1 2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
3 * NEWS, configure, configure.in:
4 Update for sudo 1.8.6p8
7 * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
8 Check for crypt() returning NULL. Traditionally, crypt() never
9 returned NULL but newer versions of eglibc have a crypt() that does.
13 2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
16 AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
17 before we try to match it against st_rdev.
21 Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
22 a problem finding the tty name when it is not in /dev/pts.
25 2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
27 * plugins/sudoers/check.c:
28 Completely ignore time stamp file if it is set to the epoch,
29 regardless of what gettimeofday() returns.
32 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
33 plugins/sudoers/sudoers.h:
34 Store the session ID in the tty ticket file too. A tty may only be
35 in one session at a time so if the session ID doesn't match we
39 * configure, configure.in:
44 Update for Sudo 1.8.6p7
47 2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
53 2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
56 Clarify ttyname changes.
64 Remove ttyname() fall back code on systems where we can query the
65 kernel for the tty device via /proc or sysctl(). If there is no
66 controlling tty, it is better to just treat the tty as unknown
67 rather than to blindly use what is hooked up to std{in,out,err}.
70 2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
72 * plugins/sudoers/iolog.c:
73 Add __dso_public to extern declaration of declaration to match
77 * configure, configure.in:
85 2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
87 * plugins/sudoers/visudo.c:
88 Fix potential stack overflow due to infinite recursion in alias
89 cycle detection. From Daniel Kopecek.
92 2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
94 * compat/getgrouplist.c, config.h.in, configure, configure.in:
95 Use _getgroupsbymember() on Solaris to get the groups list. Fixes
96 performance problems with the getgroupslist() compat on Solaris
97 systems with network-based group databases.
100 2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
103 Add missing call to save_signals().
106 2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
108 * configure, configure.in:
109 Use -fstack-protector-all in preference to -fstack-protector where
113 2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
115 * configure, configure.in:
116 Only test for -fstack-protector and -fvisibility=hidden on GNU
117 compatible compilers.
120 2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
126 * configure, configure.in:
130 * common/Makefile.in, compat/Makefile.in, configure, configure.in,
131 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
132 plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
134 Break out stack smashing protector options into SSP_CFLAGS and
135 SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
138 2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
140 * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
141 In rbrepair(), make sure we never try to change the color of the
142 sentinel node, which is the first entry, not the root. From Michael
146 2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
148 * configure, configure.in:
149 Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
152 2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
154 * plugins/sudoers/visudo.c:
155 Avoid NULL deref for unknown Defaults in strict mode.
158 2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
160 * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
161 plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
162 Do not inform the user that the command was not permitted by the
163 policy if they do not successfully authenticate. This is a
164 regression introduced in sudo 1.8.6.
168 The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
171 2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
173 * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
174 Allow sudo to be build with sss support without also including ldap
175 support. From Stephane Graber.
178 2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
181 Fix running commands that need the terminal in the background when
182 I/O logging is enabled. E.g. "sudo vi &". When the command is
183 foregrounded, it will now resume properly.
186 2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
188 * plugins/sudoers/Makefile.in:
189 Fold preinstall into install-plugin and pass the path to the plugin
190 binary to the preinstall command.
193 2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
195 * plugins/sudoers/Makefile.in:
196 Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
197 the rpath in HP-UX SOM shared libraries for the LDAP libs.
200 * NEWS, configure, configure.in:
204 2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
207 Don't use embedded newline when matching, use \n. This got expanded
208 at some point. Bug #573
211 * plugins/sudoers/sudoreplay.c:
212 Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
213 all file systems support d_type. Bug #572
216 * plugins/sudoers/sudoreplay.c:
217 Avoid calling fclose(NULL) in the error path when we cannot open an
221 2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
223 * NEWS, configure, configure.in:
228 When setting the signal handler for SIGTSTP to the default value in
229 non-I/O log mode, store the old handler value for when we restore it
233 2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
236 Mention support for SUCCESS=return in /etc/nsswitch.conf
239 * NEWS, configure, configure.in:
243 2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
245 * plugins/sudoers/env.c:
246 Avoid setting LOGNAME, USER and USERNAME variables twice when
247 set_logname is enabled.
250 * plugins/sudoers/env.c:
251 Fix duplicate detection in sudo_putenv(), do not prune out the
252 variable we just set when overwriting an existing instance. Fixes
256 * plugins/sudoers/env.c:
260 2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
262 * plugins/sudoers/sudo_nss.c:
263 Disable word wrap in list mode when stdout is a pipe to make "sudo
264 -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
268 Print a trailing newline in lbuf_print() when there is not enough
269 space to do word wrapping and the lbuf does not end with a newline.
272 * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
273 Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
281 2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
283 * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
284 plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
285 plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
286 src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
290 * MANIFEST, plugins/sudoers/po/vi.mo:
291 Add Vietnamese sudoers translation from translationproject.org
298 * MANIFEST, plugins/sudoers/po/vi.po:
299 Add Vietnamese sudoers translation from translationproject.org
302 2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
304 * Makefile.in, compat/Makefile.in, mkdep.pl:
305 Add missing signame dependency
308 * src/exec.c, src/ttyname.c:
309 Silence compiler warnings.
312 * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
313 config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
314 src/exec.c, src/exec_pty.c:
315 Replace strsigname() with sig2str(), emulating it as needed.
318 * config.h.in, configure, configure.in, src/utmp.c:
319 Use fseeko() for legacy utmp handling if available.
322 2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
324 * compat/strsigname.c, config.h.in, configure, configure.in:
325 Detect sys_sigabbrev[] and use it in place of sys_signame[] if
326 present. For some reason glibc does not declare sys_sigabbrev so we
327 must add an extern definition of our own.
330 * compat/strsignal.c, compat/strsigname.c:
331 Handle NULL entries in sys_siglist and sys_signame.
334 * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
335 compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
336 Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
339 2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
346 Pass on SIGTSTP to the command if it was sent by a user process (not
347 the kernel or the terminal) when we are not I/O logging and set the
348 default SIGTSTP handler when we re-send the signal to ourself,
349 restoring our handler after we resume.
353 Shells typically change their process group when they start up so
354 that they can implement job control. Most well-behaved shells
355 change the pgrp back to its original value before suspending so we
356 must not try to restore in that case, lest we race with the child
357 upon resume, potentially stopping sudo with SIGTTOU while the
358 command continues to run. Some shells, such as pdksh, just suspend
359 the shell by sending SIGSTOP to themselves without restoring the
360 pgrp. In this case we need to change the pgrp back for them. Should
364 2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
366 * MANIFEST, compat/Makefile.in, compat/mksigname.c,
367 compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
368 config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
369 src/exec.c, src/exec_pty.c:
370 Use strsigname() to print signal names in the debug output. If the
371 system has no strsigname(), use our own.
374 2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
376 * plugins/sudoers/regress/testsudoers/test5.inc,
377 plugins/sudoers/regress/testsudoers/test5.sh:
378 Remove generated file and change path for temporary include file.
381 * plugins/sudoers/Makefile.in:
382 When running regress tests, list pass/fail rate for each dir
383 (testsudoers and visudo) instead of the total. Also prevent the
384 result files from clobbering each other by keeping them in the
385 relevant directories.
388 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
389 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
390 Don't print an error message in yyerror() if open_sudoers() fails,
391 we've already printed an error message. Also restore the check for
392 sudoers_warnings in yyerror().
395 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
396 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
397 plugins/sudoers/toke.l:
398 Avoid printing the >>> parse error <<< message for testsudoers when
399 the -t flag is specified.
402 2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
404 * plugins/sudoers/parse.c:
405 Fix NULL deref when an entry has no Runas_Entry
408 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
409 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
410 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
411 src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
412 src/po/zh_CN.mo, src/po/zh_CN.po:
413 sync with translationproject.org
420 * plugins/sudoers/check.c:
421 Correct the check_user() comment header.
424 * plugins/sudoers/auth/sudo_auth.c:
425 Change a log_fatal() into log_error() when no auth methods are
426 configured. The caller already checks the return value.
429 * plugins/sudoers/logging.c:
430 Add missing debug_return
433 2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
435 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
436 doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
437 doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
438 doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
439 doc/sudoers.man.in, doc/sudoers.mdoc.in:
440 Make the capitalization consistent for .Ss and .Sx
443 * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
444 doc/sudo.man.in, doc/sudo.mdoc.in:
445 Add COMMAND EXECUTION section that describes how sudo runs the
446 command, the extra sudo processes and signal handling.
449 2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
455 2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
457 * compat/Makefile.in:
458 Don't echo the awk command when building siglist.in
461 * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
462 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
467 The HISTORY, LICENSE and CONTRIBUTORS files are not longer
471 * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
472 plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
473 plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
474 plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
475 src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
476 src/po/uk.po, src/po/vi.po:
477 Sync with translationproject.org and add Italian sudoers
481 2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
483 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
484 Expand description of fqdn to talk about systems where the hosts
485 file is searched before DNS.
488 2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
491 For cat pages there is nothing to make unless DEVEL is set.
494 * configure, configure.in, doc/Makefile.in:
495 Always use mandoc to format cat pages and remove now-extraneous
496 nroff configure tests.
500 sync polypkg from git
503 * plugins/sudoers/sudoers.c:
504 Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
505 is not always the same as "fully qualified".
508 2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
510 * doc/sudoers.mdoc.in:
511 Fix some typos. Describe error messages not related to policy
515 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
516 plugins/sudoers/visudo.c:
517 Add new check_defaults() function to check (but not update) the
518 Defaults entries. Visudo can now use this instead of
519 update_defaults to check all the defaults regardless instead of just
520 the global Defaults entries.
523 2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
525 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
526 Document sudoers log format.
530 Update for sudo 1.8.5p3
533 * src/load_plugins.c:
534 Add missing check for I/O plugin API version when checking for the
535 presence of I/O plugin hooks.
539 Can't call debug code in the process_hooks_xxx functions() since
540 ctime() may look up the timezone via the TZ environment variable.
543 2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
545 * src/exec_common.c, src/sesh.c, src/utmp.c:
546 Include signal.h before sudo_exec.h since it uses sigset_t * in the
550 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
551 doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
552 doc/visudo.man.in, doc/visudo.mdoc.in:
553 Remove OPTIONS section; options now go inside DESCRIPTION
556 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
560 * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
561 plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
562 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
563 plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
564 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
565 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
566 plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
567 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
568 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
569 src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
570 src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
571 Sync with translationproject.org and add new Slovenian translation.
574 * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
575 plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
576 plugins/sudoers/testsudoers.c:
577 Reduce the number of "internal error, foo overflow" messages that
578 need to be translated.
582 Mention HP-UX reboot fix.
585 * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
586 doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
587 plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
588 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
589 Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
590 data source. From Daniel Kopecek and Pavel Brezina.
593 2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
595 * common/sudo_conf.c, src/load_plugins.c:
596 If sudo.conf contains an I/O plugin but no policy plugin, use
597 sudoers for the policy plugin. If a policy plugin is specified
598 without an I/O plugin, only the policy plugin will be loaded.
601 * doc/Makefile.in, doc/sudoers.man.in:
602 Do not modify the .Os section when building the .man.in file from
606 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
607 Add a note about wildcards matching multiple words and include an
608 example. Also mention that for sudoedit, a wildcard in command line
609 args does not match a slash.
612 2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
614 * src/exec_pty.c, src/sudo_exec.h:
615 Fix a comment, update a variable name in a prototype; all cosmetic.
618 * plugins/sudoers/iolog.c:
619 Cast 2nd argument of lseek() to off_t if it is a constant for
620 systems with 64-bit off_t but without a proper lseek() prototype.
623 * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
624 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
625 plugins/sudoers/visudo.c:
626 Fix some warnings from clang checker-267
629 * plugins/sample/sample_plugin.c:
630 Fix memory leak found by clang checker-267
633 2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
635 * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
636 If we receive a signal from the command we executed, do not forward
637 it back to the command. This fixes a problem with BSD-derived
638 versions of the reboot command which send SIGTERM to all other
639 processes, including the sudo process. Sudo would then deliver
640 SIGTERM to reboot which would die before calling the reboot() system
641 call, effectively leaving the system in single user mode.
644 2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
646 * doc/fixman.sh, doc/fixmdoc.sh:
647 Remove section about Solaris 10 on other systems. Add missing
648 sudoers.man.in bit to fixman.sh.
651 2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
653 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
654 Expand section on Solaris privileges.
658 Expand a bit on the Solaris priv set changes.
661 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
662 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
663 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
664 The second argument to init_parser() is now bool.
667 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
668 Fix printing of parse error message to stderr.
671 * plugins/sudoers/check.c, plugins/sudoers/defaults.c,
672 plugins/sudoers/match.c, plugins/sudoers/parse.c,
673 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
674 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
675 If a command matches using an empty Runas_List (i.e. Runas_List is
676 present but empty) and the -u option was not specified, set runas_pw
677 to user_pw instead of using runas_default. This is intended to be
678 used in conjunction with the Solaris Privilege Set support for rules
679 that grant privileges without changing the user.
682 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
683 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
684 plugins/sudoers/gram.y, plugins/sudoers/match.c,
685 plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
686 Add support for parsing an empty Runas_List, which only allows the
687 command to be run as the invoking user. This can be used in
688 conjunction with the Solaris Privilege Set support to grant
689 privileges without changing the user.
692 2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
695 Fix HP-UX, just use ".TH name section" like the vendor manuals.
698 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
699 Fix compilation on Solaris
702 * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
703 doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
705 Generate a sed script file when munging *.mdoc or *.man instead of
706 passing sed expressions on the command line. Older seds do not
707 support \n in a replacement so generate and run a sed script
711 * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
712 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
714 Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
717 2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
720 When checking whether a signal is user-generated, compare si_code
721 against SI_USER instead of <= 0 since on HP-UX, terminal-related
722 signals get a code of 0.
726 SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
727 interchangably. This causes problems when setting RLIMIT_NPROC to
728 RLIM_INFINITY due to a bug in bash where bash tries to honor the
729 value of _SC_CHILD_MAX but treats a value of -1 as an error, and
730 uses a default value of 32 instead.
732 Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
733 restored the previous value of RLIMIT_NPROC. However, that makes it
734 impossible to set nproc to unlimited. We now only restore the nproc
735 resource limit if sysconf(_SC_CHILD_MAX) is negative. In most
736 cases, pam_limits will set RLIMIT_NPROC for us.
739 2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
741 * plugins/sudoers/ldap.c:
742 Active Directory apparently requires that tenths of a second be
743 present in a date so append .0 to the "now" value in the time
744 filter. Also remove space for the global AND from TIMEFILTER_LENGTH
745 since it was not being used consistently. Buffers of
746 TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
749 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
753 2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
756 Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
757 were not being kept in sync.
760 * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
762 Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
763 were not being kept in sync.
766 2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
768 * plugins/sudoers/logging.c:
769 Fix printing of the permission denied message to standard error when
770 a user is not allowed to run a command. This got broken by the
771 recent logging changes.
774 * plugins/sudoers/sudoers_version.h:
775 Bump grammar version for Solaris privs.
778 * doc/schema.ActiveDirectory:
779 Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
780 were added. From David Hicks.
783 2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
785 * plugins/sudoers/Makefile.in:
786 Remove lex.yy.c when building toke.c
790 Fix building docs in a build dir.
793 * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
794 doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
795 doc/sudoreplay.pod, doc/visudo.pod:
796 Remove pod versions of the manual; we now use mdoc.
799 * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
800 doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
801 Add post-processing scripts to strip out login class, BSD auth,
802 SELinux and privilege set bits when they are not supported.
805 * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
806 doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
807 doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
808 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
809 plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
810 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
811 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
812 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
813 plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
814 plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
815 Merge in Solaris privilege support by Darren Moffat and John
819 2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
821 * doc/contributors.pod:
822 Sync with CONTRIBUTORS file
825 * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
826 doc/sudoers.man.in, doc/sudoreplay.man.in:
827 Regen .man.in files with my private mandoc.
834 2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
836 * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
837 doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
838 Regen .man.in files with hacked mandoc to avoid issues with historic
842 2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
844 * doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
849 Fix dependencies for .man.in files.
853 Add doc/*.mdoc to ignore file
856 * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
857 doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
858 doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
859 doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
860 doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
861 doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
862 doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
863 doc/visudo.man.in, doc/visudo.mdoc.in:
864 Build .man.in and .cat files from .mdoc.in files. Add new --with-man
865 and --with-mdoc configure options.
868 2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
870 * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
871 doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
872 Sudo manuals formatted in mdoc, to replace the pod versions.
875 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
876 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
877 doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
878 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
879 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
880 More minor costmetic fixes.
883 2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
885 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
886 Minor cosmetic fixes.
889 2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
891 * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
892 Use "a password is required" instead of "password required" when the
893 -n flag is used and we need to read a password.
896 2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
899 Mention logging changes.
902 * plugins/sudoers/po/sudoers.pot:
906 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
907 Document that other mail_* flags have precedence over mail_badpass.
910 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
911 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
912 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
913 Move log_denial() calls and logic to log_failure(). Move
914 authentication failure logging to log_auth_failure(). Both of these
915 call audit_failure() for us.
917 This subtly changes logging for commands that are denied by sudoers
918 but where the user failed to enter the correct password.
919 Previously, these would be logged as "N incorrect password attempts"
920 but now are logged as "command not allowed". Fixes bug #563
923 2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
926 Do not set a resource limit to zero when we are unable to fetch a
927 value from /etc/security/limits.
930 2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
933 Add "Provides: sudo" to debian sudo-ldap package
936 2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
938 * configure, configure.in, zlib/Makefile.in:
939 Define NO_VIZ for zlib when gcc doesn't support symbol visibility
943 * configure, configure.in:
944 Use the autoconf cache when checking for symbol export control
948 * INSTALL, common/Makefile.in, compat/Makefile.in, configure,
949 configure.in, mkpkg, plugins/sample/Makefile.in,
950 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
951 plugins/system_group/Makefile.in, src/Makefile.in:
952 Add configure check for building PIE executables instead of doing it
957 MacOS pp backend doesn't like modes longer than 4 characters.
960 2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
962 * configure, configure.in:
963 Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
964 -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
965 will strip -fstack-protector from the linker flags and we always
969 2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
971 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
972 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
973 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
974 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
978 * NEWS, doc/sudoers.ldap.pod:
979 Document improved Tivoli Directory Server support.
982 * config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
983 Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
984 option to specify Tivoli key db password. Allow TLS ciphers to be
985 configured for Tivoli.
988 2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
990 * plugins/sudoers/ldap.c:
991 Tivoli Directory Server 6.3 libs always return a (bogus) error when
992 setting LDAP_OPT_CONNECT_TIMEOUT.
999 * plugins/sudoers/ldap.c:
1000 Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
1001 same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
1002 set an ldap option fatal.
1005 2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
1007 * plugins/sudoers/sudoers.c:
1008 Zero pointers in sudo_user struct after freeing, just in case.
1011 * plugins/sudoers/sudoers.c:
1012 Free user_gids in close function if it has not already been freed.
1015 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
1016 plugins/sudoers/sudoers.h:
1017 Defer group ID to name resolution until we actually need it.
1021 It is safe to read in sudo.conf before calling user_info().
1024 * plugins/sudoers/env.c, plugins/sudoers/ldap.c:
1025 Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
1026 prevent potential truncation. Bug #562.
1029 2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
1032 If installing with installp, error out if there is already an
1033 instance of the rpm package installed.
1037 Add --disable-nls for AIX
1040 2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
1043 Debian sudo-ldap packages should now depend on libldap-2.4-2, not
1047 2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
1050 Add Homepage and Bugs to debian control file.
1053 2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
1056 fix typo when setting aix_freeware
1059 * common/Makefile.in, compat/Makefile.in, configure, configure.in,
1060 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
1061 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1062 plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
1063 Don't run regress tests or sudoers sanity check (using the newly-
1064 built visudo) when cross compiling. Bug #560
1067 * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
1068 plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
1069 plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
1070 plugins/sample_group/sample_group.exp,
1071 plugins/sample_group/sample_group.map,
1072 plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
1073 plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
1074 plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
1075 plugins/system_group/system_group.exp,
1076 plugins/system_group/system_group.map,
1077 plugins/system_group/system_group.sym:
1078 Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
1079 it on demand Use a loader option file for HP-UX ld to explicitly
1084 Remove extraneous backslash
1087 * plugins/sudoers/regress/check_symbols/check_symbols.c:
1088 Don't check for errorx as an exported symbols as it is now a macro.
1089 Check for user_in_group() instead.
1092 2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
1094 * configure, configure.in:
1095 Adjust ld map file support to use an anonymous scope to match the
1099 2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
1101 * config.h.in, configure, configure.in, include/gettext.h:
1102 Older versions of Solaris lack ngettext()
1105 * configure, configure.in:
1106 Move the check for -static-libgcc until after AC_LANG_WERROR has
1107 been called and use AX_CHECK_COMPILE_FLAG().
1110 * include/gettext.h:
1111 Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
1114 * include/error.h, include/sudo_debug.h:
1115 Fix gcc 2.x variant macro support.
1118 * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
1119 Fix compilation on gcc 2.95 and other compilers that only allow
1120 variable declarations at the beginning of a block.
1123 * configure, configure.in, plugins/sudoers/Makefile.in:
1124 Link check_symbols with SUDO_LIBS to make sure we link with the
1125 requisite libraries to successfully dlopen sudoers.so. This is
1126 needed on HP-UX where a program dlopen()ing a shared object that
1127 uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
1131 * plugins/sudoers/regress/check_symbols/check_symbols.c:
1132 Add check for exported local symbols. This will cause a "make
1133 check" failure on systems where we don't support symbol hiding.
1136 * configure, configure.in:
1137 Additional ${foo} -> $(foo) Makefile tweaks.
1140 * plugins/sample/sample_plugin.map,
1141 plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
1142 plugins/system_group/system_group.map:
1143 No need to provide a name for the scope in the map file since we
1144 don't use the it for versioning.
1147 2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
1149 * MANIFEST, plugins/sudoers/Makefile.in,
1150 plugins/sudoers/regress/check_symbols/check_symbols.c:
1151 Add regress test for symbol visibility.
1154 2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
1156 * NEWS, configure, configure.in:
1160 * configure, configure.in, include/missing.h:
1161 Add support for controlling symbol visibility using the HP and
1162 Solaris C compilers.
1165 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
1166 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1167 plugins/sudoers/sudoers.h:
1168 Use the expanded io log dir when updating the sequence number.
1169 Includes a workaround for older versions of sudo where the sequence
1170 number was stored in the unexpanded io log dir.
1173 2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
1176 Simplify "sudo -s" argv rewriting.
1179 * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
1180 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1181 plugins/system_group/Makefile.in, src/Makefile.in,
1182 src/sudo_noexec.map:
1183 Don't use a map file for sudo_noexec.so since Solaris ld doesn't
1184 allow '*' in the global section. The libtool export flag is now
1185 added to LT_LDFLAGS instead of commenting/uncommenting lines.
1188 2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
1190 * config.h.in, configure, configure.in, include/missing.h:
1191 The visibility attribute was actually added in gcc 3.3.x, not 4.0.
1192 Just assume that if -fvisibility=hidden works that the attribute is
1196 * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
1197 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
1198 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
1199 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
1200 plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
1201 plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
1202 plugins/system_group/system_group.c:
1203 Export group cache from sudoers.so for system_group.so to use.
1206 * MANIFEST, configure, configure.in, include/missing.h,
1207 plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
1208 plugins/sample_group/Makefile.in,
1209 plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
1210 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
1211 plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
1212 plugins/system_group/system_group.map, src/sudo_noexec.c,
1213 src/sudo_noexec.map:
1214 Use gcc's visibility attribute to specify when symbols are visible
1215 or hidden, if available. If not available, use an ELF version
1216 script if it is supported. If all else fails, fall back to using
1217 libtool's -export-symbols.
1220 2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
1223 Add mode for installed locale files but leave the directories with
1224 default mode and owner.
1227 2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
1230 Install AIX packages under /opt/freeware with links in /usr/bin and
1231 /usr/sbin. This matches the layout of the sudo package from AIX
1235 * Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
1236 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1237 plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
1238 Install shared objects with mode 0644 except on HP-UX which needs
1239 the executable bit set.
1242 * Makefile.in, doc/Makefile.in, include/Makefile.in,
1243 plugins/sudoers/Makefile.in, src/Makefile.in:
1244 Make installed file modes consistent with the file modes in the sudo
1248 2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
1251 Add "%:" prefix when talking about QAS non-Unix group support.
1255 Fix packaging of symbolic links on HP-UX when the link source
1256 already exists in the filesystem.
1260 Only specify prefix if we are overriding the default value. Fixes
1261 the man dir (/usr/local/man vs. /usr/local/share/man).
1265 Fix setting of sudoedit_man variable.
1269 Echo the command when linking the sudoedit manual.
1272 2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
1275 Build .deb packages with selinux support.
1278 2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
1281 Don't list paths for unstripped binaries in the lintial overrides.
1285 Add support for Installed-Size header in control file, required by
1286 newer debian versions.
1290 Fix extended description in .deb files.
1294 Add Depends, Replaces and Conflicts headers for .deb packages.
1297 2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
1299 * plugins/sudoers/sudo_nss.c:
1300 If there are no privs to print, write the message to the lbuf
1301 instead of printing it directly.
1304 2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
1307 Set -e in %pos and %preun for debian to quiet a lintian warning.
1310 * doc/Makefile.in, src/Makefile.in, sudo.pp:
1311 Install sudoedit and the sudoedit manual as symbolic links, not hard
1312 links and package them as such.
1316 Make sudo binary permissions 755 instead of 111 Add lintian
1317 overrides file for .deb files.
1320 * configure, configure.in, doc/Makefile.in, mkpkg:
1321 Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
1322 MANCOMPRESSEXT which can be used to compress the installed manual
1323 pages. Compress the man pages for .deb files to appease lintian.
1328 * fix modes to be more in line with what Debian expects
1330 * install LICENSE as copyright and ChangeLog as changelog
1331 * create stub changelog.debian
1335 Fix find command to properly skip files in the DEBIAN dir when
1340 Use a debian-compliant package maintainer field.
1343 2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
1345 * plugins/sudoers/sudoreplay.c:
1346 No need to loop over atomic_writev(), it guarantees to write all
1347 data or return an error.
1349 Fix handling of stdout/stderr that contains "\r\n" and handle a
1350 "\r\n" pair that spans a buffer.
1353 2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
1356 Update for sudo 1.8.5p2
1359 * plugins/sudoers/sudoreplay.c:
1360 Instead of doing extra write()s when replaying stdout, build up a
1361 vector for writev() instead. This results in far fewer system
1365 2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
1367 * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
1368 Provide unhooked version of getenv() and use it when looking up
1369 DISPLAY and SUDO_ASKPASS in the environment.
1372 2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
1374 * plugins/sudoers/sudoreplay.c:
1375 When replaying a log of stdout or stderr, do newline to carriage
1376 return + linefeed conversion. We cannot have termios do this for us
1377 since we've disabled output postprocessing (POST) when setting raw
1381 2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
1383 * configure, configure.in:
1384 When checking for -fstack-protector, treat warnings as fatal errors.
1387 2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
1389 * configure, configure.in:
1390 Fix test for -z relro
1394 Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
1397 * INSTALL, aclocal.m4, configure, configure.in,
1398 m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
1399 Build with -fstack-protector and link with -zrelo where supported.
1400 Added --disable-hardening option to disable hardening options.
1403 2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
1405 * plugins/sudoers/Makefile.in,
1406 plugins/sudoers/regress/testsudoers/test1.sh,
1407 plugins/sudoers/regress/testsudoers/test2.sh,
1408 plugins/sudoers/regress/testsudoers/test3.sh,
1409 plugins/sudoers/regress/testsudoers/test4.out.ok,
1410 plugins/sudoers/regress/testsudoers/test4.sh,
1411 plugins/sudoers/regress/testsudoers/test5.inc,
1412 plugins/sudoers/regress/testsudoers/test5.out.ok,
1413 plugins/sudoers/regress/testsudoers/test5.sh,
1414 plugins/sudoers/testsudoers.c:
1415 Add tests for sudoers mode, owner and group checks.
1418 * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
1419 If sudoers_mode is group-readable but the actual sudoers file is
1420 not, open the file as uid 0, not uid 1. This fixes a problem when
1421 sudoers has a more restrictive mode than what sudo expects to find.
1422 In older versions, sudo would silently chmod the file to add the
1426 * INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
1427 No longer throw an error if sudoers is a symbolic link. Deprecated
1428 the --with-stow option as that is now (effectively) the default.
1431 2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
1433 * plugins/sudoers/Makefile.in,
1434 plugins/sudoers/regress/testsudoers/test2.inc,
1435 plugins/sudoers/regress/testsudoers/test2.out.ok,
1436 plugins/sudoers/regress/testsudoers/test2.sh,
1437 plugins/sudoers/regress/testsudoers/test3.d/root,
1438 plugins/sudoers/regress/testsudoers/test3.out.ok,
1439 plugins/sudoers/regress/testsudoers/test3.sh:
1440 Add basic tests for #include and #includedir
1443 * plugins/sudoers/testsudoers.c:
1444 Add -U sudoers_uid option to testsudoers.
1447 2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
1449 * NEWS, configure, configure.in:
1453 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1454 Fix #includedir; from Mike Frysinger
1457 * plugins/sudoers/check.c:
1458 Don't prompt for a password if the user is in the exempt group, is
1459 root, or is running the command as themselves even if the -k option
1460 was specified. This makes "sudo -k command" consistent with the
1461 behavior one would get if the user ran "sudo -k" immediately before
1462 running the command.
1465 2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
1472 Build PIE executable on Mac OS X 10.5 and above.
1475 2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
1478 Update for sudo 1.8.4p5
1481 * plugins/sudoers/match_addr.c:
1482 Add missing break between AF_INET and AF_INET6 in
1483 addr_matches_if_netmask()
1486 * plugins/sudoers/mon_systrace.c:
1487 Move systrace monitor code to the attic
1490 2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
1493 The pointer to the siginfo_t struct in a signal handler may be NULL.
1496 2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
1498 * plugins/sudoers/pwutil.c:
1499 Fix an alignment problem on NetBSD systems with a 64-bit time_t and
1500 strict alignment. Based on a patch from Martin Husemann.
1503 * include/missing.h:
1504 Add offsetof macro for those without it.
1508 add system_group plugin
1511 2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
1514 Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
1517 2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
1520 Mention system_group plugin
1523 * Makefile.in, plugins/sudoers/Makefile.in,
1524 plugins/system_group/Makefile.in:
1528 * plugins/system_group/system_group.c:
1529 Only call gr_delref() when use sudo's password caching functions.
1532 * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
1533 Add missing dependency on libreplace.la
1537 Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
1541 * Makefile.in, configure, configure.in,
1542 plugins/system_group/Makefile.in,
1543 plugins/system_group/system_group.c,
1544 plugins/system_group/system_group.sym:
1545 Add group plugin that does lookups by name using the system group
1549 * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
1551 sync with translationproject.org
1554 2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
1556 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
1557 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1558 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
1559 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
1560 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
1561 src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
1562 src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
1563 src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
1564 src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
1565 src/po/zh_CN.mo, src/po/zh_CN.po:
1566 sync with translationproject.org
1569 2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
1572 Add mode for docdir and use '-' (default) for localedir mode. Fixes
1573 a problem on Linux when building in a directory with the setgid bit
1577 2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
1583 2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
1586 Update with recent changes
1590 Fix version check on AIX
1593 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1597 * plugins/sudoers/ldap.c:
1598 Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
1602 * plugins/sudoers/ldap.c:
1603 Fix printing of invalid uri
1606 * plugins/sudoers/auth/pam.c:
1607 Pass PAM_SILENT when deleting creds to remove an annoying warning
1611 2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
1614 Fix the setutxent and endutxent compatibility defines (this time
1615 correctly) when only setutent and endutent are available.
1618 * plugins/sudoers/ldap.c:
1619 sudo_ldap_set_options_global() should not take an LDAP handle as an
1620 argument since the options affect the global settings.
1624 Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
1627 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
1628 plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
1630 Call the policy's init_session() function before we fork the child.
1631 That way, the session is created and destroyed in the same process,
1632 which is needed by some modules, such as pam_mount.
1635 * doc/TROUBLESHOOTING:
1636 Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
1640 * plugins/sudoers/auth/pam.c:
1641 Delete creds after closing the PAM session.
1644 * plugins/sudoers/ldap.c:
1645 Provide a more useful error message if using a Mozilla-style LDAP
1646 SDK and you forgot to specify TLS_CERT in ldap.conf.
1650 Add missing initialization of a sigaction structure when I/O
1651 logging. Fixes a potential problem when suspending the command.
1654 * plugins/sudoers/ldap.c:
1655 Split global and per-connection LDAP options into separate arrays.
1656 Set global LDAP options before calling ldap_initialize() or
1657 ldap_init(). After we have an LDAP handle, set the per-connection
1658 options. Fixes a problem with OpenLDAP using the nss crypto backend;
1662 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
1663 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1664 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
1665 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
1666 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
1667 src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
1668 src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
1669 sync with translationproject.org
1672 2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
1674 * src/sudo.c, src/sudo.h:
1675 Move struct passwd pointer into struct command details.
1678 2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
1681 Sync with upstream for Mac OS X (and other) fixes.
1685 Only built Mac intel universal binary on an intel machine.
1689 Do not pass libtool the -static-libtool-libs option when building
1690 sudo and sesh. Otherwise, libtool may prefer a static version of an
1691 installed library over a dynamic one when linking.
1694 2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
1696 * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
1697 plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
1698 Add German translation for sudo Add Croatian translation for sudoers
1701 * plugins/sudoers/iolog.c:
1705 2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
1708 Update with recent changes
1711 * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1712 Sort xgettext output by file name.
1715 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
1716 Clarify what "sudoreplay -l" displays and mention that it is sorted.
1719 * config.h.in, configure, configure.in, src/ttyname.c:
1720 Use AC_HEADER_MAJOR to determine where major/minor are defined.
1723 * config.h.in, configure, configure.in, src/ttyname.c:
1724 Include sys/mkdev.h if present instead of sys/sysmacros.h for
1725 minor(). This is needed on Solaris (at least) where the makedev
1726 macros in sysmacros.h are obsolete and library functions should be
1731 When building on Mac OS X, only set SDK_FLAGS if specified osversion
1735 2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1738 Add back buf and tty variables for _ttyname() case that were
1739 inadvertantly removed.
1742 2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
1744 * plugins/sudoers/po/sudoers.pot:
1748 * configure, configure.in:
1749 Remove b8 from version number.
1757 When looking for a device match, do a breadth-first search instead
1758 of depth-first. We already special case /dev/pts/ so chances are
1759 good that if it is not a pseudo-tty it is in the base of /dev/. Also
1760 avoid a stat(2) when possible if struct dirent has d_type.
1763 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
1764 src/sudo.c, src/sudo.h:
1765 Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
1768 * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
1769 src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
1771 sync with translationproject.org
1774 * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
1775 src/po/hr.mo, src/po/hr.po:
1776 New Croatian and Galician translations from translationproject.org
1780 Add depth-first traversal of /dev/ for the /proc case when not
1784 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
1785 If struct dirent has d_type, use it to avoid an extra stat().
1788 * plugins/sudoers/sudoreplay.c:
1789 Sort output of "sudoreplay -l"
1792 2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1794 * plugins/sudoers/sudoreplay.c:
1795 Fix duplicate free introduced in last rev
1798 2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
1800 * plugins/sudoers/auth/pam.c:
1801 Instead of treating ^C from tgetpass() specially, always return
1802 AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
1803 like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
1806 * config.h.in, configure, configure.in, src/ttyname.c:
1807 Rototill code to determine the tty. For Linux, we now look up the
1808 tty device in /proc/pid/stat instead of trying to open
1809 /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
1810 device number to a string. On BSD, we can use devname(). On
1811 Solaris, _ttyname_dev() does what we want. TODO: write /dev/
1812 traversal code for the generic sudo_ttyname_dev().
1815 2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
1818 Define PRNODEV for those w/o it.
1821 * config.h.in, configure, configure.in, src/ttyname.c:
1822 Check for SVR4-style struct psinfo.pr_ttydev and use that to
1823 determine the tty if std{in,out,err} are not ttys.
1827 Better support for SVR4-style /proc entries where we can't use
1828 ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
1829 attempt to map the device number back to the correct pseudo-tty
1834 When trying to determine the tty name, check parent's stderr in
1835 addition to its stdin and stdout.
1839 Treat a tty read failure like EOF as it usually means the pty has
1840 gone away. Handle write() on the tty returning EIO.
1843 * src/exec.c, src/exec_pty.c:
1844 Linux select() may return ENOMEM if there is a kernel resource
1845 shortage. Older Solaris select() may return EIO instead of EBADF
1846 when the tty goes away. If we get an unhandled select() failure,
1847 kill the child and exit cleanly.
1851 Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
1855 2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1857 * plugins/sudoers/set_perms.c:
1858 Fix restoration of AIX permissions.
1862 Allow the -k flag to be used along with the -i and -s flags.
1865 * plugins/sudoers/sudoreplay.c:
1866 Plug memory leak in parse_logfile() in the error path.
1869 * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
1870 src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
1871 src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
1872 src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
1873 src/po/zh_CN.mo, src/po/zh_CN.po:
1874 sync with translationproject.org
1877 2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
1879 * compat/regress/glob/globtest.c, config.h.in, configure,
1880 configure.in, plugins/sudoers/match.c:
1881 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
1882 glob() and fnmatch() results to be consistent.
1885 2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
1887 * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
1889 Move ttysize.c to common so sudoreplay can use it.
1892 * plugins/sudoers/sudoreplay.c:
1893 If I/O log file includes rows + cols, warn if the user's tty is not
1897 * plugins/sudoers/sudoreplay.c:
1898 Fix printing of TSID in "sudoreplay -l"
1901 * common/sudo_debug.c, include/sudo_debug.h,
1902 plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
1904 Log the process id in the debug file output. Since we don't want to
1905 keep calling getpid(), stash the value at init time and when we
1910 Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
1911 is better to receive EIO from read()/write() than to be suspended
1912 when we don't expect it. Fixes a problem when our terminal is
1913 revoked which can happen when, e.g. our sshd is killed
1914 unceremoniously. Also, only change the value of "alive" from true to
1915 false, never from false to true. It is possible for us to receive
1916 notification of the child having stopped after it is already dead.
1917 This does not mean it has risen from the grave.
1921 Distinguish between signals we received from the parent vs. those
1922 delivered explicitly to the monitor process in debugging info.
1925 2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
1927 * plugins/sudoers/check.c:
1928 In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
1929 Update tty_is_devpts() to match so we can determine when the tty has
1933 * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
1934 Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
1935 and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
1936 This allows consumers of sudo_debug_printf() to log that data
1937 without having to specify it manually.
1941 Make this compile after last change.
1945 Don't try to restore the terminal if we are not the foreground
1946 process. Otherwise, we may be stopped by SIGTTOU when we try to
1947 update the terminal settings when cleaning up.
1951 If select() return EBADF in the main event loop, one of the ttys
1952 must have gone away so perform any I/O we can and close the bad fds.
1955 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
1956 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
1957 plugins/sudoers/toke.l:
1958 Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
1959 function, file and line number in the debug log for warning() and
1963 2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
1965 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
1967 Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
1968 Use this flag when wrapping error() and warning() so the debug
1969 output includes the error string.
1972 2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
1975 Update for sudo 1.8.5
1978 * plugins/sudoers/po/sudoers.pot:
1986 * plugins/sudoers/pwutil.c:
1991 Don't need zero_bytes() after ecalloc()
1994 * config.h.in, configure, configure.in, src/sudo_noexec.c:
1995 Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
2000 Fix compat setutxent and endutxent macros for systems with
2001 setutent() but not setutxent(). From Gustavo Zacarias
2004 2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
2007 Add ignore_result definition to AH_BOTTOM
2010 * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
2011 plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
2012 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
2013 src/exec.c, src/exec_pty.c, src/tgetpass.c:
2014 Fix compiler warnings on some platforms and provide a better method
2015 of defeating gcc's warn_unused_result attribute.
2018 * configure, configure.in:
2019 Fix building the builtin zlib from a build dir. When a zlib dir was
2020 specified, prepend its include path instead of appending so we get
2021 the right zlib headers.
2024 * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
2025 zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
2026 zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
2027 zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
2028 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
2029 Update zlib to version 1.2.6
2032 2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
2034 * include/missing.h:
2035 g/c __unused which is no longer used
2039 Fix compilation if RTLD_NEXT is not defined.
2042 * src/po/sr.mo, src/po/sr.po:
2043 sync with translationproject.org
2046 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
2051 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2056 Ignore Project-Id-Version when comparing pot files.
2059 * plugins/sudoers/bsm_audit.c:
2060 Use error() instead of log_fatal()
2063 * plugins/sudoers/env.c:
2064 Fix signedness of didvar in env_update_didvar()
2067 * plugins/sudoers/iolog.c:
2068 Quiet a compiler warning on some platforms.
2072 cast ctype(3) function/macro arguments from char to unsigned char to
2073 avoid potential negative subscripting.
2076 * common/setgroups.c:
2077 Quiet a warning on systems where the gids array in setgroups() is
2078 not prototyped as being const, even though it really is.
2082 Quiet a compiler warning on systems where the argument to putenv(3)
2086 * plugins/sudoers/sudoreplay.c:
2087 Undo an incorrect int -> bool conversion.
2090 * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
2091 src/po/sv.mo, src/po/sv.po:
2092 Add Swedish sudo and sudoers translations from
2093 translationproject.org
2096 * plugins/sudoers/env.c:
2097 No need to preserve ODMDIR on AIX now that we always read
2101 2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
2103 * doc/sudoers.pod, plugins/sudoers/env.c:
2104 When initializing the environment for env_reset, start out with the
2105 contents of /etc/environment on AIX and login.conf on BSD.
2108 * doc/TROUBLESHOOTING, src/sudo.c:
2109 If we are not running with an effective uid of 0, try to give the
2110 user enough information to debug the problem.
2113 * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
2114 Quiet a clang-analyzer false positive.
2118 If there is nothing to read from the askpass program, set errno to
2119 EINTR. This makes the cancel button behave like the user entered ^C
2120 at the password prompt when PAM is used.
2123 * src/sudo.h, src/tgetpass.c:
2124 Fetch the value of "askpass" from the sudo conf struct.
2127 * common/sudo_conf.c:
2128 Fix matching of "Path askpass" and "Path noexec"
2131 2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
2133 * plugins/sudoers/visudo.c:
2134 Quiet a clang-analyzer dead store warning.
2137 * plugins/sudoers/sudoers.c:
2138 If the "timestampowner" user cannot be resolved, use ROOT_UID
2139 instead of exiting with a fatal error.
2142 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
2143 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
2144 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
2145 plugins/sudoers/check.c, plugins/sudoers/env.c,
2146 plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
2147 plugins/sudoers/logging.h, plugins/sudoers/parse.c,
2148 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
2149 Remove the NO_EXIT flag to log_error() and add a log_fatal()
2150 function that exits and is marked no_return. Fixes false positives
2151 from static analyzers and is easier for humans to read too.
2154 2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
2156 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
2158 sync with translationproject.org
2161 2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
2163 * src/po/da.mo, src/po/da.po:
2164 sync with translationproject.org
2167 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
2168 sync with translationproject.org
2171 2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
2173 * src/po/it.mo, src/po/it.po:
2174 sync with translationproject.org
2177 * common/sudo_conf.c, plugins/sudoers/alias.c,
2178 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
2179 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2180 plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
2181 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2182 plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
2184 Use ecalloc() when allocating structs.
2187 * common/alloc.c, include/alloc.h:
2188 Add ecalloc() and commented out recalloc(). Use inline strnlen()
2189 instead of strlen() in estrndup().
2192 2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
2194 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2195 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
2196 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2197 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
2198 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
2199 src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
2200 src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
2201 src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
2202 src/po/zh_CN.mo, src/po/zh_CN.po:
2203 sync with translationproject.org
2206 2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
2208 * plugins/sudoers/set_perms.c:
2212 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2213 Document what changed in each plugin API revision
2216 * plugins/sudoers/set_perms.c:
2217 Remove bogus optimization that could lead to a double free of the
2221 2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
2223 * doc/TROUBLESHOOTING:
2224 Expand AIX /etc/security/privcmds entry.
2228 Update for sudo 1.8.5
2231 * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
2232 doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
2233 doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
2234 doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
2235 include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
2236 src/sudo_plugin_int.h:
2237 Rename plugin "args" to "options"
2241 Add Lithuanian and Vietnamese translators
2245 Ignore comments when comparing new and old pot files.
2252 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
2256 * doc/sudo_plugin.pod, include/sudo_plugin.h,
2257 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
2258 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
2259 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
2260 src/sudo.c, src/sudo.h:
2261 Pass a pointer to user_env in to the init_session policy plugin
2262 function so session setup can modify the user environment as needed.
2263 For PAM authentication, merge the PAM environment with the user
2264 environment at init_session time. We no longer need to swap in the
2265 user_env for environ during session init, nor do we need to disable
2266 the env hooks at init_session time.
2269 * plugins/sample/sample_plugin.c:
2270 Add explicit NULL entries for init_session, register_hooks and
2271 deregister_hooks with appropriate comments.
2275 Quiet a gcc "used uninitialized in this function" false positive.
2278 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2279 We should always call warning() with a format string or a string
2280 literal. In this case, the argument (path) is not user-controlled.
2283 2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
2286 Include sudo_exec.h for the sudo_execve() prototype.
2289 * config.h.in, configure, configure.in:
2290 Add check for pam_getenvlist()
2293 * common/sudo_conf.c:
2294 Set args to NULL in default plugin info struct when there is no
2295 Plugin line in sudo.conf.
2298 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2302 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
2303 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2304 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
2305 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
2309 * configure, configure.in:
2310 Bump version to 1.8.5
2313 * doc/sudo_plugin.pod:
2317 2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
2320 Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
2323 * include/sudo_plugin.h:
2324 Use sudo_hook_fn_t in struct sudo_hook.
2327 * doc/TROUBLESHOOTING:
2328 If cross compiling, --host must include the OS in the tuple. E.g.
2329 --host powerpc-unknown-linux
2332 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
2334 * plugins/sudoers/parse.c:
2335 Fix bogus int -> bool conversion; tags can have a value of -1.
2338 * plugins/sudoers/env.c:
2339 Add env_should_keep() and env_should_delete() wrapper functions to
2340 simplify things a bit and hide the fact that matches_env_check() is
2345 Fix application of debian-specific sudoers mods when building
2346 packages as non-root.
2349 * plugins/sudoers/env.c:
2350 matches_env_check() returns int, not boolean
2354 Fix compilation when seteuid() is not available.
2358 Simply move the free of ki_proc outside the realloc() loop.
2362 Bring back the erealloc() for the ENOMEM loop and just zero the
2363 pointer after we free it.
2367 Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
2370 2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
2372 * plugins/sudoers/set_perms.c:
2373 Use normal error path if unable to set sudoers gid.
2376 * plugins/sudoers/set_perms.c:
2377 Make this work again on systems w/o seteuid().
2380 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
2382 * plugins/sudoers/set_perms.c:
2383 Fix compilation if no seteuid/setreuid/setresuid available.
2386 * plugins/sudoers/set_perms.c:
2387 Better error messages, and added debugging throughout. Fixed
2388 seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
2389 AIX version of restore_perms(). Added checks to avoid changing
2390 uid/gid when we don't have to. Never set gid/uid state to -1, use
2391 the old value instead.
2394 * src/exec_pty.c, src/ttyname.c:
2395 Fix format string warning on Solaris with gcc 3.4.3.
2399 Always declare environ now that we swap it around unilaterally.
2403 Honor LDFLAGS when linking sesh; from Vita Cizek
2407 Include alloc.h for estrdup() prototype; from Vita Cizek
2410 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
2412 * plugins/sudoers/sudoers.c:
2413 Don't read /etc/environment on Linux when using PAM, PAM should set
2414 the environment variables as needed via pam_env.
2421 * src/hooks.c, src/sudo.c, src/sudo.h:
2422 Disable environment hooks after we get user_env back to make sure a
2423 plugin can't to modify user_env after we "own" it. This is kind of
2424 a hack but we don't want the init_session plugin function to modify
2428 * src/hooks.c, src/sudo.c:
2429 Add support for deregistering hooks. If an I/O log plugin fails to
2430 initialize, deregister its hooks (if any).
2433 2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
2435 * plugins/sudoers/sudoers.c, src/sudo.c:
2436 Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
2440 * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
2441 compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
2442 configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
2443 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
2444 plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
2445 plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
2446 src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
2447 src/sudo_plugin_int.h:
2448 Initial cut at a hooks implementation. The plugin can register
2449 hooks for getenv, putenv, setenv and unsetenv. This makes it
2450 possible for the plugin to trap changes to the environment made by
2451 authentication methods such as PAM or BSD auth so that such changes
2452 are reflected in the environment passed back to sudo for execve().
2455 2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
2457 * MANIFEST, src/po/vi.mo, src/po/vi.po:
2458 Add Vietnamese sudo translation from translationproject.org
2461 2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
2463 * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
2465 List sudo_noexec.so not noexec.so in the sample sudo.conf
2468 * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
2469 doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
2470 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
2471 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
2472 plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
2473 src/sudo_plugin_int.h:
2474 Add support for plugin args at the end of a Plugin line in
2475 sudo.conf. Bump the minor number accordingly and update the
2476 documentation. A plugin must check the sudo front end's version
2477 before using the plugin_args parameter since it is only supported
2478 for API version 1.2 and higher.
2481 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
2483 * plugins/sudoers/Makefile.in:
2488 secure_path.c is in common, not compat
2491 * configure, configure.in:
2492 Add check for variadic macro support in cpp.
2495 2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
2497 * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
2498 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2499 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
2500 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2501 Add type param to sudo_secure_path() and add sudo_secure_file() and
2502 sudo_secure_dir() wrappers which get by #includedir in sudoers.
2505 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
2507 * doc/visudo.pod, plugins/sudoers/visudo.c:
2508 Check the owner and mode in -c (check) mode unless the -f option is
2509 specified. Previously, the owner and mode were checked on the main
2510 sudoers file when the -s (strict) option was given, but this was not
2514 * config.h.in, configure, configure.in, src/ttyname.c:
2515 Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
2516 versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
2519 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
2522 Add Eric Lakin for patch in bug #538
2526 Fix typo in safe_close() made while converting to debug framework
2527 that prevented it from actually closing anything.
2531 Add some more debugging.
2534 * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
2535 include/Makefile.in:
2536 We need sysconfdir in compat/Makfile to get the proper sudo.conf
2537 path. Add standard prefix and foodir expansion in all Makefiles to
2538 avoid this problem in the future.
2541 2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
2543 * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
2544 New Lithuanian sudoers translation from translationproject.org
2547 * plugins/sudoers/po/ja.po:
2548 Update from translationproject.org
2551 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
2553 * plugins/sudoers/ldap.c:
2554 When adding gids to the LDAP filter, only add the primary gid once.
2555 This is consistent with the space computation/allocation. From Eric
2559 * doc/TROUBLESHOOTING:
2560 Add entry for AIX enhanced RBAC config.
2564 Target Mac OS X 10.5 when building packages.
2567 2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
2569 * MANIFEST, common/Makefile.in, common/secure_path.c,
2570 common/sudo_conf.c, include/secure_path.h,
2571 plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
2572 Relax the user/group/mode checks on sudoers files. As long as the
2573 file is owned by the right user, not world-writable and not writable
2574 by a group other than the one specified at configure time (gid 0 by
2575 default), the file is considered OK. Note that visudo will still
2576 set the mode to the value specified at configure time.
2579 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
2581 * plugins/sudoers/set_perms.c:
2582 Add AIX-specific version of permission setting code to make sure
2583 that the saved uid gets restored properly.
2586 * config.h.in, configure, configure.in, src/exec_common.c:
2587 Check for LD_PRELOAD variants in configure instead of checkign cpp
2588 symbols. In disable_execute(), compute the length of the new envp
2589 and allocate it once instead of reallocating on demand. Also append
2590 old value of LD_PRELOAD (if any) to the new value.
2593 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
2594 Fix the description of noexec.
2597 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
2598 The "op" parameter to set_default() must be int, not bool since it
2599 is set to '+' or '-' for list add and subtract.
2603 Make sure sudoers is writable before calling ed script.
2606 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
2608 * doc/CONTRIBUTORS, doc/contributors.pod:
2609 Update contributors. Now includes translators and authors of compat
2613 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
2620 Build flat packages, not package bundles, on Mac OS X.
2623 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
2626 Move macos section to be with the other OS-specific sections.
2629 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2630 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
2631 Sync with translationproject.org
2634 * configure, configure.in:
2635 Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
2639 Add Mac OS X support, printing the latest chunk of the NEWS file and
2640 the license text in the installer.
2644 Add explicit file modes that match those used by "make install"
2648 Sync with upstream for Mac OS X fixes.
2651 * plugins/sudoers/Makefile.in, src/Makefile.in:
2652 Got back to using "install-sh -M" for files installed as non-
2653 readable by owner. This fixes "make install" as non-root for
2657 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
2659 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
2660 plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2661 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2662 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2663 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
2664 Sync with translationproject.org
2667 * Makefile.in, doc/Makefile.in, include/Makefile.in,
2668 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
2669 plugins/sudoers/Makefile.in, src/Makefile.in:
2670 Use -m not -M for install-sh for everything except setuid. Install
2671 locale .mo files mode 0444, not 0644. If timedir parent doesn't
2672 exist, use default dir mode, not 0700.
2675 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
2678 Re-sync with upstream; no longer need a local patch.
2682 Add support for building Mac OS X packages.
2690 No longer need to define _PATH_SUDO_CONF here.
2693 * src/exec_common.c:
2694 Fix noexec for Mac OS X.
2697 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
2699 * common/Makefile.in:
2700 Move _PATH_SUDO_CONF override to common to match sudo_debug.c
2703 * plugins/sudoers/set_perms.c:
2704 More complete fix for LDR_PRELOAD on AIX. The addition of
2705 set_perm(PERM_ROOT) before calling the nss open functions (needed to
2706 avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
2707 and then real uid to 0 for PERM_ROOT works around the issue.
2710 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2715 Set real uid to root before calling sudo_edit() or run_command() so
2716 that the monitor process is owned by root and not by the user.
2717 Otherwise, on AIX at least, the monitor process shows up in ps as
2718 belonging to the user (and can be killed by the user).
2721 * plugins/sudoers/set_perms.c:
2722 For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
2723 the call to setuid(0) if the current euid is non-zero. This
2724 effectively restores the state of things prior to rev 7bfeb629fccb.
2725 Fixes a problem on AIX where LDR_PRELOAD was not being honored for
2726 the command being executed.
2729 * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
2730 include/missing.h, src/sudo.c:
2731 Make a copy of the struct passwd in exec_setup() to make sure
2732 nothing in the policy init modifies it.
2735 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
2741 * common/sudo_debug.c, include/sudo_debug.h:
2742 g/c now-unused debug subsystems
2745 * doc/sudo.pod, doc/sudoers.pod:
2746 Enumerate the debug subsystems used by sudo and sudoers.
2749 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
2751 * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
2752 include/sudo_conf.h, src/sudo.c:
2753 Normally, sudo disables core dumps while it is running. This
2754 behavior can now be modified at run time with a line in sudo.conf
2755 like "Set disable_coredumps false"
2759 Mention Spanish translation
2762 * common/sudo_debug.c:
2763 Make sure we don't try to fall back to using the conversation
2764 function for debugging in the main sudo process if we are unable to
2765 open the debug file.
2768 * MANIFEST, src/po/es.mo, src/po/es.po:
2769 Add sudo Spanish translation from translationproject.org
2772 2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
2774 * plugins/sudoers/iolog.c:
2775 Better debug subsystem usage
2779 Remove duplicate function prototypes
2782 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
2784 * configure, configure.in:
2785 Error out if user specified --with-pam but we can't find the headers
2786 or library. Also throw an error if the headers are present but the
2787 library is not and vice versa.
2790 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
2792 * plugins/sudoers/sudoers.c:
2793 Fix the sudoers permission check when the expected sudoers mode is
2797 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
2799 * configure, configure.in:
2800 Verify that we can link executables built with -D_FORTIFY_SOURCE
2804 * src/exec_common.c:
2805 Fix potential off-by-one when making a copy of the environment for
2806 LD_PRELOAD insertion. Fixes bug #534
2809 * configure, configure.in:
2810 Add rudimentary check for _FORTIFY_SOURCE support by checking for
2811 __sprintf_chk, one of the functions used by gcc to support it.
2814 * compat/stdbool.h, config.h.in, configure, configure.in:
2815 Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
2818 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
2820 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2824 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
2826 * src/exec.c, src/sudo.c:
2827 The change in 818e82ecbbfc that caused to exit when the monitor dies
2828 created a race condition between the monitor exiting and the status
2829 being read. All we really want to do is make sure that select()
2830 notifies us that there is a status change when the monitor dies
2831 unexpectedly so shutdown the socketpair connected to the monitor for
2832 writing when it dies. That way we can still read the status that is
2833 pending on the socket and select() on Linux will tell us that the fd
2837 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
2838 src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
2840 Refactor disable_execute() and my_execve() into exec_common.c for
2841 use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
2842 disabling exec in exec_setup(), disable it immediately before
2843 executing the command. Adapted from a diff by Arno Schuring.
2846 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
2848 * aclocal.m4, configure, configure.in:
2849 Add custom version of AC_CHECK_LIB that uses the extra libs in the
2850 cache value name. With this we no longer need to rely on a modified
2851 version of autoconf.
2854 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
2856 * configure, configure.in:
2857 Better handling of network functions that need -lsocket -lnsl
2861 When setting up the execution environment, set groups before
2862 gid/egid like sudo 1.7 did.
2865 * configure, configure.in:
2866 Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
2869 * plugins/sudoers/sudoers.c:
2870 For "sudo -g" prepend the specified group ID to the beginning of the
2871 groups list. This matches BSD convention where the effective gid is
2872 the first entry in the group list. This is required on newer
2873 FreeBSD where the effective gid is not tracked separately and thus
2874 setgroups() changes the egid if this convention is not followed.
2878 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
2880 * configure, configure.in:
2881 Fix sh warning; use "test" instead of "["
2885 When not logging I/O, use a signal handler that only forwards
2886 SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
2887 Fixes a race in the non-I/O logging path where the command may
2888 receive two keyboard-generated signals; one from the kernel and one
2889 from the sudo process.
2893 Back out change that put the command in its own pgrp when not
2894 logging I/O. It causes problems with pipelines.
2897 2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
2899 * compat/Makefile.in, configure, configure.in:
2900 Only run compat regress tests on compat objects we actually build.
2901 Fixes "make check" in the compat dir for systems that don't
2902 implement character classes in fnmatch() or glob(). Bug #531
2905 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
2907 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
2908 Update po files from translationproject.org
2911 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
2914 Include parent directories in case they don't already exist. This
2915 fixes a directory permissions problem with the AIX package when the
2916 /usr/local directories don't already exist.
2920 sync with git version
2923 * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
2927 * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
2928 Move tty name lookup code to its own file.
2931 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
2934 Update with latest sudo 1.8.4 changes.
2937 * config.h.in, configure, configure.in:
2938 Remove obsolete template for HAVE_TIMESPEC
2942 Add a check for devname() returning a fully-qualified pathname. None
2943 of the devname() implementations do this today but you never know
2944 when this might change.
2947 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
2949 * plugins/sudoers/visudo.c:
2950 For "visudo -c" also list include files that were checked when
2955 The device name returned by devname() does not include the /dev/
2956 prefix so we need to add it ourselves.
2960 Add debug warning if KERN_PROC sysctl fails or devname() can't
2961 resolve the tty device to a name.
2964 * common/sudo_debug.c:
2965 The result of writev() is never checked so just cast to NULL.
2968 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2969 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2970 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2971 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
2972 Update Esperanto, Finnish, Polish and Ukrainian translations from
2973 translationproject.org.
2976 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
2978 * config.h.in, configure, configure.in, src/sudo.c:
2979 Add support for determining tty via sysctl on other BSD variants.
2982 * configure, configure.in:
2983 Only check for struct kinfo_proc.ki_tdev on systems that support
2988 For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
2989 ttyname() of std{in,out,err}.
2992 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
2994 * config.h.in, configure, configure.in, src/sudo.c:
2995 On newer FreeBSD we can get the parent's tty name via sysctl().
2998 * plugins/sudoers/testsudoers.c:
3003 Silence a gcc warning.
3006 * plugins/sudoers/bsm_audit.c:
3007 Need to include gettext.h and sudo_debug.h; from John Hein
3010 * plugins/sudoers/iolog.c:
3011 Initialize the debug framework from the I/O plugin too.
3014 2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
3016 * plugins/sudoers/testsudoers.c:
3017 Enable debugging via sudo.conf.
3020 2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
3022 * plugins/sudoers/visudo.c:
3023 Use SUDO_DEBUG_ALIAS for alias checking functions.
3026 * configure, configure.in:
3027 More complete test for getaddrinfo() that doesn't rely on the
3028 network libraries already being added to LIBS.
3031 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
3037 * configure, configure.in:
3038 Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
3041 * compat/getaddrinfo.c:
3042 Include errno.h and missing.h
3049 * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
3050 plugins/sudoers/gram.y, plugins/sudoers/match.c,
3051 plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
3052 src/parse_args.c, src/sudo.c, src/sudo.h:
3053 Update copyright year.
3057 Update for sudo 1.8.4
3060 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3064 * plugins/sudoers/sudoreplay.c:
3065 Enable debugging via sudo.conf.
3068 * plugins/sudoers/visudo.c:
3069 Enable debugging via sudo.conf.
3072 * plugins/sudoers/visudo.c:
3073 Allow "visudo -c" to work when we only have read-only access to the
3074 sudoers include files.
3077 * doc/sudo.pod, doc/visudo.pod:
3078 Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
3079 HISTORY section in sudo that points to HISTORY file.
3082 * doc/sudo.pod, doc/sudo_plugin.pod:
3083 Document Debug setting in sudo.conf and debug_flags in plugin.
3086 2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
3088 * plugins/sudoers/match.c:
3089 Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
3090 bug where a pattern like "/usr/*" include /usr/bin/ in the results,
3091 which would be incorrectly be interpreted as if the sudoers file had
3092 specified a directory. From Vitezslav Cizek.
3095 * INSTALL, config.h.in, configure, configure.in,
3096 plugins/sudoers/auth/kerb5.c:
3097 Add --enable-kerb5-instance configure option to allow people using
3098 Kerberos V authentication to use a custom instance. Adapted from a
3099 diff by Michael E Burr.
3102 * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
3103 Remove -D debug_level option.
3107 Update copyright year.
3110 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
3112 * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
3113 plugins/sudoers/visudo.c:
3114 parse_error is now bool, not int
3117 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3118 plugins/sudoers/parse.c:
3119 Print a more sensible error if yyparse() returns non-zero but
3120 yyerror() was not called.
3123 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
3124 plugins/sudoers/gram.c:
3125 Replace y.tab.c with the correct filename in #line directives.
3128 2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
3131 When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
3132 if the main process's fds 0-2 are not hooked up to a tty. Adapted
3133 from a diff by Zdenek Behan.
3137 When not logging I/O, put command in its own pgrp and make that the
3138 controlling pgrp if the command is in the foreground. Fixes a race
3139 in the non-I/O logging path where the command may receive two
3140 keyboard-generated signals; one from the kernel and one from the
3144 2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
3147 Quiet a bogus gcc warning.
3150 * src/parse_args.c, src/sudo.h:
3151 Fix warnings related to sudo.conf accessors.
3154 * common/sudo_conf.c, include/sudo_conf.h:
3155 Separate sudo.conf parsing from plugin loading and move the parse
3156 functions into the common lib so that visudo, etc. can use them.
3159 * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
3160 src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
3161 Separate sudo.conf parsing from plugin loading and move the parse
3162 functions into the common lib so that visudo, etc. can use them.
3165 * doc/sudoers.pod, plugins/sudoers/def_data.c,
3166 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
3167 plugins/sudoers/sudoers.c, src/sudo.c:
3168 Remove support for noexec_file in sudoers and the plugin API
3171 * plugins/sudoers/sudoers.c:
3172 Don't dump interfaces if there are none.
3175 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
3176 Add missing %s printf escape to the group_plugin, iolog_dir and
3177 iolog_file descriptions.
3180 2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
3182 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
3183 Fix typo in visiblepw description; from Joel Pickett
3186 2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
3188 * MANIFEST, configure, configure.in, mkdep.pl,
3189 plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
3190 plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
3191 plugins/sudoers/sudoers.h, src/sudo.c:
3192 When running a login shell with a login_class specified, use
3193 LOGIN_SETENV instead of rolling our own login.conf setenv support
3194 since FreeBSD's login.conf has more than just setenv capabilities.
3195 This requires us to swap the plugin-provided envp for the global
3196 environ before calling setusercontext() and then stash the resulting
3197 environ pointer back into the command details, which is kind of a
3201 * plugins/sudoers/Makefile.in:
3202 If srcdir is "." just use the basename of the yacc/lex file when
3203 generating the C version. This matches the generated files
3204 currently in the repo.
3207 * doc/Makefile.in, plugins/sudoers/Makefile.in:
3208 Clean up the DEVEL noise
3212 Handle different Unix domain socket (actually socketpair) semantics
3213 in BSD vs. Linux. In BSD if one end of the socketpair goes away
3214 select() returns the fd as readable and the read will fail with
3215 ECONNRESET. This doesn't appear to happen on Linux so if we notice
3216 that the monitor process has died when I/O logging is enabled,
3217 behave like the command has exited. This means we log the wait
3218 status of the monitor, not the command, but there is nothing else we
3219 can do at that point. This should only be an issue if SIGKILL is
3220 sent to the monitor process.
3224 Catch common signals in the monitor process so they get passed to
3225 the command. Fixes a problem when the entire login session is
3226 killed when ssh is disconnected or the terminal window is closed.
3227 Previously, the monitor would exit and plugin's close method would
3231 * INSTALL, configure, configure.in:
3232 Mention how to configure pam_hpsec on HP-UX to play nicely with
3236 2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
3238 * plugins/sudoers/ldap.c:
3239 Escape values in the search expression as per RFC 4515.
3242 * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3243 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3245 No need for install target to depend explicitly on install-dirs, the
3246 install-foo targets all depend on it.
