102 added a set of parens
22110 added SPW_* reordered error codes
22114 moved SPW_* to sudo.h
22117 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
22120 SPW_AUTH -> SPW_SECUREWARE
22124 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
22132 SPW_AUTH -> SPW_SECUREWARE
22136 now uses SHADOW_TYPE to make shadow pw support more readable and
22137 modular. It's a start...
22141 added autodetection of shadow passwords
22145 now uses SHADOW_TYPE define
22149 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
22153 added SUDO_CHECK_SHADOW
22156 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
22159 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
22160 memmove() since we dno longer use it...
22168 added BROKEN_SYSLOG support
22172 added BROKEN_SYSLOG
22176 now only bitch it timestamp > time_now + 2 * timeout to allow for a
22177 machine udpating its time from a server
22181 added 2 security notes updated Nieusma's email addr
22185 changed a memmove() to memcpy() since we don't have to worry about
22186 overlapping segments.
22189 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
22192 cleanup up the loop when interfaces are groped in so that it is
22196 * Makefile.in, version.h:
22200 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
22206 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
22209 fixed permissions check on /tmp/.odus
22212 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
22215 fixed some comments
22219 now checks owner & mode of timedir also checks for bogus dates on
22224 updated TIMEOUT info
22227 * logging.c, sudo.h:
22228 added BAD_STAMPDIR and BAD_STAMPFILE
22232 added definition of S_IRWXU
22239 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
22242 added #ifdef to make it compile on strange arches
22245 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
22248 fixed check for fulkl void impl.
22252 added mssing "static"
22256 replaced #elif with #else #if constructs for ancient C compilers
22260 updated irix c2 & kerb5 info
22264 added shadow pw support for irix
22267 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
22274 last changes for sudo 1.3.3
22278 now calls SUDO_SOCK_SA_LEN
22286 added SUDO_SOCK_SA_LEN
22290 now works with ip implementations that use sa_len in sockaddr
22294 added note about buggy AIX compiler
22298 now include sys/time.h for AIX
22301 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
22308 now works for ISC and others. yay.
22311 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
22313 * Makefile.in, version.h:
22317 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
22320 fixed test for full void impl
22324 now check to see that st_dev is non-zero before assuming that we are
22328 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
22330 * aclocal.m4, configure.in:
22331 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
22334 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
22337 fixed include file order for SUDO_FUNC_UTIME_POSIX
22341 added cast for ttyname()
22349 now deal correctly with all known variation of utime() -- yippe
22353 added SUDO_FUNC_UTIME_POSIX
22357 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
22361 added HAVE_UTIME_POSIX
22369 no longer assume !HAVE_UTIME_NULL means old BSD utime()
22373 fixed fascist C compiler warning
22377 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
22378 to 0 (just to be anal)
22381 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
22384 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
22392 reworked the ISC code
22395 * Makefile.in, version.h:
22400 now expect old-style utime(3) if utime() can't take NULL as an arg
22404 added check for utime.h
22412 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
22416 now search for kerb libs and includes
22420 added support for utime(2)'s that can't take a NULL parameter
22424 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
22428 added utime(s) stuff
22436 added HAVE_UTIME and HAVE_UTIME_NULL
22439 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
22442 now use HAVE_UTIME_NULL
22445 * emul/utime.h, utime.c:
22450 need to setuid(0) to make kerb4 stuff work.
