1 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
4 Added tag SUDO_1_8_3 for changeset 82bec4d3a203
5 [6c953ef6f577] [tip] <1.8>
7 * Update Japanese sudoers translation from translationproject.org
8 [82bec4d3a203] [SUDO_1_8_3] <1.8>
10 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
12 * configure, configure.in:
13 Override and ignore the --disable-static option. Sudo already runs
14 libtool with -tag=disable-static where applicable and we need non-
15 PIC objects to build the executables.
18 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
24 * plugins/sudoers/po/sudoers.pot:
28 * Ignore set_logname (which is now the default) for sudoedit since we
29 want the LOGNAME, USER and USERNAME environment variables to refer
30 to the calling user since that is who the editor runs as. This
31 allows the editor to find the user's startup files. Fixes bugzilla
35 * Instead of trying to grow the buffer in make_grlist_item(), simply
36 increase the total length, free the old buffer and allocate a new
37 one. This is less error prone and saves us from having to adjust
38 all the pointers in the buffer. This code path is only taken when
39 there are groups longer than the length of the user field in struct
40 utmp or utmpx, which should be quite rare.
43 * Add Italian translation for sudo from translationproject.org
47 Japanese translation for sudo and sudoers from
48 translationproject.org
51 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
53 * sudoreplay depends on timestr.lo too; from Mike Frysinger
56 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
58 * plugins/sudoers/po/sudoers.pot:
59 Regen sudoers pot file.
63 Update with latest sudo 1.8.3 news
66 * ldap_start_tls_s() on Debian (at least) sets the effective and saved
67 uids to the same value as the real uid. This prevents sudo from
68 setting the uid or gid later on. As a workaround, we now set perms
69 to root during sudoers_policy_open().
72 * Better warning message on setuid() failure for the setreuid()
73 version of set_perms().
76 2011-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
79 Combine new translations in NEWS item
82 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
84 * Delref auth_pw at the end of check_user() instead of getting a ref
88 * Make sudo_auth_{init,cleanup} return TRUE on success and check for
89 sudo_auth_init() return value in check_user().
92 * Do not return without restoring permissions.
95 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
100 Update for latest release candidate
103 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
107 * Modify the authentication API such that the init and cleanup
108 functions are always called, regardless of whether or not we are
109 going to verify a password. This is needed for proper PAM session
113 * Add missing dependency for getspwgen other depends.
116 * Fix a PAM_USER mismatch in session open/close. We update PAM_USER
117 to the target user immediately before setting resource limits, which
118 is after the monitor process has forked (so it has the old value).
119 Also, if the user did not authenticate, there is no pamh in the
120 monitor so we need to init pam here too. This means we end up
121 calling pam_start() twice, which should be fixed, but at least the
122 session is always properly closed now.
125 * Add check for old being NULL in utmp_setid(); from Steven McDonald
128 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
130 * If the invoking user cannot be resolved by uid fake the struct
131 passwd and store it in the cache so we can delref it on exit.
134 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
136 * Don't error out if the group plugin cannot be loaded, just warn.
139 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
141 * Quiet a false positive found by several static analysis tools. These
142 tools don't know that log_error() does not return (it longjmps to
143 error_jmp which returns to the sudo front-end).
146 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
148 * Add Italian translation for sudo from translationproject.org Regen
153 Added tag SUDO_1_8_2 for changeset 3682e51af1d0
156 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
158 * Update to current reality and add bit about ssh auth
161 * Make "verbose" static; fixes a namespace clash with
162 pam_ssh_agent_auth (and it doesn't need to be extern these days).
165 * configure, configure.in:
166 FreeBSD has libutil.h not util.h
169 * configure, configure.in:
170 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
173 * Update po files from translationproject.org
176 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
179 Mention DEREF support
182 * plugins/sudoers/po/sudoers.pot:
186 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
187 Add support for DEREF in ldap.conf.
191 install target should depend on ChangeLog too, not just install-doc
194 * NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in:
195 Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
198 * configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
202 * configure, configure.in:
203 Fix some square brackets in case statements that needed to be
204 doubled up. While here, use $OSMAJOR when it makes sense.
207 * Fix a crash in make_grlist_item() on 64-bit machines with strict
211 * Remove list_options() function that is no longer used now that "sudo
215 * configure, configure.in:
216 Error message if user tries --with-CC
219 * configure, configure.in:
220 Check for -libmldap too when looking for ldap libs, which is the
221 Tivoli Directory Server client library.
224 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
225 regen pot files for 1.8.3
228 * NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
229 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
230 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
231 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
233 Update for version 1.8.3
236 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
238 * Honor NOPASSWD tag for denied commands too.
241 * INSTALL, configure, configure.in:
242 Remove --with-CC option; it doesn't work correctly now that we use
243 libtool. Users can get the same effect by setting the CC
244 environment variable when running configure.
247 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
249 * configure, configure.in:
250 Assume all modern systems support fstat(2).
253 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
255 * configure, configure.in:
256 Add configure test for missing errno declaration and only declare it
257 ourselves if it is missing.
260 * Include errno.h before sudo.h to avoid conflicting with the system
264 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
266 * Only print individual check status when there is a failure.
269 * Add calls to setprogname() for test programs.
272 * configure, configure.in:
273 Add -Wall and -Werror after all tests so they don't cause failures.
276 * Actually run check_addr in the check target
279 * Split out address matching into its own file and add regression
283 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
285 * Fix matching a network number with netmask when the network number
286 is not the first address in the CIDR block.
289 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
291 * Don't assume all editors support the +linenumber command line
292 argument, use a whitelist of known good editors.
295 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
297 * Silence compiler warnings on Solaris with gcc 3.4.3
300 * Fix building on RHEL 3
303 * INSTALL, configure, configure.in:
304 Add --enable-werror configure option.
307 * setgroups() proto lives in grp.h on RHEL4, perhaps others.
310 * configure, configure.in:
311 Use PAM by default on AIX 6 and higher.
314 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
316 * Add new Esperanto translation from translationproject.org
319 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
321 * Quiet an innocuous valgrind warning.
324 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
326 * Fix expansion of strftime() escapes in log_dir and add a regress
327 test that exhibited the problem.
330 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
331 Fix "make check" return value.
334 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
336 * plugins/sudoers/po/sudoers.pot:
338 [3682e51af1d0] [SUDO_1_8_2] <1.8>
341 Fix logic inversion in pot file up to date check.
344 * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat,
345 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
346 doc/visudo.cat, doc/visudo.man.in:
350 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
352 * configure, configure.in:
353 Add caching for gettext() checks.
356 * configure, configure.in:
357 Better handling of libintl header and library mismatch.
360 2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
366 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
368 * Also check sudoers gid if sudoers is group writable.
372 Update for 1.8.2 final
375 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
377 * configure, configure.in:
378 If dlopen is present but libtool doesn't find it, error out since it
379 probably means that libtool doesn't support the system.
382 * configure args on the command line should override builtin defaults.
383 Disable NLS for non-Linux/Solaris unless explicitly enabled.
386 * Fix loop that calls authenticate(). If there was an error message
387 from authenticate(), display it.
390 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
392 * configure, configure.in:
393 Update to autoconf 2.68 and libtool 2.4
396 * Fix typo; OPT should be OTP
399 * Rename libsudoers convenience library to libparsesudoers to avoid
403 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
405 * Add Danish sudoers translation from translationproject.org
408 * Add dedicated callback function for runas_default sudoers setting
409 that only sets runas_pw if no runas user or group was specified by
413 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
415 * Update Finish, Polish, Russian and Ukrainian translations from
416 translationproject.org.
420 Go back to using a callback for runas_default to keep runas_pw in
421 sync. This is needed to make per-entry runas_default settings work
422 with LDAP-based sudoers. Instead of declaring it a callback in
423 def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
424 bit naughty, but avoids requiring stub functions in visudo and the
428 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
430 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
435 Add check for out of date message catalogs when doing "make dist".
438 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
440 * configure, configure.in:
441 Make sure compiler supports static-libgcc before using it.
444 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
446 * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
449 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
451 * Add new Russian sudo translation from translationproject.org and
452 rebuild the other translation files.
455 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
457 * Update Finish and Polish translations from translationproject.org
460 * Go back to escaping the command args for "sudo -i" and "sudo -s"
461 before calling the plugin. Otherwise, spaces in the command args
462 are not treated properly. The sudoers plugin will unescape non-
463 spaces to make matching easier.
466 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
468 * Fix some potential problems found by the clang static analyzer, none
472 * Updated Ukranian and Chinese (simplified) po files from
473 translationproject.org
476 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
478 * Updated Polish translation from translationproject.org
481 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
485 * Don't try to audit failure if the runas user does not exist. We
486 don't have the user's command at this point so there is nothing to
487 audit. Add a NULL check in audit_success() and audit_failure() just
488 to be on the safe side.
491 * Add -g to CFLAG for PIE builds.
494 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
496 * Remove fallback to per-group lookup when matching groups in sudoers.
497 The sudo front-end will now use getgrouplist() to get the user's
498 list of groups if getgroups() fails or returns zero groups so we
499 always have a list of the user's groups. For systems with
500 mbr_check_membership() which support more that NGROUPS_MAX groups
501 (Mac OS X), skip the call to getgroups() and use getgrouplist() so
502 we get all the groups.
505 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
507 * Fix setgroups() fallback code on EINVAL.
510 * Fix two PERM_INITIAL cases that were still using user_gids.
513 * Add Polish sudo message catalog
516 * user_group is no longer used, remove it
519 2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
521 * Add Polish translation from translationproject.org
524 * Add a wrapper for setgroups() that trims off extra groups and
525 retries if setgroups() fails. Also add some missing addrefs for
526 PERM_USER and PERM_FULL_USER.
529 * configure, configure.in:
530 Instead of keeping separate groups and gids arrays, create struct
531 group_info and use it to store both, along with a count for each.
532 Cache group info on a per-user basis using getgrouplist() to get the
533 groups. We no longer need special to special case the user or list
534 user for user_in_group() and thus no longer need to reset the groups
535 list when listing another user.
538 * Don't rely on NULL since we don't include a header for it.
544 * Do not shadow global sudo_mode with a local variable in set_cmnd()
547 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
549 * bash 2.x doesd not support the -l flag and exits with an error if it
550 is specified so use --login instead. This causes an error with bash
551 1.x (which uses -login instead) but this version is hopefully less
555 * Add Polish translation from translationproject.org
558 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
560 * Make error strings translatable.
563 * Only run configure with --with-pam-login for RHEL 5 and above.
566 * Fix typo in summary
569 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
571 * Add missing logwrap.c
574 * Split out log file word wrap code into its own file and add unit
575 tests. Fixes an off-by one in the word wrap when the log line
576 length matches loglinelen.
579 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
581 * For SuSE, only use /usr/lib64 as libexec if generating 64-bit
585 * Fix build error when --without-noexec configure option is used.
588 * configure, configure.in:
589 Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
593 2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
596 Document group lookup change and possible side effects.
599 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
601 * Resolve the list of gids passed in from the sudo frontend (the
602 result of getgroups()) to names and store both the group names and
603 ids in the sudo_user struct. When matching groups in the sudoers
604 file, match based on the names in the groups list first and only do
605 a gid-based match when we absolutely have to. By matching on the
606 group name (as it is listed in sudoers) instead of id (which we
607 would have to resolve) we save a lot of group lookups for sudoers
608 files with a lot of groups in them.
611 2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
617 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
619 * Workaround for "sudo -i command" and newer versions of bash which
620 don't go into login mode when -c is specified unless -l is too.
623 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
625 * Rewrite logfile word wrapping code to be more straight-forward and
626 actually wrap at the correct place.
629 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
636 Mention use_pty bug fix
639 * Set use_pty=true in command details when use_pty is set in sudoers.
643 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
645 * Sync Chinese (simplified) PO files from translationproject.org
648 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
650 * Add Danish translation from translationproject.org and add missing
654 * Makefile.in, configure, configure.in:
655 No longer need to specify LINGUAS in configure, "make install-nls"
656 now just installs all the .mo files it finds.
659 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
661 * Build CONTRIBUTORS from newly-added contributors.pod
664 * Rework the wording in the leading paragraph
667 2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
669 * Add a CONTRIBUTORS file with the names of folks who have contributed
670 code or patches to sudo since I started maintaining it (plus the
674 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
676 * Preserve SHELL variable for "sudo -s". Otherwise we can end up with
677 a situation where the SHELL variable and the actual shell being run
681 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
683 * configure, configure.in:
684 Only enable Solaris project support when setproject() is present in
688 * Explicitly set mode and owner of /etc/sudoers instead of relying on
689 "cp -p" to work in the postinstall script. On AIX 6.1 at least the
690 postinstall script runs before the final file permissions are set.
693 * Refer the user to the "Command Environment" section in description
700 * If there is no old dependency for an object file, use the MANIFEST
704 * Remove dependency for getgrouplist.lo as we don't ship that source
708 * Do not declare yyparse() static as the actual function generated by
713 Remove locale files in "make uninstall"
716 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
719 Add Basque translation and sync Finish and Ukranian translations.
723 Update PAM change to reflect latest checkin.
726 * configure, configure.in:
727 FreeBSD no longer needs the main sudo binary to link with -lpam now
728 that plug-ins are loaded with RTLD_GLOBAL.
731 * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
732 problems with pam modules not having access to symbols provided by
733 libpam on some platforms. Affects FreeBSD and SLES 10 at least.
737 Move xgettext invocation out of update-po target into update-pot
740 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
742 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
743 Regenerate .pot files for 1.8.2rc2
747 Move nls targets to the top level Makefile so the paths in the pot
755 * Add compiled version of sudo Finish translation
758 * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
762 * configure, configure.in:
763 Add Finish translation from translationproject.org
766 * The group named by exempt_group should not have a % prefix.
769 * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
772 * Fix compressed io log corruption in background mode by using _exit()
773 instead of exit() to avoid flushing buffers twice.
775 Improved background mode support. When not allocating a pty, the
776 command is run in its own process group. This prevents write access
777 to the tty. When running in a pty, stdin is not hooked up and we
778 never read from /dev/tty, which results in similar behavior.
781 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
783 * Clean up regress files Generate proper dependencies for regress objs
787 * Add missing dependency for check_fill.o.
790 2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
792 * INSTALL, configure, configure.in:
793 Add support for --enable-nls[=location]
796 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
801 * Quiet gcc warnings.
804 * configure, configure.in:
805 Don't install .mo files if gettext was not found.
808 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
810 * Always allocate a pty when running a command in the background but
811 call setsid() after forking to make sure we don't end up with a
815 * Add missing space between command name and the first command line
819 * Quiet a compiler warning on some platforms.
822 * README file that directs people to translationproject.org
825 * Sync translations with TP
829 Add 'sync-po' target to top-level Makefile to rsync the po files
830 from translationproject.org.
833 * install nls files from install target
837 Include .mo files in sudo binary packags.
840 * configure, configure.in:
841 Add simplified chinese translation
844 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
846 * configure, configure.in:
847 Add ukranian translation
850 * refer to siglist.c, not ./siglist.c since not all makes will treat
851 foo and ./foo the same.
854 * Set def_preserve_groups before searching for the command when the -P
859 Add dependency for siglist.lo in compat. This is a generated file
860 so "make depend" needs to depend on it.
863 * More dependency fixes.
866 * Fix a few dependencies.
869 * Place compiled mo files in the src dir, not the build dir. When
870 installing compiled mo files, display a status message.
873 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
875 * Tivoli Directory Server requires that seconds be present in a
876 timestamp, even though RFC 4517 states that they are optional.
879 * Add missing bit of copyright
882 * Mention cycle detection warnings
885 * When checking aliases, also check the contents of the alias in case
886 there are problems with an alias that is referenced inside another.
887 Replace the self reference check with real alias cycle detection.
890 * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
891 ENOENT in alias_find() and alias_remove() if the entry could not be
895 * Increment alias_seqno before calls to alias_remove_recursive() to
896 avoid false positives with the alias loop detection. Fixes spurious
897 warnings about unused aliases when they are nested.
903 * Add dependency on convenience libs to binaries
907 mkdep.pl only works when run from the src dir
911 Auto-generate Makefile dependencies with a perl script.
914 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
916 * If the user specifies a runas group via sudo's -g option that
917 matches the runas user's group in the passwd database and that group
918 is not denied in the Runas_Spec, allow it. Thus, if user root's gid
919 in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
920 no groups are present in the Runas_Spec.
923 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
926 Mention what is new in 1.8.2 (for now)
929 * Add dependencies on gettext.h
932 * Fix install-nls target with HP-UX sh when gettext is not present.
935 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
936 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
937 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
938 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
942 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
944 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
945 regenerate .pot files for lbuf changes
948 * configure, configure.in:
949 Add missing "checking" message for gettext when using the cache.
952 * Add primitive format string support to the lbuf code to make
953 translations simpler.
956 * configure, configure.in, plugins/sudoers/po/sudoers.pot,
958 Bump version to 1.8.2
961 * Add message catalog template files for sudo and the sudoers module.
965 Add gettext.h convenience header. This is similar to but distinct
966 from the one included with the gettext package.
969 * configure, configure.in:
970 Add checks for nroff -c and -Tascii flags
973 * configure, configure.in:
974 Add check for HP bundled C Compiler (which cannot create shared
978 * Fix C format warnings.
984 * Translate help / usage strings.
987 * Set --msgid-bugs-address to the bugzilla url
990 * INSTALL, Makefile.in, README, configure, configure.in:
991 Add scaffolding to update .po files and install .mo files.
994 * Minor warning/error cleanup
998 Emulate ngettext for the non-nls case
1001 * Do not mark untranslatable strings for translation
1002 [088271ed02d0] <1.8>
1004 * Use ROOT_UID not 0.
1005 [f901fa2fdaf2] <1.8>
1007 * Minor warning/error message cleanup
1008 [b99c7ef46236] <1.8>
1010 * cannot -> "unable to" in warning/error messages can't -> "unable to"
1011 in warning/error messages
1012 [5119140fabc7] <1.8>
1014 * configure, configure.in:
1015 FreeBSD needs the main sudo executable to link with -lpam when
1016 loading dynaic pam modules for some reason.
1017 [738b6778a505] <1.8>
1019 * We don't want to translate debugging messages.
1020 [357a575c2dfd] <1.8>
1022 * configure, configure.in:
1023 Add calls to bindtextdomain() and textdomain() Currently there are
1024 two domains, one for the sudo front-end and one for the sudoers
1025 plugin and its associated utilities.
1026 [907f39439d80] <1.8>
1028 * configure, configure.in:
1029 Fix caching of libc gettext check.
1030 [e229c21f412f] <1.8>
1032 * Mark defaults descriptions for translation
1033 [65e03d1f8203] <1.8>
1036 Update for sudo 1.8.1p2
1037 [89c31f2aa11e] <1.8>
1039 * Quiet compiler warning when SELinux is enabled.
1040 [51b1d7c8aa86] <1.8>
1042 * dd missing includes of libintl.h.
1043 [25662143d36d] <1.8>
1045 * Fix gettext marker.
1046 [7618856ba5de] <1.8>
1048 * Include libint.h where needed.
1049 [cc256b297b9d] <1.8>
1051 * Prepare sudoers module messages for translation.
1052 [1b7f0bbaa55f] <1.8>
1054 * Only check gid of sudoers file if it is group-readable.
1055 [f3cae943f35a] <1.8>
1057 * For AIX, keep calling authenticate() until reenter reaches 0.
1058 [e412676bac73] <1.8>
1060 * configure, configure.in:
1061 Cache the status of the initial gettext() check.
1062 [c32281768c0f] <1.8>
1064 * INSTALL, configure, configure.in:
1065 Add --disable-nls flag and improve checks for gettext.
1066 [b39674c1e538] <1.8>
1068 * configure, configure.in:
1069 When building with gcc on HP-UX, use -march=1.1 to produce portable
1070 binaries on a pa-risc2 host. Previously, the +Dportable option was
1071 used for the HP-UX C compiler but gcc always produced native
1073 [41351c23ad41] <1.8>
1075 * Prepare sudo front end messages for translation.
1076 [7807d6f74dac] <1.8>
1078 * configure, configure.in:
1079 Add initial scaffolding to support localization via gettext()
1080 [cdbbff7e6376] <1.8>
1082 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
1085 update copyright year
1086 [d681661f03cc] <1.8>
1089 No need to include version number at the top of these files.
1090 [7e11f673f773] <1.8>
1093 This is sudo 1.8.1 not 1.8.0
1094 [4d674f230d8a] <1.8>
1096 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
1098 * Don't let the fnmatch/glob macros expand the function prototype.
1099 [d449e9a8f447] <1.8>
1101 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
1103 * Resolve namespace collisions on HP-UX ia64 and possibly others by
1104 adding a rpl_ prefix to our fnmatch and glob replacements and
1105 #defining rpl_foo to foo in the header files.
1106 [d23889375b21] <1.8>
1108 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
1110 * Split ALL, ROLE and TYPE into their own actions. Since you can only
1111 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
1112 the non-SELinux case. This is safe because the actions are in one
1113 big switch() statement.
1114 [0bd9b7e37ab1] <1.8>
1116 * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
1117 [8dec97b359e0] <1.8>
1119 * askpass moved from sudoers to sudo.conf in sudo 1.8.0
1120 [1001d87d82ed] <1.8>
1122 * Remove obsolete warning about runas_default and ordering. Move
1123 syslog facility and priority lists into the section where the
1124 relevant options are described.
1125 [1286b9624021] <1.8>
1127 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
1129 * Fix SIA support; we no longer have access to the real argc and argv
1130 so allocate space for a fake one and use the argv passed to the
1131 plugin with "sudo" for argv[0].
1132 [7c11eeffb91c] <1.8>
1134 * Remove useless realloc when trying to get the buffer size right.
1135 [58128e7f4e28] <1.8>
1137 * Be explicit when setting euid to 0 before call to setreuid(0, 0)
1138 [95769a564ab8] <1.8>
1140 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
1143 sudo 1.8.1p1 updates
1144 [de3d688b5bb1] <1.8>
1146 * configure, configure.in:
1147 Need to do checks for krb5_verify_user, krb5_init_secure_context and
1148 krb5_get_init_creds_opt_alloc regardless of whether or
1149 notkrb5-config is present.
1150 [456c4a9cd5d6] <1.8>
1152 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1154 * Work around weird AIX saved uid semantics on setuid() and
1155 setreuid(). On AIX, setuid() will only set the saved uid if the euid
1157 [5d0a69e9d181] <1.8>
1159 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
1161 * update copyright year
1162 [fa8da6d55783] <1.8>
1164 * Treat a missing includedir like an empty one and do not return an
1166 [5fd9fe004728] <1.8>
1168 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1170 * Fix ARCH setting in cross-compile Solaris packages.
1171 [8ce40940f6c9] <1.8>
1173 * Fix aix version setting.
1174 [02a9e25d46ba] <1.8>
1176 * Remove extraneous parens in LDAP filter when sudoers_search_filter
1177 is enabled that causes a search error. From Matthew Thomas.
1178 [b67be9b51ec6] <1.8>
1180 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
1182 * Correct sizeof() to fix test failure.
1183 [a11b89fd13f9] <1.8>
1185 * "install" target should depend on "install-dirs". Fixes "make -j"
1186 problem and closes bz #487. From Chris Coleman.
1187 [06ab0558f848] <1.8>
1189 2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1192 Added tag SUDO_1_8_1 for changeset 0ed6281995f0
1193 [543d41a163e9] <1.8>
1195 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1196 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1197 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1198 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1199 Regen man pages for 1.8.1
1200 [0ed6281995f0] [SUDO_1_8_1] <1.8>
1202 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
1204 * Add HAVE_RFC1938_SKEYCHALLENGE
1205 [c0d7eb39799d] <1.8>
1207 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
1209 * Mention plugin loading and libgcc changes
1210 [b74929cba37c] <1.8>
1212 * Load plugins after parsing arguments and potentially printing the
1213 version. That way, an error loading or initializing a plugin
1214 doesn't break "sudo -h" or "sudo -V".
1215 [c1ecb5979cf0] <1.8>
1218 When using a sub-shell to invoke the sub-make, exec make instead of
1219 running it inside the shell to avoid an extra process.
1220 [9439f016c993] <1.8>
1222 * Stop testing unspecified behavior in fnmatch Make glob test more
1224 [87a91d76fbff] <1.8>
1226 * No need to add current dir to include path and having it breaks the
1227 test programs that expect to get the system glob.h and fnmatch.h
1228 [3ae7f9e7b710] <1.8>
1230 * configure, configure.in:
1231 Fix and document --with-plugindir; partially from Diego Elio Petteno
1232 [0220a0c2606f] <1.8>
1234 * Fix fnmatch and glob tests to not use hard-coded flag values in the
1235 input file. Link test programs with libreplace so we get our
1236 replacement verions as needed.
1237 [66bab80241e0] <1.8>
1240 If make in a subdir fails, fail the target in the upper level
1241 Makefile too. Adapted from a patch from Diego Elio Petteno
1242 [bc35b7813507] <1.8>
1244 * configure, configure.in:
1245 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
1246 has this. Adapted from a patch from Diego Elio Petteno
1247 [bb6228f484b9] <1.8>
1249 * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
1251 [47e6d5fadc6d] <1.8>
1253 * configure, configure.in:
1254 Fix warnings when -without-skey, --without-opie, --without-kerb4,
1255 --without-kerb5 or --without-SecurID were specified.
1256 [1b75035dd129] <1.8>
1258 * Add plugins/sudoers/sudoers_version.h
1259 [1d470c6033ca] <1.8>
1261 * configure, configure.in:
1262 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
1263 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
1264 of @LDFLAGS@ in plugin Makefile.in files.
1265 [dd237f43aa12] <1.8>
1267 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
1269 * Mention %#gid support in User_List and Runas_List
1270 [37e259b9181b] <1.8>
1272 * Keep track of sudoers grammar version and report it in the -V
1274 [0e0b891dd8a4] <1.8>
1276 * Add multiple inclusion guard
1277 [ec6884f51ea8] <1.8>
1279 * configure, configure.in:
1280 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
1281 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
1282 set it to -Wc,-static-libgcc if not using GNU ld so we don't
1283 have a dependency on the shared libgcc in sudoers.so.
1284 [28d03f3eb0d2] <1.8>
1286 * Fix typo; from Petr Uzel
1287 [d19b9bd92bd3] <1.8>
1289 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
1291 * In dump-only mode, use "root" as the default username instead of
1292 "nobody" as the latter may not be available on all systems.
1293 [b304111616dd] <1.8>
1295 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
1297 * Remove NewArgv/NewArgc, they are no longer needed.
1298 [c0a36a42a68c] <1.8>
1300 * Fix setting of user_args
1301 [529e79ea95d1] <1.8>
1303 * Add '!' token to lex tracing
1304 [aef295d428e7] <1.8>
1306 * Use group bin in test, not wheel as most systems have the bin group
1307 but the same is no longer true of wheel.
1308 [350347f09c1a] <1.8>
1310 * Avoid using pre or post increment in a parameter to a ctype(3)
1311 function as it might be a macro that causes the increment to happen
1313 [8a94ebdd53b8] <1.8>
1315 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
1317 * Strip off the beta or release candidate version when building AIX
1319 [00ad950764e2] <1.8>
1321 * configure, configure.in:
1322 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
1323 structure checks for glibc which only has __e_termination visible
1324 when _GNU_SOURCE is *not* defined.
1325 [1d58420a4a4a] <1.8>
1327 * getuserattr(user, ...) will fall back to the "default" entry
1328 automatically, there's no need to check "default" manually.
1329 [cefffa82967d] <1.8>
1331 * Document parser changes.
1332 [5038238f60eb] <1.8>
1334 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
1337 If there is an existing sudoers file, only install if it passes a
1339 [b1e4c9c56fe0] <1.8>
1341 * Add runasgroup support to testsudoers
1342 [30838590e9de] <1.8>
1344 * For "make check", keep going even if a test fails.
1345 [d3a72f67227e] <1.8>
1347 * More useful exit codes:
1348 * 0 - parsed OK and command matched.
1350 * 2 - command not matched
1351 * 3 - command denied
1352 [59301e0769cd] <1.8>
1354 * Document %#gid, and %:#nonunix_gid syntax.
1355 [39ee15af58e9] <1.8>
1357 * Add support to user_in_group() for treating group names that begin
1359 [0eb19980cf5f] <1.8>
1361 * configure, configure.in:
1362 Add explicit check for struct utmpx.ut_exit.e_termination and struct
1363 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
1364 ut_exit if we detect one or the other.
1365 [ab5b665fc04b] <1.8>
1367 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
1369 * Add back missing #include of config.h
1370 [9c82bec81018] <1.8>
1372 * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
1374 [1ae630470f8a] <1.8>
1376 * Quote first argument to AC_DEFUN(); from Elan Ruusamae
1377 [c467e9e3b399] <1.8>
1379 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
1381 * add new sudoers tests
1382 [05f2a0924acc] <1.8>
1384 * Add test for a newline in the middle of a string when no line
1385 continuation character is used.
1386 [24b79be5822b] <1.8>
1388 * Use bitwise AND instead of modulus to check for length being odd. A
1389 newline in the middle of a string is an error unless a line
1390 continuation character is used.
1391 [65c468599688] <1.8>
1393 * Move lexer globals initialization into init_lexer.
1394 [07a1171a1853] <1.8>
1396 * Fix a potential crash when a non-regular file is present in an
1397 includedir. Fixes bz #452
1398 [5057cb9516e4] <1.8>
1400 * On some Linux systems, "uname -p" contains detailed processor info
1401 so check "uname -m" first and then "uname -p" if needed. Recognize
1403 [56226c84a060] <1.8>
1405 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
1407 * Don't need all sudoers.h here.
1408 [43b6ae5999c5] <1.8>
1410 * Print sudo version early, in case policy plugin init fails.
1411 [620f2d0ec4b1] <1.8>
1413 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
1415 * Update to match change in input.
1416 [69540f84721d] <1.8>
1418 * Make an empty group or netgroup a syntax error.
1419 [4b85bddc494e] <1.8>
1421 * An empty group or netgroup should be a syntax error.
1422 [6ec796972eff] <1.8>
1424 * Check that uids work in per-user and per-runas Defaults Check that
1425 uids and gids work in a Command_Spec
1426 [68cf62353420] <1.8>
1428 * Test empty string in User_Alias and Command_Spec
1429 [017d487c31be] <1.8>
1431 * Allow a group ID in the User_Spec.
1432 [37e0bf69c8d8] <1.8>
1434 * Return an error for the empty string when a word is expected. Allow
1435 an ID for per-user or per-runas Defaults.
1436 [4c9020779582] <1.8>
1438 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
1440 * Fix printing "User_Alias FOO = ALL"
1441 [97c9fd7caeb7] <1.8>
1443 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
1445 * Better error message about invalid -C argument
1446 [2301e7a3835b] <1.8>
1449 [c5acde62a309] <1.8>
1451 * Fix placement of equal size ('=') in user specification summary.
1452 [4d0ffef77ae4] <1.8>
1454 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
1456 * update to match sudoers regress
1457 [0efb8dc9092a] <1.8>
1459 * Restore ability to define TRACELEXER and have trace output go to
1461 [441c8b372217] <1.8>
1463 * Restore old behavior of setting sawspace = TRUE for command line
1464 args when a line continuation character is hit to avoid causing
1465 problems for existing sudoers files.
1466 [963ded6ce070] <1.8>
1468 * Add test for line continuation and aliases
1469 [5703d11a3c46] <1.8>
1471 * Make test output line up nicely for parse vs. toke
1472 [15321ce2d7d9] <1.8>
1474 * plugins/sudoers/regress/testsudoers/test1.ok,
1475 plugins/sudoers/regress/testsudoers/test2.out,
1476 plugins/sudoers/regress/testsudoers/test2.sh,
1477 plugins/sudoers/regress/testsudoers/test3.ok,
1478 plugins/sudoers/regress/testsudoers/test3.sh,
1479 plugins/sudoers/regress/visudo/test1.ok,
1480 plugins/sudoers/regress/visudo/test1.sh:
1481 Move parser tests to sudoers directory and test the tokenizer output
1483 [111c1ccda334] <1.8>
1485 * If we match a rule anchored to the beginning of a line after parsing
1486 a line continuation character, return an ERROR token. It would be
1487 nicer to use REJECT instead but that substantially slows down the
1489 [67e54b14aa9d] <1.8>
1491 * Move LEXTRACE macro to toke.h so we can use it in yyerror().
1492 [e6e04037deed] <1.8>
1494 * Make lex tracing settable at run-time in testsudoers via the -t
1495 flag. Trace output goes to stderr. Will be used by regress tests
1497 [a973f43cc0c2] <1.8>
1499 * Allow whitespace after the modifier in a Defaults entry. E.g.
1500 "Defaults: username set_home"
1501 [bf876c9fc5bb] <1.8>
1503 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
1505 * Don't set CC when cross-compiling.
1506 [d3c33dcb02f2] <1.8>
1508 * Credit Matthew Thomas for the sudoers_search_filter changes.
1509 [2209b80664af] <1.8>
1511 * Add the .sym files to the MANIFEST
1512 [bb452b28a009] <1.8>
1514 * Update for sudo 1.8.1 beta
1515 [700d42d80e00] <1.8>
1517 * user_shell -> run_shell to avoid confusion with the user's SHELL
1519 [451b96d5f97e] <1.8>
1521 * Save the controlling tty process group before suspending in pty
1522 mode. Previously, we assumed that the child pgrp == child pid
1523 (which is usually, but not always, the case).
1524 [b0841d861191] <1.8>
1526 * Add support for sudoers_search_filter setting in ldap.conf. This
1527 can be used to restrict the set of records returned by the LDAP
1529 [70c5f496e2b3] <1.8>
1531 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
1533 * configure, configure.in:
1534 Remove the hack to disable -g in CFLAGS unless --with-devel
1535 [9459839f50ba] <1.8>
1537 * The '@' character does not normally need to be quoted.
1538 [e66c4c64e514] <1.8>
1540 * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
1541 if that whitespace is followed by a comma, we want to treat it as
1542 part of a list and not transition.
1543 [52ae2df9959d] <1.8>
1545 * Add check for whitespace when a User_List is used for a per-user
1547 [44a4db95be86] <1.8>
1549 * Expand quoted name checks to cover recent fixes.
1550 [bd494b5c2bed] <1.8>
1552 * Fix parsing of double-quoted names in Defaults and Aliases which was
1553 broken in 601d97ea8792.
1554 [dfdd58c3eb3b] <1.8>
1556 * toke_util.c lives in $(srcdir) not $(devdir)
1557 [94f8f024782e] <1.8>
1559 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
1561 * configure, configure.in:
1562 Update version to 1.8.1
1563 [531a7d520f18] <1.8>
1565 * Document major changes in 1.8.1 and add upgrade notes.
1566 [116821646140] <1.8>
1568 * Be careful not to deref user_stat if it is NULL. This cannot
1569 currently happen in sudo but might in other programs using the
1571 [d72a9c7151c4] <1.8>
1573 * configure will not add -O2 to CFLAGS if it is already defined to add
1574 -O2 to the CFLAGS we pass in when PIE is being used.
1575 [2c7fe82be93d] <1.8>
1577 * Warn about the dangers of log_input and mention iolog_file and
1578 iolog_dir in the log_input and log_output descriptions.
1579 [edc6aa59aa45] <1.8>
1581 * sync with git version
1582 [b121cf739c77] <1.8>
1584 * It seems that h comes after i
1585 [99ad15015f05] <1.8>
1587 * Move log_input and log_output to their proper, sorted, location.
1588 Document set_utmp and utmp_runas.
1589 [216ce8b0ae1a] <1.8>
1591 * Save the controlling tty process group before suspending so we can
1592 restore it when we resume. Fixes job control problems on Linux
1593 caused by the previous attemp to fix resuming a shell when I/O
1594 logging not enabled.
1595 [dfe038f733be] <1.8>
1597 * Fix printing of the remainder after a newline. Fixes "sudo -l"
1598 output corruption that could occur in some cases.
1599 [ab2f0a629e0d] <1.8>
1601 * Add support for ut_exit
1602 [7039ec6a73fa] <1.8>
1604 * Add support for controlling whether utmp is updated and which user
1605 is listed in the entry.
1606 [1b008ce71eab] <1.8>
1608 * Fix typo; tupple vs. tuple
1609 [67bb5c67ae3d] <1.8>
1611 * For legacy utmp, strip the /dev/ prefix before trying to determine
1612 slot since the ttys file does not include the /dev/ prefix.
1613 [8f597114381d] <1.8>
1615 * Add check for _PATH_UTMP
1616 [fe7e2456f017] <1.8>
1618 * Adapt check_iolog_path to sessid changes
1619 [3016201869b6] <1.8>
1621 * Redo utmp handling. If no getutent()/getutxent() is available,
1622 assume a ttyslot-based utmp. If getttyent() is available, use that
1623 directly instead of ttyslot() so we don't have to do the stdin dup2
1625 [817490c7c20e] <1.8>
1627 * Move utmp handling into utmp.c
1628 [e4729d9259e9] <1.8>
1630 * Update copyright years.
1631 [1065afc00233] <1.8>
1633 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
1635 * Add "user_shell" boolean as a way to indicate to the plugin that the
1637 [6e8bc49b7ea7] <1.8>
1639 * Move sessid out of sudo_user.
1640 [00d67d5ba894] <1.8>
1642 * Log the TSID even if it is not a simple session ID.
1643 [490cf0adae29] <1.8>
1645 * Document noexec in sample.sudo.conf and add back noexec_file section
1646 in sudoers with a note that it is deprecated.
1647 [c7a2d8d0c563] <1.8>
1649 * Fix running commands as non-root on systems where setreuid() changes
1650 the saved uid based on the effective uid we are changing to.
1651 [f3b27db56ba6] <1.8>
1653 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
1655 * Move noexec path into sudo.conf now that sudo itself handles noexec.
1656 Currently can be configured in sudoers too but is now undocumented
1657 and will be removed in a future release.
1658 [9c5f64709994] <1.8>
1660 * Document "Path noexec ..." in sudo.conf. No longer document
1661 noexec_file in sudoers, it will be removed in a future release.
1662 [959fa6b5217b] <1.8>
1664 * Move noexec handling to sudo front-end where it is documented as
1666 [ef6cd4a40c61] <1.8>
1668 * Add support for disabling exec via solaris privileges. Includes
1669 preparation for moving noexec support out of sudoers and into front
1671 [d9c05ba9a24f] <1.8>
1673 * Only export the symbols corresponding to the plugin structs.
1674 [cb07af1d9b39] <1.8>
1676 * Install plugins manually instead of using libtool. This works
1677 around a problem on AIX where libtool will install a .a file
1678 containing the .so file instead of the .so file itself.
1679 [1ccf5af58c05] <1.8>
1682 Move check into its own rule since some versions of make will run
1683 both targets as the default rule.
1684 [7159f37eb552] <1.8>
1686 * Update to libtool 2.2.10
1687 [9e49773b32b7] <1.8>
1689 * In handle_signals(), restart the read() on EINTR to make sure we
1690 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
1691 means we have emptied the pipe.
1692 [dc2926097b2d] <1.8>
1694 * Reorder functions to quiet a compiler warning.
1695 [5201367e5db4] <1.8>
1697 * Use the Sun Studio C compiler on Solaris if possible
1698 [b8d43b423fb9] <1.8>
1700 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
1702 * Fix default setting of osversion variable.
1703 [e12905851be5] <1.8>
1705 * Make two login_class entris consistent.
1706 [0671d7b204be] <1.8>
1708 * Add support for adding a utmp entry when allocating a new pty.
1709 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
1710 Currently only creates a new entry if the existing tty has a utmp
1712 [40ff30099e79] <1.8>
1714 * Avoid pulling in headers we don't need on Linux For getutx?id(),
1715 call setutx?ent() first and always call endutx?ent().
1716 [b86f7a13aae9] <1.8>
1718 * Add some more libs to SUDOERS_LIBS instead of relying on them to be
1719 pulled in by SUDO_LIBS.
1720 [bcbd16ec56c6] <1.8>
1722 * Fix return value of "sudo -l command" when command is not allowed,
1723 broken in [c7097ea22111]. The default return value is now TRUE and
1724 a bad: label is used when permission is denied. Also fixed missing
1725 permissions restoration on certain errors. On error()/errorx(), the
1726 password and group files are now closed before returning.
1727 [757c941a47b2] <1.8>
1729 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
1731 * Fix passing of login class back to sudo front end.
1732 [5e649de6b7f5] <1.8>
1734 * Add --osversion flag to specify OS instead of running "pp
1736 [8a03943ac5e8] <1.8>
1738 * Fix expr usage w/ GNU expr
1739 [bdecfa1f54fc] <1.8>
1741 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
1743 * Fix exit value for validate and list mode.
1744 [6f8b20199935] <1.8>
1746 * Fix non-interactive mode with sudoers plugin.
1747 [cf5aca4fcbcf] <1.8>
1749 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
1751 * sudoreplay can now find IDs other than %{seq} and display the
1753 [60396b417633] <1.8>
1755 * Add support for replaying sessions when iolog_file is set to
1756 something other than %{seq}.
1757 [1cd2baa74d56] <1.8>
1759 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
1761 * If we are killed by a signal, display the name of the signal that
1763 [1b38c4d42282] <1.8>
1765 * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
1767 [78e97a921104] <1.8>
1769 * Fix bug in skey/opie check that could cause a shell warning.
1770 [f20229a04f30] <1.8>
1772 * No longer need sudo_getepw() stubs.
1773 [795631ac7db0] <1.8>
1775 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
1777 * Fix exit value of "sudo -l command" in sudoers module.
1778 [4a05d6019b3d] <1.8>
1780 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
1782 * Use fgets() not fgetln() for portability.
1783 [1f2050745096] <1.8>
1785 * Don't use the beta or release candidate version as the rpm release.
1786 [a5b049477646] <1.8>
1788 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1791 Adjust ChangeLog rule now that 1.8 is branched
1792 [a994ac361e44] <1.8>
1795 Added tag SUDO_1_8_0 for changeset f6530d56f6ae
1796 [99a2b3801419] <1.8>
1798 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1800 * configure, configure.in:
1802 [f6530d56f6ae] [SUDO_1_8_0]
1805 update sudo 1.8 section
1808 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
1810 * plugins/sudoers/regress/testsudoers/test2.sh:
1811 fix test description
1814 * plugins/sudoers/regress/testsudoers/test2.out,
1815 plugins/sudoers/regress/testsudoers/test2.sh,
1816 plugins/sudoers/regress/visudo/test2.out,
1817 plugins/sudoers/regress/visudo/test2.sh:
1818 convert test2 to use testsudoers
1821 * include/sudo_plugin.h, src/sudo_plugin_int.h:
1822 Move struct generic_plugin to sudo_plugin_int.h
1825 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1826 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
1827 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
1828 plugins/sudoers/sudoers.h:
1829 Allow sudoers file name, mode, uid and gid to be specified in the
1830 settings list. The sudo front end does not currently set these but
1834 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
1836 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
1837 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
1838 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
1839 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
1844 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
1845 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
1846 src/parse_args.c, src/sudo.h:
1847 add help text to sudo, visudo and sudoreplay for the -h option
1850 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
1852 * compat/snprintf.c:
1853 avoid using "howmany" for a parameter name since it is a select-
1858 mention group_plugin when describing nonunix_group
1861 * doc/sudo_plugin.pod:
1862 Add missing period at end of sentence
1865 * Makefile.in, doc/Makefile.in, include/Makefile.in,
1866 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1867 plugins/sudoers/Makefile.in, src/Makefile.in:
1868 add localstatedir; closes bug 471
1871 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
1872 src/exec.c, src/exec_pty.c:
1873 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
1878 add missing AH_TEMPLATE for ENV_RESET
1882 SVR5 systems return non-zero for success on socketpair(), check for
1883 -1 instead. Closes Bug 469
1886 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
1888 * configure, configure.in:
1892 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1893 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1894 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1895 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1900 Document that a sudo.conf file with no Pligin lines uses the default
1904 * src/load_plugins.c:
1905 If sudo.conf contains no Plugin lines, use the default sudoers
1906 policy and I/O plugins.
1909 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
1911 * plugins/sudoers/sudo_nss.c:
1912 Avoid printing empty "Runas and Command-specific defaults for user"
1917 Truncate the buffer at buf.len before printing in the non-wordwrap
1922 Remove extra newline when the tty width is very small or unavailable
1925 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
1927 * plugins/sudoers/alias.c:
1928 Remove unneeded variable.
1931 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1933 * configure, configure.in:
1934 Prefer getutxid over getutid
1937 * plugins/sudoers/boottime.c:
1938 Include utmp.h / utmpx.h before missing.h as apparently including it
1939 afterwards causes a compilation problem on GNU Hurd.
1942 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
1944 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
1945 #include "foo.h", not <foo.h> for local includes.
1952 * compat/mksiglist.c:
1956 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
1957 plugins/sudoers/match.c:
1958 return foo not return(foo)
1961 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1964 Remove duplicate FD_SET of signal_pipe[0]
1967 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
1969 * compat/mksiglist.c:
1970 Use "missing.h" not <missing.h> in generated code.
1973 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
1975 * aclocal.m4, configure:
1976 fix --with-iologdir=no
1979 * aclocal.m4, configure:
1980 fix typo that broke --with-iologdir
1983 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
1985 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
1986 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
1987 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
1988 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
1990 Bump version to 1.8.0b4
1997 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
1998 Attempt to clarify how users and groups interact in Runas_Specs
2001 * plugins/sudoers/regress/visudo/test2.out,
2002 plugins/sudoers/regress/visudo/test2.sh:
2003 Add test for quoted group that contains escaped double quotes
2006 * src/exec.c, src/exec_pty.c:
2007 Pass SIGUSR1/SIGUSR2 through to the child.
2010 * src/exec_pty.c, src/sudo_exec.h:
2011 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
2012 SIGUSR2 to indicate whether the child should be continued in the
2013 foreground or background.
2017 Use pid_t not int and check the return value of kill()
2020 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
2023 Remove obsolete comment
2027 In non-pty mode before continuing the child, make it the foreground
2028 pgrp if possible. Fixes resuming a shell.
2032 If we get a signal other than SIGCHLD in the monitor, pass it
2033 directly to the child.
2036 * src/exec.c, src/exec_pty.c, src/sudo.h:
2037 Save signal state before changing handlers and restore before we
2038 execute the command.
2041 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
2043 * plugins/sudoers/iolog.c:
2044 Use a char array to map a number to a base36 digit.
2047 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
2048 Be clear about what versions of sudo support new LDAP attributes.
2049 Fix up some formatting of attribute names. Minor other tweaks.
2052 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
2054 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2055 match quoted strings the same way whether in a Defaults line or as a
2056 user/group/netgroup name. Fixes escaped double quotes in quoted
2057 user/group/netgroup names.
2060 * plugins/sudoers/Makefile.in:
2061 'make check' depends on visudo and testsudoers
2064 * plugins/sudoers/sudoers2ldif:
2065 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
2068 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
2071 Mention LDAP attribute compatibility status.
2074 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
2080 * INSTALL, NEWS, config.h.in, configure, configure.in,
2081 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
2082 Add --disable-env-reset configure option.
2085 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2086 Document that sudoers_locale also affects logging and email.
2089 * NEWS, config.h.in, configure, configure.in,
2090 plugins/sudoers/logging.c:
2091 Do logging and email sending in the locale specified by the
2092 "sudoers_locale" setting ("C" by default). Email send by sudo
2093 includes MIME headers when the sudoers locale is not "C".
2096 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
2098 * plugins/sudoers/check.c:
2102 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
2104 * NEWS, src/parse_args.c, src/sudo.c:
2105 Perform command escaping for "sudo -s" and "sudo -i" after
2106 validating sudoers so the sudoers entries don't need to have all the
2110 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
2112 * plugins/sudoers/logging.c:
2113 Prepend "list " to the command logged when "sudo -l command" is used
2114 to make it clear that the command was listed, not run.
2117 * plugins/sudoers/parse.c:
2121 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
2122 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
2123 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
2124 compat/nanosleep.c, compat/regress/glob/globtest.c,
2125 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
2126 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
2127 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
2128 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
2129 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
2130 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
2131 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
2132 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
2133 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
2134 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
2135 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
2136 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2137 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
2138 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2139 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
2140 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
2141 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
2142 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
2143 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
2144 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2145 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
2146 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2147 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
2148 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
2149 src/sudo_noexec.c, src/tgetpass.c:
2150 standardize on "return foo;" rather than "return(foo);" or "return
2154 * plugins/sudoers/sudoers.c:
2155 Do not reject sudoers file just because it is root-writable.
2158 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
2164 * plugins/sudoers/sudo_nss.c:
2165 For "sudo -U user -l" if user is not authorized on the host, say so.
2168 * plugins/sudoers/ldap.c:
2169 In sudo_ldap_lookup(), always do the initial sudoers check as the
2170 invoking user. If we are listing another user's privs we will do a
2171 separate lookup using list_pw later.
2174 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
2177 add parser fill tests
2180 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
2181 Don't test features not supported by the bundled glob()
2184 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
2185 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
2186 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
2187 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
2188 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
2189 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2190 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2191 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2192 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
2193 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
2194 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
2195 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
2196 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2197 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
2198 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
2199 Update copyright year to 2011
2202 * plugins/sudoers/sudo_nss.c:
2203 When listing, use separate lbufs for the defaults and the privileges
2204 and only print something if the number of privileges is non-zero.
2205 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
2208 * plugins/sudoers/ldap.c:
2209 Stash pointer to user group vector in LDAP handle and only reuse the
2210 query if it has not changed. We always allocate a new buffer when
2211 we reset the group vector so a simple pointer check is sufficient.
2214 * plugins/sudoers/sudo_nss.c:
2215 Check initgroups() return value.
2218 * plugins/sudoers/Makefile.in,
2219 plugins/sudoers/regress/parser/check_fill.c:
2220 Add tests for the fill functions in toke_util.c
2223 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
2225 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
2233 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
2236 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
2239 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
2242 Add Requires line for audit-libs >= 1.4 for RHEL5+
2246 sync with git version
2249 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
2251 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2255 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
2258 Update for sudo 1.7.4p5
2261 * doc/schema.OpenLDAP, doc/schema.iPlanet:
2262 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
2263 to the sudoRole object class. From Andreas Mueller
2266 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
2269 Mention "sudo -g group" password check fix.
2272 * plugins/sudoers/sudoers.c:
2273 Fix "sudo -g" support in the sudoers module.
2276 * plugins/sudoers/check.c:
2277 If the user is running sudo as himself but as a different group we
2278 need to prompt for a password.
2281 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
2283 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
2284 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
2285 plugins/sudoers/ldap.c:
2286 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
2287 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
2288 derived LDAP SDKs but we can pass the timeout parameter to
2289 ldap_search_ext_s() or ldap_search_st() when possible.
2292 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
2296 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2297 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
2298 with OpenLDAP ldap.conf files.
2301 * plugins/sudoers/pwutil.c:
2302 If user has no supplementary groups, fall back on checking the group
2306 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
2308 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
2312 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
2313 plugins/sudoers/toke.l:
2314 Move fill macro to toke.h
2317 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
2318 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
2319 plugins/sudoers/toke_util.c:
2320 Split tokenizer utility functions out into toke_util.c
2323 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2324 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2328 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
2334 * plugins/sudoers/Makefile.in:
2335 Add visudo tests to check target
2338 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
2339 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
2340 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
2341 Add my regress tests for fnmatch() and glob() from OpenBSD.
2344 * plugins/sudoers/regress/testsudoers/test1.sh,
2345 plugins/sudoers/regress/visudo/test1.ok,
2346 plugins/sudoers/regress/visudo/test1.sh:
2347 Add regress test for command tags using visudo -c
2350 * plugins/sudoers/Makefile.in,
2351 plugins/sudoers/regress/testsudoers/test1.ok,
2352 plugins/sudoers/regress/testsudoers/test1.sh:
2353 Add support for regress tests using testsudoers
2356 * plugins/sudoers/testsudoers.c:
2357 Need to set user_name explicitly due to internal changes made when
2358 converting sudoers to a plugin.
2361 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
2363 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
2364 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2365 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2366 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2367 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
2369 Add regression tests for iolog_path()
2372 * Makefile.in, common/Makefile.in, compat/Makefile.in,
2373 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2374 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2375 src/Makefile.in, zlib/Makefile.in:
2376 Add support for "make Makefile" to regenerate Makefile from
2380 * plugins/sudoers/iolog_path.c:
2381 Quiest a bogus compiler warning.
2384 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
2386 * plugins/sudoers/iolog_path.c:
2387 Protect call to setlocale() with HAVE_SETLOCALE
2390 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
2393 mkstemps.c was renamed mktemp.c
2397 Update from 1.7 branch
2401 Use "mv -f" when regenerating ChangeLog
2404 * plugins/sudoers/match.c:
2405 Fix NULL dereference with "sudo -g group" when the sudoers rule has
2406 no runas user or group listed. Fixes RedHat bug Bug 667103.
2409 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
2411 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2412 Correct the default sudo.conf example
2415 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
2417 * plugins/sudoers/iolog_path.c:
2418 Reset slashp if we allocate a new buffer for strftime()
2421 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
2422 plugins/sudoers/sudoers.h:
2423 Add extra out parameter to expand_iolog_path() to allow the caller
2424 to split the path into dir and file components if needed.
2427 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
2429 * plugins/sudoers/iolog.c:
2430 mkdir_iopath() returns size_t now that it uses strlcpy() and not
2434 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
2435 Trim leading slashes from iolog_file and trailing slashes from
2439 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
2440 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
2441 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2442 Pass a single I/O log file name in command_details instead of
2443 separate dir + file parameters.
2446 * plugins/sudoers/sudoreplay.c:
2447 change an error() to errorx()
2450 * plugins/sudoers/iolog.c:
2451 Add missing cwd line to I/O log info file that got dropped when
2452 iolog_deserialize_info() was added
2455 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
2457 * plugins/sudoers/iolog.c:
2458 Avoid relying on globals filled in by the sudoers policy module for
2459 the sudoers I/O log module. The I/O log open function now pulls the
2460 bits it needs out of user_info and command_info.
2463 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
2464 plugins/sudoers/sudoers.h:
2465 If no iolog file is specified by the policy plugin, use io_nextid()
2466 to determine the next file in the sequence.
2469 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
2471 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2472 Document iolog_compress in command_info
2475 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2476 Add support for the iolog_compress variable in command_info.
2479 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2480 Add sigsetjmp() calls to all plugin entry points just to be safe.
2483 * src/sudo.c, src/sudo.h:
2484 Don't need iolog variables in struct command_details, they are for
2485 the I/O log plugins to handle.
2488 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
2490 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2491 Document use of mkdtemp() for iolog path teplates
2494 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
2495 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2496 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
2497 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
2501 * doc/sudo_plugin.pod, doc/sudoers.pod:
2502 Document iolog_file and supported escape sequences for sudoers.
2503 Clarify that iolog_file can contain directories.
2506 * compat/Makefile.in, configure, configure.in:
2507 Fix building of mkstemps/mkdtemp replacements.
2510 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
2511 configure.in, include/missing.h:
2512 Provide mkdtemp() for systems without it.
2515 * plugins/sudoers/iolog_path.c:
2519 * plugins/sudoers/iolog.c:
2520 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
2521 glibc mkdtemp() returns EINVAL.
2524 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
2525 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2526 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
2527 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
2528 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2529 Allow sudoers to specify the iolog file in addition to the iolog
2530 dir. Add escape sequence support to iolog file and dir: sequence
2531 number, user, group, runas_user, runas_group, hostname and
2532 command in addition to any escape sequence recognized by
2536 * plugins/sudoers/iolog.c:
2537 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
2538 crash when the I/O plugin calls error(), errorx() or log_error().
2541 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
2543 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
2544 plugins/sudoers/sudoers.c:
2545 Give the policy module fine-grained control over what the I/O plugin
2550 Clear OPOST from c_oflag like we used to. Fixes screen-based
2555 Clarify umask option description. From Reuben Thomas.
2558 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
2560 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2561 Pick last match in LDAP sudoers too
2564 * doc/sudo_plugin.pod:
2565 Document iolog_file, iolog_dir and use_pty
2568 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
2569 plugins/sudoers/sudoers.c:
2570 Adapt plugins to version I/O logging ABI 1.1
2573 * src/exec.c, src/sudo.h:
2574 Add use_pty command_info flag for policies to indicate that a pty
2575 should be allocated even if no I/O logging is performed.
