1 2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
3 * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
7 2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
9 * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
11 Regen .mo files that were out of date.
14 2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
16 * NEWS, configure, configure.in:
17 On Solaris 11 and higher, tag binaries for ASLR if supported by the
22 No longer need to disable PIE on Solaris.
25 2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
27 * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
28 Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
29 OpenBSD also supports PIE but enables it by default so we don't need
30 to do anything. This fixes problems on systems with a version of
31 GNU ld that accepts -pie but where the run-time linker doesn't
32 actually support PIE. Also verify that a trivial PIE binary works
33 unless PIE is explicitly enabled.
36 2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
38 * aclocal.m4, configure, configure.in:
39 Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
40 where we can end up crashing due to malloc() failures. Sems OK when
45 Update with final changes.
48 2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
50 * configure, configure.in:
51 Add -fPIE to PIE_LDFLAGS as per gcc manual.
54 2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
56 * common/Makefile.in, compat/Makefile.in:
57 Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
60 * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
61 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
62 plugins/sudoers/regress/visudo/test4.out.ok,
63 plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
64 Replace sequence number-based cycle detection in visudo with a
65 "used" flag in struct alias. The caller is required to call
66 alias_put() when it is done with the alias. Inspired by a patch
70 2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
72 * plugins/sudoers/iolog.c:
73 Eliminate a few relocations related to sudoers_io.
76 * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
77 Sync with translationproject.org
80 2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
86 2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
89 Handle d_type == DT_UNKNOWN when resolving the device to a name and
90 sprinkle some more debugging.
93 2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
95 * doc/TROUBLESHOOTING:
96 Add message about disabling PIE if sudo gets SIGSEGV.
99 * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
100 No longer store the ctime of a devpts tty. The handling of ctime on
101 devpts in Linux has been changed to conform to POSIX. As a result
102 we can no longer assume that the ctime will stay unchanged
103 throughout the life of the session. We store the session ID in the
104 time stamp file so there is a much smaller chance of the time stamp
105 file being reused by a new login. While here, store the uid/gid in
106 the timestamp file too for good measure.
109 * configure, configure.in:
110 PIE is broken on FreeBSD/arm
114 Add explicit sendmail path for Linux since we may not have sendmail
115 installed in the build chroot.
118 2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
120 * common/sudo_debug.c, plugins/sudoers/iolog.c,
121 plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
122 Quiet a few -Wunused-result compiler warnings.
125 2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
127 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
128 Mention what SHA-2 formats are supported.
132 List code and translations separately.
135 2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
137 * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
138 plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
139 plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
140 Sync with translationproject.org
143 * plugins/sudoers/po/sudoers.pot:
148 Fix c-format for fatal/fatalx
151 2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
153 * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
154 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
155 plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
156 Change some error/errorx -> fatal/fatalx in comments and xgettext
161 There is now a Turkish translation of sudoers.
164 * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
165 plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
166 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
167 plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
168 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
169 plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
170 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
171 plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
172 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
173 Updated translations from translationproject.org including new
177 2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
179 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
180 Document that sudoers will re-use existing I/O log paths unless they
181 are mktemp-style with trailing X's.
184 * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
185 doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
186 doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
187 plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
188 Allow ldap_conf and ldap_secret to be specified as plugin arguments
192 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
193 doc/sudoers.ldap.mdoc.in:
194 sudoers_debug is now deprecated in favor of the sudo debugging
198 * plugins/sudoers/ldap.c:
199 Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
200 SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
201 debug file with the ldap subsystem. The sudoers_debug setting in
202 ldap.conf is still honored for now but will be removed in a future
206 2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
208 * plugins/sudoers/sudoers2ldif:
209 Add support for converting sudoers files with SHA-2 command digests.
212 * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
213 plugins/sudoers/sudoers2ldif:
214 Add copyright notice to scripts
217 * MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
218 plugins/sudoers/regress/sudoers/test14.out.ok,
219 plugins/sudoers/regress/sudoers/test14.toke.ok:
220 Add regress for SHA-2 digests.
223 * compat/getgrouplist.c:
224 Solaris maps negative gids to GID_NOBODY.
227 * plugins/sudoers/visudo.c:
228 Clear up an llvm checker warning which appears to be a false
229 positive and fix an old XXX while I'm at it.
232 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
233 doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
234 Correct last change date
237 * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
238 No need to translate this error message.
242 Mention .sl vs. .so extension handling on HP-UX Mention group
243 membership changes Fix typos
246 * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
247 common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
248 common/setgroups.c, common/term.c, common/ttysize.c,
249 compat/Makefile.in, compat/dlopen.c, compat/endian.h,
250 compat/getline.c, compat/getprogname.c, compat/isblank.c,
251 compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
252 compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
253 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
254 compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
255 include/Makefile.in, include/alloc.h, include/fileops.h,
256 include/gettext.h, include/lbuf.h, include/missing.h,
257 include/sudo_plugin.h, pathnames.h.in,
258 plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
259 plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
260 plugins/sudoers/alias.c, plugins/sudoers/audit.c,
261 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
262 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
263 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
264 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
265 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
266 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
267 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
268 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
269 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
270 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
271 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
272 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
273 plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
274 plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
275 plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
276 plugins/sudoers/logging.h, plugins/sudoers/match.c,
277 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
278 plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
279 plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
280 plugins/sudoers/redblack.h,
281 plugins/sudoers/regress/check_symbols/check_symbols.c,
282 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
283 plugins/sudoers/regress/logging/check_wrap.c,
284 plugins/sudoers/regress/parser/check_addr.c,
285 plugins/sudoers/regress/parser/check_fill.c,
286 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
287 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
288 plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
289 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
290 plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
291 plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
292 plugins/system_group/system_group.c, src/Makefile.in,
293 src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
294 src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
295 src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
296 src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
298 Update copyright years.
301 * plugins/sudoers/mon_systrace.h:
302 Systrace support was removed long ago.
305 2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
307 * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
308 plugins/sudoers/regress/sudoers/test9.toke.out.ok:
309 Remove some files that were mistakenly added.
312 * common/sudo_debug.c, config.h.in, configure, configure.in,
313 plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
314 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
315 plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
316 Use time(&now) instead of now = time(NULL) when storing the current
317 time in a time_t (better compiler error checking). Better parsing
318 and printing of 64-bit time_t on 32-bit platforms.
321 2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
324 Don't check the tty of the parent process. Now that we get the
325 controlling tty device number from the kernel there is no need. If
326 the process has really disassociated from the tty then reporting
327 "unknown" is appropriate.
330 2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
333 Use EXIT_FAILURE instead of 1 as the fatal() exit value.
337 Change remaining errorx -> fatalx
340 2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
342 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
343 plugins/sudoers/sudoers.h:
344 Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
345 error if the entry already exists in the cache.
348 * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
349 Change "foo: failed" to just "foo" since we print the string form of
350 errno. Gets rids of some useless translations.
353 2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
355 * plugins/sudoers/match.c:
356 Fix pasto in debug_decl
359 * plugins/sudoers/Makefile.in:
363 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
364 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
365 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
366 plugins/sudoers/logging.h, plugins/sudoers/parse.c,
367 plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
368 Rename log_error() -> log_warning() for consistency with
372 * plugins/sudoers/auth/API:
373 The NO_EXIT flag was removed a while ago.
376 * common/aix.c, common/alloc.c, common/error.c, include/error.h,
377 plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
378 plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
379 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
380 plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
381 plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
382 plugins/sudoers/pwutil.c,
383 plugins/sudoers/regress/check_symbols/check_symbols.c,
384 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
385 plugins/sudoers/regress/logging/check_wrap.c,
386 plugins/sudoers/regress/parser/check_addr.c,
387 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
388 plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
389 plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
390 src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
391 src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
393 Rename error/errorx -> fatal/fatalx and remove the exit value as it
398 digests are supported in sudoers ldap too
401 * plugins/sudoers/regress/check_symbols/check_symbols.c:
402 Print test failures to stdout like the final count so the outputis
403 not displayed out of order.
406 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
407 plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
408 plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
409 src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
410 src/po/it.po, src/po/tr.po:
411 Sync with translationproject.org
415 Check for any uncommitted changes in dist target and add force-dist
416 target that omit check-dist.
419 2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
421 * src/regress/ttyname/check_ttyname.c:
422 Fix logic bug when checking tty via ttyname().
426 Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
427 __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
430 * plugins/sudoers/po/sudoers.pot:
434 * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
435 doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
436 doc/sudoers.man.in, doc/sudoers.mdoc.in:
437 Document digest support.
440 * MANIFEST, plugins/sudoers/Makefile.in,
441 plugins/sudoers/regress/parser/check_base64.c:
442 Simple bas64 decode unit test.
445 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
446 plugins/sudoers/match.c, plugins/sudoers/parse.h:
447 Move base64_decode into its own source file.
450 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
451 Only check year against 2038 if time_t is 32-bit.
454 2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
456 * plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
457 plugins/sudoers/sssd.c:
458 Add digest support for sudoers in ldap and sss.
461 * INSTALL, configure, configure.in:
462 Error out in configure if the compiler doesn't support "long long".
465 * plugins/sudoers/match.c, plugins/sudoers/toke.c,
466 plugins/sudoers/toke.l:
467 Include stdint.h or inttypes.h before sha2.h
471 Simplify lbuf append functions by moving the realloc code into
472 lbuf_expand(). We now expand as needed each time bytes need to be
473 written to the lbuf. Also handle a NULL pointer being passed in for
477 * plugins/sudoers/iolog.c:
478 Zero out struct iolog_details early to avoid a potential (though
479 unlikely) dereference of stack garbage if we hit a fatal error
480 before iolog_deserialize_info() is called.
483 2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
486 Update copyright year.
489 * plugins/sudoers/sudoers_version.h:
490 Bump SUDOERS_GRAMMAR_VERSION for new digest support.
493 * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
494 plugins/sudoers/gram.y, plugins/sudoers/match.c,
495 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
496 Sanity check digest in parser so visudo can catch errors. Add base64
500 * MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
501 plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
502 For big endian architectures just use memcpy() instead of BE macros
506 2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
508 * MANIFEST, config.h.in, configure, configure.in,
509 plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
510 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
511 plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
512 plugins/sudoers/match.c, plugins/sudoers/parse.h,
513 plugins/sudoers/regress/parser/check_digest.c,
514 plugins/sudoers/regress/parser/check_digest.out.ok,
515 plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
516 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
517 plugins/sudoers/toke_util.c:
518 Initial implementation of checksum support in sudoers. Currently
519 supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
520 validation in parser and base64 support. checksum support for
524 2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
526 * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
527 SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
528 domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
532 2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
538 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
539 Add missing "not" in error message when mixing standalone and non-
540 standalone authentication methods.
543 * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
544 Check for crypt() returning NULL. Traditionally, crypt() never
545 returned NULL but newer versions of eglibc have a crypt() that does.
549 * plugins/sudoers/auth/pam.c:
550 Better PAM error messages
553 * plugins/sudoers/auth/kerb5.c:
554 Better error messages
557 * plugins/sudoers/bsm_audit.c:
558 Use same error message for getauid() failure.
561 * plugins/sudoers/sssd.c:
562 Start warning with a lower case letter for consistency and to match
563 existing translated strings.
566 2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
569 Disable PIE on Solaris where it is not really supported.
573 AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
574 before we try to match it against st_rdev.
578 Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
579 a problem finding the tty name when it is not in /dev/pts.
583 Support %lld and %llu
586 * .hgignore, MANIFEST, src/Makefile.in,
587 src/regress/ttyname/check_ttyname.c:
591 2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
593 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
594 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
595 plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
596 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
597 plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
598 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
599 src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
600 src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
601 src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
602 src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
603 Sync with translationproject.org
606 * plugins/sudoers/timestamp.c:
607 Log timestampfile to debug file.
610 * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
611 Don't add the "Password: " string we look up in the PAM text domain
612 to the sudoers.pot file.
615 2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
617 * plugins/sudoers/po/sudoers.pot:
618 Synce with regcomp() error message change.
621 * plugins/sudoers/sudoreplay.c:
622 Be consistent with error message when regcomp() fails.
625 2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
627 * plugins/sudoers/regress/testsudoers/test5.out.ok,
628 plugins/sudoers/regress/testsudoers/test5.sh:
629 Use group -1 instead of 1 as the invalid group since the running
630 user might have group 1 as their default group.
633 * plugins/sudoers/Makefile.in:
634 PWD may be a shell builtin, use CWD instead.
637 2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
639 * plugins/sudoers/check.c:
640 Split up check_user().
643 2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
645 * config.h.in, configure.in:
646 Cosmetic fixes in the comments.
649 2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
651 * configure, configure.in:
652 Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
653 message for visibility checks when the test fails.
660 * configure, configure.in:
661 We no longer use mbr_check_membership() and setrlimit64() is AIX-
666 The first (all) target must be by itself or some makes will choose
667 the run the entire target list.
670 * configure, configure.in:
671 Do exec_prefix expansion when enable_shared even if noexec is not
675 * compat/getgrouplist.c:
676 Use free() not efree() since we don't include alloc.h here
679 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
683 * plugins/sudoers/regress/testsudoers/test2.sh,
684 plugins/sudoers/regress/testsudoers/test3.sh,
685 plugins/sudoers/regress/testsudoers/test5.sh:
686 Pass in expected gid to testsudoers in addition to the uid that
687 matches the test sudoers files.
690 2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
693 Tru64 5.x does declare innetgr() and getdomainname().
696 * plugins/sudoers/match.c:
697 Fix compilation when getdomainame() is not present.
700 * config.h.in, configure.in, include/missing.h:
701 Move SET/CLR/ISSET from config.h.in to missing.h
704 * configure, configure.in:
705 Fix getgrouplist() check.
712 * plugins/sudoers/check.c:
713 Neded sys/time.h for struct timeval in struct sudo_tty_info.
716 * plugins/sudoers/Makefile.in:
721 Mention libibmldap on HP-UX
724 * NEWS, plugins/sudoers/match.c:
725 Instead of checking the domain name explicitly for "(none)", just
726 check for illegal characters.
729 * plugins/sudoers/visudo.c:
730 Only warn once when we are unable to open the sudoers file.
733 * plugins/sudoers/sudoers.c:
734 Fall back to opening /dev/tty to determine whether there is a tty if
735 the system doesn't have kernel support for determing the tty.
738 * compat/getprogname.c:
739 Update guard to take __progname into account
743 Some older systems have inttypes.h but not stdint.h
746 * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
747 compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
748 compat/getline.c, compat/getprogname.c, compat/glob.c,
749 compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
750 compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
751 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
752 compat/strsignal.c, compat/utimes.c:
753 Add guards in compat source files. Not really needed since we only
754 include them in the Makefile if they are needed but should not hurt
758 2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
760 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
761 Don't include gram.h in gram.y, its contents are already included.
762 Move sudoerserror to the end of gram.y so COMMENT is declared when
766 2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
768 * config.h.in, configure.in:
769 Remove some pre-ANSI cruft.
772 * plugins/sudoers/match.c:
773 Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
777 * NEWS, plugins/sudoers/iolog_path.c:
778 We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
782 2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
784 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
785 Add missing semicolon in rule.
788 * plugins/sudoers/sudoers.c:
789 Now that we can determine the terminal even when file descriptors
790 are redirected we can check user_ttypath rather than opening
791 /dev/tty when enforcing requiretty.
794 * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
795 plugins/sudoers/sudoers.h:
796 Stash umask in struct sudo_user so we don't need to look it up
800 * plugins/sudoers/sudoers.c:
801 Minor cosmetic change
804 * plugins/sudoers/regress/parser/check_addr.c:
805 No longer need to declare interfaces
808 * plugins/sudoers/logging.c:
809 Fix compilation in SUDOERS_NO_SEQ case
812 * plugins/sudoers/regress/parser/check_addr.c:
813 No longer need to define sudo_printf
816 * plugins/sudoers/check.c, plugins/sudoers/check.h,
817 plugins/sudoers/timestamp.c:
818 Pass auth_pw to the timestamp functions.
821 * plugins/sudoers/iolog_path.c:
825 * plugins/sudoers/locale.c:
826 Don't need all of sudoers.h in here
829 * plugins/sudoers/sudoers.c:
830 Don't need to include sudoers_version.h here.
833 2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
835 * plugins/sudoers/check.c:
836 DEFAULT_LECTURE is no longer used.
839 * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
840 Move sudo_conv into policy.c
843 * plugins/sudoers/pwutil.c:
847 * plugins/sudoers/match.c:
848 RHEL (and perhaps other Linux distros) use the string "(none)"
849 instead of an empty string when there is no actual NIS-style domain
853 * plugins/sudoers/match.c:
854 Fix return values when NAME_MATCH is defined.
857 2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
859 * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
860 Update copyright year.
863 * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
864 plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
865 Add sudo_set_grlist(), currently unused by the back end.
868 * plugins/sudoers/pwutil.c:
869 Remove unused macros, fix a debug_decl
873 Tru64 Unix doesn't prototype innetgr() or getdomainname().
881 Don't need to include setjmp.h here, error.h already includes it.
884 2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
886 * compat/Makefile.in, plugins/sudoers/Makefile.in:
890 * plugins/sudoers/check.h:
894 * plugins/sudoers/check.c, plugins/sudoers/check.h,
895 plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
896 Move contents of timestamp.h into check.h.
899 * plugins/sudoers/sudoers.h:
900 expand_prompt() is now in prompt.c sudo_printf extern is now in
904 * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
905 plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
906 plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
907 plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
908 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
909 plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
910 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
911 plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
912 plugins/sudoers/toke.h:
913 Change multiple inclusion guards to be _SUDOERS_FOO_H
916 2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
918 * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
919 src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
920 New Dutch translation for sudo and sudoers New Turkish translation
921 for sudo From translationproject.org
924 2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
926 * config.h.in, configure, configure.in:
927 Fix a typo in a comment and make sure we don't mistakenly include
928 _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
931 2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
933 * plugins/sudoers/Makefile.in:
934 Don't build check_symbols if we are linking sudoers in statically.
937 * configure, configure.in:
938 Use $host_os not $host when we only care about the os name and
942 * aclocal.m4, configure, configure.in:
943 Suppress duplicate -L and -I flags.
946 * common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
947 Fix regress tests on non-OpenBSD platforms.
950 * configure, configure.in:
951 If we find sasl/sasl.h there's no need to check for sasl.h too
954 * aclocal.m4, configure, configure.in:
955 Add -R flags at the very end after configure link tests are done
956 since we can only count on libtool to accept -R, the compiler front
957 end may not. Also unify the libldap and libibmldap tests using
958 AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
959 libibmldap (but is not an explicit dependency).
962 2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
964 * configure, configure.in:
965 Back out changes that broke detection of skey, opie and ldap
969 * plugins/sudoers/regress/testsudoers/test1.sh,
970 plugins/sudoers/regress/testsudoers/test2.sh,
971 plugins/sudoers/regress/testsudoers/test3.sh,
972 plugins/sudoers/regress/testsudoers/test4.sh,
973 plugins/sudoers/regress/testsudoers/test5.sh,
974 plugins/sudoers/regress/visudo/test1.sh,
975 plugins/sudoers/regress/visudo/test2.sh,
976 plugins/sudoers/regress/visudo/test3.sh:
977 Add explicit "exit 0" to prevent the check target from ending
981 * plugins/sudoers/Makefile.in:
982 Fix exit values in check target so we don't have to ignore errors.
985 * plugins/sudoers/Makefile.in:
986 Fail a test if there is unexpected stderr output.
990 Fix path to sudo.conf manuals; remove non-existant test2.err.ok
993 * src/load_plugins.c:
994 Fix compilation in dynamic mode.
997 * configure, configure.in:
998 On HP-UX, libibmldap has a hidden dependency on libCsup
1002 Pass BIND_VERBOSE to shl_load()
1005 * configure, configure.in:
1006 Only create static helper libs when --disable-shared is specified.
1009 * src/load_plugins.c:
1010 Ubreak static build.
1013 * INSTALL, aclocal.m4, configure, configure.in:
1014 Replace --with-rpath and --with-blibpath with --disable-rpath. Now
1015 that we use libtool for linking we can just use the -R flag and have
1016 libtool translate it to the proper linker flag.
1019 2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
1022 Bump I/O buffer size 32K
1025 2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
1027 * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
1028 doc/sudo.conf.mdoc.in:
1029 Document sesh Path setting.
1032 * src/exec.c, src/exec_common.c:
1033 Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
1036 * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
1038 Make sesh path configurable in sudo.conf
1041 * configure, configure.in:
1042 Use -fno-pie and -nopie if supported when --disable-pie is
1046 2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
1048 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
1049 Document direct execution of the command if the policy plugin has no
1053 2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
1055 * plugins/sudoers/auth/pam.c:
1056 Only delete creds if we actually established them. Print an error if
1057 pam_setcred() fails and we actually authenticated.
1060 * common/Makefile.in, plugins/group_file/Makefile.in:
1064 * common/alloc.c, include/alloc.h:
1065 Convert efree() to a macro that just casts to void * and does
1066 free(). If the system free() can't handle free(NULL) this may crash
1067 but C89 was a long time ago.
1070 * configure, configure.in:
1071 Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
1072 Fixes a problem with errno sometimes not being set on error on HP-
1076 * common/sudo_debug.c:
1077 Fix debug logging from the plugin when there is no error number.
1078 This was broken in the big debugging reorg for 1.8.7.
1081 2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
1083 * configure, configure.in, plugins/group_file/Makefile.in,
1084 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
1085 plugins/system_group/Makefile.in, src/load_plugins.c:
1086 Always install plugins with a .so extension regardless of what
1087 extension the system uses for shared libraries. That way the
1088 group_plugin sudoers setting can be shared between heterogenous
1092 * plugins/sudoers/match.c:
1093 Mac OS X has netgroup functions in netdb.h.
1096 * plugins/sudoers/parse.h:
1097 Tags in struct cmndtag can be set to IMPLIED as well.
1100 * plugins/sudoers/parse.c:
1101 Quiet a compiler warning.
1104 * plugins/sudoers/testsudoers.c:
1105 Quiet an llvm checker warning.
1108 * plugins/sudoers/parse.c:
1109 Quiet gcc -Wuninitialized false positive
1112 2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
1114 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1115 doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
1116 doc/sudoers.mdoc.in:
1117 Document group_file and system_group plugins.
1124 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
1125 Try to clarify that sudoedit in sudoers should not include a leading
1129 * plugins/sudoers/pwutil_impl.c:
1130 Make sure groupname_len is at least 32 just to be on the safe side.
1131 It is better to allocate a little extra and not need it than to have
1132 to reallocate and start over.
1135 * include/alloc.h, include/missing.h:
1136 Add __malloc_like macro to apply __malloc__ attribute to emalloc,
1137 ecalloc and estrdup. It cannot be applied to realloc since that may
1138 return the same pointer.
1141 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1142 Fix potential double free in an error path.
1146 When running the command in a pty, defer the call to exec_setup()
1147 until just before we exec the command. This is consistent with the
1148 non-pty path. As a side effect, the monitor process runs as root
1149 and not the runas user.
1152 2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
1154 * compat/closefrom.c:
1155 Update copyright year.
1158 2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
1160 * compat/closefrom.c:
1161 Use pst_highestfd from pstat_getproc() on HP-UX.
1164 2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
1166 * Makefile.in, common/Makefile.in, doc/Makefile.in,
1167 plugins/sudoers/Makefile.in:
1168 Clean up generated test files and other minor housekeeping.
1171 * plugins/sudoers/iolog.c:
1172 Add back gettimeofday() call inadvertantly removed in e1abb9810a83
1175 * config.h.in, configure, configure.in, src/ttyname.c:
1176 Use pstat() on HP-UX to determine the tty device.
1179 * plugins/sudoers/auth/pam.c:
1180 Fix PAM compilation: def_pam_session, not just pam_session.
1184 Don't remove the -S option description when trimming out selinux.
1188 2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1191 Update for Sudo 1.8.6p7
1194 2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
1196 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
1197 Document when sudo may exec the command directly instead of forking.
1200 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1201 doc/sudo_plugin.mdoc.in:
1202 Document that close and version be NULL for plugin API >= 1.3 and
1203 that sudo may execute the command directly if there is no close, or
1204 pty or timeout needed.
1207 * plugins/sudoers/auth/sudo_auth.c:
1208 Fix debug_decl for sudo_auth_begin_session and
1209 sudo_auth_end_session.
1212 * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
1213 doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
1214 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
1215 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
1216 Add pam_session sudoers option.
1219 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
1220 plugins/sudoers/sudoers.h:
1221 Dummy out close function if there is no end_session for the auth
1222 method and the front-end can handle a NULL close function. Avoids
1223 the extra sudo process when we don't actually need it.
1226 2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
1228 * Makefile.in, aclocal.m4:
1229 Add m4/ to paths m4_include parameters so we don't need to use
1233 * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
1234 src/sudo_plugin_int.h:
1235 If the policy plugin does not provide a close function, there is no
1236 command timeout and no pty is required, skip the event loop and just
1237 exec the command directly.
1241 Do not crash if the plugin close and version functions are not
1242 defined. If there is no policy close function, simply print a
1243 warning that the command was not found.
1246 2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
1248 * plugins/sudoers/parse.c:
1249 Fix typos in selinux/solaris privs specific code.
1252 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1253 doc/sudo_plugin.mdoc.in, src/parse_args.c:
1254 Pass the default plugin directory to the plugin via the settings
1255 list. Could be used by a stacking plugin.
1258 * plugins/sudoers/timestamp.c:
1259 Completely ignore time stamp file if it is set to the epoch,
1260 regardless of what gettimeofday() returns.
1264 Add Nikolai Kondrashov
1267 * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
1268 Use userpw_matches() for username matching so #uid works for
1272 * plugins/sudoers/sssd.c:
1273 Avoid calling realloc3() with a zero size parameter when all
1274 retrieved sssd rules fail. Otherwise we'll get a run-time error due
1275 to malloc(0) checking.
1278 * plugins/sudoers/sssd.c:
1279 Do not send error mail if a user is not found in SSSD. Local users
1280 can run sudo too. From Nikolai Kondrashov
1283 2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
1285 * MANIFEST, common/regress/sudo_conf/test4.in,
1286 common/regress/sudo_conf/test4.out.ok:
1287 Test setting disable_coredump to illegal value.
1290 * common/sudo_conf.c:
1291 Fix atobool() usage.
1294 * common/regress/sudo_conf/conf_test.c:
1295 Remove unused variable.
1298 * plugins/sudoers/sudoers.c:
1299 Make "sudo -l non_existent_command" warn that non_existent_command
1300 doesn't exist, not the "list" pseudo-command.
1303 * plugins/sudoers/parse.c:
1304 Make sudoers file long list output better match the format used by
1305 ldap sudoers. Tags are now converted to options and there is a
1306 single command per line.
1309 * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
1310 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
1311 Use the correct the sudoers policy symbol names and undo an editor
1312 goof committed when adding max_groups to sudo.conf.
1315 * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
1316 For "sudo -l" start a new line if the runas list changes to make the
1317 output easier to read.
1320 2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
1322 * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
1323 For "sudo -l" and "sudo -ll" only print the runas info for
1324 subsequent commands in a list if the runas info has changed. If we
1325 have new runas info, print out the tags again so as to be less
1326 confusing to the user. For "sudo -ll" set the line continuation
1330 2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
1332 * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
1333 doc/sudoers.man.in, doc/sudoers.mdoc.in,
1334 plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
1335 plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
1336 plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
1337 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
1338 plugins/sample_group/sample_group.c,
1339 plugins/sample_group/sample_group.exp:
1340 Rename sample_group plugin to group_file. Install group_file and
1341 system_group plugins by default.
1344 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
1345 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
1346 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
1347 plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
1348 plugins/sudoers/sudoers.h:
1349 Add maxseq sudoers option to limit the max number of I/O log files.
1352 2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
1354 * plugins/sudoers/iolog.c:
1355 Log lines and columns in the iolog file.
1358 2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
1360 * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
1361 common/regress/sudo_conf/test1.in,
1362 common/regress/sudo_conf/test1.out.ok,
1363 common/regress/sudo_conf/test2.in,
1364 common/regress/sudo_conf/test2.out.ok,
1365 common/regress/sudo_conf/test3.in,
1366 common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
1367 include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
1368 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
1370 Add simple regress tests for sudo.conf parsing.
1374 Always display the I/O plugin version as long as its open functions
1375 doesn't return an error. Previously it was only displayed if the
1376 plugin open returned 1.
1379 * plugins/sudoers/pwutil_impl.c:
1380 Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
1381 of poking around in struct utmpx.
1384 * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
1385 #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
1386 build directory and not the src dir when using a separate build
1390 2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
1393 If a line was longer that 0x80000000 the bit hack to round to the
1394 next power of two would roll over to zero.
1397 * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
1398 plugins/sudoers/sudoers.h, src/sudo.c:
1399 Use max_groups in front-end and plugin.
1402 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1403 doc/sudo_plugin.mdoc.in, src/parse_args.c:
1404 Pass max_groups to plugin in settings list.
1407 * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
1408 doc/sudo.conf.mdoc.in, include/sudo_conf.h:
1409 Add max_groups setting to sudo.conf (currently unused) and remove
1410 unused return value from setters.
1413 2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
1416 Reorganize configure options
1419 2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
1425 2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
1427 * INSTALL.configure:
1428 Sync with autoconf 2.68
1432 Remove obsolete OS notes and move build requirements to INSTALL.
1435 2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
1437 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1438 doc/sudo_plugin.mdoc.in:
1439 Sort elements of the settings, user_info and command_info lists.
1442 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
1443 Remove trailing white space
1446 * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
1447 plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
1448 Store the session ID in the tty ticket file too. A tty may only be
1449 in one session at a time so if the session ID doesn't match we
1453 2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
1455 * plugins/sudoers/sudoers.c, src/sudo.c:
1456 Move tzset() call from sudoers plugin to sudo front end.
1459 * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
1460 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
1461 doc/sudoers.ldap.mdoc.in:
1462 Mention line continuation
1465 * MANIFEST, common/Makefile.in, common/fileops.c,
1466 common/regress/sudo_parseln/parseln_test.c,
1467 common/regress/sudo_parseln/test1.in,
1468 common/regress/sudo_parseln/test1.out.ok,
1469 common/regress/sudo_parseln/test2.in,
1470 common/regress/sudo_parseln/test2.out.ok,
1471 common/regress/sudo_parseln/test3.in,
1472 common/regress/sudo_parseln/test3.out.ok,
1473 common/regress/sudo_parseln/test4.in,
1474 common/regress/sudo_parseln/test4.out.ok,
1475 common/regress/sudo_parseln/test5.in,
1476 common/regress/sudo_parseln/test5.out.ok,
1477 common/regress/sudo_parseln/test6.in,
1478 common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
1479 include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
1480 plugins/sudoers/sudo_nss.c:
1481 Add line continuation support to sudo_parseln() and make it use
1482 getline() instead of fgets() internally.
1485 2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1487 * plugins/sample/sample_plugin.c:
1488 Fix memory leak in error path; found by llvm checker
1491 * plugins/sudoers/sudoreplay.c:
1492 Remove useless store detected by llvm checker.
1495 * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
1496 src/load_plugins.c, sudo.pp:
1497 Sudo now stores its libexec files in a "sudo" subdirectory instead
1498 of in libexec itself. For backwards compatibility, if the plugin is
1499 not found in the default plugin directory, sudo will check the
1500 parent directory default directory ends in "/sudo".
1503 * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
1504 plugins/system_group/system_group.c:
1505 Add missing __dso_public to plugin structs so they are exported.
1508 * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
1509 Mention that sudoers has its own plugins too.
1512 2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
1514 * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
1515 Correct last change date.
1518 * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
1519 doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
1520 doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1521 doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
1522 doc/sudoers.mdoc.in:
1523 Remove duplicated sudo.conf info in the sudo, sudoers and
1524 sudo_plugin manuals and cross-reference the new sudo.conf manual.
1527 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
1531 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
1532 doc/sudoers.ldap.mdoc.in:
1536 * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
1537 doc/sudo.conf.mdoc.in:
1538 Add standalone sudo.conf manual page.
1541 * doc/sample.sudo.conf:
1542 add group_source example
1545 * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
1546 doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
1547 doc/sudoers.man.in, doc/sudoers.mdoc.in:
1548 Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
1551 * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
1553 Sync with translationproject.org
1556 2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
1558 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1559 plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
1560 src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
1562 Sync with translationproject.org
1565 2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
1567 * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
1568 plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
1569 src/po/es.po, src/po/gl.po:
1570 Sync with translationproject.org
1573 2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
1576 Clarify ttyname changes.
1584 Remove ttyname() fall back code on systems where we can query the
1585 kernel for the tty device via /proc or sysctl(). If there is no
1586 controlling tty, it is better to just treat the tty as unknown
1587 rather than to blindly use what is hooked up to std{in,out,err}.
1590 2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
1592 * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
1593 Add group_source setting in sudo.conf to allow the admin to specify
1594 how a user's groups are looked up. Legal values are static (just
1595 the kernel list from getgroups), dynamic (whatever the group
1596 database includes) and adaptive (only use group db if kernel group
1600 * plugins/sudoers/policy.c:
1601 Pass back exec_background to front end if it is enabled in sudoers.
1604 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
1605 Mention that exec_background is for 1.8.7 and higher only.
1608 2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
1611 Add missing test files.
1614 * plugins/sudoers/regress/visudo/test3.err.ok,
1615 plugins/sudoers/regress/visudo/test3.out.ok,
1616 plugins/sudoers/regress/visudo/test3.sh:
1617 Add regress test for bug 361
1620 * plugins/sudoers/iolog.c:
1621 Add __dso_public to extern declaration of declaration to match
1629 2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
1631 * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
1632 plugins/sudoers/regress/visudo/test2.out.ok,
1633 plugins/sudoers/regress/visudo/test2.sh:
1634 Add test for visudo cycle check core dump; test case from Daniel
1638 * plugins/sudoers/visudo.c:
1639 Fix potential stack overflow due to infinite recursion in alias
1640 cycle detection. From Daniel Kopecek.
1643 * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
1644 Ignore duplicate entries in sudo.conf and report the line number
1645 when there is an error. Warn, don't abort if there is more than one
1649 * plugins/sudoers/tsgetgrpw.c:
1650 Use strtoul() not atoi().
1653 2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
1655 * compat/Makefile.in:
1656 regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
1659 * compat/nss_dbdefs.h:
1660 Fix typo that breaks the build on HP-UX.
1663 * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
1664 configure, configure.in:
1665 Use nss_search() to implement getgrouplist() where available.
1666 Tested on Solaris and HP-UX. We need to include a compatibility
1667 header for HP-UX which uses the Solaris nsswitch implementation but
1668 doesn't ship nss_dbdefs.h.
1671 2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
1673 * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
1674 Remove extra flag to sudo_sigaction(). We want to trap the signal
1675 regardless of whether or not it is ignored by the underlying command
1676 since there's no way to know what signal handlers the command will
1677 install. Now we just use sudo_sigaction() to set a flag in
1678 saved_signals[] to indicate whether a signal needs to be restored
1682 2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
1684 * compat/getgrouplist.c, config.h.in, configure, configure.in:
1685 Use _getgroupsbymember() on Solaris to get the groups list. Fixes
1686 performance problems with the getgroupslist() compat on Solaris
1687 systems with network-based group databases.
1690 2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1692 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1693 doc/sudo_plugin.mdoc.in:
1694 Document signal handler behavior in plugin API 1.3
1697 * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
1698 src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
1699 Move signal code into its own source file and add sudo_sigaction()
1700 wrapper that has an extra flag to check the saved_signals list to
1701 only install the handler if the signal is not already ignored. Bump
1702 plugin API version for the new front-end signal behavior.
1705 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
1707 Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
1708 the command. If we get SIGINT or SIGQUIT, call the plugin close()
1709 functions as if the command was interrupted. If we get SIGTSTP,
1710 uninstall the handler and deliver SIGTSTP to ourselves.
1713 * src/exec.c, src/exec_pty.c:
1714 Rename handle_signals() to dispatch_signals(). Block other signals
1715 in handler() so we don't have to worry about the write() being
1719 2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
1722 Rename signal handler to avoid name clash with one in exec.c
1725 2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
1728 Add missing call to save_signals().
1731 2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
1733 * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1734 Fill in the comment block at the top of the .pot files and preserve
1735 it when regenerating them.
1738 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1739 doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
1740 doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
1741 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
1742 plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
1743 Add exec_background option in plugin command info and a sudoers
1744 option to match. When set, commands are started in the background
1745 and automatically foregrounded as needed. There are issues with
1746 some ill-mannered programs (like Linux su) so this is not the
1750 * common/Makefile.in:
1755 Add SESH_OBJS variable for sesh object files.
1758 * configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
1759 Update copyright year.
1763 Always resume the command in the foreground if sudo itself is the
1764 foreground process. This helps work around poorly behaved programs
1765 that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
1766 worst, sudo will go into the background but upon resume the command
1767 will be runnable. Otherwise, we can get into a situation where the
1768 command will immediately suspend itself.
1771 * configure, configure.in:
1772 Use -fstack-protector-all in preference to -fstack-protector where
1776 2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
1778 * configure, configure.in:
1779 Only test for -fstack-protector and -fvisibility=hidden on GNU
1780 compatible compilers.
1783 2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
1789 * common/Makefile.in, compat/Makefile.in, configure, configure.in,
1790 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1791 plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
1793 Break out stack smashing protector options into SSP_CFLAGS and
1794 SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
1797 2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
1799 * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
1800 In rbrepair(), make sure we never try to change the color of the
1801 sentinel node, which is the first entry, not the root. From Michael
1805 2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
1808 No need to restore default signal handler for SIGSTOP as it is not
1809 catchable. Attempting to do so is harmless but sigaction() will
1810 fail and set errno to EINVAL which makes it looks like there is an
1815 Print SIGCONT_FG and SIGCONT_BG properly in debug output.
1818 2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
1820 * configure, configure.in:
1821 Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
1824 2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
1826 * include/missing.h:
1827 Add howmany() macro since some systems have this in sys/param.h
1828 which we no longer include.
1831 2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
1833 * plugins/sudoers/regress/sudoers/test11.toke.out.ok:
1837 2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
1839 * plugins/sudoers/regress/check_symbols/check_symbols.c,
1840 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1841 plugins/sudoers/regress/logging/check_wrap.c,
1842 plugins/sudoers/regress/parser/check_addr.c,
1843 plugins/sudoers/regress/parser/check_fill.c:
1844 Remove obsolete sudoers_cleanup() stubs.
1847 * common/alloc.c, common/atobool.c, common/fileops.c,
1848 common/fmt_string.c, common/lbuf.c, common/secure_path.c,
1849 common/sudo_conf.c, common/sudo_debug.c, common/term.c,
1850 compat/closefrom.c, compat/getcwd.c, compat/glob.c,
1851 compat/snprintf.c, include/missing.h,
1852 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
1853 plugins/sample_group/plugin_test.c,
1854 plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
1855 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
1856 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
1857 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
1858 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
1859 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
1860 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
1861 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
1862 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
1863 plugins/sudoers/env.c, plugins/sudoers/find_path.c,
1864 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
1865 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1866 plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
1867 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
1868 plugins/sudoers/logging.c, plugins/sudoers/match.c,
1869 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
1870 plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
1871 plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
1872 plugins/sudoers/redblack.c,
1873 plugins/sudoers/regress/parser/check_addr.c,
1874 plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
1875 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
1876 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
1877 plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
1878 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
1879 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
1880 plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
1881 src/exec_common.c, src/exec_pty.c, src/get_pty.c,
1882 src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
1883 src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
1884 Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
1885 MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
1886 HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
1887 MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
1890 * include/missing.h, plugins/sudoers/match.c,
1891 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
1892 Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
1893 (sys/param.h or netdb.h).
1896 2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
1898 * plugins/sudoers/logging.c:
1899 Move debug_decl() in log_failure() to be after the variable
1900 declarations for C89.
1903 2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
1905 * common/error.c, include/error.h, plugins/sudoers/iolog.c,
1906 plugins/sudoers/logging.c, plugins/sudoers/policy.c,
1907 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
1908 Cannot wrap sigsetjmp() or we end up returning to the wrong place.
1909 Use a macro instead.
1912 2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
1914 * plugins/sudoers/policy.c:
1915 Fix return in sudoers_policy_open that should be debug_return.
1918 2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
1921 Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
1926 Quiet a gcc warning and add comment about needing to keep the handle
1930 2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
1933 mention --disable-shared
1936 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1937 doc/sudo_plugin.mdoc.in:
1938 Add missing command_info argument in I/O plugin open() prototype.
1942 2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
1944 * plugins/sudoers/gram.c:
1945 Regen for proper line numbers.
1948 * configure, configure.in:
1949 Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
1952 * common/sudo_printf.c:
1953 Include missing.h for __printflike.
1956 * plugins/sudoers/iolog.c:
1957 Saner loop invariant in io_mkdirs (cosmetic only).
1960 * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
1961 configure, configure.in, include/error.h, mkdep.pl,
1962 plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
1963 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
1964 plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
1965 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
1966 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
1967 src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
1969 Move warn/error into common and make static builds work.
1972 * MANIFEST, common/Makefile.in, common/sudo_debug.c,
1973 common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
1974 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1975 plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
1976 plugins/sudoers/policy.c,
1977 plugins/sudoers/regress/check_symbols/check_symbols.c,
1978 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1979 plugins/sudoers/regress/logging/check_wrap.c,
1980 plugins/sudoers/regress/parser/check_addr.c,
1981 plugins/sudoers/regress/parser/check_fill.c,
1982 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
1983 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
1984 src/Makefile.in, src/conversation.c, src/sesh.c:
1985 Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
1986 Add sudo_printf function pointer that is initialized to
1987 _sudo_printf() instead of requiring a sudo_conv function pointer
1988 everywhere. The plugin will reset sudo_printf to point to the
1989 version passed in via the plugin open function. Now plugin_error.c
1990 can just call sudo_printf in all cases. The sudoers binaries no
1991 longer need their own version of sudo_printf.
1994 * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
1995 plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
1996 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
1997 Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
1998 need error_jmp to be extern. Also add plugin_clearjmp() that clears
1999 a flag so error()/errorx() knows when to call exit() vs. longjmp().
2002 * plugins/sudoers/set_perms.c:
2003 Let warning() call gettext() for us.
2006 * include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
2007 Do locale swapping in the warning()/error() macros themselves
2008 instead of in the underlying functions.
2011 * common/alloc.c, common/list.c, include/error.h,
2012 plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
2013 plugins/sudoers/regress/check_symbols/check_symbols.c,
2014 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
2016 Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
2019 * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
2020 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
2021 plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
2022 plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
2023 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
2024 plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
2025 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2026 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
2027 plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
2028 src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
2029 src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
2030 src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
2031 Call gettext() on parameters for warning()/warningx() instead of
2032 having warning() do it for us.
2035 * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
2036 plugins/sudoers/gram.y, plugins/sudoers/toke.c,
2037 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
2038 Call gettext() in sudoerserror() in the user's locale and pass the
2039 untranslated string to it.
2042 * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
2043 plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
2044 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
2045 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2046 Allow sudoers programs (visudo, sudoreplay, visudo) to use
2047 plugin_error.c instead of the error.c from the front-end. This
2048 means sudoers_setlocale() needs to be independent of the sudo_user
2049 struct and the defaults table. The sudoers locale is now updated
2053 * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
2054 plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
2055 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2056 Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
2057 Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
2058 warning/error functions work when sudo_conv is NULL
2062 No need to change locale in front-end warning()/error().
2065 * plugins/sudoers/tsgetgrpw.c:
2066 Ignore bad lines in passwd/group file instead if stopping processing
2070 * plugins/sudoers/regress/testsudoers/test2.sh,
2071 plugins/sudoers/regress/testsudoers/test3.sh,
2072 plugins/sudoers/regress/testsudoers/test5.sh:
2073 Bash doesn't let you set UID to use MYUID instead.
2076 * plugins/sudoers/visudo.c:
2077 Avoid NULL deref for unknown Defaults in strict mode.
2080 * common/sudo_conf.c, common/sudo_debug.c:
2081 See DEFAULT_TEXT_DOMAIN
2084 2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
2087 Add signame.c and mksigname.
2090 * plugins/sudoers/Makefile.in:
2091 Fold preinstall into install-plugin and pass the path to the plugin
2092 binary to the preinstall command.
2103 2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
2105 * common/sudo_debug.c:
2106 Set group on sudo_debug when creating it to gid 0 so systems without
2107 BSD group semantics don't get the invoking user's group.
2110 * plugins/sudoers/iolog.c:
2111 Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
2112 path is a temporary, in which case the final component is created
2113 via mkdtemp() instead of mkdir().
2116 * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
2117 For PERM_ROOT set egid to 0 so log files are not created with the
2121 * plugins/sudoers/logging.c:
2122 Add calls to set_perms(PERM_ROOT) becore logging to a file. We
2123 should already be root but since we cache the current permission
2124 status it is basically free. That way, if more of sudoers runs as
2125 non-root in the future logging will still work correctly.
2128 * common/sudo_conf.c, config.h.in, configure, configure.in,
2129 include/gettext.h, plugins/sudoers/locale.c,
2130 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2131 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
2132 src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
2133 #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
2136 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
2137 doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2138 doc/sudo_plugin.mdoc.in:
2139 Mention that sudo.conf is parsed in the C locale.
2142 * common/sudo_conf.c:
2143 Parse sudo.conf in the "C" locale.
2146 * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
2147 plugins/sudoers/sudoers.h:
2148 Fix compilation on systems w/o setlocale()
2151 * doc/TROUBLESHOOTING:
2152 Sudo now includes a workaround for the Solaris 11 locale issue.
2155 2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
2157 * include/gettext.h, plugins/sudoers/iolog_path.c,
2158 plugins/sudoers/locale.c,
2159 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2160 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2161 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
2162 src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
2163 Always include locale.h from gettext.h so we no longer need to
2164 include locale.h from the .c files.
2167 * MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
2168 plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
2169 src/solaris.c, src/sudo.c, src/sudo.h:
2170 Add os-specific initialization functions for solaris (workaround
2171 setuid locale problem in Solaris 11) and openbsd (set malloc_options
2172 if SUDO_DEVEL). Also move set_project() to solaris.c.
2175 2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
2177 * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
2178 plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
2179 plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
2180 Avoid strerror() when possible and just rely on warning/error to
2181 handle errno in the proper locale.
2184 * plugins/sudoers/logging.c:
2185 Set sudoers locale in log_allowed()
2188 * plugins/sudoers/check.c:
2189 Make the sudo lecture translatable.
2193 Add the values of badpass_message, passprompt and mailsub to
2194 sudoers.pot so they can be translated.
2197 * plugins/sudoers/logging.c:
2198 Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
2202 2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
2204 * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
2205 plugins/sudoers/sudoers.h:
2206 Make expand_prompt() args const and free the prompt when we are done
2210 * plugins/sudoers/policy.c:
2214 * plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
2215 Expand def_mailsub in the sudoers locale, not the user's.
2218 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
2219 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
2220 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
2221 plugins/sudoers/env.c, plugins/sudoers/iolog.c,
2222 plugins/sudoers/locale.c, plugins/sudoers/logging.c,
2223 plugins/sudoers/logging.h, plugins/sudoers/parse.c,
2224 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
2225 plugins/sudoers/timestamp.c:
2226 Call gettext inside log_error et al instead of having the caller do
2227 it. This way we can display any messages to the user in their own
2228 locale but log in the sudoers local.
2231 * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
2232 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
2233 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
2234 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
2235 plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
2236 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
2237 plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
2238 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2239 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
2240 plugins/sudoers/visudo.c, src/error.c, src/exec.c,
2241 src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
2242 src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
2243 src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
2244 Display warning/error messages in the user's locale.
2247 * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
2248 plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
2249 audit_failure() now calls gettext itself using the sudoers locale.
2252 * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
2253 plugins/sudoers/sudoers.c:
2254 Convert setlocale() to sudoers_setlocale() in the sudoers module.
2255 This only converts existing uses, there are more places where we
2256 need to sprinkle sudoers_setlocale() calls.
2259 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
2260 plugins/sudoers/locale.c, plugins/sudoers/logging.h,
2261 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2262 Add simple locale switching to make it easy to switch from the
2263 user's locale to the sudoers locale without making excessive
2264 setlocale() calls when we don't need to.
2267 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
2268 plugins/sudoers/plugin_error.c, src/error.c:
2269 Add variants of warn/error and sudo_debug_printf that take a va_list
2270 instead of a variable number of args.
2273 * INSTALL, doc/TROUBLESHOOTING:
2274 Document Solaris 11 locale issues and workarounds.
2277 * Makefile.in, configure, configure.in:
2278 Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
2279 locales. Make links from localdir/lang -> localdir/lang.UTF-8
2282 2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
2284 * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
2285 plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
2286 Do not inform the user that the command was not permitted by the
2287 policy if they do not successfully authenticate. This is a
2288 regression introduced in sudo 1.8.6.
2291 * plugins/sudoers/Makefile.in:
2292 Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
2293 the rpath in HP-UX SOM shared libraries for the LDAP libs.
2297 The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
2300 2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
2302 * INSTALL, configure, configure.in:
2303 Allow the user to specify and alternate libtool
2306 2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
2308 * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
2309 Allow sudo to be build with sss support without also including ldap
2310 support. From Stephane Graber.
2313 2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
2315 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
2316 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
2317 plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
2318 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
2319 plugins/sudoers/visudo.c:
2320 Refactor policy plugin interface code from sudoers.c into policy.c
2323 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2324 Refactor command_info setting into its own function.
2327 * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
2328 plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
2329 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2330 Make interfaces pointer private to interfaces.c and add
2331 get_interfaces() accessor.
2334 2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
2336 * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
2337 plugins/sudoers/sudoers.h:
2338 Make user_cwd const since it is either a string literal or passed in
2342 * configure, configure.in:
2346 * plugins/sudoers/sudoers.c:
2347 Avoid nested strtok() calls.
2350 2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
2352 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
2353 plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
2354 Move expand_prompt() into its own source file for easier unit
2358 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
2359 plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
2360 plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
2361 Make check.c independent of the underlying timestamp implementation.
2364 * plugins/sudoers/iolog_path.c:
2365 Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
2368 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2369 Use a list for the possible values of Tag_Spec with a minimal indent
2370 to improve readability. In the pod version, these were =head3. Also
2371 use .St -p1003.1 instead of just POSIX when talking about glob() and
2375 2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
2378 sudo_ttyname_dev() is unused if there is no /proc or sysctl().
2381 * compat/mksiglist.c, compat/mksigname.c,
2382 compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
2383 plugins/sample_group/plugin_test.c,
2384 plugins/sudoers/regress/check_symbols/check_symbols.c,
2385 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2386 plugins/sudoers/regress/logging/check_wrap.c,
2387 plugins/sudoers/regress/parser/check_addr.c,
2388 plugins/sudoers/regress/parser/check_fill.c,
2389 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2390 plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
2391 Explicitly mark main() as public in executables to avoid an HP-UX ld
2395 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
2396 Remove grep from SEE ALSO section.
2400 If vasprintf() fails, just use the errno it sets instead of assuming
2404 2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
2406 * doc/TROUBLESHOOTING:
2407 Mention HP-UX pam.conf settings.
2410 2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
2412 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
2413 plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
2414 plugins/sudoers/timestamp.h:
2415 Split off timestamp functions into their own source file.
2418 2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
2420 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2421 Mention how !foo is not the same as ALL,!foo
2424 2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
2427 Start commands in the background when I/O logging is enabled. We
2428 can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
2429 which returns EINTR on signal instead of restarting automatically.
2433 Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
2434 string in deliver_signal().
2437 2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
2440 Fix running commands that need the terminal in the background when
2441 I/O logging is enabled. E.g. "sudo vi &". When the command is
2442 foregrounded, it will now resume properly.
2445 * plugins/sudoers/match.c:
2446 Add rudimentary support for name-based matching as a compile-time
2447 option. This unsafe when used in conjunction with the '!' operator.
2450 2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
2452 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
2453 plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
2454 Split out implementation-specific back end code out of pwutil.c into
2455 pwutil_impl.c. This will allow the main pwutil code to be used for
2456 lookup methods other than getpw* and getgr*.
2459 2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
2461 * NEWS, configure, configure.in:
2465 2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
2468 Don't use embedded newline when matching, use \n. This got expanded
2469 at some point. Bug #573
2472 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
2473 Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
2474 really needed due to the #defines that yacc makes but it is less
2475 confusing this way as the lexer calls sudoerserror().
2478 * common/alloc.c, plugins/sample_group/plugin_test.c,
2479 plugins/sudoers/env.c, plugins/sudoers/toke.c,
2480 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2481 src/exec_common.c, src/parse_args.c, src/sudo.c:
2482 No need to translate "unable to allocate memory" when we can just
2483 use the system translation via strerror().
2486 * plugins/sudoers/sudoreplay.c:
2487 Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
2488 all file systems support d_type. Bug #572
2491 * plugins/sudoers/sudoreplay.c:
2492 Avoid calling fclose(NULL) in the error path when we cannot open an
2496 2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2498 * NEWS, configure, configure.in:
2503 When setting the signal handler for SIGTSTP to the default value in
2504 non-I/O log mode, store the old handler value for when we restore it
2508 * plugins/sudoers/env.c:
2509 Replace the guts of sudo_setenv_nodebug() with our old setenv.c
2510 which supports non-standard BSD and glibc semantics. sudo_setenv()
2511 now simply calls sudo_setenv2().
2514 2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
2516 * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
2517 doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2518 Document non-Unix group support in LDAP sudoers.
2521 * plugins/sudoers/ldap.c:
2522 Enable non-Unix group support for LDAP sudoers. We now check for
2523 non-Unix groups and netgroups with the same query in the second
2527 2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
2529 * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
2530 plugins/sudoers/gram.h, plugins/sudoers/parse.c,
2531 plugins/sudoers/regress/parser/check_fill.c,
2532 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
2533 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
2534 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2535 plugins/sudoers/visudo.c:
2536 Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
2539 2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
2542 Mention support for SUCCESS=return in /etc/nsswitch.conf
2545 * NEWS, configure, configure.in:
2549 2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
2551 * plugins/sudoers/env.c:
2552 Avoid setting LOGNAME, USER and USERNAME variables twice when
2553 set_logname is enabled.
2556 * plugins/sudoers/env.c:
2557 Fix duplicate detection in sudo_putenv(), do not prune out the
2558 variable we just set when overwriting an existing instance. Fixes
2562 * plugins/sudoers/env.c:
2566 2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
2568 * plugins/sudoers/sudo_nss.c:
2569 Disable word wrap in list mode when stdout is a pipe to make "sudo
2570 -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
2574 Print a trailing newline in lbuf_print() when there is not enough
2575 space to do word wrapping and the lbuf does not end with a newline.
2578 * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
2579 Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
2587 2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
2589 * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
2590 plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
2591 plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
2592 src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
2596 * MANIFEST, plugins/sudoers/po/vi.mo:
2597 Add Vietnamese sudoers translation from translationproject.org
2604 * MANIFEST, plugins/sudoers/po/vi.po:
2605 Add Vietnamese sudoers translation from translationproject.org
2608 2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
2610 * Makefile.in, compat/Makefile.in, mkdep.pl:
2611 Add missing signame dependency
2614 * src/exec.c, src/ttyname.c:
2615 Silence compiler warnings.
2618 * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
2619 config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
2620 src/exec.c, src/exec_pty.c:
2621 Replace strsigname() with sig2str(), emulating it as needed.
2624 * config.h.in, configure, configure.in, src/utmp.c:
2625 Use fseeko() for legacy utmp handling if available.
2628 2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
2630 * compat/strsigname.c, config.h.in, configure, configure.in:
2631 Detect sys_sigabbrev[] and use it in place of sys_signame[] if
2632 present. For some reason glibc does not declare sys_sigabbrev so we
2633 must add an extern definition of our own.
2636 * compat/strsignal.c, compat/strsigname.c:
2637 Handle NULL entries in sys_siglist and sys_signame.
2640 * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
2641 compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
2642 Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
2645 2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
2652 Pass on SIGTSTP to the command if it was sent by a user process (not
2653 the kernel or the terminal) when we are not I/O logging and set the
2654 default SIGTSTP handler when we re-send the signal to ourself,
2655 restoring our handler after we resume.
2659 Shells typically change their process group when they start up so
2660 that they can implement job control. Most well-behaved shells
2661 change the pgrp back to its original value before suspending so we
2662 must not try to restore in that case, lest we race with the child
2663 upon resume, potentially stopping sudo with SIGTTOU while the
2664 command continues to run. Some shells, such as pdksh, just suspend
2665 the shell by sending SIGSTOP to themselves without restoring the
2666 pgrp. In this case we need to change the pgrp back for them. Should
2670 2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
2672 * MANIFEST, compat/Makefile.in, compat/mksigname.c,
2673 compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
2674 config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
2675 src/exec.c, src/exec_pty.c:
2676 Use strsigname() to print signal names in the debug output. If the
2677 system has no strsigname(), use our own.
2680 2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
2682 * plugins/sudoers/regress/testsudoers/test5.inc,
2683 plugins/sudoers/regress/testsudoers/test5.sh:
2684 Remove generated file and change path for temporary include file.
2687 * plugins/sudoers/Makefile.in:
2688 When running regress tests, list pass/fail rate for each dir
2689 (testsudoers and visudo) instead of the total. Also prevent the
2690 result files from clobbering each other by keeping them in the
2691 relevant directories.
2694 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2695 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2696 Don't print an error message in yyerror() if open_sudoers() fails,
2697 we've already printed an error message. Also restore the check for
2698 sudoers_warnings in yyerror().
2701 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2702 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
2703 plugins/sudoers/toke.l:
2704 Avoid printing the >>> parse error <<< message for testsudoers when
2705 the -t flag is specified.
2708 2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
2710 * plugins/sudoers/parse.c:
2711 Fix NULL deref when an entry has no Runas_Entry
2714 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
2715 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2716 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
2717 src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
2718 src/po/zh_CN.mo, src/po/zh_CN.po:
2719 sync with translationproject.org
2726 * plugins/sudoers/check.c:
2727 Correct the check_user() comment header.
2730 * plugins/sudoers/auth/sudo_auth.c:
2731 Change a log_fatal() into log_error() when no auth methods are
2732 configured. The caller already checks the return value.
2735 * plugins/sudoers/logging.c:
2736 Add missing debug_return
2739 2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
2741 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
2742 doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2743 doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2744 doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
2745 doc/sudoers.man.in, doc/sudoers.mdoc.in:
2746 Make the capitalization consistent for .Ss and .Sx
2749 * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
2750 doc/sudo.man.in, doc/sudo.mdoc.in:
2751 Add COMMAND EXECUTION section that describes how sudo runs the
2752 command, the extra sudo processes and signal handling.
2755 2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
2761 2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2763 * compat/Makefile.in:
2764 Don't echo the awk command when building siglist.in
2767 * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
2768 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2773 The HISTORY, LICENSE and CONTRIBUTORS files are not longer
2777 * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
2778 plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
2779 plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
2780 plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
2781 src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
2782 src/po/uk.po, src/po/vi.po:
2783 Sync with translationproject.org and add Italian sudoers
2787 2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
2789 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2790 Expand description of fqdn to talk about systems where the hosts
2791 file is searched before DNS.
2794 2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
2797 For cat pages there is nothing to make unless DEVEL is set.
2800 * configure, configure.in, doc/Makefile.in:
2801 Always use mandoc to format cat pages and remove now-extraneous
2802 nroff configure tests.
2806 sync polypkg from git
2809 * plugins/sudoers/sudoers.c:
2810 Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
2811 is not always the same as "fully qualified".
2814 2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
2816 * doc/sudoers.mdoc.in:
2817 Fix some typos. Describe error messages not related to policy
2821 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
2822 plugins/sudoers/visudo.c:
2823 Add new check_defaults() function to check (but not update) the
2824 Defaults entries. Visudo can now use this instead of
2825 update_defaults to check all the defaults regardless instead of just
2826 the global Defaults entries.
2829 2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
2831 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2832 Document sudoers log format.
2836 Update for sudo 1.8.5p3
2839 * src/load_plugins.c:
2840 Add missing check for I/O plugin API version when checking for the
2841 presence of I/O plugin hooks.
2845 Can't call debug code in the process_hooks_xxx functions() since
2846 ctime() may look up the timezone via the TZ environment variable.
2849 2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
2851 * src/exec_common.c, src/sesh.c, src/utmp.c:
2852 Include signal.h before sudo_exec.h since it uses sigset_t * in the
2856 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
2857 doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
2858 doc/visudo.man.in, doc/visudo.mdoc.in:
2859 Remove OPTIONS section; options now go inside DESCRIPTION
2862 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2866 * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
2867 plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2868 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2869 plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
2870 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
2871 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2872 plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
2873 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
2874 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
2875 src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
2876 src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
2877 Sync with translationproject.org and add new Slovenian translation.
2880 * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
2881 plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
2882 plugins/sudoers/testsudoers.c:
2883 Reduce the number of "internal error, foo overflow" messages that
2884 need to be translated.
2888 Mention HP-UX reboot fix.
2891 * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
2892 doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
2893 plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
2894 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
2895 Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
2896 data source. From Daniel Kopecek and Pavel Brezina.
2899 2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
2901 * common/sudo_conf.c, src/load_plugins.c:
2902 If sudo.conf contains an I/O plugin but no policy plugin, use
2903 sudoers for the policy plugin. If a policy plugin is specified
2904 without an I/O plugin, only the policy plugin will be loaded.
2907 * doc/Makefile.in, doc/sudoers.man.in:
2908 Do not modify the .Os section when building the .man.in file from
2912 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2913 Add a note about wildcards matching multiple words and include an
2914 example. Also mention that for sudoedit, a wildcard in command line
2915 args does not match a slash.
2918 2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
2920 * src/exec_pty.c, src/sudo_exec.h:
2921 Fix a comment, update a variable name in a prototype; all cosmetic.
2924 * plugins/sudoers/iolog.c:
2925 Cast 2nd argument of lseek() to off_t if it is a constant for
2926 systems with 64-bit off_t but without a proper lseek() prototype.
2929 * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
2930 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2931 plugins/sudoers/visudo.c:
2932 Fix some warnings from clang checker-267
2935 * plugins/sample/sample_plugin.c:
2936 Fix memory leak found by clang checker-267
2939 2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
2941 * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
2942 If we receive a signal from the command we executed, do not forward
2943 it back to the command. This fixes a problem with BSD-derived
2944 versions of the reboot command which send SIGTERM to all other
2945 processes, including the sudo process. Sudo would then deliver
2946 SIGTERM to reboot which would die before calling the reboot() system
2947 call, effectively leaving the system in single user mode.
2950 2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
2952 * doc/fixman.sh, doc/fixmdoc.sh:
2953 Remove section about Solaris 10 on other systems. Add missing
2954 sudoers.man.in bit to fixman.sh.
2957 2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
2959 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2960 Expand section on Solaris privileges.
2964 Expand a bit on the Solaris priv set changes.
2967 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2968 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
2969 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2970 The second argument to init_parser() is now bool.
2973 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
2974 Fix printing of parse error message to stderr.
2977 * plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2978 plugins/sudoers/match.c, plugins/sudoers/parse.c,
2979 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
2980 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
2981 If a command matches using an empty Runas_List (i.e. Runas_List is
2982 present but empty) and the -u option was not specified, set runas_pw
2983 to user_pw instead of using runas_default. This is intended to be
2984 used in conjunction with the Solaris Privilege Set support for rules
2985 that grant privileges without changing the user.
2988 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
2989 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
2990 plugins/sudoers/gram.y, plugins/sudoers/match.c,
2991 plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
2992 Add support for parsing an empty Runas_List, which only allows the
2993 command to be run as the invoking user. This can be used in
2994 conjunction with the Solaris Privilege Set support to grant
2995 privileges without changing the user.
2998 2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
3001 Fix HP-UX, just use ".TH name section" like the vendor manuals.
3004 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3005 Fix compilation on Solaris
3008 * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
3009 doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
3010 doc/sudoers.mdoc.sh:
3011 Generate a sed script file when munging *.mdoc or *.man instead of
3012 passing sed expressions on the command line. Older seds do not
3013 support \n in a replacement so generate and run a sed script
3017 * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
3018 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
3020 Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
3023 2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
3026 When checking whether a signal is user-generated, compare si_code
3027 against SI_USER instead of <= 0 since on HP-UX, terminal-related
3028 signals get a code of 0.
3032 SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
3033 interchangably. This causes problems when setting RLIMIT_NPROC to
3034 RLIM_INFINITY due to a bug in bash where bash tries to honor the
3035 value of _SC_CHILD_MAX but treats a value of -1 as an error, and
3036 uses a default value of 32 instead.
3038 Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
3039 restored the previous value of RLIMIT_NPROC. However, that makes it
3040 impossible to set nproc to unlimited. We now only restore the nproc
3041 resource limit if sysconf(_SC_CHILD_MAX) is negative. In most
3042 cases, pam_limits will set RLIMIT_NPROC for us.
3045 2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
3047 * plugins/sudoers/ldap.c:
3048 Active Directory apparently requires that tenths of a second be
3049 present in a date so append .0 to the "now" value in the time
3050 filter. Also remove space for the global AND from TIMEFILTER_LENGTH
3051 since it was not being used consistently. Buffers of
3052 TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
3055 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3059 2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
3062 Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
3063 were not being kept in sync.
3066 * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
3068 Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
3069 were not being kept in sync.
3072 2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
3074 * plugins/sudoers/logging.c:
3075 Fix printing of the permission denied message to standard error when
3076 a user is not allowed to run a command. This got broken by the
3077 recent logging changes.
3080 * plugins/sudoers/sudoers_version.h:
3081 Bump grammar version for Solaris privs.
3084 * doc/schema.ActiveDirectory:
3085 Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
3086 were added. From David Hicks.
3089 2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
3091 * plugins/sudoers/Makefile.in:
3092 Remove lex.yy.c when building toke.c
3096 Fix building docs in a build dir.
3099 * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
3100 doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
3101 doc/sudoreplay.pod, doc/visudo.pod:
3102 Remove pod versions of the manual; we now use mdoc.
3105 * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
3106 doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
3107 Add post-processing scripts to strip out login class, BSD auth,
3108 SELinux and privilege set bits when they are not supported.
3111 * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
3112 doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
3113 doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
3114 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
3115 plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
3116 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
3117 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
3118 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3119 plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
3120 plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
3121 Merge in Solaris privilege support by Darren Moffat and John
3125 2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
3127 * doc/contributors.pod:
3128 Sync with CONTRIBUTORS file
3131 * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
3132 doc/sudoers.man.in, doc/sudoreplay.man.in:
3133 Regen .man.in files with my private mandoc.
3140 2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
3142 * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
3143 doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
3144 Regen .man.in files with hacked mandoc to avoid issues with historic
3148 2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
3150 * doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
3155 Fix dependencies for .man.in files.
3159 Add doc/*.mdoc to ignore file
3162 * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
3163 doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
3164 doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
3165 doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
3166 doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
3167 doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
3168 doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
3169 doc/visudo.man.in, doc/visudo.mdoc.in:
3170 Build .man.in and .cat files from .mdoc.in files. Add new --with-man
3171 and --with-mdoc configure options.
3174 2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
3176 * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
3177 doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
3178 Sudo manuals formatted in mdoc, to replace the pod versions.
3181 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
3182 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
3183 doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
3184 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
3185 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
3186 More minor costmetic fixes.
3189 2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
3191 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
3192 Minor cosmetic fixes.
3195 2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
3197 * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
3198 Use "a password is required" instead of "password required" when the
3199 -n flag is used and we need to read a password.
3202 2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
3205 Mention logging changes.
3208 * plugins/sudoers/po/sudoers.pot:
3212 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3213 Document that other mail_* flags have precedence over mail_badpass.
3216 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
3217 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
3218 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3219 Move log_denial() calls and logic to log_failure(). Move
3220 authentication failure logging to log_auth_failure(). Both of these
3221 call audit_failure() for us.
3223 This subtly changes logging for commands that are denied by sudoers
3224 but where the user failed to enter the correct password.
3225 Previously, these would be logged as "N incorrect password attempts"
3226 but now are logged as "command not allowed". Fixes bug #563
3229 2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
3232 Do not set a resource limit to zero when we are unable to fetch a
3233 value from /etc/security/limits.
3236 2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
3239 Add "Provides: sudo" to debian sudo-ldap package
3242 2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
3244 * configure, configure.in, zlib/Makefile.in:
3245 Define NO_VIZ for zlib when gcc doesn't support symbol visibility
3249 * configure, configure.in:
3250 Use the autoconf cache when checking for symbol export control
3254 * INSTALL, common/Makefile.in, compat/Makefile.in, configure,
3255 configure.in, mkpkg, plugins/sample/Makefile.in,
3256 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3257 plugins/system_group/Makefile.in, src/Makefile.in:
3258 Add configure check for building PIE executables instead of doing it
3263 MacOS pp backend doesn't like modes longer than 4 characters.
3266 2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
3268 * configure, configure.in:
3269 Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
3270 -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
3271 will strip -fstack-protector from the linker flags and we always
3275 2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
3277 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
3278 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
3279 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
3280 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
3281 Regen for sudo 1.8.6
3284 * NEWS, doc/sudoers.ldap.pod:
3285 Document improved Tivoli Directory Server support.
3288 * config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
3289 Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
3290 option to specify Tivoli key db password. Allow TLS ciphers to be
3291 configured for Tivoli.
3294 2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
3296 * plugins/sudoers/ldap.c:
3297 Tivoli Directory Server 6.3 libs always return a (bogus) error when
3298 setting LDAP_OPT_CONNECT_TIMEOUT.
3305 * plugins/sudoers/ldap.c:
3306 Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
3307 same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
3308 set an ldap option fatal.
3311 2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
3313 * plugins/sudoers/sudoers.c:
3314 Zero pointers in sudo_user struct after freeing, just in case.
3317 * plugins/sudoers/sudoers.c:
3318 Free user_gids in close function if it has not already been freed.
3321 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
3322 plugins/sudoers/sudoers.h:
3323 Defer group ID to name resolution until we actually need it.
3327 It is safe to read in sudo.conf before calling user_info().
3330 * plugins/sudoers/env.c, plugins/sudoers/ldap.c:
3331 Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
3332 prevent potential truncation. Bug #562.
3335 2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
3338 If installing with installp, error out if there is already an
3339 instance of the rpm package installed.
3343 Add --disable-nls for AIX
3346 2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3349 Debian sudo-ldap packages should now depend on libldap-2.4-2, not
3353 2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
3356 Add Homepage and Bugs to debian control file.
3359 2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
3362 fix typo when setting aix_freeware
3365 * common/Makefile.in, compat/Makefile.in, configure, configure.in,
3366 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3367 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3368 plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
3369 Don't run regress tests or sudoers sanity check (using the newly-
3370 built visudo) when cross compiling. Bug #560
3373 * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
3374 plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
3375 plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
3376 plugins/sample_group/sample_group.exp,
3377 plugins/sample_group/sample_group.map,
3378 plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
3379 plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
3380 plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
3381 plugins/system_group/system_group.exp,
3382 plugins/system_group/system_group.map,
3383 plugins/system_group/system_group.sym:
3384 Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
3385 it on demand Use a loader option file for HP-UX ld to explicitly
3390 Remove extraneous backslash
3393 * plugins/sudoers/regress/check_symbols/check_symbols.c:
3394 Don't check for errorx as an exported symbols as it is now a macro.
3395 Check for user_in_group() instead.
3398 2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
3400 * configure, configure.in:
3401 Adjust ld map file support to use an anonymous scope to match the
3405 2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
3407 * config.h.in, configure, configure.in, include/gettext.h:
3408 Older versions of Solaris lack ngettext()
3411 * configure, configure.in:
3412 Move the check for -static-libgcc until after AC_LANG_WERROR has
3413 been called and use AX_CHECK_COMPILE_FLAG().
3416 * include/gettext.h:
3417 Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
3420 * include/error.h, include/sudo_debug.h:
3421 Fix gcc 2.x variant macro support.
3424 * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
3425 Fix compilation on gcc 2.95 and other compilers that only allow
3426 variable declarations at the beginning of a block.
3429 * configure, configure.in, plugins/sudoers/Makefile.in:
3430 Link check_symbols with SUDO_LIBS to make sure we link with the
3431 requisite libraries to successfully dlopen sudoers.so. This is
3432 needed on HP-UX where a program dlopen()ing a shared object that
3433 uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
3437 * plugins/sudoers/regress/check_symbols/check_symbols.c:
3438 Add check for exported local symbols. This will cause a "make
3439 check" failure on systems where we don't support symbol hiding.
3442 * configure, configure.in:
3443 Additional ${foo} -> $(foo) Makefile tweaks.
3446 * plugins/sample/sample_plugin.map,
3447 plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
3448 plugins/system_group/system_group.map:
3449 No need to provide a name for the scope in the map file since we
3450 don't use the it for versioning.
3453 2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
3455 * MANIFEST, plugins/sudoers/Makefile.in,
3456 plugins/sudoers/regress/check_symbols/check_symbols.c:
3457 Add regress test for symbol visibility.
3460 2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
3462 * NEWS, configure, configure.in:
3466 * configure, configure.in, include/missing.h:
3467 Add support for controlling symbol visibility using the HP and
3468 Solaris C compilers.
3471 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
3472 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3473 plugins/sudoers/sudoers.h:
3474 Use the expanded io log dir when updating the sequence number.
3475 Includes a workaround for older versions of sudo where the sequence
3476 number was stored in the unexpanded io log dir.