22454 no more special case for kerberos
22458 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
22463 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
22468 now use private ticket file for kerberos support to avoid trouncing
22472 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
22475 added SPOOF_ATTEMPT & cmnd_st
22479 added anti-spoofing support
22483 now use global cmnd_st
22487 added SPOOF_ATTEMPT suypport
22490 * testsudoers.c, visudo.c:
22491 added void casts where appropriate
22495 fixed up spacing and added void casts where appropriate
22499 fixed problem with "-p prompt" but no args
22502 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
22505 added BUGS and annotated -l description
22509 validate() now takes a flag
22513 validate() now takes a flag added -l
22517 added support for -l
22521 validate() now takes a flag that says whether or not to check the
22525 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
22528 now deals with Argv == 1
22536 added prompt support reworked parse_args()
22548 now use BUFSIZ as length of kerb password added kpass so pass is
22549 always a char * now use prompt global when asking for a password
22553 now use BUFSIZ as _PASSWD_LEN if using kerberos
22560 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
22563 only look for -lufc or -lcrypt if crypt() not in libc
22567 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
22568 (unknown user) silently fail
22576 HAVE_KERBEROS -> HAVE_KERB4
22580 removed debugging printf
22584 KERBEROS -> KERB4 added checks for setreuid & setresuid
22588 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
22592 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
22593 with setresuid if applic
22597 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
22598 no setreuid() or a broken one
22601 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
22604 added kerberos support
22608 added HAVE_KERBEROS
22612 added KERBEROS support (long passwords)
22616 added kerberos support
22619 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
22622 added MODE_BACKGROUND
22626 escaped dashes added -b option
22634 added crypt() for osf/1 3.x enhanced secuiry
22638 now check for -lcrypt
22642 added ENXIO like EADDRNOTAVAIL
22645 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
22648 now emulate getwd(), not getcwd()
22652 getcwd() -> getwd()
22659 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
22661 * ins_2001.h, ins_classic.h, ins_goons.h:
22666 broke out insults into separate include files
22669 * OPTIONS, options.h:
22674 added ins_2001.h ins_classic.h ins_goons.h
22677 * Makefile.in, version.h:
22682 moved signal handler setup to setup_signals()
22686 added load_interfaces()
22690 moved load_interfaces to interfaces.c
22697 * OPTIONS, options.h:
22702 now uses clearaliases variable
22710 added interfaces.[co]
22714 now uses ip addrs and netmasks via load_interfaces()
22718 now remove IFS instead of setting to "sane" value
22721 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
22727 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
22730 sudo_goodpath.c-> goodpath.c
22734 added Andy's new ISC changes
22737 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
22740 added a sentence to SECURE_PATH info
22755 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
22761 * Makefile.in, version.h:
22766 sendmail is now looked for in
\17/usr/ucblib
22782 added unixware case
22786 user_is_exempt is no longer hidden
22794 isc and riscos changes
22798 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
22802 fixed a typo and added testsudoers stuff
22809 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
22812 applied fixed patch from Chris
22815 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
22822 added a set of braces for bison
22826 merged in Chris' changes to dekludge the parser.
22830 send_mail() was calling find_path() which is wrong since find_path()
22831 stores cmnd in a static var. Anyhow, it doesn't make much sense
22832 since MAILER should always be fully qualified
22835 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
22838 added User_Alias stuff
22842 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
22846 added DEC UNIX 3.0 w/ gcc
22850 Exit was being used in places where exit should be used
22854 added "User alias specification"
22858 fixed probs caused by making nslots and naliases a size_t
22862 added KSR, upped rev to 1.3.1b2
22865 * logging.c, parse.yacc:
22870 void * -> VOID * naliases and nslots are now size_t to appease
22871 lsearch on 64-bit machines
22874 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
22877 did a bunch of things and added a bunch :-)
22885 closer to BSD manpage style
22889 closer to standard BSD man format
22892 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
22893 pathnames.h.in, sudo.h, version.h:
22898 removed crufty #defines that are no longer used
22906 updated based on sudo changes
22910 now allow ALL keyword in User_Aliases now allow ALL keyword as well
22919 now sets SUDO_COMMAND and SUDO_GID envariables.
22923 fixed bug with full void impl check
22927 fixed User_Alias supoprt
22931 added stubs for User_Alias support
22935 now sets removes # bogus interfaces from num_interfaces
22939 added User_Alias support
22942 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
22945 removed extraneous TODO
22948 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
22951 ntwk_matches -> addr_matches
22955 ntwk_matches -> addr_matches
22959 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
22960 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
22965 took out debugging info
22969 OS was being set to unknown before non-uname based host checks.
22970 This caused no checks to happen since $OS was not zero-length.
22974 fixed loading of interfaces struct still has debugging info in
22982 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
22993 removed extraneous extern decl of "top
23001 removed parser_cleanup (no need for it now)
23005 now calls reset_aliases() directly
23008 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
23011 added a sentence to SECURE_PATH description
23015 fixed my stupid bug where I used NAMLEN on something I wanted to
23016 just get the name from. argh.
23019 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
23022 fixed argument order of memmove() that i hosed when converting from
23027 finally fixed DISTFILES line
23035 added missing files to DISTFILES
23039 SUPPORTED -> RUNSON
23042 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
23049 updated for pl5b1 release
23057 fixed bug where if you hit return at first sudo prompt it would
23058 still log as a failure
23066 better test for bogus void * implementation
23070 added PASSWORDS_NOT_CORRECT
23074 added PASSWORDS_NOT_CORRECT stuff]
23078 added PASSWORDS_NOT_CORRECT
23086 removed some unused vars and fixed up uid2str
23093 * getcwd.c, getwd.c:
23097 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
23100 fixed a typo I introduced in the last checkin :-(
23104 can't have #ifdef's where N is defined so just do this the broken
23109 better hack from Chris (but still a hack)
23113 stupid hack for broken aix lex
23117 now includes compat.h
\ 6
23121 now includes fcntl.h
23125 added FD_SET and FD_ZERO for 4.2BSD
23129 dirty hack to fix parser bug. i don't really like this but it works
23134 uid2str is now static like the prototype says
23137 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
23139 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
23148 check_sudoers now returns an error code and sudo calls inform_user
23149 and log_error based on the return value.