3249 2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
3255 * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
3256 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3257 plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
3258 plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
3259 plugins/sudoers/sudoers.h, src/Makefile.in:
3260 Add support for setenv entries in login.conf. We can't use
3261 LOGIN_SETENV since the plugin sets up the envp the command is
3262 executed with. Also regen the Makefile.in files while here. Fixes
3266 2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
3268 * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
3269 config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
3271 Add getaddrinfo() for those without it, written by Russ Allbery
3275 Restore PACKAGE_TARNAME, it is used in docdir
3278 * MANIFEST, compat/stdbool.h:
3279 SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
3283 * common/atobool.c, common/term.c, src/exec.c:
3284 Remove duplicate return statements.
3287 * plugins/sudoers/auth/bsdauth.c:
3288 Remove inaccurate comment
3291 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
3292 Fetch the login class for the user we authenticate specifically when
3293 using BSD authentication. That user may have a different login
3294 class than what we will use to run the command. When setting the
3295 login class for the command, use the target user's struct passwd,
3296 not the invoking user's. Fixes bug 526
3299 * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
3300 plugins/sudoers/Makefile.in:
3301 Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
3304 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3305 plugins/sudoers/regress/logging/check_wrap.c,
3306 plugins/sudoers/regress/parser/check_addr.c,
3307 plugins/sudoers/regress/parser/check_fill.c:
3308 Fix "make check" fallout from the sudo_conv changes in sudo_debug.
3311 * common/fileops.c, common/sudo_debug.c, configure, configure.in,
3312 include/fileops.h, plugins/sample/Makefile.in,
3313 plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
3314 plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
3315 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
3316 plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
3317 plugins/sudoers/env.c, plugins/sudoers/find_path.c,
3318 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
3319 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
3320 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
3321 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
3322 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
3323 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
3324 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
3325 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
3326 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
3327 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
3328 plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
3329 src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
3330 src/sudo_plugin_int.h, src/utmp.c:
3331 Use stdbool.h instead of rolling our own TRUE/FALSE macros.
3334 2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
3336 * compat/stdbool.h, config.h.in, configure, configure.in:
3337 Add stdbool.h for systems without it.
3340 * aclocal.m4, config.h.in, configure, configure.in:
3341 No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
3342 includes have unistd.h in them. Add check for socklen_t for
3343 upcoming getaddrinfo compat.
3346 * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
3347 configure.in, plugins/sudoers/interfaces.c,
3348 plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
3349 plugins/sudoers/sudoreplay.c, src/net_ifs.c:
3350 Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
3351 HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
3354 * src/sudo_noexec.c:
3355 No longer need to include time.h here as missing.h does not use
3359 2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
3361 * plugins/sudoers/visudo.c:
3362 Fix mode on sudoers as needed when the -f option is not specified.
3365 * MANIFEST, src/po/sr.mo, src/po/sr.po:
3366 Add Serbian translation for sudo from translationproject.org
3369 * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
3371 No longer pass debug_file to plugin, plugins must now use
3376 Build PIE executables for newer Debian and Ubuntu
3379 * common/sudo_debug.c:
3380 Include time.h for ctime() prototype.
3383 2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
3385 * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
3387 Do not close error pipe or debug fd via closefrom() as we need them
3388 to report an exec error should one occur.
3391 * doc/sudoers.ldap.pod:
3392 Document that a sudoUser may now be a group ID.
3395 * plugins/sudoers/ldap.c:
3396 Add support for permitting access by group ID in addition to group
3400 * plugins/sudoers/ldap.c:
3401 Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
3404 * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
3405 Replace UCB fnmatch.c with a non-recursive version written by
3409 * plugins/sudoers/auth/pam.c:
3410 Fix typo, return_debug vs. debug_return
3413 2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
3415 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
3416 Update Japanese sudoers translation from translationproject.org
3420 Make the env_reset descriptions consistent.
3423 2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
3425 * configure, configure.in:
3426 Do multiple expansion when expanding paths to the noexec file, sesh
3427 and the plugin directory. Adapted from a diff by Mike Frysinger
3430 * common/Makefile.in:
3434 2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
3437 Add ignore file; from Mike Frysinger
3441 no longer save old Makefile.in to .old
3444 * plugins/sudoers/Makefile.in, src/Makefile.in:
3448 * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
3449 m4/ltoptions.m4, m4/ltversion.m4:
3450 Update to libtool 2.4.2
3453 2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
3455 * plugins/sudoers/sudoers_version.h:
3456 Bump grammar version for #include and #includedir relative path
3460 2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
3462 * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3463 Add support for relative paths in #include and #includedir
3466 * plugins/sudoers/Makefile.in:
3467 Fix install-plugin when shared objects are unsupported or disabled.
3470 * plugins/sudoers/goodpath.c:
3471 Don't write to sbp if it is NULL
3474 2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
3477 Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
3478 only install matching .mo files
3481 2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
3483 * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
3484 plugins/sudoers/sudoers.c, src/conversation.c:
3485 Fix non-dynamic (no dlopen) sudo build.
3488 * configure, configure.in:
3489 Don't error out if the user specified --disable-shared
3492 * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
3493 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
3495 Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
3499 * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
3500 plugins/sudoers/sudoers.h:
3501 Make sudo_goodpath() return value bolean
3504 * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
3505 plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
3506 Remove obsolete securid auth method.
3509 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
3510 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
3511 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
3512 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
3513 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
3514 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
3515 plugins/sudoers/auth/sudo_auth.h:
3516 Prefix authentication functions with a "sudo_" prefix to avoid
3520 * INSTALL, MANIFEST, config.h.in, configure, configure.in,
3521 doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
3522 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
3523 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
3524 Remove the old Kerberos IV support
3527 2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
3529 * plugins/sudoers/check.c:
3530 Don't print garbage at the end of the custom lecture.
3533 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3534 Add lexer tracing as debug@parser
3537 * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
3538 plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
3539 plugins/sudoers/match.c, plugins/sudoers/parse.c,
3540 plugins/sudoers/regress/parser/check_fill.c,
3541 plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
3542 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
3543 plugins/sudoers/visudo.c:
3544 Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
3545 <def_data.h> and not "def_data.h" when generating the parser in a
3549 2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
3551 * mkdep.pl, plugins/sudoers/Makefile.in:
3552 Better devdir support in mkdep.pl
3555 * plugins/sudoers/Makefile.in:
3556 Add devdir before srcdir in include path and fix up dependecies
3560 * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
3561 plugins/sudoers/defaults.h, plugins/sudoers/match.c,
3562 plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
3563 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
3564 plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
3565 #include "gram.h" not <gram.h> and "def_data.h" and not
3570 Mark libexec files as optional. If we build without shared object
3571 support, libexec is not used.
3574 * src/load_plugins.c:
3575 Change Debug sudo.conf setting to take a program name as the first
3576 argument. In the future, this will allow visudo and sudoreplay to
3577 use their own Debug entries.
3581 fix sudo_debug_printf priority
3584 * plugins/sudoers/sudoers.c:
3585 add missing debug_return_int
3588 2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
3590 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
3591 plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
3592 Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
3596 Add missing word in HOME security note.
3599 * plugins/sudoers/testsudoers.c:
3600 Prevent "testsudoers -d username" from trying to malloc(0).
3603 2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
3605 * plugins/sudoers/regress/sudoers/test10.in,
3606 plugins/sudoers/regress/sudoers/test10.out.ok,
3607 plugins/sudoers/regress/sudoers/test10.toke.ok,
3608 plugins/sudoers/regress/sudoers/test10.toke.out.ok,
3609 plugins/sudoers/regress/sudoers/test11.in,
3610 plugins/sudoers/regress/sudoers/test11.out.ok,
3611 plugins/sudoers/regress/sudoers/test11.toke.ok,
3612 plugins/sudoers/regress/sudoers/test11.toke.out.ok,
3613 plugins/sudoers/regress/sudoers/test12.in,
3614 plugins/sudoers/regress/sudoers/test12.out.ok,
3615 plugins/sudoers/regress/sudoers/test12.toke.ok,
3616 plugins/sudoers/regress/sudoers/test13.in,
3617 plugins/sudoers/regress/sudoers/test13.out.ok,
3618 plugins/sudoers/regress/sudoers/test13.toke.ok,
3619 plugins/sudoers/regress/sudoers/test9.in,
3620 plugins/sudoers/regress/sudoers/test9.out.ok,
3621 plugins/sudoers/regress/sudoers/test9.toke.ok,
3622 plugins/sudoers/regress/sudoers/test9.toke.out.ok:
3623 Tests for empty sudoers (should parse OK) and syntax errors within a
3624 line (should report correct line number) both with and without the
3628 * plugins/sudoers/regress/sudoers/test4.out.ok,
3629 plugins/sudoers/regress/sudoers/test5.out.ok,
3630 plugins/sudoers/regress/sudoers/test7.out.ok,
3631 plugins/sudoers/regress/sudoers/test8.out.ok,
3632 plugins/sudoers/testsudoers.c:
3633 Print line number when there is a parser error.
3636 2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
3638 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3639 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3640 Keep track of the last token returned. On error, if the last token
3641 was COMMENT, decrement sudolineno since the error most likely
3642 occurred on the preceding line. Previously we always uses
3643 sudolineno-1 which will give the wrong line number for errors within
3647 2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
3650 update with sudo 1.8.3p1 info
3653 * plugins/sudoers/sudoers.c:
3654 Fix crash when "sudo -g group -i" is run. Fixes bug 521
3657 2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
3659 * plugins/sudoers/visudo.c:
3660 Make alias_remove_recursive() return TRUE/FALSE as its callers
3661 expect and remove two unused arguments. Fixes bug 519.
3664 * plugins/sudoers/regress/visudo/test1.out.ok,
3665 plugins/sudoers/regress/visudo/test1.sh:
3666 Add regress test for bugzilla 519
3669 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3670 plugins/sudoers/regress/logging/check_wrap.c,
3671 plugins/sudoers/regress/parser/check_addr.c,
3672 plugins/sudoers/regress/parser/check_fill.c:
3673 Disable warning/error wrapping in regress tests.
3676 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
3679 Do compile-po as part of sync-po so that the .mo files get rebuild
3680 automatically when we sync with translationproject.org
3683 * plugins/sudoers/Makefile.in:
3684 check_addr needs to link with the network libraries on Solaris
3687 * plugins/sudoers/match.c:
3688 When matching a RunasAlias for a runas group, pass the alias in as
3689 the group_list, not the user_list. From Daniel Kopecek.
3692 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
3693 We need to init the auth system regardless of whether we need a
3694 password since we will be closing the PAM session in the monitor
3695 process. Fixes a crash in the monitor on Solaris; bugzilla #518
3698 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
3701 Get rid of done: label. If the child exits we still need to close
3702 the pty, update utmp and restore the SELinux tty context.
3705 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
3707 * common/Makefile.in, common/atobool.c, common/fileops.c,
3708 common/fmt_string.c, common/lbuf.c, common/list.c,
3709 common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
3710 plugins/sudoers/alias.c, plugins/sudoers/audit.c,
3711 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
3712 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
3713 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
3714 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
3715 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
3716 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
3717 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
3718 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
3719 plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
3720 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
3721 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
3722 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
3723 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
3724 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
3725 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
3726 plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
3727 plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
3728 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
3729 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
3730 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
3731 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3732 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
3733 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
3734 src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
3735 src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
3736 src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
3737 src/tgetpass.c, src/ttysize.c, src/utmp.c:
3738 Add debug_decl/debug_return (almost) everywhere. Remove old
3739 sudo_debug() and convert users to sudo_debug_printf().
3742 * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
3743 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3744 plugins/sudoers/visudo.c, src/error.c:
3745 Wrap error/errorx and warning/warningx functions with debug
3746 statements. Disable wrapping for standalone sudoers programs as well
3747 as memory allocation functions (to avoid infinite recursion).
3750 * README, config.h.in, configure, configure.in:
3751 Add checks for __func__ and __FUNCTION__ and mention that we now
3752 require a cpp that supports variadic macros.
3755 * MANIFEST, common/Makefile.in, common/sudo_debug.c,
3756 include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
3757 src/load_plugins.c, src/parse_args.c, src/sudo.c,
3758 src/sudo_plugin_int.h:
3759 New debug framework for sudo and plugins using /etc/sudo.conf that
3760 also supports function call tracing.
3763 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
3765 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
3766 Update Japanese sudoers translation from translationproject.org
3769 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
3771 * configure, configure.in:
3772 Override and ignore the --disable-static option. Sudo already runs
3773 libtool with -tag=disable-static where applicable and we need non-
3774 PIC objects to build the executables.
3777 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
3783 * plugins/sudoers/po/sudoers.pot:
3787 * plugins/sudoers/env.c:
3788 Ignore set_logname (which is now the default) for sudoedit since we
3789 want the LOGNAME, USER and USERNAME environment variables to refer
3790 to the calling user since that is who the editor runs as. This
3791 allows the editor to find the user's startup files. Fixes bugzilla
3795 * plugins/sudoers/pwutil.c:
3796 Instead of trying to grow the buffer in make_grlist_item(), simply
3797 increase the total length, free the old buffer and allocate a new
3798 one. This is less error prone and saves us from having to adjust
3799 all the pointers in the buffer. This code path is only taken when
3800 there are groups longer than the length of the user field in struct
3801 utmp or utmpx, which should be quite rare.
3805 Add Italian translation for sudo from translationproject.org
3808 * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
3809 src/po/ja.mo, src/po/ja.po:
3810 Japanese translation for sudo and sudoers from
3811 translationproject.org
3814 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
3816 * plugins/sudoers/Makefile.in:
3817 sudoreplay depends on timestr.lo too; from Mike Frysinger
3820 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
3822 * plugins/sudoers/po/sudoers.pot:
3823 Regen sudoers pot file.
3827 Update with latest sudo 1.8.3 news
3830 * plugins/sudoers/sudoers.c:
3831 It appears that LDAP or NSS may modify the euid so we need to be
3832 root for the open(). We restore the old perms at the end of
3833 sudoers_policy_open().
3836 * plugins/sudoers/set_perms.c:
3837 Better warning message on setuid() failure for the setreuid()
3838 version of set_perms().
3841 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
3843 * plugins/sudoers/check.c:
3844 Delref auth_pw at the end of check_user() instead of getting a ref
3848 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
3849 Make sudo_auth_{init,cleanup} return TRUE on success and check for
3850 sudo_auth_init() return value in check_user().
3853 * plugins/sudoers/auth/sudo_auth.c:
3854 Do not return without restoring permissions.
3857 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3861 * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
3862 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
3863 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
3864 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
3865 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
3866 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
3867 plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
3868 plugins/sudoers/sudoers.h:
3869 Modify the authentication API such that the init and cleanup
3870 functions are always called, regardless of whether or not we are
3871 going to verify a password. This is needed for proper PAM session
3875 * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
3876 Add missing dependency for getspwuid.lo and regen other depends.
3879 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
3880 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
3881 Fix a PAM_USER mismatch in session open/close. We update PAM_USER
3882 to the target user immediately before setting resource limits, which
3883 is after the monitor process has forked (so it has the old value).
3884 Also, if the user did not authenticate, there is no pamh in the
3885 monitor so we need to init pam here too. This means we end up
3886 calling pam_start() twice, which should be fixed, but at least the
3887 session is always properly closed now.
3891 Add check for old being NULL in utmp_setid(); from Steven McDonald
3894 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
3896 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
3897 plugins/sudoers/sudoers.h:
3898 If the invoking user cannot be resolved by uid fake the struct
3899 passwd and store it in the cache so we can delref it on exit.
3902 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
3904 * plugins/sudoers/sudoers.c:
3905 Don't error out if the group plugin cannot be loaded, just warn.
3908 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
3910 * plugins/sudoers/sudoers.c:
3911 Quiet a false positive found by several static analysis tools. These
3912 tools don't know that log_error() does not return (it longjmps to
3913 error_jmp which returns to the sudo front-end).
3916 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
3918 * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
3919 plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
3920 plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
3921 Add Italian translation for sudo from translationproject.org Regen
3925 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
3927 * doc/TROUBLESHOOTING:
3928 Update to current reality and add bit about ssh auth
3931 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
3932 Make "verbose" static; fixes a namespace clash with
3933 pam_ssh_agent_auth (and it doesn't need to be extern these days).
3936 * config.h.in, configure, configure.in, src/get_pty.c:
3937 FreeBSD has libutil.h not util.h
3940 * configure, configure.in:
3941 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
3944 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
3946 * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
3947 plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
3948 plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
3949 Update po files from translationproject.org
3952 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3954 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3955 Add support for DEREF in ldap.conf.
3959 install target should depend on ChangeLog too, not just install-doc
3963 Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
3967 Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
3971 Document group lookup change and possible side effects.
3974 * configure, configure.in:
3975 Fix some square brackets in case statements that needed to be
3976 doubled up. While here, use $OSMAJOR when it makes sense.
3979 * plugins/sudoers/pwutil.c:
3980 Fix a crash in make_grlist_item() on 64-bit machines with strict
3984 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
3985 Remove list_options() function that is no longer used now that "sudo
3989 * configure, configure.in:
3990 Error message if user tries --with-CC
3993 * configure, configure.in:
3994 Check for -libmldap too when looking for ldap libs, which is the
3995 Tivoli Directory Server client library.
3998 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
4000 * plugins/sudoers/parse.c:
4001 Honor NOPASSWD tag for denied commands too.
4004 2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
4006 * INSTALL, configure, configure.in:
4007 Remove --with-CC option; it doesn't work correctly now that we use
4008 libtool. Users can get the same effect by setting the CC
4009 environment variable when running configure.
4012 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
4014 * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
4016 Assume all modern systems support fstat(2).
4019 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
4021 * compat/regress/glob/globtest.c, config.h.in, configure,
4022 configure.in, include/missing.h, plugins/sudoers/sudoers.h,
4023 src/sudo.h, src/sudo_noexec.c:
4024 Add configure test for missing errno declaration and only declare it
4025 ourselves if it is missing.
4028 * plugins/sudoers/alias.c:
4029 Include errno.h before sudo.h to avoid conflicting with the system
4030 definition of errno.
4033 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
4035 * plugins/sudoers/regress/parser/check_addr.c:
4036 Only print individual check status when there is a failure.
4039 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
4040 plugins/sudoers/regress/logging/check_wrap.c,
4041 plugins/sudoers/regress/parser/check_addr.c:
4042 Add calls to setprogname() for test programs.
4045 * configure, configure.in:
4046 Add -Wall and -Werror after all tests so they don't cause failures.
4049 * plugins/sudoers/Makefile.in:
4050 Actually run check_addr in the check target
4053 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
4054 plugins/sudoers/match_addr.c,
4055 plugins/sudoers/regress/parser/check_addr.c,
4056 plugins/sudoers/regress/parser/check_addr.in:
4057 Split out address matching into its own file and add regression
4061 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
4063 * plugins/sudoers/match.c:
4064 When matching an address with a netmask in sudoers, AND the mask and
4065 addr before checking against the local addresses.
4068 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
4070 * plugins/sudoers/match.c:
4071 Fix netmask matching.
4074 * plugins/sudoers/visudo.c:
4075 Don't assume all editors support the +linenumber command line
4076 argument, use a whitelist of known good editors.
4079 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
4081 * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
4082 src/exec_pty.c, src/sudo.c:
4083 Silence compiler warnings on Solaris with gcc 3.4.3
4087 Fix building on RHEL 3
4090 * INSTALL, configure, configure.in:
4091 Add --enable-werror configure option.
4094 * common/setgroups.c:
4095 setgroups() proto lives in grp.h on RHEL4, perhaps others.
4098 * configure, configure.in:
4099 Use PAM by default on AIX 6 and higher.
4102 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
4104 * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
4105 src/po/eo.mo, src/po/eo.po:
4106 Add new Esperanto translation from translationproject.org
4109 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
4111 * plugins/sudoers/iolog_path.c:
4112 Quiet an innocuous valgrind warning.
4115 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
4117 * plugins/sudoers/iolog_path.c,
4118 plugins/sudoers/regress/iolog_path/data:
4119 Fix expansion of strftime() escapes in log_dir and add a regress
4120 test that exhibited the problem.
4123 * plugins/sudoers/Makefile.in:
4124 Fix "make check" return value.
4127 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
4129 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4134 Fix logic inversion in pot file up to date check.
4137 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
4139 * configure, configure.in:
4140 Add caching for gettext() checks.
4143 * configure, configure.in:
4144 Better handling of libintl header and library mismatch.
4147 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
4149 * plugins/sudoers/sudoers.c:
4150 Also check sudoers gid if sudoers is group writable.
4153 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
4155 * configure, configure.in:
4156 If dlopen is present but libtool doesn't find it, error out since it
4157 probably means that libtool doesn't support the system.
4161 configure args on the command line should override builtin defaults.
4162 Disable NLS for non-Linux/Solaris unless explicitly enabled.
4165 * plugins/sudoers/auth/aix_auth.c:
4166 Fix loop that calls authenticate(). If there was an error message
4167 from authenticate(), display it.
4170 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
4172 * m4/libtool.m4, m4/ltversion.m4:
4173 Update to autoconf 2.68 and libtool 2.4
4176 * config.guess, config.sub, configure, configure.in, ltmain.sh:
4177 Update to autoconf 2.68 and libtool 2.4
4181 Fix typo; OPT should be OTP
4184 * plugins/sudoers/Makefile.in:
4185 Rename libsudoers convenience library to libparsesudoers to avoid
4189 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
4191 * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
4192 Add Danish sudoers translation from translationproject.org
4195 * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
4196 Add dedicated callback function for runas_default sudoers setting
4197 that only sets runas_pw if no runas user or group was specified by
4201 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
4203 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
4204 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
4205 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
4207 Update Finish, Polish, Russian and Ukrainian translations from
4208 translationproject.org.
4211 * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
4212 plugins/sudoers/testsudoers.c:
4213 Go back to using a callback for runas_default to keep runas_pw in
4214 sync. This is needed to make per-entry runas_default settings work
4215 with LDAP-based sudoers. Instead of declaring it a callback in
4216 def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
4217 bit naughty, but avoids requiring stub functions in visudo and the
4221 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
4224 Add check for out of date message catalogs when doing "make dist".
4227 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
4234 Make sure compiler supports static-libgcc before using it.
4237 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
4240 Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
4243 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
4245 * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
4246 plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
4247 plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
4249 Add new Russian sudo translation from translationproject.org and
4250 rebuild the other translation files.
4253 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
4255 * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
4256 Update Finish and Polish translations from translationproject.org
4259 * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
4260 Go back to escaping the command args for "sudo -i" and "sudo -s"
4261 before calling the plugin. Otherwise, spaces in the command args
4262 are not treated properly. The sudoers plugin will unescape non-
4263 spaces to make matching easier.
4266 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
4268 * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
4269 plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
4270 plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
4271 plugins/sudoers/toke.l:
4272 Fix some potential problems found by the clang static analyzer, none
4276 * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
4278 Updated Ukranian and Chinese (simplified) po files from
4279 translationproject.org
4282 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
4284 * plugins/sudoers/po/pl.po:
4285 Updated Polish translation from translationproject.org
4288 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4292 * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
4293 Don't try to audit failure if the runas user does not exist. We
4294 don't have the user's command at this point so there is nothing to
4295 audit. Add a NULL check in audit_success() and audit_failure() just
4296 to be on the safe side.
4300 Add -g to CFLAG for PIE builds.
4303 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
4305 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
4306 plugins/sudoers/sudoers.h, src/sudo.c:
4307 Remove fallback to per-group lookup when matching groups in sudoers.
4308 The sudo front-end will now use getgrouplist() to get the user's
4309 list of groups if getgroups() fails or returns zero groups so we
4310 always have a list of the user's groups. For systems with
4311 mbr_check_membership() which support more that NGROUPS_MAX groups
4312 (Mac OS X), skip the call to getgroups() and use getgrouplist() so
4313 we get all the groups.
4316 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
4318 * common/setgroups.c:
4319 Fix setgroups() fallback code on EINVAL.
4322 * plugins/sudoers/set_perms.c:
4323 Fix two PERM_INITIAL cases that were still using user_gids.
4327 Add Polish sudo message catalog
4330 * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4331 user_group is no longer used, remove it
4334 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
4336 * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
4337 Add Polish translation from translationproject.org
4340 * MANIFEST, common/Makefile.in, common/setgroups.c,
4341 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
4342 src/sudo.h, src/sudo_edit.c:
4343 Add a wrapper for setgroups() that trims off extra groups and
4344 retries if setgroups() fails. Also add some missing addrefs for
4345 PERM_USER and PERM_FULL_USER.
4348 * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
4349 configure, configure.in, include/missing.h, mkdep.pl,
4350 plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
4351 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4352 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
4353 Instead of keeping separate groups and gids arrays, create struct
4354 group_info and use it to store both, along with a count for each.
4355 Cache group info on a per-user basis using getgrouplist() to get the
4356 groups. We no longer need special to special case the user or list
4357 user for user_in_group() and thus no longer need to reset the groups
4358 list when listing another user.
4362 Don't rely on NULL since we don't include a header for it.
4365 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
4371 2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
4373 * plugins/sudoers/sudoers.c:
4374 Do not shadow global sudo_mode with a local variable in set_cmnd()
4377 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
4379 * plugins/sudoers/sudoers.c:
4380 bash 2.x doesd not support the -l flag and exits with an error if it
4381 is specified so use --login instead. This causes an error with bash
4382 1.x (which uses -login instead) but this version is hopefully less
4386 * src/po/pl.mo, src/po/pl.po:
4387 Add Polish translation from translationproject.org
4390 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
4392 * plugins/sudoers/set_perms.c:
4393 Make error strings translatable.
4397 Only run configure with --with-pam-login for RHEL 5 and above.
4404 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
4406 * plugins/sudoers/logwrap.c:
4407 Add missing logwrap.c
4410 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
4411 plugins/sudoers/logging.h,
4412 plugins/sudoers/regress/logging/check_wrap.c,
4413 plugins/sudoers/regress/logging/check_wrap.in,
4414 plugins/sudoers/regress/logging/check_wrap.out.ok:
4415 Split out log file word wrap code into its own file and add unit
4416 tests. Fixes an off-by one in the word wrap when the log line
4417 length matches loglinelen.
4420 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
4423 For SuSE, only use /usr/lib64 as libexec if generating 64-bit
4427 * src/load_plugins.c, src/sudo.c:
4428 Fix build error when --without-noexec configure option is used.
4431 * configure, configure.in:
4432 Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
4436 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
4438 * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
4439 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4440 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4441 Resolve the list of gids passed in from the sudo frontend (the
4442 result of getgroups()) to names and store both the group names and
4443 ids in the sudo_user struct. When matching groups in the sudoers
4444 file, match based on the names in the groups list first and only do
4445 a gid-based match when we absolutely have to. By matching on the
4446 group name (as it is listed in sudoers) instead of id (which we
4447 would have to resolve) we save a lot of group lookups for sudoers
4448 files with a lot of groups in them.
4451 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
4453 * plugins/sudoers/sudoers.c:
4454 Workaround for "sudo -i command" and newer versions of bash which
4455 don't go into login mode when -c is specified unless -l is too.
4458 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
4460 * plugins/sudoers/logging.c:
4461 Rewrite logfile word wrapping code to be more straight-forward and
4462 actually wrap at the correct place.
4465 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
4467 * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
4468 Set use_pty=true in command details when use_pty is set in sudoers.
4472 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
4474 * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
4475 src/po/zh_CN.mo, src/po/zh_CN.po:
4476 Sync Chinese (simplified) PO files from translationproject.org
4479 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
4481 * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
4482 plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
4483 Add Danish translation from translationproject.org and add missing
4487 * Makefile.in, configure, configure.in:
4488 No longer need to specify LINGUAS in configure, "make install-nls"
4489 now just installs all the .mo files it finds.
4492 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
4494 * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
4495 Build CONTRIBUTORS from newly-added contributors.pod
4499 Rework the wording in the leading paragraph
4502 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
4504 * MANIFEST, doc/CONTRIBUTORS:
4505 Add a CONTRIBUTORS file with the names of folks who have contributed
4506 code or patches to sudo since I started maintaining it (plus the
4510 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
4512 * plugins/sudoers/env.c:
4513 Preserve SHELL variable for "sudo -s". Otherwise we can end up with
4514 a situation where the SHELL variable and the actual shell being run
4518 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
4520 * configure, configure.in:
4521 Only enable Solaris project support when setproject() is present in
4526 Explicitly set mode and owner of /etc/sudoers instead of relying on
4527 "cp -p" to work in the postinstall script. On AIX 6.1 at least the
4528 postinstall script runs before the final file permissions are set.
4531 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4533 * doc/sudo.pod, doc/sudoers.pod:
4534 Refer the user to the "Command Environment" section in description
4535 of sudo's -i option.
4542 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4545 If there is no old dependency for an object file, use the MANIFEST
4549 * compat/Makefile.in:
4550 Remove dependency for getgrouplist.lo as we don't ship that source
4554 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
4556 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4557 Do not declare yyparse() static as the actual function generated by
4561 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
4564 Remove locale files in "make uninstall"
4567 * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
4568 plugins/sudoers/po/uk.po, src/po/eu.po:
4569 Add Basque translation and sync Finish and Ukranian translations.
4572 * configure, configure.in:
4573 FreeBSD no longer needs the main sudo binary to link with -lpam now
4574 that plug-ins are loaded with RTLD_GLOBAL.
4577 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
4578 Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
4579 problems with pam modules not having access to symbols provided by
4580 libpam on some platforms. Affects FreeBSD and SLES 10 at least.
4584 Move xgettext invocation out of update-po target into update-pot
4587 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
4589 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4590 Regenerate .pot files for 1.8.2rc2
4593 * Makefile.in, common/Makefile.in, compat/Makefile.in,
4594 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4595 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4596 src/Makefile.in, zlib/Makefile.in:
4597 Move nls targets to the top level Makefile so the paths in the pot
4602 Add compiled version of sudo Finish translation
4605 * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
4606 Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
4610 * configure, configure.in, plugins/sudoers/po/fi.po:
4611 Add Finish translation from translationproject.org
4614 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
4617 The group named by exempt_group should not have a % prefix.
4620 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
4623 Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
4626 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
4628 * src/exec.c, src/exec_pty.c:
4629 Fix compressed io log corruption in background mode by using _exit()
4630 instead of exit() to avoid flushing buffers twice.
4632 Improved background mode support. When not allocating a pty, the
4633 command is run in its own process group. This prevents write access
4634 to the tty. When running in a pty, stdin is not hooked up and we
4635 never read from /dev/tty, which results in similar behavior.
4638 * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
4639 Clean up regress files Generate proper dependencies for regress objs
4643 * plugins/sudoers/Makefile.in:
4644 Add missing dependency for check_fill.o.
4647 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4649 * INSTALL, configure, configure.in:
4650 Add support for --enable-nls[=location]
4653 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
4655 * plugins/sudoers/linux_audit.c:
4659 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
4663 * configure, configure.in:
4664 Don't install .mo files if gettext was not found.
4667 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
4670 Always allocate a pty when running a command in the background but
4671 call setsid() after forking to make sure we don't end up with a
4675 * plugins/sudoers/iolog.c:
4676 Add missing space between command name and the first command line
4680 * plugins/sudoers/sudoreplay.c:
4681 Quiet a compiler warning on some platforms.
4684 * plugins/sudoers/po/README, src/po/README:
4685 README file that directs people to translationproject.org
4688 * plugins/sudoers/po/uk.po, src/po/fi.po:
4689 Sync translations with TP
4693 Add 'sync-po' target to top-level Makefile to rsync the po files
4694 from translationproject.org.
4697 * plugins/sudoers/Makefile.in:
4698 install nls files from install target
4701 * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
4702 Include .mo files in sudo binary packags.
4705 * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
4706 plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
4707 Add simplified chinese translation
4710 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
4712 * configure, configure.in, plugins/sudoers/po/uk.mo,
4713 plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
4714 Add ukranian translation
4717 * compat/Makefile.in:
4718 refer to siglist.c, not ./siglist.c since not all makes will treat
4719 foo and ./foo the same.
4722 * plugins/sudoers/sudoers.c:
4723 Set def_preserve_groups before searching for the command when the -P
4727 * Makefile.in, compat/Makefile.in, mkdep.pl,
4728 plugins/sudoers/Makefile.in:
4729 Add dependency for siglist.lo in compat. This is a generated file
4730 so "make depend" needs to depend on it.
4733 * compat/Makefile.in:
4734 More dependency fixes.
4737 * compat/Makefile.in:
4738 Fix a few dependencies.
4741 * plugins/sudoers/Makefile.in, src/Makefile.in:
4742 Place compiled mo files in the src dir, not the build dir. When
4743 installing compiled mo files, display a status message.
4746 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
4748 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4749 Tivoli Directory Server requires that seconds be present in a
4750 timestamp, even though RFC 4517 states that they are optional.
4753 * plugins/sudoers/sudo_nss.h:
4754 Add missing bit of copyright
4758 Mention cycle detection warnings
4761 * plugins/sudoers/visudo.c:
4762 When checking aliases, also check the contents of the alias in case
4763 there are problems with an alias that is referenced inside another.
4764 Replace the self reference check with real alias cycle detection.
4767 * plugins/sudoers/alias.c:
4768 Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
4769 ENOENT in alias_find() and alias_remove() if the entry could not be
4773 * plugins/sudoers/visudo.c:
4774 Increment alias_seqno before calls to alias_remove_recursive() to
4775 avoid false positives with the alias loop detection. Fixes spurious
4776 warnings about unused aliases when they are nested.
4783 * plugins/sudoers/Makefile.in:
4784 Add dependency on convenience libs to binaries
4788 mkdep.pl only works when run from the src dir
4791 * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
4792 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4793 plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
4794 Auto-generate Makefile dependencies with a perl script.
4797 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
4799 * plugins/sudoers/match.c:
4800 If the user specifies a runas group via sudo's -g option that
4801 matches the runas user's group in the passwd database and that group
4802 is not denied in the Runas_Spec, allow it. Thus, if user root's gid
4803 in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
4804 no groups are present in the Runas_Spec.
4807 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
4809 * plugins/sudoers/Makefile.in, src/Makefile.in:
4810 Add dependencies on gettext.h
4813 * plugins/sudoers/Makefile.in, src/Makefile.in:
4814 Fix install-nls target with HP-UX sh when gettext is not present.
4817 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
4819 * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
4820 src/Makefile.in, src/po/sudo.pot:
4821 regenerate .pot files for lbuf changes
4824 * configure, configure.in:
4825 Add missing "checking" message for gettext when using the cache.
4828 * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
4829 plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
4831 Add primitive format string support to the lbuf code to make
4832 translations simpler.
4835 * MANIFEST, plugins/sudoers/Makefile.in,
4836 plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
4837 Add message catalog template files for sudo and the sudoers module.
4840 * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
4841 config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
4842 plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
4843 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4844 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
4845 src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
4846 Add gettext.h convenience header. This is similar to but distinct
4847 from the one included with the gettext package.
4850 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
4852 * configure, configure.in:
4853 Add checks for nroff -c and -Tascii flags
4856 * configure, configure.in:
4857 Add check for HP bundled C Compiler (which cannot create shared
4861 * plugins/sudoers/sudoreplay.c:
4862 Fix C format warnings.
4869 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
4870 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
4871 plugins/sudoers/visudo.c, src/parse_args.c:
4872 Translate help / usage strings.
4875 * plugins/sudoers/Makefile.in, src/Makefile.in:
4876 Set --msgid-bugs-address to the bugzilla url
4879 * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
4880 configure.in, doc/Makefile.in, include/Makefile.in,
4881 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4882 plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
4883 Add scaffolding to update .po files and install .mo files.
4887 update copyright year
4891 No need to include version number at the top of these files.
4894 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
4896 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
4897 plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
4898 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
4899 plugins/sudoers/visudo.c:
4900 Minor warning/error cleanup
4903 * config.h.in, configure.in:
4904 Emulate ngettext for the non-nls case
4907 * plugins/sudoers/ldap.c:
4908 Do not mark untranslatable strings for translation
4911 * plugins/sudoers/check.c:
4915 * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
4916 plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
4917 src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
4918 Minor warning/error message cleanup
4921 * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
4922 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4923 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
4924 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
4925 src/exec_pty.c, src/net_ifs.c, src/selinux.c:
4926 cannot -> "unable to" in warning/error messages
4929 * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
4930 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4931 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
4932 src/sudo.c, src/utmp.c:
4933 can't -> "unable to" in warning/error messages
4936 * configure, configure.in:
4937 FreeBSD needs the main sudo executable to link with -lpam when
4938 loading dynaic pam modules for some reason.
4941 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
4943 * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
4944 We don't want to translate debugging messages.
4947 * configure, configure.in, plugins/sudoers/Makefile.in,
4948 plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
4949 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4950 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
4951 src/Makefile.in, src/sesh.c, src/sudo.c:
4952 Add calls to bindtextdomain() and textdomain() Currently there are
4953 two domains, one for the sudo front-end and one for the sudoers
4954 plugin and its associated utilities.
4957 * configure, configure.in:
4958 Fix caching of libc gettext check.
4961 * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
4962 plugins/sudoers/mkdefaults:
4963 Mark defaults descriptions for translation
4967 Update for sudo 1.8.1p2
4970 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
4972 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4973 Quiet compiler warning when SELinux is enabled.
4976 * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
4977 src/error.c, src/net_ifs.c, src/sesh.c:
4978 Add missing includes of libintl.h.
4981 * plugins/sudoers/auth/pam.c:
4985 * common/aix.c, common/alloc.c, compat/strsignal.c,
4986 plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
4987 Include libint.h where needed.
4990 * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
4991 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
4992 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
4993 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4994 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
4995 plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
4996 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
4997 plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
4998 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
4999 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
5000 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
5001 plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
5002 plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
5003 plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
5004 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
5005 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5006 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
5007 plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
5008 Prepare sudoers module messages for translation.
5011 * plugins/sudoers/sudoers.c:
5012 Only check gid of sudoers file if it is group-readable.
5015 * plugins/sudoers/auth/aix_auth.c:
5016 For AIX, keep calling authenticate() until reenter reaches 0.
5019 2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
5021 * configure, configure.in:
5022 Cache the status of the initial gettext() check.
5025 * INSTALL, configure, configure.in:
5026 Add --disable-nls flag and improve checks for gettext.
5029 * configure, configure.in:
5030 When building with gcc on HP-UX, use -march=1.1 to produce portable
5031 binaries on a pa-risc2 host. Previously, the +Dportable option was
5032 used for the HP-UX C compiler but gcc always produced native
5036 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
5038 * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
5039 src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
5040 src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
5041 src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
5042 Prepare sudo front end messages for translation.
5045 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
5047 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
5048 Add initial scaffolding to support localization via gettext()
5051 * compat/fnmatch.h, compat/glob.h:
5052 Don't let the fnmatch/glob macros expand the function prototype.
5055 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
5057 * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
5058 Resolve namespace collisions on HP-UX ia64 and possibly others by
5059 adding a rpl_ prefix to our fnmatch and glob replacements and
5060 #defining rpl_foo to foo in the header files.
5063 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
5065 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5066 Split ALL, ROLE and TYPE into their own actions. Since you can only
5067 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
5068 the non-SELinux case. This is safe because the actions are in one
5069 big switch() statement.
5072 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5073 Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
5076 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
5078 * doc/UPGRADE, doc/sudoers.pod:
5079 askpass moved from sudoers to sudo.conf in sudo 1.8.0
5083 Remove obsolete warning about runas_default and ordering. Move
5084 syslog facility and priority lists into the section where the
5085 relevant options are described.
5088 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
5090 * plugins/sudoers/auth/sia.c:
5091 Fix SIA support; we no longer have access to the real argc and argv
5092 so allocate space for a fake one and use the argv passed to the
5093 plugin with "sudo" for argv[0].
5096 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
5099 Remove useless realloc when trying to get the buffer size right.
5102 * plugins/sudoers/set_perms.c:
5103 Be explicit when setting euid to 0 before call to setreuid(0, 0)
5106 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
5108 * configure, configure.in:
5109 Need to do checks for krb5_verify_user, krb5_init_secure_context and
5110 krb5_get_init_creds_opt_alloc regardless of whether or not
5111 krb5-config is present.
5114 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
5116 * plugins/sudoers/set_perms.c:
5117 Work around weird AIX saved uid semantics on setuid() and
5118 setreuid(). On AIX, setuid() will only set the saved uid if the euid
5122 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
5125 update copyright year
5128 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5129 Treat a missing includedir like an empty one and do not return an
5133 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
5136 Fix ARCH setting in cross-compile Solaris packages.
5140 Fix aix version setting.
5143 * plugins/sudoers/ldap.c:
5144 Remove extraneous parens in LDAP filter when sudoers_search_filter
5145 is enabled that causes a search error. From Matthew Thomas.
5148 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
5150 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
5151 Correct sizeof() to fix test failure.
5154 * plugins/sudoers/Makefile.in:
5155 "install" target should depend on "install-dirs". Fixes "make -j"
5156 problem and closes bz #487. From Chris Coleman.
5159 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
5162 Add HAVE_RFC1938_SKEYCHALLENGE
5165 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
5168 Mention plugin loading and libgcc changes
5171 * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
5172 Load plugins after parsing arguments and potentially printing the
5173 version. That way, an error loading or initializing a plugin
5174 doesn't break "sudo -h" or "sudo -V".
5178 When using a sub-shell to invoke the sub-make, exec make instead of
5179 running it inside the shell to avoid an extra process.
5182 * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
5183 Stop testing unspecified behavior in fnmatch Make glob test more
5187 * compat/Makefile.in:
5188 No need to add current dir to include path and having it breaks the
5189 test programs that expect to get the system glob.h and fnmatch.h
5192 * INSTALL, configure, configure.in:
5193 Fix and document --with-plugindir; partially from Diego Elio Petteno
5196 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
5197 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
5198 compat/regress/glob/globtest.in:
5199 Fix fnmatch and glob tests to not use hard-coded flag values in the
5200 input file. Link test programs with libreplace so we get our
5201 replacement verions as needed.
5205 If make in a subdir fails, fail the target in the upper level
5206 Makefile too. Adapted from a patch from Diego Elio Petteno
5209 * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
5210 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
5211 has this. Adapted from a patch from Diego Elio Petteno
5214 * plugins/sudoers/Makefile.in:
5215 Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
5219 * configure, configure.in:
5220 Fix warnings when -without-skey, --without-opie, --without-kerb4,
5221 --without-kerb5 or --without-SecurID were specified.
5225 Add plugins/sudoers/sudoers_version.h
5228 * configure, configure.in, plugins/sample/Makefile.in,
5229 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
5230 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
5231 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
5232 of @LDFLAGS@ in plugin Makefile.in files.
5235 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
5238 Mention %#gid support in User_List and Runas_List
5241 * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
5242 plugins/sudoers/visudo.c:
5243 Keep track of sudoers grammar version and report it in the -V
5247 * plugins/sudoers/sudo_nss.h:
5248 Add multiple inclusion guard
5251 * configure, configure.in, plugins/sample/Makefile.in,
5252 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
5253 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
5254 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
5255 set it to -Wc,-static-libgcc if not using GNU ld so we don't
5256 have a dependency on the shared libgcc in sudoers.so.
5260 Fix typo; from Petr Uzel
5263 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
5265 * plugins/sudoers/testsudoers.c:
5266 In dump-only mode, use "root" as the default username instead of
5267 "nobody" as the latter may not be available on all systems.
5270 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
5272 * plugins/sudoers/testsudoers.c:
5273 Remove NewArgv/NewArgc, they are no longer needed.
5276 * plugins/sudoers/testsudoers.c:
5277 Fix setting of user_args
5280 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5281 Add '!' token to lex tracing
5284 * plugins/sudoers/regress/testsudoers/test1.sh:
5285 Use group bin in test, not wheel as most systems have the bin group
5286 but the same is no longer true of wheel.
5289 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5290 Avoid using pre or post increment in a parameter to a ctype(3)
5291 function as it might be a macro that causes the increment to happen
5295 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
5298 Strip off the beta or release candidate version when building AIX
5302 * configure, configure.in:
5303 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
5304 structure checks for glibc which only has __e_termination visible
5305 when _GNU_SOURCE is *not* defined.
5309 getuserattr(user, ...) will fall back to the "default" entry
5310 automatically, there's no need to check "default" manually.
5313 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
5316 Document parser changes.
5319 * Makefile.in, common/Makefile.in, compat/Makefile.in,
5320 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5321 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5322 src/Makefile.in, zlib/Makefile.in:
5323 If there is an existing sudoers file, only install if it passes a
5327 * plugins/sudoers/regress/sudoers/test6.out.ok,
5328 plugins/sudoers/testsudoers.c:
5329 Add runasgroup support to testsudoers
5332 * plugins/sudoers/Makefile.in:
5333 For "make check", keep going even if a test fails.
5336 * plugins/sudoers/testsudoers.c:
5337 More useful exit codes:
5338 * 0 - parsed OK and command matched.
5340 * 2 - command not matched
5341 * 3 - command denied
5345 Document %#gid, and %:#nonunix_gid syntax.
5348 * plugins/sudoers/pwutil.c:
5349 Add support to user_in_group() for treating group names that begin
5353 * config.h.in, configure, configure.in, src/utmp.c:
5354 Add explicit check for struct utmpx.ut_exit.e_termination and struct
5355 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
5356 ut_exit if we detect one or the other.
5359 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
5361 * plugins/sudoers/toke.c:
5362 Add back missing #include of config.h
5365 * plugins/sudoers/iolog_path.c,
5366 plugins/sudoers/regress/iolog_path/data:
5367 Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
5372 Quote first argument to AC_DEFUN(); from Elan Ruusamae
5375 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
5378 add new sudoers tests
5381 * plugins/sudoers/regress/sudoers/test8.in,
5382 plugins/sudoers/regress/sudoers/test8.out.ok,
5383 plugins/sudoers/regress/sudoers/test8.toke.ok:
5384 Add test for a newline in the middle of a string when no line
5385 continuation character is used.
5388 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5389 Use bitwise AND instead of modulus to check for length being odd. A
5390 newline in the middle of a string is an error unless a line
5391 continuation character is used.
5394 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5395 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5396 Move lexer globals initialization into init_lexer.
5399 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5400 Fix a potential crash when a non-regular file is present in an
5401 includedir. Fixes bz #452
5405 On some Linux systems, "uname -p" contains detailed processor info
5406 so check "uname -m" first and then "uname -p" if needed. Recognize
5410 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
5412 * plugins/sudoers/redblack.c:
5413 Don't need all sudoers.h here.
5417 Print sudo version early, in case policy plugin init fails.
5420 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
5422 * plugins/sudoers/regress/sudoers/test4.toke.ok:
5423 Update to match change in input.
5426 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5427 Make an empty group or netgroup a syntax error.
5430 * plugins/sudoers/regress/sudoers/test7.in,
5431 plugins/sudoers/regress/sudoers/test7.out.ok,
5432 plugins/sudoers/regress/sudoers/test7.toke.ok:
5433 An empty group or netgroup should be a syntax error.
5436 * plugins/sudoers/regress/sudoers/test6.in,
5437 plugins/sudoers/regress/sudoers/test6.out.ok,
5438 plugins/sudoers/regress/sudoers/test6.toke.ok:
5439 Check that uids work in per-user and per-runas Defaults Check that
5440 uids and gids work in a Command_Spec
5443 * plugins/sudoers/regress/sudoers/test5.in,
5444 plugins/sudoers/regress/sudoers/test5.out.ok,
5445 plugins/sudoers/regress/sudoers/test5.toke.ok:
5446 Test empty string in User_Alias and Command_Spec
5449 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5450 Allow a group ID in the User_Spec.
5453 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
5455 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5456 Return an error for the empty string when a word is expected. Allow
5457 an ID for per-user or per-runas Defaults.
5460 * plugins/sudoers/testsudoers.c:
5461 Fix printing "User_Alias FOO = ALL"
5464 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
5467 Better error message about invalid -C argument
5475 Fix placement of equal size ('=') in user specification summary.
5478 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
5481 update to match sudoers regress
5484 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5485 Restore ability to define TRACELEXER and have trace output go to
5489 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5490 Restore old behavior of setting sawspace = TRUE for command line
5491 args when a line continuation character is hit to avoid causing
5492 problems for existing sudoers files.
5495 * plugins/sudoers/regress/sudoers/test4.in,
5496 plugins/sudoers/regress/sudoers/test4.out.ok,
5497 plugins/sudoers/regress/sudoers/test4.toke.ok:
5498 Add test for line continuation and aliases
5501 * plugins/sudoers/Makefile.in:
5502 Make test output line up nicely for parse vs. toke
5505 * plugins/sudoers/Makefile.in,
5506 plugins/sudoers/regress/sudoers/test1.in,
5507 plugins/sudoers/regress/sudoers/test1.out.ok,
5508 plugins/sudoers/regress/sudoers/test1.toke.ok,
5509 plugins/sudoers/regress/sudoers/test2.in,
5510 plugins/sudoers/regress/sudoers/test2.out.ok,
5511 plugins/sudoers/regress/sudoers/test2.toke.ok,
5512 plugins/sudoers/regress/sudoers/test3.in,
5513 plugins/sudoers/regress/sudoers/test3.out.ok,
5514 plugins/sudoers/regress/sudoers/test3.toke.ok,
5515 plugins/sudoers/regress/testsudoers/test1.ok,
5516 plugins/sudoers/regress/testsudoers/test1.out.ok,
5517 plugins/sudoers/regress/testsudoers/test1.sh,
5518 plugins/sudoers/regress/testsudoers/test2.out,
5519 plugins/sudoers/regress/testsudoers/test2.sh,
5520 plugins/sudoers/regress/testsudoers/test3.ok,
5521 plugins/sudoers/regress/testsudoers/test3.sh,
5522 plugins/sudoers/regress/visudo/test1.ok,
5523 plugins/sudoers/regress/visudo/test1.sh:
5524 Move parser tests to sudoers directory and test the tokenizer output
5528 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5529 If we match a rule anchored to the beginning of a line after parsing
5530 a line continuation character, return an ERROR token. It would be
5531 nicer to use REJECT instead but that substantially slows down the
5535 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5536 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5537 plugins/sudoers/toke.l:
5538 Move LEXTRACE macro to toke.h so we can use it in yyerror().
5541 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
5543 * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
5544 plugins/sudoers/toke.l:
5545 Make lex tracing settable at run-time in testsudoers via the -t
5546 flag. Trace output goes to stderr. Will be used by regress tests
5550 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5551 Allow whitespace after the modifier in a Defaults entry. E.g.
5552 "Defaults: username set_home"
5555 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
5558 Don't set CC when cross-compiling.
5562 Credit Matthew Thomas for the sudoers_search_filter changes.
5566 Add the .sym files to the MANIFEST
5570 Update for sudo 1.8.1 beta
5573 * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
5574 user_shell -> run_shell to avoid confusion with the user's SHELL
5579 Save the controlling tty process group before suspending in pty
5580 mode. Previously, we assumed that the child pgrp == child pid
5581 (which is usually, but not always, the case).
5584 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5585 Add support for sudoers_search_filter setting in ldap.conf. This
5586 can be used to restrict the set of records returned by the LDAP
5590 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
5592 * configure, configure.in:
5593 Remove the hack to disable -g in CFLAGS unless --with-devel
5597 The '@' character does not normally need to be quoted.
5600 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5601 We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
5602 if that whitespace is followed by a comma, we want to treat it as
5603 part of a list and not transition.
5606 * plugins/sudoers/regress/testsudoers/test3.ok,
5607 plugins/sudoers/regress/testsudoers/test3.sh:
5608 Add check for whitespace when a User_List is used for a per-user
5612 * plugins/sudoers/regress/testsudoers/test2.out,
5613 plugins/sudoers/regress/testsudoers/test2.sh:
5614 Expand quoted name checks to cover recent fixes.
5617 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5618 Fix parsing of double-quoted names in Defaultd and Aliases which was
5619 broken in 601d97ea8792.
5622 * plugins/sudoers/Makefile.in:
5623 toke_util.c lives in $(srcdir) not $(devdir)
5626 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
5628 * configure, configure.in:
5629 Change trunk version to 1.8.x to distinguish from real 1.8.0.
5632 * NEWS, doc/UPGRADE:
5633 Document major changes in 1.8.1 and add upgrade notes.
5636 * plugins/sudoers/match.c:
5637 Be careful not to deref user_stat if it is NULL. This cannot
5638 currently happen in sudo but might in other programs using the
5643 configure will not add -O2 to CFLAGS if it is already defined to add
5644 -O2 to the CFLAGS we pass in when PIE is being used.
5648 Warn about the dangers of log_input and mention iolog_file and
5649 iolog_dir in the log_input and log_output descriptions.
5653 sync with git version
5657 It seems that h comes after i
5661 Move log_input and log_output to their proper, sorted, location.
5662 Document set_utmp and utmp_runas.
5666 Save the controlling tty process group before suspending so we can
5667 restore it when we resume. Fixes job control problems on Linux
5668 caused by the previous attemp to fix resuming a shell when I/O
5669 logging not enabled.
5673 Fix printing of the remainder after a newline. Fixes "sudo -l"
5674 output corruption that could occur in some cases.
5677 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
5679 * config.h.in, configure, configure.in, src/exec_pty.c,
5680 src/sudo_exec.h, src/utmp.c:
5681 Add support for ut_exit
5684 * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
5685 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5686 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
5687 src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
5688 Add support for controlling whether utmp is updated and which user
5689 is listed in the entry.
5692 * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
5693 plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
5694 plugins/sudoers/parse.c:
5695 Fix typo; tupple vs. tuple
5699 For legacy utmp, strip the /dev/ prefix before trying to determine
5700 slot since the ttys file does not include the /dev/ prefix.
5703 * aclocal.m4, configure, configure.in, pathnames.h.in:
5704 Add check for _PATH_UTMP
5707 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
5709 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
5710 Adapt check_iolog_path to sessid changes
5713 * config.h.in, configure, configure.in, src/Makefile.in,
5714 src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
5715 Redo utmp handling. If no getutent()/getutxent() is available,
5716 assume a ttyslot-based utmp. If getttyent() is available, use that
5717 directly instead of ttyslot() so we don't have to do the stdin dup2
5721 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
5723 * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
5725 Move utmp handling into utmp.c
5728 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
5729 common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
5730 compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
5731 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
5732 compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
5733 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5734 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
5735 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
5736 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
5737 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
5738 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
5739 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
5740 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
5741 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
5742 plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
5743 plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
5744 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
5745 plugins/sudoers/logging.c, plugins/sudoers/parse.c,
5746 plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
5747 plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
5748 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
5749 src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
5750 src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
5751 src/sudo_plugin_int.h, src/tgetpass.c:
5752 Update copyright years.
5755 * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
5756 plugins/sudoers/sudoers.h, src/parse_args.c:
5757 Add "user_shell" boolean as a way to indicate to the plugin that the
5761 * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
5762 plugins/sudoers/sudoers.h:
5763 Move sessid out of sudo_user.
5766 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
5767 plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
5768 plugins/sudoers/sudoers.h:
5769 Log the TSID even if it is not a simple session ID.
5772 * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
5773 Document noexec in sample.sudo.conf and add back noexec_file section
5774 in sudoers with a note that it is deprecated.
5777 * plugins/sudoers/set_perms.c:
5778 Fix running commands as non-root on systems where setreuid() changes
5779 the saved uid based on the effective uid we are changing to.
5782 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
5784 * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
5786 Move noexec path into sudo.conf now that sudo itself handles noexec.
5787 Currently can be configured in sudoers too but is now undocumented
5788 and will be removed in a future release.
5791 * doc/sudo.pod, doc/sudoers.pod:
5792 Document "Path noexec ..." in sudo.conf. No longer document
5793 noexec_file in sudoers, it will be removed in a future release.
5796 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
5797 plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
5798 Move noexec handling to sudo front-end where it is documented as
5802 * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
5803 src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
5805 Add support for disabling exec via solaris privileges. Includes
5806 preparation for moving noexec support out of sudoers and into front
5810 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
5811 plugins/sample_group/Makefile.in,
5812 plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
5813 plugins/sudoers/sudoers.sym:
5814 Only export the symbols corresponding to the plugin structs.
5817 * configure, configure.in, plugins/sample/Makefile.in,
5818 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
5819 Install plugins manually instead of using libtool. This works
5820 around a problem on AIX where libtool will install a .a file
5821 containing the .so file instead of the .so file itself.
5825 Move check into its own rule since some versions of make will run
5826 both targets as the default rule.
5829 * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
5830 m4/ltversion.m4, m4/lt~obsolete.m4:
5831 Update to libtool 2.2.10
5834 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
5837 In handle_signals(), restart the read() on EINTR to make sure we
5838 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
5839 means we have emptied the pipe.
5843 Reorder functions to quiet a compiler warning.
5847 Use the Sun Studio C compiler on Solaris if possible
5850 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
5853 Fix default setting of osversion variable.
5856 * doc/sudo_plugin.pod:
5857 Make two login_class entris consistent.
5860 * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
5862 Add support for adding a utmp entry when allocating a new pty.
5863 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
5864 Currently only creates a new entry if the existing tty has a utmp
5868 * plugins/sudoers/boottime.c:
5869 Avoid pulling in headers we don't need on Linux For getutx?id(),
5870 call setutx?ent() first and always call endutx?ent().
5873 * configure, configure.in:
5874 Add some more libs to SUDOERS_LIBS instead of relying on them to be
5875 pulled in by SUDO_LIBS.
5878 * plugins/sudoers/sudoers.c:
5879 Fix return value of "sudo -l command" when command is not allowed,
5880 broken in [c7097ea22111]. The default return value is now TRUE and
5881 a bad: label is used when permission is denied. Also fixed missing
5882 permissions restoration on certain errors. On error()/errorx(), the
5883 password and group files are now closed before returning.
5886 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
5888 * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
5889 Fix passing of login class back to sudo front end.
5893 Add --osversion flag to specify OS instead of running "pp
5898 Fix expr usage w/ GNU expr
5901 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
5903 * plugins/sudoers/sudoers.c:
5904 Fix exit value for validate and list mode.
5907 * plugins/sudoers/sudoers.c:
5908 Fix non-interactive mode with sudoers plugin.
5911 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
5913 * doc/sudoreplay.pod:
5914 sudoreplay can now find IDs other than %{seq} and display the
5918 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
5920 * plugins/sudoers/sudoreplay.c:
5921 Add support for replaying sessions when iolog_file is set to
5922 something other than %{seq}.
5925 * plugins/sudoers/visudo.c:
5926 If we are killed by a signal, display the name of the signal that
5930 * configure, configure.in:
5931 Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
5936 Fix bug in skey/opie check that could cause a shell warning.
5939 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5940 No longer need sudo_getepw() stubs.
5943 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
5945 * plugins/sudoers/sudo_nss.c:
5946 Fix exit value of "sudo -l command" in sudoers module.
5949 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
5951 * compat/regress/glob/globtest.c:
5952 Use fgets() not fgetln() for portability.
5956 Don't use the beta or release candidate version as the rpm release.
5959 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
5961 * configure, configure.in:
5963 [f6530d56f6ae] [SUDO_1_8_0]
5966 update sudo 1.8 section
5969 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
5971 * plugins/sudoers/regress/testsudoers/test2.sh:
5972 fix test description
5975 * plugins/sudoers/regress/testsudoers/test2.out,
5976 plugins/sudoers/regress/testsudoers/test2.sh,
5977 plugins/sudoers/regress/visudo/test2.out,
5978 plugins/sudoers/regress/visudo/test2.sh:
5979 convert test2 to use testsudoers
5982 * include/sudo_plugin.h, src/sudo_plugin_int.h:
5983 Move struct generic_plugin to sudo_plugin_int.h
5986 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5987 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
5988 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5989 plugins/sudoers/sudoers.h:
5990 Allow sudoers file name, mode, uid and gid to be specified in the
5991 settings list. The sudo front end does not currently set these but
5995 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
5997 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
5998 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
5999 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
6000 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
6005 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
6006 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
6007 src/parse_args.c, src/sudo.h:
6008 add help text to sudo, visudo and sudoreplay for the -h option
6011 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
6013 * compat/snprintf.c:
6014 avoid using "howmany" for a parameter name since it is a select-
6019 mention group_plugin when describing nonunix_group
6022 * doc/sudo_plugin.pod:
6023 Add missing period at end of sentence
6026 * Makefile.in, doc/Makefile.in, include/Makefile.in,
6027 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
6028 plugins/sudoers/Makefile.in, src/Makefile.in:
6029 add localstatedir; closes bug 471
6032 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
6033 src/exec.c, src/exec_pty.c:
6034 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
6039 add missing AH_TEMPLATE for ENV_RESET
6043 SVR5 systems return non-zero for success on socketpair(), check for
6044 -1 instead. Closes Bug 469
6047 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
6049 * configure, configure.in:
6053 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
6054 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
6055 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
6056 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
6061 Document that a sudo.conf file with no Pligin lines uses the default
6065 * src/load_plugins.c:
6066 If sudo.conf contains no Plugin lines, use the default sudoers
6067 policy and I/O plugins.
6070 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
6072 * plugins/sudoers/sudo_nss.c:
6073 Avoid printing empty "Runas and Command-specific defaults for user"
6078 Truncate the buffer at buf.len before printing in the non-wordwrap
6083 Remove extra newline when the tty width is very small or unavailable
6086 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
6088 * plugins/sudoers/alias.c:
6089 Remove unneeded variable.
6092 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
6094 * configure, configure.in:
6095 Prefer getutxid over getutid
6098 * plugins/sudoers/boottime.c:
6099 Include utmp.h / utmpx.h before missing.h as apparently including it
6100 afterwards causes a compilation problem on GNU Hurd.
6103 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
6105 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
6106 #include "foo.h", not <foo.h> for local includes.
6113 * compat/mksiglist.c:
6117 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
6118 plugins/sudoers/match.c:
6119 return foo not return(foo)
6122 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
6125 Remove duplicate FD_SET of signal_pipe[0]
6128 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
6130 * compat/mksiglist.c:
6131 Use "missing.h" not <missing.h> in generated code.
6134 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
6136 * aclocal.m4, configure:
6137 fix --with-iologdir=no
6140 * aclocal.m4, configure:
6141 fix typo that broke --with-iologdir
6144 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
6146 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
6147 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
6148 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
6149 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
6151 Bump version to 1.8.0b4
6158 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6159 Attempt to clarify how users and groups interact in Runas_Specs
6162 * plugins/sudoers/regress/visudo/test2.out,
6163 plugins/sudoers/regress/visudo/test2.sh:
6164 Add test for quoted group that contains escaped double quotes
6167 * src/exec.c, src/exec_pty.c:
6168 Pass SIGUSR1/SIGUSR2 through to the child.
6171 * src/exec_pty.c, src/sudo_exec.h:
6172 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
6173 SIGUSR2 to indicate whether the child should be continued in the
6174 foreground or background.
6178 Use pid_t not int and check the return value of kill()
6181 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
6184 Remove obsolete comment
6188 In non-pty mode before continuing the child, make it the foreground
6189 pgrp if possible. Fixes resuming a shell.
6193 If we get a signal other than SIGCHLD in the monitor, pass it
6194 directly to the child.
6197 * src/exec.c, src/exec_pty.c, src/sudo.h:
6198 Save signal state before changing handlers and restore before we
6199 execute the command.
6202 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
6204 * plugins/sudoers/iolog.c:
6205 Use a char array to map a number to a base36 digit.
6208 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
6209 Be clear about what versions of sudo support new LDAP attributes.
6210 Fix up some formatting of attribute names. Minor other tweaks.
6213 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
6215 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6216 match quoted strings the same way whether in a Defaults line or as a
6217 user/group/netgroup name. Fixes escaped double quotes in quoted
6218 user/group/netgroup names.
6221 * plugins/sudoers/Makefile.in:
6222 'make check' depends on visudo and testsudoers
6225 * plugins/sudoers/sudoers2ldif:
6226 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
6229 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
6232 Mention LDAP attribute compatibility status.
6235 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
6241 * INSTALL, NEWS, config.h.in, configure, configure.in,
6242 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
6243 Add --disable-env-reset configure option.
6246 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6247 Document that sudoers_locale also affects logging and email.
6250 * NEWS, config.h.in, configure, configure.in,
6251 plugins/sudoers/logging.c:
6252 Do logging and email sending in the locale specified by the
6253 "sudoers_locale" setting ("C" by default). Email send by sudo
6254 includes MIME headers when the sudoers locale is not "C".
6257 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
6259 * plugins/sudoers/check.c:
6263 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
6265 * NEWS, src/parse_args.c, src/sudo.c:
6266 Perform command escaping for "sudo -s" and "sudo -i" after
6267 validating sudoers so the sudoers entries don't need to have all the
6271 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
6273 * plugins/sudoers/logging.c:
6274 Prepend "list " to the command logged when "sudo -l command" is used
6275 to make it clear that the command was listed, not run.
6278 * plugins/sudoers/parse.c:
6282 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
6283 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
6284 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
6285 compat/nanosleep.c, compat/regress/glob/globtest.c,
6286 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
6287 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
6288 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
6289 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
6290 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
6291 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
6292 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
6293 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
6294 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
6295 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
6296 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
6297 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6298 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
6299 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6300 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
6301 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
6302 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6303 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
6304 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
6305 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6306 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
6307 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
6308 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
6309 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
6310 src/sudo_noexec.c, src/tgetpass.c:
6311 standardize on "return foo;" rather than "return(foo);" or "return
6315 * plugins/sudoers/sudoers.c:
6316 Do not reject sudoers file just because it is root-writable.
6319 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
6325 * plugins/sudoers/sudo_nss.c:
6326 For "sudo -U user -l" if user is not authorized on the host, say so.
6329 * plugins/sudoers/ldap.c:
6330 In sudo_ldap_lookup(), always do the initial sudoers check as the
6331 invoking user. If we are listing another user's privs we will do a
6332 separate lookup using list_pw later.
6335 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
6338 add parser fill tests
6341 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
6342 Don't test features not supported by the bundled glob()
6345 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
6346 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
6347 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6348 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
6349 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
6350 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6351 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6352 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6353 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
6354 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
6355 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
6356 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6357 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6358 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6359 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
6360 Update copyright year to 2011
6363 * plugins/sudoers/sudo_nss.c:
6364 When listing, use separate lbufs for the defaults and the privileges
6365 and only print something if the number of privileges is non-zero.
6366 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
6369 * plugins/sudoers/ldap.c:
6370 Stash pointer to user group vector in LDAP handle and only reuse the
6371 query if it has not changed. We always allocate a new buffer when
6372 we reset the group vector so a simple pointer check is sufficient.
6375 * plugins/sudoers/sudo_nss.c:
6376 Check initgroups() return value.
6379 * plugins/sudoers/Makefile.in,
6380 plugins/sudoers/regress/parser/check_fill.c:
6381 Add tests for the fill functions in toke_util.c
6384 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
6386 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
6394 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
6397 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
6400 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
6403 Add Requires line for audit-libs >= 1.4 for RHEL5+
6407 sync with git version
6410 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
6412 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6416 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
6419 Update for sudo 1.7.4p5
6422 * doc/schema.OpenLDAP, doc/schema.iPlanet:
6423 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
6424 to the sudoRole object class. From Andreas Mueller
6427 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
6430 Mention "sudo -g group" password check fix.
6433 * plugins/sudoers/sudoers.c:
6434 Fix "sudo -g" support in the sudoers module.
6437 * plugins/sudoers/check.c:
6438 If the user is running sudo as himself but as a different group we
6439 need to prompt for a password.