3479 2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
3482 Simplify "sudo -s" argv rewriting.
3485 * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
3486 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3487 plugins/system_group/Makefile.in, src/Makefile.in,
3488 src/sudo_noexec.map:
3489 Don't use a map file for sudo_noexec.so since Solaris ld doesn't
3490 allow '*' in the global section. The libtool export flag is now
3491 added to LT_LDFLAGS instead of commenting/uncommenting lines.
3494 2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
3496 * config.h.in, configure, configure.in, include/missing.h:
3497 The visibility attribute was actually added in gcc 3.3.x, not 4.0.
3498 Just assume that if -fvisibility=hidden works that the attribute is
3502 * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
3503 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
3504 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
3505 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
3506 plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
3507 plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
3508 plugins/system_group/system_group.c:
3509 Export group cache from sudoers.so for system_group.so to use.
3512 * MANIFEST, configure, configure.in, include/missing.h,
3513 plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
3514 plugins/sample_group/Makefile.in,
3515 plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
3516 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
3517 plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
3518 plugins/system_group/system_group.map, src/sudo_noexec.c,
3519 src/sudo_noexec.map:
3520 Use gcc's visibility attribute to specify when symbols are visible
3521 or hidden, if available. If not available, use an ELF version
3522 script if it is supported. If all else fails, fall back to using
3523 libtool's -export-symbols.
3526 2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
3529 Add mode for installed locale files but leave the directories with
3530 default mode and owner.
3533 2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
3536 Install AIX packages under /opt/freeware with links in /usr/bin and
3537 /usr/sbin. This matches the layout of the sudo package from AIX
3541 * Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
3542 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3543 plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
3544 Install shared objects with mode 0644 except on HP-UX which needs
3545 the executable bit set.
3548 * Makefile.in, doc/Makefile.in, include/Makefile.in,
3549 plugins/sudoers/Makefile.in, src/Makefile.in:
3550 Make installed file modes consistent with the file modes in the sudo
3554 2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
3557 Add "%:" prefix when talking about QAS non-Unix group support.
3561 Fix packaging of symbolic links on HP-UX when the link source
3562 already exists in the filesystem.
3566 Only specify prefix if we are overriding the default value. Fixes
3567 the man dir (/usr/local/man vs. /usr/local/share/man).
3571 Fix setting of sudoedit_man variable.
3575 Echo the command when linking the sudoedit manual.
3578 2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
3581 Build .deb packages with selinux support.
3584 2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
3587 Don't list paths for unstripped binaries in the lintial overrides.
3591 Add support for Installed-Size header in control file, required by
3592 newer debian versions.
3596 Fix extended description in .deb files.
3600 Add Depends, Replaces and Conflicts headers for .deb packages.
3603 2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
3605 * plugins/sudoers/sudo_nss.c:
3606 If there are no privs to print, write the message to the lbuf
3607 instead of printing it directly.
3610 2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
3613 Set -e in %pos and %preun for debian to quiet a lintian warning.
3616 * doc/Makefile.in, src/Makefile.in, sudo.pp:
3617 Install sudoedit and the sudoedit manual as symbolic links, not hard
3618 links and package them as such.
3622 Make sudo binary permissions 755 instead of 111 Add lintian
3623 overrides file for .deb files.
3626 * configure, configure.in, doc/Makefile.in, mkpkg:
3627 Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
3628 MANCOMPRESSEXT which can be used to compress the installed manual
3629 pages. Compress the man pages for .deb files to appease lintian.
3634 * fix modes to be more in line with what Debian expects
3636 * install LICENSE as copyright and ChangeLog as changelog
3637 * create stub changelog.debian
3641 Fix find command to properly skip files in the DEBIAN dir when
3646 Use a debian-compliant package maintainer field.
3649 2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
3651 * plugins/sudoers/sudoreplay.c:
3652 No need to loop over atomic_writev(), it guarantees to write all
3653 data or return an error.
3655 Fix handling of stdout/stderr that contains "\r\n" and handle a
3656 "\r\n" pair that spans a buffer.
3659 2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
3662 Update for sudo 1.8.5p2
3665 * plugins/sudoers/sudoreplay.c:
3666 Instead of doing extra write()s when replaying stdout, build up a
3667 vector for writev() instead. This results in far fewer system
3671 2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
3673 * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
3674 Provide unhooked version of getenv() and use it when looking up
3675 DISPLAY and SUDO_ASKPASS in the environment.
3678 2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
3680 * plugins/sudoers/sudoreplay.c:
3681 When replaying a log of stdout or stderr, do newline to carriage
3682 return + linefeed conversion. We cannot have termios do this for us
3683 since we've disabled output postprocessing (POST) when setting raw
3687 2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
3689 * configure, configure.in:
3690 When checking for -fstack-protector, treat warnings as fatal errors.
3693 2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
3695 * configure, configure.in:
3696 Fix test for -z relro
3700 Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
3703 * INSTALL, aclocal.m4, configure, configure.in,
3704 m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
3705 Build with -fstack-protector and link with -zrelo where supported.
3706 Added --disable-hardening option to disable hardening options.
3709 2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
3711 * plugins/sudoers/Makefile.in,
3712 plugins/sudoers/regress/testsudoers/test1.sh,
3713 plugins/sudoers/regress/testsudoers/test2.sh,
3714 plugins/sudoers/regress/testsudoers/test3.sh,
3715 plugins/sudoers/regress/testsudoers/test4.out.ok,
3716 plugins/sudoers/regress/testsudoers/test4.sh,
3717 plugins/sudoers/regress/testsudoers/test5.inc,
3718 plugins/sudoers/regress/testsudoers/test5.out.ok,
3719 plugins/sudoers/regress/testsudoers/test5.sh,
3720 plugins/sudoers/testsudoers.c:
3721 Add tests for sudoers mode, owner and group checks.
3724 * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
3725 If sudoers_mode is group-readable but the actual sudoers file is
3726 not, open the file as uid 0, not uid 1. This fixes a problem when
3727 sudoers has a more restrictive mode than what sudo expects to find.
3728 In older versions, sudo would silently chmod the file to add the
3732 * INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
3733 No longer throw an error if sudoers is a symbolic link. Deprecated
3734 the --with-stow option as that is now (effectively) the default.
3737 2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
3739 * plugins/sudoers/Makefile.in,
3740 plugins/sudoers/regress/testsudoers/test2.inc,
3741 plugins/sudoers/regress/testsudoers/test2.out.ok,
3742 plugins/sudoers/regress/testsudoers/test2.sh,
3743 plugins/sudoers/regress/testsudoers/test3.d/root,
3744 plugins/sudoers/regress/testsudoers/test3.out.ok,
3745 plugins/sudoers/regress/testsudoers/test3.sh:
3746 Add basic tests for #include and #includedir
3749 * plugins/sudoers/testsudoers.c:
3750 Add -U sudoers_uid option to testsudoers.
3753 2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
3755 * NEWS, configure, configure.in:
3759 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3760 Fix #includedir; from Mike Frysinger
3763 * plugins/sudoers/check.c:
3764 Don't prompt for a password if the user is in the exempt group, is
3765 root, or is running the command as themselves even if the -k option
3766 was specified. This makes "sudo -k command" consistent with the
3767 behavior one would get if the user ran "sudo -k" immediately before
3768 running the command.
3771 2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
3778 Build PIE executable on Mac OS X 10.5 and above.
3781 2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
3784 Update for sudo 1.8.4p5
3787 * plugins/sudoers/match_addr.c:
3788 Add missing break between AF_INET and AF_INET6 in
3789 addr_matches_if_netmask()
3792 * plugins/sudoers/mon_systrace.c:
3793 Move systrace monitor code to the attic
3796 2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
3799 The pointer to the siginfo_t struct in a signal handler may be NULL.
3802 2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
3804 * plugins/sudoers/pwutil.c:
3805 Fix an alignment problem on NetBSD systems with a 64-bit time_t and
3806 strict alignment. Based on a patch from Martin Husemann.
3809 * include/missing.h:
3810 Add offsetof macro for those without it.
3814 add system_group plugin
3817 2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
3820 Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
3823 2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
3826 Mention system_group plugin
3829 * Makefile.in, plugins/sudoers/Makefile.in,
3830 plugins/system_group/Makefile.in:
3834 * plugins/system_group/system_group.c:
3835 Only call gr_delref() when use sudo's password caching functions.
3838 * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
3839 Add missing dependency on libreplace.la
3843 Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
3847 * Makefile.in, configure, configure.in,
3848 plugins/system_group/Makefile.in,
3849 plugins/system_group/system_group.c,
3850 plugins/system_group/system_group.sym:
3851 Add group plugin that does lookups by name using the system group
3855 * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
3857 sync with translationproject.org
3860 2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
3862 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
3863 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
3864 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
3865 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
3866 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
3867 src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
3868 src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
3869 src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
3870 src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
3871 src/po/zh_CN.mo, src/po/zh_CN.po:
3872 sync with translationproject.org
3875 2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
3878 Add mode for docdir and use '-' (default) for localedir mode. Fixes
3879 a problem on Linux when building in a directory with the setgid bit
3883 2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
3889 2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
3892 Update with recent changes
3896 Fix version check on AIX
3899 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3903 * plugins/sudoers/ldap.c:
3904 Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
3908 * plugins/sudoers/ldap.c:
3909 Fix printing of invalid uri
3912 * plugins/sudoers/auth/pam.c:
3913 Pass PAM_SILENT when deleting creds to remove an annoying warning
3917 2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
3920 Fix the setutxent and endutxent compatibility defines (this time
3921 correctly) when only setutent and endutent are available.
3924 * plugins/sudoers/ldap.c:
3925 sudo_ldap_set_options_global() should not take an LDAP handle as an
3926 argument since the options affect the global settings.
3930 Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
3933 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
3934 plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
3936 Call the policy's init_session() function before we fork the child.
3937 That way, the session is created and destroyed in the same process,
3938 which is needed by some modules, such as pam_mount.
3941 * doc/TROUBLESHOOTING:
3942 Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
3946 * plugins/sudoers/auth/pam.c:
3947 Delete creds after closing the PAM session.
3950 * plugins/sudoers/ldap.c:
3951 Provide a more useful error message if using a Mozilla-style LDAP
3952 SDK and you forgot to specify TLS_CERT in ldap.conf.
3956 Add missing initialization of a sigaction structure when I/O
3957 logging. Fixes a potential problem when suspending the command.
3960 * plugins/sudoers/ldap.c:
3961 Split global and per-connection LDAP options into separate arrays.
3962 Set global LDAP options before calling ldap_initialize() or
3963 ldap_init(). After we have an LDAP handle, set the per-connection
3964 options. Fixes a problem with OpenLDAP using the nss crypto backend;
3968 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
3969 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
3970 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
3971 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
3972 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
3973 src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
3974 src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
3975 sync with translationproject.org
3978 2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
3980 * src/sudo.c, src/sudo.h:
3981 Move struct passwd pointer into struct command details.
3984 2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
3987 Sync with upstream for Mac OS X (and other) fixes.
3991 Only built Mac intel universal binary on an intel machine.
3995 Do not pass libtool the -static-libtool-libs option when building
3996 sudo and sesh. Otherwise, libtool may prefer a static version of an
3997 installed library over a dynamic one when linking.
4000 2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
4002 * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
4003 plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
4004 Add German translation for sudo Add Croatian translation for sudoers
4007 * plugins/sudoers/iolog.c:
4011 2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
4014 Update with recent changes
4017 * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4018 Sort xgettext output by file name.
4021 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
4022 Clarify what "sudoreplay -l" displays and mention that it is sorted.
4025 * config.h.in, configure, configure.in, src/ttyname.c:
4026 Use AC_HEADER_MAJOR to determine where major/minor are defined.
4029 * config.h.in, configure, configure.in, src/ttyname.c:
4030 Include sys/mkdev.h if present instead of sys/sysmacros.h for
4031 minor(). This is needed on Solaris (at least) where the makedev
4032 macros in sysmacros.h are obsolete and library functions should be
4037 When building on Mac OS X, only set SDK_FLAGS if specified osversion
4041 2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
4044 Add back buf and tty variables for _ttyname() case that were
4045 inadvertantly removed.
4048 2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
4050 * plugins/sudoers/po/sudoers.pot:
4054 * configure, configure.in:
4055 Remove b8 from version number.
4063 When looking for a device match, do a breadth-first search instead
4064 of depth-first. We already special case /dev/pts/ so chances are
4065 good that if it is not a pseudo-tty it is in the base of /dev/. Also
4066 avoid a stat(2) when possible if struct dirent has d_type.
4069 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4070 src/sudo.c, src/sudo.h:
4071 Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
4074 * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
4075 src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
4077 sync with translationproject.org
4080 * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
4081 src/po/hr.mo, src/po/hr.po:
4082 New Croatian and Galician translations from translationproject.org
4086 Add depth-first traversal of /dev/ for the /proc case when not
4090 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
4091 If struct dirent has d_type, use it to avoid an extra stat().
4094 * plugins/sudoers/sudoreplay.c:
4095 Sort output of "sudoreplay -l"
4098 2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
4100 * plugins/sudoers/sudoreplay.c:
4101 Fix duplicate free introduced in last rev
4104 2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
4106 * plugins/sudoers/auth/pam.c:
4107 Instead of treating ^C from tgetpass() specially, always return
4108 AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
4109 like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
4112 * config.h.in, configure, configure.in, src/ttyname.c:
4113 Rototill code to determine the tty. For Linux, we now look up the
4114 tty device in /proc/pid/stat instead of trying to open
4115 /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
4116 device number to a string. On BSD, we can use devname(). On
4117 Solaris, _ttyname_dev() does what we want. TODO: write /dev/
4118 traversal code for the generic sudo_ttyname_dev().
4121 2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
4124 Define PRNODEV for those w/o it.
4127 * config.h.in, configure, configure.in, src/ttyname.c:
4128 Check for SVR4-style struct psinfo.pr_ttydev and use that to
4129 determine the tty if std{in,out,err} are not ttys.
4133 Better support for SVR4-style /proc entries where we can't use
4134 ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
4135 attempt to map the device number back to the correct pseudo-tty
4140 When trying to determine the tty name, check parent's stderr in
4141 addition to its stdin and stdout.
4145 Treat a tty read failure like EOF as it usually means the pty has
4146 gone away. Handle write() on the tty returning EIO.
4149 * src/exec.c, src/exec_pty.c:
4150 Linux select() may return ENOMEM if there is a kernel resource
4151 shortage. Older Solaris select() may return EIO instead of EBADF
4152 when the tty goes away. If we get an unhandled select() failure,
4153 kill the child and exit cleanly.
4157 Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
4161 2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
4163 * plugins/sudoers/set_perms.c:
4164 Fix restoration of AIX permissions.
4168 Allow the -k flag to be used along with the -i and -s flags.
4171 * plugins/sudoers/sudoreplay.c:
4172 Plug memory leak in parse_logfile() in the error path.
4175 * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
4176 src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
4177 src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
4178 src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
4179 src/po/zh_CN.mo, src/po/zh_CN.po:
4180 sync with translationproject.org
4183 2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
4185 * compat/regress/glob/globtest.c, config.h.in, configure,
4186 configure.in, plugins/sudoers/match.c:
4187 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
4188 glob() and fnmatch() results to be consistent.
4191 2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
4193 * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
4195 Move ttysize.c to common so sudoreplay can use it.
4198 * plugins/sudoers/sudoreplay.c:
4199 If I/O log file includes rows + cols, warn if the user's tty is not
4203 * plugins/sudoers/sudoreplay.c:
4204 Fix printing of TSID in "sudoreplay -l"
4207 * common/sudo_debug.c, include/sudo_debug.h,
4208 plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
4210 Log the process id in the debug file output. Since we don't want to
4211 keep calling getpid(), stash the value at init time and when we
4216 Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
4217 is better to receive EIO from read()/write() than to be suspended
4218 when we don't expect it. Fixes a problem when our terminal is
4219 revoked which can happen when, e.g. our sshd is killed
4220 unceremoniously. Also, only change the value of "alive" from true to
4221 false, never from false to true. It is possible for us to receive
4222 notification of the child having stopped after it is already dead.
4223 This does not mean it has risen from the grave.
4227 Distinguish between signals we received from the parent vs. those
4228 delivered explicitly to the monitor process in debugging info.
4231 2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
4233 * plugins/sudoers/check.c:
4234 In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
4235 Update tty_is_devpts() to match so we can determine when the tty has
4239 * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
4240 Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
4241 and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
4242 This allows consumers of sudo_debug_printf() to log that data
4243 without having to specify it manually.
4247 Make this compile after last change.
4251 Don't try to restore the terminal if we are not the foreground
4252 process. Otherwise, we may be stopped by SIGTTOU when we try to
4253 update the terminal settings when cleaning up.
4257 If select() return EBADF in the main event loop, one of the ttys
4258 must have gone away so perform any I/O we can and close the bad fds.
4261 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
4262 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
4263 plugins/sudoers/toke.l:
4264 Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
4265 function, file and line number in the debug log for warning() and
4269 2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
4271 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
4273 Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
4274 Use this flag when wrapping error() and warning() so the debug
4275 output includes the error string.
4278 2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
4281 Update for sudo 1.8.5
4284 * plugins/sudoers/po/sudoers.pot:
4292 * plugins/sudoers/pwutil.c:
4297 Don't need zero_bytes() after ecalloc()
4300 * config.h.in, configure, configure.in, src/sudo_noexec.c:
4301 Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
4306 Fix compat setutxent and endutxent macros for systems with
4307 setutent() but not setutxent(). From Gustavo Zacarias
4310 2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
4313 Add ignore_result definition to AH_BOTTOM
4316 * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
4317 plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
4318 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
4319 src/exec.c, src/exec_pty.c, src/tgetpass.c:
4320 Fix compiler warnings on some platforms and provide a better method
4321 of defeating gcc's warn_unused_result attribute.
4324 * configure, configure.in:
4325 Fix building the builtin zlib from a build dir. When a zlib dir was
4326 specified, prepend its include path instead of appending so we get
4327 the right zlib headers.
4330 * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
4331 zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
4332 zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
4333 zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
4334 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
4335 Update zlib to version 1.2.6
4338 2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
4340 * include/missing.h:
4341 g/c __unused which is no longer used
4345 Fix compilation if RTLD_NEXT is not defined.
4348 * src/po/sr.mo, src/po/sr.po:
4349 sync with translationproject.org
4352 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
4357 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4362 Ignore Project-Id-Version when comparing pot files.
4365 * plugins/sudoers/bsm_audit.c:
4366 Use error() instead of log_fatal()
4369 * plugins/sudoers/env.c:
4370 Fix signedness of didvar in env_update_didvar()
4373 * plugins/sudoers/iolog.c:
4374 Quiet a compiler warning on some platforms.
4378 cast ctype(3) function/macro arguments from char to unsigned char to
4379 avoid potential negative subscripting.
4382 * common/setgroups.c:
4383 Quiet a warning on systems where the gids array in setgroups() is
4384 not prototyped as being const, even though it really is.
4388 Quiet a compiler warning on systems where the argument to putenv(3)
4392 * plugins/sudoers/sudoreplay.c:
4393 Undo an incorrect int -> bool conversion.
4396 * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
4397 src/po/sv.mo, src/po/sv.po:
4398 Add Swedish sudo and sudoers translations from
4399 translationproject.org
4402 * plugins/sudoers/env.c:
4403 No need to preserve ODMDIR on AIX now that we always read
4407 2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
4409 * doc/sudoers.pod, plugins/sudoers/env.c:
4410 When initializing the environment for env_reset, start out with the
4411 contents of /etc/environment on AIX and login.conf on BSD.
4414 * doc/TROUBLESHOOTING, src/sudo.c:
4415 If we are not running with an effective uid of 0, try to give the
4416 user enough information to debug the problem.
4419 * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
4420 Quiet a clang-analyzer false positive.
4424 If there is nothing to read from the askpass program, set errno to
4425 EINTR. This makes the cancel button behave like the user entered ^C
4426 at the password prompt when PAM is used.
4429 * src/sudo.h, src/tgetpass.c:
4430 Fetch the value of "askpass" from the sudo conf struct.
4433 * common/sudo_conf.c:
4434 Fix matching of "Path askpass" and "Path noexec"
4437 2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
4439 * plugins/sudoers/visudo.c:
4440 Quiet a clang-analyzer dead store warning.
4443 * plugins/sudoers/sudoers.c:
4444 If the "timestampowner" user cannot be resolved, use ROOT_UID
4445 instead of exiting with a fatal error.
4448 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
4449 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
4450 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
4451 plugins/sudoers/check.c, plugins/sudoers/env.c,
4452 plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
4453 plugins/sudoers/logging.h, plugins/sudoers/parse.c,
4454 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
4455 Remove the NO_EXIT flag to log_error() and add a log_fatal()
4456 function that exits and is marked no_return. Fixes false positives
4457 from static analyzers and is easier for humans to read too.
4460 2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
4462 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
4464 sync with translationproject.org
4467 2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
4469 * src/po/da.mo, src/po/da.po:
4470 sync with translationproject.org
4473 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
4474 sync with translationproject.org
4477 2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
4479 * src/po/it.mo, src/po/it.po:
4480 sync with translationproject.org
4483 * common/sudo_conf.c, plugins/sudoers/alias.c,
4484 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
4485 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4486 plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
4487 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
4488 plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
4490 Use ecalloc() when allocating structs.
4493 * common/alloc.c, include/alloc.h:
4494 Add ecalloc() and commented out recalloc(). Use inline strnlen()
4495 instead of strlen() in estrndup().
4498 2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
4500 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
4501 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
4502 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
4503 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
4504 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
4505 src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
4506 src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
4507 src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
4508 src/po/zh_CN.mo, src/po/zh_CN.po:
4509 sync with translationproject.org
4512 2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
4514 * plugins/sudoers/set_perms.c:
4518 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4519 Document what changed in each plugin API revision
4522 * plugins/sudoers/set_perms.c:
4523 Remove bogus optimization that could lead to a double free of the
4527 2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
4529 * doc/TROUBLESHOOTING:
4530 Expand AIX /etc/security/privcmds entry.
4534 Update for sudo 1.8.5
4537 * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
4538 doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4539 doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
4540 doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
4541 include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
4542 src/sudo_plugin_int.h:
4543 Rename plugin "args" to "options"
4547 Add Lithuanian and Vietnamese translators
4551 Ignore comments when comparing new and old pot files.
4558 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
4562 * doc/sudo_plugin.pod, include/sudo_plugin.h,
4563 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
4564 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
4565 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
4566 src/sudo.c, src/sudo.h:
4567 Pass a pointer to user_env in to the init_session policy plugin
4568 function so session setup can modify the user environment as needed.
4569 For PAM authentication, merge the PAM environment with the user
4570 environment at init_session time. We no longer need to swap in the
4571 user_env for environ during session init, nor do we need to disable
4572 the env hooks at init_session time.
4575 * plugins/sample/sample_plugin.c:
4576 Add explicit NULL entries for init_session, register_hooks and
4577 deregister_hooks with appropriate comments.
4581 Quiet a gcc "used uninitialized in this function" false positive.
4584 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4585 We should always call warning() with a format string or a string
4586 literal. In this case, the argument (path) is not user-controlled.
4589 2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
4592 Include sudo_exec.h for the sudo_execve() prototype.
4595 * config.h.in, configure, configure.in:
4596 Add check for pam_getenvlist()
4599 * common/sudo_conf.c:
4600 Set args to NULL in default plugin info struct when there is no
4601 Plugin line in sudo.conf.
4604 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4608 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
4609 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
4610 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
4611 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
4615 * configure, configure.in:
4616 Bump version to 1.8.5
4619 * doc/sudo_plugin.pod:
4623 2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
4626 Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
4629 * include/sudo_plugin.h:
4630 Use sudo_hook_fn_t in struct sudo_hook.
4633 * doc/TROUBLESHOOTING:
4634 If cross compiling, --host must include the OS in the tuple. E.g.
4635 --host powerpc-unknown-linux
4638 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
4640 * plugins/sudoers/parse.c:
4641 Fix bogus int -> bool conversion; tags can have a value of -1.
4644 * plugins/sudoers/env.c:
4645 Add env_should_keep() and env_should_delete() wrapper functions to
4646 simplify things a bit and hide the fact that matches_env_check() is
4651 Fix application of debian-specific sudoers mods when building
4652 packages as non-root.
4655 * plugins/sudoers/env.c:
4656 matches_env_check() returns int, not boolean
4660 Fix compilation when seteuid() is not available.
4664 Simply move the free of ki_proc outside the realloc() loop.
4668 Bring back the erealloc() for the ENOMEM loop and just zero the
4669 pointer after we free it.
4673 Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
4676 2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
4678 * plugins/sudoers/set_perms.c:
4679 Use normal error path if unable to set sudoers gid.
4682 * plugins/sudoers/set_perms.c:
4683 Make this work again on systems w/o seteuid().
4686 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
4688 * plugins/sudoers/set_perms.c:
4689 Fix compilation if no seteuid/setreuid/setresuid available.
4692 * plugins/sudoers/set_perms.c:
4693 Better error messages, and added debugging throughout. Fixed
4694 seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
4695 AIX version of restore_perms(). Added checks to avoid changing
4696 uid/gid when we don't have to. Never set gid/uid state to -1, use
4697 the old value instead.
4700 * src/exec_pty.c, src/ttyname.c:
4701 Fix format string warning on Solaris with gcc 3.4.3.
4705 Always declare environ now that we swap it around unilaterally.
4709 Honor LDFLAGS when linking sesh; from Vita Cizek
4713 Include alloc.h for estrdup() prototype; from Vita Cizek
4716 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
4718 * plugins/sudoers/sudoers.c:
4719 Don't read /etc/environment on Linux when using PAM, PAM should set
4720 the environment variables as needed via pam_env.
4727 * src/hooks.c, src/sudo.c, src/sudo.h:
4728 Disable environment hooks after we get user_env back to make sure a
4729 plugin can't to modify user_env after we "own" it. This is kind of
4730 a hack but we don't want the init_session plugin function to modify
4734 * src/hooks.c, src/sudo.c:
4735 Add support for deregistering hooks. If an I/O log plugin fails to
4736 initialize, deregister its hooks (if any).
4739 2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
4741 * plugins/sudoers/sudoers.c, src/sudo.c:
4742 Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
4746 * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
4747 compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
4748 configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
4749 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
4750 plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
4751 plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
4752 src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
4753 src/sudo_plugin_int.h:
4754 Initial cut at a hooks implementation. The plugin can register
4755 hooks for getenv, putenv, setenv and unsetenv. This makes it
4756 possible for the plugin to trap changes to the environment made by
4757 authentication methods such as PAM or BSD auth so that such changes
4758 are reflected in the environment passed back to sudo for execve().
4761 2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
4763 * MANIFEST, src/po/vi.mo, src/po/vi.po:
4764 Add Vietnamese sudo translation from translationproject.org
4767 2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4769 * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
4771 List sudo_noexec.so not noexec.so in the sample sudo.conf
4774 * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
4775 doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
4776 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
4777 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4778 plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
4779 src/sudo_plugin_int.h:
4780 Add support for plugin args at the end of a Plugin line in
4781 sudo.conf. Bump the minor number accordingly and update the
4782 documentation. A plugin must check the sudo front end's version
4783 before using the plugin_args parameter since it is only supported
4784 for API version 1.2 and higher.
4787 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
4789 * plugins/sudoers/Makefile.in:
4794 secure_path.c is in common, not compat
4797 * configure, configure.in:
4798 Add check for variadic macro support in cpp.
4801 2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
4803 * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
4804 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4805 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4806 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4807 Add type param to sudo_secure_path() and add sudo_secure_file() and
4808 sudo_secure_dir() wrappers which get by #includedir in sudoers.
4811 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
4813 * doc/visudo.pod, plugins/sudoers/visudo.c:
4814 Check the owner and mode in -c (check) mode unless the -f option is
4815 specified. Previously, the owner and mode were checked on the main
4816 sudoers file when the -s (strict) option was given, but this was not
4820 * config.h.in, configure, configure.in, src/ttyname.c:
4821 Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
4822 versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
4825 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
4828 Add Eric Lakin for patch in bug #538
4832 Fix typo in safe_close() made while converting to debug framework
4833 that prevented it from actually closing anything.
4837 Add some more debugging.
4840 * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
4841 include/Makefile.in:
4842 We need sysconfdir in compat/Makfile to get the proper sudo.conf
4843 path. Add standard prefix and foodir expansion in all Makefiles to
4844 avoid this problem in the future.
4847 2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
4849 * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
4850 New Lithuanian sudoers translation from translationproject.org
4853 * plugins/sudoers/po/ja.po:
4854 Update from translationproject.org
4857 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
4859 * plugins/sudoers/ldap.c:
4860 When adding gids to the LDAP filter, only add the primary gid once.
4861 This is consistent with the space computation/allocation. From Eric
4865 * doc/TROUBLESHOOTING:
4866 Add entry for AIX enhanced RBAC config.
4870 Target Mac OS X 10.5 when building packages.
4873 2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
4875 * MANIFEST, common/Makefile.in, common/secure_path.c,
4876 common/sudo_conf.c, include/secure_path.h,
4877 plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
4878 Relax the user/group/mode checks on sudoers files. As long as the
4879 file is owned by the right user, not world-writable and not writable
4880 by a group other than the one specified at configure time (gid 0 by
4881 default), the file is considered OK. Note that visudo will still
4882 set the mode to the value specified at configure time.
4885 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
4887 * plugins/sudoers/set_perms.c:
4888 Add AIX-specific version of permission setting code to make sure
4889 that the saved uid gets restored properly.
4892 * config.h.in, configure, configure.in, src/exec_common.c:
4893 Check for LD_PRELOAD variants in configure instead of checkign cpp
4894 symbols. In disable_execute(), compute the length of the new envp
4895 and allocate it once instead of reallocating on demand. Also append
4896 old value of LD_PRELOAD (if any) to the new value.
4899 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
4900 Fix the description of noexec.
4903 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
4904 The "op" parameter to set_default() must be int, not bool since it
4905 is set to '+' or '-' for list add and subtract.
4909 Make sure sudoers is writable before calling ed script.
4912 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
4914 * doc/CONTRIBUTORS, doc/contributors.pod:
4915 Update contributors. Now includes translators and authors of compat
4919 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
4926 Build flat packages, not package bundles, on Mac OS X.
4929 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
4932 Move macos section to be with the other OS-specific sections.
4935 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
4936 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
4937 Sync with translationproject.org
4940 * configure, configure.in:
4941 Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
4945 Add Mac OS X support, printing the latest chunk of the NEWS file and
4946 the license text in the installer.
4950 Add explicit file modes that match those used by "make install"
4954 Sync with upstream for Mac OS X fixes.
4957 * plugins/sudoers/Makefile.in, src/Makefile.in:
4958 Got back to using "install-sh -M" for files installed as non-
4959 readable by owner. This fixes "make install" as non-root for
4963 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4965 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
4966 plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
4967 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
4968 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
4969 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
4970 Sync with translationproject.org
4973 * Makefile.in, doc/Makefile.in, include/Makefile.in,
4974 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4975 plugins/sudoers/Makefile.in, src/Makefile.in:
4976 Use -m not -M for install-sh for everything except setuid. Install
4977 locale .mo files mode 0444, not 0644. If timedir parent doesn't
4978 exist, use default dir mode, not 0700.
4981 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
4984 Re-sync with upstream; no longer need a local patch.
4988 Add support for building Mac OS X packages.
4996 No longer need to define _PATH_SUDO_CONF here.
4999 * src/exec_common.c:
5000 Fix noexec for Mac OS X.
5003 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
5005 * common/Makefile.in:
5006 Move _PATH_SUDO_CONF override to common to match sudo_debug.c
5009 * plugins/sudoers/set_perms.c:
5010 More complete fix for LDR_PRELOAD on AIX. The addition of
5011 set_perm(PERM_ROOT) before calling the nss open functions (needed to
5012 avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
5013 and then real uid to 0 for PERM_ROOT works around the issue.
5016 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5021 Set real uid to root before calling sudo_edit() or run_command() so
5022 that the monitor process is owned by root and not by the user.
5023 Otherwise, on AIX at least, the monitor process shows up in ps as
5024 belonging to the user (and can be killed by the user).
5027 * plugins/sudoers/set_perms.c:
5028 For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
5029 the call to setuid(0) if the current euid is non-zero. This
5030 effectively restores the state of things prior to rev 7bfeb629fccb.
5031 Fixes a problem on AIX where LDR_PRELOAD was not being honored for
5032 the command being executed.
5035 * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
5036 include/missing.h, src/sudo.c:
5037 Make a copy of the struct passwd in exec_setup() to make sure
5038 nothing in the policy init modifies it.
5041 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
5047 * common/sudo_debug.c, include/sudo_debug.h:
5048 g/c now-unused debug subsystems
5051 * doc/sudo.pod, doc/sudoers.pod:
5052 Enumerate the debug subsystems used by sudo and sudoers.
5055 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
5057 * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
5058 include/sudo_conf.h, src/sudo.c:
5059 Normally, sudo disables core dumps while it is running. This
5060 behavior can now be modified at run time with a line in sudo.conf
5061 like "Set disable_coredumps false"
5065 Mention Spanish translation
5068 * common/sudo_debug.c:
5069 Make sure we don't try to fall back to using the conversation
5070 function for debugging in the main sudo process if we are unable to
5071 open the debug file.
5074 * MANIFEST, src/po/es.mo, src/po/es.po:
5075 Add sudo Spanish translation from translationproject.org
5078 2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
5080 * plugins/sudoers/iolog.c:
5081 Better debug subsystem usage
5085 Remove duplicate function prototypes
5088 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
5090 * configure, configure.in:
5091 Error out if user specified --with-pam but we can't find the headers
5092 or library. Also throw an error if the headers are present but the
5093 library is not and vice versa.
5096 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
5098 * plugins/sudoers/sudoers.c:
5099 Fix the sudoers permission check when the expected sudoers mode is
5103 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
5105 * configure, configure.in:
5106 Verify that we can link executables built with -D_FORTIFY_SOURCE
5110 * src/exec_common.c:
5111 Fix potential off-by-one when making a copy of the environment for
5112 LD_PRELOAD insertion. Fixes bug #534
5115 * configure, configure.in:
5116 Add rudimentary check for _FORTIFY_SOURCE support by checking for
5117 __sprintf_chk, one of the functions used by gcc to support it.
5120 * compat/stdbool.h, config.h.in, configure, configure.in:
5121 Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
5124 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
5126 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5130 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
5132 * src/exec.c, src/sudo.c:
5133 The change in 818e82ecbbfc that caused to exit when the monitor dies
5134 created a race condition between the monitor exiting and the status
5135 being read. All we really want to do is make sure that select()
5136 notifies us that there is a status change when the monitor dies
5137 unexpectedly so shutdown the socketpair connected to the monitor for
5138 writing when it dies. That way we can still read the status that is
5139 pending on the socket and select() on Linux will tell us that the fd
5143 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
5144 src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
5146 Refactor disable_execute() and my_execve() into exec_common.c for
5147 use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
5148 disabling exec in exec_setup(), disable it immediately before
5149 executing the command. Adapted from a diff by Arno Schuring.
5152 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
5154 * aclocal.m4, configure, configure.in:
5155 Add custom version of AC_CHECK_LIB that uses the extra libs in the
5156 cache value name. With this we no longer need to rely on a modified
5157 version of autoconf.
5160 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
5162 * configure, configure.in:
5163 Better handling of network functions that need -lsocket -lnsl
5167 When setting up the execution environment, set groups before
5168 gid/egid like sudo 1.7 did.
5171 * configure, configure.in:
5172 Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
5175 * plugins/sudoers/sudoers.c:
5176 For "sudo -g" prepend the specified group ID to the beginning of the
5177 groups list. This matches BSD convention where the effective gid is
5178 the first entry in the group list. This is required on newer
5179 FreeBSD where the effective gid is not tracked separately and thus
5180 setgroups() changes the egid if this convention is not followed.
5184 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
5186 * configure, configure.in:
5187 Fix sh warning; use "test" instead of "["
5191 When not logging I/O, use a signal handler that only forwards
5192 SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
5193 Fixes a race in the non-I/O logging path where the command may
5194 receive two keyboard-generated signals; one from the kernel and one
5195 from the sudo process.
5199 Back out change that put the command in its own pgrp when not
5200 logging I/O. It causes problems with pipelines.
5203 2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
5205 * compat/Makefile.in, configure, configure.in:
5206 Only run compat regress tests on compat objects we actually build.
5207 Fixes "make check" in the compat dir for systems that don't
5208 implement character classes in fnmatch() or glob(). Bug #531
5211 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
5213 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
5214 Update po files from translationproject.org
5217 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
5220 Include parent directories in case they don't already exist. This
5221 fixes a directory permissions problem with the AIX package when the
5222 /usr/local directories don't already exist.
5226 sync with git version
5229 * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
5233 * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
5234 Move tty name lookup code to its own file.
5237 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
5240 Update with latest sudo 1.8.4 changes.
5243 * config.h.in, configure, configure.in:
5244 Remove obsolete template for HAVE_TIMESPEC
5248 Add a check for devname() returning a fully-qualified pathname. None
5249 of the devname() implementations do this today but you never know
5250 when this might change.
5253 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
5255 * plugins/sudoers/visudo.c:
5256 For "visudo -c" also list include files that were checked when
5261 The device name returned by devname() does not include the /dev/
5262 prefix so we need to add it ourselves.
5266 Add debug warning if KERN_PROC sysctl fails or devname() can't
5267 resolve the tty device to a name.
5270 * common/sudo_debug.c:
5271 The result of writev() is never checked so just cast to NULL.
5274 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
5275 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
5276 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
5277 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
5278 Update Esperanto, Finnish, Polish and Ukrainian translations from
5279 translationproject.org.
5282 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
5284 * config.h.in, configure, configure.in, src/sudo.c:
5285 Add support for determining tty via sysctl on other BSD variants.
5288 * configure, configure.in:
5289 Only check for struct kinfo_proc.ki_tdev on systems that support
5294 For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
5295 ttyname() of std{in,out,err}.
5298 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
5300 * config.h.in, configure, configure.in, src/sudo.c:
5301 On newer FreeBSD we can get the parent's tty name via sysctl().
5304 * plugins/sudoers/testsudoers.c:
5309 Silence a gcc warning.
5312 * plugins/sudoers/bsm_audit.c:
5313 Need to include gettext.h and sudo_debug.h; from John Hein
5316 * plugins/sudoers/iolog.c:
5317 Initialize the debug framework from the I/O plugin too.
5320 2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
5322 * plugins/sudoers/testsudoers.c:
5323 Enable debugging via sudo.conf.
5326 2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
5328 * plugins/sudoers/visudo.c:
5329 Use SUDO_DEBUG_ALIAS for alias checking functions.
5332 * configure, configure.in:
5333 More complete test for getaddrinfo() that doesn't rely on the
5334 network libraries already being added to LIBS.
5337 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
5343 * configure, configure.in:
5344 Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
5347 * compat/getaddrinfo.c:
5348 Include errno.h and missing.h
5355 * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
5356 plugins/sudoers/gram.y, plugins/sudoers/match.c,
5357 plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
5358 src/parse_args.c, src/sudo.c, src/sudo.h:
5359 Update copyright year.
5363 Update for sudo 1.8.4
5366 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5370 * plugins/sudoers/sudoreplay.c:
5371 Enable debugging via sudo.conf.
5374 * plugins/sudoers/visudo.c:
5375 Enable debugging via sudo.conf.
5378 * plugins/sudoers/visudo.c:
5379 Allow "visudo -c" to work when we only have read-only access to the
5380 sudoers include files.
5383 * doc/sudo.pod, doc/visudo.pod:
5384 Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
5385 HISTORY section in sudo that points to HISTORY file.
5388 * doc/sudo.pod, doc/sudo_plugin.pod:
5389 Document Debug setting in sudo.conf and debug_flags in plugin.
5392 2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
5394 * plugins/sudoers/match.c:
5395 Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
5396 bug where a pattern like "/usr/*" include /usr/bin/ in the results,
5397 which would be incorrectly be interpreted as if the sudoers file had
5398 specified a directory. From Vitezslav Cizek.
5401 * INSTALL, config.h.in, configure, configure.in,
5402 plugins/sudoers/auth/kerb5.c:
5403 Add --enable-kerb5-instance configure option to allow people using
5404 Kerberos V authentication to use a custom instance. Adapted from a
5405 diff by Michael E Burr.
5408 * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
5409 Remove -D debug_level option.
5413 Update copyright year.
5416 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
5418 * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
5419 plugins/sudoers/visudo.c:
5420 parse_error is now bool, not int
5423 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5424 plugins/sudoers/parse.c:
5425 Print a more sensible error if yyparse() returns non-zero but
5426 yyerror() was not called.
5429 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
5430 plugins/sudoers/gram.c:
5431 Replace y.tab.c with the correct filename in #line directives.
5434 2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
5437 When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
5438 if the main process's fds 0-2 are not hooked up to a tty. Adapted
5439 from a diff by Zdenek Behan.
5443 When not logging I/O, put command in its own pgrp and make that the
5444 controlling pgrp if the command is in the foreground. Fixes a race
5445 in the non-I/O logging path where the command may receive two
5446 keyboard-generated signals; one from the kernel and one from the
5450 2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
5453 Quiet a bogus gcc warning.
5456 * src/parse_args.c, src/sudo.h:
5457 Fix warnings related to sudo.conf accessors.
5460 * common/sudo_conf.c, include/sudo_conf.h:
5461 Separate sudo.conf parsing from plugin loading and move the parse
5462 functions into the common lib so that visudo, etc. can use them.
5465 * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
5466 src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
5467 Separate sudo.conf parsing from plugin loading and move the parse
5468 functions into the common lib so that visudo, etc. can use them.
5471 * doc/sudoers.pod, plugins/sudoers/def_data.c,
5472 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5473 plugins/sudoers/sudoers.c, src/sudo.c:
5474 Remove support for noexec_file in sudoers and the plugin API
5477 * plugins/sudoers/sudoers.c:
5478 Don't dump interfaces if there are none.
5481 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
5482 Add missing %s printf escape to the group_plugin, iolog_dir and
5483 iolog_file descriptions.
5486 2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
5488 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
5489 Fix typo in visiblepw description; from Joel Pickett
5492 2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
5494 * MANIFEST, configure, configure.in, mkdep.pl,
5495 plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
5496 plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
5497 plugins/sudoers/sudoers.h, src/sudo.c:
5498 When running a login shell with a login_class specified, use
5499 LOGIN_SETENV instead of rolling our own login.conf setenv support
5500 since FreeBSD's login.conf has more than just setenv capabilities.
5501 This requires us to swap the plugin-provided envp for the global
5502 environ before calling setusercontext() and then stash the resulting
5503 environ pointer back into the command details, which is kind of a
5507 * plugins/sudoers/Makefile.in:
5508 If srcdir is "." just use the basename of the yacc/lex file when
5509 generating the C version. This matches the generated files
5510 currently in the repo.
5513 * doc/Makefile.in, plugins/sudoers/Makefile.in:
5514 Clean up the DEVEL noise
5518 Handle different Unix domain socket (actually socketpair) semantics
5519 in BSD vs. Linux. In BSD if one end of the socketpair goes away
5520 select() returns the fd as readable and the read will fail with
5521 ECONNRESET. This doesn't appear to happen on Linux so if we notice
5522 that the monitor process has died when I/O logging is enabled,
5523 behave like the command has exited. This means we log the wait
5524 status of the monitor, not the command, but there is nothing else we
5525 can do at that point. This should only be an issue if SIGKILL is
5526 sent to the monitor process.
5530 Catch common signals in the monitor process so they get passed to
5531 the command. Fixes a problem when the entire login session is
5532 killed when ssh is disconnected or the terminal window is closed.
5533 Previously, the monitor would exit and plugin's close method would
5537 * INSTALL, configure, configure.in:
5538 Mention how to configure pam_hpsec on HP-UX to play nicely with
5542 2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
5544 * plugins/sudoers/ldap.c:
5545 Escape values in the search expression as per RFC 4515.
5548 * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5549 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5551 No need for install target to depend explicitly on install-dirs, the
5552 install-foo targets all depend on it.
5555 2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
5561 * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
5562 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
5563 plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
5564 plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
5565 plugins/sudoers/sudoers.h, src/Makefile.in:
5566 Add support for setenv entries in login.conf. We can't use
5567 LOGIN_SETENV since the plugin sets up the envp the command is
5568 executed with. Also regen the Makefile.in files while here. Fixes
5572 2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
5574 * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
5575 config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
5577 Add getaddrinfo() for those without it, written by Russ Allbery
5581 Restore PACKAGE_TARNAME, it is used in docdir
5584 * MANIFEST, compat/stdbool.h:
5585 SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
5589 * common/atobool.c, common/term.c, src/exec.c:
5590 Remove duplicate return statements.
5593 * plugins/sudoers/auth/bsdauth.c:
5594 Remove inaccurate comment
5597 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
5598 Fetch the login class for the user we authenticate specifically when
5599 using BSD authentication. That user may have a different login
5600 class than what we will use to run the command. When setting the
5601 login class for the command, use the target user's struct passwd,
5602 not the invoking user's. Fixes bug 526
5605 * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
5606 plugins/sudoers/Makefile.in:
5607 Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
5610 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
5611 plugins/sudoers/regress/logging/check_wrap.c,
5612 plugins/sudoers/regress/parser/check_addr.c,
5613 plugins/sudoers/regress/parser/check_fill.c:
5614 Fix "make check" fallout from the sudo_conv changes in sudo_debug.
5617 * common/fileops.c, common/sudo_debug.c, configure, configure.in,
5618 include/fileops.h, plugins/sample/Makefile.in,
5619 plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
5620 plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
5621 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
5622 plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
5623 plugins/sudoers/env.c, plugins/sudoers/find_path.c,
5624 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
5625 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
5626 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
5627 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
5628 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
5629 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
5630 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
5631 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
5632 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5633 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
5634 plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
5635 src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
5636 src/sudo_plugin_int.h, src/utmp.c:
5637 Use stdbool.h instead of rolling our own TRUE/FALSE macros.
5640 2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
5642 * compat/stdbool.h, config.h.in, configure, configure.in:
5643 Add stdbool.h for systems without it.
5646 * aclocal.m4, config.h.in, configure, configure.in:
5647 No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
5648 includes have unistd.h in them. Add check for socklen_t for
5649 upcoming getaddrinfo compat.
5652 * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
5653 configure.in, plugins/sudoers/interfaces.c,
5654 plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
5655 plugins/sudoers/sudoreplay.c, src/net_ifs.c:
5656 Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
5657 HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
5660 * src/sudo_noexec.c:
5661 No longer need to include time.h here as missing.h does not use
5665 2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
5667 * plugins/sudoers/visudo.c:
5668 Fix mode on sudoers as needed when the -f option is not specified.
5671 * MANIFEST, src/po/sr.mo, src/po/sr.po:
5672 Add Serbian translation for sudo from translationproject.org
5675 * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
5677 No longer pass debug_file to plugin, plugins must now use
5682 Build PIE executables for newer Debian and Ubuntu
5685 * common/sudo_debug.c:
5686 Include time.h for ctime() prototype.
5689 2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
5691 * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
5693 Do not close error pipe or debug fd via closefrom() as we need them
5694 to report an exec error should one occur.
5697 * doc/sudoers.ldap.pod:
5698 Document that a sudoUser may now be a group ID.
5701 * plugins/sudoers/ldap.c:
5702 Add support for permitting access by group ID in addition to group
5706 * plugins/sudoers/ldap.c:
5707 Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
5710 * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
5711 Replace UCB fnmatch.c with a non-recursive version written by
5715 * plugins/sudoers/auth/pam.c:
5716 Fix typo, return_debug vs. debug_return
5719 2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
5721 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
5722 Update Japanese sudoers translation from translationproject.org
5726 Make the env_reset descriptions consistent.
5729 2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
5731 * configure, configure.in:
5732 Do multiple expansion when expanding paths to the noexec file, sesh
5733 and the plugin directory. Adapted from a diff by Mike Frysinger
5736 * common/Makefile.in:
5740 2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
5743 Add ignore file; from Mike Frysinger
5747 no longer save old Makefile.in to .old
5750 * plugins/sudoers/Makefile.in, src/Makefile.in:
5754 * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
5755 m4/ltoptions.m4, m4/ltversion.m4:
5756 Update to libtool 2.4.2
5759 2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
5761 * plugins/sudoers/sudoers_version.h:
5762 Bump grammar version for #include and #includedir relative path
5766 2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
5768 * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5769 Add support for relative paths in #include and #includedir
5772 * plugins/sudoers/Makefile.in:
5773 Fix install-plugin when shared objects are unsupported or disabled.
5776 * plugins/sudoers/goodpath.c:
5777 Don't write to sbp if it is NULL
5780 2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
5783 Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
5784 only install matching .mo files
5787 2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
5789 * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
5790 plugins/sudoers/sudoers.c, src/conversation.c:
5791 Fix non-dynamic (no dlopen) sudo build.
5794 * configure, configure.in:
5795 Don't error out if the user specified --disable-shared
5798 * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
5799 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
5801 Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
5805 * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
5806 plugins/sudoers/sudoers.h:
5807 Make sudo_goodpath() return value bolean
5810 * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
5811 plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
5812 Remove obsolete securid auth method.
5815 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
5816 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
5817 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
5818 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
5819 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
5820 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
5821 plugins/sudoers/auth/sudo_auth.h:
5822 Prefix authentication functions with a "sudo_" prefix to avoid
5826 * INSTALL, MANIFEST, config.h.in, configure, configure.in,
5827 doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
5828 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
5829 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
5830 Remove the old Kerberos IV support
5833 2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
5835 * plugins/sudoers/check.c:
5836 Don't print garbage at the end of the custom lecture.
5839 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5840 Add lexer tracing as debug@parser
5843 * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
5844 plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
5845 plugins/sudoers/match.c, plugins/sudoers/parse.c,
5846 plugins/sudoers/regress/parser/check_fill.c,
5847 plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
5848 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
5849 plugins/sudoers/visudo.c:
5850 Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
5851 <def_data.h> and not "def_data.h" when generating the parser in a
5855 2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5857 * mkdep.pl, plugins/sudoers/Makefile.in:
5858 Better devdir support in mkdep.pl
5861 * plugins/sudoers/Makefile.in:
5862 Add devdir before srcdir in include path and fix up dependecies
5866 * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
5867 plugins/sudoers/defaults.h, plugins/sudoers/match.c,
5868 plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
5869 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
5870 plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
5871 #include "gram.h" not <gram.h> and "def_data.h" and not
5876 Mark libexec files as optional. If we build without shared object
5877 support, libexec is not used.
5880 * src/load_plugins.c:
5881 Change Debug sudo.conf setting to take a program name as the first
5882 argument. In the future, this will allow visudo and sudoreplay to
5883 use their own Debug entries.
5887 fix sudo_debug_printf priority
5890 * plugins/sudoers/sudoers.c:
5891 add missing debug_return_int
5894 2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
5896 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
5897 plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
5898 Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
5902 Add missing word in HOME security note.
5905 * plugins/sudoers/testsudoers.c:
5906 Prevent "testsudoers -d username" from trying to malloc(0).
5909 2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
5911 * plugins/sudoers/regress/sudoers/test10.in,
5912 plugins/sudoers/regress/sudoers/test10.out.ok,
5913 plugins/sudoers/regress/sudoers/test10.toke.ok,
5914 plugins/sudoers/regress/sudoers/test10.toke.out.ok,
5915 plugins/sudoers/regress/sudoers/test11.in,
5916 plugins/sudoers/regress/sudoers/test11.out.ok,
5917 plugins/sudoers/regress/sudoers/test11.toke.ok,
5918 plugins/sudoers/regress/sudoers/test11.toke.out.ok,
5919 plugins/sudoers/regress/sudoers/test12.in,
5920 plugins/sudoers/regress/sudoers/test12.out.ok,
5921 plugins/sudoers/regress/sudoers/test12.toke.ok,
5922 plugins/sudoers/regress/sudoers/test13.in,
5923 plugins/sudoers/regress/sudoers/test13.out.ok,
5924 plugins/sudoers/regress/sudoers/test13.toke.ok,
5925 plugins/sudoers/regress/sudoers/test9.in,
5926 plugins/sudoers/regress/sudoers/test9.out.ok,
5927 plugins/sudoers/regress/sudoers/test9.toke.ok,
5928 plugins/sudoers/regress/sudoers/test9.toke.out.ok:
5929 Tests for empty sudoers (should parse OK) and syntax errors within a
5930 line (should report correct line number) both with and without the
5934 * plugins/sudoers/regress/sudoers/test4.out.ok,
5935 plugins/sudoers/regress/sudoers/test5.out.ok,
5936 plugins/sudoers/regress/sudoers/test7.out.ok,
5937 plugins/sudoers/regress/sudoers/test8.out.ok,
5938 plugins/sudoers/testsudoers.c:
5939 Print line number when there is a parser error.
5942 2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
5944 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5945 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5946 Keep track of the last token returned. On error, if the last token
5947 was COMMENT, decrement sudolineno since the error most likely
5948 occurred on the preceding line. Previously we always uses
5949 sudolineno-1 which will give the wrong line number for errors within
5953 2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
5956 update with sudo 1.8.3p1 info
5959 * plugins/sudoers/sudoers.c:
5960 Fix crash when "sudo -g group -i" is run. Fixes bug 521
5963 2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
5965 * plugins/sudoers/visudo.c:
5966 Make alias_remove_recursive() return TRUE/FALSE as its callers
5967 expect and remove two unused arguments. Fixes bug 519.
5970 * plugins/sudoers/regress/visudo/test1.out.ok,
5971 plugins/sudoers/regress/visudo/test1.sh:
5972 Add regress test for bugzilla 519
5975 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
5976 plugins/sudoers/regress/logging/check_wrap.c,
5977 plugins/sudoers/regress/parser/check_addr.c,
5978 plugins/sudoers/regress/parser/check_fill.c:
5979 Disable warning/error wrapping in regress tests.
5982 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
5985 Do compile-po as part of sync-po so that the .mo files get rebuild
5986 automatically when we sync with translationproject.org
5989 * plugins/sudoers/Makefile.in:
5990 check_addr needs to link with the network libraries on Solaris
5993 * plugins/sudoers/match.c:
5994 When matching a RunasAlias for a runas group, pass the alias in as
5995 the group_list, not the user_list. From Daniel Kopecek.
5998 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
5999 We need to init the auth system regardless of whether we need a
6000 password since we will be closing the PAM session in the monitor
6001 process. Fixes a crash in the monitor on Solaris; bugzilla #518
6004 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
6007 Get rid of done: label. If the child exits we still need to close
6008 the pty, update utmp and restore the SELinux tty context.
6011 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
6013 * common/Makefile.in, common/atobool.c, common/fileops.c,
6014 common/fmt_string.c, common/lbuf.c, common/list.c,
6015 common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
6016 plugins/sudoers/alias.c, plugins/sudoers/audit.c,
6017 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6018 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6019 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6020 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6021 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6022 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6023 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6024 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
6025 plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
6026 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
6027 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
6028 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6029 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
6030 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
6031 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
6032 plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
6033 plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
6034 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
6035 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
6036 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6037 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6038 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
6039 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
6040 src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
6041 src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
6042 src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
6043 src/tgetpass.c, src/ttysize.c, src/utmp.c:
6044 Add debug_decl/debug_return (almost) everywhere. Remove old
6045 sudo_debug() and convert users to sudo_debug_printf().
6048 * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
6049 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6050 plugins/sudoers/visudo.c, src/error.c:
6051 Wrap error/errorx and warning/warningx functions with debug
6052 statements. Disable wrapping for standalone sudoers programs as well
6053 as memory allocation functions (to avoid infinite recursion).
6056 * README, config.h.in, configure, configure.in:
6057 Add checks for __func__ and __FUNCTION__ and mention that we now
6058 require a cpp that supports variadic macros.
6061 * MANIFEST, common/Makefile.in, common/sudo_debug.c,
6062 include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
6063 src/load_plugins.c, src/parse_args.c, src/sudo.c,
6064 src/sudo_plugin_int.h:
6065 New debug framework for sudo and plugins using /etc/sudo.conf that
6066 also supports function call tracing.
6069 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
6071 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
6072 Update Japanese sudoers translation from translationproject.org
6075 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
6077 * configure, configure.in:
6078 Override and ignore the --disable-static option. Sudo already runs
6079 libtool with -tag=disable-static where applicable and we need non-
6080 PIC objects to build the executables.
6083 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
6089 * plugins/sudoers/po/sudoers.pot:
6093 * plugins/sudoers/env.c:
6094 Ignore set_logname (which is now the default) for sudoedit since we
6095 want the LOGNAME, USER and USERNAME environment variables to refer
6096 to the calling user since that is who the editor runs as. This
6097 allows the editor to find the user's startup files. Fixes bugzilla
6101 * plugins/sudoers/pwutil.c:
6102 Instead of trying to grow the buffer in make_grlist_item(), simply
6103 increase the total length, free the old buffer and allocate a new
6104 one. This is less error prone and saves us from having to adjust
6105 all the pointers in the buffer. This code path is only taken when
6106 there are groups longer than the length of the user field in struct
6107 utmp or utmpx, which should be quite rare.
6111 Add Italian translation for sudo from translationproject.org
6114 * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
6115 src/po/ja.mo, src/po/ja.po:
6116 Japanese translation for sudo and sudoers from
6117 translationproject.org
6120 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
6122 * plugins/sudoers/Makefile.in:
6123 sudoreplay depends on timestr.lo too; from Mike Frysinger
6126 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
6128 * plugins/sudoers/po/sudoers.pot:
6129 Regen sudoers pot file.
6133 Update with latest sudo 1.8.3 news
6136 * plugins/sudoers/sudoers.c:
6137 It appears that LDAP or NSS may modify the euid so we need to be
6138 root for the open(). We restore the old perms at the end of
6139 sudoers_policy_open().
6142 * plugins/sudoers/set_perms.c:
6143 Better warning message on setuid() failure for the setreuid()
6144 version of set_perms().
6147 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
6149 * plugins/sudoers/check.c:
6150 Delref auth_pw at the end of check_user() instead of getting a ref
6154 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
6155 Make sudo_auth_{init,cleanup} return TRUE on success and check for
6156 sudo_auth_init() return value in check_user().
6159 * plugins/sudoers/auth/sudo_auth.c:
6160 Do not return without restoring permissions.
6163 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6167 * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
6168 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6169 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6170 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
6171 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
6172 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6173 plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
6174 plugins/sudoers/sudoers.h:
6175 Modify the authentication API such that the init and cleanup
6176 functions are always called, regardless of whether or not we are
6177 going to verify a password. This is needed for proper PAM session
6181 * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
6182 Add missing dependency for getspwuid.lo and regen other depends.
6185 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
6186 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
6187 Fix a PAM_USER mismatch in session open/close. We update PAM_USER
6188 to the target user immediately before setting resource limits, which
6189 is after the monitor process has forked (so it has the old value).
6190 Also, if the user did not authenticate, there is no pamh in the
6191 monitor so we need to init pam here too. This means we end up
6192 calling pam_start() twice, which should be fixed, but at least the
6193 session is always properly closed now.
6197 Add check for old being NULL in utmp_setid(); from Steven McDonald
6200 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
6202 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
6203 plugins/sudoers/sudoers.h:
6204 If the invoking user cannot be resolved by uid fake the struct
6205 passwd and store it in the cache so we can delref it on exit.
6208 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
6210 * plugins/sudoers/sudoers.c:
6211 Don't error out if the group plugin cannot be loaded, just warn.
6214 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
6216 * plugins/sudoers/sudoers.c:
6217 Quiet a false positive found by several static analysis tools. These
6218 tools don't know that log_error() does not return (it longjmps to
6219 error_jmp which returns to the sudo front-end).
6222 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
6224 * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
6225 plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
6226 plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
6227 Add Italian translation for sudo from translationproject.org Regen
6231 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
6233 * doc/TROUBLESHOOTING:
6234 Update to current reality and add bit about ssh auth
6237 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
6238 Make "verbose" static; fixes a namespace clash with
6239 pam_ssh_agent_auth (and it doesn't need to be extern these days).
6242 * config.h.in, configure, configure.in, src/get_pty.c:
6243 FreeBSD has libutil.h not util.h
6246 * configure, configure.in:
6247 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
6250 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
6252 * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
6253 plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
6254 plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
6255 Update po files from translationproject.org
6258 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
6260 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
6261 Add support for DEREF in ldap.conf.
6265 install target should depend on ChangeLog too, not just install-doc
6269 Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
6273 Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
6277 Document group lookup change and possible side effects.
6280 * configure, configure.in:
6281 Fix some square brackets in case statements that needed to be
6282 doubled up. While here, use $OSMAJOR when it makes sense.
6285 * plugins/sudoers/pwutil.c:
6286 Fix a crash in make_grlist_item() on 64-bit machines with strict
6290 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
6291 Remove list_options() function that is no longer used now that "sudo
6295 * configure, configure.in:
6296 Error message if user tries --with-CC
6299 * configure, configure.in:
6300 Check for -libmldap too when looking for ldap libs, which is the
6301 Tivoli Directory Server client library.
6304 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
6306 * plugins/sudoers/parse.c:
6307 Honor NOPASSWD tag for denied commands too.
6310 2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
6312 * INSTALL, configure, configure.in:
6313 Remove --with-CC option; it doesn't work correctly now that we use
6314 libtool. Users can get the same effect by setting the CC
6315 environment variable when running configure.
6318 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
6320 * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
6322 Assume all modern systems support fstat(2).
6325 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
6327 * compat/regress/glob/globtest.c, config.h.in, configure,
6328 configure.in, include/missing.h, plugins/sudoers/sudoers.h,
6329 src/sudo.h, src/sudo_noexec.c:
6330 Add configure test for missing errno declaration and only declare it
6331 ourselves if it is missing.
6334 * plugins/sudoers/alias.c:
6335 Include errno.h before sudo.h to avoid conflicting with the system
6336 definition of errno.
6339 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
6341 * plugins/sudoers/regress/parser/check_addr.c:
6342 Only print individual check status when there is a failure.
6345 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
6346 plugins/sudoers/regress/logging/check_wrap.c,
6347 plugins/sudoers/regress/parser/check_addr.c:
6348 Add calls to setprogname() for test programs.
6351 * configure, configure.in:
6352 Add -Wall and -Werror after all tests so they don't cause failures.
6355 * plugins/sudoers/Makefile.in:
6356 Actually run check_addr in the check target
6359 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
6360 plugins/sudoers/match_addr.c,
6361 plugins/sudoers/regress/parser/check_addr.c,
6362 plugins/sudoers/regress/parser/check_addr.in:
6363 Split out address matching into its own file and add regression
6367 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
6369 * plugins/sudoers/match.c:
6370 When matching an address with a netmask in sudoers, AND the mask and
6371 addr before checking against the local addresses.
6374 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
6376 * plugins/sudoers/match.c:
6377 Fix netmask matching.
6380 * plugins/sudoers/visudo.c:
6381 Don't assume all editors support the +linenumber command line
6382 argument, use a whitelist of known good editors.
6385 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
6387 * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
6388 src/exec_pty.c, src/sudo.c:
6389 Silence compiler warnings on Solaris with gcc 3.4.3
6393 Fix building on RHEL 3
6396 * INSTALL, configure, configure.in:
6397 Add --enable-werror configure option.
6400 * common/setgroups.c:
6401 setgroups() proto lives in grp.h on RHEL4, perhaps others.
6404 * configure, configure.in:
6405 Use PAM by default on AIX 6 and higher.
6408 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
6410 * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
6411 src/po/eo.mo, src/po/eo.po:
6412 Add new Esperanto translation from translationproject.org
6415 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
6417 * plugins/sudoers/iolog_path.c:
6418 Quiet an innocuous valgrind warning.
6421 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
6423 * plugins/sudoers/iolog_path.c,
6424 plugins/sudoers/regress/iolog_path/data:
6425 Fix expansion of strftime() escapes in log_dir and add a regress
6426 test that exhibited the problem.
6429 * plugins/sudoers/Makefile.in:
6430 Fix "make check" return value.
6433 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6435 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6440 Fix logic inversion in pot file up to date check.
6443 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
6445 * configure, configure.in:
6446 Add caching for gettext() checks.
6449 * configure, configure.in:
6450 Better handling of libintl header and library mismatch.
6453 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
6455 * plugins/sudoers/sudoers.c:
6456 Also check sudoers gid if sudoers is group writable.
6459 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
6461 * configure, configure.in:
6462 If dlopen is present but libtool doesn't find it, error out since it
6463 probably means that libtool doesn't support the system.
6467 configure args on the command line should override builtin defaults.
6468 Disable NLS for non-Linux/Solaris unless explicitly enabled.
6471 * plugins/sudoers/auth/aix_auth.c:
6472 Fix loop that calls authenticate(). If there was an error message
6473 from authenticate(), display it.
6476 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
6478 * m4/libtool.m4, m4/ltversion.m4:
6479 Update to autoconf 2.68 and libtool 2.4
6482 * config.guess, config.sub, configure, configure.in, ltmain.sh:
6483 Update to autoconf 2.68 and libtool 2.4
6487 Fix typo; OPT should be OTP
6490 * plugins/sudoers/Makefile.in:
6491 Rename libsudoers convenience library to libparsesudoers to avoid
6495 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
6497 * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
6498 Add Danish sudoers translation from translationproject.org
6501 * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
6502 Add dedicated callback function for runas_default sudoers setting
6503 that only sets runas_pw if no runas user or group was specified by
6507 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
6509 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
6510 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
6511 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
6513 Update Finish, Polish, Russian and Ukrainian translations from
6514 translationproject.org.
6517 * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
6518 plugins/sudoers/testsudoers.c:
6519 Go back to using a callback for runas_default to keep runas_pw in
6520 sync. This is needed to make per-entry runas_default settings work
6521 with LDAP-based sudoers. Instead of declaring it a callback in
6522 def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
6523 bit naughty, but avoids requiring stub functions in visudo and the
6527 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
6530 Add check for out of date message catalogs when doing "make dist".
6533 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
6540 Make sure compiler supports static-libgcc before using it.
6543 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
6546 Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
6549 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
6551 * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
6552 plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
6553 plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
6555 Add new Russian sudo translation from translationproject.org and
6556 rebuild the other translation files.
6559 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
6561 * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
6562 Update Finish and Polish translations from translationproject.org
6565 * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
6566 Go back to escaping the command args for "sudo -i" and "sudo -s"
6567 before calling the plugin. Otherwise, spaces in the command args
6568 are not treated properly. The sudoers plugin will unescape non-
6569 spaces to make matching easier.
6572 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6574 * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
6575 plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
6576 plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
6577 plugins/sudoers/toke.l:
6578 Fix some potential problems found by the clang static analyzer, none
6582 * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
6584 Updated Ukranian and Chinese (simplified) po files from
6585 translationproject.org
6588 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
6590 * plugins/sudoers/po/pl.po:
6591 Updated Polish translation from translationproject.org
6594 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6598 * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
6599 Don't try to audit failure if the runas user does not exist. We
6600 don't have the user's command at this point so there is nothing to
6601 audit. Add a NULL check in audit_success() and audit_failure() just
6602 to be on the safe side.
6606 Add -g to CFLAG for PIE builds.
6609 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
6611 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
6612 plugins/sudoers/sudoers.h, src/sudo.c:
6613 Remove fallback to per-group lookup when matching groups in sudoers.
6614 The sudo front-end will now use getgrouplist() to get the user's
6615 list of groups if getgroups() fails or returns zero groups so we
6616 always have a list of the user's groups. For systems with
6617 mbr_check_membership() which support more that NGROUPS_MAX groups
6618 (Mac OS X), skip the call to getgroups() and use getgrouplist() so
6619 we get all the groups.
6622 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
6624 * common/setgroups.c:
6625 Fix setgroups() fallback code on EINVAL.
6628 * plugins/sudoers/set_perms.c:
6629 Fix two PERM_INITIAL cases that were still using user_gids.
6633 Add Polish sudo message catalog
6636 * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6637 user_group is no longer used, remove it
6640 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
6642 * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
6643 Add Polish translation from translationproject.org
6646 * MANIFEST, common/Makefile.in, common/setgroups.c,
6647 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
6648 src/sudo.h, src/sudo_edit.c:
6649 Add a wrapper for setgroups() that trims off extra groups and
6650 retries if setgroups() fails. Also add some missing addrefs for
6651 PERM_USER and PERM_FULL_USER.
6654 * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
6655 configure, configure.in, include/missing.h, mkdep.pl,
6656 plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
6657 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6658 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
6659 Instead of keeping separate groups and gids arrays, create struct
6660 group_info and use it to store both, along with a count for each.
6661 Cache group info on a per-user basis using getgrouplist() to get the
6662 groups. We no longer need special to special case the user or list
6663 user for user_in_group() and thus no longer need to reset the groups
6664 list when listing another user.
6668 Don't rely on NULL since we don't include a header for it.
6671 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
6677 2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
6679 * plugins/sudoers/sudoers.c:
6680 Do not shadow global sudo_mode with a local variable in set_cmnd()
6683 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
6685 * plugins/sudoers/sudoers.c:
6686 bash 2.x doesd not support the -l flag and exits with an error if it
6687 is specified so use --login instead. This causes an error with bash
6688 1.x (which uses -login instead) but this version is hopefully less
6692 * src/po/pl.mo, src/po/pl.po:
6693 Add Polish translation from translationproject.org
6696 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
6698 * plugins/sudoers/set_perms.c:
6699 Make error strings translatable.
6703 Only run configure with --with-pam-login for RHEL 5 and above.
6710 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
6712 * plugins/sudoers/logwrap.c:
6713 Add missing logwrap.c
6716 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
6717 plugins/sudoers/logging.h,
6718 plugins/sudoers/regress/logging/check_wrap.c,
6719 plugins/sudoers/regress/logging/check_wrap.in,
6720 plugins/sudoers/regress/logging/check_wrap.out.ok:
6721 Split out log file word wrap code into its own file and add unit
6722 tests. Fixes an off-by one in the word wrap when the log line
6723 length matches loglinelen.
6726 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
6729 For SuSE, only use /usr/lib64 as libexec if generating 64-bit
6733 * src/load_plugins.c, src/sudo.c:
6734 Fix build error when --without-noexec configure option is used.
6737 * configure, configure.in:
6738 Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
6742 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
6744 * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
6745 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6746 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6747 Resolve the list of gids passed in from the sudo frontend (the
6748 result of getgroups()) to names and store both the group names and
6749 ids in the sudo_user struct. When matching groups in the sudoers
6750 file, match based on the names in the groups list first and only do
6751 a gid-based match when we absolutely have to. By matching on the
6752 group name (as it is listed in sudoers) instead of id (which we
6753 would have to resolve) we save a lot of group lookups for sudoers
6754 files with a lot of groups in them.
6757 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
6759 * plugins/sudoers/sudoers.c:
6760 Workaround for "sudo -i command" and newer versions of bash which
6761 don't go into login mode when -c is specified unless -l is too.
6764 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6766 * plugins/sudoers/logging.c:
6767 Rewrite logfile word wrapping code to be more straight-forward and
6768 actually wrap at the correct place.
6771 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
6773 * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
6774 Set use_pty=true in command details when use_pty is set in sudoers.
6778 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
6780 * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
6781 src/po/zh_CN.mo, src/po/zh_CN.po:
6782 Sync Chinese (simplified) PO files from translationproject.org
6785 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
6787 * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
6788 plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
6789 Add Danish translation from translationproject.org and add missing
6793 * Makefile.in, configure, configure.in:
6794 No longer need to specify LINGUAS in configure, "make install-nls"
6795 now just installs all the .mo files it finds.
6798 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
6800 * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
6801 Build CONTRIBUTORS from newly-added contributors.pod
6805 Rework the wording in the leading paragraph
6808 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
6810 * MANIFEST, doc/CONTRIBUTORS:
6811 Add a CONTRIBUTORS file with the names of folks who have contributed
6812 code or patches to sudo since I started maintaining it (plus the
6816 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
6818 * plugins/sudoers/env.c:
6819 Preserve SHELL variable for "sudo -s". Otherwise we can end up with
6820 a situation where the SHELL variable and the actual shell being run
6824 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
6826 * configure, configure.in:
6827 Only enable Solaris project support when setproject() is present in
6832 Explicitly set mode and owner of /etc/sudoers instead of relying on
6833 "cp -p" to work in the postinstall script. On AIX 6.1 at least the
6834 postinstall script runs before the final file permissions are set.
6837 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
6839 * doc/sudo.pod, doc/sudoers.pod:
6840 Refer the user to the "Command Environment" section in description
6841 of sudo's -i option.
6848 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
6851 If there is no old dependency for an object file, use the MANIFEST
6855 * compat/Makefile.in:
6856 Remove dependency for getgrouplist.lo as we don't ship that source
6860 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
6862 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
6863 Do not declare yyparse() static as the actual function generated by
6867 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
6870 Remove locale files in "make uninstall"
6873 * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
6874 plugins/sudoers/po/uk.po, src/po/eu.po:
6875 Add Basque translation and sync Finish and Ukranian translations.
6878 * configure, configure.in:
6879 FreeBSD no longer needs the main sudo binary to link with -lpam now
6880 that plug-ins are loaded with RTLD_GLOBAL.