23152 * logging.c, sudo.h:
23153 added entries for new errors
23157 now set uid to that of SUDOERS_OWNER while parsing sudoers file
23161 took out testsudoers
\ 6
23165 now explicately checks that it is setuid root
23169 If a user has no passwd entry sudo would segv (writing to a garbage
23170 pointer). Now allocate space before writing :-)
23174 reordered AC_CHECK_FUNCS
23181 * tgetpass.c, visudo.c:
23186 bzero -> memset when a parse error is logged the line number of the
23187 error is now logged too
23191 added Sunos to blurb about c2 security
23195 added a SUN4 define for C2 security
23199 bcopy -> memmove bzero -> memset
23203 bcopy -> memmove char * -> VOID *
23207 added support for sunos with C2 security
23210 * OPTIONS, options.h:
23215 _PATH_SUDO_LOGFILE now set based on configure
23219 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
23223 added _SUDO_PATH_LOGFILE
23227 added SUDO_LOGFILE to find where to put sudo.log added
23228 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
23229 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
23232 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
23239 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
23240 to work around a problem is trusted hpux shadow passwords. yuck.
23244 backed out a change in malloc/realloc
23248 now include stdlib.h
23252 now do an freopen() of the stmp file so that yyin will always point
23253 to the same thing. This is important for flex since we are doing a
23258 replaced yywrap() with parser_cleanup() since yywrap() needs to be
23259 in parse.lex to be able to use YY_NEW_FILE. sigh.
23263 now have a rule that matches anything that doesn't match an
23264 explicite rule. well, you know what i mean (. matches anything not
23265 yet matched). However, this means that there is input still queued
23266 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
23267 into parse.lex and it calls parser_cleanup() which is most of the
23275 * getcwd.c, getwd.c:
23276 moved compat.h to be the last include file
23280 fixed type of aliascmp() args
23288 added casts to lfind and lsearch args for irix
23292 bsdinstall -> install-sh
23296 added info about make realclean
23300 updated VERSION added dependencies for visudo.cat
23312 now there is a real visudo.man and visudo.cat
23316 took out visudo stuff
23323 * parse.c, parse.lex, parse.yacc:
23332 updated Nieusma & Hieb email addresses
23336 updated to include options.h and OPTIONS
23344 eliminated bug #1 (yay)
23348 sunos no longer gets linked statically
23351 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
23354 prototype now uses __P()
23358 make fill() non-ansi
23362 made -v (validate) work
23370 don't check for execute/statable if fq or relative path given
23378 now include ctype.h for islower and tolower macros
23382 moved _S_IFMT & _S_ISREG to compat.h
23386 moved a set of parens
23390 now include compat.h
23398 now cast malloc & realloc return vals added search for HAVE_LSEARCH
23399 now use strcmp if no strcasecmp available
23407 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
23408 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
23412 added _S_IFMT, _S_IFREG, and S_ISREG
23416 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
23417 to most SUDO_* macros
23425 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
23426 AC_INSTALL_PROG instead of custom one added check for fully woorking
23427 void implementation
23431 added lsearch & search.h visudo links into $(LIBOBJS)
23435 partial 1.x to 2.x changes added SUDO_FULL_VOID
23439 whatnow_help was prototyped to be static be was not declared as
23444 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
23445 for dirent/dir/ndir.h
23449 now use groovy gnu autoconf macro AC_HEADER_DIRENT
23452 * getcwd.c, getwd.c:
23453 MAXPATHLEN -> MAXPATHLEN+1
23456 * emul/search.h, lsearch.c:
23460 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
23463 eliminated bison warnings
23471 now iincludes signal.h
23475 only clear data structures on a parse error
23479 whatnow() now gives help on invalid input
23483 added a whatnow() function (sort of like mh)
23487 kill_aliases -> reset_aliases yywrap() now cleans up by calling
23488 reset_aliases() and clearing top took reset stuff out of yyerror()
23489 since it doesn't beling there (and doesn't work anyway). errorlineno
23490 is now initially set to -1 so we can set it to the first error that
23491 occurrs (it was getting set to the last)
23499 rewrote from scratch based on 4.3BSD vipw.c
23502 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
23509 no more sudo_realpath() and find_path() changed params
23513 find_path() changed since no more realpath()
23517 on error, errorlineno is set to the line where the error occurred
23518 added kill_aliases() to free the aliases struct now clean up in
23519 yyerror() so we can reparse cleanly
23522 * options.h, parse.c:
23523 no more USE_REALPATH
23527 changed to use new find_path()
23531 removed all the realpath() stuff
23535 sudo_realpath.c -> sudo_goodpath.c
23539 now works correctly with utk parser
23547 eliminated a compiler warning
23551 elinated compiler warning
23555 added sudo_goodpath()
23559 added prototype for sudo_goodpath
23563 added support for /sys/dir.h
23567 USE_REALPATH turned off
23571 added calls to sudo_goodpath()