6442 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
6444 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
6445 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6446 plugins/sudoers/ldap.c:
6447 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
6448 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
6449 derived LDAP SDKs but we can pass the timeout parameter to
6450 ldap_search_ext_s() or ldap_search_st() when possible.
6453 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
6457 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
6458 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
6459 with OpenLDAP ldap.conf files.
6462 * plugins/sudoers/pwutil.c:
6463 If user has no supplementary groups, fall back on checking the group
6467 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
6469 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
6473 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
6474 plugins/sudoers/toke.l:
6475 Move fill macro to toke.h
6478 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
6479 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
6480 plugins/sudoers/toke_util.c:
6481 Split tokenizer utility functions out into toke_util.c
6484 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6485 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6489 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
6495 * plugins/sudoers/Makefile.in:
6496 Add visudo tests to check target
6499 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
6500 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
6501 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
6502 Add my regress tests for fnmatch() and glob() from OpenBSD.
6505 * plugins/sudoers/regress/testsudoers/test1.sh,
6506 plugins/sudoers/regress/visudo/test1.ok,
6507 plugins/sudoers/regress/visudo/test1.sh:
6508 Add regress test for command tags using visudo -c
6511 * plugins/sudoers/Makefile.in,
6512 plugins/sudoers/regress/testsudoers/test1.ok,
6513 plugins/sudoers/regress/testsudoers/test1.sh:
6514 Add support for regress tests using testsudoers
6517 * plugins/sudoers/testsudoers.c:
6518 Need to set user_name explicitly due to internal changes made when
6519 converting sudoers to a plugin.
6522 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
6524 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
6525 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6526 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6527 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
6528 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
6530 Add regression tests for iolog_path()
6533 * Makefile.in, common/Makefile.in, compat/Makefile.in,
6534 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6535 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6536 src/Makefile.in, zlib/Makefile.in:
6537 Add support for "make Makefile" to regenerate Makefile from
6541 * plugins/sudoers/iolog_path.c:
6542 Quiest a bogus compiler warning.
6545 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
6547 * plugins/sudoers/iolog_path.c:
6548 Protect call to setlocale() with HAVE_SETLOCALE
6551 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
6554 mkstemps.c was renamed mktemp.c
6558 Update from 1.7 branch
6562 Use "mv -f" when regenerating ChangeLog
6565 * plugins/sudoers/match.c:
6566 Fix NULL dereference with "sudo -g group" when the sudoers rule has
6567 no runas user or group listed. Fixes RedHat bug Bug 667103.
6570 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
6572 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6573 Correct the default sudo.conf example
6576 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
6578 * plugins/sudoers/iolog_path.c:
6579 Reset slashp if we allocate a new buffer for strftime()
6582 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
6583 plugins/sudoers/sudoers.h:
6584 Add extra out parameter to expand_iolog_path() to allow the caller
6585 to split the path into dir and file components if needed.
6588 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
6590 * plugins/sudoers/iolog.c:
6591 mkdir_iopath() returns size_t now that it uses strlcpy() and not
6595 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
6596 Trim leading slashes from iolog_file and trailing slashes from
6600 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6601 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
6602 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6603 Pass a single I/O log file name in command_details instead of
6604 separate dir + file parameters.
6607 * plugins/sudoers/sudoreplay.c:
6608 change an error() to errorx()
6611 * plugins/sudoers/iolog.c:
6612 Add missing cwd line to I/O log info file that got dropped when
6613 iolog_deserialize_info() was added
6616 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
6618 * plugins/sudoers/iolog.c:
6619 Avoid relying on globals filled in by the sudoers policy module for
6620 the sudoers I/O log module. The I/O log open function now pulls the
6621 bits it needs out of user_info and command_info.
6624 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
6625 plugins/sudoers/sudoers.h:
6626 If no iolog file is specified by the policy plugin, use io_nextid()
6627 to determine the next file in the sequence.
6630 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
6632 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6633 Document iolog_compress in command_info
6636 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
6637 Add support for the iolog_compress variable in command_info.
6640 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
6641 Add sigsetjmp() calls to all plugin entry points just to be safe.
6644 * src/sudo.c, src/sudo.h:
6645 Don't need iolog variables in struct command_details, they are for
6646 the I/O log plugins to handle.
6649 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
6651 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6652 Document use of mkdtemp() for iolog path teplates
6655 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
6656 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
6657 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
6658 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
6662 * doc/sudo_plugin.pod, doc/sudoers.pod:
6663 Document iolog_file and supported escape sequences for sudoers.
6664 Clarify that iolog_file can contain directories.
6667 * compat/Makefile.in, configure, configure.in:
6668 Fix building of mkstemps/mkdtemp replacements.
6671 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
6672 configure.in, include/missing.h:
6673 Provide mkdtemp() for systems without it.
6676 * plugins/sudoers/iolog_path.c:
6680 * plugins/sudoers/iolog.c:
6681 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
6682 glibc mkdtemp() returns EINVAL.
6685 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
6686 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
6687 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
6688 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
6689 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6690 Allow sudoers to specify the iolog file in addition to the iolog
6691 dir. Add escape sequence support to iolog file and dir: sequence
6692 number, user, group, runas_user, runas_group, hostname and
6693 command in addition to any escape sequence recognized by
6697 * plugins/sudoers/iolog.c:
6698 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
6699 crash when the I/O plugin calls error(), errorx() or log_error().
6702 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
6704 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
6705 plugins/sudoers/sudoers.c:
6706 Give the policy module fine-grained control over what the I/O plugin
6711 Clear OPOST from c_oflag like we used to. Fixes screen-based
6716 Clarify umask option description. From Reuben Thomas.
6719 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
6721 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
6722 Pick last match in LDAP sudoers too
6725 * doc/sudo_plugin.pod:
6726 Document iolog_file, iolog_dir and use_pty
6729 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
6730 plugins/sudoers/sudoers.c:
6731 Adapt plugins to version I/O logging ABI 1.1
6734 * src/exec.c, src/sudo.h:
6735 Add use_pty command_info flag for policies to indicate that a pty
6736 should be allocated even if no I/O logging is performed.
6740 Add remaining plugin convenience functions
6743 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
6744 src/sudo_plugin_int.h:
6745 Change I/O log API to pass in command info to the I/O log open
6746 function. Add iolog_file and iolog_dir parameters to command info.
6747 This allows the policy plugin to specify the I/O log pathname. Add
6748 convenience functions for calling plugin functions that handle ABI
6749 backwards compatibility.
6756 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
6758 * configure, configure.in:
6759 Bump version to 1.8.0b3
6762 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
6765 Remove extraneous newline
6768 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
6770 * doc/sudoers.pod, plugins/sudoers/def_data.c,
6771 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
6772 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
6773 Make I/O log dir configurable.
6776 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
6777 Rename io_logdir to iolog_dir
6780 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
6783 Add missing '*' that prevented the generic ELF case from matching.
6787 If file(1) can't identify the ELF binary type, try readelf(1).
6790 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
6792 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
6793 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
6794 plugins/sudoers/sudoers.c, src/sudo.c:
6795 Use %u to print uid/gid, not %lu and adjust casts to match.
6798 * doc/sudoers.ldap.pod:
6799 Clarify ordering of entries and attributes.
6802 * doc/sudoers.ldap.pod:
6803 Fix typo and editing goof.
6806 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
6807 doc/sudoers.ldap.pod:
6808 Merge in ordered LDAP entry support from Andreas Mueller.
6811 * plugins/sudoers/ldap.c:
6812 Make sure we don't dereference a NULL handle.
6815 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
6818 Add support for RHEL 6 file modes that include a trailing dot on
6819 files with an SELinux security context
6822 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
6825 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
6829 * plugins/sudoers/sudoers.c:
6830 create_admin_success_flag() should use restore_perms() rather than
6831 set_perms() to restore the uid.
6835 In exec_setup() call setuid(0) to make certain the subsequent uid
6836 and gid changes will succeed. Fixes a problem on Ubuntu.
6840 Error out if we cannot change to root's uid so we catch the failure
6844 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
6847 fix typo; from Michael T Hunter
6850 * plugins/sudoers/match.c:
6851 In sudoedit mode, assume command line arguments are paths and pass
6852 FNM_PATHNAME to fnmatch().
6855 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
6857 * configure, configure.in:
6858 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
6859 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
6860 broken bits of the header file.
6864 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
6868 For Tru64, strip off beta version.
6871 * MANIFEST, plugins/sudoers/testsudoers.c,
6872 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
6873 Avoid conflicts with system definitions in grp.h and pwd.h
6877 Include stdio.h after zlib.h, not before. We need the large file
6878 defines to come first.
6881 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
6883 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
6888 Don't clean ChangeLog
6891 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
6892 Add prototype for cleanup()
6895 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
6897 * plugins/sudoers/group_plugin.c:
6898 Avoid deferencing group_plugin if it is NULL in
6899 group_plugin_query(). This should not happen.
6902 * plugins/sudoers/group_plugin.c:
6903 group plugin init function return TRUE when successful
6906 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
6908 * plugins/sudoers/ldap.c:
6909 Enlarge the array of entry wrappers int blocks of 100 entries to
6910 save on allocation time. From Andreas Mueller
6913 * plugins/sudoers/ldap.c:
6914 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
6915 that was mistakenly dropped.
6918 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
6920 * doc/TROUBLESHOOTING:
6921 Mention that sudo needs "ar" to build.
6924 * configure, configure.in:
6925 Fail with a more useful error if "ar" is not found.
6928 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
6930 * plugins/sudoers/ldap.c:
6931 Merge in ordered LDAP entry support from Andreas Mueller and add
6932 local changes from the 1.7 branch.
6935 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
6937 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
6938 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
6939 Add timed entry support from Andreas Mueller.
6942 * plugins/sudoers/group_plugin.c:
6943 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
6944 group_handle is NULL
6947 * plugins/sudoers/sudoers.h:
6948 It is now plugin_cleanup(), not cleanup()
6951 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
6952 Call plugin_cleanup(), not cleanup()
6955 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
6957 * plugins/sudoers/ldap.c:
6958 Use efree() not free() and remove malloc.h include since we never
6959 directly call malloc() or free().
6962 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
6965 set PSTAMP for Solaris and move the backend-specific bits to their
6966 own %if [xxx] %endif blocks in %set.
6973 * configure, configure.in:
6974 Only substitute file zlib files when using the builtin zlib
6977 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
6978 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6979 src/Makefile.in, zlib/Makefile.in:
6980 Give up on using VPATH to find sources as it is implemented
6981 inconsistenly in different versions of make.
6984 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
6985 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
6986 Include config.h before any other includes to make sure we get the
6987 right value for _FILE_OFFSET_BITS.
6999 g/c unused $(GENERATED)
7002 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
7004 * plugins/sudoers/group_plugin.c:
7005 Zero out group_plugin on unload just to be safe.
7008 * plugins/sudoers/group_plugin.c:
7009 Unload group plugin if its init function fails.
7013 Only chdir to cwd if it is different from the current cwd or there
7014 is a new root (chroot).
7017 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
7018 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
7019 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
7020 Bump version to 1.8.0b2
7023 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
7026 Better --enable-zlib description
7030 Use system zlib on Linux Let configure decide on Solaris For all
7031 others, use builtin zlib
7035 Add large file support.
7039 Add large file support.
7042 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
7043 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
7044 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
7045 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
7046 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
7047 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
7048 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
7049 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
7050 Add local copy of zlib for systems that lack it.
7053 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
7056 If perform_io() fails, kill the child before exiting so it doesn't
7057 complain about connection reset. We can get an I/O error if, for
7058 example, and we get EIO reading from stdin.
7061 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
7063 * plugins/sudoers/sudoers.c, src/sudo.c:
7064 Fix complilation on systems with set_auth_parameters() Sprinkle
7065 volatile to quiet warnings from gcc 2.8.0
7068 * compat/dlfcn.h, compat/dlopen.c:
7069 Avoid potential namespace issues with dlopen() emulation.
7076 * plugins/sudoers/interfaces.c:
7077 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
7082 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
7085 * configure, configure.in:
7086 HP-UX 10.20 libc has an incompatible getline
7089 * plugins/sudoers/visudo.c:
7090 Quiet an HP-UX compiler warning.
7093 * configure, configure.in:
7094 Check for vi even with --with-editor specified; the sample plugin
7098 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
7101 Fix remaining syntax errors.
7105 sudo binary depends on the libtool-generated libs
7108 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
7109 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
7110 include the local or system dlfcn.h
7114 Don't use run_as_superuser=false on HP-UX
7118 Use memset() instead of zero_bytes() since we don't include
7122 * plugins/sudoers/interfaces.c:
7123 Fix pasto; AF_INET not AF_INET6
7127 Actually call shl_load()
7131 Update from git repo. Debian: version numbers now compliant with
7132 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
7136 * configure, configure.in:
7137 Fix dlopen() detection for systems where dlopen() is in a separate
7141 * plugins/sudoers/auth/pam.c:
7142 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
7143 useful message and return AUTH_FATAL so sudo does not keep trying to
7148 sudo_preload_table is an array
7152 Quiet a compiler warning and fix sudo_preload_table external
7157 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
7160 * plugins/sudoers/group_plugin.c:
7161 Make this compile correctly when no dlopen is available.
7164 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
7166 * plugins/sudoers/check.c:
7167 Having a timestamp file defined is no longer indicative of tty
7168 tickets being enabled. Check def_tty_tickets directly.
7171 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
7172 Fix TCGETWINSZ compat.
7175 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
7177 * src/exec_pty.c, src/ttysize.c:
7178 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
7181 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
7183 * plugins/sudoers/sudoers.c, src/sudo.c:
7184 Move set_project() from sudoers module into sudo proper.
7187 * configure, configure.in:
7188 Fix typo and regenerate
7191 * plugins/sudoers/ldap.c:
7192 When iterating over returned LDAP entries, keep looking at remaining
7193 matches even if we have a positive match. This catches negative
7194 matches that may exist in other entries and more closely match the
7195 sudoers file behavior.
7199 Add support for multiple package instances on Solaris.
7203 Add missing signal_pipe[0] to fdsr for the non-pty case.
7207 Add --with-project for Solaris
7211 Need ar and ranlib too
7214 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
7216 * plugins/sudoers/env.c:
7217 Preserve ODMDIR environment variable by default on AIX.
7220 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
7222 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
7223 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
7224 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
7225 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
7226 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
7228 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
7229 using shl_load(). For others, link sudoers plugin statically and use
7230 a lookup table to emulate dlsym().
7233 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
7235 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
7236 compat/nanosleep.c, compat/utimes.c:
7237 When including compat headers, use the compat dir as part of the
7238 path so we are sure to get the correct header.
7241 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
7243 * plugins/sudoers/linux_audit.c:
7244 Ignore ECONNREFUSED from audit_log_user_command() which will occur
7245 if auditd is not running.
7248 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
7251 Sync with git version
7254 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
7256 * common/fileops.c, plugins/sudoers/defaults.c:
7257 Cast isblank argument to unsigned char.
7260 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
7262 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
7263 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
7264 Implement --with-umask-override configure flag.
7267 * plugins/sudoers/env.c:
7268 Take MODE_LOGIN_SHELL into account when initially setting reset_home
7269 instead of special-casing it later.
7272 * plugins/sudoers/sudoers.c:
7273 In login mode, make a copy of the runas user's pw_shell for
7274 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
7278 * plugins/sudoers/env.c:
7279 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
7283 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
7287 Reset signal mask at sudo startup time; we need to be able to rely
7288 on normal signal delivery to control the child process.
7291 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
7294 Use sed instead of expr to split a flag from its argument. Fixes a
7295 problem with expr interpreting its arguments as a flag when they
7300 Do not need sys/time.h after all
7304 Include sys/time.h for utimes() and struct timeval. No longer need
7305 ioctl.h or termios.h
7308 * compat/snprintf.c:
7309 Quiet bogus compiler warnings.
7312 * include/missing.h:
7313 Declare innetgr() for HP-UX which is missing a declaration. Declare
7314 domainname() for HP-UX and Solaris which are missing a declaration.
7317 * plugins/sudoers/bsm_audit.c:
7318 Use __sun for consistency with the rest of the sources.
7321 * plugins/sudoers/group_plugin.c:
7322 Quiet a bogus compiler warning.
7325 * plugins/sudoers/pwutil.c:
7326 Don't try to delref a NULL group.
7329 * common/alloc.c, common/lbuf.c:
7330 Include memory.h on systems that need it.
7333 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
7336 Quiet gcc warnings on glibc systems that use warn_unused_result for
7340 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
7341 sudo_plugin is in section 8; from Ted Percival
7344 * plugins/sudoers/Makefile.in:
7345 testsudoers depends on libsudoers.la, not sudoreplay
7348 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
7351 Read as many signals on the signal pipe as we can before returning.
7354 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
7355 Instead of using a array to store received signals, open a pipe and
7356 have the signal handler write the signal number to one end and
7357 select() on the other end. This makes it possible to handle signals
7358 similar to I/O without race conditions.
7361 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
7363 * doc/visudo.pod, plugins/sudoers/visudo.c:
7364 Make "visudo -c -f -" check the standard input.
7368 set_home and always_set_home have an effect if HOME is present in
7372 * plugins/sudoers/env.c:
7373 Make -H flag work when HOME is listed in env_keep. Also makes
7374 "set_home" and "always_set_home" override override HOME in env_keep.
7377 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
7379 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
7380 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
7381 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
7382 plugins/sudoers/visudo.c, src/net_ifs.c:
7383 Convert sudoers plugin to use interface list passed in settings.
7386 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
7387 src/parse_args.c, src/sudo.h:
7388 Query local network interfaces in the main sudo driver and pass to
7389 the plugin as "network_addrs" in the settings list.
7392 * plugins/sudoers/bsm_audit.c:
7393 Solaris BSM audit return EINVAL when auditing is not enabled,
7394 whereas OpenBSM returns ENOSYS.
7397 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
7400 missing.h should come before most local includes
7403 * plugins/sudoers/sudoreplay.c:
7404 missing.h should come before most local includes
7407 * plugins/sudoers/sudoers.h:
7408 Make local includes consistent; use double quotes for local includes
7409 except for generated ones where we use angle brackets.
7412 * plugins/sudoers/sudoers.c:
7413 Always fill in NewArgv for audit code.
7416 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7417 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
7420 * common/alloc.c, common/atobool.c, common/fileops.c,
7421 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
7422 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
7423 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
7424 compat/getprogname.c, compat/glob.c, compat/isblank.c,
7425 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
7426 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
7427 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
7428 compat/unsetenv.c, compat/utimes.c, include/compat.h,
7429 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
7430 plugins/sample_group/plugin_test.c,
7431 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
7432 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
7433 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
7434 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
7435 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
7436 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
7437 src/sudo_noexec.c, src/ttysize.c:
7438 Make local includes consistent; use double quotes for local includes
7439 except for generated ones where we use angle brackets. Also g/c
7443 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
7445 * plugins/sudoers/match.c:
7446 When matching the runas user and runas group (-u and -g command line
7447 options), keep track of runas group and runas user matches
7448 separately. Only return a positive match if we have a match for
7449 both runas user and runas group (if specified).
7452 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
7454 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7455 Add support for multiple URI lines by joining the contents and
7456 passing the result to ldap_initialize.
7459 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
7460 Do not return -1 on error from the display functions; the caller
7461 expects a return value >= 0.
7464 * plugins/sudoers/sudoers.c:
7465 Do not set both MODE_EDIT and MODE_RUN
7468 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
7470 * include/missing.h:
7471 Move includes to the top of the file.
7474 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
7476 * plugins/sudoers/Makefile.in:
7477 Add missing definition of timedir
7480 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
7481 compat/mksiglist.c, compat/strsignal.c,
7482 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
7483 Add #include of sys/types.h for .c files that include missing.h to
7484 be sure that size_t and ssize_t are defined.
7487 * plugins/sudoers/Makefile.in:
7488 Install sudoers file from the build dir not hte src dir.
7491 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
7493 * plugins/sudoers/set_perms.c:
7494 If runas_pw changes, reset the stashed runas aux group vector.
7495 Otherwise, if runas_default is set in a per-command Defaults
7496 statement, the command runs with root's aux group vector (i.e. the
7497 one that was used when locating the command).
7500 * plugins/sudoers/Makefile.in:
7501 Add target to generate sudoers file Remove generated sudoers file as
7505 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
7508 When not logging I/O install a handler for SIGCONT and deliver it to
7509 the command upon resume. Fixes bugzilla #431
7512 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
7514 * plugins/sudoers/sudoers.h:
7515 g/c unused auth_pw extern definition
7518 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
7519 Move get_auth() into check.c where it is actually used.
7522 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
7525 Convert a remaining puts() and putchar() to use the output function.
7528 * plugins/sudoers/plugin_error.c:
7532 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
7534 * plugins/sudoers/env.c:
7535 Set dupcheck to TRUE when setting new HOME value if !env_reset but
7536 always_set_home is true. Prevents a duplicate HOME in the
7537 environment (old value plus the new one) introduced in f421f8827340.
7540 * configure, configure.in, plugins/sudoers/sudoers,
7541 plugins/sudoers/sudoers.in:
7542 Substitute sysconfdir in the installed sudoers file to get the
7543 correct path for sudoers.d.
7546 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7549 Fix typo that prevented compilation on Irix; Friedrich Haubensak
7552 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
7554 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
7555 common/atobool.c, common/fileops.c, common/fmt_string.c,
7556 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
7557 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
7558 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
7559 compat/getprogname.c, compat/glob.c, compat/isblank.c,
7560 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
7561 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
7562 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
7563 compat/unsetenv.c, compat/utimes.c, include/compat.h,
7564 include/missing.h, plugins/sample/sample_plugin.c,
7565 plugins/sample_group/getgrent.c,
7566 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
7567 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
7568 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
7569 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
7570 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
7571 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
7572 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
7573 Merge compat.h and missing.h into missing.h
7576 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
7578 * plugins/sudoers/auth/pam.c:
7579 If the user hits ^C while a password is being read, error out before
7580 reading any further passwords in the pam conversation function.
7581 Otherwise, if multiple PAM auth methods are required, the user will
7582 have to hit ^C for each one.
7585 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
7587 * plugins/sudoers/check.c:
7591 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7592 Document sudo_conv_t function and sudo_printf_t return values.
7595 * src/conversation.c:
7596 Make _sudo_printf return the number of characters printed on success
7600 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
7602 * plugins/sudoers/sudoers.c:
7603 sudoers.h includes sudo_plugin.h for us
7606 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
7607 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
7609 Use gettimeofday() directly instead of via the gettime() wrapper.
7612 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
7613 compat/strerror.c, config.h.in, configure, configure.in,
7614 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
7615 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
7616 Remove some obsolete configure tests, ancient Unix systems are no
7620 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
7623 Set pp_kit_version and strip off patch level
7627 Better handling of versions with a patchlevel. For rpm and deb, use
7628 the patchlevel+1 as the release. For AIX, use the patchlevel as the
7629 4th version number. For the rest, just leave the patchlevel in the
7633 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
7635 * plugins/sudoers/auth/sudo_auth.c:
7636 For non-standalone auth methods, stop reading the password if the
7637 user enters ^C at the prompt.
7640 * configure, configure.in, plugins/sudoers/Makefile.in,
7641 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
7642 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
7643 plugins/sudoers/pwutil.c:
7644 No need to look up shadow password unless we are doing password-
7645 style authentication. This moves the shadow password lookup to the
7646 auth functions that need it.
7649 * plugins/sudoers/sudoers.c:
7650 Retain final passwd/group refs until the policy close() function.
7651 Note that this doesn't get called in all cases so putting this in a
7652 cleanup function is probably better.
7655 * plugins/sudoers/check.c:
7659 * plugins/sudoers/check.c:
7660 When removing/resetting the timestamp file ignore the tty ticket
7664 * plugins/sudoers/sudoers.c:
7665 delref sudo_user.pw, runas_pw and runas_gr immediately before we
7669 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
7671 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
7672 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
7673 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
7674 Reference count cached passwd and group structs. The cache holds
7675 one reference itself and another is added by sudo_getgr{gid,nam} and
7676 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
7677 group structs are persistent for now.
7684 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
7686 * plugins/sudoers/check.c:
7687 Do not produce a warning for "sudo -k" if the ticket file does not
7691 * plugins/sudoers/pwutil.c:
7692 Instead of caching struct passwd and struct group in the red-black
7693 tree, store a struct cache_item which includes both the key and
7694 datum. This allows us to user the actual name that was looked up as
7695 the key instead of the contents of struct passwd or struct group.
7696 This matters because the name in the database may not match what we
7697 looked up, due either to case folding or truncation (historically at
7698 8 characters). Also mark the disabled calls to sudo_freepwcache()
7699 and sudo_freegrcache() as broken since we use cached data for things
7700 like set_perms() and the logging functions. Fixing this would
7701 require making a copy of the structs for user and runas or adding a
7702 reference count (better).
7705 * plugins/sudoers/Makefile.in:
7706 Fix path to mkinstalldirs
7709 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
7710 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
7711 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
7712 Quiet gcc warnings on glibc systems that use warn_unused_result for
7713 write(2) and others.
7716 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
7718 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7722 * aclocal.m4, configure, configure.in:
7723 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
7724 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
7728 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
7730 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
7731 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
7732 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
7735 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
7738 Update to latest version
7741 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
7744 Let pp determine pp_aix_version itself.
7747 * INSTALL, config.h.in, configure, configure.in, mkpkg,
7748 plugins/sudoers/sudoers.c:
7749 Add support for Ubuntu admin flag file and enable it when building
7753 * plugins/sudoers/sudoers, sudo.pp:
7754 Add commented out SuSE-like targetpw settings
7757 * configure, configure.in:
7758 Only try to use +DAportable for non-GCC on hppa
7761 * configure, configure.in:
7762 Prevent configure from adding the -g flag unless in devel mode
7765 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
7768 Go back to sudo-flavor to match existing packages and only use an
7769 underscore for those that need it.
7773 Use sudo_$flavor instead of sudo-$flavor since that causes the least
7774 amount of trouble for the various package managers.
7778 Fix handling of the ldap flavor Remove destdir unless --debug was
7779 specified Make distclean before running configure if there is a
7784 Add back include file.
7788 Pass extra args on to configure on HP-UX, if we don't have the HP C
7789 compiler, disable zlib to prevent gcc from finding it in
7794 Use the HP ANSI C compiler on HP-UX if possible
7797 * plugins/sudoers/sudoreplay.c:
7798 Some getline() implementations (FreeBSD 8.0) do not ignore the
7799 length pointer when the line pointer is NULL as they should.
7802 * plugins/sudoers/sudoreplay.c:
7803 Don't need to check for *cp being non-zero, isdigit() will do that.
7806 * plugins/sudoers/sudoreplay.c:
7807 Add setlocale() so the command line arguments that use floating
7808 point work in different locales. Since sudo now logs the timing
7809 data in the C locale we must Parse the seconds in the timing file
7810 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
7811 the number of seconds with the user's locale so if the decimal point
7812 is not '.' try using the locale-specific version.
7816 Do I/O logging in the C locale so the floating point numbers in the
7817 timing file are not locale-dependent.
7820 * plugins/sudoers/sudoreplay.c:
7821 Use errorx() not error() for thingsthat don't set errno.
7824 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
7827 Better support for 1.2.3 style versions in Tru64 kits
7831 Add Tru64 kit support
7835 Remove apparently unnecessary use of sudo
7838 * Makefile.in, plugins/sudoers/Makefile.in:
7839 Create timedir as part of install-dirs target.
7843 Handle ENXIO from read/write which can occur when reading/writing a
7844 pty that has gone away.
7847 * plugins/sudoers/pwutil.c:
7848 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
7852 platform is a pp flag not a variable
7855 * Makefile.in, mkpkg, sudo.pp:
7856 Add simple arg parsing for mkpkg so we can set debug, flavor or
7861 Make rpm backend work on AIX 5.x
7864 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
7866 * plugins/sudoers/sudoers:
7867 Add commented out Defaults entry for log_output
7870 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
7873 Remove sudo docdir completely
7876 * doc/sample.sudo.conf:
7877 Add sample sudo.conf
7880 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
7882 * plugins/sudoers/Makefile.in:
7883 Add PACKAGE_TARNAME for docdir
7886 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
7889 Pass install-sh -b~ here too.
7892 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
7893 plugins/sudoers/Makefile.in, src/Makefile.in:
7894 Install binary files with -b~ to make a backup. Fixes "text file
7895 busy" error on HP-UX during install.
7899 "mv -f" on HP-UX doesn't unlink the destination first so add an
7900 explicit rm before moving the temporary into place.
7903 * configure, configure.in:
7904 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
7907 * doc/Makefile.in, plugins/sudoers/Makefile.in:
7908 Install sudoers2ldif in the doc dir
7911 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
7914 Add missing include of maillock.h for Solaris
7917 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
7918 doc/sample.syslog.conf, doc/sudoers.cat:
7919 Change the default syslog facility from local2 to authpriv (or auth
7920 if the operating system doesn't support authpriv).
7923 * Makefile.in, sudo.pp:
7924 Install sudoers as /etc/sudoers on RPM and debian systems where the
7925 package manager will not replace a user-modified configuration file.
7926 This fixes upgrades from the vendor sudo packages.
7930 RPM: use %config(noreplace) instead of %config for volatile This
7931 results in the new file being installed with a .rpmnew suffix
7932 instead of the file being replaced and the old one renamed with a
7936 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
7938 * compat/mkstemps.c, plugins/sudoers/boottime.c:
7939 Include time.h for struct timeval
7943 The return value of strsignal() may be const and should be treated
7944 as const regardless.
7947 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
7948 Mention that 127.0.0.1 will not match, nor will localhost unless
7949 that is the actual host name.
7952 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
7953 Rename WHATSNEW -> NEWS
7957 Updated pp with latest patches
7964 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7965 plugins/sudoers/sudoers:
7966 Add commented out line to add HOME to env_keep and add a warning to
7967 the note about the HOME change in UPGRADE.
7970 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
7972 * plugins/sudoers/sudoreplay.c:
7973 Add LINE_MAX define for those without it.
7976 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
7977 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7978 plugins/sudoers/defaults.c:
7979 The tty_tickets option is now on by default.
7983 Mention that AIX authdb support has been fixed.
7987 setauthdb() only sets the "old" registry if it was set by a previous
7988 call to setauthdb(). To restore the original value, passing NULL
7989 (or an empty string) to setauthdb() is sufficient.
7992 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
7994 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
7995 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7996 plugins/sudoers/env.c:
7997 Reset HOME when env_reset is enabled unless it is in env_keep
8000 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8001 The default for set_logname has been "true" for some time now.
8004 * plugins/sudoers/boottime.c:
8005 Add missing include of time.h
8008 * plugins/sudoers/logging.c:
8009 Fix check for dup2() return value.
8012 * plugins/sudoers/env.c:
8013 Add PYTHONUSERBASE to initial_badenv_table
8016 * plugins/sudoers/visudo.c:
8017 Treat an unknown defaults entry as a parse error.
8020 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
8021 Check return value of setdefs() but don't stop setting defaults if
8022 we hit an unknown one.
8025 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
8026 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
8027 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
8028 plugins/sudoers/env.c:
8029 If env_reset is enabled, set the MAIL environment variable based on
8030 the target user unless MAIL is explicitly preserved in sudoers.
8033 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
8036 decode debian code names
8043 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
8050 Restore RLIMIT_NPROC after the uid switch if it appears that
8051 runas_setup() did not do it for us. Fixes a bash script problem on
8052 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
8055 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
8057 * mkpkg, pp, sudo.pp:
8058 Restore the dot removal in the os version reported by polypkg. Adapt
8059 mkpkg and sudo.pp to the change.
8062 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
8065 document --with-pam-login
8068 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8069 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
8072 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
8075 Include flavor in solaris package name
8079 Older shells don't support IFS= so set explictly to space, tab,
8084 Use '=' not '==' in test
8088 Fix typo that prevented debian from matching
8092 Add missing prefix setting for debian
8096 Use tab indents to reduce the chance of problem with <<- Fix the
8097 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
8098 line in sudoers for debian Uncomment some env_keep lines for RHEL,
8099 SLES and debian to more closely match the vendor sudoers files.
8100 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
8101 debian for ldap flavor
8104 * plugins/sudoers/sudoers:
8105 Add commented out env_keep entries, sample Aliases and a %sudo line
8109 * configure, configure.in:
8110 Move zlib check later on in the script to avoid a strange shell
8115 Remove check for egrep; configure has its own
8118 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
8121 Enable zlib for linux distros
8125 Add ldap flavor to default build
8129 Simplify rpm linux distro settings
8132 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
8133 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
8137 Fix ChangeLog creation from build dir
8140 * plugins/sudoers/sudoers.c:
8141 Handle getcwd() failure.
8144 * doc/Makefile.in, mkpkg, sudo.pp:
8145 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
8146 environment variable.
8150 Create sudo group on debian
8154 Add debian 4/5/6 and use the dot when doing version matches
8157 * aclocal.m4, configure:
8158 Use a loop when searching for mv, sendmail and sh
8161 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8162 Remove spurious "and"; from debian
8165 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
8166 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
8167 doc/visudo.man.in, doc/visudo.pod:
8168 Substitute the value of EDITOR into the sudoers and visudo manuals.
8171 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
8173 * mkpkg, pp, sudo.pp:
8174 Initial support for debian 4.0
8178 Some platforms need -fPIE instead of -fpie
8181 * plugins/sudoers/auth/pam.c:
8182 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
8183 On Linux it causes a DNS lookup via libaudit.
8187 Update MANIFEST to match packaging changes
8191 We now use pp to generate HP-UX packages
8194 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
8195 Remove vestiges of old binary package bits.
8198 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
8199 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8200 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8202 install-man -> install-doc
8205 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
8206 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
8207 Use http://rc.quest.com/topics/polypkg/ for packaging
8211 Just ignore the -c option, it is the default Add support for -d
8215 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
8217 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
8218 Use _PATH_STDPATH instead of _PATH_DEFPATH
8221 * plugins/sudoers/Makefile.in, src/Makefile.in:
8222 Do not strip binaries.
8225 * INSTALL, configure, configure.in:
8226 Add --insults=disabled configure option to allow people to build in
8227 insult support but have the insults disabled unless explicitly
8231 * compat/mkstemps.c:
8232 Add prototype for gettime()
8235 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
8236 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
8237 plugins/sudoers/sudoers.h:
8238 Add support for a sudo-i pam.d file to be used for "sudo -i".
8239 Adapted from a RedHat patch.
8242 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
8244 * include/missing.h:
8245 Fix mkstemps() prototype
8248 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
8249 config.h.in, configure, configure.in, include/missing.h,
8251 Use mkstemps() instead of mkstemp() in sudoedit. This allows
8252 sudoedit to preserve the file extension (if any) which may be used
8253 by the editor (like emacs) to choose the editing mode.
8256 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
8258 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
8259 plugins/sudoers/ldap.c:
8260 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
8261 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
8262 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
8263 should avoid disabling TLS_CHECKPEER is possible.
8266 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
8268 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8269 Make sudo_plugin format a bit more like a man page
8272 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8273 Add suport for negated user/host/command lists in a Defaults entry.
8274 E.g. Defaults:!baduser noexec
8277 * Makefile.in, common/Makefile.in, compat/Makefile.in,
8278 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8279 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8281 Add uninstall target
8284 * common/Makefile.in, compat/Makefile.in:
8285 Remove unused AR, SED and RANLIB variables
8289 Do not install sample plugins
8292 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
8294 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
8295 configure.in, plugins/sudoers/env.c:
8296 Now that sudoers is a dynamically loaded module we cannot override
8297 the libc environment functions because the symbols may already have
8298 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
8299 replacements from sudoers and add replacements for setenv/unsetenv
8300 for systems that lack them.
8303 * configure, configure.in, plugins/sudoers/Makefile.in:
8304 Link testsudoers with -ldl when needed
8307 * plugins/sample_group/plugin_test.c:
8308 Remove unused time.h and add limits.h for PATH_MAX
8311 * doc/sudoers.ldap.pod:
8315 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
8317 * plugins/sample_group/plugin_test.c:
8318 Do not depend on strlcpy/strlcat
8321 * plugins/sample_group/plugin_test.c:
8322 Standalone test driver for sudoers group plugin.
8325 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
8327 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
8328 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
8332 * plugins/sample_group/sample_group.c:
8333 Fix style nit in function declarations
8336 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8337 Document group_plugin syntax.
8340 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8341 Document the sudoers group plugin.
8344 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
8345 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
8346 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
8347 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
8348 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
8349 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
8350 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
8351 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8352 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
8353 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
8354 Replace built-in non-unix group support with a sudoers group plugin.
8355 Include a sample plugin that can read Unix-format group files.
8358 * configure, configure.in, src/load_plugins.c:
8359 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
8362 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
8364 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
8365 doc/sudoers.man.in, doc/sudoers.pod:
8366 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
8369 * aclocal.m4, configure, configure.in:
8370 Substitute @io_logdir@ for the sudoers I/O log directory.
8373 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
8375 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
8376 common/atobool.c, common/fileops.c, common/fmt_string.c,
8377 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
8378 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
8379 compat/snprintf.c, config.h.in, configure, configure.in,
8380 include/fileops.h, plugins/sample/sample_plugin.c,
8381 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
8382 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
8383 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
8384 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
8385 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
8386 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
8387 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
8388 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
8389 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
8390 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
8391 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
8392 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
8393 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
8394 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
8395 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8396 plugins/sudoers/logging.c, plugins/sudoers/match.c,
8397 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
8398 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
8399 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8400 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8401 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
8402 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
8403 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
8404 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
8405 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
8406 Set usrinfo for AIX Set adminstrative domain for the process when
8407 looking up user's password or group info and when preparing for
8408 execve(). Include strings.h even if string.h exists since they may
8409 define different things. Fixes warnings on AIX and others.
8413 Add a separate all target for AIX make which was using the entire
8414 LHS (not just the first entry) of the first target as the implicit
8418 * plugins/sudoers/env.c:
8419 Do not rely on env.env_len when unsetting a variable, just use the
8423 * plugins/sudoers/env.c:
8424 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
8427 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
8429 * plugins/sudoers/vasgroups.c:
8430 Use warningx() instead of log_error() since the latter is not
8431 available to visudo or testsudoers. This does mean that they don't
8435 * plugins/sudoers/sudoers.c:
8436 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
8437 closed the sudoers sources. From Quest sudo.
8440 * plugins/sudoers/pwutil.c:
8441 Ignore case when matching user/group names in the cache. From Quest
8445 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
8447 * config.h.in, configure, configure.in, src/selinux.c:
8448 Add check for setkeycreatecon() when --with-selinux is specified.
8451 * configure, configure.in:
8452 Error out if libaudit.h is missing or ununable when --with-linux-
8456 * doc/HISTORY, doc/history.pod:
8457 Add =head3 entries, mostly for the html version
8460 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
8462 * doc/HISTORY, doc/history.pod:
8463 Mention when LDAP was incorporate.
8466 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
8468 * configure, configure.in:
8469 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
8470 not covered by _ALL_SOURCE.
8473 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
8475 * plugins/sudoers/iolog.c:
8476 Add a cast to quiet a compiler warning.
8479 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
8480 Quiet a compiler warning.
8483 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
8484 Call set_fqdn() after sudoers has parsed instead of inline as a
8488 * WHATSNEW, plugins/sudoers/sudoers.c:
8489 Do not call set_fqdn() until sudoers parses (where is gets run as a
8494 mention the change in tty ticket behavior when there is no tty
8497 * plugins/sudoers/check.c:
8498 Do not update tty ticket if there is no tty.
8501 * doc/LICENSE, doc/license.pod:
8502 Update copyright year
8506 Do not rely on BSD make's $>
8509 * configure, configure.in:
8510 Set timedir to /var/db/sudo for darwin to match Apple sudo's
8514 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
8516 * plugins/sudoers/sudoers.h:
8517 Add stub declarations for struct stat and struct timeval
8521 Remove compat/sigaction.c
8524 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
8525 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
8526 Check for zlib.h in addition to libz.
8529 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
8531 Move functions and symbols shared between exec.c and exec_pty.c into
8536 Comment out rules to build .man.in and .cat files unless --with-
8541 Comment out rules to build .man.in and .cat files unless --with-
8546 Quote any non-alphanumeric characters other than '_' or '-' when
8547 passing a command to be run via the shell for the -s and -i options.
8551 Add back .man suffix
8554 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
8555 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
8556 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
8557 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
8559 Add Linux audit support.
8562 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
8564 * plugins/sudoers/iolog.c:
8568 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
8569 plugins/sudoers/sudoreplay.c:
8570 Add -f (filter) option to sudoreplay to allow certain streams to be
8571 replayed and others ignored.
8574 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
8576 Fix -A flag when askpass is specified in sudo.conf or if sudo
8577 doesn't need to read a password.
8580 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
8581 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
8585 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
8586 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
8587 Add support for multiple sudoers_base entries in ldap.conf. From
8591 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
8593 remove setsid check, we require a POSIX system
8596 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
8597 src/sudo.c, src/tgetpass.c:
8598 Check for dup2() failure.
8601 * config.h.in, configure, configure.in:
8602 Remove dup2() check, it is not optional.
8605 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
8608 sync with sudo 1.7.3
8612 SunOS does not ship with an ANSI compiler
8616 Update OS specific notes. Delete some really ancient ones and move
8617 older ones to the end of the list.
8621 Sudo can be downloaded from the web site too Mention "OS dependent
8622 notes" section in INSTALL
8625 * src/exec_pty.c, src/selinux.c:
8626 Call selinux_restore_tty() as part of cleanup() so it gets called
8627 from error()/errorx()
8630 * MANIFEST, doc/PORTING:
8631 Remove obsolete porting guide
8634 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
8635 Move union sudo_in_addr_un into interfaces.h
8639 Remove useless circular dependencies
8642 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
8643 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
8644 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
8645 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
8646 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
8647 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
8648 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
8649 Convert to ANSI C function declarations
8652 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
8653 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
8654 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
8655 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
8656 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
8657 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
8658 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
8659 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
8660 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
8661 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
8662 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
8663 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
8664 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
8665 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
8666 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
8667 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
8668 plugins/sudoers/logging.h, plugins/sudoers/match.c,
8669 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
8670 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
8671 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
8672 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
8673 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
8674 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
8675 src/conversation.c, src/error.c, src/load_plugins.c,
8676 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
8677 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
8678 Update copyright year
8682 Fix commented DEVDOCS when not in devel mode.
8685 * plugins/sudoers/match.c:
8686 Quiet a compiler warning.
8689 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
8690 Quiet a compiler warning.
8693 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
8694 Make all functions in ldap.c static
8697 * doc/schema.ActiveDirectory:
8698 Updates from Alain Roy to provide better examples for importing the
8699 schema and to fix problems caused by Windows validating attributes
8700 which have not yet been added before committing the changes.
8703 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
8705 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
8706 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
8707 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
8708 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
8709 doc/visudo.cat, doc/visudo.man.in:
8710 Leave rules to build .man.in and .cat files uncommented but only
8711 make them part of the "all" rule in devel mode. Generate .cat files
8712 directly from .man.in instead of .man using default values in
8716 * configure, configure.in:
8717 Bump sudo version to 1.8.0b1
8720 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
8721 Print configure args with verbose version information.
8724 * TODO, plugins/sudoers/visudo.c:
8725 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
8726 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
8727 Use tq_append to append sudoers entries to the tail queue.
8730 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
8733 Describe tty timestamp improvements
8736 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8737 A comment character may not be part of a command line argument
8738 unless it is quoted with a backslash. Fixes parsing of:
8739 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
8743 Make this read a little bit better when passwd_timeout is 0.
8746 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
8747 Attempt to handle a default password prompt timeout of zero more
8751 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8752 Do not override value of keepopen global, instead restore it to the
8753 value we pushed onto the stack when popping.
8756 * plugins/sudoers/Makefile.in:
8757 Add dependency for utility programs on libreplace and libcommon
8760 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
8761 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
8762 src/exec.c, src/exec_pty.c, src/tgetpass.c:
8763 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
8766 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
8767 We don't use getgrouplist() at the moment so there's no need to
8768 provide a compat version.
8775 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
8776 src/conversation.c, src/sudo.h, src/tgetpass.c:
8777 Fix visiblepw sudoers option; the plugin API portion still needs
8782 Print sudo version as well.
8785 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
8786 Use sudo_printf for I/O log version Clarify policy plugin version
8790 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
8791 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
8792 Silence some compiler warnings
8795 * src/load_plugins.c, src/tgetpass.c:
8796 Store askpass path in a global instead of uses setenv() which many
8800 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
8802 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
8803 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8804 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
8805 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
8806 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
8807 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
8809 Move askpass path specification from sudoers to sudo.conf.
8812 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
8813 Use a flag bit in struct command_details for selinux instead of a
8817 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
8818 Implement background mode. If I/O logging we use pipes instead of a
8822 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
8823 src/exec.c, src/exec_pty.c, src/tgetpass.c:
8824 Move compat definition of NSIG to compat.h
8827 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
8828 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8829 Mention plugins in the sudo manual and add some missing path
8830 substitution in the sudo_plugin manual.
8834 Set _PATH_SUDO_CONF based on $(sysconfdir)
8837 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
8838 src/exec.c, src/exec_pty.c, src/ttysize.c:
8839 Require POSIX termios to build sudo
8843 Ignore SIGPIPE for "sudo -S"
8847 Fix uninitialized variable in TGP_ECHO case and print a newline if
8848 the user interrupted password input.
8852 Make TGP_ECHO override TGP_MASK and don't try to restore the
8853 terminal if we didn't modify it.
8856 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8857 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
8858 src/conversation.c, src/sudo.h, src/tgetpass.c:
8859 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
8860 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
8865 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
8868 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
8870 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
8871 Add selinux_enabled flag into struct command_details and set it in
8872 command_info_to_details(). Return an error from selinux_setup()
8873 instead of exiting. Call selinux_setup() from exec_setup().
8876 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
8879 Remove commented out copy of old sudo_execve() function.
8882 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
8884 * plugins/sudoers/sudoers.c:
8885 Fix setting selinux type on command line.
8888 * plugins/sudoers/iolog.c:
8889 In sudoers_io_close(), skip NULL io_fds[] elements.
8893 No longer need NGROUPS_MAX define
8896 * compat/nanosleep.c, config.h.in, configure, configure.in,
8897 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
8898 plugins/sudoers/visudo.c, src/sudo_edit.c:
8899 Replace timerfoo macros with timevalfoo since the timer macros are
8900 known to be busted on some systems.
8904 Remove duplicate call to selinux_setup().
8907 * plugins/sudoers/auth/pam.c:
8908 If pam_open_session() fails, pass its status to pam_end.
8911 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8912 If a file in a #includedir has improper permissions or owner just
8913 skip it. This prevents packages that incorrectly install a file
8914 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
8915 #includedir files still result in a parse error (for now).
8918 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
8919 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
8920 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
8921 Add use_pty sudoers option to force use of a pty even when not
8925 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
8926 Make env_init() void as it never fails.
8929 * plugins/sudoers/env.c:
8930 No longer use _NSGetEnviron so don't need crt_externs.h
8933 * plugins/sudoers/env.c:
8934 Remove unused VNULL define
8937 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
8939 * plugins/sudoers/iolog.c:
8940 Add #define for maximum session id
8943 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
8944 Split exec.c into exec.c and exec_pty.c
8948 Sync with source file moves.
8951 * src/Makefile.in, src/get_pty.c, src/pty.c:
8952 Rename pty.c -> get_pty.c
8955 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
8957 * plugins/sudoers/iolog.c:
8958 Only use I/O input log file if def_log_input is set and output file
8959 if def_log_output is set.
8962 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
8964 * compat/strsignal.c:
8965 Update copyright year
8972 * plugins/sudoers/sudoers.c:
8973 For sudoedit, make a local copy of editor string si become part of
8974 argv. If no editor environment variable, split def_editor on ':'
8975 since it may be a colon-delimited path.
8979 Remove unneeded endpwent()/endgrent()
8983 Use value of nroff from configure
8987 Add missing const to I/O log action function
8990 * plugins/sudoers/check.c:
8991 Update copyright year and fix whitespace
8994 * configure, configure.in:
8998 * plugins/sudoers/iolog.c:
8999 Remove redundant tty signal blocking in log function.
9002 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
9004 * plugins/sudoers/iolog.c:
9005 Place static keyword where it belongs
9008 * plugins/sudoers/logging.c:
9009 Always use a printf format string for send_mail()
9012 * common/atobool.c, plugins/sudoers/ldap.c:
9013 Extend atobool() so we can use it in the LDAP code.
9016 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
9017 Sudo now stashes tty ctime for tty_tickets on Solaris too.
9020 * plugins/sudoers/boottime.c:
9021 Fix dummy version of get_boottime()
9024 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
9026 * plugins/sudoers/check.c:
9027 Enable tty_is_devpts() support for Solaris with the "devices"
9032 Unbreak the non-io logging case.
9035 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
9036 Fix symbol name conflict with sudo_printf.
9039 * plugins/sudoers/auth/pam.c:
9040 Fix OpenPAM detection for newer versions.
9043 * plugins/sudoers/vasgroups.c:
9044 Sync with Quest sudo git repo
9047 * aclocal.m4, configure, configure.in:
9048 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
9049 Add missing template for ENV_DEBUG Adapted from Quest sudo
9053 Fix typos; from Quest Sudo
9056 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
9058 * plugins/sudoers/Makefile.in:
9059 Add back -I$(top_srcdir); we need it for including compat/foo.h
9060 since we cannot rely on "foo.h" being found relative to the source
9061 file when the cwd is different.
9065 Fix a bug where we could treat EAGAIN as a permanent error. Also set
9066 cstat if perform_io() returns an error.
9069 * common/alloc.c, plugins/sudoers/boottime.c,
9070 plugins/sudoers/sudoers.c:
9071 Add casts to quiet compiler warnings.
9074 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
9075 plugins/sudoers/visudo.c:
9076 Fix typo in ternary operator usage.
9079 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
9081 * INSTALL, configure, configure.in:
9082 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
9085 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
9086 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
9087 Update docs to match sudoers I/O logging changes
9090 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
9091 pathnames.h.in, plugins/sudoers/def_data.c,
9092 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
9093 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
9094 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
9095 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
9096 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
9097 plugins/sudoers/sudoreplay.c:
9098 Break sudoers transcript feature up into log_input and log_output.
9101 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
9102 plugins/sudoers/visudo.c:
9103 Use setprogname() as needed.
9106 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
9107 Adapt sudoreplay to iolog changes.
9110 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
9112 * plugins/sudoers/iolog.c:
9113 Log all input and output into separate files and store a number on
9114 each timing file line to indicate which file the data is in.
9117 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
9118 plugins/sudoers/sudoers.h:
9119 Make sudoers_io functions static to iolog.c
9122 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
9124 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
9125 src/sudo_usage.h.in:
9126 Completely remove the -L flag from the sudo front end.
9129 * plugins/sudoers/sudoreplay.c:
9130 Fix EAGAIN handling when writing to stdout.
9133 * plugins/sudoers/sudoers.c:
9134 Eliminate unused variables
9137 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
9138 Re-enable cleanup functions in sudoers plugin and sudo driver for
9142 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
9143 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
9144 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
9145 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
9146 Use sudo_printf to display verbose version information.
9149 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
9150 plugins/sudoers/Makefile.in, src/Makefile.in:
9151 Minor Makefile cleanup: fix a typo, change the removal order in the
9152 clean targets, and remove a superfluous include path for the sudoers
9156 * plugins/sudoers/env.c:
9157 Handle duplicate variables in the environment. For unsetenv(), keep
9158 looking even after remove the first instance. For sudo_putenv(),
9159 check for and remove dupes after we replace an existing value.
9162 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
9164 * plugins/sudoers/Makefile.in:
9165 Use explicit path to source file instead of $< for files that live
9166 in devdir and top_srcdir.
9169 * plugins/sudoers/Makefile.in:
9170 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
9171 ending LIBSUDOERS_OBJS with a backslash
9174 * plugins/sudoers/Makefile.in, src/Makefile.in:
9175 Link libcommon before libreplace since libcommon may use functions
9176 only present in libreplace.
9179 * common/Makefile.in:
9180 Move code common to sudo and the sudoers plugin to a convenience
9181 library, libcommon. Removes the need to make links in the sudoers
9182 plugin dir and reduces re-compilation of duplicate object files.
9185 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
9186 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
9187 common/term.c, common/zero_bytes.c, configure, configure.in,
9188 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
9189 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
9190 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
9192 Move code common to sudo and the sudoers plugin to a convenience
9193 library, libcommon. Removes the need to make links in the sudoers
9194 plugin dir and reduces re-compilation of duplicate object files.
9197 * src/exec.c, src/sudo.c, src/sudo.h:
9198 Rename script_execve to sudo_execve and rename script_foo in exec.c
9201 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
9202 rename script.c exec.c and fix up the MANIFEST file
9205 * src/script.c, src/sudo.c, src/sudo.h:
9206 Rename script_setup() to pty_setup() and call from script_execve()
9210 * configure, configure.in:
9211 bump version to 1.8.0a2
9214 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9215 Document init_session
9218 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
9219 plugins/sudoers/auth/sudo_auth.h:
9220 Clean up the sudoers auth API a bit and update the docs.
9223 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
9224 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
9225 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
9226 Add init_session function to struct policy_plugin that gets called
9227 before the uid/gid/etc changes. A struct passwd pointer is passed
9228 in,which may be NULL if the user does not exist in the passwd
9229 database.The sudoers module uses init_session to open the pam
9233 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
9235 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
9236 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
9237 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9238 Add open/close session to sudo auth, only used by PAM. This allows
9239 us to open (and close) the PAM session from sudoers.
9242 * plugins/sudoers/Makefile.in:
9243 Add explicit rule to build getdate.o for HP-UX make.
9246 * plugins/sudoers/Makefile.in:
9247 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
9248 rules as an alternate way to prevent HP-UX make (and others) from
9249 trying to rebuild the parser in non-dev mode.
9252 * plugins/sudoers/sudoers.c:
9253 Re-enable PATH_MAX check for command
9257 For distclean, clean the main directory last since the subdirs need
9258 to be able to run libtool to clean things.
9261 * compat/Makefile.in:
9262 Fix generation of mksiglist.h
9266 Now that we defer sending cstat until the end of script_child() we
9267 cannot reuse cstat when reading command status from parent.
9270 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
9272 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
9273 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
9274 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
9275 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
9276 Use numeric registers to handle conditionals instead of trying to do
9277 it all with text processing.
9281 Document per-command SELinux settings
9284 * plugins/sudoers/sudoers.c:
9285 Repair "sudo -l -U username"
9288 * plugins/sudoers/sudoers.c:
9289 Set selinux role and type in command details.
9292 * src/script.c, src/selinux.c, src/sudo.h:
9293 Rework SELinux support.
9296 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
9298 * src/script.c, src/selinux.c, src/sudo.h:
9299 Make SELinux support compile again. Needs more work to be complete.
9302 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
9303 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9304 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
9306 Bring back closefrom settings.
9309 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
9310 plugins/sudoers/sudoers.h:
9311 If running a command or sudoedit in transcript mode, call
9312 io_nextid() before log_allowed() so the session id is logged.
9315 * configure, configure.in:
9316 Use mandoc(1) if nroff(1) is not present.
9320 Use the --file argument to config.status instead of setting
9321 CONFIG_FILES in the environment.
9324 * plugins/sudoers/Makefile.in:
9325 We cannot conditionally update gram.h or the dependency ordering
9326 gets messed up in devel mode.
9329 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
9331 * Makefile.in, compat/Makefile.in, configure, configure.in,
9332 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
9333 plugins/sudoers/Makefile.in, src/Makefile.in:
9334 Substitute @SHELL@ into Makefiles
9341 * config.guess, config.sub, configure, configure.in:
9342 Update to autoconf 2.65
9346 Fix libtool target (space vs. tabs)
9349 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
9350 Remove use of RETSIGTYPE; all modern systems have signal handlers
9354 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
9355 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
9356 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
9357 plugins/sudoers/Makefile.in, src/Makefile.in:
9358 Update to libtool-2.2.6b. I haven't made any local modifications
9359 this time, which should be OK since we install sudo_noexec.so by
9363 * compat/Makefile.in, plugins/sample/Makefile.in,
9364 plugins/sudoers/Makefile.in, src/Makefile.in:
9365 Use libtool to clean objects
9368 * include/Makefile.in:
9369 Install sudo_plugin.h as part of "make install" and make other
9370 install targets callable from the top-level Makefile
9373 * configure, configure.in:
9374 regen with autoupdate to eliminate AC_TRY_LINK
9377 * Makefile.in, compat/Makefile.in, configure, configure.in,
9378 doc/Makefile.in, plugins/sample/Makefile.in,
9379 plugins/sudoers/Makefile.in, src/Makefile.in:
9380 Install sudo_plugin.h as part of "make install" and make other
9381 install targets callable from the top-level Makefile
9384 * plugins/sample/sample_plugin.c:
9385 The sample plugin doesn't support being run with no args so return a
9386 usage error in this case.
9389 * plugins/sudoers/iolog.c:
9390 Set close on exec flag for descriptors used for I/O logging so they
9391 are not present in the command being run.
9394 * plugins/sudoers/tsgetgrpw.c:
9395 Set close on exec flag in private versions of setpwent() and
9400 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
9401 Fixes extra fds being present in the command when it is part of a
9405 * plugins/sudoers/sudoers.c:
9406 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
9407 is used when logging). Note that user_ttypath will still be NULL if
9411 * src/script.c, src/sudo.h:
9412 Cosmetic changes: add comments, remove orphaned prototype and
9413 make a global static.
9416 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
9419 Move check for maxfd == -1 to flush_output where it belongs.
9423 Break out of select loop if all the fds we want to select on are -1.
9427 Avoid possible malloc(0) if plugin returns an empty groups list.
9431 Add debugging info when calling plugin close function
9435 Avoid closing stdin/stdout/stderr when we are piping output.
9439 When execve() of the command fails, it is possible to receive
9440 SIGCHLD before we've read the error status from the pipe. Re-order
9441 things such that we send the final status at the very end and prefer
9442 error status over wait status.
9445 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
9447 * plugins/sudoers/auth/sudo_auth.c:
9448 Fix compilation for non PAM/BSD auth/AIX auth
9451 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
9454 Additional checks to make sure we don't close /dev/tty by mistake.
9455 When flushing, sleep in select as long as we have buffers that need
9460 Now that we can use pipes for stdin/stdout/stderr there is no longer
9461 a need to error out when there is no tty. We just need to make sure
9462 we don't try to use the tty fd if it is -1.
9465 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
9467 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
9468 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
9469 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
9470 Add argc and argv to I/O logger open function.
9473 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
9474 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
9475 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
9476 Remove check_sudoedit function pointer in struct sudo_policy.
9477 Instead, sudo will set sudoedit=true in the settings array. The
9478 plugin should check for this and modify argv_out as appropriate in
9482 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
9484 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
9486 If plugin sets "sudoedit=true" in the command info, enable sudoedit
9487 mode even if not invoked as sudoedit. This allows a plugin to
9488 enable sudoedit when the user runs an editor.
9491 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
9493 * plugins/sudoers/Makefile.in:
9494 gram.h must not depend on gram.y if we want to avoid unnecessary
9495 rebuilding of targets dependent on gram.h when gram.y changes.
9498 * plugins/sample/sample_plugin.c:
9499 Refactor common bits of check_policy and check_edit
9502 * plugins/sample/sample_plugin.c:
9503 Add sudoedit support
9506 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
9508 * plugins/sudoers/Makefile.in:
9509 Rely more on VPATH; fixes a dependency issue with the parser.
9513 Fix typo introduced in last commit
9517 Emulate seteuid using setreuid() or setresuid() as needed. There are
9518 still a few places that call seteuid() directly.
9521 * src/parse_args.c, src/sudo_edit.c:
9522 Attempt to fix building on systems that only have setuid.
9525 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9526 Clarify sudoedit a tad.
9529 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
9532 Fix compilation on HP-UX
9535 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9539 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
9540 Change how we handle the sudoedit argv. We now require that there
9541 be a "--" in argv to separate the editor and any command line
9542 arguments from the files to be edited.
9545 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
9546 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
9547 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
9548 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
9549 src/sudo.h, src/sudo_edit.c:
9550 Work in progress support for sudoedit. The actual interface used by
9551 the plugin for sudoedit is likely to change.
9554 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
9555 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
9556 Make find_path() a little more generic by not checking def_foo
9557 variables inside it. Instead, pass in ignore_dot as a function
9561 * plugins/sudoers/env.c:
9562 Add version of getenv(3) that uses our own environ pointer.
9565 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
9568 Avoid a potential race condition if SIGCHLD is received immediately
9569 before we call select().
9572 * plugins/sudoers/sudoers.c:
9573 Call env_init() before we open the sudoers sources as those may call
9574 our setenv() replacement.
9577 * plugins/sudoers/env.c:
9578 Initialize env_len in env_init()
9581 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
9583 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
9584 Document time stamp shortcomings under SECURITY NOTES Use "time
9585 stamp" instead of timestamp.
9589 Make sed substitution of mansectsu and mansectform global.
9592 * plugins/sudoers/check.c:
9593 If the tty lives on a devpts filesystem, stash the ctime in the tty
9594 ticket file, as it is not updated when the tty is written to. This
9595 helps us determine when a tty has been reused without the user
9596 authenticating again with sudo.
9600 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
9601 is what our compat checks set.
9604 * configure, configure.in:
9605 Add check for whether sudo need to link with -ldl to get dlopen().
9606 This is a bit of a hack that will get reworked when libtool is
9610 * plugins/sudoers/check.c:
9611 Fix timestamp removal with -k/-K
9614 * plugins/sudoers/Makefile.in:
9615 audit.c is now private to the sudoers plugin
9618 * configure, configure.in:
9619 Link with -lpthread on HP-UX since a plugin may be linked with
9620 -lpthread and dlopen() will fail if the shared object has a
9621 dependency on -lpthread but the main program is not linked with it.
9624 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
9625 Add separate test for getresuid() since HP-UX has setresuid() but no
9630 Remove errant backslash
9634 Fix SIGPIPE handling. Now that we use may use pipes for
9635 stdin/stdout we need to pass any SIGPIPE we receive to the running
9640 Also start the command in the background if stdin is not a tty.
9643 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
9645 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
9646 No need to use pseudo-cbreak mode now that we use pipes when stdout
9647 is not a tty. Instead, check whether stdin is a tty and if not,
9648 delay setting the tty to raw mode until the command tries to access
9649 it itself (and receives SIGTTIN or SIGTTOU).
9653 Use an array for signals received instead of a single variable so we
9654 don't lose any when there are multiple different signals.
9658 Do signal setup after turning off echo, not before. If we are using
9659 a tty but are not the foreground pgrp this will generate SIGTTOU so
9660 we want the default action to be taken (suspend process).
9663 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
9666 Flush the iobufs on suspend or child exit using the same logic as
9667 the main event loop.
9671 Free memory after we are done with it.
9674 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
9677 Quest now sponsors Sudo development
9680 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
9683 Install sudo_plugin man page.
9687 Go back to reseting io_buffer offset and length (and now also the
9688 EOF handling) in the loop we do the FD_SET, not after we drain the
9689 buffer after write() since we don't know what order reads and writes
9694 audit files moved to sudoers plugin directory
9697 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9698 Document plugin_printf and new logging functions.
9702 Add support for logging stdin when it is not a tty. There is still a
9703 bug where "cat | sudo cat" has problems because both cat and sudo
9704 are trying to read from the tty.
9707 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
9708 plugins/sudoers/sudoers.c, src/script.c:
9709 Add separate I/O logging functions for tty in/out and
9710 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
9711 is disabled for now.
9714 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
9716 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
9717 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
9718 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
9719 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9720 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
9721 Add pointer to a printf like function to plugin open functon. This
9722 can be used instead of the conversation function to display info and
9727 Stop if make in a subdir fails
9731 Only set user's tty to blocking mode when doing the final flush.
9732 Flush pipes as well as pty master when the process is done.
9735 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
9737 * plugins/sudoers/ldap.c:
9738 Use print_error() when displaying ldap config info in debugging
9742 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
9743 No longer need strdup() or strndup() replacements.
9746 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
9747 plugins/sudoers/sudoers.h:
9748 Add print_error() function that uses the conversation function to
9749 print a variable number of error strings and use it in log_error().
9752 * src/script.c, src/sudo.h, src/term.c:
9753 Do not need the opost flag to term_copy() now that we use pipes for
9754 stdout/stderr when they are not a tty.
9758 Use pipes to the sudo process if stdout or stderr is not a tty.
9759 Still needs some polishing and a decision as to whether it is
9760 desirable to add additonal entry points for logging
9761 stdout/stderr/stdin when they are not ttys. That would allow a
9762 replay program to keep things separate and to know whether the
9763 terminal needs to be in raw mode at replay time.
9766 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
9768 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
9769 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
9770 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
9771 Move audit sources into the sudoers plugin dir; the driver does not
9775 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
9776 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
9777 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
9778 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
9779 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
9780 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
9781 src/term.c, src/ttysize.c:
9782 Use angle brackets when including headers that can only be found
9783 when an -I flag is specified. The files in the compat dir could get
9784 away with double quotes here but I've converted all the source files
9785 to use angle brackets for consistency.
9788 * plugins/sudoers/Makefile.in:
9789 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
9790 dir can be found when building outside the source tree.
9793 * plugins/sudoers/Makefile.in:
9794 Clean up links in distclean
9797 * plugins/sudoers/Makefile.in:
9798 Hack around VPATH semantic differences by symlinking files we need
9799 from ../../src into the current directory and build those. A better
9800 fix would be to either make a .a or .la file with those files in it
9801 or simply use a single, flat, Makefile instead of per-subdirs
9805 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
9806 fmt_string is used by the sudoers plugin too so do not include
9807 sudo.h (which is not really needed here anyway)
9810 * compat/Makefile.in, plugins/sample/Makefile.in,
9811 plugins/sudoers/Makefile.in, src/Makefile.in:
9812 Fix building with non-BSD versions of make such as GNU make.
9813 Requires VPATH support, which should be in any non-neolithic make.
9816 * configure, configure.in, plugins/sudoers/Makefile.in,
9817 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
9819 Re-enable bsm audit. Currently auditing is done within the sudoers
9820 plugin itself. If possible, this should really be done in the main
9821 driver but we don't presently have the needed data to do that. This
9822 will be re-evaluated when Linux audit support is added.
9825 * compat/Makefile.in, plugins/sample/Makefile.in,
9826 plugins/sudoers/Makefile.in, src/Makefile.in:
9827 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
9828 of explicit rules in the dependency.
9831 * plugins/sudoers/visudo.c:
9832 Fix mismerge; alias_remove_recursive() now returns int
9835 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
9837 * plugins/sudoers/visudo.c:
9838 Fix a crash when checking a sudoers file that has aliases that
9839 reference themselves. Based on a diff from David Wood.