6883 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
6884 Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
6885 problems with pam modules not having access to symbols provided by
6886 libpam on some platforms. Affects FreeBSD and SLES 10 at least.
6890 Move xgettext invocation out of update-po target into update-pot
6893 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
6895 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6896 Regenerate .pot files for 1.8.2rc2
6899 * Makefile.in, common/Makefile.in, compat/Makefile.in,
6900 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6901 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6902 src/Makefile.in, zlib/Makefile.in:
6903 Move nls targets to the top level Makefile so the paths in the pot
6908 Add compiled version of sudo Finish translation
6911 * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
6912 Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
6916 * configure, configure.in, plugins/sudoers/po/fi.po:
6917 Add Finish translation from translationproject.org
6920 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
6923 The group named by exempt_group should not have a % prefix.
6926 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
6929 Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
6932 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
6934 * src/exec.c, src/exec_pty.c:
6935 Fix compressed io log corruption in background mode by using _exit()
6936 instead of exit() to avoid flushing buffers twice.
6938 Improved background mode support. When not allocating a pty, the
6939 command is run in its own process group. This prevents write access
6940 to the tty. When running in a pty, stdin is not hooked up and we
6941 never read from /dev/tty, which results in similar behavior.
6944 * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
6945 Clean up regress files Generate proper dependencies for regress objs
6949 * plugins/sudoers/Makefile.in:
6950 Add missing dependency for check_fill.o.
6953 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
6955 * INSTALL, configure, configure.in:
6956 Add support for --enable-nls[=location]
6959 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
6961 * plugins/sudoers/linux_audit.c:
6965 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
6969 * configure, configure.in:
6970 Don't install .mo files if gettext was not found.
6973 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
6976 Always allocate a pty when running a command in the background but
6977 call setsid() after forking to make sure we don't end up with a
6981 * plugins/sudoers/iolog.c:
6982 Add missing space between command name and the first command line
6986 * plugins/sudoers/sudoreplay.c:
6987 Quiet a compiler warning on some platforms.
6990 * plugins/sudoers/po/README, src/po/README:
6991 README file that directs people to translationproject.org
6994 * plugins/sudoers/po/uk.po, src/po/fi.po:
6995 Sync translations with TP
6999 Add 'sync-po' target to top-level Makefile to rsync the po files
7000 from translationproject.org.
7003 * plugins/sudoers/Makefile.in:
7004 install nls files from install target
7007 * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
7008 Include .mo files in sudo binary packags.
7011 * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
7012 plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
7013 Add simplified chinese translation
7016 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
7018 * configure, configure.in, plugins/sudoers/po/uk.mo,
7019 plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
7020 Add ukranian translation
7023 * compat/Makefile.in:
7024 refer to siglist.c, not ./siglist.c since not all makes will treat
7025 foo and ./foo the same.
7028 * plugins/sudoers/sudoers.c:
7029 Set def_preserve_groups before searching for the command when the -P
7033 * Makefile.in, compat/Makefile.in, mkdep.pl,
7034 plugins/sudoers/Makefile.in:
7035 Add dependency for siglist.lo in compat. This is a generated file
7036 so "make depend" needs to depend on it.
7039 * compat/Makefile.in:
7040 More dependency fixes.
7043 * compat/Makefile.in:
7044 Fix a few dependencies.
7047 * plugins/sudoers/Makefile.in, src/Makefile.in:
7048 Place compiled mo files in the src dir, not the build dir. When
7049 installing compiled mo files, display a status message.
7052 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
7054 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7055 Tivoli Directory Server requires that seconds be present in a
7056 timestamp, even though RFC 4517 states that they are optional.
7059 * plugins/sudoers/sudo_nss.h:
7060 Add missing bit of copyright
7064 Mention cycle detection warnings
7067 * plugins/sudoers/visudo.c:
7068 When checking aliases, also check the contents of the alias in case
7069 there are problems with an alias that is referenced inside another.
7070 Replace the self reference check with real alias cycle detection.
7073 * plugins/sudoers/alias.c:
7074 Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
7075 ENOENT in alias_find() and alias_remove() if the entry could not be
7079 * plugins/sudoers/visudo.c:
7080 Increment alias_seqno before calls to alias_remove_recursive() to
7081 avoid false positives with the alias loop detection. Fixes spurious
7082 warnings about unused aliases when they are nested.
7089 * plugins/sudoers/Makefile.in:
7090 Add dependency on convenience libs to binaries
7094 mkdep.pl only works when run from the src dir
7097 * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
7098 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
7099 plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
7100 Auto-generate Makefile dependencies with a perl script.
7103 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
7105 * plugins/sudoers/match.c:
7106 If the user specifies a runas group via sudo's -g option that
7107 matches the runas user's group in the passwd database and that group
7108 is not denied in the Runas_Spec, allow it. Thus, if user root's gid
7109 in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
7110 no groups are present in the Runas_Spec.
7113 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
7115 * plugins/sudoers/Makefile.in, src/Makefile.in:
7116 Add dependencies on gettext.h
7119 * plugins/sudoers/Makefile.in, src/Makefile.in:
7120 Fix install-nls target with HP-UX sh when gettext is not present.
7123 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
7125 * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
7126 src/Makefile.in, src/po/sudo.pot:
7127 regenerate .pot files for lbuf changes
7130 * configure, configure.in:
7131 Add missing "checking" message for gettext when using the cache.
7134 * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
7135 plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
7137 Add primitive format string support to the lbuf code to make
7138 translations simpler.
7141 * MANIFEST, plugins/sudoers/Makefile.in,
7142 plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
7143 Add message catalog template files for sudo and the sudoers module.
7146 * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
7147 config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
7148 plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
7149 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7150 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
7151 src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
7152 Add gettext.h convenience header. This is similar to but distinct
7153 from the one included with the gettext package.
7156 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
7158 * configure, configure.in:
7159 Add checks for nroff -c and -Tascii flags
7162 * configure, configure.in:
7163 Add check for HP bundled C Compiler (which cannot create shared
7167 * plugins/sudoers/sudoreplay.c:
7168 Fix C format warnings.
7175 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
7176 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
7177 plugins/sudoers/visudo.c, src/parse_args.c:
7178 Translate help / usage strings.
7181 * plugins/sudoers/Makefile.in, src/Makefile.in:
7182 Set --msgid-bugs-address to the bugzilla url
7185 * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
7186 configure.in, doc/Makefile.in, include/Makefile.in,
7187 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
7188 plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
7189 Add scaffolding to update .po files and install .mo files.
7193 update copyright year
7197 No need to include version number at the top of these files.
7200 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
7202 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
7203 plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
7204 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
7205 plugins/sudoers/visudo.c:
7206 Minor warning/error cleanup
7209 * config.h.in, configure.in:
7210 Emulate ngettext for the non-nls case
7213 * plugins/sudoers/ldap.c:
7214 Do not mark untranslatable strings for translation
7217 * plugins/sudoers/check.c:
7221 * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
7222 plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
7223 src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
7224 Minor warning/error message cleanup
7227 * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
7228 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
7229 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
7230 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
7231 src/exec_pty.c, src/net_ifs.c, src/selinux.c:
7232 cannot -> "unable to" in warning/error messages
7235 * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
7236 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
7237 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
7238 src/sudo.c, src/utmp.c:
7239 can't -> "unable to" in warning/error messages
7242 * configure, configure.in:
7243 FreeBSD needs the main sudo executable to link with -lpam when
7244 loading dynaic pam modules for some reason.
7247 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
7249 * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
7250 We don't want to translate debugging messages.
7253 * configure, configure.in, plugins/sudoers/Makefile.in,
7254 plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
7255 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7256 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
7257 src/Makefile.in, src/sesh.c, src/sudo.c:
7258 Add calls to bindtextdomain() and textdomain() Currently there are
7259 two domains, one for the sudo front-end and one for the sudoers
7260 plugin and its associated utilities.
7263 * configure, configure.in:
7264 Fix caching of libc gettext check.
7267 * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
7268 plugins/sudoers/mkdefaults:
7269 Mark defaults descriptions for translation
7273 Update for sudo 1.8.1p2
7276 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
7278 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7279 Quiet compiler warning when SELinux is enabled.
7282 * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
7283 src/error.c, src/net_ifs.c, src/sesh.c:
7284 Add missing includes of libintl.h.
7287 * plugins/sudoers/auth/pam.c:
7291 * common/aix.c, common/alloc.c, compat/strsignal.c,
7292 plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
7293 Include libint.h where needed.
7296 * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
7297 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
7298 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
7299 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
7300 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
7301 plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
7302 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
7303 plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
7304 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
7305 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
7306 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
7307 plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
7308 plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
7309 plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
7310 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
7311 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
7312 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
7313 plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
7314 Prepare sudoers module messages for translation.
7317 * plugins/sudoers/sudoers.c:
7318 Only check gid of sudoers file if it is group-readable.
7321 * plugins/sudoers/auth/aix_auth.c:
7322 For AIX, keep calling authenticate() until reenter reaches 0.
7325 2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
7327 * configure, configure.in:
7328 Cache the status of the initial gettext() check.
7331 * INSTALL, configure, configure.in:
7332 Add --disable-nls flag and improve checks for gettext.
7335 * configure, configure.in:
7336 When building with gcc on HP-UX, use -march=1.1 to produce portable
7337 binaries on a pa-risc2 host. Previously, the +Dportable option was
7338 used for the HP-UX C compiler but gcc always produced native
7342 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
7344 * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
7345 src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
7346 src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
7347 src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
7348 Prepare sudo front end messages for translation.
7351 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
7353 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
7354 Add initial scaffolding to support localization via gettext()
7357 * compat/fnmatch.h, compat/glob.h:
7358 Don't let the fnmatch/glob macros expand the function prototype.
7361 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
7363 * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
7364 Resolve namespace collisions on HP-UX ia64 and possibly others by
7365 adding a rpl_ prefix to our fnmatch and glob replacements and
7366 #defining rpl_foo to foo in the header files.
7369 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
7371 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7372 Split ALL, ROLE and TYPE into their own actions. Since you can only
7373 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
7374 the non-SELinux case. This is safe because the actions are in one
7375 big switch() statement.
7378 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7379 Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
7382 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
7384 * doc/UPGRADE, doc/sudoers.pod:
7385 askpass moved from sudoers to sudo.conf in sudo 1.8.0
7389 Remove obsolete warning about runas_default and ordering. Move
7390 syslog facility and priority lists into the section where the
7391 relevant options are described.
7394 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
7396 * plugins/sudoers/auth/sia.c:
7397 Fix SIA support; we no longer have access to the real argc and argv
7398 so allocate space for a fake one and use the argv passed to the
7399 plugin with "sudo" for argv[0].
7402 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
7405 Remove useless realloc when trying to get the buffer size right.
7408 * plugins/sudoers/set_perms.c:
7409 Be explicit when setting euid to 0 before call to setreuid(0, 0)
7412 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
7414 * configure, configure.in:
7415 Need to do checks for krb5_verify_user, krb5_init_secure_context and
7416 krb5_get_init_creds_opt_alloc regardless of whether or not
7417 krb5-config is present.
7420 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
7422 * plugins/sudoers/set_perms.c:
7423 Work around weird AIX saved uid semantics on setuid() and
7424 setreuid(). On AIX, setuid() will only set the saved uid if the euid
7428 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
7431 update copyright year
7434 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7435 Treat a missing includedir like an empty one and do not return an
7439 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
7442 Fix ARCH setting in cross-compile Solaris packages.
7446 Fix aix version setting.
7449 * plugins/sudoers/ldap.c:
7450 Remove extraneous parens in LDAP filter when sudoers_search_filter
7451 is enabled that causes a search error. From Matthew Thomas.
7454 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
7456 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
7457 Correct sizeof() to fix test failure.
7460 * plugins/sudoers/Makefile.in:
7461 "install" target should depend on "install-dirs". Fixes "make -j"
7462 problem and closes bz #487. From Chris Coleman.
7465 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
7468 Add HAVE_RFC1938_SKEYCHALLENGE
7471 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
7474 Mention plugin loading and libgcc changes
7477 * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
7478 Load plugins after parsing arguments and potentially printing the
7479 version. That way, an error loading or initializing a plugin
7480 doesn't break "sudo -h" or "sudo -V".
7484 When using a sub-shell to invoke the sub-make, exec make instead of
7485 running it inside the shell to avoid an extra process.
7488 * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
7489 Stop testing unspecified behavior in fnmatch Make glob test more
7493 * compat/Makefile.in:
7494 No need to add current dir to include path and having it breaks the
7495 test programs that expect to get the system glob.h and fnmatch.h
7498 * INSTALL, configure, configure.in:
7499 Fix and document --with-plugindir; partially from Diego Elio Petteno
7502 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
7503 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
7504 compat/regress/glob/globtest.in:
7505 Fix fnmatch and glob tests to not use hard-coded flag values in the
7506 input file. Link test programs with libreplace so we get our
7507 replacement verions as needed.
7511 If make in a subdir fails, fail the target in the upper level
7512 Makefile too. Adapted from a patch from Diego Elio Petteno
7515 * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
7516 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
7517 has this. Adapted from a patch from Diego Elio Petteno
7520 * plugins/sudoers/Makefile.in:
7521 Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
7525 * configure, configure.in:
7526 Fix warnings when -without-skey, --without-opie, --without-kerb4,
7527 --without-kerb5 or --without-SecurID were specified.
7531 Add plugins/sudoers/sudoers_version.h
7534 * configure, configure.in, plugins/sample/Makefile.in,
7535 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
7536 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
7537 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
7538 of @LDFLAGS@ in plugin Makefile.in files.
7541 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
7544 Mention %#gid support in User_List and Runas_List
7547 * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
7548 plugins/sudoers/visudo.c:
7549 Keep track of sudoers grammar version and report it in the -V
7553 * plugins/sudoers/sudo_nss.h:
7554 Add multiple inclusion guard
7557 * configure, configure.in, plugins/sample/Makefile.in,
7558 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
7559 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
7560 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
7561 set it to -Wc,-static-libgcc if not using GNU ld so we don't
7562 have a dependency on the shared libgcc in sudoers.so.
7566 Fix typo; from Petr Uzel
7569 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
7571 * plugins/sudoers/testsudoers.c:
7572 In dump-only mode, use "root" as the default username instead of
7573 "nobody" as the latter may not be available on all systems.
7576 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
7578 * plugins/sudoers/testsudoers.c:
7579 Remove NewArgv/NewArgc, they are no longer needed.
7582 * plugins/sudoers/testsudoers.c:
7583 Fix setting of user_args
7586 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7587 Add '!' token to lex tracing
7590 * plugins/sudoers/regress/testsudoers/test1.sh:
7591 Use group bin in test, not wheel as most systems have the bin group
7592 but the same is no longer true of wheel.
7595 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7596 Avoid using pre or post increment in a parameter to a ctype(3)
7597 function as it might be a macro that causes the increment to happen
7601 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
7604 Strip off the beta or release candidate version when building AIX
7608 * configure, configure.in:
7609 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
7610 structure checks for glibc which only has __e_termination visible
7611 when _GNU_SOURCE is *not* defined.
7615 getuserattr(user, ...) will fall back to the "default" entry
7616 automatically, there's no need to check "default" manually.
7619 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
7622 Document parser changes.
7625 * Makefile.in, common/Makefile.in, compat/Makefile.in,
7626 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
7627 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
7628 src/Makefile.in, zlib/Makefile.in:
7629 If there is an existing sudoers file, only install if it passes a
7633 * plugins/sudoers/regress/sudoers/test6.out.ok,
7634 plugins/sudoers/testsudoers.c:
7635 Add runasgroup support to testsudoers
7638 * plugins/sudoers/Makefile.in:
7639 For "make check", keep going even if a test fails.
7642 * plugins/sudoers/testsudoers.c:
7643 More useful exit codes:
7644 * 0 - parsed OK and command matched.
7646 * 2 - command not matched
7647 * 3 - command denied
7651 Document %#gid, and %:#nonunix_gid syntax.
7654 * plugins/sudoers/pwutil.c:
7655 Add support to user_in_group() for treating group names that begin
7659 * config.h.in, configure, configure.in, src/utmp.c:
7660 Add explicit check for struct utmpx.ut_exit.e_termination and struct
7661 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
7662 ut_exit if we detect one or the other.
7665 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
7667 * plugins/sudoers/toke.c:
7668 Add back missing #include of config.h
7671 * plugins/sudoers/iolog_path.c,
7672 plugins/sudoers/regress/iolog_path/data:
7673 Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
7678 Quote first argument to AC_DEFUN(); from Elan Ruusamae
7681 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
7684 add new sudoers tests
7687 * plugins/sudoers/regress/sudoers/test8.in,
7688 plugins/sudoers/regress/sudoers/test8.out.ok,
7689 plugins/sudoers/regress/sudoers/test8.toke.ok:
7690 Add test for a newline in the middle of a string when no line
7691 continuation character is used.
7694 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7695 Use bitwise AND instead of modulus to check for length being odd. A
7696 newline in the middle of a string is an error unless a line
7697 continuation character is used.
7700 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
7701 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7702 Move lexer globals initialization into init_lexer.
7705 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7706 Fix a potential crash when a non-regular file is present in an
7707 includedir. Fixes bz #452
7711 On some Linux systems, "uname -p" contains detailed processor info
7712 so check "uname -m" first and then "uname -p" if needed. Recognize
7716 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
7718 * plugins/sudoers/redblack.c:
7719 Don't need all sudoers.h here.
7723 Print sudo version early, in case policy plugin init fails.
7726 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
7728 * plugins/sudoers/regress/sudoers/test4.toke.ok:
7729 Update to match change in input.
7732 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7733 Make an empty group or netgroup a syntax error.
7736 * plugins/sudoers/regress/sudoers/test7.in,
7737 plugins/sudoers/regress/sudoers/test7.out.ok,
7738 plugins/sudoers/regress/sudoers/test7.toke.ok:
7739 An empty group or netgroup should be a syntax error.
7742 * plugins/sudoers/regress/sudoers/test6.in,
7743 plugins/sudoers/regress/sudoers/test6.out.ok,
7744 plugins/sudoers/regress/sudoers/test6.toke.ok:
7745 Check that uids work in per-user and per-runas Defaults Check that
7746 uids and gids work in a Command_Spec
7749 * plugins/sudoers/regress/sudoers/test5.in,
7750 plugins/sudoers/regress/sudoers/test5.out.ok,
7751 plugins/sudoers/regress/sudoers/test5.toke.ok:
7752 Test empty string in User_Alias and Command_Spec
7755 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7756 Allow a group ID in the User_Spec.
7759 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
7761 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7762 Return an error for the empty string when a word is expected. Allow
7763 an ID for per-user or per-runas Defaults.
7766 * plugins/sudoers/testsudoers.c:
7767 Fix printing "User_Alias FOO = ALL"
7770 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
7773 Better error message about invalid -C argument
7781 Fix placement of equal size ('=') in user specification summary.
7784 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
7787 update to match sudoers regress
7790 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7791 Restore ability to define TRACELEXER and have trace output go to
7795 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7796 Restore old behavior of setting sawspace = TRUE for command line
7797 args when a line continuation character is hit to avoid causing
7798 problems for existing sudoers files.
7801 * plugins/sudoers/regress/sudoers/test4.in,
7802 plugins/sudoers/regress/sudoers/test4.out.ok,
7803 plugins/sudoers/regress/sudoers/test4.toke.ok:
7804 Add test for line continuation and aliases
7807 * plugins/sudoers/Makefile.in:
7808 Make test output line up nicely for parse vs. toke
7811 * plugins/sudoers/Makefile.in,
7812 plugins/sudoers/regress/sudoers/test1.in,
7813 plugins/sudoers/regress/sudoers/test1.out.ok,
7814 plugins/sudoers/regress/sudoers/test1.toke.ok,
7815 plugins/sudoers/regress/sudoers/test2.in,
7816 plugins/sudoers/regress/sudoers/test2.out.ok,
7817 plugins/sudoers/regress/sudoers/test2.toke.ok,
7818 plugins/sudoers/regress/sudoers/test3.in,
7819 plugins/sudoers/regress/sudoers/test3.out.ok,
7820 plugins/sudoers/regress/sudoers/test3.toke.ok,
7821 plugins/sudoers/regress/testsudoers/test1.ok,
7822 plugins/sudoers/regress/testsudoers/test1.out.ok,
7823 plugins/sudoers/regress/testsudoers/test1.sh,
7824 plugins/sudoers/regress/testsudoers/test2.out,
7825 plugins/sudoers/regress/testsudoers/test2.sh,
7826 plugins/sudoers/regress/testsudoers/test3.ok,
7827 plugins/sudoers/regress/testsudoers/test3.sh,
7828 plugins/sudoers/regress/visudo/test1.ok,
7829 plugins/sudoers/regress/visudo/test1.sh:
7830 Move parser tests to sudoers directory and test the tokenizer output
7834 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7835 If we match a rule anchored to the beginning of a line after parsing
7836 a line continuation character, return an ERROR token. It would be
7837 nicer to use REJECT instead but that substantially slows down the
7841 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
7842 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
7843 plugins/sudoers/toke.l:
7844 Move LEXTRACE macro to toke.h so we can use it in yyerror().
7847 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
7849 * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
7850 plugins/sudoers/toke.l:
7851 Make lex tracing settable at run-time in testsudoers via the -t
7852 flag. Trace output goes to stderr. Will be used by regress tests
7856 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7857 Allow whitespace after the modifier in a Defaults entry. E.g.
7858 "Defaults: username set_home"
7861 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
7864 Don't set CC when cross-compiling.
7868 Credit Matthew Thomas for the sudoers_search_filter changes.
7872 Add the .sym files to the MANIFEST
7876 Update for sudo 1.8.1 beta
7879 * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
7880 user_shell -> run_shell to avoid confusion with the user's SHELL
7885 Save the controlling tty process group before suspending in pty
7886 mode. Previously, we assumed that the child pgrp == child pid
7887 (which is usually, but not always, the case).
7890 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7891 Add support for sudoers_search_filter setting in ldap.conf. This
7892 can be used to restrict the set of records returned by the LDAP
7896 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
7898 * configure, configure.in:
7899 Remove the hack to disable -g in CFLAGS unless --with-devel
7903 The '@' character does not normally need to be quoted.
7906 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7907 We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
7908 if that whitespace is followed by a comma, we want to treat it as
7909 part of a list and not transition.
7912 * plugins/sudoers/regress/testsudoers/test3.ok,
7913 plugins/sudoers/regress/testsudoers/test3.sh:
7914 Add check for whitespace when a User_List is used for a per-user
7918 * plugins/sudoers/regress/testsudoers/test2.out,
7919 plugins/sudoers/regress/testsudoers/test2.sh:
7920 Expand quoted name checks to cover recent fixes.
7923 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7924 Fix parsing of double-quoted names in Defaultd and Aliases which was
7925 broken in 601d97ea8792.
7928 * plugins/sudoers/Makefile.in:
7929 toke_util.c lives in $(srcdir) not $(devdir)
7932 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
7934 * configure, configure.in:
7935 Change trunk version to 1.8.x to distinguish from real 1.8.0.
7938 * NEWS, doc/UPGRADE:
7939 Document major changes in 1.8.1 and add upgrade notes.
7942 * plugins/sudoers/match.c:
7943 Be careful not to deref user_stat if it is NULL. This cannot
7944 currently happen in sudo but might in other programs using the
7949 configure will not add -O2 to CFLAGS if it is already defined to add
7950 -O2 to the CFLAGS we pass in when PIE is being used.
7954 Warn about the dangers of log_input and mention iolog_file and
7955 iolog_dir in the log_input and log_output descriptions.
7959 sync with git version
7963 It seems that h comes after i
7967 Move log_input and log_output to their proper, sorted, location.
7968 Document set_utmp and utmp_runas.
7972 Save the controlling tty process group before suspending so we can
7973 restore it when we resume. Fixes job control problems on Linux
7974 caused by the previous attemp to fix resuming a shell when I/O
7975 logging not enabled.
7979 Fix printing of the remainder after a newline. Fixes "sudo -l"
7980 output corruption that could occur in some cases.
7983 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
7985 * config.h.in, configure, configure.in, src/exec_pty.c,
7986 src/sudo_exec.h, src/utmp.c:
7987 Add support for ut_exit
7990 * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
7991 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
7992 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
7993 src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
7994 Add support for controlling whether utmp is updated and which user
7995 is listed in the entry.
7998 * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
7999 plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
8000 plugins/sudoers/parse.c:
8001 Fix typo; tupple vs. tuple
8005 For legacy utmp, strip the /dev/ prefix before trying to determine
8006 slot since the ttys file does not include the /dev/ prefix.
8009 * aclocal.m4, configure, configure.in, pathnames.h.in:
8010 Add check for _PATH_UTMP
8013 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
8015 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
8016 Adapt check_iolog_path to sessid changes
8019 * config.h.in, configure, configure.in, src/Makefile.in,
8020 src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
8021 Redo utmp handling. If no getutent()/getutxent() is available,
8022 assume a ttyslot-based utmp. If getttyent() is available, use that
8023 directly instead of ttyslot() so we don't have to do the stdin dup2
8027 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
8029 * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
8031 Move utmp handling into utmp.c
8034 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
8035 common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
8036 compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
8037 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
8038 compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
8039 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8040 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
8041 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
8042 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
8043 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
8044 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
8045 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
8046 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
8047 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
8048 plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
8049 plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
8050 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
8051 plugins/sudoers/logging.c, plugins/sudoers/parse.c,
8052 plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
8053 plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
8054 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
8055 src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
8056 src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
8057 src/sudo_plugin_int.h, src/tgetpass.c:
8058 Update copyright years.
8061 * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
8062 plugins/sudoers/sudoers.h, src/parse_args.c:
8063 Add "user_shell" boolean as a way to indicate to the plugin that the
8067 * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
8068 plugins/sudoers/sudoers.h:
8069 Move sessid out of sudo_user.
8072 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
8073 plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
8074 plugins/sudoers/sudoers.h:
8075 Log the TSID even if it is not a simple session ID.
8078 * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
8079 Document noexec in sample.sudo.conf and add back noexec_file section
8080 in sudoers with a note that it is deprecated.
8083 * plugins/sudoers/set_perms.c:
8084 Fix running commands as non-root on systems where setreuid() changes
8085 the saved uid based on the effective uid we are changing to.
8088 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
8090 * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
8092 Move noexec path into sudo.conf now that sudo itself handles noexec.
8093 Currently can be configured in sudoers too but is now undocumented
8094 and will be removed in a future release.
8097 * doc/sudo.pod, doc/sudoers.pod:
8098 Document "Path noexec ..." in sudo.conf. No longer document
8099 noexec_file in sudoers, it will be removed in a future release.
8102 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
8103 plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
8104 Move noexec handling to sudo front-end where it is documented as
8108 * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
8109 src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
8111 Add support for disabling exec via solaris privileges. Includes
8112 preparation for moving noexec support out of sudoers and into front
8116 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
8117 plugins/sample_group/Makefile.in,
8118 plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
8119 plugins/sudoers/sudoers.sym:
8120 Only export the symbols corresponding to the plugin structs.
8123 * configure, configure.in, plugins/sample/Makefile.in,
8124 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
8125 Install plugins manually instead of using libtool. This works
8126 around a problem on AIX where libtool will install a .a file
8127 containing the .so file instead of the .so file itself.
8131 Move check into its own rule since some versions of make will run
8132 both targets as the default rule.
8135 * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
8136 m4/ltversion.m4, m4/lt~obsolete.m4:
8137 Update to libtool 2.2.10
8140 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
8143 In handle_signals(), restart the read() on EINTR to make sure we
8144 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
8145 means we have emptied the pipe.
8149 Reorder functions to quiet a compiler warning.
8153 Use the Sun Studio C compiler on Solaris if possible
8156 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
8159 Fix default setting of osversion variable.
8162 * doc/sudo_plugin.pod:
8163 Make two login_class entris consistent.
8166 * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
8168 Add support for adding a utmp entry when allocating a new pty.
8169 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
8170 Currently only creates a new entry if the existing tty has a utmp
8174 * plugins/sudoers/boottime.c:
8175 Avoid pulling in headers we don't need on Linux For getutx?id(),
8176 call setutx?ent() first and always call endutx?ent().
8179 * configure, configure.in:
8180 Add some more libs to SUDOERS_LIBS instead of relying on them to be
8181 pulled in by SUDO_LIBS.
8184 * plugins/sudoers/sudoers.c:
8185 Fix return value of "sudo -l command" when command is not allowed,
8186 broken in [c7097ea22111]. The default return value is now TRUE and
8187 a bad: label is used when permission is denied. Also fixed missing
8188 permissions restoration on certain errors. On error()/errorx(), the
8189 password and group files are now closed before returning.
8192 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
8194 * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
8195 Fix passing of login class back to sudo front end.
8199 Add --osversion flag to specify OS instead of running "pp
8204 Fix expr usage w/ GNU expr
8207 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
8209 * plugins/sudoers/sudoers.c:
8210 Fix exit value for validate and list mode.
8213 * plugins/sudoers/sudoers.c:
8214 Fix non-interactive mode with sudoers plugin.
8217 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
8219 * doc/sudoreplay.pod:
8220 sudoreplay can now find IDs other than %{seq} and display the
8224 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
8226 * plugins/sudoers/sudoreplay.c:
8227 Add support for replaying sessions when iolog_file is set to
8228 something other than %{seq}.
8231 * plugins/sudoers/visudo.c:
8232 If we are killed by a signal, display the name of the signal that
8236 * configure, configure.in:
8237 Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
8242 Fix bug in skey/opie check that could cause a shell warning.
8245 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
8246 No longer need sudo_getepw() stubs.
8249 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
8251 * plugins/sudoers/sudo_nss.c:
8252 Fix exit value of "sudo -l command" in sudoers module.
8255 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
8257 * compat/regress/glob/globtest.c:
8258 Use fgets() not fgetln() for portability.
8262 Don't use the beta or release candidate version as the rpm release.
8265 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
8267 * configure, configure.in:
8269 [f6530d56f6ae] [SUDO_1_8_0]
8272 update sudo 1.8 section
8275 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
8277 * plugins/sudoers/regress/testsudoers/test2.sh:
8278 fix test description
8281 * plugins/sudoers/regress/testsudoers/test2.out,
8282 plugins/sudoers/regress/testsudoers/test2.sh,
8283 plugins/sudoers/regress/visudo/test2.out,
8284 plugins/sudoers/regress/visudo/test2.sh:
8285 convert test2 to use testsudoers
8288 * include/sudo_plugin.h, src/sudo_plugin_int.h:
8289 Move struct generic_plugin to sudo_plugin_int.h
8292 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8293 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
8294 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8295 plugins/sudoers/sudoers.h:
8296 Allow sudoers file name, mode, uid and gid to be specified in the
8297 settings list. The sudo front end does not currently set these but
8301 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
8303 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
8304 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
8305 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
8306 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
8311 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
8312 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
8313 src/parse_args.c, src/sudo.h:
8314 add help text to sudo, visudo and sudoreplay for the -h option
8317 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
8319 * compat/snprintf.c:
8320 avoid using "howmany" for a parameter name since it is a select-
8325 mention group_plugin when describing nonunix_group
8328 * doc/sudo_plugin.pod:
8329 Add missing period at end of sentence
8332 * Makefile.in, doc/Makefile.in, include/Makefile.in,
8333 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
8334 plugins/sudoers/Makefile.in, src/Makefile.in:
8335 add localstatedir; closes bug 471
8338 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
8339 src/exec.c, src/exec_pty.c:
8340 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
8345 add missing AH_TEMPLATE for ENV_RESET
8349 SVR5 systems return non-zero for success on socketpair(), check for
8350 -1 instead. Closes Bug 469
8353 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
8355 * configure, configure.in:
8359 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
8360 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
8361 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
8362 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
8367 Document that a sudo.conf file with no Pligin lines uses the default
8371 * src/load_plugins.c:
8372 If sudo.conf contains no Plugin lines, use the default sudoers
8373 policy and I/O plugins.
8376 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
8378 * plugins/sudoers/sudo_nss.c:
8379 Avoid printing empty "Runas and Command-specific defaults for user"
8384 Truncate the buffer at buf.len before printing in the non-wordwrap
8389 Remove extra newline when the tty width is very small or unavailable
8392 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
8394 * plugins/sudoers/alias.c:
8395 Remove unneeded variable.
8398 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
8400 * configure, configure.in:
8401 Prefer getutxid over getutid
8404 * plugins/sudoers/boottime.c:
8405 Include utmp.h / utmpx.h before missing.h as apparently including it
8406 afterwards causes a compilation problem on GNU Hurd.
8409 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
8411 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
8412 #include "foo.h", not <foo.h> for local includes.
8419 * compat/mksiglist.c:
8423 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
8424 plugins/sudoers/match.c:
8425 return foo not return(foo)
8428 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
8431 Remove duplicate FD_SET of signal_pipe[0]
8434 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
8436 * compat/mksiglist.c:
8437 Use "missing.h" not <missing.h> in generated code.
8440 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
8442 * aclocal.m4, configure:
8443 fix --with-iologdir=no
8446 * aclocal.m4, configure:
8447 fix typo that broke --with-iologdir
8450 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
8452 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
8453 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
8454 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
8455 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
8457 Bump version to 1.8.0b4
8464 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8465 Attempt to clarify how users and groups interact in Runas_Specs
8468 * plugins/sudoers/regress/visudo/test2.out,
8469 plugins/sudoers/regress/visudo/test2.sh:
8470 Add test for quoted group that contains escaped double quotes
8473 * src/exec.c, src/exec_pty.c:
8474 Pass SIGUSR1/SIGUSR2 through to the child.
8477 * src/exec_pty.c, src/sudo_exec.h:
8478 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
8479 SIGUSR2 to indicate whether the child should be continued in the
8480 foreground or background.
8484 Use pid_t not int and check the return value of kill()
8487 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
8490 Remove obsolete comment
8494 In non-pty mode before continuing the child, make it the foreground
8495 pgrp if possible. Fixes resuming a shell.
8499 If we get a signal other than SIGCHLD in the monitor, pass it
8500 directly to the child.
8503 * src/exec.c, src/exec_pty.c, src/sudo.h:
8504 Save signal state before changing handlers and restore before we
8505 execute the command.
8508 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
8510 * plugins/sudoers/iolog.c:
8511 Use a char array to map a number to a base36 digit.
8514 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
8515 Be clear about what versions of sudo support new LDAP attributes.
8516 Fix up some formatting of attribute names. Minor other tweaks.
8519 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
8521 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8522 match quoted strings the same way whether in a Defaults line or as a
8523 user/group/netgroup name. Fixes escaped double quotes in quoted
8524 user/group/netgroup names.
8527 * plugins/sudoers/Makefile.in:
8528 'make check' depends on visudo and testsudoers
8531 * plugins/sudoers/sudoers2ldif:
8532 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
8535 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
8538 Mention LDAP attribute compatibility status.
8541 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
8547 * INSTALL, NEWS, config.h.in, configure, configure.in,
8548 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
8549 Add --disable-env-reset configure option.
8552 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8553 Document that sudoers_locale also affects logging and email.
8556 * NEWS, config.h.in, configure, configure.in,
8557 plugins/sudoers/logging.c:
8558 Do logging and email sending in the locale specified by the
8559 "sudoers_locale" setting ("C" by default). Email send by sudo
8560 includes MIME headers when the sudoers locale is not "C".
8563 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
8565 * plugins/sudoers/check.c:
8569 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
8571 * NEWS, src/parse_args.c, src/sudo.c:
8572 Perform command escaping for "sudo -s" and "sudo -i" after
8573 validating sudoers so the sudoers entries don't need to have all the
8577 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
8579 * plugins/sudoers/logging.c:
8580 Prepend "list " to the command logged when "sudo -l command" is used
8581 to make it clear that the command was listed, not run.
8584 * plugins/sudoers/parse.c:
8588 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
8589 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
8590 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
8591 compat/nanosleep.c, compat/regress/glob/globtest.c,
8592 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
8593 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
8594 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
8595 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
8596 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
8597 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
8598 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
8599 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
8600 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
8601 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
8602 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
8603 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
8604 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
8605 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8606 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8607 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
8608 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
8609 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
8610 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
8611 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8612 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
8613 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
8614 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
8615 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
8616 src/sudo_noexec.c, src/tgetpass.c:
8617 standardize on "return foo;" rather than "return(foo);" or "return
8621 * plugins/sudoers/sudoers.c:
8622 Do not reject sudoers file just because it is root-writable.
8625 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
8631 * plugins/sudoers/sudo_nss.c:
8632 For "sudo -U user -l" if user is not authorized on the host, say so.
8635 * plugins/sudoers/ldap.c:
8636 In sudo_ldap_lookup(), always do the initial sudoers check as the
8637 invoking user. If we are listing another user's privs we will do a
8638 separate lookup using list_pw later.
8641 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
8644 add parser fill tests
8647 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
8648 Don't test features not supported by the bundled glob()
8651 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
8652 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
8653 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8654 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
8655 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
8656 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8657 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
8658 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8659 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
8660 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
8661 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
8662 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8663 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8664 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
8665 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
8666 Update copyright year to 2011
8669 * plugins/sudoers/sudo_nss.c:
8670 When listing, use separate lbufs for the defaults and the privileges
8671 and only print something if the number of privileges is non-zero.
8672 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
8675 * plugins/sudoers/ldap.c:
8676 Stash pointer to user group vector in LDAP handle and only reuse the
8677 query if it has not changed. We always allocate a new buffer when
8678 we reset the group vector so a simple pointer check is sufficient.
8681 * plugins/sudoers/sudo_nss.c:
8682 Check initgroups() return value.
8685 * plugins/sudoers/Makefile.in,
8686 plugins/sudoers/regress/parser/check_fill.c:
8687 Add tests for the fill functions in toke_util.c
8690 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
8692 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
8700 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
8703 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
8706 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
8709 Add Requires line for audit-libs >= 1.4 for RHEL5+
8713 sync with git version
8716 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
8718 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8722 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
8725 Update for sudo 1.7.4p5
8728 * doc/schema.OpenLDAP, doc/schema.iPlanet:
8729 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
8730 to the sudoRole object class. From Andreas Mueller
8733 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
8736 Mention "sudo -g group" password check fix.
8739 * plugins/sudoers/sudoers.c:
8740 Fix "sudo -g" support in the sudoers module.
8743 * plugins/sudoers/check.c:
8744 If the user is running sudo as himself but as a different group we
8745 need to prompt for a password.
8748 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
8750 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
8751 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
8752 plugins/sudoers/ldap.c:
8753 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
8754 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
8755 derived LDAP SDKs but we can pass the timeout parameter to
8756 ldap_search_ext_s() or ldap_search_st() when possible.
8759 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
8763 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
8764 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
8765 with OpenLDAP ldap.conf files.
8768 * plugins/sudoers/pwutil.c:
8769 If user has no supplementary groups, fall back on checking the group
8773 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
8775 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
8779 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
8780 plugins/sudoers/toke.l:
8781 Move fill macro to toke.h
8784 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
8785 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
8786 plugins/sudoers/toke_util.c:
8787 Split tokenizer utility functions out into toke_util.c
8790 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8791 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8795 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
8801 * plugins/sudoers/Makefile.in:
8802 Add visudo tests to check target
8805 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
8806 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
8807 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
8808 Add my regress tests for fnmatch() and glob() from OpenBSD.
8811 * plugins/sudoers/regress/testsudoers/test1.sh,
8812 plugins/sudoers/regress/visudo/test1.ok,
8813 plugins/sudoers/regress/visudo/test1.sh:
8814 Add regress test for command tags using visudo -c
8817 * plugins/sudoers/Makefile.in,
8818 plugins/sudoers/regress/testsudoers/test1.ok,
8819 plugins/sudoers/regress/testsudoers/test1.sh:
8820 Add support for regress tests using testsudoers
8823 * plugins/sudoers/testsudoers.c:
8824 Need to set user_name explicitly due to internal changes made when
8825 converting sudoers to a plugin.
8828 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
8830 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
8831 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8832 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8833 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
8834 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
8836 Add regression tests for iolog_path()
8839 * Makefile.in, common/Makefile.in, compat/Makefile.in,
8840 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8841 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8842 src/Makefile.in, zlib/Makefile.in:
8843 Add support for "make Makefile" to regenerate Makefile from
8847 * plugins/sudoers/iolog_path.c:
8848 Quiest a bogus compiler warning.
8851 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
8853 * plugins/sudoers/iolog_path.c:
8854 Protect call to setlocale() with HAVE_SETLOCALE
8857 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
8860 mkstemps.c was renamed mktemp.c
8864 Update from 1.7 branch
8868 Use "mv -f" when regenerating ChangeLog
8871 * plugins/sudoers/match.c:
8872 Fix NULL dereference with "sudo -g group" when the sudoers rule has
8873 no runas user or group listed. Fixes RedHat bug Bug 667103.
8876 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
8878 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8879 Correct the default sudo.conf example
8882 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
8884 * plugins/sudoers/iolog_path.c:
8885 Reset slashp if we allocate a new buffer for strftime()
8888 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
8889 plugins/sudoers/sudoers.h:
8890 Add extra out parameter to expand_iolog_path() to allow the caller
8891 to split the path into dir and file components if needed.
8894 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
8896 * plugins/sudoers/iolog.c:
8897 mkdir_iopath() returns size_t now that it uses strlcpy() and not
8901 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
8902 Trim leading slashes from iolog_file and trailing slashes from
8906 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8907 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
8908 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8909 Pass a single I/O log file name in command_details instead of
8910 separate dir + file parameters.
8913 * plugins/sudoers/sudoreplay.c:
8914 change an error() to errorx()
8917 * plugins/sudoers/iolog.c:
8918 Add missing cwd line to I/O log info file that got dropped when
8919 iolog_deserialize_info() was added
8922 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
8924 * plugins/sudoers/iolog.c:
8925 Avoid relying on globals filled in by the sudoers policy module for
8926 the sudoers I/O log module. The I/O log open function now pulls the
8927 bits it needs out of user_info and command_info.
8930 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
8931 plugins/sudoers/sudoers.h:
8932 If no iolog file is specified by the policy plugin, use io_nextid()
8933 to determine the next file in the sequence.
8936 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
8938 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8939 Document iolog_compress in command_info
8942 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
8943 Add support for the iolog_compress variable in command_info.
8946 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
8947 Add sigsetjmp() calls to all plugin entry points just to be safe.
8950 * src/sudo.c, src/sudo.h:
8951 Don't need iolog variables in struct command_details, they are for
8952 the I/O log plugins to handle.
8955 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
8957 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8958 Document use of mkdtemp() for iolog path teplates
8961 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
8962 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
8963 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
8964 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
8968 * doc/sudo_plugin.pod, doc/sudoers.pod:
8969 Document iolog_file and supported escape sequences for sudoers.
8970 Clarify that iolog_file can contain directories.
8973 * compat/Makefile.in, configure, configure.in:
8974 Fix building of mkstemps/mkdtemp replacements.
8977 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
8978 configure.in, include/missing.h:
8979 Provide mkdtemp() for systems without it.
8982 * plugins/sudoers/iolog_path.c:
8986 * plugins/sudoers/iolog.c:
8987 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
8988 glibc mkdtemp() returns EINVAL.
8991 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
8992 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
8993 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
8994 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
8995 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8996 Allow sudoers to specify the iolog file in addition to the iolog
8997 dir. Add escape sequence support to iolog file and dir: sequence
8998 number, user, group, runas_user, runas_group, hostname and
8999 command in addition to any escape sequence recognized by
9003 * plugins/sudoers/iolog.c:
9004 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
9005 crash when the I/O plugin calls error(), errorx() or log_error().
9008 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
9010 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
9011 plugins/sudoers/sudoers.c:
9012 Give the policy module fine-grained control over what the I/O plugin
9017 Clear OPOST from c_oflag like we used to. Fixes screen-based
9022 Clarify umask option description. From Reuben Thomas.
9025 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
9027 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9028 Pick last match in LDAP sudoers too
9031 * doc/sudo_plugin.pod:
9032 Document iolog_file, iolog_dir and use_pty
9035 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
9036 plugins/sudoers/sudoers.c:
9037 Adapt plugins to version I/O logging ABI 1.1
9040 * src/exec.c, src/sudo.h:
9041 Add use_pty command_info flag for policies to indicate that a pty
9042 should be allocated even if no I/O logging is performed.
9046 Add remaining plugin convenience functions
9049 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
9050 src/sudo_plugin_int.h:
9051 Change I/O log API to pass in command info to the I/O log open
9052 function. Add iolog_file and iolog_dir parameters to command info.
9053 This allows the policy plugin to specify the I/O log pathname. Add
9054 convenience functions for calling plugin functions that handle ABI
9055 backwards compatibility.
9062 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
9064 * configure, configure.in:
9065 Bump version to 1.8.0b3
9068 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
9071 Remove extraneous newline
9074 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
9076 * doc/sudoers.pod, plugins/sudoers/def_data.c,
9077 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
9078 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
9079 Make I/O log dir configurable.
9082 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
9083 Rename io_logdir to iolog_dir
9086 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
9089 Add missing '*' that prevented the generic ELF case from matching.
9093 If file(1) can't identify the ELF binary type, try readelf(1).
9096 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
9098 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
9099 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
9100 plugins/sudoers/sudoers.c, src/sudo.c:
9101 Use %u to print uid/gid, not %lu and adjust casts to match.
9104 * doc/sudoers.ldap.pod:
9105 Clarify ordering of entries and attributes.
9108 * doc/sudoers.ldap.pod:
9109 Fix typo and editing goof.
9112 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
9113 doc/sudoers.ldap.pod:
9114 Merge in ordered LDAP entry support from Andreas Mueller.
9117 * plugins/sudoers/ldap.c:
9118 Make sure we don't dereference a NULL handle.
9121 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
9124 Add support for RHEL 6 file modes that include a trailing dot on
9125 files with an SELinux security context
9128 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
9131 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
9135 * plugins/sudoers/sudoers.c:
9136 create_admin_success_flag() should use restore_perms() rather than
9137 set_perms() to restore the uid.
9141 In exec_setup() call setuid(0) to make certain the subsequent uid
9142 and gid changes will succeed. Fixes a problem on Ubuntu.
9146 Error out if we cannot change to root's uid so we catch the failure
9150 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
9153 fix typo; from Michael T Hunter
9156 * plugins/sudoers/match.c:
9157 In sudoedit mode, assume command line arguments are paths and pass
9158 FNM_PATHNAME to fnmatch().
9161 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
9163 * configure, configure.in:
9164 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
9165 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
9166 broken bits of the header file.
9170 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
9174 For Tru64, strip off beta version.
9177 * MANIFEST, plugins/sudoers/testsudoers.c,
9178 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
9179 Avoid conflicts with system definitions in grp.h and pwd.h
9183 Include stdio.h after zlib.h, not before. We need the large file
9184 defines to come first.
9187 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
9189 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
9194 Don't clean ChangeLog
9197 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
9198 Add prototype for cleanup()
9201 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
9203 * plugins/sudoers/group_plugin.c:
9204 Avoid deferencing group_plugin if it is NULL in
9205 group_plugin_query(). This should not happen.
9208 * plugins/sudoers/group_plugin.c:
9209 group plugin init function return TRUE when successful
9212 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
9214 * plugins/sudoers/ldap.c:
9215 Enlarge the array of entry wrappers int blocks of 100 entries to
9216 save on allocation time. From Andreas Mueller
9219 * plugins/sudoers/ldap.c:
9220 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
9221 that was mistakenly dropped.
9224 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
9226 * doc/TROUBLESHOOTING:
9227 Mention that sudo needs "ar" to build.
9230 * configure, configure.in:
9231 Fail with a more useful error if "ar" is not found.
9234 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
9236 * plugins/sudoers/ldap.c:
9237 Merge in ordered LDAP entry support from Andreas Mueller and add
9238 local changes from the 1.7 branch.
9241 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
9243 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
9244 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9245 Add timed entry support from Andreas Mueller.
9248 * plugins/sudoers/group_plugin.c:
9249 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
9250 group_handle is NULL
9253 * plugins/sudoers/sudoers.h:
9254 It is now plugin_cleanup(), not cleanup()
9257 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
9258 Call plugin_cleanup(), not cleanup()
9261 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
9263 * plugins/sudoers/ldap.c:
9264 Use efree() not free() and remove malloc.h include since we never
9265 directly call malloc() or free().
9268 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
9271 set PSTAMP for Solaris and move the backend-specific bits to their
9272 own %if [xxx] %endif blocks in %set.
9279 * configure, configure.in:
9280 Only substitute file zlib files when using the builtin zlib
9283 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
9284 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
9285 src/Makefile.in, zlib/Makefile.in:
9286 Give up on using VPATH to find sources as it is implemented
9287 inconsistenly in different versions of make.
9290 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
9291 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
9292 Include config.h before any other includes to make sure we get the
9293 right value for _FILE_OFFSET_BITS.
9305 g/c unused $(GENERATED)
9308 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
9310 * plugins/sudoers/group_plugin.c:
9311 Zero out group_plugin on unload just to be safe.
9314 * plugins/sudoers/group_plugin.c:
9315 Unload group plugin if its init function fails.
9319 Only chdir to cwd if it is different from the current cwd or there
9320 is a new root (chroot).
9323 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
9324 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
9325 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
9326 Bump version to 1.8.0b2
9329 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
9332 Better --enable-zlib description
9336 Use system zlib on Linux Let configure decide on Solaris For all
9337 others, use builtin zlib
9341 Add large file support.
9345 Add large file support.
9348 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
9349 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
9350 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
9351 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
9352 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
9353 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
9354 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
9355 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
9356 Add local copy of zlib for systems that lack it.
9359 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
9362 If perform_io() fails, kill the child before exiting so it doesn't
9363 complain about connection reset. We can get an I/O error if, for
9364 example, and we get EIO reading from stdin.
9367 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
9369 * plugins/sudoers/sudoers.c, src/sudo.c:
9370 Fix complilation on systems with set_auth_parameters() Sprinkle
9371 volatile to quiet warnings from gcc 2.8.0
9374 * compat/dlfcn.h, compat/dlopen.c:
9375 Avoid potential namespace issues with dlopen() emulation.
9382 * plugins/sudoers/interfaces.c:
9383 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
9388 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
9391 * configure, configure.in:
9392 HP-UX 10.20 libc has an incompatible getline
9395 * plugins/sudoers/visudo.c:
9396 Quiet an HP-UX compiler warning.
9399 * configure, configure.in:
9400 Check for vi even with --with-editor specified; the sample plugin
9404 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
9407 Fix remaining syntax errors.
9411 sudo binary depends on the libtool-generated libs
9414 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
9415 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
9416 include the local or system dlfcn.h
9420 Don't use run_as_superuser=false on HP-UX
9424 Use memset() instead of zero_bytes() since we don't include
9428 * plugins/sudoers/interfaces.c:
9429 Fix pasto; AF_INET not AF_INET6
9433 Actually call shl_load()
9437 Update from git repo. Debian: version numbers now compliant with
9438 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
9442 * configure, configure.in:
9443 Fix dlopen() detection for systems where dlopen() is in a separate
9447 * plugins/sudoers/auth/pam.c:
9448 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
9449 useful message and return AUTH_FATAL so sudo does not keep trying to
9454 sudo_preload_table is an array
9458 Quiet a compiler warning and fix sudo_preload_table external
9463 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
9466 * plugins/sudoers/group_plugin.c:
9467 Make this compile correctly when no dlopen is available.
9470 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
9472 * plugins/sudoers/check.c:
9473 Having a timestamp file defined is no longer indicative of tty
9474 tickets being enabled. Check def_tty_tickets directly.
9477 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
9478 Fix TCGETWINSZ compat.
9481 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
9483 * src/exec_pty.c, src/ttysize.c:
9484 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
9487 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
9489 * plugins/sudoers/sudoers.c, src/sudo.c:
9490 Move set_project() from sudoers module into sudo proper.
9493 * configure, configure.in:
9494 Fix typo and regenerate
9497 * plugins/sudoers/ldap.c:
9498 When iterating over returned LDAP entries, keep looking at remaining
9499 matches even if we have a positive match. This catches negative
9500 matches that may exist in other entries and more closely match the
9501 sudoers file behavior.
9505 Add support for multiple package instances on Solaris.
9509 Add missing signal_pipe[0] to fdsr for the non-pty case.
9513 Add --with-project for Solaris
9517 Need ar and ranlib too
9520 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
9522 * plugins/sudoers/env.c:
9523 Preserve ODMDIR environment variable by default on AIX.
9526 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
9528 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
9529 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
9530 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
9531 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
9532 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
9534 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
9535 using shl_load(). For others, link sudoers plugin statically and use
9536 a lookup table to emulate dlsym().
9539 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
9541 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
9542 compat/nanosleep.c, compat/utimes.c:
9543 When including compat headers, use the compat dir as part of the
9544 path so we are sure to get the correct header.
9547 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
9549 * plugins/sudoers/linux_audit.c:
9550 Ignore ECONNREFUSED from audit_log_user_command() which will occur
9551 if auditd is not running.
9554 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
9557 Sync with git version
9560 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
9562 * common/fileops.c, plugins/sudoers/defaults.c:
9563 Cast isblank argument to unsigned char.
9566 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
9568 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
9569 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
9570 Implement --with-umask-override configure flag.
9573 * plugins/sudoers/env.c:
9574 Take MODE_LOGIN_SHELL into account when initially setting reset_home
9575 instead of special-casing it later.
9578 * plugins/sudoers/sudoers.c:
9579 In login mode, make a copy of the runas user's pw_shell for
9580 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
9584 * plugins/sudoers/env.c:
9585 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
9589 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
9593 Reset signal mask at sudo startup time; we need to be able to rely
9594 on normal signal delivery to control the child process.
9597 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
9600 Use sed instead of expr to split a flag from its argument. Fixes a
9601 problem with expr interpreting its arguments as a flag when they
9606 Do not need sys/time.h after all
9610 Include sys/time.h for utimes() and struct timeval. No longer need
9611 ioctl.h or termios.h
9614 * compat/snprintf.c:
9615 Quiet bogus compiler warnings.
9618 * include/missing.h:
9619 Declare innetgr() for HP-UX which is missing a declaration. Declare
9620 domainname() for HP-UX and Solaris which are missing a declaration.
9623 * plugins/sudoers/bsm_audit.c:
9624 Use __sun for consistency with the rest of the sources.
9627 * plugins/sudoers/group_plugin.c:
9628 Quiet a bogus compiler warning.
9631 * plugins/sudoers/pwutil.c:
9632 Don't try to delref a NULL group.
9635 * common/alloc.c, common/lbuf.c:
9636 Include memory.h on systems that need it.
9639 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
9642 Quiet gcc warnings on glibc systems that use warn_unused_result for
9646 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
9647 sudo_plugin is in section 8; from Ted Percival
9650 * plugins/sudoers/Makefile.in:
9651 testsudoers depends on libsudoers.la, not sudoreplay
9654 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
9657 Read as many signals on the signal pipe as we can before returning.
9660 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
9661 Instead of using a array to store received signals, open a pipe and
9662 have the signal handler write the signal number to one end and
9663 select() on the other end. This makes it possible to handle signals
9664 similar to I/O without race conditions.
9667 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
9669 * doc/visudo.pod, plugins/sudoers/visudo.c:
9670 Make "visudo -c -f -" check the standard input.
9674 set_home and always_set_home have an effect if HOME is present in
9678 * plugins/sudoers/env.c:
9679 Make -H flag work when HOME is listed in env_keep. Also makes
9680 "set_home" and "always_set_home" override override HOME in env_keep.
9683 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
9685 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
9686 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
9687 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
9688 plugins/sudoers/visudo.c, src/net_ifs.c:
9689 Convert sudoers plugin to use interface list passed in settings.
9692 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
9693 src/parse_args.c, src/sudo.h:
9694 Query local network interfaces in the main sudo driver and pass to
9695 the plugin as "network_addrs" in the settings list.
9698 * plugins/sudoers/bsm_audit.c:
9699 Solaris BSM audit return EINVAL when auditing is not enabled,
9700 whereas OpenBSM returns ENOSYS.
9703 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
9706 missing.h should come before most local includes
9709 * plugins/sudoers/sudoreplay.c:
9710 missing.h should come before most local includes
9713 * plugins/sudoers/sudoers.h:
9714 Make local includes consistent; use double quotes for local includes
9715 except for generated ones where we use angle brackets.
9718 * plugins/sudoers/sudoers.c:
9719 Always fill in NewArgv for audit code.
9722 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
9723 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
9726 * common/alloc.c, common/atobool.c, common/fileops.c,
9727 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
9728 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
9729 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
9730 compat/getprogname.c, compat/glob.c, compat/isblank.c,
9731 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
9732 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
9733 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
9734 compat/unsetenv.c, compat/utimes.c, include/compat.h,
9735 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
9736 plugins/sample_group/plugin_test.c,
9737 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
9738 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
9739 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
9740 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
9741 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
9742 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
9743 src/sudo_noexec.c, src/ttysize.c:
9744 Make local includes consistent; use double quotes for local includes
9745 except for generated ones where we use angle brackets. Also g/c
9749 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
9751 * plugins/sudoers/match.c:
9752 When matching the runas user and runas group (-u and -g command line
9753 options), keep track of runas group and runas user matches
9754 separately. Only return a positive match if we have a match for
9755 both runas user and runas group (if specified).
9758 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
9760 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9761 Add support for multiple URI lines by joining the contents and
9762 passing the result to ldap_initialize.
9765 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
9766 Do not return -1 on error from the display functions; the caller
9767 expects a return value >= 0.
9770 * plugins/sudoers/sudoers.c:
9771 Do not set both MODE_EDIT and MODE_RUN
9774 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
9776 * include/missing.h:
9777 Move includes to the top of the file.
9780 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
9782 * plugins/sudoers/Makefile.in:
9783 Add missing definition of timedir
9786 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
9787 compat/mksiglist.c, compat/strsignal.c,
9788 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
9789 Add #include of sys/types.h for .c files that include missing.h to
9790 be sure that size_t and ssize_t are defined.
9793 * plugins/sudoers/Makefile.in:
9794 Install sudoers file from the build dir not hte src dir.
9797 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
9799 * plugins/sudoers/set_perms.c:
9800 If runas_pw changes, reset the stashed runas aux group vector.
9801 Otherwise, if runas_default is set in a per-command Defaults
9802 statement, the command runs with root's aux group vector (i.e. the
9803 one that was used when locating the command).
9806 * plugins/sudoers/Makefile.in:
9807 Add target to generate sudoers file Remove generated sudoers file as
9811 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
9814 When not logging I/O install a handler for SIGCONT and deliver it to
9815 the command upon resume. Fixes bugzilla #431
9818 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
9820 * plugins/sudoers/sudoers.h:
9821 g/c unused auth_pw extern definition
9824 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
9825 Move get_auth() into check.c where it is actually used.
9828 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
9831 Convert a remaining puts() and putchar() to use the output function.
9834 * plugins/sudoers/plugin_error.c:
9838 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
9840 * plugins/sudoers/env.c:
9841 Set dupcheck to TRUE when setting new HOME value if !env_reset but
9842 always_set_home is true. Prevents a duplicate HOME in the
9843 environment (old value plus the new one) introduced in f421f8827340.
9846 * configure, configure.in, plugins/sudoers/sudoers,
9847 plugins/sudoers/sudoers.in:
9848 Substitute sysconfdir in the installed sudoers file to get the
9849 correct path for sudoers.d.
9852 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
9855 Fix typo that prevented compilation on Irix; Friedrich Haubensak
9858 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
9860 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
9861 common/atobool.c, common/fileops.c, common/fmt_string.c,
9862 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
9863 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
9864 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
9865 compat/getprogname.c, compat/glob.c, compat/isblank.c,
9866 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
9867 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
9868 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
9869 compat/unsetenv.c, compat/utimes.c, include/compat.h,
9870 include/missing.h, plugins/sample/sample_plugin.c,
9871 plugins/sample_group/getgrent.c,
9872 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
9873 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
9874 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
9875 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
9876 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
9877 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
9878 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
9879 Merge compat.h and missing.h into missing.h
9882 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
9884 * plugins/sudoers/auth/pam.c:
9885 If the user hits ^C while a password is being read, error out before
9886 reading any further passwords in the pam conversation function.
9887 Otherwise, if multiple PAM auth methods are required, the user will
9888 have to hit ^C for each one.
9891 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
9893 * plugins/sudoers/check.c:
9897 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9898 Document sudo_conv_t function and sudo_printf_t return values.
9901 * src/conversation.c:
9902 Make _sudo_printf return the number of characters printed on success
9906 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
9908 * plugins/sudoers/sudoers.c:
9909 sudoers.h includes sudo_plugin.h for us
9912 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
9913 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
9915 Use gettimeofday() directly instead of via the gettime() wrapper.
9918 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
9919 compat/strerror.c, config.h.in, configure, configure.in,
9920 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
9921 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
9922 Remove some obsolete configure tests, ancient Unix systems are no
9926 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
9929 Set pp_kit_version and strip off patch level
9933 Better handling of versions with a patchlevel. For rpm and deb, use
9934 the patchlevel+1 as the release. For AIX, use the patchlevel as the
9935 4th version number. For the rest, just leave the patchlevel in the
9939 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
9941 * plugins/sudoers/auth/sudo_auth.c:
9942 For non-standalone auth methods, stop reading the password if the
9943 user enters ^C at the prompt.
9946 * configure, configure.in, plugins/sudoers/Makefile.in,
9947 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
9948 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
9949 plugins/sudoers/pwutil.c:
9950 No need to look up shadow password unless we are doing password-
9951 style authentication. This moves the shadow password lookup to the
9952 auth functions that need it.
9955 * plugins/sudoers/sudoers.c:
9956 Retain final passwd/group refs until the policy close() function.
9957 Note that this doesn't get called in all cases so putting this in a
9958 cleanup function is probably better.
9961 * plugins/sudoers/check.c:
9965 * plugins/sudoers/check.c:
9966 When removing/resetting the timestamp file ignore the tty ticket
9970 * plugins/sudoers/sudoers.c:
9971 delref sudo_user.pw, runas_pw and runas_gr immediately before we
9975 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
9977 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
9978 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
9979 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9980 Reference count cached passwd and group structs. The cache holds
9981 one reference itself and another is added by sudo_getgr{gid,nam} and
9982 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
9983 group structs are persistent for now.
9990 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
9992 * plugins/sudoers/check.c:
9993 Do not produce a warning for "sudo -k" if the ticket file does not
9997 * plugins/sudoers/pwutil.c:
9998 Instead of caching struct passwd and struct group in the red-black
9999 tree, store a struct cache_item which includes both the key and
10000 datum. This allows us to user the actual name that was looked up as
10001 the key instead of the contents of struct passwd or struct group.
10002 This matters because the name in the database may not match what we
10003 looked up, due either to case folding or truncation (historically at
10004 8 characters). Also mark the disabled calls to sudo_freepwcache()
10005 and sudo_freegrcache() as broken since we use cached data for things
10006 like set_perms() and the logging functions. Fixing this would
10007 require making a copy of the structs for user and runas or adding a
10008 reference count (better).
10011 * plugins/sudoers/Makefile.in:
10012 Fix path to mkinstalldirs
10015 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
10016 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
10017 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
10018 Quiet gcc warnings on glibc systems that use warn_unused_result for
10019 write(2) and others.
10022 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
10024 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10025 Add %option noinput
10028 * aclocal.m4, configure, configure.in:
10029 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
10030 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
10034 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
10036 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
10037 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
10038 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
10041 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
10044 Update to latest version
10047 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
10050 Let pp determine pp_aix_version itself.
10053 * INSTALL, config.h.in, configure, configure.in, mkpkg,
10054 plugins/sudoers/sudoers.c:
10055 Add support for Ubuntu admin flag file and enable it when building
10059 * plugins/sudoers/sudoers, sudo.pp:
10060 Add commented out SuSE-like targetpw settings
10063 * configure, configure.in:
10064 Only try to use +DAportable for non-GCC on hppa
10067 * configure, configure.in:
10068 Prevent configure from adding the -g flag unless in devel mode
10071 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
10074 Go back to sudo-flavor to match existing packages and only use an
10075 underscore for those that need it.
10079 Use sudo_$flavor instead of sudo-$flavor since that causes the least
10080 amount of trouble for the various package managers.
10084 Fix handling of the ldap flavor Remove destdir unless --debug was
10085 specified Make distclean before running configure if there is a
10090 Add back include file.
10094 Pass extra args on to configure on HP-UX, if we don't have the HP C
10095 compiler, disable zlib to prevent gcc from finding it in
10100 Use the HP ANSI C compiler on HP-UX if possible
10103 * plugins/sudoers/sudoreplay.c:
10104 Some getline() implementations (FreeBSD 8.0) do not ignore the
10105 length pointer when the line pointer is NULL as they should.
10108 * plugins/sudoers/sudoreplay.c:
10109 Don't need to check for *cp being non-zero, isdigit() will do that.
10112 * plugins/sudoers/sudoreplay.c:
10113 Add setlocale() so the command line arguments that use floating
10114 point work in different locales. Since sudo now logs the timing
10115 data in the C locale we must Parse the seconds in the timing file
10116 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
10117 the number of seconds with the user's locale so if the decimal point
10118 is not '.' try using the locale-specific version.
10122 Do I/O logging in the C locale so the floating point numbers in the
10123 timing file are not locale-dependent.
10126 * plugins/sudoers/sudoreplay.c:
10127 Use errorx() not error() for thingsthat don't set errno.
10130 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
10133 Better support for 1.2.3 style versions in Tru64 kits
10137 Add Tru64 kit support
10141 Remove apparently unnecessary use of sudo
10144 * Makefile.in, plugins/sudoers/Makefile.in:
10145 Create timedir as part of install-dirs target.
10149 Handle ENXIO from read/write which can occur when reading/writing a
10150 pty that has gone away.
10153 * plugins/sudoers/pwutil.c:
10154 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
10158 platform is a pp flag not a variable
10161 * Makefile.in, mkpkg, sudo.pp:
10162 Add simple arg parsing for mkpkg so we can set debug, flavor or
10167 Make rpm backend work on AIX 5.x
10170 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
10172 * plugins/sudoers/sudoers:
10173 Add commented out Defaults entry for log_output
10176 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
10179 Remove sudo docdir completely
10182 * doc/sample.sudo.conf:
10183 Add sample sudo.conf
10186 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
10188 * plugins/sudoers/Makefile.in:
10189 Add PACKAGE_TARNAME for docdir
10192 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
10195 Pass install-sh -b~ here too.
10198 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
10199 plugins/sudoers/Makefile.in, src/Makefile.in:
10200 Install binary files with -b~ to make a backup. Fixes "text file
10201 busy" error on HP-UX during install.
10205 "mv -f" on HP-UX doesn't unlink the destination first so add an
10206 explicit rm before moving the temporary into place.
10209 * configure, configure.in:
10210 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
10213 * doc/Makefile.in, plugins/sudoers/Makefile.in:
10214 Install sudoers2ldif in the doc dir
10217 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
10220 Add missing include of maillock.h for Solaris
10223 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
10224 doc/sample.syslog.conf, doc/sudoers.cat:
10225 Change the default syslog facility from local2 to authpriv (or auth
10226 if the operating system doesn't support authpriv).
10229 * Makefile.in, sudo.pp:
10230 Install sudoers as /etc/sudoers on RPM and debian systems where the
10231 package manager will not replace a user-modified configuration file.
10232 This fixes upgrades from the vendor sudo packages.
10236 RPM: use %config(noreplace) instead of %config for volatile This
10237 results in the new file being installed with a .rpmnew suffix
10238 instead of the file being replaced and the old one renamed with a
10242 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
10244 * compat/mkstemps.c, plugins/sudoers/boottime.c:
10245 Include time.h for struct timeval
10249 The return value of strsignal() may be const and should be treated
10250 as const regardless.
10253 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10254 Mention that 127.0.0.1 will not match, nor will localhost unless
10255 that is the actual host name.
10258 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
10259 Rename WHATSNEW -> NEWS
10263 Updated pp with latest patches
10270 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
10271 plugins/sudoers/sudoers:
10272 Add commented out line to add HOME to env_keep and add a warning to
10273 the note about the HOME change in UPGRADE.
10276 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
10278 * plugins/sudoers/sudoreplay.c:
10279 Add LINE_MAX define for those without it.
10282 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
10283 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
10284 plugins/sudoers/defaults.c:
10285 The tty_tickets option is now on by default.
10289 Mention that AIX authdb support has been fixed.
10293 setauthdb() only sets the "old" registry if it was set by a previous
10294 call to setauthdb(). To restore the original value, passing NULL
10295 (or an empty string) to setauthdb() is sufficient.
10298 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
10300 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
10301 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
10302 plugins/sudoers/env.c:
10303 Reset HOME when env_reset is enabled unless it is in env_keep
10306 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10307 The default for set_logname has been "true" for some time now.
10310 * plugins/sudoers/boottime.c:
10311 Add missing include of time.h
10314 * plugins/sudoers/logging.c:
10315 Fix check for dup2() return value.
10318 * plugins/sudoers/env.c:
10319 Add PYTHONUSERBASE to initial_badenv_table
10322 * plugins/sudoers/visudo.c:
10323 Treat an unknown defaults entry as a parse error.
10326 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
10327 Check return value of setdefs() but don't stop setting defaults if
10328 we hit an unknown one.
10331 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
10332 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
10333 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
10334 plugins/sudoers/env.c:
10335 If env_reset is enabled, set the MAIL environment variable based on
10336 the target user unless MAIL is explicitly preserved in sudoers.
10339 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
10342 decode debian code names
10349 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
10356 Restore RLIMIT_NPROC after the uid switch if it appears that
10357 runas_setup() did not do it for us. Fixes a bash script problem on
10358 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
10361 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
10363 * mkpkg, pp, sudo.pp:
10364 Restore the dot removal in the os version reported by polypkg. Adapt
10365 mkpkg and sudo.pp to the change.
10368 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
10371 document --with-pam-login
10374 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10375 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
10378 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
10381 Include flavor in solaris package name
10385 Older shells don't support IFS= so set explictly to space, tab,
10390 Use '=' not '==' in test
10394 Fix typo that prevented debian from matching
10398 Add missing prefix setting for debian
10402 Use tab indents to reduce the chance of problem with <<- Fix the
10403 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
10404 line in sudoers for debian Uncomment some env_keep lines for RHEL,
10405 SLES and debian to more closely match the vendor sudoers files.
10406 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
10407 debian for ldap flavor
10410 * plugins/sudoers/sudoers:
10411 Add commented out env_keep entries, sample Aliases and a %sudo line
10415 * configure, configure.in:
10416 Move zlib check later on in the script to avoid a strange shell
10421 Remove check for egrep; configure has its own
10424 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
10427 Enable zlib for linux distros
10431 Add ldap flavor to default build
10435 Simplify rpm linux distro settings
10438 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
10439 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
10443 Fix ChangeLog creation from build dir
10446 * plugins/sudoers/sudoers.c:
10447 Handle getcwd() failure.
10450 * doc/Makefile.in, mkpkg, sudo.pp:
10451 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
10452 environment variable.
10456 Create sudo group on debian
10460 Add debian 4/5/6 and use the dot when doing version matches
10463 * aclocal.m4, configure:
10464 Use a loop when searching for mv, sendmail and sh
10467 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10468 Remove spurious "and"; from debian
10471 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
10472 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
10473 doc/visudo.man.in, doc/visudo.pod:
10474 Substitute the value of EDITOR into the sudoers and visudo manuals.
10477 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
10479 * mkpkg, pp, sudo.pp:
10480 Initial support for debian 4.0
10484 Some platforms need -fPIE instead of -fpie
10487 * plugins/sudoers/auth/pam.c:
10488 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
10489 On Linux it causes a DNS lookup via libaudit.
10493 Update MANIFEST to match packaging changes
10497 We now use pp to generate HP-UX packages
10500 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
10501 Remove vestiges of old binary package bits.
10504 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
10505 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
10506 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
10508 install-man -> install-doc
10511 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
10512 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
10513 Use http://rc.quest.com/topics/polypkg/ for packaging
10517 Just ignore the -c option, it is the default Add support for -d
10521 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
10523 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
10524 Use _PATH_STDPATH instead of _PATH_DEFPATH
10527 * plugins/sudoers/Makefile.in, src/Makefile.in:
10528 Do not strip binaries.
10531 * INSTALL, configure, configure.in:
10532 Add --insults=disabled configure option to allow people to build in
10533 insult support but have the insults disabled unless explicitly
10534 enabled in sudoers.
10537 * compat/mkstemps.c:
10538 Add prototype for gettime()
10541 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
10542 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
10543 plugins/sudoers/sudoers.h:
10544 Add support for a sudo-i pam.d file to be used for "sudo -i".
10545 Adapted from a RedHat patch.
10548 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
10550 * include/missing.h:
10551 Fix mkstemps() prototype
10554 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
10555 config.h.in, configure, configure.in, include/missing.h,
10557 Use mkstemps() instead of mkstemp() in sudoedit. This allows
10558 sudoedit to preserve the file extension (if any) which may be used
10559 by the editor (like emacs) to choose the editing mode.
10562 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
10564 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
10565 plugins/sudoers/ldap.c:
10566 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
10567 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
10568 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
10569 should avoid disabling TLS_CHECKPEER is possible.