23575 added check for dirent.h
23579 added HAVE_DIRENT_H
23583 added in linux shadow pass stuff
\ 6
23586 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
23589 added back host, user, cmnd, parse_error
23593 added in utk changes plus some minor cosmetic changes
23596 * sudo.c, sudo_realpath.c:
23597 added void casts for printf's
23601 added a define of USE_REALPATH
23605 there is no more visudoers/Makefile
23609 added in utk changes (visudo is now built from the toplevel)
23613 added (void) casts to printf's
23616 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
23617 merged in utk changes
23620 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
23623 now check to see that what we are trying to run is a file (or a link
23624 to a file, we do a stat(2) so there is no diff)
23627 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
23634 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
23638 added myself as maintainer
23641 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
23644 changed setegid -> setgid
23647 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
23650 fixed the test for irix 5.x to skip bad libs
23654 now initialize OS and OSREV
23657 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
23664 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
23668 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
23671 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
23672 thing wrt yyrestart (grrrr)
23675 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
23678 added visudoers/compat.h to DISTFILES
23686 added ocmnd declaration adjusted for find_path()'s new parameters
23690 added ocmnd extern adjusted find_path() prototype
23694 cmndcmp() now takes 3 arguments and checks against the qualified as
23695 well as the unqualified pathname. more code that should use
23696 cmndcmp() but did not, now does
23704 changed to use new find_path() parameter passing
23708 find_path() now takes 2 copyout parameters (one for the qualified
23709 pathname and one for the unqualified pathname). The third parameter
23714 no longer munge pathnames.h
23718 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
23719 as a result, pathnames.h does not need to be run through configure
23720 and the user can override the configured values easily.
23724 added _SUDO_PATH_* entries
23728 _PATH* -> _SUDO_PATH_*
23732 updated DISTFILES and HDRS .o's now depend on config.h
23735 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
23738 removed extraneous #endif
23746 added SUDO_PROG_MV added riscos and isc os types took out
23747 -DSHORT_MESSAGE from --with-csops since it is now the default
23751 move the include of id.h to compat.h now includes options.h
23755 moved compatibility #defines to compat.h
23763 move __P to compat.h
23766 * getcwd.c, getwd.c, putenv.c:
23767 now includes compat.h
23774 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
23777 pull user-configurable stuff out and put in options.h
23780 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
23782 * parse.lex, parse.yacc, visudo.c:
23783 now includes options.h
23786 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
23788 now includes options.h
23792 added visudoers/options.h
23795 * OPTIONS, options.h:
23800 added OPTIONS and options.h
23804 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
23808 changed PASSWORD_TIMEOUT to minutes
23811 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
23814 now only do Editor +line_num if line_num != 0
23817 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
23820 now use mv if rename(2) fails
23831 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
23834 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
23837 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
23840 added mips & isc support
23844 added support for non-root owned sudoers file
23848 added exempt group support
23852 added set_perms() support added SUDOERS_OWNER so can have non-root
23853 own sudoers file added exempt group support added isc support
23857 now copy sudoers to temp file via read/write (not stdio) now chown
23858 new sudoers file to SUDOERS_OWNER
23861 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
23872 fixed typo added set_perms support added skey support added
23873 seteuid()/setegid() emulation for AIX
23877 be_* -> setperms() now check to make sure sudoers file is owned by
23878 root nread/write by only root
23881 * logging.c, parse.c:
23886 be_* -> set_perms() added skey support
23889 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
23899 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
23909 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
23915 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
23930 now bail if ARgv[1] > MAXPATHLEN
23934 added function check for tcgetattr(3)
23938 only define HAVE_TERMIOS_H if you have tcgetattr(3)
23942 added check for tcgetattr
23945 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
23951 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
23954 now only include unistd.h for linux
23957 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
23960 added visudo.8 generation
23964 added -Wl,-bI:./aixcrypt.exp to aix flags
23967 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
23978 added mailing list info