9843 Print signal info after restoring the tty mode, not before.
9847 Defer call to alarm() until after we fork the child. Pass correct
9848 pid to terminate_child() If the command exits due to signal, set
9849 alive to false like we do when it exits normally. Add missing
9850 check for errpipe[0] != -1 before using it in FD_ISSET
9853 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
9855 * plugins/sudoers/boottime.c:
9856 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
9859 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
9862 Simplify dependencies by using .c.o and .c.lo rules.
9865 * configure, configure.in, plugins/sudoers/Makefile.in,
9867 Substitute in @PROGS@ into src/Makefile to add sesh
9870 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
9872 * plugins/sudoers/sudoers.c:
9873 Add back calls to log_denial() if sudoers does not allow the
9877 * plugins/sudoers/sudoers.c:
9878 Pass in correct pwflag for list and validate.
9881 * plugins/sudoers/env.c:
9882 Add missing check for NULL in validate_env_vars
9886 Add sudo_noexec.la to "all" target, otherwise it only gets built at
9890 * plugins/sudoers/sudoers.c:
9891 Only set sudo_user.env_vars if the env_add list is empty.
9894 * plugins/sudoers/sudoers.c:
9895 Set sudo_user.env_vars so that environment variables specified on
9896 the command line get logged correctly.
9899 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
9900 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9901 Re-enable environment files and setting environment variables on the
9905 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
9907 * plugins/sudoers/check.c:
9908 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
9909 a pointer to time_t as tv_sec in struct timeval may be long.
9912 * plugins/sudoers/check.c:
9913 Don't stash ctime in on-disk tty ticket info for now; on many
9914 (most?) systems the ctime is updated when the tty is written to.
9915 Once I have a better idea of what systems do not update ctime on
9916 ttys (and have a way to test for this) the ctime stash will be
9917 conditionally re-enabled.
9920 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
9922 * MANIFEST, Makefile.in:
9923 Add back "dist" target, this time using a MANIFEST file
9927 Remove Makefile in distclean target
9930 * Makefile.in, src/Makefile.in:
9931 Update clean and cleandir targets
9934 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
9936 Move fileops.c defines and prototypes to filesops.h
9939 * plugins/sudoers/check.c:
9940 Lock the tty timestamp when writing. We shouldn't have to lock when
9941 reading since the file is updated via a single write system call.
9944 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
9946 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
9947 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
9948 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
9949 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
9950 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
9951 plugins/sudoers/logging.c, plugins/sudoers/match.c,
9952 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
9953 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
9954 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
9955 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
9956 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
9957 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
9958 Convert to ANSI C function declarations
9961 * plugins/sudoers/sudoers.h:
9962 Remove extraneous bits and classify by source file.
9966 Add timercmp macro for systems without it
9969 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
9970 plugins/sudoers/sudoers.h:
9971 get_boottime() now fills in a timeval struct
9974 * plugins/sudoers/check.c:
9975 Store info from stat(2)ing the tty in the tty ticket when tty
9976 tickets are in use. On most systems, this closes the loophole
9977 whereby a user can log out of a tty, log back in and still have the
9981 * config.h.in, configure.in:
9982 Add timespec2timeval and use it when getting ctime/mtime
9985 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
9987 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
9988 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9989 plugins/sudoers/testsudoers.c:
9990 Convert perm setting to push/pop model; still needs some work Use
9991 the stashed runas groups instead of using getgrouplist() Reset perms
9992 to the initial value on error
9995 * config.h.in, configure.in:
9996 fix ctim_get and mtim_get macros
9999 * config.h.in, configure, configure.in, include/compat.h,
10000 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
10001 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
10002 Use timeval directly instead of converting to timespec when dealing
10003 with file times and time of day.
10006 * plugins/sudoers/Makefile.in:
10007 Don't like sudoreplay with libsudoers.la due to a yacc symbol
10011 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
10013 * configure, configure.in:
10014 Darwin >= 9.x has real setreuid(2)
10017 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
10019 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
10023 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
10024 plugins/sudoers/sudoers.h:
10025 Remove remaining references to the environ pointer.
10028 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
10030 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
10031 Don't change the environ directly in the sudoers plugin
10034 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
10036 * plugins/sudoers/sudoers.c:
10040 * plugins/sudoers/alias.c:
10041 Fix use after free in error message when a duplicate alias exists.
10044 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
10046 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
10048 Add a "noninteractive" boolean to the settings passed in to the
10049 plugin's open function that is set when the user specifies the -n
10053 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
10054 Add workaround for the lack of the environ pointer on Mac OS X in
10055 dlopen()ed modules. Use of environ in the sudoers plugin should
10056 ultimately be removed but this will do for the moment.
10059 * plugins/sudoers/visudo.c:
10060 Set errorfile to the sudoers path if we set parse_error manually.
10061 This prevents a NULL dereference in printf() when checking a sudoers
10062 file in strict mode when alias errors are present.
10065 * plugins/sudoers/sudoers.c:
10066 Main sudo no longer print "unable to execute" on exec failure so do
10070 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
10073 Use a pipe to pass back errno to the parent if execve() fails. If we
10074 get an error in script_child(), kill the command and exit.
10077 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
10078 src/parse_args.c, src/sudo.c:
10079 Handle plugin's open function returning -2 (usage error).
10083 If execve() fails, leave it to the plugin to print an error string.
10087 If execve fails in logging mode, pass the errno directly to the
10088 grandparent on the backchannel and exit. The immediate parent will
10089 get SIGCHLD and try to report that status but its parent will no
10090 longer be listening. It would probably be cleaner to pass this over
10091 a pipe in script_child().
10094 * plugins/sudoers/sudoers.c:
10095 Don't override rval with results of check_user() unless it failed.
10098 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
10100 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10104 * src/parse_args.c:
10105 NULL-terminate env_add
10108 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
10111 Call the I/O log open function before the I/O version function.
10114 * plugins/sudoers/iolog.c:
10115 Remove io_conv and just use sudo_conv
10118 * plugins/sudoers/set_perms.c:
10119 Fix set/restore perms for systems w/o setresuid
10122 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
10124 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
10125 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
10126 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
10127 Primitive set/restore permissions. Will be replaced by a push/pop
10132 Only need to take action on SIGCHLD in parent if no I/O logger. If
10133 there is an I/O logger we will receive ECONNRESET or EPIPE when we
10134 try to read from the socketpair.
10137 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
10139 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
10140 doc/sudoers.pod, plugins/sudoers/find_path.c:
10141 Merge fb4d571495fa from the 1.7 branch to trunk.
10144 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
10147 Don't set SA_RESTART when registering SIGALRM handler. Do set
10148 SA_RESTART when registering SIGWINCH handler.
10152 Add dev targets for *.man.in and *.cat that don't specfify the
10157 If log_input or log_output returns false, terminate the command.
10161 Better signal handling. Instead of using a single variable to store
10162 the received signal, use an array so we can't lose a signal when
10163 multiple are sent. Fix process termination by SIGALRM in non-I/O
10164 logger mode. Fix relaying terminal signals to the child in non-I/O
10169 Fix a race between when we get the child pid in the parent and when
10170 the child process exits. The problem exhibited as a hang after a
10171 short-lived process, e.g. "sudo id" when no IO logger was enabled.
10174 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
10176 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10177 Add a note about the security implications of the fast_glob option.
10180 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
10182 * config.h.in, configure, configure.in:
10183 Fix up some AC_DEFINE descriptions and regen config.h.in
10186 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
10188 * include/missing.h:
10189 No longer check for strdup or strndup for LIBOBJ replacement.
10193 Avoid installing signal handlers that are io-logger specific. Fixes
10194 job control when no io logger is enabled.
10198 Only regen man pages from pod when configured with --with-devel
10201 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
10203 * Makefile, Makefile.in, configure, configure.in:
10204 Top-level Makefile.in. Nothing is currently substituted but this is
10205 needed for separate build dirs.
10208 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
10209 plugins/sudoers/Makefile.in, src/Makefile.in:
10210 Fix out-of-tree builds
10217 We always install sudoreplay in 1.8
10220 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
10222 * compat/siglist.in:
10223 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
10226 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
10228 * configure, configure.in:
10229 No need to provide strdup() or strndup(), sudo uses estrdup() and
10233 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
10235 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
10236 Free str after using it in the version method. Use sudo_conv, not
10237 io_conv since we don't have the IO conversation function pointer in
10238 the I/O version method anymore now that io_open is delayed.
10241 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
10243 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
10245 Add license to mksiglist.c and note that the bits from pdksh are
10249 * compat/Makefile.in:
10250 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
10253 * plugins/sudoers/Makefile.in:
10254 Add sudoreplay testsudoers and visudo to clean target
10257 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
10258 compat/siglist.in, compat/strsignal.c, configure, configure.in,
10259 include/missing.h, src/script.c:
10260 Create our own sys_siglist for systems without it for use by
10264 * compat/Makefile.in:
10265 Remove duplicate $(LIBOBJDIR)
10268 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
10270 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
10271 Main sudo should not block signals; the plugin should do this in
10275 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
10278 Fix a sizeof(ptr) vs. sizeof(*ptr)
10282 Unlike most operating systems, HP-UX select() is not interrupted by
10283 SIGCHLD when the signal is registered with SA_RESTART. If we clear
10284 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
10285 behavior and the code in the select() loops already handles EINTR
10289 * compat/getprogname.c:
10290 progname should be const
10293 * plugins/sudoers/Makefile.in:
10294 Move --tag=disable-static to when we link sudoers.la, not when we
10298 * src/load_plugins.c:
10299 Load the sudoers I/O plugin by default too now that it is hooked up.
10302 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
10305 It looks like AIX doesn't need to push STREAMS modules for ptys.
10308 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
10310 * src/parse_args.c, src/sudo.c:
10311 Delay calling the I/O plugin open function until the policy plugin
10315 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
10317 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
10318 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
10319 plugins/sudoers/sudoers.h:
10320 Add back io logging (transcript) support. Currently, the open
10321 function runs too early and it is not possible to use the io module
10322 independently of the policy module.
10325 * plugins/sudoers/set_perms.c:
10326 Comment out dead code; will be removed when set_perms is rewritten.
10329 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
10331 * plugins/sudoers/sudoers.c:
10332 Fix off by one error when allocating user_groups.
10335 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
10337 * configure, configure.in, plugins/sudoers/Makefile.in:
10338 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
10341 * plugins/sudoers/sudoers.c:
10342 Fix typo in preserve groups case
10345 * plugins/sudoers/sudoers.c:
10346 In command_info it is "runas_groups" not "groups".
10350 Fix iteration over runas_groups list.
10353 * configure, configure.in, plugins/sudoers/env.c,
10354 plugins/sudoers/match.c, src/script.c:
10355 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
10358 * compat/getgrouplist.c:
10359 getgrouplist(3) for those without it
10362 * plugins/sudoers/sudoers.c:
10363 Set preserve_groups or groups list in command_info
10367 Fix setting of groups list
10370 * config.h.in, configure, configure.in, include/compat.h,
10372 Add checks for getgrset and getgrouplist and use replacement
10373 getgrouplist if the system doesn't support it.
10376 * src/parse_args.c:
10377 Pass in preserve_groups when the -P flag is specified as per the
10381 * plugins/sudoers/sudoers.c:
10382 Check preserve_groups and ignore_ticket args with atobool instead of
10383 assuming they are true if present.
10386 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
10388 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
10389 plugins/sudoers/plugin_error.c:
10390 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
10391 sudoreplay and testsudoers in the build
10394 * src/Makefile.in, src/term.c:
10395 term.c does not needto include sudo.h
10398 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
10399 doc/sudo_plugin.pod:
10400 Document the -2 return in the check_policy section too
10403 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
10404 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
10405 src/parse_args.c, src/sudo.c, src/sudo.h:
10406 Fix the -s and -i flags and add support for the "implied_shell"
10407 option. If the user does not specify a command, sudo will now pass
10408 in the path to the user's shell and set impied_shell=true. The
10409 plugin can them either check the command normally or return -2 to
10410 cause sudo to print a usage message and exit.
10413 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
10415 * config.h.in, configure, configure.in, src/load_plugins.c:
10416 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
10417 Darwin where libraries end in .dylib but modules end in .so
10420 * plugins/sudoers/parse.c:
10421 Better prefix determination now that we can't rely on len==0 to tell
10422 the beginning on an entry.
10425 * plugins/sudoers/ldap.c:
10426 display_bound_defaults() stub should return 0, not 1 since it is a
10427 count, not a boolean.
10430 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10431 Document progname in settings
10434 * compat/getprogname.c, include/compat.h,
10435 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
10436 src/parse_args.c, src/sudo.c:
10437 Rewrite compat/getprogname.c and add setprogname(). The progname is
10438 now passed to the plugin via the settings array.
10441 * configure, configure.in, plugins/sudoers/Makefile.in:
10445 * plugins/sudoers/sudo_nss.c:
10446 Add missing whitespace for Runas and Command-specific defaults
10449 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
10450 plugins/sudoers/sudo_nss.c:
10451 Use embedded newlines in lbuf instead of multiple calls to
10456 Add support for embedded newlines.
10459 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
10461 * compat/getprogname.c:
10462 If system doesn't support getprogname or __programe and we are
10463 building a shared object don't bother with Argc/Argv, just return
10467 * config.h.in, configure, configure.in, src/load_plugins.c:
10468 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
10469 appears to always install a shared object with the .so suffix.
10472 * compat/Makefile.in, configure, configure.in,
10473 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
10475 Play more nicely with libtool and let it build libreplace (was
10476 libmissing) for us.
10479 * include/missing.h:
10480 Include stdarg.h for va_list rather than requiring all consumers of
10481 missing.h to include stdarg.h themselves.
10484 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
10485 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
10486 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
10488 Pass in output function to lbuf_init() instead of writing to stdout.
10489 A side effect is that the usage info can now go to stderr as it
10493 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
10495 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
10496 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
10497 src/parse_args.c, src/sudo.c:
10498 Use number of tty columns that is passed in user_info instead of
10499 getting it directly in the lbuf code.
10502 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
10503 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
10504 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
10505 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
10506 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
10507 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
10508 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
10509 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
10510 plugins/sudoers/logging.h, plugins/sudoers/match.c,
10511 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
10512 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
10513 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
10514 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
10515 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
10516 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
10517 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
10518 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
10519 plugins/sudoers/visudo.c:
10520 Kill __P in sudoers
10523 * config.h.in, configure, configure.in, src/load_plugins.c:
10524 Set the sudoers plugin name in configure so we get the extension
10528 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10529 Document lines/cols in user_info
10532 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
10533 Add tty size to user info
10537 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
10540 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
10542 * plugins/sudoers/sudoers.c:
10543 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
10544 out if we fail to lookup the user's name that is passed in
10547 * plugins/sudoers/error.c:
10548 Pass the error value back via siglongjmp.
10551 * plugins/sudoers/check.c:
10552 Use conversation function for lecture.
10555 * plugins/sudoers/check.c:
10556 Don't update ticket file if verify_user returns FALSE.
10559 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
10561 * plugins/sudoers/sudoers.c, src/sudo.c:
10562 Wire up invalidate and validate methods for sudoers
10565 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
10566 plugins/sudoers/sudoers.h:
10567 Add support for -k flag with a command.
10570 * src/parse_args.c:
10571 Allow -k to be specified with a command.
10574 * plugins/sudoers/sudoers.c:
10575 Wire up policy_list
10578 * plugins/sudoers/error.c:
10579 Add newline at the end of message and space after the colon in
10583 * plugins/sudoers/auth/sudo_auth.c:
10584 Add missing newline after pass password warning
10587 * plugins/sudoers/sudoers.c:
10588 Set user_groups and user_ngroups based on user_info
10591 * plugins/sudoers/error.c:
10595 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
10596 Make _warning in error.c use the conversation function and remove
10597 commented out warning/warningx in sudoers.c.
10600 * plugins/sudoers/logging.c:
10601 Use siglongjmp() in log_error for fatal errors
10604 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
10605 Quiet a libtool warning
10609 Build sudoers plugin
10612 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
10613 Use warningx in yyerror() so the conversation function gets used
10614 when built as part of sudoers.
10617 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
10619 * plugins/sudoers/auth/pam.c:
10620 Rename sudo_conv to conversation to avoid a namespace conflict.
10623 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
10624 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
10625 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
10626 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
10627 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
10628 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
10629 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
10630 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
10631 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
10632 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
10633 plugins/sudoers/env.c, plugins/sudoers/error.c,
10634 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
10635 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
10636 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
10637 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
10638 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
10639 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
10640 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
10641 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
10642 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
10643 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
10644 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
10645 Initial bits of sudoers plugin; still needs work.
10649 Add HAVE_STRDUP and HAVE_STRNDUP
10652 * compat/Makefile.in, configure, configure.in:
10653 Build libmissing in two flavors (one PIC one non-PIC) and link with
10654 the appropriate one.
10657 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
10658 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
10659 Build libmissing in two flavors (one PIC one non-PIC) and link with
10660 the appropriate one.
10663 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
10665 * include/missing.h:
10666 Add strdup and strndup and fix strsignal
10669 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
10671 * compat/strdup.c, compat/strndup.c, configure, configure.in,
10672 plugins/sample/Makefile.in, src/Makefile.in:
10673 Add strdup and strndup to compat
10676 * plugins/sample/sample_plugin.c:
10677 Need to include compat.h before missing.h
10680 * compat/strsignal.c:
10681 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
10682 it doesn't exist configure will set it to 0.
10686 Fix botched ANSI C coversion of globexp2()
10689 * configure, configure.in:
10690 Remove redundant getgroups check
10693 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
10694 Require either termios or termio, no more sgtty.
10697 * compat/strsignal.c, config.h.in, configure, configure.in:
10698 Change the sys_siglist check to use AC_CHECK_DECLS and also check
10699 for _sys_siglist and__sys_siglist
10702 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
10704 * configure, configure.in, src/Makefile.in:
10705 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
10706 use SUDO_OBJS for the main driver as part of OBJS.
10709 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10710 Mention in the conversation function section that a newline is not
10714 * include/compat.h:
10715 Add definition of WCOREDUMP for systems without it. This is known
10716 to work on AIX and SunOS 4, but may be incorrect on other systems
10717 that lack WCOREDUMP.
10720 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
10722 * plugins/sample/sample_plugin.c, src/conversation.c:
10723 conversation function no longer puts a newline at the end of info or
10727 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
10730 Use parent process group id instead of parent process id when
10731 checking foreground status and suspending parent. Fixes an issue
10732 when running commands under /usr/bin/time and others.
10735 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
10738 transcript option is now --with not --enable
10741 * plugins/sample/sample_plugin.c:
10742 Add support to -u and -g flags Check fmt_string retval Add timeout
10743 for debugging purposes
10746 * src/script.c, src/sudo.c:
10747 Wire up SIGALRM handler Set close on exec flag for child side of the
10748 socketpair Fix signal handling when not doing I/O logging
10752 g/c unused SIGCHLD handler
10755 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
10756 Don't use emalloc() in fmt_string(); we want to be able to use it
10761 tq_remove not list_remove
10764 * configure, configure.in:
10765 AUTH_OBJS should contain .lo files not .o files.
10768 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
10770 * src/parse_args.c:
10771 Simplify conversion of command line args to name=value pairs.
10774 * plugins/sample/sample_plugin.c:
10775 Handle NULL reply from conversation function
10778 * compat/getline.c:
10779 Don't depend on emalloc/erealloc
10782 * plugins/sample/Makefile.in:
10783 Use $(OBJS) instead of sample_plugin.lo
10786 * plugins/sample/sample_plugin.c:
10787 runas_user is in settings not user_info
10790 * src/parse_args.c:
10791 Fix a mismatch between sudo_settings and settings_pairs that causes
10792 some settings to get the wrong values.
10795 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
10797 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
10798 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
10799 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
10803 * src/load_plugins.c:
10804 Fix strlcpy() return value check.
10807 * INSTALL, configure, configure.in:
10808 No longer need to substitute in script.o and pty.o; I/O logging
10809 support is always built.
10812 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
10815 Add fallback to /bin/sh when execve() fails with ENOEXEC.
10818 * include/alloc.h, src/alloc.c:
10822 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
10824 * src/script.c, src/sudo.c:
10825 Refactor script_execve() a bit so that it can be used in non-script
10826 mode. Needs more cleanup.
10830 Ignore empty entries in command_info list
10833 * include/list.h, src/list.c:
10837 * src/conversation.c:
10838 Pass timeout to tgetpass()
10842 Add ChangeLog target
10845 * README, WHATSNEW:
10846 Bump version and update things slightly for sudo 1.8.0
10849 * configure, configure.in:
10850 Sudo now requires an ANSI/ISO C compiler
10853 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
10858 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
10859 include/list.h, include/missing.h:
10863 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
10864 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
10865 compat/getprogname.c, compat/glob.c, compat/glob.h,
10866 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
10867 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
10868 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
10869 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
10874 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
10876 * src/sudo.c, src/tgetpass.c:
10877 Make user_details extern so tgetpass can get at the uid and gid. Set
10878 uid/gid to user before executing askpass program. Check environment
10879 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
10880 set the askpass program itself
10884 No longer need sudo_usage.h in sudo.c
10887 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
10888 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
10889 src/sudo_usage.h.in:
10890 Document -D level command line flag which maps to the debug_level
10894 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10895 Document debug_level in plugin doc. Still need to document the -D
10896 flag in sudo itself.
10899 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
10901 * plugins/sample/sample_plugin.c:
10902 include missing,h for vasprintf
10905 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
10906 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10907 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
10910 * plugins/sample/sample_plugin.c:
10911 Need to include limits.h
10915 No more sudo_getpw*
10918 * plugins/sample/Makefile.in, src/Makefile.in:
10919 Add missing compat bits
10922 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
10923 compat files should not include sudo.h wire up compat in sample
10927 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
10928 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
10931 * configure, configure.in:
10935 * plugins/sample/sample_plugin.c:
10936 Log input and output to temp files for proof of concept.
10939 * Makefile, configure, configure.in, doc/Makefile.in:
10940 Add doc Makefile.in and wire it up
10944 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
10945 suspending a shell with the "suspend" builtint.
10949 In child, handle parent side of the pipe going away.
10953 No longer need to check for explicit death of the child (process #2)
10954 since if it dies we will get EPIPE from the socketpair. Fix a
10955 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
10960 Make sudo_debug do a single vfprintf() which will result in a single
10961 write call on most systems. Avoids problems with interleaved debug
10962 printf from different processes. Also remove an extraneous error
10963 case since recv() can't return a short read and add some more XXX.
10966 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
10969 Fix uninitialized variable.
10973 Fix sudo install target
10976 * src/parse_args.c, src/sudo.c, src/sudo.h:
10977 Wire up debug_level
10984 * configure, configure.in:
10985 Fix setting of plugin dir
10993 Add missing source for sudo front end
10996 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
10997 Sample plugin demonstrating the sudo plugin API
11000 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
11001 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
11002 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
11003 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
11004 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
11006 Modular sudo front-end which loads policy and I/O plugins that do
11007 most the actual work. Currently relies on dynamic loading using
11008 dlopen(). See doc/plugin.pod for the plugin API.
11011 * doc/plugin.pod, include/sudo_plugin.h:
11015 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
11016 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
11017 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
11018 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
11019 src/fileops.c, src/sudo_edit.c:
11020 Replace emul/include.h with compat/include.h to match new source
11025 Include missing.h for memrchr() proto
11028 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
11029 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
11030 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
11031 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
11032 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
11033 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
11034 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
11035 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
11036 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
11037 compat/getline.c, compat/getprogname.c, compat/glob.c,
11038 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
11039 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
11040 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
11041 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
11042 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
11043 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
11044 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
11045 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
11046 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
11047 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
11048 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
11049 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
11050 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
11051 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
11052 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
11053 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
11054 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
11055 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
11056 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
11057 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
11058 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
11059 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
11060 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
11061 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
11062 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
11063 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
11064 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
11065 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
11066 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
11067 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
11068 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
11069 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
11070 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
11071 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
11072 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
11073 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
11074 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
11075 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
11076 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
11077 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
11078 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
11079 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
11080 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
11081 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
11082 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
11083 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
11084 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
11085 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
11086 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
11087 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
11088 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
11089 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
11090 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
11091 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
11092 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
11093 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
11094 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
11095 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
11096 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
11097 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
11098 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
11099 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
11100 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
11101 sample.pam, sample.sudoers, sample.syslog.conf,
11102 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
11103 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
11104 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
11105 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
11106 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
11107 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
11108 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
11109 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
11110 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
11111 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
11112 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
11113 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
11114 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
11115 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
11116 visudo.man.in, visudo.pod, zero_bytes.c:
11117 Rework source layout in preparation for modular sudo.
11120 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
11122 * Avoid a duplicate fclose() of the sudoers file.
11125 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
11128 * Use setrlimit64(), if available, instead of setrlimit() when setting
11129 AIX resource limits since rlim_t is 32bits.
11132 * Fix use after free when sending error messages. From Timo Juhani
11136 * ChangeLog, Makefile.in:
11137 Generate the ChangeLog as part of "make dist" instead of having it
11141 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11143 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
11144 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
11145 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
11146 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
11147 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
11148 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
11149 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
11150 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
11151 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
11152 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
11153 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
11154 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
11155 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
11156 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
11157 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
11158 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
11159 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
11160 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
11161 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
11162 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
11163 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
11164 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
11165 Remove CVS $Sudo$ tags.
11168 2010-01-18 convert-repo <convert-repo>
11174 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
11177 make this match sudoers SYNOPSIS
11181 Print a newline between Runas and Command-specific defaults in sudo
11186 Use SET and CLR macros in term_raw
11190 Set stdin to non-blocking mode early instead of in check_input. Use
11191 term_raw instead of term_cbreak since the data we get has already
11192 been expanded via OPOST.
11195 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
11197 * script.c, term.c:
11198 Enable/disable all postprocessing instead of just nl->crnl
11199 processing since things like tab expansion matter too. However, if
11200 stdout is a tty leave postprocessing on in the pty since we run into
11201 problems doing it only on the real stdout with .e.g nvi.
11204 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
11207 If tty_tickets is enabled and there is no tty, prompt for a
11208 password. Do not lecture user for "sudo -k command" if user has a
11213 Document missing options: --with-efence and --with-bsm-audit
11216 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
11217 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
11218 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
11219 visudo.man.in, visudo.pod:
11220 username -> user name groupname -> group name hostname -> host name
11223 * INSTALL, README.LDAP, sudoers.pod:
11224 filename -> file name like the rest of the docs
11227 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
11230 Fix printing of entries with multiple host entries on a single line.
11233 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11236 Mention that targetpw affects the timestamp file name.
11239 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
11241 Add compress_transcript option.
11244 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
11246 * configure, configure.in:
11250 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
11251 Better split of membership vs. traditional group check in
11252 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
11255 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
11258 Fix pasto and add default return value.
11261 * check.c, match.c, pwutil.c, sudo.h:
11262 refactor group member checking into user_in_group()
11265 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
11267 Add support for mbr_check_membership() as present in darwin.
11270 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
11273 Rename label to be accurate
11276 * Makefile.in, boottime.c, check.c, config.h.in, configure,
11277 configure.in, sudo.h:
11278 Treat timestamp files from before we booted as old. Idea from and
11282 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
11284 * sudo.c, sudo.pod, sudo_usage.h.in:
11285 Allow the -u flag to be used in conjunction with the -v flag as per
11286 older versions of sudo.
11290 fix typo in last commit
11293 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
11296 Convert fmt_first and fmt_confd into macros.
11300 timeouts can be floats now
11303 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
11304 defaults.h, mkdefaults:
11305 Add support for floating point timeout values (e.g. 2.5 minutes).
11308 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
11311 The -L flag will be removed in sudo 1.7.4
11314 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
11317 Fix a bug due to order of operators.
11320 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
11323 cmnd_matches() already deals with negation so _cmndlist_matches()
11324 does not need to do so itself. Fixes a bug with negated entries in
11328 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11331 Don't exit() from open_sudoers, just return NULL for all errors.
11335 Can't rely on the shell sending us SIGCONT when transitioning from
11336 backgroup to foreground process.
11340 Add missing extern def for parse_error
11343 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
11346 Avoid a parse error when #includedir doesn't find any files. Closes
11351 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
11354 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
11357 Start command out in foreground mode if stdout is a tty. Works
11358 around issues with some curses-based programs that don't handle
11359 tcsetattr getting interrupted by a signal. Still allows us to avoid
11360 hogging the tty if the command is part of a pipeline.
11363 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
11364 Use a socketpair to pass signals from parent to child. Child will
11365 now pass command status change info back via the socketpair. This
11366 allows the parent to distinguish between signals it has been sent
11367 directly and signals the command has received. It also means the
11368 parent can once again print the signal notifications to the tty so
11369 all writes to the pty master occur in the parent. The command is
11370 now always started in background mode with tty signals handled by
11374 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
11376 * configure, configure.in:
11377 Fix a few typos in the descriptions; from Jeff Makey Only do the
11378 check for krb5_get_init_creds_opt_free() taking two arguments if we
11379 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
11380 positive when using our own krb5_get_init_creds_opt_free which takes
11381 only a single argument.
11384 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
11386 * configure, configure.in:
11387 Remove a spurious comma in the kerb5 bits.
11391 Call krb5_get_init_creds_opt_init() in our emulated
11392 krb5_get_init_creds_opt_alloc() for MIT kerberos.
11395 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
11402 Need to ignore SIGTT{IN,OU} in child when running the command in the
11403 background. Also some minor cleanup.
11406 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
11409 Instead of calling sigsuspend when waiting for SIGUSR[12] from
11410 parent, install the signal handlers w/o SA_RESTART and let them
11411 interrupt waitpid().
11415 Pass along SIGHUP and SIGTERM from parent to child.
11419 Close unused bits of script_fds in processes that don't need them.
11420 Restore default SIGCONT handler in child.
11424 Update foreground/background status in SIGCONT handler in parent
11428 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
11431 Defer setting terminal into raw mode until just before we fork() and
11432 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
11433 and sudo is already in the foreground be sure to set raw mode before
11434 continuing the child.
11437 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
11440 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
11441 give the command the controlling tty if the main sudo process is the
11442 foreground process.
11446 Don't bother with sudo_waitpid() here for now.
11453 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
11456 Remove non-wroking code that crept into rev 1.55
11459 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
11461 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
11462 First pass at zlib support for transcript data files
11466 remove vestiges of ZLDFLAGS
11470 Add missing variable declaration for when TIOCSCTTY is not defined.
11471 Need to include sys/termio.h for TIOCSCTTY on some systems.
11475 when resuming command, send SIGCONT to its pgrp not just pid
11479 remove unused variable
11483 include selinux.h for is_selinux_enabled() proto
11487 Don't use log_error() in the child process.
11491 Do I/O in parent instead of child since the parent can have both
11492 /dev/tty as well as the pty fds open. The child just sets things up
11493 and waits for its grandchild and writes the signal description to
11494 the pty master if the command was killed by a signal.
11497 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
11499 * missing.h, sudo.h:
11500 Move two struct forward declarations from sudo.h to missing.h
11504 Make comment at the top of script_exec() match reality.
11508 if neither stdin nor stdout is a tty, check stderr
11512 Add back dependecy of gram.h on gram.y
11516 Make transcript mode work as long as we can figure out our tty, even
11517 if it is not stdin. We'd like to use /dev/tty but that won't be
11518 valid after the setsid().
11521 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
11523 * config.h.in, configure, configure.in, pty.c:
11524 Add support for IRIX-style dynamic ptys
11527 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
11528 Move alloc.c protos into alloc.h
11532 Move prototypes for missing libc functions to missing.h
11535 * Makefile.in, sudo.h, sudoreplay.c:
11536 Move prototypes for missing libc functions to missing.h
11539 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
11541 * config.h.in, configure, configure.in:
11542 Disable transcript support if no tcsetpgrp until we support older
11543 BSD-style job control.
11546 * configure, configure.in, pty.c, script.c:
11547 Break out pty code into pty.c
11550 * compat.h, config.h.in, configure, configure.in:
11551 add killpg macro if no killpg function
11554 * config.h.in, configure, configure.in, script.c:
11555 Push ptem and ldterm for STERAMS-based systems when allocating a
11559 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
11562 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
11566 Call tcgetpgrp() in the parent, not the child and have the child
11567 spin until it is granted. Fixes a race on darwin.
11571 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
11575 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
11578 In script mode, if the command is killed by a signal, print the
11579 signal description as well as a core dump notification like the
11583 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
11585 Add check for strsignal() and a simple implementation if it is not
11586 there but sys_siglist is
11590 Add missing WUNTRACED and store the signal that stopped the
11591 grandchild in suspended, not signo.
11599 Associate the grandchild's pgrp with the tty instead of the child's
11600 and just get suspend notifications via SIGCHLD instead of directly.
11601 This fixes a hang with programs that try to set terminal attributes
11602 and is more consistent with how the shell handles things.
11605 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
11608 Move setpgid() of child into the parent side of the fork() where it
11612 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
11619 Run command in its own pgrp (like the shell does) for easier
11620 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
11621 to grandchild. Don't want grandchild stopped events in the child
11622 (only termination). Flush output after suspending grandchild before
11627 Back out revision 1.34; the problem lies elsewhere.
11631 Don't set stdout to blocking mode when flushing remaining output.
11632 It can cause us to hang when trying to exit. Need to investigate
11637 Handle SIGTTOU and remove some debugging.
11641 Back out revision 1.10 as the signal that interrupts us may be
11642 SIGTTOU or SIGTTIN which the caller must handle.
11646 Apparently we need to send SIGSTOP to the command as well as ourself
11647 when we get SIGTSTP, the kernel doesn't automatically stop the
11652 Use an extra process to act as the glue bewteen the sessions
11653 associated with the user's controlling tty (what the shell uses) and
11654 the tty that sudo is using to do its logging. Basically, this means
11655 that if we get, e.g. SIGTSTP from the process sudo is running, we
11656 relay the signal to the parent so it's shell can do the job control.
11660 Handle getting/setting terminal attributes when the fd is in non-
11664 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
11666 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
11667 Add support for pausing and changing the speed in interactive mode.
11671 Already define O_NOCTTY in compat.h, don't need it here
11674 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
11680 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
11683 Always update the stashed mtime of the temp file instead of using
11684 what we have for the original because the time resolution of the
11685 filesystem the temporary is on may not match that of the filesystem
11686 that holds the original. Should fix bz #371 found by Philippe Levan.
11690 Use cbreak mode instead of raw mode and add signal handlers to
11691 restore the tty on interrupt.
11694 * script.c, sudo.h, term.c:
11695 Retain NL to NLCR conversion on the real tty and skip it on the pty
11696 we allocate. That way, if stdout is not a pty there are no extra
11701 Fix log_output(); just pass in a string and a length.
11704 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
11707 do not use errno when complaining out lack of a tty
11710 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
11712 * Makefile.in, sudoreplay.c, term.c:
11713 Instead of messing with line endings, just set terminal to raw mode
11718 When copying the terminal attributes to the pty, be sure not to set
11719 ONLCR. This prevents extra carriage returns from ending up in the
11720 script output file.
11724 Convert a do {} while into a while
11728 Use if then instead of test && when installing binaries that may not
11733 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
11734 old tty before associatng with new one.
11737 * script.c, selinux.c, sudo.c, sudo.h:
11738 First cut at refactoring some of the selinux code so it can be used
11739 in conjunction with sudo's transcript support.
11742 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
11744 * aclocal.m4, configure, configure.in:
11745 Fix default case of transcript_enabled being unset.
11748 * script.c, sudoreplay.c:
11749 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
11752 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
11753 Hook up --disable-transcript and --enable-transcript=DIR
11756 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
11758 * aclocal.m4, configure, configure.in, pathnames.h.in:
11759 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
11760 transcript=DIR option to specify the directory
11763 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
11767 * configure, configure.in, sudoers.man.pl, sudoers.pod:
11768 Substitute in default value for secure_path
11772 Mention that the password must be followed by a newline with the -S
11776 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
11779 Go back to dropping out of the select() loop when the process dies;
11780 Linux ptys apparently don't behave the same as BSD in regards to
11781 select(). No need to flush remaining output to the transcript, only
11782 to stdout. Add back code to check the master pty for additional data
11783 when we exit the main select loop.
11786 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
11789 Add getline.o to COMMON_OBJS
11793 sudoreplay depends on libsudo.a
11797 More pwutil.o into COMMON_OBJS
11800 * pwutil.c, testsudoers.c, tsgetgrpw.c:
11801 Remove my_* redirection in pwutil.c for testsudoers and just use the
11802 normal libc get{pw,gr}* names.
11805 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
11806 More time and date examples
11809 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
11810 Move nanosleep() emulation into its own file Check librt.a for
11811 nanosleep if we don't find it in libc
11814 * Makefile.in, configure, configure.in:
11815 Build libsudo with the common bits and link things against that.
11823 Keep reading from the pty master -> log file until read returns <=
11824 0. Do our best to write everything to stdout when flushing any
11829 Use unbuffered I/O when writing to stdout and make sure we write the
11833 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
11836 Only use max_wait if it is non-zero
11839 * getdate.c, getdate.y, getline.c:
11844 Fix nanosleep emulation
11848 Fix comment after #endif
11852 Add protos for missing libc bits
11855 * configure, configure.in:
11856 add missing line continuation char
11859 * config.h.in, configure, configure.in, getline.c:
11860 Implement getline() in terms of fgetln() if we have it.
11864 Print year when formatting log line
11868 Document cwd, attempt to document time/date formats.
11872 Fix getline return value check.
11875 * Makefile.in, config.h.in, configure, configure.in, getline.c,
11877 Use getline() if the system has it, else use provide our own for
11882 Refactor code to update output and timing files.
11885 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
11888 Make sudo_getln() behave more like glibc getline.
11892 When flushing remaining output, also update timing file.
11896 Use get_timestr() and make the -l output look like the regular sudo
11900 * logging.c, sudo.h, timestr.c:
11901 Make get_timestr() take a time_t so we can use it properly in
11906 Create session dir earlier now that we update the seq number early.
11909 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
11912 Use fromdate and todate as the keywords instead of from and to; the
11913 short forms will still be accepted.
11917 Fix reading long liensin sudo_getln()
11920 * script.c, sudoreplay.c:
11921 Log the cwd in the script log file. Add sudo_getln() to read
11922 arbitrarily long lines.
11925 * Makefile.in, logging.c, sudo.h, timestr.c:
11926 Move get_timestr() into its own source file so sudoreplay can use
11930 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
11933 Add to and from perdicates (date ranges); needs documentation
11936 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
11938 * Makefile.in, getdate.c, getdate.y:
11939 Fix warning and add generated getdate.c
11942 * Makefile.in, getdate.y:
11943 Add getdate.y to be used for sudoreplay date parsing.
11946 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
11949 Check more than just the first character of a predicate
11952 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
11953 Add examples, sort predicates
11956 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
11958 Implement search expressions in sudoreplay similar in concept to
11959 what find or tcpdump uses. TODO: date ranges
11962 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
11965 Remove vhangup as it was hanging up the wrong tty. Should really
11966 vhangup in the child after it as set its tty.
11970 Fix cut at documenting transcript support.
11974 ID= -> TSID= for transcript ID
11977 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
11980 Move fast_glob description to where it belongs in sorted order
11983 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
11984 parse.c, parse.h, sudo.c:
11985 Rename script -> transcript
11988 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
11991 Add timeradd and timersub for those without them
11995 Sanity check sessid before using it.
11999 Only set the session id if we are running a command or editing a
12004 Actually. qsort is fine since most versions fal back to a cheaper
12005 sort when the number of elements to sort is small (like in our
12009 * config.h.in, configure, configure.in, script.c:
12010 Check for dup2 and use dup instead if we don't have it.
12013 * script.c, sudo.c, sudo.h:
12014 Move the code to dup2 the script fds to low numbered descriptors
12015 into script_duplow() and fix the fd sorting.
12018 * script.c, sudo.c, sudo.h:
12019 Move script_setup() back to immediately before we drop privs and
12020 call the new script_nextid() in its place, which will set
12021 sudo_user.sessid for the logging functions.
12024 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
12031 remove unused variable
12034 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
12036 * logging.c, script.c, sudo.c, sudo.h:
12037 Log the session ID, if there is one. Currently logs ID=XXXXXX,
12038 perhaps should be SESSIONID or SESSID.
12041 * Makefile.in, configure, configure.in, sudoreplay.cat,
12042 sudoreplay.man.in, sudoreplay.pod:
12043 Add sudoreplay docs
12047 add -V (version) flag
12054 * script.c, sudoreplay.c:
12055 Use base36 number for the ID and store script files with paths like
12056 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
12057 (2,176,782,336) unique IDs.
12060 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
12062 * config.h.in, configure.in:
12063 Add check for regcomp
12067 Add support for selecting by pattern and tty when listing.
12070 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
12073 The beginnings of a list mode.
12076 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
12082 * Makefile.in, config.h.in, configure.in:
12083 Add scaffolding for building sudoreplay
12087 include error.h first arg to nanotime is const
12091 Initial cut at sudoreplay; replay a sudo session.
12094 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
12097 Fix wait() usage and use correct wait status.
12100 * sudo.c, sudo.h, tgetpass.c:
12101 Add protos for term_* to sudo.h
12105 Fix detection of the child process exiting. Since the child is in
12106 its own session we should only ever get SIGCHLD for that process but
12107 better safe than sorry.
12111 Add UNIX98 pty support.
12114 * configure, configure.in, script.c:
12115 Add UNIX98 pty support.
12118 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
12121 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
12126 Set PAM_RUSER and PAM_RHOST early so they can be used during
12127 authentication. Based on a patch from Jamie Beverly.
12131 Close dir before returning if strlcpy() reports overflow. From
12135 * config.h.in, configure, configure.in, script.c:
12136 On Linux, the openpty proto libes in pty.h
12140 Call vhangup on exit if the system has it Use setpgrp() if no
12144 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
12146 * config.h.in, configure, configure.in:
12147 Add checks for revoke and vhangup if we don't have openpty
12151 Session logging guts that got forgotten in the previous commit.
12154 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
12155 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
12156 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
12158 First cut at session logging for sudo. Still need to write
12159 get_pty() for Unix 98 and old-style BSD ptys. Also needs
12160 documentation and general cleanup.
12163 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
12165 * sudo.c, sudo_edit.c:
12166 Fix a bug introduced with def_closefrom. The value of def_closefrom
12167 already includes the +1.
12170 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
12173 Generate sudo distributions with pax in ustar mode. No longer need
12174 to use a temp file or have the source dir name match the version.
12177 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
12180 Fix expansion of %h in #include names. Fixes bugzilla 363
12183 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
12186 If no arg assume def_data.in
12189 * README, WHATSNEW:
12191 [f5ad45f69f05] [SUDO_1_7_2]
12197 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
12199 * sudoers.cat, sudoers.man.in, sudoers.pod:
12200 Add missing single quotes around a colon in Runas_Spec definition.
12204 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
12206 * sudo.man.in, sudoers.man.in:
12211 In rbrepair, re-color the root or the first non-block node we find
12212 to be black. Re-coloring the root is probably not needed but won't
12216 * sudo.cat, sudoers.cat:
12220 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
12223 When repairing the tree, don't touch the root node.
12226 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
12229 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
12230 Reported by Josef Schmid.
12233 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
12236 Document that we accept env_pam-style environment files
12240 Adapt to accept pam_env-style /etc/environment which allows shell-
12241 style lines such as: export EDITOR="/usr/bin/vi"
12245 Make it clear that env_delete only works when !env_reset. From Lo??c
12249 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
12251 * sudo.pod, sudoers.pod:
12252 Add non-unix group bits, adapted from Quest
12256 build the .cat page in the current working dir, not the src dir
12260 Return EINVAL in setenv() if var is NULL or the empty string to
12261 match glibc behavior.
12264 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
12266 * configure, configure.in:
12267 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
12270 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
12272 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12273 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12277 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
12280 Document --with-libvas and --with-libvas-rpath
12283 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
12285 * ldap.c, sudoers.ldap.pod:
12286 For netscape-derived LDAP SDKs the cert and key paths may be a
12287 directory or a file. However, version 5.0 of the SDK only seems to
12288 support using a directory. If ldapssl_clientauth_init fails and the
12289 cert or key paths look like they could be files, strip off the last
12290 path element and try again.
12294 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
12297 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
12299 * configure, configure.in, match.c, sudo.c, vasgroups.c:
12300 Update non-Unix group support from Quest, as reworked by me.
12308 Add support for escaped hex chars in names, e.g. \x20 for space.
12311 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
12313 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
12314 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
12315 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
12316 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
12317 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
12318 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
12319 tgetpass.c, toke.l, visudo.c:
12320 Update copyright years.
12323 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
12325 * interfaces.c, lbuf.c:
12326 Minor fixes for Minix-3
12329 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
12332 Handle getgroups() returning 0. Also add missing check for
12336 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
12338 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
12339 version.h, visudo.c:
12340 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
12343 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
12346 Remove group setting code in setusercontext case, we will do it
12347 ourselves later on in runas_setup. Set the gid after
12348 initgroups/setgroups is called, since on Mac OS X it seems to change
12352 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
12354 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
12356 Initial bits of non-unix group support using Quest Authentication
12361 Accept %:foo as a non-Unix group
12365 Allow user/group to be double quoted in the case of non-Unix groups
12366 which contain spaces.
12369 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
12372 Don't allow the user to specify the default runas user if their
12373 sudoers entry only allows them to run as a group.
12376 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12379 Must call audit_success before we change uids.
12382 * logging.c, set_perms.c, sudo.h, testsudoers.c:
12383 Add option for set_perm to not exit on failure and use this in the
12388 In -l mode, if the user is only allowed to run as a group, display
12389 the user's name, not root's before the allowed group.
12393 Fix -g mode, broken by rev 1.503 which had the side effect of
12394 setting the runas user to root unilaterally.
12397 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
12400 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
12404 Only cache by the method we fetched for pwd and grp lookups.
12405 Previously we cached both by namd and id but this can cause problems
12406 for entries that share the same id. Also add more info in the error
12407 message in case the insert fails (which should now be impossible).
12410 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
12413 Add a clarification from Nick Sieger
12416 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
12419 Inline the setting of the environment string.
12422 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12425 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
12426 in BSD doesn't return an error if the name has '=' in it, it just
12427 treats the '=' as end of string.
12430 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
12433 Not all systems have d_namlen
12436 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
12439 Fix up some pod2html issues.
12442 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
12445 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
12450 Ignore files ending in '~' in sudo.d (emacs backup files)
12454 Ignore files ending in '~' in sudo.d (emacs backup files)
12457 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
12459 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
12460 For #includedir, ignore any file containing a dot
12463 * Makefile.in, version.h:
12467 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
12468 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
12470 Implement #includedir directive. Files in an includedir are not
12471 edited by visudo unless they contain a syntax error.
12476 [8741ed61a78b] [SUDO_1_7_1]
12479 Forgot umask_override
12486 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
12489 Rewind stream if we fdopen sudoers since it may not be at the
12490 beginning. Set the keepopen flag on already-open files too so the
12491 lexer doesn't close them out from under us.
12495 Print the proper file name when there is a parse error in an include
12499 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12505 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12507 * configure, configure.in:
12508 Fix a warning when --without-ldap is specified.
12511 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
12513 * alias.c, parse.h, visudo.c:
12514 Store aliases that we remove during check_aliases in a freelist and
12515 free them at the end so we don't leak memory.
12518 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
12521 Check aliases in -c mode too.
12524 * alias.c, parse.h, visudo.c:
12525 Make alias_remove return the alias struct instead of freeing it
12526 directly. Fixes a use after free in alias_remove_recursive, the only
12530 * alias.c, match.c, parse.c, parse.h, visudo.c:
12531 Rename find_alias -> alias_find for consistency.
12534 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12537 When checking for unused aliases, recurse if the alias points to
12541 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
12544 Back out rev 1.105 for now. Real ldapux_client.conf support will be
12545 done later after some refactoring.
12548 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
12551 Treat ldap_hostport the same as "host" for ldapux.
12554 * configure, configure.in:
12555 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
12556 Fixes compilation with ldapux.
12559 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12565 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
12568 remove errant carriage returns
12572 fix K&R compilation
12575 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12576 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12580 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
12583 Add missing HAVE_BSM_AUDIT
12591 Mention --with-netsvc
12594 * sudoers.ldap.pod:
12595 Document netsvc.conf support
12598 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
12600 Add support for AIX netsvc.conf (like nsswitch.conf).
12603 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
12605 * config.h.in, configure, configure.in, env.c:
12606 Add --enable-env-debug flag to enable environment sanity checks.
12609 * sudoers.ldap.pod, sudoers.pod:
12610 Work around some pod2html issue.
12613 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
12616 Only sync environ for putenv, setenv, and unsetenv. We need to make
12617 sure that sudo_putenv and sudo_setenv only modify env.envp, not
12621 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
12624 Really fix UNSETENV_VOID
12628 Fix unsetenv when UNSETENV_VOID
12631 * aclocal.m4, configure:
12632 Fix SUDO_FUNC_PUTENV_CONST
12636 tivoli-based ldap does not have ldapssl_err2string
12643 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
12645 * config.h.in, configure, configure.in, ldap.c:
12646 Add support for Tivoli-based LDAP start TLS as seen in AIX.
12651 Add sanity checks for setenv/unsetenv
12655 Include bsm_audit.h in the tarball
12658 * Makefile.in, version.h:
12659 bump version for sudo 1.7.1
12662 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
12663 env.c, ldap.c, sudo.h:
12664 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
12665 provide our own setenv/unsetenv/putenv that operates on own env
12666 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
12669 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
12672 Make "sudoedit -h" work as expected
12676 Make sure def_prompt is always defined. This is a workaround for
12677 pam configs that prompt for a password in the session but don't have
12678 an auth line. A better fix is to expand the sudo prompt earlier and
12679 set def_prompt to that when initializing.
12683 Mention that the helper for -A may be graphical.
12687 Document what happens if there is no tty.
12699 Fix "sudo -k" with no other args
12702 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
12704 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
12705 Allow the -k flag to be specified in conjunction with a command or
12706 another option that may require authentication.
12709 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12711 * configure, configure.in:
12712 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
12716 Parallel make fix. From Diego E. 'Flameeyes'
12719 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
12721 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
12722 Implement umask_override
12729 * sudoers.pod, toke.l, visudo.c:
12730 Implement %h escape in sudoers include filenames.
12734 Need to include compat.h
12737 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
12738 Make audit_success and audit_failure generic functions in
12739 preparation for integrating linux audit support.
12743 remove duplicate include
12746 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12749 Add missing include
12753 May need to update the runas user after parsing command-based
12757 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
12760 Add missing pair of braces introduced with character class support.
12763 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
12765 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
12766 Rename pwstars to pwfeedback
12769 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
12771 * bsm_audit.c, bsm_audit.h:
12772 Add const to make MacOS happy.
12775 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
12776 configure.in, sudo.c:
12777 Add bsm audit support from Christian S.J. Peron
12781 This is new code, no DARPA notice.
12784 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12786 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
12787 Rename simple_glob -> fast_glob
12794 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
12795 Add simple_glob option to use fnmatch() instead of glob(). This is
12796 useful when you need to specify patterns that reference network file
12808 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
12811 Delete any pwstars we wrote after the user hits return. That way
12812 there is no record on screen as to the user's password length.
12815 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12818 Move terminal setting bits from tgetpass.c to term.c
12821 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
12823 Add pwstars sudoers option that causes sudo to print a star every
12824 time the user presses a key.
12827 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
12830 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
12833 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12836 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
12837 indicate no limit. From Mark Janssen.
12840 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12843 Comments that begin with #- should not be parsed as uids.
12846 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12849 Do not try to set the close on exec flag if we didn't actually open
12853 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
12857 [e11f0e4c1bdd] [SUDO_1_7_0]
12859 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
12865 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
12868 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
12872 * configure, configure.in:
12873 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
12874 as it cannot generate shared objects.
12877 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
12878 K&R compilation fixes
12882 Use tq_foreach_fwd when checking pseudo-commands to make it clear
12883 that we are not short-circuiting on last match. When pwcheck is
12884 'all', initialize nopass to TRUE and override it with the first non-
12888 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
12891 Do not short circuit pseudo commands when we get a match since,
12892 depending on the settings, we may need to examine all commands for
12896 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
12898 * sudoers.cat, sudoers.man.in:
12903 hostnames may also contain wildcards
12907 remove stamp-* files and linux core files in clean target
12910 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
12912 * auth/sudo_auth.h, config.h.in, configure, configure.in:
12913 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
12916 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
12918 * configure, configure.in:
12919 correctly enable SIA on Digital UNIX
12930 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
12932 * check.c, sudo.h, tgetpass.c:
12933 Even if neither stdin nor stdout are ttys we may still have /dev/tty
12937 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
12939 * sudoers.cat, sudoers.man.in:
12944 fix typos; Markus Lude
12956 Fix matching of a line that only consists of a comment char
12959 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
12962 MacOS pam will retry conversation function if it fails so just treat
12963 ^C as an empty password.
12967 When checking for alias use, also check defaults bindings.
12975 Replace my rbdelete with Emin's version (which actually works ;-)
12978 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
12985 malloc options in devel mode for visudo too
12988 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12991 fix compilation on non-C99; from Theo
12999 when destroying an alias, free the correct data pointer
13002 * auth/sudo_auth.h:
13003 add proto for aixauth_cleanup; from Dale King
13006 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13008 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13013 * sudo.pod, sudoers.pod, visudo.pod:
13014 standardize on the term 'option' for command line options (not flag)
13017 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
13020 Add note on configuring HP-UX pam
13023 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
13026 Move tty checks into check_user() so we only do them if we actually
13031 Don't error out if no tty or askpass unless we actually need to
13035 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
13041 * pathnames.h.in, sudo.c:
13042 s/overriden/overridden/; from Tobias Stoeckmann
13045 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
13047 * WHATSNEW, visudo.c:
13048 check sudoers owner and mode in strict mode
13055 * sudo.man.in, sudoers.man.in, visudo.man.in:
13056 Update copyright years.
13059 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
13060 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
13061 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
13062 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
13063 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
13064 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
13065 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
13066 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
13067 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
13068 visudo.pod, zero_bytes.c:
13069 Update copyright years.
13072 * emul/charclass.h, fnmatch.c, glob.c:
13076 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
13079 The loop in fill_cmnd() was going one byte too far past the end,
13080 resulting in a NUL being written immediately after the buffer end.
13083 * UPGRADE, WHATSNEW:
13084 add sections on tgetpass changes
13088 Treat EOF w/o newline as an error.
13091 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
13094 Fix "sudo -v" when NOPASSWD is set.
13097 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
13099 No longer treat an empty password at the prompt as special. To quit
13100 out of sudo you now need to hit ^C at the password prompt.
13103 * sudoers.cat, sudoers.man.in:
13107 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
13108 Sudo will now refuse to run if no tty is present unless the new
13109 visiblepw sudoers flag is set.
13112 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
13115 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
13120 fix fallback value for RLIM_SAVED_MAX
13123 * auth/aix_auth.c, auth/sudo_auth.h:
13124 Move clearing of AUTHSTATE into aixauth_cleanup.
13127 * auth/aix_auth.c, env.c:
13128 Unset AUTHSTATE after calling authenticate() as it may not be
13129 correct for the user we are running the command as.
13133 Add isblank() function for systems without it. Needed for POSIX
13134 character class matching in fnmatch.c and glob.c.
13137 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
13140 expound on sudo and cd
13143 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
13149 * sudoers.cat, sudoers.man.in:
13154 mention defauts parse order
13157 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
13159 * Makefile.in, aclocal.m4, compat.h, configure:
13160 Add isblank() function for systems without it. Needed for POSIX
13161 character class matching in fnmatch.c and glob.c.
13165 add emul/charclass.h to HDRS
13168 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
13174 * defaults.c, parse.c, testsudoers.c, visudo.c:
13175 Move update_defaults into defaults.c and call it properly from
13176 visudo and testsudoers.
13179 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
13181 use zero_bytes() instead of memset() for consistency
13184 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
13186 Zero out sigaction_t before use in case it has non-standard entries.
13194 Short circuit glob() checks if basename(pattern) !=
13195 basename(command). Refactor code that checks for a command in a
13196 directory and use it in the glob case if the resolved pattern ends
13200 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
13202 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
13203 Defer setting runas defaults until after runaspw/gr is setup.
13206 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
13208 * match.c, sudo.c, testsudoers.c:
13209 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
13210 systems do not include space for the NUL in the size. Also manually
13211 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
13215 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13217 * sudo.c, sudoers.pod:
13218 When setting the umask, use the union of the user's umask and the
13219 default value set in sudoers so that we never lower the user's umask
13220 when running a command.
13224 Don't try to read from a zero-length sudoers file. Remove the bogus
13225 Solaris work-around for EAGAIN. Since we now use fgetc() it should
13229 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13232 In update_defaults() check the return value of user*_matches against
13233 ALLOW so we don't inadvertantly match on UNSPEC.
13236 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
13238 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
13239 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
13240 regen man pages; no more hyphenation
13244 Don't error out on a zero-length sudoers file. With the advent of
13245 #include the user could create a situation where sudo is unusable.
13248 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
13250 * auth/kerb5.c, config.h.in, configure, configure.in:
13251 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
13252 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
13253 all. Add configure tests to handle all the cases.
13256 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
13263 document sudoers_locale
13266 * sudo.pod, sudo_edit.c:
13267 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
13272 In fill_cmnd(), collapse any escaped sudo-specific characters.
13273 Allows character classes to be used in pathnames.
13276 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
13279 fix typo in non-C89 function declaration
13283 Mention POSIX characters classes now that out fnmatch() and glob()
13287 * sample.sudoers, sudoers.pod:
13288 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
13293 use __signed char if we are going to assign a negative value since
13294 on Power, char is unsigned by default
13297 * config.h.in, configure, configure.in:
13298 Add tests for __signed char and signed char.
13302 Fix AIX limit setting. getuserattr() returns values in disk blocks
13303 rather than bytes. The default hard stack size in newer AIX is
13304 RLIM_SAVED_MAX. From Dale King.
13307 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
13309 * emul/charclass.h, fnmatch.c, glob.c:
13310 Add character class support to included glob(3) and fnmatch(3).
13313 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
13316 Remove UCB advertising clause and some compatibility defines.
13319 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
13322 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
13323 or sudo. This allows one to set EDITOR to sudoedit without getting
13324 into an infinite loop of sudoedit running itself until the path gets
13328 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
13329 Add sudoers_locale Defaults option to override the default sudoers
13333 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
13336 Set locale to system default except for during sudoers parse.
13339 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
13342 Redo change in 1.34 to use pointer arithmetic.
13345 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
13348 Fix a dereference (read) of a freed pointer. Reported by Patrick
13352 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
13355 Set locale to "C" to avoid interpretation issues with character
13356 ranges in sudoers. May want to make the locale a sudoers option in
13360 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
13363 we no longer use setproctitle
13370 * LICENSE, mkstemp.c:
13371 Use my replacement mkstemp() from the mktemp package.
13374 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
13377 regen with yacc skeleton bug fixed
13381 Remove duplicate "as root". From Martin Toft.
13384 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
13386 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
13387 Flesh out the fake passwd entry used for running commands as a uid
13388 not listed in the passwd database. Fixes an issue with some PAM
13392 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
13395 Error out in -i mode if the user has no shell. This can happen when
13396 running commands as a uid with no password entry.
13399 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
13402 Better fix for line continuation inside double quotes. Now accepts
13403 whitespace between the backslash and the newline like the main
13407 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
13410 Fix line continuation in strings. It was only being honored if
13411 preceded by whitespace.
13414 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
13416 * config.h.in, configure, configure.in, logging.c:
13417 Replace the double fork with a fork + daemonize.
13420 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
13423 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
13426 * logging.c, sudo.c, sudo_edit.c, visudo.c:
13427 Change how the mailer is waited for. Instead of having a SIGCHLD
13428 handler, use the double fork trick to orphan the child that opens
13429 the pipe to sendmail. Fixes a problem running su on some Linux
13433 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
13435 * configure, configure.in:
13436 Fix configure test for dirfd() on Linux where DIR is opaque.
13439 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
13442 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
13443 this problem we'll need to revisit this again.
13446 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
13449 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
13450 we only block the signal it may be delivered later when we unblock.
13451 Also, there is no need to block SIGCHLD since we no longer do the
13452 double fork. The normal SIGCHLD handler is sufficient.
13455 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
13457 * configure, configure.in:
13458 Add description for NO_PAM_SESSION, from a redhat patch.
13461 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
13463 * sudo.cat, sudo.man.in, sudo.pod:
13464 Fix typos in -i usage
13467 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
13469 * configure, configure.in:
13470 Redo the test for dgettext() in a way that hopefully will work
13471 around the libintl_dgettext() undefined problem.
13474 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
13476 * schema.ActiveDirectory:
13477 change filename in comment
13480 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
13482 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
13484 Reference schema.ActiveDirectory
13487 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
13489 * schema.OpenLDAP, schema.iPlanet:
13490 Mark sudoRunAs as deprecated.
13493 * schema.ActiveDirectory:
13494 add sudoRunAsUser and sudoRunAsGroup
13497 * schema.ActiveDirectory:
13498 Active Directory schema by Chantal Paradis and Eric Paquet
13501 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
13504 remove an XXX that was fixed
13512 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
13513 fixes a problem where the tag value printed was influenced by
13514 defaults set in the first pass through the parser.
13517 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
13519 * Makefile.in, sudo.psf:
13520 No point in packaging the TODO file
13527 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
13529 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
13530 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
13531 Add env_file Defaults option that is similar to /etc/environment on
13535 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
13537 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
13538 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
13539 version.h, visudo.cat, visudo.man.in:
13540 change version to 1.7.0
13544 initial valgrind pass done
13547 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
13550 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
13553 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
13556 define LDAPS_PORT if the system headers do not
13559 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
13562 Fix another memory leak in init_parser().
13565 * configure, configure.in:
13566 There was a missing space before the ldap libs in SUDO_LIBS for some
13570 * alias.c, gram.c, gram.y, toke.c, toke.l:
13571 Clean up some memory leaks pointed out by valgrind.
13574 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
13577 fix "sudo -s" broken by mode/flags breakout
13580 * configure, configure.in:
13581 remove duplicate check for dgettext
13584 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
13587 Fall back to default stanza if no user-specific limit is found.
13590 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
13593 include stdint.h if present
13597 Use LLONG_MAX, not the old QUAD_MAX
13600 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
13602 * sudoers.ldap.pod:
13606 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
13612 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
13615 remove useless cast
13618 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
13629 Split MODE_* defines into primary and flags.
13632 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
13635 It turns out the logic for getting AIX limits is more convoluted
13636 than I realized and differs depending on whether the soft and/or
13637 hard limits are defined.
13640 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
13642 * Makefile.in, configure, configure.in:
13643 Back out AIX-specific change to set the sudo_noexec path to the .a
13644 file, we do really want to use the .so file. Since libtool doesn't
13645 do that correctly, just install the .so file ourselves in the
13650 If the file given to install is a path, only use the basename of the
13651 file when building the destination path.
13654 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
13657 parse_args() cleanup: Sort command line options in the getopt()
13658 switch The -U option requires a parameter Normalize a few ISSET
13659 calls Split mode into mode and flags and retire the now-obsolete
13663 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
13665 Add -n (non-interactive) flag.
13669 Move version printing, etc. into a separate function.
13673 Don't try to cleanup nsswitch if it has not been initialized.
13676 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
13679 Block SIGPIPE in send_mail() so sudo is not killed by a problem
13680 executing the mailer.
13683 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
13685 * configure, configure.in:
13686 AIX shared libs end in .a, not .so.
13689 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
13692 Preserve HOME by default too. Matches documentation and previous
13696 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
13699 Use getopt() to parse the command line. We need to be able to
13700 intersperse env variables and options yet still honor "--"" which
13701 complicates things slightly.
13704 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13710 * acsite.m4, configure, ltmain.sh:
13711 update to libtool-1.5.26
13714 * config.guess, config.sub:
13715 update from libtool-1.5.26 distribution
13719 attempt to fix compilation errors on AIX
13723 fix typo in last commit
13727 Add WHATSNEW file to the distribution
13731 use warningx instead of fprintf(stderr, ...)
13735 add DEBUG to list2tq
13746 * Makefile.in, aix.c, config.h.in, configure, configure.in,
13747 set_perms.c, sudo.h:
13748 Add aix_setlimits() to set resource limits on AIX using a
13749 combination of getuserattr() and setrlimit(). Currently untested.
13752 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
13754 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
13755 sudoers.man.in, sudoers.pod:
13756 Add mailfrom Defaults option that sets the value of the From: field
13757 in the warning/error mail. If unset the login name of the invoking
13762 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
13766 When adding a default, only call list2tq() once to do the list to tq
13767 conversion. It is not legal to call list2tq multiple times on the
13768 same list since list2tq consumes and modifies the list argument.
13771 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
13772 comment out XXXs for now
13779 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
13782 Error out if both -A and -S are specified Error out if -A is
13783 specified but no askpass is configured
13786 * configure, configure.in:
13787 we are not going to ship a sudo-specific askpass
13790 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
13793 fix definition of TGP_ASKPASS
13796 * def_data.c, def_data.in:
13797 make askpass boolean-capable
13801 document --with-askpass
13804 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
13805 sudoers.man.in, visudo.cat:
13809 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
13811 * sudo.pod, sudo_usage.h.in, sudoers.pod:
13812 document -A and askpass
13815 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
13816 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
13817 sudo_usage.h.in, tgetpass.c:
13818 Add support for running a helper program to read the password when
13819 no tty is present (or when specified with the -A flag). TODO: docs.
13822 * def_data.c, def_data.in:
13823 add missing printf format to SELinux role and type strings
13826 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
13828 * INSTALL, configure, configure.in:
13829 Disable use of gss_krb5_ccache_name() by default and add
13830 --enable-gss-krb5-ccache-name configure option to enable it. It
13831 seems that gss_krb5_ccache_name() doesn't work properly with some
13832 combinations of Heimdal and OpenLDAP.
13835 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
13838 Ignore setexeccon() failing in permissive mode. Also add a call to
13839 setkeycreatecon() (though this is probably insufficient). From Dan
13844 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
13845 function may be called for non-password reading purposes so we must
13846 be careful not to use def_prompt in cases where it may not be set.