2579 Add remaining plugin convenience functions
2582 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
2583 src/sudo_plugin_int.h:
2584 Change I/O log API to pass in command info to the I/O log open
2585 function. Add iolog_file and iolog_dir parameters to command info.
2586 This allows the policy plugin to specify the I/O log pathname. Add
2587 convenience functions for calling plugin functions that handle ABI
2588 backwards compatibility.
2595 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
2597 * configure, configure.in:
2598 Bump version to 1.8.0b3
2601 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
2604 Remove extraneous newline
2607 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
2609 * doc/sudoers.pod, plugins/sudoers/def_data.c,
2610 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2611 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
2612 Make I/O log dir configurable.
2615 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
2616 Rename io_logdir to iolog_dir
2619 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
2622 Add missing '*' that prevented the generic ELF case from matching.
2626 If file(1) can't identify the ELF binary type, try readelf(1).
2629 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
2631 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
2632 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
2633 plugins/sudoers/sudoers.c, src/sudo.c:
2634 Use %u to print uid/gid, not %lu and adjust casts to match.
2637 * doc/sudoers.ldap.pod:
2638 Clarify ordering of entries and attributes.
2641 * doc/sudoers.ldap.pod:
2642 Fix typo and editing goof.
2645 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2646 doc/sudoers.ldap.pod:
2647 Merge in ordered LDAP entry support from Andreas Mueller.
2650 * plugins/sudoers/ldap.c:
2651 Make sure we don't dereference a NULL handle.
2654 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
2657 Add support for RHEL 6 file modes that include a trailing dot on
2658 files with an SELinux security context
2661 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
2664 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
2668 * plugins/sudoers/sudoers.c:
2669 create_admin_success_flag() should use restore_perms() rather than
2670 set_perms() to restore the uid.
2674 In exec_setup() call setuid(0) to make certain the subsequent uid
2675 and gid changes will succeed. Fixes a problem on Ubuntu.
2679 Error out if we cannot change to root's uid so we catch the failure
2683 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
2686 fix typo; from Michael T Hunter
2689 * plugins/sudoers/match.c:
2690 In sudoedit mode, assume command line arguments are paths and pass
2691 FNM_PATHNAME to fnmatch().
2694 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
2696 * configure, configure.in:
2697 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
2698 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
2699 broken bits of the header file.
2703 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
2707 For Tru64, strip off beta version.
2710 * MANIFEST, plugins/sudoers/testsudoers.c,
2711 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
2712 Avoid conflicts with system definitions in grp.h and pwd.h
2716 Include stdio.h after zlib.h, not before. We need the large file
2717 defines to come first.
2720 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
2722 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
2727 Don't clean ChangeLog
2730 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2731 Add prototype for cleanup()
2734 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
2736 * plugins/sudoers/group_plugin.c:
2737 Avoid deferencing group_plugin if it is NULL in
2738 group_plugin_query(). This should not happen.
2741 * plugins/sudoers/group_plugin.c:
2742 group plugin init function return TRUE when successful
2745 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
2747 * plugins/sudoers/ldap.c:
2748 Enlarge the array of entry wrappers int blocks of 100 entries to
2749 save on allocation time. From Andreas Mueller
2752 * plugins/sudoers/ldap.c:
2753 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
2754 that was mistakenly dropped.
2757 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
2759 * doc/TROUBLESHOOTING:
2760 Mention that sudo needs "ar" to build.
2763 * configure, configure.in:
2764 Fail with a more useful error if "ar" is not found.
2767 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
2769 * plugins/sudoers/ldap.c:
2770 Merge in ordered LDAP entry support from Andreas Mueller and add
2771 local changes from the 1.7 branch.
2774 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
2776 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2777 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2778 Add timed entry support from Andreas Mueller.
2781 * plugins/sudoers/group_plugin.c:
2782 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
2783 group_handle is NULL
2786 * plugins/sudoers/sudoers.h:
2787 It is now plugin_cleanup(), not cleanup()
2790 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
2791 Call plugin_cleanup(), not cleanup()
2794 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
2796 * plugins/sudoers/ldap.c:
2797 Use efree() not free() and remove malloc.h include since we never
2798 directly call malloc() or free().
2801 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
2804 set PSTAMP for Solaris and move the backend-specific bits to their
2805 own %if [xxx] %endif blocks in %set.
2812 * configure, configure.in:
2813 Only substitute file zlib files when using the builtin zlib
2816 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
2817 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2818 src/Makefile.in, zlib/Makefile.in:
2819 Give up on using VPATH to find sources as it is implemented
2820 inconsistenly in different versions of make.
2823 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
2824 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
2825 Include config.h before any other includes to make sure we get the
2826 right value for _FILE_OFFSET_BITS.
2838 g/c unused $(GENERATED)
2841 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
2843 * plugins/sudoers/group_plugin.c:
2844 Zero out group_plugin on unload just to be safe.
2847 * plugins/sudoers/group_plugin.c:
2848 Unload group plugin if its init function fails.
2852 Only chdir to cwd if it is different from the current cwd or there
2853 is a new root (chroot).
2856 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2857 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
2858 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
2859 Bump version to 1.8.0b2
2862 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
2865 Better --enable-zlib description
2869 Use system zlib on Linux Let configure decide on Solaris For all
2870 others, use builtin zlib
2874 Add large file support.
2878 Add large file support.
2881 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
2882 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
2883 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
2884 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
2885 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
2886 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
2887 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
2888 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
2889 Add local copy of zlib for systems that lack it.
2892 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
2895 If perform_io() fails, kill the child before exiting so it doesn't
2896 complain about connection reset. We can get an I/O error if, for
2897 example, and we get EIO reading from stdin.
2900 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2902 * plugins/sudoers/sudoers.c, src/sudo.c:
2903 Fix complilation on systems with set_auth_parameters() Sprinkle
2904 volatile to quiet warnings from gcc 2.8.0
2907 * compat/dlfcn.h, compat/dlopen.c:
2908 Avoid potential namespace issues with dlopen() emulation.
2915 * plugins/sudoers/interfaces.c:
2916 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
2921 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
2924 * configure, configure.in:
2925 HP-UX 10.20 libc has an incompatible getline
2928 * plugins/sudoers/visudo.c:
2929 Quiet an HP-UX compiler warning.
2932 * configure, configure.in:
2933 Check for vi even with --with-editor specified; the sample plugin
2937 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
2940 Fix remaining syntax errors.
2944 sudo binary depends on the libtool-generated libs
2947 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
2948 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
2949 include the local or system dlfcn.h
2953 Don't use run_as_superuser=false on HP-UX
2957 Use memset() instead of zero_bytes() since we don't include
2961 * plugins/sudoers/interfaces.c:
2962 Fix pasto; AF_INET not AF_INET6
2966 Actually call shl_load()
2970 Update from git repo. Debian: version numbers now compliant with
2971 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
2975 * configure, configure.in:
2976 Fix dlopen() detection for systems where dlopen() is in a separate
2980 * plugins/sudoers/auth/pam.c:
2981 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
2982 useful message and return AUTH_FATAL so sudo does not keep trying to
2987 sudo_preload_table is an array
2991 Quiet a compiler warning and fix sudo_preload_table external
2996 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
2999 * plugins/sudoers/group_plugin.c:
3000 Make this compile correctly when no dlopen is available.
3003 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
3005 * plugins/sudoers/check.c:
3006 Having a timestamp file defined is no longer indicative of tty
3007 tickets being enabled. Check def_tty_tickets directly.
3010 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
3011 Fix TCGETWINSZ compat.
3014 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
3016 * src/exec_pty.c, src/ttysize.c:
3017 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
3020 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
3022 * plugins/sudoers/sudoers.c, src/sudo.c:
3023 Move set_project() from sudoers module into sudo proper.
3026 * configure, configure.in:
3027 Fix typo and regenerate
3030 * plugins/sudoers/ldap.c:
3031 When iterating over returned LDAP entries, keep looking at remaining
3032 matches even if we have a positive match. This catches negative
3033 matches that may exist in other entries and more closely match the
3034 sudoers file behavior.
3038 Add support for multiple package instances on Solaris.
3042 Add missing signal_pipe[0] to fdsr for the non-pty case.
3046 Add --with-project for Solaris
3050 Need ar and ranlib too
3053 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
3055 * plugins/sudoers/env.c:
3056 Preserve ODMDIR environment variable by default on AIX.
3059 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3061 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
3062 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
3063 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3064 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
3065 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
3067 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
3068 using shl_load(). For others, link sudoers plugin statically and use
3069 a lookup table to emulate dlsym().
3072 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
3074 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
3075 compat/nanosleep.c, compat/utimes.c:
3076 When including compat headers, use the compat dir as part of the
3077 path so we are sure to get the correct header.
3080 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
3082 * plugins/sudoers/linux_audit.c:
3083 Ignore ECONNREFUSED from audit_log_user_command() which will occur
3084 if auditd is not running.
3087 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
3090 Sync with git version
3093 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3095 * common/fileops.c, plugins/sudoers/defaults.c:
3096 Cast isblank argument to unsigned char.
3099 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3101 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
3102 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
3103 Implement --with-umask-override configure flag.
3106 * plugins/sudoers/env.c:
3107 Take MODE_LOGIN_SHELL into account when initially setting reset_home
3108 instead of special-casing it later.
3111 * plugins/sudoers/sudoers.c:
3112 In login mode, make a copy of the runas user's pw_shell for
3113 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
3117 * plugins/sudoers/env.c:
3118 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
3122 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
3126 Reset signal mask at sudo startup time; we need to be able to rely
3127 on normal signal delivery to control the child process.
3130 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
3133 Use sed instead of expr to split a flag from its argument. Fixes a
3134 problem with expr interpreting its arguments as a flag when they
3139 Do not need sys/time.h after all
3143 Include sys/time.h for utimes() and struct timeval. No longer need
3144 ioctl.h or termios.h
3147 * compat/snprintf.c:
3148 Quiet bogus compiler warnings.
3151 * include/missing.h:
3152 Declare innetgr() for HP-UX which is missing a declaration. Declare
3153 domainname() for HP-UX and Solaris which are missing a declaration.
3156 * plugins/sudoers/bsm_audit.c:
3157 Use __sun for consistency with the rest of the sources.
3160 * plugins/sudoers/group_plugin.c:
3161 Quiet a bogus compiler warning.
3164 * plugins/sudoers/pwutil.c:
3165 Don't try to delref a NULL group.
3168 * common/alloc.c, common/lbuf.c:
3169 Include memory.h on systems that need it.
3172 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
3175 Quiet gcc warnings on glibc systems that use warn_unused_result for
3179 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3180 sudo_plugin is in section 8; from Ted Percival
3183 * plugins/sudoers/Makefile.in:
3184 testsudoers depends on libsudoers.la, not sudoreplay
3187 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
3190 Read as many signals on the signal pipe as we can before returning.
3193 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
3194 Instead of using a array to store received signals, open a pipe and
3195 have the signal handler write the signal number to one end and
3196 select() on the other end. This makes it possible to handle signals
3197 similar to I/O without race conditions.
3200 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
3202 * doc/visudo.pod, plugins/sudoers/visudo.c:
3203 Make "visudo -c -f -" check the standard input.
3207 set_home and always_set_home have an effect if HOME is present in
3211 * plugins/sudoers/env.c:
3212 Make -H flag work when HOME is listed in env_keep. Also makes
3213 "set_home" and "always_set_home" override override HOME in env_keep.
3216 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
3218 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
3219 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
3220 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
3221 plugins/sudoers/visudo.c, src/net_ifs.c:
3222 Convert sudoers plugin to use interface list passed in settings.
3225 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
3226 src/parse_args.c, src/sudo.h:
3227 Query local network interfaces in the main sudo driver and pass to
3228 the plugin as "network_addrs" in the settings list.
3231 * plugins/sudoers/bsm_audit.c:
3232 Solaris BSM audit return EINVAL when auditing is not enabled,
3233 whereas OpenBSM returns ENOSYS.
3236 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
3239 missing.h should come before most local includes
3242 * plugins/sudoers/sudoreplay.c:
3243 missing.h should come before most local includes
3246 * plugins/sudoers/sudoers.h:
3247 Make local includes consistent; use double quotes for local includes
3248 except for generated ones where we use angle brackets.
3251 * plugins/sudoers/sudoers.c:
3252 Always fill in NewArgv for audit code.
3255 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3256 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
3259 * common/alloc.c, common/atobool.c, common/fileops.c,
3260 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
3261 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
3262 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
3263 compat/getprogname.c, compat/glob.c, compat/isblank.c,
3264 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
3265 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
3266 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
3267 compat/unsetenv.c, compat/utimes.c, include/compat.h,
3268 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
3269 plugins/sample_group/plugin_test.c,
3270 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
3271 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
3272 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3273 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
3274 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
3275 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
3276 src/sudo_noexec.c, src/ttysize.c:
3277 Make local includes consistent; use double quotes for local includes
3278 except for generated ones where we use angle brackets. Also g/c
3282 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
3284 * plugins/sudoers/match.c:
3285 When matching the runas user and runas group (-u and -g command line
3286 options), keep track of runas group and runas user matches
3287 separately. Only return a positive match if we have a match for
3288 both runas user and runas group (if specified).
3291 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
3293 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3294 Add support for multiple URI lines by joining the contents and
3295 passing the result to ldap_initialize.
3298 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
3299 Do not return -1 on error from the display functions; the caller
3300 expects a return value >= 0.
3303 * plugins/sudoers/sudoers.c:
3304 Do not set both MODE_EDIT and MODE_RUN
3307 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
3309 * include/missing.h:
3310 Move includes to the top of the file.
3313 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
3315 * plugins/sudoers/Makefile.in:
3316 Add missing definition of timedir
3319 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
3320 compat/mksiglist.c, compat/strsignal.c,
3321 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
3322 Add #include of sys/types.h for .c files that include missing.h to
3323 be sure that size_t and ssize_t are defined.
3326 * plugins/sudoers/Makefile.in:
3327 Install sudoers file from the build dir not hte src dir.
3330 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
3332 * plugins/sudoers/set_perms.c:
3333 If runas_pw changes, reset the stashed runas aux group vector.
3334 Otherwise, if runas_default is set in a per-command Defaults
3335 statement, the command runs with root's aux group vector (i.e. the
3336 one that was used when locating the command).
3339 * plugins/sudoers/Makefile.in:
3340 Add target to generate sudoers file Remove generated sudoers file as
3344 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
3347 When not logging I/O install a handler for SIGCONT and deliver it to
3348 the command upon resume. Fixes bugzilla #431
3351 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
3353 * plugins/sudoers/sudoers.h:
3354 g/c unused auth_pw extern definition
3357 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
3358 Move get_auth() into check.c where it is actually used.
3361 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
3364 Convert a remaining puts() and putchar() to use the output function.
3367 * plugins/sudoers/plugin_error.c:
3371 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
3373 * plugins/sudoers/env.c:
3374 Set dupcheck to TRUE when setting new HOME value if !env_reset but
3375 always_set_home is true. Prevents a duplicate HOME in the
3376 environment (old value plus the new one) introduced in f421f8827340.
3379 * configure, configure.in, plugins/sudoers/sudoers,
3380 plugins/sudoers/sudoers.in:
3381 Substitute sysconfdir in the installed sudoers file to get the
3382 correct path for sudoers.d.
3385 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
3388 Fix typo that prevented compilation on Irix; Friedrich Haubensak
3391 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
3393 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
3394 common/atobool.c, common/fileops.c, common/fmt_string.c,
3395 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
3396 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
3397 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
3398 compat/getprogname.c, compat/glob.c, compat/isblank.c,
3399 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
3400 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
3401 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
3402 compat/unsetenv.c, compat/utimes.c, include/compat.h,
3403 include/missing.h, plugins/sample/sample_plugin.c,
3404 plugins/sample_group/getgrent.c,
3405 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
3406 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
3407 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3408 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
3409 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
3410 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
3411 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
3412 Merge compat.h and missing.h into missing.h
3415 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
3417 * plugins/sudoers/auth/pam.c:
3418 If the user hits ^C while a password is being read, error out before
3419 reading any further passwords in the pam conversation function.
3420 Otherwise, if multiple PAM auth methods are required, the user will
3421 have to hit ^C for each one.
3424 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
3426 * plugins/sudoers/check.c:
3430 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3431 Document sudo_conv_t function and sudo_printf_t return values.
3434 * src/conversation.c:
3435 Make _sudo_printf return the number of characters printed on success
3439 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
3441 * plugins/sudoers/sudoers.c:
3442 sudoers.h includes sudo_plugin.h for us
3445 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
3446 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
3448 Use gettimeofday() directly instead of via the gettime() wrapper.
3451 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
3452 compat/strerror.c, config.h.in, configure, configure.in,
3453 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
3454 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
3455 Remove some obsolete configure tests, ancient Unix systems are no
3459 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
3462 Set pp_kit_version and strip off patch level
3466 Better handling of versions with a patchlevel. For rpm and deb, use
3467 the patchlevel+1 as the release. For AIX, use the patchlevel as the
3468 4th version number. For the rest, just leave the patchlevel in the
3472 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
3474 * plugins/sudoers/auth/sudo_auth.c:
3475 For non-standalone auth methods, stop reading the password if the
3476 user enters ^C at the prompt.
3479 * configure, configure.in, plugins/sudoers/Makefile.in,
3480 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
3481 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
3482 plugins/sudoers/pwutil.c:
3483 No need to look up shadow password unless we are doing password-
3484 style authentication. This moves the shadow password lookup to the
3485 auth functions that need it.
3488 * plugins/sudoers/sudoers.c:
3489 Retain final passwd/group refs until the policy close() function.
3490 Note that this doesn't get called in all cases so putting this in a
3491 cleanup function is probably better.
3494 * plugins/sudoers/check.c:
3498 * plugins/sudoers/check.c:
3499 When removing/resetting the timestamp file ignore the tty ticket
3503 * plugins/sudoers/sudoers.c:
3504 delref sudo_user.pw, runas_pw and runas_gr immediately before we
3508 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
3510 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
3511 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
3512 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3513 Reference count cached passwd and group structs. The cache holds
3514 one reference itself and another is added by sudo_getgr{gid,nam} and
3515 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
3516 group structs are persistent for now.
3523 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
3525 * plugins/sudoers/check.c:
3526 Do not produce a warning for "sudo -k" if the ticket file does not
3530 * plugins/sudoers/pwutil.c:
3531 Instead of caching struct passwd and struct group in the red-black
3532 tree, store a struct cache_item which includes both the key and
3533 datum. This allows us to user the actual name that was looked up as
3534 the key instead of the contents of struct passwd or struct group.
3535 This matters because the name in the database may not match what we
3536 looked up, due either to case folding or truncation (historically at
3537 8 characters). Also mark the disabled calls to sudo_freepwcache()
3538 and sudo_freegrcache() as broken since we use cached data for things
3539 like set_perms() and the logging functions. Fixing this would
3540 require making a copy of the structs for user and runas or adding a
3541 reference count (better).
3544 * plugins/sudoers/Makefile.in:
3545 Fix path to mkinstalldirs
3548 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
3549 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
3550 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
3551 Quiet gcc warnings on glibc systems that use warn_unused_result for
3552 write(2) and others.
3555 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
3557 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3561 * aclocal.m4, configure, configure.in:
3562 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
3563 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
3567 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
3569 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
3570 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
3571 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
3574 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
3577 Update to latest version
3580 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
3583 Let pp determine pp_aix_version itself.
3586 * INSTALL, config.h.in, configure, configure.in, mkpkg,
3587 plugins/sudoers/sudoers.c:
3588 Add support for Ubuntu admin flag file and enable it when building
3592 * plugins/sudoers/sudoers, sudo.pp:
3593 Add commented out SuSE-like targetpw settings
3596 * configure, configure.in:
3597 Only try to use +DAportable for non-GCC on hppa
3600 * configure, configure.in:
3601 Prevent configure from adding the -g flag unless in devel mode
3604 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
3607 Go back to sudo-flavor to match existing packages and only use an
3608 underscore for those that need it.
3612 Use sudo_$flavor instead of sudo-$flavor since that causes the least
3613 amount of trouble for the various package managers.
3617 Fix handling of the ldap flavor Remove destdir unless --debug was
3618 specified Make distclean before running configure if there is a
3623 Add back include file.
3627 Pass extra args on to configure on HP-UX, if we don't have the HP C
3628 compiler, disable zlib to prevent gcc from finding it in
3633 Use the HP ANSI C compiler on HP-UX if possible
3636 * plugins/sudoers/sudoreplay.c:
3637 Some getline() implementations (FreeBSD 8.0) do not ignore the
3638 length pointer when the line pointer is NULL as they should.
3641 * plugins/sudoers/sudoreplay.c:
3642 Don't need to check for *cp being non-zero, isdigit() will do that.
3645 * plugins/sudoers/sudoreplay.c:
3646 Add setlocale() so the command line arguments that use floating
3647 point work in different locales. Since sudo now logs the timing
3648 data in the C locale we must Parse the seconds in the timing file
3649 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
3650 the number of seconds with the user's locale so if the decimal point
3651 is not '.' try using the locale-specific version.
3655 Do I/O logging in the C locale so the floating point numbers in the
3656 timing file are not locale-dependent.
3659 * plugins/sudoers/sudoreplay.c:
3660 Use errorx() not error() for thingsthat don't set errno.
3663 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
3666 Better support for 1.2.3 style versions in Tru64 kits
3670 Add Tru64 kit support
3674 Remove apparently unnecessary use of sudo
3677 * Makefile.in, plugins/sudoers/Makefile.in:
3678 Create timedir as part of install-dirs target.
3682 Handle ENXIO from read/write which can occur when reading/writing a
3683 pty that has gone away.
3686 * plugins/sudoers/pwutil.c:
3687 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
3691 platform is a pp flag not a variable
3694 * Makefile.in, mkpkg, sudo.pp:
3695 Add simple arg parsing for mkpkg so we can set debug, flavor or
3700 Make rpm backend work on AIX 5.x
3703 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
3705 * plugins/sudoers/sudoers:
3706 Add commented out Defaults entry for log_output
3709 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3712 Remove sudo docdir completely
3715 * doc/sample.sudo.conf:
3716 Add sample sudo.conf
3719 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3721 * plugins/sudoers/Makefile.in:
3722 Add PACKAGE_TARNAME for docdir
3725 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3728 Pass install-sh -b~ here too.
3731 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3732 plugins/sudoers/Makefile.in, src/Makefile.in:
3733 Install binary files with -b~ to make a backup. Fixes "text file
3734 busy" error on HP-UX during install.
3738 "mv -f" on HP-UX doesn't unlink the destination first so add an
3739 explicit rm before moving the temporary into place.
3742 * configure, configure.in:
3743 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
3746 * doc/Makefile.in, plugins/sudoers/Makefile.in:
3747 Install sudoers2ldif in the doc dir
3750 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3753 Add missing include of maillock.h for Solaris
3756 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
3757 doc/sample.syslog.conf, doc/sudoers.cat:
3758 Change the default syslog facility from local2 to authpriv (or auth
3759 if the operating system doesn't support authpriv).
3762 * Makefile.in, sudo.pp:
3763 Install sudoers as /etc/sudoers on RPM and debian systems where the
3764 package manager will not replace a user-modified configuration file.
3765 This fixes upgrades from the vendor sudo packages.
3769 RPM: use %config(noreplace) instead of %config for volatile This
3770 results in the new file being installed with a .rpmnew suffix
3771 instead of the file being replaced and the old one renamed with a
3775 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
3777 * compat/mkstemps.c, plugins/sudoers/boottime.c:
3778 Include time.h for struct timeval
3782 The return value of strsignal() may be const and should be treated
3783 as const regardless.
3786 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3787 Mention that 127.0.0.1 will not match, nor will localhost unless
3788 that is the actual host name.
3791 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
3792 Rename WHATSNEW -> NEWS
3796 Updated pp with latest patches
3803 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3804 plugins/sudoers/sudoers:
3805 Add commented out line to add HOME to env_keep and add a warning to
3806 the note about the HOME change in UPGRADE.
3809 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
3811 * plugins/sudoers/sudoreplay.c:
3812 Add LINE_MAX define for those without it.
3815 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
3816 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3817 plugins/sudoers/defaults.c:
3818 The tty_tickets option is now on by default.
3822 Mention that AIX authdb support has been fixed.
3826 setauthdb() only sets the "old" registry if it was set by a previous
3827 call to setauthdb(). To restore the original value, passing NULL
3828 (or an empty string) to setauthdb() is sufficient.
3831 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
3833 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
3834 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3835 plugins/sudoers/env.c:
3836 Reset HOME when env_reset is enabled unless it is in env_keep
3839 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3840 The default for set_logname has been "true" for some time now.
3843 * plugins/sudoers/boottime.c:
3844 Add missing include of time.h
3847 * plugins/sudoers/logging.c:
3848 Fix check for dup2() return value.
3851 * plugins/sudoers/env.c:
3852 Add PYTHONUSERBASE to initial_badenv_table
3855 * plugins/sudoers/visudo.c:
3856 Treat an unknown defaults entry as a parse error.
3859 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
3860 Check return value of setdefs() but don't stop setting defaults if
3861 we hit an unknown one.
3864 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
3865 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
3866 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
3867 plugins/sudoers/env.c:
3868 If env_reset is enabled, set the MAIL environment variable based on
3869 the target user unless MAIL is explicitly preserved in sudoers.
3872 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
3875 decode debian code names
3882 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3889 Restore RLIMIT_NPROC after the uid switch if it appears that
3890 runas_setup() did not do it for us. Fixes a bash script problem on
3891 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
3894 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3896 * mkpkg, pp, sudo.pp:
3897 Restore the dot removal in the os version reported by polypkg. Adapt
3898 mkpkg and sudo.pp to the change.
3901 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3904 document --with-pam-login
3907 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3908 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
3911 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3914 Include flavor in solaris package name
3918 Older shells don't support IFS= so set explictly to space, tab,
3923 Use '=' not '==' in test
3927 Fix typo that prevented debian from matching
3931 Add missing prefix setting for debian
3935 Use tab indents to reduce the chance of problem with <<- Fix the
3936 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
3937 line in sudoers for debian Uncomment some env_keep lines for RHEL,
3938 SLES and debian to more closely match the vendor sudoers files.
3939 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
3940 debian for ldap flavor
3943 * plugins/sudoers/sudoers:
3944 Add commented out env_keep entries, sample Aliases and a %sudo line
3948 * configure, configure.in:
3949 Move zlib check later on in the script to avoid a strange shell
3954 Remove check for egrep; configure has its own
3957 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
3960 Enable zlib for linux distros
3964 Add ldap flavor to default build
3968 Simplify rpm linux distro settings
3971 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
3972 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
3976 Fix ChangeLog creation from build dir
3979 * plugins/sudoers/sudoers.c:
3980 Handle getcwd() failure.
3983 * doc/Makefile.in, mkpkg, sudo.pp:
3984 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
3985 environment variable.
3989 Create sudo group on debian
3993 Add debian 4/5/6 and use the dot when doing version matches
3996 * aclocal.m4, configure:
3997 Use a loop when searching for mv, sendmail and sh
4000 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4001 Remove spurious "and"; from debian
4004 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
4005 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
4006 doc/visudo.man.in, doc/visudo.pod:
4007 Substitute the value of EDITOR into the sudoers and visudo manuals.
4010 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
4012 * mkpkg, pp, sudo.pp:
4013 Initial support for debian 4.0
4017 Some platforms need -fPIE instead of -fpie
4020 * plugins/sudoers/auth/pam.c:
4021 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
4022 On Linux it causes a DNS lookup via libaudit.
4026 Update MANIFEST to match packaging changes
4030 We now use pp to generate HP-UX packages
4033 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
4034 Remove vestiges of old binary package bits.
4037 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
4038 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4039 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4041 install-man -> install-doc
4044 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
4045 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
4046 Use http://rc.quest.com/topics/polypkg/ for packaging
4050 Just ignore the -c option, it is the default Add support for -d
4054 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
4056 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
4057 Use _PATH_STDPATH instead of _PATH_DEFPATH
4060 * plugins/sudoers/Makefile.in, src/Makefile.in:
4061 Do not strip binaries.
4064 * INSTALL, configure, configure.in:
4065 Add --insults=disabled configure option to allow people to build in
4066 insult support but have the insults disabled unless explicitly
4070 * compat/mkstemps.c:
4071 Add prototype for gettime()
4074 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
4075 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
4076 plugins/sudoers/sudoers.h:
4077 Add support for a sudo-i pam.d file to be used for "sudo -i".
4078 Adapted from a RedHat patch.
4081 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
4083 * include/missing.h:
4084 Fix mkstemps() prototype
4087 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
4088 config.h.in, configure, configure.in, include/missing.h,
4090 Use mkstemps() instead of mkstemp() in sudoedit. This allows
4091 sudoedit to preserve the file extension (if any) which may be used
4092 by the editor (like emacs) to choose the editing mode.
4095 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
4097 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
4098 plugins/sudoers/ldap.c:
4099 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
4100 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
4101 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
4102 should avoid disabling TLS_CHECKPEER is possible.
4105 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
4107 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4108 Make sudo_plugin format a bit more like a man page
4111 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4112 Add suport for negated user/host/command lists in a Defaults entry.
4113 E.g. Defaults:!baduser noexec
4116 * Makefile.in, common/Makefile.in, compat/Makefile.in,
4117 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4118 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4120 Add uninstall target
4123 * common/Makefile.in, compat/Makefile.in:
4124 Remove unused AR, SED and RANLIB variables
4128 Do not install sample plugins
4131 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
4133 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
4134 configure.in, plugins/sudoers/env.c:
4135 Now that sudoers is a dynamically loaded module we cannot override
4136 the libc environment functions because the symbols may already have
4137 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
4138 replacements from sudoers and add replacements for setenv/unsetenv
4139 for systems that lack them.
4142 * configure, configure.in, plugins/sudoers/Makefile.in:
4143 Link testsudoers with -ldl when needed
4146 * plugins/sample_group/plugin_test.c:
4147 Remove unused time.h and add limits.h for PATH_MAX
4150 * doc/sudoers.ldap.pod:
4154 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
4156 * plugins/sample_group/plugin_test.c:
4157 Do not depend on strlcpy/strlcat
4160 * plugins/sample_group/plugin_test.c:
4161 Standalone test driver for sudoers group plugin.
4164 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
4166 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
4167 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
4171 * plugins/sample_group/sample_group.c:
4172 Fix style nit in function declarations
4175 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4176 Document group_plugin syntax.
4179 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4180 Document the sudoers group plugin.
4183 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
4184 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
4185 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
4186 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
4187 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4188 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
4189 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
4190 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
4191 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
4192 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
4193 Replace built-in non-unix group support with a sudoers group plugin.
4194 Include a sample plugin that can read Unix-format group files.
4197 * configure, configure.in, src/load_plugins.c:
4198 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
4201 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
4203 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
4204 doc/sudoers.man.in, doc/sudoers.pod:
4205 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
4208 * aclocal.m4, configure, configure.in:
4209 Substitute @io_logdir@ for the sudoers I/O log directory.
4212 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
4214 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
4215 common/atobool.c, common/fileops.c, common/fmt_string.c,
4216 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
4217 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
4218 compat/snprintf.c, config.h.in, configure, configure.in,
4219 include/fileops.h, plugins/sample/sample_plugin.c,
4220 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
4221 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
4222 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
4223 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
4224 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4225 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4226 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4227 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
4228 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
4229 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
4230 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
4231 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
4232 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
4233 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
4234 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4235 plugins/sudoers/logging.c, plugins/sudoers/match.c,
4236 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
4237 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4238 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4239 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4240 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
4241 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
4242 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
4243 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
4244 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
4245 Set usrinfo for AIX Set adminstrative domain for the process when
4246 looking up user's password or group info and when preparing for
4247 execve(). Include strings.h even if string.h exists since they may
4248 define different things. Fixes warnings on AIX and others.
4252 Add a separate all target for AIX make which was using the entire
4253 LHS (not just the first entry) of the first target as the implicit
4257 * plugins/sudoers/env.c:
4258 Do not rely on env.env_len when unsetting a variable, just use the
4262 * plugins/sudoers/env.c:
4263 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
4266 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
4268 * plugins/sudoers/vasgroups.c:
4269 Use warningx() instead of log_error() since the latter is not
4270 available to visudo or testsudoers. This does mean that they don't
4274 * plugins/sudoers/sudoers.c:
4275 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
4276 closed the sudoers sources. From Quest sudo.
4279 * plugins/sudoers/pwutil.c:
4280 Ignore case when matching user/group names in the cache. From Quest
4284 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
4286 * config.h.in, configure, configure.in, src/selinux.c:
4287 Add check for setkeycreatecon() when --with-selinux is specified.
4290 * configure, configure.in:
4291 Error out if libaudit.h is missing or ununable when --with-linux-
4295 * doc/HISTORY, doc/history.pod:
4296 Add =head3 entries, mostly for the html version
4299 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
4301 * doc/HISTORY, doc/history.pod:
4302 Mention when LDAP was incorporate.
4305 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
4307 * configure, configure.in:
4308 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
4309 not covered by _ALL_SOURCE.
4312 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
4314 * plugins/sudoers/iolog.c:
4315 Add a cast to quiet a compiler warning.
4318 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4319 Quiet a compiler warning.
4322 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
4323 Call set_fqdn() after sudoers has parsed instead of inline as a
4327 * WHATSNEW, plugins/sudoers/sudoers.c:
4328 Do not call set_fqdn() until sudoers parses (where is gets run as a
4333 mention the change in tty ticket behavior when there is no tty
4336 * plugins/sudoers/check.c:
4337 Do not update tty ticket if there is no tty.
4340 * doc/LICENSE, doc/license.pod:
4341 Update copyright year
4345 Do not rely on BSD make's $>
4348 * configure, configure.in:
4349 Set timedir to /var/db/sudo for darwin to match Apple sudo's
4353 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
4355 * plugins/sudoers/sudoers.h:
4356 Add stub declarations for struct stat and struct timeval
4360 Remove compat/sigaction.c
4363 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
4364 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4365 Check for zlib.h in addition to libz.
4368 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
4370 Move functions and symbols shared between exec.c and exec_pty.c into
4375 Comment out rules to build .man.in and .cat files unless --with-
4380 Comment out rules to build .man.in and .cat files unless --with-
4385 Quote any non-alphanumeric characters other than '_' or '-' when
4386 passing a command to be run via the shell for the -s and -i options.
4390 Add back .man suffix
4393 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
4394 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
4395 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
4396 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
4398 Add Linux audit support.
4401 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
4403 * plugins/sudoers/iolog.c:
4407 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
4408 plugins/sudoers/sudoreplay.c:
4409 Add -f (filter) option to sudoreplay to allow certain streams to be
4410 replayed and others ignored.
4413 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
4415 Fix -A flag when askpass is specified in sudo.conf or if sudo
4416 doesn't need to read a password.
4419 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
4420 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
4424 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4425 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4426 Add support for multiple sudoers_base entries in ldap.conf. From
4430 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
4432 remove setsid check, we require a POSIX system
4435 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
4436 src/sudo.c, src/tgetpass.c:
4437 Check for dup2() failure.
4440 * config.h.in, configure, configure.in:
4441 Remove dup2() check, it is not optional.
4444 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
4447 sync with sudo 1.7.3
4451 SunOS does not ship with an ANSI compiler
4455 Update OS specific notes. Delete some really ancient ones and move
4456 older ones to the end of the list.
4460 Sudo can be downloaded from the web site too Mention "OS dependent
4461 notes" section in INSTALL
4464 * src/exec_pty.c, src/selinux.c:
4465 Call selinux_restore_tty() as part of cleanup() so it gets called
4466 from error()/errorx()
4469 * MANIFEST, doc/PORTING:
4470 Remove obsolete porting guide
4473 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
4474 Move union sudo_in_addr_un into interfaces.h
4478 Remove useless circular dependencies
4481 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
4482 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
4483 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
4484 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
4485 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
4486 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
4487 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
4488 Convert to ANSI C function declarations
4491 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
4492 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
4493 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
4494 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
4495 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
4496 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
4497 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
4498 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
4499 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
4500 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
4501 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
4502 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
4503 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
4504 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
4505 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
4506 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
4507 plugins/sudoers/logging.h, plugins/sudoers/match.c,
4508 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
4509 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
4510 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
4511 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
4512 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
4513 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
4514 src/conversation.c, src/error.c, src/load_plugins.c,
4515 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
4516 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
4517 Update copyright year
4521 Fix commented DEVDOCS when not in devel mode.
4524 * plugins/sudoers/match.c:
4525 Quiet a compiler warning.
4528 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4529 Quiet a compiler warning.
4532 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
4533 Make all functions in ldap.c static
4536 * doc/schema.ActiveDirectory:
4537 Updates from Alain Roy to provide better examples for importing the
4538 schema and to fix problems caused by Windows validating attributes
4539 which have not yet been added before committing the changes.
4542 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
4544 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
4545 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4546 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4547 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
4548 doc/visudo.cat, doc/visudo.man.in:
4549 Leave rules to build .man.in and .cat files uncommented but only
4550 make them part of the "all" rule in devel mode. Generate .cat files
4551 directly from .man.in instead of .man using default values in
4555 * configure, configure.in:
4556 Bump sudo version to 1.8.0b1
4559 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
4560 Print configure args with verbose version information.
4563 * TODO, plugins/sudoers/visudo.c:
4564 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
4565 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
4566 Use tq_append to append sudoers entries to the tail queue.
4569 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
4572 Describe tty timestamp improvements
4575 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4576 A comment character may not be part of a command line argument
4577 unless it is quoted with a backslash. Fixes parsing of:
4578 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
4582 Make this read a little bit better when passwd_timeout is 0.
4585 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
4586 Attempt to handle a default password prompt timeout of zero more
4590 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4591 Do not override value of keepopen global, instead restore it to the
4592 value we pushed onto the stack when popping.
4595 * plugins/sudoers/Makefile.in:
4596 Add dependency for utility programs on libreplace and libcommon
4599 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
4600 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
4601 src/exec.c, src/exec_pty.c, src/tgetpass.c:
4602 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
4605 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
4606 We don't use getgrouplist() at the moment so there's no need to
4607 provide a compat version.
4614 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4615 src/conversation.c, src/sudo.h, src/tgetpass.c:
4616 Fix visiblepw sudoers option; the plugin API portion still needs
4621 Print sudo version as well.
4624 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
4625 Use sudo_printf for I/O log version Clarify policy plugin version
4629 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
4630 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
4631 Silence some compiler warnings
4634 * src/load_plugins.c, src/tgetpass.c:
4635 Store askpass path in a global instead of uses setenv() which many
4639 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4641 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4642 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4643 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
4644 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4645 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
4646 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
4648 Move askpass path specification from sudoers to sudo.conf.
4651 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4652 Use a flag bit in struct command_details for selinux instead of a
4656 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4657 Implement background mode. If I/O logging we use pipes instead of a
4661 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
4662 src/exec.c, src/exec_pty.c, src/tgetpass.c:
4663 Move compat definition of NSIG to compat.h
4666 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4667 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4668 Mention plugins in the sudo manual and add some missing path
4669 substitution in the sudo_plugin manual.
4673 Set _PATH_SUDO_CONF based on $(sysconfdir)
4676 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
4677 src/exec.c, src/exec_pty.c, src/ttysize.c:
4678 Require POSIX termios to build sudo
4682 Ignore SIGPIPE for "sudo -S"
4686 Fix uninitialized variable in TGP_ECHO case and print a newline if
4687 the user interrupted password input.
4691 Make TGP_ECHO override TGP_MASK and don't try to restore the
4692 terminal if we didn't modify it.
4695 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4696 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4697 src/conversation.c, src/sudo.h, src/tgetpass.c:
4698 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
4699 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
4704 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
4707 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4709 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
4710 Add selinux_enabled flag into struct command_details and set it in
4711 command_info_to_details(). Return an error from selinux_setup()
4712 instead of exiting. Call selinux_setup() from exec_setup().
4715 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4718 Remove commented out copy of old sudo_execve() function.
4721 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4723 * plugins/sudoers/sudoers.c:
4724 Fix setting selinux type on command line.
4727 * plugins/sudoers/iolog.c:
4728 In sudoers_io_close(), skip NULL io_fds[] elements.
4732 No longer need NGROUPS_MAX define
4735 * compat/nanosleep.c, config.h.in, configure, configure.in,
4736 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
4737 plugins/sudoers/visudo.c, src/sudo_edit.c:
4738 Replace timerfoo macros with timevalfoo since the timer macros are
4739 known to be busted on some systems.
4743 Remove duplicate call to selinux_setup().
4746 * plugins/sudoers/auth/pam.c:
4747 If pam_open_session() fails, pass its status to pam_end.
4750 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4751 If a file in a #includedir has improper permissions or owner just
4752 skip it. This prevents packages that incorrectly install a file
4753 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
4754 #includedir files still result in a parse error (for now).
4757 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4758 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4759 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
4760 Add use_pty sudoers option to force use of a pty even when not
4764 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
4765 Make env_init() void as it never fails.
4768 * plugins/sudoers/env.c:
4769 No longer use _NSGetEnviron so don't need crt_externs.h
4772 * plugins/sudoers/env.c:
4773 Remove unused VNULL define
4776 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
4778 * plugins/sudoers/iolog.c:
4779 Add #define for maximum session id
4782 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
4783 Split exec.c into exec.c and exec_pty.c
4787 Sync with source file moves.
4790 * src/Makefile.in, src/get_pty.c, src/pty.c:
4791 Rename pty.c -> get_pty.c
4794 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
4796 * plugins/sudoers/iolog.c:
4797 Only use I/O input log file if def_log_input is set and output file
4798 if def_log_output is set.
4801 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
4803 * compat/strsignal.c:
4804 Update copyright year
4811 * plugins/sudoers/sudoers.c:
4812 For sudoedit, make a local copy of editor string si become part of
4813 argv. If no editor environment variable, split def_editor on ':'
4814 since it may be a colon-delimited path.
4818 Remove unneeded endpwent()/endgrent()
4822 Use value of nroff from configure
4826 Add missing const to I/O log action function
4829 * plugins/sudoers/check.c:
4830 Update copyright year and fix whitespace
4833 * configure, configure.in:
4837 * plugins/sudoers/iolog.c:
4838 Remove redundant tty signal blocking in log function.
4841 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
4843 * plugins/sudoers/iolog.c:
4844 Place static keyword where it belongs
4847 * plugins/sudoers/logging.c:
4848 Always use a printf format string for send_mail()
4851 * common/atobool.c, plugins/sudoers/ldap.c:
4852 Extend atobool() so we can use it in the LDAP code.
4855 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
4856 Sudo now stashes tty ctime for tty_tickets on Solaris too.
4859 * plugins/sudoers/boottime.c:
4860 Fix dummy version of get_boottime()
4863 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
4865 * plugins/sudoers/check.c:
4866 Enable tty_is_devpts() support for Solaris with the "devices"
4871 Unbreak the non-io logging case.
4874 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
4875 Fix symbol name conflict with sudo_printf.
4878 * plugins/sudoers/auth/pam.c:
4879 Fix OpenPAM detection for newer versions.
4882 * plugins/sudoers/vasgroups.c:
4883 Sync with Quest sudo git repo
4886 * aclocal.m4, configure, configure.in:
4887 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
4888 Add missing template for ENV_DEBUG Adapted from Quest sudo
4892 Fix typos; from Quest Sudo
4895 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
4897 * plugins/sudoers/Makefile.in:
4898 Add back -I$(top_srcdir); we need it for including compat/foo.h
4899 since we cannot rely on "foo.h" being found relative to the source
4900 file when the cwd is different.
4904 Fix a bug where we could treat EAGAIN as a permanent error. Also set
4905 cstat if perform_io() returns an error.
4908 * common/alloc.c, plugins/sudoers/boottime.c,
4909 plugins/sudoers/sudoers.c:
4910 Add casts to quiet compiler warnings.
4913 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4914 plugins/sudoers/visudo.c:
4915 Fix typo in ternary operator usage.
4918 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
4920 * INSTALL, configure, configure.in:
4921 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
4924 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4925 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
4926 Update docs to match sudoers I/O logging changes
4929 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
4930 pathnames.h.in, plugins/sudoers/def_data.c,
4931 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4932 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
4933 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
4934 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
4935 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
4936 plugins/sudoers/sudoreplay.c:
4937 Break sudoers transcript feature up into log_input and log_output.
4940 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4941 plugins/sudoers/visudo.c:
4942 Use setprogname() as needed.
4945 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4946 Adapt sudoreplay to iolog changes.
4949 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4951 * plugins/sudoers/iolog.c:
4952 Log all input and output into separate files and store a number on
4953 each timing file line to indicate which file the data is in.
4956 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4957 plugins/sudoers/sudoers.h:
4958 Make sudoers_io functions static to iolog.c
4961 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
4963 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
4964 src/sudo_usage.h.in:
4965 Completely remove the -L flag from the sudo front end.
4968 * plugins/sudoers/sudoreplay.c:
4969 Fix EAGAIN handling when writing to stdout.
4972 * plugins/sudoers/sudoers.c:
4973 Eliminate unused variables
4976 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
4977 Re-enable cleanup functions in sudoers plugin and sudo driver for
4981 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
4982 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
4983 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
4984 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
4985 Use sudo_printf to display verbose version information.
4988 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
4989 plugins/sudoers/Makefile.in, src/Makefile.in:
4990 Minor Makefile cleanup: fix a typo, change the removal order in the
4991 clean targets, and remove a superfluous include path for the sudoers
4995 * plugins/sudoers/env.c:
4996 Handle duplicate variables in the environment. For unsetenv(), keep
4997 looking even after remove the first instance. For sudo_putenv(),
4998 check for and remove dupes after we replace an existing value.
5001 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
5003 * plugins/sudoers/Makefile.in:
5004 Use explicit path to source file instead of $< for files that live
5005 in devdir and top_srcdir.
5008 * plugins/sudoers/Makefile.in:
5009 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
5010 ending LIBSUDOERS_OBJS with a backslash
5013 * plugins/sudoers/Makefile.in, src/Makefile.in:
5014 Link libcommon before libreplace since libcommon may use functions
5015 only present in libreplace.
5018 * common/Makefile.in:
5019 Move code common to sudo and the sudoers plugin to a convenience
5020 library, libcommon. Removes the need to make links in the sudoers
5021 plugin dir and reduces re-compilation of duplicate object files.
5024 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
5025 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
5026 common/term.c, common/zero_bytes.c, configure, configure.in,
5027 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
5028 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
5029 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
5031 Move code common to sudo and the sudoers plugin to a convenience
5032 library, libcommon. Removes the need to make links in the sudoers
5033 plugin dir and reduces re-compilation of duplicate object files.
5036 * src/exec.c, src/sudo.c, src/sudo.h:
5037 Rename script_execve to sudo_execve and rename script_foo in exec.c
5040 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
5041 rename script.c exec.c and fix up the MANIFEST file
5044 * src/script.c, src/sudo.c, src/sudo.h:
5045 Rename script_setup() to pty_setup() and call from script_execve()
5049 * configure, configure.in:
5050 bump version to 1.8.0a2
5053 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5054 Document init_session
5057 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
5058 plugins/sudoers/auth/sudo_auth.h:
5059 Clean up the sudoers auth API a bit and update the docs.
5062 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
5063 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
5064 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
5065 Add init_session function to struct policy_plugin that gets called
5066 before the uid/gid/etc changes. A struct passwd pointer is passed
5067 in,which may be NULL if the user does not exist in the passwd
5068 database.The sudoers module uses init_session to open the pam
5072 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
5074 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
5075 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
5076 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5077 Add open/close session to sudo auth, only used by PAM. This allows
5078 us to open (and close) the PAM session from sudoers.
5081 * plugins/sudoers/Makefile.in:
5082 Add explicit rule to build getdate.o for HP-UX make.
5085 * plugins/sudoers/Makefile.in:
5086 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
5087 rules as an alternate way to prevent HP-UX make (and others) from
5088 trying to rebuild the parser in non-dev mode.
5091 * plugins/sudoers/sudoers.c:
5092 Re-enable PATH_MAX check for command
5096 For distclean, clean the main directory last since the subdirs need
5097 to be able to run libtool to clean things.
5100 * compat/Makefile.in:
5101 Fix generation of mksiglist.h
5105 Now that we defer sending cstat until the end of script_child() we
5106 cannot reuse cstat when reading command status from parent.
5109 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
5111 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
5112 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
5113 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
5114 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
5115 Use numeric registers to handle conditionals instead of trying to do
5116 it all with text processing.
5120 Document per-command SELinux settings
5123 * plugins/sudoers/sudoers.c:
5124 Repair "sudo -l -U username"
5127 * plugins/sudoers/sudoers.c:
5128 Set selinux role and type in command details.
5131 * src/script.c, src/selinux.c, src/sudo.h:
5132 Rework SELinux support.
5135 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
5137 * src/script.c, src/selinux.c, src/sudo.h:
5138 Make SELinux support compile again. Needs more work to be complete.
5141 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5142 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5143 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
5145 Bring back closefrom settings.
5148 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
5149 plugins/sudoers/sudoers.h:
5150 If running a command or sudoedit in transcript mode, call
5151 io_nextid() before log_allowed() so the session id is logged.
5154 * configure, configure.in:
5155 Use mandoc(1) if nroff(1) is not present.
5159 Use the --file argument to config.status instead of setting
5160 CONFIG_FILES in the environment.
5163 * plugins/sudoers/Makefile.in:
5164 We cannot conditionally update gram.h or the dependency ordering
5165 gets messed up in devel mode.
5168 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
5170 * Makefile.in, compat/Makefile.in, configure, configure.in,
5171 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5172 plugins/sudoers/Makefile.in, src/Makefile.in:
5173 Substitute @SHELL@ into Makefiles
5180 * config.guess, config.sub, configure, configure.in:
5181 Update to autoconf 2.65
5185 Fix libtool target (space vs. tabs)
5188 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
5189 Remove use of RETSIGTYPE; all modern systems have signal handlers
5193 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
5194 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
5195 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
5196 plugins/sudoers/Makefile.in, src/Makefile.in:
5197 Update to libtool-2.2.6b. I haven't made any local modifications
5198 this time, which should be OK since we install sudo_noexec.so by
5202 * compat/Makefile.in, plugins/sample/Makefile.in,
5203 plugins/sudoers/Makefile.in, src/Makefile.in:
5204 Use libtool to clean objects
5207 * include/Makefile.in:
5208 Install sudo_plugin.h as part of "make install" and make other
5209 install targets callable from the top-level Makefile
5212 * configure, configure.in:
5213 regen with autoupdate to eliminate AC_TRY_LINK
5216 * Makefile.in, compat/Makefile.in, configure, configure.in,
5217 doc/Makefile.in, plugins/sample/Makefile.in,
5218 plugins/sudoers/Makefile.in, src/Makefile.in:
5219 Install sudo_plugin.h as part of "make install" and make other
5220 install targets callable from the top-level Makefile
5223 * plugins/sample/sample_plugin.c:
5224 The sample plugin doesn't support being run with no args so return a
5225 usage error in this case.
5228 * plugins/sudoers/iolog.c:
5229 Set close on exec flag for descriptors used for I/O logging so they
5230 are not present in the command being run.
5233 * plugins/sudoers/tsgetgrpw.c:
5234 Set close on exec flag in private versions of setpwent() and
5239 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
5240 Fixes extra fds being present in the command when it is part of a
5244 * plugins/sudoers/sudoers.c:
5245 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
5246 is used when logging). Note that user_ttypath will still be NULL if
5250 * src/script.c, src/sudo.h:
5251 Cosmetic changes: add comments, remove orphaned prototype and
5252 make a global static.
5255 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
5258 Move check for maxfd == -1 to flush_output where it belongs.
5262 Break out of select loop if all the fds we want to select on are -1.
5266 Avoid possible malloc(0) if plugin returns an empty groups list.
5270 Add debugging info when calling plugin close function
5274 Avoid closing stdin/stdout/stderr when we are piping output.
5278 When execve() of the command fails, it is possible to receive
5279 SIGCHLD before we've read the error status from the pipe. Re-order
5280 things such that we send the final status at the very end and prefer
5281 error status over wait status.
5284 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
5286 * plugins/sudoers/auth/sudo_auth.c:
5287 Fix compilation for non PAM/BSD auth/AIX auth
5290 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
5293 Additional checks to make sure we don't close /dev/tty by mistake.
5294 When flushing, sleep in select as long as we have buffers that need
5299 Now that we can use pipes for stdin/stdout/stderr there is no longer
5300 a need to error out when there is no tty. We just need to make sure
5301 we don't try to use the tty fd if it is -1.
5304 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
5306 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5307 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5308 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
5309 Add argc and argv to I/O logger open function.
5312 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
5313 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
5314 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
5315 Remove check_sudoedit function pointer in struct sudo_policy.
5316 Instead, sudo will set sudoedit=true in the settings array. The
5317 plugin should check for this and modify argv_out as appropriate in
5321 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
5323 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
5325 If plugin sets "sudoedit=true" in the command info, enable sudoedit
5326 mode even if not invoked as sudoedit. This allows a plugin to
5327 enable sudoedit when the user runs an editor.
5330 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
5332 * plugins/sudoers/Makefile.in:
5333 gram.h must not depend on gram.y if we want to avoid unnecessary
5334 rebuilding of targets dependent on gram.h when gram.y changes.
5337 * plugins/sample/sample_plugin.c:
5338 Refactor common bits of check_policy and check_edit
5341 * plugins/sample/sample_plugin.c:
5342 Add sudoedit support
5345 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
5347 * plugins/sudoers/Makefile.in:
5348 Rely more on VPATH; fixes a dependency issue with the parser.
5352 Fix typo introduced in last commit
5356 Emulate seteuid using setreuid() or setresuid() as needed. There are
5357 still a few places that call seteuid() directly.
5360 * src/parse_args.c, src/sudo_edit.c:
5361 Attempt to fix building on systems that only have setuid.
5364 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5365 Clarify sudoedit a tad.
5368 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
5371 Fix compilation on HP-UX
5374 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5378 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
5379 Change how we handle the sudoedit argv. We now require that there
5380 be a "--" in argv to separate the editor and any command line
5381 arguments from the files to be edited.
5384 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5385 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
5386 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5387 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
5388 src/sudo.h, src/sudo_edit.c:
5389 Work in progress support for sudoedit. The actual interface used by
5390 the plugin for sudoedit is likely to change.
5393 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
5394 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
5395 Make find_path() a little more generic by not checking def_foo
5396 variables inside it. Instead, pass in ignore_dot as a function
5400 * plugins/sudoers/env.c:
5401 Add version of getenv(3) that uses our own environ pointer.
5404 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
5407 Avoid a potential race condition if SIGCHLD is received immediately
5408 before we call select().
5411 * plugins/sudoers/sudoers.c:
5412 Call env_init() before we open the sudoers sources as those may call
5413 our setenv() replacement.
5416 * plugins/sudoers/env.c:
5417 Initialize env_len in env_init()
5420 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
5422 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
5423 Document time stamp shortcomings under SECURITY NOTES Use "time
5424 stamp" instead of timestamp.
5428 Make sed substitution of mansectsu and mansectform global.
5431 * plugins/sudoers/check.c:
5432 If the tty lives on a devpts filesystem, stash the ctime in the tty
5433 ticket file, as it is not updated when the tty is written to. This
5434 helps us determine when a tty has been reused without the user
5435 authenticating again with sudo.
5439 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
5440 is what our compat checks set.
5443 * configure, configure.in:
5444 Add check for whether sudo need to link with -ldl to get dlopen().
5445 This is a bit of a hack that will get reworked when libtool is
5449 * plugins/sudoers/check.c:
5450 Fix timestamp removal with -k/-K
5453 * plugins/sudoers/Makefile.in:
5454 audit.c is now private to the sudoers plugin
5457 * configure, configure.in:
5458 Link with -lpthread on HP-UX since a plugin may be linked with
5459 -lpthread and dlopen() will fail if the shared object has a
5460 dependency on -lpthread but the main program is not linked with it.