23982 now use sudolineno instead of yylineno fixed bison warnings
23986 now use -no_library_replacement for osf don't make a static binary
23991 added string.h/strings.h inclusion
23999 added inclusion of string.h/strings.h
24003 fixed uname | sed (needed to quote the '[')
24007 replaced yylineno with sudolineno fixed bison syntax errors
24011 changed yylineno to sudolineno since yylineno cannot be counted
24020 added code to support command listings
24024 added code for -l flag
24028 fixed typo added info for -l flag
24032 AC_SSIZE_T -> SUDO_SSIZE_T
24047 * find_path.c, sudo_realpath.c:
24048 readlink() is now declared as returning ssize~_t
24052 added -laud for OSF c2
24055 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
24057 * Makefile.in, visudo.c:
24058 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
24061 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
24062 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
24065 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
24066 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
24067 sudo_setenv.c, tgetpass.c, version.h:
24068 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
24071 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
24082 added host to alertmail messages
24090 fixed logging problem where mail would not say which user it was
24094 added -laud for gcc if osf & c2
24098 moved set_auth_parameters to sudo.c
24102 added set_auth_parameters for osf
24106 cleaned up -static stuff
24118 changed setenv() to sudo_setenv()
24134 added osf auth support & removed some extra spaces
24137 * INSTALL, SUPPORTED:
24141 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
24144 added 2 suggestions
24148 removed README.v1.3.1 and added VERSION stuff
24155 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
24166 mention HISTPRY file
24170 use sizeof instead of a constant in 1 place
24189 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
24193 [7dfbb4a810bb] [SUDO_1_3_1]
24200 added unistd.h include
24203 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
24206 added sys/time.h for AIX
24209 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
24212 added check for -lsocket and sys/sockio.h
24216 took out libshadow check and added in sys/sockio.h check
24220 now include sockio.h instead of ioctl.h if it exists "sudo -" now
24221 gets a better error message
24225 now has a dir and subnet entry
24228 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
24239 added network and ip addresses to man page
24243 no error if can't get interfaces or netmask since networking may not
24248 nwo check for interfaces == NULL
24252 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
24253 the last entry in the spec failed (ie: it was only looking at the
24254 last entry). CLeaned things up by adding the cmndcmp() function--all
24262 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
24265 now do two passes to skip bogus interfaces (lo0, etc)
24268 * parse.lex, parse.yacc, visudo.c:
24269 added include of netinet/in.h
24272 * logging.c, sudo_realpath.c, sudo_setenv.c:
24273 added ninclude of netinet/in.h
24276 * check.c, find_path.c, getcwd.c, getwd.c:
24277 added include of netinet/in.h
24285 added interfaces global
24289 now uses new interfaces global
24293 now ip addresses are gleaned fw/o dns
24296 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
24299 added load_ip_addrs() to load the ip_addrs global var
24303 added hostcmp() to compare hostnames, ip addrs, and network addrs
24307 added ip_addrs def added load_ip_addrs prototype
24310 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
24317 removed multiple entries in DISTFILES
24321 ansified the !STDC_HEADERS decls
24324 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
24325 don't do malloc decl if gnuc
24329 can't use getopt(3) since it munges args to the command to be run as
24330 root don't do malloc decl if gnuc
24333 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
24334 sudo_realpath.c, sudo_setenv.c:
24335 ansi-fied !STDC_HEADER function prottypes
24338 * getcwd.c, getwd.c:
24339 added missing paren
24343 added putenv.c to DISTFILES
24347 added params to func decls when STDC_HEADERS is not defined now can
24348 count on putenv() being there
24352 took out errno decl since sudo.h does it for us fixed up a next cc
24353 warning added params to func decls when STDC_HEADERS is not defined
24357 took out environ extern added local declaratio of putenv() if local
24361 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
24362 added params to func decls when STDC_HEADERS is not defined
24366 added memcpy check check to see that ansi vs bsd macros are ntot
24367 already defiend before defining (ie: avoid redefinition)
24371 removed fluff setenv check plus check w/ replace for putenv if also
24379 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
24386 rm'd s realp[ath added sudo_realpath and sudo_setenv
24390 now use sudo_setenvc
24394 added puteenv and setenv, removed realpath
24398 added putenv & setenv
24409 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
24412 added MAN_POSTINSTALL and /usr/share/catman for irix
24416 added MAN_POSTINSTALL
24424 added SUDO_* plus new options
24432 took out shadow lib
24440 now use yyrestart() if flex now reset yylineno to 0
24444 support for installing a cat page instead of a man page if no nroff