13849 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
13852 Don't free the new tty context, we need to keep it around when we
13853 restore the tty context after the command completes
13856 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
13862 * sudo.man.pl, sudo.pod:
13863 Only put login_cap(3) in SEE ALSO section if we have login.conf
13867 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
13869 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
13870 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
13875 Substitute in comment characters for lines partaining to login.conf,
13876 BSD auth and SELinux and only enable them if pertinent.
13880 Substitute in comment characters for lines partaining to login.conf,
13881 BSD auth and SELinux and only enable them if pertinent.
13885 Substitute in comment characters for lines partaining to login.conf,
13886 BSD auth and SELinux and only enable them if pertinent.
13890 Substitute in comment characters for lines partaining to login.conf,
13891 BSD auth and SELinux and only enable them if pertinent.
13894 * Makefile.in, configure, configure.in:
13895 Substitute in comment characters for lines partaining to login.conf,
13896 BSD auth and SELinux and only enable them if pertinent.
13899 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
13900 Remove the =cut on the first line (above the copyright notice) to
13901 quiet pod2man. Also remove the hackery in the FILES section and
13902 just deal with the fact that there will a newline between each
13906 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
13909 run sudo.man.pl when generating sudo.man.in
13912 * configure, configure.in, sudo.man.pl:
13913 comment out SELinux manual bits unless --with-selinux was specified
13917 document role and type defaults for SELinux
13920 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
13921 Document "sudo -ll" and make "sudo -l -l" be equivalent.
13924 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
13926 * configure, configure.in:
13927 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
13928 Debian GNU/kFreeBSD.
13931 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
13934 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
13935 verify_krb_v5_tgt()
13938 * logging.c, logging.h, sudo.c:
13939 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
13940 log_auth() into log_allowed() and log_denial() Replace mail_auth()
13941 with should_mail() and a call to send_mail()
13944 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
13947 Add debugging so we can tell if the krb5 ccache is accessible
13951 mention --with-selinux
13954 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
13964 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
13965 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
13966 testsudoers.c, toke.c, toke.l:
13967 Add support for SELinux RBAC. Sudoers entries may specify a role
13968 and type. There are also role and type defaults that may be used.
13969 To make sure a transition occurs, when using RBAC commands are
13970 executed via the new sesh binary. Based on initial changes from Dan
13975 Add support for SELinux RBAC. Sudoers entries may specify a role
13976 and type. There are also role and type defaults that may be used.
13977 To make sure a transition occurs, when using RBAC commands are
13978 executed via the new sesh binary. Based on initial changes from Dan
13982 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
13983 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
13984 pathnames.h.in, selinux.c:
13985 Add support for SELinux RBAC. Sudoers entries may specify a role
13986 and type. There are also role and type defaults that may be used.
13987 To make sure a transition occurs, when using RBAC commands are
13988 executed via the new sesh binary. Based on initial changes from Dan
13992 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
13994 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
13995 Add long list (sudo -ll) support for printing verbose LDAP and
13996 sudoers file entries. Still need to update manual.
13999 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
14001 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
14002 Unify the -l output for file and ldap based sudoers and use lbufs
14003 for both. The ldap output does not currently include options that
14004 cannot be represented as tags. This will be remedied in a long list
14005 output mode to come.
14008 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
14011 Use a specific error message for errno == EAGAIN when setuid() et al
14012 fails. On Linux systems setuid() will fail with errno set to EAGAIN
14013 if changing to the new uid would result in a resource limit
14018 Unlimit nproc on Linux systems where calling the setuid() family of
14019 syscalls causes the nroc resource limit to be checked. The limits
14020 will be reset by pam_limits.so when PAM is used. In the non-PAM
14021 case the nproc limit will remain unlimited but there doesn't seem to
14022 be a way around that other than having sudo parse
14023 /etc/security/limits.conf directly.
14026 * env.c, sudo.c, sudo.pod:
14027 Only read /etc/environment on Linux and AIX
14030 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
14032 * configure, configure.in:
14033 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
14034 ldap.conf and ldap.secret paths from going into config.h. Avoid
14035 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
14036 since in some versions of bash they will end up literally in the
14040 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
14043 mention --with-nsswitch=no
14046 * configure, configure.in:
14047 ldap_ssl.h depends on ldap.h being included first
14050 * config.h.in, configure, configure.in, ldap.c:
14051 Include ldap_ssl.h if we can find it. Needed for the
14052 ldapssl_set_strength defines on HP-UX at least.
14055 * sudoers.ldap.pod:
14063 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
14064 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
14069 Use 78n line length when formatting cat pages.
14073 Remove redundant info that is now in sudoers.ldap.pod
14076 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
14078 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
14079 Reorganize the first section a bit. Substitute the proper path for
14083 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
14084 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
14085 schema into EXAMPLES
14088 * configure, configure.in:
14089 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
14093 * configure, configure.in:
14094 substitute for sudoers.ldap.man
14098 Fix cut & pasto introduced when adding sudoers.ldap man page.
14101 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
14102 Fill in some of the missing pieces. Still needs some reorganization
14106 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
14108 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
14110 Beginnings of a sudoers.ldap man page. Currently, much of the
14111 information is adapted from README.LDAP.
14114 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
14117 When copying gr_mem we must guarantee that the storage space for
14118 gr_mem is properly aligned. The simplest way to do this is to
14119 simply store gr_mem directly after struct group. This is not a
14120 problem for gr_passwd or gr_name as they are simple strings.
14124 Fix a typo/thinko in one of the calls to
14125 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
14128 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
14130 * config.h.in, configure, configure.in, ldap.c:
14131 include <mps/ldap_ssl.h> in ldap.c if available
14134 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
14137 Make sure we define SIZE_MAX for yacc's skeleton.c
14141 Use TCSAFLUSH when restoring terminal settings (and echo) to
14142 guarantee that any pending output is discarded
14145 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
14148 no longer need to specify SETENV when user has sudo ALL
14152 sync user_args size calculation with sudo.c Add -g group option,
14153 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
14158 Make set_runaspw static void
14161 * testsudoers.c, visudo.c:
14162 g/c set_runaspw stub
14165 * configure, configure.in:
14166 Don't add -llber twice.
14169 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
14175 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
14181 * configure, configure.in:
14182 Fix check that determines whether -llber is required.
14185 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
14186 For netscape-based LDAP, use ldapssl_set_strength() to implement the
14187 checkpeer ldap.conf option.
14191 Delay krb5_cc_initialize() until we actually need to use the cred
14192 cache, which is what krb5_verify_user() does. Better cleanup on
14196 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
14199 Rewrite verify_krb_v5_tgt() based on what heimdal's
14200 krb5_verify_user() does.
14203 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
14206 The U suffix on constants is an ANSI feature
14209 * configure, configure.in:
14210 Add check for ber_set_option() in -llber
14213 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
14216 default if no nsswitch.conf is files only
14219 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
14222 don't tell people to mail aaron about LDAP stuff
14226 timelimit and bind_timelimit
14234 Move ldap.secret reading into a separate function.
14238 user_runas -> runas_pw
14241 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
14247 * check.c, sudo.pod, sudoers.pod:
14248 Add and document the %p escape in the password prompt. Based on a
14249 patch from Patrick Schoenfeld.
14253 Check strlcpy() return values.
14257 refactor ldap binding code into sudo_ldap_bind_s()
14261 Make it clear that host and uri can take multiple parameters. URI is
14262 now supported for more than just openldap nsswitch.conf does't
14267 comment cleanup and update (c) year
14270 * parse.c, sudo_nss.c:
14271 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
14272 This should make it possible to build an LDAP-only sudo binary.
14275 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
14276 Improve chaining of multiple sudoers sources by passing in the
14277 previous return value to the next in the chain
14281 Free up parser data structures in sudo_file_close().
14285 Free up parser data structures in sudo_file_close().
14289 Parse uri ourself if no ldap_initialize() is present Use
14290 ldap_create() instead of deprecated ldap_init() Use
14291 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
14294 * config.h.in, configure, configure.in:
14295 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
14299 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
14301 * config.h.in, configure, configure.in:
14302 add check for ldap_create
14305 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
14307 * config.h.in, configure, configure.in, ldap.c:
14308 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
14309 dn using the mechanism appropriate for the LDAP SDK in use. Use
14310 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
14311 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
14318 * config.h.in, configure.in:
14319 fix typo in mtim_getnsec
14322 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
14324 * config.h.in, configure, configure.in:
14325 add check for st__tim in struct stat as used by SCO
14329 use ldap_search_ext_s instead of deprecated ldap_search_s
14332 * Makefile.in, TODO, sudo.cat, sudo.man.in:
14333 add sudo_nss.h to HDRS
14337 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
14341 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
14344 Use ldap_get_values_len()/ldap_value_free_len() instead of the
14345 deprecated ldap_get_values()/ldap_value_free().
14356 * gettime.c, sudo.c:
14357 Remove some already fixed XXXs
14361 Same return value as non-existent sudoers if LDAP was unable to
14366 mention /etc/environment
14369 * README.LDAP, UPGRADE, WHATSNEW:
14370 Update to reflect recent developments.
14374 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
14378 When building up a query don't list groups in the aux group vector
14379 that are the same as the passwd file group. On most systems the
14380 first gid in the group vector is the same as the passwd entry gid.
14384 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
14385 ldaprc and system defaults that could affect how LDAP works.
14388 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
14389 sudo_nss.c, sudo_nss.h:
14390 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
14391 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
14392 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
14393 file and --with-ldap-secret-file
14397 Honor def_ignore_local_sudoers
14400 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
14403 no longer need to check def_ignore_local_sudoers here
14407 Refactor group vector resetting into a function and also call it
14408 from display_cmnd. Stop after the first sucessful match in
14409 display_cmnd. Print a newline between each display_privs method.
14413 fix double free introduced in rev 1.218
14417 belt and suspenders; zero out result after freeing it
14420 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
14421 Refactor line reading into a separate function, sudo_parseln(),
14422 which removes comments, leading/trailing whitespace and newlines.
14423 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
14427 Make the inability to read the sudoers file a non-fatal error if
14428 there are other sudoers sources available. sudoers_file_lookup now
14429 returns "not OK" if sudoers was not present
14433 make it clear that the global options are from LDAP
14437 allocate proper amount of space for error string
14440 * sudo_nss.c, sudo_nss.h:
14441 actual sudo nss code
14444 * ldap.c, parse.c, sudo.c, sudo.h:
14445 nss-ify display_privs and display_cmnd.
14448 * defaults.c, parse.c, testsudoers.c, visudo.c:
14449 move update_defaults() to parse.c
14452 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
14453 Use nsswitch to hide some sudoers vs. ldap implementation details
14454 and reduce the number of #ifdef LDAP TODO: fix display routines and
14458 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
14460 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
14461 First cut at nsswitch.conf support. Further reorganizaton and
14462 related changes are forthcoming.
14465 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
14467 * env.c, pathnames.h.in, sudo.c, sudo.h:
14468 Add support for reading and /etc/environment file. Still needs to
14469 be documented and should probably only applies to OSes that have it
14470 (AIX and Linux, maybe others).
14477 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
14483 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
14490 Add an example sudoRole, clarify netscape vs. openldap a bit more
14494 Be clear on what is OpenLDAP vs. Netscape-derived
14497 * config.h.in, configure, configure.in, ldap.c:
14498 Use ldapssl_init() for ldaps support instead of trying to do it
14499 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
14500 and tls_key for cert7.db and key3.db respectively. Don't print
14501 debugging info for options that are not set. Add warning if
14502 start_tls specified when not supported.
14506 fix compilation on solaris
14510 add missing .h and .c files for missing lib objs
14513 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
14516 fix LDAP_OPT_NETWORK_TIMEOUT setting
14520 fix compilation on Solaris
14523 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
14525 * configure, configure.in:
14530 try to clear up which variables are for OpenLDAP and which are for
14531 netscape-derived SDKs
14534 * config.h.in, configure, configure.in, ldap.c:
14535 Add support for "ssl on" in both netscape and openldap flavors. Only
14536 the OpenLDAP flavor has been tested.
14539 * logging.c, sudo.c, sudo.h:
14540 Call cleanup() before exit in log_error() instead of calling
14541 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
14548 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
14550 * logging.c, sudo.c, sudo.h:
14551 Better ldap cleanup.
14555 Distinguish between LDAP conf settings that are connection-specific
14556 (which take an ld pointer) and those that are default settings
14560 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
14563 Improved warnings on error.
14567 Make ldap config table driven and set the config *after* we open the
14571 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
14574 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
14577 * configure, configure.in:
14578 some operating systems need to link with -lkrb5support when using
14582 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
14588 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14592 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
14598 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
14599 add -g support for LDAP
14602 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
14604 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
14605 The -i and -s flags can now take an optional command.
14608 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
14610 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
14612 Add passprompt_override flag to sudoers that will cause the prompt
14613 to be overridden in all cases. This flag is also set when the user
14614 specifies the -p flag.
14618 Move setting of login class until after sudoers has been parsed. Set
14619 NewArgv[0] for -i after runas_pw has been set.
14622 * configure, configure.in:
14623 Move the dgettext check.
14626 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
14628 * auth/pam.c, config.h.in, configure, configure.in:
14629 Add basic support for looking up the string "Password: " in the PAM
14630 localized text db. This allows us to determine whether the PAM
14631 prompt is the default "Password: " one even if it has been
14634 TODO: concatenate non-std PAM prompts and user-specified sudo
14638 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
14640 * Makefile.in, config.h.in, configure, configure.in, parse.c,
14641 set_perms.c, sudo.c, sudo.h:
14642 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
14646 * acsite.m4, configure, interfaces.c, memrchr.c:
14647 Fix typos; Martynas Venckus
14650 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
14653 Don't assume runas_pw is set; it may not be in the -g case.
14656 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
14658 * logging.c, set_perms.c:
14659 Set aux group vector for PERM_RUNAS and restore group vector for
14660 PERM_ROOT if we previously changed it. Stash the runas group vector
14661 so we don't have to call initgroups more than once. Also add no-op
14662 check to check_perms.
14665 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
14667 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
14668 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
14669 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
14670 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
14671 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
14672 Add support for runas groups. This allows the user to run a command
14673 with a different effective group. If the -g option is specified
14674 without -u the command will be run as the current user (only the
14675 group will change). the -g and -u options may be used together.
14676 TODO: implement runas group for ldap improve runas group
14677 documentation add testsudoers support
14680 * configure, configure.in:
14681 fix setting of mandir
14684 * sudo.pod, sudoers.pod:
14685 document that ALL implies SETENV
14689 s/setenv_ok/setenv_implied/g
14693 hostname_matches() returns TRUE on match in sudo 1.7.
14697 use strcmp, not strcasecmp when comparing ALL
14701 Make sudo ALL imply setenv. Note that unlike with file-based
14702 sudoers this does affect all the commands in the sudoRole.
14705 * gram.c, gram.y, parse.c, parse.h:
14706 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
14707 it is not passed on to other commands in the list.
14711 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
14712 sudo_getpwuid() instead of getpwuid().
14715 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
14718 Expand on the dangers of not using visudo to edit sudoers.
14721 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
14724 Don't quote *?[]! on output since the lexer does not strip off the
14725 backslash when reading those in.
14728 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
14731 expand "u_foo" types to "unsigned foo" to avoid compatibility
14735 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
14738 Refactor log line generation in to new_logline().
14741 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
14747 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
14749 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
14751 Add configure check for struct in6_addr instead of relying on
14752 AF_INET6 since some systems define AF_INET6 but do not include IPv6
14756 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
14758 * configure, configure.in:
14759 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
14763 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
14765 * configure, configure.in:
14766 POSIX states that struct timespec be declared in time.h so check
14767 there regardless of the value of TIME_WITH_SYS_TIME.
14770 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
14773 Instead of defining a macro to call the appropriate method for
14774 turning on/off echo, just define tc[gs]etattr() and the related
14775 defines that use the correct terminal ioctls if needed. Also go back
14776 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
14779 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
14789 * INSTALL, auth/pam.c, config.h.in, configure.in:
14790 Add --disable-pam-session configure option to disable calling
14791 pam_{open,close}_session. May work around bugs in some PAM
14795 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
14802 Avoid printing the prompt if we are already backgrounded. E.g. if
14803 the user runs "sudo foo &" from the shell. In this case, the call
14804 to tcsetattr() will cause SIGTTOU to be delivered.
14807 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14809 * def_data.c, def_data.h, def_data.in:
14810 Reorder things such that the definition of env_reset come right
14811 before the env variable lists.
14815 Shrink type and seqno in struct alias from int to u_short
14818 * alias.c, match.c, parse.c, parse.h:
14819 Add a sequence number in the aliases for loop detection. If we find
14820 an alias with the seqno already set to the current (global) value we
14821 know we've visited it before so ignore it.
14824 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
14826 * TODO, auth/pam.c, sudo.c, sudo.h:
14827 PAM wants the full tty path so add user_ttypath which holds the full
14828 path to the tty or is NULL if no tty was present.
14832 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
14836 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
14842 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
14843 parse.h, testsudoers.c, visudo.c:
14847 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
14850 remove some useless casts
14854 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
14855 predates the final C99 spec and the standard specifies that it shall
14856 include stdint.h anyway
14859 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14861 * Makefile.in, alloca.c, configure.in:
14862 Since we ship with a pre-generated parser there is no need to ship a
14863 bogus alloca implementation.
14871 remove initial setting of CHECKSIA, we require that it be unset if
14884 only do SIA checks on Digital Unix
14887 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
14889 * sudoers.cat, sudoers.man.in:
14898 Remove call to krb5_cc_register() as it is not needed for modern
14906 * aclocal.m4, configure.in:
14907 New method for setting the default authentication type and avoiding
14908 conflicts in auth types.
14911 * match.c, parse.c, testsudoers.c:
14912 Each entry in a cmndlist now has an associated runaslist so no need
14913 to keep track of the most recent non-NULL one.
14916 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
14919 back out partial ldaps support mistakenly committed
14923 Add support for unix groups and netgroups in sudoRunas
14926 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
14929 Fix sudoedit of a non-existent file. From Tilo Stritzky.
14932 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
14939 update --passprompt escape info
14943 remove now-bogus comment and update copyright date
14947 Fix up use of with_passwd
14950 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
14951 Update to autoconf-2.61 andf libtool-1.5.24
14955 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
14958 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
14965 move tags and runaslist propagation to be earlier
14969 If -f flag given use the permissions of the original file as a
14974 prevent a double free() when re-initing the parser
14977 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
14983 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
14984 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
14985 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
14986 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
14987 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
14988 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
14989 Remove support for compilers that don't support void *
14996 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
14997 parse.c, parse.h, testsudoers.c, visudo.c:
14998 Move list manipulation macros to list.h and create C versions of the
14999 more complex ones in list.c. The names have been down-cased so they
15000 appear more like normal functions.
15004 Fix cmp command when regenerating parser. Make gram.o the first
15005 dependency for all programs so gram.h will be generated before
15006 anything that needs it.
15010 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
15013 * match.c, parse.c, testsudoers.c:
15014 Use LH_FOREACH_REV when checking permission and short-circuit on the
15015 first non-UNSPEC hit we get for the command. This means that
15016 instead of cycling through the all the parsed sudoers entries we
15017 start at the end and work backwards and quit after the first
15018 positive or negative match.
15025 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
15026 Change list head macros to take a pointer, not a struct.
15034 Propagate the runasspec from one command to the next in a cmndspec.
15037 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
15040 Replace has_meta() with a macro that calls strpbrk().
15046 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
15047 testsudoers.c, visudo.c:
15048 Use a list head struct when storing the semi-circular lists and
15049 convert to tail queues in the process. This will allow us to
15050 reverse foreach loops more easily and it makes it clearer which
15051 functions expect a list as opposed to a single member.
15053 Add macros for manipulating lists. Some of these should become
15056 When freeing up a list, just pop off the last item in the queue
15057 instead of going from head to tail. This is simpler since we don't
15058 have to stash a pointer to the next member, we always just use the
15059 last one in the queue until the queue is empty.
15061 Rename match functions that take a list to have list in the name.
15062 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
15066 Fix pasto, append "!" not negated (which is an int) for sudo -l
15071 Remove the dependency of gram .h on gram.y, the .c dependency is
15072 enough. Only move y.tab.h to gram.h if it is different; avoids
15073 needless rebuilding.
15076 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
15079 Defaults lines may be associated with lists of users, hosts,
15080 commands and runas users, not just single entries.
15083 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
15086 Revert the "cmp" portion of the last diff, it doesn't make sense.
15090 Remove *.lo for clean: When generating the parser, only move the
15091 generated files into place if they differ from the existing ones.
15094 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
15097 Replace IPV6 regexp with a much simpler (readable) one and add an
15098 extra check when it matches to make sure we have a valid address.
15102 Fix thinko introduced when merging IPV6 support.
15105 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
15107 * HISTORY, LICENSE:
15116 mention #uid vs. comment pitfall
15120 Merge in a patch from the libtool cvs that fixes a problem with the
15121 latest autoconf. From Stepan Kasal.
15125 Back out he XOR swap trick, it is slower than a temp variable on
15134 Convert the tail queue to a semi-circle queue and use the XOR swap
15135 trick to swap the prev pointers during append.
15138 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
15141 remove useless statement
15145 Refactor #include parsing into a separate function and return
15146 unparsed chars (such as newline or comment) back to the lexer.
15149 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
15152 mention better uid support
15156 Users may now consist of a uid.
15159 * gram.c, gram.h, toke.c:
15164 Use lbuf_append_quoted() for sudo -l output to quote characters that
15165 would require quoting in sudoers.
15169 Add lbuf_append_quoted() which takes a set of characters which
15170 should be quoted with a backslash when displayed.
15174 Require that the first character after a comment not be a digit or a
15175 dash. This allows us to remove the GOTRUNAS state and treat
15176 uid/gids similar to other words. It also means that we can now
15177 specify uids in User_Lists and a User_Spec may now contain a uid.
15181 Replace RUNAS token with '(' and ')' tokens to make the runas
15182 portion of the grammar more natural.
15186 The BUGS file is history
15189 * Makefile.in, README:
15190 The BUGS file is history
15193 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
15196 Allow comments after a RunasAlias as long as the character after the
15197 pound sign isn't a digit or a dash.
15201 Glob support was back-ported to 1.6.9
15204 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
15207 remove sudo_usage.h in distclean
15211 If a Defaults value contains a blank, double-quote the string.
15215 Properly deal with Defaults double-quoted strings that span multiple
15216 lines using the line continuation char. Previously, the entire
15217 thing, including the continuation char, newline, and spaces was
15222 Be consistent when using single quotes and backticks.
15225 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
15227 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
15228 sudo.c, sudo_usage.h.in:
15229 Add new linebuf code to do appends of dynamically allocated strings
15230 and word-wrapped output. Currently used for sudo's usage() and sudo
15231 -l output. Sudo usage strings are now in sudo_usage.h which is
15232 generated at configure time.
15235 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
15237 * parse.c, sudo.c, sudo.h:
15238 Fix line wrapping in usage() and use the actual tty width instead of
15242 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
15249 Mentioned Chris Jepeway's parser and also the new one that is in
15253 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
15255 * sudo.pod, visudo.pod:
15256 For the options list, add flag args where appropriate and increase
15257 the indent level so there is room for them.
15260 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
15263 Fix some spacing in "sudo -l" and add a comment about some bogosity
15264 in the line wrapping.
15267 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
15272 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
15273 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
15274 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
15275 testsudoers.c, toke.c, toke.l:
15276 Remove monitor support until there is a versino of systrace that
15277 uses a lookaside buffer (or we have a better mechanism to use).
15280 * config.h.in, configure, configure.in, sudo.c:
15281 use getaddrinfo() instead of gethostbyname() if it is available
15284 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
15287 Deal with OSes where sizeof(gid_t) < sizeof(int).
15291 repair non-getifaddrs() code after ipv6 integration
15295 If we can open sudoers but fail to read the first byte, close the
15296 file stream before trying again.
15299 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
15305 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
15306 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
15309 * sudo.pod, sudoers.pod, visudo.pod:
15310 Add some missing markup Update copyright
15313 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
15315 * configure, configure.in:
15316 fix sudo_noexec extension which got broken in the libtool update
15319 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
15322 explicitly specify -Tascii to nroff
15325 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
15328 remove an ANSI-ism that crept in
15331 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
15334 Adjust list indents Prevent -- from being turned into an em dash Use
15335 a list for the environment instead of a literal paragraph
15339 Use a list for the environment instead of an indented literal
15344 Adjust list indentation
15351 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
15354 mention that when specifying a uid for the -u option the shell may
15355 require that the # be escaped
15358 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
15361 Fix off by one in group matching.
15364 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
15367 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
15370 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
15372 * configure, configure.in:
15373 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
15374 -lgssapi_krb5 case.
15377 * aclocal.m4, configure, configure.in:
15378 Fix link tests such that new gcc doesn't optimize away the test.
15381 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
15383 * sudo.pod, sudoers.pod, visudo.pod:
15384 add missing over/back
15387 * sudo.pod, sudoers.pod, visudo.pod:
15388 Change FILES section to use =item
15392 Add back allocation of the env struct in rebuild_env but save a copy
15393 of the old pointer and free it before returning.
15397 Don't init the private environment in rebuild_env() since it may
15398 have already been done implicitly sudo_setenv/sudo_unsetenv.
15400 Multiply length by sizeof(char *) in memcpy/memmove when copying the
15401 environment so we copy the full thing.
15403 Add missing set of parens so we deref the right pointer in
15404 sudo_unsetenv when searching for a matching variable.
15407 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
15409 * sudo.pod, sudoers.pod, visudo.pod:
15410 Use file markup for paths in the FILES section
15413 * sudo.pod, sudoers.pod, visudo.pod:
15414 Don't capitalize sudo/visudo
15418 Sort sudoers options; based on a diff from Igor Sobrado.
15421 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
15423 * sudo.pod, sudoers.pod, visudo.pod:
15424 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
15425 latter confuses pod2man. The Makefile rules for the .man.in file
15426 will add @mansectsu@ and @mansectform@ back in after pod2man is done
15430 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
15432 * LICENSE, Makefile.in, license.pod:
15433 Move license info to pod format
15436 * configure, configure.in, sudoers.pod:
15437 Substitute value of path_info into sudoers man page.
15441 remove features that were back-ported to 1.6.9
15444 * sudo.c, sudo.pod, visudo.c, visudo.pod:
15445 Sort SYNOPSIS and sync usage. From Igor Sobrado.
15449 Only need sudo_setenv/sudo_unsetenv if we are going to use
15450 ldap_sasl_interactive_bind_s() but don't have
15451 gss_krb5_ccache_name().
15455 rebuild without branch info
15459 Add ChangeLog target
15463 Run cleanup code if the user hits ^C at the password prompt.
15467 Some versions of pam_lastlog have a bug that will cause a crash if
15468 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
15472 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
15475 ChageLog not Changelog
15483 CHANGE -> Changelog
15490 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
15492 * config.h.in, configure, configure.in, ldap.c:
15493 Add configure hooks for gss_krb5_ccache_name() and the gssapi
15497 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
15500 rebuild_env() and insert_env_vars() no longer return environment
15501 pointer, they set environ directly.
15503 No longer need to pass around an envp pointer since we just operate
15506 Add dosync argument to insert_env() that indicates whether it should
15507 reset environ when realloc()ing env.envp.
15509 Use an initial size of 128 for the environment.
15513 Split sudo_setenv() into an external version and a version only for
15514 use by rebuild_env().
15517 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
15520 Add support for using gss_krb5_ccache_name() instead of setting
15521 KRB5CCNAME. Also use sudo_unsetenv() in the non-
15522 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
15523 original environment. TODO: configure setup for
15524 gss_krb5_ccache_name()
15531 * README.LDAP, ldap.c:
15532 Add support for sasl_secprops in ldap.conf
15536 Add sudo_unsetenv() and refactor private env syncing code into
15540 * README.LDAP, ldap.c:
15541 The ldap.conf variable is sasl_auth_id not sasl_authid.
15544 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
15546 * ldap.c, sudo.c, sudo.h:
15547 Add support for krb5_ccname in ldap.conf. If specified, it will
15548 override the default value of KRB5CCNAME in the environment for the
15549 duration of the call to ldap_sasl_interactive_bind_s().
15553 Remove format_env() Add sudo_setenv() to replace most format_env() +
15554 insert_env() combinations. insert_env() no longer takes a struct
15559 Fix use_sasl vs. rootuse_sasl logic.
15562 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
15563 Add support for SASL auth when connecting to an LDAP server. Adapted
15564 from a diff by Tom McLaughlin.
15567 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
15569 * configure, configure.in:
15570 Only enable AIX or BSD auth if no other exclusive auth method has
15571 been chosen. Allows people to e.g., use PAM on AIX without adding
15572 --without-aixauth. A better solution is needed to deal with default
15573 authentication since if a non-exclusive method is chosen we will
15574 still get an error.
15577 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
15579 * HISTORY, Makefile.in, history.pod:
15580 Generate HISTORY from history.pod (which is also used for web pages)
15583 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
15585 * sudo.man.in, sudoers.man.in:
15590 Better explanation of environment handling in the sudo man page.
15594 Defer setting user-specified env vars until after authentication.
15598 honor def_default_path for PATH set on the command line
15601 * env.c, sudo.c, sudo.pod, sudoers.pod:
15602 Allow user to set environment variables on the command line as long
15603 as they are allowed by env_keep and env_check. Ie: apply the same
15604 restrictions as normal environment variables. TODO: deal with
15608 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
15610 * sudo.c, sudo_edit.c:
15611 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
15612 Don't allow -E or env var setting in sudoedit mode. More accurate
15613 usage() when called as sudoedit.
15621 add -c option to sudoedit synopsis
15629 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
15630 value from {user,host,runas,cmnd}_matches(). Rename *matches
15631 variables -> *match. Purely cosmetic.
15635 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
15643 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
15646 Make pwcheck local to the pwflag block. Use pwcheck even if user
15647 didn't match since Defaults options may still apply.
15651 Do not update timestamp if user not validated by sudoers.
15655 for PERM_RUNAS, set the egid to the runas user's gid and restore to
15656 the user's original in PERM_ROOT
15659 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
15660 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
15665 don't check timestamp mtime if we are just going to remove it
15669 Move sudoers defaults parameters into their own section.
15673 Reduce a level of indent by a few placed continue statements.
15677 Make matching but negated commands/hosts/runas entries override a
15678 previous match as expected. Also reduce some levels of indent by a
15679 few placed continue statements.
15682 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
15685 Print default runas in "sudo -l" if sudoers don't specify one.
15689 Less hacky way of testing whether the domain was set.
15692 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
15695 Mention pam-devel and openldap-devel for Linux
15698 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
15704 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
15707 fix typo in Solaris project support
15715 Make -- on the command line match the manual page. The implied shell
15716 case has been simplified as a result.
15719 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
15722 add simplistic support for sudoRunas; note that if a sudoers entry
15723 contains multiple Runas users, all will apply to the sudoRole
15727 honor SETENV and NOSETENV tags
15730 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
15733 Redo setting of user_args. We now build up a private copy of argv
15734 first and then replace the NULs?with spaces.
15738 getcwd() returns NULL on failure, not 0 on success
15742 allow chunksiz to reach 1 before erroring out
15745 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
15750 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
15752 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
15753 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
15755 Add support for setting environment variables on the command line.
15756 This is only allowed if the setenv sudoers options is enabled or if
15757 the command is prefixed with the SETENV tag.
15761 replace Aaron's email address with the sudo-workers list
15768 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
15770 * schema.OpenLDAP, schema.iPlanet:
15771 Break schema out into separate files.
15774 * Makefile.in, README.LDAP:
15775 Break schema out into separate files.
15778 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
15781 free message if set by authenticate()
15785 deal with NULL gr_mem
15788 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
15795 add template for HAVE_PROJECT_H
15802 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
15805 mention --with-project
15808 * config.h.in, configure.in, sudo.c:
15809 Add Solaris 10 "project" support. From Michael Brantley.
15821 Fix preservation of LDFLAGS in the LDAP case.
15825 Remove dependecy on NULL
15832 * aclocal.m4, configure.in:
15833 Can't use the regular autoconf fnmatch() check since we need
15834 FNM_CASEFOLD so go back to our custom one.
15838 Fix preserving of variables in env_keep.
15846 expand upon env resetting and mention that it began in 1.6.9 not
15851 Update descriptions of env_keep and env_check to match current
15855 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
15858 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
15859 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
15862 * env.c, logging.c:
15863 Treat USERNAME environemnt variable like LOGNAME/USER
15867 Don't need to populate keepenv table with the contents of the
15872 Don't force sudo into the C locale.
15876 Make env_check apply when env_reset it true. Environment variables
15877 are passed through unless they contain '/' or '%'. There is no need
15878 to have a variable in both env_check and env_keep.
15881 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
15884 Remove an duplicate lock_file() call and add a comment.
15888 Add sudo 1.6.9 upgrade note.
15891 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
15894 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
15895 small. From Klaus Wagner.
15898 * logging.c, sudo.h:
15899 Redo the long syslog line splitting based on a patch from Eygene
15900 Ryabinkin. Include memrchr() for systems without it.
15904 Redo the long syslog line splitting based on a patch from Eygene
15905 Ryabinkin. Include memrchr() for systems without it.
15908 * Makefile.in, config.h.in, configure, configure.in:
15909 Redo the long syslog line splitting based on a patch from Eygene
15910 Ryabinkin. Include memrchr() for systems without it.
15914 Since we need to be able to convert timespec to timeval for utimes()
15915 the last 3 digits in the tv_nsec are not significant. This makes the
15916 sudoedit file date comparison work again.
15919 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
15921 * aclocal.m4, configure, configure.in:
15922 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
15923 This deals with exclusive authentication methods in a simple way.
15926 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
15929 mkstemp.c is BSD code too.
15932 * sudo.pod, sudoers.pod, visudo.pod:
15933 No commercial support for now.
15936 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
15939 cleanenv() is no more.
15942 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
15945 Display branch info in Changelog
15949 Include config.h early so we have it for TIME_WITH_SYS_TIME
15953 Fix Changelog generation and update.
15956 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
15959 Use /proc/self/fd instead of /proc/$$/fd
15961 Move old-style fd closing into closefrom_fallback() and call that if
15962 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
15965 * auth/kerb5.c, config.h.in, configure.in:
15966 o use krb5_verify_user() if available instead of doing it by hand o
15967 use krb5_init_secure_context() if we have it o pass an encryption
15968 type of 0 to krb5_kt_read_service_key() instead of
15969 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
15973 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
15977 Fix closefrom() substitution in the Makefile
15981 Mention alternate sudo pronunciation.
15984 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
15987 Remove KRB5_KTNAME from environment. Allow COLORTERM.
15991 If we cannot get a valid service key using the default keytab it is
15992 a fatal error. Fixes a bug where sudo could be tricked into
15993 allowing access when it should not by a fake KDC. From Thor Lancelot
15997 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
15999 * aclocal.m4, configure, configure.in:
16000 Update long long checks to use AC_CHECK_TYPES and to cache values.
16003 * aclocal.m4, configure.in:
16004 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
16005 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
16009 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
16011 * configure, configure.in:
16012 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
16013 need it for visudo now too.
16016 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
16019 Attempt to clarify the bit talking about network numbers w/o
16024 Clarify timestamp dir ownership sentence.
16027 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
16030 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
16034 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
16037 -i is also one of the mutually exclusive options to list it in the
16038 warning message. Noted by Chris Pepper.
16041 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
16044 The sudoers variable is env_editor, not enveditor. From Jean-
16048 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
16051 I tracked down the original author so credit him and include his
16055 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
16057 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
16059 Fix typos; from Jason McIntyre.
16063 Restore signal mask before calling reapchild(). Fixes a possible
16064 race condition that could prevent sudo from properly waiting for the
16068 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
16071 Don't declare pw_free() if we are not going to use it.
16075 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
16076 LDR_PRELOAD64. The 64-bit version is not currently supported.
16077 Remove zero_env() prototype as it no longer exists.
16080 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
16083 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
16086 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
16089 If the user enters ^C at the password prompt, abort instead of
16090 trying to authenticate with an empty password (which causes an
16094 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
16096 * closefrom.c, config.h.in, configure, configure.in:
16097 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
16102 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
16105 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
16107 * config.guess, config.sub:
16108 Update to latest versions from cvs.savannah.gnu.org
16111 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
16113 * pwutil.c, sudo_edit.c:
16114 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
16115 we can close the passwd/group files early.
16118 * config.h.in, configure, configure.in, set_perms.c:
16119 Add seteuid() flavor of set_perms() for systems without setreuid()
16120 or setresuid() that have a working seteuid(). Tested on Darwin.
16123 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
16126 systrace_read() returns ssize_t
16129 * configure, configure.in:
16130 Fix typo, -lldap vs. -ldap; from Tim Knox.
16133 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
16136 Fix typo; Matt Ackeret
16139 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
16142 Print sudoers path in -V mode for root.
16145 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
16148 Do a sub tree search instead of a base search (one level in the tree
16149 only) for sudo right objects. This allows system administrators to
16150 categorize the rights in a tree to make them easier to manage.
16153 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
16159 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
16162 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
16163 bind_timelimit support; adapted from gentoo.
16166 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
16169 Support comments that start in the middle of a line
16172 * configure, configure.in:
16173 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
16176 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
16179 Silence gcc -Wsign-compare; djm@openbsd.org
16182 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
16183 cleanup() now takes an int as an arg so it can be used as a signal
16188 Make a copy of the shell field in the passwd struct for NewArgv to
16189 avoid a use after free situation after sudo_endpwent() is called.
16192 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
16194 * config.h.in, configure, configure.in:
16195 Add mkstemp() for those poor souls without it.
16199 Add mkstemp() for those poor souls without it.
16203 Add mkstemp() for those poor souls without it.
16206 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
16209 Add PERL5DB to list of environment variables to remove.
16212 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
16214 * mon_systrace.c, mon_systrace.h:
16215 Instead of calling the check function twice with a state cookie use
16216 separate check/log functions.
16218 Check more ioctl() calls for failure.
16220 systrace_{read,write} now return the number of bytes read/written or
16225 Add more environment variables to remove; from gentoo linux Add some
16226 comments about what bad env variables go to what (more to do)
16229 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
16231 * sudo.c, sudo_edit.c:
16232 Move sudo_end{gr,pw}ent() until just before the exec since they free
16233 up our cached copy of the passwd structs, including sudo_user and
16234 sudo_runas. Fixes a use-after-free bug.
16238 Close all fd's before executing editor.
16242 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
16246 Fix fd leak when lecture file option is enabled. From Jerry Brown
16249 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
16252 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
16253 environment variables to remove. From Charles Morris
16256 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
16259 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
16262 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
16265 add PS4 and SHELLOPTS to initial_badenv_table for bash
16268 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
16271 Fix typo; Toby Peterson
16274 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
16277 Make return buffers static so they don't get clobbered
16280 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
16283 Fix securid5 authentication, was not checking for ACM_OK. Also add
16284 default cases for the two switch()es. Problem noted by ccon at
16288 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
16291 Remove ncat() in favor of just counting bytes and pre-allocating
16295 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
16298 Fix up some comments Add missing fclose() for the rootbinddn case
16302 align struct ldap_config
16306 use LINE_MAX for max conf file line size
16310 add _PATH_LDAP_SECRET
16314 Mention rootbinddn Give example ou=SUDOers container
16317 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
16319 * INSTALL, configure, configure.in, ldap.c:
16320 Support rootbinddn in ldap.conf
16323 * env.c, sudo.pod, sudoers.pod:
16324 Preserve DISPLAY environment variable by default.
16327 * acsite.m4, configure:
16328 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
16331 * acsite.m4, configure:
16332 set need_version=no for all cases; this is safe for LD_PRELOAD
16339 * configure, configure.in:
16344 Fix call to pam_end() when pam_open_session() fails.
16352 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
16353 ltsugar.m4 ltversion.m4
16356 * config.guess, config.sub, ltmain.sh:
16357 merge in local changes: config.guess: o better openbsd support
16358 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
16359 libs must begin with "lib" o don't print a bunch of crap about
16360 library installs o don't run ldconfig
16363 * config.guess, config.sub, ltmain.sh:
16368 Update with autoupdate and make minor changes for libtool 1.9f
16371 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
16374 don't call sudo_ldap_display_cmnd if ldap not setup
16377 * sudo_edit.c, visudo.c:
16378 Move declatation of struct timespec to its own include files for
16379 systems without it since it needs time_t defined.
16383 Move declatation of struct timespec to its own include files for
16384 systems without it since it needs time_t defined.
16388 Move declatation of struct timespec to its own include files for
16389 systems without it since it needs time_t defined.
16393 Move declatation of struct timespec to its own include files for
16394 systems without it since it needs time_t defined.
16397 * check.c, compat.h:
16398 Move declatation of struct timespec to its own include files for
16399 systems without it since it needs time_t defined.
16403 Don't set safe_cmnd for the "sudo ALL" case.
16406 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
16409 Call pam_open_session() and pam_close_session() to give pam_limits a
16410 chance to run. Idea from Karel Zak.
16413 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
16416 Add explicit cast from mode_t -> u_int in printf to silence warnings
16421 include grp.h to silence a warning on Solaris
16424 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
16427 Fix printing of += and -= defaults.
16430 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
16433 Sanity check number of syscall args with argsize. Not really needed
16434 but a little paranoia never hurts.
16437 * mon_systrace.c, mon_systrace.h:
16438 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
16439 for systrace lengths (since it uses int)
16442 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
16445 Add some memsets for paranoia Fix namespace collsion w/ error Check
16446 rval of decode_args() and update_env() Remove improper setting of
16450 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
16452 * parse.c, sudo.c, sudo.h:
16453 In -l mode, only check local sudoers file if def_ignore_sudoers is
16454 not set and call LDAP versions from display_privs() and
16455 display_cmnd() instead of directly from main(). Because of this we
16456 need to defer closing the ldap connection until after -l processing
16457 has ocurred and we must pass in the ldap pointer to display_privs()
16458 and display_cmnd().
16462 Reorganize LDAP code to better match normal sudoers parsing.
16463 Instead of storing strings for later printing in -l mode we do
16464 another query since the authenticating user and the user being
16465 listed may not be the same (the new -U flag). Also add support for
16468 There is still a fair bit if duplicated code that can probably be
16472 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
16475 Replace pass variable with do_netgr for better readability.
16483 estrdup, not strdup
16486 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
16489 Add macro to test if the tag changed to improve readability.
16493 Avoid printing defaults header if there are no defaults to print...
16497 Fix a warning on systems without strlcpy().
16501 Use macros where possible for sudo_grdup() like sudo_pwdup().
16504 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
16507 It is possible for tv_usec to hold >= 1000000 usecs so add in
16511 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
16514 The component in krb5_principal_get_comp_string() should be 1, not 0
16515 for Heimdal. From Alex Plotnick.
16518 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
16520 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
16521 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
16522 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
16523 Add efree() for consistency with emalloc() et al. Allows us to rely
16524 on C89 behavior (free(NULL) is valid) even on K&R.
16528 Move initgroups() for -U option into display_privs() so group
16529 matching in sudoers works correctly.
16532 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
16535 Removed duplicate call to ldap_unbind_s introduced along with
16540 Add missing space in Defaults printing
16543 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
16546 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
16550 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
16553 Zero old pw_passwd before replacing with version from shadow file.
16556 * configure, configure.in:
16557 Only attempt shadow password detection if PAM is not being used Add
16558 shadow_* variables to make shadow password detection more generic.
16562 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
16565 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
16568 use a non-breaking space to avoid a double space after e.g.
16572 commna, not colon after e.g.
16575 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16578 Add __ variants of the exec functions. GNU libc at least uses
16579 __execve() internally.
16583 Match reality a bit more.
16587 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
16591 Store shadow password after making a local copy of struct passwd in
16592 case normal and shadow routines use the same internal buffer in
16596 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
16598 * alloc.c, logging.c:
16599 Make varargs usage consistent with the rest of the code.
16602 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
16605 Wrap more of the exec family since on Linux the others do not appear
16606 to go through the normal execve() path.
16610 make print_unused static like proto says
16614 silence a warning on K&R systems
16617 * alias.c, error.c:
16618 make this build in K&R land
16622 make this build in K&R land
16625 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
16631 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
16634 return(foo) not return foo optimize _atobool() slightly
16642 Reformat to match the rest of sudo's code.
16646 I am the primary author
16649 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
16651 * Makefile.in, README, RUNSON:
16652 The RUNSON file is toast--it confused too many people and really
16653 isn't needed in a configure-oriented world.
16657 alternate -> alternative
16661 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
16666 Allow leading blanks before Defaults and Foo_Alias definitions
16670 fix rules to build toke.o and gram.o in devel mode
16673 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
16676 env_keep overrides set_logname
16680 Fix disabling set_logname and make env_keep override set_logname.
16683 * compat.h, config.h.in, configure, configure.in:
16684 No longer need memmove()
16688 Just clean the environment once. This assumes that any further
16689 setenv/putenv will be able to handle the fact that we replaced
16690 environ with our own malloc'd copy but all the implementations I've
16694 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
16697 In -i mode, base the value of insert_env()'s dupcheck flag on
16698 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
16701 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
16704 Move setting of user_path, user_shell, user_prompt and prev_user
16705 into init_vars() since user_shell at least is needed there.
16708 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
16715 Fix some printf format mismatches on error.
16719 Fix some printf format mismatches on error.
16722 * configure, gram.c, toke.c:
16726 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
16727 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
16728 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16729 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
16730 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
16731 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
16732 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
16733 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
16734 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
16735 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
16736 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
16737 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
16738 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
16739 visudo.pod, zero_bytes.c:
16740 Update copyright years.
16743 * Makefile.binary.in:
16744 Update copyright years.
16748 Update copyright years.
16751 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
16756 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
16759 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
16761 * compat.h, logging.h, sudo.h:
16762 Add __printflike and use it with gcc to warn about printf-like
16766 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
16768 * CHANGES, ChangeLog:
16769 Replaced CHANGES file with ChangeLog generated from cvs logs
16773 Use warning/error instead of perror/fatal.
16777 Update OpenBSD section
16781 Add upgrading noted for 1.7
16784 * env.c, sudo.c, sudoers.pod:
16785 Instead of zeroing out the environment, just prune out entries based
16786 on the env_delete and env_check lists. Base building up the new
16787 environment on the current environment and the variables we removed
16791 * config.h.in, configure, configure.in, sudo.c:
16792 Set locale to "C" if locales are supported, just to be safe.
16796 Cast?argument to ctype functions to unsigned char.
16799 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
16802 correct value for DID_USER
16805 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
16806 #include <compat.h> not "compat.h"
16810 Reset the environment by default.
16814 Alloc an extra slot in NewArgv. Removes the need to malloc an new
16815 vector if execve() fails.
16818 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
16820 * INSTALL, config.h.in, configure, configure.in, sudo.c:
16821 Use execve(2) and wrap the command in sh if we get ENOEXEC.
16824 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
16827 Only include time.h on systems that lack struct timespec which gets
16828 defind in compat.h (using time_t).
16832 Include time.h for time_t in compat.h for systems w/o struct
16836 * compat.h, config.h.in, configure, configure.in:
16837 use bcopy on systems w/o memmove
16841 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
16846 Add explicit rule to build sudo_noexec.lo
16849 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
16851 * INSTALL.configure, Makefile.in:
16852 No longer depend on VPATH; pointed out a bunch of missed
16857 Help for PAM when account section is missing
16861 Give user a clue when there is a missing "account" section in the
16866 Better error handling.
16869 * config.h.in, configure, configure.in:
16870 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
16871 possible. Silences a warning about isblank() on linux.
16875 Fix typo (missing comma) that caused an incorrect number of args to
16876 be passed to log_error().
16879 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
16882 Don't try to destroy a tree we didn't create.
16885 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
16887 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
16888 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
16889 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
16890 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
16891 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
16892 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
16893 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
16894 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
16895 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
16896 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
16897 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
16898 Add __unused to rcsids
16901 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16903 * configure, configure.in:
16904 Fix error message when mixing invalid auth types
16908 PAM, AIX auth, BSD auth and login_cap are now on by default if the
16912 * auth/sudo_auth.h, config.h.in:
16913 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
16917 Better checking for conflicting authentication methods Display the
16918 authentication methods used at the end of configure Rename --with-
16919 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
16920 --with-pam, --with-logincap by default on systems that support them
16921 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
16922 OSREV has full version number
16925 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
16927 * def_data.c, def_data.in, sudo.c, sudoers.pod:
16931 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
16934 Replace: test -n "$FOO" || FOO="bar"
16936 With: : ${FOO='bar'}
16939 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
16941 * pwutil.c, testsudoers.c, tsgetgrpw.c:
16942 Use function pointers to only call private passwd/group routines
16943 when using a nonstandard passwd/group file.
16946 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16953 Can't use strtok() since it doesn't handle empty fields so add
16954 getpwent()/getgrent() functions and call those.
16957 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
16960 Fix dummied out toke.c and gram.c dependencies.
16964 Rename PARSESRCS -> GENERATED since it is only used in the clean
16965 target Add devdir variable and use it to specify the path to parser
16974 Add a devdir variables that defaults to $(srcdir) and is set to . if
16975 --devel was specified. Allows for proper dependecies building the
16980 Add support for custom passwd/group files.
16984 Build private copy of pwutil.o for testsudoers with MYPW defined so
16985 it uses our own passwd/group routines.
16989 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
16990 stubs instead. We can now just use the caching sudo_*{pw,gr}*
16991 functions in pwutil.c Add comment about wanting to call
16992 sudo_endpwent/sudo_endgrent in cleanup()
16996 Remove caching; we will just use what is in pwutil.c Use global
16997 buffers for passwd/group structs Rename functions from sudo_* to
17001 * logging.c, sudo.c:
17002 g/c pwcache_init/pwcache_destroy
17006 Undo last commit and add sudo_setspent and sudo_endspent instead.
17009 * getspwuid.c, pwutil.c:
17010 Move all but the shadow stuff from getspwuid.c to pwutil.c and
17011 pwcache_get and pwcache_put as they are no longer needed. Also add
17012 preprocessor magic to use private versions of the passwd and group
17013 routines if MYPW is defined (for use by testsudoers).
17017 zero out struct passwd/group before filling it in so if there are
17018 fields we don't handle they end up as 0.
17021 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
17026 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
17031 Passwd and group lookup routines for testsudoers that support
17032 alternate passwd and group files.
17035 * getspwuid.c, pwutil.c:
17036 Split off pw/gr cache and dup code into its own file. This allows
17037 visudo and testsudoers to use the pw/gr cache too.
17040 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
17043 Print Defaults info in "sudo -l" output and wrap lines based on the
17047 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
17049 * match.c, testsudoers.c, visudo.c:
17050 Only check group vector in usergr_matches() if we are matching the
17051 invoking or list user. Always check the group members, even if
17052 there was a group vector.
17055 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
17057 * LICENSE, Makefile.in, fnmatch.3:
17058 No longer bundle fnmatch.3
17065 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
17072 Sort command line options
17075 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
17076 sudo.pod, sudoers.pod:
17077 Add closefrom sudoers option to start closing at a point other than
17078 3. Add closefrom_override sudoers option and -C sudo flag to allow
17079 the user to specify a different closefrom starting point.
17083 Add _PATH_DEVNULL for those without it.
17087 no more UCB strcasecmp
17091 replace BSD licensed one with version derived from pdksh
17094 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
17101 Make sure stdin, stdout and stderr are open and dup them to
17105 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
17107 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
17108 add sudo_ldap_close
17111 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
17112 Use TIME_WITH_SYS_TIME
17115 * config.h.in, configure, configure.in:
17116 Add TIME_WITH_SYS_TIME_H
17119 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
17122 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
17123 unconditionally on darwin. From Toby Peterson.
17127 Check rbinsert() return value. In the case of faked up entries
17128 there is usually a negative response cached that we need to
17131 In pwfree() don't try to zero out a NULL pw_passwd pointer.
17135 Use the double fork trick to avoid the monitor process being waited
17136 for by the main program run through sudo.
17139 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
17142 Call initgroups() in -U mode so group matches work normally.
17145 * def_data.h, mkdefaults:
17146 Don't print a trailing comma for the last entry in enum def_tupple
17149 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
17151 * sudoers.cat, sudoers.man.in, sudoers.pod:
17152 Mention values when lecture, listpw and verifypw are used in boolean
17156 * def_data.c, def_data.in:
17157 verifypw when used in a boolean TRUE context should be "all", not
17161 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
17163 * def_data.in, defaults.c:
17164 Allow tuples that can be used as booleans to be used as boolean
17165 TRUE. In this case the 2nd possible value of the tuple is used for
17169 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
17171 * configure, configure.in:
17172 Correct the test for 2-parameter timespecsub
17176 Add strub struct definitions for passwd, timeval and timespec
17179 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
17180 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
17181 and fix a typo in the gettimeofday check.
17184 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
17186 * match.c, testsudoers.c:
17187 Deal with user_stat being NULL as it is for visudo and testsudoers.
17190 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
17191 Add -U option to use in conjunction with -l instead of -u. Add
17192 support for "sudo -l command" to test a specific command.
17195 * gram.c, gram.y, sudo.c:
17196 Set safe_cmnd after sudoers_lookup() if it has not been set.
17197 Previously it was set by sudo "ALL" in the parser but at that point
17198 the fully-qualified pathname has not yet been found.
17201 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17203 * parse.c, testsudoers.c:
17204 Correctly handle multiple privileges per userspec and runas
17208 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
17211 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
17214 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
17217 make per-command defaults work with sudoedit
17220 * ldap.c, parse.c, sudo.c, sudo.h:
17221 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
17222 Instead, we just set the approriate defaults variable.
17225 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
17226 Document per-command Defaults.
17229 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
17230 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
17231 Add support for command-specific Defaults entries. E.g.
17232 Defaults!/usr/bin/vi noexec
17235 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
17236 Change an occurence of user_matches() -> runas_matches() missed
17237 previously runas_matches(), host_matches() and cmnd_matches() only
17238 really need to pass in a list of members. user_matches() still
17239 needs to pass in a passwd struct because of "sudo -l"
17243 Check def_authenticate, def_noexec and def_monitor when setting
17244 return flags. XXX May be better to just set the defaults directly
17245 and get rid of those flags.
17248 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
17249 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
17250 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
17251 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
17252 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
17253 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
17254 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
17255 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
17256 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
17257 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
17258 visudo.c, zero_bytes.c:
17259 Use: #include <config.h> Not: #include "config.h" That way we get
17260 the correct config.h when build dir != src dir
17264 Back out part of rev 1.263; fix -I order
17268 More robust parsing if #include; could be much better still.
17271 * sudo_edit.c, visudo.c:
17272 Make arg splitting in visudo and sudoedit consistent.
17275 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
17276 Split alias routines out into their own file.
17280 __attribute__ is already defined in compat.h
17284 quit() should not be __noreturn__ as it is non-void on some
17288 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
17289 Add local error/warning functions like err/warn but that call an
17290 additional cleanup routine in the error case. This means we no
17291 longer need to compile a special version of alloc.o for visudo.
17295 Clarify comments about the data structures
17298 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
17301 Add support for VISUAL and EDITOR containing command line args. If
17302 env_editor is not set any args in VISUAL and EDITOR are ignored.
17303 Arguments are also now supported in def_editor.
17306 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
17309 alias_matches() is no more
17317 When regenerating the parser, don't replace gram.h unless it has
17322 remove Makefile.binary for distclean
17326 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
17327 sure we can't overflow new_env.
17331 paranoia when stripping trailing slashes from tempdir.
17335 Set user_ngroups to 0 if getgroups() returns an error.
17338 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
17340 * config.h.in, configure, configure.in, sudo.c:
17341 Add configure check for getgroups()
17345 Use supplementary group vector in struct sudo_user.
17349 Only do string comparisons on the group members if there is no
17350 supplemental group list.
17358 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
17359 chop off any trailing slashes we see and add an explicit one.
17363 remove bogus XXX comment
17367 Get rid of alias_matches and correctly fall through to the non-alias
17368 cases when there is no alias with the specified name.
17372 Cache non-existent passwd/group entries too.
17383 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
17384 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
17385 Implement group caching and use the passwd and group caches
17389 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
17392 Properly negate the return value of alias_matches() when
17397 Make hostname_matches() return TRUE for a match, else FALSE like the
17402 Add missing dependencies on gram.h
17406 Use runas_matches in alias_matches() now that we have it.
17409 * parse.c, parse.h:
17410 Expand aliases in "sudo -l" mode
17414 Use ALIAS for the member type when storing an alias instead of
17415 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
17416 more generic type. Expand runas_matches instead of calling
17417 user_matches() inside of it since user_matches() looks up
17418 USERALIASes, not RUNASALIASes.
17421 * CHANGES, getspwuid.c:
17422 Paranoia; zero out pw_passwd before freeing passwd entry.
17425 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
17426 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
17427 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
17428 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
17429 Add local error/warning functions like err/warn but that call an
17430 additional cleanup routine in the error case. This means we no
17431 longer need to compile a special version of alloc.o for visudo.
17435 Use userpw_matches() to compare usernames, not strcmp(), since the
17436 latter checks for "#uid".
17439 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
17440 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
17441 the other by user name. The data returned from the cache should be
17442 considered read-only and is destroyed by sudo_endpwent().
17450 missing free in alias_destroy
17454 Can't use rbapply() for rbdestroy since the destructor is passed a
17455 data pointer, not a node pointer.
17458 * getspwuid.c, logging.c, sudo.c, sudo.h:
17459 Create and use private versions of setpwent() and endpwent() that
17460 set/end the shadow password file too.
17463 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
17464 Store aliases in a red-black tree.
17467 * Makefile.in, redblack.c, redblack.h:
17468 red-black tree implementation
17472 Edit all sudoers file if there were unused or undefined aliases and
17473 we are in strict mode.
17476 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17478 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
17479 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
17480 Bring back the "secure_path" Defaults option now that Defaults take
17481 effect before the path is searched.
17484 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
17486 * logging.c, parse.c:
17487 A user can always list their own entries, even with -u. Better error
17488 message when failing to list another user's entries.
17491 * parse.c, sudo.c, sudo.h:
17492 The syntax to list another user's entries is now "-u otheruser -l".
17493 Only root or users with sudo "ALL" may list other user's entries.
17496 * sudo.cat, sudo.man.in, sudo.pod:
17497 Update env variable info in SECURITY NOTES
17505 strip exported bash functions from the environment.
17508 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
17511 Only reset sudo_user.pw based on SUDO_USER environment variables for
17512 real commands and sudoedit. This avoids a confusing message when a
17513 user tries "sudo -l" or "sudo -v" and is denied.
17516 * gram.c, gram.y, parse.h:
17517 Extend LIST_APPEND to deal with appending lists too
17520 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
17523 Convert some bitwise AND to ISSET
17526 * lex.yy.c, toke.c:
17527 toke.c replaces lex.yy.c
17535 new parser fixes most of the outstanding bugs
17543 Rework for the new parser. Now checks for unused aliases in sudoers.
17547 Rewrite for the new parser. Now supports a -d flag (dump) and adds
17548 a -h flag (host). It now defaults to the local hostname unless
17549 otherwise specified.
17553 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
17557 Update for new parse. We now call find_path() *after* we have
17558 updated the global defaults based on sudoers. Also adds support for
17559 listing other user's privs if you are root.
17563 Working LDAP support; also remove a now-unneeded rewind().
17566 * logging.c, logging.h:
17567 Add NO_STDERR flag.
17571 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
17572 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
17573 connecto to LDAP, apply the default options, find the command in the
17574 user's path, and then check whether the user is allowed to run it.
17575 The important thing here is that the default runas user may be
17576 specified as a default option and that needs to be set before we
17577 search for the command.
17581 Add casts to unsigned char for isspace() to quiet a gcc warning.
17585 Add prototype for update_defaults()
17589 Don't warn about line numbers now that we operate on a set of data
17590 structures (or LDAP) and not a file.
17594 No long use lsearch()
17598 Update for new and changed file names.
17602 no more BSD lsearch.c
17606 foo_matches() routines now live in match.c Added user_matches(),
17607 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
17608 that operate on the parsed sudoers file.
17611 * parse.lex, toke.l:
17612 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
17613 WORD no longer needs to exclude '@' kill yywrap()
17616 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
17618 Rewritten parser that converts sudoers into a set of data
17619 structures. This eliminates ordering issues and makes it possible to
17620 apply sudoers Defaults entries before searching for the command.
17623 * configure.in, emul/search.h, lsearch.c:
17624 We won't be using lsearch() any longer.
17628 sudo should not send mail if someone who runs 'sudo -l' has no
17632 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17638 Update warnings to match new visudo
17642 The new parser doesn't have the old ordering constraints.
17646 Document that -l now takes an optional username argument
17649 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
17656 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
17657 a compilation problem with Solaris 9's native LDAP.
17659 Set FLAG_MONITOR when needed.
17662 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
17665 Call sudo_goodpath() *after* changing the cwd to match the traced
17666 process. Fixes relative paths.
17669 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
17672 Kill set_perms() stub--it is no longer needed.
17675 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
17677 * sudoers.cat, sudoers.man.in, sudoers.pod:
17678 stay_setuid now requires set_reuid() or setresuid()
17681 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
17682 configure.in, set_perms.c, sudo.c, sudo.h:
17683 Kill use of POSIX saved uids; they aren't worth bothering with.
17686 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
17689 remove call to issetugid()
17692 * sudoers.cat, sudoers.man.in, sudoers.pod:
17693 Remove warning about wildcards. Now that we use glob() the bug is
17698 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
17699 each result that matches the basename of the user's command. This
17700 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
17701 /usr/bin/blah. Fixes bug #143.
17704 * config.h.in, configure, configure.in:
17705 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
17709 * config.h.in, configure, configure.in:
17710 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
17718 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
17723 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
17727 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
17730 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
17731 means we are out of space in the stack gap...
17739 Take a stab at ldap sudoers support here.
17742 * mon_systrace.c, mon_systrace.h:
17743 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
17744 doesn't cause reboot to inadvertanly kill itself.
17748 put "monitor" in the proctitle, not "systrace"
17752 When modifying the environment, don't replace envp when we can get
17753 away with just rewriting pointers in the traced process.
17756 * mon_systrace.c, mon_systrace.h:
17757 Add environment updating via STRIOCINJECT (if available).
17760 * sudoers.cat, sudoers.man.in:
17764 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
17771 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
17775 Include file is now mon_systrace.h
17778 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
17779 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
17780 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
17781 No longer call it tracing, it is now "monitoring" which should be
17782 more a obvious name to non-hackers.
17785 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
17787 * mon_systrace.c, mon_systrace.h:
17791 * mon_systrace.c, mon_systrace.h:
17792 No need to include syscall.h, use 1024 as the max # of entries (the
17793 max that systrace(4) allows).
17795 Only need to use SYSTR_POLICY_ASSIGN once
17797 Change check_syscall() -> find_handler() and have it return the
17798 handler instead of just running it. We need this since handler now
17799 have two parts: one part that generates and answer and another that
17800 gets called after the answer is accepted (to do logging).
17802 Add some missing check_exec for emul execv
17805 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
17810 Add missing HAVE_LINUX_SYSTRACE_H
17814 add trace_systrace.o dependency
17817 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
17819 * configure, configure.in:
17820 Also look for systrace.h in /usr/include/linux
17823 * mon_systrace.c, mon_systrace.h:
17824 Move all struct defs and prototypes into trace_systrace.h and mark
17825 all but systace_attach() static.
17828 * mon_systrace.c, mon_systrace.h:
17829 Add support for tracing emulations. At the moment, all emulations
17830 are compiled in. It might make sense to #ifdef them in the future,
17831 though this impeeds readability.
17834 * Makefile.in, configure, configure.in:
17835 rename systrace.c -> trace_systrace.c
17838 * parse.yacc, sudo.tab.c:
17839 Allow this to build with a K&R compiler again
17846 * compat.h, sudo.c, visudo.c:
17847 Use __attribute__((__noreturn__))
17851 Exit() takes a negative value to indicate it was not called via
17855 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17860 * Makefile.in, visudo.c:
17861 Define Err() and Errx() that are like err() and errx() but call
17862 Exit() instead of exit(). Build private copy of alloc.o for visudo
17863 that calls Err() and Errx().
17866 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
17868 * lex.yy.c, sudo.tab.c:
17877 Overhaul visudo for editing multiple files: o visudo has been
17878 broken out into functions (more work needed here) o each file is
17879 now edited before sudoers is re-parsed o if a #include line is
17880 added that file will be edited too
17882 TODO: o cleanup temp files when exiting via err() or errx() o
17883 continue breaking things out into separate functions
17886 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
17887 Add keepopen arg to open_sudoers that open_sudoers can use to
17888 indicate to the caller that the fd should not be closed when it is
17889 done with it. To be used by visudo to keep locked fds from being
17890 closed prematurely (and thus losing the lock).
17893 * parse.yacc, sudo.c:
17894 Add errorfile global that contains the name of the file that caused
17899 return COMMENT to yacc grammar for a #include line
17903 Remove us of unput() in favor of yyless() which is cheaper.
17907 Allow an empty sudoers file.
17910 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
17913 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
17916 * lex.yy.c, sudo.tab.c:
17921 Do signal setup before calling edit_sudoers(). Don't shadow the
17926 If a sudoers file includes other files, edit those too. Does not yes
17927 deal with creating the new includes files itself.
17931 init_parser now takes a path
17934 * parse.c, parse.h, parse.lex, parse.yacc:
17935 More scaffolding for dealing with multiple sudoers files: o
17936 init_parser() now takes a path used to populate the sudoers global
17937 o the sudoers global is used to print the correct file in yyerror()
17938 o when switching to a new sudoers file, perserve old file name and
17942 * Makefile.in, pathnames.h.in:
17943 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
17944 multiple sudoers files.
17948 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
17949 we start at the right file position when reading include files.
17961 Add max depth of 128 for the include stack to avoid loops.
17963 Since yyerror() doesn't stop parsing, pass return values back to
17964 yylex and call yyterminate() on error.
17967 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
17974 Mention PREVENTING SHELL ESCAPES section of sudoers man page
17977 * lex.yy.c, sudo.tab.c:
17982 Add support for #include in sudoers (visudo support TBD)
17986 make yyerror()'s argument const
17989 * testsudoers.c, visudo.c:
17990 Add open_sudoers() stubs.
17994 Rename check_sudoers() open_sudoers() and make it return a FILE *
17997 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
17999 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
18004 * Makefile.in, sudo.psf:
18005 Better HP-UX depot construction
18008 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
18011 o Made children global so check_exec() can lookup a child. o
18012 Replaced uid in struct childinfo with struct passwd * (for runas) o
18013 new_child() now takes a parent pid so the runas info can be
18014 inherited o Added find_child() to lookup a child by its pid o
18015 update_child() now fills in a struct passwd o Converted the big
18016 if/else mess in set_policy to a switch o Syscalls that change uid
18017 are now "ask" so we get SYSTR_MSG_UGID events
18021 Add flag to sudo_pwdup that indicates whether or not to lookup the
18022 shadow password. Will be used to a struct passwd that has the
18023 shadow password already filled in.
