1 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
4 Clear, don't set, OPOST in c_oflag as was intended in e26055d17b72.
7 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
10 If the user is running sudo as himself but as a different group we
11 need to prompt for a password.
14 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
17 If user has no supplementary groups, fall back on checking the group
21 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
24 Fix NULL dereference with "sudo -g group" when the sudoers rule has
25 no runas user or group listed. Fixes RedHat bug Bug 667103.
28 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
31 Clear OPOST from c_oflag like we used to. Fixes screen-based
36 Clarify umask option description. From Reuben Thomas.
39 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
42 Add support for RHEL 6 file modes that include a trailing dot on
43 files with an SELinux security context
46 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
49 fix typo; from Michael T Hunter
52 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
55 Having a timestamp file defined is no longer indicative of tty
56 tickets being enabled. Check def_tty_tickets directly.
59 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
62 Sync set_project() with trunk.
65 * set_perms.c, sudo.c:
66 Move set_project() into runas_setup(). Fixes a NULL deref when
67 project support is enabled and sudo's -g flag is used without the
71 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
74 Ignore ECONNREFUSED from audit_log_user_command() which will occur
75 if auditd is not running.
78 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
81 Use sed instead of expr to split a flag from its argument. Fixes a
82 problem with expr interpreting its arguments as a flag when they
86 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
89 Solaris BSM audit return EINVAL when auditing is not enabled,
90 whereas OpenBSM returns ENOSYS.
93 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
96 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
100 Set NewArgv[0] to the name of the pseudo-command we are running.
101 Fixes a problem with "sudo -l" when auditing is enabled and the user
102 is not allowed to run any commands on the host. Adapted from a patch
106 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
109 When matching the runas user and runas group (-u and -g command line
110 options), keep track of runas group and runas user matches
111 separately. Only return a positive match if we have a match for
112 both runas user and runas group (if specified).
115 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
118 Do not return -1 on error from the display functions; the call
119 expects a return value >= 0.
123 display_bound_defaults now returns a count so make the stub return
127 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
130 It looks like AIX doesn't need to push STREAMS modules for ptys.
133 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
136 Install sudoers file from the build dir not hte src dir.
139 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
142 If runas_pw changes, reset the stashed runas aux group vector.
143 Otherwise, if runas_default is set in a per-command Defaults
144 statement, the command runs with root's aux group vector (i.e. the
145 one that was used when locating the command).
149 Add target to generate sudoers file Remove generated sudoers file as
153 2010-08-23 millert <millert@rh4-x86.home.courtesan.com>
156 When not logging I/O install a handler for SIGCONT and deliver it to
157 the command upon resume. Fixes bugzilla #431
160 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
163 Don't need to fork and wait when compiled with --disable-pam-session
166 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
169 Convert a remaining puts() and putchar() to use the output function.
172 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
175 Replace sudoers with sudoers.in in DISTFILES
179 Set dupcheck to TRUE when setting new HOME value if !env_reset but
180 always_set_home is true. Prevents a duplicate HOME in the
181 environment (old value plus the new one) introduced in 9f97e4b43a4b.
184 * configure, configure.in, sudoers, sudoers.in:
185 Substitute sysconfdir in the installed sudoers file to get the
186 correct path for sudoers.d.
189 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
191 * boottime.c, get_pty.c:
192 Fix typos that prevented compilation on Irix; Friedrich Haubensak
195 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
198 If the user hits ^C while a password is being read, error out before
199 reading any further passwords in the pam conversation function.
200 Otherwise, if multiple PAM auth methods are required, the user will
201 have to hit ^C for each one.
204 2010-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
207 Fix waitpid() loop termination condition.
211 Use sudo_waitpid() instead of bare waitpid()
214 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
217 Set pp_kit_version and strip off patchlevel
221 Better handling of versions with a patchlevel. For rpm and deb, use
222 the patchlevel+1 as the release. For AIX, use the patchlevel as the
223 4th version number. For the rest, just leave the patchlevel in the
227 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
230 For non-standalone auth methods, stop reading the password if the
231 user enters ^C at the prompt.
235 When removing/resetting the timestamp file ignore the tty ticket
239 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
245 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
248 Do not produce a warning for "sudo -k" if the ticket file does not
252 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
254 * aclocal.m4, configure:
255 Add cross-compile defaults for remaining AC_TRY_RUN usage.
258 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
260 * aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
261 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
262 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
265 2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
268 Added tag SUDO_1_7_4 for changeset 2920a3b9d568
272 Debian: Remove dots from decoded release number AIX: looser matching
273 of file command output for AIX 5.1
274 [2920a3b9d568] [SUDO_1_7_4]
277 Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
280 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
283 exec_monitor is static
287 Update to latest version
290 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
293 Let pp determine pp_aix_version itself.
296 * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
297 Add support for Ubuntu admin flag file and enable it when building
302 Add commented out SuSE-like targetpw settings
305 * configure, configure.in:
306 Only try to use +DAportable for non-GCC on hppa Check the value of
307 $pic_flag insteaf of whether the compiler is ANSI C when detecting
308 the HP-UX bundled C compiler.
311 * configure, configure.in:
312 Prevent configure from adding the -g flag unless in devel mode
315 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
318 Go back to sudo-flavor to match existing packages and only use an
319 underscore for those that need it.
323 Use sudo_$flavor instead of sudo-$flavor since that causes the least
324 amount of trouble for the various package managers.
328 Fix handling of the ldap flavor Remove destdir unless --debug was
329 specified Make distclean before running configure if there is a
333 * configure, configure.in:
334 Back out version change in 5baf2187a138
338 Pass extra args on to configure on HP-UX, if we don't have the HP C
339 compiler, disable zlib to prevent gcc from finding it in
343 * configure, configure.in, mkpkg:
344 Use the HP ANSI C compiler on HP-UX if possible
348 Some getline() implementations (FreeBSD 8.0) do not ignore the
349 length pointer when the line pointer is NULL as they should.
353 Don't need to check for *cp being non-zero, isdigit() will do that.
357 Add setlocale() so the command line arguments that use floating
358 point work in different locales. Since sudo now logs the timing
359 data in the C locale we must Parse the seconds in the timing file
360 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
361 the number of seconds with the user's locale so if the decimal point
362 is not '.' try using the locale-specific version.
366 Do I/O logging in the C locale so the floating point numbers in the
367 timing file are not locale-dependent.
371 Use errorx() not error() for thingsthat don't set errno.
374 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
377 Add Tru64 kit support
381 Better support for 1.2.3 style versions in Tru64 kits
385 Remove apparently unnecessary use of sudo
389 Create timedir as part of install-dirs target.
393 Handle ENXIO from read/write which can occur when reading/writing a
394 pty that has gone away. Fixes bugzilla 422
398 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
402 platform is a pp flag not a variable
405 * Makefile.in, mkpkg, sudo.pp:
406 Add simple arg parsing for mkpkg so we can set debug, flavor or
411 Make rpm backend work on AIX 5.x
414 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
417 Add commented out Defaults entry for log_output
420 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
423 Install binary files with -b~ to make a backup. Fixes "text file
424 busy" error on HP-UX during install.
428 "mv -f" on HP-UX doesn't unlink the destination first so add an
429 explicit rm before moving the temporary into place.
432 * configure, configure.in:
433 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
436 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
439 Add missing include of maillock.h for Solaris
442 * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
443 sample.syslog.conf, sudoers.cat:
444 Change the default syslog facility from local2 to authpriv (or auth
445 if the operating system doesn't support authpriv).
448 * Makefile.in, configure, configure.in, sudo.pp:
449 Install sudoers as /etc/sudoers on RPM and debian systems where the
450 package manager will not replace a user-modified configuration file.
451 This fixes upgrades from the vendor sudo packages.
455 RPM: use %config(noreplace) instead of %config for volatile This
456 results in the new file being installed with a .rpmnew suffix
457 instead of the file being replaced and the old one renamed with a
461 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
463 * boottime.c, mkstemps.c:
464 Include time.h for struct timeval.
468 The return value of strsignal() may be const and should be treated
472 * sudoers.cat, sudoers.man.in, sudoers.pod:
473 Mention that 127.0.0.1 will not match, nor will localhost unless
474 that is the actual host name.
481 * Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
482 Rename WHATSNEW -> NEWS
486 Updated pp with latest patches
489 * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
490 If pam is in use, wait until the process has finished before calling
494 * sudoers.cat, sudoers.man.in:
498 * UPGRADE, sudoers, sudoers.pod:
499 Add commented out line to add HOME to env_keep and add a warning to
500 the note about the HOME change in UPGRADE.
503 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
506 Add LINE_MAX define for those without it.
510 Mention that tty_tickets is now the default.
513 * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
514 sudoers.cat, sudoers.man.in, sudoers.pod:
515 The tty_tickets option is now on by default.
519 Mention that AIX authdb support has been fixed.
523 setauthdb() only sets the "old" registry if it was set by a previous
524 call to setauthdb(). To restore the original value, passing NULL
525 (or an empty string) to setauthdb() is sufficient.
528 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
530 * sudoers.cat, sudoers.man.in, sudoers.pod:
531 Mention new handling of HOME in always_set_home and set_home
535 * sudo.cat, sudo.man.in, sudo.pod:
539 * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
540 Reset HOME when env_reset is enabled unless it is in env_keep
543 * sudoers.cat, sudoers.man.in, sudoers.pod:
544 The default for set_logname has been "true" for some time now.
547 * sudoers.cat, sudoers.man.in, sudoers.pod:
548 Document that MAIL it set in env_reset mode.
552 Add missing include of time.h
555 * defaults.c, sudo.c:
556 Check return value of setdefs() but don't stop setting defaults if
557 we hit an unknown one.
561 Fix check for dup2() return value.
565 Treat an unknown defaults entry as a parse error.
569 Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
570 -i and env_reset mode.
574 Add PYTHONUSERBASE to initial_badenv_table
577 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
578 pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
579 If env_reset is enabled, set the MAIL environment variable based on
580 the target user unless MAIL is explicitly preserved in sudoers.
583 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
586 decode debian code names
593 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
596 Add entry about SuSE bash script fix.
600 Restore RLIMIT_NPROC after the uid switch if it appears that
601 runas_setup() did not do it for us. Fixes a bash script problem on
602 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
605 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
607 * mkpkg, pp, sudo.pp:
608 Restore the dot removal in the os version reported by polypkg. Adapt
609 mkpkg and sudo.pp to the change.
612 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
619 Update for sudo 1.7.4
623 document --with-pam-login
626 * sudoers.cat, sudoers.man.in, sudoers.pod:
627 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
630 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
633 Include flavor in solaris package name
637 Older shells don't support IFS= so set explictly to space, tab,
642 Use '=' not '==' in test
646 Fix typo that prevented debian from matching
650 Add missing prefix setting for debian
654 Use tab indents to reduce the chance of problem with <<- Uncomment
655 some env_keep lines for RHEL, SLES and Debian to more closely match
656 the vendor sudoers files.
660 Fix indentation Fix the debian %set section, pp does not set
661 pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
662 to %files for debian Remove the /etc/sudo-ldap.conf symlink on
663 debian for ldap flavor
667 Add commented out env_keep entries, sample Aliases and a %sudo line
671 * configure, configure.in:
672 Remove check for egrep; configure has its own
676 Use enable_zlib instead of enableval for consistency
679 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
682 Enable zlib for linux distros
686 Add ldap flavor to default build
690 Simplify rpm linux distro settings
693 * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
695 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
698 * Makefile.in, mkpkg, sudo.pp:
699 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
700 environment variable.
704 Create sudo group on debian
708 Add debian 4/5/6 and use the dot when doing version matches
711 * sudoers.cat, sudoers.man.in, sudoers.pod:
712 Remove spurious "and"; from debian
715 * aclocal.m4, configure:
716 Use a loop when searching for mv, sendmail and sh
719 * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
720 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
721 Substitute the value of EDITOR into the sudoers and visudo manuals.
724 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
726 * mkpkg, pp, sudo.pp:
727 Initial debian 4.0 support
731 Some platforms need -fPIE instead of -fpie
735 Add packaging bits to DISTFILES
739 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
740 On Linux it causes a DNS lookup via libaudit.
744 We now use pp to generate HP-UX packages
747 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
753 * INSTALL, Makefile.in:
754 isntall-man -> install-doc
757 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
758 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
759 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
760 Bump version to 1.7.4
763 * INSTALL.binary, Makefile.binary.in, Makefile.in:
764 Remove remaining bits of the old binary package
768 Use http://rc.quest.com/topics/polypkg/ for packaging
771 * Makefile.in, mkpkg, pp:
772 Use http://rc.quest.com/topics/polypkg/ for packaging
776 Just ignore the -c option, it is the default Add support for -d
780 * env.c, logging.c, pathnames.h.in:
781 Use _PATH_STDPATH instead of _PATH_DEFPATH
785 Do not strip binaries.
788 * INSTALL, configure, configure.in:
789 Add --insults=disabled configure option to allow people to build in
790 insult support but have the insults disabled unless explicitly
794 2010-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
796 * env.c, sudoreplay.c:
800 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
802 * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
804 Add support for a sudo-i pam.d file to be used for "sudo -i".
805 Adapted from a RedHat patch.
809 Fix installation of sudo_noexec.so
812 * Makefile.in, config.h.in, configure, configure.in, missing.h,
813 mkstemp.c, mkstemps.c, sudo_edit.c:
814 Use mkstemps() instead of mkstemp() in sudoedit. This allows
815 sudoedit to preserve the file extension (if any) which may be used
816 by the editor (like emacs) to choose the editing mode.
819 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
821 * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
822 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
823 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
824 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
825 should avoid disabling TLS_CHECKPEER is possible.
828 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
831 Add suport for negated user/host/command lists in a Defaults entry.
832 E.g. Defaults:!baduser noexec
835 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
841 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
844 Added tag SUDO_1_7_3 for changeset 72fd1f510a08
847 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
848 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
849 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
851 [72fd1f510a08] [SUDO_1_7_3]
853 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
854 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
855 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
856 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
857 defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
858 fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
859 getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
860 iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
861 pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
862 sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
863 tsgetgrpw.c, visudo.c:
864 Include strings.h even if string.h exists since they may define
865 different things. Fixes warnings on AIX and others.
869 Do not rely on env.env_len when unsetting a variable, just use the
874 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
877 2010-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
879 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
880 Mention that multiple URI lines are merged into a single one.
887 2010-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
889 * env.c, sudo.c, sudo.h:
890 For env_init() just use environ not the envp from main().
893 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
895 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
896 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
897 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
898 Update version to 1.7.3rc1
902 fqdn issue is resolved
906 In unsetenv(), assign ep in the for loop instead of doing it
907 earlier. This version of the code does not change env.envp in
908 between when ep is assigned and when it is used but older versions
913 Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
914 getuserattr() when fetching the administrative domain to be used by
915 setauthdb(). This was suggested by AIX support and is consistent
916 with what OpenSSH does.
920 Use warningx() instead of log_error() since the latter is not
921 available to visudo or testsudoers. This does mean that they don't
926 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
927 closed the sudoers sources. From Quest sudo.
931 Ignore case when matching user/group names in the cache. From Quest
935 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
937 * config.h.in, configure, configure.in, selinux.c:
938 Add check for setkeycreatecon() when --with-selinux is specified.
941 * configure, configure.in:
942 Bump version to 1.7.3b5 Error out if libaudit.h is missing or
943 ununable when --with-linux-audit was specified
947 K&R function declaration for aix_setauthdb()
950 * env.c, sudo.c, sudo.h:
951 If env_init() was called implicitly via getenv(), setenv() or
952 putenv() just use the specified envp instead of mallocing a new
953 copy. This prevents an infinite loop on OpenBSD which calls
954 getenv() from malloc() to get MALLOC_OPTIONS.
958 Add support for multiple URI lines by joining the contents and
959 passing the result to ldap_initialize.
962 2010-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
964 * pwutil.c, set_perms.c, sudo_nss.c:
965 Bracket initgroups with calls to aix_setauthdb() and
970 Include compat.h before alloc.h to get __P
974 Include usersec.h for authenticate() prototype
978 Add missing includes Add missing trailing NUL in userinfo string
981 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
983 * HISTORY, history.pod:
984 Mention when LDAP was incorporated.
987 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
990 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
991 not covered by _ALL_SOURCE.
995 Include usersec.h on AIX to get IDtouser() prototype.
999 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
1000 not covered by _ALL_SOURCE.
1003 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
1006 Add a cast to quiet a compiler warning.
1010 Use memset() instead of zero_bytes() since we don't include sudo.h
1014 getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
1017 * getdate.c, getdate.y:
1018 Quiet a compiler warning.
1021 * defaults.c, sudo.c:
1022 Call set_fqdn() after sudoers has parsed instead of inline as a
1027 Do not call set_fqdn() until sudoers parses (where is gets run as a
1032 Do not call set_fqdn() until sudoers parses (where is gets run as a
1033 callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
1034 set even if !fqdn is set in sudoers.