24448 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
24449 to determine whether or not to install a cat or man page
24457 not set ret to MODE_RUN initially
24461 made command (and therefor cmnd dynamically allocated)
24473 changed bufs from MAXPATHLEN to MAXPATHLEN+1
24477 added MODE_ removed validate_only and added remove_timestamp()
24481 usage() now takes an int (exit value) added parse_args() to parse
24482 command line arguments moved call to find_path() from load_globals
24483 to new function load_cmnd() removed validate_only global -- now use
24484 the concept of "modes" added -h and -k options
24488 no longer use global validate_only now checks for command called
24489 "validate" removed check for non-fully qualified commands since that
24490 is done by find_path
24494 changed MAXPATHLEN r to MAXPATHLEN+1
24498 fixed off by one error with MAXPATHLEN and fixed a comment
24502 check_timestamp no longer runs reminder(), it is implied in the
24503 return val added remove_timestamp()
24510 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
24524 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
24527 moved send_mail to after syslog
24531 now set SUDO_ envariables
24534 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
24541 now print error if chdir fails
24548 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
24555 no more static binaries for aix
24558 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
24565 took out stuff not needed for sudo now does be_root/be_user itself
24566 now uses cwd global
24573 * logging.c, sudo.c:
24574 be_root/be_user is now down in sudo_realpath()
24577 * logging.c, sudo.h:
24578 now works with 4.2BSD syslog (blech)
24582 now use sudo_realpath()
24586 took out realpth() stuff since we now use sudo_realpath()
24590 ultrix enhanced sec
24594 added ultrix enhanced sec.
24602 ultrix enhanced security suport
24606 added sudo_realpath.c
24614 increased passwd len to 24 for c2 security
24621 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
24624 now use user global var
24631 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
24638 user is now a char * added epasswd
24642 added tzset() to load_globals added epasswd (encrypted password)
24643 global made user dynamically allocated
24655 cleaned up encrypted passwd grab somewhat
24671 can now log to both syslog & a file
24695 removed AFS stuff :-)
24699 include sys/select for AIX
24710 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
24712 * CHANGES, SUPPORTED:
24717 can now have MAILER undefined
24721 new sub-note about MAILER
24725 added blurb about password timeout
24733 took out duplicate define of _CONVEX_SOURCE
24745 added a goto if fgets fails
24749 use __hpux not hpux convex c2 stuff
24753 use __hpux not hpux
24761 define ansi-ish cpp os defines if non-ansi are defined for hpux &
24766 updated to say we support sonvex C2
24770 added convex c2 support
24773 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
24776 no more ioctl never returns NULL uses fgets() and select() to
24780 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
24783 things were testing -n "$GCC" instead of -z "$GCC"
24787 now works + uses fgets()
24790 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
24793 select doesn't seem to recognize a single '\n' as input waiting so
24794 we can;t use it, sigh.
24797 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
24800 updated tgetpass() blurb
24804 added --with-getpass
24808 added tgetpass stuff
24819 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
24826 added USE_GETPASS && HAVE_C2_SECURITY
24830 fixed a test aded --with-C2 and --with-tgetpass
24838 took out tgetpass.*
24845 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
24848 no termio(s) for ultrix since it is broken
24852 added a space (yeah, anal)
24855 * realpath.c, sudo_realpath.c:
24856 fixed it (duh, rtfm)
24859 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
24862 took out bsd signal stuff for irix
24870 don't define BSD signals for irix
24881 * realpath.c, sudo_realpath.c:
24882 took out unneeded code by changing where a strings was terminated
24885 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
24887 * realpath.c, sudo_realpath.c:
24888 fix bug where /dirname would return NULL
24892 move __P to config.h
24895 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
24896 added errno definition
24911 * realpath.c, sudo_realpath.c:
24912 now works if no fchdir
24916 define SA_RESETHAND to null if not defined
24920 added check & replace
24924 took out -static for nextstep -- it doesn't work
24927 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
24930 moved #endif to where it belongs
24938 now checks for strdup realpath getcwd bzero
24946 added posic signals
24954 added posix signals
24958 removed BROKEN_GETPASS added new srcs toreplace missing functions
24962 added posix signal stuff
24974 now uses posix signals
24978 updated sto reflect major changes
24986 uses sysconf() if available
24990 added PASSWORD_TIMEOUT + prototypes for new functions
24993 * realpath.c, sudo_realpath.c:
24994 for those w/o this in libc
24997 * getcwd.c, getwd.c:
25002 rewrote to use realpath(3) - nis now all my code
25006 added HAVE_REALPATH
25014 added LIBOBJS use tgetpass.c