5463 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
5464 Add separate test for getresuid() since HP-UX has setresuid() but no
5469 Remove errant backslash
5473 Fix SIGPIPE handling. Now that we use may use pipes for
5474 stdin/stdout we need to pass any SIGPIPE we receive to the running
5479 Also start the command in the background if stdin is not a tty.
5482 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
5484 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
5485 No need to use pseudo-cbreak mode now that we use pipes when stdout
5486 is not a tty. Instead, check whether stdin is a tty and if not,
5487 delay setting the tty to raw mode until the command tries to access
5488 it itself (and receives SIGTTIN or SIGTTOU).
5492 Use an array for signals received instead of a single variable so we
5493 don't lose any when there are multiple different signals.
5497 Do signal setup after turning off echo, not before. If we are using
5498 a tty but are not the foreground pgrp this will generate SIGTTOU so
5499 we want the default action to be taken (suspend process).
5502 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
5505 Flush the iobufs on suspend or child exit using the same logic as
5506 the main event loop.
5510 Free memory after we are done with it.
5513 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
5516 Quest now sponsors Sudo development
5519 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
5522 Install sudo_plugin man page.
5526 Go back to reseting io_buffer offset and length (and now also the
5527 EOF handling) in the loop we do the FD_SET, not after we drain the
5528 buffer after write() since we don't know what order reads and writes
5533 audit files moved to sudoers plugin directory
5536 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5537 Document plugin_printf and new logging functions.
5541 Add support for logging stdin when it is not a tty. There is still a
5542 bug where "cat | sudo cat" has problems because both cat and sudo
5543 are trying to read from the tty.
5546 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5547 plugins/sudoers/sudoers.c, src/script.c:
5548 Add separate I/O logging functions for tty in/out and
5549 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
5550 is disabled for now.
5553 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
5555 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5556 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5557 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5558 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5559 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
5560 Add pointer to a printf like function to plugin open functon. This
5561 can be used instead of the conversation function to display info and
5566 Stop if make in a subdir fails
5570 Only set user's tty to blocking mode when doing the final flush.
5571 Flush pipes as well as pty master when the process is done.
5574 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
5576 * plugins/sudoers/ldap.c:
5577 Use print_error() when displaying ldap config info in debugging
5581 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
5582 No longer need strdup() or strndup() replacements.
5585 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5586 plugins/sudoers/sudoers.h:
5587 Add print_error() function that uses the conversation function to
5588 print a variable number of error strings and use it in log_error().
5591 * src/script.c, src/sudo.h, src/term.c:
5592 Do not need the opost flag to term_copy() now that we use pipes for
5593 stdout/stderr when they are not a tty.
5597 Use pipes to the sudo process if stdout or stderr is not a tty.
5598 Still needs some polishing and a decision as to whether it is
5599 desirable to add additonal entry points for logging
5600 stdout/stderr/stdin when they are not ttys. That would allow a
5601 replay program to keep things separate and to know whether the
5602 terminal needs to be in raw mode at replay time.
5605 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
5607 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
5608 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
5609 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
5610 Move audit sources into the sudoers plugin dir; the driver does not
5614 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
5615 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
5616 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
5617 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
5618 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
5619 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
5620 src/term.c, src/ttysize.c:
5621 Use angle brackets when including headers that can only be found
5622 when an -I flag is specified. The files in the compat dir could get
5623 away with double quotes here but I've converted all the source files
5624 to use angle brackets for consistency.
5627 * plugins/sudoers/Makefile.in:
5628 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
5629 dir can be found when building outside the source tree.
5632 * plugins/sudoers/Makefile.in:
5633 Clean up links in distclean
5636 * plugins/sudoers/Makefile.in:
5637 Hack around VPATH semantic differences by symlinking files we need
5638 from ../../src into the current directory and build those. A better
5639 fix would be to either make a .a or .la file with those files in it
5640 or simply use a single, flat, Makefile instead of per-subdirs
5644 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
5645 fmt_string is used by the sudoers plugin too so do not include
5646 sudo.h (which is not really needed here anyway)
5649 * compat/Makefile.in, plugins/sample/Makefile.in,
5650 plugins/sudoers/Makefile.in, src/Makefile.in:
5651 Fix building with non-BSD versions of make such as GNU make.
5652 Requires VPATH support, which should be in any non-neolithic make.
5655 * configure, configure.in, plugins/sudoers/Makefile.in,
5656 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
5658 Re-enable bsm audit. Currently auditing is done within the sudoers
5659 plugin itself. If possible, this should really be done in the main
5660 driver but we don't presently have the needed data to do that. This
5661 will be re-evaluated when Linux audit support is added.
5664 * compat/Makefile.in, plugins/sample/Makefile.in,
5665 plugins/sudoers/Makefile.in, src/Makefile.in:
5666 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
5667 of explicit rules in the dependency.
5670 * plugins/sudoers/visudo.c:
5671 Fix mismerge; alias_remove_recursive() now returns int
5674 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
5676 * plugins/sudoers/visudo.c:
5677 Fix a crash when checking a sudoers file that has aliases that
5678 reference themselves. Based on a diff from David Wood.
5682 Print signal info after restoring the tty mode, not before.
5686 Defer call to alarm() until after we fork the child. Pass correct
5687 pid to terminate_child() If the command exits due to signal, set
5688 alive to false like we do when it exits normally. Add missing
5689 check for errpipe[0] != -1 before using it in FD_ISSET
5692 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
5694 * plugins/sudoers/boottime.c:
5695 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
5698 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
5701 Simplify dependencies by using .c.o and .c.lo rules.
5704 * configure, configure.in, plugins/sudoers/Makefile.in,
5706 Substitute in @PROGS@ into src/Makefile to add sesh
5709 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
5711 * plugins/sudoers/sudoers.c:
5712 Add back calls to log_denial() if sudoers does not allow the
5716 * plugins/sudoers/sudoers.c:
5717 Pass in correct pwflag for list and validate.
5720 * plugins/sudoers/env.c:
5721 Add missing check for NULL in validate_env_vars
5725 Add sudo_noexec.la to "all" target, otherwise it only gets built at
5729 * plugins/sudoers/sudoers.c:
5730 Only set sudo_user.env_vars if the env_add list is empty.
5733 * plugins/sudoers/sudoers.c:
5734 Set sudo_user.env_vars so that environment variables specified on
5735 the command line get logged correctly.
5738 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
5739 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5740 Re-enable environment files and setting environment variables on the
5744 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
5746 * plugins/sudoers/check.c:
5747 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
5748 a pointer to time_t as tv_sec in struct timeval may be long.
5751 * plugins/sudoers/check.c:
5752 Don't stash ctime in on-disk tty ticket info for now; on many
5753 (most?) systems the ctime is updated when the tty is written to.
5754 Once I have a better idea of what systems do not update ctime on
5755 ttys (and have a way to test for this) the ctime stash will be
5756 conditionally re-enabled.
5759 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
5761 * MANIFEST, Makefile.in:
5762 Add back "dist" target, this time using a MANIFEST file
5766 Remove Makefile in distclean target
5769 * Makefile.in, src/Makefile.in:
5770 Update clean and cleandir targets
5773 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
5775 Move fileops.c defines and prototypes to filesops.h
5778 * plugins/sudoers/check.c:
5779 Lock the tty timestamp when writing. We shouldn't have to lock when
5780 reading since the file is updated via a single write system call.
5783 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
5785 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
5786 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
5787 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
5788 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
5789 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5790 plugins/sudoers/logging.c, plugins/sudoers/match.c,
5791 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
5792 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
5793 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
5794 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5795 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
5796 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
5797 Convert to ANSI C function declarations
5800 * plugins/sudoers/sudoers.h:
5801 Remove extraneous bits and classify by source file.
5805 Add timercmp macro for systems without it
5808 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
5809 plugins/sudoers/sudoers.h:
5810 get_boottime() now fills in a timeval struct
5813 * plugins/sudoers/check.c:
5814 Store info from stat(2)ing the tty in the tty ticket when tty
5815 tickets are in use. On most systems, this closes the loophole
5816 whereby a user can log out of a tty, log back in and still have the
5820 * config.h.in, configure.in:
5821 Add timespec2timeval and use it when getting ctime/mtime
5824 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
5826 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
5827 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5828 plugins/sudoers/testsudoers.c:
5829 Convert perm setting to push/pop model; still needs some work Use
5830 the stashed runas groups instead of using getgrouplist() Reset perms
5831 to the initial value on error
5834 * config.h.in, configure.in:
5835 fix ctim_get and mtim_get macros
5838 * config.h.in, configure, configure.in, include/compat.h,
5839 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
5840 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
5841 Use timeval directly instead of converting to timespec when dealing
5842 with file times and time of day.
5845 * plugins/sudoers/Makefile.in:
5846 Don't like sudoreplay with libsudoers.la due to a yacc symbol
5850 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
5852 * configure, configure.in:
5853 Darwin >= 9.x has real setreuid(2)
5856 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
5858 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
5862 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
5863 plugins/sudoers/sudoers.h:
5864 Remove remaining references to the environ pointer.
5867 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
5869 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5870 Don't change the environ directly in the sudoers plugin
5873 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
5875 * plugins/sudoers/sudoers.c:
5879 * plugins/sudoers/alias.c:
5880 Fix use after free in error message when a duplicate alias exists.
5883 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
5885 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5887 Add a "noninteractive" boolean to the settings passed in to the
5888 plugin's open function that is set when the user specifies the -n
5892 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5893 Add workaround for the lack of the environ pointer on Mac OS X in
5894 dlopen()ed modules. Use of environ in the sudoers plugin should
5895 ultimately be removed but this will do for the moment.
5898 * plugins/sudoers/visudo.c:
5899 Set errorfile to the sudoers path if we set parse_error manually.
5900 This prevents a NULL dereference in printf() when checking a sudoers
5901 file in strict mode when alias errors are present.
5904 * plugins/sudoers/sudoers.c:
5905 Main sudo no longer print "unable to execute" on exec failure so do
5909 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
5912 Use a pipe to pass back errno to the parent if execve() fails. If we
5913 get an error in script_child(), kill the command and exit.
5916 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5917 src/parse_args.c, src/sudo.c:
5918 Handle plugin's open function returning -2 (usage error).
5922 If execve() fails, leave it to the plugin to print an error string.
5926 If execve fails in logging mode, pass the errno directly to the
5927 grandparent on the backchannel and exit. The immediate parent will
5928 get SIGCHLD and try to report that status but its parent will no
5929 longer be listening. It would probably be cleaner to pass this over
5930 a pipe in script_child().
5933 * plugins/sudoers/sudoers.c:
5934 Don't override rval with results of check_user() unless it failed.
5937 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
5939 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5944 NULL-terminate env_add
5947 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
5950 Call the I/O log open function before the I/O version function.
5953 * plugins/sudoers/iolog.c:
5954 Remove io_conv and just use sudo_conv
5957 * plugins/sudoers/set_perms.c:
5958 Fix set/restore perms for systems w/o setresuid
5961 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
5963 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
5964 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
5965 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5966 Primitive set/restore permissions. Will be replaced by a push/pop
5971 Only need to take action on SIGCHLD in parent if no I/O logger. If
5972 there is an I/O logger we will receive ECONNRESET or EPIPE when we
5973 try to read from the socketpair.
5976 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
5978 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
5979 doc/sudoers.pod, plugins/sudoers/find_path.c:
5980 Merge fb4d571495fa from the 1.7 branch to trunk.
5983 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
5986 Don't set SA_RESTART when registering SIGALRM handler. Do set
5987 SA_RESTART when registering SIGWINCH handler.
5991 Add dev targets for *.man.in and *.cat that don't specfify the
5996 If log_input or log_output returns false, terminate the command.
6000 Better signal handling. Instead of using a single variable to store
6001 the received signal, use an array so we can't lose a signal when
6002 multiple are sent. Fix process termination by SIGALRM in non-I/O
6003 logger mode. Fix relaying terminal signals to the child in non-I/O
6008 Fix a race between when we get the child pid in the parent and when
6009 the child process exits. The problem exhibited as a hang after a
6010 short-lived process, e.g. "sudo id" when no IO logger was enabled.
6013 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
6015 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6016 Add a note about the security implications of the fast_glob option.
6019 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
6021 * config.h.in, configure, configure.in:
6022 Fix up some AC_DEFINE descriptions and regen config.h.in
6025 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
6027 * include/missing.h:
6028 No longer check for strdup or strndup for LIBOBJ replacement.
6032 Avoid installing signal handlers that are io-logger specific. Fixes
6033 job control when no io logger is enabled.
6037 Only regen man pages from pod when configured with --with-devel
6040 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
6042 * Makefile, Makefile.in, configure, configure.in:
6043 Top-level Makefile.in. Nothing is currently substituted but this is
6044 needed for separate build dirs.
6047 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
6048 plugins/sudoers/Makefile.in, src/Makefile.in:
6049 Fix out-of-tree builds
6056 We always install sudoreplay in 1.8
6059 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
6061 * compat/siglist.in:
6062 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
6065 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
6067 * configure, configure.in:
6068 No need to provide strdup() or strndup(), sudo uses estrdup() and
6072 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
6074 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
6075 Free str after using it in the version method. Use sudo_conv, not
6076 io_conv since we don't have the IO conversation function pointer in
6077 the I/O version method anymore now that io_open is delayed.
6080 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
6082 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
6084 Add license to mksiglist.c and note that the bits from pdksh are
6088 * compat/Makefile.in:
6089 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
6092 * plugins/sudoers/Makefile.in:
6093 Add sudoreplay testsudoers and visudo to clean target
6096 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
6097 compat/siglist.in, compat/strsignal.c, configure, configure.in,
6098 include/missing.h, src/script.c:
6099 Create our own sys_siglist for systems without it for use by
6103 * compat/Makefile.in:
6104 Remove duplicate $(LIBOBJDIR)
6107 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
6109 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
6110 Main sudo should not block signals; the plugin should do this in
6114 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
6117 Fix a sizeof(ptr) vs. sizeof(*ptr)
6121 Unlike most operating systems, HP-UX select() is not interrupted by
6122 SIGCHLD when the signal is registered with SA_RESTART. If we clear
6123 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
6124 behavior and the code in the select() loops already handles EINTR
6128 * compat/getprogname.c:
6129 progname should be const
6132 * plugins/sudoers/Makefile.in:
6133 Move --tag=disable-static to when we link sudoers.la, not when we
6137 * src/load_plugins.c:
6138 Load the sudoers I/O plugin by default too now that it is hooked up.
6141 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
6144 It looks like AIX doesn't need to push STREAMS modules for ptys.
6147 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
6149 * src/parse_args.c, src/sudo.c:
6150 Delay calling the I/O plugin open function until the policy plugin
6154 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
6156 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
6157 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
6158 plugins/sudoers/sudoers.h:
6159 Add back io logging (transcript) support. Currently, the open
6160 function runs too early and it is not possible to use the io module
6161 independently of the policy module.
6164 * plugins/sudoers/set_perms.c:
6165 Comment out dead code; will be removed when set_perms is rewritten.
6168 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
6170 * plugins/sudoers/sudoers.c:
6171 Fix off by one error when allocating user_groups.
6174 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
6176 * configure, configure.in, plugins/sudoers/Makefile.in:
6177 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
6180 * plugins/sudoers/sudoers.c:
6181 Fix typo in preserve groups case
6184 * plugins/sudoers/sudoers.c:
6185 In command_info it is "runas_groups" not "groups".
6189 Fix iteration over runas_groups list.
6192 * configure, configure.in, plugins/sudoers/env.c,
6193 plugins/sudoers/match.c, src/script.c:
6194 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
6197 * compat/getgrouplist.c:
6198 getgrouplist(3) for those without it
6201 * plugins/sudoers/sudoers.c:
6202 Set preserve_groups or groups list in command_info
6206 Fix setting of groups list
6209 * config.h.in, configure, configure.in, include/compat.h,
6211 Add checks for getgrset and getgrouplist and use replacement
6212 getgrouplist if the system doesn't support it.
6216 Pass in preserve_groups when the -P flag is specified as per the
6220 * plugins/sudoers/sudoers.c:
6221 Check preserve_groups and ignore_ticket args with atobool instead of
6222 assuming they are true if present.
6225 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
6227 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
6228 plugins/sudoers/plugin_error.c:
6229 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
6230 sudoreplay and testsudoers in the build
6233 * src/Makefile.in, src/term.c:
6234 term.c does not needto include sudo.h
6237 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
6238 doc/sudo_plugin.pod:
6239 Document the -2 return in the check_policy section too
6242 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6243 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6244 src/parse_args.c, src/sudo.c, src/sudo.h:
6245 Fix the -s and -i flags and add support for the "implied_shell"
6246 option. If the user does not specify a command, sudo will now pass
6247 in the path to the user's shell and set impied_shell=true. The
6248 plugin can them either check the command normally or return -2 to
6249 cause sudo to print a usage message and exit.
6252 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
6254 * config.h.in, configure, configure.in, src/load_plugins.c:
6255 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
6256 Darwin where libraries end in .dylib but modules end in .so
6259 * plugins/sudoers/parse.c:
6260 Better prefix determination now that we can't rely on len==0 to tell
6261 the beginning on an entry.
6264 * plugins/sudoers/ldap.c:
6265 display_bound_defaults() stub should return 0, not 1 since it is a
6266 count, not a boolean.
6269 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6270 Document progname in settings
6273 * compat/getprogname.c, include/compat.h,
6274 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
6275 src/parse_args.c, src/sudo.c:
6276 Rewrite compat/getprogname.c and add setprogname(). The progname is
6277 now passed to the plugin via the settings array.
6280 * configure, configure.in, plugins/sudoers/Makefile.in:
6284 * plugins/sudoers/sudo_nss.c:
6285 Add missing whitespace for Runas and Command-specific defaults
6288 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
6289 plugins/sudoers/sudo_nss.c:
6290 Use embedded newlines in lbuf instead of multiple calls to
6295 Add support for embedded newlines.
6298 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
6300 * compat/getprogname.c:
6301 If system doesn't support getprogname or __programe and we are
6302 building a shared object don't bother with Argc/Argv, just return
6306 * config.h.in, configure, configure.in, src/load_plugins.c:
6307 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
6308 appears to always install a shared object with the .so suffix.
6311 * compat/Makefile.in, configure, configure.in,
6312 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
6314 Play more nicely with libtool and let it build libreplace (was
6318 * include/missing.h:
6319 Include stdarg.h for va_list rather than requiring all consumers of
6320 missing.h to include stdarg.h themselves.
6323 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
6324 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
6325 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
6327 Pass in output function to lbuf_init() instead of writing to stdout.
6328 A side effect is that the usage info can now go to stderr as it
6332 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
6334 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
6335 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
6336 src/parse_args.c, src/sudo.c:
6337 Use number of tty columns that is passed in user_info instead of
6338 getting it directly in the lbuf code.
6341 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
6342 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6343 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
6344 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6345 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6346 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
6347 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6348 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
6349 plugins/sudoers/logging.h, plugins/sudoers/match.c,
6350 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
6351 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6352 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6353 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
6354 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6355 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6356 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
6357 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
6358 plugins/sudoers/visudo.c:
6362 * config.h.in, configure, configure.in, src/load_plugins.c:
6363 Set the sudoers plugin name in configure so we get the extension
6367 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6368 Document lines/cols in user_info
6371 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
6372 Add tty size to user info
6376 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
6379 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
6381 * plugins/sudoers/sudoers.c:
6382 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
6383 out if we fail to lookup the user's name that is passed in
6386 * plugins/sudoers/error.c:
6387 Pass the error value back via siglongjmp.
6390 * plugins/sudoers/check.c:
6391 Use conversation function for lecture.
6394 * plugins/sudoers/check.c:
6395 Don't update ticket file if verify_user returns FALSE.
6398 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
6400 * plugins/sudoers/sudoers.c, src/sudo.c:
6401 Wire up invalidate and validate methods for sudoers
6404 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
6405 plugins/sudoers/sudoers.h:
6406 Add support for -k flag with a command.
6410 Allow -k to be specified with a command.
6413 * plugins/sudoers/sudoers.c:
6417 * plugins/sudoers/error.c:
6418 Add newline at the end of message and space after the colon in
6422 * plugins/sudoers/auth/sudo_auth.c:
6423 Add missing newline after pass password warning
6426 * plugins/sudoers/sudoers.c:
6427 Set user_groups and user_ngroups based on user_info
6430 * plugins/sudoers/error.c:
6434 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
6435 Make _warning in error.c use the conversation function and remove
6436 commented out warning/warningx in sudoers.c.
6439 * plugins/sudoers/logging.c:
6440 Use siglongjmp() in log_error for fatal errors
6443 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
6444 Quiet a libtool warning
6448 Build sudoers plugin
6451 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
6452 Use warningx in yyerror() so the conversation function gets used
6453 when built as part of sudoers.
6456 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
6458 * plugins/sudoers/auth/pam.c:
6459 Rename sudo_conv to conversation to avoid a namespace conflict.
6462 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
6463 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6464 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6465 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6466 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6467 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6468 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6469 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6470 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6471 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6472 plugins/sudoers/env.c, plugins/sudoers/error.c,
6473 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
6474 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6475 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
6476 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
6477 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
6478 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6479 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
6480 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
6481 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
6482 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
6483 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
6484 Initial bits of sudoers plugin; still needs work.
6488 Add HAVE_STRDUP and HAVE_STRNDUP
6491 * compat/Makefile.in, configure, configure.in:
6492 Build libmissing in two flavors (one PIC one non-PIC) and link with
6493 the appropriate one.
6496 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6497 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
6498 Build libmissing in two flavors (one PIC one non-PIC) and link with
6499 the appropriate one.
6502 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
6504 * include/missing.h:
6505 Add strdup and strndup and fix strsignal
6508 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
6510 * compat/strdup.c, compat/strndup.c, configure, configure.in,
6511 plugins/sample/Makefile.in, src/Makefile.in:
6512 Add strdup and strndup to compat
6515 * plugins/sample/sample_plugin.c:
6516 Need to include compat.h before missing.h
6519 * compat/strsignal.c:
6520 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
6521 it doesn't exist configure will set it to 0.
6525 Fix botched ANSI C coversion of globexp2()
6528 * configure, configure.in:
6529 Remove redundant getgroups check
6532 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
6533 Require either termios or termio, no more sgtty.
6536 * compat/strsignal.c, config.h.in, configure, configure.in:
6537 Change the sys_siglist check to use AC_CHECK_DECLS and also check
6538 for _sys_siglist and__sys_siglist
6541 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
6543 * configure, configure.in, src/Makefile.in:
6544 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
6545 use SUDO_OBJS for the main driver as part of OBJS.
6548 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6549 Mention in the conversation function section that a newline is not
6554 Add definition of WCOREDUMP for systems without it. This is known
6555 to work on AIX and SunOS 4, but may be incorrect on other systems
6556 that lack WCOREDUMP.
6559 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
6561 * plugins/sample/sample_plugin.c, src/conversation.c:
6562 conversation function no longer puts a newline at the end of info or
6566 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
6569 Use parent process group id instead of parent process id when
6570 checking foreground status and suspending parent. Fixes an issue
6571 when running commands under /usr/bin/time and others.
6574 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
6577 transcript option is now --with not --enable
6580 * plugins/sample/sample_plugin.c:
6581 Add support to -u and -g flags Check fmt_string retval Add timeout
6582 for debugging purposes
6585 * src/script.c, src/sudo.c:
6586 Wire up SIGALRM handler Set close on exec flag for child side of the
6587 socketpair Fix signal handling when not doing I/O logging
6591 g/c unused SIGCHLD handler
6594 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
6595 Don't use emalloc() in fmt_string(); we want to be able to use it
6600 tq_remove not list_remove
6603 * configure, configure.in:
6604 AUTH_OBJS should contain .lo files not .o files.
6607 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
6610 Simplify conversion of command line args to name=value pairs.
6613 * plugins/sample/sample_plugin.c:
6614 Handle NULL reply from conversation function
6618 Don't depend on emalloc/erealloc
6621 * plugins/sample/Makefile.in:
6622 Use $(OBJS) instead of sample_plugin.lo
6625 * plugins/sample/sample_plugin.c:
6626 runas_user is in settings not user_info
6630 Fix a mismatch between sudo_settings and settings_pairs that causes
6631 some settings to get the wrong values.
6634 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
6636 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
6637 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
6638 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
6642 * src/load_plugins.c:
6643 Fix strlcpy() return value check.
6646 * INSTALL, configure, configure.in:
6647 No longer need to substitute in script.o and pty.o; I/O logging
6648 support is always built.
6651 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
6654 Add fallback to /bin/sh when execve() fails with ENOEXEC.
6657 * include/alloc.h, src/alloc.c:
6661 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
6663 * src/script.c, src/sudo.c:
6664 Refactor script_execve() a bit so that it can be used in non-script
6665 mode. Needs more cleanup.
6669 Ignore empty entries in command_info list
6672 * include/list.h, src/list.c:
6676 * src/conversation.c:
6677 Pass timeout to tgetpass()
6681 Add ChangeLog target
6685 Bump version and update things slightly for sudo 1.8.0
6688 * configure, configure.in:
6689 Sudo now requires an ANSI/ISO C compiler
6692 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
6697 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6698 include/list.h, include/missing.h:
6702 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
6703 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
6704 compat/getprogname.c, compat/glob.c, compat/glob.h,
6705 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6706 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6707 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6708 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
6713 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
6715 * src/sudo.c, src/tgetpass.c:
6716 Make user_details extern so tgetpass can get at the uid and gid. Set
6717 uid/gid to user before executing askpass program. Check environment
6718 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
6719 set the askpass program itself
6723 No longer need sudo_usage.h in sudo.c
6726 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
6727 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
6728 src/sudo_usage.h.in:
6729 Document -D level command line flag which maps to the debug_level
6733 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6734 Document debug_level in plugin doc. Still need to document the -D
6735 flag in sudo itself.
6738 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
6740 * plugins/sample/sample_plugin.c:
6741 include missing,h for vasprintf
6744 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
6745 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6746 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
6749 * plugins/sample/sample_plugin.c:
6750 Need to include limits.h
6757 * plugins/sample/Makefile.in, src/Makefile.in:
6758 Add missing compat bits
6761 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
6762 compat files should not include sudo.h wire up compat in sample
6766 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
6767 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
6770 * configure, configure.in:
6774 * plugins/sample/sample_plugin.c:
6775 Log input and output to temp files for proof of concept.
6778 * Makefile, configure, configure.in, doc/Makefile.in:
6779 Add doc Makefile.in and wire it up
6783 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
6784 suspending a shell with the "suspend" builtint.
6788 In child, handle parent side of the pipe going away.
6792 No longer need to check for explicit death of the child (process #2)
6793 since if it dies we will get EPIPE from the socketpair. Fix a
6794 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
6799 Make sudo_debug do a single vfprintf() which will result in a single
6800 write call on most systems. Avoids problems with interleaved debug
6801 printf from different processes. Also remove an extraneous error
6802 case since recv() can't return a short read and add some more XXX.
6805 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
6808 Fix uninitialized variable.
6812 Fix sudo install target
6815 * src/parse_args.c, src/sudo.c, src/sudo.h:
6823 * configure, configure.in:
6824 Fix setting of plugin dir
6832 Add missing source for sudo front end
6835 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
6836 Sample plugin demonstrating the sudo plugin API
6839 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
6840 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
6841 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
6842 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
6843 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
6845 Modular sudo front-end which loads policy and I/O plugins that do
6846 most the actual work. Currently relies on dynamic loading using
6847 dlopen(). See doc/plugin.pod for the plugin API.
6850 * doc/plugin.pod, include/sudo_plugin.h:
6854 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6855 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
6856 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
6857 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
6858 src/fileops.c, src/sudo_edit.c:
6859 Replace emul/include.h with compat/include.h to match new source
6864 Include missing.h for memrchr() proto
6867 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
6868 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
6869 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
6870 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
6871 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
6872 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
6873 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
6874 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
6875 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
6876 compat/getline.c, compat/getprogname.c, compat/glob.c,
6877 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6878 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6879 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6880 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
6881 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
6882 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
6883 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
6884 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
6885 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
6886 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
6887 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
6888 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6889 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
6890 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
6891 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
6892 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
6893 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
6894 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
6895 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
6896 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6897 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
6898 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
6899 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
6900 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
6901 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
6902 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
6903 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
6904 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
6905 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6906 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6907 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6908 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6909 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6910 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6911 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6912 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6913 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
6914 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
6915 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
6916 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6917 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
6918 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
6919 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
6920 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
6921 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
6922 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
6923 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
6924 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
6925 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
6926 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
6927 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
6928 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
6929 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
6930 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6931 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6932 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6933 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
6934 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6935 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
6936 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
6937 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6938 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
6939 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
6940 sample.pam, sample.sudoers, sample.syslog.conf,
6941 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
6942 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
6943 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
6944 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
6945 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
6946 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
6947 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
6948 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
6949 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
6950 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
6951 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
6952 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
6953 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
6954 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
6955 visudo.man.in, visudo.pod, zero_bytes.c:
6956 Rework source layout in preparation for modular sudo.
6959 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
6961 * Avoid a duplicate fclose() of the sudoers file.
6964 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
6967 * Use setrlimit64(), if available, instead of setrlimit() when setting
6968 AIX resource limits since rlim_t is 32bits.
6971 * Fix use after free when sending error messages. From Timo Juhani
6975 * ChangeLog, Makefile.in:
6976 Generate the ChangeLog as part of "make dist" instead of having it
6980 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
6982 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
6983 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
6984 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
6985 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
6986 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
6987 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
6988 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
6989 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
6990 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
6991 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
6992 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
6993 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
6994 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
6995 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
6996 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
6997 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
6998 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
6999 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
7000 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
7001 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
7002 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
7003 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
7004 Remove CVS $Sudo$ tags.
7007 2010-01-18 convert-repo <convert-repo>
7013 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
7016 make this match sudoers SYNOPSIS
7020 Print a newline between Runas and Command-specific defaults in sudo
7025 Use SET and CLR macros in term_raw
7029 Set stdin to non-blocking mode early instead of in check_input. Use
7030 term_raw instead of term_cbreak since the data we get has already
7031 been expanded via OPOST.
7034 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
7037 Enable/disable all postprocessing instead of just nl->crnl
7038 processing since things like tab expansion matter too. However, if
7039 stdout is a tty leave postprocessing on in the pty since we run into
7040 problems doing it only on the real stdout with .e.g nvi.
7043 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
7046 If tty_tickets is enabled and there is no tty, prompt for a
7047 password. Do not lecture user for "sudo -k command" if user has a
7052 Document missing options: --with-efence and --with-bsm-audit
7055 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
7056 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
7057 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
7058 visudo.man.in, visudo.pod:
7059 username -> user name groupname -> group name hostname -> host name
7062 * INSTALL, README.LDAP, sudoers.pod:
7063 filename -> file name like the rest of the docs
7066 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
7069 Fix printing of entries with multiple host entries on a single line.
7072 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
7075 Mention that targetpw affects the timestamp file name.
7078 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
7080 Add compress_transcript option.
7083 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
7085 * configure, configure.in:
7089 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
7090 Better split of membership vs. traditional group check in
7091 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
7094 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
7097 Fix pasto and add default return value.
7100 * check.c, match.c, pwutil.c, sudo.h:
7101 refactor group member checking into user_in_group()
7104 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
7106 Add support for mbr_check_membership() as present in darwin.
7109 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
7112 Rename label to be accurate
7115 * Makefile.in, boottime.c, check.c, config.h.in, configure,
7116 configure.in, sudo.h:
7117 Treat timestamp files from before we booted as old. Idea from and
7121 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
7123 * sudo.c, sudo.pod, sudo_usage.h.in:
7124 Allow the -u flag to be used in conjunction with the -v flag as per
7125 older versions of sudo.
7129 fix typo in last commit
7132 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
7135 Convert fmt_first and fmt_confd into macros.
7139 timeouts can be floats now
7142 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
7143 defaults.h, mkdefaults:
7144 Add support for floating point timeout values (e.g. 2.5 minutes).
7147 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
7150 The -L flag will be removed in sudo 1.7.4
7153 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
7156 Fix a bug due to order of operators.
7159 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
7162 cmnd_matches() already deals with negation so _cmndlist_matches()
7163 does not need to do so itself. Fixes a bug with negated entries in
7167 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
7170 Don't exit() from open_sudoers, just return NULL for all errors.
7174 Can't rely on the shell sending us SIGCONT when transitioning from
7175 backgroup to foreground process.
7179 Add missing extern def for parse_error
7182 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
7185 Avoid a parse error when #includedir doesn't find any files. Closes
7190 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
7193 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
7196 Start command out in foreground mode if stdout is a tty. Works
7197 around issues with some curses-based programs that don't handle
7198 tcsetattr getting interrupted by a signal. Still allows us to avoid
7199 hogging the tty if the command is part of a pipeline.
7202 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
7203 Use a socketpair to pass signals from parent to child. Child will
7204 now pass command status change info back via the socketpair. This
7205 allows the parent to distinguish between signals it has been sent
7206 directly and signals the command has received. It also means the
7207 parent can once again print the signal notifications to the tty so
7208 all writes to the pty master occur in the parent. The command is
7209 now always started in background mode with tty signals handled by
7213 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
7215 * configure, configure.in:
7216 Fix a few typos in the descriptions; from Jeff Makey Only do the
7217 check for krb5_get_init_creds_opt_free() taking two arguments if we
7218 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
7219 positive when using our own krb5_get_init_creds_opt_free which takes
7220 only a single argument.
7223 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
7225 * configure, configure.in:
7226 Remove a spurious comma in the kerb5 bits.
7230 Call krb5_get_init_creds_opt_init() in our emulated
7231 krb5_get_init_creds_opt_alloc() for MIT kerberos.
7234 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
7241 Need to ignore SIGTT{IN,OU} in child when running the command in the
7242 background. Also some minor cleanup.
7245 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
7248 Instead of calling sigsuspend when waiting for SIGUSR[12] from
7249 parent, install the signal handlers w/o SA_RESTART and let them
7250 interrupt waitpid().
7254 Pass along SIGHUP and SIGTERM from parent to child.
7258 Close unused bits of script_fds in processes that don't need them.
7259 Restore default SIGCONT handler in child.
7263 Update foreground/background status in SIGCONT handler in parent
7267 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
7270 Defer setting terminal into raw mode until just before we fork() and
7271 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
7272 and sudo is already in the foreground be sure to set raw mode before
7273 continuing the child.
7276 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
7279 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
7280 give the command the controlling tty if the main sudo process is the
7285 Don't bother with sudo_waitpid() here for now.
7292 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
7295 Remove non-wroking code that crept into rev 1.55
7298 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
7300 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
7301 First pass at zlib support for transcript data files
7305 remove vestiges of ZLDFLAGS
7309 Add missing variable declaration for when TIOCSCTTY is not defined.
7310 Need to include sys/termio.h for TIOCSCTTY on some systems.
7314 when resuming command, send SIGCONT to its pgrp not just pid
7318 remove unused variable
7322 include selinux.h for is_selinux_enabled() proto
7326 Don't use log_error() in the child process.
7330 Do I/O in parent instead of child since the parent can have both
7331 /dev/tty as well as the pty fds open. The child just sets things up
7332 and waits for its grandchild and writes the signal description to
7333 the pty master if the command was killed by a signal.
7336 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
7338 * missing.h, sudo.h:
7339 Move two struct forward declarations from sudo.h to missing.h
7343 Make comment at the top of script_exec() match reality.
7347 if neither stdin nor stdout is a tty, check stderr
7351 Add back dependecy of gram.h on gram.y
7355 Make transcript mode work as long as we can figure out our tty, even
7356 if it is not stdin. We'd like to use /dev/tty but that won't be
7357 valid after the setsid().
7360 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
7362 * config.h.in, configure, configure.in, pty.c:
7363 Add support for IRIX-style dynamic ptys
7366 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
7367 Move alloc.c protos into alloc.h
7371 Move prototypes for missing libc functions to missing.h
7374 * Makefile.in, sudo.h, sudoreplay.c:
7375 Move prototypes for missing libc functions to missing.h
7378 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
7380 * config.h.in, configure, configure.in:
7381 Disable transcript support if no tcsetpgrp until we support older
7382 BSD-style job control.
7385 * configure, configure.in, pty.c, script.c:
7386 Break out pty code into pty.c
7389 * compat.h, config.h.in, configure, configure.in:
7390 add killpg macro if no killpg function
7393 * config.h.in, configure, configure.in, script.c:
7394 Push ptem and ldterm for STERAMS-based systems when allocating a
7398 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
7401 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
7405 Call tcgetpgrp() in the parent, not the child and have the child
7406 spin until it is granted. Fixes a race on darwin.
7410 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
7414 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
7417 In script mode, if the command is killed by a signal, print the
7418 signal description as well as a core dump notification like the
7422 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
7424 Add check for strsignal() and a simple implementation if it is not
7425 there but sys_siglist is
7429 Add missing WUNTRACED and store the signal that stopped the
7430 grandchild in suspended, not signo.
7438 Associate the grandchild's pgrp with the tty instead of the child's
7439 and just get suspend notifications via SIGCHLD instead of directly.
7440 This fixes a hang with programs that try to set terminal attributes
7441 and is more consistent with how the shell handles things.
7444 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
7447 Move setpgid() of child into the parent side of the fork() where it
7451 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
7458 Run command in its own pgrp (like the shell does) for easier
7459 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
7460 to grandchild. Don't want grandchild stopped events in the child
7461 (only termination). Flush output after suspending grandchild before
7466 Back out revision 1.34; the problem lies elsewhere.
7470 Don't set stdout to blocking mode when flushing remaining output.
7471 It can cause us to hang when trying to exit. Need to investigate
7476 Handle SIGTTOU and remove some debugging.
7480 Back out revision 1.10 as the signal that interrupts us may be
7481 SIGTTOU or SIGTTIN which the caller must handle.
7485 Apparently we need to send SIGSTOP to the command as well as ourself
7486 when we get SIGTSTP, the kernel doesn't automatically stop the
7491 Use an extra process to act as the glue bewteen the sessions
7492 associated with the user's controlling tty (what the shell uses) and
7493 the tty that sudo is using to do its logging. Basically, this means
7494 that if we get, e.g. SIGTSTP from the process sudo is running, we
7495 relay the signal to the parent so it's shell can do the job control.
7499 Handle getting/setting terminal attributes when the fd is in non-
7503 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
7505 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7506 Add support for pausing and changing the speed in interactive mode.
7510 Already define O_NOCTTY in compat.h, don't need it here
7513 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
7519 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
7522 Always update the stashed mtime of the temp file instead of using
7523 what we have for the original because the time resolution of the
7524 filesystem the temporary is on may not match that of the filesystem
7525 that holds the original. Should fix bz #371 found by Philippe Levan.
7529 Use cbreak mode instead of raw mode and add signal handlers to
7530 restore the tty on interrupt.
7533 * script.c, sudo.h, term.c:
7534 Retain NL to NLCR conversion on the real tty and skip it on the pty
7535 we allocate. That way, if stdout is not a pty there are no extra
7540 Fix log_output(); just pass in a string and a length.
7543 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
7546 do not use errno when complaining out lack of a tty
7549 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
7551 * Makefile.in, sudoreplay.c, term.c:
7552 Instead of messing with line endings, just set terminal to raw mode
7557 When copying the terminal attributes to the pty, be sure not to set
7558 ONLCR. This prevents extra carriage returns from ending up in the
7563 Convert a do {} while into a while
7567 Use if then instead of test && when installing binaries that may not
7572 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
7573 old tty before associatng with new one.
7576 * script.c, selinux.c, sudo.c, sudo.h:
7577 First cut at refactoring some of the selinux code so it can be used
7578 in conjunction with sudo's transcript support.
7581 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
7583 * aclocal.m4, configure, configure.in:
7584 Fix default case of transcript_enabled being unset.
7587 * script.c, sudoreplay.c:
7588 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
7591 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
7592 Hook up --disable-transcript and --enable-transcript=DIR
7595 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
7597 * aclocal.m4, configure, configure.in, pathnames.h.in:
7598 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
7599 transcript=DIR option to specify the directory
7602 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
7606 * configure, configure.in, sudoers.man.pl, sudoers.pod:
7607 Substitute in default value for secure_path
7611 Mention that the password must be followed by a newline with the -S
7615 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
7618 Go back to dropping out of the select() loop when the process dies;
7619 Linux ptys apparently don't behave the same as BSD in regards to
7620 select(). No need to flush remaining output to the transcript, only
7621 to stdout. Add back code to check the master pty for additional data
7622 when we exit the main select loop.
7625 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
7628 Add getline.o to COMMON_OBJS
7632 sudoreplay depends on libsudo.a
7636 More pwutil.o into COMMON_OBJS
7639 * pwutil.c, testsudoers.c, tsgetgrpw.c:
7640 Remove my_* redirection in pwutil.c for testsudoers and just use the
7641 normal libc get{pw,gr}* names.
7644 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7645 More time and date examples
7648 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
7649 Move nanosleep() emulation into its own file Check librt.a for
7650 nanosleep if we don't find it in libc
7653 * Makefile.in, configure, configure.in:
7654 Build libsudo with the common bits and link things against that.
7662 Keep reading from the pty master -> log file until read returns <=
7663 0. Do our best to write everything to stdout when flushing any
7668 Use unbuffered I/O when writing to stdout and make sure we write the
7672 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
7675 Only use max_wait if it is non-zero
7678 * getdate.c, getdate.y, getline.c:
7683 Fix nanosleep emulation
7687 Fix comment after #endif
7691 Add protos for missing libc bits
7694 * configure, configure.in:
7695 add missing line continuation char
7698 * config.h.in, configure, configure.in, getline.c:
7699 Implement getline() in terms of fgetln() if we have it.
7703 Print year when formatting log line
7707 Document cwd, attempt to document time/date formats.
7711 Fix getline return value check.
7714 * Makefile.in, config.h.in, configure, configure.in, getline.c,
7716 Use getline() if the system has it, else use provide our own for
7721 Refactor code to update output and timing files.
7724 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
7727 Make sudo_getln() behave more like glibc getline.
7731 When flushing remaining output, also update timing file.
7735 Use get_timestr() and make the -l output look like the regular sudo
7739 * logging.c, sudo.h, timestr.c:
7740 Make get_timestr() take a time_t so we can use it properly in
7745 Create session dir earlier now that we update the seq number early.
7748 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
7751 Use fromdate and todate as the keywords instead of from and to; the
7752 short forms will still be accepted.
7756 Fix reading long liensin sudo_getln()
7759 * script.c, sudoreplay.c:
7760 Log the cwd in the script log file. Add sudo_getln() to read
7761 arbitrarily long lines.
7764 * Makefile.in, logging.c, sudo.h, timestr.c:
7765 Move get_timestr() into its own source file so sudoreplay can use
7769 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
7772 Add to and from perdicates (date ranges); needs documentation
7775 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
7777 * Makefile.in, getdate.c, getdate.y:
7778 Fix warning and add generated getdate.c
7781 * Makefile.in, getdate.y:
7782 Add getdate.y to be used for sudoreplay date parsing.
7785 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
7788 Check more than just the first character of a predicate
7791 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7792 Add examples, sort predicates
7795 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
7797 Implement search expressions in sudoreplay similar in concept to
7798 what find or tcpdump uses. TODO: date ranges
7801 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
7804 Remove vhangup as it was hanging up the wrong tty. Should really
7805 vhangup in the child after it as set its tty.
7809 Fix cut at documenting transcript support.
7813 ID= -> TSID= for transcript ID
7816 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
7819 Move fast_glob description to where it belongs in sorted order
7822 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
7823 parse.c, parse.h, sudo.c:
7824 Rename script -> transcript
7827 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
7830 Add timeradd and timersub for those without them
7834 Sanity check sessid before using it.
7838 Only set the session id if we are running a command or editing a
7843 Actually. qsort is fine since most versions fal back to a cheaper
7844 sort when the number of elements to sort is small (like in our
7848 * config.h.in, configure, configure.in, script.c:
7849 Check for dup2 and use dup instead if we don't have it.
7852 * script.c, sudo.c, sudo.h:
7853 Move the code to dup2 the script fds to low numbered descriptors
7854 into script_duplow() and fix the fd sorting.
7857 * script.c, sudo.c, sudo.h:
7858 Move script_setup() back to immediately before we drop privs and
7859 call the new script_nextid() in its place, which will set
7860 sudo_user.sessid for the logging functions.
7863 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
7870 remove unused variable
7873 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
7875 * logging.c, script.c, sudo.c, sudo.h:
7876 Log the session ID, if there is one. Currently logs ID=XXXXXX,
7877 perhaps should be SESSIONID or SESSID.
7880 * Makefile.in, configure, configure.in, sudoreplay.cat,
7881 sudoreplay.man.in, sudoreplay.pod:
7886 add -V (version) flag
7893 * script.c, sudoreplay.c:
7894 Use base36 number for the ID and store script files with paths like
7895 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
7896 (2,176,782,336) unique IDs.
7899 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
7901 * config.h.in, configure.in:
7902 Add check for regcomp
7906 Add support for selecting by pattern and tty when listing.
7909 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7912 The beginnings of a list mode.
7915 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
7921 * Makefile.in, config.h.in, configure.in:
7922 Add scaffolding for building sudoreplay
7926 include error.h first arg to nanotime is const
7930 Initial cut at sudoreplay; replay a sudo session.
7933 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
7936 Fix wait() usage and use correct wait status.
7939 * sudo.c, sudo.h, tgetpass.c:
7940 Add protos for term_* to sudo.h
7944 Fix detection of the child process exiting. Since the child is in
7945 its own session we should only ever get SIGCHLD for that process but
7946 better safe than sorry.
7950 Add UNIX98 pty support.
7953 * configure, configure.in, script.c:
7954 Add UNIX98 pty support.
7957 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
7960 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
7965 Set PAM_RUSER and PAM_RHOST early so they can be used during
7966 authentication. Based on a patch from Jamie Beverly.
7970 Close dir before returning if strlcpy() reports overflow. From
7974 * config.h.in, configure, configure.in, script.c:
7975 On Linux, the openpty proto libes in pty.h
7979 Call vhangup on exit if the system has it Use setpgrp() if no
7983 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
7985 * config.h.in, configure, configure.in:
7986 Add checks for revoke and vhangup if we don't have openpty
7990 Session logging guts that got forgotten in the previous commit.
7993 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
7994 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
7995 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
7997 First cut at session logging for sudo. Still need to write
7998 get_pty() for Unix 98 and old-style BSD ptys. Also needs
7999 documentation and general cleanup.
8002 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
8004 * sudo.c, sudo_edit.c:
8005 Fix a bug introduced with def_closefrom. The value of def_closefrom
8006 already includes the +1.
8009 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
8012 Generate sudo distributions with pax in ustar mode. No longer need
8013 to use a temp file or have the source dir name match the version.
8016 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
8019 Fix expansion of %h in #include names. Fixes bugzilla 363
8022 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
8025 If no arg assume def_data.in
8030 [f5ad45f69f05] [SUDO_1_7_2]
8036 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
8038 * sudoers.cat, sudoers.man.in, sudoers.pod:
8039 Add missing single quotes around a colon in Runas_Spec definition.
8043 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
8045 * sudo.man.in, sudoers.man.in:
8050 In rbrepair, re-color the root or the first non-block node we find
8051 to be black. Re-coloring the root is probably not needed but won't
8055 * sudo.cat, sudoers.cat:
8059 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
8062 When repairing the tree, don't touch the root node.
8065 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
8068 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
8069 Reported by Josef Schmid.
8072 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
8075 Document that we accept env_pam-style environment files
8079 Adapt to accept pam_env-style /etc/environment which allows shell-
8080 style lines such as: export EDITOR="/usr/bin/vi"
8084 Make it clear that env_delete only works when !env_reset. From Lo??c
8088 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
8090 * sudo.pod, sudoers.pod:
8091 Add non-unix group bits, adapted from Quest
8095 build the .cat page in the current working dir, not the src dir
8099 Return EINVAL in setenv() if var is NULL or the empty string to
8100 match glibc behavior.
8103 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
8105 * configure, configure.in:
8106 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
8109 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
8111 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8112 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8116 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
8119 Document --with-libvas and --with-libvas-rpath
8122 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
8124 * ldap.c, sudoers.ldap.pod:
8125 For netscape-derived LDAP SDKs the cert and key paths may be a
8126 directory or a file. However, version 5.0 of the SDK only seems to
8127 support using a directory. If ldapssl_clientauth_init fails and the
8128 cert or key paths look like they could be files, strip off the last
8129 path element and try again.
8133 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
8136 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
8138 * configure, configure.in, match.c, sudo.c, vasgroups.c:
8139 Update non-Unix group support from Quest, as reworked by me.
8147 Add support for escaped hex chars in names, e.g. \x20 for space.
8150 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
8152 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
8153 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
8154 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
8155 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
8156 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
8157 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
8158 tgetpass.c, toke.l, visudo.c:
8159 Update copyright years.
8162 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
8164 * interfaces.c, lbuf.c:
8165 Minor fixes for Minix-3
8168 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
8171 Handle getgroups() returning 0. Also add missing check for
8175 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
8177 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
8178 version.h, visudo.c:
8179 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
8182 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
8185 Remove group setting code in setusercontext case, we will do it
8186 ourselves later on in runas_setup. Set the gid after
8187 initgroups/setgroups is called, since on Mac OS X it seems to change
8191 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
8193 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
8195 Initial bits of non-unix group support using Quest Authentication
8200 Accept %:foo as a non-Unix group
8204 Allow user/group to be double quoted in the case of non-Unix groups
8205 which contain spaces.
8208 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
8211 Don't allow the user to specify the default runas user if their
8212 sudoers entry only allows them to run as a group.
8215 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
8218 Must call audit_success before we change uids.
8221 * logging.c, set_perms.c, sudo.h, testsudoers.c:
8222 Add option for set_perm to not exit on failure and use this in the
8227 In -l mode, if the user is only allowed to run as a group, display
8228 the user's name, not root's before the allowed group.
8232 Fix -g mode, broken by rev 1.503 which had the side effect of
8233 setting the runas user to root unilaterally.
8236 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
8239 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
8243 Only cache by the method we fetched for pwd and grp lookups.
8244 Previously we cached both by namd and id but this can cause problems
8245 for entries that share the same id. Also add more info in the error
8246 message in case the insert fails (which should now be impossible).
8249 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
8252 Add a clarification from Nick Sieger
8255 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
8258 Inline the setting of the environment string.
8261 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
8264 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
8265 in BSD doesn't return an error if the name has '=' in it, it just
8266 treats the '=' as end of string.
8269 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
8272 Not all systems have d_namlen
8275 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
8278 Fix up some pod2html issues.
8281 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
8284 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
8289 Ignore files ending in '~' in sudo.d (emacs backup files)
8293 Ignore files ending in '~' in sudo.d (emacs backup files)
8296 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
8298 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
8299 For #includedir, ignore any file containing a dot
8302 * Makefile.in, version.h:
8306 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
8307 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
8309 Implement #includedir directive. Files in an includedir are not
8310 edited by visudo unless they contain a syntax error.
8315 [8741ed61a78b] [SUDO_1_7_1]
8318 Forgot umask_override
8325 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
8328 Rewind stream if we fdopen sudoers since it may not be at the
8329 beginning. Set the keepopen flag on already-open files too so the
8330 lexer doesn't close them out from under us.
8334 Print the proper file name when there is a parse error in an include
8338 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8344 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8346 * configure, configure.in:
8347 Fix a warning when --without-ldap is specified.
8350 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8352 * alias.c, parse.h, visudo.c:
8353 Store aliases that we remove during check_aliases in a freelist and
8354 free them at the end so we don't leak memory.
8357 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
8360 Check aliases in -c mode too.
8363 * alias.c, parse.h, visudo.c:
8364 Make alias_remove return the alias struct instead of freeing it
8365 directly. Fixes a use after free in alias_remove_recursive, the only
8369 * alias.c, match.c, parse.c, parse.h, visudo.c:
8370 Rename find_alias -> alias_find for consistency.
8373 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8376 When checking for unused aliases, recurse if the alias points to
8380 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
8383 Back out rev 1.105 for now. Real ldapux_client.conf support will be
8384 done later after some refactoring.
8387 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
8390 Treat ldap_hostport the same as "host" for ldapux.
8393 * configure, configure.in:
8394 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
8395 Fixes compilation with ldapux.
8398 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
8404 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
8407 remove errant carriage returns
8414 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8415 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8419 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
8422 Add missing HAVE_BSM_AUDIT
8430 Mention --with-netsvc
8434 Document netsvc.conf support
8437 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
8439 Add support for AIX netsvc.conf (like nsswitch.conf).
8442 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
8444 * config.h.in, configure, configure.in, env.c:
8445 Add --enable-env-debug flag to enable environment sanity checks.
8448 * sudoers.ldap.pod, sudoers.pod:
8449 Work around some pod2html issue.
8452 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
8455 Only sync environ for putenv, setenv, and unsetenv. We need to make
8456 sure that sudo_putenv and sudo_setenv only modify env.envp, not
8460 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
8463 Really fix UNSETENV_VOID
8467 Fix unsetenv when UNSETENV_VOID
8470 * aclocal.m4, configure:
8471 Fix SUDO_FUNC_PUTENV_CONST
8475 tivoli-based ldap does not have ldapssl_err2string
8482 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
8484 * config.h.in, configure, configure.in, ldap.c:
8485 Add support for Tivoli-based LDAP start TLS as seen in AIX.
8490 Add sanity checks for setenv/unsetenv
8494 Include bsm_audit.h in the tarball
8497 * Makefile.in, version.h:
8498 bump version for sudo 1.7.1
8501 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
8502 env.c, ldap.c, sudo.h:
8503 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
8504 provide our own setenv/unsetenv/putenv that operates on own env
8505 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
8508 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
8511 Make "sudoedit -h" work as expected
8515 Make sure def_prompt is always defined. This is a workaround for
8516 pam configs that prompt for a password in the session but don't have
8517 an auth line. A better fix is to expand the sudo prompt earlier and
8518 set def_prompt to that when initializing.
8522 Mention that the helper for -A may be graphical.
8526 Document what happens if there is no tty.
8538 Fix "sudo -k" with no other args
8541 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
8543 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
8544 Allow the -k flag to be specified in conjunction with a command or
8545 another option that may require authentication.
8548 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
8550 * configure, configure.in:
8551 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
8555 Parallel make fix. From Diego E. 'Flameeyes'
8558 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
8560 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8561 Implement umask_override
8568 * sudoers.pod, toke.l, visudo.c:
8569 Implement %h escape in sudoers include filenames.
8573 Need to include compat.h
8576 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
8577 Make audit_success and audit_failure generic functions in
8578 preparation for integrating linux audit support.
8582 remove duplicate include
8585 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
8592 May need to update the runas user after parsing command-based
8596 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
8599 Add missing pair of braces introduced with character class support.
8602 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
8604 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
8605 Rename pwstars to pwfeedback
8608 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
8610 * bsm_audit.c, bsm_audit.h:
8611 Add const to make MacOS happy.
8614 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
8615 configure.in, sudo.c:
8616 Add bsm audit support from Christian S.J. Peron
8620 This is new code, no DARPA notice.
8623 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
8625 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8626 Rename simple_glob -> fast_glob
8633 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8634 Add simple_glob option to use fnmatch() instead of glob(). This is
8635 useful when you need to specify patterns that reference network file
8647 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
8650 Delete any pwstars we wrote after the user hits return. That way
8651 there is no record on screen as to the user's password length.
8654 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
8657 Move terminal setting bits from tgetpass.c to term.c
8660 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
8662 Add pwstars sudoers option that causes sudo to print a star every
8663 time the user presses a key.
8666 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
8669 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
8672 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
8675 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
8676 indicate no limit. From Mark Janssen.
8679 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
8682 Comments that begin with #- should not be parsed as uids.
8685 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
8688 Do not try to set the close on exec flag if we didn't actually open
8692 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
8696 [e11f0e4c1bdd] [SUDO_1_7_0]
8698 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
8704 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
8707 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
8711 * configure, configure.in:
8712 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
8713 as it cannot generate shared objects.