10572 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
10574 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10575 Make sudo_plugin format a bit more like a man page
10578 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10579 Add suport for negated user/host/command lists in a Defaults entry.
10580 E.g. Defaults:!baduser noexec
10583 * Makefile.in, common/Makefile.in, compat/Makefile.in,
10584 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
10585 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
10587 Add uninstall target
10590 * common/Makefile.in, compat/Makefile.in:
10591 Remove unused AR, SED and RANLIB variables
10595 Do not install sample plugins
10598 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
10600 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
10601 configure.in, plugins/sudoers/env.c:
10602 Now that sudoers is a dynamically loaded module we cannot override
10603 the libc environment functions because the symbols may already have
10604 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
10605 replacements from sudoers and add replacements for setenv/unsetenv
10606 for systems that lack them.
10609 * configure, configure.in, plugins/sudoers/Makefile.in:
10610 Link testsudoers with -ldl when needed
10613 * plugins/sample_group/plugin_test.c:
10614 Remove unused time.h and add limits.h for PATH_MAX
10617 * doc/sudoers.ldap.pod:
10621 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
10623 * plugins/sample_group/plugin_test.c:
10624 Do not depend on strlcpy/strlcat
10627 * plugins/sample_group/plugin_test.c:
10628 Standalone test driver for sudoers group plugin.
10631 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
10633 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
10634 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
10638 * plugins/sample_group/sample_group.c:
10639 Fix style nit in function declarations
10642 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10643 Document group_plugin syntax.
10646 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10647 Document the sudoers group plugin.
10650 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
10651 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
10652 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
10653 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
10654 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
10655 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
10656 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
10657 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
10658 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
10659 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
10660 Replace built-in non-unix group support with a sudoers group plugin.
10661 Include a sample plugin that can read Unix-format group files.
10664 * configure, configure.in, src/load_plugins.c:
10665 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
10668 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
10670 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
10671 doc/sudoers.man.in, doc/sudoers.pod:
10672 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
10675 * aclocal.m4, configure, configure.in:
10676 Substitute @io_logdir@ for the sudoers I/O log directory.
10679 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
10681 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
10682 common/atobool.c, common/fileops.c, common/fmt_string.c,
10683 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
10684 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
10685 compat/snprintf.c, config.h.in, configure, configure.in,
10686 include/fileops.h, plugins/sample/sample_plugin.c,
10687 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
10688 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
10689 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
10690 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
10691 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
10692 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
10693 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
10694 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
10695 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
10696 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
10697 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
10698 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
10699 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
10700 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
10701 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
10702 plugins/sudoers/logging.c, plugins/sudoers/match.c,
10703 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
10704 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
10705 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
10706 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
10707 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
10708 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
10709 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
10710 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
10711 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
10712 Set usrinfo for AIX Set adminstrative domain for the process when
10713 looking up user's password or group info and when preparing for
10714 execve(). Include strings.h even if string.h exists since they may
10715 define different things. Fixes warnings on AIX and others.
10719 Add a separate all target for AIX make which was using the entire
10720 LHS (not just the first entry) of the first target as the implicit
10724 * plugins/sudoers/env.c:
10725 Do not rely on env.env_len when unsetting a variable, just use the
10729 * plugins/sudoers/env.c:
10730 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
10733 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
10735 * plugins/sudoers/vasgroups.c:
10736 Use warningx() instead of log_error() since the latter is not
10737 available to visudo or testsudoers. This does mean that they don't
10741 * plugins/sudoers/sudoers.c:
10742 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
10743 closed the sudoers sources. From Quest sudo.
10746 * plugins/sudoers/pwutil.c:
10747 Ignore case when matching user/group names in the cache. From Quest
10751 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
10753 * config.h.in, configure, configure.in, src/selinux.c:
10754 Add check for setkeycreatecon() when --with-selinux is specified.
10757 * configure, configure.in:
10758 Error out if libaudit.h is missing or ununable when --with-linux-
10759 audit was specified
10762 * doc/HISTORY, doc/history.pod:
10763 Add =head3 entries, mostly for the html version
10766 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
10768 * doc/HISTORY, doc/history.pod:
10769 Mention when LDAP was incorporate.
10772 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
10774 * configure, configure.in:
10775 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
10776 not covered by _ALL_SOURCE.
10779 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
10781 * plugins/sudoers/iolog.c:
10782 Add a cast to quiet a compiler warning.
10785 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
10786 Quiet a compiler warning.
10789 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
10790 Call set_fqdn() after sudoers has parsed instead of inline as a
10794 * WHATSNEW, plugins/sudoers/sudoers.c:
10795 Do not call set_fqdn() until sudoers parses (where is gets run as a
10800 mention the change in tty ticket behavior when there is no tty
10803 * plugins/sudoers/check.c:
10804 Do not update tty ticket if there is no tty.
10807 * doc/LICENSE, doc/license.pod:
10808 Update copyright year
10812 Do not rely on BSD make's $>
10815 * configure, configure.in:
10816 Set timedir to /var/db/sudo for darwin to match Apple sudo's
10820 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
10822 * plugins/sudoers/sudoers.h:
10823 Add stub declarations for struct stat and struct timeval
10827 Remove compat/sigaction.c
10830 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
10831 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
10832 Check for zlib.h in addition to libz.
10835 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
10837 Move functions and symbols shared between exec.c and exec_pty.c into
10842 Comment out rules to build .man.in and .cat files unless --with-
10847 Comment out rules to build .man.in and .cat files unless --with-
10851 * src/parse_args.c:
10852 Quote any non-alphanumeric characters other than '_' or '-' when
10853 passing a command to be run via the shell for the -s and -i options.
10857 Add back .man suffix
10860 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
10861 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
10862 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
10863 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
10865 Add Linux audit support.
10868 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
10870 * plugins/sudoers/iolog.c:
10874 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
10875 plugins/sudoers/sudoreplay.c:
10876 Add -f (filter) option to sudoreplay to allow certain streams to be
10877 replayed and others ignored.
10880 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
10882 Fix -A flag when askpass is specified in sudo.conf or if sudo
10883 doesn't need to read a password.
10886 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
10887 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
10891 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
10892 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
10893 Add support for multiple sudoers_base entries in ldap.conf. From
10897 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
10899 remove setsid check, we require a POSIX system
10902 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
10903 src/sudo.c, src/tgetpass.c:
10904 Check for dup2() failure.
10907 * config.h.in, configure, configure.in:
10908 Remove dup2() check, it is not optional.
10911 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
10914 sync with sudo 1.7.3
10918 SunOS does not ship with an ANSI compiler
10922 Update OS specific notes. Delete some really ancient ones and move
10923 older ones to the end of the list.
10927 Sudo can be downloaded from the web site too Mention "OS dependent
10928 notes" section in INSTALL
10931 * src/exec_pty.c, src/selinux.c:
10932 Call selinux_restore_tty() as part of cleanup() so it gets called
10933 from error()/errorx()
10936 * MANIFEST, doc/PORTING:
10937 Remove obsolete porting guide
10940 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
10941 Move union sudo_in_addr_un into interfaces.h
10945 Remove useless circular dependencies
10948 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
10949 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
10950 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
10951 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
10952 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
10953 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
10954 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
10955 Convert to ANSI C function declarations
10958 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
10959 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
10960 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
10961 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
10962 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
10963 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
10964 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
10965 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
10966 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
10967 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
10968 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
10969 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
10970 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
10971 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
10972 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
10973 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
10974 plugins/sudoers/logging.h, plugins/sudoers/match.c,
10975 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
10976 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
10977 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
10978 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
10979 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
10980 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
10981 src/conversation.c, src/error.c, src/load_plugins.c,
10982 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
10983 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
10984 Update copyright year
10988 Fix commented DEVDOCS when not in devel mode.
10991 * plugins/sudoers/match.c:
10992 Quiet a compiler warning.
10995 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
10996 Quiet a compiler warning.
10999 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
11000 Make all functions in ldap.c static
11003 * doc/schema.ActiveDirectory:
11004 Updates from Alain Roy to provide better examples for importing the
11005 schema and to fix problems caused by Windows validating attributes
11006 which have not yet been added before committing the changes.
11009 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
11011 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
11012 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
11013 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
11014 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
11015 doc/visudo.cat, doc/visudo.man.in:
11016 Leave rules to build .man.in and .cat files uncommented but only
11017 make them part of the "all" rule in devel mode. Generate .cat files
11018 directly from .man.in instead of .man using default values in
11022 * configure, configure.in:
11023 Bump sudo version to 1.8.0b1
11026 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
11027 Print configure args with verbose version information.
11030 * TODO, plugins/sudoers/visudo.c:
11031 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
11032 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
11033 Use tq_append to append sudoers entries to the tail queue.
11036 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
11039 Describe tty timestamp improvements
11042 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11043 A comment character may not be part of a command line argument
11044 unless it is quoted with a backslash. Fixes parsing of:
11045 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
11049 Make this read a little bit better when passwd_timeout is 0.
11052 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
11053 Attempt to handle a default password prompt timeout of zero more
11057 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11058 Do not override value of keepopen global, instead restore it to the
11059 value we pushed onto the stack when popping.
11062 * plugins/sudoers/Makefile.in:
11063 Add dependency for utility programs on libreplace and libcommon
11066 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
11067 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
11068 src/exec.c, src/exec_pty.c, src/tgetpass.c:
11069 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
11072 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
11073 We don't use getgrouplist() at the moment so there's no need to
11074 provide a compat version.
11081 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
11082 src/conversation.c, src/sudo.h, src/tgetpass.c:
11083 Fix visiblepw sudoers option; the plugin API portion still needs
11088 Print sudo version as well.
11091 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
11092 Use sudo_printf for I/O log version Clarify policy plugin version
11096 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
11097 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
11098 Silence some compiler warnings
11101 * src/load_plugins.c, src/tgetpass.c:
11102 Store askpass path in a global instead of uses setenv() which many
11106 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11108 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
11109 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11110 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
11111 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11112 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
11113 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
11115 Move askpass path specification from sudoers to sudo.conf.
11118 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
11119 Use a flag bit in struct command_details for selinux instead of a
11123 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
11124 Implement background mode. If I/O logging we use pipes instead of a
11128 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
11129 src/exec.c, src/exec_pty.c, src/tgetpass.c:
11130 Move compat definition of NSIG to compat.h
11133 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
11134 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11135 Mention plugins in the sudo manual and add some missing path
11136 substitution in the sudo_plugin manual.
11140 Set _PATH_SUDO_CONF based on $(sysconfdir)
11143 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
11144 src/exec.c, src/exec_pty.c, src/ttysize.c:
11145 Require POSIX termios to build sudo
11149 Ignore SIGPIPE for "sudo -S"
11153 Fix uninitialized variable in TGP_ECHO case and print a newline if
11154 the user interrupted password input.
11158 Make TGP_ECHO override TGP_MASK and don't try to restore the
11159 terminal if we didn't modify it.
11162 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11163 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
11164 src/conversation.c, src/sudo.h, src/tgetpass.c:
11165 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
11166 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
11171 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
11174 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
11176 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
11177 Add selinux_enabled flag into struct command_details and set it in
11178 command_info_to_details(). Return an error from selinux_setup()
11179 instead of exiting. Call selinux_setup() from exec_setup().
11182 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11185 Remove commented out copy of old sudo_execve() function.
11188 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
11190 * plugins/sudoers/sudoers.c:
11191 Fix setting selinux type on command line.
11194 * plugins/sudoers/iolog.c:
11195 In sudoers_io_close(), skip NULL io_fds[] elements.
11198 * include/compat.h:
11199 No longer need NGROUPS_MAX define
11202 * compat/nanosleep.c, config.h.in, configure, configure.in,
11203 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
11204 plugins/sudoers/visudo.c, src/sudo_edit.c:
11205 Replace timerfoo macros with timevalfoo since the timer macros are
11206 known to be busted on some systems.
11210 Remove duplicate call to selinux_setup().
11213 * plugins/sudoers/auth/pam.c:
11214 If pam_open_session() fails, pass its status to pam_end.
11217 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11218 If a file in a #includedir has improper permissions or owner just
11219 skip it. This prevents packages that incorrectly install a file
11220 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
11221 #includedir files still result in a parse error (for now).
11224 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
11225 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
11226 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
11227 Add use_pty sudoers option to force use of a pty even when not
11231 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
11232 Make env_init() void as it never fails.
11235 * plugins/sudoers/env.c:
11236 No longer use _NSGetEnviron so don't need crt_externs.h
11239 * plugins/sudoers/env.c:
11240 Remove unused VNULL define
11243 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
11245 * plugins/sudoers/iolog.c:
11246 Add #define for maximum session id
11249 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
11250 Split exec.c into exec.c and exec_pty.c
11254 Sync with source file moves.
11257 * src/Makefile.in, src/get_pty.c, src/pty.c:
11258 Rename pty.c -> get_pty.c
11261 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
11263 * plugins/sudoers/iolog.c:
11264 Only use I/O input log file if def_log_input is set and output file
11265 if def_log_output is set.
11268 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
11270 * compat/strsignal.c:
11271 Update copyright year
11278 * plugins/sudoers/sudoers.c:
11279 For sudoedit, make a local copy of editor string si become part of
11280 argv. If no editor environment variable, split def_editor on ':'
11281 since it may be a colon-delimited path.
11285 Remove unneeded endpwent()/endgrent()
11289 Use value of nroff from configure
11293 Add missing const to I/O log action function
11296 * plugins/sudoers/check.c:
11297 Update copyright year and fix whitespace
11300 * configure, configure.in:
11304 * plugins/sudoers/iolog.c:
11305 Remove redundant tty signal blocking in log function.
11308 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
11310 * plugins/sudoers/iolog.c:
11311 Place static keyword where it belongs
11314 * plugins/sudoers/logging.c:
11315 Always use a printf format string for send_mail()
11318 * common/atobool.c, plugins/sudoers/ldap.c:
11319 Extend atobool() so we can use it in the LDAP code.
11322 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
11323 Sudo now stashes tty ctime for tty_tickets on Solaris too.
11326 * plugins/sudoers/boottime.c:
11327 Fix dummy version of get_boottime()
11330 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
11332 * plugins/sudoers/check.c:
11333 Enable tty_is_devpts() support for Solaris with the "devices"
11338 Unbreak the non-io logging case.
11341 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
11342 Fix symbol name conflict with sudo_printf.
11345 * plugins/sudoers/auth/pam.c:
11346 Fix OpenPAM detection for newer versions.
11349 * plugins/sudoers/vasgroups.c:
11350 Sync with Quest sudo git repo
11353 * aclocal.m4, configure, configure.in:
11354 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
11355 Add missing template for ENV_DEBUG Adapted from Quest sudo
11359 Fix typos; from Quest Sudo
11362 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
11364 * plugins/sudoers/Makefile.in:
11365 Add back -I$(top_srcdir); we need it for including compat/foo.h
11366 since we cannot rely on "foo.h" being found relative to the source
11367 file when the cwd is different.
11371 Fix a bug where we could treat EAGAIN as a permanent error. Also set
11372 cstat if perform_io() returns an error.
11375 * common/alloc.c, plugins/sudoers/boottime.c,
11376 plugins/sudoers/sudoers.c:
11377 Add casts to quiet compiler warnings.
11380 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11381 plugins/sudoers/visudo.c:
11382 Fix typo in ternary operator usage.
11385 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
11387 * INSTALL, configure, configure.in:
11388 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
11391 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
11392 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
11393 Update docs to match sudoers I/O logging changes
11396 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
11397 pathnames.h.in, plugins/sudoers/def_data.c,
11398 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11399 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
11400 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
11401 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
11402 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
11403 plugins/sudoers/sudoreplay.c:
11404 Break sudoers transcript feature up into log_input and log_output.
11407 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11408 plugins/sudoers/visudo.c:
11409 Use setprogname() as needed.
11412 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
11413 Adapt sudoreplay to iolog changes.
11416 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
11418 * plugins/sudoers/iolog.c:
11419 Log all input and output into separate files and store a number on
11420 each timing file line to indicate which file the data is in.
11423 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
11424 plugins/sudoers/sudoers.h:
11425 Make sudoers_io functions static to iolog.c
11428 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
11430 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
11431 src/sudo_usage.h.in:
11432 Completely remove the -L flag from the sudo front end.
11435 * plugins/sudoers/sudoreplay.c:
11436 Fix EAGAIN handling when writing to stdout.
11439 * plugins/sudoers/sudoers.c:
11440 Eliminate unused variables
11443 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
11444 Re-enable cleanup functions in sudoers plugin and sudo driver for
11448 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
11449 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
11450 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
11451 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
11452 Use sudo_printf to display verbose version information.
11455 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
11456 plugins/sudoers/Makefile.in, src/Makefile.in:
11457 Minor Makefile cleanup: fix a typo, change the removal order in the
11458 clean targets, and remove a superfluous include path for the sudoers
11462 * plugins/sudoers/env.c:
11463 Handle duplicate variables in the environment. For unsetenv(), keep
11464 looking even after remove the first instance. For sudo_putenv(),
11465 check for and remove dupes after we replace an existing value.
11468 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
11470 * plugins/sudoers/Makefile.in:
11471 Use explicit path to source file instead of $< for files that live
11472 in devdir and top_srcdir.
11475 * plugins/sudoers/Makefile.in:
11476 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
11477 ending LIBSUDOERS_OBJS with a backslash
11480 * plugins/sudoers/Makefile.in, src/Makefile.in:
11481 Link libcommon before libreplace since libcommon may use functions
11482 only present in libreplace.
11485 * common/Makefile.in:
11486 Move code common to sudo and the sudoers plugin to a convenience
11487 library, libcommon. Removes the need to make links in the sudoers
11488 plugin dir and reduces re-compilation of duplicate object files.
11491 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
11492 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
11493 common/term.c, common/zero_bytes.c, configure, configure.in,
11494 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
11495 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
11496 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
11498 Move code common to sudo and the sudoers plugin to a convenience
11499 library, libcommon. Removes the need to make links in the sudoers
11500 plugin dir and reduces re-compilation of duplicate object files.
11503 * src/exec.c, src/sudo.c, src/sudo.h:
11504 Rename script_execve to sudo_execve and rename script_foo in exec.c
11507 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
11508 rename script.c exec.c and fix up the MANIFEST file
11511 * src/script.c, src/sudo.c, src/sudo.h:
11512 Rename script_setup() to pty_setup() and call from script_execve()
11516 * configure, configure.in:
11517 bump version to 1.8.0a2
11520 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11521 Document init_session
11524 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
11525 plugins/sudoers/auth/sudo_auth.h:
11526 Clean up the sudoers auth API a bit and update the docs.
11529 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
11530 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
11531 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
11532 Add init_session function to struct policy_plugin that gets called
11533 before the uid/gid/etc changes. A struct passwd pointer is passed
11534 in,which may be NULL if the user does not exist in the passwd
11535 database.The sudoers module uses init_session to open the pam
11539 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
11541 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
11542 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
11543 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
11544 Add open/close session to sudo auth, only used by PAM. This allows
11545 us to open (and close) the PAM session from sudoers.
11548 * plugins/sudoers/Makefile.in:
11549 Add explicit rule to build getdate.o for HP-UX make.
11552 * plugins/sudoers/Makefile.in:
11553 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
11554 rules as an alternate way to prevent HP-UX make (and others) from
11555 trying to rebuild the parser in non-dev mode.
11558 * plugins/sudoers/sudoers.c:
11559 Re-enable PATH_MAX check for command
11563 For distclean, clean the main directory last since the subdirs need
11564 to be able to run libtool to clean things.
11567 * compat/Makefile.in:
11568 Fix generation of mksiglist.h
11572 Now that we defer sending cstat until the end of script_child() we
11573 cannot reuse cstat when reading command status from parent.
11576 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
11578 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
11579 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
11580 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
11581 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
11582 Use numeric registers to handle conditionals instead of trying to do
11583 it all with text processing.
11587 Document per-command SELinux settings
11590 * plugins/sudoers/sudoers.c:
11591 Repair "sudo -l -U username"
11594 * plugins/sudoers/sudoers.c:
11595 Set selinux role and type in command details.
11598 * src/script.c, src/selinux.c, src/sudo.h:
11599 Rework SELinux support.
11602 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
11604 * src/script.c, src/selinux.c, src/sudo.h:
11605 Make SELinux support compile again. Needs more work to be complete.
11608 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11609 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
11610 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
11612 Bring back closefrom settings.
11615 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
11616 plugins/sudoers/sudoers.h:
11617 If running a command or sudoedit in transcript mode, call
11618 io_nextid() before log_allowed() so the session id is logged.
11621 * configure, configure.in:
11622 Use mandoc(1) if nroff(1) is not present.
11626 Use the --file argument to config.status instead of setting
11627 CONFIG_FILES in the environment.
11630 * plugins/sudoers/Makefile.in:
11631 We cannot conditionally update gram.h or the dependency ordering
11632 gets messed up in devel mode.
11635 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
11637 * Makefile.in, compat/Makefile.in, configure, configure.in,
11638 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
11639 plugins/sudoers/Makefile.in, src/Makefile.in:
11640 Substitute @SHELL@ into Makefiles
11647 * config.guess, config.sub, configure, configure.in:
11648 Update to autoconf 2.65
11652 Fix libtool target (space vs. tabs)
11655 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
11656 Remove use of RETSIGTYPE; all modern systems have signal handlers
11660 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
11661 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
11662 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
11663 plugins/sudoers/Makefile.in, src/Makefile.in:
11664 Update to libtool-2.2.6b. I haven't made any local modifications
11665 this time, which should be OK since we install sudo_noexec.so by
11669 * compat/Makefile.in, plugins/sample/Makefile.in,
11670 plugins/sudoers/Makefile.in, src/Makefile.in:
11671 Use libtool to clean objects
11674 * include/Makefile.in:
11675 Install sudo_plugin.h as part of "make install" and make other
11676 install targets callable from the top-level Makefile
11679 * configure, configure.in:
11680 regen with autoupdate to eliminate AC_TRY_LINK
11683 * Makefile.in, compat/Makefile.in, configure, configure.in,
11684 doc/Makefile.in, plugins/sample/Makefile.in,
11685 plugins/sudoers/Makefile.in, src/Makefile.in:
11686 Install sudo_plugin.h as part of "make install" and make other
11687 install targets callable from the top-level Makefile
11690 * plugins/sample/sample_plugin.c:
11691 The sample plugin doesn't support being run with no args so return a
11692 usage error in this case.
11695 * plugins/sudoers/iolog.c:
11696 Set close on exec flag for descriptors used for I/O logging so they
11697 are not present in the command being run.
11700 * plugins/sudoers/tsgetgrpw.c:
11701 Set close on exec flag in private versions of setpwent() and
11706 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
11707 Fixes extra fds being present in the command when it is part of a
11711 * plugins/sudoers/sudoers.c:
11712 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
11713 is used when logging). Note that user_ttypath will still be NULL if
11717 * src/script.c, src/sudo.h:
11718 Cosmetic changes: add comments, remove orphaned prototype and
11719 make a global static.
11722 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
11725 Move check for maxfd == -1 to flush_output where it belongs.
11729 Break out of select loop if all the fds we want to select on are -1.
11733 Avoid possible malloc(0) if plugin returns an empty groups list.
11737 Add debugging info when calling plugin close function
11741 Avoid closing stdin/stdout/stderr when we are piping output.
11745 When execve() of the command fails, it is possible to receive
11746 SIGCHLD before we've read the error status from the pipe. Re-order
11747 things such that we send the final status at the very end and prefer
11748 error status over wait status.
11751 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
11753 * plugins/sudoers/auth/sudo_auth.c:
11754 Fix compilation for non PAM/BSD auth/AIX auth
11757 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
11760 Additional checks to make sure we don't close /dev/tty by mistake.
11761 When flushing, sleep in select as long as we have buffers that need
11766 Now that we can use pipes for stdin/stdout/stderr there is no longer
11767 a need to error out when there is no tty. We just need to make sure
11768 we don't try to use the tty fd if it is -1.
11771 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
11773 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11774 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
11775 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
11776 Add argc and argv to I/O logger open function.
11779 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
11780 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
11781 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
11782 Remove check_sudoedit function pointer in struct sudo_policy.
11783 Instead, sudo will set sudoedit=true in the settings array. The
11784 plugin should check for this and modify argv_out as appropriate in
11788 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
11790 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
11792 If plugin sets "sudoedit=true" in the command info, enable sudoedit
11793 mode even if not invoked as sudoedit. This allows a plugin to
11794 enable sudoedit when the user runs an editor.
11797 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
11799 * plugins/sudoers/Makefile.in:
11800 gram.h must not depend on gram.y if we want to avoid unnecessary
11801 rebuilding of targets dependent on gram.h when gram.y changes.
11804 * plugins/sample/sample_plugin.c:
11805 Refactor common bits of check_policy and check_edit
11808 * plugins/sample/sample_plugin.c:
11809 Add sudoedit support
11812 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
11814 * plugins/sudoers/Makefile.in:
11815 Rely more on VPATH; fixes a dependency issue with the parser.
11818 * include/compat.h:
11819 Fix typo introduced in last commit
11822 * include/compat.h:
11823 Emulate seteuid using setreuid() or setresuid() as needed. There are
11824 still a few places that call seteuid() directly.
11827 * src/parse_args.c, src/sudo_edit.c:
11828 Attempt to fix building on systems that only have setuid.
11831 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11832 Clarify sudoedit a tad.
11835 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
11838 Fix compilation on HP-UX
11841 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11845 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
11846 Change how we handle the sudoedit argv. We now require that there
11847 be a "--" in argv to separate the editor and any command line
11848 arguments from the files to be edited.
11851 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
11852 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
11853 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
11854 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
11855 src/sudo.h, src/sudo_edit.c:
11856 Work in progress support for sudoedit. The actual interface used by
11857 the plugin for sudoedit is likely to change.
11860 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
11861 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
11862 Make find_path() a little more generic by not checking def_foo
11863 variables inside it. Instead, pass in ignore_dot as a function
11867 * plugins/sudoers/env.c:
11868 Add version of getenv(3) that uses our own environ pointer.
11871 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
11874 Avoid a potential race condition if SIGCHLD is received immediately
11875 before we call select().
11878 * plugins/sudoers/sudoers.c:
11879 Call env_init() before we open the sudoers sources as those may call
11880 our setenv() replacement.
11883 * plugins/sudoers/env.c:
11884 Initialize env_len in env_init()
11887 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
11889 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
11890 Document time stamp shortcomings under SECURITY NOTES Use "time
11891 stamp" instead of timestamp.
11895 Make sed substitution of mansectsu and mansectform global.
11898 * plugins/sudoers/check.c:
11899 If the tty lives on a devpts filesystem, stash the ctime in the tty
11900 ticket file, as it is not updated when the tty is written to. This
11901 helps us determine when a tty has been reused without the user
11902 authenticating again with sudo.
11906 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
11907 is what our compat checks set.
11910 * configure, configure.in:
11911 Add check for whether sudo need to link with -ldl to get dlopen().
11912 This is a bit of a hack that will get reworked when libtool is
11916 * plugins/sudoers/check.c:
11917 Fix timestamp removal with -k/-K
11920 * plugins/sudoers/Makefile.in:
11921 audit.c is now private to the sudoers plugin
11924 * configure, configure.in:
11925 Link with -lpthread on HP-UX since a plugin may be linked with
11926 -lpthread and dlopen() will fail if the shared object has a
11927 dependency on -lpthread but the main program is not linked with it.
11930 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
11931 Add separate test for getresuid() since HP-UX has setresuid() but no
11936 Remove errant backslash
11940 Fix SIGPIPE handling. Now that we use may use pipes for
11941 stdin/stdout we need to pass any SIGPIPE we receive to the running
11946 Also start the command in the background if stdin is not a tty.
11949 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
11951 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
11952 No need to use pseudo-cbreak mode now that we use pipes when stdout
11953 is not a tty. Instead, check whether stdin is a tty and if not,
11954 delay setting the tty to raw mode until the command tries to access
11955 it itself (and receives SIGTTIN or SIGTTOU).
11959 Use an array for signals received instead of a single variable so we
11960 don't lose any when there are multiple different signals.
11964 Do signal setup after turning off echo, not before. If we are using
11965 a tty but are not the foreground pgrp this will generate SIGTTOU so
11966 we want the default action to be taken (suspend process).
11969 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
11972 Flush the iobufs on suspend or child exit using the same logic as
11973 the main event loop.
11977 Free memory after we are done with it.
11980 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
11983 Quest now sponsors Sudo development
11986 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
11989 Install sudo_plugin man page.
11993 Go back to reseting io_buffer offset and length (and now also the
11994 EOF handling) in the loop we do the FD_SET, not after we drain the
11995 buffer after write() since we don't know what order reads and writes
12000 audit files moved to sudoers plugin directory
12003 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12004 Document plugin_printf and new logging functions.
12008 Add support for logging stdin when it is not a tty. There is still a
12009 bug where "cat | sudo cat" has problems because both cat and sudo
12010 are trying to read from the tty.
12013 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
12014 plugins/sudoers/sudoers.c, src/script.c:
12015 Add separate I/O logging functions for tty in/out and
12016 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
12017 is disabled for now.
12020 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
12022 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
12023 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
12024 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
12025 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12026 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
12027 Add pointer to a printf like function to plugin open functon. This
12028 can be used instead of the conversation function to display info and
12033 Stop if make in a subdir fails
12037 Only set user's tty to blocking mode when doing the final flush.
12038 Flush pipes as well as pty master when the process is done.
12041 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
12043 * plugins/sudoers/ldap.c:
12044 Use print_error() when displaying ldap config info in debugging
12048 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
12049 No longer need strdup() or strndup() replacements.
12052 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
12053 plugins/sudoers/sudoers.h:
12054 Add print_error() function that uses the conversation function to
12055 print a variable number of error strings and use it in log_error().
12058 * src/script.c, src/sudo.h, src/term.c:
12059 Do not need the opost flag to term_copy() now that we use pipes for
12060 stdout/stderr when they are not a tty.
12064 Use pipes to the sudo process if stdout or stderr is not a tty.
12065 Still needs some polishing and a decision as to whether it is
12066 desirable to add additonal entry points for logging
12067 stdout/stderr/stdin when they are not ttys. That would allow a
12068 replay program to keep things separate and to know whether the
12069 terminal needs to be in raw mode at replay time.
12072 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
12074 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
12075 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
12076 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
12077 Move audit sources into the sudoers plugin dir; the driver does not
12081 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
12082 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
12083 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
12084 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
12085 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
12086 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
12087 src/term.c, src/ttysize.c:
12088 Use angle brackets when including headers that can only be found
12089 when an -I flag is specified. The files in the compat dir could get
12090 away with double quotes here but I've converted all the source files
12091 to use angle brackets for consistency.
12094 * plugins/sudoers/Makefile.in:
12095 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
12096 dir can be found when building outside the source tree.
12099 * plugins/sudoers/Makefile.in:
12100 Clean up links in distclean
12103 * plugins/sudoers/Makefile.in:
12104 Hack around VPATH semantic differences by symlinking files we need
12105 from ../../src into the current directory and build those. A better
12106 fix would be to either make a .a or .la file with those files in it
12107 or simply use a single, flat, Makefile instead of per-subdirs
12111 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
12112 fmt_string is used by the sudoers plugin too so do not include
12113 sudo.h (which is not really needed here anyway)
12116 * compat/Makefile.in, plugins/sample/Makefile.in,
12117 plugins/sudoers/Makefile.in, src/Makefile.in:
12118 Fix building with non-BSD versions of make such as GNU make.
12119 Requires VPATH support, which should be in any non-neolithic make.
12122 * configure, configure.in, plugins/sudoers/Makefile.in,
12123 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
12125 Re-enable bsm audit. Currently auditing is done within the sudoers
12126 plugin itself. If possible, this should really be done in the main
12127 driver but we don't presently have the needed data to do that. This
12128 will be re-evaluated when Linux audit support is added.
12131 * compat/Makefile.in, plugins/sample/Makefile.in,
12132 plugins/sudoers/Makefile.in, src/Makefile.in:
12133 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
12134 of explicit rules in the dependency.
12137 * plugins/sudoers/visudo.c:
12138 Fix mismerge; alias_remove_recursive() now returns int
12141 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
12143 * plugins/sudoers/visudo.c:
12144 Fix a crash when checking a sudoers file that has aliases that
12145 reference themselves. Based on a diff from David Wood.
12149 Print signal info after restoring the tty mode, not before.
12153 Defer call to alarm() until after we fork the child. Pass correct
12154 pid to terminate_child() If the command exits due to signal, set
12155 alive to false like we do when it exits normally. Add missing
12156 check for errpipe[0] != -1 before using it in FD_ISSET
12159 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
12161 * plugins/sudoers/boottime.c:
12162 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
12165 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
12168 Simplify dependencies by using .c.o and .c.lo rules.
12171 * configure, configure.in, plugins/sudoers/Makefile.in,
12173 Substitute in @PROGS@ into src/Makefile to add sesh
12176 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
12178 * plugins/sudoers/sudoers.c:
12179 Add back calls to log_denial() if sudoers does not allow the
12183 * plugins/sudoers/sudoers.c:
12184 Pass in correct pwflag for list and validate.
12187 * plugins/sudoers/env.c:
12188 Add missing check for NULL in validate_env_vars
12192 Add sudo_noexec.la to "all" target, otherwise it only gets built at
12196 * plugins/sudoers/sudoers.c:
12197 Only set sudo_user.env_vars if the env_add list is empty.
12200 * plugins/sudoers/sudoers.c:
12201 Set sudo_user.env_vars so that environment variables specified on
12202 the command line get logged correctly.
12205 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
12206 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
12207 Re-enable environment files and setting environment variables on the
12211 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12213 * plugins/sudoers/check.c:
12214 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
12215 a pointer to time_t as tv_sec in struct timeval may be long.
12218 * plugins/sudoers/check.c:
12219 Don't stash ctime in on-disk tty ticket info for now; on many
12220 (most?) systems the ctime is updated when the tty is written to.
12221 Once I have a better idea of what systems do not update ctime on
12222 ttys (and have a way to test for this) the ctime stash will be
12223 conditionally re-enabled.
12226 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12228 * MANIFEST, Makefile.in:
12229 Add back "dist" target, this time using a MANIFEST file
12233 Remove Makefile in distclean target
12236 * Makefile.in, src/Makefile.in:
12237 Update clean and cleandir targets
12240 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
12242 Move fileops.c defines and prototypes to filesops.h
12245 * plugins/sudoers/check.c:
12246 Lock the tty timestamp when writing. We shouldn't have to lock when
12247 reading since the file is updated via a single write system call.
12250 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
12252 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
12253 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
12254 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
12255 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
12256 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
12257 plugins/sudoers/logging.c, plugins/sudoers/match.c,
12258 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
12259 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
12260 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
12261 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
12262 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
12263 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
12264 Convert to ANSI C function declarations
12267 * plugins/sudoers/sudoers.h:
12268 Remove extraneous bits and classify by source file.
12271 * include/compat.h:
12272 Add timercmp macro for systems without it
12275 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
12276 plugins/sudoers/sudoers.h:
12277 get_boottime() now fills in a timeval struct
12280 * plugins/sudoers/check.c:
12281 Store info from stat(2)ing the tty in the tty ticket when tty
12282 tickets are in use. On most systems, this closes the loophole
12283 whereby a user can log out of a tty, log back in and still have the
12284 timestamp be valid.
12287 * config.h.in, configure.in:
12288 Add timespec2timeval and use it when getting ctime/mtime
12291 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
12293 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
12294 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12295 plugins/sudoers/testsudoers.c:
12296 Convert perm setting to push/pop model; still needs some work Use
12297 the stashed runas groups instead of using getgrouplist() Reset perms
12298 to the initial value on error
12301 * config.h.in, configure.in:
12302 fix ctim_get and mtim_get macros
12305 * config.h.in, configure, configure.in, include/compat.h,
12306 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
12307 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
12308 Use timeval directly instead of converting to timespec when dealing
12309 with file times and time of day.
12312 * plugins/sudoers/Makefile.in:
12313 Don't like sudoreplay with libsudoers.la due to a yacc symbol
12317 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
12319 * configure, configure.in:
12320 Darwin >= 9.x has real setreuid(2)
12323 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
12325 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
12329 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
12330 plugins/sudoers/sudoers.h:
12331 Remove remaining references to the environ pointer.
12334 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
12336 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
12337 Don't change the environ directly in the sudoers plugin
12340 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
12342 * plugins/sudoers/sudoers.c:
12346 * plugins/sudoers/alias.c:
12347 Fix use after free in error message when a duplicate alias exists.
12350 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
12352 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
12354 Add a "noninteractive" boolean to the settings passed in to the
12355 plugin's open function that is set when the user specifies the -n
12359 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
12360 Add workaround for the lack of the environ pointer on Mac OS X in
12361 dlopen()ed modules. Use of environ in the sudoers plugin should
12362 ultimately be removed but this will do for the moment.
12365 * plugins/sudoers/visudo.c:
12366 Set errorfile to the sudoers path if we set parse_error manually.
12367 This prevents a NULL dereference in printf() when checking a sudoers
12368 file in strict mode when alias errors are present.
12371 * plugins/sudoers/sudoers.c:
12372 Main sudo no longer print "unable to execute" on exec failure so do
12376 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
12379 Use a pipe to pass back errno to the parent if execve() fails. If we
12380 get an error in script_child(), kill the command and exit.
12383 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
12384 src/parse_args.c, src/sudo.c:
12385 Handle plugin's open function returning -2 (usage error).
12389 If execve() fails, leave it to the plugin to print an error string.
12393 If execve fails in logging mode, pass the errno directly to the
12394 grandparent on the backchannel and exit. The immediate parent will
12395 get SIGCHLD and try to report that status but its parent will no
12396 longer be listening. It would probably be cleaner to pass this over
12397 a pipe in script_child().
12400 * plugins/sudoers/sudoers.c:
12401 Don't override rval with results of check_user() unless it failed.
12404 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
12406 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
12410 * src/parse_args.c:
12411 NULL-terminate env_add
12414 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12417 Call the I/O log open function before the I/O version function.
12420 * plugins/sudoers/iolog.c:
12421 Remove io_conv and just use sudo_conv
12424 * plugins/sudoers/set_perms.c:
12425 Fix set/restore perms for systems w/o setresuid
12428 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12430 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
12431 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
12432 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
12433 Primitive set/restore permissions. Will be replaced by a push/pop
12438 Only need to take action on SIGCHLD in parent if no I/O logger. If
12439 there is an I/O logger we will receive ECONNRESET or EPIPE when we
12440 try to read from the socketpair.
12443 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
12445 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
12446 doc/sudoers.pod, plugins/sudoers/find_path.c:
12447 Merge fb4d571495fa from the 1.7 branch to trunk.
12450 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
12453 Don't set SA_RESTART when registering SIGALRM handler. Do set
12454 SA_RESTART when registering SIGWINCH handler.
12458 Add dev targets for *.man.in and *.cat that don't specfify the
12463 If log_input or log_output returns false, terminate the command.
12467 Better signal handling. Instead of using a single variable to store
12468 the received signal, use an array so we can't lose a signal when
12469 multiple are sent. Fix process termination by SIGALRM in non-I/O
12470 logger mode. Fix relaying terminal signals to the child in non-I/O
12475 Fix a race between when we get the child pid in the parent and when
12476 the child process exits. The problem exhibited as a hang after a
12477 short-lived process, e.g. "sudo id" when no IO logger was enabled.
12480 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
12482 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
12483 Add a note about the security implications of the fast_glob option.
12486 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
12488 * config.h.in, configure, configure.in:
12489 Fix up some AC_DEFINE descriptions and regen config.h.in
12492 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
12494 * include/missing.h:
12495 No longer check for strdup or strndup for LIBOBJ replacement.
12499 Avoid installing signal handlers that are io-logger specific. Fixes
12500 job control when no io logger is enabled.
12504 Only regen man pages from pod when configured with --with-devel
12507 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
12509 * Makefile, Makefile.in, configure, configure.in:
12510 Top-level Makefile.in. Nothing is currently substituted but this is
12511 needed for separate build dirs.
12514 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
12515 plugins/sudoers/Makefile.in, src/Makefile.in:
12516 Fix out-of-tree builds
12523 We always install sudoreplay in 1.8
12526 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
12528 * compat/siglist.in:
12529 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
12532 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
12534 * configure, configure.in:
12535 No need to provide strdup() or strndup(), sudo uses estrdup() and
12539 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
12541 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
12542 Free str after using it in the version method. Use sudo_conv, not
12543 io_conv since we don't have the IO conversation function pointer in
12544 the I/O version method anymore now that io_open is delayed.
12547 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
12549 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
12551 Add license to mksiglist.c and note that the bits from pdksh are
12555 * compat/Makefile.in:
12556 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
12559 * plugins/sudoers/Makefile.in:
12560 Add sudoreplay testsudoers and visudo to clean target
12563 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
12564 compat/siglist.in, compat/strsignal.c, configure, configure.in,
12565 include/missing.h, src/script.c:
12566 Create our own sys_siglist for systems without it for use by
12570 * compat/Makefile.in:
12571 Remove duplicate $(LIBOBJDIR)
12574 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
12576 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
12577 Main sudo should not block signals; the plugin should do this in
12581 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
12584 Fix a sizeof(ptr) vs. sizeof(*ptr)
12588 Unlike most operating systems, HP-UX select() is not interrupted by
12589 SIGCHLD when the signal is registered with SA_RESTART. If we clear
12590 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
12591 behavior and the code in the select() loops already handles EINTR
12595 * compat/getprogname.c:
12596 progname should be const
12599 * plugins/sudoers/Makefile.in:
12600 Move --tag=disable-static to when we link sudoers.la, not when we
12604 * src/load_plugins.c:
12605 Load the sudoers I/O plugin by default too now that it is hooked up.
12608 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12611 It looks like AIX doesn't need to push STREAMS modules for ptys.
12614 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
12616 * src/parse_args.c, src/sudo.c:
12617 Delay calling the I/O plugin open function until the policy plugin
12621 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12623 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
12624 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
12625 plugins/sudoers/sudoers.h:
12626 Add back io logging (transcript) support. Currently, the open
12627 function runs too early and it is not possible to use the io module
12628 independently of the policy module.
12631 * plugins/sudoers/set_perms.c:
12632 Comment out dead code; will be removed when set_perms is rewritten.
12635 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
12637 * plugins/sudoers/sudoers.c:
12638 Fix off by one error when allocating user_groups.
12641 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
12643 * configure, configure.in, plugins/sudoers/Makefile.in:
12644 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
12647 * plugins/sudoers/sudoers.c:
12648 Fix typo in preserve groups case
12651 * plugins/sudoers/sudoers.c:
12652 In command_info it is "runas_groups" not "groups".
12656 Fix iteration over runas_groups list.
12659 * configure, configure.in, plugins/sudoers/env.c,
12660 plugins/sudoers/match.c, src/script.c:
12661 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
12664 * compat/getgrouplist.c:
12665 getgrouplist(3) for those without it
12668 * plugins/sudoers/sudoers.c:
12669 Set preserve_groups or groups list in command_info
12673 Fix setting of groups list
12676 * config.h.in, configure, configure.in, include/compat.h,
12678 Add checks for getgrset and getgrouplist and use replacement
12679 getgrouplist if the system doesn't support it.
12682 * src/parse_args.c:
12683 Pass in preserve_groups when the -P flag is specified as per the
12687 * plugins/sudoers/sudoers.c:
12688 Check preserve_groups and ignore_ticket args with atobool instead of
12689 assuming they are true if present.
12692 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
12694 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
12695 plugins/sudoers/plugin_error.c:
12696 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
12697 sudoreplay and testsudoers in the build
12700 * src/Makefile.in, src/term.c:
12701 term.c does not needto include sudo.h
12704 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
12705 doc/sudo_plugin.pod:
12706 Document the -2 return in the check_policy section too
12709 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
12710 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12711 src/parse_args.c, src/sudo.c, src/sudo.h:
12712 Fix the -s and -i flags and add support for the "implied_shell"
12713 option. If the user does not specify a command, sudo will now pass
12714 in the path to the user's shell and set impied_shell=true. The
12715 plugin can them either check the command normally or return -2 to
12716 cause sudo to print a usage message and exit.
12719 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
12721 * config.h.in, configure, configure.in, src/load_plugins.c:
12722 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
12723 Darwin where libraries end in .dylib but modules end in .so
12726 * plugins/sudoers/parse.c:
12727 Better prefix determination now that we can't rely on len==0 to tell
12728 the beginning on an entry.
12731 * plugins/sudoers/ldap.c:
12732 display_bound_defaults() stub should return 0, not 1 since it is a
12733 count, not a boolean.
12736 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12737 Document progname in settings
12740 * compat/getprogname.c, include/compat.h,
12741 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
12742 src/parse_args.c, src/sudo.c:
12743 Rewrite compat/getprogname.c and add setprogname(). The progname is
12744 now passed to the plugin via the settings array.
12747 * configure, configure.in, plugins/sudoers/Makefile.in:
12751 * plugins/sudoers/sudo_nss.c:
12752 Add missing whitespace for Runas and Command-specific defaults
12755 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
12756 plugins/sudoers/sudo_nss.c:
12757 Use embedded newlines in lbuf instead of multiple calls to
12762 Add support for embedded newlines.
12765 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
12767 * compat/getprogname.c:
12768 If system doesn't support getprogname or __programe and we are
12769 building a shared object don't bother with Argc/Argv, just return
12773 * config.h.in, configure, configure.in, src/load_plugins.c:
12774 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
12775 appears to always install a shared object with the .so suffix.
12778 * compat/Makefile.in, configure, configure.in,
12779 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
12781 Play more nicely with libtool and let it build libreplace (was
12782 libmissing) for us.
12785 * include/missing.h:
12786 Include stdarg.h for va_list rather than requiring all consumers of
12787 missing.h to include stdarg.h themselves.
12790 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
12791 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
12792 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
12794 Pass in output function to lbuf_init() instead of writing to stdout.
12795 A side effect is that the usage info can now go to stderr as it
12799 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
12801 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
12802 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
12803 src/parse_args.c, src/sudo.c:
12804 Use number of tty columns that is passed in user_info instead of
12805 getting it directly in the lbuf code.
12808 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
12809 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
12810 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
12811 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
12812 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
12813 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
12814 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
12815 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
12816 plugins/sudoers/logging.h, plugins/sudoers/match.c,
12817 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
12818 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
12819 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
12820 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
12821 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12822 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
12823 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
12824 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
12825 plugins/sudoers/visudo.c:
12826 Kill __P in sudoers
12829 * config.h.in, configure, configure.in, src/load_plugins.c:
12830 Set the sudoers plugin name in configure so we get the extension
12834 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12835 Document lines/cols in user_info
12838 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
12839 Add tty size to user info
12843 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
12846 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
12848 * plugins/sudoers/sudoers.c:
12849 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
12850 out if we fail to lookup the user's name that is passed in
12853 * plugins/sudoers/error.c:
12854 Pass the error value back via siglongjmp.
12857 * plugins/sudoers/check.c:
12858 Use conversation function for lecture.
12861 * plugins/sudoers/check.c:
12862 Don't update ticket file if verify_user returns FALSE.
12865 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
12867 * plugins/sudoers/sudoers.c, src/sudo.c:
12868 Wire up invalidate and validate methods for sudoers
12871 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
12872 plugins/sudoers/sudoers.h:
12873 Add support for -k flag with a command.
12876 * src/parse_args.c:
12877 Allow -k to be specified with a command.
12880 * plugins/sudoers/sudoers.c:
12881 Wire up policy_list
12884 * plugins/sudoers/error.c:
12885 Add newline at the end of message and space after the colon in
12889 * plugins/sudoers/auth/sudo_auth.c:
12890 Add missing newline after pass password warning
12893 * plugins/sudoers/sudoers.c:
12894 Set user_groups and user_ngroups based on user_info
12897 * plugins/sudoers/error.c:
12901 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
12902 Make _warning in error.c use the conversation function and remove
12903 commented out warning/warningx in sudoers.c.
12906 * plugins/sudoers/logging.c:
12907 Use siglongjmp() in log_error for fatal errors
12910 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
12911 Quiet a libtool warning
12915 Build sudoers plugin
12918 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
12919 Use warningx in yyerror() so the conversation function gets used
12920 when built as part of sudoers.
12923 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
12925 * plugins/sudoers/auth/pam.c:
12926 Rename sudo_conv to conversation to avoid a namespace conflict.
12929 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
12930 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
12931 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
12932 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
12933 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
12934 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
12935 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
12936 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
12937 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
12938 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
12939 plugins/sudoers/env.c, plugins/sudoers/error.c,
12940 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
12941 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
12942 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
12943 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
12944 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
12945 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
12946 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
12947 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
12948 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
12949 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
12950 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
12951 Initial bits of sudoers plugin; still needs work.
12955 Add HAVE_STRDUP and HAVE_STRNDUP
12958 * compat/Makefile.in, configure, configure.in:
12959 Build libmissing in two flavors (one PIC one non-PIC) and link with
12960 the appropriate one.
12963 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
12964 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
12965 Build libmissing in two flavors (one PIC one non-PIC) and link with
12966 the appropriate one.
12969 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12971 * include/missing.h:
12972 Add strdup and strndup and fix strsignal
12975 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12977 * compat/strdup.c, compat/strndup.c, configure, configure.in,
12978 plugins/sample/Makefile.in, src/Makefile.in:
12979 Add strdup and strndup to compat
12982 * plugins/sample/sample_plugin.c:
12983 Need to include compat.h before missing.h
12986 * compat/strsignal.c:
12987 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
12988 it doesn't exist configure will set it to 0.
12992 Fix botched ANSI C coversion of globexp2()
12995 * configure, configure.in:
12996 Remove redundant getgroups check
12999 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
13000 Require either termios or termio, no more sgtty.
13003 * compat/strsignal.c, config.h.in, configure, configure.in:
13004 Change the sys_siglist check to use AC_CHECK_DECLS and also check
13005 for _sys_siglist and__sys_siglist
13008 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
13010 * configure, configure.in, src/Makefile.in:
13011 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
13012 use SUDO_OBJS for the main driver as part of OBJS.
13015 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13016 Mention in the conversation function section that a newline is not
13020 * include/compat.h:
13021 Add definition of WCOREDUMP for systems without it. This is known
13022 to work on AIX and SunOS 4, but may be incorrect on other systems
13023 that lack WCOREDUMP.
13026 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
13028 * plugins/sample/sample_plugin.c, src/conversation.c:
13029 conversation function no longer puts a newline at the end of info or
13033 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
13036 Use parent process group id instead of parent process id when
13037 checking foreground status and suspending parent. Fixes an issue
13038 when running commands under /usr/bin/time and others.
13041 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13044 transcript option is now --with not --enable
13047 * plugins/sample/sample_plugin.c:
13048 Add support to -u and -g flags Check fmt_string retval Add timeout
13049 for debugging purposes
13052 * src/script.c, src/sudo.c:
13053 Wire up SIGALRM handler Set close on exec flag for child side of the
13054 socketpair Fix signal handling when not doing I/O logging
13058 g/c unused SIGCHLD handler
13061 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
13062 Don't use emalloc() in fmt_string(); we want to be able to use it
13067 tq_remove not list_remove
13070 * configure, configure.in:
13071 AUTH_OBJS should contain .lo files not .o files.
13074 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
13076 * src/parse_args.c:
13077 Simplify conversion of command line args to name=value pairs.
13080 * plugins/sample/sample_plugin.c:
13081 Handle NULL reply from conversation function
13084 * compat/getline.c:
13085 Don't depend on emalloc/erealloc
13088 * plugins/sample/Makefile.in:
13089 Use $(OBJS) instead of sample_plugin.lo
13092 * plugins/sample/sample_plugin.c:
13093 runas_user is in settings not user_info
13096 * src/parse_args.c:
13097 Fix a mismatch between sudo_settings and settings_pairs that causes
13098 some settings to get the wrong values.
13101 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
13103 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
13104 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
13105 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
13109 * src/load_plugins.c:
13110 Fix strlcpy() return value check.
13113 * INSTALL, configure, configure.in:
13114 No longer need to substitute in script.o and pty.o; I/O logging
13115 support is always built.
13118 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
13121 Add fallback to /bin/sh when execve() fails with ENOEXEC.
13124 * include/alloc.h, src/alloc.c:
13128 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
13130 * src/script.c, src/sudo.c:
13131 Refactor script_execve() a bit so that it can be used in non-script
13132 mode. Needs more cleanup.
13136 Ignore empty entries in command_info list
13139 * include/list.h, src/list.c:
13143 * src/conversation.c:
13144 Pass timeout to tgetpass()
13148 Add ChangeLog target
13151 * README, WHATSNEW:
13152 Bump version and update things slightly for sudo 1.8.0
13155 * configure, configure.in:
13156 Sudo now requires an ANSI/ISO C compiler
13159 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
13164 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
13165 include/list.h, include/missing.h:
13169 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
13170 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
13171 compat/getprogname.c, compat/glob.c, compat/glob.h,
13172 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
13173 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
13174 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
13175 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
13180 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
13182 * src/sudo.c, src/tgetpass.c:
13183 Make user_details extern so tgetpass can get at the uid and gid. Set
13184 uid/gid to user before executing askpass program. Check environment
13185 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
13186 set the askpass program itself
13190 No longer need sudo_usage.h in sudo.c
13193 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
13194 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
13195 src/sudo_usage.h.in:
13196 Document -D level command line flag which maps to the debug_level
13200 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13201 Document debug_level in plugin doc. Still need to document the -D
13202 flag in sudo itself.
13205 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
13207 * plugins/sample/sample_plugin.c:
13208 include missing,h for vasprintf
13211 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
13212 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13213 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
13216 * plugins/sample/sample_plugin.c:
13217 Need to include limits.h
13221 No more sudo_getpw*
13224 * plugins/sample/Makefile.in, src/Makefile.in:
13225 Add missing compat bits
13228 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
13229 compat files should not include sudo.h wire up compat in sample
13233 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
13234 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
13237 * configure, configure.in:
13241 * plugins/sample/sample_plugin.c:
13242 Log input and output to temp files for proof of concept.
13245 * Makefile, configure, configure.in, doc/Makefile.in:
13246 Add doc Makefile.in and wire it up
13250 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
13251 suspending a shell with the "suspend" builtint.
13255 In child, handle parent side of the pipe going away.
13259 No longer need to check for explicit death of the child (process #2)
13260 since if it dies we will get EPIPE from the socketpair. Fix a
13261 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
13266 Make sudo_debug do a single vfprintf() which will result in a single
13267 write call on most systems. Avoids problems with interleaved debug
13268 printf from different processes. Also remove an extraneous error
13269 case since recv() can't return a short read and add some more XXX.
13272 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
13275 Fix uninitialized variable.
13279 Fix sudo install target
13282 * src/parse_args.c, src/sudo.c, src/sudo.h:
13283 Wire up debug_level
13290 * configure, configure.in:
13291 Fix setting of plugin dir
13299 Add missing source for sudo front end
13302 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
13303 Sample plugin demonstrating the sudo plugin API
13306 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
13307 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
13308 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
13309 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
13310 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
13312 Modular sudo front-end which loads policy and I/O plugins that do
13313 most the actual work. Currently relies on dynamic loading using
13314 dlopen(). See doc/plugin.pod for the plugin API.
13317 * doc/plugin.pod, include/sudo_plugin.h:
13321 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
13322 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
13323 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
13324 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
13325 src/fileops.c, src/sudo_edit.c:
13326 Replace emul/include.h with compat/include.h to match new source
13331 Include missing.h for memrchr() proto
13334 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
13335 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
13336 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
13337 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
13338 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
13339 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
13340 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
13341 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
13342 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
13343 compat/getline.c, compat/getprogname.c, compat/glob.c,
13344 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
13345 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
13346 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
13347 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
13348 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
13349 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
13350 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
13351 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
13352 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
13353 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
13354 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
13355 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
13356 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
13357 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
13358 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
13359 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
13360 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
13361 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
13362 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
13363 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
13364 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
13365 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
13366 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
13367 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
13368 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
13369 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
13370 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
13371 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
13372 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
13373 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
13374 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
13375 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
13376 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
13377 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
13378 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
13379 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
13380 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
13381 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
13382 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
13383 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
13384 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
13385 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
13386 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
13387 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
13388 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
13389 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
13390 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
13391 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
13392 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
13393 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
13394 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
13395 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
13396 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
13397 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
13398 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
13399 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
13400 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
13401 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
13402 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
13403 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
13404 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
13405 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
13406 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
13407 sample.pam, sample.sudoers, sample.syslog.conf,
13408 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
13409 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
13410 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
13411 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
13412 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
13413 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
13414 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
13415 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
13416 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
13417 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
13418 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
13419 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
13420 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
13421 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
13422 visudo.man.in, visudo.pod, zero_bytes.c:
13423 Rework source layout in preparation for modular sudo.
13426 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
13428 * Avoid a duplicate fclose() of the sudoers file.
13431 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
13434 * Use setrlimit64(), if available, instead of setrlimit() when setting
13435 AIX resource limits since rlim_t is 32bits.
13438 * Fix use after free when sending error messages. From Timo Juhani
13442 * ChangeLog, Makefile.in:
13443 Generate the ChangeLog as part of "make dist" instead of having it
13447 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
13449 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
13450 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
13451 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
13452 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
13453 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
13454 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
13455 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
13456 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
13457 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
13458 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
13459 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
13460 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
13461 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
13462 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
13463 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
13464 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
13465 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
13466 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
13467 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
13468 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
13469 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
13470 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
13471 Remove CVS $Sudo$ tags.
13474 2010-01-18 convert-repo <convert-repo>
13480 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
13483 make this match sudoers SYNOPSIS
13487 Print a newline between Runas and Command-specific defaults in sudo
13492 Use SET and CLR macros in term_raw
13496 Set stdin to non-blocking mode early instead of in check_input. Use
13497 term_raw instead of term_cbreak since the data we get has already
13498 been expanded via OPOST.
13501 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
13503 * script.c, term.c:
13504 Enable/disable all postprocessing instead of just nl->crnl
13505 processing since things like tab expansion matter too. However, if
13506 stdout is a tty leave postprocessing on in the pty since we run into
13507 problems doing it only on the real stdout with .e.g nvi.
13510 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
13513 If tty_tickets is enabled and there is no tty, prompt for a
13514 password. Do not lecture user for "sudo -k command" if user has a
13519 Document missing options: --with-efence and --with-bsm-audit
13522 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
13523 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
13524 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
13525 visudo.man.in, visudo.pod:
13526 username -> user name groupname -> group name hostname -> host name
13529 * INSTALL, README.LDAP, sudoers.pod:
13530 filename -> file name like the rest of the docs
13533 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
13536 Fix printing of entries with multiple host entries on a single line.
13539 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
13542 Mention that targetpw affects the timestamp file name.
13545 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
13547 Add compress_transcript option.
13550 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
13552 * configure, configure.in:
13556 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
13557 Better split of membership vs. traditional group check in
13558 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
13561 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
13564 Fix pasto and add default return value.
13567 * check.c, match.c, pwutil.c, sudo.h:
13568 refactor group member checking into user_in_group()
13571 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
13573 Add support for mbr_check_membership() as present in darwin.
13576 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13579 Rename label to be accurate
13582 * Makefile.in, boottime.c, check.c, config.h.in, configure,
13583 configure.in, sudo.h:
13584 Treat timestamp files from before we booted as old. Idea from and
13588 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
13590 * sudo.c, sudo.pod, sudo_usage.h.in:
13591 Allow the -u flag to be used in conjunction with the -v flag as per
13592 older versions of sudo.
13596 fix typo in last commit
13599 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
13602 Convert fmt_first and fmt_confd into macros.
13606 timeouts can be floats now
13609 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
13610 defaults.h, mkdefaults:
13611 Add support for floating point timeout values (e.g. 2.5 minutes).
13614 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
13617 The -L flag will be removed in sudo 1.7.4
13620 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
13623 Fix a bug due to order of operators.
13626 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
13629 cmnd_matches() already deals with negation so _cmndlist_matches()
13630 does not need to do so itself. Fixes a bug with negated entries in
13634 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
13637 Don't exit() from open_sudoers, just return NULL for all errors.
13641 Can't rely on the shell sending us SIGCONT when transitioning from
13642 backgroup to foreground process.
13646 Add missing extern def for parse_error
13649 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
13652 Avoid a parse error when #includedir doesn't find any files. Closes
13657 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
13660 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13663 Start command out in foreground mode if stdout is a tty. Works
13664 around issues with some curses-based programs that don't handle
13665 tcsetattr getting interrupted by a signal. Still allows us to avoid
13666 hogging the tty if the command is part of a pipeline.
13669 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
13670 Use a socketpair to pass signals from parent to child. Child will
13671 now pass command status change info back via the socketpair. This
13672 allows the parent to distinguish between signals it has been sent
13673 directly and signals the command has received. It also means the
13674 parent can once again print the signal notifications to the tty so
13675 all writes to the pty master occur in the parent. The command is
13676 now always started in background mode with tty signals handled by
13680 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
13682 * configure, configure.in:
13683 Fix a few typos in the descriptions; from Jeff Makey Only do the
13684 check for krb5_get_init_creds_opt_free() taking two arguments if we
13685 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
13686 positive when using our own krb5_get_init_creds_opt_free which takes
13687 only a single argument.
13690 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
13692 * configure, configure.in:
13693 Remove a spurious comma in the kerb5 bits.
13697 Call krb5_get_init_creds_opt_init() in our emulated
13698 krb5_get_init_creds_opt_alloc() for MIT kerberos.
13701 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
13708 Need to ignore SIGTT{IN,OU} in child when running the command in the
13709 background. Also some minor cleanup.
13712 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
13715 Instead of calling sigsuspend when waiting for SIGUSR[12] from
13716 parent, install the signal handlers w/o SA_RESTART and let them
13717 interrupt waitpid().
13721 Pass along SIGHUP and SIGTERM from parent to child.
13725 Close unused bits of script_fds in processes that don't need them.
13726 Restore default SIGCONT handler in child.
13730 Update foreground/background status in SIGCONT handler in parent
13734 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13737 Defer setting terminal into raw mode until just before we fork() and
13738 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
13739 and sudo is already in the foreground be sure to set raw mode before
13740 continuing the child.
13743 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
13746 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
13747 give the command the controlling tty if the main sudo process is the
13748 foreground process.
13752 Don't bother with sudo_waitpid() here for now.
13759 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
13762 Remove non-wroking code that crept into rev 1.55
13765 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
13767 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
13768 First pass at zlib support for transcript data files
13772 remove vestiges of ZLDFLAGS
13776 Add missing variable declaration for when TIOCSCTTY is not defined.
13777 Need to include sys/termio.h for TIOCSCTTY on some systems.
13781 when resuming command, send SIGCONT to its pgrp not just pid
13785 remove unused variable
13789 include selinux.h for is_selinux_enabled() proto
13793 Don't use log_error() in the child process.
13797 Do I/O in parent instead of child since the parent can have both
13798 /dev/tty as well as the pty fds open. The child just sets things up
13799 and waits for its grandchild and writes the signal description to
13800 the pty master if the command was killed by a signal.
13803 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
13805 * missing.h, sudo.h:
13806 Move two struct forward declarations from sudo.h to missing.h
13810 Make comment at the top of script_exec() match reality.
13814 if neither stdin nor stdout is a tty, check stderr
13818 Add back dependecy of gram.h on gram.y
13822 Make transcript mode work as long as we can figure out our tty, even
13823 if it is not stdin. We'd like to use /dev/tty but that won't be
13824 valid after the setsid().
13827 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
13829 * config.h.in, configure, configure.in, pty.c:
13830 Add support for IRIX-style dynamic ptys
13833 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
13834 Move alloc.c protos into alloc.h
13838 Move prototypes for missing libc functions to missing.h
13841 * Makefile.in, sudo.h, sudoreplay.c:
13842 Move prototypes for missing libc functions to missing.h
13845 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
13847 * config.h.in, configure, configure.in:
13848 Disable transcript support if no tcsetpgrp until we support older
13849 BSD-style job control.
13852 * configure, configure.in, pty.c, script.c:
13853 Break out pty code into pty.c
13856 * compat.h, config.h.in, configure, configure.in:
13857 add killpg macro if no killpg function
13860 * config.h.in, configure, configure.in, script.c:
13861 Push ptem and ldterm for STERAMS-based systems when allocating a
13865 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
13868 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
13872 Call tcgetpgrp() in the parent, not the child and have the child
13873 spin until it is granted. Fixes a race on darwin.
13877 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
13881 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
13884 In script mode, if the command is killed by a signal, print the
13885 signal description as well as a core dump notification like the
13889 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
13891 Add check for strsignal() and a simple implementation if it is not
13892 there but sys_siglist is
13896 Add missing WUNTRACED and store the signal that stopped the
13897 grandchild in suspended, not signo.
13905 Associate the grandchild's pgrp with the tty instead of the child's
13906 and just get suspend notifications via SIGCHLD instead of directly.
13907 This fixes a hang with programs that try to set terminal attributes
13908 and is more consistent with how the shell handles things.
13911 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
13914 Move setpgid() of child into the parent side of the fork() where it
13918 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
13925 Run command in its own pgrp (like the shell does) for easier
13926 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
13927 to grandchild. Don't want grandchild stopped events in the child
13928 (only termination). Flush output after suspending grandchild before
13933 Back out revision 1.34; the problem lies elsewhere.
13937 Don't set stdout to blocking mode when flushing remaining output.
13938 It can cause us to hang when trying to exit. Need to investigate
13943 Handle SIGTTOU and remove some debugging.
13947 Back out revision 1.10 as the signal that interrupts us may be
13948 SIGTTOU or SIGTTIN which the caller must handle.
13952 Apparently we need to send SIGSTOP to the command as well as ourself
13953 when we get SIGTSTP, the kernel doesn't automatically stop the
13958 Use an extra process to act as the glue bewteen the sessions
13959 associated with the user's controlling tty (what the shell uses) and
13960 the tty that sudo is using to do its logging. Basically, this means
13961 that if we get, e.g. SIGTSTP from the process sudo is running, we
13962 relay the signal to the parent so it's shell can do the job control.
13966 Handle getting/setting terminal attributes when the fd is in non-
13970 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
13972 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
13973 Add support for pausing and changing the speed in interactive mode.
13977 Already define O_NOCTTY in compat.h, don't need it here
13980 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
13986 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
13989 Always update the stashed mtime of the temp file instead of using
13990 what we have for the original because the time resolution of the
13991 filesystem the temporary is on may not match that of the filesystem
13992 that holds the original. Should fix bz #371 found by Philippe Levan.
13996 Use cbreak mode instead of raw mode and add signal handlers to
13997 restore the tty on interrupt.
14000 * script.c, sudo.h, term.c:
14001 Retain NL to NLCR conversion on the real tty and skip it on the pty
14002 we allocate. That way, if stdout is not a pty there are no extra
14007 Fix log_output(); just pass in a string and a length.
14010 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
14013 do not use errno when complaining out lack of a tty
14016 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
14018 * Makefile.in, sudoreplay.c, term.c:
14019 Instead of messing with line endings, just set terminal to raw mode
14024 When copying the terminal attributes to the pty, be sure not to set
14025 ONLCR. This prevents extra carriage returns from ending up in the
14026 script output file.
14030 Convert a do {} while into a while
14034 Use if then instead of test && when installing binaries that may not
14039 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
14040 old tty before associatng with new one.
14043 * script.c, selinux.c, sudo.c, sudo.h:
14044 First cut at refactoring some of the selinux code so it can be used
14045 in conjunction with sudo's transcript support.
14048 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
14050 * aclocal.m4, configure, configure.in:
14051 Fix default case of transcript_enabled being unset.
14054 * script.c, sudoreplay.c:
14055 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
14058 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
14059 Hook up --disable-transcript and --enable-transcript=DIR
14062 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
14064 * aclocal.m4, configure, configure.in, pathnames.h.in:
14065 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
14066 transcript=DIR option to specify the directory
14069 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14073 * configure, configure.in, sudoers.man.pl, sudoers.pod:
14074 Substitute in default value for secure_path
14078 Mention that the password must be followed by a newline with the -S
14082 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
14085 Go back to dropping out of the select() loop when the process dies;
14086 Linux ptys apparently don't behave the same as BSD in regards to
14087 select(). No need to flush remaining output to the transcript, only
14088 to stdout. Add back code to check the master pty for additional data
14089 when we exit the main select loop.
14092 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
14095 Add getline.o to COMMON_OBJS
14099 sudoreplay depends on libsudo.a
14103 More pwutil.o into COMMON_OBJS
14106 * pwutil.c, testsudoers.c, tsgetgrpw.c:
14107 Remove my_* redirection in pwutil.c for testsudoers and just use the
14108 normal libc get{pw,gr}* names.
14111 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
14112 More time and date examples
14115 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
14116 Move nanosleep() emulation into its own file Check librt.a for
14117 nanosleep if we don't find it in libc
14120 * Makefile.in, configure, configure.in:
14121 Build libsudo with the common bits and link things against that.
14129 Keep reading from the pty master -> log file until read returns <=
14130 0. Do our best to write everything to stdout when flushing any
14135 Use unbuffered I/O when writing to stdout and make sure we write the
14139 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
14142 Only use max_wait if it is non-zero
14145 * getdate.c, getdate.y, getline.c:
14150 Fix nanosleep emulation
14154 Fix comment after #endif
14158 Add protos for missing libc bits
14161 * configure, configure.in:
14162 add missing line continuation char
14165 * config.h.in, configure, configure.in, getline.c:
14166 Implement getline() in terms of fgetln() if we have it.
14170 Print year when formatting log line
14174 Document cwd, attempt to document time/date formats.
14178 Fix getline return value check.
14181 * Makefile.in, config.h.in, configure, configure.in, getline.c,
14183 Use getline() if the system has it, else use provide our own for
14188 Refactor code to update output and timing files.
14191 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
14194 Make sudo_getln() behave more like glibc getline.
14198 When flushing remaining output, also update timing file.
14202 Use get_timestr() and make the -l output look like the regular sudo
14206 * logging.c, sudo.h, timestr.c:
14207 Make get_timestr() take a time_t so we can use it properly in
14212 Create session dir earlier now that we update the seq number early.
14215 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
14218 Use fromdate and todate as the keywords instead of from and to; the
14219 short forms will still be accepted.
14223 Fix reading long liensin sudo_getln()
14226 * script.c, sudoreplay.c:
14227 Log the cwd in the script log file. Add sudo_getln() to read
14228 arbitrarily long lines.
14231 * Makefile.in, logging.c, sudo.h, timestr.c:
14232 Move get_timestr() into its own source file so sudoreplay can use
14236 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14239 Add to and from perdicates (date ranges); needs documentation
14242 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14244 * Makefile.in, getdate.c, getdate.y:
14245 Fix warning and add generated getdate.c
14248 * Makefile.in, getdate.y:
14249 Add getdate.y to be used for sudoreplay date parsing.
14252 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
14255 Check more than just the first character of a predicate
14258 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
14259 Add examples, sort predicates
14262 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
14264 Implement search expressions in sudoreplay similar in concept to
14265 what find or tcpdump uses. TODO: date ranges
14268 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
14271 Remove vhangup as it was hanging up the wrong tty. Should really
14272 vhangup in the child after it as set its tty.
14276 Fix cut at documenting transcript support.
14280 ID= -> TSID= for transcript ID
14283 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14286 Move fast_glob description to where it belongs in sorted order
14289 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
14290 parse.c, parse.h, sudo.c:
14291 Rename script -> transcript
14294 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
14297 Add timeradd and timersub for those without them
14301 Sanity check sessid before using it.
14305 Only set the session id if we are running a command or editing a
14310 Actually. qsort is fine since most versions fal back to a cheaper
14311 sort when the number of elements to sort is small (like in our
14315 * config.h.in, configure, configure.in, script.c:
14316 Check for dup2 and use dup instead if we don't have it.
14319 * script.c, sudo.c, sudo.h:
14320 Move the code to dup2 the script fds to low numbered descriptors
14321 into script_duplow() and fix the fd sorting.
14324 * script.c, sudo.c, sudo.h:
14325 Move script_setup() back to immediately before we drop privs and
14326 call the new script_nextid() in its place, which will set
14327 sudo_user.sessid for the logging functions.
14330 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
14337 remove unused variable
14340 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
14342 * logging.c, script.c, sudo.c, sudo.h:
14343 Log the session ID, if there is one. Currently logs ID=XXXXXX,
14344 perhaps should be SESSIONID or SESSID.
14347 * Makefile.in, configure, configure.in, sudoreplay.cat,
14348 sudoreplay.man.in, sudoreplay.pod:
14349 Add sudoreplay docs
14353 add -V (version) flag
14360 * script.c, sudoreplay.c:
14361 Use base36 number for the ID and store script files with paths like
14362 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
14363 (2,176,782,336) unique IDs.
14366 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
14368 * config.h.in, configure.in:
14369 Add check for regcomp
14373 Add support for selecting by pattern and tty when listing.
14376 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14379 The beginnings of a list mode.
14382 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
14388 * Makefile.in, config.h.in, configure.in:
14389 Add scaffolding for building sudoreplay
14393 include error.h first arg to nanotime is const
14397 Initial cut at sudoreplay; replay a sudo session.
14400 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
14403 Fix wait() usage and use correct wait status.
14406 * sudo.c, sudo.h, tgetpass.c:
14407 Add protos for term_* to sudo.h
14411 Fix detection of the child process exiting. Since the child is in
14412 its own session we should only ever get SIGCHLD for that process but
14413 better safe than sorry.