1037 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
1038 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
1039 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
1040 Bump version to 1.7.3b4
1044 mention the change in tty ticket behavior when there is no tty
1052 Remove comment; NAME in usrinfo should be user name.
1056 Do not update tty ticket if there is no tty.
1059 * sudo.cat, sudo.man.in, sudo.pod:
1060 No longer need to use -- with the -s flag
1064 Add missing $(srcdir) to sudo.man.in target
1068 Do not rely on BSD make's $>
1071 * configure, configure.in:
1072 Set timedir to /var/db/sudo for darwin to match Apple sudo's
1076 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
1078 * Makefile.in, configure, configure.in:
1079 Move aix.o from SUDO_OBJS to COMMON_OBJS
1082 * config.h.in, configure, configure.in, defaults.c, iolog.c,
1084 Check for zlib.h in addition to libz.
1087 * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
1088 Move functions and symbols shared between exec.c and exec_pty.c into
1093 Add missing prototypes for aix_setauthdb and aix_restoreauthdb
1097 Comment out rules to build .man.in and .cat files unless --with-
1101 * aix.c, pwutil.c, set_perms.c, sudo.h:
1102 Fix AIX compilation problems.
1106 Cast isalnum() arg to unsigned char.
1110 Add Linux audit support.
1114 Quote any non-alphanumeric characters other than '_' or '-' when
1115 passing a command to be run via the shell for the -s and -i options.
1119 Add missing braces that broke -i mode.
1123 Fix linux_audit_command() return value
1126 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
1128 * Makefile.in, linux_audit.c, linux_audit.h:
1129 Add Linux audit support.
1132 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
1134 * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
1135 logging.h, selinux.c:
1136 Add Linux audit support.
1139 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
1141 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
1142 Sync sudoreplay with trunk
1149 * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
1150 Set usrinfo for AIX Set adminstrative domain for the process when
1151 looking up user's password info and when preparing for execve().
1155 Better prefix determination now that we can't rely on len==0 to tell
1156 the beginning on an entry.
1159 * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
1161 Add support for multiple sudoers_base entries in ldap.conf. From
1165 * configure, configure.in:
1166 Remove duplicate setsid check
1169 * Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
1170 logging.c, missing.h, setsid.c:
1171 Move setsid emulation into setsid.c
1174 * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
1175 Check for dup2() failure.
1178 * config.h.in, configure, configure.in:
1179 Remove dup2 check, it is not optional.
1182 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
1185 Add mbr_check_membership support and SELinux fixes
1189 Sync SRCS and DISTFILES with reality
1193 Update OS specific notes. Delete some really ancient ones and move
1194 older ones to the end of the list.
1198 Bump for sudo 1.7.3 Merge some changes from trunk
1201 * selinux.c, sudo.c:
1202 Call selinux_restore_tty() as part of cleanup() so it gets called
1203 from error()/errorx()
1207 No longer use SA_NOCLDSTOP
1210 * interfaces.h, match.c:
1211 Move union sudo_in_addr_un into interfaces.h
1215 Update copyright year
1218 * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
1219 compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
1220 gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
1221 match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
1222 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
1223 sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
1224 visudo.man.in, visudo.pod:
1225 Update copyright year
1229 Remove varsub as part of clean
1233 Quiet a compiler warning.
1236 * getdate.c, getdate.y:
1237 Quiet a compiler warning.
1241 Make the remaining functions in ldap.c static
1245 Make private functions static. Diff from Joachim Henke
1248 * schema.ActiveDirectory:
1249 Updates from Alain Roy to provide better examples for importing the
1250 schema and to fix problems caused by Windows validating attributes
1251 which have not yet been added before committing the changes.
1254 2010-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
1256 * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
1257 Generate .cat files directly from .man.in instead of .man using
1258 default values in configure.in
1261 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
1263 * configure, configure.in, sudo.c, sudo_usage.h.in:
1264 Print configure args with verbose version information.
1268 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
1269 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
1270 Use tq_append to append sudoers entries to the tail queue.
1273 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
1276 Describe tty timestamp improvements
1280 A comment character may not be part of a command line argument
1281 unless it is quoted with a backslash. Fixes parsing of:
1282 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
1285 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
1290 Make this read a little bit better when passwd_timeout is 0.
1294 Use the --file argument to config.status instead of setting
1298 * sudo.man.pl, sudo.pod:
1299 Attempt to handle a default password prompt timeout of zero more
1304 Do not override value of keepopen global, instead restore it to the
1305 value we pushed onto the stack when popping.
1308 * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
1309 Use SA_INTERRUPT in sa_flags
1312 * getdate.c, getdate.y, ldap.c, sudoreplay.c:
1313 Silence some compiler warnings
1316 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
1318 * exec.c, exec_pty.c, sudo.c, sudo.h:
1319 Implement background mode. If I/O logging we use pipes instead of a
1323 * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
1324 Move compat definition of NSIG to compat.h
1328 Ignore SIGPIPE for "sudo -S"
1332 Properly handle TGP_ECHO again. Print a newline if the user
1333 interrupted password input.
1337 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
1340 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
1342 * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
1343 Return an error from selinux_setup() instead of exiting. Call
1344 selinux_setup() from exec_setup().
1348 Add definition of WCOREDUMP for systems without it. This is known
1349 to work on AIX and SunOS 4, but may be incorrect on other systems
1350 that lack WCOREDUMP.
1353 * check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
1354 nanosleep.c, sudo_edit.c, visudo.c:
1355 Replace timerfoo macros with timevalfoo since the timer macros are
1356 known to be busted on some systems.
1360 If a file in a #includedir has improper permissions or owner just
1361 skip it. This prevents packages that incorrectly install a file
1362 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
1363 #includedir files still result in a parse error (for now).
1366 * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
1367 Defer call to pam_close_session() until after the command finishes
1368 if there is a monitor process.
1371 * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
1372 sudoers.man.in, sudoers.pod:
1373 Add use_pty sudoers option to force use of a pty even when not
1377 * env.c, sudo.c, sudo.h:
1378 Instead of trying to keep the global environment in sync with our
1379 private copy, provide our own getenv() that returns values from the
1380 private environment and use env_get() to pass the environment in to
1388 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
1391 Rename pty.c -> get_pty.c
1395 Add #define for maximum session id
1398 * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
1399 selinux.c, sudo.c, sudo.h, sudo_edit.c:
1400 Split exec.c into exec.c and exec_pty.c Pass a flag in to
1401 sudo_execve to indicate whether we need to wait for the command
1402 to finish (fork + execve vs. execve).
1405 * Makefile.in, configure, configure.in, get_pty.c, pty.c:
1406 Rename pty.c -> get_pty.c
1409 * aclocal.m4, configure, configure.in:
1410 Fix --without-iologdir
1413 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
1416 Only use I/O input log file if def_log_input is set and output file
1417 if def_log_output is set.
1420 2010-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
1422 * parse_args.c, sudo.c:
1423 Include sudo_usage.h after sudo.h now that it has function
1424 prototypes to guarantee that __P is defined.
1427 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
1430 Do signal setup after turning off echo, not before. If we are using
1431 a tty but are not the foreground pgrp this will generate SIGTTOU so
1432 we want the default action to be taken (suspend process). Use an
1433 array for signals received instead of a single variable so we don't
1434 lose any when there are multiple different signals.
1437 * defaults.h, lbuf.h, sudo.h:
1438 Reorg function prototypes a bit
1441 * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
1442 Move argument parsing into parse_args.c
1445 * Makefile.in, config.h.in, configure, configure.in, missing.h,
1446 mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
1447 Build our own sys_siglist for systems that lack it.
1450 * exec.c, iolog.c, missing.h, sudo_edit.c:
1454 * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
1455 Log sudoedit sessions as well; adapted from trunk
1462 * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
1463 def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
1464 gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
1465 script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
1466 sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
1467 sudoreplay.pod, term.c:
1468 Merge I/O logging changes from trunk. Disabling I/O log support at
1469 compile time does not currently work. Sudoedit is not yet hooked up
1473 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
1475 * INSTALL, configure, configure.in:
1476 Add --enable-warnings configure option
1479 * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
1480 Fix K&R compilation issues on HP-UX.
1483 * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
1484 Pass in output function to lbuf_init() instead of writing to stdout.
1485 A side effect is that the usage info can now go to stderr as it
1486 should. Add support for embedded newlines in lbuf and use that
1487 instead of multiple calls to lbuf_print.
1490 * configure, configure.in, sudo.man.pl, sudoers.man.pl:
1491 Use numeric registers to handle conditionals instead of trying to do
1492 it all with text processing.
1496 Document per-command SELinux settings
1500 timestamp -> time stamp
1504 Set close on exec flag in private versions of setpwent() and
1509 Make send_mail() take a printf-style argument list
1512 * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
1513 config.guess, config.h.in, config.sub, configure, configure.in,
1514 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
1515 m4/ltversion.m4, m4/lt~obsolete.m4:
1516 Update to autoconf 2.65 and libtool 2.2.6b
1520 Don't use TRUE/FALSE which may not be defined.
1523 * sudo.cat, sudo.man.in, sudo.pod:
1524 Document new tty_ticket behavior
1527 * find_path.c, sudo.c, sudo.h, visudo.c:
1528 Make find_path() a little more generic by not checking def_foo
1529 variables inside it. Instead, pass in ignore_dot as a function
1534 Store info from stat(2)ing the tty in the tty ticket when tty
1535 tickets are in use. If the tty lives on a devpts (Linux) or devices
1536 (Solaris) filesystem, stash the ctime in the tty ticket file, as it
1537 is not updated when the tty is written to. This helps us determine
1538 when a tty has been reused without the user authenticating again
1542 * boottime.c, check.c, sudo.h:
1543 get_boottime() now fills in a timeval struct
1546 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
1548 * check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
1549 gettime.c, sudo.h, sudo_edit.c, visudo.c:
1550 Use timeval directly instead of converting to timespec when dealing
1551 with file times and time of day.
1555 Fix OpenPAM detection for newer versions.
1559 Sync with Quest sudo git repo
1562 * aclocal.m4, configure, configure.in:
1563 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
1564 libvas may need libdl for dlopen() Add missing template for
1565 ENV_DEBUG Adapted from Quest sudo
1569 Fix typos; from Quest Sudo
1572 * Makefile.in, configure.in:
1573 Use value of SHELL from configure in Makefile
1576 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
1579 Handle duplicate variables in the environment. For unsetenv(), keep
1580 looking even after remove the first instance. For sudo_putenv(),
1581 check for and remove dupes after we replace an existing value.
1584 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
1587 Fix a crash when checking a sudoers file that has aliases that
1588 reference themselves. Based on a diff from David Wood.
1591 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1594 Fix use after free in error message when a duplicate alias exists.
1597 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
1600 Set errorfile to the sudoers path if we set parse_error manually.
1601 This prevents a NULL dereference in printf() when checking a sudoers
1602 file in strict mode when alias errors are present.
1605 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1607 * TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
1611 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1614 Qualify the command even if it is in the current working directory,
1615 e.g. "./foo" instead of just returning "foo". This removes an
1616 ambiguity between real commands and possible pseudo-commands in
1620 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
1622 * sudoers.cat, sudoers.man.in, sudoers.pod:
1623 Add a note about the security implications of the fast_glob option.
1627 Remove duplicate includes
1630 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
1632 * configure, configure.in:
1633 Fix installation of sudoers.ldap in "make install" when --with-ldap
1634 was specified without a directory. From Prof. Dr. Andreas Mueller
1637 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
1640 When doing a glob match, short circuit if gl.gl_pathc is 0. From
1644 2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
1647 Use parent process group id instead of parent process id when
1648 checking foreground status and suspending parent. Fixes an issue
1649 when running commands under /usr/bin/time and others.
1653 In setenv(), if the var is empty, return 1 and set errno to EINVAL
1654 instead of returning EINVAL directly.
1657 2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
1660 Check for pseudo-command by looking at the first character of the
1661 command in sudoers instead of checking the user-supplied command for
1665 2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1668 Avoid a duplicate fclose() of the sudoers file.
1672 Fix size arg when realloc()ing include stack. From Daniel Kopecek
1675 2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1677 * aix.c, config.h.in, configure, configure.in:
1678 Use setrlimit64(), if available, instead of setrlimit() when setting
1679 AIX resource limits since rlim_t is 32bits.
1683 Fix use after free when sending error messages. From Timo Juhani
1687 2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
1689 * ChangeLog, Makefile.in:
1690 Generate the ChangeLog as part of "make dist" instead of having it
1694 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1697 Generate correct ChangeLog for 1.7 branch.
1700 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1702 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
1703 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
1704 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
1705 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
1706 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
1707 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
1708 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
1709 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
1710 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
1711 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
1712 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
1713 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
1714 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
1715 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
1716 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
1717 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
1718 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
1719 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
1720 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
1721 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
1722 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
1723 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
1724 Remove CVS $Sudo$ tags.
1727 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
1730 make this match sudoers SYNOPSIS
1734 Print a newline between Runas and Command-specific defaults in sudo
1739 Use SET and CLR macros in term_raw
1743 Set stdin to non-blocking mode early instead of in check_input. Use
1744 term_raw instead of term_cbreak since the data we get has already
1745 been expanded via OPOST.
1748 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
1751 Enable/disable all postprocessing instead of just nl->crnl
1752 processing since things like tab expansion matter too. However, if
1753 stdout is a tty leave postprocessing on in the pty since we run into
1754 problems doing it only on the real stdout with .e.g nvi.
1757 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
1760 If tty_tickets is enabled and there is no tty, prompt for a
1761 password. Do not lecture user for "sudo -k command" if user has a
1766 Document missing options: --with-efence and --with-bsm-audit
1769 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
1770 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
1771 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
1772 visudo.man.in, visudo.pod:
1773 username -> user name groupname -> group name hostname -> host name
1776 * INSTALL, README.LDAP, sudoers.pod:
1777 filename -> file name like the rest of the docs
1780 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
1783 Fix printing of entries with multiple host entries on a single line.
1786 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
1789 Mention that targetpw affects the timestamp file name.
1792 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
1794 Add compress_transcript option.
1797 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
1799 * configure, configure.in:
1803 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
1804 Better split of membership vs. traditional group check in
1805 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
1808 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
1811 Fix pasto and add default return value.
1814 * check.c, match.c, pwutil.c, sudo.h:
1815 refactor group member checking into user_in_group()
1818 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
1820 Add support for mbr_check_membership() as present in darwin.
1823 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
1826 Rename label to be accurate
1829 * Makefile.in, boottime.c, check.c, config.h.in, configure,
1830 configure.in, sudo.h:
1831 Treat timestamp files from before we booted as old. Idea from and
1835 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
1837 * sudo.c, sudo.pod, sudo_usage.h.in:
1838 Allow the -u flag to be used in conjunction with the -v flag as per
1839 older versions of sudo.
1843 fix typo in last commit
1846 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
1849 Convert fmt_first and fmt_confd into macros.
1853 timeouts can be floats now
1856 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
1857 defaults.h, mkdefaults:
1858 Add support for floating point timeout values (e.g. 2.5 minutes).
1861 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
1864 The -L flag will be removed in sudo 1.7.4
1867 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
1870 Fix a bug due to order of operators.
1873 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
1876 cmnd_matches() already deals with negation so _cmndlist_matches()
1877 does not need to do so itself. Fixes a bug with negated entries in
1881 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
1884 Don't exit() from open_sudoers, just return NULL for all errors.
1888 Can't rely on the shell sending us SIGCONT when transitioning from
1889 backgroup to foreground process.
1893 Add missing extern def for parse_error
1896 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
1899 Avoid a parse error when #includedir doesn't find any files. Closes
1904 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
1907 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
1910 Start command out in foreground mode if stdout is a tty. Works
1911 around issues with some curses-based programs that don't handle
1912 tcsetattr getting interrupted by a signal. Still allows us to avoid
1913 hogging the tty if the command is part of a pipeline.
1916 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
1917 Use a socketpair to pass signals from parent to child. Child will
1918 now pass command status change info back via the socketpair. This
1919 allows the parent to distinguish between signals it has been sent
1920 directly and signals the command has received. It also means the
1921 parent can once again print the signal notifications to the tty so
1922 all writes to the pty master occur in the parent. The command is
1923 now always started in background mode with tty signals handled by
1927 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
1929 * configure, configure.in:
1930 Fix a few typos in the descriptions; from Jeff Makey Only do the
1931 check for krb5_get_init_creds_opt_free() taking two arguments if we
1932 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
1933 positive when using our own krb5_get_init_creds_opt_free which takes
1934 only a single argument.
1937 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
1939 * configure, configure.in:
1940 Remove a spurious comma in the kerb5 bits.
1944 Call krb5_get_init_creds_opt_init() in our emulated
1945 krb5_get_init_creds_opt_alloc() for MIT kerberos.
1948 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
1955 Need to ignore SIGTT{IN,OU} in child when running the command in the
1956 background. Also some minor cleanup.
1959 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
1962 Instead of calling sigsuspend when waiting for SIGUSR[12] from
1963 parent, install the signal handlers w/o SA_RESTART and let them
1964 interrupt waitpid().
1968 Pass along SIGHUP and SIGTERM from parent to child.
1972 Close unused bits of script_fds in processes that don't need them.
1973 Restore default SIGCONT handler in child.
1977 Update foreground/background status in SIGCONT handler in parent
1981 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
1984 Defer setting terminal into raw mode until just before we fork() and
1985 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
1986 and sudo is already in the foreground be sure to set raw mode before
1987 continuing the child.