8716 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
8717 K&R compilation fixes
8721 Use tq_foreach_fwd when checking pseudo-commands to make it clear
8722 that we are not short-circuiting on last match. When pwcheck is
8723 'all', initialize nopass to TRUE and override it with the first non-
8727 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
8730 Do not short circuit pseudo commands when we get a match since,
8731 depending on the settings, we may need to examine all commands for
8735 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
8737 * sudoers.cat, sudoers.man.in:
8742 hostnames may also contain wildcards
8746 remove stamp-* files and linux core files in clean target
8749 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
8751 * auth/sudo_auth.h, config.h.in, configure, configure.in:
8752 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
8755 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
8757 * configure, configure.in:
8758 correctly enable SIA on Digital UNIX
8769 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
8771 * check.c, sudo.h, tgetpass.c:
8772 Even if neither stdin nor stdout are ttys we may still have /dev/tty
8776 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
8778 * sudoers.cat, sudoers.man.in:
8783 fix typos; Markus Lude
8795 Fix matching of a line that only consists of a comment char
8798 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
8801 MacOS pam will retry conversation function if it fails so just treat
8802 ^C as an empty password.
8806 When checking for alias use, also check defaults bindings.
8814 Replace my rbdelete with Emin's version (which actually works ;-)
8817 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
8824 malloc options in devel mode for visudo too
8827 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
8830 fix compilation on non-C99; from Theo
8838 when destroying an alias, free the correct data pointer
8842 add proto for aixauth_cleanup; from Dale King
8845 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
8847 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8852 * sudo.pod, sudoers.pod, visudo.pod:
8853 standardize on the term 'option' for command line options (not flag)
8856 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
8859 Add note on configuring HP-UX pam
8862 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
8865 Move tty checks into check_user() so we only do them if we actually
8870 Don't error out if no tty or askpass unless we actually need to
8874 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
8880 * pathnames.h.in, sudo.c:
8881 s/overriden/overridden/; from Tobias Stoeckmann
8884 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
8886 * WHATSNEW, visudo.c:
8887 check sudoers owner and mode in strict mode
8894 * sudo.man.in, sudoers.man.in, visudo.man.in:
8895 Update copyright years.
8898 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
8899 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
8900 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
8901 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
8902 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
8903 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
8904 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
8905 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
8906 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
8907 visudo.pod, zero_bytes.c:
8908 Update copyright years.
8911 * emul/charclass.h, fnmatch.c, glob.c:
8915 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
8918 The loop in fill_cmnd() was going one byte too far past the end,
8919 resulting in a NUL being written immediately after the buffer end.
8922 * UPGRADE, WHATSNEW:
8923 add sections on tgetpass changes
8927 Treat EOF w/o newline as an error.
8930 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
8933 Fix "sudo -v" when NOPASSWD is set.
8936 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
8938 No longer treat an empty password at the prompt as special. To quit
8939 out of sudo you now need to hit ^C at the password prompt.
8942 * sudoers.cat, sudoers.man.in:
8946 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8947 Sudo will now refuse to run if no tty is present unless the new
8948 visiblepw sudoers flag is set.
8951 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
8954 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
8959 fix fallback value for RLIM_SAVED_MAX
8962 * auth/aix_auth.c, auth/sudo_auth.h:
8963 Move clearing of AUTHSTATE into aixauth_cleanup.
8966 * auth/aix_auth.c, env.c:
8967 Unset AUTHSTATE after calling authenticate() as it may not be
8968 correct for the user we are running the command as.
8972 Add isblank() function for systems without it. Needed for POSIX
8973 character class matching in fnmatch.c and glob.c.
8976 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
8979 expound on sudo and cd
8982 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
8988 * sudoers.cat, sudoers.man.in:
8993 mention defauts parse order
8996 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
8998 * Makefile.in, aclocal.m4, compat.h, configure:
8999 Add isblank() function for systems without it. Needed for POSIX
9000 character class matching in fnmatch.c and glob.c.
9004 add emul/charclass.h to HDRS
9007 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
9013 * defaults.c, parse.c, testsudoers.c, visudo.c:
9014 Move update_defaults into defaults.c and call it properly from
9015 visudo and testsudoers.
9018 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
9020 use zero_bytes() instead of memset() for consistency
9023 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
9025 Zero out sigaction_t before use in case it has non-standard entries.
9033 Short circuit glob() checks if basename(pattern) !=
9034 basename(command). Refactor code that checks for a command in a
9035 directory and use it in the glob case if the resolved pattern ends
9039 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
9041 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
9042 Defer setting runas defaults until after runaspw/gr is setup.
9045 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
9047 * match.c, sudo.c, testsudoers.c:
9048 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
9049 systems do not include space for the NUL in the size. Also manually
9050 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
9054 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
9056 * sudo.c, sudoers.pod:
9057 When setting the umask, use the union of the user's umask and the
9058 default value set in sudoers so that we never lower the user's umask
9059 when running a command.
9063 Don't try to read from a zero-length sudoers file. Remove the bogus
9064 Solaris work-around for EAGAIN. Since we now use fgetc() it should
9068 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
9071 In update_defaults() check the return value of user*_matches against
9072 ALLOW so we don't inadvertantly match on UNSPEC.
9075 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
9077 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9078 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9079 regen man pages; no more hyphenation
9083 Don't error out on a zero-length sudoers file. With the advent of
9084 #include the user could create a situation where sudo is unusable.
9087 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
9089 * auth/kerb5.c, config.h.in, configure, configure.in:
9090 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
9091 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
9092 all. Add configure tests to handle all the cases.
9095 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
9102 document sudoers_locale
9105 * sudo.pod, sudo_edit.c:
9106 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
9111 In fill_cmnd(), collapse any escaped sudo-specific characters.
9112 Allows character classes to be used in pathnames.
9115 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
9118 fix typo in non-C89 function declaration
9122 Mention POSIX characters classes now that out fnmatch() and glob()
9126 * sample.sudoers, sudoers.pod:
9127 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
9132 use __signed char if we are going to assign a negative value since
9133 on Power, char is unsigned by default
9136 * config.h.in, configure, configure.in:
9137 Add tests for __signed char and signed char.
9141 Fix AIX limit setting. getuserattr() returns values in disk blocks
9142 rather than bytes. The default hard stack size in newer AIX is
9143 RLIM_SAVED_MAX. From Dale King.
9146 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
9148 * emul/charclass.h, fnmatch.c, glob.c:
9149 Add character class support to included glob(3) and fnmatch(3).
9152 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
9155 Remove UCB advertising clause and some compatibility defines.
9158 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
9161 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
9162 or sudo. This allows one to set EDITOR to sudoedit without getting
9163 into an infinite loop of sudoedit running itself until the path gets
9167 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
9168 Add sudoers_locale Defaults option to override the default sudoers
9172 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
9175 Set locale to system default except for during sudoers parse.
9178 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
9181 Redo change in 1.34 to use pointer arithmetic.
9184 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
9187 Fix a dereference (read) of a freed pointer. Reported by Patrick
9191 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
9194 Set locale to "C" to avoid interpretation issues with character
9195 ranges in sudoers. May want to make the locale a sudoers option in
9199 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
9202 we no longer use setproctitle
9209 * LICENSE, mkstemp.c:
9210 Use my replacement mkstemp() from the mktemp package.
9213 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
9216 regen with yacc skeleton bug fixed
9220 Remove duplicate "as root". From Martin Toft.
9223 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
9225 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
9226 Flesh out the fake passwd entry used for running commands as a uid
9227 not listed in the passwd database. Fixes an issue with some PAM
9231 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
9234 Error out in -i mode if the user has no shell. This can happen when
9235 running commands as a uid with no password entry.
9238 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
9241 Better fix for line continuation inside double quotes. Now accepts
9242 whitespace between the backslash and the newline like the main
9246 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
9249 Fix line continuation in strings. It was only being honored if
9250 preceded by whitespace.
9253 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
9255 * config.h.in, configure, configure.in, logging.c:
9256 Replace the double fork with a fork + daemonize.
9259 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
9262 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
9265 * logging.c, sudo.c, sudo_edit.c, visudo.c:
9266 Change how the mailer is waited for. Instead of having a SIGCHLD
9267 handler, use the double fork trick to orphan the child that opens
9268 the pipe to sendmail. Fixes a problem running su on some Linux
9272 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
9274 * configure, configure.in:
9275 Fix configure test for dirfd() on Linux where DIR is opaque.
9278 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
9281 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
9282 this problem we'll need to revisit this again.
9285 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
9288 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
9289 we only block the signal it may be delivered later when we unblock.
9290 Also, there is no need to block SIGCHLD since we no longer do the
9291 double fork. The normal SIGCHLD handler is sufficient.
9294 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
9296 * configure, configure.in:
9297 Add description for NO_PAM_SESSION, from a redhat patch.
9300 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
9302 * sudo.cat, sudo.man.in, sudo.pod:
9303 Fix typos in -i usage
9306 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
9308 * configure, configure.in:
9309 Redo the test for dgettext() in a way that hopefully will work
9310 around the libintl_dgettext() undefined problem.
9313 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
9315 * schema.ActiveDirectory:
9316 change filename in comment
9319 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
9321 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
9323 Reference schema.ActiveDirectory
9326 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
9328 * schema.OpenLDAP, schema.iPlanet:
9329 Mark sudoRunAs as deprecated.
9332 * schema.ActiveDirectory:
9333 add sudoRunAsUser and sudoRunAsGroup
9336 * schema.ActiveDirectory:
9337 Active Directory schema by Chantal Paradis and Eric Paquet
9340 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
9343 remove an XXX that was fixed
9351 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
9352 fixes a problem where the tag value printed was influenced by
9353 defaults set in the first pass through the parser.
9356 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
9358 * Makefile.in, sudo.psf:
9359 No point in packaging the TODO file
9366 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
9368 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
9369 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
9370 Add env_file Defaults option that is similar to /etc/environment on
9374 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
9376 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
9377 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
9378 version.h, visudo.cat, visudo.man.in:
9379 change version to 1.7.0
9383 initial valgrind pass done
9386 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
9389 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
9392 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
9395 define LDAPS_PORT if the system headers do not
9398 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
9401 Fix another memory leak in init_parser().
9404 * configure, configure.in:
9405 There was a missing space before the ldap libs in SUDO_LIBS for some
9409 * alias.c, gram.c, gram.y, toke.c, toke.l:
9410 Clean up some memory leaks pointed out by valgrind.
9413 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
9416 fix "sudo -s" broken by mode/flags breakout
9419 * configure, configure.in:
9420 remove duplicate check for dgettext
9423 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9426 Fall back to default stanza if no user-specific limit is found.
9429 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
9432 include stdint.h if present
9436 Use LLONG_MAX, not the old QUAD_MAX
9439 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
9445 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
9451 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
9457 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
9468 Split MODE_* defines into primary and flags.
9471 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
9474 It turns out the logic for getting AIX limits is more convoluted
9475 than I realized and differs depending on whether the soft and/or
9476 hard limits are defined.
9479 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
9481 * Makefile.in, configure, configure.in:
9482 Back out AIX-specific change to set the sudo_noexec path to the .a
9483 file, we do really want to use the .so file. Since libtool doesn't
9484 do that correctly, just install the .so file ourselves in the
9489 If the file given to install is a path, only use the basename of the
9490 file when building the destination path.
9493 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
9496 parse_args() cleanup: Sort command line options in the getopt()
9497 switch The -U option requires a parameter Normalize a few ISSET
9498 calls Split mode into mode and flags and retire the now-obsolete
9502 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
9504 Add -n (non-interactive) flag.
9508 Move version printing, etc. into a separate function.
9512 Don't try to cleanup nsswitch if it has not been initialized.
9515 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
9518 Block SIGPIPE in send_mail() so sudo is not killed by a problem
9519 executing the mailer.
9522 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
9524 * configure, configure.in:
9525 AIX shared libs end in .a, not .so.
9528 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
9531 Preserve HOME by default too. Matches documentation and previous
9535 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
9538 Use getopt() to parse the command line. We need to be able to
9539 intersperse env variables and options yet still honor "--"" which
9540 complicates things slightly.
9543 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
9549 * acsite.m4, configure, ltmain.sh:
9550 update to libtool-1.5.26
9553 * config.guess, config.sub:
9554 update from libtool-1.5.26 distribution
9558 attempt to fix compilation errors on AIX
9562 fix typo in last commit
9566 Add WHATSNEW file to the distribution
9570 use warningx instead of fprintf(stderr, ...)
9574 add DEBUG to list2tq
9585 * Makefile.in, aix.c, config.h.in, configure, configure.in,
9586 set_perms.c, sudo.h:
9587 Add aix_setlimits() to set resource limits on AIX using a
9588 combination of getuserattr() and setrlimit(). Currently untested.
9591 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
9593 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
9594 sudoers.man.in, sudoers.pod:
9595 Add mailfrom Defaults option that sets the value of the From: field
9596 in the warning/error mail. If unset the login name of the invoking
9601 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
9605 When adding a default, only call list2tq() once to do the list to tq
9606 conversion. It is not legal to call list2tq multiple times on the
9607 same list since list2tq consumes and modifies the list argument.
9610 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9611 comment out XXXs for now
9618 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
9621 Error out if both -A and -S are specified Error out if -A is
9622 specified but no askpass is configured
9625 * configure, configure.in:
9626 we are not going to ship a sudo-specific askpass
9629 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
9632 fix definition of TGP_ASKPASS
9635 * def_data.c, def_data.in:
9636 make askpass boolean-capable
9640 document --with-askpass
9643 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9644 sudoers.man.in, visudo.cat:
9648 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
9650 * sudo.pod, sudo_usage.h.in, sudoers.pod:
9651 document -A and askpass
9654 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
9655 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
9656 sudo_usage.h.in, tgetpass.c:
9657 Add support for running a helper program to read the password when
9658 no tty is present (or when specified with the -A flag). TODO: docs.
9661 * def_data.c, def_data.in:
9662 add missing printf format to SELinux role and type strings
9665 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
9667 * INSTALL, configure, configure.in:
9668 Disable use of gss_krb5_ccache_name() by default and add
9669 --enable-gss-krb5-ccache-name configure option to enable it. It
9670 seems that gss_krb5_ccache_name() doesn't work properly with some
9671 combinations of Heimdal and OpenLDAP.
9674 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
9677 Ignore setexeccon() failing in permissive mode. Also add a call to
9678 setkeycreatecon() (though this is probably insufficient). From Dan
9683 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
9684 function may be called for non-password reading purposes so we must
9685 be careful not to use def_prompt in cases where it may not be set.
9688 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
9691 Don't free the new tty context, we need to keep it around when we
9692 restore the tty context after the command completes
9695 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
9701 * sudo.man.pl, sudo.pod:
9702 Only put login_cap(3) in SEE ALSO section if we have login.conf
9706 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
9708 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9709 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9714 Substitute in comment characters for lines partaining to login.conf,
9715 BSD auth and SELinux and only enable them if pertinent.
9719 Substitute in comment characters for lines partaining to login.conf,
9720 BSD auth and SELinux and only enable them if pertinent.
9724 Substitute in comment characters for lines partaining to login.conf,
9725 BSD auth and SELinux and only enable them if pertinent.
9729 Substitute in comment characters for lines partaining to login.conf,
9730 BSD auth and SELinux and only enable them if pertinent.
9733 * Makefile.in, configure, configure.in:
9734 Substitute in comment characters for lines partaining to login.conf,
9735 BSD auth and SELinux and only enable them if pertinent.
9738 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
9739 Remove the =cut on the first line (above the copyright notice) to
9740 quiet pod2man. Also remove the hackery in the FILES section and
9741 just deal with the fact that there will a newline between each
9745 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
9748 run sudo.man.pl when generating sudo.man.in
9751 * configure, configure.in, sudo.man.pl:
9752 comment out SELinux manual bits unless --with-selinux was specified
9756 document role and type defaults for SELinux
9759 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
9760 Document "sudo -ll" and make "sudo -l -l" be equivalent.
9763 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
9765 * configure, configure.in:
9766 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
9767 Debian GNU/kFreeBSD.
9770 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9773 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
9777 * logging.c, logging.h, sudo.c:
9778 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
9779 log_auth() into log_allowed() and log_denial() Replace mail_auth()
9780 with should_mail() and a call to send_mail()
9783 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
9786 Add debugging so we can tell if the krb5 ccache is accessible
9790 mention --with-selinux
9793 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
9803 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
9804 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
9805 testsudoers.c, toke.c, toke.l:
9806 Add support for SELinux RBAC. Sudoers entries may specify a role
9807 and type. There are also role and type defaults that may be used.
9808 To make sure a transition occurs, when using RBAC commands are
9809 executed via the new sesh binary. Based on initial changes from Dan
9814 Add support for SELinux RBAC. Sudoers entries may specify a role
9815 and type. There are also role and type defaults that may be used.
9816 To make sure a transition occurs, when using RBAC commands are
9817 executed via the new sesh binary. Based on initial changes from Dan
9821 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
9822 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
9823 pathnames.h.in, selinux.c:
9824 Add support for SELinux RBAC. Sudoers entries may specify a role
9825 and type. There are also role and type defaults that may be used.
9826 To make sure a transition occurs, when using RBAC commands are
9827 executed via the new sesh binary. Based on initial changes from Dan
9831 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9833 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
9834 Add long list (sudo -ll) support for printing verbose LDAP and
9835 sudoers file entries. Still need to update manual.
9838 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
9840 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
9841 Unify the -l output for file and ldap based sudoers and use lbufs
9842 for both. The ldap output does not currently include options that
9843 cannot be represented as tags. This will be remedied in a long list
9844 output mode to come.
9847 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
9850 Use a specific error message for errno == EAGAIN when setuid() et al
9851 fails. On Linux systems setuid() will fail with errno set to EAGAIN
9852 if changing to the new uid would result in a resource limit
9857 Unlimit nproc on Linux systems where calling the setuid() family of
9858 syscalls causes the nroc resource limit to be checked. The limits
9859 will be reset by pam_limits.so when PAM is used. In the non-PAM
9860 case the nproc limit will remain unlimited but there doesn't seem to
9861 be a way around that other than having sudo parse
9862 /etc/security/limits.conf directly.
9865 * env.c, sudo.c, sudo.pod:
9866 Only read /etc/environment on Linux and AIX
9869 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
9871 * configure, configure.in:
9872 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
9873 ldap.conf and ldap.secret paths from going into config.h. Avoid
9874 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
9875 since in some versions of bash they will end up literally in the
9879 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
9882 mention --with-nsswitch=no
9885 * configure, configure.in:
9886 ldap_ssl.h depends on ldap.h being included first
9889 * config.h.in, configure, configure.in, ldap.c:
9890 Include ldap_ssl.h if we can find it. Needed for the
9891 ldapssl_set_strength defines on HP-UX at least.
9902 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9903 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9908 Use 78n line length when formatting cat pages.
9912 Remove redundant info that is now in sudoers.ldap.pod
9915 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
9917 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9918 Reorganize the first section a bit. Substitute the proper path for
9922 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9923 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
9924 schema into EXAMPLES
9927 * configure, configure.in:
9928 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
9932 * configure, configure.in:
9933 substitute for sudoers.ldap.man
9937 Fix cut & pasto introduced when adding sudoers.ldap man page.
9940 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9941 Fill in some of the missing pieces. Still needs some reorganization
9945 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
9947 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
9949 Beginnings of a sudoers.ldap man page. Currently, much of the
9950 information is adapted from README.LDAP.
9953 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
9956 When copying gr_mem we must guarantee that the storage space for
9957 gr_mem is properly aligned. The simplest way to do this is to
9958 simply store gr_mem directly after struct group. This is not a
9959 problem for gr_passwd or gr_name as they are simple strings.
9963 Fix a typo/thinko in one of the calls to
9964 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
9967 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
9969 * config.h.in, configure, configure.in, ldap.c:
9970 include <mps/ldap_ssl.h> in ldap.c if available
9973 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
9976 Make sure we define SIZE_MAX for yacc's skeleton.c
9980 Use TCSAFLUSH when restoring terminal settings (and echo) to
9981 guarantee that any pending output is discarded
9984 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
9987 no longer need to specify SETENV when user has sudo ALL
9991 sync user_args size calculation with sudo.c Add -g group option,
9992 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
9997 Make set_runaspw static void
10000 * testsudoers.c, visudo.c:
10001 g/c set_runaspw stub
10004 * configure, configure.in:
10005 Don't add -llber twice.
10008 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
10014 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
10020 * configure, configure.in:
10021 Fix check that determines whether -llber is required.
10024 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
10025 For netscape-based LDAP, use ldapssl_set_strength() to implement the
10026 checkpeer ldap.conf option.
10030 Delay krb5_cc_initialize() until we actually need to use the cred
10031 cache, which is what krb5_verify_user() does. Better cleanup on
10035 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
10038 Rewrite verify_krb_v5_tgt() based on what heimdal's
10039 krb5_verify_user() does.
10042 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
10045 The U suffix on constants is an ANSI feature
10048 * configure, configure.in:
10049 Add check for ber_set_option() in -llber
10052 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
10055 default if no nsswitch.conf is files only
10058 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
10061 don't tell people to mail aaron about LDAP stuff
10065 timelimit and bind_timelimit
10073 Move ldap.secret reading into a separate function.
10077 user_runas -> runas_pw
10080 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
10086 * check.c, sudo.pod, sudoers.pod:
10087 Add and document the %p escape in the password prompt. Based on a
10088 patch from Patrick Schoenfeld.
10092 Check strlcpy() return values.
10096 refactor ldap binding code into sudo_ldap_bind_s()
10100 Make it clear that host and uri can take multiple parameters. URI is
10101 now supported for more than just openldap nsswitch.conf does't
10106 comment cleanup and update (c) year
10109 * parse.c, sudo_nss.c:
10110 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
10111 This should make it possible to build an LDAP-only sudo binary.
10114 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
10115 Improve chaining of multiple sudoers sources by passing in the
10116 previous return value to the next in the chain
10120 Free up parser data structures in sudo_file_close().
10124 Free up parser data structures in sudo_file_close().
10128 Parse uri ourself if no ldap_initialize() is present Use
10129 ldap_create() instead of deprecated ldap_init() Use
10130 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
10133 * config.h.in, configure, configure.in:
10134 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
10138 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
10140 * config.h.in, configure, configure.in:
10141 add check for ldap_create
10144 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
10146 * config.h.in, configure, configure.in, ldap.c:
10147 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
10148 dn using the mechanism appropriate for the LDAP SDK in use. Use
10149 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
10150 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
10157 * config.h.in, configure.in:
10158 fix typo in mtim_getnsec
10161 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
10163 * config.h.in, configure, configure.in:
10164 add check for st__tim in struct stat as used by SCO
10168 use ldap_search_ext_s instead of deprecated ldap_search_s
10171 * Makefile.in, TODO, sudo.cat, sudo.man.in:
10172 add sudo_nss.h to HDRS
10176 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
10180 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
10183 Use ldap_get_values_len()/ldap_value_free_len() instead of the
10184 deprecated ldap_get_values()/ldap_value_free().
10195 * gettime.c, sudo.c:
10196 Remove some already fixed XXXs
10200 Same return value as non-existent sudoers if LDAP was unable to
10205 mention /etc/environment
10208 * README.LDAP, UPGRADE, WHATSNEW:
10209 Update to reflect recent developments.
10213 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
10217 When building up a query don't list groups in the aux group vector
10218 that are the same as the passwd file group. On most systems the
10219 first gid in the group vector is the same as the passwd entry gid.
10223 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
10224 ldaprc and system defaults that could affect how LDAP works.
10227 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
10228 sudo_nss.c, sudo_nss.h:
10229 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
10230 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
10231 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
10232 file and --with-ldap-secret-file
10236 Honor def_ignore_local_sudoers
10239 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
10242 no longer need to check def_ignore_local_sudoers here
10246 Refactor group vector resetting into a function and also call it
10247 from display_cmnd. Stop after the first sucessful match in
10248 display_cmnd. Print a newline between each display_privs method.
10252 fix double free introduced in rev 1.218
10256 belt and suspenders; zero out result after freeing it
10259 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
10260 Refactor line reading into a separate function, sudo_parseln(),
10261 which removes comments, leading/trailing whitespace and newlines.
10262 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
10266 Make the inability to read the sudoers file a non-fatal error if
10267 there are other sudoers sources available. sudoers_file_lookup now
10268 returns "not OK" if sudoers was not present
10272 make it clear that the global options are from LDAP
10276 allocate proper amount of space for error string
10279 * sudo_nss.c, sudo_nss.h:
10280 actual sudo nss code
10283 * ldap.c, parse.c, sudo.c, sudo.h:
10284 nss-ify display_privs and display_cmnd.
10287 * defaults.c, parse.c, testsudoers.c, visudo.c:
10288 move update_defaults() to parse.c
10291 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
10292 Use nsswitch to hide some sudoers vs. ldap implementation details
10293 and reduce the number of #ifdef LDAP TODO: fix display routines and
10297 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
10299 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
10300 First cut at nsswitch.conf support. Further reorganizaton and
10301 related changes are forthcoming.
10304 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
10306 * env.c, pathnames.h.in, sudo.c, sudo.h:
10307 Add support for reading and /etc/environment file. Still needs to
10308 be documented and should probably only applies to OSes that have it
10309 (AIX and Linux, maybe others).
10316 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
10322 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
10329 Add an example sudoRole, clarify netscape vs. openldap a bit more
10333 Be clear on what is OpenLDAP vs. Netscape-derived
10336 * config.h.in, configure, configure.in, ldap.c:
10337 Use ldapssl_init() for ldaps support instead of trying to do it
10338 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
10339 and tls_key for cert7.db and key3.db respectively. Don't print
10340 debugging info for options that are not set. Add warning if
10341 start_tls specified when not supported.
10345 fix compilation on solaris
10349 add missing .h and .c files for missing lib objs
10352 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
10355 fix LDAP_OPT_NETWORK_TIMEOUT setting
10359 fix compilation on Solaris
10362 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
10364 * configure, configure.in:
10369 try to clear up which variables are for OpenLDAP and which are for
10370 netscape-derived SDKs
10373 * config.h.in, configure, configure.in, ldap.c:
10374 Add support for "ssl on" in both netscape and openldap flavors. Only
10375 the OpenLDAP flavor has been tested.
10378 * logging.c, sudo.c, sudo.h:
10379 Call cleanup() before exit in log_error() instead of calling
10380 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
10387 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
10389 * logging.c, sudo.c, sudo.h:
10390 Better ldap cleanup.
10394 Distinguish between LDAP conf settings that are connection-specific
10395 (which take an ld pointer) and those that are default settings
10399 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
10402 Improved warnings on error.
10406 Make ldap config table driven and set the config *after* we open the
10410 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
10413 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
10416 * configure, configure.in:
10417 some operating systems need to link with -lkrb5support when using
10421 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
10427 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
10431 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
10437 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
10438 add -g support for LDAP
10441 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
10443 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
10444 The -i and -s flags can now take an optional command.
10447 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
10449 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
10451 Add passprompt_override flag to sudoers that will cause the prompt
10452 to be overridden in all cases. This flag is also set when the user
10453 specifies the -p flag.
10457 Move setting of login class until after sudoers has been parsed. Set
10458 NewArgv[0] for -i after runas_pw has been set.
10461 * configure, configure.in:
10462 Move the dgettext check.
10465 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
10467 * auth/pam.c, config.h.in, configure, configure.in:
10468 Add basic support for looking up the string "Password: " in the PAM
10469 localized text db. This allows us to determine whether the PAM
10470 prompt is the default "Password: " one even if it has been
10473 TODO: concatenate non-std PAM prompts and user-specified sudo
10477 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
10479 * Makefile.in, config.h.in, configure, configure.in, parse.c,
10480 set_perms.c, sudo.c, sudo.h:
10481 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
10485 * acsite.m4, configure, interfaces.c, memrchr.c:
10486 Fix typos; Martynas Venckus
10489 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
10492 Don't assume runas_pw is set; it may not be in the -g case.
10495 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
10497 * logging.c, set_perms.c:
10498 Set aux group vector for PERM_RUNAS and restore group vector for
10499 PERM_ROOT if we previously changed it. Stash the runas group vector
10500 so we don't have to call initgroups more than once. Also add no-op
10501 check to check_perms.
10504 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
10506 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
10507 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
10508 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
10509 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
10510 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
10511 Add support for runas groups. This allows the user to run a command
10512 with a different effective group. If the -g option is specified
10513 without -u the command will be run as the current user (only the
10514 group will change). the -g and -u options may be used together.
10515 TODO: implement runas group for ldap improve runas group
10516 documentation add testsudoers support
10519 * configure, configure.in:
10520 fix setting of mandir
10523 * sudo.pod, sudoers.pod:
10524 document that ALL implies SETENV
10528 s/setenv_ok/setenv_implied/g
10532 hostname_matches() returns TRUE on match in sudo 1.7.
10536 use strcmp, not strcasecmp when comparing ALL
10540 Make sudo ALL imply setenv. Note that unlike with file-based
10541 sudoers this does affect all the commands in the sudoRole.
10544 * gram.c, gram.y, parse.c, parse.h:
10545 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
10546 it is not passed on to other commands in the list.
10550 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
10551 sudo_getpwuid() instead of getpwuid().
10554 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
10557 Expand on the dangers of not using visudo to edit sudoers.
10560 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
10563 Don't quote *?[]! on output since the lexer does not strip off the
10564 backslash when reading those in.
10567 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
10570 expand "u_foo" types to "unsigned foo" to avoid compatibility
10574 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
10577 Refactor log line generation in to new_logline().
10580 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
10586 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
10588 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
10590 Add configure check for struct in6_addr instead of relying on
10591 AF_INET6 since some systems define AF_INET6 but do not include IPv6
10595 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
10597 * configure, configure.in:
10598 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
10602 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
10604 * configure, configure.in:
10605 POSIX states that struct timespec be declared in time.h so check
10606 there regardless of the value of TIME_WITH_SYS_TIME.
10609 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
10612 Instead of defining a macro to call the appropriate method for
10613 turning on/off echo, just define tc[gs]etattr() and the related
10614 defines that use the correct terminal ioctls if needed. Also go back
10615 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
10618 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
10628 * INSTALL, auth/pam.c, config.h.in, configure.in:
10629 Add --disable-pam-session configure option to disable calling
10630 pam_{open,close}_session. May work around bugs in some PAM
10634 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
10641 Avoid printing the prompt if we are already backgrounded. E.g. if
10642 the user runs "sudo foo &" from the shell. In this case, the call
10643 to tcsetattr() will cause SIGTTOU to be delivered.
10646 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
10648 * def_data.c, def_data.h, def_data.in:
10649 Reorder things such that the definition of env_reset come right
10650 before the env variable lists.
10654 Shrink type and seqno in struct alias from int to u_short
10657 * alias.c, match.c, parse.c, parse.h:
10658 Add a sequence number in the aliases for loop detection. If we find
10659 an alias with the seqno already set to the current (global) value we
10660 know we've visited it before so ignore it.
10663 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10665 * TODO, auth/pam.c, sudo.c, sudo.h:
10666 PAM wants the full tty path so add user_ttypath which holds the full
10667 path to the tty or is NULL if no tty was present.
10671 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
10675 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
10681 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
10682 parse.h, testsudoers.c, visudo.c:
10686 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
10689 remove some useless casts
10693 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
10694 predates the final C99 spec and the standard specifies that it shall
10695 include stdint.h anyway
10698 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10700 * Makefile.in, alloca.c, configure.in:
10701 Since we ship with a pre-generated parser there is no need to ship a
10702 bogus alloca implementation.
10710 remove initial setting of CHECKSIA, we require that it be unset if
10723 only do SIA checks on Digital Unix
10726 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
10728 * sudoers.cat, sudoers.man.in:
10737 Remove call to krb5_cc_register() as it is not needed for modern
10745 * aclocal.m4, configure.in:
10746 New method for setting the default authentication type and avoiding
10747 conflicts in auth types.
10750 * match.c, parse.c, testsudoers.c:
10751 Each entry in a cmndlist now has an associated runaslist so no need
10752 to keep track of the most recent non-NULL one.
10755 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
10758 back out partial ldaps support mistakenly committed
10762 Add support for unix groups and netgroups in sudoRunas
10765 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
10768 Fix sudoedit of a non-existent file. From Tilo Stritzky.
10771 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
10778 update --passprompt escape info
10782 remove now-bogus comment and update copyright date
10786 Fix up use of with_passwd
10789 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
10790 Update to autoconf-2.61 andf libtool-1.5.24
10794 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
10797 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
10804 move tags and runaslist propagation to be earlier
10808 If -f flag given use the permissions of the original file as a
10813 prevent a double free() when re-initing the parser
10816 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
10822 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
10823 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
10824 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
10825 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
10826 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
10827 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
10828 Remove support for compilers that don't support void *
10835 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
10836 parse.c, parse.h, testsudoers.c, visudo.c:
10837 Move list manipulation macros to list.h and create C versions of the
10838 more complex ones in list.c. The names have been down-cased so they
10839 appear more like normal functions.
10843 Fix cmp command when regenerating parser. Make gram.o the first
10844 dependency for all programs so gram.h will be generated before
10845 anything that needs it.
10849 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
10852 * match.c, parse.c, testsudoers.c:
10853 Use LH_FOREACH_REV when checking permission and short-circuit on the
10854 first non-UNSPEC hit we get for the command. This means that
10855 instead of cycling through the all the parsed sudoers entries we
10856 start at the end and work backwards and quit after the first
10857 positive or negative match.
10864 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
10865 Change list head macros to take a pointer, not a struct.
10873 Propagate the runasspec from one command to the next in a cmndspec.
10876 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
10879 Replace has_meta() with a macro that calls strpbrk().
10885 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
10886 testsudoers.c, visudo.c:
10887 Use a list head struct when storing the semi-circular lists and
10888 convert to tail queues in the process. This will allow us to
10889 reverse foreach loops more easily and it makes it clearer which
10890 functions expect a list as opposed to a single member.
10892 Add macros for manipulating lists. Some of these should become
10895 When freeing up a list, just pop off the last item in the queue
10896 instead of going from head to tail. This is simpler since we don't
10897 have to stash a pointer to the next member, we always just use the
10898 last one in the queue until the queue is empty.
10900 Rename match functions that take a list to have list in the name.
10901 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
10905 Fix pasto, append "!" not negated (which is an int) for sudo -l
10910 Remove the dependency of gram .h on gram.y, the .c dependency is
10911 enough. Only move y.tab.h to gram.h if it is different; avoids
10912 needless rebuilding.
10915 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
10918 Defaults lines may be associated with lists of users, hosts,
10919 commands and runas users, not just single entries.
10922 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
10925 Revert the "cmp" portion of the last diff, it doesn't make sense.
10929 Remove *.lo for clean: When generating the parser, only move the
10930 generated files into place if they differ from the existing ones.
10933 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
10936 Replace IPV6 regexp with a much simpler (readable) one and add an
10937 extra check when it matches to make sure we have a valid address.
10941 Fix thinko introduced when merging IPV6 support.
10944 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
10946 * HISTORY, LICENSE:
10955 mention #uid vs. comment pitfall
10959 Merge in a patch from the libtool cvs that fixes a problem with the
10960 latest autoconf. From Stepan Kasal.
10964 Back out he XOR swap trick, it is slower than a temp variable on
10973 Convert the tail queue to a semi-circle queue and use the XOR swap
10974 trick to swap the prev pointers during append.
10977 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
10980 remove useless statement
10984 Refactor #include parsing into a separate function and return
10985 unparsed chars (such as newline or comment) back to the lexer.
10988 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
10991 mention better uid support
10995 Users may now consist of a uid.
10998 * gram.c, gram.h, toke.c:
11003 Use lbuf_append_quoted() for sudo -l output to quote characters that
11004 would require quoting in sudoers.
11008 Add lbuf_append_quoted() which takes a set of characters which
11009 should be quoted with a backslash when displayed.
11013 Require that the first character after a comment not be a digit or a
11014 dash. This allows us to remove the GOTRUNAS state and treat
11015 uid/gids similar to other words. It also means that we can now
11016 specify uids in User_Lists and a User_Spec may now contain a uid.
11020 Replace RUNAS token with '(' and ')' tokens to make the runas
11021 portion of the grammar more natural.
11025 The BUGS file is history
11028 * Makefile.in, README:
11029 The BUGS file is history
11032 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
11035 Allow comments after a RunasAlias as long as the character after the
11036 pound sign isn't a digit or a dash.
11040 Glob support was back-ported to 1.6.9
11043 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
11046 remove sudo_usage.h in distclean
11050 If a Defaults value contains a blank, double-quote the string.
11054 Properly deal with Defaults double-quoted strings that span multiple
11055 lines using the line continuation char. Previously, the entire
11056 thing, including the continuation char, newline, and spaces was
11061 Be consistent when using single quotes and backticks.
11064 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
11066 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
11067 sudo.c, sudo_usage.h.in:
11068 Add new linebuf code to do appends of dynamically allocated strings
11069 and word-wrapped output. Currently used for sudo's usage() and sudo
11070 -l output. Sudo usage strings are now in sudo_usage.h which is
11071 generated at configure time.
11074 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
11076 * parse.c, sudo.c, sudo.h:
11077 Fix line wrapping in usage() and use the actual tty width instead of
11081 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11088 Mentioned Chris Jepeway's parser and also the new one that is in
11092 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
11094 * sudo.pod, visudo.pod:
11095 For the options list, add flag args where appropriate and increase
11096 the indent level so there is room for them.
11099 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
11102 Fix some spacing in "sudo -l" and add a comment about some bogosity
11103 in the line wrapping.
11106 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11111 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
11112 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
11113 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
11114 testsudoers.c, toke.c, toke.l:
11115 Remove monitor support until there is a versino of systrace that
11116 uses a lookaside buffer (or we have a better mechanism to use).
11119 * config.h.in, configure, configure.in, sudo.c:
11120 use getaddrinfo() instead of gethostbyname() if it is available
11123 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
11126 Deal with OSes where sizeof(gid_t) < sizeof(int).
11130 repair non-getifaddrs() code after ipv6 integration
11134 If we can open sudoers but fail to read the first byte, close the
11135 file stream before trying again.
11138 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
11144 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
11145 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
11148 * sudo.pod, sudoers.pod, visudo.pod:
11149 Add some missing markup Update copyright
11152 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
11154 * configure, configure.in:
11155 fix sudo_noexec extension which got broken in the libtool update
11158 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
11161 explicitly specify -Tascii to nroff
11164 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
11167 remove an ANSI-ism that crept in
11170 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
11173 Adjust list indents Prevent -- from being turned into an em dash Use
11174 a list for the environment instead of a literal paragraph
11178 Use a list for the environment instead of an indented literal
11183 Adjust list indentation
11190 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
11193 mention that when specifying a uid for the -u option the shell may
11194 require that the # be escaped
11197 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
11200 Fix off by one in group matching.
11203 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
11206 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
11209 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
11211 * configure, configure.in:
11212 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
11213 -lgssapi_krb5 case.
11216 * aclocal.m4, configure, configure.in:
11217 Fix link tests such that new gcc doesn't optimize away the test.
11220 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
11222 * sudo.pod, sudoers.pod, visudo.pod:
11223 add missing over/back
11226 * sudo.pod, sudoers.pod, visudo.pod:
11227 Change FILES section to use =item
11231 Add back allocation of the env struct in rebuild_env but save a copy
11232 of the old pointer and free it before returning.
11236 Don't init the private environment in rebuild_env() since it may
11237 have already been done implicitly sudo_setenv/sudo_unsetenv.
11239 Multiply length by sizeof(char *) in memcpy/memmove when copying the
11240 environment so we copy the full thing.
11242 Add missing set of parens so we deref the right pointer in
11243 sudo_unsetenv when searching for a matching variable.
11246 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
11248 * sudo.pod, sudoers.pod, visudo.pod:
11249 Use file markup for paths in the FILES section
11252 * sudo.pod, sudoers.pod, visudo.pod:
11253 Don't capitalize sudo/visudo
11257 Sort sudoers options; based on a diff from Igor Sobrado.
11260 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
11262 * sudo.pod, sudoers.pod, visudo.pod:
11263 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
11264 latter confuses pod2man. The Makefile rules for the .man.in file
11265 will add @mansectsu@ and @mansectform@ back in after pod2man is done
11269 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
11271 * LICENSE, Makefile.in, license.pod:
11272 Move license info to pod format
11275 * configure, configure.in, sudoers.pod:
11276 Substitute value of path_info into sudoers man page.
11280 remove features that were back-ported to 1.6.9
11283 * sudo.c, sudo.pod, visudo.c, visudo.pod:
11284 Sort SYNOPSIS and sync usage. From Igor Sobrado.
11288 Only need sudo_setenv/sudo_unsetenv if we are going to use
11289 ldap_sasl_interactive_bind_s() but don't have
11290 gss_krb5_ccache_name().
11294 rebuild without branch info
11298 Add ChangeLog target
11302 Run cleanup code if the user hits ^C at the password prompt.
11306 Some versions of pam_lastlog have a bug that will cause a crash if
11307 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
11311 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
11314 ChageLog not Changelog
11322 CHANGE -> Changelog
11329 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
11331 * config.h.in, configure, configure.in, ldap.c:
11332 Add configure hooks for gss_krb5_ccache_name() and the gssapi
11336 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
11339 rebuild_env() and insert_env_vars() no longer return environment
11340 pointer, they set environ directly.
11342 No longer need to pass around an envp pointer since we just operate
11345 Add dosync argument to insert_env() that indicates whether it should
11346 reset environ when realloc()ing env.envp.
11348 Use an initial size of 128 for the environment.
11352 Split sudo_setenv() into an external version and a version only for
11353 use by rebuild_env().
11356 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
11359 Add support for using gss_krb5_ccache_name() instead of setting
11360 KRB5CCNAME. Also use sudo_unsetenv() in the non-
11361 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
11362 original environment. TODO: configure setup for
11363 gss_krb5_ccache_name()
11370 * README.LDAP, ldap.c:
11371 Add support for sasl_secprops in ldap.conf
11375 Add sudo_unsetenv() and refactor private env syncing code into
11379 * README.LDAP, ldap.c:
11380 The ldap.conf variable is sasl_auth_id not sasl_authid.
11383 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
11385 * ldap.c, sudo.c, sudo.h:
11386 Add support for krb5_ccname in ldap.conf. If specified, it will
11387 override the default value of KRB5CCNAME in the environment for the
11388 duration of the call to ldap_sasl_interactive_bind_s().
11392 Remove format_env() Add sudo_setenv() to replace most format_env() +
11393 insert_env() combinations. insert_env() no longer takes a struct
11398 Fix use_sasl vs. rootuse_sasl logic.
11401 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
11402 Add support for SASL auth when connecting to an LDAP server. Adapted
11403 from a diff by Tom McLaughlin.
11406 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
11408 * configure, configure.in:
11409 Only enable AIX or BSD auth if no other exclusive auth method has
11410 been chosen. Allows people to e.g., use PAM on AIX without adding
11411 --without-aixauth. A better solution is needed to deal with default
11412 authentication since if a non-exclusive method is chosen we will
11413 still get an error.
11416 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
11418 * HISTORY, Makefile.in, history.pod:
11419 Generate HISTORY from history.pod (which is also used for web pages)
11422 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
11424 * sudo.man.in, sudoers.man.in:
11429 Better explanation of environment handling in the sudo man page.
11433 Defer setting user-specified env vars until after authentication.
11437 honor def_default_path for PATH set on the command line
11440 * env.c, sudo.c, sudo.pod, sudoers.pod:
11441 Allow user to set environment variables on the command line as long
11442 as they are allowed by env_keep and env_check. Ie: apply the same
11443 restrictions as normal environment variables. TODO: deal with
11447 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
11449 * sudo.c, sudo_edit.c:
11450 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
11451 Don't allow -E or env var setting in sudoedit mode. More accurate
11452 usage() when called as sudoedit.
11460 add -c option to sudoedit synopsis
11468 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
11469 value from {user,host,runas,cmnd}_matches(). Rename *matches
11470 variables -> *match. Purely cosmetic.
11474 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
11482 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
11485 Make pwcheck local to the pwflag block. Use pwcheck even if user
11486 didn't match since Defaults options may still apply.
11490 Do not update timestamp if user not validated by sudoers.
11494 for PERM_RUNAS, set the egid to the runas user's gid and restore to
11495 the user's original in PERM_ROOT
11498 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
11499 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
11504 don't check timestamp mtime if we are just going to remove it
11508 Move sudoers defaults parameters into their own section.
11512 Reduce a level of indent by a few placed continue statements.
11516 Make matching but negated commands/hosts/runas entries override a
11517 previous match as expected. Also reduce some levels of indent by a
11518 few placed continue statements.
11521 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
11524 Print default runas in "sudo -l" if sudoers don't specify one.
11528 Less hacky way of testing whether the domain was set.
11531 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
11534 Mention pam-devel and openldap-devel for Linux
11537 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
11543 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
11546 fix typo in Solaris project support
11554 Make -- on the command line match the manual page. The implied shell
11555 case has been simplified as a result.
11558 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
11561 add simplistic support for sudoRunas; note that if a sudoers entry
11562 contains multiple Runas users, all will apply to the sudoRole
11566 honor SETENV and NOSETENV tags
11569 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
11572 Redo setting of user_args. We now build up a private copy of argv
11573 first and then replace the NULs?with spaces.
11577 getcwd() returns NULL on failure, not 0 on success
11581 allow chunksiz to reach 1 before erroring out
11584 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11589 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
11591 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
11592 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
11594 Add support for setting environment variables on the command line.
11595 This is only allowed if the setenv sudoers options is enabled or if
11596 the command is prefixed with the SETENV tag.
11600 replace Aaron's email address with the sudo-workers list
11607 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
11609 * schema.OpenLDAP, schema.iPlanet:
11610 Break schema out into separate files.
11613 * Makefile.in, README.LDAP:
11614 Break schema out into separate files.
11617 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
11620 free message if set by authenticate()
11624 deal with NULL gr_mem
11627 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
11634 add template for HAVE_PROJECT_H
11641 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
11644 mention --with-project
11647 * config.h.in, configure.in, sudo.c:
11648 Add Solaris 10 "project" support. From Michael Brantley.
11660 Fix preservation of LDFLAGS in the LDAP case.
11664 Remove dependecy on NULL
11671 * aclocal.m4, configure.in:
11672 Can't use the regular autoconf fnmatch() check since we need
11673 FNM_CASEFOLD so go back to our custom one.
11677 Fix preserving of variables in env_keep.
11685 expand upon env resetting and mention that it began in 1.6.9 not
11690 Update descriptions of env_keep and env_check to match current
11694 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
11697 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
11698 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
11701 * env.c, logging.c:
11702 Treat USERNAME environemnt variable like LOGNAME/USER
11706 Don't need to populate keepenv table with the contents of the
11711 Don't force sudo into the C locale.
11715 Make env_check apply when env_reset it true. Environment variables
11716 are passed through unless they contain '/' or '%'. There is no need
11717 to have a variable in both env_check and env_keep.
11720 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
11723 Remove an duplicate lock_file() call and add a comment.
11727 Add sudo 1.6.9 upgrade note.
11730 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
11733 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
11734 small. From Klaus Wagner.
11737 * logging.c, sudo.h:
11738 Redo the long syslog line splitting based on a patch from Eygene
11739 Ryabinkin. Include memrchr() for systems without it.
11743 Redo the long syslog line splitting based on a patch from Eygene
11744 Ryabinkin. Include memrchr() for systems without it.
11747 * Makefile.in, config.h.in, configure, configure.in:
11748 Redo the long syslog line splitting based on a patch from Eygene
11749 Ryabinkin. Include memrchr() for systems without it.
11753 Since we need to be able to convert timespec to timeval for utimes()
11754 the last 3 digits in the tv_nsec are not significant. This makes the
11755 sudoedit file date comparison work again.
11758 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
11760 * aclocal.m4, configure, configure.in:
11761 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
11762 This deals with exclusive authentication methods in a simple way.
11765 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
11768 mkstemp.c is BSD code too.
11771 * sudo.pod, sudoers.pod, visudo.pod:
11772 No commercial support for now.
11775 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
11778 cleanenv() is no more.
11781 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
11784 Display branch info in Changelog
11788 Include config.h early so we have it for TIME_WITH_SYS_TIME
11792 Fix Changelog generation and update.
11795 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11798 Use /proc/self/fd instead of /proc/$$/fd
11800 Move old-style fd closing into closefrom_fallback() and call that if
11801 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
11804 * auth/kerb5.c, config.h.in, configure.in:
11805 o use krb5_verify_user() if available instead of doing it by hand o
11806 use krb5_init_secure_context() if we have it o pass an encryption
11807 type of 0 to krb5_kt_read_service_key() instead of
11808 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
11812 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
11816 Fix closefrom() substitution in the Makefile
11820 Mention alternate sudo pronunciation.
11823 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
11826 Remove KRB5_KTNAME from environment. Allow COLORTERM.
11830 If we cannot get a valid service key using the default keytab it is
11831 a fatal error. Fixes a bug where sudo could be tricked into
11832 allowing access when it should not by a fake KDC. From Thor Lancelot
11836 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
11838 * aclocal.m4, configure, configure.in:
11839 Update long long checks to use AC_CHECK_TYPES and to cache values.
11842 * aclocal.m4, configure.in:
11843 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
11844 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
11848 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
11850 * configure, configure.in:
11851 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
11852 need it for visudo now too.
11855 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
11858 Attempt to clarify the bit talking about network numbers w/o
11863 Clarify timestamp dir ownership sentence.
11866 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
11869 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
11873 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11876 -i is also one of the mutually exclusive options to list it in the
11877 warning message. Noted by Chris Pepper.
11880 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
11883 The sudoers variable is env_editor, not enveditor. From Jean-
11887 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
11890 I tracked down the original author so credit him and include his
11894 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
11896 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
11898 Fix typos; from Jason McIntyre.
11902 Restore signal mask before calling reapchild(). Fixes a possible
11903 race condition that could prevent sudo from properly waiting for the
11907 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
11910 Don't declare pw_free() if we are not going to use it.
11914 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
11915 LDR_PRELOAD64. The 64-bit version is not currently supported.
11916 Remove zero_env() prototype as it no longer exists.
11919 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
11922 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
11925 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
11928 If the user enters ^C at the password prompt, abort instead of
11929 trying to authenticate with an empty password (which causes an
11933 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11935 * closefrom.c, config.h.in, configure, configure.in:
11936 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
11941 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
11944 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
11946 * config.guess, config.sub:
11947 Update to latest versions from cvs.savannah.gnu.org
11950 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
11952 * pwutil.c, sudo_edit.c:
11953 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
11954 we can close the passwd/group files early.
11957 * config.h.in, configure, configure.in, set_perms.c:
11958 Add seteuid() flavor of set_perms() for systems without setreuid()
11959 or setresuid() that have a working seteuid(). Tested on Darwin.
11962 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
11965 systrace_read() returns ssize_t
11968 * configure, configure.in:
11969 Fix typo, -lldap vs. -ldap; from Tim Knox.
11972 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
11975 Fix typo; Matt Ackeret
11978 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
11981 Print sudoers path in -V mode for root.
11984 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
11987 Do a sub tree search instead of a base search (one level in the tree
11988 only) for sudo right objects. This allows system administrators to
11989 categorize the rights in a tree to make them easier to manage.
11992 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
11998 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
12001 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
12002 bind_timelimit support; adapted from gentoo.
12005 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
12008 Support comments that start in the middle of a line
12011 * configure, configure.in:
12012 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
12015 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12018 Silence gcc -Wsign-compare; djm@openbsd.org
12021 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12022 cleanup() now takes an int as an arg so it can be used as a signal
12027 Make a copy of the shell field in the passwd struct for NewArgv to
12028 avoid a use after free situation after sudo_endpwent() is called.
12031 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
12033 * config.h.in, configure, configure.in:
12034 Add mkstemp() for those poor souls without it.
12038 Add mkstemp() for those poor souls without it.
12042 Add mkstemp() for those poor souls without it.
12045 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
12048 Add PERL5DB to list of environment variables to remove.
12051 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
12053 * mon_systrace.c, mon_systrace.h:
12054 Instead of calling the check function twice with a state cookie use
12055 separate check/log functions.
12057 Check more ioctl() calls for failure.
12059 systrace_{read,write} now return the number of bytes read/written or
12064 Add more environment variables to remove; from gentoo linux Add some
12065 comments about what bad env variables go to what (more to do)
12068 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
12070 * sudo.c, sudo_edit.c:
12071 Move sudo_end{gr,pw}ent() until just before the exec since they free
12072 up our cached copy of the passwd structs, including sudo_user and
12073 sudo_runas. Fixes a use-after-free bug.
12077 Close all fd's before executing editor.
12081 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
12085 Fix fd leak when lecture file option is enabled. From Jerry Brown
12088 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
12091 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
12092 environment variables to remove. From Charles Morris
12095 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
12098 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
12101 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
12104 add PS4 and SHELLOPTS to initial_badenv_table for bash
12107 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
12110 Fix typo; Toby Peterson
12113 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
12116 Make return buffers static so they don't get clobbered
12119 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
12122 Fix securid5 authentication, was not checking for ACM_OK. Also add
12123 default cases for the two switch()es. Problem noted by ccon at
12127 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
12130 Remove ncat() in favor of just counting bytes and pre-allocating
12134 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
12137 Fix up some comments Add missing fclose() for the rootbinddn case
12141 align struct ldap_config
12145 use LINE_MAX for max conf file line size
12149 add _PATH_LDAP_SECRET
12153 Mention rootbinddn Give example ou=SUDOers container
12156 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
12158 * INSTALL, configure, configure.in, ldap.c:
12159 Support rootbinddn in ldap.conf
12162 * env.c, sudo.pod, sudoers.pod:
12163 Preserve DISPLAY environment variable by default.
12166 * acsite.m4, configure:
12167 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
12170 * acsite.m4, configure:
12171 set need_version=no for all cases; this is safe for LD_PRELOAD
12178 * configure, configure.in:
12183 Fix call to pam_end() when pam_open_session() fails.
12191 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
12192 ltsugar.m4 ltversion.m4
12195 * config.guess, config.sub, ltmain.sh:
12196 merge in local changes: config.guess: o better openbsd support
12197 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
12198 libs must begin with "lib" o don't print a bunch of crap about
12199 library installs o don't run ldconfig
12202 * config.guess, config.sub, ltmain.sh:
12207 Update with autoupdate and make minor changes for libtool 1.9f
12210 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
12213 don't call sudo_ldap_display_cmnd if ldap not setup
12216 * sudo_edit.c, visudo.c:
12217 Move declatation of struct timespec to its own include files for
12218 systems without it since it needs time_t defined.
12222 Move declatation of struct timespec to its own include files for
12223 systems without it since it needs time_t defined.
12227 Move declatation of struct timespec to its own include files for
12228 systems without it since it needs time_t defined.
12232 Move declatation of struct timespec to its own include files for
12233 systems without it since it needs time_t defined.
12236 * check.c, compat.h:
12237 Move declatation of struct timespec to its own include files for
12238 systems without it since it needs time_t defined.
12242 Don't set safe_cmnd for the "sudo ALL" case.
12245 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
12248 Call pam_open_session() and pam_close_session() to give pam_limits a
12249 chance to run. Idea from Karel Zak.
12252 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12255 Add explicit cast from mode_t -> u_int in printf to silence warnings
12260 include grp.h to silence a warning on Solaris
12263 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12266 Fix printing of += and -= defaults.
12269 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
12272 Sanity check number of syscall args with argsize. Not really needed
12273 but a little paranoia never hurts.
12276 * mon_systrace.c, mon_systrace.h:
12277 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
12278 for systrace lengths (since it uses int)
12281 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
12284 Add some memsets for paranoia Fix namespace collsion w/ error Check
12285 rval of decode_args() and update_env() Remove improper setting of
12289 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
12291 * parse.c, sudo.c, sudo.h:
12292 In -l mode, only check local sudoers file if def_ignore_sudoers is
12293 not set and call LDAP versions from display_privs() and
12294 display_cmnd() instead of directly from main(). Because of this we
12295 need to defer closing the ldap connection until after -l processing
12296 has ocurred and we must pass in the ldap pointer to display_privs()
12297 and display_cmnd().
12301 Reorganize LDAP code to better match normal sudoers parsing.
12302 Instead of storing strings for later printing in -l mode we do
12303 another query since the authenticating user and the user being
12304 listed may not be the same (the new -U flag). Also add support for
12307 There is still a fair bit if duplicated code that can probably be
12311 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12314 Replace pass variable with do_netgr for better readability.
12322 estrdup, not strdup
12325 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12328 Add macro to test if the tag changed to improve readability.