14417 Add UNIX98 pty support.
14420 * configure, configure.in, script.c:
14421 Add UNIX98 pty support.
14424 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
14427 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
14432 Set PAM_RUSER and PAM_RHOST early so they can be used during
14433 authentication. Based on a patch from Jamie Beverly.
14437 Close dir before returning if strlcpy() reports overflow. From
14441 * config.h.in, configure, configure.in, script.c:
14442 On Linux, the openpty proto libes in pty.h
14446 Call vhangup on exit if the system has it Use setpgrp() if no
14450 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14452 * config.h.in, configure, configure.in:
14453 Add checks for revoke and vhangup if we don't have openpty
14457 Session logging guts that got forgotten in the previous commit.
14460 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
14461 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
14462 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
14464 First cut at session logging for sudo. Still need to write
14465 get_pty() for Unix 98 and old-style BSD ptys. Also needs
14466 documentation and general cleanup.
14469 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14471 * sudo.c, sudo_edit.c:
14472 Fix a bug introduced with def_closefrom. The value of def_closefrom
14473 already includes the +1.
14476 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
14479 Generate sudo distributions with pax in ustar mode. No longer need
14480 to use a temp file or have the source dir name match the version.
14483 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
14486 Fix expansion of %h in #include names. Fixes bugzilla 363
14489 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
14492 If no arg assume def_data.in
14495 * README, WHATSNEW:
14497 [f5ad45f69f05] [SUDO_1_7_2]
14503 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
14505 * sudoers.cat, sudoers.man.in, sudoers.pod:
14506 Add missing single quotes around a colon in Runas_Spec definition.
14510 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
14512 * sudo.man.in, sudoers.man.in:
14517 In rbrepair, re-color the root or the first non-block node we find
14518 to be black. Re-coloring the root is probably not needed but won't
14522 * sudo.cat, sudoers.cat:
14526 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
14529 When repairing the tree, don't touch the root node.
14532 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
14535 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
14536 Reported by Josef Schmid.
14539 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
14542 Document that we accept env_pam-style environment files
14546 Adapt to accept pam_env-style /etc/environment which allows shell-
14547 style lines such as: export EDITOR="/usr/bin/vi"
14551 Make it clear that env_delete only works when !env_reset. From Lo??c
14555 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
14557 * sudo.pod, sudoers.pod:
14558 Add non-unix group bits, adapted from Quest
14562 build the .cat page in the current working dir, not the src dir
14566 Return EINVAL in setenv() if var is NULL or the empty string to
14567 match glibc behavior.
14570 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
14572 * configure, configure.in:
14573 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
14576 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14578 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
14579 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
14583 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
14586 Document --with-libvas and --with-libvas-rpath
14589 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
14591 * ldap.c, sudoers.ldap.pod:
14592 For netscape-derived LDAP SDKs the cert and key paths may be a
14593 directory or a file. However, version 5.0 of the SDK only seems to
14594 support using a directory. If ldapssl_clientauth_init fails and the
14595 cert or key paths look like they could be files, strip off the last
14596 path element and try again.
14600 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
14603 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14605 * configure, configure.in, match.c, sudo.c, vasgroups.c:
14606 Update non-Unix group support from Quest, as reworked by me.
14614 Add support for escaped hex chars in names, e.g. \x20 for space.
14617 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
14619 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
14620 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
14621 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
14622 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
14623 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
14624 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
14625 tgetpass.c, toke.l, visudo.c:
14626 Update copyright years.
14629 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
14631 * interfaces.c, lbuf.c:
14632 Minor fixes for Minix-3
14635 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
14638 Handle getgroups() returning 0. Also add missing check for
14642 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
14644 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
14645 version.h, visudo.c:
14646 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
14649 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
14652 Remove group setting code in setusercontext case, we will do it
14653 ourselves later on in runas_setup. Set the gid after
14654 initgroups/setgroups is called, since on Mac OS X it seems to change
14658 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
14660 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
14662 Initial bits of non-unix group support using Quest Authentication
14667 Accept %:foo as a non-Unix group
14671 Allow user/group to be double quoted in the case of non-Unix groups
14672 which contain spaces.
14675 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
14678 Don't allow the user to specify the default runas user if their
14679 sudoers entry only allows them to run as a group.
14682 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
14685 Must call audit_success before we change uids.
14688 * logging.c, set_perms.c, sudo.h, testsudoers.c:
14689 Add option for set_perm to not exit on failure and use this in the
14694 In -l mode, if the user is only allowed to run as a group, display
14695 the user's name, not root's before the allowed group.
14699 Fix -g mode, broken by rev 1.503 which had the side effect of
14700 setting the runas user to root unilaterally.
14703 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
14706 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
14710 Only cache by the method we fetched for pwd and grp lookups.
14711 Previously we cached both by namd and id but this can cause problems
14712 for entries that share the same id. Also add more info in the error
14713 message in case the insert fails (which should now be impossible).
14716 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
14719 Add a clarification from Nick Sieger
14722 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
14725 Inline the setting of the environment string.
14728 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
14731 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
14732 in BSD doesn't return an error if the name has '=' in it, it just
14733 treats the '=' as end of string.
14736 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
14739 Not all systems have d_namlen
14742 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
14745 Fix up some pod2html issues.
14748 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
14751 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
14756 Ignore files ending in '~' in sudo.d (emacs backup files)
14760 Ignore files ending in '~' in sudo.d (emacs backup files)
14763 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
14765 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
14766 For #includedir, ignore any file containing a dot
14769 * Makefile.in, version.h:
14773 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
14774 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
14776 Implement #includedir directive. Files in an includedir are not
14777 edited by visudo unless they contain a syntax error.
14782 [8741ed61a78b] [SUDO_1_7_1]
14785 Forgot umask_override
14792 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
14795 Rewind stream if we fdopen sudoers since it may not be at the
14796 beginning. Set the keepopen flag on already-open files too so the
14797 lexer doesn't close them out from under us.
14801 Print the proper file name when there is a parse error in an include
14805 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
14811 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
14813 * configure, configure.in:
14814 Fix a warning when --without-ldap is specified.
14817 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
14819 * alias.c, parse.h, visudo.c:
14820 Store aliases that we remove during check_aliases in a freelist and
14821 free them at the end so we don't leak memory.
14824 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
14827 Check aliases in -c mode too.
14830 * alias.c, parse.h, visudo.c:
14831 Make alias_remove return the alias struct instead of freeing it
14832 directly. Fixes a use after free in alias_remove_recursive, the only
14836 * alias.c, match.c, parse.c, parse.h, visudo.c:
14837 Rename find_alias -> alias_find for consistency.
14840 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
14843 When checking for unused aliases, recurse if the alias points to
14847 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
14850 Back out rev 1.105 for now. Real ldapux_client.conf support will be
14851 done later after some refactoring.
14854 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
14857 Treat ldap_hostport the same as "host" for ldapux.
14860 * configure, configure.in:
14861 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
14862 Fixes compilation with ldapux.
14865 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
14871 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
14874 remove errant carriage returns
14878 fix K&R compilation
14881 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
14882 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
14886 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
14889 Add missing HAVE_BSM_AUDIT
14897 Mention --with-netsvc
14900 * sudoers.ldap.pod:
14901 Document netsvc.conf support
14904 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
14906 Add support for AIX netsvc.conf (like nsswitch.conf).
14909 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
14911 * config.h.in, configure, configure.in, env.c:
14912 Add --enable-env-debug flag to enable environment sanity checks.
14915 * sudoers.ldap.pod, sudoers.pod:
14916 Work around some pod2html issue.
14919 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
14922 Only sync environ for putenv, setenv, and unsetenv. We need to make
14923 sure that sudo_putenv and sudo_setenv only modify env.envp, not
14927 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
14930 Really fix UNSETENV_VOID
14934 Fix unsetenv when UNSETENV_VOID
14937 * aclocal.m4, configure:
14938 Fix SUDO_FUNC_PUTENV_CONST
14942 tivoli-based ldap does not have ldapssl_err2string
14949 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
14951 * config.h.in, configure, configure.in, ldap.c:
14952 Add support for Tivoli-based LDAP start TLS as seen in AIX.
14957 Add sanity checks for setenv/unsetenv
14961 Include bsm_audit.h in the tarball
14964 * Makefile.in, version.h:
14965 bump version for sudo 1.7.1
14968 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
14969 env.c, ldap.c, sudo.h:
14970 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
14971 provide our own setenv/unsetenv/putenv that operates on own env
14972 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
14975 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
14978 Make "sudoedit -h" work as expected
14982 Make sure def_prompt is always defined. This is a workaround for
14983 pam configs that prompt for a password in the session but don't have
14984 an auth line. A better fix is to expand the sudo prompt earlier and
14985 set def_prompt to that when initializing.
14989 Mention that the helper for -A may be graphical.
14993 Document what happens if there is no tty.
15005 Fix "sudo -k" with no other args
15008 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
15010 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
15011 Allow the -k flag to be specified in conjunction with a command or
15012 another option that may require authentication.
15015 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15017 * configure, configure.in:
15018 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
15022 Parallel make fix. From Diego E. 'Flameeyes'
15025 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
15027 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
15028 Implement umask_override
15035 * sudoers.pod, toke.l, visudo.c:
15036 Implement %h escape in sudoers include filenames.
15040 Need to include compat.h
15043 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
15044 Make audit_success and audit_failure generic functions in
15045 preparation for integrating linux audit support.
15049 remove duplicate include
15052 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
15055 Add missing include
15059 May need to update the runas user after parsing command-based
15063 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
15066 Add missing pair of braces introduced with character class support.
15069 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
15071 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
15072 Rename pwstars to pwfeedback
15075 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15077 * bsm_audit.c, bsm_audit.h:
15078 Add const to make MacOS happy.
15081 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
15082 configure.in, sudo.c:
15083 Add bsm audit support from Christian S.J. Peron
15087 This is new code, no DARPA notice.
15090 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
15092 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
15093 Rename simple_glob -> fast_glob
15100 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
15101 Add simple_glob option to use fnmatch() instead of glob(). This is
15102 useful when you need to specify patterns that reference network file
15114 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
15117 Delete any pwstars we wrote after the user hits return. That way
15118 there is no record on screen as to the user's password length.
15121 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15124 Move terminal setting bits from tgetpass.c to term.c
15127 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
15129 Add pwstars sudoers option that causes sudo to print a star every
15130 time the user presses a key.
15133 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
15136 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
15139 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
15142 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
15143 indicate no limit. From Mark Janssen.
15146 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15149 Comments that begin with #- should not be parsed as uids.
15152 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15155 Do not try to set the close on exec flag if we didn't actually open
15159 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
15163 [e11f0e4c1bdd] [SUDO_1_7_0]
15165 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
15171 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
15174 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
15178 * configure, configure.in:
15179 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
15180 as it cannot generate shared objects.
15183 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
15184 K&R compilation fixes
15188 Use tq_foreach_fwd when checking pseudo-commands to make it clear
15189 that we are not short-circuiting on last match. When pwcheck is
15190 'all', initialize nopass to TRUE and override it with the first non-
15194 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
15197 Do not short circuit pseudo commands when we get a match since,
15198 depending on the settings, we may need to examine all commands for
15202 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
15204 * sudoers.cat, sudoers.man.in:
15209 hostnames may also contain wildcards
15213 remove stamp-* files and linux core files in clean target
15216 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
15218 * auth/sudo_auth.h, config.h.in, configure, configure.in:
15219 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
15222 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
15224 * configure, configure.in:
15225 correctly enable SIA on Digital UNIX
15236 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
15238 * check.c, sudo.h, tgetpass.c:
15239 Even if neither stdin nor stdout are ttys we may still have /dev/tty
15243 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
15245 * sudoers.cat, sudoers.man.in:
15250 fix typos; Markus Lude
15262 Fix matching of a line that only consists of a comment char
15265 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
15268 MacOS pam will retry conversation function if it fails so just treat
15269 ^C as an empty password.
15273 When checking for alias use, also check defaults bindings.
15281 Replace my rbdelete with Emin's version (which actually works ;-)
15284 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
15291 malloc options in devel mode for visudo too
15294 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
15297 fix compilation on non-C99; from Theo
15305 when destroying an alias, free the correct data pointer
15308 * auth/sudo_auth.h:
15309 add proto for aixauth_cleanup; from Dale King
15312 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
15314 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
15319 * sudo.pod, sudoers.pod, visudo.pod:
15320 standardize on the term 'option' for command line options (not flag)
15323 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
15326 Add note on configuring HP-UX pam
15329 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
15332 Move tty checks into check_user() so we only do them if we actually
15337 Don't error out if no tty or askpass unless we actually need to
15341 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
15347 * pathnames.h.in, sudo.c:
15348 s/overriden/overridden/; from Tobias Stoeckmann
15351 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
15353 * WHATSNEW, visudo.c:
15354 check sudoers owner and mode in strict mode
15361 * sudo.man.in, sudoers.man.in, visudo.man.in:
15362 Update copyright years.
15365 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
15366 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
15367 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
15368 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
15369 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
15370 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
15371 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
15372 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
15373 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
15374 visudo.pod, zero_bytes.c:
15375 Update copyright years.
15378 * emul/charclass.h, fnmatch.c, glob.c:
15382 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
15385 The loop in fill_cmnd() was going one byte too far past the end,
15386 resulting in a NUL being written immediately after the buffer end.
15389 * UPGRADE, WHATSNEW:
15390 add sections on tgetpass changes
15394 Treat EOF w/o newline as an error.
15397 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
15400 Fix "sudo -v" when NOPASSWD is set.
15403 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
15405 No longer treat an empty password at the prompt as special. To quit
15406 out of sudo you now need to hit ^C at the password prompt.
15409 * sudoers.cat, sudoers.man.in:
15413 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
15414 Sudo will now refuse to run if no tty is present unless the new
15415 visiblepw sudoers flag is set.
15418 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
15421 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
15426 fix fallback value for RLIM_SAVED_MAX
15429 * auth/aix_auth.c, auth/sudo_auth.h:
15430 Move clearing of AUTHSTATE into aixauth_cleanup.
15433 * auth/aix_auth.c, env.c:
15434 Unset AUTHSTATE after calling authenticate() as it may not be
15435 correct for the user we are running the command as.
15439 Add isblank() function for systems without it. Needed for POSIX
15440 character class matching in fnmatch.c and glob.c.
15443 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
15446 expound on sudo and cd
15449 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
15455 * sudoers.cat, sudoers.man.in:
15460 mention defauts parse order
15463 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
15465 * Makefile.in, aclocal.m4, compat.h, configure:
15466 Add isblank() function for systems without it. Needed for POSIX
15467 character class matching in fnmatch.c and glob.c.
15471 add emul/charclass.h to HDRS
15474 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
15480 * defaults.c, parse.c, testsudoers.c, visudo.c:
15481 Move update_defaults into defaults.c and call it properly from
15482 visudo and testsudoers.
15485 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
15487 use zero_bytes() instead of memset() for consistency
15490 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
15492 Zero out sigaction_t before use in case it has non-standard entries.
15500 Short circuit glob() checks if basename(pattern) !=
15501 basename(command). Refactor code that checks for a command in a
15502 directory and use it in the glob case if the resolved pattern ends
15506 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
15508 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
15509 Defer setting runas defaults until after runaspw/gr is setup.
15512 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
15514 * match.c, sudo.c, testsudoers.c:
15515 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
15516 systems do not include space for the NUL in the size. Also manually
15517 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
15521 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
15523 * sudo.c, sudoers.pod:
15524 When setting the umask, use the union of the user's umask and the
15525 default value set in sudoers so that we never lower the user's umask
15526 when running a command.
15530 Don't try to read from a zero-length sudoers file. Remove the bogus
15531 Solaris work-around for EAGAIN. Since we now use fgetc() it should
15535 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
15538 In update_defaults() check the return value of user*_matches against
15539 ALLOW so we don't inadvertantly match on UNSPEC.
15542 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
15544 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
15545 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
15546 regen man pages; no more hyphenation
15550 Don't error out on a zero-length sudoers file. With the advent of
15551 #include the user could create a situation where sudo is unusable.
15554 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
15556 * auth/kerb5.c, config.h.in, configure, configure.in:
15557 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
15558 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
15559 all. Add configure tests to handle all the cases.
15562 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
15569 document sudoers_locale
15572 * sudo.pod, sudo_edit.c:
15573 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
15578 In fill_cmnd(), collapse any escaped sudo-specific characters.
15579 Allows character classes to be used in pathnames.
15582 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
15585 fix typo in non-C89 function declaration
15589 Mention POSIX characters classes now that out fnmatch() and glob()
15593 * sample.sudoers, sudoers.pod:
15594 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
15599 use __signed char if we are going to assign a negative value since
15600 on Power, char is unsigned by default
15603 * config.h.in, configure, configure.in:
15604 Add tests for __signed char and signed char.
15608 Fix AIX limit setting. getuserattr() returns values in disk blocks
15609 rather than bytes. The default hard stack size in newer AIX is
15610 RLIM_SAVED_MAX. From Dale King.
15613 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
15615 * emul/charclass.h, fnmatch.c, glob.c:
15616 Add character class support to included glob(3) and fnmatch(3).
15619 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
15622 Remove UCB advertising clause and some compatibility defines.
15625 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
15628 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
15629 or sudo. This allows one to set EDITOR to sudoedit without getting
15630 into an infinite loop of sudoedit running itself until the path gets
15634 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
15635 Add sudoers_locale Defaults option to override the default sudoers
15639 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
15642 Set locale to system default except for during sudoers parse.
15645 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
15648 Redo change in 1.34 to use pointer arithmetic.
15651 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
15654 Fix a dereference (read) of a freed pointer. Reported by Patrick
15658 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
15661 Set locale to "C" to avoid interpretation issues with character
15662 ranges in sudoers. May want to make the locale a sudoers option in
15666 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
15669 we no longer use setproctitle
15676 * LICENSE, mkstemp.c:
15677 Use my replacement mkstemp() from the mktemp package.
15680 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
15683 regen with yacc skeleton bug fixed
15687 Remove duplicate "as root". From Martin Toft.
15690 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
15692 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
15693 Flesh out the fake passwd entry used for running commands as a uid
15694 not listed in the passwd database. Fixes an issue with some PAM
15698 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
15701 Error out in -i mode if the user has no shell. This can happen when
15702 running commands as a uid with no password entry.
15705 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
15708 Better fix for line continuation inside double quotes. Now accepts
15709 whitespace between the backslash and the newline like the main
15713 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
15716 Fix line continuation in strings. It was only being honored if
15717 preceded by whitespace.
15720 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
15722 * config.h.in, configure, configure.in, logging.c:
15723 Replace the double fork with a fork + daemonize.
15726 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
15729 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
15732 * logging.c, sudo.c, sudo_edit.c, visudo.c:
15733 Change how the mailer is waited for. Instead of having a SIGCHLD
15734 handler, use the double fork trick to orphan the child that opens
15735 the pipe to sendmail. Fixes a problem running su on some Linux
15739 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
15741 * configure, configure.in:
15742 Fix configure test for dirfd() on Linux where DIR is opaque.
15745 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
15748 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
15749 this problem we'll need to revisit this again.
15752 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
15755 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
15756 we only block the signal it may be delivered later when we unblock.
15757 Also, there is no need to block SIGCHLD since we no longer do the
15758 double fork. The normal SIGCHLD handler is sufficient.
15761 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
15763 * configure, configure.in:
15764 Add description for NO_PAM_SESSION, from a redhat patch.
15767 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
15769 * sudo.cat, sudo.man.in, sudo.pod:
15770 Fix typos in -i usage
15773 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
15775 * configure, configure.in:
15776 Redo the test for dgettext() in a way that hopefully will work
15777 around the libintl_dgettext() undefined problem.
15780 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
15782 * schema.ActiveDirectory:
15783 change filename in comment
15786 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
15788 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
15790 Reference schema.ActiveDirectory
15793 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
15795 * schema.OpenLDAP, schema.iPlanet:
15796 Mark sudoRunAs as deprecated.
15799 * schema.ActiveDirectory:
15800 add sudoRunAsUser and sudoRunAsGroup
15803 * schema.ActiveDirectory:
15804 Active Directory schema by Chantal Paradis and Eric Paquet
15807 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
15810 remove an XXX that was fixed
15818 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
15819 fixes a problem where the tag value printed was influenced by
15820 defaults set in the first pass through the parser.
15823 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
15825 * Makefile.in, sudo.psf:
15826 No point in packaging the TODO file
15833 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
15835 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
15836 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
15837 Add env_file Defaults option that is similar to /etc/environment on
15841 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
15843 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
15844 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
15845 version.h, visudo.cat, visudo.man.in:
15846 change version to 1.7.0
15850 initial valgrind pass done
15853 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
15856 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
15859 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
15862 define LDAPS_PORT if the system headers do not
15865 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15868 Fix another memory leak in init_parser().
15871 * configure, configure.in:
15872 There was a missing space before the ldap libs in SUDO_LIBS for some
15876 * alias.c, gram.c, gram.y, toke.c, toke.l:
15877 Clean up some memory leaks pointed out by valgrind.
15880 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
15883 fix "sudo -s" broken by mode/flags breakout
15886 * configure, configure.in:
15887 remove duplicate check for dgettext
15890 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15893 Fall back to default stanza if no user-specific limit is found.
15896 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
15899 include stdint.h if present
15903 Use LLONG_MAX, not the old QUAD_MAX
15906 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
15908 * sudoers.ldap.pod:
15912 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
15918 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15921 remove useless cast
15924 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
15935 Split MODE_* defines into primary and flags.
15938 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
15941 It turns out the logic for getting AIX limits is more convoluted
15942 than I realized and differs depending on whether the soft and/or
15943 hard limits are defined.
15946 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
15948 * Makefile.in, configure, configure.in:
15949 Back out AIX-specific change to set the sudo_noexec path to the .a
15950 file, we do really want to use the .so file. Since libtool doesn't
15951 do that correctly, just install the .so file ourselves in the
15956 If the file given to install is a path, only use the basename of the
15957 file when building the destination path.
15960 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
15963 parse_args() cleanup: Sort command line options in the getopt()
15964 switch The -U option requires a parameter Normalize a few ISSET
15965 calls Split mode into mode and flags and retire the now-obsolete
15969 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
15971 Add -n (non-interactive) flag.
15975 Move version printing, etc. into a separate function.
15979 Don't try to cleanup nsswitch if it has not been initialized.
15982 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
15985 Block SIGPIPE in send_mail() so sudo is not killed by a problem
15986 executing the mailer.
15989 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
15991 * configure, configure.in:
15992 AIX shared libs end in .a, not .so.
15995 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15998 Preserve HOME by default too. Matches documentation and previous
16002 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16005 Use getopt() to parse the command line. We need to be able to
16006 intersperse env variables and options yet still honor "--"" which
16007 complicates things slightly.
16010 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
16016 * acsite.m4, configure, ltmain.sh:
16017 update to libtool-1.5.26
16020 * config.guess, config.sub:
16021 update from libtool-1.5.26 distribution
16025 attempt to fix compilation errors on AIX
16029 fix typo in last commit
16033 Add WHATSNEW file to the distribution
16037 use warningx instead of fprintf(stderr, ...)
16041 add DEBUG to list2tq
16052 * Makefile.in, aix.c, config.h.in, configure, configure.in,
16053 set_perms.c, sudo.h:
16054 Add aix_setlimits() to set resource limits on AIX using a
16055 combination of getuserattr() and setrlimit(). Currently untested.
16058 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
16060 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
16061 sudoers.man.in, sudoers.pod:
16062 Add mailfrom Defaults option that sets the value of the From: field
16063 in the warning/error mail. If unset the login name of the invoking
16068 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
16072 When adding a default, only call list2tq() once to do the list to tq
16073 conversion. It is not legal to call list2tq multiple times on the
16074 same list since list2tq consumes and modifies the list argument.
16077 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
16078 comment out XXXs for now
16085 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
16088 Error out if both -A and -S are specified Error out if -A is
16089 specified but no askpass is configured
16092 * configure, configure.in:
16093 we are not going to ship a sudo-specific askpass
16096 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
16099 fix definition of TGP_ASKPASS
16102 * def_data.c, def_data.in:
16103 make askpass boolean-capable
16107 document --with-askpass
16110 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
16111 sudoers.man.in, visudo.cat:
16115 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
16117 * sudo.pod, sudo_usage.h.in, sudoers.pod:
16118 document -A and askpass
16121 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
16122 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
16123 sudo_usage.h.in, tgetpass.c:
16124 Add support for running a helper program to read the password when
16125 no tty is present (or when specified with the -A flag). TODO: docs.
16128 * def_data.c, def_data.in:
16129 add missing printf format to SELinux role and type strings
16132 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
16134 * INSTALL, configure, configure.in:
16135 Disable use of gss_krb5_ccache_name() by default and add
16136 --enable-gss-krb5-ccache-name configure option to enable it. It
16137 seems that gss_krb5_ccache_name() doesn't work properly with some
16138 combinations of Heimdal and OpenLDAP.
16141 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
16144 Ignore setexeccon() failing in permissive mode. Also add a call to
16145 setkeycreatecon() (though this is probably insufficient). From Dan
16150 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
16151 function may be called for non-password reading purposes so we must
16152 be careful not to use def_prompt in cases where it may not be set.
16155 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
16158 Don't free the new tty context, we need to keep it around when we
16159 restore the tty context after the command completes
16162 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
16168 * sudo.man.pl, sudo.pod:
16169 Only put login_cap(3) in SEE ALSO section if we have login.conf
16173 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
16175 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
16176 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
16181 Substitute in comment characters for lines partaining to login.conf,
16182 BSD auth and SELinux and only enable them if pertinent.
16186 Substitute in comment characters for lines partaining to login.conf,
16187 BSD auth and SELinux and only enable them if pertinent.
16191 Substitute in comment characters for lines partaining to login.conf,
16192 BSD auth and SELinux and only enable them if pertinent.
16196 Substitute in comment characters for lines partaining to login.conf,
16197 BSD auth and SELinux and only enable them if pertinent.
16200 * Makefile.in, configure, configure.in:
16201 Substitute in comment characters for lines partaining to login.conf,
16202 BSD auth and SELinux and only enable them if pertinent.
16205 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
16206 Remove the =cut on the first line (above the copyright notice) to
16207 quiet pod2man. Also remove the hackery in the FILES section and
16208 just deal with the fact that there will a newline between each
16212 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
16215 run sudo.man.pl when generating sudo.man.in
16218 * configure, configure.in, sudo.man.pl:
16219 comment out SELinux manual bits unless --with-selinux was specified
16223 document role and type defaults for SELinux
16226 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
16227 Document "sudo -ll" and make "sudo -l -l" be equivalent.
16230 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
16232 * configure, configure.in:
16233 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
16234 Debian GNU/kFreeBSD.
16237 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
16240 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
16241 verify_krb_v5_tgt()
16244 * logging.c, logging.h, sudo.c:
16245 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
16246 log_auth() into log_allowed() and log_denial() Replace mail_auth()
16247 with should_mail() and a call to send_mail()
16250 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
16253 Add debugging so we can tell if the krb5 ccache is accessible
16257 mention --with-selinux
16260 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
16270 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
16271 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
16272 testsudoers.c, toke.c, toke.l:
16273 Add support for SELinux RBAC. Sudoers entries may specify a role
16274 and type. There are also role and type defaults that may be used.
16275 To make sure a transition occurs, when using RBAC commands are
16276 executed via the new sesh binary. Based on initial changes from Dan
16281 Add support for SELinux RBAC. Sudoers entries may specify a role
16282 and type. There are also role and type defaults that may be used.
16283 To make sure a transition occurs, when using RBAC commands are
16284 executed via the new sesh binary. Based on initial changes from Dan
16288 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
16289 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
16290 pathnames.h.in, selinux.c:
16291 Add support for SELinux RBAC. Sudoers entries may specify a role
16292 and type. There are also role and type defaults that may be used.
16293 To make sure a transition occurs, when using RBAC commands are
16294 executed via the new sesh binary. Based on initial changes from Dan
16298 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
16300 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
16301 Add long list (sudo -ll) support for printing verbose LDAP and
16302 sudoers file entries. Still need to update manual.
16305 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
16307 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
16308 Unify the -l output for file and ldap based sudoers and use lbufs
16309 for both. The ldap output does not currently include options that
16310 cannot be represented as tags. This will be remedied in a long list
16311 output mode to come.
16314 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
16317 Use a specific error message for errno == EAGAIN when setuid() et al
16318 fails. On Linux systems setuid() will fail with errno set to EAGAIN
16319 if changing to the new uid would result in a resource limit
16324 Unlimit nproc on Linux systems where calling the setuid() family of
16325 syscalls causes the nroc resource limit to be checked. The limits
16326 will be reset by pam_limits.so when PAM is used. In the non-PAM
16327 case the nproc limit will remain unlimited but there doesn't seem to
16328 be a way around that other than having sudo parse
16329 /etc/security/limits.conf directly.
16332 * env.c, sudo.c, sudo.pod:
16333 Only read /etc/environment on Linux and AIX
16336 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16338 * configure, configure.in:
16339 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
16340 ldap.conf and ldap.secret paths from going into config.h. Avoid
16341 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
16342 since in some versions of bash they will end up literally in the
16346 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16349 mention --with-nsswitch=no
16352 * configure, configure.in:
16353 ldap_ssl.h depends on ldap.h being included first
16356 * config.h.in, configure, configure.in, ldap.c:
16357 Include ldap_ssl.h if we can find it. Needed for the
16358 ldapssl_set_strength defines on HP-UX at least.
16361 * sudoers.ldap.pod:
16369 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
16370 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
16375 Use 78n line length when formatting cat pages.
16379 Remove redundant info that is now in sudoers.ldap.pod
16382 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16384 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
16385 Reorganize the first section a bit. Substitute the proper path for
16389 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
16390 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
16391 schema into EXAMPLES
16394 * configure, configure.in:
16395 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
16399 * configure, configure.in:
16400 substitute for sudoers.ldap.man
16404 Fix cut & pasto introduced when adding sudoers.ldap man page.
16407 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
16408 Fill in some of the missing pieces. Still needs some reorganization
16412 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
16414 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
16416 Beginnings of a sudoers.ldap man page. Currently, much of the
16417 information is adapted from README.LDAP.
16420 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
16423 When copying gr_mem we must guarantee that the storage space for
16424 gr_mem is properly aligned. The simplest way to do this is to
16425 simply store gr_mem directly after struct group. This is not a
16426 problem for gr_passwd or gr_name as they are simple strings.
16430 Fix a typo/thinko in one of the calls to
16431 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
16434 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16436 * config.h.in, configure, configure.in, ldap.c:
16437 include <mps/ldap_ssl.h> in ldap.c if available
16440 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
16443 Make sure we define SIZE_MAX for yacc's skeleton.c
16447 Use TCSAFLUSH when restoring terminal settings (and echo) to
16448 guarantee that any pending output is discarded
16451 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
16454 no longer need to specify SETENV when user has sudo ALL
16458 sync user_args size calculation with sudo.c Add -g group option,
16459 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
16464 Make set_runaspw static void
16467 * testsudoers.c, visudo.c:
16468 g/c set_runaspw stub
16471 * configure, configure.in:
16472 Don't add -llber twice.
16475 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
16481 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
16487 * configure, configure.in:
16488 Fix check that determines whether -llber is required.
16491 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
16492 For netscape-based LDAP, use ldapssl_set_strength() to implement the
16493 checkpeer ldap.conf option.
16497 Delay krb5_cc_initialize() until we actually need to use the cred
16498 cache, which is what krb5_verify_user() does. Better cleanup on
16502 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
16505 Rewrite verify_krb_v5_tgt() based on what heimdal's
16506 krb5_verify_user() does.
16509 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
16512 The U suffix on constants is an ANSI feature
16515 * configure, configure.in:
16516 Add check for ber_set_option() in -llber
16519 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
16522 default if no nsswitch.conf is files only
16525 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16528 don't tell people to mail aaron about LDAP stuff
16532 timelimit and bind_timelimit
16540 Move ldap.secret reading into a separate function.
16544 user_runas -> runas_pw
16547 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
16553 * check.c, sudo.pod, sudoers.pod:
16554 Add and document the %p escape in the password prompt. Based on a
16555 patch from Patrick Schoenfeld.
16559 Check strlcpy() return values.
16563 refactor ldap binding code into sudo_ldap_bind_s()
16567 Make it clear that host and uri can take multiple parameters. URI is
16568 now supported for more than just openldap nsswitch.conf does't
16573 comment cleanup and update (c) year
16576 * parse.c, sudo_nss.c:
16577 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
16578 This should make it possible to build an LDAP-only sudo binary.
16581 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
16582 Improve chaining of multiple sudoers sources by passing in the
16583 previous return value to the next in the chain
16587 Free up parser data structures in sudo_file_close().
16591 Free up parser data structures in sudo_file_close().
16595 Parse uri ourself if no ldap_initialize() is present Use
16596 ldap_create() instead of deprecated ldap_init() Use
16597 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
16600 * config.h.in, configure, configure.in:
16601 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
16605 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
16607 * config.h.in, configure, configure.in:
16608 add check for ldap_create
16611 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
16613 * config.h.in, configure, configure.in, ldap.c:
16614 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
16615 dn using the mechanism appropriate for the LDAP SDK in use. Use
16616 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
16617 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
16624 * config.h.in, configure.in:
16625 fix typo in mtim_getnsec
16628 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
16630 * config.h.in, configure, configure.in:
16631 add check for st__tim in struct stat as used by SCO
16635 use ldap_search_ext_s instead of deprecated ldap_search_s
16638 * Makefile.in, TODO, sudo.cat, sudo.man.in:
16639 add sudo_nss.h to HDRS
16643 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
16647 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
16650 Use ldap_get_values_len()/ldap_value_free_len() instead of the
16651 deprecated ldap_get_values()/ldap_value_free().
16662 * gettime.c, sudo.c:
16663 Remove some already fixed XXXs
16667 Same return value as non-existent sudoers if LDAP was unable to
16672 mention /etc/environment
16675 * README.LDAP, UPGRADE, WHATSNEW:
16676 Update to reflect recent developments.
16680 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
16684 When building up a query don't list groups in the aux group vector
16685 that are the same as the passwd file group. On most systems the
16686 first gid in the group vector is the same as the passwd entry gid.
16690 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
16691 ldaprc and system defaults that could affect how LDAP works.
16694 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
16695 sudo_nss.c, sudo_nss.h:
16696 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
16697 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
16698 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
16699 file and --with-ldap-secret-file
16703 Honor def_ignore_local_sudoers
16706 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
16709 no longer need to check def_ignore_local_sudoers here
16713 Refactor group vector resetting into a function and also call it
16714 from display_cmnd. Stop after the first sucessful match in
16715 display_cmnd. Print a newline between each display_privs method.
16719 fix double free introduced in rev 1.218
16723 belt and suspenders; zero out result after freeing it
16726 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
16727 Refactor line reading into a separate function, sudo_parseln(),
16728 which removes comments, leading/trailing whitespace and newlines.
16729 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
16733 Make the inability to read the sudoers file a non-fatal error if
16734 there are other sudoers sources available. sudoers_file_lookup now
16735 returns "not OK" if sudoers was not present
16739 make it clear that the global options are from LDAP
16743 allocate proper amount of space for error string
16746 * sudo_nss.c, sudo_nss.h:
16747 actual sudo nss code
16750 * ldap.c, parse.c, sudo.c, sudo.h:
16751 nss-ify display_privs and display_cmnd.
16754 * defaults.c, parse.c, testsudoers.c, visudo.c:
16755 move update_defaults() to parse.c
16758 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
16759 Use nsswitch to hide some sudoers vs. ldap implementation details
16760 and reduce the number of #ifdef LDAP TODO: fix display routines and
16764 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
16766 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
16767 First cut at nsswitch.conf support. Further reorganizaton and
16768 related changes are forthcoming.
16771 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
16773 * env.c, pathnames.h.in, sudo.c, sudo.h:
16774 Add support for reading and /etc/environment file. Still needs to
16775 be documented and should probably only applies to OSes that have it
16776 (AIX and Linux, maybe others).
16783 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
16789 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
16796 Add an example sudoRole, clarify netscape vs. openldap a bit more
16800 Be clear on what is OpenLDAP vs. Netscape-derived
16803 * config.h.in, configure, configure.in, ldap.c:
16804 Use ldapssl_init() for ldaps support instead of trying to do it
16805 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
16806 and tls_key for cert7.db and key3.db respectively. Don't print
16807 debugging info for options that are not set. Add warning if
16808 start_tls specified when not supported.
16812 fix compilation on solaris
16816 add missing .h and .c files for missing lib objs
16819 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
16822 fix LDAP_OPT_NETWORK_TIMEOUT setting
16826 fix compilation on Solaris
16829 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
16831 * configure, configure.in:
16836 try to clear up which variables are for OpenLDAP and which are for
16837 netscape-derived SDKs
16840 * config.h.in, configure, configure.in, ldap.c:
16841 Add support for "ssl on" in both netscape and openldap flavors. Only
16842 the OpenLDAP flavor has been tested.
16845 * logging.c, sudo.c, sudo.h:
16846 Call cleanup() before exit in log_error() instead of calling
16847 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
16854 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
16856 * logging.c, sudo.c, sudo.h:
16857 Better ldap cleanup.
16861 Distinguish between LDAP conf settings that are connection-specific
16862 (which take an ld pointer) and those that are default settings
16866 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
16869 Improved warnings on error.
16873 Make ldap config table driven and set the config *after* we open the
16877 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
16880 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
16883 * configure, configure.in:
16884 some operating systems need to link with -lkrb5support when using
16888 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
16894 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
16898 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
16904 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
16905 add -g support for LDAP
16908 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
16910 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
16911 The -i and -s flags can now take an optional command.
16914 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
16916 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
16918 Add passprompt_override flag to sudoers that will cause the prompt
16919 to be overridden in all cases. This flag is also set when the user
16920 specifies the -p flag.
16924 Move setting of login class until after sudoers has been parsed. Set
16925 NewArgv[0] for -i after runas_pw has been set.
16928 * configure, configure.in:
16929 Move the dgettext check.
16932 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
16934 * auth/pam.c, config.h.in, configure, configure.in:
16935 Add basic support for looking up the string "Password: " in the PAM
16936 localized text db. This allows us to determine whether the PAM
16937 prompt is the default "Password: " one even if it has been
16940 TODO: concatenate non-std PAM prompts and user-specified sudo
16944 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
16946 * Makefile.in, config.h.in, configure, configure.in, parse.c,
16947 set_perms.c, sudo.c, sudo.h:
16948 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
16952 * acsite.m4, configure, interfaces.c, memrchr.c:
16953 Fix typos; Martynas Venckus
16956 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
16959 Don't assume runas_pw is set; it may not be in the -g case.
16962 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
16964 * logging.c, set_perms.c:
16965 Set aux group vector for PERM_RUNAS and restore group vector for
16966 PERM_ROOT if we previously changed it. Stash the runas group vector
16967 so we don't have to call initgroups more than once. Also add no-op
16968 check to check_perms.
16971 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
16973 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
16974 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
16975 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
16976 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
16977 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
16978 Add support for runas groups. This allows the user to run a command
16979 with a different effective group. If the -g option is specified
16980 without -u the command will be run as the current user (only the
16981 group will change). the -g and -u options may be used together.
16982 TODO: implement runas group for ldap improve runas group
16983 documentation add testsudoers support
16986 * configure, configure.in:
16987 fix setting of mandir
16990 * sudo.pod, sudoers.pod:
16991 document that ALL implies SETENV
16995 s/setenv_ok/setenv_implied/g
16999 hostname_matches() returns TRUE on match in sudo 1.7.
17003 use strcmp, not strcasecmp when comparing ALL
17007 Make sudo ALL imply setenv. Note that unlike with file-based
17008 sudoers this does affect all the commands in the sudoRole.
17011 * gram.c, gram.y, parse.c, parse.h:
17012 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
17013 it is not passed on to other commands in the list.
17017 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
17018 sudo_getpwuid() instead of getpwuid().
17021 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
17024 Expand on the dangers of not using visudo to edit sudoers.
17027 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
17030 Don't quote *?[]! on output since the lexer does not strip off the
17031 backslash when reading those in.
17034 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
17037 expand "u_foo" types to "unsigned foo" to avoid compatibility
17041 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
17044 Refactor log line generation in to new_logline().
17047 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
17053 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
17055 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
17057 Add configure check for struct in6_addr instead of relying on
17058 AF_INET6 since some systems define AF_INET6 but do not include IPv6
17062 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
17064 * configure, configure.in:
17065 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
17069 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
17071 * configure, configure.in:
17072 POSIX states that struct timespec be declared in time.h so check
17073 there regardless of the value of TIME_WITH_SYS_TIME.
17076 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
17079 Instead of defining a macro to call the appropriate method for
17080 turning on/off echo, just define tc[gs]etattr() and the related
17081 defines that use the correct terminal ioctls if needed. Also go back
17082 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
17085 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17095 * INSTALL, auth/pam.c, config.h.in, configure.in:
17096 Add --disable-pam-session configure option to disable calling
17097 pam_{open,close}_session. May work around bugs in some PAM
17101 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
17108 Avoid printing the prompt if we are already backgrounded. E.g. if
17109 the user runs "sudo foo &" from the shell. In this case, the call
17110 to tcsetattr() will cause SIGTTOU to be delivered.
17113 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
17115 * def_data.c, def_data.h, def_data.in:
17116 Reorder things such that the definition of env_reset come right
17117 before the env variable lists.
17121 Shrink type and seqno in struct alias from int to u_short
17124 * alias.c, match.c, parse.c, parse.h:
17125 Add a sequence number in the aliases for loop detection. If we find
17126 an alias with the seqno already set to the current (global) value we
17127 know we've visited it before so ignore it.
17130 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
17132 * TODO, auth/pam.c, sudo.c, sudo.h:
17133 PAM wants the full tty path so add user_ttypath which holds the full
17134 path to the tty or is NULL if no tty was present.
17138 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
17142 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
17148 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
17149 parse.h, testsudoers.c, visudo.c:
17153 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
17156 remove some useless casts
17160 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
17161 predates the final C99 spec and the standard specifies that it shall
17162 include stdint.h anyway
17165 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
17167 * Makefile.in, alloca.c, configure.in:
17168 Since we ship with a pre-generated parser there is no need to ship a
17169 bogus alloca implementation.
17177 remove initial setting of CHECKSIA, we require that it be unset if
17190 only do SIA checks on Digital Unix
17193 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
17195 * sudoers.cat, sudoers.man.in:
17204 Remove call to krb5_cc_register() as it is not needed for modern
17212 * aclocal.m4, configure.in:
17213 New method for setting the default authentication type and avoiding
17214 conflicts in auth types.
17217 * match.c, parse.c, testsudoers.c:
17218 Each entry in a cmndlist now has an associated runaslist so no need
17219 to keep track of the most recent non-NULL one.
17222 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
17225 back out partial ldaps support mistakenly committed
17229 Add support for unix groups and netgroups in sudoRunas
17232 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
17235 Fix sudoedit of a non-existent file. From Tilo Stritzky.
17238 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
17245 update --passprompt escape info
17249 remove now-bogus comment and update copyright date
17253 Fix up use of with_passwd
17256 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
17257 Update to autoconf-2.61 andf libtool-1.5.24
17261 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
17264 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
17271 move tags and runaslist propagation to be earlier
17275 If -f flag given use the permissions of the original file as a
17280 prevent a double free() when re-initing the parser
17283 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
17289 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
17290 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
17291 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
17292 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
17293 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
17294 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
17295 Remove support for compilers that don't support void *
17302 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
17303 parse.c, parse.h, testsudoers.c, visudo.c:
17304 Move list manipulation macros to list.h and create C versions of the
17305 more complex ones in list.c. The names have been down-cased so they
17306 appear more like normal functions.
17310 Fix cmp command when regenerating parser. Make gram.o the first
17311 dependency for all programs so gram.h will be generated before
17312 anything that needs it.
17316 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
17319 * match.c, parse.c, testsudoers.c:
17320 Use LH_FOREACH_REV when checking permission and short-circuit on the
17321 first non-UNSPEC hit we get for the command. This means that
17322 instead of cycling through the all the parsed sudoers entries we
17323 start at the end and work backwards and quit after the first
17324 positive or negative match.
17331 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
17332 Change list head macros to take a pointer, not a struct.
17340 Propagate the runasspec from one command to the next in a cmndspec.
17343 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
17346 Replace has_meta() with a macro that calls strpbrk().
17352 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
17353 testsudoers.c, visudo.c:
17354 Use a list head struct when storing the semi-circular lists and
17355 convert to tail queues in the process. This will allow us to
17356 reverse foreach loops more easily and it makes it clearer which
17357 functions expect a list as opposed to a single member.
17359 Add macros for manipulating lists. Some of these should become
17362 When freeing up a list, just pop off the last item in the queue
17363 instead of going from head to tail. This is simpler since we don't
17364 have to stash a pointer to the next member, we always just use the
17365 last one in the queue until the queue is empty.
17367 Rename match functions that take a list to have list in the name.
17368 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
17372 Fix pasto, append "!" not negated (which is an int) for sudo -l
17377 Remove the dependency of gram .h on gram.y, the .c dependency is
17378 enough. Only move y.tab.h to gram.h if it is different; avoids
17379 needless rebuilding.
17382 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
17385 Defaults lines may be associated with lists of users, hosts,
17386 commands and runas users, not just single entries.
17389 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
17392 Revert the "cmp" portion of the last diff, it doesn't make sense.
17396 Remove *.lo for clean: When generating the parser, only move the
17397 generated files into place if they differ from the existing ones.
17400 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
17403 Replace IPV6 regexp with a much simpler (readable) one and add an
17404 extra check when it matches to make sure we have a valid address.
17408 Fix thinko introduced when merging IPV6 support.
17411 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
17413 * HISTORY, LICENSE:
17422 mention #uid vs. comment pitfall
17426 Merge in a patch from the libtool cvs that fixes a problem with the
17427 latest autoconf. From Stepan Kasal.
17431 Back out he XOR swap trick, it is slower than a temp variable on
17440 Convert the tail queue to a semi-circle queue and use the XOR swap
17441 trick to swap the prev pointers during append.
17444 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
17447 remove useless statement
17451 Refactor #include parsing into a separate function and return
17452 unparsed chars (such as newline or comment) back to the lexer.
17455 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
17458 mention better uid support
17462 Users may now consist of a uid.
17465 * gram.c, gram.h, toke.c:
17470 Use lbuf_append_quoted() for sudo -l output to quote characters that
17471 would require quoting in sudoers.
17475 Add lbuf_append_quoted() which takes a set of characters which
17476 should be quoted with a backslash when displayed.
17480 Require that the first character after a comment not be a digit or a
17481 dash. This allows us to remove the GOTRUNAS state and treat
17482 uid/gids similar to other words. It also means that we can now
17483 specify uids in User_Lists and a User_Spec may now contain a uid.
17487 Replace RUNAS token with '(' and ')' tokens to make the runas
17488 portion of the grammar more natural.
17492 The BUGS file is history
17495 * Makefile.in, README:
17496 The BUGS file is history
17499 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
17502 Allow comments after a RunasAlias as long as the character after the
17503 pound sign isn't a digit or a dash.
17507 Glob support was back-ported to 1.6.9
17510 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
17513 remove sudo_usage.h in distclean
17517 If a Defaults value contains a blank, double-quote the string.
17521 Properly deal with Defaults double-quoted strings that span multiple
17522 lines using the line continuation char. Previously, the entire
17523 thing, including the continuation char, newline, and spaces was
17528 Be consistent when using single quotes and backticks.
17531 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
17533 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
17534 sudo.c, sudo_usage.h.in:
17535 Add new linebuf code to do appends of dynamically allocated strings
17536 and word-wrapped output. Currently used for sudo's usage() and sudo
17537 -l output. Sudo usage strings are now in sudo_usage.h which is
17538 generated at configure time.
17541 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
17543 * parse.c, sudo.c, sudo.h:
17544 Fix line wrapping in usage() and use the actual tty width instead of
17548 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
17555 Mentioned Chris Jepeway's parser and also the new one that is in
17559 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
17561 * sudo.pod, visudo.pod:
17562 For the options list, add flag args where appropriate and increase
17563 the indent level so there is room for them.
17566 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
17569 Fix some spacing in "sudo -l" and add a comment about some bogosity
17570 in the line wrapping.
17573 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17578 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
17579 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
17580 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
17581 testsudoers.c, toke.c, toke.l:
17582 Remove monitor support until there is a versino of systrace that
17583 uses a lookaside buffer (or we have a better mechanism to use).
17586 * config.h.in, configure, configure.in, sudo.c:
17587 use getaddrinfo() instead of gethostbyname() if it is available
17590 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
17593 Deal with OSes where sizeof(gid_t) < sizeof(int).
17597 repair non-getifaddrs() code after ipv6 integration
17601 If we can open sudoers but fail to read the first byte, close the
17602 file stream before trying again.
17605 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
17611 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
17612 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
17615 * sudo.pod, sudoers.pod, visudo.pod:
17616 Add some missing markup Update copyright
17619 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
17621 * configure, configure.in:
17622 fix sudo_noexec extension which got broken in the libtool update
17625 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
17628 explicitly specify -Tascii to nroff
17631 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
17634 remove an ANSI-ism that crept in
17637 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
17640 Adjust list indents Prevent -- from being turned into an em dash Use
17641 a list for the environment instead of a literal paragraph
17645 Use a list for the environment instead of an indented literal
17650 Adjust list indentation
17657 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17660 mention that when specifying a uid for the -u option the shell may
17661 require that the # be escaped
17664 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
17667 Fix off by one in group matching.
17670 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
17673 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
17676 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
17678 * configure, configure.in:
17679 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
17680 -lgssapi_krb5 case.
17683 * aclocal.m4, configure, configure.in:
17684 Fix link tests such that new gcc doesn't optimize away the test.
17687 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
17689 * sudo.pod, sudoers.pod, visudo.pod:
17690 add missing over/back
17693 * sudo.pod, sudoers.pod, visudo.pod:
17694 Change FILES section to use =item
17698 Add back allocation of the env struct in rebuild_env but save a copy
17699 of the old pointer and free it before returning.
17703 Don't init the private environment in rebuild_env() since it may
17704 have already been done implicitly sudo_setenv/sudo_unsetenv.
17706 Multiply length by sizeof(char *) in memcpy/memmove when copying the
17707 environment so we copy the full thing.
17709 Add missing set of parens so we deref the right pointer in
17710 sudo_unsetenv when searching for a matching variable.
17713 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
17715 * sudo.pod, sudoers.pod, visudo.pod:
17716 Use file markup for paths in the FILES section
17719 * sudo.pod, sudoers.pod, visudo.pod:
17720 Don't capitalize sudo/visudo
17724 Sort sudoers options; based on a diff from Igor Sobrado.
17727 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
17729 * sudo.pod, sudoers.pod, visudo.pod:
17730 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
17731 latter confuses pod2man. The Makefile rules for the .man.in file
17732 will add @mansectsu@ and @mansectform@ back in after pod2man is done
17736 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
17738 * LICENSE, Makefile.in, license.pod:
17739 Move license info to pod format
17742 * configure, configure.in, sudoers.pod:
17743 Substitute value of path_info into sudoers man page.
17747 remove features that were back-ported to 1.6.9
17750 * sudo.c, sudo.pod, visudo.c, visudo.pod:
17751 Sort SYNOPSIS and sync usage. From Igor Sobrado.
17755 Only need sudo_setenv/sudo_unsetenv if we are going to use
17756 ldap_sasl_interactive_bind_s() but don't have
17757 gss_krb5_ccache_name().
17761 rebuild without branch info
17765 Add ChangeLog target
17769 Run cleanup code if the user hits ^C at the password prompt.
17773 Some versions of pam_lastlog have a bug that will cause a crash if
17774 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
17778 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
17781 ChageLog not Changelog
17789 CHANGE -> Changelog
17796 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
17798 * config.h.in, configure, configure.in, ldap.c:
17799 Add configure hooks for gss_krb5_ccache_name() and the gssapi
17803 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
17806 rebuild_env() and insert_env_vars() no longer return environment
17807 pointer, they set environ directly.
17809 No longer need to pass around an envp pointer since we just operate
17812 Add dosync argument to insert_env() that indicates whether it should
17813 reset environ when realloc()ing env.envp.
17815 Use an initial size of 128 for the environment.
17819 Split sudo_setenv() into an external version and a version only for
17820 use by rebuild_env().
17823 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
17826 Add support for using gss_krb5_ccache_name() instead of setting
17827 KRB5CCNAME. Also use sudo_unsetenv() in the non-
17828 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
17829 original environment. TODO: configure setup for
17830 gss_krb5_ccache_name()
17837 * README.LDAP, ldap.c:
17838 Add support for sasl_secprops in ldap.conf
17842 Add sudo_unsetenv() and refactor private env syncing code into
17846 * README.LDAP, ldap.c:
17847 The ldap.conf variable is sasl_auth_id not sasl_authid.
17850 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
17852 * ldap.c, sudo.c, sudo.h:
17853 Add support for krb5_ccname in ldap.conf. If specified, it will
17854 override the default value of KRB5CCNAME in the environment for the
17855 duration of the call to ldap_sasl_interactive_bind_s().
17859 Remove format_env() Add sudo_setenv() to replace most format_env() +
17860 insert_env() combinations. insert_env() no longer takes a struct
17865 Fix use_sasl vs. rootuse_sasl logic.
17868 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
17869 Add support for SASL auth when connecting to an LDAP server. Adapted
17870 from a diff by Tom McLaughlin.
17873 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
17875 * configure, configure.in:
17876 Only enable AIX or BSD auth if no other exclusive auth method has
17877 been chosen. Allows people to e.g., use PAM on AIX without adding
17878 --without-aixauth. A better solution is needed to deal with default
17879 authentication since if a non-exclusive method is chosen we will
17880 still get an error.
17883 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
17885 * HISTORY, Makefile.in, history.pod:
17886 Generate HISTORY from history.pod (which is also used for web pages)
17889 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
17891 * sudo.man.in, sudoers.man.in:
17896 Better explanation of environment handling in the sudo man page.
17900 Defer setting user-specified env vars until after authentication.
17904 honor def_default_path for PATH set on the command line
17907 * env.c, sudo.c, sudo.pod, sudoers.pod:
17908 Allow user to set environment variables on the command line as long
17909 as they are allowed by env_keep and env_check. Ie: apply the same
17910 restrictions as normal environment variables. TODO: deal with
17914 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
17916 * sudo.c, sudo_edit.c:
17917 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
17918 Don't allow -E or env var setting in sudoedit mode. More accurate
17919 usage() when called as sudoedit.
17927 add -c option to sudoedit synopsis
17935 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
17936 value from {user,host,runas,cmnd}_matches(). Rename *matches
17937 variables -> *match. Purely cosmetic.
17941 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
17949 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
17952 Make pwcheck local to the pwflag block. Use pwcheck even if user
17953 didn't match since Defaults options may still apply.
17957 Do not update timestamp if user not validated by sudoers.
17961 for PERM_RUNAS, set the egid to the runas user's gid and restore to
17962 the user's original in PERM_ROOT
17965 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
17966 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
17971 don't check timestamp mtime if we are just going to remove it
17975 Move sudoers defaults parameters into their own section.
17979 Reduce a level of indent by a few placed continue statements.
17983 Make matching but negated commands/hosts/runas entries override a
17984 previous match as expected. Also reduce some levels of indent by a
17985 few placed continue statements.
17988 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
17991 Print default runas in "sudo -l" if sudoers don't specify one.
17995 Less hacky way of testing whether the domain was set.
17998 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
18001 Mention pam-devel and openldap-devel for Linux
18004 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
18010 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
18013 fix typo in Solaris project support
18021 Make -- on the command line match the manual page. The implied shell
18022 case has been simplified as a result.
18025 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
18028 add simplistic support for sudoRunas; note that if a sudoers entry
18029 contains multiple Runas users, all will apply to the sudoRole
18033 honor SETENV and NOSETENV tags
18036 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
18039 Redo setting of user_args. We now build up a private copy of argv
18040 first and then replace the NULs?with spaces.
18044 getcwd() returns NULL on failure, not 0 on success
18048 allow chunksiz to reach 1 before erroring out
18051 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18056 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
18058 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
18059 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
18061 Add support for setting environment variables on the command line.
18062 This is only allowed if the setenv sudoers options is enabled or if
18063 the command is prefixed with the SETENV tag.
18067 replace Aaron's email address with the sudo-workers list
18074 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
18076 * schema.OpenLDAP, schema.iPlanet:
18077 Break schema out into separate files.
18080 * Makefile.in, README.LDAP:
18081 Break schema out into separate files.
18084 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
18087 free message if set by authenticate()
18091 deal with NULL gr_mem
18094 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
18101 add template for HAVE_PROJECT_H
18108 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
18111 mention --with-project
18114 * config.h.in, configure.in, sudo.c:
18115 Add Solaris 10 "project" support. From Michael Brantley.
18127 Fix preservation of LDFLAGS in the LDAP case.
18131 Remove dependecy on NULL
18138 * aclocal.m4, configure.in:
18139 Can't use the regular autoconf fnmatch() check since we need
18140 FNM_CASEFOLD so go back to our custom one.
18144 Fix preserving of variables in env_keep.
18152 expand upon env resetting and mention that it began in 1.6.9 not
18157 Update descriptions of env_keep and env_check to match current
18161 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
18164 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
18165 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
18168 * env.c, logging.c:
18169 Treat USERNAME environemnt variable like LOGNAME/USER
18173 Don't need to populate keepenv table with the contents of the
18178 Don't force sudo into the C locale.
18182 Make env_check apply when env_reset it true. Environment variables
18183 are passed through unless they contain '/' or '%'. There is no need
18184 to have a variable in both env_check and env_keep.
18187 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
18190 Remove an duplicate lock_file() call and add a comment.
18194 Add sudo 1.6.9 upgrade note.
18197 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
18200 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
18201 small. From Klaus Wagner.
18204 * logging.c, sudo.h:
18205 Redo the long syslog line splitting based on a patch from Eygene
18206 Ryabinkin. Include memrchr() for systems without it.
18210 Redo the long syslog line splitting based on a patch from Eygene
18211 Ryabinkin. Include memrchr() for systems without it.
18214 * Makefile.in, config.h.in, configure, configure.in:
18215 Redo the long syslog line splitting based on a patch from Eygene
18216 Ryabinkin. Include memrchr() for systems without it.
18220 Since we need to be able to convert timespec to timeval for utimes()
18221 the last 3 digits in the tv_nsec are not significant. This makes the
18222 sudoedit file date comparison work again.
18225 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
18227 * aclocal.m4, configure, configure.in:
18228 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
18229 This deals with exclusive authentication methods in a simple way.
18232 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
18235 mkstemp.c is BSD code too.
18238 * sudo.pod, sudoers.pod, visudo.pod:
18239 No commercial support for now.
18242 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
18245 cleanenv() is no more.
18248 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
18251 Display branch info in Changelog
18255 Include config.h early so we have it for TIME_WITH_SYS_TIME
18259 Fix Changelog generation and update.
18262 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18265 Use /proc/self/fd instead of /proc/$$/fd
18267 Move old-style fd closing into closefrom_fallback() and call that if
18268 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
18271 * auth/kerb5.c, config.h.in, configure.in:
18272 o use krb5_verify_user() if available instead of doing it by hand o
18273 use krb5_init_secure_context() if we have it o pass an encryption
18274 type of 0 to krb5_kt_read_service_key() instead of
18275 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
18279 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
18283 Fix closefrom() substitution in the Makefile
18287 Mention alternate sudo pronunciation.
18290 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
18293 Remove KRB5_KTNAME from environment. Allow COLORTERM.
18297 If we cannot get a valid service key using the default keytab it is
18298 a fatal error. Fixes a bug where sudo could be tricked into
18299 allowing access when it should not by a fake KDC. From Thor Lancelot
18303 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
18305 * aclocal.m4, configure, configure.in:
18306 Update long long checks to use AC_CHECK_TYPES and to cache values.
18309 * aclocal.m4, configure.in:
18310 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
18311 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
18315 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
18317 * configure, configure.in:
18318 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
18319 need it for visudo now too.
18322 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
18325 Attempt to clarify the bit talking about network numbers w/o
18330 Clarify timestamp dir ownership sentence.
18333 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
18336 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
18340 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
18343 -i is also one of the mutually exclusive options to list it in the
18344 warning message. Noted by Chris Pepper.
18347 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
18350 The sudoers variable is env_editor, not enveditor. From Jean-
18354 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
18357 I tracked down the original author so credit him and include his
18361 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
18363 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18365 Fix typos; from Jason McIntyre.
18369 Restore signal mask before calling reapchild(). Fixes a possible
18370 race condition that could prevent sudo from properly waiting for the
18374 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
18377 Don't declare pw_free() if we are not going to use it.
18381 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
18382 LDR_PRELOAD64. The 64-bit version is not currently supported.
18383 Remove zero_env() prototype as it no longer exists.
18386 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
18389 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
18392 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
18395 If the user enters ^C at the password prompt, abort instead of
18396 trying to authenticate with an empty password (which causes an
18400 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
18402 * closefrom.c, config.h.in, configure, configure.in:
18403 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
18408 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
18411 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
18413 * config.guess, config.sub:
18414 Update to latest versions from cvs.savannah.gnu.org
18417 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
18419 * pwutil.c, sudo_edit.c:
18420 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
18421 we can close the passwd/group files early.
18424 * config.h.in, configure, configure.in, set_perms.c:
18425 Add seteuid() flavor of set_perms() for systems without setreuid()
18426 or setresuid() that have a working seteuid(). Tested on Darwin.
18429 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
18432 systrace_read() returns ssize_t
18435 * configure, configure.in:
18436 Fix typo, -lldap vs. -ldap; from Tim Knox.
18439 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
18442 Fix typo; Matt Ackeret
18445 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
18448 Print sudoers path in -V mode for root.
18451 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
18454 Do a sub tree search instead of a base search (one level in the tree
18455 only) for sudo right objects. This allows system administrators to
18456 categorize the rights in a tree to make them easier to manage.
18459 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
18465 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
18468 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
18469 bind_timelimit support; adapted from gentoo.
18472 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
18475 Support comments that start in the middle of a line
18478 * configure, configure.in:
18479 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
18482 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
18485 Silence gcc -Wsign-compare; djm@openbsd.org
18488 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
18489 cleanup() now takes an int as an arg so it can be used as a signal
18494 Make a copy of the shell field in the passwd struct for NewArgv to
18495 avoid a use after free situation after sudo_endpwent() is called.
18498 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
18500 * config.h.in, configure, configure.in:
18501 Add mkstemp() for those poor souls without it.
18505 Add mkstemp() for those poor souls without it.
18509 Add mkstemp() for those poor souls without it.
18512 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
18515 Add PERL5DB to list of environment variables to remove.
18518 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
18520 * mon_systrace.c, mon_systrace.h:
18521 Instead of calling the check function twice with a state cookie use
18522 separate check/log functions.
18524 Check more ioctl() calls for failure.
18526 systrace_{read,write} now return the number of bytes read/written or
18531 Add more environment variables to remove; from gentoo linux Add some
18532 comments about what bad env variables go to what (more to do)
18535 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
18537 * sudo.c, sudo_edit.c:
18538 Move sudo_end{gr,pw}ent() until just before the exec since they free
18539 up our cached copy of the passwd structs, including sudo_user and
18540 sudo_runas. Fixes a use-after-free bug.
18544 Close all fd's before executing editor.
18548 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
18552 Fix fd leak when lecture file option is enabled. From Jerry Brown
18555 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
18558 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
18559 environment variables to remove. From Charles Morris
18562 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
18565 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
18568 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
18571 add PS4 and SHELLOPTS to initial_badenv_table for bash
18574 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
18577 Fix typo; Toby Peterson
18580 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
18583 Make return buffers static so they don't get clobbered
18586 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
18589 Fix securid5 authentication, was not checking for ACM_OK. Also add
18590 default cases for the two switch()es. Problem noted by ccon at
18594 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
18597 Remove ncat() in favor of just counting bytes and pre-allocating
18601 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
18604 Fix up some comments Add missing fclose() for the rootbinddn case
18608 align struct ldap_config
18612 use LINE_MAX for max conf file line size
18616 add _PATH_LDAP_SECRET
18620 Mention rootbinddn Give example ou=SUDOers container
18623 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
18625 * INSTALL, configure, configure.in, ldap.c:
18626 Support rootbinddn in ldap.conf
18629 * env.c, sudo.pod, sudoers.pod:
18630 Preserve DISPLAY environment variable by default.
18633 * acsite.m4, configure:
18634 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
18637 * acsite.m4, configure:
18638 set need_version=no for all cases; this is safe for LD_PRELOAD
18645 * configure, configure.in:
18650 Fix call to pam_end() when pam_open_session() fails.
18658 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
18659 ltsugar.m4 ltversion.m4
18662 * config.guess, config.sub, ltmain.sh:
18663 merge in local changes: config.guess: o better openbsd support
18664 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
18665 libs must begin with "lib" o don't print a bunch of crap about
18666 library installs o don't run ldconfig
18669 * config.guess, config.sub, ltmain.sh:
18674 Update with autoupdate and make minor changes for libtool 1.9f
18677 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
18680 don't call sudo_ldap_display_cmnd if ldap not setup
18683 * sudo_edit.c, visudo.c:
18684 Move declatation of struct timespec to its own include files for
18685 systems without it since it needs time_t defined.
18689 Move declatation of struct timespec to its own include files for
18690 systems without it since it needs time_t defined.
18694 Move declatation of struct timespec to its own include files for
18695 systems without it since it needs time_t defined.
18699 Move declatation of struct timespec to its own include files for
18700 systems without it since it needs time_t defined.
18703 * check.c, compat.h:
18704 Move declatation of struct timespec to its own include files for
18705 systems without it since it needs time_t defined.
18709 Don't set safe_cmnd for the "sudo ALL" case.
18712 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
18715 Call pam_open_session() and pam_close_session() to give pam_limits a
18716 chance to run. Idea from Karel Zak.
18719 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
18722 Add explicit cast from mode_t -> u_int in printf to silence warnings
18727 include grp.h to silence a warning on Solaris
18730 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
18733 Fix printing of += and -= defaults.
18736 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
18739 Sanity check number of syscall args with argsize. Not really needed
18740 but a little paranoia never hurts.
18743 * mon_systrace.c, mon_systrace.h:
18744 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
18745 for systrace lengths (since it uses int)
18748 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
18751 Add some memsets for paranoia Fix namespace collsion w/ error Check
18752 rval of decode_args() and update_env() Remove improper setting of
18756 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
18758 * parse.c, sudo.c, sudo.h:
18759 In -l mode, only check local sudoers file if def_ignore_sudoers is
18760 not set and call LDAP versions from display_privs() and
18761 display_cmnd() instead of directly from main(). Because of this we
18762 need to defer closing the ldap connection until after -l processing
18763 has ocurred and we must pass in the ldap pointer to display_privs()
18764 and display_cmnd().
18768 Reorganize LDAP code to better match normal sudoers parsing.
18769 Instead of storing strings for later printing in -l mode we do
18770 another query since the authenticating user and the user being
18771 listed may not be the same (the new -U flag). Also add support for
18774 There is still a fair bit if duplicated code that can probably be
18778 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
18781 Replace pass variable with do_netgr for better readability.
18789 estrdup, not strdup
18792 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
18795 Add macro to test if the tag changed to improve readability.
18799 Avoid printing defaults header if there are no defaults to print...
18803 Fix a warning on systems without strlcpy().
18807 Use macros where possible for sudo_grdup() like sudo_pwdup().
18810 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
18813 It is possible for tv_usec to hold >= 1000000 usecs so add in
18817 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
18820 The component in krb5_principal_get_comp_string() should be 1, not 0
18821 for Heimdal. From Alex Plotnick.
18824 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
18826 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
18827 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
18828 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
18829 Add efree() for consistency with emalloc() et al. Allows us to rely
18830 on C89 behavior (free(NULL) is valid) even on K&R.
18834 Move initgroups() for -U option into display_privs() so group
18835 matching in sudoers works correctly.
18838 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
18841 Removed duplicate call to ldap_unbind_s introduced along with
18846 Add missing space in Defaults printing
18849 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
18852 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
18856 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
18859 Zero old pw_passwd before replacing with version from shadow file.
18862 * configure, configure.in:
18863 Only attempt shadow password detection if PAM is not being used Add
18864 shadow_* variables to make shadow password detection more generic.
18868 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
18871 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
18874 use a non-breaking space to avoid a double space after e.g.
18878 commna, not colon after e.g.
18881 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
18884 Add __ variants of the exec functions. GNU libc at least uses
18885 __execve() internally.
18889 Match reality a bit more.
18893 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
18897 Store shadow password after making a local copy of struct passwd in
18898 case normal and shadow routines use the same internal buffer in
18902 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
18904 * alloc.c, logging.c:
18905 Make varargs usage consistent with the rest of the code.
18908 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
18911 Wrap more of the exec family since on Linux the others do not appear
18912 to go through the normal execve() path.
18916 make print_unused static like proto says
18920 silence a warning on K&R systems
18923 * alias.c, error.c:
18924 make this build in K&R land
18928 make this build in K&R land
18931 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
18937 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
18940 return(foo) not return foo optimize _atobool() slightly
18948 Reformat to match the rest of sudo's code.
18952 I am the primary author
18955 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
18957 * Makefile.in, README, RUNSON:
18958 The RUNSON file is toast--it confused too many people and really
18959 isn't needed in a configure-oriented world.
18963 alternate -> alternative
18967 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
18972 Allow leading blanks before Defaults and Foo_Alias definitions
18976 fix rules to build toke.o and gram.o in devel mode
18979 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
18982 env_keep overrides set_logname
18986 Fix disabling set_logname and make env_keep override set_logname.
18989 * compat.h, config.h.in, configure, configure.in:
18990 No longer need memmove()
18994 Just clean the environment once. This assumes that any further
18995 setenv/putenv will be able to handle the fact that we replaced
18996 environ with our own malloc'd copy but all the implementations I've
19000 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
19003 In -i mode, base the value of insert_env()'s dupcheck flag on
19004 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
19007 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19010 Move setting of user_path, user_shell, user_prompt and prev_user
19011 into init_vars() since user_shell at least is needed there.
19014 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
19021 Fix some printf format mismatches on error.
19025 Fix some printf format mismatches on error.
19028 * configure, gram.c, toke.c:
19032 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
19033 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
19034 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
19035 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
19036 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
19037 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
19038 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
19039 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
19040 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
19041 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
19042 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
19043 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
19044 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
19045 visudo.pod, zero_bytes.c:
19046 Update copyright years.
19049 * Makefile.binary.in:
19050 Update copyright years.
19054 Update copyright years.
19057 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
19062 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
19065 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
19067 * compat.h, logging.h, sudo.h:
19068 Add __printflike and use it with gcc to warn about printf-like
19072 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
19074 * CHANGES, ChangeLog:
19075 Replaced CHANGES file with ChangeLog generated from cvs logs
19079 Use warning/error instead of perror/fatal.
19083 Update OpenBSD section
19087 Add upgrading noted for 1.7
19090 * env.c, sudo.c, sudoers.pod:
19091 Instead of zeroing out the environment, just prune out entries based
19092 on the env_delete and env_check lists. Base building up the new
19093 environment on the current environment and the variables we removed
19097 * config.h.in, configure, configure.in, sudo.c:
19098 Set locale to "C" if locales are supported, just to be safe.
19102 Cast?argument to ctype functions to unsigned char.
19105 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
19108 correct value for DID_USER
19111 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
19112 #include <compat.h> not "compat.h"
19116 Reset the environment by default.
19120 Alloc an extra slot in NewArgv. Removes the need to malloc an new
19121 vector if execve() fails.
19124 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
19126 * INSTALL, config.h.in, configure, configure.in, sudo.c:
19127 Use execve(2) and wrap the command in sh if we get ENOEXEC.
19130 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19133 Only include time.h on systems that lack struct timespec which gets
19134 defind in compat.h (using time_t).
19138 Include time.h for time_t in compat.h for systems w/o struct
19142 * compat.h, config.h.in, configure, configure.in:
19143 use bcopy on systems w/o memmove
19147 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
19152 Add explicit rule to build sudo_noexec.lo
19155 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
19157 * INSTALL.configure, Makefile.in:
19158 No longer depend on VPATH; pointed out a bunch of missed
19163 Help for PAM when account section is missing
19167 Give user a clue when there is a missing "account" section in the
19172 Better error handling.
19175 * config.h.in, configure, configure.in:
19176 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
19177 possible. Silences a warning about isblank() on linux.
19181 Fix typo (missing comma) that caused an incorrect number of args to
19182 be passed to log_error().
19185 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
19188 Don't try to destroy a tree we didn't create.
19191 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
19193 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
19194 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
19195 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
19196 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
19197 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
19198 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
19199 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
19200 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
19201 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
19202 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
19203 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
19204 Add __unused to rcsids
19207 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19209 * configure, configure.in:
19210 Fix error message when mixing invalid auth types
19214 PAM, AIX auth, BSD auth and login_cap are now on by default if the
19218 * auth/sudo_auth.h, config.h.in:
19219 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
19223 Better checking for conflicting authentication methods Display the
19224 authentication methods used at the end of configure Rename --with-
19225 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
19226 --with-pam, --with-logincap by default on systems that support them
19227 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
19228 OSREV has full version number
19231 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19233 * def_data.c, def_data.in, sudo.c, sudoers.pod:
19237 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19240 Replace: test -n "$FOO" || FOO="bar"
19242 With: : ${FOO='bar'}
19245 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19247 * pwutil.c, testsudoers.c, tsgetgrpw.c:
19248 Use function pointers to only call private passwd/group routines
19249 when using a nonstandard passwd/group file.