1990 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
1993 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
1994 give the command the controlling tty if the main sudo process is the
1999 Don't bother with sudo_waitpid() here for now.
2006 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
2009 Remove non-wroking code that crept into rev 1.55
2012 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
2014 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
2015 First pass at zlib support for transcript data files
2019 remove vestiges of ZLDFLAGS
2023 Add missing variable declaration for when TIOCSCTTY is not defined.
2024 Need to include sys/termio.h for TIOCSCTTY on some systems.
2028 when resuming command, send SIGCONT to its pgrp not just pid
2032 remove unused variable
2036 include selinux.h for is_selinux_enabled() proto
2040 Don't use log_error() in the child process.
2044 Do I/O in parent instead of child since the parent can have both
2045 /dev/tty as well as the pty fds open. The child just sets things up
2046 and waits for its grandchild and writes the signal description to
2047 the pty master if the command was killed by a signal.
2050 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
2052 * missing.h, sudo.h:
2053 Move two struct forward declarations from sudo.h to missing.h
2057 Make comment at the top of script_exec() match reality.
2061 if neither stdin nor stdout is a tty, check stderr
2065 Add back dependecy of gram.h on gram.y
2069 Make transcript mode work as long as we can figure out our tty, even
2070 if it is not stdin. We'd like to use /dev/tty but that won't be
2071 valid after the setsid().
2074 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
2076 * config.h.in, configure, configure.in, pty.c:
2077 Add support for IRIX-style dynamic ptys
2080 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
2081 Move alloc.c protos into alloc.h
2085 Move prototypes for missing libc functions to missing.h
2088 * Makefile.in, sudo.h, sudoreplay.c:
2089 Move prototypes for missing libc functions to missing.h
2092 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
2094 * config.h.in, configure, configure.in:
2095 Disable transcript support if no tcsetpgrp until we support older
2096 BSD-style job control.
2099 * configure, configure.in, pty.c, script.c:
2100 Break out pty code into pty.c
2103 * compat.h, config.h.in, configure, configure.in:
2104 add killpg macro if no killpg function
2107 * config.h.in, configure, configure.in, script.c:
2108 Push ptem and ldterm for STERAMS-based systems when allocating a
2112 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
2115 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
2119 Call tcgetpgrp() in the parent, not the child and have the child
2120 spin until it is granted. Fixes a race on darwin.
2124 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
2128 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
2131 In script mode, if the command is killed by a signal, print the
2132 signal description as well as a core dump notification like the
2136 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
2138 Add check for strsignal() and a simple implementation if it is not
2139 there but sys_siglist is
2143 Add missing WUNTRACED and store the signal that stopped the
2144 grandchild in suspended, not signo.
2152 Associate the grandchild's pgrp with the tty instead of the child's
2153 and just get suspend notifications via SIGCHLD instead of directly.
2154 This fixes a hang with programs that try to set terminal attributes
2155 and is more consistent with how the shell handles things.
2158 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2161 Move setpgid() of child into the parent side of the fork() where it
2165 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
2172 Run command in its own pgrp (like the shell does) for easier
2173 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
2174 to grandchild. Don't want grandchild stopped events in the child
2175 (only termination). Flush output after suspending grandchild before
2180 Back out revision 1.34; the problem lies elsewhere.
2184 Don't set stdout to blocking mode when flushing remaining output.
2185 It can cause us to hang when trying to exit. Need to investigate
2190 Handle SIGTTOU and remove some debugging.
2194 Back out revision 1.10 as the signal that interrupts us may be
2195 SIGTTOU or SIGTTIN which the caller must handle.
2199 Apparently we need to send SIGSTOP to the command as well as ourself
2200 when we get SIGTSTP, the kernel doesn't automatically stop the
2205 Use an extra process to act as the glue bewteen the sessions
2206 associated with the user's controlling tty (what the shell uses) and
2207 the tty that sudo is using to do its logging. Basically, this means
2208 that if we get, e.g. SIGTSTP from the process sudo is running, we
2209 relay the signal to the parent so it's shell can do the job control.
2213 Handle getting/setting terminal attributes when the fd is in non-
2217 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
2219 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2220 Add support for pausing and changing the speed in interactive mode.
2224 Already define O_NOCTTY in compat.h, don't need it here
2227 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
2233 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
2236 Always update the stashed mtime of the temp file instead of using
2237 what we have for the original because the time resolution of the
2238 filesystem the temporary is on may not match that of the filesystem
2239 that holds the original. Should fix bz #371 found by Philippe Levan.
2243 Use cbreak mode instead of raw mode and add signal handlers to
2244 restore the tty on interrupt.
2247 * script.c, sudo.h, term.c:
2248 Retain NL to NLCR conversion on the real tty and skip it on the pty
2249 we allocate. That way, if stdout is not a pty there are no extra
2254 Fix log_output(); just pass in a string and a length.
2257 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
2260 do not use errno when complaining out lack of a tty
2263 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
2265 * Makefile.in, sudoreplay.c, term.c:
2266 Instead of messing with line endings, just set terminal to raw mode
2271 When copying the terminal attributes to the pty, be sure not to set
2272 ONLCR. This prevents extra carriage returns from ending up in the
2277 Convert a do {} while into a while
2281 Use if then instead of test && when installing binaries that may not
2286 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
2287 old tty before associatng with new one.
2290 * script.c, selinux.c, sudo.c, sudo.h:
2291 First cut at refactoring some of the selinux code so it can be used
2292 in conjunction with sudo's transcript support.
2295 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
2297 * aclocal.m4, configure, configure.in:
2298 Fix default case of transcript_enabled being unset.
2301 * script.c, sudoreplay.c:
2302 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
2305 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
2306 Hook up --disable-transcript and --enable-transcript=DIR
2309 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
2311 * aclocal.m4, configure, configure.in, pathnames.h.in:
2312 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
2313 transcript=DIR option to specify the directory
2316 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
2320 * configure, configure.in, sudoers.man.pl, sudoers.pod:
2321 Substitute in default value for secure_path
2325 Mention that the password must be followed by a newline with the -S
2329 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
2332 Go back to dropping out of the select() loop when the process dies;
2333 Linux ptys apparently don't behave the same as BSD in regards to
2334 select(). No need to flush remaining output to the transcript, only
2335 to stdout. Add back code to check the master pty for additional data
2336 when we exit the main select loop.
2339 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
2342 Add getline.o to COMMON_OBJS
2346 sudoreplay depends on libsudo.a
2350 More pwutil.o into COMMON_OBJS
2353 * pwutil.c, testsudoers.c, tsgetgrpw.c:
2354 Remove my_* redirection in pwutil.c for testsudoers and just use the
2355 normal libc get{pw,gr}* names.
2358 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2359 More time and date examples
2362 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
2363 Move nanosleep() emulation into its own file Check librt.a for
2364 nanosleep if we don't find it in libc
2367 * Makefile.in, configure, configure.in:
2368 Build libsudo with the common bits and link things against that.
2376 Keep reading from the pty master -> log file until read returns <=
2377 0. Do our best to write everything to stdout when flushing any
2382 Use unbuffered I/O when writing to stdout and make sure we write the
2386 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
2389 Only use max_wait if it is non-zero
2392 * getdate.c, getdate.y, getline.c:
2397 Fix nanosleep emulation
2401 Fix comment after #endif
2405 Add protos for missing libc bits
2408 * configure, configure.in:
2409 add missing line continuation char
2412 * config.h.in, configure, configure.in, getline.c:
2413 Implement getline() in terms of fgetln() if we have it.
2417 Print year when formatting log line
2421 Document cwd, attempt to document time/date formats.
2425 Fix getline return value check.
2428 * Makefile.in, config.h.in, configure, configure.in, getline.c,
2430 Use getline() if the system has it, else use provide our own for
2435 Refactor code to update output and timing files.
2438 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
2441 Make sudo_getln() behave more like glibc getline.
2445 When flushing remaining output, also update timing file.
2449 Use get_timestr() and make the -l output look like the regular sudo
2453 * logging.c, sudo.h, timestr.c:
2454 Make get_timestr() take a time_t so we can use it properly in
2459 Create session dir earlier now that we update the seq number early.
2462 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2465 Use fromdate and todate as the keywords instead of from and to; the
2466 short forms will still be accepted.
2470 Fix reading long liensin sudo_getln()
2473 * script.c, sudoreplay.c:
2474 Log the cwd in the script log file. Add sudo_getln() to read
2475 arbitrarily long lines.
2478 * Makefile.in, logging.c, sudo.h, timestr.c:
2479 Move get_timestr() into its own source file so sudoreplay can use
2483 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
2486 Add to and from perdicates (date ranges); needs documentation
2489 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
2491 * Makefile.in, getdate.c, getdate.y:
2492 Fix warning and add generated getdate.c
2495 * Makefile.in, getdate.y:
2496 Add getdate.y to be used for sudoreplay date parsing.
2499 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
2502 Check more than just the first character of a predicate
2505 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2506 Add examples, sort predicates
2509 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
2511 Implement search expressions in sudoreplay similar in concept to
2512 what find or tcpdump uses. TODO: date ranges
2515 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
2518 Remove vhangup as it was hanging up the wrong tty. Should really
2519 vhangup in the child after it as set its tty.
2523 Fix cut at documenting transcript support.
2527 ID= -> TSID= for transcript ID
2530 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
2533 Move fast_glob description to where it belongs in sorted order
2536 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
2537 parse.c, parse.h, sudo.c:
2538 Rename script -> transcript
2541 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
2544 Add timeradd and timersub for those without them
2548 Sanity check sessid before using it.
2552 Only set the session id if we are running a command or editing a
2557 Actually. qsort is fine since most versions fal back to a cheaper
2558 sort when the number of elements to sort is small (like in our
2562 * config.h.in, configure, configure.in, script.c:
2563 Check for dup2 and use dup instead if we don't have it.
2566 * script.c, sudo.c, sudo.h:
2567 Move the code to dup2 the script fds to low numbered descriptors
2568 into script_duplow() and fix the fd sorting.
2571 * script.c, sudo.c, sudo.h:
2572 Move script_setup() back to immediately before we drop privs and
2573 call the new script_nextid() in its place, which will set
2574 sudo_user.sessid for the logging functions.
2577 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
2584 remove unused variable
2587 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2589 * logging.c, script.c, sudo.c, sudo.h:
2590 Log the session ID, if there is one. Currently logs ID=XXXXXX,
2591 perhaps should be SESSIONID or SESSID.
2594 * Makefile.in, configure, configure.in, sudoreplay.cat,
2595 sudoreplay.man.in, sudoreplay.pod:
2600 add -V (version) flag
2607 * script.c, sudoreplay.c:
2608 Use base36 number for the ID and store script files with paths like
2609 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
2610 (2,176,782,336) unique IDs.
2613 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
2615 * config.h.in, configure.in:
2616 Add check for regcomp
2620 Add support for selecting by pattern and tty when listing.
2623 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2626 The beginnings of a list mode.
2629 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
2635 * Makefile.in, config.h.in, configure.in:
2636 Add scaffolding for building sudoreplay
2640 include error.h first arg to nanotime is const
2644 Initial cut at sudoreplay; replay a sudo session.
2647 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
2650 Fix wait() usage and use correct wait status.
2653 * sudo.c, sudo.h, tgetpass.c:
2654 Add protos for term_* to sudo.h
2658 Fix detection of the child process exiting. Since the child is in
2659 its own session we should only ever get SIGCHLD for that process but
2660 better safe than sorry.
2664 Add UNIX98 pty support.
2667 * configure, configure.in, script.c:
2668 Add UNIX98 pty support.
2671 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
2674 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
2679 Set PAM_RUSER and PAM_RHOST early so they can be used during
2680 authentication. Based on a patch from Jamie Beverly.
2684 Close dir before returning if strlcpy() reports overflow. From
2688 * config.h.in, configure, configure.in, script.c:
2689 On Linux, the openpty proto libes in pty.h
2693 Call vhangup on exit if the system has it Use setpgrp() if no
2697 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
2699 * config.h.in, configure, configure.in:
2700 Add checks for revoke and vhangup if we don't have openpty
2704 Session logging guts that got forgotten in the previous commit.
2707 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
2708 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
2709 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
2711 First cut at session logging for sudo. Still need to write
2712 get_pty() for Unix 98 and old-style BSD ptys. Also needs
2713 documentation and general cleanup.
2716 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
2718 * sudo.c, sudo_edit.c:
2719 Fix a bug introduced with def_closefrom. The value of def_closefrom
2720 already includes the +1.
2723 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
2726 Generate sudo distributions with pax in ustar mode. No longer need
2727 to use a temp file or have the source dir name match the version.
2730 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
2733 Fix expansion of %h in #include names. Fixes bugzilla 363
2736 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
2739 If no arg assume def_data.in
2744 [f5ad45f69f05] [SUDO_1_7_2]
2750 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
2752 * sudoers.cat, sudoers.man.in, sudoers.pod:
2753 Add missing single quotes around a colon in Runas_Spec definition.
2757 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
2759 * sudo.man.in, sudoers.man.in:
2764 In rbrepair, re-color the root or the first non-block node we find
2765 to be black. Re-coloring the root is probably not needed but won't
2769 * sudo.cat, sudoers.cat:
2773 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
2776 When repairing the tree, don't touch the root node.
2779 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
2782 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
2783 Reported by Josef Schmid.
2786 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
2789 Document that we accept env_pam-style environment files
2793 Adapt to accept pam_env-style /etc/environment which allows shell-
2794 style lines such as: export EDITOR="/usr/bin/vi"
2798 Make it clear that env_delete only works when !env_reset. From Lo??c
2802 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
2804 * sudo.pod, sudoers.pod:
2805 Add non-unix group bits, adapted from Quest
2809 build the .cat page in the current working dir, not the src dir
2813 Return EINVAL in setenv() if var is NULL or the empty string to
2814 match glibc behavior.
2817 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
2819 * configure, configure.in:
2820 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
2823 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
2825 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
2826 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
2830 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
2833 Document --with-libvas and --with-libvas-rpath
2836 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
2838 * ldap.c, sudoers.ldap.pod:
2839 For netscape-derived LDAP SDKs the cert and key paths may be a
2840 directory or a file. However, version 5.0 of the SDK only seems to
2841 support using a directory. If ldapssl_clientauth_init fails and the
2842 cert or key paths look like they could be files, strip off the last
2843 path element and try again.
2847 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
2850 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
2852 * configure, configure.in, match.c, sudo.c, vasgroups.c:
2853 Update non-Unix group support from Quest, as reworked by me.
2861 Add support for escaped hex chars in names, e.g. \x20 for space.
2864 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
2866 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
2867 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
2868 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
2869 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
2870 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
2871 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
2872 tgetpass.c, toke.l, visudo.c:
2873 Update copyright years.
2876 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
2878 * interfaces.c, lbuf.c:
2879 Minor fixes for Minix-3
2882 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
2885 Handle getgroups() returning 0. Also add missing check for
2889 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
2891 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
2892 version.h, visudo.c:
2893 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
2896 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
2899 Remove group setting code in setusercontext case, we will do it
2900 ourselves later on in runas_setup. Set the gid after
2901 initgroups/setgroups is called, since on Mac OS X it seems to change
2905 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
2907 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
2909 Initial bits of non-unix group support using Quest Authentication
2914 Accept %:foo as a non-Unix group
2918 Allow user/group to be double quoted in the case of non-Unix groups
2919 which contain spaces.
2922 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
2925 Don't allow the user to specify the default runas user if their
2926 sudoers entry only allows them to run as a group.
2929 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
2932 Must call audit_success before we change uids.
2935 * logging.c, set_perms.c, sudo.h, testsudoers.c:
2936 Add option for set_perm to not exit on failure and use this in the
2941 In -l mode, if the user is only allowed to run as a group, display
2942 the user's name, not root's before the allowed group.
2946 Fix -g mode, broken by rev 1.503 which had the side effect of
2947 setting the runas user to root unilaterally.
2950 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
2953 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
2957 Only cache by the method we fetched for pwd and grp lookups.
2958 Previously we cached both by namd and id but this can cause problems
2959 for entries that share the same id. Also add more info in the error
2960 message in case the insert fails (which should now be impossible).
2963 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
2966 Add a clarification from Nick Sieger
2969 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
2972 Inline the setting of the environment string.
2975 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
2978 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
2979 in BSD doesn't return an error if the name has '=' in it, it just
2980 treats the '=' as end of string.
2983 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
2986 Not all systems have d_namlen
2989 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
2992 Fix up some pod2html issues.
2995 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
2998 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
3003 Ignore files ending in '~' in sudo.d (emacs backup files)
3007 Ignore files ending in '~' in sudo.d (emacs backup files)
3010 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
3012 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
3013 For #includedir, ignore any file containing a dot
3016 * Makefile.in, version.h:
3020 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
3021 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
3023 Implement #includedir directive. Files in an includedir are not
3024 edited by visudo unless they contain a syntax error.