12332 Avoid printing defaults header if there are no defaults to print...
12336 Fix a warning on systems without strlcpy().
12340 Use macros where possible for sudo_grdup() like sudo_pwdup().
12343 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
12346 It is possible for tv_usec to hold >= 1000000 usecs so add in
12350 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12353 The component in krb5_principal_get_comp_string() should be 1, not 0
12354 for Heimdal. From Alex Plotnick.
12357 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12359 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
12360 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
12361 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
12362 Add efree() for consistency with emalloc() et al. Allows us to rely
12363 on C89 behavior (free(NULL) is valid) even on K&R.
12367 Move initgroups() for -U option into display_privs() so group
12368 matching in sudoers works correctly.
12371 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12374 Removed duplicate call to ldap_unbind_s introduced along with
12379 Add missing space in Defaults printing
12382 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
12385 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
12389 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
12392 Zero old pw_passwd before replacing with version from shadow file.
12395 * configure, configure.in:
12396 Only attempt shadow password detection if PAM is not being used Add
12397 shadow_* variables to make shadow password detection more generic.
12401 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
12404 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12407 use a non-breaking space to avoid a double space after e.g.
12411 commna, not colon after e.g.
12414 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12417 Add __ variants of the exec functions. GNU libc at least uses
12418 __execve() internally.
12422 Match reality a bit more.
12426 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
12430 Store shadow password after making a local copy of struct passwd in
12431 case normal and shadow routines use the same internal buffer in
12435 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
12437 * alloc.c, logging.c:
12438 Make varargs usage consistent with the rest of the code.
12441 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
12444 Wrap more of the exec family since on Linux the others do not appear
12445 to go through the normal execve() path.
12449 make print_unused static like proto says
12453 silence a warning on K&R systems
12456 * alias.c, error.c:
12457 make this build in K&R land
12461 make this build in K&R land
12464 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
12470 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
12473 return(foo) not return foo optimize _atobool() slightly
12481 Reformat to match the rest of sudo's code.
12485 I am the primary author
12488 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12490 * Makefile.in, README, RUNSON:
12491 The RUNSON file is toast--it confused too many people and really
12492 isn't needed in a configure-oriented world.
12496 alternate -> alternative
12500 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
12505 Allow leading blanks before Defaults and Foo_Alias definitions
12509 fix rules to build toke.o and gram.o in devel mode
12512 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12515 env_keep overrides set_logname
12519 Fix disabling set_logname and make env_keep override set_logname.
12522 * compat.h, config.h.in, configure, configure.in:
12523 No longer need memmove()
12527 Just clean the environment once. This assumes that any further
12528 setenv/putenv will be able to handle the fact that we replaced
12529 environ with our own malloc'd copy but all the implementations I've
12533 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
12536 In -i mode, base the value of insert_env()'s dupcheck flag on
12537 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
12540 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
12543 Move setting of user_path, user_shell, user_prompt and prev_user
12544 into init_vars() since user_shell at least is needed there.
12547 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
12554 Fix some printf format mismatches on error.
12558 Fix some printf format mismatches on error.
12561 * configure, gram.c, toke.c:
12565 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
12566 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
12567 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12568 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
12569 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
12570 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
12571 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
12572 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
12573 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
12574 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
12575 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
12576 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
12577 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
12578 visudo.pod, zero_bytes.c:
12579 Update copyright years.
12582 * Makefile.binary.in:
12583 Update copyright years.
12587 Update copyright years.
12590 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
12595 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
12598 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
12600 * compat.h, logging.h, sudo.h:
12601 Add __printflike and use it with gcc to warn about printf-like
12605 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12607 * CHANGES, ChangeLog:
12608 Replaced CHANGES file with ChangeLog generated from cvs logs
12612 Use warning/error instead of perror/fatal.
12616 Update OpenBSD section
12620 Add upgrading noted for 1.7
12623 * env.c, sudo.c, sudoers.pod:
12624 Instead of zeroing out the environment, just prune out entries based
12625 on the env_delete and env_check lists. Base building up the new
12626 environment on the current environment and the variables we removed
12630 * config.h.in, configure, configure.in, sudo.c:
12631 Set locale to "C" if locales are supported, just to be safe.
12635 Cast?argument to ctype functions to unsigned char.
12638 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12641 correct value for DID_USER
12644 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
12645 #include <compat.h> not "compat.h"
12649 Reset the environment by default.
12653 Alloc an extra slot in NewArgv. Removes the need to malloc an new
12654 vector if execve() fails.
12657 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
12659 * INSTALL, config.h.in, configure, configure.in, sudo.c:
12660 Use execve(2) and wrap the command in sh if we get ENOEXEC.
12663 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
12666 Only include time.h on systems that lack struct timespec which gets
12667 defind in compat.h (using time_t).
12671 Include time.h for time_t in compat.h for systems w/o struct
12675 * compat.h, config.h.in, configure, configure.in:
12676 use bcopy on systems w/o memmove
12680 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
12685 Add explicit rule to build sudo_noexec.lo
12688 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
12690 * INSTALL.configure, Makefile.in:
12691 No longer depend on VPATH; pointed out a bunch of missed
12696 Help for PAM when account section is missing
12700 Give user a clue when there is a missing "account" section in the
12705 Better error handling.
12708 * config.h.in, configure, configure.in:
12709 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
12710 possible. Silences a warning about isblank() on linux.
12714 Fix typo (missing comma) that caused an incorrect number of args to
12715 be passed to log_error().
12718 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
12721 Don't try to destroy a tree we didn't create.
12724 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12726 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
12727 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
12728 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
12729 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
12730 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
12731 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
12732 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
12733 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
12734 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
12735 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
12736 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
12737 Add __unused to rcsids
12740 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
12742 * configure, configure.in:
12743 Fix error message when mixing invalid auth types
12747 PAM, AIX auth, BSD auth and login_cap are now on by default if the
12751 * auth/sudo_auth.h, config.h.in:
12752 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
12756 Better checking for conflicting authentication methods Display the
12757 authentication methods used at the end of configure Rename --with-
12758 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
12759 --with-pam, --with-logincap by default on systems that support them
12760 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
12761 OSREV has full version number
12764 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
12766 * def_data.c, def_data.in, sudo.c, sudoers.pod:
12770 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
12773 Replace: test -n "$FOO" || FOO="bar"
12775 With: : ${FOO='bar'}
12778 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12780 * pwutil.c, testsudoers.c, tsgetgrpw.c:
12781 Use function pointers to only call private passwd/group routines
12782 when using a nonstandard passwd/group file.
12785 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
12792 Can't use strtok() since it doesn't handle empty fields so add
12793 getpwent()/getgrent() functions and call those.
12796 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
12799 Fix dummied out toke.c and gram.c dependencies.
12803 Rename PARSESRCS -> GENERATED since it is only used in the clean
12804 target Add devdir variable and use it to specify the path to parser
12813 Add a devdir variables that defaults to $(srcdir) and is set to . if
12814 --devel was specified. Allows for proper dependecies building the
12819 Add support for custom passwd/group files.
12823 Build private copy of pwutil.o for testsudoers with MYPW defined so
12824 it uses our own passwd/group routines.
12828 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
12829 stubs instead. We can now just use the caching sudo_*{pw,gr}*
12830 functions in pwutil.c Add comment about wanting to call
12831 sudo_endpwent/sudo_endgrent in cleanup()
12835 Remove caching; we will just use what is in pwutil.c Use global
12836 buffers for passwd/group structs Rename functions from sudo_* to
12840 * logging.c, sudo.c:
12841 g/c pwcache_init/pwcache_destroy
12845 Undo last commit and add sudo_setspent and sudo_endspent instead.
12848 * getspwuid.c, pwutil.c:
12849 Move all but the shadow stuff from getspwuid.c to pwutil.c and
12850 pwcache_get and pwcache_put as they are no longer needed. Also add
12851 preprocessor magic to use private versions of the passwd and group
12852 routines if MYPW is defined (for use by testsudoers).
12856 zero out struct passwd/group before filling it in so if there are
12857 fields we don't handle they end up as 0.
12860 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12865 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
12870 Passwd and group lookup routines for testsudoers that support
12871 alternate passwd and group files.
12874 * getspwuid.c, pwutil.c:
12875 Split off pw/gr cache and dup code into its own file. This allows
12876 visudo and testsudoers to use the pw/gr cache too.
12879 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
12882 Print Defaults info in "sudo -l" output and wrap lines based on the
12886 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
12888 * match.c, testsudoers.c, visudo.c:
12889 Only check group vector in usergr_matches() if we are matching the
12890 invoking or list user. Always check the group members, even if
12891 there was a group vector.
12894 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
12896 * LICENSE, Makefile.in, fnmatch.3:
12897 No longer bundle fnmatch.3
12904 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
12911 Sort command line options
12914 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
12915 sudo.pod, sudoers.pod:
12916 Add closefrom sudoers option to start closing at a point other than
12917 3. Add closefrom_override sudoers option and -C sudo flag to allow
12918 the user to specify a different closefrom starting point.
12922 Add _PATH_DEVNULL for those without it.
12926 no more UCB strcasecmp
12930 replace BSD licensed one with version derived from pdksh
12933 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
12940 Make sure stdin, stdout and stderr are open and dup them to
12944 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
12946 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
12947 add sudo_ldap_close
12950 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
12951 Use TIME_WITH_SYS_TIME
12954 * config.h.in, configure, configure.in:
12955 Add TIME_WITH_SYS_TIME_H
12958 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
12961 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
12962 unconditionally on darwin. From Toby Peterson.
12966 Check rbinsert() return value. In the case of faked up entries
12967 there is usually a negative response cached that we need to
12970 In pwfree() don't try to zero out a NULL pw_passwd pointer.
12974 Use the double fork trick to avoid the monitor process being waited
12975 for by the main program run through sudo.
12978 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
12981 Call initgroups() in -U mode so group matches work normally.
12984 * def_data.h, mkdefaults:
12985 Don't print a trailing comma for the last entry in enum def_tupple
12988 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
12990 * sudoers.cat, sudoers.man.in, sudoers.pod:
12991 Mention values when lecture, listpw and verifypw are used in boolean
12995 * def_data.c, def_data.in:
12996 verifypw when used in a boolean TRUE context should be "all", not
13000 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
13002 * def_data.in, defaults.c:
13003 Allow tuples that can be used as booleans to be used as boolean
13004 TRUE. In this case the 2nd possible value of the tuple is used for
13008 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13010 * configure, configure.in:
13011 Correct the test for 2-parameter timespecsub
13015 Add strub struct definitions for passwd, timeval and timespec
13018 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
13019 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
13020 and fix a typo in the gettimeofday check.
13023 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
13025 * match.c, testsudoers.c:
13026 Deal with user_stat being NULL as it is for visudo and testsudoers.
13029 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
13030 Add -U option to use in conjunction with -l instead of -u. Add
13031 support for "sudo -l command" to test a specific command.
13034 * gram.c, gram.y, sudo.c:
13035 Set safe_cmnd after sudoers_lookup() if it has not been set.
13036 Previously it was set by sudo "ALL" in the parser but at that point
13037 the fully-qualified pathname has not yet been found.
13040 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
13042 * parse.c, testsudoers.c:
13043 Correctly handle multiple privileges per userspec and runas
13047 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
13050 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
13053 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
13056 make per-command defaults work with sudoedit
13059 * ldap.c, parse.c, sudo.c, sudo.h:
13060 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
13061 Instead, we just set the approriate defaults variable.
13064 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
13065 Document per-command Defaults.
13068 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
13069 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
13070 Add support for command-specific Defaults entries. E.g.
13071 Defaults!/usr/bin/vi noexec
13074 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
13075 Change an occurence of user_matches() -> runas_matches() missed
13076 previously runas_matches(), host_matches() and cmnd_matches() only
13077 really need to pass in a list of members. user_matches() still
13078 needs to pass in a passwd struct because of "sudo -l"
13082 Check def_authenticate, def_noexec and def_monitor when setting
13083 return flags. XXX May be better to just set the defaults directly
13084 and get rid of those flags.
13087 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
13088 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
13089 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
13090 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
13091 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
13092 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
13093 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
13094 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
13095 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
13096 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
13097 visudo.c, zero_bytes.c:
13098 Use: #include <config.h> Not: #include "config.h" That way we get
13099 the correct config.h when build dir != src dir
13103 Back out part of rev 1.263; fix -I order
13107 More robust parsing if #include; could be much better still.
13110 * sudo_edit.c, visudo.c:
13111 Make arg splitting in visudo and sudoedit consistent.
13114 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
13115 Split alias routines out into their own file.
13119 __attribute__ is already defined in compat.h
13123 quit() should not be __noreturn__ as it is non-void on some
13127 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
13128 Add local error/warning functions like err/warn but that call an
13129 additional cleanup routine in the error case. This means we no
13130 longer need to compile a special version of alloc.o for visudo.
13134 Clarify comments about the data structures
13137 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
13140 Add support for VISUAL and EDITOR containing command line args. If
13141 env_editor is not set any args in VISUAL and EDITOR are ignored.
13142 Arguments are also now supported in def_editor.
13145 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
13148 alias_matches() is no more
13156 When regenerating the parser, don't replace gram.h unless it has
13161 remove Makefile.binary for distclean
13165 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
13166 sure we can't overflow new_env.
13170 paranoia when stripping trailing slashes from tempdir.
13174 Set user_ngroups to 0 if getgroups() returns an error.
13177 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
13179 * config.h.in, configure, configure.in, sudo.c:
13180 Add configure check for getgroups()
13184 Use supplementary group vector in struct sudo_user.
13188 Only do string comparisons on the group members if there is no
13189 supplemental group list.
13197 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
13198 chop off any trailing slashes we see and add an explicit one.
13202 remove bogus XXX comment
13206 Get rid of alias_matches and correctly fall through to the non-alias
13207 cases when there is no alias with the specified name.
13211 Cache non-existent passwd/group entries too.
13222 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
13223 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
13224 Implement group caching and use the passwd and group caches
13228 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13231 Properly negate the return value of alias_matches() when
13236 Make hostname_matches() return TRUE for a match, else FALSE like the
13241 Add missing dependencies on gram.h
13245 Use runas_matches in alias_matches() now that we have it.
13248 * parse.c, parse.h:
13249 Expand aliases in "sudo -l" mode
13253 Use ALIAS for the member type when storing an alias instead of
13254 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
13255 more generic type. Expand runas_matches instead of calling
13256 user_matches() inside of it since user_matches() looks up
13257 USERALIASes, not RUNASALIASes.
13260 * CHANGES, getspwuid.c:
13261 Paranoia; zero out pw_passwd before freeing passwd entry.
13264 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
13265 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
13266 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
13267 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
13268 Add local error/warning functions like err/warn but that call an
13269 additional cleanup routine in the error case. This means we no
13270 longer need to compile a special version of alloc.o for visudo.
13274 Use userpw_matches() to compare usernames, not strcmp(), since the
13275 latter checks for "#uid".
13278 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
13279 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
13280 the other by user name. The data returned from the cache should be
13281 considered read-only and is destroyed by sudo_endpwent().
13289 missing free in alias_destroy
13293 Can't use rbapply() for rbdestroy since the destructor is passed a
13294 data pointer, not a node pointer.
13297 * getspwuid.c, logging.c, sudo.c, sudo.h:
13298 Create and use private versions of setpwent() and endpwent() that
13299 set/end the shadow password file too.
13302 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
13303 Store aliases in a red-black tree.
13306 * Makefile.in, redblack.c, redblack.h:
13307 red-black tree implementation
13311 Edit all sudoers file if there were unused or undefined aliases and
13312 we are in strict mode.
13315 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
13317 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
13318 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
13319 Bring back the "secure_path" Defaults option now that Defaults take
13320 effect before the path is searched.
13323 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
13325 * logging.c, parse.c:
13326 A user can always list their own entries, even with -u. Better error
13327 message when failing to list another user's entries.
13330 * parse.c, sudo.c, sudo.h:
13331 The syntax to list another user's entries is now "-u otheruser -l".
13332 Only root or users with sudo "ALL" may list other user's entries.
13335 * sudo.cat, sudo.man.in, sudo.pod:
13336 Update env variable info in SECURITY NOTES
13344 strip exported bash functions from the environment.
13347 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
13350 Only reset sudo_user.pw based on SUDO_USER environment variables for
13351 real commands and sudoedit. This avoids a confusing message when a
13352 user tries "sudo -l" or "sudo -v" and is denied.
13355 * gram.c, gram.y, parse.h:
13356 Extend LIST_APPEND to deal with appending lists too
13359 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13362 Convert some bitwise AND to ISSET
13365 * lex.yy.c, toke.c:
13366 toke.c replaces lex.yy.c
13374 new parser fixes most of the outstanding bugs
13382 Rework for the new parser. Now checks for unused aliases in sudoers.
13386 Rewrite for the new parser. Now supports a -d flag (dump) and adds
13387 a -h flag (host). It now defaults to the local hostname unless
13388 otherwise specified.
13392 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
13396 Update for new parse. We now call find_path() *after* we have
13397 updated the global defaults based on sudoers. Also adds support for
13398 listing other user's privs if you are root.
13402 Working LDAP support; also remove a now-unneeded rewind().
13405 * logging.c, logging.h:
13406 Add NO_STDERR flag.
13410 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
13411 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
13412 connecto to LDAP, apply the default options, find the command in the
13413 user's path, and then check whether the user is allowed to run it.
13414 The important thing here is that the default runas user may be
13415 specified as a default option and that needs to be set before we
13416 search for the command.
13420 Add casts to unsigned char for isspace() to quiet a gcc warning.
13424 Add prototype for update_defaults()
13428 Don't warn about line numbers now that we operate on a set of data
13429 structures (or LDAP) and not a file.
13433 No long use lsearch()
13437 Update for new and changed file names.
13441 no more BSD lsearch.c
13445 foo_matches() routines now live in match.c Added user_matches(),
13446 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
13447 that operate on the parsed sudoers file.
13450 * parse.lex, toke.l:
13451 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
13452 WORD no longer needs to exclude '@' kill yywrap()
13455 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
13457 Rewritten parser that converts sudoers into a set of data
13458 structures. This eliminates ordering issues and makes it possible to
13459 apply sudoers Defaults entries before searching for the command.
13462 * configure.in, emul/search.h, lsearch.c:
13463 We won't be using lsearch() any longer.
13467 sudo should not send mail if someone who runs 'sudo -l' has no
13471 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13477 Update warnings to match new visudo
13481 The new parser doesn't have the old ordering constraints.
13485 Document that -l now takes an optional username argument
13488 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13495 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
13496 a compilation problem with Solaris 9's native LDAP.
13498 Set FLAG_MONITOR when needed.
13501 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
13504 Call sudo_goodpath() *after* changing the cwd to match the traced
13505 process. Fixes relative paths.
13508 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
13511 Kill set_perms() stub--it is no longer needed.
13514 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
13516 * sudoers.cat, sudoers.man.in, sudoers.pod:
13517 stay_setuid now requires set_reuid() or setresuid()
13520 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
13521 configure.in, set_perms.c, sudo.c, sudo.h:
13522 Kill use of POSIX saved uids; they aren't worth bothering with.
13525 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
13528 remove call to issetugid()
13531 * sudoers.cat, sudoers.man.in, sudoers.pod:
13532 Remove warning about wildcards. Now that we use glob() the bug is
13537 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
13538 each result that matches the basename of the user's command. This
13539 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
13540 /usr/bin/blah. Fixes bug #143.
13543 * config.h.in, configure, configure.in:
13544 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
13548 * config.h.in, configure, configure.in:
13549 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
13557 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13562 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13566 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
13569 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
13570 means we are out of space in the stack gap...
13578 Take a stab at ldap sudoers support here.
13581 * mon_systrace.c, mon_systrace.h:
13582 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
13583 doesn't cause reboot to inadvertanly kill itself.
13587 put "monitor" in the proctitle, not "systrace"
13591 When modifying the environment, don't replace envp when we can get
13592 away with just rewriting pointers in the traced process.
13595 * mon_systrace.c, mon_systrace.h:
13596 Add environment updating via STRIOCINJECT (if available).
13599 * sudoers.cat, sudoers.man.in:
13603 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
13610 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
13614 Include file is now mon_systrace.h
13617 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
13618 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
13619 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
13620 No longer call it tracing, it is now "monitoring" which should be
13621 more a obvious name to non-hackers.
13624 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
13626 * mon_systrace.c, mon_systrace.h:
13630 * mon_systrace.c, mon_systrace.h:
13631 No need to include syscall.h, use 1024 as the max # of entries (the
13632 max that systrace(4) allows).
13634 Only need to use SYSTR_POLICY_ASSIGN once
13636 Change check_syscall() -> find_handler() and have it return the
13637 handler instead of just running it. We need this since handler now
13638 have two parts: one part that generates and answer and another that
13639 gets called after the answer is accepted (to do logging).
13641 Add some missing check_exec for emul execv
13644 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
13649 Add missing HAVE_LINUX_SYSTRACE_H
13653 add trace_systrace.o dependency
13656 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
13658 * configure, configure.in:
13659 Also look for systrace.h in /usr/include/linux
13662 * mon_systrace.c, mon_systrace.h:
13663 Move all struct defs and prototypes into trace_systrace.h and mark
13664 all but systace_attach() static.
13667 * mon_systrace.c, mon_systrace.h:
13668 Add support for tracing emulations. At the moment, all emulations
13669 are compiled in. It might make sense to #ifdef them in the future,
13670 though this impeeds readability.
13673 * Makefile.in, configure, configure.in:
13674 rename systrace.c -> trace_systrace.c
13677 * parse.yacc, sudo.tab.c:
13678 Allow this to build with a K&R compiler again
13685 * compat.h, sudo.c, visudo.c:
13686 Use __attribute__((__noreturn__))
13690 Exit() takes a negative value to indicate it was not called via
13694 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13699 * Makefile.in, visudo.c:
13700 Define Err() and Errx() that are like err() and errx() but call
13701 Exit() instead of exit(). Build private copy of alloc.o for visudo
13702 that calls Err() and Errx().
13705 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
13707 * lex.yy.c, sudo.tab.c:
13716 Overhaul visudo for editing multiple files: o visudo has been
13717 broken out into functions (more work needed here) o each file is
13718 now edited before sudoers is re-parsed o if a #include line is
13719 added that file will be edited too
13721 TODO: o cleanup temp files when exiting via err() or errx() o
13722 continue breaking things out into separate functions
13725 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
13726 Add keepopen arg to open_sudoers that open_sudoers can use to
13727 indicate to the caller that the fd should not be closed when it is
13728 done with it. To be used by visudo to keep locked fds from being
13729 closed prematurely (and thus losing the lock).
13732 * parse.yacc, sudo.c:
13733 Add errorfile global that contains the name of the file that caused
13738 return COMMENT to yacc grammar for a #include line
13742 Remove us of unput() in favor of yyless() which is cheaper.
13746 Allow an empty sudoers file.
13749 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
13752 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
13755 * lex.yy.c, sudo.tab.c:
13760 Do signal setup before calling edit_sudoers(). Don't shadow the
13765 If a sudoers file includes other files, edit those too. Does not yes
13766 deal with creating the new includes files itself.
13770 init_parser now takes a path
13773 * parse.c, parse.h, parse.lex, parse.yacc:
13774 More scaffolding for dealing with multiple sudoers files: o
13775 init_parser() now takes a path used to populate the sudoers global
13776 o the sudoers global is used to print the correct file in yyerror()
13777 o when switching to a new sudoers file, perserve old file name and
13781 * Makefile.in, pathnames.h.in:
13782 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
13783 multiple sudoers files.
13787 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
13788 we start at the right file position when reading include files.
13800 Add max depth of 128 for the include stack to avoid loops.
13802 Since yyerror() doesn't stop parsing, pass return values back to
13803 yylex and call yyterminate() on error.
13806 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
13813 Mention PREVENTING SHELL ESCAPES section of sudoers man page
13816 * lex.yy.c, sudo.tab.c:
13821 Add support for #include in sudoers (visudo support TBD)
13825 make yyerror()'s argument const
13828 * testsudoers.c, visudo.c:
13829 Add open_sudoers() stubs.
13833 Rename check_sudoers() open_sudoers() and make it return a FILE *
13836 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
13838 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
13843 * Makefile.in, sudo.psf:
13844 Better HP-UX depot construction
13847 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
13850 o Made children global so check_exec() can lookup a child. o
13851 Replaced uid in struct childinfo with struct passwd * (for runas) o
13852 new_child() now takes a parent pid so the runas info can be
13853 inherited o Added find_child() to lookup a child by its pid o
13854 update_child() now fills in a struct passwd o Converted the big
13855 if/else mess in set_policy to a switch o Syscalls that change uid
13856 are now "ask" so we get SYSTR_MSG_UGID events
13860 Add flag to sudo_pwdup that indicates whether or not to lookup the
13861 shadow password. Will be used to a struct passwd that has the
13862 shadow password already filled in.
13866 add missing increment of addr in read_string()
13870 Remove bogus call to update_child() and some cosmetic fixes
13874 Don't leak /dev/systrace fd to tracee Make initialized global for
13875 simplicity If STRIOCATTACH returns EBUSY we are already being traced
13876 Check for user_args == NULL in setproctitle() call Add missing calls
13881 g/c sudo_pwdup proto
13884 * Makefile.in, sudo.psf:
13885 Add target for building a depot file
13892 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
13894 * lex.yy.c, sudo.tab.c, sudo.tab.h:
13899 document --with-systrace
13902 * config.h.in, configure, configure.in:
13903 Add check for setproctitle
13907 pass struct str_msg_ask in to syscall checker so it can set the
13912 systrace(4) support for sudo. On systems with the systrace(4)
13913 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
13914 intercept exec calls and check the exec args against the sudoers
13915 file. In other words, sudo can now control subcommands and shell
13920 Call systrace_attach() if FLAG_TRACE is set.
13923 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
13924 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
13928 Don't close sudoers_fp, keep it open and set close on exec flag
13932 * def_data.c, def_data.h, def_data.in:
13941 SunOS /bin/sh blows up with configure
13944 * configure, configure.in:
13945 Include sys/param.h before systrace.h
13957 line up options in --help
13960 * config.h.in, configure.in:
13961 Add --with-systrace
13964 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
13970 * aclocal.m4, configure.in:
13971 make this work with autoconf-2.59
13974 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
13977 Simplify logic around open & stat of files and do sanity on edited
13978 file even if we lack fstat (still racable but worth doing).
13981 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
13989 [b84ebfaf1552] [SUDO_1_6_8p1]
13992 more changes for 1.6.8p1
13999 * CHANGES, sudo_edit.c:
14000 Add sanity check so we don't try to edit something other than a
14004 2004-09-15 Aaron Spangler <aaron777@gmail.com>
14011 document --with-ldap-conf-file
14014 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14016 * CHANGES, ins_csops.h:
14017 political correctness strikes again
14024 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
14026 * Makefile.binary.in, Makefile.in:
14027 Install sudoedit man link
14031 Update PAM note and mention where HP-UX users can download gcc
14036 libtool wants to install stuff from .libs so fake one up for binary
14040 * Makefile.binary.in:
14041 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
14045 Deal with "uname -m" having slashes in it rm -f old sudoedit link
14046 instead of using ln -f
14049 * Makefile.binary, Makefile.binary.in:
14050 Makefile.binary -> Makefile.binary.in for config.status substitution
14051 Add support for installing noexec bits
14055 Copy noexec bits into binary dists too No longer use my old arch
14056 script for making binary dists
14060 Install sudoedit link.
14063 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
14066 avoid __P so there is no need for compat.h to be included
14070 Don't use HAVE_UTIME_H before including config.h.
14073 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
14076 Fix Solatis futimes macro
14079 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
14082 Rename ots -> omtim for improved readability.
14085 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
14088 Redo changes in revision 1.7. Don't really need to keep the temp
14089 file open; re-opening it with the invoking user's euid is
14097 * sudo.cat, sudo.man.in:
14102 back out revision 1.70; it is no long applicable
14106 Let the loader initialize nep
14109 * config.h.in, configure, configure.in:
14110 Removed unneed check for fchown Add check for gettimeofday Move
14111 autoheader template stuff into separate AH_TEMPLATE lines
14114 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
14115 Use timespec throughout.
14123 function to return the current time in a struct timespec
14127 Not a darpa-sponsored file.
14130 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
14132 * compat.h, config.h.in, configure, configure.in:
14133 Add a check for struct timespec and provide it for those without.
14136 * config.h.in, configure, configure.in, sudo_edit.c:
14137 Add checks for st_mtim and st_mtimespec and add macros for pulling
14138 the mtime sec and nsec out of struct stat. These are used in
14139 sudo_edit() to better tell whether or not the file has changed.
14142 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
14143 Add an extra param to touch() for nsec
14147 Call mkstemp() as the in invoking user so we don't have to chown the
14148 file later. Only touch() the temp file if we can do it via the file
14149 descriptor. Don't check for modification of the temp file if we lack
14150 fstat(). Catch errors read()ing the temp file.
14154 If path is NULL and fd == -1 return -1.
14158 closefrom() is overkill, the only extra fds are the ones we opened
14159 so just close those in the child.
14162 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
14163 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
14165 Use utimes() and futimes() instead of utime() in touch(), emulating
14166 as needed. Not all systems are able to support setting the times of
14167 an fd so touch() takes both an fd and a file name as arguments.
14170 2004-09-07 Aaron Spangler <aaron777@gmail.com>
14176 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14178 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14183 * sudo.pod, sudoers.pod, visudo.pod:
14184 Add SUPPORT section and re-order some of the sections to match the
14185 order we use in OpenBSD.
14188 2004-09-06 Aaron Spangler <aaron777@gmail.com>
14191 Openldap ~/.ldaprc fix
14194 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14197 Talk about how the editor must write its changes to the original
14198 file and not just use rename(2).
14206 Keep the temp file open instead of re-opening after the editor has
14211 Update for current redhat/fedora core.
14214 2004-09-03 Aaron Spangler <aaron777@gmail.com>
14220 2004-09-02 Aaron Spangler <aaron777@gmail.com>
14223 config tls_* options
14226 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
14228 * configure, configure.in:
14229 No need for -lcrypt when using pam.
14232 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
14238 2004-08-27 Aaron Spangler <aaron777@gmail.com>
14240 * configure.in, ldap.c, pathnames.h.in:
14241 Allow --with-ldap-conf-file option to override LDAP_CONF
14245 cleanup debug message
14248 2004-08-26 Aaron Spangler <aaron777@gmail.com>
14254 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
14256 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
14257 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
14258 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
14259 longer use gross statics in command_matches(). Also rename some
14260 variables for improved clarity.
14263 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
14266 document HP's crippled compiler deficiency.
14270 Fix some thinkos in --with-editor and --with-env-editor
14271 descriptions. Noticed by Norihiko Murase.
14274 * configure, configure.in:
14275 --with-noexec takes an optional PATH argument.
14279 document --with-noexec
14282 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14286 [f2503bd13373] [SUDO_1_6_8]
14289 Better warning message when sudoedit is unable to write to the
14293 * sudo.cat, sudo.man.in:
14298 Don't italicize the string "sudoedit"
14301 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
14307 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
14314 Reset used_runas to FALSE when re-intializing the parser.
14317 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
14320 Correct OpenBSD mips support
14327 2004-08-07 Aaron Spangler <aaron777@gmail.com>
14330 More behavior notes
14334 Updates on current behavior
14337 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14340 =back does not take an indentlevel (makes no difference to formatted
14345 =back does not take an indentlevel (makes no difference to formatted
14354 Consistency. Use same error for bad -u #uid when targetpw is set as
14355 we do when a bad -u username is specified.
14359 Add checksum idea from Steve Mancini
14362 * sudoers.cat, sudoers.man.in:
14366 * sudo.cat, sudo.man.in:
14370 * sudo.pod, sudoers.pod:
14371 Document the restriction on uids specified via -u when targetpw is
14376 Error out when targetpw is enabled and sudo is run with -u #uid but
14377 #uid does not exist in the passwd database. We can't do target
14378 authentication when the target is not in passwd!
14381 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14386 Some more todo for the next release.
14390 Make it clear that PAM should be used for DCE support when possible.
14394 o Document problems with wildcards and relative paths. o Make the
14395 order requirements more prominent. o Change a "set" to "reset" for
14399 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14402 Mention --with-secure-path, not SECURE_PATH.
14405 2004-08-03 Aaron Spangler <aaron777@gmail.com>
14408 reflect changes to parse.c
14411 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
14417 * parse.c, parse.h, testsudoers.c, visudo.c:
14418 Don't pass user_cmnd and user_args to command_matches(), just use
14419 the globals there. Since we keep state with statics anyway it is
14420 misleading to pretend that passing in different cmnd and cmnd_args
14425 Don't pass user_cmnd and user_args to command_matches(), just use
14426 the globals there. Since we keep state with statics anyway it is
14427 misleading to pretend that passing in different cmnd and cmnd_args
14432 Fix a bug introduced in rev. 1.149. When checking for pseudo-
14433 commands check for a '/' anywhere in cmnd, not just the first
14437 2004-07-31 Aaron Spangler <aaron777@gmail.com>
14439 * sudo.man.in, sudo.pod:
14440 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
14443 * sudoers.man.in, sudoers.pod:
14444 Add ignore_local_sudoers
14448 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
14452 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
14458 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
14465 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
14466 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
14469 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14475 2004-07-08 Aaron Spangler <aaron777@gmail.com>
14478 Better debugging of ALL command
14481 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14484 When matching for "sudoedit" in sudoers check both the command the
14485 user typed *and* the command that is listed in the sudoers entry.
14488 2004-07-04 Aaron Spangler <aaron777@gmail.com>
14491 Added !command feature
14494 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
14497 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
14500 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14503 License is ISC-style, not BSD-style
14510 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
14512 * sudo.cat, sudo.man.in:
14517 o Update some out of date bits to reality o Change the shell promt
14518 in examples to bourne-shell style o Clarify some details o Add a
14519 CAVEAT about "sudo cd /foo"
14523 Don't ask for a password if invoking user == target user.
14530 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
14532 * sudoers.cat, sudoers.man.in:
14537 Expand on NOEXEC a little.
14544 * visudo.cat, visudo.man.in:
14553 Add a check in visudo for runas_default being set after it has
14557 * CHANGES, parse.yacc, visudo.c:
14558 Add a check in visudo for runas_default being set after it has
14567 Add a MATCHED macro for testing whether foo_matches has been set to
14568 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
14569 Doesn't change the actual code generated.
14572 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
14583 Correct description of where Defaults specs should go.
14587 Correct description of where Defaults specs should go.
14590 * testsudoers.c, visudo.c:
14610 * auth/bsdauth.c, auth/kerb5.c:
14614 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
14620 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
14621 Remove trailing spaces, no actual code changes.
14625 Remove trailing spaces, no actual code changes.
14628 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
14629 Remove trailing spaces, no actual code changes.
14633 Remove trailing spaces, no actual code changes.
14637 Remove trailing spaces, no actual code changes.
14640 * compat.h, defaults.c, env.c:
14641 Remove trailing spaces, no actual code changes.
14645 Remove trailing spaces, no actual code changes.
14653 Fix a >=0 that should be <0 that was improperly converted when
14658 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
14659 NOMATCH when resetting it.
14663 Fix pastos introduced in SETNMATCH addition.
14666 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
14669 Update for configure changes
14677 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14678 these in parse.yacc. Also in parse.yacc initialize the *_matches
14679 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14680 when setting *_matches to a value that may be
14681 NOMATCH/UNSPEC/TRUE/FALSE.
14685 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14686 these in parse.yacc. Also in parse.yacc initialize the *_matches
14687 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14688 when setting *_matches to a value that may be
14689 NOMATCH/UNSPEC/TRUE/FALSE.
14693 Initialize runas to -2, not -1 since we need to be able to
14694 distinguish between the initialized value and the value of a non-
14695 match when passing along the runas value to multiple commands.
14697 The result of this is that an unmatched runas is now set to -1, not
14698 0. This is required now that parse.c treats a FALSE value for runas
14699 as being explicitly denied.
14702 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
14704 * sudo.c, visudo.c:
14705 Error out if argc < 1.
14709 Error out if argc < 1.
14712 * configure, configure.in:
14713 Add tests for what libs we need to link with for ldap and for
14714 whether or not lber.h needs to be explicitly included.
14717 2004-06-03 Aaron Spangler <aaron777@gmail.com>
14720 Solaris native LDAP build fix
14723 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
14726 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
14731 Add prototype for sudo_ldap_list_matches
14734 * configure, configure.in:
14735 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14736 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14737 this is now used to confitionally define the dirfd macro in
14742 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14743 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14744 this is now used to confitionally define the dirfd macro in
14749 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14750 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14751 this is now used to confitionally define the dirfd macro in
14756 Only check /proc/$$/fd if we have the dirfd function/macro.
14759 * compat.h, config.h.in, configure, configure.in:
14760 Add a check for a dirfd() function (like Linux) and add a dirfd
14761 macro in compat.h if there is no dirfd() function or macro.
14764 * closefrom.c, getcwd.c:
14765 dirfd() is now defined in compat.h as needed.
14769 Clarify closefrom() note.
14773 When checking for a command in the directory, only copy the base dir
14778 If there is a /proc/$$/fd directory, behave like the Solaris
14779 closefrom() and only close the descriptors listed therein.
14783 compat.h guarantees INT_MAX is defined.
14787 Add definitions of OPEN_MAX and INT_MAX for those without it and
14788 remove definition of RLIM_INFINITY (now unused).
14791 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
14792 sudo.c, sudo.h, visudo.c:
14793 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
14796 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
14803 Add some entries that were mailed in a while ago
14807 o sysconf returns a long, not an int. o check for negative return
14808 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
14809 define OPEN_MAX to 256 for those without it (a fair guess...)
14812 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
14815 Mention change in parse order for RunAs entries.
14822 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
14824 * INSTALL, README.LDAP, config.h.in, configure.in:
14825 o --with-ldap now takes an optional dir as a parameter o added
14826 check for ldap_initialize() and start_tls_s()
14830 Fix some typos, word choice and formatting issues.
14833 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
14836 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
14837 read/write as it is simpler.
14840 * configure, configure.in:
14841 Remove hack overriding cross-compiler check. It should no longer be
14846 Remove select() compat bits since we no longer use select().
14849 * CHANGES, tgetpass.c:
14850 Use alarm() instead of select() for the timeout for systems that
14851 don't fully/properly implement select().
14854 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14865 Deal with systems that have no way of setting the effective uid such
14869 * configure, configure.in:
14870 Define NO_SAVED_IDS if we don't find seteuid()
14873 * config.h.in, configure, configure.in:
14874 Add back check for setreuid() since NSK doesn't have it.
14877 * sudoers.cat, sudoers.man.in:
14890 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
14891 explicitly denied and the command matched. This fixes a long-
14892 standing bug and makes: foo machine = (ALL) /usr/bin/blah
14893 foo machine = (!bar) /usr/bin/blah
14895 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
14899 Clarify mail_noperm
14902 2004-05-20 Aaron Spangler <aaron777@gmail.com>
14905 Missing DESTDIR in make install for sudo_noexec.la
14908 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
14910 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14920 Remove fastboot/fasthalt (who still remembers these?) and add a
14921 minimal sudoedit example.
14925 Remove fastboot/fasthalt (who still remembers these?) and add a
14926 minimal sudoedit example.
14929 * UPGRADE, sudo.c, visudo.c:
14930 filesystem -> file system
14934 filesystem -> file system
14937 * CHANGES, INSTALL:
14938 filesystem -> file system
14941 * sudo.pod, sudoers.pod:
14942 Fix some minor typos and formatting goofs
14950 remove my email addr
14953 * sudo.pod, sudoers.pod, visudo.pod:
14954 Use @mansectform@ and @mansectsu@ everywhere Make man page
14955 references links with L<>
14959 Accept quoted globbing characters and pass them verbatim for
14964 Document that /tmp/.odus is gone.
14968 No longer use /tmp/.odus as a possible timestamp dir unless
14969 specifically configured to do so. Instead, if no /var/run exists,
14970 use /var/adm/sudo or /usr/adm/sudo.
14974 No longer use /tmp/.odus as a possible timestamp dir unless
14975 specifically configured to do so. Instead, if no /var/run exists,
14976 use /var/adm/sudo or /usr/adm/sudo.
14980 No longer use /tmp/.odus as a possible timestamp dir unless
14981 specifically configured to do so. Instead, if no /var/run exists,
14982 use /var/adm/sudo or /usr/adm/sudo.
14986 No longer use /tmp/.odus as a possible timestamp dir unless
14987 specifically configured to do so. Instead, if no /var/run exists,
14988 use /var/adm/sudo or /usr/adm/sudo.
14991 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
14992 Preliminary changes to support nsr-tandem-nsk. Based on patches
14997 Preliminary changes to support nsr-tandem-nsk. Based on patches
15001 * check.c, compat.h:
15002 Preliminary changes to support nsr-tandem-nsk. Based on patches
15006 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
15009 There was no 1.6.7p6.
15017 add missing files to DISTFILES
15020 * sudo.cat, sudoers.cat, visudo.cat:
15029 Fix some line wrap and update (c) year
15032 2004-04-28 Aaron Spangler <aaron777@gmail.com>
15038 2004-04-07 Aaron Spangler <aaron777@gmail.com>
15044 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15051 In Exit() when used as a signal handler, emsg is a pointer so
15052 sizeof() is wrong so make it a #define instead. Also avoid using a
15053 negative exit value. Found by Aaron Campbell
15056 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
15059 Remove bogus sentence about uids in a User_List. Document usernames
15060 vs. uid parsing in a Runas_List.
15063 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
15064 If the user specified a uid with the -u flag and the uid exists in
15065 the passwd file, set runas_user to the name, not the uid.
15067 When comparing usernames in sudoers, if a name is really a uid
15068 (starts with '#') compare it numerically to pw_uid.
15071 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
15074 krb5_mcc_ops should be const; Johnny C. Lam
15077 2004-02-28 Aaron Spangler <aaron777@gmail.com>
15079 * CHANGES, config.h.in, ldap.c:
15080 Added start_tls support
15083 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
15086 Clean up libtool stuff for 'make distclean' and add def_data.c,
15087 def_data.h to PARSESRCS.
15090 2004-02-14 Aaron Spangler <aaron777@gmail.com>
15092 * strlcat.c, strlcpy.c:
15093 Un-Fix last license munge
15096 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
15102 * CHANGES, RUNSON, TODO:
15106 * lex.yy.c, sudo.tab.c:
15110 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15111 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
15112 emul/search.h, emul/utime.h:
15113 More to a less restrictive, ISC-style license.
15116 * auth/kerb5.c, auth/pam.c:
15117 More to a less restrictive, ISC-style license.
15120 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
15121 More to a less restrictive, ISC-style license.
15125 More to a less restrictive, ISC-style license.
15128 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
15129 More to a less restrictive, ISC-style license.
15132 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
15133 visudo.man.in, visudo.pod:
15134 More to a less restrictive, ISC-style license.
15138 More to a less restrictive, ISC-style license.
15141 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
15143 More to a less restrictive, ISC-style license.
15146 * sigaction.c, strerror.c:
15147 More to a less restrictive, ISC-style license.
15150 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
15152 More to a less restrictive, ISC-style license.
15155 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
15156 ins_goons.h, insults.h, interfaces.c, interfaces.h:
15157 More to a less restrictive, ISC-style license.
15160 * find_path.c, getprogname.c:
15161 More to a less restrictive, ISC-style license.
15165 More to a less restrictive, ISC-style license.
15169 More to a less restrictive, ISC-style license.
15173 More to a less restrictive, ISC-style license.
15176 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
15178 More to a less restrictive, ISC-style license.
15181 * utime.c, version.h:
15182 More to a less restrictive, ISC-style license.
15185 * parse.lex, parse.yacc:
15186 More to a less restrictive, ISC-style license.
15190 More to a less restrictive, ISC-style license.
15193 2004-02-13 Aaron Spangler <aaron777@gmail.com>
15196 Merged in LDAP Support
15199 * ldap.c, sudo.c, sudo.h:
15200 Merged in LDAP Support
15203 * def_data.c, def_data.h, def_data.in:
15204 Merged in LDAP Support
15207 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
15208 Merged in LDAP Support
15211 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15213 * sudo.h, sudo_noexec.c:
15214 Only do "extern int errno" if errno is not a macro.
15217 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
15220 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
15221 euid first, then just call setuid(0) to set the real uid too.
15225 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
15226 instead of seteuid() which may not exist.
15229 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
15235 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
15236 Add --with-pc-insults configure option
15240 Prefer VISUAL over EDITOR like old vipw did.
15243 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
15245 * sudo.man.in, sudoers.man.in:
15250 Add a note that noexec is not a cure-all.
15254 Mention that disabling "root_sudo" is pretty pointless.
15257 * configure, configure.in:
15258 Substitute for root_sudo in sudoers.pod
15262 Add sudoedit to the NAME section
15266 Document that fact that setting ignore_dot in sudoers has no effect
15267 due to the fact that find_path() is called *before* sudoers is read.
15270 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
15273 Do not require _PATH_USRTMP to be set.
15276 * BUGS, CHANGES, TODO:
15285 Clarify that when sudo is run by root with the SUDO_USER variable
15286 set, the sudoers lookup happens for root and not the SUDO_USER user.
15289 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
15291 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
15292 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
15293 Use the SET, CLR and ISSET macros.
15297 Use the SET, CLR and ISSET macros.
15300 * defaults.c, env.c:
15301 Use the SET, CLR and ISSET macros.
15305 MAIN was replaced with _SUDO_MAIN some time ago.
15309 Don't look at prev_user until after we've parsed sudoers and done
15310 the password check. That way, if sudo/sudoedit is run from a root
15311 process that was invoked by sudo, we check sudoers for root, not the
15312 previous user. This makes sudoedit much more useful and means that
15313 for the sudo case, we get correct logging on who actually ran the
15317 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
15320 Add a comment describing why we need to be notified about our child
15324 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
15326 * def_data.c, def_data.in:
15327 Update the noexec variable descriptions
15330 * sudoers.man.in, sudoers.pod:
15331 noexec now replaces more than just execve()
15335 Alas, all the world does not go through execve(2). Many systems
15336 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
15337 and it is not uncommon for libc to have underscore ('_') versions of
15338 the functions to be used internally by the library. Instead of
15339 stubbing all these out by hand, define a macro and let it do the
15340 work. Extra exec functions pointed out by Reznic Valery.
15343 * sudo.c, sudo_edit.c:
15344 Fix suspending the editor in -e mode. Because we do a fork() first
15345 we need to be notified when the child has been stopped and then send
15346 that same signal to ourself so the shell can do its job control
15351 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
15352 there that want to run sudo that still don't support these we can
15353 try to deal with that later.
15360 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
15361 Document sudo -e / sudoedit
15364 * configure, configure.in:
15368 * config.h.in, configure.in:
15372 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
15375 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
15376 long usage() line to not wrap (assumes 80 char display)
15379 * Makefile.in, sudo.c:
15380 If sudo is invoked as "sudoedit" the -e flag is implied and no other
15381 flags are permitted.
15385 Add a new flag, -e, that makes it possible to give users the ability
15386 to edit files with the editor of their choice as the invoking user,
15387 not the runas user. Temporary files are used for the actual edit
15388 and the temp file is copied over the original after the editor is
15392 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
15393 Add a new flag, -e, that makes it possible to give users the ability
15394 to edit files with the editor of their choice as the invoking user,
15395 not the runas user. Temporary files are used for the actual edit
15396 and the temp file is copied over the original after the editor is
15401 If real uid == 0 and the SUDO_USER environment variables is set, use
15402 that to determine the invoking user's true identity. That way the
15403 proper info gets logged by someone who has done "sudo su" but still
15404 uses sudo to as root. We can't do this for non-root users since
15405 that would open up a security hole, though perhaps it would be
15406 acceptable to use getlogin(2) on OSes where this a system call (and
15407 doesn't just look in the utmp file).
15411 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
15414 * config.h.in, configure, configure.in:
15415 Add check for fchown(2)
15418 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15421 Back out portions of the -i commit that set NewArgv[0] in
15422 set_runaspw. It is far to late to set NewArgv[0] there and will have
15423 no effect anyway as cmnd and safe_cmnd have already been set.
15426 * visudo.c, visudo.pod:
15427 Prefer VISUAL over EDITOR like old vipw did.
15430 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
15433 In -i mode always set new environment based on the runas user's
15437 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15439 * sudo.man.in, sudo.pod:
15440 Document the new -i flag and sync SYNOPSIS section with usage() in
15441 sudo.c. Also sort the flags in the OPTIONS section.
15445 o Add -i that acts similar to "su -", based on patches from David J.
15446 MacKenzie o Sort the flags in the usage message
15449 * sudoers.man.in, sudoers.pod:
15450 Add a missing @runas_default@ substitution.
15453 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15456 Change euid to runas user before calling find_path().
15457 Unfortunately, though runas_user can be modified in sudoers we
15458 haven't parsed sudoers yet.
15461 * sudoers.man.in, sudoers.pod:
15462 Add missing defintion of Parameter_List and use single pipes in the
15463 Defaults EBNF definition.
15467 Fix a bug when set_runaspw() is used as a callback. We don't want
15468 to reset the contents of runas_pw if the user specified a user via
15471 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
15472 already have the info in runas_pw.
15475 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
15478 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
15482 Update sudo_getepw() proto and add one for set_runaspw()
15486 If we can't stat the command as root, try as the runas user instead.
15489 * testsudoers.c, visudo.c:
15490 Add stub set_runaspw() function
15494 Add set_runaspw() function to fill in runas_pw. This will be used
15495 as a callback to update runas_pw when the runas user changes.
15499 PERM_RUNAS -> PERM_FULL_RUNAS
15502 * set_perms.c, sudo.h:
15503 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
15508 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
15509 one chunk for easy free()ing. Also change it from static to extern.
15512 * defaults.c, defaults.h:
15513 Add callback support
15517 Add a callback field and use it for runas_default
15520 * def_data.c, def_data.in:
15521 Add a callback field and use it for runas_default
15524 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
15527 Add support for chalnecho and display server responses used by fwtk
15531 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
15533 * sudoers.man.in, sudoers.pod:
15534 ld.so is ld.so.1 on solaris
15537 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
15538 Use closefrom() instead of doing the equivalent inline.
15542 closefrom(3) for systems w/o it
15545 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15548 Update from .pod file.
15551 * configure, configure.in:
15552 Substitute noexec_file for the sudoers man page
15555 * sudo.man.in, sudo.pod:
15559 * sudoers.man.in, sudoers.pod:
15563 * auth/pam.c, config.h.in, configure.in:
15564 Move PAM_CONST macro definition from config.h to pam.c where it
15565 belongs. We can't have this in config.h since that gets included too
15569 * auth/pam.c, config.h.in, configure, configure.in:
15570 Some PAM implementations put their headers in /usr/include/pam
15571 instead of /usr/include/security.
15575 I missed changing the EXEC macro -> EXECV here when I changed this
15576 in config.h.in and sudo.c a while ago.
15580 OpenBSD vax/m88k/hppa don't do shared libs
15583 * configure, configure.in:
15584 o merge the hpux case entries into a single entry w/ its own sub-
15585 case statement. o HP-UX >= 11 support getspnam(), use it in
15586 preference to getprpwuid()
15589 * configure, configure.in:
15590 eval $shrext so that it expands nicely on MacOS X
15594 Don't lie about making a module, it does the wrong thing on mach
15598 Remove requirement that libs must begin with "lib". They don't when
15599 we point directly at the lib using LD_PRELOAD or its equivalent.
15603 Disable support for c++, f77 and java. We don't need it, it takes a
15604 lot of time, and it hosed our check for shared lib support.
15612 Call AC_ENABLE_SHARED and check the status of enable_shared to know
15613 when shared libs are available.
15617 Duh, OpenBSD suports shared libs too
15620 * config.h.in, configure.in:
15621 Only OpenPAM and Linux PAM use const qualifiers.
15624 * configure, configure.in:
15625 o No need to check for sed, libtool config does that for us o move
15626 check for --with-noexec until after libtool magic is run so we can
15627 use $can_build_shared and $shrext
15631 Don't print a bunch of crap about library installs since we are not
15632 really installing a library.
15636 Make format_env() varargs Add noexec support for Darwin, MacOS X,
15640 * acsite.m4, ltconfig, ltmain.sh:
15641 Update to libtool 1.5 with local changes: o no ldconfig in the
15642 finish step o assume no libprefix or version is needed
15646 Fix compilation under K&R
15649 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
15656 stub execve() that just returns EACCES; used for noexec
15661 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15666 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15670 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
15672 * def_data.c, def_data.h, def_data.in:
15673 Move the environment defaults to the end and shorten a few of the
15677 * configure, configure.in:
15678 no shared libs on ultris or convexos
15681 * Makefile.in, configure, configure.in:
15682 Build sudo_noexec shared object using libtool; could use some
15686 * acsite.m4, ltconfig, ltmain.sh:
15687 libtool scaffolding
15690 * parse.yacc, sudo.tab.c:
15691 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
15695 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
15696 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
15697 update copyright year
15700 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
15701 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
15702 option. The default value of noexec_file is set to this.
15705 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
15706 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
15708 Add support for preloading a shared object containing a dummy
15709 execve() function that just sets error and returns -1. This adds a
15710 "noexec_file" option to load the filename as well as a "noexec" flag
15711 to enable it unconditionally. There is also a NOEXEC tag that can
15712 be attached to specific commands and an EXEC tag to disable it.
15716 add missing newline to usage statement
15719 * config.h.in, sudo.c:
15720 Rename EXEC macro -> EXECV
15724 Don't truncate usernames to 8 characters in the log message.
15727 * check.c, sudoers.man.in, sudoers.pod:
15728 Update copyright year
15731 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
15733 Add a new option, lecture_file, that can be used to point to a
15734 custom sudo lecture.
15737 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
15739 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15741 Add a zero_bytes() function to do the equivalent of bzero in such a
15742 way that will heopfully not be optimized away by sneaky compilers.
15746 Add a zero_bytes() function to do the equivalent of bzero in such a
15747 way that will heopfully not be optimized away by sneaky compilers.
15750 * Makefile.in, sudo.h:
15751 Add a zero_bytes() function to do the equivalent of bzero in such a
15752 way that will heopfully not be optimized away by sneaky compilers.
15756 Use #ifdef __STDC__, not #if __STDC__.
15759 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
15762 Always put at least one space between the def_* macro name and its
15766 * configure, configure.in:
15767 Adjust code for --without-lecture to match new values.
15771 regen after pasto fix
15774 * sudoers.man.in, sudoers.pod:
15775 Document that "lecture" has changed from a flag to a tuple.
15778 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
15779 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
15780 Add support for tuples in def_data.in; these are implemented as an
15781 enum type. Currently there is only a single tuple enum but in the
15782 future we may have one tuple enum per T_TUPLE entry in def_data.in.
15783 Currently listpw, verifypw and lecture are tuples. This avoids the
15784 need to have two entries (one ival, one str) for pwflags and syslog
15787 lecture is now a tuple with the following values: never, once,
15790 We no longer use both an int and string entry for syslog facilities
15791 and priorities. Instead, there are logfac2str() and logpri2str()
15792 functions that get used when we need to print the string values.
15795 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15796 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
15797 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
15798 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
15799 sudo.tab.c, visudo.c:
15800 Create def_* macros for each defaults value so we no longer need the
15801 def_{flag,ival,str,list,mode} macros (which have been removed). This
15802 is a step toward more flexible data types in def_data.in.
15809 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
15812 If we are in -k/-K mode, just spew to stderr. It is not unusual for
15813 users to place "sudo -k" in a .logout file which can cause sudo to
15814 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
15815 Previously, this would result in useless mail and logging.
15818 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
15821 fix pasto in VISUAL description
15824 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
15835 Some OSes (like Solaris) allow export w/ nosuid too
15838 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
15841 We don't use FD_ZERO anymore so just define FD_SET (if not already
15845 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
15848 Fix a core dump on Solaris by preserving the pam_handle_t we used
15849 during authentication for pam_prep_user(). If we didn't
15850 authenticate (ie: ticket still valid), we call pam_init() from
15851 pam_prep_user(). This is something of a hack; it may be better to
15852 change the auth API and add an auth_final() function that acts like
15856 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
15859 Add explicit declaration of printerr variable in function header
15860 (was defaulting to int which is OK but oh so K&R :-). From Theo.