18027 add missing increment of addr in read_string()
18031 Remove bogus call to update_child() and some cosmetic fixes
18035 Don't leak /dev/systrace fd to tracee Make initialized global for
18036 simplicity If STRIOCATTACH returns EBUSY we are already being traced
18037 Check for user_args == NULL in setproctitle() call Add missing calls
18042 g/c sudo_pwdup proto
18045 * Makefile.in, sudo.psf:
18046 Add target for building a depot file
18053 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
18055 * lex.yy.c, sudo.tab.c, sudo.tab.h:
18060 document --with-systrace
18063 * config.h.in, configure, configure.in:
18064 Add check for setproctitle
18068 pass struct str_msg_ask in to syscall checker so it can set the
18073 systrace(4) support for sudo. On systems with the systrace(4)
18074 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
18075 intercept exec calls and check the exec args against the sudoers
18076 file. In other words, sudo can now control subcommands and shell
18081 Call systrace_attach() if FLAG_TRACE is set.
18084 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
18085 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
18089 Don't close sudoers_fp, keep it open and set close on exec flag
18093 * def_data.c, def_data.h, def_data.in:
18102 SunOS /bin/sh blows up with configure
18105 * configure, configure.in:
18106 Include sys/param.h before systrace.h
18118 line up options in --help
18121 * config.h.in, configure.in:
18122 Add --with-systrace
18125 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
18131 * aclocal.m4, configure.in:
18132 make this work with autoconf-2.59
18135 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
18138 Simplify logic around open & stat of files and do sanity on edited
18139 file even if we lack fstat (still racable but worth doing).
18142 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
18150 [b84ebfaf1552] [SUDO_1_6_8p1]
18153 more changes for 1.6.8p1
18160 * CHANGES, sudo_edit.c:
18161 Add sanity check so we don't try to edit something other than a
18165 2004-09-15 Aaron Spangler <aaron777@gmail.com>
18172 document --with-ldap-conf-file
18175 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
18177 * CHANGES, ins_csops.h:
18178 political correctness strikes again
18185 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
18187 * Makefile.binary.in, Makefile.in:
18188 Install sudoedit man link
18192 Update PAM note and mention where HP-UX users can download gcc
18197 libtool wants to install stuff from .libs so fake one up for binary
18201 * Makefile.binary.in:
18202 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
18206 Deal with "uname -m" having slashes in it rm -f old sudoedit link
18207 instead of using ln -f
18210 * Makefile.binary, Makefile.binary.in:
18211 Makefile.binary -> Makefile.binary.in for config.status substitution
18212 Add support for installing noexec bits
18216 Copy noexec bits into binary dists too No longer use my old arch
18217 script for making binary dists
18221 Install sudoedit link.
18224 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
18227 avoid __P so there is no need for compat.h to be included
18231 Don't use HAVE_UTIME_H before including config.h.
18234 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
18237 Fix Solatis futimes macro
18240 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
18243 Rename ots -> omtim for improved readability.
18246 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
18249 Redo changes in revision 1.7. Don't really need to keep the temp
18250 file open; re-opening it with the invoking user's euid is
18258 * sudo.cat, sudo.man.in:
18263 back out revision 1.70; it is no long applicable
18267 Let the loader initialize nep
18270 * config.h.in, configure, configure.in:
18271 Removed unneed check for fchown Add check for gettimeofday Move
18272 autoheader template stuff into separate AH_TEMPLATE lines
18275 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
18276 Use timespec throughout.
18284 function to return the current time in a struct timespec
18288 Not a darpa-sponsored file.
18291 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
18293 * compat.h, config.h.in, configure, configure.in:
18294 Add a check for struct timespec and provide it for those without.
18297 * config.h.in, configure, configure.in, sudo_edit.c:
18298 Add checks for st_mtim and st_mtimespec and add macros for pulling
18299 the mtime sec and nsec out of struct stat. These are used in
18300 sudo_edit() to better tell whether or not the file has changed.
18303 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
18304 Add an extra param to touch() for nsec
18308 Call mkstemp() as the in invoking user so we don't have to chown the
18309 file later. Only touch() the temp file if we can do it via the file
18310 descriptor. Don't check for modification of the temp file if we lack
18311 fstat(). Catch errors read()ing the temp file.
18315 If path is NULL and fd == -1 return -1.
18319 closefrom() is overkill, the only extra fds are the ones we opened
18320 so just close those in the child.
18323 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
18324 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
18326 Use utimes() and futimes() instead of utime() in touch(), emulating
18327 as needed. Not all systems are able to support setting the times of
18328 an fd so touch() takes both an fd and a file name as arguments.
18331 2004-09-07 Aaron Spangler <aaron777@gmail.com>
18337 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
18339 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18344 * sudo.pod, sudoers.pod, visudo.pod:
18345 Add SUPPORT section and re-order some of the sections to match the
18346 order we use in OpenBSD.
18349 2004-09-06 Aaron Spangler <aaron777@gmail.com>
18352 Openldap ~/.ldaprc fix
18355 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
18358 Talk about how the editor must write its changes to the original
18359 file and not just use rename(2).
18367 Keep the temp file open instead of re-opening after the editor has
18372 Update for current redhat/fedora core.
18375 2004-09-03 Aaron Spangler <aaron777@gmail.com>
18381 2004-09-02 Aaron Spangler <aaron777@gmail.com>
18384 config tls_* options
18387 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
18389 * configure, configure.in:
18390 No need for -lcrypt when using pam.
18393 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
18399 2004-08-27 Aaron Spangler <aaron777@gmail.com>
18401 * configure.in, ldap.c, pathnames.h.in:
18402 Allow --with-ldap-conf-file option to override LDAP_CONF
18406 cleanup debug message
18409 2004-08-26 Aaron Spangler <aaron777@gmail.com>
18415 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
18417 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
18418 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
18419 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
18420 longer use gross statics in command_matches(). Also rename some
18421 variables for improved clarity.
18424 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
18427 document HP's crippled compiler deficiency.
18431 Fix some thinkos in --with-editor and --with-env-editor
18432 descriptions. Noticed by Norihiko Murase.
18435 * configure, configure.in:
18436 --with-noexec takes an optional PATH argument.
18440 document --with-noexec
18443 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
18447 [f2503bd13373] [SUDO_1_6_8]
18450 Better warning message when sudoedit is unable to write to the
18454 * sudo.cat, sudo.man.in:
18459 Don't italicize the string "sudoedit"
18462 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
18468 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
18475 Reset used_runas to FALSE when re-intializing the parser.
18478 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
18481 Correct OpenBSD mips support
18488 2004-08-07 Aaron Spangler <aaron777@gmail.com>
18491 More behavior notes
18495 Updates on current behavior
18498 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
18501 =back does not take an indentlevel (makes no difference to formatted
18506 =back does not take an indentlevel (makes no difference to formatted
18515 Consistency. Use same error for bad -u #uid when targetpw is set as
18516 we do when a bad -u username is specified.
18520 Add checksum idea from Steve Mancini
18523 * sudoers.cat, sudoers.man.in:
18527 * sudo.cat, sudo.man.in:
18531 * sudo.pod, sudoers.pod:
18532 Document the restriction on uids specified via -u when targetpw is
18537 Error out when targetpw is enabled and sudo is run with -u #uid but
18538 #uid does not exist in the passwd database. We can't do target
18539 authentication when the target is not in passwd!
18542 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
18547 Some more todo for the next release.
18551 Make it clear that PAM should be used for DCE support when possible.
18555 o Document problems with wildcards and relative paths. o Make the
18556 order requirements more prominent. o Change a "set" to "reset" for
18560 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
18563 Mention --with-secure-path, not SECURE_PATH.
18566 2004-08-03 Aaron Spangler <aaron777@gmail.com>
18569 reflect changes to parse.c
18572 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
18578 * parse.c, parse.h, testsudoers.c, visudo.c:
18579 Don't pass user_cmnd and user_args to command_matches(), just use
18580 the globals there. Since we keep state with statics anyway it is
18581 misleading to pretend that passing in different cmnd and cmnd_args
18586 Don't pass user_cmnd and user_args to command_matches(), just use
18587 the globals there. Since we keep state with statics anyway it is
18588 misleading to pretend that passing in different cmnd and cmnd_args
18593 Fix a bug introduced in rev. 1.149. When checking for pseudo-
18594 commands check for a '/' anywhere in cmnd, not just the first
18598 2004-07-31 Aaron Spangler <aaron777@gmail.com>
18600 * sudo.man.in, sudo.pod:
18601 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
18604 * sudoers.man.in, sudoers.pod:
18605 Add ignore_local_sudoers
18609 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
18613 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
18619 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
18626 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
18627 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
18630 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
18636 2004-07-08 Aaron Spangler <aaron777@gmail.com>
18639 Better debugging of ALL command
18642 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
18645 When matching for "sudoedit" in sudoers check both the command the
18646 user typed *and* the command that is listed in the sudoers entry.
18649 2004-07-04 Aaron Spangler <aaron777@gmail.com>
18652 Added !command feature
18655 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
18658 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
18661 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
18664 License is ISC-style, not BSD-style
18671 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
18673 * sudo.cat, sudo.man.in:
18678 o Update some out of date bits to reality o Change the shell promt
18679 in examples to bourne-shell style o Clarify some details o Add a
18680 CAVEAT about "sudo cd /foo"
18684 Don't ask for a password if invoking user == target user.
18691 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
18693 * sudoers.cat, sudoers.man.in:
18698 Expand on NOEXEC a little.
18705 * visudo.cat, visudo.man.in:
18714 Add a check in visudo for runas_default being set after it has
18718 * CHANGES, parse.yacc, visudo.c:
18719 Add a check in visudo for runas_default being set after it has
18728 Add a MATCHED macro for testing whether foo_matches has been set to
18729 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
18730 Doesn't change the actual code generated.
18733 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
18744 Correct description of where Defaults specs should go.
18748 Correct description of where Defaults specs should go.
18751 * testsudoers.c, visudo.c:
18771 * auth/bsdauth.c, auth/kerb5.c:
18775 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
18781 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
18782 Remove trailing spaces, no actual code changes.
18786 Remove trailing spaces, no actual code changes.
18789 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
18790 Remove trailing spaces, no actual code changes.
18794 Remove trailing spaces, no actual code changes.
18798 Remove trailing spaces, no actual code changes.
18801 * compat.h, defaults.c, env.c:
18802 Remove trailing spaces, no actual code changes.
18806 Remove trailing spaces, no actual code changes.
18814 Fix a >=0 that should be <0 that was improperly converted when
18819 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
18820 NOMATCH when resetting it.
18824 Fix pastos introduced in SETNMATCH addition.
18827 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
18830 Update for configure changes
18838 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
18839 these in parse.yacc. Also in parse.yacc initialize the *_matches
18840 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
18841 when setting *_matches to a value that may be
18842 NOMATCH/UNSPEC/TRUE/FALSE.
18846 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
18847 these in parse.yacc. Also in parse.yacc initialize the *_matches
18848 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
18849 when setting *_matches to a value that may be
18850 NOMATCH/UNSPEC/TRUE/FALSE.
18854 Initialize runas to -2, not -1 since we need to be able to
18855 distinguish between the initialized value and the value of a non-
18856 match when passing along the runas value to multiple commands.
18858 The result of this is that an unmatched runas is now set to -1, not
18859 0. This is required now that parse.c treats a FALSE value for runas
18860 as being explicitly denied.
18863 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
18865 * sudo.c, visudo.c:
18866 Error out if argc < 1.
18870 Error out if argc < 1.
18873 * configure, configure.in:
18874 Add tests for what libs we need to link with for ldap and for
18875 whether or not lber.h needs to be explicitly included.
18878 2004-06-03 Aaron Spangler <aaron777@gmail.com>
18881 Solaris native LDAP build fix
18884 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
18887 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
18892 Add prototype for sudo_ldap_list_matches
18895 * configure, configure.in:
18896 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
18897 version too. Added check for dd_fd in `DIR' if no dirfd is found;
18898 this is now used to confitionally define the dirfd macro in
18903 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
18904 version too. Added check for dd_fd in `DIR' if no dirfd is found;
18905 this is now used to confitionally define the dirfd macro in
18910 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
18911 version too. Added check for dd_fd in `DIR' if no dirfd is found;
18912 this is now used to confitionally define the dirfd macro in
18917 Only check /proc/$$/fd if we have the dirfd function/macro.
18920 * compat.h, config.h.in, configure, configure.in:
18921 Add a check for a dirfd() function (like Linux) and add a dirfd
18922 macro in compat.h if there is no dirfd() function or macro.
18925 * closefrom.c, getcwd.c:
18926 dirfd() is now defined in compat.h as needed.
18930 Clarify closefrom() note.
18934 When checking for a command in the directory, only copy the base dir
18939 If there is a /proc/$$/fd directory, behave like the Solaris
18940 closefrom() and only close the descriptors listed therein.
18944 compat.h guarantees INT_MAX is defined.
18948 Add definitions of OPEN_MAX and INT_MAX for those without it and
18949 remove definition of RLIM_INFINITY (now unused).
18952 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
18953 sudo.c, sudo.h, visudo.c:
18954 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
18957 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
18964 Add some entries that were mailed in a while ago
18968 o sysconf returns a long, not an int. o check for negative return
18969 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
18970 define OPEN_MAX to 256 for those without it (a fair guess...)
18973 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
18976 Mention change in parse order for RunAs entries.
18983 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
18985 * INSTALL, README.LDAP, config.h.in, configure.in:
18986 o --with-ldap now takes an optional dir as a parameter o added
18987 check for ldap_initialize() and start_tls_s()
18991 Fix some typos, word choice and formatting issues.
18994 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
18997 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
18998 read/write as it is simpler.
19001 * configure, configure.in:
19002 Remove hack overriding cross-compiler check. It should no longer be
19007 Remove select() compat bits since we no longer use select().
19010 * CHANGES, tgetpass.c:
19011 Use alarm() instead of select() for the timeout for systems that
19012 don't fully/properly implement select().
19015 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
19026 Deal with systems that have no way of setting the effective uid such
19030 * configure, configure.in:
19031 Define NO_SAVED_IDS if we don't find seteuid()
19034 * config.h.in, configure, configure.in:
19035 Add back check for setreuid() since NSK doesn't have it.
19038 * sudoers.cat, sudoers.man.in:
19051 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
19052 explicitly denied and the command matched. This fixes a long-
19053 standing bug and makes: foo machine = (ALL) /usr/bin/blah
19054 foo machine = (!bar) /usr/bin/blah
19056 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
19060 Clarify mail_noperm
19063 2004-05-20 Aaron Spangler <aaron777@gmail.com>
19066 Missing DESTDIR in make install for sudo_noexec.la
19069 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
19071 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
19081 Remove fastboot/fasthalt (who still remembers these?) and add a
19082 minimal sudoedit example.
19086 Remove fastboot/fasthalt (who still remembers these?) and add a
19087 minimal sudoedit example.
19090 * UPGRADE, sudo.c, visudo.c:
19091 filesystem -> file system
19095 filesystem -> file system
19098 * CHANGES, INSTALL:
19099 filesystem -> file system
19102 * sudo.pod, sudoers.pod:
19103 Fix some minor typos and formatting goofs
19111 remove my email addr
19114 * sudo.pod, sudoers.pod, visudo.pod:
19115 Use @mansectform@ and @mansectsu@ everywhere Make man page
19116 references links with L<>
19120 Accept quoted globbing characters and pass them verbatim for
19125 Document that /tmp/.odus is gone.
19129 No longer use /tmp/.odus as a possible timestamp dir unless
19130 specifically configured to do so. Instead, if no /var/run exists,
19131 use /var/adm/sudo or /usr/adm/sudo.
19135 No longer use /tmp/.odus as a possible timestamp dir unless
19136 specifically configured to do so. Instead, if no /var/run exists,
19137 use /var/adm/sudo or /usr/adm/sudo.
19141 No longer use /tmp/.odus as a possible timestamp dir unless
19142 specifically configured to do so. Instead, if no /var/run exists,
19143 use /var/adm/sudo or /usr/adm/sudo.
19147 No longer use /tmp/.odus as a possible timestamp dir unless
19148 specifically configured to do so. Instead, if no /var/run exists,
19149 use /var/adm/sudo or /usr/adm/sudo.
19152 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
19153 Preliminary changes to support nsr-tandem-nsk. Based on patches
19158 Preliminary changes to support nsr-tandem-nsk. Based on patches
19162 * check.c, compat.h:
19163 Preliminary changes to support nsr-tandem-nsk. Based on patches
19167 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
19170 There was no 1.6.7p6.
19178 add missing files to DISTFILES
19181 * sudo.cat, sudoers.cat, visudo.cat:
19190 Fix some line wrap and update (c) year
19193 2004-04-28 Aaron Spangler <aaron777@gmail.com>
19199 2004-04-07 Aaron Spangler <aaron777@gmail.com>
19205 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
19212 In Exit() when used as a signal handler, emsg is a pointer so
19213 sizeof() is wrong so make it a #define instead. Also avoid using a
19214 negative exit value. Found by Aaron Campbell
19217 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
19220 Remove bogus sentence about uids in a User_List. Document usernames
19221 vs. uid parsing in a Runas_List.
19224 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
19225 If the user specified a uid with the -u flag and the uid exists in
19226 the passwd file, set runas_user to the name, not the uid.
19228 When comparing usernames in sudoers, if a name is really a uid
19229 (starts with '#') compare it numerically to pw_uid.
19232 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
19235 krb5_mcc_ops should be const; Johnny C. Lam
19238 2004-02-28 Aaron Spangler <aaron777@gmail.com>
19240 * CHANGES, config.h.in, ldap.c:
19241 Added start_tls support
19244 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
19247 Clean up libtool stuff for 'make distclean' and add def_data.c,
19248 def_data.h to PARSESRCS.
19251 2004-02-14 Aaron Spangler <aaron777@gmail.com>
19253 * strlcat.c, strlcpy.c:
19254 Un-Fix last license munge
19257 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19263 * CHANGES, RUNSON, TODO:
19267 * lex.yy.c, sudo.tab.c:
19271 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
19272 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
19273 emul/search.h, emul/utime.h:
19274 More to a less restrictive, ISC-style license.
19277 * auth/kerb5.c, auth/pam.c:
19278 More to a less restrictive, ISC-style license.
19281 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
19282 More to a less restrictive, ISC-style license.
19286 More to a less restrictive, ISC-style license.
19289 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
19290 More to a less restrictive, ISC-style license.
19293 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
19294 visudo.man.in, visudo.pod:
19295 More to a less restrictive, ISC-style license.
19299 More to a less restrictive, ISC-style license.
19302 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
19304 More to a less restrictive, ISC-style license.
19307 * sigaction.c, strerror.c:
19308 More to a less restrictive, ISC-style license.
19311 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
19313 More to a less restrictive, ISC-style license.
19316 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
19317 ins_goons.h, insults.h, interfaces.c, interfaces.h:
19318 More to a less restrictive, ISC-style license.
19321 * find_path.c, getprogname.c:
19322 More to a less restrictive, ISC-style license.
19326 More to a less restrictive, ISC-style license.
19330 More to a less restrictive, ISC-style license.
19334 More to a less restrictive, ISC-style license.
19337 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
19339 More to a less restrictive, ISC-style license.
19342 * utime.c, version.h:
19343 More to a less restrictive, ISC-style license.
19346 * parse.lex, parse.yacc:
19347 More to a less restrictive, ISC-style license.
19351 More to a less restrictive, ISC-style license.
19354 2004-02-13 Aaron Spangler <aaron777@gmail.com>
19357 Merged in LDAP Support
19360 * ldap.c, sudo.c, sudo.h:
19361 Merged in LDAP Support
19364 * def_data.c, def_data.h, def_data.in:
19365 Merged in LDAP Support
19368 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
19369 Merged in LDAP Support
19372 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
19374 * sudo.h, sudo_noexec.c:
19375 Only do "extern int errno" if errno is not a macro.
19378 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19381 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
19382 euid first, then just call setuid(0) to set the real uid too.
19386 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
19387 instead of seteuid() which may not exist.
19390 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19396 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
19397 Add --with-pc-insults configure option
19401 Prefer VISUAL over EDITOR like old vipw did.
19404 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
19406 * sudo.man.in, sudoers.man.in:
19411 Add a note that noexec is not a cure-all.
19415 Mention that disabling "root_sudo" is pretty pointless.
19418 * configure, configure.in:
19419 Substitute for root_sudo in sudoers.pod
19423 Add sudoedit to the NAME section
19427 Document that fact that setting ignore_dot in sudoers has no effect
19428 due to the fact that find_path() is called *before* sudoers is read.
19431 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
19434 Do not require _PATH_USRTMP to be set.
19437 * BUGS, CHANGES, TODO:
19446 Clarify that when sudo is run by root with the SUDO_USER variable
19447 set, the sudoers lookup happens for root and not the SUDO_USER user.
19450 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
19452 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
19453 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
19454 Use the SET, CLR and ISSET macros.
19458 Use the SET, CLR and ISSET macros.
19461 * defaults.c, env.c:
19462 Use the SET, CLR and ISSET macros.
19466 MAIN was replaced with _SUDO_MAIN some time ago.
19470 Don't look at prev_user until after we've parsed sudoers and done
19471 the password check. That way, if sudo/sudoedit is run from a root
19472 process that was invoked by sudo, we check sudoers for root, not the
19473 previous user. This makes sudoedit much more useful and means that
19474 for the sudo case, we get correct logging on who actually ran the
19478 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
19481 Add a comment describing why we need to be notified about our child
19485 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
19487 * def_data.c, def_data.in:
19488 Update the noexec variable descriptions
19491 * sudoers.man.in, sudoers.pod:
19492 noexec now replaces more than just execve()
19496 Alas, all the world does not go through execve(2). Many systems
19497 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
19498 and it is not uncommon for libc to have underscore ('_') versions of
19499 the functions to be used internally by the library. Instead of
19500 stubbing all these out by hand, define a macro and let it do the
19501 work. Extra exec functions pointed out by Reznic Valery.
19504 * sudo.c, sudo_edit.c:
19505 Fix suspending the editor in -e mode. Because we do a fork() first
19506 we need to be notified when the child has been stopped and then send
19507 that same signal to ourself so the shell can do its job control
19512 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
19513 there that want to run sudo that still don't support these we can
19514 try to deal with that later.
19521 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
19522 Document sudo -e / sudoedit
19525 * configure, configure.in:
19529 * config.h.in, configure.in:
19533 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19536 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
19537 long usage() line to not wrap (assumes 80 char display)
19540 * Makefile.in, sudo.c:
19541 If sudo is invoked as "sudoedit" the -e flag is implied and no other
19542 flags are permitted.
19546 Add a new flag, -e, that makes it possible to give users the ability
19547 to edit files with the editor of their choice as the invoking user,
19548 not the runas user. Temporary files are used for the actual edit
19549 and the temp file is copied over the original after the editor is
19553 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
19554 Add a new flag, -e, that makes it possible to give users the ability
19555 to edit files with the editor of their choice as the invoking user,
19556 not the runas user. Temporary files are used for the actual edit
19557 and the temp file is copied over the original after the editor is
19562 If real uid == 0 and the SUDO_USER environment variables is set, use
19563 that to determine the invoking user's true identity. That way the
19564 proper info gets logged by someone who has done "sudo su" but still
19565 uses sudo to as root. We can't do this for non-root users since
19566 that would open up a security hole, though perhaps it would be
19567 acceptable to use getlogin(2) on OSes where this a system call (and
19568 doesn't just look in the utmp file).
19572 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
19575 * config.h.in, configure, configure.in:
19576 Add check for fchown(2)
19579 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19582 Back out portions of the -i commit that set NewArgv[0] in
19583 set_runaspw. It is far to late to set NewArgv[0] there and will have
19584 no effect anyway as cmnd and safe_cmnd have already been set.
19587 * visudo.c, visudo.pod:
19588 Prefer VISUAL over EDITOR like old vipw did.
19591 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
19594 In -i mode always set new environment based on the runas user's
19598 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19600 * sudo.man.in, sudo.pod:
19601 Document the new -i flag and sync SYNOPSIS section with usage() in
19602 sudo.c. Also sort the flags in the OPTIONS section.
19606 o Add -i that acts similar to "su -", based on patches from David J.
19607 MacKenzie o Sort the flags in the usage message
19610 * sudoers.man.in, sudoers.pod:
19611 Add a missing @runas_default@ substitution.
19614 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19617 Change euid to runas user before calling find_path().
19618 Unfortunately, though runas_user can be modified in sudoers we
19619 haven't parsed sudoers yet.
19622 * sudoers.man.in, sudoers.pod:
19623 Add missing defintion of Parameter_List and use single pipes in the
19624 Defaults EBNF definition.
19628 Fix a bug when set_runaspw() is used as a callback. We don't want
19629 to reset the contents of runas_pw if the user specified a user via
19632 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
19633 already have the info in runas_pw.
19636 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19639 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
19643 Update sudo_getepw() proto and add one for set_runaspw()
19647 If we can't stat the command as root, try as the runas user instead.
19650 * testsudoers.c, visudo.c:
19651 Add stub set_runaspw() function
19655 Add set_runaspw() function to fill in runas_pw. This will be used
19656 as a callback to update runas_pw when the runas user changes.
19660 PERM_RUNAS -> PERM_FULL_RUNAS
19663 * set_perms.c, sudo.h:
19664 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
19669 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
19670 one chunk for easy free()ing. Also change it from static to extern.
19673 * defaults.c, defaults.h:
19674 Add callback support
19678 Add a callback field and use it for runas_default
19681 * def_data.c, def_data.in:
19682 Add a callback field and use it for runas_default
19685 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19688 Add support for chalnecho and display server responses used by fwtk
19692 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
19694 * sudoers.man.in, sudoers.pod:
19695 ld.so is ld.so.1 on solaris
19698 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
19699 Use closefrom() instead of doing the equivalent inline.
19703 closefrom(3) for systems w/o it
19706 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19709 Update from .pod file.
19712 * configure, configure.in:
19713 Substitute noexec_file for the sudoers man page
19716 * sudo.man.in, sudo.pod:
19720 * sudoers.man.in, sudoers.pod:
19724 * auth/pam.c, config.h.in, configure.in:
19725 Move PAM_CONST macro definition from config.h to pam.c where it
19726 belongs. We can't have this in config.h since that gets included too
19730 * auth/pam.c, config.h.in, configure, configure.in:
19731 Some PAM implementations put their headers in /usr/include/pam
19732 instead of /usr/include/security.
19736 I missed changing the EXEC macro -> EXECV here when I changed this
19737 in config.h.in and sudo.c a while ago.
19741 OpenBSD vax/m88k/hppa don't do shared libs
19744 * configure, configure.in:
19745 o merge the hpux case entries into a single entry w/ its own sub-
19746 case statement. o HP-UX >= 11 support getspnam(), use it in
19747 preference to getprpwuid()
19750 * configure, configure.in:
19751 eval $shrext so that it expands nicely on MacOS X
19755 Don't lie about making a module, it does the wrong thing on mach
19759 Remove requirement that libs must begin with "lib". They don't when
19760 we point directly at the lib using LD_PRELOAD or its equivalent.
19764 Disable support for c++, f77 and java. We don't need it, it takes a
19765 lot of time, and it hosed our check for shared lib support.
19773 Call AC_ENABLE_SHARED and check the status of enable_shared to know
19774 when shared libs are available.
19778 Duh, OpenBSD suports shared libs too
19781 * config.h.in, configure.in:
19782 Only OpenPAM and Linux PAM use const qualifiers.
19785 * configure, configure.in:
19786 o No need to check for sed, libtool config does that for us o move
19787 check for --with-noexec until after libtool magic is run so we can
19788 use $can_build_shared and $shrext
19792 Don't print a bunch of crap about library installs since we are not
19793 really installing a library.
19797 Make format_env() varargs Add noexec support for Darwin, MacOS X,
19801 * acsite.m4, ltconfig, ltmain.sh:
19802 Update to libtool 1.5 with local changes: o no ldconfig in the
19803 finish step o assume no libprefix or version is needed
19807 Fix compilation under K&R
19810 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
19817 stub execve() that just returns EACCES; used for noexec
19822 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
19827 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
19831 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
19833 * def_data.c, def_data.h, def_data.in:
19834 Move the environment defaults to the end and shorten a few of the
19838 * configure, configure.in:
19839 no shared libs on ultris or convexos
19842 * Makefile.in, configure, configure.in:
19843 Build sudo_noexec shared object using libtool; could use some
19847 * acsite.m4, ltconfig, ltmain.sh:
19848 libtool scaffolding
19851 * parse.yacc, sudo.tab.c:
19852 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
19856 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
19857 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
19858 update copyright year
19861 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
19862 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
19863 option. The default value of noexec_file is set to this.
19866 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
19867 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
19869 Add support for preloading a shared object containing a dummy
19870 execve() function that just sets error and returns -1. This adds a
19871 "noexec_file" option to load the filename as well as a "noexec" flag
19872 to enable it unconditionally. There is also a NOEXEC tag that can
19873 be attached to specific commands and an EXEC tag to disable it.
19877 add missing newline to usage statement
19880 * config.h.in, sudo.c:
19881 Rename EXEC macro -> EXECV
19885 Don't truncate usernames to 8 characters in the log message.
19888 * check.c, sudoers.man.in, sudoers.pod:
19889 Update copyright year
19892 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
19894 Add a new option, lecture_file, that can be used to point to a
19895 custom sudo lecture.
19898 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
19900 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
19902 Add a zero_bytes() function to do the equivalent of bzero in such a
19903 way that will heopfully not be optimized away by sneaky compilers.
19907 Add a zero_bytes() function to do the equivalent of bzero in such a
19908 way that will heopfully not be optimized away by sneaky compilers.
19911 * Makefile.in, sudo.h:
19912 Add a zero_bytes() function to do the equivalent of bzero in such a
19913 way that will heopfully not be optimized away by sneaky compilers.
19917 Use #ifdef __STDC__, not #if __STDC__.
19920 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
19923 Always put at least one space between the def_* macro name and its
19927 * configure, configure.in:
19928 Adjust code for --without-lecture to match new values.
19932 regen after pasto fix
19935 * sudoers.man.in, sudoers.pod:
19936 Document that "lecture" has changed from a flag to a tuple.
19939 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
19940 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
19941 Add support for tuples in def_data.in; these are implemented as an
19942 enum type. Currently there is only a single tuple enum but in the
19943 future we may have one tuple enum per T_TUPLE entry in def_data.in.
19944 Currently listpw, verifypw and lecture are tuples. This avoids the
19945 need to have two entries (one ival, one str) for pwflags and syslog
19948 lecture is now a tuple with the following values: never, once,
19951 We no longer use both an int and string entry for syslog facilities
19952 and priorities. Instead, there are logfac2str() and logpri2str()
19953 functions that get used when we need to print the string values.
19956 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
19957 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
19958 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
19959 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
19960 sudo.tab.c, visudo.c:
19961 Create def_* macros for each defaults value so we no longer need the
19962 def_{flag,ival,str,list,mode} macros (which have been removed). This
19963 is a step toward more flexible data types in def_data.in.
19970 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
19973 If we are in -k/-K mode, just spew to stderr. It is not unusual for
19974 users to place "sudo -k" in a .logout file which can cause sudo to
19975 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
19976 Previously, this would result in useless mail and logging.
19979 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
19982 fix pasto in VISUAL description
19985 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
19996 Some OSes (like Solaris) allow export w/ nosuid too
19999 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
20002 We don't use FD_ZERO anymore so just define FD_SET (if not already
20006 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
20009 Fix a core dump on Solaris by preserving the pam_handle_t we used
20010 during authentication for pam_prep_user(). If we didn't
20011 authenticate (ie: ticket still valid), we call pam_init() from
20012 pam_prep_user(). This is something of a hack; it may be better to
20013 change the auth API and add an auth_final() function that acts like
20017 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
20020 Add explicit declaration of printerr variable in function header
20021 (was defaulting to int which is OK but oh so K&R :-). From Theo.
20024 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
20026 * config.h.in, configure.in:
20027 s/HAVE_STOW/USE_STOW/
20031 Also exit waitpid() loop when pid == 0. Fixes a problem where the
20032 sudo process would spin eating up CPU until sendmail finished when
20033 it has to send mail.
20036 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
20039 Remove advertising clause, UCB has disavowed it
20043 Remove advertising clause, UCB has disavowed it
20046 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
20049 Don't assume that getgrnam() calls don't modify contents of struct
20050 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
20051 Based on a patch from Kirk Webb.
20054 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
20061 darwin has a broken setreuid() in at least some versions
20065 Fix an off by one error when reallocating the environment; Kevin Pye
20068 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
20071 Fix User_Spec definition; SEKINE Tatsuo
20074 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
20077 More info on the early days from Coggs.
20080 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
20083 remove errant semicolon that prevented compilation under heimdal
20086 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
20088 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
20089 add DARPA credit on affected files
20093 add DARPA credit on affected files
20096 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
20098 add DARPA credit on affected files
20102 add DARPA credit on affected files
20106 add DARPA credit on affected files
20109 * logging.c, parse.c:
20110 add DARPA credit on affected files
20113 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
20114 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
20115 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
20117 add DARPA credit on affected files
20120 * auth/kerb5.c, auth/pam.c:
20121 add DARPA credit on affected files
20124 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
20125 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
20127 add DARPA credit on affected files
20131 add DARPA credit on affected files
20134 * defaults.c, defaults.h:
20135 add DARPA credit on affected files
20139 add DARPA credit on affected files
20142 * Makefile.in, alloc.c, check.c:
20143 add DARPA credit on affected files
20147 slightly different wording for the darpa credit
20150 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
20156 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
20159 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
20160 Kerberos like we did before I messed things up ;-)
20162 Use krb5_principal_get_comp_string() to do the same thing w/
20163 Heimdal. I'm not sure if the component should be 0 or 1 in this
20166 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
20167 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
20168 should be a configure check for this I guess.
20171 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
20174 builtin -> built-in; Jason McIntyre
20177 * TROUBLESHOOTING, config.h.in, configure, configure.in:
20178 builtin -> built-in; Jason McIntyre
20182 built in -> built-in; Jason McIntyre
20185 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
20188 checkpoint for 1.6.7p3
20192 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
20193 Amazingly, sudo source from 1985 is available via groups.google.com
20197 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
20198 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
20199 RLIMIT_CORE restoration on some OSes.
20202 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
20205 Make this compile on Heimdal and MIT Kerberos 5
20208 * config.h.in, configure, configure.in:
20209 Check for heimdal even if we found krb5-config and define
20214 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
20215 no longer defined by MIT kerb5 (though it used to be and indeed
20216 remains so in Heimdal).
20219 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
20222 Remove newer stuff that passes multiple (possibly duplicate)
20223 directories to "mkdir -p" since that seems to break on Tru64 Unix at
20224 least. This basically brings back what shipped with sudo 1.6.6.
20227 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
20230 Correct number of args to krb5_principal_get_realm() and fix an
20231 unclosed comment that hid the bug.
20258 * CHANGES, version.h:
20267 use krb5-config to determine Kerberos V details if it exists
20270 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
20271 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
20272 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
20273 testsudoers.c, visudo.c:
20274 Use warn/err and getprogname() throughout. The main exception is
20275 openlog(). Since the admin may be filtering logs based on the
20276 program name in the log files, hard code this to "sudo".
20280 Add getprogname.c and err.c
20287 * config.h.in, configure.in:
20288 Add checks for getprognam(), __progname and err.h
20292 For systems withour err/warn functions.
20296 For systems withour err/warn functions.
20300 For systems neither getprogname() nor __progname; uses Argv[0].
20303 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
20306 checkpoint for 1.6.7p1
20309 * sudo.c, testsudoers.c:
20310 fix strlcpy() rval check (innocuous)
20314 oflow detection in expand_prompt() was faulty (false positives). The
20315 count was based on strlcat() return value which includes the length
20316 of the entire string.
20319 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
20322 checkpoint for the sudo 1.6.7 release
20323 [096bab4da29a] [SUDO_1_6_7]
20326 checkpoint for the sudo 1.6.7 release
20329 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
20332 g/c unused variable
20340 use man sections 8 and 5 for csops
20343 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
20350 Add -lskey or -lopie directly to SUDO_LIBS instead of having
20351 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
20359 Add --with-blibpath for AIX. An alternate libpath may be specified
20361 -blibpath support can be disabled. Also change conifgure such that
20362 -blibpath is not specified if no -L libpaths were added to
20367 Add --with-blibpath for AIX. An alternate libpath may be specified
20369 -blibpath support can be disabled. Also change conifgure such that
20370 -blibpath is not specified if no -L libpaths were added to
20375 Add --with-blibpath for AIX. An alternate libpath may be specified
20377 -blibpath support can be disabled. Also change conifgure such that
20378 -blibpath is not specified if no -L libpaths were added to
20383 add AIX blibpath support
20386 * INSTALL, configure.in:
20387 --with-skey and --with-opie now take an option directory argument
20388 This obsoletes a --with-csops hack (/tools/cs/skey)
20390 Also remove the remaining direct uses of "echo"
20393 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
20396 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
20397 for KTH Kerberos IV and V.
20401 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
20402 -R/path/to/dir if $with_rpath) to the specified variable.
20405 * INSTALL, configure.in:
20406 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
20407 option, --with-rpath to control this behavior.
20411 for kerb4 put libdes after libkrb on the link line
20419 fix kerberos lib check when a path is specified
20423 Fix boolean thinko in SIGCHLD reaper and call reapchild after
20424 sending mail instead of doing a conditional sudo_waitpid.
20427 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
20434 replace =DIR with [=DIR] where sensible
20438 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
20439 detection based on openssh's configure.in
20443 --with-kerb4 and --with-kerb5 now take an optional argument.
20446 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
20449 Kill remaining strcpy(), the programmer's guide says username is 32
20454 trat uid_t as unsigned long for printf and use snprintf, not sprintf
20461 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
20463 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
20464 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
20465 auth/rfc1938.c, auth/sudo_auth.c:
20466 update copyright year
20469 * sudo.man.in, sudoers.man.in, visudo.man.in:
20470 update copyright year
20473 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
20474 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
20475 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
20476 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
20477 update copyright year
20480 * check.c, env.c, sudo.c:
20481 Cast [ug]ids to unsigned long and printf with %lu
20489 correct error messages for --with-sudoers-{mode,uid,gid}
20493 make the malloc(0) error specific to each function to aid tracking
20498 deal with platforms where size_t is signed and there is no SIZE_MAX
20503 Make this compile w/ Heimdal and fix some gcc warnings.
20507 Use stat_sudoers macro so --with-stow can work
20510 * INSTALL, config.h.in, configure, configure.in:
20511 Add support for --with-stow based on patches from Robert Uhl
20527 use strlcpy, not strncpy
20531 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
20538 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
20540 * strlcat.c, strlcpy.c:
20541 Make gcc shutup about unused rcsid
20545 Move the n == 0 check for the non-getifaddrs cas
20549 skeychallenge() on NetBSD take a size parameter
20557 put -ldl after -lpam, not before; fixes static linking on Linux
20561 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
20565 * sudo.cat, sudoers.cat, visudo.cat:
20569 * sudo.man.in, sudoers.man.in, visudo.man.in:
20574 Preserve copyright notice from .pod file in .man.in file
20578 Add sudoers(5) to SEE ALSO
20581 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
20588 Don't assume libc can realloc() a NULL string. If malloc/realloc
20589 fails, make sure we just return; yyerror() is not terminal.
20597 simplify fill_args a little and use strlcpy for paranoia
20604 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
20606 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
20607 cases the strings were either pre-allocated to the correct size of
20608 length checks were done before the copy but a little paranoia can go
20613 Add strlc{at,py} protos
20616 * env.c, interfaces.c:
20625 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
20626 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
20630 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
20635 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
20638 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
20641 Use snprintf() for paranoia
20645 Use emalloc2 and erealloc3
20649 strlc{at,py} for those w/o it
20652 * strlcat.c, strlcpy.c:
20653 stlc{at,py} for those w/o it.
20656 * config.h.in, configure, configure.in:
20657 Add stlc{at,py} for those w/o it.
20661 Add erealloc3(), a realloc() version of emalloc2().
20664 * interfaces.c, sudo.c:
20665 Use emalloc2() to allocate N things of a certain size.
20669 Add emalloc2() -- like calloc() but w/o the bzero and with
20670 error/oflow checking.
20674 Error out on malloc(0); suggested by theo
20677 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
20679 * configure, configure.in:
20680 fix a typo; David Krause
20683 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
20689 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
20692 Remove DYLD_ from the environment for MacOS X; from bbraun
20695 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
20697 * config.h.in, configure.in:
20698 not not; Anil Madhavapeddy
20701 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
20703 * sudo.pod, sudoers.pod, visudo.pod:
20704 typos; jmc@openbsd.org
20707 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
20710 Add some missing ';' rule terminators that bison warns about.
20714 fix typo I introduced in last merge
20718 regenerate with autoconf 2.57
20722 Add missing "$HOME"
20726 Add some more square backets to make autoconf 2.57 happy
20729 * config.sub, mkinstalldirs:
20730 Updates from autoconf-2.57
20734 Updates from autoconf-2.57
20737 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
20743 * lex.yy.c, sudo.tab.c:
20747 * parse.lex, parse.yacc, sudoers.pod:
20748 Add support for Defaults>RunasUser
20751 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
20754 fclose() yyin after each yyparse() is done and use fopen() instead
20755 of using freopen().
20759 Better fix for sudoers files w/o a newline before EOF. It looks
20760 like the issue is that yyrestart() does not reset the start
20761 condition to INITIAL which is an issue since we parse sudoers
20765 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
20768 Work around what appears to be a flex bug when dealing with files
20769 that lack a final newline before EOF. This adds a rule to match EOF
20770 in the non-initial states which resets the state to INITIAL and
20775 o The parser needs sudoers to end with a newline but some editors
20776 (emacs) may not add one. Check for a missing newline at EOF and
20777 add one if needed. o Set quiet flag during initial sudoers parse (to
20778 get options) o Move yyrestart() call and always use freopen() to
20779 open yyin after initial sudoers parse.
20782 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
20785 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
20786 effective gid, not real gid, when reading sudoers.
20790 don't compile set_perms_posix if we have setreuid or setresuid
20793 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
20795 * sudo.pod, sudoers.pod:
20796 document new prompt escapes
20800 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
20801 collapsed to "%" as was originally intended. This also gets rid of
20802 lastchar (does lookahead instead of lookback) which should simplify
20803 the logic slightly.
20806 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
20809 Write the prompt *after* turning off echo to avoid some password
20810 characters being echoed on heavily-loaded machines with fast
20815 Add support for mipseb; wiz@danbala.tuwien.ac.at
20819 Fix IRIX fallout from name changes in man dir/sect Makefile
20820 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
20824 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
20825 the global copy. Problem noted by Peter Pentchev.
20828 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
20835 Add missing yyerror() calls; YYERROR does not seem to call this for
20839 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
20842 fix typo in comment; Pedro Bastos
20845 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
20848 document --disable-setresuid
20851 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
20853 Sprinkle some volatile qualifiers to prevent over-enthusiastic
20854 optimizers from removing memset() calls.
20857 * logging.c, parse.yacc:
20858 minor sign fixes pointed out by gcc -Wsign-compare
20861 * set_perms.c, sudo.c, sudo.h:
20862 Revamp set_perms. We now use a version based on setresuid() or
20863 setreuid() when possible since that allows us to support the
20864 stay_setuid option and we always know exactly what the semantics
20865 will be (various Linux kernels have broken POSIX saved uid support).
20868 * config.h.in, configure:
20869 regen from configure.in
20873 Add checks for setresuid() and a way to disable using it
20877 No long need to emulate set*[ug]id() via setres[ug]id() or
20878 setre[ug]id(). The new set_perms stuff only uses things it knows are
20883 Before exec, restore state of signal handlers to be the same as when
20884 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
20885 a problem when using sudo with nohup. Based on a patch from Paul
20890 o timestamp_uid should be uid_t, not int o clarify error message
20891 when sudo is run by root and no_root_sudo is set
20894 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
20897 update ftp link for bison
20900 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
20903 Error out if setusercontext() fails and the runas user is not root.
20906 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
20913 Fix SecurID API test
20916 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
20923 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
20924 but I don't see a better way at the moment.
20927 * Makefile.in, auth/securid5.c:
20928 SecurID API version 5 support from Michael Stroucken
20932 Add check for SecurID 5.0 API
20935 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
20938 We actually do still need config.h to get the 'const' definition for
20942 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
20945 regen with autoconf 2.5.3
20949 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
20953 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
20954 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
20957 * env.c, sudo.c, sudo.h:
20958 No need for dump_badenv() now that dump_defaults() knows how to dump
20962 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
20968 document timestampowner
20972 Don't call set_perms() when doing timestamp stuff unless
20973 timestamp_uid != 0.
20976 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
20977 sudo.h, testsudoers.c:
20978 g/c second arg to set_perms--it is no longer used
20981 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
20983 * check.c, set_perms.c, sudo.c, sudo.h:
20984 Add support for non-root timestamp dirs. This allows the timestamp
20985 dir to be shared via NFS (though this is not recommended).
20988 * def_data.c, def_data.h, def_data.in:
20989 Add timestampowner, "Owner of the authentication timestamp dir"
20992 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
20995 Don't try to pre-compute the size of the new envp, just allocate
20996 space up front and realloc as needed. Changes to the new env
20997 pointer must all be made through insert_env() which now keeps track
20998 of spaced used and allocates as needed.
21001 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
21008 Fix two typo/pastos; from jrj@purdue.edu
21011 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
21013 * INSTALL.binary, README:
21015 [a1e33027278c] [SUDO_1_6_6]
21017 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
21018 visudo.cat, visudo.man.in:
21022 * CHANGES, RUNSON, TODO:
21027 The the loop used to expand %h and %u, the lastchar variable was not
21028 being initialized. This means that if the last char in the prompt
21029 is '%' and the first char is 'h' or 'u' a extra copy of the host or
21030 user name would be copied, for which space had not been allocated.
21033 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
21035 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
21036 crank version to 1.6.6
21040 #undef VOID to get rid of an AFS warning
21044 Use easprintf instead of emalloc + sprintf for some things.
21047 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
21049 * lex.yy.c, sudo.tab.c:
21053 * parse.c, parse.lex, parse.yacc, testsudoers.c:
21054 Remove Chris Jepeway's email address so people don't bug him ;-)
21057 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
21060 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
21061 endgrent() at the same time.
21064 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
21067 Make it clear which configure options take arguments.
21070 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
21073 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
21074 RLIM_INFINITY, just pretend it is -1. This works because we only
21075 check for RLIM_INFINITY and do not set anything to that value.
21078 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
21081 Zero and free allocated memory when there is a conversation error.
21085 Use sigaction() not signal()
21089 Mention that some linux kernels have broken POSIX saved ID support
21093 checkpoint for 1.6.5p2
21101 Add --disable-setreuid flag
21105 Document new --disable-setreuid option and change description for
21106 --disable-saved-ids to match new error message.
21110 fatal() now takes an argument that determines whether or not to call
21115 Update for new error messages from set_perms()
21119 Update for new error messages from set_perms()
21122 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
21125 Make this compile w/o warnings
21129 Mention that we can't use pam_acct_mgmt()
21132 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
21133 The user's password was not zeroed after use when AIX
21134 authentication, BSD authentication, FWTK or PAM was in use.
21137 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21140 Avoid giving PAM a NULL password response, use the empty string
21141 instead. This avoids a log warning when the user hits ^C at the
21142 password prompt when PAM is in use.
21146 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
21147 pam_setcred() returns the last saved return code, not the return
21148 code for the setcred module. Because we haven't called
21149 pam_authenticate(), this is not set and so pam_setcred() returns
21154 Don't need a '/' between $(DESTDIR) and a directory.
21158 Don't need a '/' between $(DESTDIR) and a directory.
21161 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21168 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
21169 setreuid() o new NetBSD has a real setreuid() o add check for
21170 freeifaddrs() if getifaddrs() exists.
21173 * config.h.in, interfaces.c:
21174 Older BSDi releases lack freeifaddrs() so add a test for that and if
21175 it is not present just use free().
21178 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21181 Checkpoint for 1.6.5p1
21185 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
21186 to normal passwords, not AUTH_FATAL (which just causes an exit).
21190 Don't use memory after it has been freed.
21194 skeyaccess() wants a struct passwd * not a char *; Patch from
21196 [65a1d3806fcd] [SUDO_1_6_5]
21202 * CHANGES, RUNSON, TODO:
21203 checkpoint for sudo 1.6.5
21206 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
21212 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
21216 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21222 o when invoking the mailer as root use a hard-coded environment that
21223 doesn't include any info from the user's environment. Basically
21226 o Add support for the NO_ROOT_MAILER compile-time option and run the
21227 mailer as the user and not root if NO_ROOT_MAILER is defined.
21230 * set_perms.c, sudo.h:
21231 Bring back PERM_FULL_USER
21242 * INSTALL, config.h.in, configure.in:
21243 Add --disable-root-mailer option to run the mailer as the user and
21248 checkpoint for 1.6.4p2
21252 Mention the "seteuid(0): Operation not permitted" problem here too
21253 just for good measure.
21256 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
21258 * env.c, getspwuid.c, sudo.c:
21259 The SHELL environment variable was preserved from the user's
21260 environment instead of being reset based on the passwd database when
21261 the "env_reset" option was used. Now it is reset as it should be.
21268 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
21270 Add a configure option to turn off use of POSIX saved IDs
21278 add --with-efence option
21282 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
21283 "sudo -l" would not work if always_set_home was set.
21291 Quoted commas were not being treated correctly in command line
21296 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
21297 Otherwise, the set_home option has no effect.
21299 o Fix use of freed memory when the "fqdn" flag is set. This was
21300 introduced by the fix for the "segv when gethostbynam() fails" bug.
21301 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
21302 there is no need to check the "fqdn" flag in set_fqdn() itself.
21306 Add 'continue' statements to optimize the switch statement. From
21310 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
21312 * sudoers.cat, sudoers.man.in:
21313 Regen from new sudoers.pod
21314 [6ecc07b3d0e1] [SUDO_1_6_4]
21317 Add caveat about stay_setuid flag
21321 If set_perms == set_perms_posix and the stay_setuid flag is not set,
21322 set all uids to 0 and use set_perms_fallback().
21325 * set_perms.c, sudo.h:
21326 Remove PERM_FULL_USER (which is no longer used) and add
21327 PERM_FULL_ROOT (used when exec'ing the mailer).
21331 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
21332 never want to run the mailer setuid.
21335 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
21337 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
21339 Use sudo.ws instead of courtesan.com in URLs
21342 * Makefile.binary, Makefile.in:
21343 Fix mansect substitution
21347 Substitute man sections in Makefile.binary
21351 Sync install targets with Makefile.in and substitute in man
21355 * INSTALL, INSTALL.binary:
21360 Repair bindist target
21367 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
21370 Fix case where neither whoami nor id are found
21373 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
21376 If neither whoami nor id exists, just assume we are root.
21380 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
21381 on AIX which for some reason isn't pulling in the malloc prototype.
21384 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
21386 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
21395 Defer assigning new environment until right before the exec.
21399 kill extra blank line
21402 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
21409 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
21410 compiler doesn't recognise -O2.
21414 Clarify origins of Root Group sudo a bit based on info from
21415 billp@rootgroup.com
21418 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
21425 checkpoint for 1.6.4rc1
21428 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
21431 now generated via autoheader
21439 Move in some stuff that was previously in config.h.
21442 * aclocal.m4, configure.in:
21443 Add info for autoheader.
21446 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
21449 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
21450 -g to facilitate non-root installs
21454 Add -M option (like -m but only for root) If we can't find "whoami",
21455 use "id" w/ some sed.
21463 allow user to always override mansectsu and mansectform
21466 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
21469 update from autoconf 2.52
21472 * config.guess, config.sub:
21473 Update from autoconf 2.52
21477 regen with autoconf 2.52
21481 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
21482 mode o Remove compiler-specific checks for HP-UX now that we use
21491 o Add pam_prep_user function to call pam_setcred() for the target
21492 user; on Linux this often sets resource limits. o When calling
21493 pam_end(), try to convert the auth->result to a PAM_FOO value.
21494 This is a hack--we really need to stash the last PAM_FOO value
21495 received and use that instead.
21498 * set_perms.c, sudo.h:
21499 o Add pam_prep_user function to call pam_setcred() for the target
21500 user; on Linux this often sets resource limits.
21504 Fix off by one error in number of bytes allocated via malloc (does
21505 not affected any released version of sudo).
21508 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
21515 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
21516 requiring that they be quoted.
21519 * sudoers.cat, sudoers.man.in, sudoers.pod:
21520 Mention that no double quotes are needed when
21521 adding/deleting/assigning a single value to a list.
21525 Don't rely on mkdefaults being executable, call perl explicitly.
21533 Remove some XXX that are no longer relevant.
21537 o Roll our own loop instead of using strpbrk() for better
21538 grokability o When adding to a list we must malloc() and use
21539 memcpy(), not strdup() since we must only copy len bytes from str.
21542 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
21552 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
21563 avoid the -g flag unless --with-devel was specified
21567 mkdefaults, def_data.in and sigaction.c were missing from the
21572 def_data.c was missing
21575 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
21578 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
21579 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
21587 Add comment for Default section so folks know where it should go.
21590 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
21593 Use TCSETAF, not TCSETA to set terminal in termio case
21596 * sudoers.cat, sudoers.man.in:
21597 regen from sudoers.pod
21601 o Typo, Runas_User_List should be Runas_List o a User_List can not
21602 contain a uid o mention that the Defaults section should come after
21603 Alias definitions but before the user specifications
21606 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
21608 * sudoers.cat, sudoers.man.in:
21613 Fix listpw and verifypw sections, they were not being formatted
21617 * sudoers.cat, sudoers.man.in:
21629 * config.h.in, configure.in:
21630 use AC_SYS_POSIX_TERMIOS instead of rolling our own
21634 Reference sudo.ws not courtesan.com
21638 Add notes on shadow passwords
21642 In list mode (sudo -l), characters escaped with a backslash are
21643 shown verbatim with the backslash.
21647 Add simple examples from OpenBSD (Marc Espie)
21651 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
21655 minor prettyification
21663 Fix CIDR handling here too.
21667 Apparently a NULL response is OK
21671 Checkpoint for upcoming beta release
21675 Many people believe that adding a runas spec should obviate the need
21676 for the -u flag. It does not.
21680 checkpoint update for upcoming 1.6.4 beta
21684 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
21685 if HAVE_STRING_H is defined -- this is safe now
21689 Add signals section
21697 Fix check for sigaction_t
21701 XXX - should call find_path() as runas user, not root. Can't do
21702 that until the parser changes though.
21706 If find_path() fails as root, try again as the invoking user (useful
21707 for NFS). Idea from Chip Capelik.
21710 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
21711 Regenerate after pod file changes
21714 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
21715 sudo.pod, sudoers.pod:
21716 Add new sudoers option "preserve_groups". Previously sudo would not
21717 call initgroups() if the target user was root. Now it always calls
21718 initgroups() unless the -P command line option or the
21719 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
21722 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
21724 * compat.h, config.h.in:
21725 Use new HAVE_SIGACTION_T define
21729 Fix compilation on K&C
21737 Add check for sigaction_t -- IRIX already defines this so don't
21746 need stdlib.h here too
21754 Remove redundant checks for string.h, strings.h and unistd.h
21757 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21759 Regen from pod files
21766 * configure, lex.yy.c, sudo.tab.c:
21771 Return EINVAL if errnum > sys_nerr
21774 * auth/sudo_auth.h:
21775 o Update copyright year
21778 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
21779 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
21781 o Update copyright year
21785 o Don't define STDC_HEADERS unconditionally for IRIX o Update
21793 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
21794 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
21795 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
21796 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
21797 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
21799 o Reorder some headers and use STDC_HEADERS define properly o Update
21804 o Reorder some headers and use STDC_HEADERS define properly o Update
21808 * getspwuid.c, goodpath.c, interfaces.c:
21809 o Reorder some headers and use STDC_HEADERS define properly o Update
21814 o Reorder some headers and use STDC_HEADERS define properly o Update
21818 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
21820 o Reorder some headers and use STDC_HEADERS define properly o Update
21829 flags set in signal handlers should be volatile sig_atomic_t
21832 * config.h.in, configure.in:
21833 Add checks for volatile and sig_atomic_t
21836 * configure, lex.yy.c:
21840 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
21841 sudo.c, sudoers.pod:
21842 Remove "secure_path" Defaults option since it cannot work with the
21846 * find_path.c, sudo.c:
21847 Unset "secure_path" if user_is_exempt()
21850 * env.c, pathnames.h.in:
21851 o Remove assumption that PATH and TERM are not listed in env_keep o
21852 If no PATH is in the environment use a default value o If TERM is
21853 not set in the non-reset case also give it a default value.
21856 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
21857 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
21858 systems that define in paths.h
21861 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
21862 Add support for skeyaccess(3) if it is present in libskey.
21865 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
21868 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
21872 '\\' is a perfectly legal character to have in a command line
21877 o Defer call to set_fqdn() until it is safe to use log_error() o
21878 Don't print errno string value if gethostbyname fails, it is not
21883 Fix CIDR -> in_addr_t conversion.
21886 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
21889 Remove an extra "User_List" in the User_Spec definition From
21890 ybertrand AT snoopymail.com
21894 Make 'listpw=never' work for users who are not explicitly mentioned
21899 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
21903 Document new list Defaults type and convert env_keep and env_delete
21904 to lists. Document new env_check option.
21907 * lex.yy.c, sudo.tab.c, sudo.tab.h:
21912 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
21921 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
21924 * config.h.in, configure.in:
21925 Add check for skeyaccess(3)
21929 Document new -c, -f, and -q options
21933 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
21940 * aclocal.m4, config.h.in, configure.in:
21941 Add check for isblank and a replacement macro if it doesn't exist.
21944 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
21947 In check-only mode, don't create sudoers if it does not already
21952 o Add a new token, DEFVAR, to indicate a Defaults variable name o
21953 Add support for "+=" and "-=" list operators o replace some 1 and 0
21954 with TRUE and FALSE for greater legibility.
21958 o Use exclusive start conditions to remove some ambiguity in the
21959 lexer. Also reorder some things for clarity. o Add support for
21960 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
21961 a Defaults variable name.
21965 Prototype init_envtables()
21969 o Convert environment handling to use lists instead of strings.
21970 This greatly simplifies routines that need to do "foreach" type
21971 operations. o Add new init_envtables() function to set env_check
21972 and env_delete defaults based on initial_badenv_table and
21973 initial_checkenv_table (formerly sudo_badenv_table).
21976 * defaults.c, defaults.h:
21977 o Add a new LIST type and functions to manipulate it. o This is for
21978 use with environment handling variables. o Call new
21979 init_envtables() routine inside init_defaults() to initialize the
21983 * def_data.c, def_data.h, def_data.in:
21984 Convert environment options to use the new LIST type and add a new
21985 one, env_check that only deletes if the sanity check fails.
21989 Add dummy version of init_envtables()
21997 Add check-only mode
22001 Fix generation of entries with NULL descriptions.
22004 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
22007 Use sigaction_t and quiet a gcc warning.
22011 Must reset signal handlers before we exec
22014 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
22016 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
22017 version needs testing. Set SIGTSTP to SIG_DFL during password entry
22018 so user can suspend us.
22022 Add support for interrupting/suspending tgetpass via keyboard input.
22023 If you suspend sudo from the password prompt and resume it will re-
22028 Don't block keyboard interrupt signals, just set them to SIG_IGN.
22031 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
22034 add back HAVE_SIGACTION
22041 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
22042 Kill POSIX_SIGNALS define and old signal support now that we emulate
22043 POSIX ones Also be sure to correctly initialize struct sigaction.
22047 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
22051 Add scaffolding for POSIX signal emulation
22055 o Add missing ';' so this compiles o Can't use NULL since we don't
22060 Emulate sigaction() using sigvec()
22063 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
22066 Document new behavior of negative values of timestamp_timeout Fix a
22071 Add security note about command not being logged after 'sudo su' and
22076 Mention that -V prints default values when run as root, including
22077 the list of environment variables to clear.
22081 Run pod2man with --quotes=none to avoid stupid quoting of C<>
22085 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
22087 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
22088 Add mail_badpass option Also modify mail_always behavior to also
22089 send mail when the password is wrong
22092 * env.c, sudo.c, sudo.h:
22093 Dump default bad env table when 'sudo -V' is run by root.
22097 document env_delete
22101 Add support for '*' in env_keep when not resetting the environment
22102 (ie: the normal case).
22106 Add env_delete variable that lets the user replace/add to the
22107 bad_env_table. Allow '*' wildcard in env_keep entries.
22110 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
22113 Force umask to 022 to guarantee sane directory permissions.
22116 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
22119 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
22123 fix breakage in last commit
22127 acsite.m4 -> aclocal.m4
22131 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
22135 regenerated from def_data.in
22138 * check.c, defaults.c, defaults.h:
22139 Add new T_UINT type that most things use instead of T_INT If
22140 timestamp_timeout is < 0 then treat the ticket as never expiring (to
22141 be expired manually by the user).
22145 change most T_INT -> T_UINT
22149 fix warning when no args
22153 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
22154 we are a signal handler. We no longer print the signal number but
22155 the user can just check the exit value for that.
22158 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
22161 when setting up pipes in child process check for case where stdin ==
22165 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
22168 Ignore editor exit value since XPG4 says vi's exit value is the
22169 count of editing errors made (failed searches, etc).
22172 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
22179 sco now is identified by config.guess as *-sco-*
22183 Check for getspnam() in -lgen if not in -lc for UnixWare.
22186 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
22188 * sudoers.pod, visudo.pod:
22189 "upper case" -> "uppercase"
22193 fix typos and grammar; pjanzen@foatdi.harvard.edu
22196 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
22199 Missing word (specify); krapht@secureops.com
22202 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
22205 If we fail to lookup a login class, apply the default one.
22209 In log_error() free message, not logline unconditionally, then free
22210 logline if it is not the same as message. No function change but
22211 this mirrors how they are allocated.
22214 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
22221 remove some backslash quotes that are unneeded
22225 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
22226 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
22227 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
22228 to AC_DEFINE things manually.
22231 * config.guess, config.sub:
22232 Updated from autoconf-2.50
22235 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
22238 Update mailing list section. We use mailman now, not majordomo.
22241 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
22243 * getspwuid.c, logging.c, sudo.c:
22244 Use setpwent()/endpwent() + all the shadow variants to make sure we
22245 don't inadvertantly leak an fd to the child. Apparently Linux's
22246 shadow routines leave the fd open even if you don't call setspent().
22247 Reported by mike@gistnet.com; different patch used.
22250 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
22257 select() may return EAGAIN. If so, continue like we do for EINTR.
22261 Fix a non-exploitable buffer overflow in the word splitting code.
22262 This should really be rewritten.
22270 Tell people to look in sample.syslog.conf for examples, not FAQ
22274 Update list of env vars that are cleared
22278 remove struct env_table decl since that stuff has all moved to env.c
22281 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
22284 Fix a pasto in flock-style unlocking and include <sys/file.h> for
22285 flock on older systems; twetzel@gwdg.de
22289 regen to get NeXT lockf/flock fix
22293 force NeXT to use flock since lockf is broken
22296 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
22299 Use stashed user_gid when checking against exempt gid since sudo
22300 sets its gid to a a value that makes sudoers readable. Previously
22301 if you used gid 0 as the exempt group everyone would be exempt. From
22302 Paul Kranenburg <pk@cs.few.eur.nl>
22305 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
22312 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
22313 some types (such as ssize_t) therein.
22316 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
22319 Fix negation of paths in a boolean context. Problem found by
22323 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
22329 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22332 SA_RESETHAND means the opposite of what I was thinking--oops To
22333 block all signals in old-style signals use ~0, not 0xffffffff
22336 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
22339 coerce difference of pointers to int when used in a string length
22340 printf format; deraadt@openbsd.org
22343 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
22346 Block all signals in Exit() to avoid a signal race. There is still
22347 a tiny window but I'm not going to worry about it.
22350 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
22353 glibc uses the LANGUAGE env var so clear that too; Solar Designer
22357 Regenerate with a fix to flex.skl that preserves errno from
22358 clobbering by isatty().
22361 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
22363 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
22364 auth/sia.c, auth/sudo_auth.c:
22365 Some defaults I_ defines got renamed.
22368 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
22369 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
22370 set_perms.c, sudo.c, sudo.tab.c:
22371 Move defaults info into its own files from which we generate .h and
22372 .c files. This makes adding or rearranging variables much simpler.
22375 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
22377 * configure, configure.in:
22378 fix typo in last commit
22381 * compat.h, config.h.in, configure, configure.in:
22382 Add check + emulation for setegid (like seteuid).
22386 Make env_keep override badenv_table as documented Fix traversal of
22387 badenv_table (broken in last commit)
22390 * set_perms.c, sudo.c, sudo.h:
22391 Don't try and build saved uid version of set_perms on systems w/o
22392 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
22393 set_perms_setreuid simply be set_perms_fallback() and simply include
22394 the appropriate function at compile time (setreuid() vs. setuid()).
22397 * sudoers.cat, sudoers.man.in, sudoers.pod:
22398 PATH is also preserved when env_reset is in effect
22401 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
22402 configure.in, defaults.c, defaults.h, env.c, find_path.c,
22403 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
22404 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
22405 visudo.c, visudo.cat, visudo.man.in:
22406 New Defaults options: o stay_setuid - sudo will remain setuid if
22407 system has saved uids or setreuid(2) o env_reset - reset the
22408 environment to a sane default o env_keep - preserve environment
22409 variables that would otherwise be cleared
22411 No longer use getenv/putenv/setenv functions--do environment munging
22412 by hand. Potentially dangerous environment variables can be cleared
22413 only if they contain '/' pr '%' characters to protect buggy
22414 programs. Moved environment routines into env.c (new file)
22418 Clear up --without-passwd description
22421 * putenv.c, sudo_setenv.c:
22422 We now build up a new environment from scratch and assign it to
22426 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
22428 * sudo.pod, visudo.pod:
22429 Grammatical fixes from Paul Janzen
22432 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
22435 If there was a syntax error and the user just wants to quit, unlink
22436 sudoers if it is zero length.
22440 'Q' means ignore parse error, not 'q'
22444 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
22448 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
22451 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
22454 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
22456 * config.guess, config.sub:
22457 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
22460 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
22462 * sudo.c, visudo.c:
22463 Use exit(127), not exit(-1)
22466 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
22467 Move set_perms() to its own file and use POSIX saved uid or
22468 setreuid() if available.
22470 Added stay_setuid option for systems that have libraries that
22471 perform extra paranoia checks in system libraries for setuid
22472 programs (ie: anything with issetugid(2)).
22476 strip more bits from the environment and add a facility for
22477 stripping things only if they contain '/' or '%' to address printf
22478 format string vulnerabilities in other programs.
22481 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
22488 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
22497 Check for strcasecmp(3) in -lc89 for NCR Unix
22500 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
22503 Define HAVE_INNETGR #ifdef HAVE__INNETGR
22510 * compat.h, config.h.in, configure.in:
22511 Add check for _innetgr(3) since NCR systems have that instead of
22515 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
22518 check return value of creadcfg() call sd_close() after sd_auth()
22519 store username in sd->username so we don't rely on the USER env
22523 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
22526 document --with-bsdauth
22534 --with-bsdauth assumes --with-logincap
22537 * auth/bsdauth.c, auth/fwtk.c:
22538 When prompting for a response to a challenge, if the user just hits
22539 return then reprompt with echo turned on.