3029 [8741ed61a78b] [SUDO_1_7_1]
3032 Forgot umask_override
3039 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
3042 Rewind stream if we fdopen sudoers since it may not be at the
3043 beginning. Set the keepopen flag on already-open files too so the
3044 lexer doesn't close them out from under us.
3048 Print the proper file name when there is a parse error in an include
3052 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
3058 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
3060 * configure, configure.in:
3061 Fix a warning when --without-ldap is specified.
3064 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
3066 * alias.c, parse.h, visudo.c:
3067 Store aliases that we remove during check_aliases in a freelist and
3068 free them at the end so we don't leak memory.
3071 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
3074 Check aliases in -c mode too.
3077 * alias.c, parse.h, visudo.c:
3078 Make alias_remove return the alias struct instead of freeing it
3079 directly. Fixes a use after free in alias_remove_recursive, the only
3083 * alias.c, match.c, parse.c, parse.h, visudo.c:
3084 Rename find_alias -> alias_find for consistency.
3087 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
3090 When checking for unused aliases, recurse if the alias points to
3094 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
3097 Back out rev 1.105 for now. Real ldapux_client.conf support will be
3098 done later after some refactoring.
3101 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
3104 Treat ldap_hostport the same as "host" for ldapux.
3107 * configure, configure.in:
3108 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
3109 Fixes compilation with ldapux.
3112 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
3118 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
3121 remove errant carriage returns
3128 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
3129 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
3133 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
3136 Add missing HAVE_BSM_AUDIT
3144 Mention --with-netsvc
3148 Document netsvc.conf support
3151 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
3153 Add support for AIX netsvc.conf (like nsswitch.conf).
3156 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
3158 * config.h.in, configure, configure.in, env.c:
3159 Add --enable-env-debug flag to enable environment sanity checks.
3162 * sudoers.ldap.pod, sudoers.pod:
3163 Work around some pod2html issue.
3166 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
3169 Only sync environ for putenv, setenv, and unsetenv. We need to make
3170 sure that sudo_putenv and sudo_setenv only modify env.envp, not
3174 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
3177 Really fix UNSETENV_VOID
3181 Fix unsetenv when UNSETENV_VOID
3184 * aclocal.m4, configure:
3185 Fix SUDO_FUNC_PUTENV_CONST
3189 tivoli-based ldap does not have ldapssl_err2string
3196 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
3198 * config.h.in, configure, configure.in, ldap.c:
3199 Add support for Tivoli-based LDAP start TLS as seen in AIX.
3204 Add sanity checks for setenv/unsetenv
3208 Include bsm_audit.h in the tarball
3211 * Makefile.in, version.h:
3212 bump version for sudo 1.7.1
3215 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
3216 env.c, ldap.c, sudo.h:
3217 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
3218 provide our own setenv/unsetenv/putenv that operates on own env
3219 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
3222 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
3225 Make "sudoedit -h" work as expected
3229 Make sure def_prompt is always defined. This is a workaround for
3230 pam configs that prompt for a password in the session but don't have
3231 an auth line. A better fix is to expand the sudo prompt earlier and
3232 set def_prompt to that when initializing.
3236 Mention that the helper for -A may be graphical.
3240 Document what happens if there is no tty.
3252 Fix "sudo -k" with no other args
3255 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
3257 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
3258 Allow the -k flag to be specified in conjunction with a command or
3259 another option that may require authentication.
3262 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
3264 * configure, configure.in:
3265 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
3269 Parallel make fix. From Diego E. 'Flameeyes'
3272 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
3274 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
3275 Implement umask_override
3282 * sudoers.pod, toke.l, visudo.c:
3283 Implement %h escape in sudoers include filenames.
3287 Need to include compat.h
3290 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
3291 Make audit_success and audit_failure generic functions in
3292 preparation for integrating linux audit support.
3296 remove duplicate include
3299 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
3306 May need to update the runas user after parsing command-based
3310 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
3313 Add missing pair of braces introduced with character class support.
3316 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
3318 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
3319 Rename pwstars to pwfeedback
3322 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
3324 * bsm_audit.c, bsm_audit.h:
3325 Add const to make MacOS happy.
3328 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
3329 configure.in, sudo.c:
3330 Add bsm audit support from Christian S.J. Peron
3334 This is new code, no DARPA notice.
3337 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
3339 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
3340 Rename simple_glob -> fast_glob
3347 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
3348 Add simple_glob option to use fnmatch() instead of glob(). This is
3349 useful when you need to specify patterns that reference network file
3361 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
3364 Delete any pwstars we wrote after the user hits return. That way
3365 there is no record on screen as to the user's password length.
3368 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
3371 Move terminal setting bits from tgetpass.c to term.c
3374 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
3376 Add pwstars sudoers option that causes sudo to print a star every
3377 time the user presses a key.
3380 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
3383 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
3386 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
3389 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
3390 indicate no limit. From Mark Janssen.
3393 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
3396 Comments that begin with #- should not be parsed as uids.
3399 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
3402 Do not try to set the close on exec flag if we didn't actually open
3406 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
3410 [e11f0e4c1bdd] [SUDO_1_7_0]
3412 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
3418 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
3421 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
3425 * configure, configure.in:
3426 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
3427 as it cannot generate shared objects.
3430 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
3431 K&R compilation fixes
3435 Use tq_foreach_fwd when checking pseudo-commands to make it clear
3436 that we are not short-circuiting on last match. When pwcheck is
3437 'all', initialize nopass to TRUE and override it with the first non-
3441 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
3444 Do not short circuit pseudo commands when we get a match since,
3445 depending on the settings, we may need to examine all commands for
3449 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
3451 * sudoers.cat, sudoers.man.in:
3456 hostnames may also contain wildcards
3460 remove stamp-* files and linux core files in clean target
3463 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
3465 * auth/sudo_auth.h, config.h.in, configure, configure.in:
3466 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
3469 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
3471 * configure, configure.in:
3472 correctly enable SIA on Digital UNIX
3483 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
3485 * check.c, sudo.h, tgetpass.c:
3486 Even if neither stdin nor stdout are ttys we may still have /dev/tty
3490 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
3492 * sudoers.cat, sudoers.man.in:
3497 fix typos; Markus Lude
3509 Fix matching of a line that only consists of a comment char
3512 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
3515 MacOS pam will retry conversation function if it fails so just treat
3516 ^C as an empty password.
3520 When checking for alias use, also check defaults bindings.
3528 Replace my rbdelete with Emin's version (which actually works ;-)
3531 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
3538 malloc options in devel mode for visudo too
3541 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
3544 fix compilation on non-C99; from Theo
3552 when destroying an alias, free the correct data pointer
3556 add proto for aixauth_cleanup; from Dale King
3559 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
3561 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
3566 * sudo.pod, sudoers.pod, visudo.pod:
3567 standardize on the term 'option' for command line options (not flag)
3570 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
3573 Add note on configuring HP-UX pam
3576 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
3579 Move tty checks into check_user() so we only do them if we actually
3584 Don't error out if no tty or askpass unless we actually need to
3588 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
3594 * pathnames.h.in, sudo.c:
3595 s/overriden/overridden/; from Tobias Stoeckmann
3598 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
3600 * WHATSNEW, visudo.c:
3601 check sudoers owner and mode in strict mode
3608 * sudo.man.in, sudoers.man.in, visudo.man.in:
3609 Update copyright years.
3612 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
3613 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
3614 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
3615 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
3616 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
3617 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
3618 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
3619 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
3620 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
3621 visudo.pod, zero_bytes.c:
3622 Update copyright years.
3625 * emul/charclass.h, fnmatch.c, glob.c:
3629 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
3632 The loop in fill_cmnd() was going one byte too far past the end,
3633 resulting in a NUL being written immediately after the buffer end.
3636 * UPGRADE, WHATSNEW:
3637 add sections on tgetpass changes
3641 Treat EOF w/o newline as an error.
3644 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
3647 Fix "sudo -v" when NOPASSWD is set.
3650 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
3652 No longer treat an empty password at the prompt as special. To quit
3653 out of sudo you now need to hit ^C at the password prompt.
3656 * sudoers.cat, sudoers.man.in:
3660 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
3661 Sudo will now refuse to run if no tty is present unless the new
3662 visiblepw sudoers flag is set.
3665 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
3668 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
3673 fix fallback value for RLIM_SAVED_MAX
3676 * auth/aix_auth.c, auth/sudo_auth.h:
3677 Move clearing of AUTHSTATE into aixauth_cleanup.
3680 * auth/aix_auth.c, env.c:
3681 Unset AUTHSTATE after calling authenticate() as it may not be
3682 correct for the user we are running the command as.
3686 Add isblank() function for systems without it. Needed for POSIX
3687 character class matching in fnmatch.c and glob.c.
3690 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
3693 expound on sudo and cd
3696 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
3702 * sudoers.cat, sudoers.man.in:
3707 mention defauts parse order
3710 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
3712 * Makefile.in, aclocal.m4, compat.h, configure:
3713 Add isblank() function for systems without it. Needed for POSIX
3714 character class matching in fnmatch.c and glob.c.
3718 add emul/charclass.h to HDRS
3721 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
3727 * defaults.c, parse.c, testsudoers.c, visudo.c:
3728 Move update_defaults into defaults.c and call it properly from
3729 visudo and testsudoers.
3732 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
3734 use zero_bytes() instead of memset() for consistency
3737 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
3739 Zero out sigaction_t before use in case it has non-standard entries.
3747 Short circuit glob() checks if basename(pattern) !=
3748 basename(command). Refactor code that checks for a command in a
3749 directory and use it in the glob case if the resolved pattern ends
3753 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
3755 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
3756 Defer setting runas defaults until after runaspw/gr is setup.
3759 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
3761 * match.c, sudo.c, testsudoers.c:
3762 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
3763 systems do not include space for the NUL in the size. Also manually
3764 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
3768 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
3770 * sudo.c, sudoers.pod:
3771 When setting the umask, use the union of the user's umask and the
3772 default value set in sudoers so that we never lower the user's umask
3773 when running a command.
3777 Don't try to read from a zero-length sudoers file. Remove the bogus
3778 Solaris work-around for EAGAIN. Since we now use fgetc() it should
3782 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
3785 In update_defaults() check the return value of user*_matches against
3786 ALLOW so we don't inadvertantly match on UNSPEC.
3789 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
3791 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
3792 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
3793 regen man pages; no more hyphenation
3797 Don't error out on a zero-length sudoers file. With the advent of
3798 #include the user could create a situation where sudo is unusable.
3801 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
3803 * auth/kerb5.c, config.h.in, configure, configure.in:
3804 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
3805 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
3806 all. Add configure tests to handle all the cases.
3809 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
3816 document sudoers_locale
3819 * sudo.pod, sudo_edit.c:
3820 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
3825 In fill_cmnd(), collapse any escaped sudo-specific characters.
3826 Allows character classes to be used in pathnames.
3829 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
3832 fix typo in non-C89 function declaration
3836 Mention POSIX characters classes now that out fnmatch() and glob()
3840 * sample.sudoers, sudoers.pod:
3841 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
3846 use __signed char if we are going to assign a negative value since
3847 on Power, char is unsigned by default
3850 * config.h.in, configure, configure.in:
3851 Add tests for __signed char and signed char.
3855 Fix AIX limit setting. getuserattr() returns values in disk blocks
3856 rather than bytes. The default hard stack size in newer AIX is
3857 RLIM_SAVED_MAX. From Dale King.
3860 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3862 * emul/charclass.h, fnmatch.c, glob.c:
3863 Add character class support to included glob(3) and fnmatch(3).
3866 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3869 Remove UCB advertising clause and some compatibility defines.
3872 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3875 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
3876 or sudo. This allows one to set EDITOR to sudoedit without getting
3877 into an infinite loop of sudoedit running itself until the path gets
3881 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
3882 Add sudoers_locale Defaults option to override the default sudoers
3886 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
3889 Set locale to system default except for during sudoers parse.
3892 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
3895 Redo change in 1.34 to use pointer arithmetic.
3898 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
3901 Fix a dereference (read) of a freed pointer. Reported by Patrick
3905 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
3908 Set locale to "C" to avoid interpretation issues with character
3909 ranges in sudoers. May want to make the locale a sudoers option in
3913 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
3916 we no longer use setproctitle
3923 * LICENSE, mkstemp.c:
3924 Use my replacement mkstemp() from the mktemp package.
3927 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
3930 regen with yacc skeleton bug fixed
3934 Remove duplicate "as root". From Martin Toft.
3937 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
3939 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
3940 Flesh out the fake passwd entry used for running commands as a uid
3941 not listed in the passwd database. Fixes an issue with some PAM
3945 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
3948 Error out in -i mode if the user has no shell. This can happen when
3949 running commands as a uid with no password entry.
3952 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
3955 Better fix for line continuation inside double quotes. Now accepts
3956 whitespace between the backslash and the newline like the main
3960 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
3963 Fix line continuation in strings. It was only being honored if
3964 preceded by whitespace.
3967 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3969 * config.h.in, configure, configure.in, logging.c:
3970 Replace the double fork with a fork + daemonize.
3973 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
3976 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
3979 * logging.c, sudo.c, sudo_edit.c, visudo.c:
3980 Change how the mailer is waited for. Instead of having a SIGCHLD
3981 handler, use the double fork trick to orphan the child that opens
3982 the pipe to sendmail. Fixes a problem running su on some Linux
3986 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
3988 * configure, configure.in:
3989 Fix configure test for dirfd() on Linux where DIR is opaque.
3992 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
3995 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
3996 this problem we'll need to revisit this again.
3999 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
4002 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
4003 we only block the signal it may be delivered later when we unblock.
4004 Also, there is no need to block SIGCHLD since we no longer do the
4005 double fork. The normal SIGCHLD handler is sufficient.
4008 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4010 * configure, configure.in:
4011 Add description for NO_PAM_SESSION, from a redhat patch.
4014 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
4016 * sudo.cat, sudo.man.in, sudo.pod:
4017 Fix typos in -i usage
4020 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
4022 * configure, configure.in:
4023 Redo the test for dgettext() in a way that hopefully will work
4024 around the libintl_dgettext() undefined problem.
4027 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
4029 * schema.ActiveDirectory:
4030 change filename in comment
4033 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
4035 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
4037 Reference schema.ActiveDirectory
4040 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
4042 * schema.OpenLDAP, schema.iPlanet:
4043 Mark sudoRunAs as deprecated.
4046 * schema.ActiveDirectory:
4047 add sudoRunAsUser and sudoRunAsGroup
4050 * schema.ActiveDirectory:
4051 Active Directory schema by Chantal Paradis and Eric Paquet
4054 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
4057 remove an XXX that was fixed
4065 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
4066 fixes a problem where the tag value printed was influenced by
4067 defaults set in the first pass through the parser.
4070 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
4072 * Makefile.in, sudo.psf:
4073 No point in packaging the TODO file
4080 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
4082 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
4083 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
4084 Add env_file Defaults option that is similar to /etc/environment on
4088 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
4090 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
4091 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
4092 version.h, visudo.cat, visudo.man.in:
4093 change version to 1.7.0
4097 initial valgrind pass done
4100 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
4103 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
4106 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
4109 define LDAPS_PORT if the system headers do not
4112 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
4115 Fix another memory leak in init_parser().
4118 * configure, configure.in:
4119 There was a missing space before the ldap libs in SUDO_LIBS for some
4123 * alias.c, gram.c, gram.y, toke.c, toke.l:
4124 Clean up some memory leaks pointed out by valgrind.
4127 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
4130 fix "sudo -s" broken by mode/flags breakout
4133 * configure, configure.in:
4134 remove duplicate check for dgettext
4137 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
4140 Fall back to default stanza if no user-specific limit is found.
4143 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
4146 include stdint.h if present
4150 Use LLONG_MAX, not the old QUAD_MAX
4153 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
4159 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
4165 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
4171 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
4182 Split MODE_* defines into primary and flags.
4185 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
4188 It turns out the logic for getting AIX limits is more convoluted
4189 than I realized and differs depending on whether the soft and/or
4190 hard limits are defined.
4193 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
4195 * Makefile.in, configure, configure.in:
4196 Back out AIX-specific change to set the sudo_noexec path to the .a
4197 file, we do really want to use the .so file. Since libtool doesn't
4198 do that correctly, just install the .so file ourselves in the
4203 If the file given to install is a path, only use the basename of the
4204 file when building the destination path.
4207 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
4210 parse_args() cleanup: Sort command line options in the getopt()
4211 switch The -U option requires a parameter Normalize a few ISSET
4212 calls Split mode into mode and flags and retire the now-obsolete
4216 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
4218 Add -n (non-interactive) flag.
4222 Move version printing, etc. into a separate function.
4226 Don't try to cleanup nsswitch if it has not been initialized.
4229 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
4232 Block SIGPIPE in send_mail() so sudo is not killed by a problem
4233 executing the mailer.
4236 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
4238 * configure, configure.in:
4239 AIX shared libs end in .a, not .so.
4242 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
4245 Preserve HOME by default too. Matches documentation and previous
4249 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
4252 Use getopt() to parse the command line. We need to be able to
4253 intersperse env variables and options yet still honor "--"" which
4254 complicates things slightly.