19252 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
19259 Can't use strtok() since it doesn't handle empty fields so add
19260 getpwent()/getgrent() functions and call those.
19263 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
19266 Fix dummied out toke.c and gram.c dependencies.
19270 Rename PARSESRCS -> GENERATED since it is only used in the clean
19271 target Add devdir variable and use it to specify the path to parser
19280 Add a devdir variables that defaults to $(srcdir) and is set to . if
19281 --devel was specified. Allows for proper dependecies building the
19286 Add support for custom passwd/group files.
19290 Build private copy of pwutil.o for testsudoers with MYPW defined so
19291 it uses our own passwd/group routines.
19295 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
19296 stubs instead. We can now just use the caching sudo_*{pw,gr}*
19297 functions in pwutil.c Add comment about wanting to call
19298 sudo_endpwent/sudo_endgrent in cleanup()
19302 Remove caching; we will just use what is in pwutil.c Use global
19303 buffers for passwd/group structs Rename functions from sudo_* to
19307 * logging.c, sudo.c:
19308 g/c pwcache_init/pwcache_destroy
19312 Undo last commit and add sudo_setspent and sudo_endspent instead.
19315 * getspwuid.c, pwutil.c:
19316 Move all but the shadow stuff from getspwuid.c to pwutil.c and
19317 pwcache_get and pwcache_put as they are no longer needed. Also add
19318 preprocessor magic to use private versions of the passwd and group
19319 routines if MYPW is defined (for use by testsudoers).
19323 zero out struct passwd/group before filling it in so if there are
19324 fields we don't handle they end up as 0.
19327 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
19332 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
19337 Passwd and group lookup routines for testsudoers that support
19338 alternate passwd and group files.
19341 * getspwuid.c, pwutil.c:
19342 Split off pw/gr cache and dup code into its own file. This allows
19343 visudo and testsudoers to use the pw/gr cache too.
19346 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
19349 Print Defaults info in "sudo -l" output and wrap lines based on the
19353 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
19355 * match.c, testsudoers.c, visudo.c:
19356 Only check group vector in usergr_matches() if we are matching the
19357 invoking or list user. Always check the group members, even if
19358 there was a group vector.
19361 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
19363 * LICENSE, Makefile.in, fnmatch.3:
19364 No longer bundle fnmatch.3
19371 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
19378 Sort command line options
19381 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
19382 sudo.pod, sudoers.pod:
19383 Add closefrom sudoers option to start closing at a point other than
19384 3. Add closefrom_override sudoers option and -C sudo flag to allow
19385 the user to specify a different closefrom starting point.
19389 Add _PATH_DEVNULL for those without it.
19393 no more UCB strcasecmp
19397 replace BSD licensed one with version derived from pdksh
19400 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
19407 Make sure stdin, stdout and stderr are open and dup them to
19411 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
19413 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
19414 add sudo_ldap_close
19417 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
19418 Use TIME_WITH_SYS_TIME
19421 * config.h.in, configure, configure.in:
19422 Add TIME_WITH_SYS_TIME_H
19425 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
19428 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
19429 unconditionally on darwin. From Toby Peterson.
19433 Check rbinsert() return value. In the case of faked up entries
19434 there is usually a negative response cached that we need to
19437 In pwfree() don't try to zero out a NULL pw_passwd pointer.
19441 Use the double fork trick to avoid the monitor process being waited
19442 for by the main program run through sudo.
19445 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
19448 Call initgroups() in -U mode so group matches work normally.
19451 * def_data.h, mkdefaults:
19452 Don't print a trailing comma for the last entry in enum def_tupple
19455 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19457 * sudoers.cat, sudoers.man.in, sudoers.pod:
19458 Mention values when lecture, listpw and verifypw are used in boolean
19462 * def_data.c, def_data.in:
19463 verifypw when used in a boolean TRUE context should be "all", not
19467 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19469 * def_data.in, defaults.c:
19470 Allow tuples that can be used as booleans to be used as boolean
19471 TRUE. In this case the 2nd possible value of the tuple is used for
19475 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19477 * configure, configure.in:
19478 Correct the test for 2-parameter timespecsub
19482 Add strub struct definitions for passwd, timeval and timespec
19485 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
19486 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
19487 and fix a typo in the gettimeofday check.
19490 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19492 * match.c, testsudoers.c:
19493 Deal with user_stat being NULL as it is for visudo and testsudoers.
19496 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
19497 Add -U option to use in conjunction with -l instead of -u. Add
19498 support for "sudo -l command" to test a specific command.
19501 * gram.c, gram.y, sudo.c:
19502 Set safe_cmnd after sudoers_lookup() if it has not been set.
19503 Previously it was set by sudo "ALL" in the parser but at that point
19504 the fully-qualified pathname has not yet been found.
19507 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19509 * parse.c, testsudoers.c:
19510 Correctly handle multiple privileges per userspec and runas
19514 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
19517 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
19520 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
19523 make per-command defaults work with sudoedit
19526 * ldap.c, parse.c, sudo.c, sudo.h:
19527 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
19528 Instead, we just set the approriate defaults variable.
19531 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
19532 Document per-command Defaults.
19535 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
19536 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
19537 Add support for command-specific Defaults entries. E.g.
19538 Defaults!/usr/bin/vi noexec
19541 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
19542 Change an occurence of user_matches() -> runas_matches() missed
19543 previously runas_matches(), host_matches() and cmnd_matches() only
19544 really need to pass in a list of members. user_matches() still
19545 needs to pass in a passwd struct because of "sudo -l"
19549 Check def_authenticate, def_noexec and def_monitor when setting
19550 return flags. XXX May be better to just set the defaults directly
19551 and get rid of those flags.
19554 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
19555 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
19556 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
19557 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
19558 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
19559 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
19560 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
19561 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
19562 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
19563 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
19564 visudo.c, zero_bytes.c:
19565 Use: #include <config.h> Not: #include "config.h" That way we get
19566 the correct config.h when build dir != src dir
19570 Back out part of rev 1.263; fix -I order
19574 More robust parsing if #include; could be much better still.
19577 * sudo_edit.c, visudo.c:
19578 Make arg splitting in visudo and sudoedit consistent.
19581 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
19582 Split alias routines out into their own file.
19586 __attribute__ is already defined in compat.h
19590 quit() should not be __noreturn__ as it is non-void on some
19594 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
19595 Add local error/warning functions like err/warn but that call an
19596 additional cleanup routine in the error case. This means we no
19597 longer need to compile a special version of alloc.o for visudo.
19601 Clarify comments about the data structures
19604 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
19607 Add support for VISUAL and EDITOR containing command line args. If
19608 env_editor is not set any args in VISUAL and EDITOR are ignored.
19609 Arguments are also now supported in def_editor.
19612 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
19615 alias_matches() is no more
19623 When regenerating the parser, don't replace gram.h unless it has
19628 remove Makefile.binary for distclean
19632 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
19633 sure we can't overflow new_env.
19637 paranoia when stripping trailing slashes from tempdir.
19641 Set user_ngroups to 0 if getgroups() returns an error.
19644 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
19646 * config.h.in, configure, configure.in, sudo.c:
19647 Add configure check for getgroups()
19651 Use supplementary group vector in struct sudo_user.
19655 Only do string comparisons on the group members if there is no
19656 supplemental group list.
19664 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
19665 chop off any trailing slashes we see and add an explicit one.
19669 remove bogus XXX comment
19673 Get rid of alias_matches and correctly fall through to the non-alias
19674 cases when there is no alias with the specified name.
19678 Cache non-existent passwd/group entries too.
19689 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
19690 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
19691 Implement group caching and use the passwd and group caches
19695 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
19698 Properly negate the return value of alias_matches() when
19703 Make hostname_matches() return TRUE for a match, else FALSE like the
19708 Add missing dependencies on gram.h
19712 Use runas_matches in alias_matches() now that we have it.
19715 * parse.c, parse.h:
19716 Expand aliases in "sudo -l" mode
19720 Use ALIAS for the member type when storing an alias instead of
19721 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
19722 more generic type. Expand runas_matches instead of calling
19723 user_matches() inside of it since user_matches() looks up
19724 USERALIASes, not RUNASALIASes.
19727 * CHANGES, getspwuid.c:
19728 Paranoia; zero out pw_passwd before freeing passwd entry.
19731 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
19732 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
19733 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
19734 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
19735 Add local error/warning functions like err/warn but that call an
19736 additional cleanup routine in the error case. This means we no
19737 longer need to compile a special version of alloc.o for visudo.
19741 Use userpw_matches() to compare usernames, not strcmp(), since the
19742 latter checks for "#uid".
19745 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
19746 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
19747 the other by user name. The data returned from the cache should be
19748 considered read-only and is destroyed by sudo_endpwent().
19756 missing free in alias_destroy
19760 Can't use rbapply() for rbdestroy since the destructor is passed a
19761 data pointer, not a node pointer.
19764 * getspwuid.c, logging.c, sudo.c, sudo.h:
19765 Create and use private versions of setpwent() and endpwent() that
19766 set/end the shadow password file too.
19769 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
19770 Store aliases in a red-black tree.
19773 * Makefile.in, redblack.c, redblack.h:
19774 red-black tree implementation
19778 Edit all sudoers file if there were unused or undefined aliases and
19779 we are in strict mode.
19782 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
19784 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
19785 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
19786 Bring back the "secure_path" Defaults option now that Defaults take
19787 effect before the path is searched.
19790 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
19792 * logging.c, parse.c:
19793 A user can always list their own entries, even with -u. Better error
19794 message when failing to list another user's entries.
19797 * parse.c, sudo.c, sudo.h:
19798 The syntax to list another user's entries is now "-u otheruser -l".
19799 Only root or users with sudo "ALL" may list other user's entries.
19802 * sudo.cat, sudo.man.in, sudo.pod:
19803 Update env variable info in SECURITY NOTES
19811 strip exported bash functions from the environment.
19814 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
19817 Only reset sudo_user.pw based on SUDO_USER environment variables for
19818 real commands and sudoedit. This avoids a confusing message when a
19819 user tries "sudo -l" or "sudo -v" and is denied.
19822 * gram.c, gram.y, parse.h:
19823 Extend LIST_APPEND to deal with appending lists too
19826 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
19829 Convert some bitwise AND to ISSET
19832 * lex.yy.c, toke.c:
19833 toke.c replaces lex.yy.c
19841 new parser fixes most of the outstanding bugs
19849 Rework for the new parser. Now checks for unused aliases in sudoers.
19853 Rewrite for the new parser. Now supports a -d flag (dump) and adds
19854 a -h flag (host). It now defaults to the local hostname unless
19855 otherwise specified.
19859 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
19863 Update for new parse. We now call find_path() *after* we have
19864 updated the global defaults based on sudoers. Also adds support for
19865 listing other user's privs if you are root.
19869 Working LDAP support; also remove a now-unneeded rewind().
19872 * logging.c, logging.h:
19873 Add NO_STDERR flag.
19877 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
19878 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
19879 connecto to LDAP, apply the default options, find the command in the
19880 user's path, and then check whether the user is allowed to run it.
19881 The important thing here is that the default runas user may be
19882 specified as a default option and that needs to be set before we
19883 search for the command.
19887 Add casts to unsigned char for isspace() to quiet a gcc warning.
19891 Add prototype for update_defaults()
19895 Don't warn about line numbers now that we operate on a set of data
19896 structures (or LDAP) and not a file.
19900 No long use lsearch()
19904 Update for new and changed file names.
19908 no more BSD lsearch.c
19912 foo_matches() routines now live in match.c Added user_matches(),
19913 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
19914 that operate on the parsed sudoers file.
19917 * parse.lex, toke.l:
19918 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
19919 WORD no longer needs to exclude '@' kill yywrap()
19922 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
19924 Rewritten parser that converts sudoers into a set of data
19925 structures. This eliminates ordering issues and makes it possible to
19926 apply sudoers Defaults entries before searching for the command.
19929 * configure.in, emul/search.h, lsearch.c:
19930 We won't be using lsearch() any longer.
19934 sudo should not send mail if someone who runs 'sudo -l' has no
19938 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
19944 Update warnings to match new visudo
19948 The new parser doesn't have the old ordering constraints.
19952 Document that -l now takes an optional username argument
19955 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
19962 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
19963 a compilation problem with Solaris 9's native LDAP.
19965 Set FLAG_MONITOR when needed.
19968 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
19971 Call sudo_goodpath() *after* changing the cwd to match the traced
19972 process. Fixes relative paths.
19975 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
19978 Kill set_perms() stub--it is no longer needed.
19981 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
19983 * sudoers.cat, sudoers.man.in, sudoers.pod:
19984 stay_setuid now requires set_reuid() or setresuid()
19987 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
19988 configure.in, set_perms.c, sudo.c, sudo.h:
19989 Kill use of POSIX saved uids; they aren't worth bothering with.
19992 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
19995 remove call to issetugid()
19998 * sudoers.cat, sudoers.man.in, sudoers.pod:
19999 Remove warning about wildcards. Now that we use glob() the bug is
20004 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
20005 each result that matches the basename of the user's command. This
20006 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
20007 /usr/bin/blah. Fixes bug #143.
20010 * config.h.in, configure, configure.in:
20011 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
20015 * config.h.in, configure, configure.in:
20016 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
20024 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
20029 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
20033 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
20036 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
20037 means we are out of space in the stack gap...
20045 Take a stab at ldap sudoers support here.
20048 * mon_systrace.c, mon_systrace.h:
20049 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
20050 doesn't cause reboot to inadvertanly kill itself.
20054 put "monitor" in the proctitle, not "systrace"
20058 When modifying the environment, don't replace envp when we can get
20059 away with just rewriting pointers in the traced process.
20062 * mon_systrace.c, mon_systrace.h:
20063 Add environment updating via STRIOCINJECT (if available).
20066 * sudoers.cat, sudoers.man.in:
20070 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
20077 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
20081 Include file is now mon_systrace.h
20084 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
20085 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
20086 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
20087 No longer call it tracing, it is now "monitoring" which should be
20088 more a obvious name to non-hackers.
20091 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
20093 * mon_systrace.c, mon_systrace.h:
20097 * mon_systrace.c, mon_systrace.h:
20098 No need to include syscall.h, use 1024 as the max # of entries (the
20099 max that systrace(4) allows).
20101 Only need to use SYSTR_POLICY_ASSIGN once
20103 Change check_syscall() -> find_handler() and have it return the
20104 handler instead of just running it. We need this since handler now
20105 have two parts: one part that generates and answer and another that
20106 gets called after the answer is accepted (to do logging).
20108 Add some missing check_exec for emul execv
20111 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
20116 Add missing HAVE_LINUX_SYSTRACE_H
20120 add trace_systrace.o dependency
20123 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
20125 * configure, configure.in:
20126 Also look for systrace.h in /usr/include/linux
20129 * mon_systrace.c, mon_systrace.h:
20130 Move all struct defs and prototypes into trace_systrace.h and mark
20131 all but systace_attach() static.
20134 * mon_systrace.c, mon_systrace.h:
20135 Add support for tracing emulations. At the moment, all emulations
20136 are compiled in. It might make sense to #ifdef them in the future,
20137 though this impeeds readability.
20140 * Makefile.in, configure, configure.in:
20141 rename systrace.c -> trace_systrace.c
20144 * parse.yacc, sudo.tab.c:
20145 Allow this to build with a K&R compiler again
20152 * compat.h, sudo.c, visudo.c:
20153 Use __attribute__((__noreturn__))
20157 Exit() takes a negative value to indicate it was not called via
20161 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20166 * Makefile.in, visudo.c:
20167 Define Err() and Errx() that are like err() and errx() but call
20168 Exit() instead of exit(). Build private copy of alloc.o for visudo
20169 that calls Err() and Errx().
20172 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
20174 * lex.yy.c, sudo.tab.c:
20183 Overhaul visudo for editing multiple files: o visudo has been
20184 broken out into functions (more work needed here) o each file is
20185 now edited before sudoers is re-parsed o if a #include line is
20186 added that file will be edited too
20188 TODO: o cleanup temp files when exiting via err() or errx() o
20189 continue breaking things out into separate functions
20192 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
20193 Add keepopen arg to open_sudoers that open_sudoers can use to
20194 indicate to the caller that the fd should not be closed when it is
20195 done with it. To be used by visudo to keep locked fds from being
20196 closed prematurely (and thus losing the lock).
20199 * parse.yacc, sudo.c:
20200 Add errorfile global that contains the name of the file that caused
20205 return COMMENT to yacc grammar for a #include line
20209 Remove us of unput() in favor of yyless() which is cheaper.
20213 Allow an empty sudoers file.
20216 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
20219 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
20222 * lex.yy.c, sudo.tab.c:
20227 Do signal setup before calling edit_sudoers(). Don't shadow the
20232 If a sudoers file includes other files, edit those too. Does not yes
20233 deal with creating the new includes files itself.
20237 init_parser now takes a path
20240 * parse.c, parse.h, parse.lex, parse.yacc:
20241 More scaffolding for dealing with multiple sudoers files: o
20242 init_parser() now takes a path used to populate the sudoers global
20243 o the sudoers global is used to print the correct file in yyerror()
20244 o when switching to a new sudoers file, perserve old file name and
20248 * Makefile.in, pathnames.h.in:
20249 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
20250 multiple sudoers files.
20254 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
20255 we start at the right file position when reading include files.
20267 Add max depth of 128 for the include stack to avoid loops.
20269 Since yyerror() doesn't stop parsing, pass return values back to
20270 yylex and call yyterminate() on error.
20273 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
20280 Mention PREVENTING SHELL ESCAPES section of sudoers man page
20283 * lex.yy.c, sudo.tab.c:
20288 Add support for #include in sudoers (visudo support TBD)
20292 make yyerror()'s argument const
20295 * testsudoers.c, visudo.c:
20296 Add open_sudoers() stubs.
20300 Rename check_sudoers() open_sudoers() and make it return a FILE *
20303 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
20305 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
20310 * Makefile.in, sudo.psf:
20311 Better HP-UX depot construction
20314 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
20317 o Made children global so check_exec() can lookup a child. o
20318 Replaced uid in struct childinfo with struct passwd * (for runas) o
20319 new_child() now takes a parent pid so the runas info can be
20320 inherited o Added find_child() to lookup a child by its pid o
20321 update_child() now fills in a struct passwd o Converted the big
20322 if/else mess in set_policy to a switch o Syscalls that change uid
20323 are now "ask" so we get SYSTR_MSG_UGID events
20327 Add flag to sudo_pwdup that indicates whether or not to lookup the
20328 shadow password. Will be used to a struct passwd that has the
20329 shadow password already filled in.
20333 add missing increment of addr in read_string()
20337 Remove bogus call to update_child() and some cosmetic fixes
20341 Don't leak /dev/systrace fd to tracee Make initialized global for
20342 simplicity If STRIOCATTACH returns EBUSY we are already being traced
20343 Check for user_args == NULL in setproctitle() call Add missing calls
20348 g/c sudo_pwdup proto
20351 * Makefile.in, sudo.psf:
20352 Add target for building a depot file
20359 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
20361 * lex.yy.c, sudo.tab.c, sudo.tab.h:
20366 document --with-systrace
20369 * config.h.in, configure, configure.in:
20370 Add check for setproctitle
20374 pass struct str_msg_ask in to syscall checker so it can set the
20379 systrace(4) support for sudo. On systems with the systrace(4)
20380 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
20381 intercept exec calls and check the exec args against the sudoers
20382 file. In other words, sudo can now control subcommands and shell
20387 Call systrace_attach() if FLAG_TRACE is set.
20390 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
20391 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
20395 Don't close sudoers_fp, keep it open and set close on exec flag
20399 * def_data.c, def_data.h, def_data.in:
20408 SunOS /bin/sh blows up with configure
20411 * configure, configure.in:
20412 Include sys/param.h before systrace.h
20424 line up options in --help
20427 * config.h.in, configure.in:
20428 Add --with-systrace
20431 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
20437 * aclocal.m4, configure.in:
20438 make this work with autoconf-2.59
20441 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
20444 Simplify logic around open & stat of files and do sanity on edited
20445 file even if we lack fstat (still racable but worth doing).
20448 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
20456 [b84ebfaf1552] [SUDO_1_6_8p1]
20459 more changes for 1.6.8p1
20466 * CHANGES, sudo_edit.c:
20467 Add sanity check so we don't try to edit something other than a
20471 2004-09-15 Aaron Spangler <aaron777@gmail.com>
20478 document --with-ldap-conf-file
20481 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
20483 * CHANGES, ins_csops.h:
20484 political correctness strikes again
20491 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
20493 * Makefile.binary.in, Makefile.in:
20494 Install sudoedit man link
20498 Update PAM note and mention where HP-UX users can download gcc
20503 libtool wants to install stuff from .libs so fake one up for binary
20507 * Makefile.binary.in:
20508 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
20512 Deal with "uname -m" having slashes in it rm -f old sudoedit link
20513 instead of using ln -f
20516 * Makefile.binary, Makefile.binary.in:
20517 Makefile.binary -> Makefile.binary.in for config.status substitution
20518 Add support for installing noexec bits
20522 Copy noexec bits into binary dists too No longer use my old arch
20523 script for making binary dists
20527 Install sudoedit link.
20530 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
20533 avoid __P so there is no need for compat.h to be included
20537 Don't use HAVE_UTIME_H before including config.h.
20540 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
20543 Fix Solatis futimes macro
20546 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
20549 Rename ots -> omtim for improved readability.
20552 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
20555 Redo changes in revision 1.7. Don't really need to keep the temp
20556 file open; re-opening it with the invoking user's euid is
20564 * sudo.cat, sudo.man.in:
20569 back out revision 1.70; it is no long applicable
20573 Let the loader initialize nep
20576 * config.h.in, configure, configure.in:
20577 Removed unneed check for fchown Add check for gettimeofday Move
20578 autoheader template stuff into separate AH_TEMPLATE lines
20581 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
20582 Use timespec throughout.
20590 function to return the current time in a struct timespec
20594 Not a darpa-sponsored file.
20597 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
20599 * compat.h, config.h.in, configure, configure.in:
20600 Add a check for struct timespec and provide it for those without.
20603 * config.h.in, configure, configure.in, sudo_edit.c:
20604 Add checks for st_mtim and st_mtimespec and add macros for pulling
20605 the mtime sec and nsec out of struct stat. These are used in
20606 sudo_edit() to better tell whether or not the file has changed.
20609 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
20610 Add an extra param to touch() for nsec
20614 Call mkstemp() as the in invoking user so we don't have to chown the
20615 file later. Only touch() the temp file if we can do it via the file
20616 descriptor. Don't check for modification of the temp file if we lack
20617 fstat(). Catch errors read()ing the temp file.
20621 If path is NULL and fd == -1 return -1.
20625 closefrom() is overkill, the only extra fds are the ones we opened
20626 so just close those in the child.
20629 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
20630 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
20632 Use utimes() and futimes() instead of utime() in touch(), emulating
20633 as needed. Not all systems are able to support setting the times of
20634 an fd so touch() takes both an fd and a file name as arguments.
20637 2004-09-07 Aaron Spangler <aaron777@gmail.com>
20643 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
20645 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20650 * sudo.pod, sudoers.pod, visudo.pod:
20651 Add SUPPORT section and re-order some of the sections to match the
20652 order we use in OpenBSD.
20655 2004-09-06 Aaron Spangler <aaron777@gmail.com>
20658 Openldap ~/.ldaprc fix
20661 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
20664 Talk about how the editor must write its changes to the original
20665 file and not just use rename(2).
20673 Keep the temp file open instead of re-opening after the editor has
20678 Update for current redhat/fedora core.
20681 2004-09-03 Aaron Spangler <aaron777@gmail.com>
20687 2004-09-02 Aaron Spangler <aaron777@gmail.com>
20690 config tls_* options
20693 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
20695 * configure, configure.in:
20696 No need for -lcrypt when using pam.
20699 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
20705 2004-08-27 Aaron Spangler <aaron777@gmail.com>
20707 * configure.in, ldap.c, pathnames.h.in:
20708 Allow --with-ldap-conf-file option to override LDAP_CONF
20712 cleanup debug message
20715 2004-08-26 Aaron Spangler <aaron777@gmail.com>
20721 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
20723 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
20724 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
20725 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
20726 longer use gross statics in command_matches(). Also rename some
20727 variables for improved clarity.
20730 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
20733 document HP's crippled compiler deficiency.
20737 Fix some thinkos in --with-editor and --with-env-editor
20738 descriptions. Noticed by Norihiko Murase.
20741 * configure, configure.in:
20742 --with-noexec takes an optional PATH argument.
20746 document --with-noexec
20749 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
20753 [f2503bd13373] [SUDO_1_6_8]
20756 Better warning message when sudoedit is unable to write to the
20760 * sudo.cat, sudo.man.in:
20765 Don't italicize the string "sudoedit"
20768 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
20774 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
20781 Reset used_runas to FALSE when re-intializing the parser.
20784 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
20787 Correct OpenBSD mips support
20794 2004-08-07 Aaron Spangler <aaron777@gmail.com>
20797 More behavior notes
20801 Updates on current behavior
20804 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
20807 =back does not take an indentlevel (makes no difference to formatted
20812 =back does not take an indentlevel (makes no difference to formatted
20821 Consistency. Use same error for bad -u #uid when targetpw is set as
20822 we do when a bad -u username is specified.
20826 Add checksum idea from Steve Mancini
20829 * sudoers.cat, sudoers.man.in:
20833 * sudo.cat, sudo.man.in:
20837 * sudo.pod, sudoers.pod:
20838 Document the restriction on uids specified via -u when targetpw is
20843 Error out when targetpw is enabled and sudo is run with -u #uid but
20844 #uid does not exist in the passwd database. We can't do target
20845 authentication when the target is not in passwd!
20848 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
20853 Some more todo for the next release.
20857 Make it clear that PAM should be used for DCE support when possible.
20861 o Document problems with wildcards and relative paths. o Make the
20862 order requirements more prominent. o Change a "set" to "reset" for
20866 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20869 Mention --with-secure-path, not SECURE_PATH.
20872 2004-08-03 Aaron Spangler <aaron777@gmail.com>
20875 reflect changes to parse.c
20878 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
20884 * parse.c, parse.h, testsudoers.c, visudo.c:
20885 Don't pass user_cmnd and user_args to command_matches(), just use
20886 the globals there. Since we keep state with statics anyway it is
20887 misleading to pretend that passing in different cmnd and cmnd_args
20892 Don't pass user_cmnd and user_args to command_matches(), just use
20893 the globals there. Since we keep state with statics anyway it is
20894 misleading to pretend that passing in different cmnd and cmnd_args
20899 Fix a bug introduced in rev. 1.149. When checking for pseudo-
20900 commands check for a '/' anywhere in cmnd, not just the first
20904 2004-07-31 Aaron Spangler <aaron777@gmail.com>
20906 * sudo.man.in, sudo.pod:
20907 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
20910 * sudoers.man.in, sudoers.pod:
20911 Add ignore_local_sudoers
20915 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
20919 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
20925 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
20932 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
20933 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
20936 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20942 2004-07-08 Aaron Spangler <aaron777@gmail.com>
20945 Better debugging of ALL command
20948 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20951 When matching for "sudoedit" in sudoers check both the command the
20952 user typed *and* the command that is listed in the sudoers entry.
20955 2004-07-04 Aaron Spangler <aaron777@gmail.com>
20958 Added !command feature
20961 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
20964 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
20967 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
20970 License is ISC-style, not BSD-style
20977 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
20979 * sudo.cat, sudo.man.in:
20984 o Update some out of date bits to reality o Change the shell promt
20985 in examples to bourne-shell style o Clarify some details o Add a
20986 CAVEAT about "sudo cd /foo"
20990 Don't ask for a password if invoking user == target user.
20997 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
20999 * sudoers.cat, sudoers.man.in:
21004 Expand on NOEXEC a little.
21011 * visudo.cat, visudo.man.in:
21020 Add a check in visudo for runas_default being set after it has
21024 * CHANGES, parse.yacc, visudo.c:
21025 Add a check in visudo for runas_default being set after it has
21034 Add a MATCHED macro for testing whether foo_matches has been set to
21035 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
21036 Doesn't change the actual code generated.
21039 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
21050 Correct description of where Defaults specs should go.
21054 Correct description of where Defaults specs should go.
21057 * testsudoers.c, visudo.c:
21077 * auth/bsdauth.c, auth/kerb5.c:
21081 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
21087 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
21088 Remove trailing spaces, no actual code changes.
21092 Remove trailing spaces, no actual code changes.
21095 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
21096 Remove trailing spaces, no actual code changes.
21100 Remove trailing spaces, no actual code changes.
21104 Remove trailing spaces, no actual code changes.
21107 * compat.h, defaults.c, env.c:
21108 Remove trailing spaces, no actual code changes.
21112 Remove trailing spaces, no actual code changes.
21120 Fix a >=0 that should be <0 that was improperly converted when
21125 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
21126 NOMATCH when resetting it.
21130 Fix pastos introduced in SETNMATCH addition.
21133 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
21136 Update for configure changes
21144 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
21145 these in parse.yacc. Also in parse.yacc initialize the *_matches
21146 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
21147 when setting *_matches to a value that may be
21148 NOMATCH/UNSPEC/TRUE/FALSE.
21152 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
21153 these in parse.yacc. Also in parse.yacc initialize the *_matches
21154 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
21155 when setting *_matches to a value that may be
21156 NOMATCH/UNSPEC/TRUE/FALSE.
21160 Initialize runas to -2, not -1 since we need to be able to
21161 distinguish between the initialized value and the value of a non-
21162 match when passing along the runas value to multiple commands.
21164 The result of this is that an unmatched runas is now set to -1, not
21165 0. This is required now that parse.c treats a FALSE value for runas
21166 as being explicitly denied.
21169 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
21171 * sudo.c, visudo.c:
21172 Error out if argc < 1.
21176 Error out if argc < 1.
21179 * configure, configure.in:
21180 Add tests for what libs we need to link with for ldap and for
21181 whether or not lber.h needs to be explicitly included.
21184 2004-06-03 Aaron Spangler <aaron777@gmail.com>
21187 Solaris native LDAP build fix
21190 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
21193 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
21198 Add prototype for sudo_ldap_list_matches
21201 * configure, configure.in:
21202 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
21203 version too. Added check for dd_fd in `DIR' if no dirfd is found;
21204 this is now used to confitionally define the dirfd macro in
21209 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
21210 version too. Added check for dd_fd in `DIR' if no dirfd is found;
21211 this is now used to confitionally define the dirfd macro in
21216 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
21217 version too. Added check for dd_fd in `DIR' if no dirfd is found;
21218 this is now used to confitionally define the dirfd macro in
21223 Only check /proc/$$/fd if we have the dirfd function/macro.
21226 * compat.h, config.h.in, configure, configure.in:
21227 Add a check for a dirfd() function (like Linux) and add a dirfd
21228 macro in compat.h if there is no dirfd() function or macro.
21231 * closefrom.c, getcwd.c:
21232 dirfd() is now defined in compat.h as needed.
21236 Clarify closefrom() note.
21240 When checking for a command in the directory, only copy the base dir
21245 If there is a /proc/$$/fd directory, behave like the Solaris
21246 closefrom() and only close the descriptors listed therein.
21250 compat.h guarantees INT_MAX is defined.
21254 Add definitions of OPEN_MAX and INT_MAX for those without it and
21255 remove definition of RLIM_INFINITY (now unused).
21258 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
21259 sudo.c, sudo.h, visudo.c:
21260 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
21263 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
21270 Add some entries that were mailed in a while ago
21274 o sysconf returns a long, not an int. o check for negative return
21275 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
21276 define OPEN_MAX to 256 for those without it (a fair guess...)
21279 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
21282 Mention change in parse order for RunAs entries.
21289 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
21291 * INSTALL, README.LDAP, config.h.in, configure.in:
21292 o --with-ldap now takes an optional dir as a parameter o added
21293 check for ldap_initialize() and start_tls_s()
21297 Fix some typos, word choice and formatting issues.
21300 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
21303 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
21304 read/write as it is simpler.
21307 * configure, configure.in:
21308 Remove hack overriding cross-compiler check. It should no longer be
21313 Remove select() compat bits since we no longer use select().
21316 * CHANGES, tgetpass.c:
21317 Use alarm() instead of select() for the timeout for systems that
21318 don't fully/properly implement select().
21321 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
21332 Deal with systems that have no way of setting the effective uid such
21336 * configure, configure.in:
21337 Define NO_SAVED_IDS if we don't find seteuid()
21340 * config.h.in, configure, configure.in:
21341 Add back check for setreuid() since NSK doesn't have it.
21344 * sudoers.cat, sudoers.man.in:
21357 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
21358 explicitly denied and the command matched. This fixes a long-
21359 standing bug and makes: foo machine = (ALL) /usr/bin/blah
21360 foo machine = (!bar) /usr/bin/blah
21362 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
21366 Clarify mail_noperm
21369 2004-05-20 Aaron Spangler <aaron777@gmail.com>
21372 Missing DESTDIR in make install for sudo_noexec.la
21375 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
21377 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21387 Remove fastboot/fasthalt (who still remembers these?) and add a
21388 minimal sudoedit example.
21392 Remove fastboot/fasthalt (who still remembers these?) and add a
21393 minimal sudoedit example.
21396 * UPGRADE, sudo.c, visudo.c:
21397 filesystem -> file system
21401 filesystem -> file system
21404 * CHANGES, INSTALL:
21405 filesystem -> file system
21408 * sudo.pod, sudoers.pod:
21409 Fix some minor typos and formatting goofs
21417 remove my email addr
21420 * sudo.pod, sudoers.pod, visudo.pod:
21421 Use @mansectform@ and @mansectsu@ everywhere Make man page
21422 references links with L<>
21426 Accept quoted globbing characters and pass them verbatim for
21431 Document that /tmp/.odus is gone.
21435 No longer use /tmp/.odus as a possible timestamp dir unless
21436 specifically configured to do so. Instead, if no /var/run exists,
21437 use /var/adm/sudo or /usr/adm/sudo.
21441 No longer use /tmp/.odus as a possible timestamp dir unless
21442 specifically configured to do so. Instead, if no /var/run exists,
21443 use /var/adm/sudo or /usr/adm/sudo.
21447 No longer use /tmp/.odus as a possible timestamp dir unless
21448 specifically configured to do so. Instead, if no /var/run exists,
21449 use /var/adm/sudo or /usr/adm/sudo.
21453 No longer use /tmp/.odus as a possible timestamp dir unless
21454 specifically configured to do so. Instead, if no /var/run exists,
21455 use /var/adm/sudo or /usr/adm/sudo.
21458 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
21459 Preliminary changes to support nsr-tandem-nsk. Based on patches
21464 Preliminary changes to support nsr-tandem-nsk. Based on patches
21468 * check.c, compat.h:
21469 Preliminary changes to support nsr-tandem-nsk. Based on patches
21473 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
21476 There was no 1.6.7p6.
21484 add missing files to DISTFILES
21487 * sudo.cat, sudoers.cat, visudo.cat:
21496 Fix some line wrap and update (c) year
21499 2004-04-28 Aaron Spangler <aaron777@gmail.com>
21505 2004-04-07 Aaron Spangler <aaron777@gmail.com>
21511 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
21518 In Exit() when used as a signal handler, emsg is a pointer so
21519 sizeof() is wrong so make it a #define instead. Also avoid using a
21520 negative exit value. Found by Aaron Campbell
21523 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
21526 Remove bogus sentence about uids in a User_List. Document usernames
21527 vs. uid parsing in a Runas_List.
21530 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
21531 If the user specified a uid with the -u flag and the uid exists in
21532 the passwd file, set runas_user to the name, not the uid.
21534 When comparing usernames in sudoers, if a name is really a uid
21535 (starts with '#') compare it numerically to pw_uid.
21538 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
21541 krb5_mcc_ops should be const; Johnny C. Lam
21544 2004-02-28 Aaron Spangler <aaron777@gmail.com>
21546 * CHANGES, config.h.in, ldap.c:
21547 Added start_tls support
21550 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
21553 Clean up libtool stuff for 'make distclean' and add def_data.c,
21554 def_data.h to PARSESRCS.
21557 2004-02-14 Aaron Spangler <aaron777@gmail.com>
21559 * strlcat.c, strlcpy.c:
21560 Un-Fix last license munge
21563 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
21569 * CHANGES, RUNSON, TODO:
21573 * lex.yy.c, sudo.tab.c:
21577 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
21578 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
21579 emul/search.h, emul/utime.h:
21580 More to a less restrictive, ISC-style license.
21583 * auth/kerb5.c, auth/pam.c:
21584 More to a less restrictive, ISC-style license.
21587 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
21588 More to a less restrictive, ISC-style license.
21592 More to a less restrictive, ISC-style license.
21595 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
21596 More to a less restrictive, ISC-style license.
21599 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
21600 visudo.man.in, visudo.pod:
21601 More to a less restrictive, ISC-style license.
21605 More to a less restrictive, ISC-style license.
21608 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
21610 More to a less restrictive, ISC-style license.
21613 * sigaction.c, strerror.c:
21614 More to a less restrictive, ISC-style license.
21617 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
21619 More to a less restrictive, ISC-style license.
21622 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
21623 ins_goons.h, insults.h, interfaces.c, interfaces.h:
21624 More to a less restrictive, ISC-style license.
21627 * find_path.c, getprogname.c:
21628 More to a less restrictive, ISC-style license.
21632 More to a less restrictive, ISC-style license.
21636 More to a less restrictive, ISC-style license.
21640 More to a less restrictive, ISC-style license.
21643 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
21645 More to a less restrictive, ISC-style license.
21648 * utime.c, version.h:
21649 More to a less restrictive, ISC-style license.
21652 * parse.lex, parse.yacc:
21653 More to a less restrictive, ISC-style license.
21657 More to a less restrictive, ISC-style license.
21660 2004-02-13 Aaron Spangler <aaron777@gmail.com>
21663 Merged in LDAP Support
21666 * ldap.c, sudo.c, sudo.h:
21667 Merged in LDAP Support
21670 * def_data.c, def_data.h, def_data.in:
21671 Merged in LDAP Support
21674 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
21675 Merged in LDAP Support
21678 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
21680 * sudo.h, sudo_noexec.c:
21681 Only do "extern int errno" if errno is not a macro.
21684 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
21687 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
21688 euid first, then just call setuid(0) to set the real uid too.
21692 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
21693 instead of seteuid() which may not exist.
21696 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
21702 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
21703 Add --with-pc-insults configure option
21707 Prefer VISUAL over EDITOR like old vipw did.
21710 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
21712 * sudo.man.in, sudoers.man.in:
21717 Add a note that noexec is not a cure-all.
21721 Mention that disabling "root_sudo" is pretty pointless.
21724 * configure, configure.in:
21725 Substitute for root_sudo in sudoers.pod
21729 Add sudoedit to the NAME section
21733 Document that fact that setting ignore_dot in sudoers has no effect
21734 due to the fact that find_path() is called *before* sudoers is read.
21737 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
21740 Do not require _PATH_USRTMP to be set.
21743 * BUGS, CHANGES, TODO:
21752 Clarify that when sudo is run by root with the SUDO_USER variable
21753 set, the sudoers lookup happens for root and not the SUDO_USER user.
21756 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
21758 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
21759 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
21760 Use the SET, CLR and ISSET macros.
21764 Use the SET, CLR and ISSET macros.
21767 * defaults.c, env.c:
21768 Use the SET, CLR and ISSET macros.
21772 MAIN was replaced with _SUDO_MAIN some time ago.
21776 Don't look at prev_user until after we've parsed sudoers and done
21777 the password check. That way, if sudo/sudoedit is run from a root
21778 process that was invoked by sudo, we check sudoers for root, not the
21779 previous user. This makes sudoedit much more useful and means that
21780 for the sudo case, we get correct logging on who actually ran the
21784 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
21787 Add a comment describing why we need to be notified about our child
21791 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
21793 * def_data.c, def_data.in:
21794 Update the noexec variable descriptions
21797 * sudoers.man.in, sudoers.pod:
21798 noexec now replaces more than just execve()
21802 Alas, all the world does not go through execve(2). Many systems
21803 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
21804 and it is not uncommon for libc to have underscore ('_') versions of
21805 the functions to be used internally by the library. Instead of
21806 stubbing all these out by hand, define a macro and let it do the
21807 work. Extra exec functions pointed out by Reznic Valery.
21810 * sudo.c, sudo_edit.c:
21811 Fix suspending the editor in -e mode. Because we do a fork() first
21812 we need to be notified when the child has been stopped and then send
21813 that same signal to ourself so the shell can do its job control
21818 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
21819 there that want to run sudo that still don't support these we can
21820 try to deal with that later.
21827 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
21828 Document sudo -e / sudoedit
21831 * configure, configure.in:
21835 * config.h.in, configure.in:
21839 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
21842 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
21843 long usage() line to not wrap (assumes 80 char display)
21846 * Makefile.in, sudo.c:
21847 If sudo is invoked as "sudoedit" the -e flag is implied and no other
21848 flags are permitted.
21852 Add a new flag, -e, that makes it possible to give users the ability
21853 to edit files with the editor of their choice as the invoking user,
21854 not the runas user. Temporary files are used for the actual edit
21855 and the temp file is copied over the original after the editor is
21859 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
21860 Add a new flag, -e, that makes it possible to give users the ability
21861 to edit files with the editor of their choice as the invoking user,
21862 not the runas user. Temporary files are used for the actual edit
21863 and the temp file is copied over the original after the editor is
21868 If real uid == 0 and the SUDO_USER environment variables is set, use
21869 that to determine the invoking user's true identity. That way the
21870 proper info gets logged by someone who has done "sudo su" but still
21871 uses sudo to as root. We can't do this for non-root users since
21872 that would open up a security hole, though perhaps it would be
21873 acceptable to use getlogin(2) on OSes where this a system call (and
21874 doesn't just look in the utmp file).
21878 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
21881 * config.h.in, configure, configure.in:
21882 Add check for fchown(2)
21885 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21888 Back out portions of the -i commit that set NewArgv[0] in
21889 set_runaspw. It is far to late to set NewArgv[0] there and will have
21890 no effect anyway as cmnd and safe_cmnd have already been set.
21893 * visudo.c, visudo.pod:
21894 Prefer VISUAL over EDITOR like old vipw did.
21897 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21900 In -i mode always set new environment based on the runas user's
21904 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21906 * sudo.man.in, sudo.pod:
21907 Document the new -i flag and sync SYNOPSIS section with usage() in
21908 sudo.c. Also sort the flags in the OPTIONS section.
21912 o Add -i that acts similar to "su -", based on patches from David J.
21913 MacKenzie o Sort the flags in the usage message
21916 * sudoers.man.in, sudoers.pod:
21917 Add a missing @runas_default@ substitution.
21920 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21923 Change euid to runas user before calling find_path().
21924 Unfortunately, though runas_user can be modified in sudoers we
21925 haven't parsed sudoers yet.
21928 * sudoers.man.in, sudoers.pod:
21929 Add missing defintion of Parameter_List and use single pipes in the
21930 Defaults EBNF definition.
21934 Fix a bug when set_runaspw() is used as a callback. We don't want
21935 to reset the contents of runas_pw if the user specified a user via
21938 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
21939 already have the info in runas_pw.
21942 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
21945 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
21949 Update sudo_getepw() proto and add one for set_runaspw()
21953 If we can't stat the command as root, try as the runas user instead.
21956 * testsudoers.c, visudo.c:
21957 Add stub set_runaspw() function
21961 Add set_runaspw() function to fill in runas_pw. This will be used
21962 as a callback to update runas_pw when the runas user changes.
21966 PERM_RUNAS -> PERM_FULL_RUNAS
21969 * set_perms.c, sudo.h:
21970 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
21975 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
21976 one chunk for easy free()ing. Also change it from static to extern.
21979 * defaults.c, defaults.h:
21980 Add callback support
21984 Add a callback field and use it for runas_default
21987 * def_data.c, def_data.in:
21988 Add a callback field and use it for runas_default
21991 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
21994 Add support for chalnecho and display server responses used by fwtk
21998 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
22000 * sudoers.man.in, sudoers.pod:
22001 ld.so is ld.so.1 on solaris
22004 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
22005 Use closefrom() instead of doing the equivalent inline.
22009 closefrom(3) for systems w/o it
22012 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
22015 Update from .pod file.
22018 * configure, configure.in:
22019 Substitute noexec_file for the sudoers man page
22022 * sudo.man.in, sudo.pod:
22026 * sudoers.man.in, sudoers.pod:
22030 * auth/pam.c, config.h.in, configure.in:
22031 Move PAM_CONST macro definition from config.h to pam.c where it
22032 belongs. We can't have this in config.h since that gets included too
22036 * auth/pam.c, config.h.in, configure, configure.in:
22037 Some PAM implementations put their headers in /usr/include/pam
22038 instead of /usr/include/security.
22042 I missed changing the EXEC macro -> EXECV here when I changed this
22043 in config.h.in and sudo.c a while ago.
22047 OpenBSD vax/m88k/hppa don't do shared libs
22050 * configure, configure.in:
22051 o merge the hpux case entries into a single entry w/ its own sub-
22052 case statement. o HP-UX >= 11 support getspnam(), use it in
22053 preference to getprpwuid()
22056 * configure, configure.in:
22057 eval $shrext so that it expands nicely on MacOS X
22061 Don't lie about making a module, it does the wrong thing on mach
22065 Remove requirement that libs must begin with "lib". They don't when
22066 we point directly at the lib using LD_PRELOAD or its equivalent.
22070 Disable support for c++, f77 and java. We don't need it, it takes a
22071 lot of time, and it hosed our check for shared lib support.
22079 Call AC_ENABLE_SHARED and check the status of enable_shared to know
22080 when shared libs are available.
22084 Duh, OpenBSD suports shared libs too
22087 * config.h.in, configure.in:
22088 Only OpenPAM and Linux PAM use const qualifiers.
22091 * configure, configure.in:
22092 o No need to check for sed, libtool config does that for us o move
22093 check for --with-noexec until after libtool magic is run so we can
22094 use $can_build_shared and $shrext
22098 Don't print a bunch of crap about library installs since we are not
22099 really installing a library.
22103 Make format_env() varargs Add noexec support for Darwin, MacOS X,
22107 * acsite.m4, ltconfig, ltmain.sh:
22108 Update to libtool 1.5 with local changes: o no ldconfig in the
22109 finish step o assume no libprefix or version is needed
22113 Fix compilation under K&R
22116 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
22123 stub execve() that just returns EACCES; used for noexec
22128 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
22133 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
22137 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
22139 * def_data.c, def_data.h, def_data.in:
22140 Move the environment defaults to the end and shorten a few of the
22144 * configure, configure.in:
22145 no shared libs on ultris or convexos
22148 * Makefile.in, configure, configure.in:
22149 Build sudo_noexec shared object using libtool; could use some
22153 * acsite.m4, ltconfig, ltmain.sh:
22154 libtool scaffolding
22157 * parse.yacc, sudo.tab.c:
22158 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
22162 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
22163 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
22164 update copyright year
22167 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
22168 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
22169 option. The default value of noexec_file is set to this.
22172 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
22173 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
22175 Add support for preloading a shared object containing a dummy
22176 execve() function that just sets error and returns -1. This adds a
22177 "noexec_file" option to load the filename as well as a "noexec" flag
22178 to enable it unconditionally. There is also a NOEXEC tag that can
22179 be attached to specific commands and an EXEC tag to disable it.
22183 add missing newline to usage statement
22186 * config.h.in, sudo.c:
22187 Rename EXEC macro -> EXECV
22191 Don't truncate usernames to 8 characters in the log message.
22194 * check.c, sudoers.man.in, sudoers.pod:
22195 Update copyright year
22198 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
22200 Add a new option, lecture_file, that can be used to point to a
22201 custom sudo lecture.
22204 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
22206 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
22208 Add a zero_bytes() function to do the equivalent of bzero in such a
22209 way that will heopfully not be optimized away by sneaky compilers.
22213 Add a zero_bytes() function to do the equivalent of bzero in such a
22214 way that will heopfully not be optimized away by sneaky compilers.
22217 * Makefile.in, sudo.h:
22218 Add a zero_bytes() function to do the equivalent of bzero in such a
22219 way that will heopfully not be optimized away by sneaky compilers.
22223 Use #ifdef __STDC__, not #if __STDC__.
22226 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
22229 Always put at least one space between the def_* macro name and its
22233 * configure, configure.in:
22234 Adjust code for --without-lecture to match new values.
22238 regen after pasto fix
22241 * sudoers.man.in, sudoers.pod:
22242 Document that "lecture" has changed from a flag to a tuple.
22245 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
22246 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
22247 Add support for tuples in def_data.in; these are implemented as an
22248 enum type. Currently there is only a single tuple enum but in the
22249 future we may have one tuple enum per T_TUPLE entry in def_data.in.
22250 Currently listpw, verifypw and lecture are tuples. This avoids the
22251 need to have two entries (one ival, one str) for pwflags and syslog
22254 lecture is now a tuple with the following values: never, once,
22257 We no longer use both an int and string entry for syslog facilities
22258 and priorities. Instead, there are logfac2str() and logpri2str()
22259 functions that get used when we need to print the string values.
22262 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
22263 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
22264 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
22265 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
22266 sudo.tab.c, visudo.c:
22267 Create def_* macros for each defaults value so we no longer need the
22268 def_{flag,ival,str,list,mode} macros (which have been removed). This
22269 is a step toward more flexible data types in def_data.in.
22276 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
22279 If we are in -k/-K mode, just spew to stderr. It is not unusual for
22280 users to place "sudo -k" in a .logout file which can cause sudo to
22281 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
22282 Previously, this would result in useless mail and logging.
22285 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
22288 fix pasto in VISUAL description
22291 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
22302 Some OSes (like Solaris) allow export w/ nosuid too
22305 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22308 We don't use FD_ZERO anymore so just define FD_SET (if not already
22312 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
22315 Fix a core dump on Solaris by preserving the pam_handle_t we used
22316 during authentication for pam_prep_user(). If we didn't
22317 authenticate (ie: ticket still valid), we call pam_init() from
22318 pam_prep_user(). This is something of a hack; it may be better to
22319 change the auth API and add an auth_final() function that acts like
22323 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
22326 Add explicit declaration of printerr variable in function header
22327 (was defaulting to int which is OK but oh so K&R :-). From Theo.
22330 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
22332 * config.h.in, configure.in:
22333 s/HAVE_STOW/USE_STOW/
22337 Also exit waitpid() loop when pid == 0. Fixes a problem where the
22338 sudo process would spin eating up CPU until sendmail finished when
22339 it has to send mail.
22342 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
22345 Remove advertising clause, UCB has disavowed it
22349 Remove advertising clause, UCB has disavowed it
22352 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
22355 Don't assume that getgrnam() calls don't modify contents of struct
22356 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
22357 Based on a patch from Kirk Webb.
22360 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
22367 darwin has a broken setreuid() in at least some versions
22371 Fix an off by one error when reallocating the environment; Kevin Pye
22374 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
22377 Fix User_Spec definition; SEKINE Tatsuo
22380 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
22383 More info on the early days from Coggs.
22386 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
22389 remove errant semicolon that prevented compilation under heimdal
22392 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
22394 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
22395 add DARPA credit on affected files
22399 add DARPA credit on affected files
22402 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
22404 add DARPA credit on affected files
22408 add DARPA credit on affected files
22412 add DARPA credit on affected files
22415 * logging.c, parse.c:
22416 add DARPA credit on affected files
22419 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
22420 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
22421 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
22423 add DARPA credit on affected files
22426 * auth/kerb5.c, auth/pam.c:
22427 add DARPA credit on affected files
22430 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
22431 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
22433 add DARPA credit on affected files
22437 add DARPA credit on affected files
22440 * defaults.c, defaults.h:
22441 add DARPA credit on affected files
22445 add DARPA credit on affected files
22448 * Makefile.in, alloc.c, check.c:
22449 add DARPA credit on affected files
22453 slightly different wording for the darpa credit
22456 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
22462 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
22465 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
22466 Kerberos like we did before I messed things up ;-)
22468 Use krb5_principal_get_comp_string() to do the same thing w/
22469 Heimdal. I'm not sure if the component should be 0 or 1 in this
22472 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
22473 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
22474 should be a configure check for this I guess.
22477 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
22480 builtin -> built-in; Jason McIntyre
22483 * TROUBLESHOOTING, config.h.in, configure, configure.in:
22484 builtin -> built-in; Jason McIntyre
22488 built in -> built-in; Jason McIntyre
22491 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
22494 checkpoint for 1.6.7p3
22498 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
22499 Amazingly, sudo source from 1985 is available via groups.google.com
22503 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
22504 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
22505 RLIMIT_CORE restoration on some OSes.
22508 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
22511 Make this compile on Heimdal and MIT Kerberos 5
22514 * config.h.in, configure, configure.in:
22515 Check for heimdal even if we found krb5-config and define
22520 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
22521 no longer defined by MIT kerb5 (though it used to be and indeed
22522 remains so in Heimdal).
22525 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
22528 Remove newer stuff that passes multiple (possibly duplicate)
22529 directories to "mkdir -p" since that seems to break on Tru64 Unix at
22530 least. This basically brings back what shipped with sudo 1.6.6.
22533 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
22536 Correct number of args to krb5_principal_get_realm() and fix an
22537 unclosed comment that hid the bug.
22564 * CHANGES, version.h:
22573 use krb5-config to determine Kerberos V details if it exists
22576 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
22577 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
22578 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
22579 testsudoers.c, visudo.c:
22580 Use warn/err and getprogname() throughout. The main exception is
22581 openlog(). Since the admin may be filtering logs based on the
22582 program name in the log files, hard code this to "sudo".
22586 Add getprogname.c and err.c
22593 * config.h.in, configure.in:
22594 Add checks for getprognam(), __progname and err.h
22598 For systems withour err/warn functions.
22602 For systems withour err/warn functions.
22606 For systems neither getprogname() nor __progname; uses Argv[0].
22609 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
22612 checkpoint for 1.6.7p1
22615 * sudo.c, testsudoers.c:
22616 fix strlcpy() rval check (innocuous)
22620 oflow detection in expand_prompt() was faulty (false positives). The
22621 count was based on strlcat() return value which includes the length
22622 of the entire string.
22625 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
22628 checkpoint for the sudo 1.6.7 release
22629 [096bab4da29a] [SUDO_1_6_7]
22632 checkpoint for the sudo 1.6.7 release
22635 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
22638 g/c unused variable
22646 use man sections 8 and 5 for csops
22649 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
22656 Add -lskey or -lopie directly to SUDO_LIBS instead of having
22657 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
22665 Add --with-blibpath for AIX. An alternate libpath may be specified
22667 -blibpath support can be disabled. Also change conifgure such that
22668 -blibpath is not specified if no -L libpaths were added to
22673 Add --with-blibpath for AIX. An alternate libpath may be specified
22675 -blibpath support can be disabled. Also change conifgure such that
22676 -blibpath is not specified if no -L libpaths were added to
22681 Add --with-blibpath for AIX. An alternate libpath may be specified
22683 -blibpath support can be disabled. Also change conifgure such that
22684 -blibpath is not specified if no -L libpaths were added to
22689 add AIX blibpath support
22692 * INSTALL, configure.in:
22693 --with-skey and --with-opie now take an option directory argument
22694 This obsoletes a --with-csops hack (/tools/cs/skey)
22696 Also remove the remaining direct uses of "echo"
22699 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
22702 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
22703 for KTH Kerberos IV and V.
22707 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
22708 -R/path/to/dir if $with_rpath) to the specified variable.
22711 * INSTALL, configure.in:
22712 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
22713 option, --with-rpath to control this behavior.
22717 for kerb4 put libdes after libkrb on the link line
22725 fix kerberos lib check when a path is specified
22729 Fix boolean thinko in SIGCHLD reaper and call reapchild after
22730 sending mail instead of doing a conditional sudo_waitpid.
22733 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
22740 replace =DIR with [=DIR] where sensible
22744 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
22745 detection based on openssh's configure.in
22749 --with-kerb4 and --with-kerb5 now take an optional argument.
22752 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
22755 Kill remaining strcpy(), the programmer's guide says username is 32
22760 trat uid_t as unsigned long for printf and use snprintf, not sprintf
22767 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
22769 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
22770 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
22771 auth/rfc1938.c, auth/sudo_auth.c:
22772 update copyright year
22775 * sudo.man.in, sudoers.man.in, visudo.man.in:
22776 update copyright year
22779 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
22780 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
22781 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
22782 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
22783 update copyright year
22786 * check.c, env.c, sudo.c:
22787 Cast [ug]ids to unsigned long and printf with %lu
22795 correct error messages for --with-sudoers-{mode,uid,gid}
22799 make the malloc(0) error specific to each function to aid tracking
22804 deal with platforms where size_t is signed and there is no SIZE_MAX
22809 Make this compile w/ Heimdal and fix some gcc warnings.
22813 Use stat_sudoers macro so --with-stow can work
22816 * INSTALL, config.h.in, configure, configure.in:
22817 Add support for --with-stow based on patches from Robert Uhl
22833 use strlcpy, not strncpy
22837 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
22844 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
22846 * strlcat.c, strlcpy.c:
22847 Make gcc shutup about unused rcsid
22851 Move the n == 0 check for the non-getifaddrs cas
22855 skeychallenge() on NetBSD take a size parameter
22863 put -ldl after -lpam, not before; fixes static linking on Linux
22867 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
22871 * sudo.cat, sudoers.cat, visudo.cat:
22875 * sudo.man.in, sudoers.man.in, visudo.man.in:
22880 Preserve copyright notice from .pod file in .man.in file
22884 Add sudoers(5) to SEE ALSO
22887 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
22894 Don't assume libc can realloc() a NULL string. If malloc/realloc
22895 fails, make sure we just return; yyerror() is not terminal.
22903 simplify fill_args a little and use strlcpy for paranoia
22910 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
22912 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
22913 cases the strings were either pre-allocated to the correct size of
22914 length checks were done before the copy but a little paranoia can go
22919 Add strlc{at,py} protos
22922 * env.c, interfaces.c:
22931 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
22932 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
22936 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
22941 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
22944 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
22947 Use snprintf() for paranoia
22951 Use emalloc2 and erealloc3
22955 strlc{at,py} for those w/o it
22958 * strlcat.c, strlcpy.c:
22959 stlc{at,py} for those w/o it.
22962 * config.h.in, configure, configure.in:
22963 Add stlc{at,py} for those w/o it.
22967 Add erealloc3(), a realloc() version of emalloc2().
22970 * interfaces.c, sudo.c:
22971 Use emalloc2() to allocate N things of a certain size.
22975 Add emalloc2() -- like calloc() but w/o the bzero and with
22976 error/oflow checking.
22980 Error out on malloc(0); suggested by theo
22983 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
22985 * configure, configure.in:
22986 fix a typo; David Krause
22989 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
22995 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
22998 Remove DYLD_ from the environment for MacOS X; from bbraun
23001 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
23003 * config.h.in, configure.in:
23004 not not; Anil Madhavapeddy
23007 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
23009 * sudo.pod, sudoers.pod, visudo.pod:
23010 typos; jmc@openbsd.org
23013 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
23016 Add some missing ';' rule terminators that bison warns about.
23020 fix typo I introduced in last merge
23024 regenerate with autoconf 2.57
23028 Add missing "$HOME"
23032 Add some more square backets to make autoconf 2.57 happy
23035 * config.sub, mkinstalldirs:
23036 Updates from autoconf-2.57
23040 Updates from autoconf-2.57
23043 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
23049 * lex.yy.c, sudo.tab.c:
23053 * parse.lex, parse.yacc, sudoers.pod:
23054 Add support for Defaults>RunasUser
23057 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
23060 fclose() yyin after each yyparse() is done and use fopen() instead
23061 of using freopen().
23065 Better fix for sudoers files w/o a newline before EOF. It looks
23066 like the issue is that yyrestart() does not reset the start
23067 condition to INITIAL which is an issue since we parse sudoers
23071 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
23074 Work around what appears to be a flex bug when dealing with files
23075 that lack a final newline before EOF. This adds a rule to match EOF
23076 in the non-initial states which resets the state to INITIAL and
23081 o The parser needs sudoers to end with a newline but some editors
23082 (emacs) may not add one. Check for a missing newline at EOF and
23083 add one if needed. o Set quiet flag during initial sudoers parse (to
23084 get options) o Move yyrestart() call and always use freopen() to
23085 open yyin after initial sudoers parse.
23088 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
23091 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
23092 effective gid, not real gid, when reading sudoers.
23096 don't compile set_perms_posix if we have setreuid or setresuid
23099 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
23101 * sudo.pod, sudoers.pod:
23102 document new prompt escapes
23106 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
23107 collapsed to "%" as was originally intended. This also gets rid of
23108 lastchar (does lookahead instead of lookback) which should simplify
23109 the logic slightly.
23112 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
23115 Write the prompt *after* turning off echo to avoid some password
23116 characters being echoed on heavily-loaded machines with fast
23121 Add support for mipseb; wiz@danbala.tuwien.ac.at
23125 Fix IRIX fallout from name changes in man dir/sect Makefile
23126 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
23130 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
23131 the global copy. Problem noted by Peter Pentchev.
23134 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
23141 Add missing yyerror() calls; YYERROR does not seem to call this for
23145 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
23148 fix typo in comment; Pedro Bastos
23151 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
23154 document --disable-setresuid
23157 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
23159 Sprinkle some volatile qualifiers to prevent over-enthusiastic
23160 optimizers from removing memset() calls.
23163 * logging.c, parse.yacc:
23164 minor sign fixes pointed out by gcc -Wsign-compare
23167 * set_perms.c, sudo.c, sudo.h:
23168 Revamp set_perms. We now use a version based on setresuid() or
23169 setreuid() when possible since that allows us to support the
23170 stay_setuid option and we always know exactly what the semantics
23171 will be (various Linux kernels have broken POSIX saved uid support).
23174 * config.h.in, configure:
23175 regen from configure.in
23179 Add checks for setresuid() and a way to disable using it
23183 No long need to emulate set*[ug]id() via setres[ug]id() or
23184 setre[ug]id(). The new set_perms stuff only uses things it knows are
23189 Before exec, restore state of signal handlers to be the same as when
23190 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
23191 a problem when using sudo with nohup. Based on a patch from Paul
23196 o timestamp_uid should be uid_t, not int o clarify error message
23197 when sudo is run by root and no_root_sudo is set
23200 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
23203 update ftp link for bison
23206 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
23209 Error out if setusercontext() fails and the runas user is not root.
23212 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
23219 Fix SecurID API test
23222 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
23229 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
23230 but I don't see a better way at the moment.
23233 * Makefile.in, auth/securid5.c:
23234 SecurID API version 5 support from Michael Stroucken
23238 Add check for SecurID 5.0 API
23241 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
23244 We actually do still need config.h to get the 'const' definition for
23248 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
23251 regen with autoconf 2.5.3
23255 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
23259 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
23260 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
23263 * env.c, sudo.c, sudo.h:
23264 No need for dump_badenv() now that dump_defaults() knows how to dump
23268 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
23274 document timestampowner
23278 Don't call set_perms() when doing timestamp stuff unless
23279 timestamp_uid != 0.
23282 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
23283 sudo.h, testsudoers.c:
23284 g/c second arg to set_perms--it is no longer used
23287 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
23289 * check.c, set_perms.c, sudo.c, sudo.h:
23290 Add support for non-root timestamp dirs. This allows the timestamp
23291 dir to be shared via NFS (though this is not recommended).
23294 * def_data.c, def_data.h, def_data.in:
23295 Add timestampowner, "Owner of the authentication timestamp dir"
23298 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
23301 Don't try to pre-compute the size of the new envp, just allocate
23302 space up front and realloc as needed. Changes to the new env
23303 pointer must all be made through insert_env() which now keeps track
23304 of spaced used and allocates as needed.
23307 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
23314 Fix two typo/pastos; from jrj@purdue.edu
23317 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
23319 * INSTALL.binary, README:
23321 [a1e33027278c] [SUDO_1_6_6]
23323 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
23324 visudo.cat, visudo.man.in:
23328 * CHANGES, RUNSON, TODO:
23333 The the loop used to expand %h and %u, the lastchar variable was not
23334 being initialized. This means that if the last char in the prompt
23335 is '%' and the first char is 'h' or 'u' a extra copy of the host or
23336 user name would be copied, for which space had not been allocated.
23339 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
23341 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
23342 crank version to 1.6.6
23346 #undef VOID to get rid of an AFS warning
23350 Use easprintf instead of emalloc + sprintf for some things.
23353 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
23355 * lex.yy.c, sudo.tab.c:
23359 * parse.c, parse.lex, parse.yacc, testsudoers.c:
23360 Remove Chris Jepeway's email address so people don't bug him ;-)
23363 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
23366 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
23367 endgrent() at the same time.
23370 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
23373 Make it clear which configure options take arguments.
23376 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
23379 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
23380 RLIM_INFINITY, just pretend it is -1. This works because we only
23381 check for RLIM_INFINITY and do not set anything to that value.
23384 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
23387 Zero and free allocated memory when there is a conversation error.
23391 Use sigaction() not signal()
23395 Mention that some linux kernels have broken POSIX saved ID support
23399 checkpoint for 1.6.5p2
23407 Add --disable-setreuid flag
23411 Document new --disable-setreuid option and change description for
23412 --disable-saved-ids to match new error message.
23416 fatal() now takes an argument that determines whether or not to call
23421 Update for new error messages from set_perms()
23425 Update for new error messages from set_perms()
23428 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
23431 Make this compile w/o warnings
23435 Mention that we can't use pam_acct_mgmt()
23438 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
23439 The user's password was not zeroed after use when AIX
23440 authentication, BSD authentication, FWTK or PAM was in use.
23443 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
23446 Avoid giving PAM a NULL password response, use the empty string
23447 instead. This avoids a log warning when the user hits ^C at the
23448 password prompt when PAM is in use.
23452 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
23453 pam_setcred() returns the last saved return code, not the return
23454 code for the setcred module. Because we haven't called
23455 pam_authenticate(), this is not set and so pam_setcred() returns
23460 Don't need a '/' between $(DESTDIR) and a directory.
23464 Don't need a '/' between $(DESTDIR) and a directory.
23467 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
23474 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
23475 setreuid() o new NetBSD has a real setreuid() o add check for
23476 freeifaddrs() if getifaddrs() exists.
23479 * config.h.in, interfaces.c:
23480 Older BSDi releases lack freeifaddrs() so add a test for that and if
23481 it is not present just use free().
23484 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
23487 Checkpoint for 1.6.5p1
23491 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
23492 to normal passwords, not AUTH_FATAL (which just causes an exit).
23496 Don't use memory after it has been freed.
23500 skeyaccess() wants a struct passwd * not a char *; Patch from
23502 [65a1d3806fcd] [SUDO_1_6_5]
23508 * CHANGES, RUNSON, TODO:
23509 checkpoint for sudo 1.6.5
23512 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
23518 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
23522 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
23528 o when invoking the mailer as root use a hard-coded environment that
23529 doesn't include any info from the user's environment. Basically
23532 o Add support for the NO_ROOT_MAILER compile-time option and run the
23533 mailer as the user and not root if NO_ROOT_MAILER is defined.
23536 * set_perms.c, sudo.h:
23537 Bring back PERM_FULL_USER
23548 * INSTALL, config.h.in, configure.in:
23549 Add --disable-root-mailer option to run the mailer as the user and
23554 checkpoint for 1.6.4p2
23558 Mention the "seteuid(0): Operation not permitted" problem here too
23559 just for good measure.
23562 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
23564 * env.c, getspwuid.c, sudo.c:
23565 The SHELL environment variable was preserved from the user's
23566 environment instead of being reset based on the passwd database when
23567 the "env_reset" option was used. Now it is reset as it should be.
23574 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
23576 Add a configure option to turn off use of POSIX saved IDs
23584 add --with-efence option
23588 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
23589 "sudo -l" would not work if always_set_home was set.
23597 Quoted commas were not being treated correctly in command line
23602 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
23603 Otherwise, the set_home option has no effect.
23605 o Fix use of freed memory when the "fqdn" flag is set. This was
23606 introduced by the fix for the "segv when gethostbynam() fails" bug.
23607 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
23608 there is no need to check the "fqdn" flag in set_fqdn() itself.
23612 Add 'continue' statements to optimize the switch statement. From
23616 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
23618 * sudoers.cat, sudoers.man.in:
23619 Regen from new sudoers.pod
23620 [6ecc07b3d0e1] [SUDO_1_6_4]
23623 Add caveat about stay_setuid flag
23627 If set_perms == set_perms_posix and the stay_setuid flag is not set,
23628 set all uids to 0 and use set_perms_fallback().
23631 * set_perms.c, sudo.h:
23632 Remove PERM_FULL_USER (which is no longer used) and add
23633 PERM_FULL_ROOT (used when exec'ing the mailer).
23637 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
23638 never want to run the mailer setuid.
23641 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
23643 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
23645 Use sudo.ws instead of courtesan.com in URLs
23648 * Makefile.binary, Makefile.in:
23649 Fix mansect substitution
23653 Substitute man sections in Makefile.binary
23657 Sync install targets with Makefile.in and substitute in man
23661 * INSTALL, INSTALL.binary:
23666 Repair bindist target
23673 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
23676 Fix case where neither whoami nor id are found
23679 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
23682 If neither whoami nor id exists, just assume we are root.
23686 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
23687 on AIX which for some reason isn't pulling in the malloc prototype.
23690 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
23692 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
23701 Defer assigning new environment until right before the exec.
23705 kill extra blank line
23708 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
23715 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
23716 compiler doesn't recognise -O2.
23720 Clarify origins of Root Group sudo a bit based on info from
23721 billp@rootgroup.com
23724 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
23731 checkpoint for 1.6.4rc1
23734 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
23737 now generated via autoheader
23745 Move in some stuff that was previously in config.h.
23748 * aclocal.m4, configure.in:
23749 Add info for autoheader.
23752 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
23755 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
23756 -g to facilitate non-root installs
23760 Add -M option (like -m but only for root) If we can't find "whoami",
23761 use "id" w/ some sed.
23769 allow user to always override mansectsu and mansectform
23772 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
23775 update from autoconf 2.52
23778 * config.guess, config.sub:
23779 Update from autoconf 2.52
23783 regen with autoconf 2.52
23787 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
23788 mode o Remove compiler-specific checks for HP-UX now that we use
23797 o Add pam_prep_user function to call pam_setcred() for the target
23798 user; on Linux this often sets resource limits. o When calling
23799 pam_end(), try to convert the auth->result to a PAM_FOO value.
23800 This is a hack--we really need to stash the last PAM_FOO value
23801 received and use that instead.
23804 * set_perms.c, sudo.h:
23805 o Add pam_prep_user function to call pam_setcred() for the target
23806 user; on Linux this often sets resource limits.
23810 Fix off by one error in number of bytes allocated via malloc (does
23811 not affected any released version of sudo).
23814 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
23821 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
23822 requiring that they be quoted.
23825 * sudoers.cat, sudoers.man.in, sudoers.pod:
23826 Mention that no double quotes are needed when
23827 adding/deleting/assigning a single value to a list.
23831 Don't rely on mkdefaults being executable, call perl explicitly.
23839 Remove some XXX that are no longer relevant.
23843 o Roll our own loop instead of using strpbrk() for better
23844 grokability o When adding to a list we must malloc() and use
23845 memcpy(), not strdup() since we must only copy len bytes from str.
23848 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
23858 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
23869 avoid the -g flag unless --with-devel was specified
23873 mkdefaults, def_data.in and sigaction.c were missing from the
23878 def_data.c was missing
23881 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
23884 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
23885 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
23893 Add comment for Default section so folks know where it should go.
23896 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
23899 Use TCSETAF, not TCSETA to set terminal in termio case
23902 * sudoers.cat, sudoers.man.in:
23903 regen from sudoers.pod
23907 o Typo, Runas_User_List should be Runas_List o a User_List can not
23908 contain a uid o mention that the Defaults section should come after
23909 Alias definitions but before the user specifications
23912 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
23914 * sudoers.cat, sudoers.man.in:
23919 Fix listpw and verifypw sections, they were not being formatted
23923 * sudoers.cat, sudoers.man.in:
23935 * config.h.in, configure.in:
23936 use AC_SYS_POSIX_TERMIOS instead of rolling our own
23940 Reference sudo.ws not courtesan.com
23944 Add notes on shadow passwords
23948 In list mode (sudo -l), characters escaped with a backslash are
23949 shown verbatim with the backslash.
23953 Add simple examples from OpenBSD (Marc Espie)
23957 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
23961 minor prettyification
23969 Fix CIDR handling here too.
23973 Apparently a NULL response is OK
23977 Checkpoint for upcoming beta release
23981 Many people believe that adding a runas spec should obviate the need
23982 for the -u flag. It does not.
23986 checkpoint update for upcoming 1.6.4 beta
23990 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
23991 if HAVE_STRING_H is defined -- this is safe now
23995 Add signals section
24003 Fix check for sigaction_t
24007 XXX - should call find_path() as runas user, not root. Can't do
24008 that until the parser changes though.
24012 If find_path() fails as root, try again as the invoking user (useful
24013 for NFS). Idea from Chip Capelik.