22542 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
22545 Remove debugging code that should not have been committed, oops.
22549 Use lower-level routines and get the password ourselves. Checks for
22550 a challenge and if there is one echo is not turned off.
22553 * auth/pam.c, auth/sudo_auth.h:
22554 minor housekeeping, no real code changes
22557 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
22560 Fix a coredump in the logging functions if gethostname(2) fails by
22561 deferring the call to log_error() until things are better setup.
22563 Fix return value of set_loginclass() in non-BSD-auth case.
22565 Hard-code 'sudo' in the usage message so we can fit more options on
22570 Fix errant ';' (typo) that broken MSG_ONLY
22573 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
22575 * sudo.cat, sudo.man.in:
22583 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
22584 configure, configure.in, getspwuid.c, sudo.c:
22585 Add support for BSD authentication.
22588 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
22591 Fix typo; from sato@complex.eng.hokudai.ac.jp
22594 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
22597 Mention negating umask
22601 Allow user to specify umask of 0777 (same as !umask)
22604 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22606 * sudo.pod, visudo.pod:
22607 Fix a typo and give a URL for the sudo history.
22610 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
22612 * defaults.c, sudo.pod:
22613 fix typos; pepper@reppep.com
22616 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
22618 * sudo.c, sudo.h, sudo_setenv.c:
22619 sudo_setenv() now exits on memory alloc failure instead of returning
22623 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
22626 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
22627 and possibly others.
22631 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
22632 that "%m" won't be expanded but we don't use that anyway since the
22633 logging routines may splat to stderr as well.
22636 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
22638 Add always_set_home variable
22641 * configure, configure.in:
22642 Have to hard code default values in help since the defaults are set
22643 _after_ the help stuff.
22646 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22648 * lex.yy.c, parse.lex:
22649 Allow special characters (including '#') to be embedded in pathnames
22650 if quoted by a '\\'. The quoted chars will be dealt with by
22651 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
22654 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
22657 Better path searching for programs we need.
22661 Add section on "C compiler cannot create executables" errors.
22664 * Makefile.binary, Makefile.in, version.h:
22668 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
22669 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
22670 visudo.man.in, visudo.pod:
22671 Substitute values from configure into man pages.
22674 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22677 The listpw and verifypw sudoers options would not take effect
22678 because the value of the default was checked *before* sudoers was
22679 parsed. Instead of passing in the value of PWCHECK_* to
22680 sudoers_lookup(), pass in the arg for def_ival() so the check can be
22681 deferred until after sudoers is parsed.
22684 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
22687 When writing prompt, no need to write the NUL as well;
22691 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
22694 When looking for chown, check in /sbin too
22697 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
22700 Remove extraneous call to init_defaults() and set runas_user to NULL
22701 betweem parses so init_defaults will reset it each time, thus
22702 avoiding a reference to free()d data.
22705 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
22707 * config.h.in, interfaces.c, interfaces.h, sudo.c:
22708 Add support for using getifaddrs() to get the list of ip addr /
22709 netmask pairs. Currently IPv4-only.
22713 Add a missing check for UserEditor == NULL Add missing '+' before
22714 line number when invoking editor to fix a syntax error
22717 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
22720 Call clean_env very early in main() for paranoia's sake. Idea from
22724 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
22727 Update proto for evasprintf and easprintf
22731 Make easprintf() and evasprintf() return an int.
22735 If the targetpw flag is set, use target username as part of the
22736 timestamp path. If tty tickets are in effect cat the tty and the
22737 target username with a ':' as the separator.
22740 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
22743 Backout part of last change; setting PAM_USER to the invoking user
22744 breaks things like targetpw.
22748 set tty and username via pam_set_item
22751 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
22752 Fix root, runas, and target authentication for non-passwd file auth
22756 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
22758 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
22759 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
22760 Use B<-Z> not C<-Z> for command line flags in all places. This is
22761 more consistent and works around a bug in Pod::Man.
22764 * sudoers.cat, sudoers.man.in, sudoers.pod:
22765 Fix an occurence of 'semicolon' that should be 'colon'
22768 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
22770 * configure, configure.in:
22771 Fix --with-badpri help line
22774 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
22776 * defaults.c, logging.c, sudo.c:
22777 Bracket calls to syslog with an openlog() and closelog() since some
22778 authentication methods (like PAM) may do their own logging via
22779 syslog. Since we don't use syslog much (usually just once per
22780 session) this doesn't really incur a performance penalty. It also
22781 Fixes a SEGV with pam_kafs.
22784 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
22787 Fix -H flag. runas_homedir is only valid after
22788 set_perms(PERM_RUNAS, mode)
22791 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
22794 Clarify the fact that insults are not enabled just by including them
22798 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
22800 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
22802 Regenerated with perl 5.6.0 pod2man
22806 Give date string to pod2man since its default is ugly and it ain't
22811 Do section substitution on the output of pod2man and remove hack
22812 needed for old pod2man.
22815 * sudo.pod, sudoers.pod, visudo.pod:
22816 Put back real man sections, we will do the substitution later.
22819 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
22821 * configure, configure.in:
22822 Don't bother checking for the path to vi if user specified --with-
22826 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
22828 * CHANGES, visudo.c:
22829 Visudo now does its own fork/exec instead of calling system(3).
22832 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
22833 sudoers.pod, visudo.c:
22834 Visudo now checks for the existence of an editor and gives a
22835 sensible error if it does not exist.
22837 The path to the editor for visudo is now a colon-separated list of
22838 allowable editors. If the user has $EDITOR set and it matches one
22839 of the allowed editors that editor will be used. If not, the first
22840 editor in the list that actually exists is used.
22843 * sudo.cat, sudo.man.in, sudo.pod:
22844 Clear up confusion wrt sudo's return value.
22847 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
22850 Strip sudo and visudo for bindist target
22853 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
22854 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
22855 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
22856 [5eb9e60a726f] [SUDO_1_6_3]
22858 * visudo.cat, visudo.man.in, visudo.pod:
22859 Typo: @sysconf@ -> @sysconfdir@
22863 'make dist' should not cause any files to be modified so remove its
22868 Whoops, forgot to add release marker
22871 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
22874 Final change for 1.6.3 (or so I hope)
22877 * sudo.cat, sudoers.cat, visudo.cat:
22878 Use SYSV man sections since BSD systems will have nroff...
22881 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
22883 * parse.yacc, sudo.tab.c:
22884 When checking to see if the host/user matches in a defaults spec,
22885 check against TRUE, not just non-zero since it might be -1.
22888 * configure, configure.in:
22889 OSF/1 puts file formats in section 4, not 5.
22892 * CHANGES, INSTALL, sudo.c:
22893 Make login class support work on BSD/OS
22900 * configure, configure.in:
22901 If there is no inet_addr but there *is* an __inet_addr that's ok
22902 since inet_addr is probably just a macro then. The better thing to
22903 do would be to look for the macro, but this is fine for now.
22906 * configure, configure.in:
22907 Don't use shlicc for BSD/OS 4.x
22910 * Makefile.in, configure, configure.in:
22911 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
22912 configure variable so we can deal with this. Also, only remove *.man
22913 for 'distclean' not 'clean'.
22917 set_loginclass() should be static like the proto says
22920 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
22923 Add #ifdef __STDC__ around the rangematch function header to avoid
22924 promotion of test to int, thus violating the prototype. Gcc handles
22925 this gracefully but more std ANSI compilers will complain.
22929 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
22932 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
22933 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
22934 FNM_CASEFOLD in configure
22941 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
22942 Fully qualified hosts w/ wildcards were not matching the FQHOST
22943 token type. There's really no need for a separate token for fully-
22944 qualified vs. unqualified anymore so FQHOST is now history and
22945 hostname_matches now decides which hostname (short or long) to check
22946 based on whether or not the pattern contains a '.'.
22950 Fully qualified hosts w/ wildcards were not matching the FQHOST
22951 token type. There's really no need for a separate token for fully-
22952 qualified vs. unqualified anymore so FQHOST is now history and
22953 hostname_matches now decides which hostname (short or long) to check
22954 based on whether or not the pattern contains a '.'.
22957 * lex.yy.c, parse.c, parse.lex, parse.yacc:
22958 Fully qualified hosts w/ wildcards were not matching the FQHOST
22959 token type. There's really no need for a separate token for fully-
22960 qualified vs. unqualified anymore so FQHOST is now history and
22961 hostname_matches now decides which hostname (short or long) to check
22962 based on whether or not the pattern contains a '.'.
22965 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
22966 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
22967 Add support for wildcards in the hostname.
22971 Add targets for *.man.in, using config.status to generate *.man from
22975 * sudoers.cat, sudoers.man.in, sudoers.pod:
22976 Document set_logname option and enbolden refs to sudo and visudo.
22979 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
22980 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
22981 visudo.cat, visudo.man.in, visudo.pod:
22982 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
22983 from Michael D. Marchionna. configure now does substitution on the
22984 man pages, allowing us to fix up the paths and set the section
22985 correctly. Based on an idea from Michael D. Marchionna.
22989 Better fix for handling HP-UX aging info.
22993 Add support for set_logname run-time default
22996 * sudo.man.in, sudoers.man.in, visudo.man.in:
22997 configure does substitution on these to produce *.man
23000 * sudo.man, sudoers.man, visudo.man:
23001 These files now get generated from *.man.in at configure time.
23004 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
23006 * defaults.c, defaults.h:
23007 Add set_logname option so users can turn off setting of LOGNAME/USER
23008 environment variables.
23011 * lsearch.c, parse.c, testsudoers.c:
23015 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
23018 HP-UX adds extra info at the end for password aging so when
23019 comparing the result of crypt to pw_passwd we only compare the first
23020 len(epass) bytes *unless* the user entered an empty string for a
23025 Get rid of grandchild hack, it was causing problems and there is
23026 really no need for it. This fixes a bug where we spin eating up CPU
23027 when the user runs a long-running process like a shell.
23030 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
23033 User can always specify a login class if he/she is already root.
23036 * config.h.in, configure, configure.in, defaults.c, defaults.h,
23038 FreeBSD login class (login.conf) support.
23041 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
23043 * auth/sudo_auth.c:
23044 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
23047 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
23050 Truncate unencrypted password to 8 chars if encrypted password is
23051 exactly 13 characters (indicateing standard a DES password). Many
23052 versions of crypt() do this for you, but not all (like HP-UX's).
23055 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
23058 Mention that gcc on dynix may have problems
23061 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
23064 Link visudo with NET_LIBS since we now call syslog via defaults.c
23068 Use Argv[0] as the first arg to openlog() since visudo uses this
23072 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
23075 Stash coredumpsize resource limit and retsore it before the exec()
23076 Otherwise the child ends up with a coredumpsize of 0.
23079 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
23081 * sudo.cat, sudo.man, sudo.pod:
23089 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
23090 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
23091 Added -S flag (read passwd from stdin) and tgetpass_flags global
23092 that holds flags to be passed in to tgetpass(). Change echo_off
23093 param to tgetpass() into a flags field. There are currently 2
23094 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
23095 tgetpass(), abstract the echo set/clear via macros and if (flags &
23096 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
23100 Fixed a bug that caused an infinite loop when the password timeout
23104 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
23106 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
23107 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
23108 Add rootpw, runaspw, and targetpw options.
23111 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
23113 enveditor -> env_editor
23116 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
23118 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
23119 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
23121 crank versino to 1.6.3
23124 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
23125 sudoers.pod, visudo.c:
23126 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
23127 them. This means that visudo will now parse the sudoers file
23128 *before* it is edited so a bogus sudoers file will cause a warning
23129 to go to stderr. Also, visudo checks the variables once--it does not
23130 check them after each editor run since that could be confusing.
23133 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
23139 * check.c, sudo.c, sudo.h:
23140 Move user_is_exempt prototype into sudo.h
23143 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
23145 * configure, configure.in:
23146 Fix thinko, some && should have been || in the last commit
23149 * configure, configure.in:
23150 Don't initialized Makefile variables to be NULL since the user may
23151 want to import variables from their environment.
23154 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
23156 * configure, configure.in:
23160 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
23163 fix a yacc (skeleton.c) warning
23166 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
23168 * INSTALL, RUNSON, configure, configure.in:
23169 Make pam work on HP-UX 11.0;jaearick@colby.edu
23173 recent changes; prepare for 1.6.2p1
23177 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
23180 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
23183 Regen with yacc that has a memory leak plugged.
23186 * sudoers.cat, sudoers.man, sudoers.pod:
23187 Expanded docs on sudoers 'defaults' options based on INSTALL file
23192 Fix some while lies
23195 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
23198 When making a bindist, link FAQ to TROUBLESHOOTING instead of
23202 * sudoers.cat, sudoers.man, sudoers.pod:
23203 Add netgroup caveat
23204 [28d119f466e3] [SUDO_1_6_2]
23207 Last minute updates
23223 Better detection of PAM errors and fix custom prompts with PAM.
23224 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
23227 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
23230 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
23234 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
23236 * CHANGES, config.h.in, configure, configure.in, visudo.c:
23237 Fix sudoers locking in visudo. We now lock the sudoers file itself,
23238 not the temp file (since locking the temp file can foul up editors).
23239 The previous locking scheme didn't work because the fd was closed
23243 * config.h.in, configure, configure.in:
23244 Don't need test for ftruncate() any more.
23247 * configure, configure.in:
23248 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
23249 the unbundled HP-UX cc.
23252 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
23254 * sudoers.cat, sudoers.man, sudoers.pod:
23255 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
23258 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
23260 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
23261 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
23262 version.h, visudo.c:
23263 update copyright year on changed files
23275 Crank version to 1.6.2
23279 Crank version to 1.6.2
23283 When using rlimit check for RLIM_INFINITY When computing the value
23284 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
23291 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
23292 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
23293 Crank version to 1.6.2
23296 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
23297 Add 'shell_noargs' runtime option back in. We have to defer
23298 checking until after the sudoers file has been parsed but since
23299 there are now other options that operate that way this one can too.
23300 Based on a patch from bguillory@email.com.
23303 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
23304 Add "listpw" and "verifypw" options.
23307 * sudoers.cat, sudoers.man, sudoers.pod:
23308 o Fix some typos/omissions o Add section on verifypw and listpw o
23309 Define how NOPASSWD interacts with the -v and -l flags
23312 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
23314 * configure, configure.in:
23315 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
23316 -D_HPUX_SOURCE to CPPFLAGS.
23319 * defaults.c, defaults.h:
23320 In struct sudo_defs_types, move the union to the end and don't
23321 initialize the union member since that only works with an ANSI
23322 compiler. We set the value of the union by hand in init_defaults()
23323 anyway. This allows sudo to compile on a K&R compiler again.
23326 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
23328 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
23329 netgr_matches needs to check shost as well as host since they may be
23334 End on \r as well as \n
23337 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
23340 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
23341 from 0400 to whatever SUDOERS_MODE is (converting from the old
23342 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
23343 0400 which should always be the case.
23346 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
23347 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
23348 w/o a passwd if there is *any* entry for the user on the host with a
23349 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
23350 the user on the host w/ the specified runas user have the NOPASSWD
23358 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
23361 Treat EOF at whatnow prompt like 'x' instead of looping.
23364 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
23368 [5836a9452568] [SUDO_1_6_1]
23370 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
23372 * config.h.in, configure, configure.in, sudo.c:
23373 Add check for initgroups() since old SYSV lacks this.
23376 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
23377 parse.c, testsudoers.c:
23378 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
23382 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
23384 * auth/sudo_auth.c:
23385 Don't allow insults to be enabled if the insults[] array is empty.
23386 Otherwise there would be division by zero.
23390 Don't allow insults to be enabled if the insults[] array is empty.
23391 Otherwise there would be division by zero.
23395 Don't allow insults to be enabled if the insults[] array is empty.
23396 Otherwise there would be division by zero.
23400 Don't care about USE_INSULTS #define since the insult stuff may be
23401 overridden at runtime.
23404 * auth/sudo_auth.c:
23405 Honor insults flag.
23408 * CHANGES, parse.c:
23409 Don't ask the user for a password if the user is not allowed to run
23410 the command and the authenticate flag (in sudoers) is false.
23413 * CHANGES, RUNSON, lex.yy.c, parse.lex:
23414 o Whenever we get a bare newline we change to the INITIAL state. o
23415 Enter GOTRUNAS when we see Runas_Alias
23417 This allows #uid to work in a RunasAlias.
23420 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
23422 * CHANGES, parse.yacc, sudo.tab.c:
23423 fix parsing of runas lists: o oprunasuser and runaslist now return a
23424 value o in a runasspec, if a runaslist does not return TRUE, set
23425 runas_matches to FALSE. Normally, a runaslist only returns FALSE
23426 for explicitly denied users. o since runaslist does not modify the
23427 stack there is no need for a push/pop in runasalias.
23431 Don't kill the user's tickets until after sudoers has been parsed
23432 since tty_tickets and ticket_dir could be set in sudoers.
23435 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
23436 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
23437 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
23438 crank version to 1.6
23442 add set_fqdn() stub
23445 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
23447 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
23448 sudoers.man, sudoers.pod, visudo.c:
23449 o Kill shell_noargs option, it cannot work since the command needs
23450 to be set before sudoers is parsed. o Fix the "set_home" sudoers
23451 option (only worked at compile time). o Fix "fqdn" sudoers option.
23452 We now set host/shost via set_fqdn which gets called when the
23453 "fqdn" option is set in sudoers. o Move the openlog() to
23454 store_syslogfac() so this gets overridden correctly from the
23459 SecurID support should compile now.
23462 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
23464 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
23465 visudo.man, visudo.pod:
23466 fix some syntactic goofs
23469 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
23471 * Makefile.in, sudo.html, sudoers.html, visudo.html:
23472 No longer need the .html files as they are generated automatically
23476 * CHANGES, LICENSE:
23477 kill characters that made wml unhappy
23484 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
23487 majordomo@cs.colorado.edu -> majordomo@courtesan.com
23490 * Makefile.in, configure:
23491 Wrap script execution w/ /bin/sh for the benefit of ctm
23494 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
23497 Make the -s flag be exclusive too. Also reorder the flags in the
23498 exclusive usage message so they are alphabetical.
23501 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
23504 make pam errors other than PAM_PERM_DENIED fatal
23512 make it clear that /etc/pam.d/sudo is required on linux
23516 fix a warning on redhat and spew an error if pam_authenticate()
23517 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
23520 * sudo.cat, sudo.html, sudo.man, sudo.pod:
23521 Be very clear that the password required is the user's not root's
23524 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
23527 add sample.syslog.conf to DISTFILES and BINFILES
23530 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
23533 updates from Brian Jackson + some formatting
23536 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
23538 * INSTALL.binary, Makefile.binary, README, RUNSON:
23539 o One RUNSon update o Changes for automating real binary releases
23546 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
23549 talk about run-time options in addition to compile-time options
23550 [1eb813ff0a9a] [SUDO_1_6_0]
23557 need sys/time.h if HAVE_SETRLIMIT
23560 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
23561 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
23562 get rid of references to sudo-bugs. Now mention the web site or the
23567 repair pod2html damage
23571 Update for 1.6 release
23574 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23575 Add warning about using ALL in a command context.
23578 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
23581 Call yyrestart() on a parse error to reset the lexer state.
23584 * lex.yy.c, parse.lex:
23585 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
23586 since it might not get called in yywrap if we get a parse error
23587 (and we only reread the file on error anyway).
23590 * lex.yy.c, parse.lex:
23591 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
23592 might still exist. Call yyrestart() instead of using the deprecated
23596 * lex.yy.c, parse.lex:
23597 flex doesn't need %N table size declarations
23600 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23601 Mention what characters need to be escaped in names.
23604 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
23611 clarify Mac OS X entry
23619 o Use AC_MSG_ERROR throughout o Check syslog configure options for
23623 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
23626 Fix printing of type T_MODE in dump_defaults()
23630 missing sys/types.h
23634 Break out options that may be overridden at run time into their own
23635 section. Add a not about Max OS X and correct some lies.
23638 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
23640 * CHANGES, config.h.in, configure, configure.in, sudo.c:
23641 o Now use getrlimit to find the highest fd when closing all non-std
23642 fd's o Turn off core dumps via setrlimit for the sake of paranoia
23649 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
23656 When read()'ing, do a single character at a time to be sure we don't
23657 go oast the newline.
23661 For the sudo_root option, check against user_uid, not getuid() since
23662 at this point, ruid == euid == 0.
23670 Fix compilation problem when --with-logging=file was specified.
23671 This means that syslog is now required to build sudo but that should
23672 not be a problem. If it is it can be fixed trivially with a
23673 configure check for syslog() or syslog.h.
23677 Make this work again for things like "sudo echo hi | more" where the
23678 tty gets put into character at a time mode. We read until we read
23679 end of line or we run out of space (similar to fgets(3)).
23682 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
23684 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23685 change ital to bold
23692 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
23695 Error out if syslog parameters are given without a value. For
23696 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
23697 no facilities in the 4.2BSD syslog.
23700 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
23703 Ignore the syslog facility for systems w/ old syslog like Ultrix.
23707 people with "." early in their path can have problems running sudo
23708 from the build dir ;-)
23711 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
23713 * sudo.cat, sudo.html, sudo.man, sudo.pod:
23714 Remove -r realm option
23717 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
23718 configure.in, sudo.c:
23719 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
23726 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
23729 include <auth.h> to get function prototypes.
23732 * sudo.cat, sudo.html, sudo.man, sudo.pod:
23736 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
23739 in set_perms(), always call setuid(0) before changing the ruid/euid
23740 so we always know it will succeed.
23744 #undef T_FOO to avoid conflicts with system defines (like on
23748 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
23750 Docuement "Defaults" lines in /etc/sudoers. Still needs some
23751 fleshing out but this is a start.
23754 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
23756 * use strtol, not strtoul since not everyone has not strtoul
23760 use strtol, not strtoul since not everyone has not strtoul
23763 * lex.yy.c, parse.lex:
23764 last {WORD} rule should only apply in the INITIAL state
23767 * lex.yy.c, parse.lex:
23768 o Add support for escaped characters in the WORD macro o Modify
23769 fill() to squash escape chars
23772 * defaults.c, defaults.h:
23773 o Add T_PATH flag to allow simple sanity checks for default values
23774 that are supposed to be pathnames. o Fix a duplicate free when
23775 visudo finds an error.
23778 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
23780 * defaults.c, defaults.h, logging.c:
23781 mail_if_foo -> mail_foo
23784 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
23786 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
23787 o Add requiretty option o Move O_NOCTTY to compat.h
23791 The exit() in log_error() was mistakenly removed in a previous
23792 version. Put it back...
23795 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
23797 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
23798 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
23799 configure, configure.in, defaults.c, defaults.h, find_path.c,
23800 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
23801 o Change defaults stuff to put the value right in the struct. o
23802 Implement mailer_flags o Store syslog stuff both in int and string
23803 form. Setting the string form magically updates the int version.
23804 o Add boolean attribute to strings where it makes sense to say !foo
23808 add O_NOCTTY when opening /dev/tty just in case
23811 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
23814 cleanup function no longer takes a status arg
23821 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
23823 * TODO, config.h.in, configure, configure.in, logging.c:
23824 Use strftime() instead of ctime() if it is available.
23827 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
23834 update ReliantUNIX entry
23837 * defaults.c, defaults.h, logging.c:
23838 add log_year option
23841 * configure, configure.in:
23842 add --without-sendmail to help output
23845 * configure, configure.in:
23846 enforce an otctal arg for --with-suoders-mode
23849 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
23851 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
23852 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
23853 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
23854 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
23855 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
23856 testsudoers.c, version.c, visudo.c:
23857 Add support for "Defaults" line in sudoers to make configuration
23858 variables changable at runtime (and on a global, per-host and per-
23859 user basis). Both the names and the internal representation are
23860 still subject to change. It was necessary to make sudo_user.runas
23861 but a char ** instead of a char * since this value can be changed by
23862 a Defaults line. There is a similar (but more complicated) issue
23863 with sudo_user.prompt but it is handled differently at the moment.
23865 Add a "-L" flag to list the name of options with their descriptions.
23866 This may only be temporary.
23868 Move some prototypes to parse.h
23870 Be much less restrictive on what is allowed for a username.
23873 * sample.syslog.conf:
23877 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
23879 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
23881 UCB has dropped the advertising clause from their license.
23884 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
23886 * auth/sudo_auth.h:
23887 move dce_verofy proto to correct section
23894 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
23897 Add fnmatch() prototype
23900 * fnmatch.c, parse.c, testsudoers.c:
23901 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
23905 add strcasecmp proto
23908 * auth/sudo_auth.c:
23909 add check for case where there are no auth methods
23912 * configure, configure.in:
23913 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
23917 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
23918 include strings.h everywhere we include string.h
23922 nicer output when showing auth methods
23926 Add support for SEND_MAIL_WHEN_NO_HOST
23929 * config.h.in, configure, configure.in:
23930 Add _GNU_SOURCE for Linux
23933 * lex.yy.c, parse.lex:
23934 fix definition of OCTECT
23937 * configure, configure.in:
23938 aix_auth.o not authenticate.o
23941 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
23944 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
23945 keyboard). Since we run with ruid/euid == 0 the user can't really
23946 signal us in nasty ways.
23950 Don't need to worry about catching too many signals since we do
23951 locking on the tmp file. If a lockfile is really stale, it will be
23952 detected and overwritten.
23955 * INSTALL, Makefile.in:
23956 include auth/API in tarball
23959 * auth/sudo_auth.c:
23960 move memset() of plaintext pw outside of verify loop and only do the
23961 memset if we are *not* in standalone mode.
23964 * auth/sudo_auth.c, auth/sudo_auth.h:
23965 DCE is not a standalone method
23969 fix --enable-noargs-shell
23973 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
23976 * auth/fwtk.c, auth/sia.c:
23977 _cleanup() function returns an int.
23981 there were still some return(0)'s hanging around, make them
23990 add missing semicolon
23993 * auth/sudo_auth.h:
23997 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
23999 * CHANGES, config.h.in, configure, configure.in:
24000 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
24004 add parse.h to HDRS
24007 * Makefile.in, configure, configure.in:
24008 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
24009 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
24010 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
24011 testsudoers to build on Solaris and is a bit cleaner in general.
24015 mention ptmp -> sudoers.tmp
24018 * config.h.in, configure, configure.in:
24019 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
24027 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
24028 return a value more like a system function
24040 update based on what is in the man page
24043 * parse.yacc, sudo.tab.c:
24044 minor change to first line printed in -l mode
24047 * sudo.cat, sudo.html, sudo.man, sudo.pod:
24048 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
24049 standard and add "EXAMPLES" section
24052 * visudo.cat, visudo.html, visudo.man, visudo.pod:
24053 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
24057 * logging.c, parse.c, sudo.h:
24061 * lex.yy.c, parse.lex:
24062 make an OCTET really be limited to 0-255
24066 mention timestamp changes
24073 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
24074 new sudoers(8) man page
24077 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
24080 Update comments about syslog name tables
24083 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
24084 strcasecmp.c, sudo.tab.c:
24085 include strcasecmp() for those without it
24089 Use the : operator some more and fix a typo
24093 update the history of sudo
24096 * parse.c, parse.lex, testsudoers.c:
24097 CIDR-style netmask support
24104 * sudo.tab.c, sudo.tab.h:
24105 these should be generated with byacc, not bison
24112 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
24113 In "sudo -l" mode, the type of the stored (expanded) alias was not
24114 stored with the contents. This could lead to incorrect output if
24115 the sudoers file had different alias types with the same name.
24116 Normal parsing (ie: not in '-l' mode) is unaffected.
24119 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
24121 * configure, configure.in:
24122 define _XOPEN_SOURCE to get at crypt() proto on some systems
24125 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
24132 don't need limits.h
24136 kill bogus reference to vfprintf
24139 * sample.sudoers, sudoers:
24144 Add some const in the K&R defs. This is safe since we define const
24145 away if the compiler doesn't grok it.
24148 * aclocal.m4, configure:
24149 Better test for working long long support. Ultrix compiler supports
24150 basic long long but not all operations on them.
24153 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
24154 snprintf.c, sudo.c:
24155 Add check for LONG_IS_QUAD #undef MAXINT before including
24156 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
24157 in snprintf.c and use LONG_IS_QUAD
24160 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
24162 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
24164 UCB-derived snprintf + asprintf support. Supports quads if the
24165 compiler does. No floating point yet, perhaps later...
24168 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
24170 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
24171 goodpath.c, logging.c, parse.c, sudo.c:
24172 Run most of the code as root, not the invoking user. It doesn't
24173 really gain us anything to run as the user since an attacker can
24174 just have an setuid(0) in their egg. Running as root solves
24175 potential problems wrt signalling.
24182 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
24184 * logging.c, sudo.c:
24185 Don't wait for child to finish in log_error(), let the signal
24186 handler get it if we are still running, else let init reap it for
24187 us. The extra time it takes to wait lets the user know that mail is
24190 Install SIGCHLD handler in main() and for POSIX signals, block
24195 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
24196 parse.yacc, sudo.c, sudo.h:
24197 sudoers_lookup() now returns a bitmap instead of an int. This makes
24198 it possible to express things like "failed to validate because user
24199 not listed for this host". Some thigns that were previously
24200 VALIDATE_FOO are now FLAG_FOO. This may change later on.
24202 Reorganized code in log_auth() and sudo.c to deal with above
24205 Safer versions of push/pushcp with in the do { ... } while (0) style
24207 parse.yacc now saves info on the stack to allow parse.c to determine
24208 if a user was listed, but not for the host he/she tried to run on.
24210 Added --with-mail-if-no-host option
24213 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
24215 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
24216 visudo.man, visudo.pod:
24217 o NewArgv and NewArgc don't need to be externally visible. o If
24218 pedantic > 1, it is a parse error. o Add -s (strict) option to
24219 visudo which sets pedantic to 2.
24222 * HISTORY, INSTALL:
24223 Just have sudo-bugs contact info in one place
24226 * sudo.cat, sudo.html, sudo.man, sudo.pod:
24230 * Makefile.in, configure, configure.in:
24231 Add testsudoers to default build target if --with-devel Don't clean
24232 generated parser files unless "distclean".
24235 * parse.yacc, sudo.tab.c:
24236 In pedantic mode we need to save *all* the aliases, not just those
24237 that match, or we get spurious warnings.
24241 reference samples.sylog.conf
24244 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
24246 * sample.syslog.conf:
24247 Sample entries for syslog.conf
24254 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
24255 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
24256 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
24257 auth/sudo_auth.c, auth/sudo_auth.h:
24258 In struct sudo_auth, turn need_root and configured into flags and
24259 add a flag to specify an auth method is running alone (the only
24260 one). Pass auth methods their sudo_auth pointer, not the data
24261 pointer. This allows us to get at the flags and tell if we are the
24262 only auth method. That, in turn, allows the method to be able to
24263 decide what should/should not be a fatal error. Currently only
24264 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
24265 define and te hackery that went with it. With access to the
24266 sudo_auth struct, methods can also get at a string holding their
24267 cannonical name (useful in error messages).
24270 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
24271 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
24273 o --with-otp deprecated, use --without-passwd instead o real
24274 dependencies in the Makefile o --with-devel option to enable yacc,
24275 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
24276 back to being a token, not a string but don't leak memory o rename
24277 hsotspec -> host in parse.yacc
24280 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
24286 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
24288 o Digital UNIX needs to check for *snprintf() before -ldb is added
24289 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
24290 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
24291 functions in snprintf.c to fix -Wall o Add missing includes to fix
24295 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
24296 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
24298 o Add a "pedentic" flag to the parser. This makes sudo warn in
24299 cases where an alias may be used before it is defined. Only turned
24300 on for visudo and testsudoers. o Add --disable-authentication option
24301 that makes sudo not require authentication by default. The PASSWD
24302 tag can be used to require authentication for an entry. We no
24303 longer overload --without-passwd.
24306 * lex.yy.c, parse.lex:
24307 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
24308 username can contain just about anything so be very permissive. Also
24309 drop the unused \. punctuation.
24312 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
24314 * parse.yacc, sudo.tab.c:
24315 o add a 'val' element to aliasinfo struct and move -> parse.h o
24316 find_alias() now returns an aliasinfo * instead of boolean o
24317 add_alias() now takes a value parameter to store in the
24318 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
24319 return: 1) positive match 0) negative match (due to '!')
24320 -1) no match This means setting $$ explicitly in all cases, which I
24321 should have done in the first place. It also means that we always
24322 store a value that is != -1 and when we see a '!' we can set
24323 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
24324 now works the way it should in lists and some of the rules are more
24325 uniform and sensible.
24329 add parse.h dependency
24333 kill unused *_matched macros
24337 Allow a list of users as the first thing in a user spec, not just a
24338 single entry. This makes things more uniform, though it does allow
24339 you to write user specs that are hard to read.
24351 fix check for crypt() in libufc
24354 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
24357 sudo-users list now exists
24360 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
24364 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
24365 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
24366 version.c, visudo.c:
24367 o Move lock_file() and touch() into fileops.c so visudo can use them
24368 o Visudo now locks the sudoers temp file instead of bailing when the
24369 temp file already exists. This fixes the problem of stale temp
24370 files but it does *require* that you not try to put the temp file in
24371 a world-writable directory. This shoud not be an issue as the temp
24372 file should live in the same dir as sudoers. o Visudo now only
24373 installs the temp file as sudoers if it changed.
24376 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
24382 * config.h.in, configure, configure.in, logging.c:
24386 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
24387 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
24388 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
24389 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
24390 -> _PATH_SUDOERS_TMP
24393 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
24395 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
24396 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
24397 root sudo -V config reporting
24400 * configure, configure.in:
24401 aix_auth.o not authenticate.o
24405 Add --with-goodpri and --with-badpri configure options to specify
24406 the syslog priority to use.
24409 * INSTALL, configure, configure.in, logging.h:
24410 Add --with-goodpri and --with-badpri configure options to specify
24411 the syslog priority to use.
24415 kill crufty AIX stuff
24419 Sigh, some versions of make (like Solaris's) don't deal with $< like
24420 I would expect. Both GNU and BSD makes get this right but... So, we
24421 just expand $< inline at the cost of some ugliness.
24425 If the invoking user is root, sudo will now print configure info in
24426 -V mode. Currently just prints logging info, to be expanded later.
24429 * logging.c, logging.h, sudo.c, sudo.h:
24430 o new defines for syslog facility and priority o use new
24431 print_version() functino for -V mode
24435 Don't need version.c
24438 * aclocal.m4, config.h.in, configure, configure.in:
24439 Add check for syslog facilities and priorities tables in syslog.h
24443 o authenticate -> aix_auth o add version.c
24446 * auth/sudo_auth.c:
24447 Missed a prompt -> user_prompt conversion
24450 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
24453 sudo should lock its logfile
24456 * parse.yacc, sudo.tab.c:
24457 o Add '!' correctly when expanding Aliases. o Add shortcut macros
24458 for append() to make things more readable. o The separator in
24459 append() is now a string instead of a char. o In append(), only
24460 prepend the separator if the last char is not a '!'. This is a
24461 hack but it greatly simplifies '!' handling. o In -l mode, Runas
24462 lists and NOPASSWD/PASSWD tags are now inherited across entries in
24463 a list (matches current behavior). o Fix formatting in -l mode such
24464 that items in a list are separated by a space. Greatlt improves
24465 readability. o Space for name field in struct aliasinfo is now
24466 allocated dyanically instead of using a (big) buffer. o In
24467 add_alias(), only search the list once (lsearch instead of lfind +
24471 * lex.yy.c, sudo.tab.c, sudo.tab.h:
24475 * configure, configure.in:
24476 Solais pam doesn't require anye xtra setup
24480 o Simpler '!' support now that the lexer deals with multiple !'s for
24481 us. o In the case of opFOO, have FOO give a boolean return value and
24482 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
24483 it gets fill()'d in parse.lex--fixes a small memory leak. In the
24484 long run it may be better to just fix parse.lex and make ALL back
24485 into a token. However, having it be a string is useful since it
24486 can be easily passed back to the parent rule if we so desire.
24490 o Remove some unnecessary backslashes o collapse multiple !'s by
24491 using !+ and checking if yyleng is even or odd. this allows us to
24492 simplify ! handling in parse.yacc
24496 -u flag was being ignored
24499 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
24506 work around pod2man stupididy
24510 correct dependencies for .cat
24513 * sudo.cat, sudo.man, visudo.cat, visudo.man:
24517 * sudo.pod, visudo.pod:
24518 Add copyright Update to reality
24521 * parse.c, sudo.c, sudo.h:
24522 rename validate() to the more descriptive sudoers_lookup()
24529 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
24535 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
24536 configure, configure.in, sudo.c:
24541 add 4th term to license similar to term 5 in the apache license
24544 * emul/search.h, emul/utime.h:
24545 add 4th term to license similar to term 5 in the apache license
24548 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
24549 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
24550 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
24551 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
24552 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
24553 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
24554 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
24556 add 4th term to license similar to term 5 in the apache license
24559 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
24560 add 4th term to license similar to term 5 in the apache license
24563 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
24564 getspwuid.c, goodpath.c:
24565 add 4th term to license similar to term 5 in the apache license
24568 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
24569 insults.h, logging.c, sudo.c, sudo.h:
24570 there was a 1995 release too
24573 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
24580 Use dirs instead of files for timestamp. This allows tty and non-
24581 tty schemes to coexist reasonably. Note, however, that when you
24582 update a tty ticket, the mtime on the user dir gets updated as well.
24585 * configure, configure.in:
24586 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
24587 when linking test program, not just -lprot. Also add check for
24588 getspnam(). The SCO docs indicate that /etc/shadow can be used but
24592 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
24595 first cut at auth API description
24598 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
24600 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
24601 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
24603 auth API change. There is now an init method that gets run before
24604 the main loop. This allows auth routines to differentiate between
24605 initialization that happens once vs. setup that needs to run each
24606 time through the loop.
24609 * auth/kerb5.c, logging.c:
24610 use easprintf() and evasprintf()
24614 add easprintf() and evasprintf(), error checking versions of
24615 asprintf() and vasprintf()
24619 remove 2 items. One done, one won't do.
24622 * lex.yy.c, sudo.tab.c:
24626 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
24627 visudo.html, visudo.man:
24636 o Document -K flag and update meaning of -k flag. o BSD-style
24637 copyright o Document clearing of BIND resolver environment variables
24638 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
24639 if your OS gives away files
24647 BSD-style copyright
24651 o BSD copyright o no need to block signals, we now do that in main()
24655 * testsudoers.c, visudo.c:
24656 o BSD-style copyright o Use "struct sudo_user" instead of old
24657 globals. o some cometic cleanup
24661 BSD-style copyright
24665 o BSD copyright o logging and parser bits moved to their own .h
24666 files o new "struct sudo_user" to encapsulate many of the old
24671 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
24672 logging routines o simplified flow of control o BIND resolver
24673 additions to badenv_table
24677 BSD-style copyright
24681 Now compiles on more K&R compilers
24685 BSD-style copyright, cosmetic changes
24689 BSD-style copyright
24692 * parse.c, parse.h, parse.lex, parse.yacc:
24693 BSD-style copyright. Move parser-specific defines and structs into
24694 parse.h + other cosmetic changes
24698 defines for logging routines
24701 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
24702 BSD-style copyright, cosmetic changes
24705 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24707 BSD-style copyright
24711 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
24712 kill --disable-tgetpass o add --without-passwd o changes to fill in
24713 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
24714 v?asprintf() o replace --with-AuthSRV with --with-fwtk
24718 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
24719 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
24720 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
24724 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
24728 BSD-style copyright
24732 no more --with-getpass
24736 Take out things I've done...
24744 --with-getpass no longer exists
24748 BSD-style copyright. Update to reflect reality wrt new files and
24753 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
24758 Update history a bit
24761 * COPYING, LICENSE:
24762 Now distributed under a BSD-style license
24765 * auth/sudo_auth.c:
24766 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
24767 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
24771 * auth/pam.c, auth/sia.c:
24772 BSD-style copyright and use new log functions
24776 o BSD-style copyright o Use new log functiongs o Use asprintf() and
24777 snprintf() where sensible.
24781 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
24782 done more reasonably--better sanity checks and tty-based stamps are
24783 now done as files in a directory with the same name as the invoking
24784 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
24785 to mix tty and non-tty based ticket schemes but this may change in
24786 the future (it requires sudo to use a directory instead of a file in
24787 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
24788 the epoch and ``sudo -K'' really deletes the file. That way you
24789 don't get the lecture again just because you killed your ticket in
24790 .logout. BSD-style copyright now.
24794 o rewritten logging routines. log_error() now takes printf-style
24795 varargs and log_auth() for the return value of validate(). o BSD-
24799 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
24800 superceded by new auth API
24804 BSD-style copyright
24808 Use snprintf() where it makes sense and add a BSD-style copyright
24811 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
24812 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
24813 BSD-style copyright
24816 * emul/utime.h, utime.c:
24817 BSD-style copyright
24821 this has been rewritten so use my BSD-style copyright
24824 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
24827 include malloc.h if no stdlib.h
24831 KTH snprintf()/asprintf() for systems w/o them
24835 strerror() for systems w/o it
24838 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
24844 * parse.c, parse.lex, parse.yacc:
24845 Add contribution info in the main comment
24848 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
24851 remove missed ref to PAM_nullpw
24854 * auth/sudo_auth.h:
24859 more or less complete now--still untested
24862 * auth/afs.c, auth/pam.c:
24863 don't use user_name macro, it will go away
24866 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
24867 combine skey/opie code into rfc1938.c
24870 * auth/dce.c, auth/sudo_auth.h:
24871 DCE authentication method; basically unchanged from dce_pwent.c
24874 * auth/aix_auth.c, auth/sudo_auth.h:
24875 AIX authenticate() support. Could probably be much better
24879 Fix an uninitialized variable and some cleanup. Now works (tested)
24882 * auth/sia.c, auth/sudo_auth.h:
24883 SIA support for digital unix
24887 don't use prompt global, it will go away
24890 * auth/secureware.c:
24891 correct copyright years
24894 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
24895 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
24896 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
24897 New authentication API and methods
24900 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
24907 only save an entry if user_matches && host_matches, even if the
24908 stack is empty (fix for previous commit)
24916 1) Always save an entry on the stack if it is empty. This fixes the
24917 -l and -v flags that were broken by earlier parser changes.
24919 2) In a Runas list, don't negate FALSE -> TRUE since that would make
24920 !foo match any time the user specified a runas user (via -u) other
24925 interfaces and num_interfaces are now auto, not extern
24928 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
24931 use a static global to keep stae about empty passwords
24935 make PASSWORD_NOT_CORRECT logging consistent with other modules
24938 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
24941 PAM prompt code was wrong, looks like we have to kludge it after
24946 In the PAM code, when a user hits return at the first password
24947 prompt, exit without a warning just like the normal auth code
24950 * configure, configure.in:
24951 kludge around cross-compiler false positives
24954 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
24955 New (correct) PAM code Tgetpass now takes an echo flag for use with
24956 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
24957 useless umask setting Change error from BAD_ALLOCATION ->
24958 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
24963 Some -Wall and kill some trailing spaces
24967 define -D__EXTENSIONS__ for solaris so we get crypt() proto
24970 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
24976 * INSTALL, config.h.in, configure, configure.in:
24977 for kerberos V < version, fall back on old kerb4 auth code
24981 clarify some things
24984 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
24988 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
24991 mention why DONT_LEAK_PATH_INFO is not the default
24994 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
24997 Fix open(2) return value checking, was NULL for fopen, should be -1
25006 better wording for solaris pam notice
25010 document recent changes
25014 Update shadow password section
25018 move authentication code from check.c to auth.c
25021 * Makefile.in, check.c, sudo.h:
25022 move authentication code to auth.c
25025 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
25027 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
25028 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
25029 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
25030 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
25032 Move interface-related defines to interfaces.h so we don't have to
25033 include <netinet/in.h> everywhere.
25036 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
25038 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
25039 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
25040 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
25041 turns out the old DES crypt does the right thing with passwords
25042 longert than 8 characters. o Fix common typo (necesary ->
25043 necessary) o Update TODO list
25046 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
25049 set $LOGNAME when we set $USER
25052 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
25055 add comment about digital unix and interfaces.c warning with gcc
25058 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
25061 use modern paths and give examples for some of the new parser
25065 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
25071 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
25072 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
25073 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
25074 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
25075 Function names should be flush with the start of the line so they
25076 can be found trivially in an editor and with grep
25079 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
25080 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
25081 free(3) is already void, no need to cast it
25084 * logging.c, sudo.c, sudo.h:
25085 catch case where cmnd_safe is not set (this should not be possible)
25088 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
25089 testsudoers.c, visudo.c:
25090 Stash the "safe" path (ie: the one listed in sudoers) to the command
25091 instead of stashing the struct stat. Should be safer.
25094 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
25096 * INSTALL, Makefile.in, UPGRADE:
25097 notes on updating from an earlier release
25104 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
25106 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
25107 sudoers.man, sudoers.pod:
25108 You can now specifiy a host list instead of just a host or alias.
25109 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
25116 * parse.yacc, sudo.tab.c:
25117 Move the push from the beginning of cmndspec to the end. This means
25118 we no longer have to do a push at the end of privilege, just reset
25122 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
25123 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
25124 use "!" most everywhere
25127 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
25130 modernize paths and update su example based on sample.sudoers one
25134 New runas semantics
25137 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
25139 In estrdup(), do the malloc ourselves so we don't need to rely on
25140 the system strdup(3) which may or may not exist. There is now no
25141 need to provide strdup() for those w/o it. Also, the prototype for
25142 estrdup() was wrong, it returns char * and its param is const.
25150 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
25153 * CHANGES, TODO, parse.yacc, sudo.tab.c:
25154 It is now possible to use the '!' operator in a runas list as well
25155 as in a Cmnd_Alias, Host_Alias and User_Alias.
25158 * logging.c, sudo.h:
25159 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
25163 Definitions of *_matched were wrong--user top, not top-2 as
25167 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
25168 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
25169 command but the NOPASSWD flag was set. Make runasspec, runaslist,
25170 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
25171 in the runas list Fix double printing of '%' and '+' for groups and
25172 netgroups respectively Add *_matched macros (no need for local stack
25173 variable). Should only be used directly after a pop (since top must
25177 * aclocal.m4, configure.in:
25178 Add copyright, somewhat silly
25181 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
25183 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
25184 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
25185 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
25186 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
25187 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
25188 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
25189 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
25190 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
25192 Crank version to 1.6 and combine copyright statements
25196 Use ! not ^ to do negation
25199 * lex.yy.c, sudo.tab.c:
25203 * parse.lex, parse.yacc:
25204 Make runas and NOPASSWD tags persistent across entris in a command
25205 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
25206 runas or *PASSWD tag the value given becomes the new default for the
25207 rest of the command list.
25210 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
25214 [a1ae9d4a7d54] [SUDO_1_5_9]
25217 Shift return value of system(3) by 8 to get real exit value and if
25218 it is not 1 or 0 print the retval along with the error message.
25221 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
25224 testsudoers needs LIBOBJS too
25227 * parse.c, parse.yacc, sudo.tab.c:
25228 Fix another parser bug. For a sudoers entry like this: millert
25229 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
25237 * parse.yacc, sudo.tab.c:
25238 Save entries that match a ! command on the matching stack too
25242 Make sudo's usage info better when mutually exclusive args are given
25243 and don't rely on argument order to detect this; nick@zeta.org.au
25246 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
25248 * CHANGES, Makefile.in, RUNSON:
25256 * parse.yacc, sudo.tab.c:
25257 Fix off by one error introduced in *alloc changes
25260 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
25261 check_sia.c, compat.h, config.h.in, configure, configure.in,
25262 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
25263 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25264 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
25265 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
25266 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
25267 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
25268 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
25272 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
25273 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
25274 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
25275 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
25276 Use emalloc/erealloc/estrdup
25280 error checking memory allocation routines
25283 * parse.yacc, sudo.tab.c:
25284 Still not right, this fixes it for real
25287 * parse.yacc, sudo.tab.c:
25288 Fix for previous commit
25291 * CHANGES, INSTALL, parse.yacc:
25292 Fix a parser bug that was exposed when mixing different runas specs
25293 and ! commands. For example: millert ALL=(daemon)
25294 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
25295 as well as daemon when it should just allow daemon. The problem was
25296 that comma-separated commands in a list shared the same entry on the
25297 matching stack. Now they get their own entry iff there is a full
25298 match. It may be better to just make the runas spec persistent
25299 across all commands in a list like the user and host entries of the
25300 matching stack. However, since that is a fairly major change it
25301 should gets its own minor rev increase.
25304 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
25306 * check.c, config.h.in:
25307 Simplify PAM code and fix a PAM-related warning on Linux
25310 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
25324 * check.c, configure.in:
25325 new pam code that works on solaris, should work on linux too;
25329 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
25336 only include strings.h if there is no string.h
25339 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
25342 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
25345 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
25348 shost must be set before log functions are called #ifdef HOST_IN_LOG
25351 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
25353 * CHANGES, lex.yy.c, parse.lex:
25354 Fix a bug wrt quoting characters in command args. Stop processing
25355 an arg when you hit a backslash so the quoted-character detection
25359 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
25362 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
25365 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
25367 * configure, configure.in:
25368 add missing case statement so --without-sendmail works
25371 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
25377 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
25379 * configure, configure.in:
25380 only search for -lsun in irix <= 4.x
25383 * configure, configure.in:
25384 back out last configure.in change now that I've hacked autoconf to
25385 fix the real problem and add a missing newline
25393 add def of dirfd() for those without it
25396 * configure, configure.in:
25397 When falling back to checking for socket() when linking with
25398 "-lsocket -lnsl" check for main() instead since autoconf has already
25399 cached the results of checking for socket() in -lsocket. This is
25400 really an autoconf bug as it should use the extra libs as part of
25401 the cache variable name.
25408 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
25411 fix occurrence of $with_timeout that should be
25412 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
25416 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
25418 * sudo.cat, sudo.html, sudo.man, sudo.pod:
25419 fix grammar; espie@openbsd.org
25420 [7031d9dfbc3e] [SUDO_1_5_8]
25422 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
25424 * parse.yacc, sudo.c, testsudoers.c:
25425 add cast for strdup in places it does not have it
25428 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
25430 * configure, configure.in:
25431 define for_BSD_TYPES irix
25434 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
25436 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
25437 Make it clear that it is the user's password, not root's, that we
25442 If the user enters an empty password and really has no password,
25443 accept the empty password they entered. Perviously, they could
25445 *but* an empty password. Also, add GETPASS macro that calls either
25446 tgetpass() or getpass() depending on how sudo was configured.
25447 Problem noted by jdg@maths.qmw.ac.uk
25450 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
25452 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
25453 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
25454 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25455 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
25456 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
25457 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
25459 add explicate copyright
25463 mention -lsocket, -lnsl configure changes
25466 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
25469 Don't clobber errno after calling check_sudoers().
25472 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
25474 * configure, configure.in:
25475 When linking with both -lsocket and -lnsl be sure to do so in that
25476 order. Also, when we can't find socket() or inet_addr() and have to
25477 try linking with both libs, issue a warning.
25480 * sudo.cat, sudo.man, sudo.pod:
25481 clarify bad timestamp and fmt
25484 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
25487 be clear that pam is linux-only and add a RUNSON entry
25490 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
25492 * CHANGES, INSTALL, configure, configure.in:
25493 fix and correctly document --with-umask; problem noted by
25497 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
25499 * configure, configure.in:
25500 only use /usr/{man,catman}/local to store man pages if suer didn't
25501 override prefix or mandir
25504 * INSTALL, configure, configure.in:
25505 fix typo, make --with-SecurID take an arg
25508 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
25514 * CHANGES, INSTALL, check.c, configure, configure.in:
25515 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
25518 * configure, configure.in:
25519 better fix for the problem of unresolved symbols in -lnsl or
25523 * configure, configure.in:
25524 when checking for functions in -lnsl and -lsocket link with both of
25525 them to avoid unresolved symbols on some weirdo systems
25528 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
25530 * BUGS, CHANGES, RUNSON, TODO:
25531 old changes that didn't make it into RCS before the RCS->CVS switch
25534 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
25536 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
25537 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
25538 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25539 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
25540 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
25541 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
25542 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
25555 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
25556 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
25557 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
25558 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
25559 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
25560 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
25561 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
25562 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
25563 crank version and regen files
25567 kill rcs goop in update_version and fix now that version is a const
25570 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
25571 sudo.c, sudo.h, sudo.pod:
25572 kerb5 support from fcusack@iconnet.net
25575 * realpath.c, sudo_realpath.c:
25576 we no longer use realpath
25580 replaced by find_path.c
25584 all options are now configure flags
25592 superceded by getcwd.c
25596 superceded by tgetpass.c
25600 superceded by RUNSON
25604 No longer used now that we have configure options for everything.
25608 regen based on configure.in
25611 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
25612 sudoers.man, visudo.cat, visudo.html, visudo.man:
25613 regen based on sudo.pod, sudoers.pod, and visudo.pod
25616 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
25619 fix tty tickets in remove_timestamp (didn't use ':')
25622 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
25625 close sock when we are done with it
25628 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25631 never say "error on line -1"
25634 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
25637 check for -lnsl before -lsocket
25641 quote '[', ']' used in ranges correctly
25644 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
25647 add missing NO_ROOT_SUDO noted by drno@tsd.edu
25650 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
25657 more info for 1.5.7
25665 make increases of cm_list_size and ga_list_size be similar to
25666 increases of stacksize (ie: >= not > in initial compare).
25670 when we get a syntax error, report it for the previous line since
25671 that's generally where the error occurred.
25674 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
25676 * config.h.in, configure.in, interfaces.c:
25677 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
25679 [d197f31fd1e4] [SUDO_1_5_7]
25682 define BSD_COMP for svr4
25685 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
25686 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
25687 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
25688 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25693 kill check for sockio,h
25697 no more HAVE_SYS_SOCKIO_H
25700 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
25701 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
25702 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
25703 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25707 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25710 add missing inform_user()
25713 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
25716 return NOT_FOUND if given fully qualified path and it does not exist
25717 previously it would perror(ENOENT) which bypasses the option to not
25722 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
25726 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
25729 tty tickets are user:tty now
25733 when using tty tickets make it user:tty not user.tty as a username
25734 could have a '.' in it
25737 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
25740 add "ignoring foo found in ." for auth successful case
25743 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
25746 add missing printf param
25749 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
25751 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
25752 go back to printing "command not found" unless --disable-path-info
25753 specified. Also, tell user when we ignore '.' in their path and it
25754 would have been used but for --with-ignore-dot.
25758 Only one space after a colon, not two, in printf's
25761 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
25764 document setting $USER
25768 fix bugs with prompt expansion
25772 set $USER for root too
25775 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
25782 HP-UX's iscomsec is in -lsec, not libc
25786 remove some entries in the OS case statement that did nothing
25790 add "cd" section and flush out syslog section
25794 no more sudo-lex.yy.c
25798 add custom prompt support
25802 kill perror("malloc") since we already have a good error messages
25803 pw_ent -> pw for brevity
25807 kill perror("malloc") since we already have a good error messages
25808 pw_ent -> pw for brevity set $USER if -u specified
25812 kill perror("malloc") since we already have a good error messages
25816 kill perror("malloc") since we already have a good error messages
25817 pw_ent -> pw for brevity when checking if %group matches, look up
25818 user in password file so that %groups works in a RunAs spec.
25822 kill perror("malloc") since we already have a good error messages
25825 * check.c, getspwuid.c, interfaces.c:
25826 kill perror("malloc") since we already have a good error messages
25827 pw_ent -> pw for brevity
25830 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
25833 the prompt is expanded before tgetpass is called
25837 tgetpass now has the same args as getpass again
25841 add iscomsec, issecure support
25845 we now expand any %h or %u in the prompt before passing to tgetpass
25849 add check for syslog(3) in -lsocket, -lnsl, -linet
25853 add HAVE_ISCOMSEC and HAVE_ISSECURE
25857 add check for iscomsec in HP-UX
25861 check for issecure if we have getpwanam on SunOS some options are
25862 incompatible with DUNIX SIA check for dispcrypt on DUNIX
25865 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
25872 add back support for non-dispcrypt based checking for older DUNIX
25880 SIA becomes the default on Digital UNIX now havbe --disable-sia to
25885 move local includes after system ones
25888 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
25890 * check.c, check_sia.c, sudo.h:
25891 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
25896 fix while loop in sia_attempt_auth() that checks the password. Only
25897 the first iteration was working.
25900 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
25903 don't trust UID_MAX or MAXUID
25914 * getspwuid.c, secureware.c:
25915 init crypt_type to INT_MAX since it is legal to be negative in DUNX
25920 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
25921 -ldb since DUNX < 4.0 lacks it
25924 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
25926 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
25927 secureware.c, sudo.c, tgetpass.c:
25928 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
25929 minutes if the shadow files don't exist).
25932 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
25935 updated --with-editor blurb
25939 tell how to put sudoers in a different dir
25943 add missing quotes around $with_editor
25947 typo in --with-editor bits
25951 I don't expect it to work on Solaris
25955 add back security/pam_misc.h
25958 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
25961 remove dunix note since configure checks for this now
25965 add check for broken dunix prot.h (4.0 < 4.0D is bad)
25968 * getspwuid.c, secureware.c, tgetpass.c:
25969 new dunix shadow code, use dispcrypt(3)
25977 call initprivs() if we have it for getprpwuid later on
25981 clean pathnames.h too
25985 quote "Sorry, try again." with [] since it has a comma in it set
25986 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
25987 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
25992 update Digital UNIX note about acl.h
25997 --without-root-sudo -> --disable-root-sudo some reordering
26004 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
26012 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
26015 when checking for -lsocket, -lnsl, and -linet, check for the
26016 specific functions we need from them.
26019 * config.h.in, sudo.h:
26020 move Syslog_* defs into sudo.h
26023 * Makefile.in, sudo.h:
26024 added check_secureware
26028 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
26032 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
26033 defined. configure now does that for us
26037 move some --with options around change a bunch of echo's to
26038 AC_MSG_CHECKING, AC_MSG_RESULT pairs
26042 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
26043 syntax error add some echo verbage
26046 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
26049 moved SecureWare stuff into secureware.c
26057 update url to solaris gcc bins
26061 change option formatter and flesh out someentries
26064 * TROUBLESHOOTING, sudo.pod, visudo.pod:
26065 environmental variable -> environment variable
26069 everything is now done via configure
26077 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
26081 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
26085 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
26086 sudoers_mode from configure
26090 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
26091 the Makefile, not config.h
26095 document all --with/--enable options
26098 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
26101 options.h is no more
26105 assimilated options.h
26109 moved options from options.h to configure
26112 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
26113 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
26114 sudo_setenv.c, visudo.c:
26118 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
26119 remove references to options.h
26122 * dce_pwent.c, interfaces.c, sudo.c:
26127 if select return < -1 still prompt for pw
26131 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
26136 FAST_MATCH is no longer an optino
26140 remove_timestamp() if timestamp is preposterous
26144 convert more options to --with/--enable
26147 * INSTALL, aclocal.m4:
26152 convert more options into --with and --enable
26156 catch EINTR in select and restart
26163 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
26166 UMASK -> SUDO_UMASK.
26169 * check.c, logging.c:
26170 time.h, not sys/time.h
26173 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
26176 MAILER -> _PATH_SENDMAIL
26179 * INSTALL, configure.in:
26180 no more --with-C2, now it is --disable-shadow
26183 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
26184 getspwuid.c, sudo.c, tgetpass.c:
26185 new shadow password scheme. Always include shadow support if the
26186 platform supports it and the user did not disable it via configure
26189 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
26192 --with-getpass -> --{enable,disable}-tgetpass
26196 pathnames.h -> pathnames.h.in
26204 move pam_conv to be static to auth function remove pam_misc.h
26205 (solaris doesn't have one)
26209 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
26213 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
26217 convert to pathnames.h.in
26220 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
26223 fix typo in sysv4 matching case /.
26226 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
26229 pam stuff needs to run as root, not user, for shadow passwords
26232 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
26234 * BUGS, INSTALL, README, configure.in:
26238 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26239 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
26240 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
26241 logging.c, options.h, parse.c, parse.lex, parse.yacc,
26242 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26243 testsudoers.c, tgetpass.c, utime.c, visudo.c:
26248 user version.h for long message
26252 this is version 1.5.6
26255 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
26258 remove errant backslash
26261 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
26263 * options.h, parse.yacc, pathnames.h.in:
26265 [fdee73255d64] [SUDO_1_5_6]
26267 * BUGS, CHANGES, TODO:
26275 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
26278 kill unused localhost_mask var copy if name to ifr_tmp after we zero
26282 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
26285 Better description of new vs. old sudoers modes fix some typos
26286 better description of /usr/ucb/cc gotchas on slowaris
26294 set NewArgv[0] to user_shell, not basename(user_shell)
26297 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
26300 mention TROUBLESHOOTING more fix some typos
26304 move --enable/--disable to be after --with
26308 document --enable/--disable
26312 document --with-pam
26315 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
26318 Add message for pam users
26329 * check.c, config.h.in, configure.in:
26330 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
26333 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
26336 add HOST_IN_LOG and WRAP_LOG
26340 add WRAP_LOG and HOST_IN_LOG
26344 add --enable-log-host and --enable-log-wrap
26348 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
26351 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
26358 include sys/param.h to get howmany macro
26361 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
26363 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
26367 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
26370 bring in stdio.h for NULL
26374 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
26378 use HAVE_SET_AUTH_PARAMETERS
26382 add HAVE_SET_AUTH_PARAMETERS
26386 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
26390 add support for HI-UX/MPP SR220001 02-03 0 SR2201
26394 initialize previfname
26398 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
26399 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
26408 don't need special build line for sudo.tab.o
26412 don't clean sudo.tab.[ch]
26416 Sudo should prompt for a password before telling the user that a
26417 command could not be found.
26425 no longer require yacc
26433 y.tab -> sudo.tab include pre-yacc'd parse.yacc
26437 include sudo.tab.h, not y.tab.h don't break out of command args if
26445 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
26454 getcwd(3) from OpenBSD for those without it.
26458 HAVE_GETWD -> HAVE_GETCWD
26462 pretend sunos doesn't have getcwd(3) since it opens a pipe to
26471 remove duplicate include of string.h
26475 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
26479 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
26483 add dev_t and ino_t
26486 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
26489 fix OTP_ONLY for opie
26492 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
26494 * testsudoers.c, tgetpass.c:
26495 include stdlib.h for malloc proto
26498 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
26501 make update_version saner
26505 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
26509 check for waitpid and wait3 or no waitpid
26513 used waitpid or wait3 if we have 'em
26516 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
26519 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
26522 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
26525 don't need to explicately mention -lsocket -lnsl for sequent
26528 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
26531 dynix should not link with -linet
26534 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
26537 mention that HP-UX doesn't ship with yacc
26540 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
26543 ignore kerberos if we can't get the local realm
26546 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
26548 * BUGS, INSTALL, README, configure.in:
26556 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
26557 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
26558 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
26559 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
26568 don't use popen/pclose. Do it inline.
26579 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
26580 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
26585 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
26590 getwd.c -> getcwd.c
26602 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
26606 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
26608 * OPTIONS, options.h:
26609 add STUB_LOAD_INTERFACES
26612 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26613 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26614 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
26615 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
26616 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26617 testsudoers.c, tgetpass.c, utime.c, visudo.c:
26622 support *-ccur-sysv4 and fix two typos
26625 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
26628 don't echo about with_logfile and with_timedir
26632 document --with-logfile and --with-timedir
26636 support --with-logfile and --with-timedir
26640 Add --with-logfile and --with-timedir
26644 change size computation of NewArgv for UNICOS
26647 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
26650 treate -*-sysv4* like *-*-svr4
26653 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
26656 fix spacing for --with-authenticate help
26659 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26660 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26661 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
26662 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
26663 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26664 testsudoers.c, tgetpass.c, utime.c, visudo.c:
26669 fix off by one error in push macro
26672 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
26675 removed bogus alloca hack
26679 added AIX 4.x authenticate() support
26683 include alloca.h if using bison and not gcc and it exists. fixes an
26684 alloca problem on hpux 10.x
26688 mention --with-authenticate
26692 added AIX authenticate() support
26696 add HAVE_AUTHENTICATE
26700 dynamically size ifconf buffer
26707 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26708 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26709 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
26710 logging.c, options.h, parse.c, parse.lex, parse.yacc,
26711 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26712 testsudoers.c, tgetpass.c, utime.c, visudo.c:
26720 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
26723 add busy stmp file explanation
26726 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
26729 the name of the cached var that signals whether or not you are cross
26730 compiling changed. It is now ac_cv_prog_cc_cross
26733 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
26736 mention glibc 2.07 is fixed wrt lsearch()\.
26739 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
26741 * sample.sudoers, sudoers.pod:
26742 better example of su but not root su
26745 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
26747 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26748 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26749 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
26750 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
26751 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26752 testsudoers.c, tgetpass.c, utime.c, visudo.c:
26757 correct regexp for updating version
26761 remove bogus flush of stderr spew prompt before turning off echo.
26762 Seems to fix a weird problem where if sudo complained about a bogus
26763 stamp file the user would sometimes not have a chance to enter a
26768 fix bogus flush of stderr
26772 close fd's <=2 not <=3 and move that chunk of code up
26776 support hpux1[0-9] not just hpux10
26779 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
26782 set sudoers_fp to nil after closing
26785 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
26787 * config.guess, config.sub:
26788 updated from autoconf 2.12
26795 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
26798 fix select usage for high fd's (dynamically allocate readfds)
26802 kill extra whitespace
26806 do an initgroups() before running a command, unless the target user
26810 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
26813 tell people to use tabs, not spaces, in syslog.conf
26816 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
26818 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
26819 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
26823 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
26824 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
26828 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
26829 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
26834 more tweaks to update_version
26838 fixed up update_version rule
26846 removed supe of check.c
26857 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
26858 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
26859 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
26860 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
26861 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
26862 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
26872 add rules to update version stuff in files so I don't need to do it
26877 sudoers_fp is now extern
26881 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
26882 don't have to open it again in the parse. This may help with weird
26883 solaris problems where EAGAIN sometime occurrs.
26887 sudoers file open is now done only in check_sudoers() so we just do
26888 a rewind() instead of an open. May help people on solaris who were
26892 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
26895 mention that newer glibc is fixed
26898 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
26901 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
26902 _RLD* instead of _RLD_*
26910 fix that bug for real
26914 document Linux's libc6 brokenness.
26923 [4949a1bbd0a9] [SUDO_1_5_4]
26926 remind people to HUP syslogd
26942 remove author's email addr. people should mail sudo-bugs
26949 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
26950 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
26951 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
26952 logging.c, options.h, parse.c, parse.lex, parse.yacc,
26953 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26954 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
26962 * INSTALL, Makefile.in:
26971 exit(1) if user enters no passwd
26979 commands can start with ./* not just /* -- fixes a serious security
26983 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
26986 Don't set the tty variable to NULL when we lack a tty, leave it as
26990 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
26993 fix usage of (username) in conjunction with , and !
26997 catch the case where the user is not in the passwd file
27001 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
27006 define tty global to an initial value to avoid dumping core in
27007 logging functions when passwd file is unavailable.