4257 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
4263 * acsite.m4, configure, ltmain.sh:
4264 update to libtool-1.5.26
4267 * config.guess, config.sub:
4268 update from libtool-1.5.26 distribution
4272 attempt to fix compilation errors on AIX
4276 fix typo in last commit
4280 Add WHATSNEW file to the distribution
4284 use warningx instead of fprintf(stderr, ...)
4288 add DEBUG to list2tq
4299 * Makefile.in, aix.c, config.h.in, configure, configure.in,
4300 set_perms.c, sudo.h:
4301 Add aix_setlimits() to set resource limits on AIX using a
4302 combination of getuserattr() and setrlimit(). Currently untested.
4305 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
4307 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
4308 sudoers.man.in, sudoers.pod:
4309 Add mailfrom Defaults option that sets the value of the From: field
4310 in the warning/error mail. If unset the login name of the invoking
4315 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
4319 When adding a default, only call list2tq() once to do the list to tq
4320 conversion. It is not legal to call list2tq multiple times on the
4321 same list since list2tq consumes and modifies the list argument.
4324 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4325 comment out XXXs for now
4332 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
4335 Error out if both -A and -S are specified Error out if -A is
4336 specified but no askpass is configured
4339 * configure, configure.in:
4340 we are not going to ship a sudo-specific askpass
4343 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
4346 fix definition of TGP_ASKPASS
4349 * def_data.c, def_data.in:
4350 make askpass boolean-capable
4354 document --with-askpass
4357 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4358 sudoers.man.in, visudo.cat:
4362 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4364 * sudo.pod, sudo_usage.h.in, sudoers.pod:
4365 document -A and askpass
4368 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
4369 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
4370 sudo_usage.h.in, tgetpass.c:
4371 Add support for running a helper program to read the password when
4372 no tty is present (or when specified with the -A flag). TODO: docs.
4375 * def_data.c, def_data.in:
4376 add missing printf format to SELinux role and type strings
4379 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
4381 * INSTALL, configure, configure.in:
4382 Disable use of gss_krb5_ccache_name() by default and add
4383 --enable-gss-krb5-ccache-name configure option to enable it. It
4384 seems that gss_krb5_ccache_name() doesn't work properly with some
4385 combinations of Heimdal and OpenLDAP.
4388 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
4391 Ignore setexeccon() failing in permissive mode. Also add a call to
4392 setkeycreatecon() (though this is probably insufficient). From Dan
4397 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
4398 function may be called for non-password reading purposes so we must
4399 be careful not to use def_prompt in cases where it may not be set.
4402 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
4405 Don't free the new tty context, we need to keep it around when we
4406 restore the tty context after the command completes
4409 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
4415 * sudo.man.pl, sudo.pod:
4416 Only put login_cap(3) in SEE ALSO section if we have login.conf
4420 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
4422 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4423 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4428 Substitute in comment characters for lines partaining to login.conf,
4429 BSD auth and SELinux and only enable them if pertinent.
4433 Substitute in comment characters for lines partaining to login.conf,
4434 BSD auth and SELinux and only enable them if pertinent.
4438 Substitute in comment characters for lines partaining to login.conf,
4439 BSD auth and SELinux and only enable them if pertinent.
4443 Substitute in comment characters for lines partaining to login.conf,
4444 BSD auth and SELinux and only enable them if pertinent.
4447 * Makefile.in, configure, configure.in:
4448 Substitute in comment characters for lines partaining to login.conf,
4449 BSD auth and SELinux and only enable them if pertinent.
4452 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
4453 Remove the =cut on the first line (above the copyright notice) to
4454 quiet pod2man. Also remove the hackery in the FILES section and
4455 just deal with the fact that there will a newline between each
4459 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
4462 run sudo.man.pl when generating sudo.man.in
4465 * configure, configure.in, sudo.man.pl:
4466 comment out SELinux manual bits unless --with-selinux was specified
4470 document role and type defaults for SELinux
4473 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
4474 Document "sudo -ll" and make "sudo -l -l" be equivalent.
4477 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
4479 * configure, configure.in:
4480 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
4481 Debian GNU/kFreeBSD.
4484 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
4487 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
4491 * logging.c, logging.h, sudo.c:
4492 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
4493 log_auth() into log_allowed() and log_denial() Replace mail_auth()
4494 with should_mail() and a call to send_mail()
4497 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
4500 Add debugging so we can tell if the krb5 ccache is accessible
4504 mention --with-selinux
4507 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4517 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
4518 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
4519 testsudoers.c, toke.c, toke.l:
4520 Add support for SELinux RBAC. Sudoers entries may specify a role
4521 and type. There are also role and type defaults that may be used.
4522 To make sure a transition occurs, when using RBAC commands are
4523 executed via the new sesh binary. Based on initial changes from Dan
4528 Add support for SELinux RBAC. Sudoers entries may specify a role
4529 and type. There are also role and type defaults that may be used.
4530 To make sure a transition occurs, when using RBAC commands are
4531 executed via the new sesh binary. Based on initial changes from Dan
4535 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
4536 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
4537 pathnames.h.in, selinux.c:
4538 Add support for SELinux RBAC. Sudoers entries may specify a role
4539 and type. There are also role and type defaults that may be used.
4540 To make sure a transition occurs, when using RBAC commands are
4541 executed via the new sesh binary. Based on initial changes from Dan
4545 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
4547 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
4548 Add long list (sudo -ll) support for printing verbose LDAP and
4549 sudoers file entries. Still need to update manual.
4552 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
4554 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
4555 Unify the -l output for file and ldap based sudoers and use lbufs
4556 for both. The ldap output does not currently include options that
4557 cannot be represented as tags. This will be remedied in a long list
4558 output mode to come.
4561 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
4564 Use a specific error message for errno == EAGAIN when setuid() et al
4565 fails. On Linux systems setuid() will fail with errno set to EAGAIN
4566 if changing to the new uid would result in a resource limit
4571 Unlimit nproc on Linux systems where calling the setuid() family of
4572 syscalls causes the nroc resource limit to be checked. The limits
4573 will be reset by pam_limits.so when PAM is used. In the non-PAM
4574 case the nproc limit will remain unlimited but there doesn't seem to
4575 be a way around that other than having sudo parse
4576 /etc/security/limits.conf directly.
4579 * env.c, sudo.c, sudo.pod:
4580 Only read /etc/environment on Linux and AIX
4583 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
4585 * configure, configure.in:
4586 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
4587 ldap.conf and ldap.secret paths from going into config.h. Avoid
4588 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
4589 since in some versions of bash they will end up literally in the
4593 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
4596 mention --with-nsswitch=no
4599 * configure, configure.in:
4600 ldap_ssl.h depends on ldap.h being included first
4603 * config.h.in, configure, configure.in, ldap.c:
4604 Include ldap_ssl.h if we can find it. Needed for the
4605 ldapssl_set_strength defines on HP-UX at least.
4616 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4617 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4622 Use 78n line length when formatting cat pages.
4626 Remove redundant info that is now in sudoers.ldap.pod
4629 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
4631 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4632 Reorganize the first section a bit. Substitute the proper path for
4636 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4637 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
4638 schema into EXAMPLES
4641 * configure, configure.in:
4642 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
4646 * configure, configure.in:
4647 substitute for sudoers.ldap.man
4651 Fix cut & pasto introduced when adding sudoers.ldap man page.
4654 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4655 Fill in some of the missing pieces. Still needs some reorganization
4659 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
4661 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
4663 Beginnings of a sudoers.ldap man page. Currently, much of the
4664 information is adapted from README.LDAP.
4667 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
4670 When copying gr_mem we must guarantee that the storage space for
4671 gr_mem is properly aligned. The simplest way to do this is to
4672 simply store gr_mem directly after struct group. This is not a
4673 problem for gr_passwd or gr_name as they are simple strings.
4677 Fix a typo/thinko in one of the calls to
4678 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
4681 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
4683 * config.h.in, configure, configure.in, ldap.c:
4684 include <mps/ldap_ssl.h> in ldap.c if available
4687 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
4690 Make sure we define SIZE_MAX for yacc's skeleton.c
4694 Use TCSAFLUSH when restoring terminal settings (and echo) to
4695 guarantee that any pending output is discarded
4698 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
4701 no longer need to specify SETENV when user has sudo ALL
4705 sync user_args size calculation with sudo.c Add -g group option,
4706 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
4711 Make set_runaspw static void
4714 * testsudoers.c, visudo.c:
4715 g/c set_runaspw stub
4718 * configure, configure.in:
4719 Don't add -llber twice.
4722 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
4728 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
4734 * configure, configure.in:
4735 Fix check that determines whether -llber is required.
4738 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
4739 For netscape-based LDAP, use ldapssl_set_strength() to implement the
4740 checkpeer ldap.conf option.
4744 Delay krb5_cc_initialize() until we actually need to use the cred
4745 cache, which is what krb5_verify_user() does. Better cleanup on
4749 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
4752 Rewrite verify_krb_v5_tgt() based on what heimdal's
4753 krb5_verify_user() does.
4756 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
4759 The U suffix on constants is an ANSI feature
4762 * configure, configure.in:
4763 Add check for ber_set_option() in -llber
4766 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
4769 default if no nsswitch.conf is files only
4772 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
4775 don't tell people to mail aaron about LDAP stuff
4779 timelimit and bind_timelimit
4787 Move ldap.secret reading into a separate function.
4791 user_runas -> runas_pw
4794 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
4800 * check.c, sudo.pod, sudoers.pod:
4801 Add and document the %p escape in the password prompt. Based on a
4802 patch from Patrick Schoenfeld.
4806 Check strlcpy() return values.
4810 refactor ldap binding code into sudo_ldap_bind_s()
4814 Make it clear that host and uri can take multiple parameters. URI is
4815 now supported for more than just openldap nsswitch.conf does't
4820 comment cleanup and update (c) year
4823 * parse.c, sudo_nss.c:
4824 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
4825 This should make it possible to build an LDAP-only sudo binary.
4828 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
4829 Improve chaining of multiple sudoers sources by passing in the
4830 previous return value to the next in the chain
4834 Free up parser data structures in sudo_file_close().
4838 Free up parser data structures in sudo_file_close().
4842 Parse uri ourself if no ldap_initialize() is present Use
4843 ldap_create() instead of deprecated ldap_init() Use
4844 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
4847 * config.h.in, configure, configure.in:
4848 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
4852 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
4854 * config.h.in, configure, configure.in:
4855 add check for ldap_create
4858 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
4860 * config.h.in, configure, configure.in, ldap.c:
4861 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
4862 dn using the mechanism appropriate for the LDAP SDK in use. Use
4863 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
4864 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
4871 * config.h.in, configure.in:
4872 fix typo in mtim_getnsec
4875 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
4877 * config.h.in, configure, configure.in:
4878 add check for st__tim in struct stat as used by SCO
4882 use ldap_search_ext_s instead of deprecated ldap_search_s
4885 * Makefile.in, TODO, sudo.cat, sudo.man.in:
4886 add sudo_nss.h to HDRS
4890 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
4894 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
4897 Use ldap_get_values_len()/ldap_value_free_len() instead of the
4898 deprecated ldap_get_values()/ldap_value_free().
4909 * gettime.c, sudo.c:
4910 Remove some already fixed XXXs
4914 Same return value as non-existent sudoers if LDAP was unable to
4919 mention /etc/environment
4922 * README.LDAP, UPGRADE, WHATSNEW:
4923 Update to reflect recent developments.
4927 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
4931 When building up a query don't list groups in the aux group vector
4932 that are the same as the passwd file group. On most systems the
4933 first gid in the group vector is the same as the passwd entry gid.
4937 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
4938 ldaprc and system defaults that could affect how LDAP works.
4941 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
4942 sudo_nss.c, sudo_nss.h:
4943 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
4944 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
4945 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
4946 file and --with-ldap-secret-file
4950 Honor def_ignore_local_sudoers
4953 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
4956 no longer need to check def_ignore_local_sudoers here
4960 Refactor group vector resetting into a function and also call it
4961 from display_cmnd. Stop after the first sucessful match in
4962 display_cmnd. Print a newline between each display_privs method.
4966 fix double free introduced in rev 1.218
4970 belt and suspenders; zero out result after freeing it
4973 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
4974 Refactor line reading into a separate function, sudo_parseln(),
4975 which removes comments, leading/trailing whitespace and newlines.
4976 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
4980 Make the inability to read the sudoers file a non-fatal error if
4981 there are other sudoers sources available. sudoers_file_lookup now
4982 returns "not OK" if sudoers was not present
4986 make it clear that the global options are from LDAP
4990 allocate proper amount of space for error string
4993 * sudo_nss.c, sudo_nss.h:
4994 actual sudo nss code
4997 * ldap.c, parse.c, sudo.c, sudo.h:
4998 nss-ify display_privs and display_cmnd.
5001 * defaults.c, parse.c, testsudoers.c, visudo.c:
5002 move update_defaults() to parse.c
5005 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
5006 Use nsswitch to hide some sudoers vs. ldap implementation details
5007 and reduce the number of #ifdef LDAP TODO: fix display routines and
5011 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
5013 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
5014 First cut at nsswitch.conf support. Further reorganizaton and
5015 related changes are forthcoming.
5018 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
5020 * env.c, pathnames.h.in, sudo.c, sudo.h:
5021 Add support for reading and /etc/environment file. Still needs to
5022 be documented and should probably only applies to OSes that have it
5023 (AIX and Linux, maybe others).
5030 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
5036 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
5043 Add an example sudoRole, clarify netscape vs. openldap a bit more
5047 Be clear on what is OpenLDAP vs. Netscape-derived
5050 * config.h.in, configure, configure.in, ldap.c:
5051 Use ldapssl_init() for ldaps support instead of trying to do it
5052 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
5053 and tls_key for cert7.db and key3.db respectively. Don't print
5054 debugging info for options that are not set. Add warning if
5055 start_tls specified when not supported.
5059 fix compilation on solaris
5063 add missing .h and .c files for missing lib objs
5066 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
5069 fix LDAP_OPT_NETWORK_TIMEOUT setting
5073 fix compilation on Solaris
5076 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
5078 * configure, configure.in:
5083 try to clear up which variables are for OpenLDAP and which are for
5084 netscape-derived SDKs
5087 * config.h.in, configure, configure.in, ldap.c:
5088 Add support for "ssl on" in both netscape and openldap flavors. Only
5089 the OpenLDAP flavor has been tested.
5092 * logging.c, sudo.c, sudo.h:
5093 Call cleanup() before exit in log_error() instead of calling
5094 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
5101 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
5103 * logging.c, sudo.c, sudo.h:
5104 Better ldap cleanup.
5108 Distinguish between LDAP conf settings that are connection-specific
5109 (which take an ld pointer) and those that are default settings
5113 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
5116 Improved warnings on error.
5120 Make ldap config table driven and set the config *after* we open the
5124 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
5127 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
5130 * configure, configure.in:
5131 some operating systems need to link with -lkrb5support when using
5135 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
5141 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
5145 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
5151 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
5152 add -g support for LDAP
5155 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
5157 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
5158 The -i and -s flags can now take an optional command.
5161 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
5163 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
5165 Add passprompt_override flag to sudoers that will cause the prompt
5166 to be overridden in all cases. This flag is also set when the user
5167 specifies the -p flag.
5171 Move setting of login class until after sudoers has been parsed. Set
5172 NewArgv[0] for -i after runas_pw has been set.
5175 * configure, configure.in:
5176 Move the dgettext check.
5179 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
5181 * auth/pam.c, config.h.in, configure, configure.in:
5182 Add basic support for looking up the string "Password: " in the PAM
5183 localized text db. This allows us to determine whether the PAM
5184 prompt is the default "Password: " one even if it has been
5187 TODO: concatenate non-std PAM prompts and user-specified sudo
5191 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
5193 * Makefile.in, config.h.in, configure, configure.in, parse.c,
5194 set_perms.c, sudo.c, sudo.h:
5195 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
5199 * acsite.m4, configure, interfaces.c, memrchr.c:
5200 Fix typos; Martynas Venckus
5203 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
5206 Don't assume runas_pw is set; it may not be in the -g case.
5209 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
5211 * logging.c, set_perms.c:
5212 Set aux group vector for PERM_RUNAS and restore group vector for
5213 PERM_ROOT if we previously changed it. Stash the runas group vector
5214 so we don't have to call initgroups more than once. Also add no-op
5215 check to check_perms.
5218 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
5220 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
5221 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
5222 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
5223 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
5224 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
5225 Add support for runas groups. This allows the user to run a command
5226 with a different effective group. If the -g option is specified
5227 without -u the command will be run as the current user (only the
5228 group will change). the -g and -u options may be used together.
5229 TODO: implement runas group for ldap improve runas group
5230 documentation add testsudoers support
5233 * configure, configure.in:
5234 fix setting of mandir
5237 * sudo.pod, sudoers.pod:
5238 document that ALL implies SETENV
5242 s/setenv_ok/setenv_implied/g
5246 hostname_matches() returns TRUE on match in sudo 1.7.
5250 use strcmp, not strcasecmp when comparing ALL
5254 Make sudo ALL imply setenv. Note that unlike with file-based
5255 sudoers this does affect all the commands in the sudoRole.