24016 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
24017 Regenerate after pod file changes
24020 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
24021 sudo.pod, sudoers.pod:
24022 Add new sudoers option "preserve_groups". Previously sudo would not
24023 call initgroups() if the target user was root. Now it always calls
24024 initgroups() unless the -P command line option or the
24025 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
24028 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
24030 * compat.h, config.h.in:
24031 Use new HAVE_SIGACTION_T define
24035 Fix compilation on K&C
24043 Add check for sigaction_t -- IRIX already defines this so don't
24052 need stdlib.h here too
24060 Remove redundant checks for string.h, strings.h and unistd.h
24063 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
24065 Regen from pod files
24072 * configure, lex.yy.c, sudo.tab.c:
24077 Return EINVAL if errnum > sys_nerr
24080 * auth/sudo_auth.h:
24081 o Update copyright year
24084 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
24085 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
24087 o Update copyright year
24091 o Don't define STDC_HEADERS unconditionally for IRIX o Update
24099 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
24100 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
24101 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
24102 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
24103 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
24105 o Reorder some headers and use STDC_HEADERS define properly o Update
24110 o Reorder some headers and use STDC_HEADERS define properly o Update
24114 * getspwuid.c, goodpath.c, interfaces.c:
24115 o Reorder some headers and use STDC_HEADERS define properly o Update
24120 o Reorder some headers and use STDC_HEADERS define properly o Update
24124 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
24126 o Reorder some headers and use STDC_HEADERS define properly o Update
24135 flags set in signal handlers should be volatile sig_atomic_t
24138 * config.h.in, configure.in:
24139 Add checks for volatile and sig_atomic_t
24142 * configure, lex.yy.c:
24146 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
24147 sudo.c, sudoers.pod:
24148 Remove "secure_path" Defaults option since it cannot work with the
24152 * find_path.c, sudo.c:
24153 Unset "secure_path" if user_is_exempt()
24156 * env.c, pathnames.h.in:
24157 o Remove assumption that PATH and TERM are not listed in env_keep o
24158 If no PATH is in the environment use a default value o If TERM is
24159 not set in the non-reset case also give it a default value.
24162 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
24163 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
24164 systems that define in paths.h
24167 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
24168 Add support for skeyaccess(3) if it is present in libskey.
24171 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
24174 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
24178 '\\' is a perfectly legal character to have in a command line
24183 o Defer call to set_fqdn() until it is safe to use log_error() o
24184 Don't print errno string value if gethostbyname fails, it is not
24189 Fix CIDR -> in_addr_t conversion.
24192 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
24195 Remove an extra "User_List" in the User_Spec definition From
24196 ybertrand AT snoopymail.com
24200 Make 'listpw=never' work for users who are not explicitly mentioned
24205 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
24209 Document new list Defaults type and convert env_keep and env_delete
24210 to lists. Document new env_check option.
24213 * lex.yy.c, sudo.tab.c, sudo.tab.h:
24218 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
24227 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
24230 * config.h.in, configure.in:
24231 Add check for skeyaccess(3)
24235 Document new -c, -f, and -q options
24239 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
24246 * aclocal.m4, config.h.in, configure.in:
24247 Add check for isblank and a replacement macro if it doesn't exist.
24250 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
24253 In check-only mode, don't create sudoers if it does not already
24258 o Add a new token, DEFVAR, to indicate a Defaults variable name o
24259 Add support for "+=" and "-=" list operators o replace some 1 and 0
24260 with TRUE and FALSE for greater legibility.
24264 o Use exclusive start conditions to remove some ambiguity in the
24265 lexer. Also reorder some things for clarity. o Add support for
24266 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
24267 a Defaults variable name.
24271 Prototype init_envtables()
24275 o Convert environment handling to use lists instead of strings.
24276 This greatly simplifies routines that need to do "foreach" type
24277 operations. o Add new init_envtables() function to set env_check
24278 and env_delete defaults based on initial_badenv_table and
24279 initial_checkenv_table (formerly sudo_badenv_table).
24282 * defaults.c, defaults.h:
24283 o Add a new LIST type and functions to manipulate it. o This is for
24284 use with environment handling variables. o Call new
24285 init_envtables() routine inside init_defaults() to initialize the
24289 * def_data.c, def_data.h, def_data.in:
24290 Convert environment options to use the new LIST type and add a new
24291 one, env_check that only deletes if the sanity check fails.
24295 Add dummy version of init_envtables()
24303 Add check-only mode
24307 Fix generation of entries with NULL descriptions.
24310 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
24313 Use sigaction_t and quiet a gcc warning.
24317 Must reset signal handlers before we exec
24320 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
24322 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
24323 version needs testing. Set SIGTSTP to SIG_DFL during password entry
24324 so user can suspend us.
24328 Add support for interrupting/suspending tgetpass via keyboard input.
24329 If you suspend sudo from the password prompt and resume it will re-
24334 Don't block keyboard interrupt signals, just set them to SIG_IGN.
24337 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
24340 add back HAVE_SIGACTION
24347 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
24348 Kill POSIX_SIGNALS define and old signal support now that we emulate
24349 POSIX ones Also be sure to correctly initialize struct sigaction.
24353 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
24357 Add scaffolding for POSIX signal emulation
24361 o Add missing ';' so this compiles o Can't use NULL since we don't
24366 Emulate sigaction() using sigvec()
24369 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
24372 Document new behavior of negative values of timestamp_timeout Fix a
24377 Add security note about command not being logged after 'sudo su' and
24382 Mention that -V prints default values when run as root, including
24383 the list of environment variables to clear.
24387 Run pod2man with --quotes=none to avoid stupid quoting of C<>
24391 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
24393 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
24394 Add mail_badpass option Also modify mail_always behavior to also
24395 send mail when the password is wrong
24398 * env.c, sudo.c, sudo.h:
24399 Dump default bad env table when 'sudo -V' is run by root.
24403 document env_delete
24407 Add support for '*' in env_keep when not resetting the environment
24408 (ie: the normal case).
24412 Add env_delete variable that lets the user replace/add to the
24413 bad_env_table. Allow '*' wildcard in env_keep entries.
24416 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
24419 Force umask to 022 to guarantee sane directory permissions.
24422 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
24425 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
24429 fix breakage in last commit
24433 acsite.m4 -> aclocal.m4
24437 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
24441 regenerated from def_data.in
24444 * check.c, defaults.c, defaults.h:
24445 Add new T_UINT type that most things use instead of T_INT If
24446 timestamp_timeout is < 0 then treat the ticket as never expiring (to
24447 be expired manually by the user).
24451 change most T_INT -> T_UINT
24455 fix warning when no args
24459 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
24460 we are a signal handler. We no longer print the signal number but
24461 the user can just check the exit value for that.
24464 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
24467 when setting up pipes in child process check for case where stdin ==
24471 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
24474 Ignore editor exit value since XPG4 says vi's exit value is the
24475 count of editing errors made (failed searches, etc).
24478 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
24485 sco now is identified by config.guess as *-sco-*
24489 Check for getspnam() in -lgen if not in -lc for UnixWare.
24492 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
24494 * sudoers.pod, visudo.pod:
24495 "upper case" -> "uppercase"
24499 fix typos and grammar; pjanzen@foatdi.harvard.edu
24502 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
24505 Missing word (specify); krapht@secureops.com
24508 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
24511 If we fail to lookup a login class, apply the default one.
24515 In log_error() free message, not logline unconditionally, then free
24516 logline if it is not the same as message. No function change but
24517 this mirrors how they are allocated.
24520 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
24527 remove some backslash quotes that are unneeded
24531 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
24532 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
24533 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
24534 to AC_DEFINE things manually.
24537 * config.guess, config.sub:
24538 Updated from autoconf-2.50
24541 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
24544 Update mailing list section. We use mailman now, not majordomo.
24547 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
24549 * getspwuid.c, logging.c, sudo.c:
24550 Use setpwent()/endpwent() + all the shadow variants to make sure we
24551 don't inadvertantly leak an fd to the child. Apparently Linux's
24552 shadow routines leave the fd open even if you don't call setspent().
24553 Reported by mike@gistnet.com; different patch used.
24556 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
24563 select() may return EAGAIN. If so, continue like we do for EINTR.
24567 Fix a non-exploitable buffer overflow in the word splitting code.
24568 This should really be rewritten.
24576 Tell people to look in sample.syslog.conf for examples, not FAQ
24580 Update list of env vars that are cleared
24584 remove struct env_table decl since that stuff has all moved to env.c
24587 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
24590 Fix a pasto in flock-style unlocking and include <sys/file.h> for
24591 flock on older systems; twetzel@gwdg.de
24595 regen to get NeXT lockf/flock fix
24599 force NeXT to use flock since lockf is broken
24602 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
24605 Use stashed user_gid when checking against exempt gid since sudo
24606 sets its gid to a a value that makes sudoers readable. Previously
24607 if you used gid 0 as the exempt group everyone would be exempt. From
24608 Paul Kranenburg <pk@cs.few.eur.nl>
24611 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
24618 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
24619 some types (such as ssize_t) therein.
24622 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
24625 Fix negation of paths in a boolean context. Problem found by
24629 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
24635 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
24638 SA_RESETHAND means the opposite of what I was thinking--oops To
24639 block all signals in old-style signals use ~0, not 0xffffffff
24642 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
24645 coerce difference of pointers to int when used in a string length
24646 printf format; deraadt@openbsd.org
24649 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
24652 Block all signals in Exit() to avoid a signal race. There is still
24653 a tiny window but I'm not going to worry about it.
24656 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
24659 glibc uses the LANGUAGE env var so clear that too; Solar Designer
24663 Regenerate with a fix to flex.skl that preserves errno from
24664 clobbering by isatty().
24667 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
24669 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
24670 auth/sia.c, auth/sudo_auth.c:
24671 Some defaults I_ defines got renamed.
24674 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
24675 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
24676 set_perms.c, sudo.c, sudo.tab.c:
24677 Move defaults info into its own files from which we generate .h and
24678 .c files. This makes adding or rearranging variables much simpler.
24681 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
24683 * configure, configure.in:
24684 fix typo in last commit
24687 * compat.h, config.h.in, configure, configure.in:
24688 Add check + emulation for setegid (like seteuid).
24692 Make env_keep override badenv_table as documented Fix traversal of
24693 badenv_table (broken in last commit)
24696 * set_perms.c, sudo.c, sudo.h:
24697 Don't try and build saved uid version of set_perms on systems w/o
24698 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
24699 set_perms_setreuid simply be set_perms_fallback() and simply include
24700 the appropriate function at compile time (setreuid() vs. setuid()).
24703 * sudoers.cat, sudoers.man.in, sudoers.pod:
24704 PATH is also preserved when env_reset is in effect
24707 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
24708 configure.in, defaults.c, defaults.h, env.c, find_path.c,
24709 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
24710 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
24711 visudo.c, visudo.cat, visudo.man.in:
24712 New Defaults options: o stay_setuid - sudo will remain setuid if
24713 system has saved uids or setreuid(2) o env_reset - reset the
24714 environment to a sane default o env_keep - preserve environment
24715 variables that would otherwise be cleared
24717 No longer use getenv/putenv/setenv functions--do environment munging
24718 by hand. Potentially dangerous environment variables can be cleared
24719 only if they contain '/' pr '%' characters to protect buggy
24720 programs. Moved environment routines into env.c (new file)
24724 Clear up --without-passwd description
24727 * putenv.c, sudo_setenv.c:
24728 We now build up a new environment from scratch and assign it to
24732 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
24734 * sudo.pod, visudo.pod:
24735 Grammatical fixes from Paul Janzen
24738 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
24741 If there was a syntax error and the user just wants to quit, unlink
24742 sudoers if it is zero length.
24746 'Q' means ignore parse error, not 'q'
24750 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
24754 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
24757 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
24760 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
24762 * config.guess, config.sub:
24763 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
24766 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
24768 * sudo.c, visudo.c:
24769 Use exit(127), not exit(-1)
24772 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
24773 Move set_perms() to its own file and use POSIX saved uid or
24774 setreuid() if available.
24776 Added stay_setuid option for systems that have libraries that
24777 perform extra paranoia checks in system libraries for setuid
24778 programs (ie: anything with issetugid(2)).
24782 strip more bits from the environment and add a facility for
24783 stripping things only if they contain '/' or '%' to address printf
24784 format string vulnerabilities in other programs.
24787 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
24794 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
24803 Check for strcasecmp(3) in -lc89 for NCR Unix
24806 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
24809 Define HAVE_INNETGR #ifdef HAVE__INNETGR
24816 * compat.h, config.h.in, configure.in:
24817 Add check for _innetgr(3) since NCR systems have that instead of
24821 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
24824 check return value of creadcfg() call sd_close() after sd_auth()
24825 store username in sd->username so we don't rely on the USER env
24829 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
24832 document --with-bsdauth
24840 --with-bsdauth assumes --with-logincap
24843 * auth/bsdauth.c, auth/fwtk.c:
24844 When prompting for a response to a challenge, if the user just hits
24845 return then reprompt with echo turned on.
24848 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
24851 Remove debugging code that should not have been committed, oops.
24855 Use lower-level routines and get the password ourselves. Checks for
24856 a challenge and if there is one echo is not turned off.
24859 * auth/pam.c, auth/sudo_auth.h:
24860 minor housekeeping, no real code changes
24863 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
24866 Fix a coredump in the logging functions if gethostname(2) fails by
24867 deferring the call to log_error() until things are better setup.
24869 Fix return value of set_loginclass() in non-BSD-auth case.
24871 Hard-code 'sudo' in the usage message so we can fit more options on
24876 Fix errant ';' (typo) that broken MSG_ONLY
24879 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
24881 * sudo.cat, sudo.man.in:
24889 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
24890 configure, configure.in, getspwuid.c, sudo.c:
24891 Add support for BSD authentication.
24894 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
24897 Fix typo; from sato@complex.eng.hokudai.ac.jp
24900 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
24903 Mention negating umask
24907 Allow user to specify umask of 0777 (same as !umask)
24910 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
24912 * sudo.pod, visudo.pod:
24913 Fix a typo and give a URL for the sudo history.
24916 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
24918 * defaults.c, sudo.pod:
24919 fix typos; pepper@reppep.com
24922 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
24924 * sudo.c, sudo.h, sudo_setenv.c:
24925 sudo_setenv() now exits on memory alloc failure instead of returning
24929 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
24932 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
24933 and possibly others.
24937 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
24938 that "%m" won't be expanded but we don't use that anyway since the
24939 logging routines may splat to stderr as well.
24942 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
24944 Add always_set_home variable
24947 * configure, configure.in:
24948 Have to hard code default values in help since the defaults are set
24949 _after_ the help stuff.
24952 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
24954 * lex.yy.c, parse.lex:
24955 Allow special characters (including '#') to be embedded in pathnames
24956 if quoted by a '\\'. The quoted chars will be dealt with by
24957 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
24960 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
24963 Better path searching for programs we need.
24967 Add section on "C compiler cannot create executables" errors.
24970 * Makefile.binary, Makefile.in, version.h:
24974 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
24975 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
24976 visudo.man.in, visudo.pod:
24977 Substitute values from configure into man pages.
24980 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
24983 The listpw and verifypw sudoers options would not take effect
24984 because the value of the default was checked *before* sudoers was
24985 parsed. Instead of passing in the value of PWCHECK_* to
24986 sudoers_lookup(), pass in the arg for def_ival() so the check can be
24987 deferred until after sudoers is parsed.
24990 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
24993 When writing prompt, no need to write the NUL as well;
24997 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
25000 When looking for chown, check in /sbin too
25003 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
25006 Remove extraneous call to init_defaults() and set runas_user to NULL
25007 betweem parses so init_defaults will reset it each time, thus
25008 avoiding a reference to free()d data.
25011 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
25013 * config.h.in, interfaces.c, interfaces.h, sudo.c:
25014 Add support for using getifaddrs() to get the list of ip addr /
25015 netmask pairs. Currently IPv4-only.
25019 Add a missing check for UserEditor == NULL Add missing '+' before
25020 line number when invoking editor to fix a syntax error
25023 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
25026 Call clean_env very early in main() for paranoia's sake. Idea from
25030 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
25033 Update proto for evasprintf and easprintf
25037 Make easprintf() and evasprintf() return an int.
25041 If the targetpw flag is set, use target username as part of the
25042 timestamp path. If tty tickets are in effect cat the tty and the
25043 target username with a ':' as the separator.
25046 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
25049 Backout part of last change; setting PAM_USER to the invoking user
25050 breaks things like targetpw.
25054 set tty and username via pam_set_item
25057 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
25058 Fix root, runas, and target authentication for non-passwd file auth
25062 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
25064 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
25065 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
25066 Use B<-Z> not C<-Z> for command line flags in all places. This is
25067 more consistent and works around a bug in Pod::Man.
25070 * sudoers.cat, sudoers.man.in, sudoers.pod:
25071 Fix an occurence of 'semicolon' that should be 'colon'
25074 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
25076 * configure, configure.in:
25077 Fix --with-badpri help line
25080 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
25082 * defaults.c, logging.c, sudo.c:
25083 Bracket calls to syslog with an openlog() and closelog() since some
25084 authentication methods (like PAM) may do their own logging via
25085 syslog. Since we don't use syslog much (usually just once per
25086 session) this doesn't really incur a performance penalty. It also
25087 Fixes a SEGV with pam_kafs.
25090 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
25093 Fix -H flag. runas_homedir is only valid after
25094 set_perms(PERM_RUNAS, mode)
25097 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
25100 Clarify the fact that insults are not enabled just by including them
25104 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
25106 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
25108 Regenerated with perl 5.6.0 pod2man
25112 Give date string to pod2man since its default is ugly and it ain't
25117 Do section substitution on the output of pod2man and remove hack
25118 needed for old pod2man.
25121 * sudo.pod, sudoers.pod, visudo.pod:
25122 Put back real man sections, we will do the substitution later.
25125 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
25127 * configure, configure.in:
25128 Don't bother checking for the path to vi if user specified --with-
25132 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
25134 * CHANGES, visudo.c:
25135 Visudo now does its own fork/exec instead of calling system(3).
25138 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
25139 sudoers.pod, visudo.c:
25140 Visudo now checks for the existence of an editor and gives a
25141 sensible error if it does not exist.
25143 The path to the editor for visudo is now a colon-separated list of
25144 allowable editors. If the user has $EDITOR set and it matches one
25145 of the allowed editors that editor will be used. If not, the first
25146 editor in the list that actually exists is used.
25149 * sudo.cat, sudo.man.in, sudo.pod:
25150 Clear up confusion wrt sudo's return value.
25153 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
25156 Strip sudo and visudo for bindist target
25159 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
25160 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
25161 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
25162 [5eb9e60a726f] [SUDO_1_6_3]
25164 * visudo.cat, visudo.man.in, visudo.pod:
25165 Typo: @sysconf@ -> @sysconfdir@
25169 'make dist' should not cause any files to be modified so remove its
25174 Whoops, forgot to add release marker
25177 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
25180 Final change for 1.6.3 (or so I hope)
25183 * sudo.cat, sudoers.cat, visudo.cat:
25184 Use SYSV man sections since BSD systems will have nroff...
25187 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
25189 * parse.yacc, sudo.tab.c:
25190 When checking to see if the host/user matches in a defaults spec,
25191 check against TRUE, not just non-zero since it might be -1.
25194 * configure, configure.in:
25195 OSF/1 puts file formats in section 4, not 5.
25198 * CHANGES, INSTALL, sudo.c:
25199 Make login class support work on BSD/OS
25206 * configure, configure.in:
25207 If there is no inet_addr but there *is* an __inet_addr that's ok
25208 since inet_addr is probably just a macro then. The better thing to
25209 do would be to look for the macro, but this is fine for now.
25212 * configure, configure.in:
25213 Don't use shlicc for BSD/OS 4.x
25216 * Makefile.in, configure, configure.in:
25217 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
25218 configure variable so we can deal with this. Also, only remove *.man
25219 for 'distclean' not 'clean'.
25223 set_loginclass() should be static like the proto says
25226 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
25229 Add #ifdef __STDC__ around the rangematch function header to avoid
25230 promotion of test to int, thus violating the prototype. Gcc handles
25231 this gracefully but more std ANSI compilers will complain.
25235 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
25238 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
25239 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
25240 FNM_CASEFOLD in configure
25247 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
25248 Fully qualified hosts w/ wildcards were not matching the FQHOST
25249 token type. There's really no need for a separate token for fully-
25250 qualified vs. unqualified anymore so FQHOST is now history and
25251 hostname_matches now decides which hostname (short or long) to check
25252 based on whether or not the pattern contains a '.'.
25256 Fully qualified hosts w/ wildcards were not matching the FQHOST
25257 token type. There's really no need for a separate token for fully-
25258 qualified vs. unqualified anymore so FQHOST is now history and
25259 hostname_matches now decides which hostname (short or long) to check
25260 based on whether or not the pattern contains a '.'.
25263 * lex.yy.c, parse.c, parse.lex, parse.yacc:
25264 Fully qualified hosts w/ wildcards were not matching the FQHOST
25265 token type. There's really no need for a separate token for fully-
25266 qualified vs. unqualified anymore so FQHOST is now history and
25267 hostname_matches now decides which hostname (short or long) to check
25268 based on whether or not the pattern contains a '.'.
25271 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
25272 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
25273 Add support for wildcards in the hostname.
25277 Add targets for *.man.in, using config.status to generate *.man from
25281 * sudoers.cat, sudoers.man.in, sudoers.pod:
25282 Document set_logname option and enbolden refs to sudo and visudo.
25285 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
25286 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
25287 visudo.cat, visudo.man.in, visudo.pod:
25288 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
25289 from Michael D. Marchionna. configure now does substitution on the
25290 man pages, allowing us to fix up the paths and set the section
25291 correctly. Based on an idea from Michael D. Marchionna.
25295 Better fix for handling HP-UX aging info.
25299 Add support for set_logname run-time default
25302 * sudo.man.in, sudoers.man.in, visudo.man.in:
25303 configure does substitution on these to produce *.man
25306 * sudo.man, sudoers.man, visudo.man:
25307 These files now get generated from *.man.in at configure time.
25310 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
25312 * defaults.c, defaults.h:
25313 Add set_logname option so users can turn off setting of LOGNAME/USER
25314 environment variables.
25317 * lsearch.c, parse.c, testsudoers.c:
25321 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
25324 HP-UX adds extra info at the end for password aging so when
25325 comparing the result of crypt to pw_passwd we only compare the first
25326 len(epass) bytes *unless* the user entered an empty string for a
25331 Get rid of grandchild hack, it was causing problems and there is
25332 really no need for it. This fixes a bug where we spin eating up CPU
25333 when the user runs a long-running process like a shell.
25336 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
25339 User can always specify a login class if he/she is already root.
25342 * config.h.in, configure, configure.in, defaults.c, defaults.h,
25344 FreeBSD login class (login.conf) support.
25347 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
25349 * auth/sudo_auth.c:
25350 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
25353 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
25356 Truncate unencrypted password to 8 chars if encrypted password is
25357 exactly 13 characters (indicateing standard a DES password). Many
25358 versions of crypt() do this for you, but not all (like HP-UX's).
25361 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
25364 Mention that gcc on dynix may have problems
25367 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
25370 Link visudo with NET_LIBS since we now call syslog via defaults.c
25374 Use Argv[0] as the first arg to openlog() since visudo uses this
25378 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
25381 Stash coredumpsize resource limit and retsore it before the exec()
25382 Otherwise the child ends up with a coredumpsize of 0.
25385 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
25387 * sudo.cat, sudo.man, sudo.pod:
25395 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
25396 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
25397 Added -S flag (read passwd from stdin) and tgetpass_flags global
25398 that holds flags to be passed in to tgetpass(). Change echo_off
25399 param to tgetpass() into a flags field. There are currently 2
25400 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
25401 tgetpass(), abstract the echo set/clear via macros and if (flags &
25402 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
25406 Fixed a bug that caused an infinite loop when the password timeout
25410 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
25412 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
25413 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
25414 Add rootpw, runaspw, and targetpw options.
25417 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
25419 enveditor -> env_editor
25422 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
25424 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
25425 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
25427 crank versino to 1.6.3
25430 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
25431 sudoers.pod, visudo.c:
25432 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
25433 them. This means that visudo will now parse the sudoers file
25434 *before* it is edited so a bogus sudoers file will cause a warning
25435 to go to stderr. Also, visudo checks the variables once--it does not
25436 check them after each editor run since that could be confusing.
25439 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
25445 * check.c, sudo.c, sudo.h:
25446 Move user_is_exempt prototype into sudo.h
25449 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
25451 * configure, configure.in:
25452 Fix thinko, some && should have been || in the last commit
25455 * configure, configure.in:
25456 Don't initialized Makefile variables to be NULL since the user may
25457 want to import variables from their environment.
25460 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
25462 * configure, configure.in:
25466 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
25469 fix a yacc (skeleton.c) warning
25472 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
25474 * INSTALL, RUNSON, configure, configure.in:
25475 Make pam work on HP-UX 11.0;jaearick@colby.edu
25479 recent changes; prepare for 1.6.2p1
25483 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
25486 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
25489 Regen with yacc that has a memory leak plugged.
25492 * sudoers.cat, sudoers.man, sudoers.pod:
25493 Expanded docs on sudoers 'defaults' options based on INSTALL file
25498 Fix some while lies
25501 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
25504 When making a bindist, link FAQ to TROUBLESHOOTING instead of
25508 * sudoers.cat, sudoers.man, sudoers.pod:
25509 Add netgroup caveat
25510 [28d119f466e3] [SUDO_1_6_2]
25513 Last minute updates
25529 Better detection of PAM errors and fix custom prompts with PAM.
25530 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
25533 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
25536 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
25540 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
25542 * CHANGES, config.h.in, configure, configure.in, visudo.c:
25543 Fix sudoers locking in visudo. We now lock the sudoers file itself,
25544 not the temp file (since locking the temp file can foul up editors).
25545 The previous locking scheme didn't work because the fd was closed
25549 * config.h.in, configure, configure.in:
25550 Don't need test for ftruncate() any more.
25553 * configure, configure.in:
25554 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
25555 the unbundled HP-UX cc.
25558 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
25560 * sudoers.cat, sudoers.man, sudoers.pod:
25561 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
25564 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
25566 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
25567 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
25568 version.h, visudo.c:
25569 update copyright year on changed files
25581 Crank version to 1.6.2
25585 Crank version to 1.6.2
25589 When using rlimit check for RLIM_INFINITY When computing the value
25590 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
25597 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
25598 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
25599 Crank version to 1.6.2
25602 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
25603 Add 'shell_noargs' runtime option back in. We have to defer
25604 checking until after the sudoers file has been parsed but since
25605 there are now other options that operate that way this one can too.
25606 Based on a patch from bguillory@email.com.
25609 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
25610 Add "listpw" and "verifypw" options.
25613 * sudoers.cat, sudoers.man, sudoers.pod:
25614 o Fix some typos/omissions o Add section on verifypw and listpw o
25615 Define how NOPASSWD interacts with the -v and -l flags
25618 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
25620 * configure, configure.in:
25621 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
25622 -D_HPUX_SOURCE to CPPFLAGS.
25625 * defaults.c, defaults.h:
25626 In struct sudo_defs_types, move the union to the end and don't
25627 initialize the union member since that only works with an ANSI
25628 compiler. We set the value of the union by hand in init_defaults()
25629 anyway. This allows sudo to compile on a K&R compiler again.
25632 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
25634 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
25635 netgr_matches needs to check shost as well as host since they may be
25640 End on \r as well as \n
25643 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
25646 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
25647 from 0400 to whatever SUDOERS_MODE is (converting from the old
25648 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
25649 0400 which should always be the case.
25652 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
25653 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
25654 w/o a passwd if there is *any* entry for the user on the host with a
25655 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
25656 the user on the host w/ the specified runas user have the NOPASSWD
25664 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
25667 Treat EOF at whatnow prompt like 'x' instead of looping.
25670 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
25674 [5836a9452568] [SUDO_1_6_1]
25676 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
25678 * config.h.in, configure, configure.in, sudo.c:
25679 Add check for initgroups() since old SYSV lacks this.
25682 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
25683 parse.c, testsudoers.c:
25684 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
25688 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
25690 * auth/sudo_auth.c:
25691 Don't allow insults to be enabled if the insults[] array is empty.
25692 Otherwise there would be division by zero.
25696 Don't allow insults to be enabled if the insults[] array is empty.
25697 Otherwise there would be division by zero.
25701 Don't allow insults to be enabled if the insults[] array is empty.
25702 Otherwise there would be division by zero.
25706 Don't care about USE_INSULTS #define since the insult stuff may be
25707 overridden at runtime.
25710 * auth/sudo_auth.c:
25711 Honor insults flag.
25714 * CHANGES, parse.c:
25715 Don't ask the user for a password if the user is not allowed to run
25716 the command and the authenticate flag (in sudoers) is false.
25719 * CHANGES, RUNSON, lex.yy.c, parse.lex:
25720 o Whenever we get a bare newline we change to the INITIAL state. o
25721 Enter GOTRUNAS when we see Runas_Alias
25723 This allows #uid to work in a RunasAlias.
25726 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
25728 * CHANGES, parse.yacc, sudo.tab.c:
25729 fix parsing of runas lists: o oprunasuser and runaslist now return a
25730 value o in a runasspec, if a runaslist does not return TRUE, set
25731 runas_matches to FALSE. Normally, a runaslist only returns FALSE
25732 for explicitly denied users. o since runaslist does not modify the
25733 stack there is no need for a push/pop in runasalias.
25737 Don't kill the user's tickets until after sudoers has been parsed
25738 since tty_tickets and ticket_dir could be set in sudoers.
25741 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
25742 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
25743 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
25744 crank version to 1.6
25748 add set_fqdn() stub
25751 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
25753 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
25754 sudoers.man, sudoers.pod, visudo.c:
25755 o Kill shell_noargs option, it cannot work since the command needs
25756 to be set before sudoers is parsed. o Fix the "set_home" sudoers
25757 option (only worked at compile time). o Fix "fqdn" sudoers option.
25758 We now set host/shost via set_fqdn which gets called when the
25759 "fqdn" option is set in sudoers. o Move the openlog() to
25760 store_syslogfac() so this gets overridden correctly from the
25765 SecurID support should compile now.
25768 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
25770 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
25771 visudo.man, visudo.pod:
25772 fix some syntactic goofs
25775 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25777 * Makefile.in, sudo.html, sudoers.html, visudo.html:
25778 No longer need the .html files as they are generated automatically
25782 * CHANGES, LICENSE:
25783 kill characters that made wml unhappy
25790 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
25793 majordomo@cs.colorado.edu -> majordomo@courtesan.com
25796 * Makefile.in, configure:
25797 Wrap script execution w/ /bin/sh for the benefit of ctm
25800 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
25803 Make the -s flag be exclusive too. Also reorder the flags in the
25804 exclusive usage message so they are alphabetical.
25807 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25810 make pam errors other than PAM_PERM_DENIED fatal
25818 make it clear that /etc/pam.d/sudo is required on linux
25822 fix a warning on redhat and spew an error if pam_authenticate()
25823 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
25826 * sudo.cat, sudo.html, sudo.man, sudo.pod:
25827 Be very clear that the password required is the user's not root's
25830 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
25833 add sample.syslog.conf to DISTFILES and BINFILES
25836 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
25839 updates from Brian Jackson + some formatting
25842 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
25844 * INSTALL.binary, Makefile.binary, README, RUNSON:
25845 o One RUNSon update o Changes for automating real binary releases
25852 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25855 talk about run-time options in addition to compile-time options
25856 [1eb813ff0a9a] [SUDO_1_6_0]
25863 need sys/time.h if HAVE_SETRLIMIT
25866 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
25867 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
25868 get rid of references to sudo-bugs. Now mention the web site or the
25873 repair pod2html damage
25877 Update for 1.6 release
25880 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
25881 Add warning about using ALL in a command context.
25884 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
25887 Call yyrestart() on a parse error to reset the lexer state.
25890 * lex.yy.c, parse.lex:
25891 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
25892 since it might not get called in yywrap if we get a parse error
25893 (and we only reread the file on error anyway).
25896 * lex.yy.c, parse.lex:
25897 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
25898 might still exist. Call yyrestart() instead of using the deprecated
25902 * lex.yy.c, parse.lex:
25903 flex doesn't need %N table size declarations
25906 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
25907 Mention what characters need to be escaped in names.
25910 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
25917 clarify Mac OS X entry
25925 o Use AC_MSG_ERROR throughout o Check syslog configure options for
25929 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
25932 Fix printing of type T_MODE in dump_defaults()
25936 missing sys/types.h
25940 Break out options that may be overridden at run time into their own
25941 section. Add a not about Max OS X and correct some lies.
25944 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
25946 * CHANGES, config.h.in, configure, configure.in, sudo.c:
25947 o Now use getrlimit to find the highest fd when closing all non-std
25948 fd's o Turn off core dumps via setrlimit for the sake of paranoia
25955 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
25962 When read()'ing, do a single character at a time to be sure we don't
25963 go oast the newline.
25967 For the sudo_root option, check against user_uid, not getuid() since
25968 at this point, ruid == euid == 0.
25976 Fix compilation problem when --with-logging=file was specified.
25977 This means that syslog is now required to build sudo but that should
25978 not be a problem. If it is it can be fixed trivially with a
25979 configure check for syslog() or syslog.h.
25983 Make this work again for things like "sudo echo hi | more" where the
25984 tty gets put into character at a time mode. We read until we read
25985 end of line or we run out of space (similar to fgets(3)).
25988 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
25990 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
25991 change ital to bold
25998 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
26001 Error out if syslog parameters are given without a value. For
26002 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
26003 no facilities in the 4.2BSD syslog.
26006 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
26009 Ignore the syslog facility for systems w/ old syslog like Ultrix.
26013 people with "." early in their path can have problems running sudo
26014 from the build dir ;-)
26017 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
26019 * sudo.cat, sudo.html, sudo.man, sudo.pod:
26020 Remove -r realm option
26023 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
26024 configure.in, sudo.c:
26025 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
26032 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
26035 include <auth.h> to get function prototypes.
26038 * sudo.cat, sudo.html, sudo.man, sudo.pod:
26042 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
26045 in set_perms(), always call setuid(0) before changing the ruid/euid
26046 so we always know it will succeed.
26050 #undef T_FOO to avoid conflicts with system defines (like on
26054 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
26056 Docuement "Defaults" lines in /etc/sudoers. Still needs some
26057 fleshing out but this is a start.
26060 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
26062 * use strtol, not strtoul since not everyone has not strtoul
26066 use strtol, not strtoul since not everyone has not strtoul
26069 * lex.yy.c, parse.lex:
26070 last {WORD} rule should only apply in the INITIAL state
26073 * lex.yy.c, parse.lex:
26074 o Add support for escaped characters in the WORD macro o Modify
26075 fill() to squash escape chars
26078 * defaults.c, defaults.h:
26079 o Add T_PATH flag to allow simple sanity checks for default values
26080 that are supposed to be pathnames. o Fix a duplicate free when
26081 visudo finds an error.
26084 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
26086 * defaults.c, defaults.h, logging.c:
26087 mail_if_foo -> mail_foo
26090 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
26092 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
26093 o Add requiretty option o Move O_NOCTTY to compat.h
26097 The exit() in log_error() was mistakenly removed in a previous
26098 version. Put it back...
26101 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
26103 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
26104 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
26105 configure, configure.in, defaults.c, defaults.h, find_path.c,
26106 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
26107 o Change defaults stuff to put the value right in the struct. o
26108 Implement mailer_flags o Store syslog stuff both in int and string
26109 form. Setting the string form magically updates the int version.
26110 o Add boolean attribute to strings where it makes sense to say !foo
26114 add O_NOCTTY when opening /dev/tty just in case
26117 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
26120 cleanup function no longer takes a status arg
26127 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
26129 * TODO, config.h.in, configure, configure.in, logging.c:
26130 Use strftime() instead of ctime() if it is available.
26133 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
26140 update ReliantUNIX entry
26143 * defaults.c, defaults.h, logging.c:
26144 add log_year option
26147 * configure, configure.in:
26148 add --without-sendmail to help output
26151 * configure, configure.in:
26152 enforce an otctal arg for --with-suoders-mode
26155 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
26157 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
26158 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
26159 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
26160 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
26161 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
26162 testsudoers.c, version.c, visudo.c:
26163 Add support for "Defaults" line in sudoers to make configuration
26164 variables changable at runtime (and on a global, per-host and per-
26165 user basis). Both the names and the internal representation are
26166 still subject to change. It was necessary to make sudo_user.runas
26167 but a char ** instead of a char * since this value can be changed by
26168 a Defaults line. There is a similar (but more complicated) issue
26169 with sudo_user.prompt but it is handled differently at the moment.
26171 Add a "-L" flag to list the name of options with their descriptions.
26172 This may only be temporary.
26174 Move some prototypes to parse.h
26176 Be much less restrictive on what is allowed for a username.
26179 * sample.syslog.conf:
26183 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
26185 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
26187 UCB has dropped the advertising clause from their license.
26190 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
26192 * auth/sudo_auth.h:
26193 move dce_verofy proto to correct section
26200 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
26203 Add fnmatch() prototype
26206 * fnmatch.c, parse.c, testsudoers.c:
26207 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
26211 add strcasecmp proto
26214 * auth/sudo_auth.c:
26215 add check for case where there are no auth methods
26218 * configure, configure.in:
26219 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
26223 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
26224 include strings.h everywhere we include string.h
26228 nicer output when showing auth methods
26232 Add support for SEND_MAIL_WHEN_NO_HOST
26235 * config.h.in, configure, configure.in:
26236 Add _GNU_SOURCE for Linux
26239 * lex.yy.c, parse.lex:
26240 fix definition of OCTECT
26243 * configure, configure.in:
26244 aix_auth.o not authenticate.o
26247 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
26250 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
26251 keyboard). Since we run with ruid/euid == 0 the user can't really
26252 signal us in nasty ways.
26256 Don't need to worry about catching too many signals since we do
26257 locking on the tmp file. If a lockfile is really stale, it will be
26258 detected and overwritten.
26261 * INSTALL, Makefile.in:
26262 include auth/API in tarball
26265 * auth/sudo_auth.c:
26266 move memset() of plaintext pw outside of verify loop and only do the
26267 memset if we are *not* in standalone mode.
26270 * auth/sudo_auth.c, auth/sudo_auth.h:
26271 DCE is not a standalone method
26275 fix --enable-noargs-shell
26279 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
26282 * auth/fwtk.c, auth/sia.c:
26283 _cleanup() function returns an int.
26287 there were still some return(0)'s hanging around, make them
26296 add missing semicolon
26299 * auth/sudo_auth.h:
26303 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
26305 * CHANGES, config.h.in, configure, configure.in:
26306 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
26310 add parse.h to HDRS
26313 * Makefile.in, configure, configure.in:
26314 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
26315 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
26316 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
26317 testsudoers to build on Solaris and is a bit cleaner in general.
26321 mention ptmp -> sudoers.tmp
26324 * config.h.in, configure, configure.in:
26325 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
26333 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
26334 return a value more like a system function
26346 update based on what is in the man page
26349 * parse.yacc, sudo.tab.c:
26350 minor change to first line printed in -l mode
26353 * sudo.cat, sudo.html, sudo.man, sudo.pod:
26354 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
26355 standard and add "EXAMPLES" section
26358 * visudo.cat, visudo.html, visudo.man, visudo.pod:
26359 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
26363 * logging.c, parse.c, sudo.h:
26367 * lex.yy.c, parse.lex:
26368 make an OCTET really be limited to 0-255
26372 mention timestamp changes
26379 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
26380 new sudoers(8) man page
26383 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
26386 Update comments about syslog name tables
26389 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
26390 strcasecmp.c, sudo.tab.c:
26391 include strcasecmp() for those without it
26395 Use the : operator some more and fix a typo
26399 update the history of sudo
26402 * parse.c, parse.lex, testsudoers.c:
26403 CIDR-style netmask support
26410 * sudo.tab.c, sudo.tab.h:
26411 these should be generated with byacc, not bison
26418 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
26419 In "sudo -l" mode, the type of the stored (expanded) alias was not
26420 stored with the contents. This could lead to incorrect output if
26421 the sudoers file had different alias types with the same name.
26422 Normal parsing (ie: not in '-l' mode) is unaffected.
26425 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
26427 * configure, configure.in:
26428 define _XOPEN_SOURCE to get at crypt() proto on some systems
26431 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
26438 don't need limits.h
26442 kill bogus reference to vfprintf
26445 * sample.sudoers, sudoers:
26450 Add some const in the K&R defs. This is safe since we define const
26451 away if the compiler doesn't grok it.
26454 * aclocal.m4, configure:
26455 Better test for working long long support. Ultrix compiler supports
26456 basic long long but not all operations on them.
26459 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
26460 snprintf.c, sudo.c:
26461 Add check for LONG_IS_QUAD #undef MAXINT before including
26462 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
26463 in snprintf.c and use LONG_IS_QUAD
26466 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
26468 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
26470 UCB-derived snprintf + asprintf support. Supports quads if the
26471 compiler does. No floating point yet, perhaps later...
26474 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
26476 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
26477 goodpath.c, logging.c, parse.c, sudo.c:
26478 Run most of the code as root, not the invoking user. It doesn't
26479 really gain us anything to run as the user since an attacker can
26480 just have an setuid(0) in their egg. Running as root solves
26481 potential problems wrt signalling.
26488 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
26490 * logging.c, sudo.c:
26491 Don't wait for child to finish in log_error(), let the signal
26492 handler get it if we are still running, else let init reap it for
26493 us. The extra time it takes to wait lets the user know that mail is
26496 Install SIGCHLD handler in main() and for POSIX signals, block
26501 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
26502 parse.yacc, sudo.c, sudo.h:
26503 sudoers_lookup() now returns a bitmap instead of an int. This makes
26504 it possible to express things like "failed to validate because user
26505 not listed for this host". Some thigns that were previously
26506 VALIDATE_FOO are now FLAG_FOO. This may change later on.
26508 Reorganized code in log_auth() and sudo.c to deal with above
26511 Safer versions of push/pushcp with in the do { ... } while (0) style
26513 parse.yacc now saves info on the stack to allow parse.c to determine
26514 if a user was listed, but not for the host he/she tried to run on.
26516 Added --with-mail-if-no-host option
26519 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
26521 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
26522 visudo.man, visudo.pod:
26523 o NewArgv and NewArgc don't need to be externally visible. o If
26524 pedantic > 1, it is a parse error. o Add -s (strict) option to
26525 visudo which sets pedantic to 2.
26528 * HISTORY, INSTALL:
26529 Just have sudo-bugs contact info in one place
26532 * sudo.cat, sudo.html, sudo.man, sudo.pod:
26536 * Makefile.in, configure, configure.in:
26537 Add testsudoers to default build target if --with-devel Don't clean
26538 generated parser files unless "distclean".
26541 * parse.yacc, sudo.tab.c:
26542 In pedantic mode we need to save *all* the aliases, not just those
26543 that match, or we get spurious warnings.
26547 reference samples.sylog.conf
26550 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
26552 * sample.syslog.conf:
26553 Sample entries for syslog.conf
26560 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
26561 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
26562 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
26563 auth/sudo_auth.c, auth/sudo_auth.h:
26564 In struct sudo_auth, turn need_root and configured into flags and
26565 add a flag to specify an auth method is running alone (the only
26566 one). Pass auth methods their sudo_auth pointer, not the data
26567 pointer. This allows us to get at the flags and tell if we are the
26568 only auth method. That, in turn, allows the method to be able to
26569 decide what should/should not be a fatal error. Currently only
26570 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
26571 define and te hackery that went with it. With access to the
26572 sudo_auth struct, methods can also get at a string holding their
26573 cannonical name (useful in error messages).
26576 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
26577 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
26579 o --with-otp deprecated, use --without-passwd instead o real
26580 dependencies in the Makefile o --with-devel option to enable yacc,
26581 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
26582 back to being a token, not a string but don't leak memory o rename
26583 hsotspec -> host in parse.yacc
26586 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
26592 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
26594 o Digital UNIX needs to check for *snprintf() before -ldb is added
26595 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
26596 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
26597 functions in snprintf.c to fix -Wall o Add missing includes to fix
26601 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
26602 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
26604 o Add a "pedentic" flag to the parser. This makes sudo warn in
26605 cases where an alias may be used before it is defined. Only turned
26606 on for visudo and testsudoers. o Add --disable-authentication option
26607 that makes sudo not require authentication by default. The PASSWD
26608 tag can be used to require authentication for an entry. We no
26609 longer overload --without-passwd.
26612 * lex.yy.c, parse.lex:
26613 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
26614 username can contain just about anything so be very permissive. Also
26615 drop the unused \. punctuation.
26618 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
26620 * parse.yacc, sudo.tab.c:
26621 o add a 'val' element to aliasinfo struct and move -> parse.h o
26622 find_alias() now returns an aliasinfo * instead of boolean o
26623 add_alias() now takes a value parameter to store in the
26624 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
26625 return: 1) positive match 0) negative match (due to '!')
26626 -1) no match This means setting $$ explicitly in all cases, which I
26627 should have done in the first place. It also means that we always
26628 store a value that is != -1 and when we see a '!' we can set
26629 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
26630 now works the way it should in lists and some of the rules are more
26631 uniform and sensible.
26635 add parse.h dependency
26639 kill unused *_matched macros
26643 Allow a list of users as the first thing in a user spec, not just a
26644 single entry. This makes things more uniform, though it does allow
26645 you to write user specs that are hard to read.
26657 fix check for crypt() in libufc
26660 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
26663 sudo-users list now exists
26666 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
26670 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
26671 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
26672 version.c, visudo.c:
26673 o Move lock_file() and touch() into fileops.c so visudo can use them
26674 o Visudo now locks the sudoers temp file instead of bailing when the
26675 temp file already exists. This fixes the problem of stale temp
26676 files but it does *require* that you not try to put the temp file in
26677 a world-writable directory. This shoud not be an issue as the temp
26678 file should live in the same dir as sudoers. o Visudo now only
26679 installs the temp file as sudoers if it changed.
26682 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
26688 * config.h.in, configure, configure.in, logging.c:
26692 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
26693 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
26694 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
26695 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
26696 -> _PATH_SUDOERS_TMP
26699 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
26701 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
26702 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
26703 root sudo -V config reporting
26706 * configure, configure.in:
26707 aix_auth.o not authenticate.o
26711 Add --with-goodpri and --with-badpri configure options to specify
26712 the syslog priority to use.
26715 * INSTALL, configure, configure.in, logging.h:
26716 Add --with-goodpri and --with-badpri configure options to specify
26717 the syslog priority to use.
26721 kill crufty AIX stuff
26725 Sigh, some versions of make (like Solaris's) don't deal with $< like
26726 I would expect. Both GNU and BSD makes get this right but... So, we
26727 just expand $< inline at the cost of some ugliness.
26731 If the invoking user is root, sudo will now print configure info in
26732 -V mode. Currently just prints logging info, to be expanded later.
26735 * logging.c, logging.h, sudo.c, sudo.h:
26736 o new defines for syslog facility and priority o use new
26737 print_version() functino for -V mode
26741 Don't need version.c
26744 * aclocal.m4, config.h.in, configure, configure.in:
26745 Add check for syslog facilities and priorities tables in syslog.h
26749 o authenticate -> aix_auth o add version.c
26752 * auth/sudo_auth.c:
26753 Missed a prompt -> user_prompt conversion
26756 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
26759 sudo should lock its logfile
26762 * parse.yacc, sudo.tab.c:
26763 o Add '!' correctly when expanding Aliases. o Add shortcut macros
26764 for append() to make things more readable. o The separator in
26765 append() is now a string instead of a char. o In append(), only
26766 prepend the separator if the last char is not a '!'. This is a
26767 hack but it greatly simplifies '!' handling. o In -l mode, Runas
26768 lists and NOPASSWD/PASSWD tags are now inherited across entries in
26769 a list (matches current behavior). o Fix formatting in -l mode such
26770 that items in a list are separated by a space. Greatlt improves
26771 readability. o Space for name field in struct aliasinfo is now
26772 allocated dyanically instead of using a (big) buffer. o In
26773 add_alias(), only search the list once (lsearch instead of lfind +
26777 * lex.yy.c, sudo.tab.c, sudo.tab.h:
26781 * configure, configure.in:
26782 Solais pam doesn't require anye xtra setup
26786 o Simpler '!' support now that the lexer deals with multiple !'s for
26787 us. o In the case of opFOO, have FOO give a boolean return value and
26788 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
26789 it gets fill()'d in parse.lex--fixes a small memory leak. In the
26790 long run it may be better to just fix parse.lex and make ALL back
26791 into a token. However, having it be a string is useful since it
26792 can be easily passed back to the parent rule if we so desire.
26796 o Remove some unnecessary backslashes o collapse multiple !'s by
26797 using !+ and checking if yyleng is even or odd. this allows us to
26798 simplify ! handling in parse.yacc
26802 -u flag was being ignored
26805 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
26812 work around pod2man stupididy
26816 correct dependencies for .cat
26819 * sudo.cat, sudo.man, visudo.cat, visudo.man:
26823 * sudo.pod, visudo.pod:
26824 Add copyright Update to reality
26827 * parse.c, sudo.c, sudo.h:
26828 rename validate() to the more descriptive sudoers_lookup()
26835 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
26841 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
26842 configure, configure.in, sudo.c:
26847 add 4th term to license similar to term 5 in the apache license
26850 * emul/search.h, emul/utime.h:
26851 add 4th term to license similar to term 5 in the apache license
26854 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
26855 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
26856 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
26857 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
26858 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
26859 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
26860 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
26862 add 4th term to license similar to term 5 in the apache license
26865 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
26866 add 4th term to license similar to term 5 in the apache license
26869 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
26870 getspwuid.c, goodpath.c:
26871 add 4th term to license similar to term 5 in the apache license
26874 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
26875 insults.h, logging.c, sudo.c, sudo.h:
26876 there was a 1995 release too
26879 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
26886 Use dirs instead of files for timestamp. This allows tty and non-
26887 tty schemes to coexist reasonably. Note, however, that when you
26888 update a tty ticket, the mtime on the user dir gets updated as well.
26891 * configure, configure.in:
26892 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
26893 when linking test program, not just -lprot. Also add check for
26894 getspnam(). The SCO docs indicate that /etc/shadow can be used but
26898 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26901 first cut at auth API description
26904 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
26906 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
26907 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
26909 auth API change. There is now an init method that gets run before
26910 the main loop. This allows auth routines to differentiate between
26911 initialization that happens once vs. setup that needs to run each
26912 time through the loop.
26915 * auth/kerb5.c, logging.c:
26916 use easprintf() and evasprintf()
26920 add easprintf() and evasprintf(), error checking versions of
26921 asprintf() and vasprintf()
26925 remove 2 items. One done, one won't do.
26928 * lex.yy.c, sudo.tab.c:
26932 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
26933 visudo.html, visudo.man:
26942 o Document -K flag and update meaning of -k flag. o BSD-style
26943 copyright o Document clearing of BIND resolver environment variables
26944 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
26945 if your OS gives away files
26953 BSD-style copyright
26957 o BSD copyright o no need to block signals, we now do that in main()
26961 * testsudoers.c, visudo.c:
26962 o BSD-style copyright o Use "struct sudo_user" instead of old
26963 globals. o some cometic cleanup
26967 BSD-style copyright
26971 o BSD copyright o logging and parser bits moved to their own .h
26972 files o new "struct sudo_user" to encapsulate many of the old
26977 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
26978 logging routines o simplified flow of control o BIND resolver
26979 additions to badenv_table
26983 BSD-style copyright
26987 Now compiles on more K&R compilers
26991 BSD-style copyright, cosmetic changes
26995 BSD-style copyright
26998 * parse.c, parse.h, parse.lex, parse.yacc:
26999 BSD-style copyright. Move parser-specific defines and structs into
27000 parse.h + other cosmetic changes
27004 defines for logging routines
27007 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
27008 BSD-style copyright, cosmetic changes
27011 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27013 BSD-style copyright
27017 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
27018 kill --disable-tgetpass o add --without-passwd o changes to fill in
27019 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
27020 v?asprintf() o replace --with-AuthSRV with --with-fwtk
27024 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
27025 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
27026 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
27030 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
27034 BSD-style copyright
27038 no more --with-getpass
27042 Take out things I've done...
27050 --with-getpass no longer exists
27054 BSD-style copyright. Update to reflect reality wrt new files and
27059 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
27064 Update history a bit
27067 * COPYING, LICENSE:
27068 Now distributed under a BSD-style license
27071 * auth/sudo_auth.c:
27072 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
27073 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
27077 * auth/pam.c, auth/sia.c:
27078 BSD-style copyright and use new log functions
27082 o BSD-style copyright o Use new log functiongs o Use asprintf() and
27083 snprintf() where sensible.
27087 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
27088 done more reasonably--better sanity checks and tty-based stamps are
27089 now done as files in a directory with the same name as the invoking
27090 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
27091 to mix tty and non-tty based ticket schemes but this may change in
27092 the future (it requires sudo to use a directory instead of a file in
27093 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
27094 the epoch and ``sudo -K'' really deletes the file. That way you
27095 don't get the lecture again just because you killed your ticket in
27096 .logout. BSD-style copyright now.
27100 o rewritten logging routines. log_error() now takes printf-style
27101 varargs and log_auth() for the return value of validate(). o BSD-
27105 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
27106 superceded by new auth API
27110 BSD-style copyright
27114 Use snprintf() where it makes sense and add a BSD-style copyright
27117 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
27118 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
27119 BSD-style copyright
27122 * emul/utime.h, utime.c:
27123 BSD-style copyright
27127 this has been rewritten so use my BSD-style copyright
27130 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
27133 include malloc.h if no stdlib.h
27137 KTH snprintf()/asprintf() for systems w/o them
27141 strerror() for systems w/o it
27144 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
27150 * parse.c, parse.lex, parse.yacc:
27151 Add contribution info in the main comment
27154 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
27157 remove missed ref to PAM_nullpw
27160 * auth/sudo_auth.h:
27165 more or less complete now--still untested
27168 * auth/afs.c, auth/pam.c:
27169 don't use user_name macro, it will go away
27172 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
27173 combine skey/opie code into rfc1938.c
27176 * auth/dce.c, auth/sudo_auth.h:
27177 DCE authentication method; basically unchanged from dce_pwent.c
27180 * auth/aix_auth.c, auth/sudo_auth.h:
27181 AIX authenticate() support. Could probably be much better
27185 Fix an uninitialized variable and some cleanup. Now works (tested)
27188 * auth/sia.c, auth/sudo_auth.h:
27189 SIA support for digital unix
27193 don't use prompt global, it will go away
27196 * auth/secureware.c:
27197 correct copyright years
27200 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
27201 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
27202 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
27203 New authentication API and methods
27206 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
27213 only save an entry if user_matches && host_matches, even if the
27214 stack is empty (fix for previous commit)
27222 1) Always save an entry on the stack if it is empty. This fixes the
27223 -l and -v flags that were broken by earlier parser changes.
27225 2) In a Runas list, don't negate FALSE -> TRUE since that would make
27226 !foo match any time the user specified a runas user (via -u) other
27231 interfaces and num_interfaces are now auto, not extern
27234 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
27237 use a static global to keep stae about empty passwords
27241 make PASSWORD_NOT_CORRECT logging consistent with other modules
27244 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
27247 PAM prompt code was wrong, looks like we have to kludge it after
27252 In the PAM code, when a user hits return at the first password
27253 prompt, exit without a warning just like the normal auth code
27256 * configure, configure.in:
27257 kludge around cross-compiler false positives
27260 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
27261 New (correct) PAM code Tgetpass now takes an echo flag for use with
27262 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
27263 useless umask setting Change error from BAD_ALLOCATION ->
27264 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
27269 Some -Wall and kill some trailing spaces
27273 define -D__EXTENSIONS__ for solaris so we get crypt() proto
27276 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
27282 * INSTALL, config.h.in, configure, configure.in:
27283 for kerberos V < version, fall back on old kerb4 auth code
27287 clarify some things
27290 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
27294 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
27297 mention why DONT_LEAK_PATH_INFO is not the default
27300 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
27303 Fix open(2) return value checking, was NULL for fopen, should be -1
27312 better wording for solaris pam notice
27316 document recent changes
27320 Update shadow password section
27324 move authentication code from check.c to auth.c
27327 * Makefile.in, check.c, sudo.h:
27328 move authentication code to auth.c
27331 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
27333 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
27334 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
27335 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
27336 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
27338 Move interface-related defines to interfaces.h so we don't have to
27339 include <netinet/in.h> everywhere.
27342 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
27344 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
27345 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
27346 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
27347 turns out the old DES crypt does the right thing with passwords
27348 longert than 8 characters. o Fix common typo (necesary ->
27349 necessary) o Update TODO list
27352 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
27355 set $LOGNAME when we set $USER
27358 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
27361 add comment about digital unix and interfaces.c warning with gcc
27364 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
27367 use modern paths and give examples for some of the new parser
27371 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
27377 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
27378 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
27379 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
27380 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
27381 Function names should be flush with the start of the line so they
27382 can be found trivially in an editor and with grep
27385 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
27386 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
27387 free(3) is already void, no need to cast it
27390 * logging.c, sudo.c, sudo.h:
27391 catch case where cmnd_safe is not set (this should not be possible)
27394 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
27395 testsudoers.c, visudo.c:
27396 Stash the "safe" path (ie: the one listed in sudoers) to the command
27397 instead of stashing the struct stat. Should be safer.
27400 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
27402 * INSTALL, Makefile.in, UPGRADE:
27403 notes on updating from an earlier release
27410 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
27412 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
27413 sudoers.man, sudoers.pod:
27414 You can now specifiy a host list instead of just a host or alias.
27415 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
27422 * parse.yacc, sudo.tab.c:
27423 Move the push from the beginning of cmndspec to the end. This means
27424 we no longer have to do a push at the end of privilege, just reset
27428 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
27429 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
27430 use "!" most everywhere
27433 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
27436 modernize paths and update su example based on sample.sudoers one
27440 New runas semantics
27443 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
27445 In estrdup(), do the malloc ourselves so we don't need to rely on
27446 the system strdup(3) which may or may not exist. There is now no
27447 need to provide strdup() for those w/o it. Also, the prototype for
27448 estrdup() was wrong, it returns char * and its param is const.
27456 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
27459 * CHANGES, TODO, parse.yacc, sudo.tab.c:
27460 It is now possible to use the '!' operator in a runas list as well
27461 as in a Cmnd_Alias, Host_Alias and User_Alias.
27464 * logging.c, sudo.h:
27465 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
27469 Definitions of *_matched were wrong--user top, not top-2 as
27473 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
27474 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
27475 command but the NOPASSWD flag was set. Make runasspec, runaslist,
27476 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
27477 in the runas list Fix double printing of '%' and '+' for groups and
27478 netgroups respectively Add *_matched macros (no need for local stack
27479 variable). Should only be used directly after a pop (since top must
27483 * aclocal.m4, configure.in:
27484 Add copyright, somewhat silly
27487 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
27489 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
27490 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
27491 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
27492 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
27493 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
27494 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
27495 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
27496 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
27498 Crank version to 1.6 and combine copyright statements
27502 Use ! not ^ to do negation
27505 * lex.yy.c, sudo.tab.c:
27509 * parse.lex, parse.yacc:
27510 Make runas and NOPASSWD tags persistent across entris in a command
27511 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
27512 runas or *PASSWD tag the value given becomes the new default for the
27513 rest of the command list.
27516 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
27520 [a1ae9d4a7d54] [SUDO_1_5_9]
27523 Shift return value of system(3) by 8 to get real exit value and if
27524 it is not 1 or 0 print the retval along with the error message.
27527 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
27530 testsudoers needs LIBOBJS too
27533 * parse.c, parse.yacc, sudo.tab.c:
27534 Fix another parser bug. For a sudoers entry like this: millert
27535 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
27543 * parse.yacc, sudo.tab.c:
27544 Save entries that match a ! command on the matching stack too
27548 Make sudo's usage info better when mutually exclusive args are given
27549 and don't rely on argument order to detect this; nick@zeta.org.au
27552 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
27554 * CHANGES, Makefile.in, RUNSON:
27562 * parse.yacc, sudo.tab.c:
27563 Fix off by one error introduced in *alloc changes
27566 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
27567 check_sia.c, compat.h, config.h.in, configure, configure.in,
27568 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
27569 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27570 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
27571 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
27572 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
27573 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
27574 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
27578 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
27579 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
27580 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
27581 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
27582 Use emalloc/erealloc/estrdup
27586 error checking memory allocation routines
27589 * parse.yacc, sudo.tab.c:
27590 Still not right, this fixes it for real
27593 * parse.yacc, sudo.tab.c:
27594 Fix for previous commit
27597 * CHANGES, INSTALL, parse.yacc:
27598 Fix a parser bug that was exposed when mixing different runas specs
27599 and ! commands. For example: millert ALL=(daemon)
27600 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
27601 as well as daemon when it should just allow daemon. The problem was
27602 that comma-separated commands in a list shared the same entry on the
27603 matching stack. Now they get their own entry iff there is a full
27604 match. It may be better to just make the runas spec persistent
27605 across all commands in a list like the user and host entries of the
27606 matching stack. However, since that is a fairly major change it
27607 should gets its own minor rev increase.
27610 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
27612 * check.c, config.h.in:
27613 Simplify PAM code and fix a PAM-related warning on Linux
27616 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
27630 * check.c, configure.in:
27631 new pam code that works on solaris, should work on linux too;
27635 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
27642 only include strings.h if there is no string.h
27645 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
27648 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
27651 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
27654 shost must be set before log functions are called #ifdef HOST_IN_LOG
27657 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
27659 * CHANGES, lex.yy.c, parse.lex:
27660 Fix a bug wrt quoting characters in command args. Stop processing
27661 an arg when you hit a backslash so the quoted-character detection
27665 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
27668 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
27671 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
27673 * configure, configure.in:
27674 add missing case statement so --without-sendmail works
27677 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
27683 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
27685 * configure, configure.in:
27686 only search for -lsun in irix <= 4.x
27689 * configure, configure.in:
27690 back out last configure.in change now that I've hacked autoconf to
27691 fix the real problem and add a missing newline
27699 add def of dirfd() for those without it
27702 * configure, configure.in:
27703 When falling back to checking for socket() when linking with
27704 "-lsocket -lnsl" check for main() instead since autoconf has already
27705 cached the results of checking for socket() in -lsocket. This is
27706 really an autoconf bug as it should use the extra libs as part of
27707 the cache variable name.
27714 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
27717 fix occurrence of $with_timeout that should be
27718 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
27722 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
27724 * sudo.cat, sudo.html, sudo.man, sudo.pod:
27725 fix grammar; espie@openbsd.org
27726 [7031d9dfbc3e] [SUDO_1_5_8]
27728 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
27730 * parse.yacc, sudo.c, testsudoers.c:
27731 add cast for strdup in places it does not have it
27734 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
27736 * configure, configure.in:
27737 define for_BSD_TYPES irix
27740 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
27742 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
27743 Make it clear that it is the user's password, not root's, that we
27748 If the user enters an empty password and really has no password,
27749 accept the empty password they entered. Perviously, they could
27751 *but* an empty password. Also, add GETPASS macro that calls either
27752 tgetpass() or getpass() depending on how sudo was configured.
27753 Problem noted by jdg@maths.qmw.ac.uk
27756 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
27758 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
27759 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
27760 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27761 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
27762 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
27763 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
27765 add explicate copyright
27769 mention -lsocket, -lnsl configure changes
27772 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
27775 Don't clobber errno after calling check_sudoers().
27778 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
27780 * configure, configure.in:
27781 When linking with both -lsocket and -lnsl be sure to do so in that
27782 order. Also, when we can't find socket() or inet_addr() and have to
27783 try linking with both libs, issue a warning.
27786 * sudo.cat, sudo.man, sudo.pod:
27787 clarify bad timestamp and fmt
27790 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
27793 be clear that pam is linux-only and add a RUNSON entry
27796 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
27798 * CHANGES, INSTALL, configure, configure.in:
27799 fix and correctly document --with-umask; problem noted by
27803 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
27805 * configure, configure.in:
27806 only use /usr/{man,catman}/local to store man pages if suer didn't
27807 override prefix or mandir
27810 * INSTALL, configure, configure.in:
27811 fix typo, make --with-SecurID take an arg
27814 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
27820 * CHANGES, INSTALL, check.c, configure, configure.in:
27821 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
27824 * configure, configure.in:
27825 better fix for the problem of unresolved symbols in -lnsl or
27829 * configure, configure.in:
27830 when checking for functions in -lnsl and -lsocket link with both of
27831 them to avoid unresolved symbols on some weirdo systems
27834 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
27836 * BUGS, CHANGES, RUNSON, TODO:
27837 old changes that didn't make it into RCS before the RCS->CVS switch
27840 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
27842 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
27843 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
27844 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
27845 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
27846 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
27847 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
27848 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
27861 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
27862 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
27863 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
27864 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
27865 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
27866 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
27867 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
27868 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
27869 crank version and regen files
27873 kill rcs goop in update_version and fix now that version is a const
27876 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
27877 sudo.c, sudo.h, sudo.pod:
27878 kerb5 support from fcusack@iconnet.net
27881 * realpath.c, sudo_realpath.c:
27882 we no longer use realpath
27886 replaced by find_path.c
27890 all options are now configure flags
27898 superceded by getcwd.c
27902 superceded by tgetpass.c
27906 superceded by RUNSON
27910 No longer used now that we have configure options for everything.
27914 regen based on configure.in
27917 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
27918 sudoers.man, visudo.cat, visudo.html, visudo.man:
27919 regen based on sudo.pod, sudoers.pod, and visudo.pod
27922 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
27925 fix tty tickets in remove_timestamp (didn't use ':')
27928 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
27931 close sock when we are done with it
27934 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
27937 never say "error on line -1"
27940 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
27943 check for -lnsl before -lsocket
27947 quote '[', ']' used in ranges correctly
27950 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
27953 add missing NO_ROOT_SUDO noted by drno@tsd.edu
27956 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
27963 more info for 1.5.7
27971 make increases of cm_list_size and ga_list_size be similar to
27972 increases of stacksize (ie: >= not > in initial compare).
27976 when we get a syntax error, report it for the previous line since
27977 that's generally where the error occurred.
27980 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
27982 * config.h.in, configure.in, interfaces.c:
27983 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
27985 [d197f31fd1e4] [SUDO_1_5_7]
27988 define BSD_COMP for svr4
27991 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
27992 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
27993 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
27994 testsudoers.c, tgetpass.c, utime.c, visudo.c:
27999 kill check for sockio,h
28003 no more HAVE_SYS_SOCKIO_H
28006 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
28007 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
28008 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
28009 testsudoers.c, tgetpass.c, utime.c, visudo.c:
28013 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
28016 add missing inform_user()
28019 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
28022 return NOT_FOUND if given fully qualified path and it does not exist
28023 previously it would perror(ENOENT) which bypasses the option to not
28028 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
28032 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
28035 tty tickets are user:tty now
28039 when using tty tickets make it user:tty not user.tty as a username
28040 could have a '.' in it
28043 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
28046 add "ignoring foo found in ." for auth successful case
28049 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
28052 add missing printf param
28055 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
28057 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
28058 go back to printing "command not found" unless --disable-path-info
28059 specified. Also, tell user when we ignore '.' in their path and it
28060 would have been used but for --with-ignore-dot.
28064 Only one space after a colon, not two, in printf's
28067 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
28070 document setting $USER
28074 fix bugs with prompt expansion
28078 set $USER for root too
28081 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
28088 HP-UX's iscomsec is in -lsec, not libc
28092 remove some entries in the OS case statement that did nothing
28096 add "cd" section and flush out syslog section
28100 no more sudo-lex.yy.c
28104 add custom prompt support
28108 kill perror("malloc") since we already have a good error messages
28109 pw_ent -> pw for brevity
28113 kill perror("malloc") since we already have a good error messages
28114 pw_ent -> pw for brevity set $USER if -u specified
28118 kill perror("malloc") since we already have a good error messages
28122 kill perror("malloc") since we already have a good error messages
28123 pw_ent -> pw for brevity when checking if %group matches, look up
28124 user in password file so that %groups works in a RunAs spec.
28128 kill perror("malloc") since we already have a good error messages
28131 * check.c, getspwuid.c, interfaces.c:
28132 kill perror("malloc") since we already have a good error messages
28133 pw_ent -> pw for brevity
28136 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
28139 the prompt is expanded before tgetpass is called
28143 tgetpass now has the same args as getpass again
28147 add iscomsec, issecure support
28151 we now expand any %h or %u in the prompt before passing to tgetpass
28155 add check for syslog(3) in -lsocket, -lnsl, -linet
28159 add HAVE_ISCOMSEC and HAVE_ISSECURE
28163 add check for iscomsec in HP-UX
28167 check for issecure if we have getpwanam on SunOS some options are
28168 incompatible with DUNIX SIA check for dispcrypt on DUNIX
28171 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
28178 add back support for non-dispcrypt based checking for older DUNIX
28186 SIA becomes the default on Digital UNIX now havbe --disable-sia to
28191 move local includes after system ones
28194 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
28196 * check.c, check_sia.c, sudo.h:
28197 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
28202 fix while loop in sia_attempt_auth() that checks the password. Only
28203 the first iteration was working.
28206 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
28209 don't trust UID_MAX or MAXUID
28220 * getspwuid.c, secureware.c:
28221 init crypt_type to INT_MAX since it is legal to be negative in DUNX
28226 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
28227 -ldb since DUNX < 4.0 lacks it
28230 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
28232 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
28233 secureware.c, sudo.c, tgetpass.c:
28234 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
28235 minutes if the shadow files don't exist).
28238 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
28241 updated --with-editor blurb
28245 tell how to put sudoers in a different dir
28249 add missing quotes around $with_editor
28253 typo in --with-editor bits
28257 I don't expect it to work on Solaris
28261 add back security/pam_misc.h
28264 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
28267 remove dunix note since configure checks for this now
28271 add check for broken dunix prot.h (4.0 < 4.0D is bad)
28274 * getspwuid.c, secureware.c, tgetpass.c:
28275 new dunix shadow code, use dispcrypt(3)
28283 call initprivs() if we have it for getprpwuid later on
28287 clean pathnames.h too
28291 quote "Sorry, try again." with [] since it has a comma in it set
28292 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
28293 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
28298 update Digital UNIX note about acl.h
28303 --without-root-sudo -> --disable-root-sudo some reordering
28310 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
28318 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
28321 when checking for -lsocket, -lnsl, and -linet, check for the
28322 specific functions we need from them.
28325 * config.h.in, sudo.h:
28326 move Syslog_* defs into sudo.h
28329 * Makefile.in, sudo.h:
28330 added check_secureware
28334 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
28338 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
28339 defined. configure now does that for us
28343 move some --with options around change a bunch of echo's to
28344 AC_MSG_CHECKING, AC_MSG_RESULT pairs
28348 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
28349 syntax error add some echo verbage
28352 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
28355 moved SecureWare stuff into secureware.c
28363 update url to solaris gcc bins
28367 change option formatter and flesh out someentries
28370 * TROUBLESHOOTING, sudo.pod, visudo.pod:
28371 environmental variable -> environment variable
28375 everything is now done via configure
28383 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
28387 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
28391 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
28392 sudoers_mode from configure
28396 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
28397 the Makefile, not config.h
28401 document all --with/--enable options
28404 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
28407 options.h is no more
28411 assimilated options.h
28415 moved options from options.h to configure
28418 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
28419 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
28420 sudo_setenv.c, visudo.c:
28424 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
28425 remove references to options.h
28428 * dce_pwent.c, interfaces.c, sudo.c:
28433 if select return < -1 still prompt for pw
28437 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
28442 FAST_MATCH is no longer an optino
28446 remove_timestamp() if timestamp is preposterous
28450 convert more options to --with/--enable
28453 * INSTALL, aclocal.m4:
28458 convert more options into --with and --enable
28462 catch EINTR in select and restart
28469 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
28472 UMASK -> SUDO_UMASK.
28475 * check.c, logging.c:
28476 time.h, not sys/time.h
28479 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
28482 MAILER -> _PATH_SENDMAIL
28485 * INSTALL, configure.in:
28486 no more --with-C2, now it is --disable-shadow
28489 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
28490 getspwuid.c, sudo.c, tgetpass.c:
28491 new shadow password scheme. Always include shadow support if the
28492 platform supports it and the user did not disable it via configure
28495 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
28498 --with-getpass -> --{enable,disable}-tgetpass
28502 pathnames.h -> pathnames.h.in
28510 move pam_conv to be static to auth function remove pam_misc.h
28511 (solaris doesn't have one)
28515 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
28519 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
28523 convert to pathnames.h.in
28526 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
28529 fix typo in sysv4 matching case /.