25017 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
25031 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
25042 added check for getwd
25046 replace strdup & realpath & getcwd if missing
25054 added SUDO_PROG_PWD
25061 * realpath.c, sudo_realpath.c:
25065 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
25068 quoted quare brackets
25071 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
25074 no need to strdup() a constant
25089 * parse.c, sudo.c, sudo.h:
25090 added validate_only stuff
25093 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
25100 $OSREV is now an int
25103 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
25106 added mtxinu to caser
25114 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
25118 changed mail_argv[] def now use EXEC() macro
25122 took out crypt() definition
25130 always look for -lnsl
25138 SHORT_MESSAGE is now the default
25146 added missing AC_DEFINE(SVR4) for solaris
25150 documented the -v flag
25162 added LIBSHADOW undef
25166 nwo set OS to be lowercase
25169 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
25172 now use SUDO_OSTYPE to set $OS
25176 now use uname to determine os
25180 added prototypes & moved sig handler around
25187 * check.c, logging.c, sudo.c:
25196 nwo use _BSD_SIGNALS not _BSD_COMPAT
25207 * parse.lex, parse.yacc:
25208 moved config.h to top of includes
25211 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
25214 now don't bitch if get EACCESS (treat like EPERM)
25218 added -v flag and usage()
25226 cast Argv to a const for exec added -v flag
25230 mail_argv is now a const
25234 only set RETSIGTYPE if it is not set already
25238 now defines & STDC_HEADERS for Irix
25245 * insults.h, sudo.h:
25246 prevent multiple inclusion
25253 * parse.lex, parse.yacc:
25254 now includes config.h
25258 now talks about sunos 4.x
25262 calls to Exit now pass an arg
25265 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
25268 signal handler now takes an int argument
25276 ok, the getcwd() is now *really* done as the user
25280 changed AIX STATIC_FLAGS
25284 solaris now defines SVR4
25288 added cwd and fixed stupid core dump that makes no sense. sigh.
25292 moved getcwd stuff into load_globals
25296 took out externs that are in suod.h
25300 moved cwd into load_globals
25308 fixed make distclean & realclean
25316 added solaris changes
25320 added solaris changes, need to rework
25324 cleaned up for solaris
25328 reinstall reapchild signal handler for non-bsd signals
25332 took out getdtablesize() emulation for HP-UX (no longer needed)
25336 support for HAVE_SYSCONF
25340 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
25348 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
25351 now tells you what os you are running /.
25358 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
25373 uid seinitialized to -2
25376 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
25379 now removes LIBPATH for AIX
25382 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
25385 now uses ufc if it finds it
25388 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
25391 no longer define yyval & yylval since yacc does it
25395 now defines yylval as extenr
25399 BROKEN_GETPASS is now an OPTION
25403 took out BROKEN_GETPASS
25407 took out big comment
25415 took out README.beta
25423 now reference SUPPORTED .,
25427 now check for convex OR __convex__
25431 now check for convex or __convex__
25443 now use _S_* stat stuff to be ansi-like
25447 updated for configure directions
25451 distclean now removes config.h and pathnames.h
25470 * config.h.in, pathnames.h.in:
25471 added copyright header
25474 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
25475 parse.yacc, sudo.c, sudo.h:
25480 udpated to use configure + pathnames.h
25487 * Makefile.in, config.h.in, configure.in:
25492 now works with configure
25495 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
25496 updated to work with configure + pathnames.h
25503 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
25506 updated gnu general licence to versio 2
25509 * config.h.in, pathnames.h.in:
25514 changed to work with configure
25517 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
25519 * Makefile.in, aclocal.m4, configure.in:
25524 now uses defines used by configure
25527 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
25530 sudo won't bitch about EPERM now, for real
25533 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
25536 renamed exec_argv to eliminate a libc name clash with ksros
25543 * logging.c, sudo.c, sudo.h:
25560 added UMASK and mode_t declaration
25568 now opens log file with mode 077
25572 saved current umask ans restores it
25576 added MAXLOGFILELEN
25580 split long log lines. FOr syslog, split into multiple entries, for
25581 a log file, indent the extra for readability
25584 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
25591 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
25594 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
25597 added input from Brett M Hogden <hogden@rge.com>
25600 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
25603 added rmenv() to remove stuff from environ. can now uses execvp()
25604 OR execve() becuase of this.
25608 now uses execvp() OR execve()
25624 moved some func decls out of sudo.h and into sudo.c as statics /.