5258 * gram.c, gram.y, parse.c, parse.h:
5259 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
5260 it is not passed on to other commands in the list.
5264 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
5265 sudo_getpwuid() instead of getpwuid().
5268 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
5271 Expand on the dangers of not using visudo to edit sudoers.
5274 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5277 Don't quote *?[]! on output since the lexer does not strip off the
5278 backslash when reading those in.
5281 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
5284 expand "u_foo" types to "unsigned foo" to avoid compatibility
5288 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
5291 Refactor log line generation in to new_logline().
5294 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
5300 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
5302 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
5304 Add configure check for struct in6_addr instead of relying on
5305 AF_INET6 since some systems define AF_INET6 but do not include IPv6
5309 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
5311 * configure, configure.in:
5312 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
5316 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
5318 * configure, configure.in:
5319 POSIX states that struct timespec be declared in time.h so check
5320 there regardless of the value of TIME_WITH_SYS_TIME.
5323 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
5326 Instead of defining a macro to call the appropriate method for
5327 turning on/off echo, just define tc[gs]etattr() and the related
5328 defines that use the correct terminal ioctls if needed. Also go back
5329 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
5332 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
5342 * INSTALL, auth/pam.c, config.h.in, configure.in:
5343 Add --disable-pam-session configure option to disable calling
5344 pam_{open,close}_session. May work around bugs in some PAM
5348 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
5355 Avoid printing the prompt if we are already backgrounded. E.g. if
5356 the user runs "sudo foo &" from the shell. In this case, the call
5357 to tcsetattr() will cause SIGTTOU to be delivered.
5360 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
5362 * def_data.c, def_data.h, def_data.in:
5363 Reorder things such that the definition of env_reset come right
5364 before the env variable lists.
5368 Shrink type and seqno in struct alias from int to u_short
5371 * alias.c, match.c, parse.c, parse.h:
5372 Add a sequence number in the aliases for loop detection. If we find
5373 an alias with the seqno already set to the current (global) value we
5374 know we've visited it before so ignore it.
5377 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
5379 * TODO, auth/pam.c, sudo.c, sudo.h:
5380 PAM wants the full tty path so add user_ttypath which holds the full
5381 path to the tty or is NULL if no tty was present.
5385 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
5389 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
5395 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
5396 parse.h, testsudoers.c, visudo.c:
5400 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
5403 remove some useless casts
5407 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
5408 predates the final C99 spec and the standard specifies that it shall
5409 include stdint.h anyway
5412 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
5414 * Makefile.in, alloca.c, configure.in:
5415 Since we ship with a pre-generated parser there is no need to ship a
5416 bogus alloca implementation.
5424 remove initial setting of CHECKSIA, we require that it be unset if
5437 only do SIA checks on Digital Unix
5440 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
5442 * sudoers.cat, sudoers.man.in:
5451 Remove call to krb5_cc_register() as it is not needed for modern
5459 * aclocal.m4, configure.in:
5460 New method for setting the default authentication type and avoiding
5461 conflicts in auth types.
5464 * match.c, parse.c, testsudoers.c:
5465 Each entry in a cmndlist now has an associated runaslist so no need
5466 to keep track of the most recent non-NULL one.
5469 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
5472 back out partial ldaps support mistakenly committed
5476 Add support for unix groups and netgroups in sudoRunas
5479 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
5482 Fix sudoedit of a non-existent file. From Tilo Stritzky.
5485 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
5492 update --passprompt escape info
5496 remove now-bogus comment and update copyright date
5500 Fix up use of with_passwd
5503 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
5504 Update to autoconf-2.61 andf libtool-1.5.24
5508 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
5511 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
5518 move tags and runaslist propagation to be earlier
5522 If -f flag given use the permissions of the original file as a
5527 prevent a double free() when re-initing the parser
5530 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
5536 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
5537 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
5538 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
5539 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
5540 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
5541 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
5542 Remove support for compilers that don't support void *
5549 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
5550 parse.c, parse.h, testsudoers.c, visudo.c:
5551 Move list manipulation macros to list.h and create C versions of the
5552 more complex ones in list.c. The names have been down-cased so they
5553 appear more like normal functions.
5557 Fix cmp command when regenerating parser. Make gram.o the first
5558 dependency for all programs so gram.h will be generated before
5559 anything that needs it.
5563 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
5566 * match.c, parse.c, testsudoers.c:
5567 Use LH_FOREACH_REV when checking permission and short-circuit on the
5568 first non-UNSPEC hit we get for the command. This means that
5569 instead of cycling through the all the parsed sudoers entries we
5570 start at the end and work backwards and quit after the first
5571 positive or negative match.
5578 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
5579 Change list head macros to take a pointer, not a struct.
5587 Propagate the runasspec from one command to the next in a cmndspec.
5590 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
5593 Replace has_meta() with a macro that calls strpbrk().
5599 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
5600 testsudoers.c, visudo.c:
5601 Use a list head struct when storing the semi-circular lists and
5602 convert to tail queues in the process. This will allow us to
5603 reverse foreach loops more easily and it makes it clearer which
5604 functions expect a list as opposed to a single member.
5606 Add macros for manipulating lists. Some of these should become
5609 When freeing up a list, just pop off the last item in the queue
5610 instead of going from head to tail. This is simpler since we don't
5611 have to stash a pointer to the next member, we always just use the
5612 last one in the queue until the queue is empty.
5614 Rename match functions that take a list to have list in the name.
5615 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
5619 Fix pasto, append "!" not negated (which is an int) for sudo -l
5624 Remove the dependency of gram .h on gram.y, the .c dependency is
5625 enough. Only move y.tab.h to gram.h if it is different; avoids
5626 needless rebuilding.
5629 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
5632 Defaults lines may be associated with lists of users, hosts,
5633 commands and runas users, not just single entries.
5636 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
5639 Revert the "cmp" portion of the last diff, it doesn't make sense.
5643 Remove *.lo for clean: When generating the parser, only move the
5644 generated files into place if they differ from the existing ones.
5647 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
5650 Replace IPV6 regexp with a much simpler (readable) one and add an
5651 extra check when it matches to make sure we have a valid address.
5655 Fix thinko introduced when merging IPV6 support.
5658 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
5669 mention #uid vs. comment pitfall
5673 Merge in a patch from the libtool cvs that fixes a problem with the
5674 latest autoconf. From Stepan Kasal.
5678 Back out he XOR swap trick, it is slower than a temp variable on
5687 Convert the tail queue to a semi-circle queue and use the XOR swap
5688 trick to swap the prev pointers during append.
5691 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
5694 remove useless statement
5698 Refactor #include parsing into a separate function and return
5699 unparsed chars (such as newline or comment) back to the lexer.
5702 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
5705 mention better uid support
5709 Users may now consist of a uid.
5712 * gram.c, gram.h, toke.c:
5717 Use lbuf_append_quoted() for sudo -l output to quote characters that
5718 would require quoting in sudoers.
5722 Add lbuf_append_quoted() which takes a set of characters which
5723 should be quoted with a backslash when displayed.
5727 Require that the first character after a comment not be a digit or a
5728 dash. This allows us to remove the GOTRUNAS state and treat
5729 uid/gids similar to other words. It also means that we can now
5730 specify uids in User_Lists and a User_Spec may now contain a uid.
5734 Replace RUNAS token with '(' and ')' tokens to make the runas
5735 portion of the grammar more natural.
5739 The BUGS file is history
5742 * Makefile.in, README:
5743 The BUGS file is history
5746 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
5749 Allow comments after a RunasAlias as long as the character after the
5750 pound sign isn't a digit or a dash.
5754 Glob support was back-ported to 1.6.9
5757 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
5760 remove sudo_usage.h in distclean
5764 If a Defaults value contains a blank, double-quote the string.
5768 Properly deal with Defaults double-quoted strings that span multiple
5769 lines using the line continuation char. Previously, the entire
5770 thing, including the continuation char, newline, and spaces was
5775 Be consistent when using single quotes and backticks.
5778 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
5780 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
5781 sudo.c, sudo_usage.h.in:
5782 Add new linebuf code to do appends of dynamically allocated strings
5783 and word-wrapped output. Currently used for sudo's usage() and sudo
5784 -l output. Sudo usage strings are now in sudo_usage.h which is
5785 generated at configure time.
5788 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
5790 * parse.c, sudo.c, sudo.h:
5791 Fix line wrapping in usage() and use the actual tty width instead of
5795 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
5802 Mentioned Chris Jepeway's parser and also the new one that is in
5806 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
5808 * sudo.pod, visudo.pod:
5809 For the options list, add flag args where appropriate and increase
5810 the indent level so there is room for them.
5813 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
5816 Fix some spacing in "sudo -l" and add a comment about some bogosity
5817 in the line wrapping.
5820 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
5825 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
5826 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
5827 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
5828 testsudoers.c, toke.c, toke.l:
5829 Remove monitor support until there is a versino of systrace that
5830 uses a lookaside buffer (or we have a better mechanism to use).
5833 * config.h.in, configure, configure.in, sudo.c:
5834 use getaddrinfo() instead of gethostbyname() if it is available
5837 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
5840 Deal with OSes where sizeof(gid_t) < sizeof(int).
5844 repair non-getifaddrs() code after ipv6 integration
5848 If we can open sudoers but fail to read the first byte, close the
5849 file stream before trying again.
5852 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
5858 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
5859 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
5862 * sudo.pod, sudoers.pod, visudo.pod:
5863 Add some missing markup Update copyright
5866 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
5868 * configure, configure.in:
5869 fix sudo_noexec extension which got broken in the libtool update
5872 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
5875 explicitly specify -Tascii to nroff
5878 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
5881 remove an ANSI-ism that crept in
5884 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
5887 Adjust list indents Prevent -- from being turned into an em dash Use
5888 a list for the environment instead of a literal paragraph
5892 Use a list for the environment instead of an indented literal
5897 Adjust list indentation
5904 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
5907 mention that when specifying a uid for the -u option the shell may
5908 require that the # be escaped
5911 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
5914 Fix off by one in group matching.
5917 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
5920 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
5923 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
5925 * configure, configure.in:
5926 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
5930 * aclocal.m4, configure, configure.in:
5931 Fix link tests such that new gcc doesn't optimize away the test.
5934 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
5936 * sudo.pod, sudoers.pod, visudo.pod:
5937 add missing over/back
5940 * sudo.pod, sudoers.pod, visudo.pod:
5941 Change FILES section to use =item
5945 Add back allocation of the env struct in rebuild_env but save a copy
5946 of the old pointer and free it before returning.
5950 Don't init the private environment in rebuild_env() since it may
5951 have already been done implicitly sudo_setenv/sudo_unsetenv.
5953 Multiply length by sizeof(char *) in memcpy/memmove when copying the
5954 environment so we copy the full thing.
5956 Add missing set of parens so we deref the right pointer in
5957 sudo_unsetenv when searching for a matching variable.
5960 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
5962 * sudo.pod, sudoers.pod, visudo.pod:
5963 Use file markup for paths in the FILES section
5966 * sudo.pod, sudoers.pod, visudo.pod:
5967 Don't capitalize sudo/visudo
5971 Sort sudoers options; based on a diff from Igor Sobrado.
5974 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
5976 * sudo.pod, sudoers.pod, visudo.pod:
5977 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
5978 latter confuses pod2man. The Makefile rules for the .man.in file
5979 will add @mansectsu@ and @mansectform@ back in after pod2man is done
5983 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
5985 * LICENSE, Makefile.in, license.pod:
5986 Move license info to pod format
5989 * configure, configure.in, sudoers.pod:
5990 Substitute value of path_info into sudoers man page.
5994 remove features that were back-ported to 1.6.9
5997 * sudo.c, sudo.pod, visudo.c, visudo.pod:
5998 Sort SYNOPSIS and sync usage. From Igor Sobrado.
6002 Only need sudo_setenv/sudo_unsetenv if we are going to use
6003 ldap_sasl_interactive_bind_s() but don't have
6004 gss_krb5_ccache_name().
6008 rebuild without branch info
6012 Add ChangeLog target
6016 Run cleanup code if the user hits ^C at the password prompt.
6020 Some versions of pam_lastlog have a bug that will cause a crash if
6021 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
6025 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
6028 ChageLog not Changelog
6043 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
6045 * config.h.in, configure, configure.in, ldap.c:
6046 Add configure hooks for gss_krb5_ccache_name() and the gssapi
6050 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
6053 rebuild_env() and insert_env_vars() no longer return environment
6054 pointer, they set environ directly.
6056 No longer need to pass around an envp pointer since we just operate
6059 Add dosync argument to insert_env() that indicates whether it should
6060 reset environ when realloc()ing env.envp.
6062 Use an initial size of 128 for the environment.
6066 Split sudo_setenv() into an external version and a version only for
6067 use by rebuild_env().
6070 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
6073 Add support for using gss_krb5_ccache_name() instead of setting
6074 KRB5CCNAME. Also use sudo_unsetenv() in the non-
6075 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
6076 original environment. TODO: configure setup for
6077 gss_krb5_ccache_name()
6084 * README.LDAP, ldap.c:
6085 Add support for sasl_secprops in ldap.conf
6089 Add sudo_unsetenv() and refactor private env syncing code into
6093 * README.LDAP, ldap.c:
6094 The ldap.conf variable is sasl_auth_id not sasl_authid.
6097 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
6099 * ldap.c, sudo.c, sudo.h:
6100 Add support for krb5_ccname in ldap.conf. If specified, it will
6101 override the default value of KRB5CCNAME in the environment for the
6102 duration of the call to ldap_sasl_interactive_bind_s().
6106 Remove format_env() Add sudo_setenv() to replace most format_env() +
6107 insert_env() combinations. insert_env() no longer takes a struct
6112 Fix use_sasl vs. rootuse_sasl logic.
6115 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
6116 Add support for SASL auth when connecting to an LDAP server. Adapted
6117 from a diff by Tom McLaughlin.
6120 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
6122 * configure, configure.in:
6123 Only enable AIX or BSD auth if no other exclusive auth method has
6124 been chosen. Allows people to e.g., use PAM on AIX without adding
6125 --without-aixauth. A better solution is needed to deal with default
6126 authentication since if a non-exclusive method is chosen we will
6130 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
6132 * HISTORY, Makefile.in, history.pod:
6133 Generate HISTORY from history.pod (which is also used for web pages)
6136 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
6138 * sudo.man.in, sudoers.man.in:
6143 Better explanation of environment handling in the sudo man page.
6147 Defer setting user-specified env vars until after authentication.
6151 honor def_default_path for PATH set on the command line
6154 * env.c, sudo.c, sudo.pod, sudoers.pod:
6155 Allow user to set environment variables on the command line as long
6156 as they are allowed by env_keep and env_check. Ie: apply the same
6157 restrictions as normal environment variables. TODO: deal with
6161 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
6163 * sudo.c, sudo_edit.c:
6164 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
6165 Don't allow -E or env var setting in sudoedit mode. More accurate
6166 usage() when called as sudoedit.
6174 add -c option to sudoedit synopsis
6182 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
6183 value from {user,host,runas,cmnd}_matches(). Rename *matches
6184 variables -> *match. Purely cosmetic.
6188 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
6196 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
6199 Make pwcheck local to the pwflag block. Use pwcheck even if user
6200 didn't match since Defaults options may still apply.
6204 Do not update timestamp if user not validated by sudoers.
6208 for PERM_RUNAS, set the egid to the runas user's gid and restore to
6209 the user's original in PERM_ROOT
6212 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
6213 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
6218 don't check timestamp mtime if we are just going to remove it
6222 Move sudoers defaults parameters into their own section.
6226 Reduce a level of indent by a few placed continue statements.
6230 Make matching but negated commands/hosts/runas entries override a
6231 previous match as expected. Also reduce some levels of indent by a
6232 few placed continue statements.
6235 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
6238 Print default runas in "sudo -l" if sudoers don't specify one.
6242 Less hacky way of testing whether the domain was set.
6245 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
6248 Mention pam-devel and openldap-devel for Linux
6251 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
6257 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
6260 fix typo in Solaris project support
6268 Make -- on the command line match the manual page. The implied shell
6269 case has been simplified as a result.
6272 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
6275 add simplistic support for sudoRunas; note that if a sudoers entry
6276 contains multiple Runas users, all will apply to the sudoRole
6280 honor SETENV and NOSETENV tags
6283 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
6286 Redo setting of user_args. We now build up a private copy of argv
6287 first and then replace the NULs?with spaces.
6291 getcwd() returns NULL on failure, not 0 on success
6295 allow chunksiz to reach 1 before erroring out
6298 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
6303 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6305 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
6306 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
6308 Add support for setting environment variables on the command line.
6309 This is only allowed if the setenv sudoers options is enabled or if
6310 the command is prefixed with the SETENV tag.