28532 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
28535 pam stuff needs to run as root, not user, for shadow passwords
28538 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
28540 * BUGS, INSTALL, README, configure.in:
28544 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
28545 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
28546 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
28547 logging.c, options.h, parse.c, parse.lex, parse.yacc,
28548 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
28549 testsudoers.c, tgetpass.c, utime.c, visudo.c:
28554 user version.h for long message
28558 this is version 1.5.6
28561 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
28564 remove errant backslash
28567 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
28569 * options.h, parse.yacc, pathnames.h.in:
28571 [fdee73255d64] [SUDO_1_5_6]
28573 * BUGS, CHANGES, TODO:
28581 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
28584 kill unused localhost_mask var copy if name to ifr_tmp after we zero
28588 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
28591 Better description of new vs. old sudoers modes fix some typos
28592 better description of /usr/ucb/cc gotchas on slowaris
28600 set NewArgv[0] to user_shell, not basename(user_shell)
28603 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
28606 mention TROUBLESHOOTING more fix some typos
28610 move --enable/--disable to be after --with
28614 document --enable/--disable
28618 document --with-pam
28621 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
28624 Add message for pam users
28635 * check.c, config.h.in, configure.in:
28636 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
28639 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
28642 add HOST_IN_LOG and WRAP_LOG
28646 add WRAP_LOG and HOST_IN_LOG
28650 add --enable-log-host and --enable-log-wrap
28654 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
28657 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
28664 include sys/param.h to get howmany macro
28667 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
28669 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
28673 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
28676 bring in stdio.h for NULL
28680 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
28684 use HAVE_SET_AUTH_PARAMETERS
28688 add HAVE_SET_AUTH_PARAMETERS
28692 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
28696 add support for HI-UX/MPP SR220001 02-03 0 SR2201
28700 initialize previfname
28704 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
28705 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
28714 don't need special build line for sudo.tab.o
28718 don't clean sudo.tab.[ch]
28722 Sudo should prompt for a password before telling the user that a
28723 command could not be found.
28731 no longer require yacc
28739 y.tab -> sudo.tab include pre-yacc'd parse.yacc
28743 include sudo.tab.h, not y.tab.h don't break out of command args if
28751 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
28760 getcwd(3) from OpenBSD for those without it.
28764 HAVE_GETWD -> HAVE_GETCWD
28768 pretend sunos doesn't have getcwd(3) since it opens a pipe to
28777 remove duplicate include of string.h
28781 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
28785 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
28789 add dev_t and ino_t
28792 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
28795 fix OTP_ONLY for opie
28798 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
28800 * testsudoers.c, tgetpass.c:
28801 include stdlib.h for malloc proto
28804 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
28807 make update_version saner
28811 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
28815 check for waitpid and wait3 or no waitpid
28819 used waitpid or wait3 if we have 'em
28822 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
28825 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
28828 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
28831 don't need to explicately mention -lsocket -lnsl for sequent
28834 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
28837 dynix should not link with -linet
28840 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
28843 mention that HP-UX doesn't ship with yacc
28846 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
28849 ignore kerberos if we can't get the local realm
28852 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
28854 * BUGS, INSTALL, README, configure.in:
28862 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
28863 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
28864 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
28865 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
28874 don't use popen/pclose. Do it inline.
28885 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
28886 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
28891 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
28896 getwd.c -> getcwd.c
28908 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
28912 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
28914 * OPTIONS, options.h:
28915 add STUB_LOAD_INTERFACES
28918 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
28919 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
28920 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
28921 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
28922 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
28923 testsudoers.c, tgetpass.c, utime.c, visudo.c:
28928 support *-ccur-sysv4 and fix two typos
28931 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
28934 don't echo about with_logfile and with_timedir
28938 document --with-logfile and --with-timedir
28942 support --with-logfile and --with-timedir
28946 Add --with-logfile and --with-timedir
28950 change size computation of NewArgv for UNICOS
28953 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
28956 treate -*-sysv4* like *-*-svr4
28959 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
28962 fix spacing for --with-authenticate help
28965 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
28966 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
28967 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
28968 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
28969 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
28970 testsudoers.c, tgetpass.c, utime.c, visudo.c:
28975 fix off by one error in push macro
28978 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
28981 removed bogus alloca hack
28985 added AIX 4.x authenticate() support
28989 include alloca.h if using bison and not gcc and it exists. fixes an
28990 alloca problem on hpux 10.x
28994 mention --with-authenticate
28998 added AIX authenticate() support
29002 add HAVE_AUTHENTICATE
29006 dynamically size ifconf buffer
29013 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
29014 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29015 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29016 logging.c, options.h, parse.c, parse.lex, parse.yacc,
29017 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29018 testsudoers.c, tgetpass.c, utime.c, visudo.c:
29026 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29029 add busy stmp file explanation
29032 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
29035 the name of the cached var that signals whether or not you are cross
29036 compiling changed. It is now ac_cv_prog_cc_cross
29039 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
29042 mention glibc 2.07 is fixed wrt lsearch()\.
29045 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
29047 * sample.sudoers, sudoers.pod:
29048 better example of su but not root su
29051 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
29053 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
29054 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29055 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29056 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
29057 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29058 testsudoers.c, tgetpass.c, utime.c, visudo.c:
29063 correct regexp for updating version
29067 remove bogus flush of stderr spew prompt before turning off echo.
29068 Seems to fix a weird problem where if sudo complained about a bogus
29069 stamp file the user would sometimes not have a chance to enter a
29074 fix bogus flush of stderr
29078 close fd's <=2 not <=3 and move that chunk of code up
29082 support hpux1[0-9] not just hpux10
29085 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
29088 set sudoers_fp to nil after closing
29091 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
29093 * config.guess, config.sub:
29094 updated from autoconf 2.12
29101 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
29104 fix select usage for high fd's (dynamically allocate readfds)
29108 kill extra whitespace
29112 do an initgroups() before running a command, unless the target user
29116 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
29119 tell people to use tabs, not spaces, in syslog.conf
29122 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
29124 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
29125 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
29129 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
29130 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
29134 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29135 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
29140 more tweaks to update_version
29144 fixed up update_version rule
29152 removed supe of check.c
29163 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
29164 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
29165 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29166 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
29167 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
29168 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
29178 add rules to update version stuff in files so I don't need to do it
29183 sudoers_fp is now extern
29187 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
29188 don't have to open it again in the parse. This may help with weird
29189 solaris problems where EAGAIN sometime occurrs.
29193 sudoers file open is now done only in check_sudoers() so we just do
29194 a rewind() instead of an open. May help people on solaris who were
29198 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
29201 mention that newer glibc is fixed
29204 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
29207 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
29208 _RLD* instead of _RLD_*
29216 fix that bug for real
29220 document Linux's libc6 brokenness.
29229 [4949a1bbd0a9] [SUDO_1_5_4]
29232 remind people to HUP syslogd
29248 remove author's email addr. people should mail sudo-bugs
29255 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
29256 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
29257 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
29258 logging.c, options.h, parse.c, parse.lex, parse.yacc,
29259 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29260 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
29268 * INSTALL, Makefile.in:
29277 exit(1) if user enters no passwd
29285 commands can start with ./* not just /* -- fixes a serious security
29289 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
29292 Don't set the tty variable to NULL when we lack a tty, leave it as
29296 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
29299 fix usage of (username) in conjunction with , and !
29303 catch the case where the user is not in the passwd file
29307 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
29312 define tty global to an initial value to avoid dumping core in
29313 logging functions when passwd file is unavailable.
29317 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
29322 talk about problem of ALL
29325 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
29332 fdesc bug is fixed in Open/Net BSD
29336 updates from Nieusma
29339 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
29342 move compat.h after the system includes
29345 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
29348 save errno from being clobbered by wait(). From Theo
29351 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
29354 fix an occurence of setresuid -> setreuid (typo)
29357 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
29360 check for path to strip
29363 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
29366 deal with maxfilelen < 0 case
29373 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
29376 correct error message if mode/owner wrong and not statable by owner
29377 but is statable by root.
29380 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
29382 * config.guess, config.sub:
29386 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
29388 * CHANGES, RUNSON, TODO:
29392 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
29394 * parse.yacc, sudo.h:
29395 command_alias -> generic_alias
29396 [c404ca8c510d] [SUDO_1_5_3]
29399 added Runas_Alias example and fixed syntax errors
29402 * OPTIONS, options.h:
29403 updated MAILSUBJECT
29410 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
29411 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
29412 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29413 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
29414 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
29415 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
29420 * BUGS, emul/utime.h:
29425 document Runas_Alias
29433 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
29438 add size params to sprintf
29442 allow trailing space after '\\' but before '\n'
29446 off by one error in path size check
29453 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
29460 now warns if killed by signal ./
29463 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
29466 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
29471 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
29475 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
29479 Add Runas_Alias and simplify a rule.
29483 always store User_Alias's since they can be used inside of a runas
29484 list. Sigh. Really need a Runas_Alias instead.
29487 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
29490 deal with case where there is no sudoers file
29493 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
29499 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
29501 * HISTORY, testsudoers.c:
29502 developement -> development
29517 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
29520 removed seteuid() notes
29521 [1010a60f281d] [SUDO_1_5_2]
29523 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
29526 better seteuid() emulatino
29530 added check for seteuid
29537 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
29540 first stab at sequent support
29544 added HAVE_SYS_SELECT_H
29548 sequent -> _SEQUENT_
29552 added seteuid() macro for DYNIX
29556 _AIX -> HAVE_SYS_SELECT_H
29559 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
29561 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
29562 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
29563 testsudoers.c, tgetpass.c, utime.c, visudo.c:
29567 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
29568 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
29569 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
29570 pathnames.h.in, version.h:
29575 added -H and SUDO_PS1
29579 use SUDO_FUNC_FNMATCH
29583 added SUDO_FUNC_FNMATCH
29591 added MODE_RESET_HOME /
29594 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
29608 * compat.h, config.h.in:
29613 added HAVE_OPIE and changed to *_OTP_*
29620 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
29623 moved fclose() in skey stuff.
29626 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
29629 index -> strchr remove unnecesary stuff
29633 now call skeychallenge() to get challenge instead of making one up
29634 ourselves. this way, we get extra goodies in the prompt.
29637 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
29641 [3f5149357e2a] [SUDO_1_5_1]
29644 allow logins to start with a number (YUCK!)
29647 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
29650 added soalris 2.5 vs 2.4 note
29654 DUNIX doesn't need -lnsl
29658 *** empty log message ***
29661 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
29662 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
29663 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
29664 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
29665 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
29666 utime.c, version.h, visudo.c:
29670 * PORTING, README, RUNSON:
29674 * INSTALL, Makefile.in, TROUBLESHOOTING:
29679 *** empty log message ***
29682 * sudo.pod, visudo.pod:
29686 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
29692 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
29695 added $SUDO_PROMPT support
29698 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
29701 print long skey challemged to stderr, not stdout
29704 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
29714 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
29720 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
29723 use shost, not host for tgetpass
29727 documented %u and %h
29731 documented %u and %h
29738 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
29739 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29740 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29741 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
29742 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29743 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
29751 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
29753 * Makefile.in, configure.in, version.h:
29758 new tgetpass() params
29762 pass use and host to tgetpass
29766 added %u and %h escapes
29769 * OPTIONS, check.c, options.h:
29774 added cray (unicos) support
29777 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
29779 * OPTIONS, options.h, sudo.c:
29780 added SHELL_SETS_HOME
29783 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
29786 added note about "make install"
29790 changed length/size params from int to size_t
29794 now get CSOPS insults as well by default
29798 use csops insults too by default
29801 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
29806 added runas_homedir
29822 added "upgrading" notes
29825 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
29828 now do chmod and chown after edit of temp file and before rename
29829 [de174e34faa7] [SUDO_1_5_0]
29831 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
29834 ++version added INSTALL.configure
29837 * configure.in, version.h:
29842 *** empty log message ***
29850 sets $HOME to pw_dir of runas user
29854 document $HOME change
29857 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
29860 fixed up some wording
29863 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29864 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
29865 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
29870 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29871 insults.h, options.h, pathnames.h.in, sudo.h:
29880 name nad type changes
29884 now works with new sudo
29892 some variable name changes + comment headers for functions.
29896 added extra paren's to make compilers happy
29900 *** empty log message ***
29904 now uses init_parser() if not in sudoers and tries "list" or
29905 "validate" scold but don't be nasty.
29909 now can use upper case login names
29913 now uses init_parser()
29921 added info about PASSWORD_TIMEOUT
29924 * INSTALL.configure:
29933 now dynamically allocates memory for the stacks -- no more
29938 -l now explands command aliases
29942 hacks to expand command aliases for `sudo -l'
29946 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
29950 added struct command_alias
29958 in compar() key should be first arg
29961 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
29968 can now deal with upcase HOST and USER names
29972 don't yell too loudly at non-sudoers if they do "sudo -l"
29983 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
29985 * parse.c, parse.yacc:
29986 added support for new `sudo -l' stuff
29990 now uses list_matches()
29994 added struct sudo_match
29998 now more -lgnumalloc
30001 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
30004 added more paths for chown and whoami
30007 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
30013 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
30016 fixed DUNIX check for shadow pw
30020 now only turn off echo if it is already on. this fixes a race when
30021 you use sudo in a pipelin
30029 changed "test -z $foo && do_this" to if; then construct
30032 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
30035 added missing defines of SHADOW_TYPE
30038 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
30041 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
30046 added AUTH_CRYPT_C1CRYPT support
30050 no longer return VALIDATE_NOT_OK if there was a runas that didn't
30051 match. Now we can have runas stuff on more than one line.
30054 * getspwuid.c, sudo.c, tgetpass.c:
30055 use SHADOW_TYPE instead of HAVE_C2_SECURITY
30059 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
30064 removed HAVE_C2_SECURITY added SPW_BSD
30068 use SHADOW_TYPE instead of HAVE_C2_SECURITY
30072 SHADOW_TYPE is always defined so just against its value
30076 added SUDO_CHECK_SHADOW_DUNIX
30079 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
30082 * -> ?* in one example added another instance of (runas) and one of
30086 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
30089 added back check for config.cache from other host type
30093 removed an instance of \"
30101 updated wrt new wildcard matching
30105 new check for shadow passwords if we don't know anything
30109 new SUDO_CHECK_SHADOW_GENERIC
30113 added back check for -lsocket (oops)
30117 better (working) check for shadow passwd type if we know to use C2.
30121 now uses AC_CANONICAL_HOST to figure out os type
30125 added config.{guess,sub}
30129 removed unused stuff to figure out os type
30145 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
30146 pathname. need to check against sudoers_args even if user_args is
30151 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
30152 pathname need to check against sudoers_args even if user_args is nil
30155 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
30158 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
30162 now takes command line args and uses cmnd_args
30166 fill_args was adding an extra leading space
30169 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
30172 fixed dummy command_matches()
30184 now uses flat args string
30187 * parse.c, parse.lex:
30188 now uses flat arg string
30192 added cmnd_args def
30196 now sets cmnd_args global
30200 cmnd_args is now exported from sudo.[ch]
30203 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
30206 can't rely on cmnd_matches as much as I thought -- added some $$
30207 stuff back in to prevent namespace pollution problems.
30211 Simplified parse rules wrt runas and NOPASSWD (more consistent).
30214 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
30217 NOPASSWD may now have blanks before the ':' '(' only starts a
30218 'runas' if in the initial state to avoid collision with command args
30222 added checks for specific shadow passwd schemes
30226 added routines to check for specific shadow passwd types
30229 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
30232 added support for ncr boxen
30236 added support for detecting ncr boxen
30239 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
30242 added sinix support
30245 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
30248 added info about "config.cache from other other" error.
30252 now makes sure you don't have a config.cache file from another OS
30256 now sets $LIBS when needed to configure links with libs when doing
30257 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
30258 bigcrypt(3) if SPW_SECUREWARE
30266 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
30274 no more SPW_HPUX10 added HAVE_BIGCRYPT
30278 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
30282 SPW_SECUREWARE now uses bigcrypt
30285 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
30288 fixed 2 syntax errors
30292 root may now run ALL as ALL
30295 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
30298 fixed a typo/thinko that broke BSD's with sa_len
30301 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
30303 * check.c, configure.in:
30304 updated AFS support
30308 added entry about /usr/ucb/cc
30312 prep no longer holds gcc binaries
30324 AFS allows long passwords
30328 fixed -u user support
30332 sudo -v now groks VALIDATE_OK_NOPASS
30336 fixed no_passwd vs. runas_matched
30340 took out stuff about NFS-mounting since it is no longer an issue
30344 added --with-libraries > --with-libpath --with-incpath
30348 was setting runas_matches to -1 in wrong place
30352 removed usersec.h which is not present in new AFS versions
30356 now deals with timeout <= 0
30364 BSD/OS >= 2.0 now uses shlicc instead of just gcc
30368 fixed backwards compatibility with sudo 1.4 sudoers mode for root
30369 readable/writable filesystems
30373 now gives INSTALL -c flag
30377 slightly simpler initialization of no_passwd and runas_matches
30381 added -u username support
30385 improved --with-libraries support
30388 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
30391 added --with-incpath, --with-libpath, --with-libraries
30395 now initializes some fields that weren't getting set to -1 pretty
30396 gross -- need a rewrite.
30399 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
30406 no longer add -lPW to *_LIBS since we include alloca.c
30410 added HAVE_ALLOCA_H
30425 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
30428 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
30429 not always set to a valid uid.
30433 fixed entry for SUDO_MODE
30437 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
30438 being set to -2. Now beat NFS to the punch and set uid to "nobody"
30439 ourselves, preserving group 0 to read sudoers.
30443 moved set_perms(PERM_ROOT) to be before yyparse()
30451 no longer need AC_PROG_INSTALL
30455 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
30459 make clean -> make distclean
30462 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
30465 removed some unnecsary if's
30468 * Makefile.in, version.h:
30472 * parse.c, testsudoers.c:
30473 now includes netgroup.h
30477 removed cats of ioctl to int since they didn't shut up -Wall
30481 explicately cast ioctl() to int since it it not always declared
30485 added declarations for yyparse() and yylex()
30489 fixed an occurence of '==' -> '='
30492 * config.h.in, configure.in:
30493 added check for netgroup.h
30497 fixed 2 compiler warnings
30501 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
30505 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
30511 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
30514 fixed a formatting thingie
30517 * parse.c, parse.yacc:
30518 fixed -u support with multiple user lists on a line
30522 unixware needs -lgen
30526 updated ftp location
30530 add net_addr/netmask support
30534 added net_addr/mask example
30537 * parse.c, parse.lex:
30538 added support for net_addr/netmask
30541 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
30547 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
30557 * BUGS, TODO, TROUBLESHOOTING:
30562 updated with examples of new stuff
30570 updated wrt -u and NOPASSWD
30574 updated wrt -u and CAVEATS
30577 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
30584 now use :foo: character classes (makes no diff for generated lexer)
30587 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
30590 fixed LONG_SKEY_PROMPT stuff
30593 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
30600 make more like NetBSD one -- now compiles w/o warnings
30604 fixed decls of lsearch()
30607 * config.h.in, configure.in, getspwuid.c:
30612 hpux 10 uses bigcrypt() if C2
30615 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
30618 now always uses fnmatch to match args
30622 back to using stdio instead of raw i/o since that caused some
30626 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
30629 now give usage warning if use -l,-v,-k with args
30632 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
30635 NewArgc is now set to 1 for -l, -v, -k
30639 now sets sudoers to correct group if mode is 0400
30643 updated to version used by inn and bind
30647 now uses -lgnumalloc if it exists
30651 "make install" now sets uid/gid and mode on sudoers if it exists
30655 rmeoved debugging statements
30659 added a missing free()
30663 now uses user_gid instead of getegid (which was wrong anyway) to set
30664 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
30665 (logging.c depends on args being in the environment)
30669 now uses SUDO_COMMAND envariable to get command args rather than
30670 building it up again.
30678 fixed off by one error in allocation NewArgv
30682 in sudoers, 'command ""' now means command with no args
30686 added check for fnmatch(3) and fnmatch.h
30694 replaced wildcat.* with fnmatch.*
30701 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
30704 now uses fnmatch() instead of wildmat a trailing star (*) by itself
30705 now matches multiple args added support for wildcards in the
30706 pathname in sudoers
30709 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
30712 now includes compat.h and config.h
30716 added HAVE_FNMATCH_H
30720 now checks for alloca() (if needed by bison or dce) and links with
30721 -lPW if it contains alloca() and libv and compiler do not.
30724 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
30728 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
30731 now fixes mode on sudoers if set to 0400 to aid in upgrade
30734 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
30737 fixed pod2man usage
30740 * Makefile.in, configure.in, version.h:
30744 * testsudoers.c, visudo.c:
30745 runas_user is now initialized to "root"
30749 removed PERM_FULL_ROOT
30753 runas_user defaults to "root" so no more need to PERM_RUNAS
30757 will now only running commands as root if there was no runas list
30758 (or if root is in the runas list)
30766 runas_matches is now set to false if we get a negative match
30770 make #uid work + some minor cleanup
30774 added support for NOPASSWD and "runas" from garp@opustel.com /
30778 added support for "runas" from garp@opustel.com replaced
30779 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
30784 added support for "runas" from garp@opustel.com
30788 added support for NO_PASSWD and runas from garp@opustel.com replaced
30789 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
30794 added support for NO_PASSWD and runas from garp@opustel.com replaced
30795 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
30800 added support for NO_PASSWD and runas from garp@opustel.com
30803 * parse.c, parse.lex:
30804 added support for NO_PASSWD and runas from garp@opustel.com
30808 added support for SUDOERS_WRONG_MODE and "runas"
30812 added --with-CC only link with -lshadow on linux (with shadow pw) if
30813 libc lacks getspnam()
30816 * OPTIONS, options.h:
30817 removed NO_PASSWD since it is not possible to do this in the sudoers
30818 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
30819 SUDOERS_GID. Added SUDOERS_MODE.
30823 now uses SUDOERS_UID and SUDOERS_GID
30826 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
30832 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
30835 added double quote support
30839 documented double quoting
30842 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
30849 fixed some indentation
30857 added install-dirs .
30860 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
30863 new version from "Jeff A. Earickson" <jaearick@colby.edu>
30866 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
30869 $CSOPS -> $with_csops (whoops, missed one)
30877 FQHOST now has same constraints as non-FQHOST
30881 added note about OS's w/ shadow passwords turned on by default
30884 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
30891 added support for --without-THING sanitized shadow pw situtation by
30897 fixed a typo wrt placement of an end paren
30901 was closing an fd that may not have been opened
30904 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
30906 * OPTIONS, options.h, sudo.c:
30910 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
30913 now always use shadow pw on some arches
30916 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
30919 added pyramid support
30923 no longer check for C2 if alternate passwd method is used no longer
30924 check for some libs twice
30928 moved fqdn stuff into parse.lex (FQHOST)
30936 now define TCSASOFT in necesary
30940 now uses read/write instead of stdio string goop to avoid problems
30944 * OPTIONS, find_path.c, options.h:
30945 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
30948 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
30951 added note about no shadow auto-detect if using alternate auth
30956 don't check for C2 if AFS or DCE (unless they said --with-C2)
30963 * OPTIONS, find_path.c, options.h:
30967 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
30970 checkdot now works correctly
30973 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
30976 can't have DCE and C2 passwords both...
30979 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
30981 * parse.yacc, sudo.c, sudo.h, visudo.c:
30982 now uses shost even if not FQDN
30986 now looks for skey in /usr/lib and doesn't require libskey to be in
30987 /usr/local/lib just because skey.h is (for my netbsd box :-)
30990 * aclocal.m4, config.h.in, pathnames.h.in:
30991 _SUDO_PATH_ -> _CONFIG_PATH_
30994 * aclocal.m4, sudo.pod:
30995 /var/run/.odus -> /var/run/sudo
30999 now uses _SUDO_PATH_TIMEDIR
31006 * aclocal.m4, configure.in:
31011 added _SUDO_PATH_TIMEDIR
31015 updated wrt /var/run/sudo
31019 added support for shost if FQDN
31022 * parse.yacc, visudo.c:
31023 now uses shost if FQDN
31027 Now use skeylookup() instead off skeychallenge()
31030 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
31033 mail_argv should not contain ALERTMAIL as it includes "-t"
31036 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
31038 * INSTALL, Makefile.in, README, configure.in, version.h:
31043 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
31047 now includes limits.h moved _PASSWD_LEN -> compat.h
31050 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
31068 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
31075 done for 1.4.1 (I hope)
31079 added info on wildcards
31083 added wildcard example
31087 now uses *.pod to build *.man and *.cat & *.html
31091 addedSUDO_PROG_BSHELL !ll
31095 fixed up some formatting
31099 redid section describing sample sudoers stuff
31103 fixed some formatting
31107 now treats "" as bourne shell
31111 TESTOBJS nwo includes wildmat.o
31115 now works with NewArg[cv]
31119 removed an XXX (fixed it in getspwuid.c)
31123 added check for bourne shell
31131 added _SUDO_PATH_BSHELL
31134 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
31137 unixware vi returns 256 instead of 0
31145 fixed up some XXX's. file log format now looks a little more like
31146 real syslog(3) format.
31149 * README, TROUBLESHOOTING:
31150 updated wrt lex/flex
31154 commented out rule to build lex.yy.c from parse.lex since we ship
31155 with a pre-flex'd parser
31158 * parse.c, parse.yacc, visudo.c:
31159 path_matches -> command_matches
31163 eliminated some strcat()'s
31167 no longer checks for lex/flex (now assumes flex)
31171 now checks for $kerb_dir_candidate/krb.h instead of just
31175 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
31178 now use a 'hook' expression instead of an iffy one :-)
31181 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
31184 now works with new sudo arg stuff
31188 fixed dereferencing deadbeef
31192 changed an occurrence of Argv to NewArgv
31196 took out support for quoted commands since there is no need...
31200 fixed a typo in a for() loop
31204 protected against dereferencing rogue pointers
31208 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
31209 also allows us to eliminate some kludges in parse_args() and
31210 eliminate superfluous code.
31214 no longer uses cmnd_args, now uses NewArgv instead.
31218 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
31223 added wildmat.c to SRCS & SUDOBJS
31227 COMMAND is now a struct containing the path and args
31231 replaced append() with fill_cmnd() and fill_args. command args from
31232 a sudoers entry are now stored in an arrary for easy matching.
31236 command line args from sudoers file are now in an array like ones
31237 passed in from the command line
31240 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
31243 wildwat stuff now works
31246 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
31253 ++version added wildmat.*
31256 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
31259 added support for quoted commands (w/ or w/o args)
31262 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
31264 * sudo.pod, visudo.pod:
31265 cleaned up formatting
31268 * sudo.pod, visudo.pod:
31272 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
31275 looks reasonable, could be mroe readable
31282 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
31289 updated NO_ROOT_SUDO entry
31292 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
31295 *** empty log message ***
31296 [5b63de579ff7] [SUDO_1_4_0]
31307 AIX aixcrypt.exp now uses $(srcdir)
31311 added entry for anal ansi compilers
31314 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
31317 added info on libcrypt_i for SCO
31321 *** empty log message ***
31336 * INSTALL, OPTIONS, README, config.h.in, configure.in:
31341 ++version and fixed ISC
31344 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
31345 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
31346 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
31347 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
31353 added STUB_LOAD_INTERFACES ++version
31356 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
31362 added info about fd_set in tgetpass added info on interfaces.c
31365 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
31376 tgetpass.o is now only linked in with sudo (not visudo)
31379 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
31381 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
31387 added copyright notice
31390 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31391 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31392 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
31393 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31394 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
31399 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
31403 ISC now gets -lcrypt now check for sys/bsdtypes.h
31407 added check for sys/bsdtypes.h
31410 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
31413 removed debugging stuff (setting freed ptr to NULL)
31425 added section on syslog
31429 added AC_ISC_POSIX for better ISC support
31437 added define for _POSIX_SOURCE
31440 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
31443 fixed check for lsearch()
31446 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
31449 fixed for AIX now deal if num_interfaces == 0 (should not happen)
31452 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
31455 now only define HAVE_LSEARCH if there is a corresponding search.h
31462 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
31465 now define HAVE_LSEARCH if we find lsearch() in libcompat
31469 char * -> const char *
31473 now looks in -lcompat for lsearch()
31477 remove sudo.core visudo.core for clan target
31481 added UID_MAX support in check for MAX_UID_T_LEN
31485 fixed another occurence of sudo_getpwuid.*
31488 * Makefile.in, getspwuid.c:
31489 sudo_getpwuid.c -> getspwuid.c
31496 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
31497 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
31498 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
31499 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
31500 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
31501 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
31502 version.h, visudo.c:
31507 added group support
31515 documented group support
31518 * parse.c, parse.lex, parse.yacc, visudo.c:
31519 added group support
31522 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
31525 tkfile was too short and overflowed the kerberos realm
31528 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
31531 now copy command args directly from Argv
31535 replaced code to copy cmnd_args so that is does not use realloc
31536 since most realloc()'s really stink
31539 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
31542 syslog() fixed in hpux 10.01
31545 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
31548 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
31552 better error if cannot find skey incs or libs
31556 now use a temp file for determining max len of uid_t in string form.
31557 the old hacky way broke on netbsd
31561 added set of parens and a space
31564 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
31567 fixes from Jeff Earickson <jaearick@colby.edu> ,
31575 fixed up testsudoers target
31579 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
31580 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
31584 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
31588 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
31591 fix for C2 on hpux 10 now uses -linet if it exists
31595 LONG_SKEY_PROMPT is less of a klusge /
31599 fixed typos w/ dce stuff
31606 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
31609 amended section on combining authentication mechanisms
31613 minor updates for 1.3.6
31617 added 2 more entries
31629 rewrote for sudo 1.3.6
31636 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
31638 * find_path.c, getspwuid.c, sudo.c:
31639 added explict casts for strdup since many includes don't prototype
31644 removed prototype for sudo_getpwuid() since convex C compiler choked
31649 added prototype for sudo_getpwuid()
31653 now compiles on strict ANSI compilers
31657 added LONG_SKEY_PROMPT support
31661 added extra $'s for make to eat up, yum.
31664 * OPTIONS, options.h:
31665 added LONG_SKEY_PROMPT
31668 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
31671 s/key support now works with normal s/key as well as logdaemon
31674 * OPTIONS, options.h:
31679 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
31683 added DCE note added more AIX notes
31687 now include pthread.h for DCE support
31691 dce_pwent() is ok after all .,
31695 now uses SYSLOG() macro that equates to either syslog() or
31700 minor formatting changes. renamed check() to somthing less generic
31703 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
31705 now uses user_pw_ent and simple macros to get at the contents
31708 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
31711 simpler dec unix C2 support
31715 now sets crypt_type for DEC unix C2
31718 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
31721 added csops paths for skey
31725 now includes string.h for strdup() prototype
31733 now includes skey.h
31741 moved a lot of the shadow passwd crap to sudo_getpwuid()
31745 now uses sudo_pw_ent
31749 now uses sudo_pw_ent
31753 now sets sudo_pw_ent
31761 moved dce stuff into compat.h
31764 * logging.c, sudo.h:
31765 now uses sudo_pw_ent
31769 added sudo_getpwuid.c
31777 now uses sudo_pw_ent
31780 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
31783 fixed exempt_group stuff for OS's that don't put base gid in group
31788 S/Key support now works with sunos4 shadow passwords
31795 * config.h.in, configure.in:
31804 first stab at dce support
31808 now smells like sudo
31816 skey'd sudo now works w/ normal password as well
31819 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
31821 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
31822 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
31823 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
31824 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
31825 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
31826 version.h, visudo.c:
31827 updated version number
31831 updated to reflect version change
31835 --with options now line up ++version
31839 removed unecesary S/Key stuff
31843 fixed S/Key support
31847 -I stuff now goes in CPPFLAGS
31859 fixed description of EXEMPTGROUP
31863 more people use _RLD_ than just alphas...
31867 replaced $man_prefix with $mandir
31875 now use more GNU'ish dir names
31879 now set *dir correctly (can override from command line)
31883 now deal with situations where we getwd() fails
31886 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
31889 added etc_dir, bin_dir, sbin_dir
31897 now ship a flex-generated lex.yy.c
31901 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
31905 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
31909 no more error for redefining SUDOERS_OWNER
31913 expanded SUDOERS_OWNER section
31916 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
31919 now warn if chown(2) failed
31923 better default warning for NO_SUDOERS_FILE
31927 added missing set_perms() no more cryptic message if the sudoers
31928 file is zero length, now just give a parse error
31932 better diagnostics if NO_SUDOERS_FILE
31936 check_sudoers() now catches sudoers files that are not readable (but
31940 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
31943 now add -D__STDC__ for convex cc (not gcc)
31947 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
31951 now uses exec_prefix & prefix from configure
31954 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
31955 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
31957 options.h is now <> instead of "" so shadow build trees can have a
31958 custom copy of options.h
31962 user_is_exempt() is no longer a hack, it now uses getgrnam()
31966 EXEMPTGROUP is now "sudo"
31970 MAN_POSTINSTALL now contains a leading space
31974 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
31975 testsudoers in clean:
31979 includes pwd.h to get _PASSWD_LEN definition
31982 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
31985 unset the KRB_CONF envariable if using kerberos so we don't get
31986 spoofed into using a bogus server
31989 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
31992 now explicately initialize match[] tp be FALSE
31995 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
31998 removed unused variable now passes -Wall
32002 yyerror and dumpaliases are now void's now passes -Wall
32006 added prototype for yyerror
32009 * check.c, logging.c, parse.c:
32014 rmeoved unused cruft now passes -Wall
32018 fixed headers that moved to emul dir
32022 fixed deref of nil pointer if no args
32025 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
32028 added a caveat to FQDN section
32031 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
32034 more $srcdir support for install targets
32037 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
32038 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
32039 don't include malloc.h if we include stdlib.h
32043 local search.h now lives in emul
32046 * check.c, utime.c:
32047 local utime.h now lives in emul dir
32051 local search.h now lives in emul
32055 added support for building in other than the sourcedir
32058 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
32061 annotated CSOPS_INSULTS option
32065 updated shadow passwords blurb
32069 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
32070 passes along foo as the arguments
32073 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
32076 collapsed pathname and dir sections into one -- its now less
32081 fixed spacing quoting [,:\\=] now works correctly append() and
32082 fill() now take args to make the above work
32086 fixed a typo that caused commands with no tty on fd 0 but a tty on
32087 fd 1 to erroneously have "none" as their tty
32090 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
32093 timestampfile is now a global static removed decl of timestampfile
32094 in remove_timestamp since we can just use the global one
32098 created touch() to update timestamps added USE_TTY_TICKETS support
32103 added _S_IFDIR and S_ISDIR
32106 * OPTIONS, options.h:
32107 added USE_TTY_TICKETS
32111 removed const from casts for lsearch() & lfind() to placate irix 4.x
32115 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
32118 now only strip '/dev/' off of a tty if it starts with '/dev/'
32126 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
32131 fixed incorrect #ifdef termio uses "unsigned short" not int for
32135 * parse.lex, parse.yacc:
32136 fixed a spelling error
32143 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
32150 added dotcat() to cat 2 strings w/ a dot effeciently now that we
32151 dynamically allocate strings they need to be free()'d
32155 dynamically allocates space for strings
32159 no more MAXCOMMANDLENGTH
32166 * logging.c, sudo.c:
32167 moved tty stuff into sudo.c
32170 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
32173 fixed a logic bug. Was denying a command if user gave command line
32174 args but there were none in the sudoers file which is wrong.
32178 MAXCOMMMANDLEN dropped down to 1K
32182 return foo; -> return(foo);
32186 fixed netgr_matches() prototype
32190 added support for escaping "termination" characters
32194 buf is now of size MAXPATHLEN+1 since it never holds command args
32202 fixed negation problem (doh!)
32206 fixed 2nd parameter to lfind()
32210 now do bounds checking in fill() and append()
32214 include netdb.h as we should added a missing void cast added
32215 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
32216 realloc actually moved the string instead of shrinking it
32220 updated with examples of new features
32224 now set errno to EACCES if not a regular file or not executable
32228 if given a fully-qualified or relative path we now check it with
32229 sudo_goodpath() and error out with the appropriate error message if
32230 the file does not exist or is not executable
32233 * emul/search.h, lsearch.c:
32234 now use correct args for lfind
32242 added in CSOps insults
32254 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
32258 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
32262 fixed -k load_interfaces() now gets called if FQDN is set
32263 -p now works with -s
32267 don't try to stat() "pseudo commands" like "validate"
32271 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
32275 added SecurID support added other insults to --with-csops
32283 added clobber target added ins_csops.h now gets CFLAGS from
32288 relaxed SUDO_FULL_VOID
32292 function comment blocks are now in same style as rest of code
32296 added support for command line args in /etc/sudoers
32300 updated to have command args in the sudoers file
32304 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
32307 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
32310 PATH renamed to COMMAND
32314 it is now a parse error for directories to have args attached to
32319 now say command args if telling user to buzz off
32323 -s no longer indicates end of args sped up loading on cmnd_args in
32328 removed an unreachable statement
32332 made more efficient by pulling out the terminators when in GOTCMND
32333 state and making them their own rule
32336 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
32339 removed MAXLOGLEN since it is no longer used
32343 now allows command args
32347 now groks command arguments
32351 now sets tty correctly when piped input
32355 fixed loading of cmnd_args (was including command name too)
32359 fixed a core dump due to incorrect if construct
32362 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
32365 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
32369 fixed check for ISC
32373 now sets cmnd_args used by log_error() and that will be used by the
32374 parse to check against command args
32382 now dynamically allocate logline since we can guess at its size
32385 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
32388 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
32389 "register" since the compiler knows more than I do now do a
32390 "basename" of the tty
32393 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
32400 added shell extern changed MODE_* to be bit masks to allow for
32401 several options together
32405 added -s (shell) option made MODE_* masks so we can do bitwise & and
32406 | to see if multiple flags are set.
32410 added securid support
32413 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
32416 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
32419 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
32421 * Makefile.in, version.h:
32425 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
32428 fixed free() of an uninitialized pointer (yuck)
32432 added netgr_matches
32436 cleaned up netgr_matches
32439 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
32445 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
32448 now installs sudoers.man -- really should clean this up though.
32452 added sudoers.cat and sudoers.man
32456 pulled out stuff on the sudoers file format into a separate man page
32464 fixed up my email address
32468 added checks for innetgr and getdomainname
32472 added dummy netgr_matches function
32476 added netgr_matches
32479 * parse.lex, parse.yacc:
32480 added NETGROUP support
32484 added HAVE_INNETGR & HAVE_GETDOMAINNAME
32487 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
32490 rewrote clean_env() that has rm_env() builtin
32493 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
32496 now cast uid to long in sprintf
32500 added _INSULTS suffix to HAL & GOONS end
32504 added _INSULTS suffix to HAL & GOONS
32507 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
32508 converted to new scheme of insult "unions" end
32512 now uses MAX_UID_T_LEN
32516 added SUDO_UID_T_LEN !l
32520 added MAX_UID_T_LEN
32524 now use MAX_UID_T_LEN
32528 added check for max len of uid_t fixed sco vs. isc check
32531 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
32542 hack to check for sco
32546 removed #include <net/route.h> since it was hosing some OS's
32549 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
32552 fixed prreadlink() prototype
32556 added parens in #if's
32564 moved SPW_* to config.h.in
32568 added a set of parens
32576 added SPW_* reordered error codes
32580 moved SPW_* to sudo.h
32583 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
32586 SPW_AUTH -> SPW_SECUREWARE
32590 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
32598 SPW_AUTH -> SPW_SECUREWARE
32602 now uses SHADOW_TYPE to make shadow pw support more readable and
32603 modular. It's a start...
32607 added autodetection of shadow passwords
32611 now uses SHADOW_TYPE define
32615 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
32619 added SUDO_CHECK_SHADOW
32622 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
32625 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
32626 memmove() since we dno longer use it...
32634 added BROKEN_SYSLOG support
32638 added BROKEN_SYSLOG
32642 now only bitch it timestamp > time_now + 2 * timeout to allow for a
32643 machine udpating its time from a server
32647 added 2 security notes updated Nieusma's email addr
32651 changed a memmove() to memcpy() since we don't have to worry about
32652 overlapping segments.
32655 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
32658 cleanup up the loop when interfaces are groped in so that it is
32662 * Makefile.in, version.h:
32666 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
32672 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
32675 fixed permissions check on /tmp/.odus
32678 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
32681 fixed some comments
32685 now checks owner & mode of timedir also checks for bogus dates on
32690 updated TIMEOUT info
32693 * logging.c, sudo.h:
32694 added BAD_STAMPDIR and BAD_STAMPFILE
32698 added definition of S_IRWXU
32705 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
32708 added #ifdef to make it compile on strange arches
32711 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
32714 fixed check for fulkl void impl.
32718 added mssing "static"
32722 replaced #elif with #else #if constructs for ancient C compilers
32726 updated irix c2 & kerb5 info
32730 added shadow pw support for irix
32733 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
32740 last changes for sudo 1.3.3
32744 now calls SUDO_SOCK_SA_LEN
32752 added SUDO_SOCK_SA_LEN
32756 now works with ip implementations that use sa_len in sockaddr
32760 added note about buggy AIX compiler
32764 now include sys/time.h for AIX
32767 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
32774 now works for ISC and others. yay.
32777 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
32779 * Makefile.in, version.h:
32783 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
32786 fixed test for full void impl
32790 now check to see that st_dev is non-zero before assuming that we are
32794 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
32796 * aclocal.m4, configure.in:
32797 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
32800 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
32803 fixed include file order for SUDO_FUNC_UTIME_POSIX
32807 added cast for ttyname()
32815 now deal correctly with all known variation of utime() -- yippe
32819 added SUDO_FUNC_UTIME_POSIX
32823 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
32827 added HAVE_UTIME_POSIX
32835 no longer assume !HAVE_UTIME_NULL means old BSD utime()
32839 fixed fascist C compiler warning
32843 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
32844 to 0 (just to be anal)
32847 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
32850 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
32858 reworked the ISC code
32861 * Makefile.in, version.h:
32866 now expect old-style utime(3) if utime() can't take NULL as an arg
32870 added check for utime.h
32878 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
32882 now search for kerb libs and includes
32886 added support for utime(2)'s that can't take a NULL parameter
32890 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
32894 added utime(s) stuff
32902 added HAVE_UTIME and HAVE_UTIME_NULL
32905 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
32908 now use HAVE_UTIME_NULL
32911 * emul/utime.h, utime.c:
32916 need to setuid(0) to make kerb4 stuff work.
32920 no more special case for kerberos
32924 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
32929 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
32934 now use private ticket file for kerberos support to avoid trouncing
32938 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
32941 added SPOOF_ATTEMPT & cmnd_st
32945 added anti-spoofing support
32949 now use global cmnd_st
32953 added SPOOF_ATTEMPT suypport
32956 * testsudoers.c, visudo.c:
32957 added void casts where appropriate
32961 fixed up spacing and added void casts where appropriate
32965 fixed problem with "-p prompt" but no args
32968 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
32971 added BUGS and annotated -l description
32975 validate() now takes a flag
32979 validate() now takes a flag added -l
32983 added support for -l
32987 validate() now takes a flag that says whether or not to check the
32991 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
32994 now deals with Argv == 1
33002 added prompt support reworked parse_args()
33014 now use BUFSIZ as length of kerb password added kpass so pass is
33015 always a char * now use prompt global when asking for a password
33019 now use BUFSIZ as _PASSWD_LEN if using kerberos
33026 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
33029 only look for -lufc or -lcrypt if crypt() not in libc
33033 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
33034 (unknown user) silently fail
33042 HAVE_KERBEROS -> HAVE_KERB4
33046 removed debugging printf
33050 KERBEROS -> KERB4 added checks for setreuid & setresuid
33054 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
33058 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
33059 with setresuid if applic
33063 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
33064 no setreuid() or a broken one
33067 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
33070 added kerberos support
33074 added HAVE_KERBEROS
33078 added KERBEROS support (long passwords)
33082 added kerberos support
33085 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
33088 added MODE_BACKGROUND
33092 escaped dashes added -b option
33100 added crypt() for osf/1 3.x enhanced secuiry
33104 now check for -lcrypt
33108 added ENXIO like EADDRNOTAVAIL
33111 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
33114 now emulate getwd(), not getcwd()
33118 getcwd() -> getwd()
33125 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
33127 * ins_2001.h, ins_classic.h, ins_goons.h:
33132 broke out insults into separate include files
33135 * OPTIONS, options.h:
33140 added ins_2001.h ins_classic.h ins_goons.h
33143 * Makefile.in, version.h:
33148 moved signal handler setup to setup_signals()
33152 added load_interfaces()
33156 moved load_interfaces to interfaces.c
33163 * OPTIONS, options.h:
33168 now uses clearaliases variable
33176 added interfaces.[co]
33180 now uses ip addrs and netmasks via load_interfaces()
33184 now remove IFS instead of setting to "sane" value
33187 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
33193 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
33196 sudo_goodpath.c-> goodpath.c
33200 added Andy's new ISC changes
33203 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
33206 added a sentence to SECURE_PATH info
33221 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
33227 * Makefile.in, version.h:
33232 sendmail is now looked for in
\17/usr/ucblib
33248 added unixware case
33252 user_is_exempt is no longer hidden
33260 isc and riscos changes
33264 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
33268 fixed a typo and added testsudoers stuff
33275 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
33278 applied fixed patch from Chris
33281 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
33288 added a set of braces for bison
33292 merged in Chris' changes to dekludge the parser.
33296 send_mail() was calling find_path() which is wrong since find_path()
33297 stores cmnd in a static var. Anyhow, it doesn't make much sense
33298 since MAILER should always be fully qualified
33301 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
33304 added User_Alias stuff
33308 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
33312 added DEC UNIX 3.0 w/ gcc
33316 Exit was being used in places where exit should be used
33320 added "User alias specification"
33324 fixed probs caused by making nslots and naliases a size_t
33328 added KSR, upped rev to 1.3.1b2
33331 * logging.c, parse.yacc:
33336 void * -> VOID * naliases and nslots are now size_t to appease
33337 lsearch on 64-bit machines
33340 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
33343 did a bunch of things and added a bunch :-)
33351 closer to BSD manpage style
33355 closer to standard BSD man format
33358 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
33359 pathnames.h.in, sudo.h, version.h:
33364 removed crufty #defines that are no longer used
33372 updated based on sudo changes
33376 now allow ALL keyword in User_Aliases now allow ALL keyword as well
33385 now sets SUDO_COMMAND and SUDO_GID envariables.
33389 fixed bug with full void impl check
33393 fixed User_Alias supoprt
33397 added stubs for User_Alias support
33401 now sets removes # bogus interfaces from num_interfaces
33405 added User_Alias support
33408 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
33411 removed extraneous TODO
33414 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
33417 ntwk_matches -> addr_matches
33421 ntwk_matches -> addr_matches
33425 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
33426 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
33431 took out debugging info
33435 OS was being set to unknown before non-uname based host checks.
33436 This caused no checks to happen since $OS was not zero-length.
33440 fixed loading of interfaces struct still has debugging info in
33448 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
33459 removed extraneous extern decl of "top
33467 removed parser_cleanup (no need for it now)
33471 now calls reset_aliases() directly
33474 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
33477 added a sentence to SECURE_PATH description
33481 fixed my stupid bug where I used NAMLEN on something I wanted to
33482 just get the name from. argh.
33485 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
33488 fixed argument order of memmove() that i hosed when converting from
33493 finally fixed DISTFILES line
33501 added missing files to DISTFILES
33505 SUPPORTED -> RUNSON
33508 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
33515 updated for pl5b1 release
33523 fixed bug where if you hit return at first sudo prompt it would
33524 still log as a failure
33532 better test for bogus void * implementation
33536 added PASSWORDS_NOT_CORRECT
33540 added PASSWORDS_NOT_CORRECT stuff]
33544 added PASSWORDS_NOT_CORRECT
33552 removed some unused vars and fixed up uid2str
33559 * getcwd.c, getwd.c:
33563 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
33566 fixed a typo I introduced in the last checkin :-(
33570 can't have #ifdef's where N is defined so just do this the broken
33575 better hack from Chris (but still a hack)
33579 stupid hack for broken aix lex
33583 now includes compat.h
\ 6
33587 now includes fcntl.h
33591 added FD_SET and FD_ZERO for 4.2BSD
33595 dirty hack to fix parser bug. i don't really like this but it works
33600 uid2str is now static like the prototype says
33603 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
33605 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
33614 check_sudoers now returns an error code and sudo calls inform_user
33615 and log_error based on the return value.
33618 * logging.c, sudo.h:
33619 added entries for new errors
33623 now set uid to that of SUDOERS_OWNER while parsing sudoers file
33627 took out testsudoers
\ 6
33631 now explicately checks that it is setuid root
33635 If a user has no passwd entry sudo would segv (writing to a garbage
33636 pointer). Now allocate space before writing :-)
33640 reordered AC_CHECK_FUNCS
33647 * tgetpass.c, visudo.c:
33652 bzero -> memset when a parse error is logged the line number of the
33653 error is now logged too
33657 added Sunos to blurb about c2 security
33661 added a SUN4 define for C2 security
33665 bcopy -> memmove bzero -> memset
33669 bcopy -> memmove char * -> VOID *
33673 added support for sunos with C2 security
33676 * OPTIONS, options.h:
33681 _PATH_SUDO_LOGFILE now set based on configure
33685 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
33689 added _SUDO_PATH_LOGFILE
33693 added SUDO_LOGFILE to find where to put sudo.log added
33694 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
33695 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
33698 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
33705 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
33706 to work around a problem is trusted hpux shadow passwords. yuck.
33710 backed out a change in malloc/realloc
33714 now include stdlib.h
33718 now do an freopen() of the stmp file so that yyin will always point
33719 to the same thing. This is important for flex since we are doing a
33724 replaced yywrap() with parser_cleanup() since yywrap() needs to be
33725 in parse.lex to be able to use YY_NEW_FILE. sigh.
33729 now have a rule that matches anything that doesn't match an
33730 explicite rule. well, you know what i mean (. matches anything not
33731 yet matched). However, this means that there is input still queued
33732 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
33733 into parse.lex and it calls parser_cleanup() which is most of the
33741 * getcwd.c, getwd.c:
33742 moved compat.h to be the last include file
33746 fixed type of aliascmp() args
33754 added casts to lfind and lsearch args for irix
33758 bsdinstall -> install-sh
33762 added info about make realclean
33766 updated VERSION added dependencies for visudo.cat
33778 now there is a real visudo.man and visudo.cat
33782 took out visudo stuff
33789 * parse.c, parse.lex, parse.yacc:
33798 updated Nieusma & Hieb email addresses
33802 updated to include options.h and OPTIONS
33810 eliminated bug #1 (yay)
33814 sunos no longer gets linked statically
33817 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
33820 prototype now uses __P()
33824 make fill() non-ansi
33828 made -v (validate) work
33836 don't check for execute/statable if fq or relative path given
33844 now include ctype.h for islower and tolower macros
33848 moved _S_IFMT & _S_ISREG to compat.h
33852 moved a set of parens
33856 now include compat.h
33864 now cast malloc & realloc return vals added search for HAVE_LSEARCH
33865 now use strcmp if no strcasecmp available
33873 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
33874 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
33878 added _S_IFMT, _S_IFREG, and S_ISREG
33882 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
33883 to most SUDO_* macros
33891 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
33892 AC_INSTALL_PROG instead of custom one added check for fully woorking
33893 void implementation
33897 added lsearch & search.h visudo links into $(LIBOBJS)
33901 partial 1.x to 2.x changes added SUDO_FULL_VOID
33905 whatnow_help was prototyped to be static be was not declared as
33910 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
33911 for dirent/dir/ndir.h
33915 now use groovy gnu autoconf macro AC_HEADER_DIRENT
33918 * getcwd.c, getwd.c:
33919 MAXPATHLEN -> MAXPATHLEN+1
33922 * emul/search.h, lsearch.c:
33926 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
33929 eliminated bison warnings
33937 now iincludes signal.h
33941 only clear data structures on a parse error
33945 whatnow() now gives help on invalid input
33949 added a whatnow() function (sort of like mh)
33953 kill_aliases -> reset_aliases yywrap() now cleans up by calling
33954 reset_aliases() and clearing top took reset stuff out of yyerror()
33955 since it doesn't beling there (and doesn't work anyway). errorlineno
33956 is now initially set to -1 so we can set it to the first error that
33957 occurrs (it was getting set to the last)
33965 rewrote from scratch based on 4.3BSD vipw.c
33968 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
33975 no more sudo_realpath() and find_path() changed params
33979 find_path() changed since no more realpath()
33983 on error, errorlineno is set to the line where the error occurred
33984 added kill_aliases() to free the aliases struct now clean up in
33985 yyerror() so we can reparse cleanly
33988 * options.h, parse.c:
33989 no more USE_REALPATH
33993 changed to use new find_path()
33997 removed all the realpath() stuff
34001 sudo_realpath.c -> sudo_goodpath.c
34005 now works correctly with utk parser
34013 eliminated a compiler warning
34017 elinated compiler warning
34021 added sudo_goodpath()
34025 added prototype for sudo_goodpath
34029 added support for /sys/dir.h
34033 USE_REALPATH turned off
34037 added calls to sudo_goodpath()
34041 added check for dirent.h
34045 added HAVE_DIRENT_H
34049 added in linux shadow pass stuff
\ 6
34052 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
34055 added back host, user, cmnd, parse_error
34059 added in utk changes plus some minor cosmetic changes
34062 * sudo.c, sudo_realpath.c:
34063 added void casts for printf's
34067 added a define of USE_REALPATH
34071 there is no more visudoers/Makefile
34075 added in utk changes (visudo is now built from the toplevel)
34079 added (void) casts to printf's
34082 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
34083 merged in utk changes
34086 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
34089 now check to see that what we are trying to run is a file (or a link
34090 to a file, we do a stat(2) so there is no diff)
34093 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
34100 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
34104 added myself as maintainer
34107 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
34110 changed setegid -> setgid
34113 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
34116 fixed the test for irix 5.x to skip bad libs
34120 now initialize OS and OSREV
34123 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
34130 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
34134 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
34137 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
34138 thing wrt yyrestart (grrrr)
34141 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
34144 added visudoers/compat.h to DISTFILES
34152 added ocmnd declaration adjusted for find_path()'s new parameters
34156 added ocmnd extern adjusted find_path() prototype
34160 cmndcmp() now takes 3 arguments and checks against the qualified as
34161 well as the unqualified pathname. more code that should use
34162 cmndcmp() but did not, now does
34170 changed to use new find_path() parameter passing
34174 find_path() now takes 2 copyout parameters (one for the qualified
34175 pathname and one for the unqualified pathname). The third parameter
34180 no longer munge pathnames.h
34184 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
34185 as a result, pathnames.h does not need to be run through configure
34186 and the user can override the configured values easily.
34190 added _SUDO_PATH_* entries
34194 _PATH* -> _SUDO_PATH_*
34198 updated DISTFILES and HDRS .o's now depend on config.h
34201 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
34204 removed extraneous #endif
34212 added SUDO_PROG_MV added riscos and isc os types took out
34213 -DSHORT_MESSAGE from --with-csops since it is now the default
34217 move the include of id.h to compat.h now includes options.h
34221 moved compatibility #defines to compat.h
34229 move __P to compat.h
34232 * getcwd.c, getwd.c, putenv.c:
34233 now includes compat.h
34240 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
34243 pull user-configurable stuff out and put in options.h
34246 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
34248 * parse.lex, parse.yacc, visudo.c:
34249 now includes options.h
34252 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
34254 now includes options.h
34258 added visudoers/options.h
34261 * OPTIONS, options.h:
34266 added OPTIONS and options.h
34270 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
34274 changed PASSWORD_TIMEOUT to minutes
34277 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
34280 now only do Editor +line_num if line_num != 0
34283 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
34286 now use mv if rename(2) fails
34297 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
34300 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
34303 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
34306 added mips & isc support
34310 added support for non-root owned sudoers file
34314 added exempt group support
34318 added set_perms() support added SUDOERS_OWNER so can have non-root
34319 own sudoers file added exempt group support added isc support
34323 now copy sudoers to temp file via read/write (not stdio) now chown
34324 new sudoers file to SUDOERS_OWNER
34327 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
34338 fixed typo added set_perms support added skey support added
34339 seteuid()/setegid() emulation for AIX
34343 be_* -> setperms() now check to make sure sudoers file is owned by
34344 root nread/write by only root
34347 * logging.c, parse.c:
34352 be_* -> set_perms() added skey support
34355 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
34365 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
34375 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
34381 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
34396 now bail if ARgv[1] > MAXPATHLEN
34400 added function check for tcgetattr(3)
34404 only define HAVE_TERMIOS_H if you have tcgetattr(3)
34408 added check for tcgetattr
34411 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
34417 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
34420 now only include unistd.h for linux
34423 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
34426 added visudo.8 generation
34430 added -Wl,-bI:./aixcrypt.exp to aix flags
34433 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
34444 added mailing list info
34448 now use sudolineno instead of yylineno fixed bison warnings
34452 now use -no_library_replacement for osf don't make a static binary
34457 added string.h/strings.h inclusion
34465 added inclusion of string.h/strings.h
34469 fixed uname | sed (needed to quote the '[')
34473 replaced yylineno with sudolineno fixed bison syntax errors
34477 changed yylineno to sudolineno since yylineno cannot be counted
34486 added code to support command listings
34490 added code for -l flag
34494 fixed typo added info for -l flag
34498 AC_SSIZE_T -> SUDO_SSIZE_T
34513 * find_path.c, sudo_realpath.c:
34514 readlink() is now declared as returning ssize~_t
34518 added -laud for OSF c2
34521 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
34523 * Makefile.in, visudo.c:
34524 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
34527 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
34528 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
34531 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
34532 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
34533 sudo_setenv.c, tgetpass.c, version.h:
34534 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
34537 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
34548 added host to alertmail messages
34556 fixed logging problem where mail would not say which user it was
34560 added -laud for gcc if osf & c2
34564 moved set_auth_parameters to sudo.c
34568 added set_auth_parameters for osf
34572 cleaned up -static stuff
34584 changed setenv() to sudo_setenv()
34600 added osf auth support & removed some extra spaces
34603 * INSTALL, SUPPORTED:
34607 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
34610 added 2 suggestions
34614 removed README.v1.3.1 and added VERSION stuff
34621 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
34632 mention HISTPRY file
34636 use sizeof instead of a constant in 1 place
34655 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
34659 [7dfbb4a810bb] [SUDO_1_3_1]
34666 added unistd.h include
34669 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
34672 added sys/time.h for AIX
34675 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
34678 added check for -lsocket and sys/sockio.h
34682 took out libshadow check and added in sys/sockio.h check
34686 now include sockio.h instead of ioctl.h if it exists "sudo -" now
34687 gets a better error message
34691 now has a dir and subnet entry
34694 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
34705 added network and ip addresses to man page
34709 no error if can't get interfaces or netmask since networking may not
34714 nwo check for interfaces == NULL
34718 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
34719 the last entry in the spec failed (ie: it was only looking at the
34720 last entry). CLeaned things up by adding the cmndcmp() function--all
34728 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
34731 now do two passes to skip bogus interfaces (lo0, etc)
34734 * parse.lex, parse.yacc, visudo.c:
34735 added include of netinet/in.h
34738 * logging.c, sudo_realpath.c, sudo_setenv.c:
34739 added ninclude of netinet/in.h
34742 * check.c, find_path.c, getcwd.c, getwd.c:
34743 added include of netinet/in.h
34751 added interfaces global
34755 now uses new interfaces global
34759 now ip addresses are gleaned fw/o dns
34762 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
34765 added load_ip_addrs() to load the ip_addrs global var
34769 added hostcmp() to compare hostnames, ip addrs, and network addrs
34773 added ip_addrs def added load_ip_addrs prototype
34776 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
34783 removed multiple entries in DISTFILES
34787 ansified the !STDC_HEADERS decls
34790 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
34791 don't do malloc decl if gnuc
34795 can't use getopt(3) since it munges args to the command to be run as
34796 root don't do malloc decl if gnuc
34799 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
34800 sudo_realpath.c, sudo_setenv.c:
34801 ansi-fied !STDC_HEADER function prottypes
34804 * getcwd.c, getwd.c:
34805 added missing paren
34809 added putenv.c to DISTFILES
34813 added params to func decls when STDC_HEADERS is not defined now can
34814 count on putenv() being there
34818 took out errno decl since sudo.h does it for us fixed up a next cc
34819 warning added params to func decls when STDC_HEADERS is not defined
34823 took out environ extern added local declaratio of putenv() if local
34827 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
34828 added params to func decls when STDC_HEADERS is not defined
34832 added memcpy check check to see that ansi vs bsd macros are ntot
34833 already defiend before defining (ie: avoid redefinition)
34837 removed fluff setenv check plus check w/ replace for putenv if also
34845 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
34852 rm'd s realp[ath added sudo_realpath and sudo_setenv
34856 now use sudo_setenvc
34860 added puteenv and setenv, removed realpath
34864 added putenv & setenv
34875 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
34878 added MAN_POSTINSTALL and /usr/share/catman for irix
34882 added MAN_POSTINSTALL
34890 added SUDO_* plus new options
34898 took out shadow lib
34906 now use yyrestart() if flex now reset yylineno to 0
34910 support for installing a cat page instead of a man page if no nroff
34914 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
34915 to determine whether or not to install a cat or man page
34923 not set ret to MODE_RUN initially
34927 made command (and therefor cmnd dynamically allocated)
34939 changed bufs from MAXPATHLEN to MAXPATHLEN+1
34943 added MODE_ removed validate_only and added remove_timestamp()
34947 usage() now takes an int (exit value) added parse_args() to parse
34948 command line arguments moved call to find_path() from load_globals
34949 to new function load_cmnd() removed validate_only global -- now use
34950 the concept of "modes" added -h and -k options
34954 no longer use global validate_only now checks for command called
34955 "validate" removed check for non-fully qualified commands since that
34956 is done by find_path
34960 changed MAXPATHLEN r to MAXPATHLEN+1
34964 fixed off by one error with MAXPATHLEN and fixed a comment
34968 check_timestamp no longer runs reminder(), it is implied in the
34969 return val added remove_timestamp()
34976 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
34990 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
34993 moved send_mail to after syslog
34997 now set SUDO_ envariables
35000 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
35007 now print error if chdir fails
35014 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
35021 no more static binaries for aix
35024 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
35031 took out stuff not needed for sudo now does be_root/be_user itself
35032 now uses cwd global
35039 * logging.c, sudo.c:
35040 be_root/be_user is now down in sudo_realpath()
35043 * logging.c, sudo.h:
35044 now works with 4.2BSD syslog (blech)
35048 now use sudo_realpath()
35052 took out realpth() stuff since we now use sudo_realpath()
35056 ultrix enhanced sec
35060 added ultrix enhanced sec.
35068 ultrix enhanced security suport
35072 added sudo_realpath.c
35080 increased passwd len to 24 for c2 security
35087 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
35090 now use user global var
35097 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
35104 user is now a char * added epasswd
35108 added tzset() to load_globals added epasswd (encrypted password)
35109 global made user dynamically allocated
35121 cleaned up encrypted passwd grab somewhat
35137 can now log to both syslog & a file
35161 removed AFS stuff :-)
35165 include sys/select for AIX
35176 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
35178 * CHANGES, SUPPORTED:
35183 can now have MAILER undefined
35187 new sub-note about MAILER
35191 added blurb about password timeout
35199 took out duplicate define of _CONVEX_SOURCE
35211 added a goto if fgets fails
35215 use __hpux not hpux convex c2 stuff
35219 use __hpux not hpux
35227 define ansi-ish cpp os defines if non-ansi are defined for hpux &
35232 updated to say we support sonvex C2
35236 added convex c2 support
35239 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
35242 no more ioctl never returns NULL uses fgets() and select() to
35246 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
35249 things were testing -n "$GCC" instead of -z "$GCC"
35253 now works + uses fgets()
35256 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
35259 select doesn't seem to recognize a single '\n' as input waiting so
35260 we can;t use it, sigh.
35263 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
35266 updated tgetpass() blurb
35270 added --with-getpass
35274 added tgetpass stuff
35285 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
35292 added USE_GETPASS && HAVE_C2_SECURITY
35296 fixed a test aded --with-C2 and --with-tgetpass
35304 took out tgetpass.*
35311 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
35314 no termio(s) for ultrix since it is broken
35318 added a space (yeah, anal)
35321 * realpath.c, sudo_realpath.c:
35322 fixed it (duh, rtfm)
35325 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
35328 took out bsd signal stuff for irix
35336 don't define BSD signals for irix
35347 * realpath.c, sudo_realpath.c:
35348 took out unneeded code by changing where a strings was terminated
35351 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
35353 * realpath.c, sudo_realpath.c:
35354 fix bug where /dirname would return NULL
35358 move __P to config.h
35361 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
35362 added errno definition
35377 * realpath.c, sudo_realpath.c:
35378 now works if no fchdir
35382 define SA_RESETHAND to null if not defined
35386 added check & replace
35390 took out -static for nextstep -- it doesn't work
35393 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
35396 moved #endif to where it belongs
35404 now checks for strdup realpath getcwd bzero
35412 added posic signals
35420 added posix signals
35424 removed BROKEN_GETPASS added new srcs toreplace missing functions
35428 added posix signal stuff
35440 now uses posix signals
35444 updated sto reflect major changes
35452 uses sysconf() if available
35456 added PASSWORD_TIMEOUT + prototypes for new functions
35459 * realpath.c, sudo_realpath.c:
35460 for those w/o this in libc
35463 * getcwd.c, getwd.c:
35468 rewrote to use realpath(3) - nis now all my code
35472 added HAVE_REALPATH
35480 added LIBOBJS use tgetpass.c
35483 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
35497 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
35508 added check for getwd
35512 replace strdup & realpath & getcwd if missing
35520 added SUDO_PROG_PWD
35527 * realpath.c, sudo_realpath.c:
35531 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
35534 quoted quare brackets
35537 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
35540 no need to strdup() a constant
35555 * parse.c, sudo.c, sudo.h:
35556 added validate_only stuff
35559 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
35566 $OSREV is now an int
35569 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
35572 added mtxinu to caser
35580 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
35584 changed mail_argv[] def now use EXEC() macro
35588 took out crypt() definition
35596 always look for -lnsl
35604 SHORT_MESSAGE is now the default
35612 added missing AC_DEFINE(SVR4) for solaris
35616 documented the -v flag
35628 added LIBSHADOW undef
35632 nwo set OS to be lowercase
35635 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
35638 now use SUDO_OSTYPE to set $OS
35642 now use uname to determine os
35646 added prototypes & moved sig handler around
35653 * check.c, logging.c, sudo.c:
35662 nwo use _BSD_SIGNALS not _BSD_COMPAT
35673 * parse.lex, parse.yacc:
35674 moved config.h to top of includes
35677 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
35680 now don't bitch if get EACCESS (treat like EPERM)
35684 added -v flag and usage()
35692 cast Argv to a const for exec added -v flag
35696 mail_argv is now a const
35700 only set RETSIGTYPE if it is not set already
35704 now defines & STDC_HEADERS for Irix
35711 * insults.h, sudo.h:
35712 prevent multiple inclusion
35719 * parse.lex, parse.yacc:
35720 now includes config.h
35724 now talks about sunos 4.x
35728 calls to Exit now pass an arg
35731 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
35734 signal handler now takes an int argument
35742 ok, the getcwd() is now *really* done as the user
35746 changed AIX STATIC_FLAGS
35750 solaris now defines SVR4
35754 added cwd and fixed stupid core dump that makes no sense. sigh.
35758 moved getcwd stuff into load_globals
35762 took out externs that are in suod.h
35766 moved cwd into load_globals
35774 fixed make distclean & realclean
35782 added solaris changes
35786 added solaris changes, need to rework
35790 cleaned up for solaris
35794 reinstall reapchild signal handler for non-bsd signals
35798 took out getdtablesize() emulation for HP-UX (no longer needed)
35802 support for HAVE_SYSCONF
35806 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
35814 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
35817 now tells you what os you are running /.
35824 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
35839 uid seinitialized to -2
35842 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
35845 now removes LIBPATH for AIX
35848 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
35851 now uses ufc if it finds it
35854 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
35857 no longer define yyval & yylval since yacc does it
35861 now defines yylval as extenr
35865 BROKEN_GETPASS is now an OPTION
35869 took out BROKEN_GETPASS
35873 took out big comment
35881 took out README.beta
35889 now reference SUPPORTED .,
35893 now check for convex OR __convex__
35897 now check for convex or __convex__
35909 now use _S_* stat stuff to be ansi-like
35913 updated for configure directions
35917 distclean now removes config.h and pathnames.h
35936 * config.h.in, pathnames.h.in:
35937 added copyright header
35940 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
35941 parse.yacc, sudo.c, sudo.h:
35946 udpated to use configure + pathnames.h
35953 * Makefile.in, config.h.in, configure.in:
35958 now works with configure
35961 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
35962 updated to work with configure + pathnames.h
35969 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
35972 updated gnu general licence to versio 2
35975 * config.h.in, pathnames.h.in:
35980 changed to work with configure
35983 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
35985 * Makefile.in, aclocal.m4, configure.in:
35990 now uses defines used by configure
35993 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
35996 sudo won't bitch about EPERM now, for real
35999 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
36002 renamed exec_argv to eliminate a libc name clash with ksros
36009 * logging.c, sudo.c, sudo.h:
36026 added UMASK and mode_t declaration
36034 now opens log file with mode 077
36038 saved current umask ans restores it
36042 added MAXLOGFILELEN
36046 split long log lines. FOr syslog, split into multiple entries, for
36047 a log file, indent the extra for readability
36050 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
36057 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
36060 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
36063 added input from Brett M Hogden <hogden@rge.com>
36066 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
36069 added rmenv() to remove stuff from environ. can now uses execvp()
36070 OR execve() becuase of this.
36074 now uses execvp() OR execve()
36090 moved some func decls out of sudo.h and into sudo.c as statics /.
36101 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
36107 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
36122 added sample.sudoers note
36129 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
36136 took out SAVED_UID garbage
36137 [b7c2d3469661] [SUDO_1_3_0]
36156 more verbose error if mailer not found
36160 now do getpwent as root for soem shadow password systems (bsdi)
36163 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
36166 took out SAVED_UID garbade
36170 took out SAVED_UID garbage since it don't work
36173 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
36180 added a missing space :-)
36184 took out multimax cruft
36196 fixed a typo + indentation
36199 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
36202 took outumoved some defines to the config file ,. ,.
36214 added HAS_SAVED_UID
36221 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
36227 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
36233 * check.c, logging.c, parse.c, sudo.c, sudo.h:
36234 now is only root when abs necesary
36241 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
36256 now removed _RLD_* for alphas
36260 updated for new config scheme
36264 more verbose eror messages
36267 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
36274 define __svr4__ for SOLARIS
36278 added svr4 junk for shadow pws for solaris 2.x
36282 took out setuid(0) and setreuid(udi) garbage. Its not needed since
36283 we start out setuid with the correct perms.
36286 * check.c, sudo.c, sudo.h:
36290 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
36293 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
36298 now uses ENV_EDITOR if you want to use the EDITOR envar
36302 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
36305 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
36308 rewrote most of this
36312 minor update + spell fix
36316 added all options that are in the Makefile
36320 now use USE_TERMIO #define for sgi & hpux
36327 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
36329 * check.c, find_path.c:
36330 always include strings.h
36338 sgi has vi in /usr/bin too
36345 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
36348 sue /usr/bin/vi on some systems
36352 fixed warning (include strings.h)
36356 added John_Rouillard@dl5000.bc.edu's changes (new features)
36360 changes from John_Rouillard@dl5000.bc.edu
36367 * check.c, find_path.c, parse.c, sudo.c:
36368 added patches from John_Rouillard directory spec
36372 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
36375 added flush for hpux
36378 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
36381 no longer assume malloc returns a char *
36385 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
36386 gets removed correctly
36390 added STD_HEADERS macro
36394 now uses STD_HEADERS macor for ansi
36398 now uses STD_HEADERS macro
36402 niceties for C compiler bitches -- no real change
36405 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
36408 now doesn't fclose a file never opened.
36411 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
36418 added error stuff added me in there...
36426 added blurb about reading stuff
36434 corrected somments and removed newlines
36446 added dec syslog note
36450 added real stuff in there
36461 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
36468 updated with changes
36479 * CHANGES, COPYING, INSTALL, README, TODO:
36484 updated version number and took out jeff's old addr since it is no
36488 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
36490 updated version number and took out jeff's email (since it is
36494 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
36500 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
36503 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
36506 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
36513 now sudo.h gets included first
36516 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
36527 hpux 9 fix, removes SHLIB_PATH linux patch
36534 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
36537 stat now ignores EINVAL
36540 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
36542 * find_path.c, sudo.c:
36543 now declare strdup as extern
36546 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
36549 reformatted with indent + by hand
36552 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
36553 used indent to "fix" coding style
36557 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
36558 move the code that does this into the loop body. makes it messier
36562 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
36565 redid the fix for non-executable files in an easier to read way plus
36566 some minor aethetic changes
36570 fixed bug with non-executable tings of same name in path introduced
36571 by checkig errno after stat(2).
36574 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
36577 fixed off by one error
36581 now handles decending below '/' correctly
36585 now actually builds Envp instead of munging envp
36588 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
36591 now includes sys/param.h
36595 now includes sys/param.h
36599 fixed ifndef -> ifdef
36603 make more like find_path.c
36607 rewritten by millert
36611 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
36612 about new defines in the comment
36620 added delc for clean_envp() and Envp
36624 now rips LD_* env vars out of envp and passed sanitized Envp to exec
36632 ENOTDIR is ok now too (in case part of the path is bogus)
36636 now works correctly (ttaltotal rewrite)
36640 now includes sys/param.h didn't match trailing / -- fix from
36644 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
36647 moved around the #ifndef _AIX
36650 * check.c, logging.c, parse.c:
36654 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
36660 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
36663 now works if you do sudo bin/test
36670 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
36680 * parse.lex, parse.yacc:
36684 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
36691 now spews error if exec fails and exits with -1
36699 now only execs files with (an) executable bit set.
36706 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>