15863 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
15865 * config.h.in, configure.in:
15866 s/HAVE_STOW/USE_STOW/
15870 Also exit waitpid() loop when pid == 0. Fixes a problem where the
15871 sudo process would spin eating up CPU until sendmail finished when
15872 it has to send mail.
15875 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
15878 Remove advertising clause, UCB has disavowed it
15882 Remove advertising clause, UCB has disavowed it
15885 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
15888 Don't assume that getgrnam() calls don't modify contents of struct
15889 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
15890 Based on a patch from Kirk Webb.
15893 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
15900 darwin has a broken setreuid() in at least some versions
15904 Fix an off by one error when reallocating the environment; Kevin Pye
15907 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
15910 Fix User_Spec definition; SEKINE Tatsuo
15913 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
15916 More info on the early days from Coggs.
15919 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
15922 remove errant semicolon that prevented compilation under heimdal
15925 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
15927 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
15928 add DARPA credit on affected files
15932 add DARPA credit on affected files
15935 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
15937 add DARPA credit on affected files
15941 add DARPA credit on affected files
15945 add DARPA credit on affected files
15948 * logging.c, parse.c:
15949 add DARPA credit on affected files
15952 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15953 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
15954 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
15956 add DARPA credit on affected files
15959 * auth/kerb5.c, auth/pam.c:
15960 add DARPA credit on affected files
15963 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
15964 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
15966 add DARPA credit on affected files
15970 add DARPA credit on affected files
15973 * defaults.c, defaults.h:
15974 add DARPA credit on affected files
15978 add DARPA credit on affected files
15981 * Makefile.in, alloc.c, check.c:
15982 add DARPA credit on affected files
15986 slightly different wording for the darpa credit
15989 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
15995 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
15998 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
15999 Kerberos like we did before I messed things up ;-)
16001 Use krb5_principal_get_comp_string() to do the same thing w/
16002 Heimdal. I'm not sure if the component should be 0 or 1 in this
16005 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
16006 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
16007 should be a configure check for this I guess.
16010 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
16013 builtin -> built-in; Jason McIntyre
16016 * TROUBLESHOOTING, config.h.in, configure, configure.in:
16017 builtin -> built-in; Jason McIntyre
16021 built in -> built-in; Jason McIntyre
16024 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
16027 checkpoint for 1.6.7p3
16031 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
16032 Amazingly, sudo source from 1985 is available via groups.google.com
16036 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
16037 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
16038 RLIMIT_CORE restoration on some OSes.
16041 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
16044 Make this compile on Heimdal and MIT Kerberos 5
16047 * config.h.in, configure, configure.in:
16048 Check for heimdal even if we found krb5-config and define
16053 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
16054 no longer defined by MIT kerb5 (though it used to be and indeed
16055 remains so in Heimdal).
16058 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
16061 Remove newer stuff that passes multiple (possibly duplicate)
16062 directories to "mkdir -p" since that seems to break on Tru64 Unix at
16063 least. This basically brings back what shipped with sudo 1.6.6.
16066 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
16069 Correct number of args to krb5_principal_get_realm() and fix an
16070 unclosed comment that hid the bug.
16097 * CHANGES, version.h:
16106 use krb5-config to determine Kerberos V details if it exists
16109 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
16110 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
16111 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
16112 testsudoers.c, visudo.c:
16113 Use warn/err and getprogname() throughout. The main exception is
16114 openlog(). Since the admin may be filtering logs based on the
16115 program name in the log files, hard code this to "sudo".
16119 Add getprogname.c and err.c
16126 * config.h.in, configure.in:
16127 Add checks for getprognam(), __progname and err.h
16131 For systems withour err/warn functions.
16135 For systems withour err/warn functions.
16139 For systems neither getprogname() nor __progname; uses Argv[0].
16142 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
16145 checkpoint for 1.6.7p1
16148 * sudo.c, testsudoers.c:
16149 fix strlcpy() rval check (innocuous)
16153 oflow detection in expand_prompt() was faulty (false positives). The
16154 count was based on strlcat() return value which includes the length
16155 of the entire string.
16158 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
16161 checkpoint for the sudo 1.6.7 release
16162 [096bab4da29a] [SUDO_1_6_7]
16165 checkpoint for the sudo 1.6.7 release
16168 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
16171 g/c unused variable
16179 use man sections 8 and 5 for csops
16182 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
16189 Add -lskey or -lopie directly to SUDO_LIBS instead of having
16190 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
16198 Add --with-blibpath for AIX. An alternate libpath may be specified
16200 -blibpath support can be disabled. Also change conifgure such that
16201 -blibpath is not specified if no -L libpaths were added to
16206 Add --with-blibpath for AIX. An alternate libpath may be specified
16208 -blibpath support can be disabled. Also change conifgure such that
16209 -blibpath is not specified if no -L libpaths were added to
16214 Add --with-blibpath for AIX. An alternate libpath may be specified
16216 -blibpath support can be disabled. Also change conifgure such that
16217 -blibpath is not specified if no -L libpaths were added to
16222 add AIX blibpath support
16225 * INSTALL, configure.in:
16226 --with-skey and --with-opie now take an option directory argument
16227 This obsoletes a --with-csops hack (/tools/cs/skey)
16229 Also remove the remaining direct uses of "echo"
16232 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
16235 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
16236 for KTH Kerberos IV and V.
16240 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
16241 -R/path/to/dir if $with_rpath) to the specified variable.
16244 * INSTALL, configure.in:
16245 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
16246 option, --with-rpath to control this behavior.
16250 for kerb4 put libdes after libkrb on the link line
16258 fix kerberos lib check when a path is specified
16262 Fix boolean thinko in SIGCHLD reaper and call reapchild after
16263 sending mail instead of doing a conditional sudo_waitpid.
16266 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
16273 replace =DIR with [=DIR] where sensible
16277 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
16278 detection based on openssh's configure.in
16282 --with-kerb4 and --with-kerb5 now take an optional argument.
16285 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
16288 Kill remaining strcpy(), the programmer's guide says username is 32
16293 trat uid_t as unsigned long for printf and use snprintf, not sprintf
16300 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
16302 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
16303 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16304 auth/rfc1938.c, auth/sudo_auth.c:
16305 update copyright year
16308 * sudo.man.in, sudoers.man.in, visudo.man.in:
16309 update copyright year
16312 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
16313 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
16314 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
16315 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
16316 update copyright year
16319 * check.c, env.c, sudo.c:
16320 Cast [ug]ids to unsigned long and printf with %lu
16328 correct error messages for --with-sudoers-{mode,uid,gid}
16332 make the malloc(0) error specific to each function to aid tracking
16337 deal with platforms where size_t is signed and there is no SIZE_MAX
16342 Make this compile w/ Heimdal and fix some gcc warnings.
16346 Use stat_sudoers macro so --with-stow can work
16349 * INSTALL, config.h.in, configure, configure.in:
16350 Add support for --with-stow based on patches from Robert Uhl
16366 use strlcpy, not strncpy
16370 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
16377 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
16379 * strlcat.c, strlcpy.c:
16380 Make gcc shutup about unused rcsid
16384 Move the n == 0 check for the non-getifaddrs cas
16388 skeychallenge() on NetBSD take a size parameter
16396 put -ldl after -lpam, not before; fixes static linking on Linux
16400 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
16404 * sudo.cat, sudoers.cat, visudo.cat:
16408 * sudo.man.in, sudoers.man.in, visudo.man.in:
16413 Preserve copyright notice from .pod file in .man.in file
16417 Add sudoers(5) to SEE ALSO
16420 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
16427 Don't assume libc can realloc() a NULL string. If malloc/realloc
16428 fails, make sure we just return; yyerror() is not terminal.
16436 simplify fill_args a little and use strlcpy for paranoia
16443 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
16445 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
16446 cases the strings were either pre-allocated to the correct size of
16447 length checks were done before the copy but a little paranoia can go
16452 Add strlc{at,py} protos
16455 * env.c, interfaces.c:
16464 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
16465 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
16469 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
16474 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
16477 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16480 Use snprintf() for paranoia
16484 Use emalloc2 and erealloc3
16488 strlc{at,py} for those w/o it
16491 * strlcat.c, strlcpy.c:
16492 stlc{at,py} for those w/o it.
16495 * config.h.in, configure, configure.in:
16496 Add stlc{at,py} for those w/o it.
16500 Add erealloc3(), a realloc() version of emalloc2().
16503 * interfaces.c, sudo.c:
16504 Use emalloc2() to allocate N things of a certain size.
16508 Add emalloc2() -- like calloc() but w/o the bzero and with
16509 error/oflow checking.
16513 Error out on malloc(0); suggested by theo
16516 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
16518 * configure, configure.in:
16519 fix a typo; David Krause
16522 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
16528 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
16531 Remove DYLD_ from the environment for MacOS X; from bbraun
16534 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
16536 * config.h.in, configure.in:
16537 not not; Anil Madhavapeddy
16540 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16542 * sudo.pod, sudoers.pod, visudo.pod:
16543 typos; jmc@openbsd.org
16546 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16549 Add some missing ';' rule terminators that bison warns about.
16553 fix typo I introduced in last merge
16557 regenerate with autoconf 2.57
16561 Add missing "$HOME"
16565 Add some more square backets to make autoconf 2.57 happy
16568 * config.sub, mkinstalldirs:
16569 Updates from autoconf-2.57
16573 Updates from autoconf-2.57
16576 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16582 * lex.yy.c, sudo.tab.c:
16586 * parse.lex, parse.yacc, sudoers.pod:
16587 Add support for Defaults>RunasUser
16590 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
16593 fclose() yyin after each yyparse() is done and use fopen() instead
16594 of using freopen().
16598 Better fix for sudoers files w/o a newline before EOF. It looks
16599 like the issue is that yyrestart() does not reset the start
16600 condition to INITIAL which is an issue since we parse sudoers
16604 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16607 Work around what appears to be a flex bug when dealing with files
16608 that lack a final newline before EOF. This adds a rule to match EOF
16609 in the non-initial states which resets the state to INITIAL and
16614 o The parser needs sudoers to end with a newline but some editors
16615 (emacs) may not add one. Check for a missing newline at EOF and
16616 add one if needed. o Set quiet flag during initial sudoers parse (to
16617 get options) o Move yyrestart() call and always use freopen() to
16618 open yyin after initial sudoers parse.
16621 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
16624 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
16625 effective gid, not real gid, when reading sudoers.
16629 don't compile set_perms_posix if we have setreuid or setresuid
16632 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
16634 * sudo.pod, sudoers.pod:
16635 document new prompt escapes
16639 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
16640 collapsed to "%" as was originally intended. This also gets rid of
16641 lastchar (does lookahead instead of lookback) which should simplify
16642 the logic slightly.
16645 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
16648 Write the prompt *after* turning off echo to avoid some password
16649 characters being echoed on heavily-loaded machines with fast
16654 Add support for mipseb; wiz@danbala.tuwien.ac.at
16658 Fix IRIX fallout from name changes in man dir/sect Makefile
16659 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
16663 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
16664 the global copy. Problem noted by Peter Pentchev.
16667 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
16674 Add missing yyerror() calls; YYERROR does not seem to call this for
16678 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
16681 fix typo in comment; Pedro Bastos
16684 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
16687 document --disable-setresuid
16690 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
16692 Sprinkle some volatile qualifiers to prevent over-enthusiastic
16693 optimizers from removing memset() calls.
16696 * logging.c, parse.yacc:
16697 minor sign fixes pointed out by gcc -Wsign-compare
16700 * set_perms.c, sudo.c, sudo.h:
16701 Revamp set_perms. We now use a version based on setresuid() or
16702 setreuid() when possible since that allows us to support the
16703 stay_setuid option and we always know exactly what the semantics
16704 will be (various Linux kernels have broken POSIX saved uid support).
16707 * config.h.in, configure:
16708 regen from configure.in
16712 Add checks for setresuid() and a way to disable using it
16716 No long need to emulate set*[ug]id() via setres[ug]id() or
16717 setre[ug]id(). The new set_perms stuff only uses things it knows are
16722 Before exec, restore state of signal handlers to be the same as when
16723 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
16724 a problem when using sudo with nohup. Based on a patch from Paul
16729 o timestamp_uid should be uid_t, not int o clarify error message
16730 when sudo is run by root and no_root_sudo is set
16733 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16736 update ftp link for bison
16739 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
16742 Error out if setusercontext() fails and the runas user is not root.
16745 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
16752 Fix SecurID API test
16755 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
16762 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
16763 but I don't see a better way at the moment.
16766 * Makefile.in, auth/securid5.c:
16767 SecurID API version 5 support from Michael Stroucken
16771 Add check for SecurID 5.0 API
16774 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
16777 We actually do still need config.h to get the 'const' definition for
16781 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
16784 regen with autoconf 2.5.3
16788 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
16792 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
16793 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
16796 * env.c, sudo.c, sudo.h:
16797 No need for dump_badenv() now that dump_defaults() knows how to dump
16801 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
16807 document timestampowner
16811 Don't call set_perms() when doing timestamp stuff unless
16812 timestamp_uid != 0.
16815 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
16816 sudo.h, testsudoers.c:
16817 g/c second arg to set_perms--it is no longer used
16820 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
16822 * check.c, set_perms.c, sudo.c, sudo.h:
16823 Add support for non-root timestamp dirs. This allows the timestamp
16824 dir to be shared via NFS (though this is not recommended).
16827 * def_data.c, def_data.h, def_data.in:
16828 Add timestampowner, "Owner of the authentication timestamp dir"
16831 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
16834 Don't try to pre-compute the size of the new envp, just allocate
16835 space up front and realloc as needed. Changes to the new env
16836 pointer must all be made through insert_env() which now keeps track
16837 of spaced used and allocates as needed.
16840 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
16847 Fix two typo/pastos; from jrj@purdue.edu
16850 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
16852 * INSTALL.binary, README:
16854 [a1e33027278c] [SUDO_1_6_6]
16856 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
16857 visudo.cat, visudo.man.in:
16861 * CHANGES, RUNSON, TODO:
16866 The the loop used to expand %h and %u, the lastchar variable was not
16867 being initialized. This means that if the last char in the prompt
16868 is '%' and the first char is 'h' or 'u' a extra copy of the host or
16869 user name would be copied, for which space had not been allocated.
16872 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
16874 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
16875 crank version to 1.6.6
16879 #undef VOID to get rid of an AFS warning
16883 Use easprintf instead of emalloc + sprintf for some things.
16886 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
16888 * lex.yy.c, sudo.tab.c:
16892 * parse.c, parse.lex, parse.yacc, testsudoers.c:
16893 Remove Chris Jepeway's email address so people don't bug him ;-)
16896 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16899 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
16900 endgrent() at the same time.
16903 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
16906 Make it clear which configure options take arguments.
16909 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
16912 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
16913 RLIM_INFINITY, just pretend it is -1. This works because we only
16914 check for RLIM_INFINITY and do not set anything to that value.
16917 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
16920 Zero and free allocated memory when there is a conversation error.
16924 Use sigaction() not signal()
16928 Mention that some linux kernels have broken POSIX saved ID support
16932 checkpoint for 1.6.5p2
16940 Add --disable-setreuid flag
16944 Document new --disable-setreuid option and change description for
16945 --disable-saved-ids to match new error message.
16949 fatal() now takes an argument that determines whether or not to call
16954 Update for new error messages from set_perms()
16958 Update for new error messages from set_perms()
16961 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16964 Make this compile w/o warnings
16968 Mention that we can't use pam_acct_mgmt()
16971 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
16972 The user's password was not zeroed after use when AIX
16973 authentication, BSD authentication, FWTK or PAM was in use.
16976 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16979 Avoid giving PAM a NULL password response, use the empty string
16980 instead. This avoids a log warning when the user hits ^C at the
16981 password prompt when PAM is in use.
16985 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
16986 pam_setcred() returns the last saved return code, not the return
16987 code for the setcred module. Because we haven't called
16988 pam_authenticate(), this is not set and so pam_setcred() returns
16993 Don't need a '/' between $(DESTDIR) and a directory.
16997 Don't need a '/' between $(DESTDIR) and a directory.
17000 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
17007 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
17008 setreuid() o new NetBSD has a real setreuid() o add check for
17009 freeifaddrs() if getifaddrs() exists.
17012 * config.h.in, interfaces.c:
17013 Older BSDi releases lack freeifaddrs() so add a test for that and if
17014 it is not present just use free().
17017 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17020 Checkpoint for 1.6.5p1
17024 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
17025 to normal passwords, not AUTH_FATAL (which just causes an exit).
17029 Don't use memory after it has been freed.
17033 skeyaccess() wants a struct passwd * not a char *; Patch from
17035 [65a1d3806fcd] [SUDO_1_6_5]
17041 * CHANGES, RUNSON, TODO:
17042 checkpoint for sudo 1.6.5
17045 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17051 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
17055 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17061 o when invoking the mailer as root use a hard-coded environment that
17062 doesn't include any info from the user's environment. Basically
17065 o Add support for the NO_ROOT_MAILER compile-time option and run the
17066 mailer as the user and not root if NO_ROOT_MAILER is defined.
17069 * set_perms.c, sudo.h:
17070 Bring back PERM_FULL_USER
17081 * INSTALL, config.h.in, configure.in:
17082 Add --disable-root-mailer option to run the mailer as the user and
17087 checkpoint for 1.6.4p2
17091 Mention the "seteuid(0): Operation not permitted" problem here too
17092 just for good measure.
17095 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
17097 * env.c, getspwuid.c, sudo.c:
17098 The SHELL environment variable was preserved from the user's
17099 environment instead of being reset based on the passwd database when
17100 the "env_reset" option was used. Now it is reset as it should be.
17107 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
17109 Add a configure option to turn off use of POSIX saved IDs
17117 add --with-efence option
17121 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
17122 "sudo -l" would not work if always_set_home was set.
17130 Quoted commas were not being treated correctly in command line
17135 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
17136 Otherwise, the set_home option has no effect.
17138 o Fix use of freed memory when the "fqdn" flag is set. This was
17139 introduced by the fix for the "segv when gethostbynam() fails" bug.
17140 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
17141 there is no need to check the "fqdn" flag in set_fqdn() itself.
17145 Add 'continue' statements to optimize the switch statement. From
17149 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
17151 * sudoers.cat, sudoers.man.in:
17152 Regen from new sudoers.pod
17153 [6ecc07b3d0e1] [SUDO_1_6_4]
17156 Add caveat about stay_setuid flag
17160 If set_perms == set_perms_posix and the stay_setuid flag is not set,
17161 set all uids to 0 and use set_perms_fallback().
17164 * set_perms.c, sudo.h:
17165 Remove PERM_FULL_USER (which is no longer used) and add
17166 PERM_FULL_ROOT (used when exec'ing the mailer).
17170 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
17171 never want to run the mailer setuid.
17174 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
17176 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
17178 Use sudo.ws instead of courtesan.com in URLs
17181 * Makefile.binary, Makefile.in:
17182 Fix mansect substitution
17186 Substitute man sections in Makefile.binary
17190 Sync install targets with Makefile.in and substitute in man
17194 * INSTALL, INSTALL.binary:
17199 Repair bindist target
17206 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
17209 Fix case where neither whoami nor id are found
17212 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
17215 If neither whoami nor id exists, just assume we are root.
17219 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
17220 on AIX which for some reason isn't pulling in the malloc prototype.
17223 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
17225 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
17234 Defer assigning new environment until right before the exec.
17238 kill extra blank line
17241 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
17248 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
17249 compiler doesn't recognise -O2.
17253 Clarify origins of Root Group sudo a bit based on info from
17254 billp@rootgroup.com
17257 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
17264 checkpoint for 1.6.4rc1
17267 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
17270 now generated via autoheader
17278 Move in some stuff that was previously in config.h.
17281 * aclocal.m4, configure.in:
17282 Add info for autoheader.
17285 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
17288 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
17289 -g to facilitate non-root installs
17293 Add -M option (like -m but only for root) If we can't find "whoami",
17294 use "id" w/ some sed.
17302 allow user to always override mansectsu and mansectform
17305 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
17308 update from autoconf 2.52
17311 * config.guess, config.sub:
17312 Update from autoconf 2.52
17316 regen with autoconf 2.52
17320 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
17321 mode o Remove compiler-specific checks for HP-UX now that we use
17330 o Add pam_prep_user function to call pam_setcred() for the target
17331 user; on Linux this often sets resource limits. o When calling
17332 pam_end(), try to convert the auth->result to a PAM_FOO value.
17333 This is a hack--we really need to stash the last PAM_FOO value
17334 received and use that instead.
17337 * set_perms.c, sudo.h:
17338 o Add pam_prep_user function to call pam_setcred() for the target
17339 user; on Linux this often sets resource limits.
17343 Fix off by one error in number of bytes allocated via malloc (does
17344 not affected any released version of sudo).
17347 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
17354 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
17355 requiring that they be quoted.
17358 * sudoers.cat, sudoers.man.in, sudoers.pod:
17359 Mention that no double quotes are needed when
17360 adding/deleting/assigning a single value to a list.
17364 Don't rely on mkdefaults being executable, call perl explicitly.
17372 Remove some XXX that are no longer relevant.
17376 o Roll our own loop instead of using strpbrk() for better
17377 grokability o When adding to a list we must malloc() and use
17378 memcpy(), not strdup() since we must only copy len bytes from str.
17381 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17391 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
17402 avoid the -g flag unless --with-devel was specified
17406 mkdefaults, def_data.in and sigaction.c were missing from the
17411 def_data.c was missing
17414 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
17417 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
17418 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
17426 Add comment for Default section so folks know where it should go.
17429 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
17432 Use TCSETAF, not TCSETA to set terminal in termio case
17435 * sudoers.cat, sudoers.man.in:
17436 regen from sudoers.pod
17440 o Typo, Runas_User_List should be Runas_List o a User_List can not
17441 contain a uid o mention that the Defaults section should come after
17442 Alias definitions but before the user specifications
17445 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
17447 * sudoers.cat, sudoers.man.in:
17452 Fix listpw and verifypw sections, they were not being formatted
17456 * sudoers.cat, sudoers.man.in:
17468 * config.h.in, configure.in:
17469 use AC_SYS_POSIX_TERMIOS instead of rolling our own
17473 Reference sudo.ws not courtesan.com
17477 Add notes on shadow passwords
17481 In list mode (sudo -l), characters escaped with a backslash are
17482 shown verbatim with the backslash.
17486 Add simple examples from OpenBSD (Marc Espie)
17490 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
17494 minor prettyification
17502 Fix CIDR handling here too.
17506 Apparently a NULL response is OK
17510 Checkpoint for upcoming beta release
17514 Many people believe that adding a runas spec should obviate the need
17515 for the -u flag. It does not.
17519 checkpoint update for upcoming 1.6.4 beta
17523 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
17524 if HAVE_STRING_H is defined -- this is safe now
17528 Add signals section
17536 Fix check for sigaction_t
17540 XXX - should call find_path() as runas user, not root. Can't do
17541 that until the parser changes though.
17545 If find_path() fails as root, try again as the invoking user (useful
17546 for NFS). Idea from Chip Capelik.
17549 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
17550 Regenerate after pod file changes
17553 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
17554 sudo.pod, sudoers.pod:
17555 Add new sudoers option "preserve_groups". Previously sudo would not
17556 call initgroups() if the target user was root. Now it always calls
17557 initgroups() unless the -P command line option or the
17558 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
17561 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
17563 * compat.h, config.h.in:
17564 Use new HAVE_SIGACTION_T define
17568 Fix compilation on K&C
17576 Add check for sigaction_t -- IRIX already defines this so don't
17585 need stdlib.h here too
17593 Remove redundant checks for string.h, strings.h and unistd.h
17596 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17598 Regen from pod files
17605 * configure, lex.yy.c, sudo.tab.c:
17610 Return EINVAL if errnum > sys_nerr
17613 * auth/sudo_auth.h:
17614 o Update copyright year
17617 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
17618 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
17620 o Update copyright year
17624 o Don't define STDC_HEADERS unconditionally for IRIX o Update
17632 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
17633 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
17634 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
17635 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
17636 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
17638 o Reorder some headers and use STDC_HEADERS define properly o Update
17643 o Reorder some headers and use STDC_HEADERS define properly o Update
17647 * getspwuid.c, goodpath.c, interfaces.c:
17648 o Reorder some headers and use STDC_HEADERS define properly o Update
17653 o Reorder some headers and use STDC_HEADERS define properly o Update
17657 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
17659 o Reorder some headers and use STDC_HEADERS define properly o Update
17668 flags set in signal handlers should be volatile sig_atomic_t
17671 * config.h.in, configure.in:
17672 Add checks for volatile and sig_atomic_t
17675 * configure, lex.yy.c:
17679 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
17680 sudo.c, sudoers.pod:
17681 Remove "secure_path" Defaults option since it cannot work with the
17685 * find_path.c, sudo.c:
17686 Unset "secure_path" if user_is_exempt()
17689 * env.c, pathnames.h.in:
17690 o Remove assumption that PATH and TERM are not listed in env_keep o
17691 If no PATH is in the environment use a default value o If TERM is
17692 not set in the non-reset case also give it a default value.
17695 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
17696 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
17697 systems that define in paths.h
17700 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
17701 Add support for skeyaccess(3) if it is present in libskey.
17704 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
17707 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
17711 '\\' is a perfectly legal character to have in a command line
17716 o Defer call to set_fqdn() until it is safe to use log_error() o
17717 Don't print errno string value if gethostbyname fails, it is not
17722 Fix CIDR -> in_addr_t conversion.
17725 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
17728 Remove an extra "User_List" in the User_Spec definition From
17729 ybertrand AT snoopymail.com
17733 Make 'listpw=never' work for users who are not explicitly mentioned
17738 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
17742 Document new list Defaults type and convert env_keep and env_delete
17743 to lists. Document new env_check option.
17746 * lex.yy.c, sudo.tab.c, sudo.tab.h:
17751 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
17760 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
17763 * config.h.in, configure.in:
17764 Add check for skeyaccess(3)
17768 Document new -c, -f, and -q options
17772 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
17779 * aclocal.m4, config.h.in, configure.in:
17780 Add check for isblank and a replacement macro if it doesn't exist.
17783 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
17786 In check-only mode, don't create sudoers if it does not already
17791 o Add a new token, DEFVAR, to indicate a Defaults variable name o
17792 Add support for "+=" and "-=" list operators o replace some 1 and 0
17793 with TRUE and FALSE for greater legibility.
17797 o Use exclusive start conditions to remove some ambiguity in the
17798 lexer. Also reorder some things for clarity. o Add support for
17799 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
17800 a Defaults variable name.
17804 Prototype init_envtables()
17808 o Convert environment handling to use lists instead of strings.
17809 This greatly simplifies routines that need to do "foreach" type
17810 operations. o Add new init_envtables() function to set env_check
17811 and env_delete defaults based on initial_badenv_table and
17812 initial_checkenv_table (formerly sudo_badenv_table).
17815 * defaults.c, defaults.h:
17816 o Add a new LIST type and functions to manipulate it. o This is for
17817 use with environment handling variables. o Call new
17818 init_envtables() routine inside init_defaults() to initialize the
17822 * def_data.c, def_data.h, def_data.in:
17823 Convert environment options to use the new LIST type and add a new
17824 one, env_check that only deletes if the sanity check fails.
17828 Add dummy version of init_envtables()
17836 Add check-only mode
17840 Fix generation of entries with NULL descriptions.
17843 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
17846 Use sigaction_t and quiet a gcc warning.
17850 Must reset signal handlers before we exec
17853 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
17855 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
17856 version needs testing. Set SIGTSTP to SIG_DFL during password entry
17857 so user can suspend us.
17861 Add support for interrupting/suspending tgetpass via keyboard input.
17862 If you suspend sudo from the password prompt and resume it will re-
17867 Don't block keyboard interrupt signals, just set them to SIG_IGN.
17870 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
17873 add back HAVE_SIGACTION
17880 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
17881 Kill POSIX_SIGNALS define and old signal support now that we emulate
17882 POSIX ones Also be sure to correctly initialize struct sigaction.
17886 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
17890 Add scaffolding for POSIX signal emulation
17894 o Add missing ';' so this compiles o Can't use NULL since we don't
17899 Emulate sigaction() using sigvec()
17902 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
17905 Document new behavior of negative values of timestamp_timeout Fix a
17910 Add security note about command not being logged after 'sudo su' and
17915 Mention that -V prints default values when run as root, including
17916 the list of environment variables to clear.
17920 Run pod2man with --quotes=none to avoid stupid quoting of C<>
17924 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17926 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
17927 Add mail_badpass option Also modify mail_always behavior to also
17928 send mail when the password is wrong
17931 * env.c, sudo.c, sudo.h:
17932 Dump default bad env table when 'sudo -V' is run by root.
17936 document env_delete
17940 Add support for '*' in env_keep when not resetting the environment
17941 (ie: the normal case).
17945 Add env_delete variable that lets the user replace/add to the
17946 bad_env_table. Allow '*' wildcard in env_keep entries.
17949 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
17952 Force umask to 022 to guarantee sane directory permissions.
17955 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
17958 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
17962 fix breakage in last commit
17966 acsite.m4 -> aclocal.m4
17970 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
17974 regenerated from def_data.in
17977 * check.c, defaults.c, defaults.h:
17978 Add new T_UINT type that most things use instead of T_INT If
17979 timestamp_timeout is < 0 then treat the ticket as never expiring (to
17980 be expired manually by the user).
17984 change most T_INT -> T_UINT
17988 fix warning when no args
17992 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
17993 we are a signal handler. We no longer print the signal number but
17994 the user can just check the exit value for that.
17997 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
18000 when setting up pipes in child process check for case where stdin ==
18004 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
18007 Ignore editor exit value since XPG4 says vi's exit value is the
18008 count of editing errors made (failed searches, etc).
18011 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
18018 sco now is identified by config.guess as *-sco-*
18022 Check for getspnam() in -lgen if not in -lc for UnixWare.
18025 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
18027 * sudoers.pod, visudo.pod:
18028 "upper case" -> "uppercase"
18032 fix typos and grammar; pjanzen@foatdi.harvard.edu
18035 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
18038 Missing word (specify); krapht@secureops.com
18041 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
18044 If we fail to lookup a login class, apply the default one.
18048 In log_error() free message, not logline unconditionally, then free
18049 logline if it is not the same as message. No function change but
18050 this mirrors how they are allocated.
18053 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
18060 remove some backslash quotes that are unneeded
18064 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
18065 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
18066 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
18067 to AC_DEFINE things manually.
18070 * config.guess, config.sub:
18071 Updated from autoconf-2.50
18074 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
18077 Update mailing list section. We use mailman now, not majordomo.
18080 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18082 * getspwuid.c, logging.c, sudo.c:
18083 Use setpwent()/endpwent() + all the shadow variants to make sure we
18084 don't inadvertantly leak an fd to the child. Apparently Linux's
18085 shadow routines leave the fd open even if you don't call setspent().
18086 Reported by mike@gistnet.com; different patch used.
18089 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
18096 select() may return EAGAIN. If so, continue like we do for EINTR.
18100 Fix a non-exploitable buffer overflow in the word splitting code.
18101 This should really be rewritten.
18109 Tell people to look in sample.syslog.conf for examples, not FAQ
18113 Update list of env vars that are cleared
18117 remove struct env_table decl since that stuff has all moved to env.c
18120 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
18123 Fix a pasto in flock-style unlocking and include <sys/file.h> for
18124 flock on older systems; twetzel@gwdg.de
18128 regen to get NeXT lockf/flock fix
18132 force NeXT to use flock since lockf is broken
18135 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
18138 Use stashed user_gid when checking against exempt gid since sudo
18139 sets its gid to a a value that makes sudoers readable. Previously
18140 if you used gid 0 as the exempt group everyone would be exempt. From
18141 Paul Kranenburg <pk@cs.few.eur.nl>
18144 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
18151 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
18152 some types (such as ssize_t) therein.
18155 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18158 Fix negation of paths in a boolean context. Problem found by
18162 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
18168 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
18171 SA_RESETHAND means the opposite of what I was thinking--oops To
18172 block all signals in old-style signals use ~0, not 0xffffffff
18175 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
18178 coerce difference of pointers to int when used in a string length
18179 printf format; deraadt@openbsd.org
18182 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
18185 Block all signals in Exit() to avoid a signal race. There is still
18186 a tiny window but I'm not going to worry about it.
18189 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
18192 glibc uses the LANGUAGE env var so clear that too; Solar Designer
18196 Regenerate with a fix to flex.skl that preserves errno from
18197 clobbering by isatty().
18200 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
18202 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18203 auth/sia.c, auth/sudo_auth.c:
18204 Some defaults I_ defines got renamed.
18207 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
18208 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
18209 set_perms.c, sudo.c, sudo.tab.c:
18210 Move defaults info into its own files from which we generate .h and
18211 .c files. This makes adding or rearranging variables much simpler.
18214 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
18216 * configure, configure.in:
18217 fix typo in last commit
18220 * compat.h, config.h.in, configure, configure.in:
18221 Add check + emulation for setegid (like seteuid).
18225 Make env_keep override badenv_table as documented Fix traversal of
18226 badenv_table (broken in last commit)
18229 * set_perms.c, sudo.c, sudo.h:
18230 Don't try and build saved uid version of set_perms on systems w/o
18231 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
18232 set_perms_setreuid simply be set_perms_fallback() and simply include
18233 the appropriate function at compile time (setreuid() vs. setuid()).
18236 * sudoers.cat, sudoers.man.in, sudoers.pod:
18237 PATH is also preserved when env_reset is in effect
18240 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
18241 configure.in, defaults.c, defaults.h, env.c, find_path.c,
18242 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
18243 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
18244 visudo.c, visudo.cat, visudo.man.in:
18245 New Defaults options: o stay_setuid - sudo will remain setuid if
18246 system has saved uids or setreuid(2) o env_reset - reset the
18247 environment to a sane default o env_keep - preserve environment
18248 variables that would otherwise be cleared
18250 No longer use getenv/putenv/setenv functions--do environment munging
18251 by hand. Potentially dangerous environment variables can be cleared
18252 only if they contain '/' pr '%' characters to protect buggy
18253 programs. Moved environment routines into env.c (new file)
18257 Clear up --without-passwd description
18260 * putenv.c, sudo_setenv.c:
18261 We now build up a new environment from scratch and assign it to
18265 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
18267 * sudo.pod, visudo.pod:
18268 Grammatical fixes from Paul Janzen
18271 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
18274 If there was a syntax error and the user just wants to quit, unlink
18275 sudoers if it is zero length.
18279 'Q' means ignore parse error, not 'q'
18283 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
18287 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
18290 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
18293 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
18295 * config.guess, config.sub:
18296 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
18299 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
18301 * sudo.c, visudo.c:
18302 Use exit(127), not exit(-1)
18305 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
18306 Move set_perms() to its own file and use POSIX saved uid or
18307 setreuid() if available.
18309 Added stay_setuid option for systems that have libraries that
18310 perform extra paranoia checks in system libraries for setuid
18311 programs (ie: anything with issetugid(2)).
18315 strip more bits from the environment and add a facility for
18316 stripping things only if they contain '/' or '%' to address printf
18317 format string vulnerabilities in other programs.
18320 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
18327 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
18336 Check for strcasecmp(3) in -lc89 for NCR Unix
18339 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
18342 Define HAVE_INNETGR #ifdef HAVE__INNETGR
18349 * compat.h, config.h.in, configure.in:
18350 Add check for _innetgr(3) since NCR systems have that instead of
18354 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
18357 check return value of creadcfg() call sd_close() after sd_auth()
18358 store username in sd->username so we don't rely on the USER env
18362 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
18365 document --with-bsdauth
18373 --with-bsdauth assumes --with-logincap
18376 * auth/bsdauth.c, auth/fwtk.c:
18377 When prompting for a response to a challenge, if the user just hits
18378 return then reprompt with echo turned on.
18381 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
18384 Remove debugging code that should not have been committed, oops.
18388 Use lower-level routines and get the password ourselves. Checks for
18389 a challenge and if there is one echo is not turned off.
18392 * auth/pam.c, auth/sudo_auth.h:
18393 minor housekeeping, no real code changes
18396 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
18399 Fix a coredump in the logging functions if gethostname(2) fails by
18400 deferring the call to log_error() until things are better setup.
18402 Fix return value of set_loginclass() in non-BSD-auth case.
18404 Hard-code 'sudo' in the usage message so we can fit more options on
18409 Fix errant ';' (typo) that broken MSG_ONLY
18412 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
18414 * sudo.cat, sudo.man.in:
18422 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
18423 configure, configure.in, getspwuid.c, sudo.c:
18424 Add support for BSD authentication.
18427 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
18430 Fix typo; from sato@complex.eng.hokudai.ac.jp
18433 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
18436 Mention negating umask
18440 Allow user to specify umask of 0777 (same as !umask)
18443 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
18445 * sudo.pod, visudo.pod:
18446 Fix a typo and give a URL for the sudo history.
18449 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
18451 * defaults.c, sudo.pod:
18452 fix typos; pepper@reppep.com
18455 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
18457 * sudo.c, sudo.h, sudo_setenv.c:
18458 sudo_setenv() now exits on memory alloc failure instead of returning
18462 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
18465 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
18466 and possibly others.
18470 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
18471 that "%m" won't be expanded but we don't use that anyway since the
18472 logging routines may splat to stderr as well.
18475 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
18477 Add always_set_home variable
18480 * configure, configure.in:
18481 Have to hard code default values in help since the defaults are set
18482 _after_ the help stuff.
18485 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
18487 * lex.yy.c, parse.lex:
18488 Allow special characters (including '#') to be embedded in pathnames
18489 if quoted by a '\\'. The quoted chars will be dealt with by
18490 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
18493 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
18496 Better path searching for programs we need.
18500 Add section on "C compiler cannot create executables" errors.
18503 * Makefile.binary, Makefile.in, version.h:
18507 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
18508 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
18509 visudo.man.in, visudo.pod:
18510 Substitute values from configure into man pages.
18513 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
18516 The listpw and verifypw sudoers options would not take effect
18517 because the value of the default was checked *before* sudoers was
18518 parsed. Instead of passing in the value of PWCHECK_* to
18519 sudoers_lookup(), pass in the arg for def_ival() so the check can be
18520 deferred until after sudoers is parsed.
18523 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
18526 When writing prompt, no need to write the NUL as well;
18530 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18533 When looking for chown, check in /sbin too
18536 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
18539 Remove extraneous call to init_defaults() and set runas_user to NULL
18540 betweem parses so init_defaults will reset it each time, thus
18541 avoiding a reference to free()d data.
18544 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
18546 * config.h.in, interfaces.c, interfaces.h, sudo.c:
18547 Add support for using getifaddrs() to get the list of ip addr /
18548 netmask pairs. Currently IPv4-only.
18552 Add a missing check for UserEditor == NULL Add missing '+' before
18553 line number when invoking editor to fix a syntax error
18556 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
18559 Call clean_env very early in main() for paranoia's sake. Idea from
18563 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18566 Update proto for evasprintf and easprintf
18570 Make easprintf() and evasprintf() return an int.
18574 If the targetpw flag is set, use target username as part of the
18575 timestamp path. If tty tickets are in effect cat the tty and the
18576 target username with a ':' as the separator.
18579 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
18582 Backout part of last change; setting PAM_USER to the invoking user
18583 breaks things like targetpw.
18587 set tty and username via pam_set_item
18590 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
18591 Fix root, runas, and target authentication for non-passwd file auth
18595 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
18597 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18598 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18599 Use B<-Z> not C<-Z> for command line flags in all places. This is
18600 more consistent and works around a bug in Pod::Man.
18603 * sudoers.cat, sudoers.man.in, sudoers.pod:
18604 Fix an occurence of 'semicolon' that should be 'colon'
18607 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
18609 * configure, configure.in:
18610 Fix --with-badpri help line
18613 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
18615 * defaults.c, logging.c, sudo.c:
18616 Bracket calls to syslog with an openlog() and closelog() since some
18617 authentication methods (like PAM) may do their own logging via
18618 syslog. Since we don't use syslog much (usually just once per
18619 session) this doesn't really incur a performance penalty. It also
18620 Fixes a SEGV with pam_kafs.
18623 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
18626 Fix -H flag. runas_homedir is only valid after
18627 set_perms(PERM_RUNAS, mode)
18630 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
18633 Clarify the fact that insults are not enabled just by including them
18637 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
18639 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18641 Regenerated with perl 5.6.0 pod2man
18645 Give date string to pod2man since its default is ugly and it ain't
18650 Do section substitution on the output of pod2man and remove hack
18651 needed for old pod2man.
18654 * sudo.pod, sudoers.pod, visudo.pod:
18655 Put back real man sections, we will do the substitution later.
18658 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18660 * configure, configure.in:
18661 Don't bother checking for the path to vi if user specified --with-
18665 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
18667 * CHANGES, visudo.c:
18668 Visudo now does its own fork/exec instead of calling system(3).
18671 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
18672 sudoers.pod, visudo.c:
18673 Visudo now checks for the existence of an editor and gives a
18674 sensible error if it does not exist.
18676 The path to the editor for visudo is now a colon-separated list of
18677 allowable editors. If the user has $EDITOR set and it matches one
18678 of the allowed editors that editor will be used. If not, the first
18679 editor in the list that actually exists is used.
18682 * sudo.cat, sudo.man.in, sudo.pod:
18683 Clear up confusion wrt sudo's return value.
18686 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
18689 Strip sudo and visudo for bindist target
18692 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18693 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18694 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
18695 [5eb9e60a726f] [SUDO_1_6_3]
18697 * visudo.cat, visudo.man.in, visudo.pod:
18698 Typo: @sysconf@ -> @sysconfdir@
18702 'make dist' should not cause any files to be modified so remove its
18707 Whoops, forgot to add release marker
18710 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
18713 Final change for 1.6.3 (or so I hope)
18716 * sudo.cat, sudoers.cat, visudo.cat:
18717 Use SYSV man sections since BSD systems will have nroff...
18720 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
18722 * parse.yacc, sudo.tab.c:
18723 When checking to see if the host/user matches in a defaults spec,
18724 check against TRUE, not just non-zero since it might be -1.
18727 * configure, configure.in:
18728 OSF/1 puts file formats in section 4, not 5.
18731 * CHANGES, INSTALL, sudo.c:
18732 Make login class support work on BSD/OS
18739 * configure, configure.in:
18740 If there is no inet_addr but there *is* an __inet_addr that's ok
18741 since inet_addr is probably just a macro then. The better thing to
18742 do would be to look for the macro, but this is fine for now.
18745 * configure, configure.in:
18746 Don't use shlicc for BSD/OS 4.x
18749 * Makefile.in, configure, configure.in:
18750 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
18751 configure variable so we can deal with this. Also, only remove *.man
18752 for 'distclean' not 'clean'.
18756 set_loginclass() should be static like the proto says
18759 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
18762 Add #ifdef __STDC__ around the rangematch function header to avoid
18763 promotion of test to int, thus violating the prototype. Gcc handles
18764 this gracefully but more std ANSI compilers will complain.
18768 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
18771 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
18772 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
18773 FNM_CASEFOLD in configure
18780 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
18781 Fully qualified hosts w/ wildcards were not matching the FQHOST
18782 token type. There's really no need for a separate token for fully-
18783 qualified vs. unqualified anymore so FQHOST is now history and
18784 hostname_matches now decides which hostname (short or long) to check
18785 based on whether or not the pattern contains a '.'.
18789 Fully qualified hosts w/ wildcards were not matching the FQHOST
18790 token type. There's really no need for a separate token for fully-
18791 qualified vs. unqualified anymore so FQHOST is now history and
18792 hostname_matches now decides which hostname (short or long) to check
18793 based on whether or not the pattern contains a '.'.
18796 * lex.yy.c, parse.c, parse.lex, parse.yacc:
18797 Fully qualified hosts w/ wildcards were not matching the FQHOST
18798 token type. There's really no need for a separate token for fully-
18799 qualified vs. unqualified anymore so FQHOST is now history and
18800 hostname_matches now decides which hostname (short or long) to check
18801 based on whether or not the pattern contains a '.'.
18804 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
18805 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
18806 Add support for wildcards in the hostname.
18810 Add targets for *.man.in, using config.status to generate *.man from
18814 * sudoers.cat, sudoers.man.in, sudoers.pod:
18815 Document set_logname option and enbolden refs to sudo and visudo.
18818 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
18819 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
18820 visudo.cat, visudo.man.in, visudo.pod:
18821 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
18822 from Michael D. Marchionna. configure now does substitution on the
18823 man pages, allowing us to fix up the paths and set the section
18824 correctly. Based on an idea from Michael D. Marchionna.
18828 Better fix for handling HP-UX aging info.
18832 Add support for set_logname run-time default
18835 * sudo.man.in, sudoers.man.in, visudo.man.in:
18836 configure does substitution on these to produce *.man
18839 * sudo.man, sudoers.man, visudo.man:
18840 These files now get generated from *.man.in at configure time.
18843 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
18845 * defaults.c, defaults.h:
18846 Add set_logname option so users can turn off setting of LOGNAME/USER
18847 environment variables.
18850 * lsearch.c, parse.c, testsudoers.c:
18854 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
18857 HP-UX adds extra info at the end for password aging so when
18858 comparing the result of crypt to pw_passwd we only compare the first
18859 len(epass) bytes *unless* the user entered an empty string for a
18864 Get rid of grandchild hack, it was causing problems and there is
18865 really no need for it. This fixes a bug where we spin eating up CPU
18866 when the user runs a long-running process like a shell.
18869 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
18872 User can always specify a login class if he/she is already root.
18875 * config.h.in, configure, configure.in, defaults.c, defaults.h,
18877 FreeBSD login class (login.conf) support.
18880 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
18882 * auth/sudo_auth.c:
18883 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
18886 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
18889 Truncate unencrypted password to 8 chars if encrypted password is
18890 exactly 13 characters (indicateing standard a DES password). Many
18891 versions of crypt() do this for you, but not all (like HP-UX's).
18894 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18897 Mention that gcc on dynix may have problems
18900 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
18903 Link visudo with NET_LIBS since we now call syslog via defaults.c
18907 Use Argv[0] as the first arg to openlog() since visudo uses this
18911 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
18914 Stash coredumpsize resource limit and retsore it before the exec()
18915 Otherwise the child ends up with a coredumpsize of 0.
18918 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
18920 * sudo.cat, sudo.man, sudo.pod:
18928 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
18929 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
18930 Added -S flag (read passwd from stdin) and tgetpass_flags global
18931 that holds flags to be passed in to tgetpass(). Change echo_off
18932 param to tgetpass() into a flags field. There are currently 2
18933 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
18934 tgetpass(), abstract the echo set/clear via macros and if (flags &
18935 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
18939 Fixed a bug that caused an infinite loop when the password timeout
18943 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
18945 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
18946 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
18947 Add rootpw, runaspw, and targetpw options.
18950 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
18952 enveditor -> env_editor
18955 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
18957 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
18958 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
18960 crank versino to 1.6.3
18963 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
18964 sudoers.pod, visudo.c:
18965 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
18966 them. This means that visudo will now parse the sudoers file
18967 *before* it is edited so a bogus sudoers file will cause a warning
18968 to go to stderr. Also, visudo checks the variables once--it does not
18969 check them after each editor run since that could be confusing.
18972 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
18978 * check.c, sudo.c, sudo.h:
18979 Move user_is_exempt prototype into sudo.h
18982 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
18984 * configure, configure.in:
18985 Fix thinko, some && should have been || in the last commit
18988 * configure, configure.in:
18989 Don't initialized Makefile variables to be NULL since the user may
18990 want to import variables from their environment.
18993 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
18995 * configure, configure.in:
18999 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
19002 fix a yacc (skeleton.c) warning
19005 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
19007 * INSTALL, RUNSON, configure, configure.in:
19008 Make pam work on HP-UX 11.0;jaearick@colby.edu
19012 recent changes; prepare for 1.6.2p1
19016 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
19019 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
19022 Regen with yacc that has a memory leak plugged.
19025 * sudoers.cat, sudoers.man, sudoers.pod:
19026 Expanded docs on sudoers 'defaults' options based on INSTALL file
19031 Fix some while lies
19034 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
19037 When making a bindist, link FAQ to TROUBLESHOOTING instead of
19041 * sudoers.cat, sudoers.man, sudoers.pod:
19042 Add netgroup caveat
19043 [28d119f466e3] [SUDO_1_6_2]
19046 Last minute updates
19062 Better detection of PAM errors and fix custom prompts with PAM.
19063 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
19066 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19069 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
19073 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
19075 * CHANGES, config.h.in, configure, configure.in, visudo.c:
19076 Fix sudoers locking in visudo. We now lock the sudoers file itself,
19077 not the temp file (since locking the temp file can foul up editors).
19078 The previous locking scheme didn't work because the fd was closed
19082 * config.h.in, configure, configure.in:
19083 Don't need test for ftruncate() any more.
19086 * configure, configure.in:
19087 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
19088 the unbundled HP-UX cc.
19091 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19093 * sudoers.cat, sudoers.man, sudoers.pod:
19094 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
19097 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19099 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
19100 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
19101 version.h, visudo.c:
19102 update copyright year on changed files
19114 Crank version to 1.6.2
19118 Crank version to 1.6.2
19122 When using rlimit check for RLIM_INFINITY When computing the value
19123 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
19130 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
19131 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
19132 Crank version to 1.6.2
19135 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
19136 Add 'shell_noargs' runtime option back in. We have to defer
19137 checking until after the sudoers file has been parsed but since
19138 there are now other options that operate that way this one can too.
19139 Based on a patch from bguillory@email.com.
19142 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
19143 Add "listpw" and "verifypw" options.
19146 * sudoers.cat, sudoers.man, sudoers.pod:
19147 o Fix some typos/omissions o Add section on verifypw and listpw o
19148 Define how NOPASSWD interacts with the -v and -l flags
19151 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19153 * configure, configure.in:
19154 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
19155 -D_HPUX_SOURCE to CPPFLAGS.
19158 * defaults.c, defaults.h:
19159 In struct sudo_defs_types, move the union to the end and don't
19160 initialize the union member since that only works with an ANSI
19161 compiler. We set the value of the union by hand in init_defaults()
19162 anyway. This allows sudo to compile on a K&R compiler again.
19165 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
19167 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
19168 netgr_matches needs to check shost as well as host since they may be
19173 End on \r as well as \n
19176 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
19179 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
19180 from 0400 to whatever SUDOERS_MODE is (converting from the old
19181 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
19182 0400 which should always be the case.
19185 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
19186 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
19187 w/o a passwd if there is *any* entry for the user on the host with a
19188 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
19189 the user on the host w/ the specified runas user have the NOPASSWD
19197 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
19200 Treat EOF at whatnow prompt like 'x' instead of looping.
19203 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
19207 [5836a9452568] [SUDO_1_6_1]
19209 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
19211 * config.h.in, configure, configure.in, sudo.c:
19212 Add check for initgroups() since old SYSV lacks this.
19215 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
19216 parse.c, testsudoers.c:
19217 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
19221 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
19223 * auth/sudo_auth.c:
19224 Don't allow insults to be enabled if the insults[] array is empty.
19225 Otherwise there would be division by zero.
19229 Don't allow insults to be enabled if the insults[] array is empty.
19230 Otherwise there would be division by zero.
19234 Don't allow insults to be enabled if the insults[] array is empty.
19235 Otherwise there would be division by zero.
19239 Don't care about USE_INSULTS #define since the insult stuff may be
19240 overridden at runtime.
19243 * auth/sudo_auth.c:
19244 Honor insults flag.
19247 * CHANGES, parse.c:
19248 Don't ask the user for a password if the user is not allowed to run
19249 the command and the authenticate flag (in sudoers) is false.
19252 * CHANGES, RUNSON, lex.yy.c, parse.lex:
19253 o Whenever we get a bare newline we change to the INITIAL state. o
19254 Enter GOTRUNAS when we see Runas_Alias
19256 This allows #uid to work in a RunasAlias.
19259 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
19261 * CHANGES, parse.yacc, sudo.tab.c:
19262 fix parsing of runas lists: o oprunasuser and runaslist now return a
19263 value o in a runasspec, if a runaslist does not return TRUE, set
19264 runas_matches to FALSE. Normally, a runaslist only returns FALSE
19265 for explicitly denied users. o since runaslist does not modify the
19266 stack there is no need for a push/pop in runasalias.
19270 Don't kill the user's tickets until after sudoers has been parsed
19271 since tty_tickets and ticket_dir could be set in sudoers.
19274 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
19275 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
19276 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
19277 crank version to 1.6
19281 add set_fqdn() stub
19284 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
19286 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
19287 sudoers.man, sudoers.pod, visudo.c:
19288 o Kill shell_noargs option, it cannot work since the command needs
19289 to be set before sudoers is parsed. o Fix the "set_home" sudoers
19290 option (only worked at compile time). o Fix "fqdn" sudoers option.
19291 We now set host/shost via set_fqdn which gets called when the
19292 "fqdn" option is set in sudoers. o Move the openlog() to
19293 store_syslogfac() so this gets overridden correctly from the
19298 SecurID support should compile now.
19301 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
19303 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
19304 visudo.man, visudo.pod:
19305 fix some syntactic goofs
19308 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19310 * Makefile.in, sudo.html, sudoers.html, visudo.html:
19311 No longer need the .html files as they are generated automatically
19315 * CHANGES, LICENSE:
19316 kill characters that made wml unhappy
19323 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19326 majordomo@cs.colorado.edu -> majordomo@courtesan.com
19329 * Makefile.in, configure:
19330 Wrap script execution w/ /bin/sh for the benefit of ctm
19333 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19336 Make the -s flag be exclusive too. Also reorder the flags in the
19337 exclusive usage message so they are alphabetical.
19340 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19343 make pam errors other than PAM_PERM_DENIED fatal
19351 make it clear that /etc/pam.d/sudo is required on linux
19355 fix a warning on redhat and spew an error if pam_authenticate()
19356 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
19359 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19360 Be very clear that the password required is the user's not root's
19363 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
19366 add sample.syslog.conf to DISTFILES and BINFILES
19369 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
19372 updates from Brian Jackson + some formatting
19375 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
19377 * INSTALL.binary, Makefile.binary, README, RUNSON:
19378 o One RUNSon update o Changes for automating real binary releases
19385 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
19388 talk about run-time options in addition to compile-time options
19389 [1eb813ff0a9a] [SUDO_1_6_0]
19396 need sys/time.h if HAVE_SETRLIMIT
19399 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
19400 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
19401 get rid of references to sudo-bugs. Now mention the web site or the
19406 repair pod2html damage
19410 Update for 1.6 release
19413 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19414 Add warning about using ALL in a command context.
19417 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
19420 Call yyrestart() on a parse error to reset the lexer state.
19423 * lex.yy.c, parse.lex:
19424 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
19425 since it might not get called in yywrap if we get a parse error
19426 (and we only reread the file on error anyway).
19429 * lex.yy.c, parse.lex:
19430 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
19431 might still exist. Call yyrestart() instead of using the deprecated
19435 * lex.yy.c, parse.lex:
19436 flex doesn't need %N table size declarations
19439 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19440 Mention what characters need to be escaped in names.
19443 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
19450 clarify Mac OS X entry
19458 o Use AC_MSG_ERROR throughout o Check syslog configure options for
19462 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
19465 Fix printing of type T_MODE in dump_defaults()
19469 missing sys/types.h
19473 Break out options that may be overridden at run time into their own
19474 section. Add a not about Max OS X and correct some lies.
19477 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
19479 * CHANGES, config.h.in, configure, configure.in, sudo.c:
19480 o Now use getrlimit to find the highest fd when closing all non-std
19481 fd's o Turn off core dumps via setrlimit for the sake of paranoia
19488 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
19495 When read()'ing, do a single character at a time to be sure we don't
19496 go oast the newline.
19500 For the sudo_root option, check against user_uid, not getuid() since
19501 at this point, ruid == euid == 0.
19509 Fix compilation problem when --with-logging=file was specified.
19510 This means that syslog is now required to build sudo but that should
19511 not be a problem. If it is it can be fixed trivially with a
19512 configure check for syslog() or syslog.h.
19516 Make this work again for things like "sudo echo hi | more" where the
19517 tty gets put into character at a time mode. We read until we read
19518 end of line or we run out of space (similar to fgets(3)).
19521 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
19523 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19524 change ital to bold
19531 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
19534 Error out if syslog parameters are given without a value. For
19535 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
19536 no facilities in the 4.2BSD syslog.