6314 replace Aaron's email address with the sudo-workers list
6321 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
6323 * schema.OpenLDAP, schema.iPlanet:
6324 Break schema out into separate files.
6327 * Makefile.in, README.LDAP:
6328 Break schema out into separate files.
6331 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
6334 free message if set by authenticate()
6338 deal with NULL gr_mem
6341 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
6348 add template for HAVE_PROJECT_H
6355 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
6358 mention --with-project
6361 * config.h.in, configure.in, sudo.c:
6362 Add Solaris 10 "project" support. From Michael Brantley.
6374 Fix preservation of LDFLAGS in the LDAP case.
6378 Remove dependecy on NULL
6385 * aclocal.m4, configure.in:
6386 Can't use the regular autoconf fnmatch() check since we need
6387 FNM_CASEFOLD so go back to our custom one.
6391 Fix preserving of variables in env_keep.
6399 expand upon env resetting and mention that it began in 1.6.9 not
6404 Update descriptions of env_keep and env_check to match current
6408 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
6411 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
6412 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
6416 Treat USERNAME environemnt variable like LOGNAME/USER
6420 Don't need to populate keepenv table with the contents of the
6425 Don't force sudo into the C locale.
6429 Make env_check apply when env_reset it true. Environment variables
6430 are passed through unless they contain '/' or '%'. There is no need
6431 to have a variable in both env_check and env_keep.
6434 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
6437 Remove an duplicate lock_file() call and add a comment.
6441 Add sudo 1.6.9 upgrade note.
6444 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
6447 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
6448 small. From Klaus Wagner.
6451 * logging.c, sudo.h:
6452 Redo the long syslog line splitting based on a patch from Eygene
6453 Ryabinkin. Include memrchr() for systems without it.
6457 Redo the long syslog line splitting based on a patch from Eygene
6458 Ryabinkin. Include memrchr() for systems without it.
6461 * Makefile.in, config.h.in, configure, configure.in:
6462 Redo the long syslog line splitting based on a patch from Eygene
6463 Ryabinkin. Include memrchr() for systems without it.
6467 Since we need to be able to convert timespec to timeval for utimes()
6468 the last 3 digits in the tv_nsec are not significant. This makes the
6469 sudoedit file date comparison work again.
6472 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
6474 * aclocal.m4, configure, configure.in:
6475 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
6476 This deals with exclusive authentication methods in a simple way.
6479 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
6482 mkstemp.c is BSD code too.
6485 * sudo.pod, sudoers.pod, visudo.pod:
6486 No commercial support for now.
6489 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
6492 cleanenv() is no more.
6495 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
6498 Display branch info in Changelog
6502 Include config.h early so we have it for TIME_WITH_SYS_TIME
6506 Fix Changelog generation and update.
6509 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
6512 Use /proc/self/fd instead of /proc/$$/fd
6514 Move old-style fd closing into closefrom_fallback() and call that if
6515 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
6518 * auth/kerb5.c, config.h.in, configure.in:
6519 o use krb5_verify_user() if available instead of doing it by hand o
6520 use krb5_init_secure_context() if we have it o pass an encryption
6521 type of 0 to krb5_kt_read_service_key() instead of
6522 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
6526 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
6530 Fix closefrom() substitution in the Makefile
6534 Mention alternate sudo pronunciation.
6537 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
6540 Remove KRB5_KTNAME from environment. Allow COLORTERM.
6544 If we cannot get a valid service key using the default keytab it is
6545 a fatal error. Fixes a bug where sudo could be tricked into
6546 allowing access when it should not by a fake KDC. From Thor Lancelot
6550 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
6552 * aclocal.m4, configure, configure.in:
6553 Update long long checks to use AC_CHECK_TYPES and to cache values.
6556 * aclocal.m4, configure.in:
6557 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
6558 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
6562 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
6564 * configure, configure.in:
6565 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
6566 need it for visudo now too.
6569 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6572 Attempt to clarify the bit talking about network numbers w/o
6577 Clarify timestamp dir ownership sentence.
6580 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
6583 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
6587 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6590 -i is also one of the mutually exclusive options to list it in the
6591 warning message. Noted by Chris Pepper.
6594 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
6597 The sudoers variable is env_editor, not enveditor. From Jean-
6601 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
6604 I tracked down the original author so credit him and include his
6608 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
6610 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
6612 Fix typos; from Jason McIntyre.
6616 Restore signal mask before calling reapchild(). Fixes a possible
6617 race condition that could prevent sudo from properly waiting for the
6621 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
6624 Don't declare pw_free() if we are not going to use it.
6628 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
6629 LDR_PRELOAD64. The 64-bit version is not currently supported.
6630 Remove zero_env() prototype as it no longer exists.
6633 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
6636 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
6639 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
6642 If the user enters ^C at the password prompt, abort instead of
6643 trying to authenticate with an empty password (which causes an
6647 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6649 * closefrom.c, config.h.in, configure, configure.in:
6650 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
6655 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
6658 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
6660 * config.guess, config.sub:
6661 Update to latest versions from cvs.savannah.gnu.org
6664 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
6666 * pwutil.c, sudo_edit.c:
6667 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
6668 we can close the passwd/group files early.
6671 * config.h.in, configure, configure.in, set_perms.c:
6672 Add seteuid() flavor of set_perms() for systems without setreuid()
6673 or setresuid() that have a working seteuid(). Tested on Darwin.
6676 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
6679 systrace_read() returns ssize_t
6682 * configure, configure.in:
6683 Fix typo, -lldap vs. -ldap; from Tim Knox.
6686 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6689 Fix typo; Matt Ackeret
6692 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
6695 Print sudoers path in -V mode for root.
6698 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
6701 Do a sub tree search instead of a base search (one level in the tree
6702 only) for sudo right objects. This allows system administrators to
6703 categorize the rights in a tree to make them easier to manage.
6706 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
6712 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
6715 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
6716 bind_timelimit support; adapted from gentoo.
6719 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
6722 Support comments that start in the middle of a line
6725 * configure, configure.in:
6726 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
6729 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
6732 Silence gcc -Wsign-compare; djm@openbsd.org
6735 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
6736 cleanup() now takes an int as an arg so it can be used as a signal
6741 Make a copy of the shell field in the passwd struct for NewArgv to
6742 avoid a use after free situation after sudo_endpwent() is called.
6745 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
6747 * config.h.in, configure, configure.in:
6748 Add mkstemp() for those poor souls without it.
6752 Add mkstemp() for those poor souls without it.
6756 Add mkstemp() for those poor souls without it.
6759 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
6762 Add PERL5DB to list of environment variables to remove.
6765 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
6767 * mon_systrace.c, mon_systrace.h:
6768 Instead of calling the check function twice with a state cookie use
6769 separate check/log functions.
6771 Check more ioctl() calls for failure.
6773 systrace_{read,write} now return the number of bytes read/written or
6778 Add more environment variables to remove; from gentoo linux Add some
6779 comments about what bad env variables go to what (more to do)
6782 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
6784 * sudo.c, sudo_edit.c:
6785 Move sudo_end{gr,pw}ent() until just before the exec since they free
6786 up our cached copy of the passwd structs, including sudo_user and
6787 sudo_runas. Fixes a use-after-free bug.
6791 Close all fd's before executing editor.
6795 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
6799 Fix fd leak when lecture file option is enabled. From Jerry Brown
6802 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
6805 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
6806 environment variables to remove. From Charles Morris
6809 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
6812 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
6815 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
6818 add PS4 and SHELLOPTS to initial_badenv_table for bash
6821 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
6824 Fix typo; Toby Peterson
6827 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
6830 Make return buffers static so they don't get clobbered
6833 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6836 Fix securid5 authentication, was not checking for ACM_OK. Also add
6837 default cases for the two switch()es. Problem noted by ccon at
6841 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
6844 Remove ncat() in favor of just counting bytes and pre-allocating
6848 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
6851 Fix up some comments Add missing fclose() for the rootbinddn case
6855 align struct ldap_config
6859 use LINE_MAX for max conf file line size
6863 add _PATH_LDAP_SECRET
6867 Mention rootbinddn Give example ou=SUDOers container
6870 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
6872 * INSTALL, configure, configure.in, ldap.c:
6873 Support rootbinddn in ldap.conf
6876 * env.c, sudo.pod, sudoers.pod:
6877 Preserve DISPLAY environment variable by default.
6880 * acsite.m4, configure:
6881 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
6884 * acsite.m4, configure:
6885 set need_version=no for all cases; this is safe for LD_PRELOAD
6892 * configure, configure.in:
6897 Fix call to pam_end() when pam_open_session() fails.
6905 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
6906 ltsugar.m4 ltversion.m4
6909 * config.guess, config.sub, ltmain.sh:
6910 merge in local changes: config.guess: o better openbsd support
6911 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
6912 libs must begin with "lib" o don't print a bunch of crap about
6913 library installs o don't run ldconfig
6916 * config.guess, config.sub, ltmain.sh:
6921 Update with autoupdate and make minor changes for libtool 1.9f
6924 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6927 don't call sudo_ldap_display_cmnd if ldap not setup
6930 * sudo_edit.c, visudo.c:
6931 Move declatation of struct timespec to its own include files for
6932 systems without it since it needs time_t defined.
6936 Move declatation of struct timespec to its own include files for
6937 systems without it since it needs time_t defined.
6941 Move declatation of struct timespec to its own include files for
6942 systems without it since it needs time_t defined.
6946 Move declatation of struct timespec to its own include files for
6947 systems without it since it needs time_t defined.
6950 * check.c, compat.h:
6951 Move declatation of struct timespec to its own include files for
6952 systems without it since it needs time_t defined.
6956 Don't set safe_cmnd for the "sudo ALL" case.
6959 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
6962 Call pam_open_session() and pam_close_session() to give pam_limits a
6963 chance to run. Idea from Karel Zak.
6966 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6969 Add explicit cast from mode_t -> u_int in printf to silence warnings
6974 include grp.h to silence a warning on Solaris
6977 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
6980 Fix printing of += and -= defaults.
6983 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
6986 Sanity check number of syscall args with argsize. Not really needed
6987 but a little paranoia never hurts.
6990 * mon_systrace.c, mon_systrace.h:
6991 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
6992 for systrace lengths (since it uses int)
6995 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6998 Add some memsets for paranoia Fix namespace collsion w/ error Check
6999 rval of decode_args() and update_env() Remove improper setting of
7003 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
7005 * parse.c, sudo.c, sudo.h:
7006 In -l mode, only check local sudoers file if def_ignore_sudoers is
7007 not set and call LDAP versions from display_privs() and
7008 display_cmnd() instead of directly from main(). Because of this we
7009 need to defer closing the ldap connection until after -l processing
7010 has ocurred and we must pass in the ldap pointer to display_privs()
7015 Reorganize LDAP code to better match normal sudoers parsing.
7016 Instead of storing strings for later printing in -l mode we do
7017 another query since the authenticating user and the user being
7018 listed may not be the same (the new -U flag). Also add support for
7021 There is still a fair bit if duplicated code that can probably be
7025 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
7028 Replace pass variable with do_netgr for better readability.
7039 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
7042 Add macro to test if the tag changed to improve readability.
7046 Avoid printing defaults header if there are no defaults to print...
7050 Fix a warning on systems without strlcpy().
7054 Use macros where possible for sudo_grdup() like sudo_pwdup().
7057 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
7060 It is possible for tv_usec to hold >= 1000000 usecs so add in
7064 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
7067 The component in krb5_principal_get_comp_string() should be 1, not 0
7068 for Heimdal. From Alex Plotnick.
7071 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
7073 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
7074 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
7075 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
7076 Add efree() for consistency with emalloc() et al. Allows us to rely
7077 on C89 behavior (free(NULL) is valid) even on K&R.
7081 Move initgroups() for -U option into display_privs() so group
7082 matching in sudoers works correctly.
7085 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
7088 Removed duplicate call to ldap_unbind_s introduced along with
7093 Add missing space in Defaults printing
7096 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
7099 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
7103 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
7106 Zero old pw_passwd before replacing with version from shadow file.
7109 * configure, configure.in:
7110 Only attempt shadow password detection if PAM is not being used Add
7111 shadow_* variables to make shadow password detection more generic.
7115 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
7118 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
7121 use a non-breaking space to avoid a double space after e.g.
7125 commna, not colon after e.g.
7128 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
7131 Add __ variants of the exec functions. GNU libc at least uses
7132 __execve() internally.
7136 Match reality a bit more.
7140 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
7144 Store shadow password after making a local copy of struct passwd in
7145 case normal and shadow routines use the same internal buffer in
7149 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
7151 * alloc.c, logging.c:
7152 Make varargs usage consistent with the rest of the code.
7155 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
7158 Wrap more of the exec family since on Linux the others do not appear
7159 to go through the normal execve() path.
7163 make print_unused static like proto says
7167 silence a warning on K&R systems
7171 make this build in K&R land
7175 make this build in K&R land
7178 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
7184 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
7187 return(foo) not return foo optimize _atobool() slightly
7195 Reformat to match the rest of sudo's code.
7199 I am the primary author
7202 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
7204 * Makefile.in, README, RUNSON:
7205 The RUNSON file is toast--it confused too many people and really
7206 isn't needed in a configure-oriented world.
7210 alternate -> alternative
7214 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
7219 Allow leading blanks before Defaults and Foo_Alias definitions
7223 fix rules to build toke.o and gram.o in devel mode
7226 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
7229 env_keep overrides set_logname
7233 Fix disabling set_logname and make env_keep override set_logname.
7236 * compat.h, config.h.in, configure, configure.in:
7237 No longer need memmove()
7241 Just clean the environment once. This assumes that any further
7242 setenv/putenv will be able to handle the fact that we replaced
7243 environ with our own malloc'd copy but all the implementations I've
7247 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
7250 In -i mode, base the value of insert_env()'s dupcheck flag on
7251 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
7254 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
7257 Move setting of user_path, user_shell, user_prompt and prev_user
7258 into init_vars() since user_shell at least is needed there.
7261 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
7268 Fix some printf format mismatches on error.
7272 Fix some printf format mismatches on error.
7275 * configure, gram.c, toke.c:
7279 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
7280 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
7281 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
7282 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
7283 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
7284 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
7285 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
7286 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
7287 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
7288 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
7289 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
7290 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
7291 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
7292 visudo.pod, zero_bytes.c:
7293 Update copyright years.
7296 * Makefile.binary.in:
7297 Update copyright years.
7301 Update copyright years.
7304 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
7309 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
7312 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
7314 * compat.h, logging.h, sudo.h:
7315 Add __printflike and use it with gcc to warn about printf-like
7319 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
7321 * CHANGES, ChangeLog:
7322 Replaced CHANGES file with ChangeLog generated from cvs logs
7326 Use warning/error instead of perror/fatal.
7330 Update OpenBSD section
7334 Add upgrading noted for 1.7
7337 * env.c, sudo.c, sudoers.pod:
7338 Instead of zeroing out the environment, just prune out entries based
7339 on the env_delete and env_check lists. Base building up the new
7340 environment on the current environment and the variables we removed
7344 * config.h.in, configure, configure.in, sudo.c:
7345 Set locale to "C" if locales are supported, just to be safe.
7349 Cast?argument to ctype functions to unsigned char.
7352 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
7355 correct value for DID_USER
7358 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
7359 #include <compat.h> not "compat.h"
7363 Reset the environment by default.
7367 Alloc an extra slot in NewArgv. Removes the need to malloc an new
7368 vector if execve() fails.
7371 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
7373 * INSTALL, config.h.in, configure, configure.in, sudo.c:
7374 Use execve(2) and wrap the command in sh if we get ENOEXEC.
7377 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
7380 Only include time.h on systems that lack struct timespec which gets
7381 defind in compat.h (using time_t).
7385 Include time.h for time_t in compat.h for systems w/o struct
7389 * compat.h, config.h.in, configure, configure.in:
7390 use bcopy on systems w/o memmove
7394 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
7399 Add explicit rule to build sudo_noexec.lo
7402 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
7404 * INSTALL.configure, Makefile.in:
7405 No longer depend on VPATH; pointed out a bunch of missed
7410 Help for PAM when account section is missing
7414 Give user a clue when there is a missing "account" section in the
7419 Better error handling.
7422 * config.h.in, configure, configure.in:
7423 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
7424 possible. Silences a warning about isblank() on linux.
7428 Fix typo (missing comma) that caused an incorrect number of args to
7429 be passed to log_error().
7432 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
7435 Don't try to destroy a tree we didn't create.
7438 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
7440 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
7441 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
7442 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
7443 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
7444 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
7445 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
7446 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
7447 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
7448 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
7449 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
7450 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
7451 Add __unused to rcsids
7454 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
7456 * configure, configure.in:
7457 Fix error message when mixing invalid auth types
7461 PAM, AIX auth, BSD auth and login_cap are now on by default if the
7465 * auth/sudo_auth.h, config.h.in:
7466 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
7470 Better checking for conflicting authentication methods Display the
7471 authentication methods used at the end of configure Rename --with-
7472 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
7473 --with-pam, --with-logincap by default on systems that support them
7474 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
7475 OSREV has full version number
7478 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
7480 * def_data.c, def_data.in, sudo.c, sudoers.pod:
7484 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
7487 Replace: test -n "$FOO" || FOO="bar"
7489 With: : ${FOO='bar'}
7492 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
7494 * pwutil.c, testsudoers.c, tsgetgrpw.c:
7495 Use function pointers to only call private passwd/group routines
7496 when using a nonstandard passwd/group file.
7499 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
7506 Can't use strtok() since it doesn't handle empty fields so add
7507 getpwent()/getgrent() functions and call those.