27011 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
27016 talk about problem of ALL
27019 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
27026 fdesc bug is fixed in Open/Net BSD
27030 updates from Nieusma
27033 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
27036 move compat.h after the system includes
27039 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
27042 save errno from being clobbered by wait(). From Theo
27045 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
27048 fix an occurence of setresuid -> setreuid (typo)
27051 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
27054 check for path to strip
27057 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
27060 deal with maxfilelen < 0 case
27067 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
27070 correct error message if mode/owner wrong and not statable by owner
27071 but is statable by root.
27074 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
27076 * config.guess, config.sub:
27080 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
27082 * CHANGES, RUNSON, TODO:
27086 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
27088 * parse.yacc, sudo.h:
27089 command_alias -> generic_alias
27090 [c404ca8c510d] [SUDO_1_5_3]
27093 added Runas_Alias example and fixed syntax errors
27096 * OPTIONS, options.h:
27097 updated MAILSUBJECT
27104 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
27105 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
27106 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
27107 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
27108 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
27109 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
27114 * BUGS, emul/utime.h:
27119 document Runas_Alias
27127 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
27132 add size params to sprintf
27136 allow trailing space after '\\' but before '\n'
27140 off by one error in path size check
27147 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
27154 now warns if killed by signal ./
27157 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
27160 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
27165 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
27169 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
27173 Add Runas_Alias and simplify a rule.
27177 always store User_Alias's since they can be used inside of a runas
27178 list. Sigh. Really need a Runas_Alias instead.
27181 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
27184 deal with case where there is no sudoers file
27187 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
27193 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
27195 * HISTORY, testsudoers.c:
27196 developement -> development
27211 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
27214 removed seteuid() notes
27215 [1010a60f281d] [SUDO_1_5_2]
27217 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
27220 better seteuid() emulatino
27224 added check for seteuid
27231 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
27234 first stab at sequent support
27238 added HAVE_SYS_SELECT_H
27242 sequent -> _SEQUENT_
27246 added seteuid() macro for DYNIX
27250 _AIX -> HAVE_SYS_SELECT_H
27253 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
27255 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
27256 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
27257 testsudoers.c, tgetpass.c, utime.c, visudo.c:
27261 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
27262 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
27263 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
27264 pathnames.h.in, version.h:
27269 added -H and SUDO_PS1
27273 use SUDO_FUNC_FNMATCH
27277 added SUDO_FUNC_FNMATCH
27285 added MODE_RESET_HOME /
27288 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
27302 * compat.h, config.h.in:
27307 added HAVE_OPIE and changed to *_OTP_*
27314 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
27317 moved fclose() in skey stuff.
27320 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
27323 index -> strchr remove unnecesary stuff
27327 now call skeychallenge() to get challenge instead of making one up
27328 ourselves. this way, we get extra goodies in the prompt.
27331 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
27335 [3f5149357e2a] [SUDO_1_5_1]
27338 allow logins to start with a number (YUCK!)
27341 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
27344 added soalris 2.5 vs 2.4 note
27348 DUNIX doesn't need -lnsl
27352 *** empty log message ***
27355 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
27356 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
27357 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
27358 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
27359 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
27360 utime.c, version.h, visudo.c:
27364 * PORTING, README, RUNSON:
27368 * INSTALL, Makefile.in, TROUBLESHOOTING:
27373 *** empty log message ***
27376 * sudo.pod, visudo.pod:
27380 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
27386 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
27389 added $SUDO_PROMPT support
27392 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
27395 print long skey challemged to stderr, not stdout
27398 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
27408 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
27414 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
27417 use shost, not host for tgetpass
27421 documented %u and %h
27425 documented %u and %h
27432 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
27433 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
27434 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27435 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
27436 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
27437 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
27445 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
27447 * Makefile.in, configure.in, version.h:
27452 new tgetpass() params
27456 pass use and host to tgetpass
27460 added %u and %h escapes
27463 * OPTIONS, check.c, options.h:
27468 added cray (unicos) support
27471 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
27473 * OPTIONS, options.h, sudo.c:
27474 added SHELL_SETS_HOME
27477 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
27480 added note about "make install"
27484 changed length/size params from int to size_t
27488 now get CSOPS insults as well by default
27492 use csops insults too by default
27495 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
27500 added runas_homedir
27516 added "upgrading" notes
27519 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
27522 now do chmod and chown after edit of temp file and before rename
27523 [de174e34faa7] [SUDO_1_5_0]
27525 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
27528 ++version added INSTALL.configure
27531 * configure.in, version.h:
27536 *** empty log message ***
27544 sets $HOME to pw_dir of runas user
27548 document $HOME change
27551 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
27554 fixed up some wording
27557 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
27558 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
27559 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
27564 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
27565 insults.h, options.h, pathnames.h.in, sudo.h:
27574 name nad type changes
27578 now works with new sudo
27586 some variable name changes + comment headers for functions.
27590 added extra paren's to make compilers happy
27594 *** empty log message ***
27598 now uses init_parser() if not in sudoers and tries "list" or
27599 "validate" scold but don't be nasty.
27603 now can use upper case login names
27607 now uses init_parser()
27615 added info about PASSWORD_TIMEOUT
27618 * INSTALL.configure:
27627 now dynamically allocates memory for the stacks -- no more
27632 -l now explands command aliases
27636 hacks to expand command aliases for `sudo -l'
27640 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
27644 added struct command_alias
27652 in compar() key should be first arg
27655 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
27662 can now deal with upcase HOST and USER names
27666 don't yell too loudly at non-sudoers if they do "sudo -l"
27677 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
27679 * parse.c, parse.yacc:
27680 added support for new `sudo -l' stuff
27684 now uses list_matches()
27688 added struct sudo_match
27692 now more -lgnumalloc
27695 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
27698 added more paths for chown and whoami
27701 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
27707 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
27710 fixed DUNIX check for shadow pw
27714 now only turn off echo if it is already on. this fixes a race when
27715 you use sudo in a pipelin
27723 changed "test -z $foo && do_this" to if; then construct
27726 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
27729 added missing defines of SHADOW_TYPE
27732 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
27735 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
27740 added AUTH_CRYPT_C1CRYPT support
27744 no longer return VALIDATE_NOT_OK if there was a runas that didn't
27745 match. Now we can have runas stuff on more than one line.
27748 * getspwuid.c, sudo.c, tgetpass.c:
27749 use SHADOW_TYPE instead of HAVE_C2_SECURITY
27753 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
27758 removed HAVE_C2_SECURITY added SPW_BSD
27762 use SHADOW_TYPE instead of HAVE_C2_SECURITY
27766 SHADOW_TYPE is always defined so just against its value
27770 added SUDO_CHECK_SHADOW_DUNIX
27773 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
27776 * -> ?* in one example added another instance of (runas) and one of
27780 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
27783 added back check for config.cache from other host type
27787 removed an instance of \"
27795 updated wrt new wildcard matching
27799 new check for shadow passwords if we don't know anything
27803 new SUDO_CHECK_SHADOW_GENERIC
27807 added back check for -lsocket (oops)
27811 better (working) check for shadow passwd type if we know to use C2.
27815 now uses AC_CANONICAL_HOST to figure out os type
27819 added config.{guess,sub}
27823 removed unused stuff to figure out os type
27839 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
27840 pathname. need to check against sudoers_args even if user_args is
27845 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
27846 pathname need to check against sudoers_args even if user_args is nil
27849 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
27852 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
27856 now takes command line args and uses cmnd_args
27860 fill_args was adding an extra leading space
27863 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
27866 fixed dummy command_matches()
27878 now uses flat args string
27881 * parse.c, parse.lex:
27882 now uses flat arg string
27886 added cmnd_args def
27890 now sets cmnd_args global
27894 cmnd_args is now exported from sudo.[ch]
27897 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
27900 can't rely on cmnd_matches as much as I thought -- added some $$
27901 stuff back in to prevent namespace pollution problems.
27905 Simplified parse rules wrt runas and NOPASSWD (more consistent).
27908 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
27911 NOPASSWD may now have blanks before the ':' '(' only starts a
27912 'runas' if in the initial state to avoid collision with command args
27916 added checks for specific shadow passwd schemes
27920 added routines to check for specific shadow passwd types
27923 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
27926 added support for ncr boxen
27930 added support for detecting ncr boxen
27933 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
27936 added sinix support
27939 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
27942 added info about "config.cache from other other" error.
27946 now makes sure you don't have a config.cache file from another OS
27950 now sets $LIBS when needed to configure links with libs when doing
27951 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
27952 bigcrypt(3) if SPW_SECUREWARE
27960 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
27968 no more SPW_HPUX10 added HAVE_BIGCRYPT
27972 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
27976 SPW_SECUREWARE now uses bigcrypt
27979 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
27982 fixed 2 syntax errors
27986 root may now run ALL as ALL
27989 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
27992 fixed a typo/thinko that broke BSD's with sa_len
27995 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
27997 * check.c, configure.in:
27998 updated AFS support
28002 added entry about /usr/ucb/cc
28006 prep no longer holds gcc binaries
28018 AFS allows long passwords
28022 fixed -u user support
28026 sudo -v now groks VALIDATE_OK_NOPASS
28030 fixed no_passwd vs. runas_matched
28034 took out stuff about NFS-mounting since it is no longer an issue
28038 added --with-libraries > --with-libpath --with-incpath
28042 was setting runas_matches to -1 in wrong place
28046 removed usersec.h which is not present in new AFS versions
28050 now deals with timeout <= 0
28058 BSD/OS >= 2.0 now uses shlicc instead of just gcc
28062 fixed backwards compatibility with sudo 1.4 sudoers mode for root
28063 readable/writable filesystems
28067 now gives INSTALL -c flag
28071 slightly simpler initialization of no_passwd and runas_matches
28075 added -u username support
28079 improved --with-libraries support
28082 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28085 added --with-incpath, --with-libpath, --with-libraries
28089 now initializes some fields that weren't getting set to -1 pretty
28090 gross -- need a rewrite.
28093 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
28100 no longer add -lPW to *_LIBS since we include alloca.c
28104 added HAVE_ALLOCA_H
28119 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
28122 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
28123 not always set to a valid uid.
28127 fixed entry for SUDO_MODE
28131 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
28132 being set to -2. Now beat NFS to the punch and set uid to "nobody"
28133 ourselves, preserving group 0 to read sudoers.
28137 moved set_perms(PERM_ROOT) to be before yyparse()
28145 no longer need AC_PROG_INSTALL
28149 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
28153 make clean -> make distclean
28156 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
28159 removed some unnecsary if's
28162 * Makefile.in, version.h:
28166 * parse.c, testsudoers.c:
28167 now includes netgroup.h
28171 removed cats of ioctl to int since they didn't shut up -Wall
28175 explicately cast ioctl() to int since it it not always declared
28179 added declarations for yyparse() and yylex()
28183 fixed an occurence of '==' -> '='
28186 * config.h.in, configure.in:
28187 added check for netgroup.h
28191 fixed 2 compiler warnings
28195 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
28199 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
28205 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
28208 fixed a formatting thingie
28211 * parse.c, parse.yacc:
28212 fixed -u support with multiple user lists on a line
28216 unixware needs -lgen
28220 updated ftp location
28224 add net_addr/netmask support
28228 added net_addr/mask example
28231 * parse.c, parse.lex:
28232 added support for net_addr/netmask
28235 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
28241 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
28251 * BUGS, TODO, TROUBLESHOOTING:
28256 updated with examples of new stuff
28264 updated wrt -u and NOPASSWD
28268 updated wrt -u and CAVEATS
28271 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
28278 now use :foo: character classes (makes no diff for generated lexer)
28281 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
28284 fixed LONG_SKEY_PROMPT stuff
28287 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
28294 make more like NetBSD one -- now compiles w/o warnings
28298 fixed decls of lsearch()
28301 * config.h.in, configure.in, getspwuid.c:
28306 hpux 10 uses bigcrypt() if C2
28309 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
28312 now always uses fnmatch to match args
28316 back to using stdio instead of raw i/o since that caused some
28320 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
28323 now give usage warning if use -l,-v,-k with args
28326 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
28329 NewArgc is now set to 1 for -l, -v, -k
28333 now sets sudoers to correct group if mode is 0400
28337 updated to version used by inn and bind
28341 now uses -lgnumalloc if it exists
28345 "make install" now sets uid/gid and mode on sudoers if it exists
28349 rmeoved debugging statements
28353 added a missing free()
28357 now uses user_gid instead of getegid (which was wrong anyway) to set
28358 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
28359 (logging.c depends on args being in the environment)
28363 now uses SUDO_COMMAND envariable to get command args rather than
28364 building it up again.
28372 fixed off by one error in allocation NewArgv
28376 in sudoers, 'command ""' now means command with no args
28380 added check for fnmatch(3) and fnmatch.h
28388 replaced wildcat.* with fnmatch.*
28395 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
28398 now uses fnmatch() instead of wildmat a trailing star (*) by itself
28399 now matches multiple args added support for wildcards in the
28400 pathname in sudoers
28403 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
28406 now includes compat.h and config.h
28410 added HAVE_FNMATCH_H
28414 now checks for alloca() (if needed by bison or dce) and links with
28415 -lPW if it contains alloca() and libv and compiler do not.
28418 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
28422 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
28425 now fixes mode on sudoers if set to 0400 to aid in upgrade
28428 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
28431 fixed pod2man usage
28434 * Makefile.in, configure.in, version.h:
28438 * testsudoers.c, visudo.c:
28439 runas_user is now initialized to "root"
28443 removed PERM_FULL_ROOT
28447 runas_user defaults to "root" so no more need to PERM_RUNAS
28451 will now only running commands as root if there was no runas list
28452 (or if root is in the runas list)
28460 runas_matches is now set to false if we get a negative match
28464 make #uid work + some minor cleanup
28468 added support for NOPASSWD and "runas" from garp@opustel.com /
28472 added support for "runas" from garp@opustel.com replaced
28473 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
28478 added support for "runas" from garp@opustel.com
28482 added support for NO_PASSWD and runas from garp@opustel.com replaced
28483 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
28488 added support for NO_PASSWD and runas from garp@opustel.com replaced
28489 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
28494 added support for NO_PASSWD and runas from garp@opustel.com
28497 * parse.c, parse.lex:
28498 added support for NO_PASSWD and runas from garp@opustel.com
28502 added support for SUDOERS_WRONG_MODE and "runas"
28506 added --with-CC only link with -lshadow on linux (with shadow pw) if
28507 libc lacks getspnam()
28510 * OPTIONS, options.h:
28511 removed NO_PASSWD since it is not possible to do this in the sudoers
28512 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
28513 SUDOERS_GID. Added SUDOERS_MODE.
28517 now uses SUDOERS_UID and SUDOERS_GID
28520 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
28526 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
28529 added double quote support
28533 documented double quoting
28536 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
28543 fixed some indentation
28551 added install-dirs .
28554 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
28557 new version from "Jeff A. Earickson" <jaearick@colby.edu>
28560 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
28563 $CSOPS -> $with_csops (whoops, missed one)
28571 FQHOST now has same constraints as non-FQHOST
28575 added note about OS's w/ shadow passwords turned on by default
28578 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
28585 added support for --without-THING sanitized shadow pw situtation by
28591 fixed a typo wrt placement of an end paren
28595 was closing an fd that may not have been opened
28598 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
28600 * OPTIONS, options.h, sudo.c:
28604 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
28607 now always use shadow pw on some arches
28610 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
28613 added pyramid support
28617 no longer check for C2 if alternate passwd method is used no longer
28618 check for some libs twice
28622 moved fqdn stuff into parse.lex (FQHOST)
28630 now define TCSASOFT in necesary
28634 now uses read/write instead of stdio string goop to avoid problems
28638 * OPTIONS, find_path.c, options.h:
28639 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
28642 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
28645 added note about no shadow auto-detect if using alternate auth
28650 don't check for C2 if AFS or DCE (unless they said --with-C2)
28657 * OPTIONS, find_path.c, options.h:
28661 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
28664 checkdot now works correctly
28667 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
28670 can't have DCE and C2 passwords both...
28673 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
28675 * parse.yacc, sudo.c, sudo.h, visudo.c:
28676 now uses shost even if not FQDN
28680 now looks for skey in /usr/lib and doesn't require libskey to be in
28681 /usr/local/lib just because skey.h is (for my netbsd box :-)
28684 * aclocal.m4, config.h.in, pathnames.h.in:
28685 _SUDO_PATH_ -> _CONFIG_PATH_
28688 * aclocal.m4, sudo.pod:
28689 /var/run/.odus -> /var/run/sudo
28693 now uses _SUDO_PATH_TIMEDIR
28700 * aclocal.m4, configure.in:
28705 added _SUDO_PATH_TIMEDIR
28709 updated wrt /var/run/sudo
28713 added support for shost if FQDN
28716 * parse.yacc, visudo.c:
28717 now uses shost if FQDN
28721 Now use skeylookup() instead off skeychallenge()
28724 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
28727 mail_argv should not contain ALERTMAIL as it includes "-t"
28730 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
28732 * INSTALL, Makefile.in, README, configure.in, version.h:
28737 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
28741 now includes limits.h moved _PASSWD_LEN -> compat.h
28744 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
28762 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
28769 done for 1.4.1 (I hope)
28773 added info on wildcards
28777 added wildcard example
28781 now uses *.pod to build *.man and *.cat & *.html
28785 addedSUDO_PROG_BSHELL !ll
28789 fixed up some formatting
28793 redid section describing sample sudoers stuff
28797 fixed some formatting
28801 now treats "" as bourne shell
28805 TESTOBJS nwo includes wildmat.o
28809 now works with NewArg[cv]
28813 removed an XXX (fixed it in getspwuid.c)
28817 added check for bourne shell
28825 added _SUDO_PATH_BSHELL
28828 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
28831 unixware vi returns 256 instead of 0
28839 fixed up some XXX's. file log format now looks a little more like
28840 real syslog(3) format.
28843 * README, TROUBLESHOOTING:
28844 updated wrt lex/flex
28848 commented out rule to build lex.yy.c from parse.lex since we ship
28849 with a pre-flex'd parser
28852 * parse.c, parse.yacc, visudo.c:
28853 path_matches -> command_matches
28857 eliminated some strcat()'s
28861 no longer checks for lex/flex (now assumes flex)
28865 now checks for $kerb_dir_candidate/krb.h instead of just
28869 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
28872 now use a 'hook' expression instead of an iffy one :-)
28875 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
28878 now works with new sudo arg stuff
28882 fixed dereferencing deadbeef
28886 changed an occurrence of Argv to NewArgv
28890 took out support for quoted commands since there is no need...
28894 fixed a typo in a for() loop
28898 protected against dereferencing rogue pointers
28902 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
28903 also allows us to eliminate some kludges in parse_args() and
28904 eliminate superfluous code.
28908 no longer uses cmnd_args, now uses NewArgv instead.
28912 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
28917 added wildmat.c to SRCS & SUDOBJS
28921 COMMAND is now a struct containing the path and args
28925 replaced append() with fill_cmnd() and fill_args. command args from
28926 a sudoers entry are now stored in an arrary for easy matching.
28930 command line args from sudoers file are now in an array like ones
28931 passed in from the command line
28934 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
28937 wildwat stuff now works
28940 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
28947 ++version added wildmat.*
28950 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
28953 added support for quoted commands (w/ or w/o args)
28956 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
28958 * sudo.pod, visudo.pod:
28959 cleaned up formatting
28962 * sudo.pod, visudo.pod:
28966 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
28969 looks reasonable, could be mroe readable
28976 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
28983 updated NO_ROOT_SUDO entry
28986 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
28989 *** empty log message ***
28990 [5b63de579ff7] [SUDO_1_4_0]
29001 AIX aixcrypt.exp now uses $(srcdir)
29005 added entry for anal ansi compilers
29008 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
29011 added info on libcrypt_i for SCO
29015 *** empty log message ***
29030 * INSTALL, OPTIONS, README, config.h.in, configure.in:
29035 ++version and fixed ISC
29038 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
29039 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29040 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
29041 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
29047 added STUB_LOAD_INTERFACES ++version
29050 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
29056 added info about fd_set in tgetpass added info on interfaces.c
29059 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
29070 tgetpass.o is now only linked in with sudo (not visudo)
29073 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
29075 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
29081 added copyright notice
29084 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29085 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29086 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
29087 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29088 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
29093 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
29097 ISC now gets -lcrypt now check for sys/bsdtypes.h
29101 added check for sys/bsdtypes.h
29104 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
29107 removed debugging stuff (setting freed ptr to NULL)
29119 added section on syslog
29123 added AC_ISC_POSIX for better ISC support
29131 added define for _POSIX_SOURCE
29134 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
29137 fixed check for lsearch()
29140 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
29143 fixed for AIX now deal if num_interfaces == 0 (should not happen)
29146 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
29149 now only define HAVE_LSEARCH if there is a corresponding search.h
29156 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
29159 now define HAVE_LSEARCH if we find lsearch() in libcompat
29163 char * -> const char *
29167 now looks in -lcompat for lsearch()
29171 remove sudo.core visudo.core for clan target
29175 added UID_MAX support in check for MAX_UID_T_LEN
29179 fixed another occurence of sudo_getpwuid.*
29182 * Makefile.in, getspwuid.c:
29183 sudo_getpwuid.c -> getspwuid.c
29190 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
29191 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
29192 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
29193 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
29194 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
29195 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
29196 version.h, visudo.c:
29201 added group support
29209 documented group support
29212 * parse.c, parse.lex, parse.yacc, visudo.c:
29213 added group support
29216 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
29219 tkfile was too short and overflowed the kerberos realm
29222 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
29225 now copy command args directly from Argv
29229 replaced code to copy cmnd_args so that is does not use realloc
29230 since most realloc()'s really stink
29233 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
29236 syslog() fixed in hpux 10.01
29239 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
29242 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
29246 better error if cannot find skey incs or libs
29250 now use a temp file for determining max len of uid_t in string form.
29251 the old hacky way broke on netbsd
29255 added set of parens and a space
29258 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
29261 fixes from Jeff Earickson <jaearick@colby.edu> ,
29269 fixed up testsudoers target
29273 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
29274 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
29278 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
29282 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
29285 fix for C2 on hpux 10 now uses -linet if it exists
29289 LONG_SKEY_PROMPT is less of a klusge /
29293 fixed typos w/ dce stuff
29300 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
29303 amended section on combining authentication mechanisms
29307 minor updates for 1.3.6
29311 added 2 more entries
29323 rewrote for sudo 1.3.6
29330 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
29332 * find_path.c, getspwuid.c, sudo.c:
29333 added explict casts for strdup since many includes don't prototype
29338 removed prototype for sudo_getpwuid() since convex C compiler choked
29343 added prototype for sudo_getpwuid()
29347 now compiles on strict ANSI compilers
29351 added LONG_SKEY_PROMPT support
29355 added extra $'s for make to eat up, yum.
29358 * OPTIONS, options.h:
29359 added LONG_SKEY_PROMPT
29362 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
29365 s/key support now works with normal s/key as well as logdaemon
29368 * OPTIONS, options.h:
29373 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
29377 added DCE note added more AIX notes
29381 now include pthread.h for DCE support
29385 dce_pwent() is ok after all .,
29389 now uses SYSLOG() macro that equates to either syslog() or
29394 minor formatting changes. renamed check() to somthing less generic
29397 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
29399 now uses user_pw_ent and simple macros to get at the contents
29402 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
29405 simpler dec unix C2 support
29409 now sets crypt_type for DEC unix C2
29412 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
29415 added csops paths for skey
29419 now includes string.h for strdup() prototype
29427 now includes skey.h
29435 moved a lot of the shadow passwd crap to sudo_getpwuid()
29439 now uses sudo_pw_ent
29443 now uses sudo_pw_ent
29447 now sets sudo_pw_ent
29455 moved dce stuff into compat.h
29458 * logging.c, sudo.h:
29459 now uses sudo_pw_ent
29463 added sudo_getpwuid.c
29471 now uses sudo_pw_ent
29474 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
29477 fixed exempt_group stuff for OS's that don't put base gid in group
29482 S/Key support now works with sunos4 shadow passwords
29489 * config.h.in, configure.in:
29498 first stab at dce support
29502 now smells like sudo
29510 skey'd sudo now works w/ normal password as well
29513 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
29515 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
29516 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
29517 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
29518 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
29519 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
29520 version.h, visudo.c:
29521 updated version number
29525 updated to reflect version change
29529 --with options now line up ++version
29533 removed unecesary S/Key stuff
29537 fixed S/Key support
29541 -I stuff now goes in CPPFLAGS
29553 fixed description of EXEMPTGROUP
29557 more people use _RLD_ than just alphas...
29561 replaced $man_prefix with $mandir
29569 now use more GNU'ish dir names
29573 now set *dir correctly (can override from command line)
29577 now deal with situations where we getwd() fails
29580 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
29583 added etc_dir, bin_dir, sbin_dir
29591 now ship a flex-generated lex.yy.c
29595 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
29599 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
29603 no more error for redefining SUDOERS_OWNER
29607 expanded SUDOERS_OWNER section
29610 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
29613 now warn if chown(2) failed
29617 better default warning for NO_SUDOERS_FILE
29621 added missing set_perms() no more cryptic message if the sudoers
29622 file is zero length, now just give a parse error
29626 better diagnostics if NO_SUDOERS_FILE
29630 check_sudoers() now catches sudoers files that are not readable (but
29634 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
29637 now add -D__STDC__ for convex cc (not gcc)
29641 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
29645 now uses exec_prefix & prefix from configure
29648 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
29649 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
29651 options.h is now <> instead of "" so shadow build trees can have a
29652 custom copy of options.h
29656 user_is_exempt() is no longer a hack, it now uses getgrnam()
29660 EXEMPTGROUP is now "sudo"
29664 MAN_POSTINSTALL now contains a leading space
29668 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
29669 testsudoers in clean:
29673 includes pwd.h to get _PASSWD_LEN definition
29676 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
29679 unset the KRB_CONF envariable if using kerberos so we don't get
29680 spoofed into using a bogus server
29683 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
29686 now explicately initialize match[] tp be FALSE
29689 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
29692 removed unused variable now passes -Wall
29696 yyerror and dumpaliases are now void's now passes -Wall
29700 added prototype for yyerror
29703 * check.c, logging.c, parse.c:
29708 rmeoved unused cruft now passes -Wall
29712 fixed headers that moved to emul dir
29716 fixed deref of nil pointer if no args
29719 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
29722 added a caveat to FQDN section
29725 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
29728 more $srcdir support for install targets
29731 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
29732 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
29733 don't include malloc.h if we include stdlib.h
29737 local search.h now lives in emul
29740 * check.c, utime.c:
29741 local utime.h now lives in emul dir
29745 local search.h now lives in emul
29749 added support for building in other than the sourcedir
29752 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
29755 annotated CSOPS_INSULTS option
29759 updated shadow passwords blurb
29763 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
29764 passes along foo as the arguments
29767 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
29770 collapsed pathname and dir sections into one -- its now less
29775 fixed spacing quoting [,:\\=] now works correctly append() and
29776 fill() now take args to make the above work
29780 fixed a typo that caused commands with no tty on fd 0 but a tty on
29781 fd 1 to erroneously have "none" as their tty
29784 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
29787 timestampfile is now a global static removed decl of timestampfile
29788 in remove_timestamp since we can just use the global one
29792 created touch() to update timestamps added USE_TTY_TICKETS support
29797 added _S_IFDIR and S_ISDIR
29800 * OPTIONS, options.h:
29801 added USE_TTY_TICKETS
29805 removed const from casts for lsearch() & lfind() to placate irix 4.x
29809 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
29812 now only strip '/dev/' off of a tty if it starts with '/dev/'
29820 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
29825 fixed incorrect #ifdef termio uses "unsigned short" not int for
29829 * parse.lex, parse.yacc:
29830 fixed a spelling error
29837 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
29844 added dotcat() to cat 2 strings w/ a dot effeciently now that we
29845 dynamically allocate strings they need to be free()'d
29849 dynamically allocates space for strings
29853 no more MAXCOMMANDLENGTH
29860 * logging.c, sudo.c:
29861 moved tty stuff into sudo.c
29864 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
29867 fixed a logic bug. Was denying a command if user gave command line
29868 args but there were none in the sudoers file which is wrong.
29872 MAXCOMMMANDLEN dropped down to 1K
29876 return foo; -> return(foo);
29880 fixed netgr_matches() prototype
29884 added support for escaping "termination" characters
29888 buf is now of size MAXPATHLEN+1 since it never holds command args
29896 fixed negation problem (doh!)
29900 fixed 2nd parameter to lfind()
29904 now do bounds checking in fill() and append()
29908 include netdb.h as we should added a missing void cast added
29909 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
29910 realloc actually moved the string instead of shrinking it
29914 updated with examples of new features
29918 now set errno to EACCES if not a regular file or not executable
29922 if given a fully-qualified or relative path we now check it with
29923 sudo_goodpath() and error out with the appropriate error message if
29924 the file does not exist or is not executable
29927 * emul/search.h, lsearch.c:
29928 now use correct args for lfind
29936 added in CSOps insults
29948 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
29952 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
29956 fixed -k load_interfaces() now gets called if FQDN is set
29957 -p now works with -s
29961 don't try to stat() "pseudo commands" like "validate"
29965 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
29969 added SecurID support added other insults to --with-csops
29977 added clobber target added ins_csops.h now gets CFLAGS from
29982 relaxed SUDO_FULL_VOID
29986 function comment blocks are now in same style as rest of code
29990 added support for command line args in /etc/sudoers
29994 updated to have command args in the sudoers file
29998 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
30001 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
30004 PATH renamed to COMMAND
30008 it is now a parse error for directories to have args attached to
30013 now say command args if telling user to buzz off
30017 -s no longer indicates end of args sped up loading on cmnd_args in
30022 removed an unreachable statement
30026 made more efficient by pulling out the terminators when in GOTCMND
30027 state and making them their own rule
30030 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
30033 removed MAXLOGLEN since it is no longer used
30037 now allows command args
30041 now groks command arguments
30045 now sets tty correctly when piped input
30049 fixed loading of cmnd_args (was including command name too)
30053 fixed a core dump due to incorrect if construct
30056 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
30059 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
30063 fixed check for ISC
30067 now sets cmnd_args used by log_error() and that will be used by the
30068 parse to check against command args
30076 now dynamically allocate logline since we can guess at its size
30079 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
30082 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
30083 "register" since the compiler knows more than I do now do a
30084 "basename" of the tty
30087 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
30094 added shell extern changed MODE_* to be bit masks to allow for
30095 several options together
30099 added -s (shell) option made MODE_* masks so we can do bitwise & and
30100 | to see if multiple flags are set.
30104 added securid support
30107 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
30110 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
30113 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
30115 * Makefile.in, version.h:
30119 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
30122 fixed free() of an uninitialized pointer (yuck)
30126 added netgr_matches
30130 cleaned up netgr_matches
30133 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
30139 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
30142 now installs sudoers.man -- really should clean this up though.
30146 added sudoers.cat and sudoers.man
30150 pulled out stuff on the sudoers file format into a separate man page
30158 fixed up my email address
30162 added checks for innetgr and getdomainname
30166 added dummy netgr_matches function
30170 added netgr_matches
30173 * parse.lex, parse.yacc:
30174 added NETGROUP support
30178 added HAVE_INNETGR & HAVE_GETDOMAINNAME
30181 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
30184 rewrote clean_env() that has rm_env() builtin
30187 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
30190 now cast uid to long in sprintf
30194 added _INSULTS suffix to HAL & GOONS end
30198 added _INSULTS suffix to HAL & GOONS
30201 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
30202 converted to new scheme of insult "unions" end
30206 now uses MAX_UID_T_LEN
30210 added SUDO_UID_T_LEN !l
30214 added MAX_UID_T_LEN
30218 now use MAX_UID_T_LEN
30222 added check for max len of uid_t fixed sco vs. isc check
30225 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
30236 hack to check for sco
30240 removed #include <net/route.h> since it was hosing some OS's
30243 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
30246 fixed prreadlink() prototype
30250 added parens in #if's
30258 moved SPW_* to config.h.in
30262 added a set of parens
30270 added SPW_* reordered error codes
30274 moved SPW_* to sudo.h
30277 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
30280 SPW_AUTH -> SPW_SECUREWARE
30284 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
30292 SPW_AUTH -> SPW_SECUREWARE
30296 now uses SHADOW_TYPE to make shadow pw support more readable and
30297 modular. It's a start...
30301 added autodetection of shadow passwords
30305 now uses SHADOW_TYPE define
30309 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
30313 added SUDO_CHECK_SHADOW
30316 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
30319 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
30320 memmove() since we dno longer use it...
30328 added BROKEN_SYSLOG support
30332 added BROKEN_SYSLOG
30336 now only bitch it timestamp > time_now + 2 * timeout to allow for a
30337 machine udpating its time from a server
30341 added 2 security notes updated Nieusma's email addr
30345 changed a memmove() to memcpy() since we don't have to worry about
30346 overlapping segments.
30349 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
30352 cleanup up the loop when interfaces are groped in so that it is
30356 * Makefile.in, version.h:
30360 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
30366 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
30369 fixed permissions check on /tmp/.odus
30372 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
30375 fixed some comments
30379 now checks owner & mode of timedir also checks for bogus dates on
30384 updated TIMEOUT info
30387 * logging.c, sudo.h:
30388 added BAD_STAMPDIR and BAD_STAMPFILE
30392 added definition of S_IRWXU
30399 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
30402 added #ifdef to make it compile on strange arches
30405 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
30408 fixed check for fulkl void impl.
30412 added mssing "static"
30416 replaced #elif with #else #if constructs for ancient C compilers
30420 updated irix c2 & kerb5 info
30424 added shadow pw support for irix
30427 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
30434 last changes for sudo 1.3.3
30438 now calls SUDO_SOCK_SA_LEN
30446 added SUDO_SOCK_SA_LEN
30450 now works with ip implementations that use sa_len in sockaddr
30454 added note about buggy AIX compiler
30458 now include sys/time.h for AIX
30461 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
30468 now works for ISC and others. yay.
30471 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
30473 * Makefile.in, version.h:
30477 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
30480 fixed test for full void impl
30484 now check to see that st_dev is non-zero before assuming that we are
30488 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
30490 * aclocal.m4, configure.in:
30491 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
30494 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
30497 fixed include file order for SUDO_FUNC_UTIME_POSIX
30501 added cast for ttyname()
30509 now deal correctly with all known variation of utime() -- yippe
30513 added SUDO_FUNC_UTIME_POSIX
30517 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
30521 added HAVE_UTIME_POSIX
30529 no longer assume !HAVE_UTIME_NULL means old BSD utime()
30533 fixed fascist C compiler warning
30537 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
30538 to 0 (just to be anal)
30541 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
30544 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
30552 reworked the ISC code
30555 * Makefile.in, version.h:
30560 now expect old-style utime(3) if utime() can't take NULL as an arg
30564 added check for utime.h
30572 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
30576 now search for kerb libs and includes
30580 added support for utime(2)'s that can't take a NULL parameter
30584 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
30588 added utime(s) stuff
30596 added HAVE_UTIME and HAVE_UTIME_NULL
30599 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
30602 now use HAVE_UTIME_NULL
30605 * emul/utime.h, utime.c:
30610 need to setuid(0) to make kerb4 stuff work.
30614 no more special case for kerberos
30618 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
30623 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
30628 now use private ticket file for kerberos support to avoid trouncing
30632 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
30635 added SPOOF_ATTEMPT & cmnd_st
30639 added anti-spoofing support
30643 now use global cmnd_st
30647 added SPOOF_ATTEMPT suypport
30650 * testsudoers.c, visudo.c:
30651 added void casts where appropriate
30655 fixed up spacing and added void casts where appropriate
30659 fixed problem with "-p prompt" but no args
30662 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
30665 added BUGS and annotated -l description
30669 validate() now takes a flag
30673 validate() now takes a flag added -l
30677 added support for -l
30681 validate() now takes a flag that says whether or not to check the
30685 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
30688 now deals with Argv == 1
30696 added prompt support reworked parse_args()
30708 now use BUFSIZ as length of kerb password added kpass so pass is
30709 always a char * now use prompt global when asking for a password
30713 now use BUFSIZ as _PASSWD_LEN if using kerberos
30720 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
30723 only look for -lufc or -lcrypt if crypt() not in libc
30727 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
30728 (unknown user) silently fail
30736 HAVE_KERBEROS -> HAVE_KERB4
30740 removed debugging printf
30744 KERBEROS -> KERB4 added checks for setreuid & setresuid
30748 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
30752 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
30753 with setresuid if applic
30757 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
30758 no setreuid() or a broken one
30761 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
30764 added kerberos support
30768 added HAVE_KERBEROS
30772 added KERBEROS support (long passwords)
30776 added kerberos support
30779 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
30782 added MODE_BACKGROUND
30786 escaped dashes added -b option
30794 added crypt() for osf/1 3.x enhanced secuiry
30798 now check for -lcrypt
30802 added ENXIO like EADDRNOTAVAIL
30805 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
30808 now emulate getwd(), not getcwd()
30812 getcwd() -> getwd()
30819 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
30821 * ins_2001.h, ins_classic.h, ins_goons.h:
30826 broke out insults into separate include files
30829 * OPTIONS, options.h:
30834 added ins_2001.h ins_classic.h ins_goons.h
30837 * Makefile.in, version.h:
30842 moved signal handler setup to setup_signals()
30846 added load_interfaces()
30850 moved load_interfaces to interfaces.c
30857 * OPTIONS, options.h:
30862 now uses clearaliases variable
30870 added interfaces.[co]
30874 now uses ip addrs and netmasks via load_interfaces()
30878 now remove IFS instead of setting to "sane" value
30881 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
30887 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
30890 sudo_goodpath.c-> goodpath.c
30894 added Andy's new ISC changes
30897 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
30900 added a sentence to SECURE_PATH info
30915 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
30921 * Makefile.in, version.h:
30926 sendmail is now looked for in
\17/usr/ucblib
30942 added unixware case
30946 user_is_exempt is no longer hidden
30954 isc and riscos changes
30958 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
30962 fixed a typo and added testsudoers stuff
30969 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
30972 applied fixed patch from Chris
30975 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
30982 added a set of braces for bison
30986 merged in Chris' changes to dekludge the parser.
30990 send_mail() was calling find_path() which is wrong since find_path()
30991 stores cmnd in a static var. Anyhow, it doesn't make much sense
30992 since MAILER should always be fully qualified
30995 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
30998 added User_Alias stuff
31002 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
31006 added DEC UNIX 3.0 w/ gcc
31010 Exit was being used in places where exit should be used
31014 added "User alias specification"
31018 fixed probs caused by making nslots and naliases a size_t
31022 added KSR, upped rev to 1.3.1b2
31025 * logging.c, parse.yacc:
31030 void * -> VOID * naliases and nslots are now size_t to appease
31031 lsearch on 64-bit machines
31034 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
31037 did a bunch of things and added a bunch :-)
31045 closer to BSD manpage style
31049 closer to standard BSD man format
31052 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
31053 pathnames.h.in, sudo.h, version.h:
31058 removed crufty #defines that are no longer used
31066 updated based on sudo changes
31070 now allow ALL keyword in User_Aliases now allow ALL keyword as well
31079 now sets SUDO_COMMAND and SUDO_GID envariables.
31083 fixed bug with full void impl check
31087 fixed User_Alias supoprt
31091 added stubs for User_Alias support
31095 now sets removes # bogus interfaces from num_interfaces
31099 added User_Alias support
31102 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
31105 removed extraneous TODO
31108 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
31111 ntwk_matches -> addr_matches
31115 ntwk_matches -> addr_matches
31119 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
31120 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
31125 took out debugging info
31129 OS was being set to unknown before non-uname based host checks.
31130 This caused no checks to happen since $OS was not zero-length.
31134 fixed loading of interfaces struct still has debugging info in
31142 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
31153 removed extraneous extern decl of "top
31161 removed parser_cleanup (no need for it now)
31165 now calls reset_aliases() directly
31168 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
31171 added a sentence to SECURE_PATH description
31175 fixed my stupid bug where I used NAMLEN on something I wanted to
31176 just get the name from. argh.
31179 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
31182 fixed argument order of memmove() that i hosed when converting from
31187 finally fixed DISTFILES line
31195 added missing files to DISTFILES
31199 SUPPORTED -> RUNSON
31202 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
31209 updated for pl5b1 release
31217 fixed bug where if you hit return at first sudo prompt it would
31218 still log as a failure
31226 better test for bogus void * implementation
31230 added PASSWORDS_NOT_CORRECT
31234 added PASSWORDS_NOT_CORRECT stuff]
31238 added PASSWORDS_NOT_CORRECT
31246 removed some unused vars and fixed up uid2str
31253 * getcwd.c, getwd.c:
31257 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
31260 fixed a typo I introduced in the last checkin :-(
31264 can't have #ifdef's where N is defined so just do this the broken
31269 better hack from Chris (but still a hack)
31273 stupid hack for broken aix lex
31277 now includes compat.h
\ 6
31281 now includes fcntl.h
31285 added FD_SET and FD_ZERO for 4.2BSD
31289 dirty hack to fix parser bug. i don't really like this but it works
31294 uid2str is now static like the prototype says
31297 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
31299 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
31308 check_sudoers now returns an error code and sudo calls inform_user
31309 and log_error based on the return value.
31312 * logging.c, sudo.h:
31313 added entries for new errors
31317 now set uid to that of SUDOERS_OWNER while parsing sudoers file
31321 took out testsudoers
\ 6
31325 now explicately checks that it is setuid root
31329 If a user has no passwd entry sudo would segv (writing to a garbage
31330 pointer). Now allocate space before writing :-)
31334 reordered AC_CHECK_FUNCS
31341 * tgetpass.c, visudo.c:
31346 bzero -> memset when a parse error is logged the line number of the
31347 error is now logged too
31351 added Sunos to blurb about c2 security
31355 added a SUN4 define for C2 security
31359 bcopy -> memmove bzero -> memset
31363 bcopy -> memmove char * -> VOID *
31367 added support for sunos with C2 security
31370 * OPTIONS, options.h:
31375 _PATH_SUDO_LOGFILE now set based on configure
31379 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
31383 added _SUDO_PATH_LOGFILE
31387 added SUDO_LOGFILE to find where to put sudo.log added
31388 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
31389 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
31392 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
31399 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
31400 to work around a problem is trusted hpux shadow passwords. yuck.
31404 backed out a change in malloc/realloc
31408 now include stdlib.h
31412 now do an freopen() of the stmp file so that yyin will always point
31413 to the same thing. This is important for flex since we are doing a
31418 replaced yywrap() with parser_cleanup() since yywrap() needs to be
31419 in parse.lex to be able to use YY_NEW_FILE. sigh.
31423 now have a rule that matches anything that doesn't match an
31424 explicite rule. well, you know what i mean (. matches anything not
31425 yet matched). However, this means that there is input still queued
31426 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
31427 into parse.lex and it calls parser_cleanup() which is most of the
31435 * getcwd.c, getwd.c:
31436 moved compat.h to be the last include file
31440 fixed type of aliascmp() args
31448 added casts to lfind and lsearch args for irix
31452 bsdinstall -> install-sh
31456 added info about make realclean
31460 updated VERSION added dependencies for visudo.cat
31472 now there is a real visudo.man and visudo.cat
31476 took out visudo stuff
31483 * parse.c, parse.lex, parse.yacc:
31492 updated Nieusma & Hieb email addresses
31496 updated to include options.h and OPTIONS
31504 eliminated bug #1 (yay)
31508 sunos no longer gets linked statically
31511 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
31514 prototype now uses __P()
31518 make fill() non-ansi
31522 made -v (validate) work
31530 don't check for execute/statable if fq or relative path given
31538 now include ctype.h for islower and tolower macros
31542 moved _S_IFMT & _S_ISREG to compat.h
31546 moved a set of parens
31550 now include compat.h
31558 now cast malloc & realloc return vals added search for HAVE_LSEARCH
31559 now use strcmp if no strcasecmp available
31567 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
31568 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
31572 added _S_IFMT, _S_IFREG, and S_ISREG
31576 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
31577 to most SUDO_* macros
31585 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
31586 AC_INSTALL_PROG instead of custom one added check for fully woorking
31587 void implementation
31591 added lsearch & search.h visudo links into $(LIBOBJS)
31595 partial 1.x to 2.x changes added SUDO_FULL_VOID
31599 whatnow_help was prototyped to be static be was not declared as
31604 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
31605 for dirent/dir/ndir.h
31609 now use groovy gnu autoconf macro AC_HEADER_DIRENT
31612 * getcwd.c, getwd.c:
31613 MAXPATHLEN -> MAXPATHLEN+1
31616 * emul/search.h, lsearch.c:
31620 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
31623 eliminated bison warnings
31631 now iincludes signal.h
31635 only clear data structures on a parse error
31639 whatnow() now gives help on invalid input
31643 added a whatnow() function (sort of like mh)
31647 kill_aliases -> reset_aliases yywrap() now cleans up by calling
31648 reset_aliases() and clearing top took reset stuff out of yyerror()
31649 since it doesn't beling there (and doesn't work anyway). errorlineno
31650 is now initially set to -1 so we can set it to the first error that
31651 occurrs (it was getting set to the last)
31659 rewrote from scratch based on 4.3BSD vipw.c
31662 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
31669 no more sudo_realpath() and find_path() changed params
31673 find_path() changed since no more realpath()
31677 on error, errorlineno is set to the line where the error occurred
31678 added kill_aliases() to free the aliases struct now clean up in
31679 yyerror() so we can reparse cleanly
31682 * options.h, parse.c:
31683 no more USE_REALPATH
31687 changed to use new find_path()
31691 removed all the realpath() stuff
31695 sudo_realpath.c -> sudo_goodpath.c
31699 now works correctly with utk parser
31707 eliminated a compiler warning
31711 elinated compiler warning
31715 added sudo_goodpath()
31719 added prototype for sudo_goodpath
31723 added support for /sys/dir.h
31727 USE_REALPATH turned off
31731 added calls to sudo_goodpath()
31735 added check for dirent.h
31739 added HAVE_DIRENT_H
31743 added in linux shadow pass stuff
\ 6
31746 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
31749 added back host, user, cmnd, parse_error
31753 added in utk changes plus some minor cosmetic changes
31756 * sudo.c, sudo_realpath.c:
31757 added void casts for printf's
31761 added a define of USE_REALPATH
31765 there is no more visudoers/Makefile
31769 added in utk changes (visudo is now built from the toplevel)
31773 added (void) casts to printf's
31776 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
31777 merged in utk changes
31780 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
31783 now check to see that what we are trying to run is a file (or a link
31784 to a file, we do a stat(2) so there is no diff)
31787 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
31794 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
31798 added myself as maintainer
31801 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
31804 changed setegid -> setgid
31807 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
31810 fixed the test for irix 5.x to skip bad libs
31814 now initialize OS and OSREV
31817 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
31824 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
31828 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
31831 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
31832 thing wrt yyrestart (grrrr)
31835 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
31838 added visudoers/compat.h to DISTFILES
31846 added ocmnd declaration adjusted for find_path()'s new parameters
31850 added ocmnd extern adjusted find_path() prototype
31854 cmndcmp() now takes 3 arguments and checks against the qualified as
31855 well as the unqualified pathname. more code that should use
31856 cmndcmp() but did not, now does
31864 changed to use new find_path() parameter passing
31868 find_path() now takes 2 copyout parameters (one for the qualified
31869 pathname and one for the unqualified pathname). The third parameter
31874 no longer munge pathnames.h
31878 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
31879 as a result, pathnames.h does not need to be run through configure
31880 and the user can override the configured values easily.
31884 added _SUDO_PATH_* entries
31888 _PATH* -> _SUDO_PATH_*
31892 updated DISTFILES and HDRS .o's now depend on config.h
31895 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
31898 removed extraneous #endif
31906 added SUDO_PROG_MV added riscos and isc os types took out
31907 -DSHORT_MESSAGE from --with-csops since it is now the default
31911 move the include of id.h to compat.h now includes options.h
31915 moved compatibility #defines to compat.h
31923 move __P to compat.h
31926 * getcwd.c, getwd.c, putenv.c:
31927 now includes compat.h
31934 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
31937 pull user-configurable stuff out and put in options.h
31940 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
31942 * parse.lex, parse.yacc, visudo.c:
31943 now includes options.h
31946 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
31948 now includes options.h
31952 added visudoers/options.h
31955 * OPTIONS, options.h:
31960 added OPTIONS and options.h
31964 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
31968 changed PASSWORD_TIMEOUT to minutes
31971 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
31974 now only do Editor +line_num if line_num != 0
31977 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
31980 now use mv if rename(2) fails
31991 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
31994 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
31997 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
32000 added mips & isc support
32004 added support for non-root owned sudoers file
32008 added exempt group support
32012 added set_perms() support added SUDOERS_OWNER so can have non-root
32013 own sudoers file added exempt group support added isc support
32017 now copy sudoers to temp file via read/write (not stdio) now chown
32018 new sudoers file to SUDOERS_OWNER
32021 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
32032 fixed typo added set_perms support added skey support added
32033 seteuid()/setegid() emulation for AIX
32037 be_* -> setperms() now check to make sure sudoers file is owned by
32038 root nread/write by only root
32041 * logging.c, parse.c:
32046 be_* -> set_perms() added skey support
32049 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
32059 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
32069 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
32075 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
32090 now bail if ARgv[1] > MAXPATHLEN
32094 added function check for tcgetattr(3)
32098 only define HAVE_TERMIOS_H if you have tcgetattr(3)
32102 added check for tcgetattr
32105 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
32111 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
32114 now only include unistd.h for linux
32117 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
32120 added visudo.8 generation
32124 added -Wl,-bI:./aixcrypt.exp to aix flags
32127 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
32138 added mailing list info
32142 now use sudolineno instead of yylineno fixed bison warnings
32146 now use -no_library_replacement for osf don't make a static binary
32151 added string.h/strings.h inclusion
32159 added inclusion of string.h/strings.h
32163 fixed uname | sed (needed to quote the '[')
32167 replaced yylineno with sudolineno fixed bison syntax errors
32171 changed yylineno to sudolineno since yylineno cannot be counted
32180 added code to support command listings
32184 added code for -l flag
32188 fixed typo added info for -l flag
32192 AC_SSIZE_T -> SUDO_SSIZE_T
32207 * find_path.c, sudo_realpath.c:
32208 readlink() is now declared as returning ssize~_t
32212 added -laud for OSF c2
32215 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
32217 * Makefile.in, visudo.c:
32218 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
32221 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
32222 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
32225 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
32226 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
32227 sudo_setenv.c, tgetpass.c, version.h:
32228 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
32231 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
32242 added host to alertmail messages
32250 fixed logging problem where mail would not say which user it was
32254 added -laud for gcc if osf & c2
32258 moved set_auth_parameters to sudo.c
32262 added set_auth_parameters for osf
32266 cleaned up -static stuff
32278 changed setenv() to sudo_setenv()
32294 added osf auth support & removed some extra spaces
32297 * INSTALL, SUPPORTED:
32301 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
32304 added 2 suggestions
32308 removed README.v1.3.1 and added VERSION stuff
32315 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
32326 mention HISTPRY file
32330 use sizeof instead of a constant in 1 place
32349 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
32353 [7dfbb4a810bb] [SUDO_1_3_1]
32360 added unistd.h include
32363 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
32366 added sys/time.h for AIX
32369 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
32372 added check for -lsocket and sys/sockio.h
32376 took out libshadow check and added in sys/sockio.h check
32380 now include sockio.h instead of ioctl.h if it exists "sudo -" now
32381 gets a better error message
32385 now has a dir and subnet entry
32388 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
32399 added network and ip addresses to man page
32403 no error if can't get interfaces or netmask since networking may not
32408 nwo check for interfaces == NULL
32412 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
32413 the last entry in the spec failed (ie: it was only looking at the
32414 last entry). CLeaned things up by adding the cmndcmp() function--all
32422 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
32425 now do two passes to skip bogus interfaces (lo0, etc)
32428 * parse.lex, parse.yacc, visudo.c:
32429 added include of netinet/in.h
32432 * logging.c, sudo_realpath.c, sudo_setenv.c:
32433 added ninclude of netinet/in.h
32436 * check.c, find_path.c, getcwd.c, getwd.c:
32437 added include of netinet/in.h
32445 added interfaces global
32449 now uses new interfaces global
32453 now ip addresses are gleaned fw/o dns
32456 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
32459 added load_ip_addrs() to load the ip_addrs global var
32463 added hostcmp() to compare hostnames, ip addrs, and network addrs
32467 added ip_addrs def added load_ip_addrs prototype
32470 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
32477 removed multiple entries in DISTFILES
32481 ansified the !STDC_HEADERS decls
32484 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
32485 don't do malloc decl if gnuc
32489 can't use getopt(3) since it munges args to the command to be run as
32490 root don't do malloc decl if gnuc
32493 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
32494 sudo_realpath.c, sudo_setenv.c:
32495 ansi-fied !STDC_HEADER function prottypes
32498 * getcwd.c, getwd.c:
32499 added missing paren
32503 added putenv.c to DISTFILES
32507 added params to func decls when STDC_HEADERS is not defined now can
32508 count on putenv() being there
32512 took out errno decl since sudo.h does it for us fixed up a next cc
32513 warning added params to func decls when STDC_HEADERS is not defined
32517 took out environ extern added local declaratio of putenv() if local
32521 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
32522 added params to func decls when STDC_HEADERS is not defined
32526 added memcpy check check to see that ansi vs bsd macros are ntot
32527 already defiend before defining (ie: avoid redefinition)
32531 removed fluff setenv check plus check w/ replace for putenv if also
32539 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
32546 rm'd s realp[ath added sudo_realpath and sudo_setenv
32550 now use sudo_setenvc
32554 added puteenv and setenv, removed realpath
32558 added putenv & setenv
32569 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
32572 added MAN_POSTINSTALL and /usr/share/catman for irix
32576 added MAN_POSTINSTALL
32584 added SUDO_* plus new options
32592 took out shadow lib
32600 now use yyrestart() if flex now reset yylineno to 0
32604 support for installing a cat page instead of a man page if no nroff
32608 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
32609 to determine whether or not to install a cat or man page
32617 not set ret to MODE_RUN initially
32621 made command (and therefor cmnd dynamically allocated)
32633 changed bufs from MAXPATHLEN to MAXPATHLEN+1
32637 added MODE_ removed validate_only and added remove_timestamp()
32641 usage() now takes an int (exit value) added parse_args() to parse
32642 command line arguments moved call to find_path() from load_globals
32643 to new function load_cmnd() removed validate_only global -- now use
32644 the concept of "modes" added -h and -k options
32648 no longer use global validate_only now checks for command called
32649 "validate" removed check for non-fully qualified commands since that
32650 is done by find_path
32654 changed MAXPATHLEN r to MAXPATHLEN+1
32658 fixed off by one error with MAXPATHLEN and fixed a comment
32662 check_timestamp no longer runs reminder(), it is implied in the
32663 return val added remove_timestamp()
32670 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
32684 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
32687 moved send_mail to after syslog
32691 now set SUDO_ envariables
32694 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
32701 now print error if chdir fails
32708 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
32715 no more static binaries for aix
32718 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
32725 took out stuff not needed for sudo now does be_root/be_user itself
32726 now uses cwd global
32733 * logging.c, sudo.c:
32734 be_root/be_user is now down in sudo_realpath()
32737 * logging.c, sudo.h:
32738 now works with 4.2BSD syslog (blech)
32742 now use sudo_realpath()
32746 took out realpth() stuff since we now use sudo_realpath()
32750 ultrix enhanced sec
32754 added ultrix enhanced sec.
32762 ultrix enhanced security suport
32766 added sudo_realpath.c
32774 increased passwd len to 24 for c2 security
32781 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
32784 now use user global var
32791 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
32798 user is now a char * added epasswd
32802 added tzset() to load_globals added epasswd (encrypted password)
32803 global made user dynamically allocated
32815 cleaned up encrypted passwd grab somewhat
32831 can now log to both syslog & a file
32855 removed AFS stuff :-)
32859 include sys/select for AIX
32870 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
32872 * CHANGES, SUPPORTED:
32877 can now have MAILER undefined
32881 new sub-note about MAILER
32885 added blurb about password timeout
32893 took out duplicate define of _CONVEX_SOURCE
32905 added a goto if fgets fails
32909 use __hpux not hpux convex c2 stuff
32913 use __hpux not hpux
32921 define ansi-ish cpp os defines if non-ansi are defined for hpux &
32926 updated to say we support sonvex C2
32930 added convex c2 support
32933 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
32936 no more ioctl never returns NULL uses fgets() and select() to
32940 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
32943 things were testing -n "$GCC" instead of -z "$GCC"
32947 now works + uses fgets()
32950 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
32953 select doesn't seem to recognize a single '\n' as input waiting so
32954 we can;t use it, sigh.
32957 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
32960 updated tgetpass() blurb
32964 added --with-getpass
32968 added tgetpass stuff
32979 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
32986 added USE_GETPASS && HAVE_C2_SECURITY
32990 fixed a test aded --with-C2 and --with-tgetpass
32998 took out tgetpass.*
33005 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
33008 no termio(s) for ultrix since it is broken
33012 added a space (yeah, anal)
33015 * realpath.c, sudo_realpath.c:
33016 fixed it (duh, rtfm)
33019 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
33022 took out bsd signal stuff for irix
33030 don't define BSD signals for irix
33041 * realpath.c, sudo_realpath.c:
33042 took out unneeded code by changing where a strings was terminated
33045 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
33047 * realpath.c, sudo_realpath.c:
33048 fix bug where /dirname would return NULL
33052 move __P to config.h
33055 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
33056 added errno definition
33071 * realpath.c, sudo_realpath.c:
33072 now works if no fchdir
33076 define SA_RESETHAND to null if not defined
33080 added check & replace
33084 took out -static for nextstep -- it doesn't work
33087 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
33090 moved #endif to where it belongs
33098 now checks for strdup realpath getcwd bzero
33106 added posic signals
33114 added posix signals
33118 removed BROKEN_GETPASS added new srcs toreplace missing functions
33122 added posix signal stuff
33134 now uses posix signals
33138 updated sto reflect major changes
33146 uses sysconf() if available
33150 added PASSWORD_TIMEOUT + prototypes for new functions
33153 * realpath.c, sudo_realpath.c:
33154 for those w/o this in libc
33157 * getcwd.c, getwd.c:
33162 rewrote to use realpath(3) - nis now all my code
33166 added HAVE_REALPATH
33174 added LIBOBJS use tgetpass.c
33177 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
33191 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
33202 added check for getwd
33206 replace strdup & realpath & getcwd if missing
33214 added SUDO_PROG_PWD
33221 * realpath.c, sudo_realpath.c:
33225 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
33228 quoted quare brackets
33231 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
33234 no need to strdup() a constant
33249 * parse.c, sudo.c, sudo.h:
33250 added validate_only stuff
33253 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
33260 $OSREV is now an int
33263 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
33266 added mtxinu to caser
33274 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
33278 changed mail_argv[] def now use EXEC() macro
33282 took out crypt() definition
33290 always look for -lnsl
33298 SHORT_MESSAGE is now the default
33306 added missing AC_DEFINE(SVR4) for solaris
33310 documented the -v flag
33322 added LIBSHADOW undef
33326 nwo set OS to be lowercase
33329 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
33332 now use SUDO_OSTYPE to set $OS
33336 now use uname to determine os
33340 added prototypes & moved sig handler around
33347 * check.c, logging.c, sudo.c:
33356 nwo use _BSD_SIGNALS not _BSD_COMPAT
33367 * parse.lex, parse.yacc:
33368 moved config.h to top of includes
33371 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
33374 now don't bitch if get EACCESS (treat like EPERM)
33378 added -v flag and usage()
33386 cast Argv to a const for exec added -v flag
33390 mail_argv is now a const
33394 only set RETSIGTYPE if it is not set already
33398 now defines & STDC_HEADERS for Irix
33405 * insults.h, sudo.h:
33406 prevent multiple inclusion
33413 * parse.lex, parse.yacc:
33414 now includes config.h
33418 now talks about sunos 4.x
33422 calls to Exit now pass an arg
33425 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
33428 signal handler now takes an int argument
33436 ok, the getcwd() is now *really* done as the user
33440 changed AIX STATIC_FLAGS
33444 solaris now defines SVR4
33448 added cwd and fixed stupid core dump that makes no sense. sigh.
33452 moved getcwd stuff into load_globals
33456 took out externs that are in suod.h
33460 moved cwd into load_globals
33468 fixed make distclean & realclean
33476 added solaris changes
33480 added solaris changes, need to rework
33484 cleaned up for solaris
33488 reinstall reapchild signal handler for non-bsd signals
33492 took out getdtablesize() emulation for HP-UX (no longer needed)
33496 support for HAVE_SYSCONF
33500 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
33508 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
33511 now tells you what os you are running /.
33518 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
33533 uid seinitialized to -2
33536 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
33539 now removes LIBPATH for AIX
33542 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
33545 now uses ufc if it finds it
33548 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
33551 no longer define yyval & yylval since yacc does it
33555 now defines yylval as extenr
33559 BROKEN_GETPASS is now an OPTION
33563 took out BROKEN_GETPASS
33567 took out big comment
33575 took out README.beta
33583 now reference SUPPORTED .,
33587 now check for convex OR __convex__
33591 now check for convex or __convex__
33603 now use _S_* stat stuff to be ansi-like
33607 updated for configure directions
33611 distclean now removes config.h and pathnames.h
33630 * config.h.in, pathnames.h.in:
33631 added copyright header
33634 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
33635 parse.yacc, sudo.c, sudo.h:
33640 udpated to use configure + pathnames.h
33647 * Makefile.in, config.h.in, configure.in:
33652 now works with configure
33655 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
33656 updated to work with configure + pathnames.h
33663 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
33666 updated gnu general licence to versio 2
33669 * config.h.in, pathnames.h.in:
33674 changed to work with configure
33677 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
33679 * Makefile.in, aclocal.m4, configure.in:
33684 now uses defines used by configure
33687 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
33690 sudo won't bitch about EPERM now, for real
33693 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
33696 renamed exec_argv to eliminate a libc name clash with ksros
33703 * logging.c, sudo.c, sudo.h:
33720 added UMASK and mode_t declaration
33728 now opens log file with mode 077
33732 saved current umask ans restores it
33736 added MAXLOGFILELEN
33740 split long log lines. FOr syslog, split into multiple entries, for
33741 a log file, indent the extra for readability
33744 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
33751 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
33754 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
33757 added input from Brett M Hogden <hogden@rge.com>
33760 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
33763 added rmenv() to remove stuff from environ. can now uses execvp()
33764 OR execve() becuase of this.
33768 now uses execvp() OR execve()
33784 moved some func decls out of sudo.h and into sudo.c as statics /.
33795 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
33801 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
33816 added sample.sudoers note
33823 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
33830 took out SAVED_UID garbage
33831 [b7c2d3469661] [SUDO_1_3_0]
33850 more verbose error if mailer not found
33854 now do getpwent as root for soem shadow password systems (bsdi)
33857 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
33860 took out SAVED_UID garbade
33864 took out SAVED_UID garbage since it don't work
33867 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
33874 added a missing space :-)
33878 took out multimax cruft
33890 fixed a typo + indentation
33893 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
33896 took outumoved some defines to the config file ,. ,.
33908 added HAS_SAVED_UID
33915 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
33921 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
33927 * check.c, logging.c, parse.c, sudo.c, sudo.h:
33928 now is only root when abs necesary
33935 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
33950 now removed _RLD_* for alphas
33954 updated for new config scheme
33958 more verbose eror messages
33961 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
33968 define __svr4__ for SOLARIS
33972 added svr4 junk for shadow pws for solaris 2.x
33976 took out setuid(0) and setreuid(udi) garbage. Its not needed since
33977 we start out setuid with the correct perms.
33980 * check.c, sudo.c, sudo.h:
33984 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
33987 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
33992 now uses ENV_EDITOR if you want to use the EDITOR envar
33996 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
33999 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
34002 rewrote most of this
34006 minor update + spell fix
34010 added all options that are in the Makefile
34014 now use USE_TERMIO #define for sgi & hpux
34021 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
34023 * check.c, find_path.c:
34024 always include strings.h
34032 sgi has vi in /usr/bin too
34039 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
34042 sue /usr/bin/vi on some systems
34046 fixed warning (include strings.h)
34050 added John_Rouillard@dl5000.bc.edu's changes (new features)
34054 changes from John_Rouillard@dl5000.bc.edu
34061 * check.c, find_path.c, parse.c, sudo.c:
34062 added patches from John_Rouillard directory spec
34066 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
34069 added flush for hpux
34072 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
34075 no longer assume malloc returns a char *
34079 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
34080 gets removed correctly
34084 added STD_HEADERS macro
34088 now uses STD_HEADERS macor for ansi
34092 now uses STD_HEADERS macro
34096 niceties for C compiler bitches -- no real change
34099 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
34102 now doesn't fclose a file never opened.
34105 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
34112 added error stuff added me in there...
34120 added blurb about reading stuff
34128 corrected somments and removed newlines
34140 added dec syslog note
34144 added real stuff in there
34155 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
34162 updated with changes
34173 * CHANGES, COPYING, INSTALL, README, TODO:
34178 updated version number and took out jeff's old addr since it is no
34182 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
34184 updated version number and took out jeff's email (since it is
34188 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
34194 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
34197 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
34200 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
34207 now sudo.h gets included first
34210 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
34221 hpux 9 fix, removes SHLIB_PATH linux patch
34228 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
34231 stat now ignores EINVAL
34234 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
34236 * find_path.c, sudo.c:
34237 now declare strdup as extern
34240 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
34243 reformatted with indent + by hand
34246 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
34247 used indent to "fix" coding style
34251 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
34252 move the code that does this into the loop body. makes it messier
34256 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
34259 redid the fix for non-executable files in an easier to read way plus
34260 some minor aethetic changes
34264 fixed bug with non-executable tings of same name in path introduced
34265 by checkig errno after stat(2).
34268 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
34271 fixed off by one error
34275 now handles decending below '/' correctly
34279 now actually builds Envp instead of munging envp
34282 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
34285 now includes sys/param.h
34289 now includes sys/param.h
34293 fixed ifndef -> ifdef
34297 make more like find_path.c
34301 rewritten by millert
34305 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
34306 about new defines in the comment
34314 added delc for clean_envp() and Envp
34318 now rips LD_* env vars out of envp and passed sanitized Envp to exec
34326 ENOTDIR is ok now too (in case part of the path is bogus)
34330 now works correctly (ttaltotal rewrite)
34334 now includes sys/param.h didn't match trailing / -- fix from
34338 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
34341 moved around the #ifndef _AIX
34344 * check.c, logging.c, parse.c:
34348 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
34354 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
34357 now works if you do sudo bin/test
34364 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
34374 * parse.lex, parse.yacc:
34378 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
34385 now spews error if exec fails and exits with -1
34393 now only execs files with (an) executable bit set.
34400 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>