19539 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
19542 Ignore the syslog facility for systems w/ old syslog like Ultrix.
19546 people with "." early in their path can have problems running sudo
19547 from the build dir ;-)
19550 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
19552 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19553 Remove -r realm option
19556 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
19557 configure.in, sudo.c:
19558 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
19565 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
19568 include <auth.h> to get function prototypes.
19571 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19575 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
19578 in set_perms(), always call setuid(0) before changing the ruid/euid
19579 so we always know it will succeed.
19583 #undef T_FOO to avoid conflicts with system defines (like on
19587 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
19589 Docuement "Defaults" lines in /etc/sudoers. Still needs some
19590 fleshing out but this is a start.
19593 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
19595 * use strtol, not strtoul since not everyone has not strtoul
19599 use strtol, not strtoul since not everyone has not strtoul
19602 * lex.yy.c, parse.lex:
19603 last {WORD} rule should only apply in the INITIAL state
19606 * lex.yy.c, parse.lex:
19607 o Add support for escaped characters in the WORD macro o Modify
19608 fill() to squash escape chars
19611 * defaults.c, defaults.h:
19612 o Add T_PATH flag to allow simple sanity checks for default values
19613 that are supposed to be pathnames. o Fix a duplicate free when
19614 visudo finds an error.
19617 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
19619 * defaults.c, defaults.h, logging.c:
19620 mail_if_foo -> mail_foo
19623 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
19625 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
19626 o Add requiretty option o Move O_NOCTTY to compat.h
19630 The exit() in log_error() was mistakenly removed in a previous
19631 version. Put it back...
19634 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
19636 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
19637 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
19638 configure, configure.in, defaults.c, defaults.h, find_path.c,
19639 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
19640 o Change defaults stuff to put the value right in the struct. o
19641 Implement mailer_flags o Store syslog stuff both in int and string
19642 form. Setting the string form magically updates the int version.
19643 o Add boolean attribute to strings where it makes sense to say !foo
19647 add O_NOCTTY when opening /dev/tty just in case
19650 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
19653 cleanup function no longer takes a status arg
19660 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
19662 * TODO, config.h.in, configure, configure.in, logging.c:
19663 Use strftime() instead of ctime() if it is available.
19666 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
19673 update ReliantUNIX entry
19676 * defaults.c, defaults.h, logging.c:
19677 add log_year option
19680 * configure, configure.in:
19681 add --without-sendmail to help output
19684 * configure, configure.in:
19685 enforce an otctal arg for --with-suoders-mode
19688 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
19690 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
19691 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
19692 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
19693 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
19694 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
19695 testsudoers.c, version.c, visudo.c:
19696 Add support for "Defaults" line in sudoers to make configuration
19697 variables changable at runtime (and on a global, per-host and per-
19698 user basis). Both the names and the internal representation are
19699 still subject to change. It was necessary to make sudo_user.runas
19700 but a char ** instead of a char * since this value can be changed by
19701 a Defaults line. There is a similar (but more complicated) issue
19702 with sudo_user.prompt but it is handled differently at the moment.
19704 Add a "-L" flag to list the name of options with their descriptions.
19705 This may only be temporary.
19707 Move some prototypes to parse.h
19709 Be much less restrictive on what is allowed for a username.
19712 * sample.syslog.conf:
19716 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
19718 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
19720 UCB has dropped the advertising clause from their license.
19723 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
19725 * auth/sudo_auth.h:
19726 move dce_verofy proto to correct section
19733 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
19736 Add fnmatch() prototype
19739 * fnmatch.c, parse.c, testsudoers.c:
19740 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
19744 add strcasecmp proto
19747 * auth/sudo_auth.c:
19748 add check for case where there are no auth methods
19751 * configure, configure.in:
19752 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
19756 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
19757 include strings.h everywhere we include string.h
19761 nicer output when showing auth methods
19765 Add support for SEND_MAIL_WHEN_NO_HOST
19768 * config.h.in, configure, configure.in:
19769 Add _GNU_SOURCE for Linux
19772 * lex.yy.c, parse.lex:
19773 fix definition of OCTECT
19776 * configure, configure.in:
19777 aix_auth.o not authenticate.o
19780 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
19783 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
19784 keyboard). Since we run with ruid/euid == 0 the user can't really
19785 signal us in nasty ways.
19789 Don't need to worry about catching too many signals since we do
19790 locking on the tmp file. If a lockfile is really stale, it will be
19791 detected and overwritten.
19794 * INSTALL, Makefile.in:
19795 include auth/API in tarball
19798 * auth/sudo_auth.c:
19799 move memset() of plaintext pw outside of verify loop and only do the
19800 memset if we are *not* in standalone mode.
19803 * auth/sudo_auth.c, auth/sudo_auth.h:
19804 DCE is not a standalone method
19808 fix --enable-noargs-shell
19812 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
19815 * auth/fwtk.c, auth/sia.c:
19816 _cleanup() function returns an int.
19820 there were still some return(0)'s hanging around, make them
19829 add missing semicolon
19832 * auth/sudo_auth.h:
19836 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
19838 * CHANGES, config.h.in, configure, configure.in:
19839 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
19843 add parse.h to HDRS
19846 * Makefile.in, configure, configure.in:
19847 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
19848 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
19849 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
19850 testsudoers to build on Solaris and is a bit cleaner in general.
19854 mention ptmp -> sudoers.tmp
19857 * config.h.in, configure, configure.in:
19858 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
19866 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
19867 return a value more like a system function
19879 update based on what is in the man page
19882 * parse.yacc, sudo.tab.c:
19883 minor change to first line printed in -l mode
19886 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19887 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19888 standard and add "EXAMPLES" section
19891 * visudo.cat, visudo.html, visudo.man, visudo.pod:
19892 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19896 * logging.c, parse.c, sudo.h:
19900 * lex.yy.c, parse.lex:
19901 make an OCTET really be limited to 0-255
19905 mention timestamp changes
19912 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19913 new sudoers(8) man page
19916 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
19919 Update comments about syslog name tables
19922 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
19923 strcasecmp.c, sudo.tab.c:
19924 include strcasecmp() for those without it
19928 Use the : operator some more and fix a typo
19932 update the history of sudo
19935 * parse.c, parse.lex, testsudoers.c:
19936 CIDR-style netmask support
19943 * sudo.tab.c, sudo.tab.h:
19944 these should be generated with byacc, not bison
19951 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
19952 In "sudo -l" mode, the type of the stored (expanded) alias was not
19953 stored with the contents. This could lead to incorrect output if
19954 the sudoers file had different alias types with the same name.
19955 Normal parsing (ie: not in '-l' mode) is unaffected.
19958 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
19960 * configure, configure.in:
19961 define _XOPEN_SOURCE to get at crypt() proto on some systems
19964 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
19971 don't need limits.h
19975 kill bogus reference to vfprintf
19978 * sample.sudoers, sudoers:
19983 Add some const in the K&R defs. This is safe since we define const
19984 away if the compiler doesn't grok it.
19987 * aclocal.m4, configure:
19988 Better test for working long long support. Ultrix compiler supports
19989 basic long long but not all operations on them.
19992 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
19993 snprintf.c, sudo.c:
19994 Add check for LONG_IS_QUAD #undef MAXINT before including
19995 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
19996 in snprintf.c and use LONG_IS_QUAD
19999 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
20001 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
20003 UCB-derived snprintf + asprintf support. Supports quads if the
20004 compiler does. No floating point yet, perhaps later...
20007 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
20009 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
20010 goodpath.c, logging.c, parse.c, sudo.c:
20011 Run most of the code as root, not the invoking user. It doesn't
20012 really gain us anything to run as the user since an attacker can
20013 just have an setuid(0) in their egg. Running as root solves
20014 potential problems wrt signalling.
20021 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20023 * logging.c, sudo.c:
20024 Don't wait for child to finish in log_error(), let the signal
20025 handler get it if we are still running, else let init reap it for
20026 us. The extra time it takes to wait lets the user know that mail is
20029 Install SIGCHLD handler in main() and for POSIX signals, block
20034 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
20035 parse.yacc, sudo.c, sudo.h:
20036 sudoers_lookup() now returns a bitmap instead of an int. This makes
20037 it possible to express things like "failed to validate because user
20038 not listed for this host". Some thigns that were previously
20039 VALIDATE_FOO are now FLAG_FOO. This may change later on.
20041 Reorganized code in log_auth() and sudo.c to deal with above
20044 Safer versions of push/pushcp with in the do { ... } while (0) style
20046 parse.yacc now saves info on the stack to allow parse.c to determine
20047 if a user was listed, but not for the host he/she tried to run on.
20049 Added --with-mail-if-no-host option
20052 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
20054 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
20055 visudo.man, visudo.pod:
20056 o NewArgv and NewArgc don't need to be externally visible. o If
20057 pedantic > 1, it is a parse error. o Add -s (strict) option to
20058 visudo which sets pedantic to 2.
20061 * HISTORY, INSTALL:
20062 Just have sudo-bugs contact info in one place
20065 * sudo.cat, sudo.html, sudo.man, sudo.pod:
20069 * Makefile.in, configure, configure.in:
20070 Add testsudoers to default build target if --with-devel Don't clean
20071 generated parser files unless "distclean".
20074 * parse.yacc, sudo.tab.c:
20075 In pedantic mode we need to save *all* the aliases, not just those
20076 that match, or we get spurious warnings.
20080 reference samples.sylog.conf
20083 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
20085 * sample.syslog.conf:
20086 Sample entries for syslog.conf
20093 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
20094 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
20095 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
20096 auth/sudo_auth.c, auth/sudo_auth.h:
20097 In struct sudo_auth, turn need_root and configured into flags and
20098 add a flag to specify an auth method is running alone (the only
20099 one). Pass auth methods their sudo_auth pointer, not the data
20100 pointer. This allows us to get at the flags and tell if we are the
20101 only auth method. That, in turn, allows the method to be able to
20102 decide what should/should not be a fatal error. Currently only
20103 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
20104 define and te hackery that went with it. With access to the
20105 sudo_auth struct, methods can also get at a string holding their
20106 cannonical name (useful in error messages).
20109 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
20110 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
20112 o --with-otp deprecated, use --without-passwd instead o real
20113 dependencies in the Makefile o --with-devel option to enable yacc,
20114 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
20115 back to being a token, not a string but don't leak memory o rename
20116 hsotspec -> host in parse.yacc
20119 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
20125 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
20127 o Digital UNIX needs to check for *snprintf() before -ldb is added
20128 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
20129 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
20130 functions in snprintf.c to fix -Wall o Add missing includes to fix
20134 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
20135 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
20137 o Add a "pedentic" flag to the parser. This makes sudo warn in
20138 cases where an alias may be used before it is defined. Only turned
20139 on for visudo and testsudoers. o Add --disable-authentication option
20140 that makes sudo not require authentication by default. The PASSWD
20141 tag can be used to require authentication for an entry. We no
20142 longer overload --without-passwd.
20145 * lex.yy.c, parse.lex:
20146 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
20147 username can contain just about anything so be very permissive. Also
20148 drop the unused \. punctuation.
20151 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
20153 * parse.yacc, sudo.tab.c:
20154 o add a 'val' element to aliasinfo struct and move -> parse.h o
20155 find_alias() now returns an aliasinfo * instead of boolean o
20156 add_alias() now takes a value parameter to store in the
20157 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
20158 return: 1) positive match 0) negative match (due to '!')
20159 -1) no match This means setting $$ explicitly in all cases, which I
20160 should have done in the first place. It also means that we always
20161 store a value that is != -1 and when we see a '!' we can set
20162 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
20163 now works the way it should in lists and some of the rules are more
20164 uniform and sensible.
20168 add parse.h dependency
20172 kill unused *_matched macros
20176 Allow a list of users as the first thing in a user spec, not just a
20177 single entry. This makes things more uniform, though it does allow
20178 you to write user specs that are hard to read.
20190 fix check for crypt() in libufc
20193 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
20196 sudo-users list now exists
20199 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
20203 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
20204 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
20205 version.c, visudo.c:
20206 o Move lock_file() and touch() into fileops.c so visudo can use them
20207 o Visudo now locks the sudoers temp file instead of bailing when the
20208 temp file already exists. This fixes the problem of stale temp
20209 files but it does *require* that you not try to put the temp file in
20210 a world-writable directory. This shoud not be an issue as the temp
20211 file should live in the same dir as sudoers. o Visudo now only
20212 installs the temp file as sudoers if it changed.
20215 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
20221 * config.h.in, configure, configure.in, logging.c:
20225 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
20226 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
20227 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
20228 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
20229 -> _PATH_SUDOERS_TMP
20232 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20234 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
20235 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
20236 root sudo -V config reporting
20239 * configure, configure.in:
20240 aix_auth.o not authenticate.o
20244 Add --with-goodpri and --with-badpri configure options to specify
20245 the syslog priority to use.
20248 * INSTALL, configure, configure.in, logging.h:
20249 Add --with-goodpri and --with-badpri configure options to specify
20250 the syslog priority to use.
20254 kill crufty AIX stuff
20258 Sigh, some versions of make (like Solaris's) don't deal with $< like
20259 I would expect. Both GNU and BSD makes get this right but... So, we
20260 just expand $< inline at the cost of some ugliness.
20264 If the invoking user is root, sudo will now print configure info in
20265 -V mode. Currently just prints logging info, to be expanded later.
20268 * logging.c, logging.h, sudo.c, sudo.h:
20269 o new defines for syslog facility and priority o use new
20270 print_version() functino for -V mode
20274 Don't need version.c
20277 * aclocal.m4, config.h.in, configure, configure.in:
20278 Add check for syslog facilities and priorities tables in syslog.h
20282 o authenticate -> aix_auth o add version.c
20285 * auth/sudo_auth.c:
20286 Missed a prompt -> user_prompt conversion
20289 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
20292 sudo should lock its logfile
20295 * parse.yacc, sudo.tab.c:
20296 o Add '!' correctly when expanding Aliases. o Add shortcut macros
20297 for append() to make things more readable. o The separator in
20298 append() is now a string instead of a char. o In append(), only
20299 prepend the separator if the last char is not a '!'. This is a
20300 hack but it greatly simplifies '!' handling. o In -l mode, Runas
20301 lists and NOPASSWD/PASSWD tags are now inherited across entries in
20302 a list (matches current behavior). o Fix formatting in -l mode such
20303 that items in a list are separated by a space. Greatlt improves
20304 readability. o Space for name field in struct aliasinfo is now
20305 allocated dyanically instead of using a (big) buffer. o In
20306 add_alias(), only search the list once (lsearch instead of lfind +
20310 * lex.yy.c, sudo.tab.c, sudo.tab.h:
20314 * configure, configure.in:
20315 Solais pam doesn't require anye xtra setup
20319 o Simpler '!' support now that the lexer deals with multiple !'s for
20320 us. o In the case of opFOO, have FOO give a boolean return value and
20321 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
20322 it gets fill()'d in parse.lex--fixes a small memory leak. In the
20323 long run it may be better to just fix parse.lex and make ALL back
20324 into a token. However, having it be a string is useful since it
20325 can be easily passed back to the parent rule if we so desire.
20329 o Remove some unnecessary backslashes o collapse multiple !'s by
20330 using !+ and checking if yyleng is even or odd. this allows us to
20331 simplify ! handling in parse.yacc
20335 -u flag was being ignored
20338 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
20345 work around pod2man stupididy
20349 correct dependencies for .cat
20352 * sudo.cat, sudo.man, visudo.cat, visudo.man:
20356 * sudo.pod, visudo.pod:
20357 Add copyright Update to reality
20360 * parse.c, sudo.c, sudo.h:
20361 rename validate() to the more descriptive sudoers_lookup()
20368 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20374 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
20375 configure, configure.in, sudo.c:
20380 add 4th term to license similar to term 5 in the apache license
20383 * emul/search.h, emul/utime.h:
20384 add 4th term to license similar to term 5 in the apache license
20387 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
20388 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
20389 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
20390 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
20391 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
20392 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
20393 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
20395 add 4th term to license similar to term 5 in the apache license
20398 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
20399 add 4th term to license similar to term 5 in the apache license
20402 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
20403 getspwuid.c, goodpath.c:
20404 add 4th term to license similar to term 5 in the apache license
20407 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
20408 insults.h, logging.c, sudo.c, sudo.h:
20409 there was a 1995 release too
20412 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
20419 Use dirs instead of files for timestamp. This allows tty and non-
20420 tty schemes to coexist reasonably. Note, however, that when you
20421 update a tty ticket, the mtime on the user dir gets updated as well.
20424 * configure, configure.in:
20425 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
20426 when linking test program, not just -lprot. Also add check for
20427 getspnam(). The SCO docs indicate that /etc/shadow can be used but
20431 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
20434 first cut at auth API description
20437 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
20439 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
20440 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
20442 auth API change. There is now an init method that gets run before
20443 the main loop. This allows auth routines to differentiate between
20444 initialization that happens once vs. setup that needs to run each
20445 time through the loop.
20448 * auth/kerb5.c, logging.c:
20449 use easprintf() and evasprintf()
20453 add easprintf() and evasprintf(), error checking versions of
20454 asprintf() and vasprintf()
20458 remove 2 items. One done, one won't do.
20461 * lex.yy.c, sudo.tab.c:
20465 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
20466 visudo.html, visudo.man:
20475 o Document -K flag and update meaning of -k flag. o BSD-style
20476 copyright o Document clearing of BIND resolver environment variables
20477 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
20478 if your OS gives away files
20486 BSD-style copyright
20490 o BSD copyright o no need to block signals, we now do that in main()
20494 * testsudoers.c, visudo.c:
20495 o BSD-style copyright o Use "struct sudo_user" instead of old
20496 globals. o some cometic cleanup
20500 BSD-style copyright
20504 o BSD copyright o logging and parser bits moved to their own .h
20505 files o new "struct sudo_user" to encapsulate many of the old
20510 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
20511 logging routines o simplified flow of control o BIND resolver
20512 additions to badenv_table
20516 BSD-style copyright
20520 Now compiles on more K&R compilers
20524 BSD-style copyright, cosmetic changes
20528 BSD-style copyright
20531 * parse.c, parse.h, parse.lex, parse.yacc:
20532 BSD-style copyright. Move parser-specific defines and structs into
20533 parse.h + other cosmetic changes
20537 defines for logging routines
20540 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
20541 BSD-style copyright, cosmetic changes
20544 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20546 BSD-style copyright
20550 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
20551 kill --disable-tgetpass o add --without-passwd o changes to fill in
20552 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
20553 v?asprintf() o replace --with-AuthSRV with --with-fwtk
20557 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
20558 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
20559 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
20563 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
20567 BSD-style copyright
20571 no more --with-getpass
20575 Take out things I've done...
20583 --with-getpass no longer exists
20587 BSD-style copyright. Update to reflect reality wrt new files and
20592 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
20597 Update history a bit
20600 * COPYING, LICENSE:
20601 Now distributed under a BSD-style license
20604 * auth/sudo_auth.c:
20605 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
20606 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
20610 * auth/pam.c, auth/sia.c:
20611 BSD-style copyright and use new log functions
20615 o BSD-style copyright o Use new log functiongs o Use asprintf() and
20616 snprintf() where sensible.
20620 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
20621 done more reasonably--better sanity checks and tty-based stamps are
20622 now done as files in a directory with the same name as the invoking
20623 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
20624 to mix tty and non-tty based ticket schemes but this may change in
20625 the future (it requires sudo to use a directory instead of a file in
20626 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
20627 the epoch and ``sudo -K'' really deletes the file. That way you
20628 don't get the lecture again just because you killed your ticket in
20629 .logout. BSD-style copyright now.
20633 o rewritten logging routines. log_error() now takes printf-style
20634 varargs and log_auth() for the return value of validate(). o BSD-
20638 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
20639 superceded by new auth API
20643 BSD-style copyright
20647 Use snprintf() where it makes sense and add a BSD-style copyright
20650 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
20651 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
20652 BSD-style copyright
20655 * emul/utime.h, utime.c:
20656 BSD-style copyright
20660 this has been rewritten so use my BSD-style copyright
20663 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
20666 include malloc.h if no stdlib.h
20670 KTH snprintf()/asprintf() for systems w/o them
20674 strerror() for systems w/o it
20677 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
20683 * parse.c, parse.lex, parse.yacc:
20684 Add contribution info in the main comment
20687 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20690 remove missed ref to PAM_nullpw
20693 * auth/sudo_auth.h:
20698 more or less complete now--still untested
20701 * auth/afs.c, auth/pam.c:
20702 don't use user_name macro, it will go away
20705 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
20706 combine skey/opie code into rfc1938.c
20709 * auth/dce.c, auth/sudo_auth.h:
20710 DCE authentication method; basically unchanged from dce_pwent.c
20713 * auth/aix_auth.c, auth/sudo_auth.h:
20714 AIX authenticate() support. Could probably be much better
20718 Fix an uninitialized variable and some cleanup. Now works (tested)
20721 * auth/sia.c, auth/sudo_auth.h:
20722 SIA support for digital unix
20726 don't use prompt global, it will go away
20729 * auth/secureware.c:
20730 correct copyright years
20733 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
20734 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
20735 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
20736 New authentication API and methods
20739 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20746 only save an entry if user_matches && host_matches, even if the
20747 stack is empty (fix for previous commit)
20755 1) Always save an entry on the stack if it is empty. This fixes the
20756 -l and -v flags that were broken by earlier parser changes.
20758 2) In a Runas list, don't negate FALSE -> TRUE since that would make
20759 !foo match any time the user specified a runas user (via -u) other
20764 interfaces and num_interfaces are now auto, not extern
20767 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
20770 use a static global to keep stae about empty passwords
20774 make PASSWORD_NOT_CORRECT logging consistent with other modules
20777 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
20780 PAM prompt code was wrong, looks like we have to kludge it after
20785 In the PAM code, when a user hits return at the first password
20786 prompt, exit without a warning just like the normal auth code
20789 * configure, configure.in:
20790 kludge around cross-compiler false positives
20793 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
20794 New (correct) PAM code Tgetpass now takes an echo flag for use with
20795 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
20796 useless umask setting Change error from BAD_ALLOCATION ->
20797 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
20802 Some -Wall and kill some trailing spaces
20806 define -D__EXTENSIONS__ for solaris so we get crypt() proto
20809 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
20815 * INSTALL, config.h.in, configure, configure.in:
20816 for kerberos V < version, fall back on old kerb4 auth code
20820 clarify some things
20823 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
20827 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
20830 mention why DONT_LEAK_PATH_INFO is not the default
20833 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
20836 Fix open(2) return value checking, was NULL for fopen, should be -1
20845 better wording for solaris pam notice
20849 document recent changes
20853 Update shadow password section
20857 move authentication code from check.c to auth.c
20860 * Makefile.in, check.c, sudo.h:
20861 move authentication code to auth.c
20864 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
20866 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
20867 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
20868 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
20869 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
20871 Move interface-related defines to interfaces.h so we don't have to
20872 include <netinet/in.h> everywhere.
20875 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
20877 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
20878 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
20879 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
20880 turns out the old DES crypt does the right thing with passwords
20881 longert than 8 characters. o Fix common typo (necesary ->
20882 necessary) o Update TODO list
20885 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
20888 set $LOGNAME when we set $USER
20891 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
20894 add comment about digital unix and interfaces.c warning with gcc
20897 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
20900 use modern paths and give examples for some of the new parser
20904 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
20910 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
20911 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
20912 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
20913 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
20914 Function names should be flush with the start of the line so they
20915 can be found trivially in an editor and with grep
20918 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
20919 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
20920 free(3) is already void, no need to cast it
20923 * logging.c, sudo.c, sudo.h:
20924 catch case where cmnd_safe is not set (this should not be possible)
20927 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
20928 testsudoers.c, visudo.c:
20929 Stash the "safe" path (ie: the one listed in sudoers) to the command
20930 instead of stashing the struct stat. Should be safer.
20933 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
20935 * INSTALL, Makefile.in, UPGRADE:
20936 notes on updating from an earlier release
20943 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
20945 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
20946 sudoers.man, sudoers.pod:
20947 You can now specifiy a host list instead of just a host or alias.
20948 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
20955 * parse.yacc, sudo.tab.c:
20956 Move the push from the beginning of cmndspec to the end. This means
20957 we no longer have to do a push at the end of privilege, just reset
20961 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
20962 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
20963 use "!" most everywhere
20966 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
20969 modernize paths and update su example based on sample.sudoers one
20973 New runas semantics
20976 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
20978 In estrdup(), do the malloc ourselves so we don't need to rely on
20979 the system strdup(3) which may or may not exist. There is now no
20980 need to provide strdup() for those w/o it. Also, the prototype for
20981 estrdup() was wrong, it returns char * and its param is const.
20989 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
20992 * CHANGES, TODO, parse.yacc, sudo.tab.c:
20993 It is now possible to use the '!' operator in a runas list as well
20994 as in a Cmnd_Alias, Host_Alias and User_Alias.
20997 * logging.c, sudo.h:
20998 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
21002 Definitions of *_matched were wrong--user top, not top-2 as
21006 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
21007 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
21008 command but the NOPASSWD flag was set. Make runasspec, runaslist,
21009 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
21010 in the runas list Fix double printing of '%' and '+' for groups and
21011 netgroups respectively Add *_matched macros (no need for local stack
21012 variable). Should only be used directly after a pop (since top must
21016 * aclocal.m4, configure.in:
21017 Add copyright, somewhat silly
21020 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
21022 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
21023 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
21024 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
21025 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
21026 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
21027 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
21028 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
21029 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
21031 Crank version to 1.6 and combine copyright statements
21035 Use ! not ^ to do negation
21038 * lex.yy.c, sudo.tab.c:
21042 * parse.lex, parse.yacc:
21043 Make runas and NOPASSWD tags persistent across entris in a command
21044 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
21045 runas or *PASSWD tag the value given becomes the new default for the
21046 rest of the command list.
21049 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
21053 [a1ae9d4a7d54] [SUDO_1_5_9]
21056 Shift return value of system(3) by 8 to get real exit value and if
21057 it is not 1 or 0 print the retval along with the error message.
21060 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
21063 testsudoers needs LIBOBJS too
21066 * parse.c, parse.yacc, sudo.tab.c:
21067 Fix another parser bug. For a sudoers entry like this: millert
21068 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
21076 * parse.yacc, sudo.tab.c:
21077 Save entries that match a ! command on the matching stack too
21081 Make sudo's usage info better when mutually exclusive args are given
21082 and don't rely on argument order to detect this; nick@zeta.org.au
21085 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21087 * CHANGES, Makefile.in, RUNSON:
21095 * parse.yacc, sudo.tab.c:
21096 Fix off by one error introduced in *alloc changes
21099 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
21100 check_sia.c, compat.h, config.h.in, configure, configure.in,
21101 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
21102 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21103 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
21104 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
21105 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
21106 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
21107 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
21111 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
21112 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
21113 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
21114 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
21115 Use emalloc/erealloc/estrdup
21119 error checking memory allocation routines
21122 * parse.yacc, sudo.tab.c:
21123 Still not right, this fixes it for real
21126 * parse.yacc, sudo.tab.c:
21127 Fix for previous commit
21130 * CHANGES, INSTALL, parse.yacc:
21131 Fix a parser bug that was exposed when mixing different runas specs
21132 and ! commands. For example: millert ALL=(daemon)
21133 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
21134 as well as daemon when it should just allow daemon. The problem was
21135 that comma-separated commands in a list shared the same entry on the
21136 matching stack. Now they get their own entry iff there is a full
21137 match. It may be better to just make the runas spec persistent
21138 across all commands in a list like the user and host entries of the
21139 matching stack. However, since that is a fairly major change it
21140 should gets its own minor rev increase.
21143 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
21145 * check.c, config.h.in:
21146 Simplify PAM code and fix a PAM-related warning on Linux
21149 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
21163 * check.c, configure.in:
21164 new pam code that works on solaris, should work on linux too;
21168 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
21175 only include strings.h if there is no string.h
21178 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
21181 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
21184 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
21187 shost must be set before log functions are called #ifdef HOST_IN_LOG
21190 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
21192 * CHANGES, lex.yy.c, parse.lex:
21193 Fix a bug wrt quoting characters in command args. Stop processing
21194 an arg when you hit a backslash so the quoted-character detection
21198 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
21201 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
21204 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
21206 * configure, configure.in:
21207 add missing case statement so --without-sendmail works
21210 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
21216 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
21218 * configure, configure.in:
21219 only search for -lsun in irix <= 4.x
21222 * configure, configure.in:
21223 back out last configure.in change now that I've hacked autoconf to
21224 fix the real problem and add a missing newline
21232 add def of dirfd() for those without it
21235 * configure, configure.in:
21236 When falling back to checking for socket() when linking with
21237 "-lsocket -lnsl" check for main() instead since autoconf has already
21238 cached the results of checking for socket() in -lsocket. This is
21239 really an autoconf bug as it should use the extra libs as part of
21240 the cache variable name.
21247 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
21250 fix occurrence of $with_timeout that should be
21251 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
21255 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
21257 * sudo.cat, sudo.html, sudo.man, sudo.pod:
21258 fix grammar; espie@openbsd.org
21259 [7031d9dfbc3e] [SUDO_1_5_8]
21261 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
21263 * parse.yacc, sudo.c, testsudoers.c:
21264 add cast for strdup in places it does not have it
21267 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
21269 * configure, configure.in:
21270 define for_BSD_TYPES irix
21273 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
21275 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
21276 Make it clear that it is the user's password, not root's, that we
21281 If the user enters an empty password and really has no password,
21282 accept the empty password they entered. Perviously, they could
21284 *but* an empty password. Also, add GETPASS macro that calls either
21285 tgetpass() or getpass() depending on how sudo was configured.
21286 Problem noted by jdg@maths.qmw.ac.uk
21289 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
21291 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
21292 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
21293 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21294 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
21295 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
21296 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
21298 add explicate copyright
21302 mention -lsocket, -lnsl configure changes
21305 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
21308 Don't clobber errno after calling check_sudoers().
21311 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
21313 * configure, configure.in:
21314 When linking with both -lsocket and -lnsl be sure to do so in that
21315 order. Also, when we can't find socket() or inet_addr() and have to
21316 try linking with both libs, issue a warning.
21319 * sudo.cat, sudo.man, sudo.pod:
21320 clarify bad timestamp and fmt
21323 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
21326 be clear that pam is linux-only and add a RUNSON entry
21329 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
21331 * CHANGES, INSTALL, configure, configure.in:
21332 fix and correctly document --with-umask; problem noted by
21336 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21338 * configure, configure.in:
21339 only use /usr/{man,catman}/local to store man pages if suer didn't
21340 override prefix or mandir
21343 * INSTALL, configure, configure.in:
21344 fix typo, make --with-SecurID take an arg
21347 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21353 * CHANGES, INSTALL, check.c, configure, configure.in:
21354 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
21357 * configure, configure.in:
21358 better fix for the problem of unresolved symbols in -lnsl or
21362 * configure, configure.in:
21363 when checking for functions in -lnsl and -lsocket link with both of
21364 them to avoid unresolved symbols on some weirdo systems
21367 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21369 * BUGS, CHANGES, RUNSON, TODO:
21370 old changes that didn't make it into RCS before the RCS->CVS switch
21373 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21375 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
21376 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
21377 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
21378 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
21379 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21380 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
21381 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
21394 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
21395 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
21396 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
21397 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
21398 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21399 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
21400 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
21401 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
21402 crank version and regen files
21406 kill rcs goop in update_version and fix now that version is a const
21409 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
21410 sudo.c, sudo.h, sudo.pod:
21411 kerb5 support from fcusack@iconnet.net
21414 * realpath.c, sudo_realpath.c:
21415 we no longer use realpath
21419 replaced by find_path.c
21423 all options are now configure flags
21431 superceded by getcwd.c
21435 superceded by tgetpass.c
21439 superceded by RUNSON
21443 No longer used now that we have configure options for everything.
21447 regen based on configure.in
21450 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
21451 sudoers.man, visudo.cat, visudo.html, visudo.man:
21452 regen based on sudo.pod, sudoers.pod, and visudo.pod
21455 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
21458 fix tty tickets in remove_timestamp (didn't use ':')
21461 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
21464 close sock when we are done with it
21467 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
21470 never say "error on line -1"
21473 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
21476 check for -lnsl before -lsocket
21480 quote '[', ']' used in ranges correctly
21483 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
21486 add missing NO_ROOT_SUDO noted by drno@tsd.edu
21489 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
21496 more info for 1.5.7
21504 make increases of cm_list_size and ga_list_size be similar to
21505 increases of stacksize (ie: >= not > in initial compare).
21509 when we get a syntax error, report it for the previous line since
21510 that's generally where the error occurred.
21513 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
21515 * config.h.in, configure.in, interfaces.c:
21516 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
21518 [d197f31fd1e4] [SUDO_1_5_7]
21521 define BSD_COMP for svr4
21524 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21525 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21526 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21527 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21532 kill check for sockio,h
21536 no more HAVE_SYS_SOCKIO_H
21539 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21540 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21541 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21542 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21546 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
21549 add missing inform_user()
21552 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
21555 return NOT_FOUND if given fully qualified path and it does not exist
21556 previously it would perror(ENOENT) which bypasses the option to not
21561 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
21565 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
21568 tty tickets are user:tty now
21572 when using tty tickets make it user:tty not user.tty as a username
21573 could have a '.' in it
21576 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
21579 add "ignoring foo found in ." for auth successful case
21582 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
21585 add missing printf param
21588 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
21590 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
21591 go back to printing "command not found" unless --disable-path-info
21592 specified. Also, tell user when we ignore '.' in their path and it
21593 would have been used but for --with-ignore-dot.
21597 Only one space after a colon, not two, in printf's
21600 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
21603 document setting $USER
21607 fix bugs with prompt expansion
21611 set $USER for root too
21614 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
21621 HP-UX's iscomsec is in -lsec, not libc
21625 remove some entries in the OS case statement that did nothing
21629 add "cd" section and flush out syslog section
21633 no more sudo-lex.yy.c
21637 add custom prompt support
21641 kill perror("malloc") since we already have a good error messages
21642 pw_ent -> pw for brevity
21646 kill perror("malloc") since we already have a good error messages
21647 pw_ent -> pw for brevity set $USER if -u specified
21651 kill perror("malloc") since we already have a good error messages
21655 kill perror("malloc") since we already have a good error messages
21656 pw_ent -> pw for brevity when checking if %group matches, look up
21657 user in password file so that %groups works in a RunAs spec.
21661 kill perror("malloc") since we already have a good error messages
21664 * check.c, getspwuid.c, interfaces.c:
21665 kill perror("malloc") since we already have a good error messages
21666 pw_ent -> pw for brevity
21669 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
21672 the prompt is expanded before tgetpass is called
21676 tgetpass now has the same args as getpass again
21680 add iscomsec, issecure support
21684 we now expand any %h or %u in the prompt before passing to tgetpass
21688 add check for syslog(3) in -lsocket, -lnsl, -linet
21692 add HAVE_ISCOMSEC and HAVE_ISSECURE
21696 add check for iscomsec in HP-UX
21700 check for issecure if we have getpwanam on SunOS some options are
21701 incompatible with DUNIX SIA check for dispcrypt on DUNIX
21704 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
21711 add back support for non-dispcrypt based checking for older DUNIX
21719 SIA becomes the default on Digital UNIX now havbe --disable-sia to
21724 move local includes after system ones
21727 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
21729 * check.c, check_sia.c, sudo.h:
21730 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
21735 fix while loop in sia_attempt_auth() that checks the password. Only
21736 the first iteration was working.
21739 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
21742 don't trust UID_MAX or MAXUID
21753 * getspwuid.c, secureware.c:
21754 init crypt_type to INT_MAX since it is legal to be negative in DUNX
21759 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
21760 -ldb since DUNX < 4.0 lacks it
21763 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
21765 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
21766 secureware.c, sudo.c, tgetpass.c:
21767 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
21768 minutes if the shadow files don't exist).
21771 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
21774 updated --with-editor blurb
21778 tell how to put sudoers in a different dir
21782 add missing quotes around $with_editor
21786 typo in --with-editor bits
21790 I don't expect it to work on Solaris
21794 add back security/pam_misc.h
21797 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
21800 remove dunix note since configure checks for this now
21804 add check for broken dunix prot.h (4.0 < 4.0D is bad)
21807 * getspwuid.c, secureware.c, tgetpass.c:
21808 new dunix shadow code, use dispcrypt(3)
21816 call initprivs() if we have it for getprpwuid later on
21820 clean pathnames.h too
21824 quote "Sorry, try again." with [] since it has a comma in it set
21825 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
21826 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
21831 update Digital UNIX note about acl.h
21836 --without-root-sudo -> --disable-root-sudo some reordering
21843 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
21851 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
21854 when checking for -lsocket, -lnsl, and -linet, check for the
21855 specific functions we need from them.
21858 * config.h.in, sudo.h:
21859 move Syslog_* defs into sudo.h
21862 * Makefile.in, sudo.h:
21863 added check_secureware
21867 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
21871 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
21872 defined. configure now does that for us
21876 move some --with options around change a bunch of echo's to
21877 AC_MSG_CHECKING, AC_MSG_RESULT pairs
21881 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
21882 syntax error add some echo verbage
21885 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
21888 moved SecureWare stuff into secureware.c
21896 update url to solaris gcc bins
21900 change option formatter and flesh out someentries
21903 * TROUBLESHOOTING, sudo.pod, visudo.pod:
21904 environmental variable -> environment variable
21908 everything is now done via configure
21916 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
21920 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
21924 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
21925 sudoers_mode from configure
21929 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
21930 the Makefile, not config.h
21934 document all --with/--enable options
21937 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
21940 options.h is no more
21944 assimilated options.h
21948 moved options from options.h to configure
21951 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
21952 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
21953 sudo_setenv.c, visudo.c:
21957 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
21958 remove references to options.h
21961 * dce_pwent.c, interfaces.c, sudo.c:
21966 if select return < -1 still prompt for pw
21970 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
21975 FAST_MATCH is no longer an optino
21979 remove_timestamp() if timestamp is preposterous
21983 convert more options to --with/--enable
21986 * INSTALL, aclocal.m4:
21991 convert more options into --with and --enable
21995 catch EINTR in select and restart
22002 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
22005 UMASK -> SUDO_UMASK.
22008 * check.c, logging.c:
22009 time.h, not sys/time.h
22012 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
22015 MAILER -> _PATH_SENDMAIL
22018 * INSTALL, configure.in:
22019 no more --with-C2, now it is --disable-shadow
22022 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
22023 getspwuid.c, sudo.c, tgetpass.c:
22024 new shadow password scheme. Always include shadow support if the
22025 platform supports it and the user did not disable it via configure
22028 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
22031 --with-getpass -> --{enable,disable}-tgetpass
22035 pathnames.h -> pathnames.h.in
22043 move pam_conv to be static to auth function remove pam_misc.h
22044 (solaris doesn't have one)
22048 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
22052 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
22056 convert to pathnames.h.in
22059 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
22062 fix typo in sysv4 matching case /.
22065 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
22068 pam stuff needs to run as root, not user, for shadow passwords
22071 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
22073 * BUGS, INSTALL, README, configure.in:
22077 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22078 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
22079 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
22080 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22081 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22082 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22087 user version.h for long message
22091 this is version 1.5.6
22094 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
22097 remove errant backslash
22100 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
22102 * options.h, parse.yacc, pathnames.h.in:
22104 [fdee73255d64] [SUDO_1_5_6]
22106 * BUGS, CHANGES, TODO:
22114 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
22117 kill unused localhost_mask var copy if name to ifr_tmp after we zero
22121 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
22124 Better description of new vs. old sudoers modes fix some typos
22125 better description of /usr/ucb/cc gotchas on slowaris
22133 set NewArgv[0] to user_shell, not basename(user_shell)
22136 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
22139 mention TROUBLESHOOTING more fix some typos
22143 move --enable/--disable to be after --with
22147 document --enable/--disable
22151 document --with-pam
22154 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
22157 Add message for pam users
22168 * check.c, config.h.in, configure.in:
22169 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
22172 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
22175 add HOST_IN_LOG and WRAP_LOG
22179 add WRAP_LOG and HOST_IN_LOG
22183 add --enable-log-host and --enable-log-wrap
22187 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
22190 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
22197 include sys/param.h to get howmany macro
22200 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
22202 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
22206 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
22209 bring in stdio.h for NULL
22213 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
22217 use HAVE_SET_AUTH_PARAMETERS
22221 add HAVE_SET_AUTH_PARAMETERS
22225 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
22229 add support for HI-UX/MPP SR220001 02-03 0 SR2201
22233 initialize previfname
22237 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
22238 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
22247 don't need special build line for sudo.tab.o
22251 don't clean sudo.tab.[ch]
22255 Sudo should prompt for a password before telling the user that a
22256 command could not be found.
22264 no longer require yacc
22272 y.tab -> sudo.tab include pre-yacc'd parse.yacc
22276 include sudo.tab.h, not y.tab.h don't break out of command args if
22284 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
22293 getcwd(3) from OpenBSD for those without it.
22297 HAVE_GETWD -> HAVE_GETCWD
22301 pretend sunos doesn't have getcwd(3) since it opens a pipe to
22310 remove duplicate include of string.h
22314 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
22318 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
22322 add dev_t and ino_t
22325 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
22328 fix OTP_ONLY for opie
22331 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
22333 * testsudoers.c, tgetpass.c:
22334 include stdlib.h for malloc proto
22337 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
22340 make update_version saner
22344 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
22348 check for waitpid and wait3 or no waitpid
22352 used waitpid or wait3 if we have 'em
22355 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
22358 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
22361 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
22364 don't need to explicately mention -lsocket -lnsl for sequent
22367 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
22370 dynix should not link with -linet
22373 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
22376 mention that HP-UX doesn't ship with yacc
22379 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
22382 ignore kerberos if we can't get the local realm
22385 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
22387 * BUGS, INSTALL, README, configure.in:
22395 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
22396 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
22397 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
22398 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
22407 don't use popen/pclose. Do it inline.
22418 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
22419 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
22424 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
22429 getwd.c -> getcwd.c
22441 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
22445 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
22447 * OPTIONS, options.h:
22448 add STUB_LOAD_INTERFACES
22451 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22452 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22453 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22454 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22455 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22456 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22461 support *-ccur-sysv4 and fix two typos
22464 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
22467 don't echo about with_logfile and with_timedir
22471 document --with-logfile and --with-timedir
22475 support --with-logfile and --with-timedir
22479 Add --with-logfile and --with-timedir
22483 change size computation of NewArgv for UNICOS
22486 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
22489 treate -*-sysv4* like *-*-svr4
22492 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
22495 fix spacing for --with-authenticate help
22498 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22499 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22500 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22501 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22502 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22503 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22508 fix off by one error in push macro
22511 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22514 removed bogus alloca hack
22518 added AIX 4.x authenticate() support
22522 include alloca.h if using bison and not gcc and it exists. fixes an
22523 alloca problem on hpux 10.x
22527 mention --with-authenticate
22531 added AIX authenticate() support
22535 add HAVE_AUTHENTICATE
22539 dynamically size ifconf buffer
22546 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22547 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22548 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22549 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22550 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22551 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22559 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
22562 add busy stmp file explanation
22565 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
22568 the name of the cached var that signals whether or not you are cross
22569 compiling changed. It is now ac_cv_prog_cc_cross
22572 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
22575 mention glibc 2.07 is fixed wrt lsearch()\.
22578 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
22580 * sample.sudoers, sudoers.pod:
22581 better example of su but not root su
22584 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22586 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22587 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22588 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22589 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22590 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22591 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22596 correct regexp for updating version
22600 remove bogus flush of stderr spew prompt before turning off echo.
22601 Seems to fix a weird problem where if sudo complained about a bogus
22602 stamp file the user would sometimes not have a chance to enter a
22607 fix bogus flush of stderr
22611 close fd's <=2 not <=3 and move that chunk of code up
22615 support hpux1[0-9] not just hpux10
22618 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
22621 set sudoers_fp to nil after closing
22624 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
22626 * config.guess, config.sub:
22627 updated from autoconf 2.12
22634 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
22637 fix select usage for high fd's (dynamically allocate readfds)
22641 kill extra whitespace
22645 do an initgroups() before running a command, unless the target user
22649 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
22652 tell people to use tabs, not spaces, in syslog.conf
22655 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
22657 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
22658 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
22662 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
22663 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
22667 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22668 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
22673 more tweaks to update_version
22677 fixed up update_version rule
22685 removed supe of check.c
22696 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22697 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
22698 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22699 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22700 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22701 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22711 add rules to update version stuff in files so I don't need to do it
22716 sudoers_fp is now extern
22720 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
22721 don't have to open it again in the parse. This may help with weird
22722 solaris problems where EAGAIN sometime occurrs.
22726 sudoers file open is now done only in check_sudoers() so we just do
22727 a rewind() instead of an open. May help people on solaris who were
22731 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22734 mention that newer glibc is fixed
22737 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
22740 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
22741 _RLD* instead of _RLD_*
22749 fix that bug for real
22753 document Linux's libc6 brokenness.
22762 [4949a1bbd0a9] [SUDO_1_5_4]
22765 remind people to HUP syslogd
22781 remove author's email addr. people should mail sudo-bugs
22788 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
22789 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
22790 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
22791 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22792 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22793 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
22801 * INSTALL, Makefile.in:
22810 exit(1) if user enters no passwd
22818 commands can start with ./* not just /* -- fixes a serious security
22822 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
22825 Don't set the tty variable to NULL when we lack a tty, leave it as
22829 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22832 fix usage of (username) in conjunction with , and !
22836 catch the case where the user is not in the passwd file
22840 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
22845 define tty global to an initial value to avoid dumping core in
22846 logging functions when passwd file is unavailable.
22850 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
22855 talk about problem of ALL
22858 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
22865 fdesc bug is fixed in Open/Net BSD
22869 updates from Nieusma
22872 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22875 move compat.h after the system includes
22878 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22881 save errno from being clobbered by wait(). From Theo
22884 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
22887 fix an occurence of setresuid -> setreuid (typo)
22890 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
22893 check for path to strip
22896 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22899 deal with maxfilelen < 0 case
22906 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
22909 correct error message if mode/owner wrong and not statable by owner
22910 but is statable by root.
22913 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22915 * config.guess, config.sub:
22919 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22921 * CHANGES, RUNSON, TODO:
22925 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
22927 * parse.yacc, sudo.h:
22928 command_alias -> generic_alias
22929 [c404ca8c510d] [SUDO_1_5_3]
22932 added Runas_Alias example and fixed syntax errors
22935 * OPTIONS, options.h:
22936 updated MAILSUBJECT
22943 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22944 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
22945 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22946 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22947 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22948 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22953 * BUGS, emul/utime.h:
22958 document Runas_Alias
22966 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
22971 add size params to sprintf
22975 allow trailing space after '\\' but before '\n'
22979 off by one error in path size check
22986 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
22993 now warns if killed by signal ./
22996 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
22999 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
23004 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
23008 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
23012 Add Runas_Alias and simplify a rule.
23016 always store User_Alias's since they can be used inside of a runas
23017 list. Sigh. Really need a Runas_Alias instead.
23020 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
23023 deal with case where there is no sudoers file
23026 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
23032 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
23034 * HISTORY, testsudoers.c:
23035 developement -> development
23050 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
23053 removed seteuid() notes
23054 [1010a60f281d] [SUDO_1_5_2]
23056 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
23059 better seteuid() emulatino
23063 added check for seteuid
23070 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
23073 first stab at sequent support
23077 added HAVE_SYS_SELECT_H
23081 sequent -> _SEQUENT_
23085 added seteuid() macro for DYNIX
23089 _AIX -> HAVE_SYS_SELECT_H
23092 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
23094 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
23095 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
23096 testsudoers.c, tgetpass.c, utime.c, visudo.c:
23100 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
23101 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
23102 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
23103 pathnames.h.in, version.h:
23108 added -H and SUDO_PS1
23112 use SUDO_FUNC_FNMATCH
23116 added SUDO_FUNC_FNMATCH
23124 added MODE_RESET_HOME /
23127 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
23141 * compat.h, config.h.in:
23146 added HAVE_OPIE and changed to *_OTP_*
23153 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
23156 moved fclose() in skey stuff.
23159 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
23162 index -> strchr remove unnecesary stuff
23166 now call skeychallenge() to get challenge instead of making one up
23167 ourselves. this way, we get extra goodies in the prompt.
23170 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
23174 [3f5149357e2a] [SUDO_1_5_1]
23177 allow logins to start with a number (YUCK!)
23180 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
23183 added soalris 2.5 vs 2.4 note
23187 DUNIX doesn't need -lnsl
23191 *** empty log message ***
23194 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
23195 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
23196 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
23197 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
23198 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
23199 utime.c, version.h, visudo.c:
23203 * PORTING, README, RUNSON:
23207 * INSTALL, Makefile.in, TROUBLESHOOTING:
23212 *** empty log message ***
23215 * sudo.pod, visudo.pod:
23219 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
23225 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
23228 added $SUDO_PROMPT support
23231 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
23234 print long skey challemged to stderr, not stdout
23237 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
23247 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
23253 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
23256 use shost, not host for tgetpass
23260 documented %u and %h
23264 documented %u and %h
23271 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
23272 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23273 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23274 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
23275 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23276 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
23284 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
23286 * Makefile.in, configure.in, version.h:
23291 new tgetpass() params
23295 pass use and host to tgetpass
23299 added %u and %h escapes
23302 * OPTIONS, check.c, options.h:
23307 added cray (unicos) support
23310 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
23312 * OPTIONS, options.h, sudo.c:
23313 added SHELL_SETS_HOME
23316 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
23319 added note about "make install"
23323 changed length/size params from int to size_t
23327 now get CSOPS insults as well by default
23331 use csops insults too by default
23334 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
23339 added runas_homedir
23355 added "upgrading" notes
23358 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
23361 now do chmod and chown after edit of temp file and before rename
23362 [de174e34faa7] [SUDO_1_5_0]
23364 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
23367 ++version added INSTALL.configure
23370 * configure.in, version.h:
23375 *** empty log message ***
23383 sets $HOME to pw_dir of runas user
23387 document $HOME change
23390 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
23393 fixed up some wording
23396 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23397 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
23398 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
23403 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
23404 insults.h, options.h, pathnames.h.in, sudo.h:
23413 name nad type changes
23417 now works with new sudo
23425 some variable name changes + comment headers for functions.
23429 added extra paren's to make compilers happy
23433 *** empty log message ***
23437 now uses init_parser() if not in sudoers and tries "list" or
23438 "validate" scold but don't be nasty.
23442 now can use upper case login names
23446 now uses init_parser()
23454 added info about PASSWORD_TIMEOUT
23457 * INSTALL.configure:
23466 now dynamically allocates memory for the stacks -- no more
23471 -l now explands command aliases
23475 hacks to expand command aliases for `sudo -l'
23479 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
23483 added struct command_alias
23491 in compar() key should be first arg
23494 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
23501 can now deal with upcase HOST and USER names
23505 don't yell too loudly at non-sudoers if they do "sudo -l"
23516 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
23518 * parse.c, parse.yacc:
23519 added support for new `sudo -l' stuff
23523 now uses list_matches()
23527 added struct sudo_match
23531 now more -lgnumalloc
23534 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23537 added more paths for chown and whoami
23540 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
23546 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
23549 fixed DUNIX check for shadow pw
23553 now only turn off echo if it is already on. this fixes a race when
23554 you use sudo in a pipelin
23562 changed "test -z $foo && do_this" to if; then construct
23565 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
23568 added missing defines of SHADOW_TYPE
23571 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
23574 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
23579 added AUTH_CRYPT_C1CRYPT support
23583 no longer return VALIDATE_NOT_OK if there was a runas that didn't
23584 match. Now we can have runas stuff on more than one line.
23587 * getspwuid.c, sudo.c, tgetpass.c:
23588 use SHADOW_TYPE instead of HAVE_C2_SECURITY
23592 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
23597 removed HAVE_C2_SECURITY added SPW_BSD
23601 use SHADOW_TYPE instead of HAVE_C2_SECURITY
23605 SHADOW_TYPE is always defined so just against its value
23609 added SUDO_CHECK_SHADOW_DUNIX
23612 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
23615 * -> ?* in one example added another instance of (runas) and one of
23619 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
23622 added back check for config.cache from other host type
23626 removed an instance of \"
23634 updated wrt new wildcard matching
23638 new check for shadow passwords if we don't know anything
23642 new SUDO_CHECK_SHADOW_GENERIC
23646 added back check for -lsocket (oops)
23650 better (working) check for shadow passwd type if we know to use C2.
23654 now uses AC_CANONICAL_HOST to figure out os type
23658 added config.{guess,sub}
23662 removed unused stuff to figure out os type
23678 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23679 pathname. need to check against sudoers_args even if user_args is
23684 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23685 pathname need to check against sudoers_args even if user_args is nil
23688 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
23691 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
23695 now takes command line args and uses cmnd_args
23699 fill_args was adding an extra leading space
23702 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
23705 fixed dummy command_matches()
23717 now uses flat args string
23720 * parse.c, parse.lex:
23721 now uses flat arg string
23725 added cmnd_args def
23729 now sets cmnd_args global
23733 cmnd_args is now exported from sudo.[ch]
23736 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
23739 can't rely on cmnd_matches as much as I thought -- added some $$
23740 stuff back in to prevent namespace pollution problems.
23744 Simplified parse rules wrt runas and NOPASSWD (more consistent).
23747 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
23750 NOPASSWD may now have blanks before the ':' '(' only starts a
23751 'runas' if in the initial state to avoid collision with command args
23755 added checks for specific shadow passwd schemes
23759 added routines to check for specific shadow passwd types
23762 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
23765 added support for ncr boxen
23769 added support for detecting ncr boxen
23772 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
23775 added sinix support
23778 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
23781 added info about "config.cache from other other" error.
23785 now makes sure you don't have a config.cache file from another OS
23789 now sets $LIBS when needed to configure links with libs when doing
23790 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
23791 bigcrypt(3) if SPW_SECUREWARE
23799 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
23807 no more SPW_HPUX10 added HAVE_BIGCRYPT
23811 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
23815 SPW_SECUREWARE now uses bigcrypt
23818 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
23821 fixed 2 syntax errors
23825 root may now run ALL as ALL
23828 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
23831 fixed a typo/thinko that broke BSD's with sa_len
23834 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23836 * check.c, configure.in:
23837 updated AFS support
23841 added entry about /usr/ucb/cc
23845 prep no longer holds gcc binaries
23857 AFS allows long passwords
23861 fixed -u user support
23865 sudo -v now groks VALIDATE_OK_NOPASS
23869 fixed no_passwd vs. runas_matched
23873 took out stuff about NFS-mounting since it is no longer an issue
23877 added --with-libraries > --with-libpath --with-incpath
23881 was setting runas_matches to -1 in wrong place
23885 removed usersec.h which is not present in new AFS versions
23889 now deals with timeout <= 0
23897 BSD/OS >= 2.0 now uses shlicc instead of just gcc
23901 fixed backwards compatibility with sudo 1.4 sudoers mode for root
23902 readable/writable filesystems
23906 now gives INSTALL -c flag
23910 slightly simpler initialization of no_passwd and runas_matches
23914 added -u username support
23918 improved --with-libraries support
23921 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23924 added --with-incpath, --with-libpath, --with-libraries
23928 now initializes some fields that weren't getting set to -1 pretty
23929 gross -- need a rewrite.
23932 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
23939 no longer add -lPW to *_LIBS since we include alloca.c
23943 added HAVE_ALLOCA_H
23958 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
23961 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
23962 not always set to a valid uid.
23966 fixed entry for SUDO_MODE
23970 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
23971 being set to -2. Now beat NFS to the punch and set uid to "nobody"
23972 ourselves, preserving group 0 to read sudoers.