25635 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
25641 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
25656 added sample.sudoers note
25663 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
25670 took out SAVED_UID garbage
25671 [b7c2d3469661] [SUDO_1_3_0]
25690 more verbose error if mailer not found
25694 now do getpwent as root for soem shadow password systems (bsdi)
25697 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
25700 took out SAVED_UID garbade
25704 took out SAVED_UID garbage since it don't work
25707 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
25714 added a missing space :-)
25718 took out multimax cruft
25730 fixed a typo + indentation
25733 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
25736 took outumoved some defines to the config file ,. ,.
25748 added HAS_SAVED_UID
25755 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
25761 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
25767 * check.c, logging.c, parse.c, sudo.c, sudo.h:
25768 now is only root when abs necesary
25775 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
25790 now removed _RLD_* for alphas
25794 updated for new config scheme
25798 more verbose eror messages
25801 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
25808 define __svr4__ for SOLARIS
25812 added svr4 junk for shadow pws for solaris 2.x
25816 took out setuid(0) and setreuid(udi) garbage. Its not needed since
25817 we start out setuid with the correct perms.
25820 * check.c, sudo.c, sudo.h:
25824 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
25827 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
25832 now uses ENV_EDITOR if you want to use the EDITOR envar
25836 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
25839 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
25842 rewrote most of this
25846 minor update + spell fix
25850 added all options that are in the Makefile
25854 now use USE_TERMIO #define for sgi & hpux
25861 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
25863 * check.c, find_path.c:
25864 always include strings.h
25872 sgi has vi in /usr/bin too
25879 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
25882 sue /usr/bin/vi on some systems
25886 fixed warning (include strings.h)
25890 added John_Rouillard@dl5000.bc.edu's changes (new features)
25894 changes from John_Rouillard@dl5000.bc.edu
25901 * check.c, find_path.c, parse.c, sudo.c:
25902 added patches from John_Rouillard directory spec
25906 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
25909 added flush for hpux
25912 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
25915 no longer assume malloc returns a char *
25919 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
25920 gets removed correctly
25924 added STD_HEADERS macro
25928 now uses STD_HEADERS macor for ansi
25932 now uses STD_HEADERS macro
25936 niceties for C compiler bitches -- no real change
25939 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
25942 now doesn't fclose a file never opened.
25945 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25952 added error stuff added me in there...
25960 added blurb about reading stuff
25968 corrected somments and removed newlines
25980 added dec syslog note
25984 added real stuff in there
25995 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
26002 updated with changes
26013 * CHANGES, COPYING, INSTALL, README, TODO:
26018 updated version number and took out jeff's old addr since it is no
26022 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
26024 updated version number and took out jeff's email (since it is
26028 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
26034 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
26037 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
26040 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
26047 now sudo.h gets included first
26050 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
26061 hpux 9 fix, removes SHLIB_PATH linux patch
26068 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
26071 stat now ignores EINVAL
26074 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
26076 * find_path.c, sudo.c:
26077 now declare strdup as extern
26080 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
26083 reformatted with indent + by hand
26086 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
26087 used indent to "fix" coding style
26091 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
26092 move the code that does this into the loop body. makes it messier
26096 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
26099 redid the fix for non-executable files in an easier to read way plus
26100 some minor aethetic changes
26104 fixed bug with non-executable tings of same name in path introduced
26105 by checkig errno after stat(2).
26108 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
26111 fixed off by one error
26115 now handles decending below '/' correctly
26119 now actually builds Envp instead of munging envp
26122 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
26125 now includes sys/param.h
26129 now includes sys/param.h
26133 fixed ifndef -> ifdef
26137 make more like find_path.c
26141 rewritten by millert
26145 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
26146 about new defines in the comment
26154 added delc for clean_envp() and Envp
26158 now rips LD_* env vars out of envp and passed sanitized Envp to exec
26166 ENOTDIR is ok now too (in case part of the path is bogus)
26170 now works correctly (ttaltotal rewrite)
26174 now includes sys/param.h didn't match trailing / -- fix from
26178 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
26181 moved around the #ifndef _AIX
26184 * check.c, logging.c, parse.c:
26188 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
26194 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
26197 now works if you do sudo bin/test
26204 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
26214 * parse.lex, parse.yacc:
26218 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
26225 now spews error if exec fails and exits with -1
26233 now only execs files with (an) executable bit set.
26240 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>