23976 moved set_perms(PERM_ROOT) to be before yyparse()
23984 no longer need AC_PROG_INSTALL
23988 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
23992 make clean -> make distclean
23995 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
23998 removed some unnecsary if's
24001 * Makefile.in, version.h:
24005 * parse.c, testsudoers.c:
24006 now includes netgroup.h
24010 removed cats of ioctl to int since they didn't shut up -Wall
24014 explicately cast ioctl() to int since it it not always declared
24018 added declarations for yyparse() and yylex()
24022 fixed an occurence of '==' -> '='
24025 * config.h.in, configure.in:
24026 added check for netgroup.h
24030 fixed 2 compiler warnings
24034 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
24038 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
24044 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
24047 fixed a formatting thingie
24050 * parse.c, parse.yacc:
24051 fixed -u support with multiple user lists on a line
24055 unixware needs -lgen
24059 updated ftp location
24063 add net_addr/netmask support
24067 added net_addr/mask example
24070 * parse.c, parse.lex:
24071 added support for net_addr/netmask
24074 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
24080 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
24090 * BUGS, TODO, TROUBLESHOOTING:
24095 updated with examples of new stuff
24103 updated wrt -u and NOPASSWD
24107 updated wrt -u and CAVEATS
24110 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
24117 now use :foo: character classes (makes no diff for generated lexer)
24120 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
24123 fixed LONG_SKEY_PROMPT stuff
24126 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
24133 make more like NetBSD one -- now compiles w/o warnings
24137 fixed decls of lsearch()
24140 * config.h.in, configure.in, getspwuid.c:
24145 hpux 10 uses bigcrypt() if C2
24148 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
24151 now always uses fnmatch to match args
24155 back to using stdio instead of raw i/o since that caused some
24159 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
24162 now give usage warning if use -l,-v,-k with args
24165 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
24168 NewArgc is now set to 1 for -l, -v, -k
24172 now sets sudoers to correct group if mode is 0400
24176 updated to version used by inn and bind
24180 now uses -lgnumalloc if it exists
24184 "make install" now sets uid/gid and mode on sudoers if it exists
24188 rmeoved debugging statements
24192 added a missing free()
24196 now uses user_gid instead of getegid (which was wrong anyway) to set
24197 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
24198 (logging.c depends on args being in the environment)
24202 now uses SUDO_COMMAND envariable to get command args rather than
24203 building it up again.
24211 fixed off by one error in allocation NewArgv
24215 in sudoers, 'command ""' now means command with no args
24219 added check for fnmatch(3) and fnmatch.h
24227 replaced wildcat.* with fnmatch.*
24234 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
24237 now uses fnmatch() instead of wildmat a trailing star (*) by itself
24238 now matches multiple args added support for wildcards in the
24239 pathname in sudoers
24242 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
24245 now includes compat.h and config.h
24249 added HAVE_FNMATCH_H
24253 now checks for alloca() (if needed by bison or dce) and links with
24254 -lPW if it contains alloca() and libv and compiler do not.
24257 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
24261 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
24264 now fixes mode on sudoers if set to 0400 to aid in upgrade
24267 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
24270 fixed pod2man usage
24273 * Makefile.in, configure.in, version.h:
24277 * testsudoers.c, visudo.c:
24278 runas_user is now initialized to "root"
24282 removed PERM_FULL_ROOT
24286 runas_user defaults to "root" so no more need to PERM_RUNAS
24290 will now only running commands as root if there was no runas list
24291 (or if root is in the runas list)
24299 runas_matches is now set to false if we get a negative match
24303 make #uid work + some minor cleanup
24307 added support for NOPASSWD and "runas" from garp@opustel.com /
24311 added support for "runas" from garp@opustel.com replaced
24312 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
24317 added support for "runas" from garp@opustel.com
24321 added support for NO_PASSWD and runas from garp@opustel.com replaced
24322 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
24327 added support for NO_PASSWD and runas from garp@opustel.com replaced
24328 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
24333 added support for NO_PASSWD and runas from garp@opustel.com
24336 * parse.c, parse.lex:
24337 added support for NO_PASSWD and runas from garp@opustel.com
24341 added support for SUDOERS_WRONG_MODE and "runas"
24345 added --with-CC only link with -lshadow on linux (with shadow pw) if
24346 libc lacks getspnam()
24349 * OPTIONS, options.h:
24350 removed NO_PASSWD since it is not possible to do this in the sudoers
24351 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
24352 SUDOERS_GID. Added SUDOERS_MODE.
24356 now uses SUDOERS_UID and SUDOERS_GID
24359 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
24365 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
24368 added double quote support
24372 documented double quoting
24375 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
24382 fixed some indentation
24390 added install-dirs .
24393 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
24396 new version from "Jeff A. Earickson" <jaearick@colby.edu>
24399 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
24402 $CSOPS -> $with_csops (whoops, missed one)
24410 FQHOST now has same constraints as non-FQHOST
24414 added note about OS's w/ shadow passwords turned on by default
24417 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
24424 added support for --without-THING sanitized shadow pw situtation by
24430 fixed a typo wrt placement of an end paren
24434 was closing an fd that may not have been opened
24437 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
24439 * OPTIONS, options.h, sudo.c:
24443 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
24446 now always use shadow pw on some arches
24449 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
24452 added pyramid support
24456 no longer check for C2 if alternate passwd method is used no longer
24457 check for some libs twice
24461 moved fqdn stuff into parse.lex (FQHOST)
24469 now define TCSASOFT in necesary
24473 now uses read/write instead of stdio string goop to avoid problems
24477 * OPTIONS, find_path.c, options.h:
24478 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
24481 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
24484 added note about no shadow auto-detect if using alternate auth
24489 don't check for C2 if AFS or DCE (unless they said --with-C2)
24496 * OPTIONS, find_path.c, options.h:
24500 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
24503 checkdot now works correctly
24506 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
24509 can't have DCE and C2 passwords both...
24512 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
24514 * parse.yacc, sudo.c, sudo.h, visudo.c:
24515 now uses shost even if not FQDN
24519 now looks for skey in /usr/lib and doesn't require libskey to be in
24520 /usr/local/lib just because skey.h is (for my netbsd box :-)
24523 * aclocal.m4, config.h.in, pathnames.h.in:
24524 _SUDO_PATH_ -> _CONFIG_PATH_
24527 * aclocal.m4, sudo.pod:
24528 /var/run/.odus -> /var/run/sudo
24532 now uses _SUDO_PATH_TIMEDIR
24539 * aclocal.m4, configure.in:
24544 added _SUDO_PATH_TIMEDIR
24548 updated wrt /var/run/sudo
24552 added support for shost if FQDN
24555 * parse.yacc, visudo.c:
24556 now uses shost if FQDN
24560 Now use skeylookup() instead off skeychallenge()
24563 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
24566 mail_argv should not contain ALERTMAIL as it includes "-t"
24569 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
24571 * INSTALL, Makefile.in, README, configure.in, version.h:
24576 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
24580 now includes limits.h moved _PASSWD_LEN -> compat.h
24583 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24601 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
24608 done for 1.4.1 (I hope)
24612 added info on wildcards
24616 added wildcard example
24620 now uses *.pod to build *.man and *.cat & *.html
24624 addedSUDO_PROG_BSHELL !ll
24628 fixed up some formatting
24632 redid section describing sample sudoers stuff
24636 fixed some formatting
24640 now treats "" as bourne shell
24644 TESTOBJS nwo includes wildmat.o
24648 now works with NewArg[cv]
24652 removed an XXX (fixed it in getspwuid.c)
24656 added check for bourne shell
24664 added _SUDO_PATH_BSHELL
24667 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
24670 unixware vi returns 256 instead of 0
24678 fixed up some XXX's. file log format now looks a little more like
24679 real syslog(3) format.
24682 * README, TROUBLESHOOTING:
24683 updated wrt lex/flex
24687 commented out rule to build lex.yy.c from parse.lex since we ship
24688 with a pre-flex'd parser
24691 * parse.c, parse.yacc, visudo.c:
24692 path_matches -> command_matches
24696 eliminated some strcat()'s
24700 no longer checks for lex/flex (now assumes flex)
24704 now checks for $kerb_dir_candidate/krb.h instead of just
24708 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24711 now use a 'hook' expression instead of an iffy one :-)
24714 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24717 now works with new sudo arg stuff
24721 fixed dereferencing deadbeef
24725 changed an occurrence of Argv to NewArgv
24729 took out support for quoted commands since there is no need...
24733 fixed a typo in a for() loop
24737 protected against dereferencing rogue pointers
24741 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
24742 also allows us to eliminate some kludges in parse_args() and
24743 eliminate superfluous code.
24747 no longer uses cmnd_args, now uses NewArgv instead.
24751 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
24756 added wildmat.c to SRCS & SUDOBJS
24760 COMMAND is now a struct containing the path and args
24764 replaced append() with fill_cmnd() and fill_args. command args from
24765 a sudoers entry are now stored in an arrary for easy matching.
24769 command line args from sudoers file are now in an array like ones
24770 passed in from the command line
24773 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
24776 wildwat stuff now works
24779 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
24786 ++version added wildmat.*
24789 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
24792 added support for quoted commands (w/ or w/o args)
24795 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24797 * sudo.pod, visudo.pod:
24798 cleaned up formatting
24801 * sudo.pod, visudo.pod:
24805 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
24808 looks reasonable, could be mroe readable
24815 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
24822 updated NO_ROOT_SUDO entry
24825 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
24828 *** empty log message ***
24829 [5b63de579ff7] [SUDO_1_4_0]
24840 AIX aixcrypt.exp now uses $(srcdir)
24844 added entry for anal ansi compilers
24847 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
24850 added info on libcrypt_i for SCO
24854 *** empty log message ***
24869 * INSTALL, OPTIONS, README, config.h.in, configure.in:
24874 ++version and fixed ISC
24877 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
24878 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
24879 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
24880 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
24886 added STUB_LOAD_INTERFACES ++version
24889 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
24895 added info about fd_set in tgetpass added info on interfaces.c
24898 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
24909 tgetpass.o is now only linked in with sudo (not visudo)
24912 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
24914 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
24920 added copyright notice
24923 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
24924 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24925 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
24926 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
24927 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
24932 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
24936 ISC now gets -lcrypt now check for sys/bsdtypes.h
24940 added check for sys/bsdtypes.h
24943 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
24946 removed debugging stuff (setting freed ptr to NULL)
24958 added section on syslog
24962 added AC_ISC_POSIX for better ISC support
24970 added define for _POSIX_SOURCE
24973 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
24976 fixed check for lsearch()
24979 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
24982 fixed for AIX now deal if num_interfaces == 0 (should not happen)
24985 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
24988 now only define HAVE_LSEARCH if there is a corresponding search.h
24995 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
24998 now define HAVE_LSEARCH if we find lsearch() in libcompat
25002 char * -> const char *
25006 now looks in -lcompat for lsearch()
25010 remove sudo.core visudo.core for clan target
25014 added UID_MAX support in check for MAX_UID_T_LEN
25018 fixed another occurence of sudo_getpwuid.*
25021 * Makefile.in, getspwuid.c:
25022 sudo_getpwuid.c -> getspwuid.c
25029 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
25030 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
25031 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25032 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25033 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25034 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25035 version.h, visudo.c:
25040 added group support
25048 documented group support
25051 * parse.c, parse.lex, parse.yacc, visudo.c:
25052 added group support
25055 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
25058 tkfile was too short and overflowed the kerberos realm
25061 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
25064 now copy command args directly from Argv
25068 replaced code to copy cmnd_args so that is does not use realloc
25069 since most realloc()'s really stink
25072 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
25075 syslog() fixed in hpux 10.01
25078 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
25081 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
25085 better error if cannot find skey incs or libs
25089 now use a temp file for determining max len of uid_t in string form.
25090 the old hacky way broke on netbsd
25094 added set of parens and a space
25097 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
25100 fixes from Jeff Earickson <jaearick@colby.edu> ,
25108 fixed up testsudoers target
25112 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
25113 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
25117 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
25121 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25124 fix for C2 on hpux 10 now uses -linet if it exists
25128 LONG_SKEY_PROMPT is less of a klusge /
25132 fixed typos w/ dce stuff
25139 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
25142 amended section on combining authentication mechanisms
25146 minor updates for 1.3.6
25150 added 2 more entries
25162 rewrote for sudo 1.3.6
25169 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
25171 * find_path.c, getspwuid.c, sudo.c:
25172 added explict casts for strdup since many includes don't prototype
25177 removed prototype for sudo_getpwuid() since convex C compiler choked
25182 added prototype for sudo_getpwuid()
25186 now compiles on strict ANSI compilers
25190 added LONG_SKEY_PROMPT support
25194 added extra $'s for make to eat up, yum.
25197 * OPTIONS, options.h:
25198 added LONG_SKEY_PROMPT
25201 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
25204 s/key support now works with normal s/key as well as logdaemon
25207 * OPTIONS, options.h:
25212 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
25216 added DCE note added more AIX notes
25220 now include pthread.h for DCE support
25224 dce_pwent() is ok after all .,
25228 now uses SYSLOG() macro that equates to either syslog() or
25233 minor formatting changes. renamed check() to somthing less generic
25236 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
25238 now uses user_pw_ent and simple macros to get at the contents
25241 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25244 simpler dec unix C2 support
25248 now sets crypt_type for DEC unix C2
25251 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
25254 added csops paths for skey
25258 now includes string.h for strdup() prototype
25266 now includes skey.h
25274 moved a lot of the shadow passwd crap to sudo_getpwuid()
25278 now uses sudo_pw_ent
25282 now uses sudo_pw_ent
25286 now sets sudo_pw_ent
25294 moved dce stuff into compat.h
25297 * logging.c, sudo.h:
25298 now uses sudo_pw_ent
25302 added sudo_getpwuid.c
25310 now uses sudo_pw_ent
25313 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
25316 fixed exempt_group stuff for OS's that don't put base gid in group
25321 S/Key support now works with sunos4 shadow passwords
25328 * config.h.in, configure.in:
25337 first stab at dce support
25341 now smells like sudo
25349 skey'd sudo now works w/ normal password as well
25352 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
25354 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
25355 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25356 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25357 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25358 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25359 version.h, visudo.c:
25360 updated version number
25364 updated to reflect version change
25368 --with options now line up ++version
25372 removed unecesary S/Key stuff
25376 fixed S/Key support
25380 -I stuff now goes in CPPFLAGS
25392 fixed description of EXEMPTGROUP
25396 more people use _RLD_ than just alphas...
25400 replaced $man_prefix with $mandir
25408 now use more GNU'ish dir names
25412 now set *dir correctly (can override from command line)
25416 now deal with situations where we getwd() fails
25419 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
25422 added etc_dir, bin_dir, sbin_dir
25430 now ship a flex-generated lex.yy.c
25434 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
25438 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
25442 no more error for redefining SUDOERS_OWNER
25446 expanded SUDOERS_OWNER section
25449 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25452 now warn if chown(2) failed
25456 better default warning for NO_SUDOERS_FILE
25460 added missing set_perms() no more cryptic message if the sudoers
25461 file is zero length, now just give a parse error
25465 better diagnostics if NO_SUDOERS_FILE
25469 check_sudoers() now catches sudoers files that are not readable (but
25473 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
25476 now add -D__STDC__ for convex cc (not gcc)
25480 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
25484 now uses exec_prefix & prefix from configure
25487 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
25488 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
25490 options.h is now <> instead of "" so shadow build trees can have a
25491 custom copy of options.h
25495 user_is_exempt() is no longer a hack, it now uses getgrnam()
25499 EXEMPTGROUP is now "sudo"
25503 MAN_POSTINSTALL now contains a leading space
25507 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
25508 testsudoers in clean:
25512 includes pwd.h to get _PASSWD_LEN definition
25515 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
25518 unset the KRB_CONF envariable if using kerberos so we don't get
25519 spoofed into using a bogus server
25522 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
25525 now explicately initialize match[] tp be FALSE
25528 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
25531 removed unused variable now passes -Wall
25535 yyerror and dumpaliases are now void's now passes -Wall
25539 added prototype for yyerror
25542 * check.c, logging.c, parse.c:
25547 rmeoved unused cruft now passes -Wall
25551 fixed headers that moved to emul dir
25555 fixed deref of nil pointer if no args
25558 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
25561 added a caveat to FQDN section
25564 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
25567 more $srcdir support for install targets
25570 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
25571 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
25572 don't include malloc.h if we include stdlib.h
25576 local search.h now lives in emul
25579 * check.c, utime.c:
25580 local utime.h now lives in emul dir
25584 local search.h now lives in emul
25588 added support for building in other than the sourcedir
25591 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
25594 annotated CSOPS_INSULTS option
25598 updated shadow passwords blurb
25602 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
25603 passes along foo as the arguments
25606 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
25609 collapsed pathname and dir sections into one -- its now less
25614 fixed spacing quoting [,:\\=] now works correctly append() and
25615 fill() now take args to make the above work
25619 fixed a typo that caused commands with no tty on fd 0 but a tty on
25620 fd 1 to erroneously have "none" as their tty
25623 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
25626 timestampfile is now a global static removed decl of timestampfile
25627 in remove_timestamp since we can just use the global one
25631 created touch() to update timestamps added USE_TTY_TICKETS support
25636 added _S_IFDIR and S_ISDIR
25639 * OPTIONS, options.h:
25640 added USE_TTY_TICKETS
25644 removed const from casts for lsearch() & lfind() to placate irix 4.x
25648 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
25651 now only strip '/dev/' off of a tty if it starts with '/dev/'
25659 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
25664 fixed incorrect #ifdef termio uses "unsigned short" not int for
25668 * parse.lex, parse.yacc:
25669 fixed a spelling error
25676 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
25683 added dotcat() to cat 2 strings w/ a dot effeciently now that we
25684 dynamically allocate strings they need to be free()'d
25688 dynamically allocates space for strings
25692 no more MAXCOMMANDLENGTH
25699 * logging.c, sudo.c:
25700 moved tty stuff into sudo.c
25703 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
25706 fixed a logic bug. Was denying a command if user gave command line
25707 args but there were none in the sudoers file which is wrong.
25711 MAXCOMMMANDLEN dropped down to 1K
25715 return foo; -> return(foo);
25719 fixed netgr_matches() prototype
25723 added support for escaping "termination" characters
25727 buf is now of size MAXPATHLEN+1 since it never holds command args
25735 fixed negation problem (doh!)
25739 fixed 2nd parameter to lfind()
25743 now do bounds checking in fill() and append()
25747 include netdb.h as we should added a missing void cast added
25748 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
25749 realloc actually moved the string instead of shrinking it
25753 updated with examples of new features
25757 now set errno to EACCES if not a regular file or not executable
25761 if given a fully-qualified or relative path we now check it with
25762 sudo_goodpath() and error out with the appropriate error message if
25763 the file does not exist or is not executable
25766 * emul/search.h, lsearch.c:
25767 now use correct args for lfind
25775 added in CSOps insults
25787 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
25791 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
25795 fixed -k load_interfaces() now gets called if FQDN is set
25796 -p now works with -s
25800 don't try to stat() "pseudo commands" like "validate"
25804 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
25808 added SecurID support added other insults to --with-csops
25816 added clobber target added ins_csops.h now gets CFLAGS from
25821 relaxed SUDO_FULL_VOID
25825 function comment blocks are now in same style as rest of code
25829 added support for command line args in /etc/sudoers
25833 updated to have command args in the sudoers file
25837 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
25840 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
25843 PATH renamed to COMMAND
25847 it is now a parse error for directories to have args attached to
25852 now say command args if telling user to buzz off
25856 -s no longer indicates end of args sped up loading on cmnd_args in
25861 removed an unreachable statement
25865 made more efficient by pulling out the terminators when in GOTCMND
25866 state and making them their own rule
25869 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
25872 removed MAXLOGLEN since it is no longer used
25876 now allows command args
25880 now groks command arguments
25884 now sets tty correctly when piped input
25888 fixed loading of cmnd_args (was including command name too)
25892 fixed a core dump due to incorrect if construct
25895 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
25898 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
25902 fixed check for ISC
25906 now sets cmnd_args used by log_error() and that will be used by the
25907 parse to check against command args
25915 now dynamically allocate logline since we can guess at its size
25918 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
25921 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
25922 "register" since the compiler knows more than I do now do a
25923 "basename" of the tty
25926 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
25933 added shell extern changed MODE_* to be bit masks to allow for
25934 several options together
25938 added -s (shell) option made MODE_* masks so we can do bitwise & and
25939 | to see if multiple flags are set.
25943 added securid support
25946 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
25949 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
25952 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
25954 * Makefile.in, version.h:
25958 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
25961 fixed free() of an uninitialized pointer (yuck)
25965 added netgr_matches
25969 cleaned up netgr_matches
25972 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
25978 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
25981 now installs sudoers.man -- really should clean this up though.
25985 added sudoers.cat and sudoers.man
25989 pulled out stuff on the sudoers file format into a separate man page
25997 fixed up my email address
26001 added checks for innetgr and getdomainname
26005 added dummy netgr_matches function
26009 added netgr_matches
26012 * parse.lex, parse.yacc:
26013 added NETGROUP support
26017 added HAVE_INNETGR & HAVE_GETDOMAINNAME
26020 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26023 rewrote clean_env() that has rm_env() builtin
26026 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
26029 now cast uid to long in sprintf
26033 added _INSULTS suffix to HAL & GOONS end
26037 added _INSULTS suffix to HAL & GOONS
26040 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
26041 converted to new scheme of insult "unions" end
26045 now uses MAX_UID_T_LEN
26049 added SUDO_UID_T_LEN !l
26053 added MAX_UID_T_LEN
26057 now use MAX_UID_T_LEN
26061 added check for max len of uid_t fixed sco vs. isc check
26064 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
26075 hack to check for sco
26079 removed #include <net/route.h> since it was hosing some OS's
26082 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
26085 fixed prreadlink() prototype
26089 added parens in #if's
26097 moved SPW_* to config.h.in
26101 added a set of parens
26109 added SPW_* reordered error codes
26113 moved SPW_* to sudo.h
26116 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
26119 SPW_AUTH -> SPW_SECUREWARE
26123 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
26131 SPW_AUTH -> SPW_SECUREWARE
26135 now uses SHADOW_TYPE to make shadow pw support more readable and
26136 modular. It's a start...
26140 added autodetection of shadow passwords
26144 now uses SHADOW_TYPE define
26148 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
26152 added SUDO_CHECK_SHADOW
26155 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
26158 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
26159 memmove() since we dno longer use it...
26167 added BROKEN_SYSLOG support
26171 added BROKEN_SYSLOG
26175 now only bitch it timestamp > time_now + 2 * timeout to allow for a
26176 machine udpating its time from a server
26180 added 2 security notes updated Nieusma's email addr
26184 changed a memmove() to memcpy() since we don't have to worry about
26185 overlapping segments.
26188 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
26191 cleanup up the loop when interfaces are groped in so that it is
26195 * Makefile.in, version.h:
26199 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
26205 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
26208 fixed permissions check on /tmp/.odus
26211 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
26214 fixed some comments
26218 now checks owner & mode of timedir also checks for bogus dates on
26223 updated TIMEOUT info
26226 * logging.c, sudo.h:
26227 added BAD_STAMPDIR and BAD_STAMPFILE
26231 added definition of S_IRWXU
26238 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
26241 added #ifdef to make it compile on strange arches
26244 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
26247 fixed check for fulkl void impl.
26251 added mssing "static"
26255 replaced #elif with #else #if constructs for ancient C compilers
26259 updated irix c2 & kerb5 info
26263 added shadow pw support for irix
26266 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
26273 last changes for sudo 1.3.3
26277 now calls SUDO_SOCK_SA_LEN
26285 added SUDO_SOCK_SA_LEN
26289 now works with ip implementations that use sa_len in sockaddr
26293 added note about buggy AIX compiler
26297 now include sys/time.h for AIX
26300 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
26307 now works for ISC and others. yay.
26310 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
26312 * Makefile.in, version.h:
26316 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
26319 fixed test for full void impl
26323 now check to see that st_dev is non-zero before assuming that we are
26327 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
26329 * aclocal.m4, configure.in:
26330 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
26333 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
26336 fixed include file order for SUDO_FUNC_UTIME_POSIX
26340 added cast for ttyname()
26348 now deal correctly with all known variation of utime() -- yippe
26352 added SUDO_FUNC_UTIME_POSIX
26356 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
26360 added HAVE_UTIME_POSIX
26368 no longer assume !HAVE_UTIME_NULL means old BSD utime()
26372 fixed fascist C compiler warning
26376 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
26377 to 0 (just to be anal)
26380 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
26383 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
26391 reworked the ISC code
26394 * Makefile.in, version.h:
26399 now expect old-style utime(3) if utime() can't take NULL as an arg
26403 added check for utime.h
26411 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
26415 now search for kerb libs and includes
26419 added support for utime(2)'s that can't take a NULL parameter
26423 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
26427 added utime(s) stuff
26435 added HAVE_UTIME and HAVE_UTIME_NULL
26438 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
26441 now use HAVE_UTIME_NULL
26444 * emul/utime.h, utime.c:
26449 need to setuid(0) to make kerb4 stuff work.
26453 no more special case for kerberos
26457 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
26462 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
26467 now use private ticket file for kerberos support to avoid trouncing
26471 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
26474 added SPOOF_ATTEMPT & cmnd_st
26478 added anti-spoofing support
26482 now use global cmnd_st
26486 added SPOOF_ATTEMPT suypport
26489 * testsudoers.c, visudo.c:
26490 added void casts where appropriate
26494 fixed up spacing and added void casts where appropriate
26498 fixed problem with "-p prompt" but no args
26501 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
26504 added BUGS and annotated -l description
26508 validate() now takes a flag
26512 validate() now takes a flag added -l
26516 added support for -l
26520 validate() now takes a flag that says whether or not to check the
26524 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
26527 now deals with Argv == 1
26535 added prompt support reworked parse_args()
26547 now use BUFSIZ as length of kerb password added kpass so pass is
26548 always a char * now use prompt global when asking for a password
26552 now use BUFSIZ as _PASSWD_LEN if using kerberos
26559 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
26562 only look for -lufc or -lcrypt if crypt() not in libc
26566 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
26567 (unknown user) silently fail
26575 HAVE_KERBEROS -> HAVE_KERB4
26579 removed debugging printf
26583 KERBEROS -> KERB4 added checks for setreuid & setresuid
26587 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
26591 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
26592 with setresuid if applic
26596 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
26597 no setreuid() or a broken one
26600 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
26603 added kerberos support
26607 added HAVE_KERBEROS
26611 added KERBEROS support (long passwords)
26615 added kerberos support
26618 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
26621 added MODE_BACKGROUND
26625 escaped dashes added -b option
26633 added crypt() for osf/1 3.x enhanced secuiry
26637 now check for -lcrypt
26641 added ENXIO like EADDRNOTAVAIL
26644 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
26647 now emulate getwd(), not getcwd()
26651 getcwd() -> getwd()
26658 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
26660 * ins_2001.h, ins_classic.h, ins_goons.h:
26665 broke out insults into separate include files
26668 * OPTIONS, options.h:
26673 added ins_2001.h ins_classic.h ins_goons.h
26676 * Makefile.in, version.h:
26681 moved signal handler setup to setup_signals()
26685 added load_interfaces()
26689 moved load_interfaces to interfaces.c
26696 * OPTIONS, options.h:
26701 now uses clearaliases variable
26709 added interfaces.[co]
26713 now uses ip addrs and netmasks via load_interfaces()
26717 now remove IFS instead of setting to "sane" value
26720 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
26726 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
26729 sudo_goodpath.c-> goodpath.c
26733 added Andy's new ISC changes
26736 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
26739 added a sentence to SECURE_PATH info
26754 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
26760 * Makefile.in, version.h:
26765 sendmail is now looked for in
\17/usr/ucblib
26781 added unixware case
26785 user_is_exempt is no longer hidden
26793 isc and riscos changes
26797 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
26801 fixed a typo and added testsudoers stuff
26808 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
26811 applied fixed patch from Chris
26814 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
26821 added a set of braces for bison
26825 merged in Chris' changes to dekludge the parser.
26829 send_mail() was calling find_path() which is wrong since find_path()
26830 stores cmnd in a static var. Anyhow, it doesn't make much sense
26831 since MAILER should always be fully qualified
26834 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
26837 added User_Alias stuff
26841 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
26845 added DEC UNIX 3.0 w/ gcc
26849 Exit was being used in places where exit should be used
26853 added "User alias specification"
26857 fixed probs caused by making nslots and naliases a size_t
26861 added KSR, upped rev to 1.3.1b2
26864 * logging.c, parse.yacc:
26869 void * -> VOID * naliases and nslots are now size_t to appease
26870 lsearch on 64-bit machines
26873 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
26876 did a bunch of things and added a bunch :-)
26884 closer to BSD manpage style
26888 closer to standard BSD man format
26891 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
26892 pathnames.h.in, sudo.h, version.h:
26897 removed crufty #defines that are no longer used
26905 updated based on sudo changes
26909 now allow ALL keyword in User_Aliases now allow ALL keyword as well
26918 now sets SUDO_COMMAND and SUDO_GID envariables.
26922 fixed bug with full void impl check
26926 fixed User_Alias supoprt
26930 added stubs for User_Alias support
26934 now sets removes # bogus interfaces from num_interfaces
26938 added User_Alias support
26941 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
26944 removed extraneous TODO
26947 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
26950 ntwk_matches -> addr_matches
26954 ntwk_matches -> addr_matches
26958 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
26959 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
26964 took out debugging info
26968 OS was being set to unknown before non-uname based host checks.
26969 This caused no checks to happen since $OS was not zero-length.
26973 fixed loading of interfaces struct still has debugging info in
26981 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
26992 removed extraneous extern decl of "top
27000 removed parser_cleanup (no need for it now)
27004 now calls reset_aliases() directly
27007 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
27010 added a sentence to SECURE_PATH description
27014 fixed my stupid bug where I used NAMLEN on something I wanted to
27015 just get the name from. argh.
27018 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
27021 fixed argument order of memmove() that i hosed when converting from
27026 finally fixed DISTFILES line
27034 added missing files to DISTFILES
27038 SUPPORTED -> RUNSON
27041 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
27048 updated for pl5b1 release
27056 fixed bug where if you hit return at first sudo prompt it would
27057 still log as a failure
27065 better test for bogus void * implementation
27069 added PASSWORDS_NOT_CORRECT
27073 added PASSWORDS_NOT_CORRECT stuff]
27077 added PASSWORDS_NOT_CORRECT
27085 removed some unused vars and fixed up uid2str
27092 * getcwd.c, getwd.c:
27096 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
27099 fixed a typo I introduced in the last checkin :-(
27103 can't have #ifdef's where N is defined so just do this the broken
27108 better hack from Chris (but still a hack)
27112 stupid hack for broken aix lex
27116 now includes compat.h
\ 6
27120 now includes fcntl.h
27124 added FD_SET and FD_ZERO for 4.2BSD
27128 dirty hack to fix parser bug. i don't really like this but it works
27133 uid2str is now static like the prototype says
27136 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
27138 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
27147 check_sudoers now returns an error code and sudo calls inform_user
27148 and log_error based on the return value.
27151 * logging.c, sudo.h:
27152 added entries for new errors
27156 now set uid to that of SUDOERS_OWNER while parsing sudoers file
27160 took out testsudoers
\ 6
27164 now explicately checks that it is setuid root
27168 If a user has no passwd entry sudo would segv (writing to a garbage
27169 pointer). Now allocate space before writing :-)
27173 reordered AC_CHECK_FUNCS
27180 * tgetpass.c, visudo.c:
27185 bzero -> memset when a parse error is logged the line number of the
27186 error is now logged too
27190 added Sunos to blurb about c2 security
27194 added a SUN4 define for C2 security
27198 bcopy -> memmove bzero -> memset
27202 bcopy -> memmove char * -> VOID *
27206 added support for sunos with C2 security
27209 * OPTIONS, options.h:
27214 _PATH_SUDO_LOGFILE now set based on configure
27218 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
27222 added _SUDO_PATH_LOGFILE
27226 added SUDO_LOGFILE to find where to put sudo.log added
27227 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
27228 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
27231 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
27238 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
27239 to work around a problem is trusted hpux shadow passwords. yuck.
27243 backed out a change in malloc/realloc
27247 now include stdlib.h
27251 now do an freopen() of the stmp file so that yyin will always point
27252 to the same thing. This is important for flex since we are doing a
27257 replaced yywrap() with parser_cleanup() since yywrap() needs to be
27258 in parse.lex to be able to use YY_NEW_FILE. sigh.
27262 now have a rule that matches anything that doesn't match an
27263 explicite rule. well, you know what i mean (. matches anything not
27264 yet matched). However, this means that there is input still queued
27265 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
27266 into parse.lex and it calls parser_cleanup() which is most of the
27274 * getcwd.c, getwd.c:
27275 moved compat.h to be the last include file
27279 fixed type of aliascmp() args
27287 added casts to lfind and lsearch args for irix
27291 bsdinstall -> install-sh
27295 added info about make realclean
27299 updated VERSION added dependencies for visudo.cat
27311 now there is a real visudo.man and visudo.cat
27315 took out visudo stuff
27322 * parse.c, parse.lex, parse.yacc:
27331 updated Nieusma & Hieb email addresses
27335 updated to include options.h and OPTIONS
27343 eliminated bug #1 (yay)
27347 sunos no longer gets linked statically
27350 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
27353 prototype now uses __P()
27357 make fill() non-ansi
27361 made -v (validate) work
27369 don't check for execute/statable if fq or relative path given
27377 now include ctype.h for islower and tolower macros
27381 moved _S_IFMT & _S_ISREG to compat.h
27385 moved a set of parens
27389 now include compat.h
27397 now cast malloc & realloc return vals added search for HAVE_LSEARCH
27398 now use strcmp if no strcasecmp available
27406 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
27407 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
27411 added _S_IFMT, _S_IFREG, and S_ISREG
27415 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
27416 to most SUDO_* macros
27424 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
27425 AC_INSTALL_PROG instead of custom one added check for fully woorking
27426 void implementation
27430 added lsearch & search.h visudo links into $(LIBOBJS)
27434 partial 1.x to 2.x changes added SUDO_FULL_VOID
27438 whatnow_help was prototyped to be static be was not declared as
27443 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
27444 for dirent/dir/ndir.h
27448 now use groovy gnu autoconf macro AC_HEADER_DIRENT
27451 * getcwd.c, getwd.c:
27452 MAXPATHLEN -> MAXPATHLEN+1
27455 * emul/search.h, lsearch.c:
27459 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
27462 eliminated bison warnings
27470 now iincludes signal.h
27474 only clear data structures on a parse error
27478 whatnow() now gives help on invalid input
27482 added a whatnow() function (sort of like mh)
27486 kill_aliases -> reset_aliases yywrap() now cleans up by calling
27487 reset_aliases() and clearing top took reset stuff out of yyerror()
27488 since it doesn't beling there (and doesn't work anyway). errorlineno
27489 is now initially set to -1 so we can set it to the first error that
27490 occurrs (it was getting set to the last)
27498 rewrote from scratch based on 4.3BSD vipw.c
27501 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
27508 no more sudo_realpath() and find_path() changed params
27512 find_path() changed since no more realpath()
27516 on error, errorlineno is set to the line where the error occurred
27517 added kill_aliases() to free the aliases struct now clean up in
27518 yyerror() so we can reparse cleanly
27521 * options.h, parse.c:
27522 no more USE_REALPATH
27526 changed to use new find_path()
27530 removed all the realpath() stuff
27534 sudo_realpath.c -> sudo_goodpath.c
27538 now works correctly with utk parser
27546 eliminated a compiler warning
27550 elinated compiler warning
27554 added sudo_goodpath()
27558 added prototype for sudo_goodpath
27562 added support for /sys/dir.h
27566 USE_REALPATH turned off
27570 added calls to sudo_goodpath()
27574 added check for dirent.h
27578 added HAVE_DIRENT_H
27582 added in linux shadow pass stuff
\ 6
27585 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
27588 added back host, user, cmnd, parse_error
27592 added in utk changes plus some minor cosmetic changes
27595 * sudo.c, sudo_realpath.c:
27596 added void casts for printf's
27600 added a define of USE_REALPATH
27604 there is no more visudoers/Makefile
27608 added in utk changes (visudo is now built from the toplevel)
27612 added (void) casts to printf's
27615 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
27616 merged in utk changes
27619 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
27622 now check to see that what we are trying to run is a file (or a link
27623 to a file, we do a stat(2) so there is no diff)
27626 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
27633 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
27637 added myself as maintainer
27640 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
27643 changed setegid -> setgid
27646 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
27649 fixed the test for irix 5.x to skip bad libs
27653 now initialize OS and OSREV
27656 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
27663 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
27667 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
27670 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
27671 thing wrt yyrestart (grrrr)
27674 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
27677 added visudoers/compat.h to DISTFILES
27685 added ocmnd declaration adjusted for find_path()'s new parameters
27689 added ocmnd extern adjusted find_path() prototype
27693 cmndcmp() now takes 3 arguments and checks against the qualified as
27694 well as the unqualified pathname. more code that should use
27695 cmndcmp() but did not, now does
27703 changed to use new find_path() parameter passing
27707 find_path() now takes 2 copyout parameters (one for the qualified
27708 pathname and one for the unqualified pathname). The third parameter
27713 no longer munge pathnames.h
27717 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
27718 as a result, pathnames.h does not need to be run through configure
27719 and the user can override the configured values easily.
27723 added _SUDO_PATH_* entries
27727 _PATH* -> _SUDO_PATH_*
27731 updated DISTFILES and HDRS .o's now depend on config.h
27734 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
27737 removed extraneous #endif
27745 added SUDO_PROG_MV added riscos and isc os types took out
27746 -DSHORT_MESSAGE from --with-csops since it is now the default
27750 move the include of id.h to compat.h now includes options.h
27754 moved compatibility #defines to compat.h
27762 move __P to compat.h
27765 * getcwd.c, getwd.c, putenv.c:
27766 now includes compat.h
27773 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
27776 pull user-configurable stuff out and put in options.h
27779 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
27781 * parse.lex, parse.yacc, visudo.c:
27782 now includes options.h
27785 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
27787 now includes options.h
27791 added visudoers/options.h
27794 * OPTIONS, options.h:
27799 added OPTIONS and options.h
27803 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
27807 changed PASSWORD_TIMEOUT to minutes
27810 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
27813 now only do Editor +line_num if line_num != 0
27816 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
27819 now use mv if rename(2) fails
27830 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
27833 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
27836 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
27839 added mips & isc support
27843 added support for non-root owned sudoers file
27847 added exempt group support
27851 added set_perms() support added SUDOERS_OWNER so can have non-root
27852 own sudoers file added exempt group support added isc support
27856 now copy sudoers to temp file via read/write (not stdio) now chown
27857 new sudoers file to SUDOERS_OWNER
27860 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
27871 fixed typo added set_perms support added skey support added
27872 seteuid()/setegid() emulation for AIX
27876 be_* -> setperms() now check to make sure sudoers file is owned by
27877 root nread/write by only root
27880 * logging.c, parse.c:
27885 be_* -> set_perms() added skey support
27888 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
27898 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
27908 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
27914 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
27929 now bail if ARgv[1] > MAXPATHLEN
27933 added function check for tcgetattr(3)
27937 only define HAVE_TERMIOS_H if you have tcgetattr(3)
27941 added check for tcgetattr
27944 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
27950 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
27953 now only include unistd.h for linux
27956 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
27959 added visudo.8 generation
27963 added -Wl,-bI:./aixcrypt.exp to aix flags
27966 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
27977 added mailing list info
27981 now use sudolineno instead of yylineno fixed bison warnings
27985 now use -no_library_replacement for osf don't make a static binary
27990 added string.h/strings.h inclusion
27998 added inclusion of string.h/strings.h
28002 fixed uname | sed (needed to quote the '[')
28006 replaced yylineno with sudolineno fixed bison syntax errors
28010 changed yylineno to sudolineno since yylineno cannot be counted
28019 added code to support command listings
28023 added code for -l flag
28027 fixed typo added info for -l flag
28031 AC_SSIZE_T -> SUDO_SSIZE_T
28046 * find_path.c, sudo_realpath.c:
28047 readlink() is now declared as returning ssize~_t
28051 added -laud for OSF c2
28054 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
28056 * Makefile.in, visudo.c:
28057 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
28060 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
28061 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
28064 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
28065 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
28066 sudo_setenv.c, tgetpass.c, version.h:
28067 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
28070 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
28081 added host to alertmail messages
28089 fixed logging problem where mail would not say which user it was
28093 added -laud for gcc if osf & c2
28097 moved set_auth_parameters to sudo.c
28101 added set_auth_parameters for osf
28105 cleaned up -static stuff
28117 changed setenv() to sudo_setenv()
28133 added osf auth support & removed some extra spaces
28136 * INSTALL, SUPPORTED:
28140 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
28143 added 2 suggestions
28147 removed README.v1.3.1 and added VERSION stuff
28154 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
28165 mention HISTPRY file
28169 use sizeof instead of a constant in 1 place
28188 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
28192 [7dfbb4a810bb] [SUDO_1_3_1]
28199 added unistd.h include
28202 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
28205 added sys/time.h for AIX
28208 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
28211 added check for -lsocket and sys/sockio.h
28215 took out libshadow check and added in sys/sockio.h check
28219 now include sockio.h instead of ioctl.h if it exists "sudo -" now
28220 gets a better error message
28224 now has a dir and subnet entry
28227 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
28238 added network and ip addresses to man page
28242 no error if can't get interfaces or netmask since networking may not
28247 nwo check for interfaces == NULL
28251 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
28252 the last entry in the spec failed (ie: it was only looking at the
28253 last entry). CLeaned things up by adding the cmndcmp() function--all
28261 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
28264 now do two passes to skip bogus interfaces (lo0, etc)
28267 * parse.lex, parse.yacc, visudo.c:
28268 added include of netinet/in.h
28271 * logging.c, sudo_realpath.c, sudo_setenv.c:
28272 added ninclude of netinet/in.h
28275 * check.c, find_path.c, getcwd.c, getwd.c:
28276 added include of netinet/in.h
28284 added interfaces global
28288 now uses new interfaces global
28292 now ip addresses are gleaned fw/o dns
28295 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
28298 added load_ip_addrs() to load the ip_addrs global var
28302 added hostcmp() to compare hostnames, ip addrs, and network addrs
28306 added ip_addrs def added load_ip_addrs prototype
28309 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
28316 removed multiple entries in DISTFILES
28320 ansified the !STDC_HEADERS decls
28323 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
28324 don't do malloc decl if gnuc
28328 can't use getopt(3) since it munges args to the command to be run as
28329 root don't do malloc decl if gnuc
28332 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
28333 sudo_realpath.c, sudo_setenv.c:
28334 ansi-fied !STDC_HEADER function prottypes
28337 * getcwd.c, getwd.c:
28338 added missing paren
28342 added putenv.c to DISTFILES
28346 added params to func decls when STDC_HEADERS is not defined now can
28347 count on putenv() being there
28351 took out errno decl since sudo.h does it for us fixed up a next cc
28352 warning added params to func decls when STDC_HEADERS is not defined
28356 took out environ extern added local declaratio of putenv() if local
28360 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
28361 added params to func decls when STDC_HEADERS is not defined
28365 added memcpy check check to see that ansi vs bsd macros are ntot
28366 already defiend before defining (ie: avoid redefinition)
28370 removed fluff setenv check plus check w/ replace for putenv if also
28378 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
28385 rm'd s realp[ath added sudo_realpath and sudo_setenv
28389 now use sudo_setenvc
28393 added puteenv and setenv, removed realpath
28397 added putenv & setenv
28408 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
28411 added MAN_POSTINSTALL and /usr/share/catman for irix
28415 added MAN_POSTINSTALL
28423 added SUDO_* plus new options
28431 took out shadow lib
28439 now use yyrestart() if flex now reset yylineno to 0
28443 support for installing a cat page instead of a man page if no nroff
28447 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
28448 to determine whether or not to install a cat or man page
28456 not set ret to MODE_RUN initially
28460 made command (and therefor cmnd dynamically allocated)
28472 changed bufs from MAXPATHLEN to MAXPATHLEN+1
28476 added MODE_ removed validate_only and added remove_timestamp()
28480 usage() now takes an int (exit value) added parse_args() to parse
28481 command line arguments moved call to find_path() from load_globals
28482 to new function load_cmnd() removed validate_only global -- now use
28483 the concept of "modes" added -h and -k options
28487 no longer use global validate_only now checks for command called
28488 "validate" removed check for non-fully qualified commands since that
28489 is done by find_path
28493 changed MAXPATHLEN r to MAXPATHLEN+1
28497 fixed off by one error with MAXPATHLEN and fixed a comment
28501 check_timestamp no longer runs reminder(), it is implied in the
28502 return val added remove_timestamp()
28509 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
28523 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
28526 moved send_mail to after syslog
28530 now set SUDO_ envariables
28533 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
28540 now print error if chdir fails
28547 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
28554 no more static binaries for aix
28557 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
28564 took out stuff not needed for sudo now does be_root/be_user itself
28565 now uses cwd global
28572 * logging.c, sudo.c:
28573 be_root/be_user is now down in sudo_realpath()
28576 * logging.c, sudo.h:
28577 now works with 4.2BSD syslog (blech)
28581 now use sudo_realpath()
28585 took out realpth() stuff since we now use sudo_realpath()
28589 ultrix enhanced sec
28593 added ultrix enhanced sec.
28601 ultrix enhanced security suport
28605 added sudo_realpath.c
28613 increased passwd len to 24 for c2 security
28620 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
28623 now use user global var
28630 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
28637 user is now a char * added epasswd
28641 added tzset() to load_globals added epasswd (encrypted password)
28642 global made user dynamically allocated
28654 cleaned up encrypted passwd grab somewhat
28670 can now log to both syslog & a file
28694 removed AFS stuff :-)
28698 include sys/select for AIX
28709 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28711 * CHANGES, SUPPORTED:
28716 can now have MAILER undefined
28720 new sub-note about MAILER
28724 added blurb about password timeout
28732 took out duplicate define of _CONVEX_SOURCE
28744 added a goto if fgets fails
28748 use __hpux not hpux convex c2 stuff
28752 use __hpux not hpux
28760 define ansi-ish cpp os defines if non-ansi are defined for hpux &
28765 updated to say we support sonvex C2
28769 added convex c2 support
28772 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
28775 no more ioctl never returns NULL uses fgets() and select() to
28779 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
28782 things were testing -n "$GCC" instead of -z "$GCC"
28786 now works + uses fgets()
28789 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
28792 select doesn't seem to recognize a single '\n' as input waiting so
28793 we can;t use it, sigh.
28796 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
28799 updated tgetpass() blurb
28803 added --with-getpass
28807 added tgetpass stuff
28818 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
28825 added USE_GETPASS && HAVE_C2_SECURITY
28829 fixed a test aded --with-C2 and --with-tgetpass
28837 took out tgetpass.*
28844 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
28847 no termio(s) for ultrix since it is broken
28851 added a space (yeah, anal)
28854 * realpath.c, sudo_realpath.c:
28855 fixed it (duh, rtfm)
28858 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
28861 took out bsd signal stuff for irix
28869 don't define BSD signals for irix
28880 * realpath.c, sudo_realpath.c:
28881 took out unneeded code by changing where a strings was terminated
28884 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
28886 * realpath.c, sudo_realpath.c:
28887 fix bug where /dirname would return NULL
28891 move __P to config.h
28894 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
28895 added errno definition
28910 * realpath.c, sudo_realpath.c:
28911 now works if no fchdir
28915 define SA_RESETHAND to null if not defined
28919 added check & replace
28923 took out -static for nextstep -- it doesn't work
28926 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
28929 moved #endif to where it belongs
28937 now checks for strdup realpath getcwd bzero
28945 added posic signals
28953 added posix signals
28957 removed BROKEN_GETPASS added new srcs toreplace missing functions
28961 added posix signal stuff
28973 now uses posix signals
28977 updated sto reflect major changes
28985 uses sysconf() if available
28989 added PASSWORD_TIMEOUT + prototypes for new functions
28992 * realpath.c, sudo_realpath.c:
28993 for those w/o this in libc
28996 * getcwd.c, getwd.c:
29001 rewrote to use realpath(3) - nis now all my code
29005 added HAVE_REALPATH
29013 added LIBOBJS use tgetpass.c
29016 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
29030 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
29041 added check for getwd
29045 replace strdup & realpath & getcwd if missing
29053 added SUDO_PROG_PWD
29060 * realpath.c, sudo_realpath.c:
29064 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
29067 quoted quare brackets
29070 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
29073 no need to strdup() a constant
29088 * parse.c, sudo.c, sudo.h:
29089 added validate_only stuff
29092 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
29099 $OSREV is now an int
29102 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
29105 added mtxinu to caser
29113 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
29117 changed mail_argv[] def now use EXEC() macro
29121 took out crypt() definition
29129 always look for -lnsl
29137 SHORT_MESSAGE is now the default
29145 added missing AC_DEFINE(SVR4) for solaris
29149 documented the -v flag
29161 added LIBSHADOW undef
29165 nwo set OS to be lowercase
29168 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
29171 now use SUDO_OSTYPE to set $OS
29175 now use uname to determine os
29179 added prototypes & moved sig handler around
29186 * check.c, logging.c, sudo.c:
29195 nwo use _BSD_SIGNALS not _BSD_COMPAT
29206 * parse.lex, parse.yacc:
29207 moved config.h to top of includes
29210 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
29213 now don't bitch if get EACCESS (treat like EPERM)
29217 added -v flag and usage()
29225 cast Argv to a const for exec added -v flag
29229 mail_argv is now a const
29233 only set RETSIGTYPE if it is not set already
29237 now defines & STDC_HEADERS for Irix
29244 * insults.h, sudo.h:
29245 prevent multiple inclusion
29252 * parse.lex, parse.yacc:
29253 now includes config.h
29257 now talks about sunos 4.x
29261 calls to Exit now pass an arg
29264 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
29267 signal handler now takes an int argument
29275 ok, the getcwd() is now *really* done as the user
29279 changed AIX STATIC_FLAGS
29283 solaris now defines SVR4
29287 added cwd and fixed stupid core dump that makes no sense. sigh.
29291 moved getcwd stuff into load_globals
29295 took out externs that are in suod.h
29299 moved cwd into load_globals
29307 fixed make distclean & realclean
29315 added solaris changes
29319 added solaris changes, need to rework
29323 cleaned up for solaris
29327 reinstall reapchild signal handler for non-bsd signals
29331 took out getdtablesize() emulation for HP-UX (no longer needed)
29335 support for HAVE_SYSCONF
29339 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
29347 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
29350 now tells you what os you are running /.
29357 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
29372 uid seinitialized to -2
29375 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
29378 now removes LIBPATH for AIX
29381 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
29384 now uses ufc if it finds it
29387 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
29390 no longer define yyval & yylval since yacc does it
29394 now defines yylval as extenr
29398 BROKEN_GETPASS is now an OPTION
29402 took out BROKEN_GETPASS
29406 took out big comment
29414 took out README.beta
29422 now reference SUPPORTED .,
29426 now check for convex OR __convex__
29430 now check for convex or __convex__
29442 now use _S_* stat stuff to be ansi-like
29446 updated for configure directions
29450 distclean now removes config.h and pathnames.h
29469 * config.h.in, pathnames.h.in:
29470 added copyright header
29473 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
29474 parse.yacc, sudo.c, sudo.h:
29479 udpated to use configure + pathnames.h
29486 * Makefile.in, config.h.in, configure.in:
29491 now works with configure
29494 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
29495 updated to work with configure + pathnames.h
29502 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
29505 updated gnu general licence to versio 2
29508 * config.h.in, pathnames.h.in:
29513 changed to work with configure
29516 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
29518 * Makefile.in, aclocal.m4, configure.in:
29523 now uses defines used by configure
29526 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
29529 sudo won't bitch about EPERM now, for real
29532 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
29535 renamed exec_argv to eliminate a libc name clash with ksros
29542 * logging.c, sudo.c, sudo.h:
29559 added UMASK and mode_t declaration
29567 now opens log file with mode 077
29571 saved current umask ans restores it
29575 added MAXLOGFILELEN
29579 split long log lines. FOr syslog, split into multiple entries, for
29580 a log file, indent the extra for readability
29583 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
29590 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
29593 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
29596 added input from Brett M Hogden <hogden@rge.com>
29599 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29602 added rmenv() to remove stuff from environ. can now uses execvp()
29603 OR execve() becuase of this.
29607 now uses execvp() OR execve()
29623 moved some func decls out of sudo.h and into sudo.c as statics /.
29634 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
29640 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
29655 added sample.sudoers note
29662 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
29669 took out SAVED_UID garbage
29670 [b7c2d3469661] [SUDO_1_3_0]
29689 more verbose error if mailer not found
29693 now do getpwent as root for soem shadow password systems (bsdi)
29696 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
29699 took out SAVED_UID garbade
29703 took out SAVED_UID garbage since it don't work
29706 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
29713 added a missing space :-)
29717 took out multimax cruft
29729 fixed a typo + indentation
29732 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
29735 took outumoved some defines to the config file ,. ,.
29747 added HAS_SAVED_UID
29754 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
29760 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
29766 * check.c, logging.c, parse.c, sudo.c, sudo.h:
29767 now is only root when abs necesary
29774 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
29789 now removed _RLD_* for alphas
29793 updated for new config scheme
29797 more verbose eror messages
29800 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
29807 define __svr4__ for SOLARIS
29811 added svr4 junk for shadow pws for solaris 2.x
29815 took out setuid(0) and setreuid(udi) garbage. Its not needed since
29816 we start out setuid with the correct perms.
29819 * check.c, sudo.c, sudo.h:
29823 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
29826 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
29831 now uses ENV_EDITOR if you want to use the EDITOR envar
29835 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
29838 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
29841 rewrote most of this
29845 minor update + spell fix
29849 added all options that are in the Makefile
29853 now use USE_TERMIO #define for sgi & hpux
29860 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
29862 * check.c, find_path.c:
29863 always include strings.h
29871 sgi has vi in /usr/bin too
29878 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
29881 sue /usr/bin/vi on some systems
29885 fixed warning (include strings.h)
29889 added John_Rouillard@dl5000.bc.edu's changes (new features)
29893 changes from John_Rouillard@dl5000.bc.edu
29900 * check.c, find_path.c, parse.c, sudo.c:
29901 added patches from John_Rouillard directory spec
29905 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
29908 added flush for hpux
29911 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
29914 no longer assume malloc returns a char *
29918 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
29919 gets removed correctly
29923 added STD_HEADERS macro
29927 now uses STD_HEADERS macor for ansi
29931 now uses STD_HEADERS macro
29935 niceties for C compiler bitches -- no real change
29938 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
29941 now doesn't fclose a file never opened.
29944 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
29951 added error stuff added me in there...
29959 added blurb about reading stuff
29967 corrected somments and removed newlines
29979 added dec syslog note
29983 added real stuff in there
29994 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
30001 updated with changes
30012 * CHANGES, COPYING, INSTALL, README, TODO:
30017 updated version number and took out jeff's old addr since it is no
30021 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
30023 updated version number and took out jeff's email (since it is
30027 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
30033 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
30036 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
30039 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
30046 now sudo.h gets included first
30049 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
30060 hpux 9 fix, removes SHLIB_PATH linux patch
30067 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
30070 stat now ignores EINVAL
30073 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
30075 * find_path.c, sudo.c:
30076 now declare strdup as extern
30079 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
30082 reformatted with indent + by hand
30085 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
30086 used indent to "fix" coding style
30090 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
30091 move the code that does this into the loop body. makes it messier
30095 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
30098 redid the fix for non-executable files in an easier to read way plus
30099 some minor aethetic changes
30103 fixed bug with non-executable tings of same name in path introduced
30104 by checkig errno after stat(2).
30107 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
30110 fixed off by one error
30114 now handles decending below '/' correctly
30118 now actually builds Envp instead of munging envp
30121 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
30124 now includes sys/param.h
30128 now includes sys/param.h
30132 fixed ifndef -> ifdef
30136 make more like find_path.c
30140 rewritten by millert
30144 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
30145 about new defines in the comment
30153 added delc for clean_envp() and Envp
30157 now rips LD_* env vars out of envp and passed sanitized Envp to exec
30165 ENOTDIR is ok now too (in case part of the path is bogus)
30169 now works correctly (ttaltotal rewrite)
30173 now includes sys/param.h didn't match trailing / -- fix from
30177 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
30180 moved around the #ifndef _AIX
30183 * check.c, logging.c, parse.c:
30187 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
30193 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
30196 now works if you do sudo bin/test
30203 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
30213 * parse.lex, parse.yacc:
30217 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
30224 now spews error if exec fails and exits with -1
30232 now only execs files with (an) executable bit set.
30239 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>