7510 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
7513 Fix dummied out toke.c and gram.c dependencies.
7517 Rename PARSESRCS -> GENERATED since it is only used in the clean
7518 target Add devdir variable and use it to specify the path to parser
7527 Add a devdir variables that defaults to $(srcdir) and is set to . if
7528 --devel was specified. Allows for proper dependecies building the
7533 Add support for custom passwd/group files.
7537 Build private copy of pwutil.o for testsudoers with MYPW defined so
7538 it uses our own passwd/group routines.
7542 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
7543 stubs instead. We can now just use the caching sudo_*{pw,gr}*
7544 functions in pwutil.c Add comment about wanting to call
7545 sudo_endpwent/sudo_endgrent in cleanup()
7549 Remove caching; we will just use what is in pwutil.c Use global
7550 buffers for passwd/group structs Rename functions from sudo_* to
7554 * logging.c, sudo.c:
7555 g/c pwcache_init/pwcache_destroy
7559 Undo last commit and add sudo_setspent and sudo_endspent instead.
7562 * getspwuid.c, pwutil.c:
7563 Move all but the shadow stuff from getspwuid.c to pwutil.c and
7564 pwcache_get and pwcache_put as they are no longer needed. Also add
7565 preprocessor magic to use private versions of the passwd and group
7566 routines if MYPW is defined (for use by testsudoers).
7570 zero out struct passwd/group before filling it in so if there are
7571 fields we don't handle they end up as 0.
7574 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
7579 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
7584 Passwd and group lookup routines for testsudoers that support
7585 alternate passwd and group files.
7588 * getspwuid.c, pwutil.c:
7589 Split off pw/gr cache and dup code into its own file. This allows
7590 visudo and testsudoers to use the pw/gr cache too.
7593 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
7596 Print Defaults info in "sudo -l" output and wrap lines based on the
7600 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
7602 * match.c, testsudoers.c, visudo.c:
7603 Only check group vector in usergr_matches() if we are matching the
7604 invoking or list user. Always check the group members, even if
7605 there was a group vector.
7608 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
7610 * LICENSE, Makefile.in, fnmatch.3:
7611 No longer bundle fnmatch.3
7618 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
7625 Sort command line options
7628 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
7629 sudo.pod, sudoers.pod:
7630 Add closefrom sudoers option to start closing at a point other than
7631 3. Add closefrom_override sudoers option and -C sudo flag to allow
7632 the user to specify a different closefrom starting point.
7636 Add _PATH_DEVNULL for those without it.
7640 no more UCB strcasecmp
7644 replace BSD licensed one with version derived from pdksh
7647 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
7654 Make sure stdin, stdout and stderr are open and dup them to
7658 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
7660 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
7664 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
7665 Use TIME_WITH_SYS_TIME
7668 * config.h.in, configure, configure.in:
7669 Add TIME_WITH_SYS_TIME_H
7672 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
7675 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
7676 unconditionally on darwin. From Toby Peterson.
7680 Check rbinsert() return value. In the case of faked up entries
7681 there is usually a negative response cached that we need to
7684 In pwfree() don't try to zero out a NULL pw_passwd pointer.
7688 Use the double fork trick to avoid the monitor process being waited
7689 for by the main program run through sudo.
7692 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
7695 Call initgroups() in -U mode so group matches work normally.
7698 * def_data.h, mkdefaults:
7699 Don't print a trailing comma for the last entry in enum def_tupple
7702 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
7704 * sudoers.cat, sudoers.man.in, sudoers.pod:
7705 Mention values when lecture, listpw and verifypw are used in boolean
7709 * def_data.c, def_data.in:
7710 verifypw when used in a boolean TRUE context should be "all", not
7714 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
7716 * def_data.in, defaults.c:
7717 Allow tuples that can be used as booleans to be used as boolean
7718 TRUE. In this case the 2nd possible value of the tuple is used for
7722 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
7724 * configure, configure.in:
7725 Correct the test for 2-parameter timespecsub
7729 Add strub struct definitions for passwd, timeval and timespec
7732 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
7733 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
7734 and fix a typo in the gettimeofday check.
7737 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
7739 * match.c, testsudoers.c:
7740 Deal with user_stat being NULL as it is for visudo and testsudoers.
7743 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
7744 Add -U option to use in conjunction with -l instead of -u. Add
7745 support for "sudo -l command" to test a specific command.
7748 * gram.c, gram.y, sudo.c:
7749 Set safe_cmnd after sudoers_lookup() if it has not been set.
7750 Previously it was set by sudo "ALL" in the parser but at that point
7751 the fully-qualified pathname has not yet been found.
7754 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
7756 * parse.c, testsudoers.c:
7757 Correctly handle multiple privileges per userspec and runas
7761 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
7764 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
7767 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
7770 make per-command defaults work with sudoedit
7773 * ldap.c, parse.c, sudo.c, sudo.h:
7774 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
7775 Instead, we just set the approriate defaults variable.
7778 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
7779 Document per-command Defaults.
7782 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
7783 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
7784 Add support for command-specific Defaults entries. E.g.
7785 Defaults!/usr/bin/vi noexec
7788 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
7789 Change an occurence of user_matches() -> runas_matches() missed
7790 previously runas_matches(), host_matches() and cmnd_matches() only
7791 really need to pass in a list of members. user_matches() still
7792 needs to pass in a passwd struct because of "sudo -l"
7796 Check def_authenticate, def_noexec and def_monitor when setting
7797 return flags. XXX May be better to just set the defaults directly
7798 and get rid of those flags.
7801 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
7802 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
7803 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
7804 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
7805 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
7806 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
7807 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
7808 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
7809 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
7810 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
7811 visudo.c, zero_bytes.c:
7812 Use: #include <config.h> Not: #include "config.h" That way we get
7813 the correct config.h when build dir != src dir
7817 Back out part of rev 1.263; fix -I order
7821 More robust parsing if #include; could be much better still.
7824 * sudo_edit.c, visudo.c:
7825 Make arg splitting in visudo and sudoedit consistent.
7828 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
7829 Split alias routines out into their own file.
7833 __attribute__ is already defined in compat.h
7837 quit() should not be __noreturn__ as it is non-void on some
7841 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
7842 Add local error/warning functions like err/warn but that call an
7843 additional cleanup routine in the error case. This means we no
7844 longer need to compile a special version of alloc.o for visudo.
7848 Clarify comments about the data structures
7851 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
7854 Add support for VISUAL and EDITOR containing command line args. If
7855 env_editor is not set any args in VISUAL and EDITOR are ignored.
7856 Arguments are also now supported in def_editor.
7859 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
7862 alias_matches() is no more
7870 When regenerating the parser, don't replace gram.h unless it has
7875 remove Makefile.binary for distclean
7879 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
7880 sure we can't overflow new_env.
7884 paranoia when stripping trailing slashes from tempdir.
7888 Set user_ngroups to 0 if getgroups() returns an error.
7891 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
7893 * config.h.in, configure, configure.in, sudo.c:
7894 Add configure check for getgroups()
7898 Use supplementary group vector in struct sudo_user.
7902 Only do string comparisons on the group members if there is no
7903 supplemental group list.
7911 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
7912 chop off any trailing slashes we see and add an explicit one.
7916 remove bogus XXX comment
7920 Get rid of alias_matches and correctly fall through to the non-alias
7921 cases when there is no alias with the specified name.
7925 Cache non-existent passwd/group entries too.
7936 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
7937 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
7938 Implement group caching and use the passwd and group caches
7942 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
7945 Properly negate the return value of alias_matches() when
7950 Make hostname_matches() return TRUE for a match, else FALSE like the
7955 Add missing dependencies on gram.h
7959 Use runas_matches in alias_matches() now that we have it.
7963 Expand aliases in "sudo -l" mode
7967 Use ALIAS for the member type when storing an alias instead of
7968 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
7969 more generic type. Expand runas_matches instead of calling
7970 user_matches() inside of it since user_matches() looks up
7971 USERALIASes, not RUNASALIASes.
7974 * CHANGES, getspwuid.c:
7975 Paranoia; zero out pw_passwd before freeing passwd entry.
7978 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
7979 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
7980 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
7981 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
7982 Add local error/warning functions like err/warn but that call an
7983 additional cleanup routine in the error case. This means we no
7984 longer need to compile a special version of alloc.o for visudo.
7988 Use userpw_matches() to compare usernames, not strcmp(), since the
7989 latter checks for "#uid".
7992 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
7993 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
7994 the other by user name. The data returned from the cache should be
7995 considered read-only and is destroyed by sudo_endpwent().
8003 missing free in alias_destroy
8007 Can't use rbapply() for rbdestroy since the destructor is passed a
8008 data pointer, not a node pointer.
8011 * getspwuid.c, logging.c, sudo.c, sudo.h:
8012 Create and use private versions of setpwent() and endpwent() that
8013 set/end the shadow password file too.
8016 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
8017 Store aliases in a red-black tree.
8020 * Makefile.in, redblack.c, redblack.h:
8021 red-black tree implementation
8025 Edit all sudoers file if there were unused or undefined aliases and
8026 we are in strict mode.
8029 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
8031 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
8032 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
8033 Bring back the "secure_path" Defaults option now that Defaults take
8034 effect before the path is searched.
8037 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
8039 * logging.c, parse.c:
8040 A user can always list their own entries, even with -u. Better error
8041 message when failing to list another user's entries.
8044 * parse.c, sudo.c, sudo.h:
8045 The syntax to list another user's entries is now "-u otheruser -l".
8046 Only root or users with sudo "ALL" may list other user's entries.
8049 * sudo.cat, sudo.man.in, sudo.pod:
8050 Update env variable info in SECURITY NOTES
8058 strip exported bash functions from the environment.
8061 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
8064 Only reset sudo_user.pw based on SUDO_USER environment variables for
8065 real commands and sudoedit. This avoids a confusing message when a
8066 user tries "sudo -l" or "sudo -v" and is denied.
8069 * gram.c, gram.y, parse.h:
8070 Extend LIST_APPEND to deal with appending lists too
8073 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
8076 Convert some bitwise AND to ISSET
8080 toke.c replaces lex.yy.c
8088 new parser fixes most of the outstanding bugs
8096 Rework for the new parser. Now checks for unused aliases in sudoers.
8100 Rewrite for the new parser. Now supports a -d flag (dump) and adds
8101 a -h flag (host). It now defaults to the local hostname unless
8102 otherwise specified.
8106 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
8110 Update for new parse. We now call find_path() *after* we have
8111 updated the global defaults based on sudoers. Also adds support for
8112 listing other user's privs if you are root.
8116 Working LDAP support; also remove a now-unneeded rewind().
8119 * logging.c, logging.h:
8124 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
8125 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
8126 connecto to LDAP, apply the default options, find the command in the
8127 user's path, and then check whether the user is allowed to run it.
8128 The important thing here is that the default runas user may be
8129 specified as a default option and that needs to be set before we
8130 search for the command.
8134 Add casts to unsigned char for isspace() to quiet a gcc warning.
8138 Add prototype for update_defaults()
8142 Don't warn about line numbers now that we operate on a set of data
8143 structures (or LDAP) and not a file.
8147 No long use lsearch()
8151 Update for new and changed file names.
8155 no more BSD lsearch.c
8159 foo_matches() routines now live in match.c Added user_matches(),
8160 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
8161 that operate on the parsed sudoers file.
8164 * parse.lex, toke.l:
8165 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
8166 WORD no longer needs to exclude '@' kill yywrap()
8169 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
8171 Rewritten parser that converts sudoers into a set of data
8172 structures. This eliminates ordering issues and makes it possible to
8173 apply sudoers Defaults entries before searching for the command.
8176 * configure.in, emul/search.h, lsearch.c:
8177 We won't be using lsearch() any longer.
8181 sudo should not send mail if someone who runs 'sudo -l' has no
8185 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8191 Update warnings to match new visudo
8195 The new parser doesn't have the old ordering constraints.
8199 Document that -l now takes an optional username argument
8202 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
8209 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
8210 a compilation problem with Solaris 9's native LDAP.
8212 Set FLAG_MONITOR when needed.
8215 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
8218 Call sudo_goodpath() *after* changing the cwd to match the traced
8219 process. Fixes relative paths.
8222 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
8225 Kill set_perms() stub--it is no longer needed.
8228 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
8230 * sudoers.cat, sudoers.man.in, sudoers.pod:
8231 stay_setuid now requires set_reuid() or setresuid()
8234 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
8235 configure.in, set_perms.c, sudo.c, sudo.h:
8236 Kill use of POSIX saved uids; they aren't worth bothering with.
8239 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
8242 remove call to issetugid()
8245 * sudoers.cat, sudoers.man.in, sudoers.pod:
8246 Remove warning about wildcards. Now that we use glob() the bug is
8251 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
8252 each result that matches the basename of the user's command. This
8253 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
8254 /usr/bin/blah. Fixes bug #143.
8257 * config.h.in, configure, configure.in:
8258 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
8262 * config.h.in, configure, configure.in:
8263 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
8271 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
8276 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
8280 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
8283 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
8284 means we are out of space in the stack gap...
8292 Take a stab at ldap sudoers support here.
8295 * mon_systrace.c, mon_systrace.h:
8296 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
8297 doesn't cause reboot to inadvertanly kill itself.
8301 put "monitor" in the proctitle, not "systrace"
8305 When modifying the environment, don't replace envp when we can get
8306 away with just rewriting pointers in the traced process.
8309 * mon_systrace.c, mon_systrace.h:
8310 Add environment updating via STRIOCINJECT (if available).
8313 * sudoers.cat, sudoers.man.in:
8317 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
8324 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
8328 Include file is now mon_systrace.h
8331 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
8332 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
8333 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
8334 No longer call it tracing, it is now "monitoring" which should be
8335 more a obvious name to non-hackers.
8338 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
8340 * mon_systrace.c, mon_systrace.h:
8344 * mon_systrace.c, mon_systrace.h:
8345 No need to include syscall.h, use 1024 as the max # of entries (the
8346 max that systrace(4) allows).
8348 Only need to use SYSTR_POLICY_ASSIGN once
8350 Change check_syscall() -> find_handler() and have it return the
8351 handler instead of just running it. We need this since handler now
8352 have two parts: one part that generates and answer and another that
8353 gets called after the answer is accepted (to do logging).
8355 Add some missing check_exec for emul execv
8358 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
8363 Add missing HAVE_LINUX_SYSTRACE_H
8367 add trace_systrace.o dependency
8370 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
8372 * configure, configure.in:
8373 Also look for systrace.h in /usr/include/linux
8376 * mon_systrace.c, mon_systrace.h:
8377 Move all struct defs and prototypes into trace_systrace.h and mark
8378 all but systace_attach() static.
8381 * mon_systrace.c, mon_systrace.h:
8382 Add support for tracing emulations. At the moment, all emulations
8383 are compiled in. It might make sense to #ifdef them in the future,
8384 though this impeeds readability.
8387 * Makefile.in, configure, configure.in:
8388 rename systrace.c -> trace_systrace.c
8391 * parse.yacc, sudo.tab.c:
8392 Allow this to build with a K&R compiler again
8399 * compat.h, sudo.c, visudo.c:
8400 Use __attribute__((__noreturn__))
8404 Exit() takes a negative value to indicate it was not called via
8408 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8413 * Makefile.in, visudo.c:
8414 Define Err() and Errx() that are like err() and errx() but call
8415 Exit() instead of exit(). Build private copy of alloc.o for visudo
8416 that calls Err() and Errx().
8419 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
8421 * lex.yy.c, sudo.tab.c:
8430 Overhaul visudo for editing multiple files: o visudo has been
8431 broken out into functions (more work needed here) o each file is
8432 now edited before sudoers is re-parsed o if a #include line is
8433 added that file will be edited too
8435 TODO: o cleanup temp files when exiting via err() or errx() o
8436 continue breaking things out into separate functions
8439 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
8440 Add keepopen arg to open_sudoers that open_sudoers can use to
8441 indicate to the caller that the fd should not be closed when it is
8442 done with it. To be used by visudo to keep locked fds from being
8443 closed prematurely (and thus losing the lock).
8446 * parse.yacc, sudo.c:
8447 Add errorfile global that contains the name of the file that caused
8452 return COMMENT to yacc grammar for a #include line
8456 Remove us of unput() in favor of yyless() which is cheaper.
8460 Allow an empty sudoers file.
8463 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
8466 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
8469 * lex.yy.c, sudo.tab.c:
8474 Do signal setup before calling edit_sudoers(). Don't shadow the
8479 If a sudoers file includes other files, edit those too. Does not yes
8480 deal with creating the new includes files itself.
8484 init_parser now takes a path
8487 * parse.c, parse.h, parse.lex, parse.yacc:
8488 More scaffolding for dealing with multiple sudoers files: o
8489 init_parser() now takes a path used to populate the sudoers global
8490 o the sudoers global is used to print the correct file in yyerror()
8491 o when switching to a new sudoers file, perserve old file name and
8495 * Makefile.in, pathnames.h.in:
8496 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
8497 multiple sudoers files.
8501 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
8502 we start at the right file position when reading include files.
8514 Add max depth of 128 for the include stack to avoid loops.
8516 Since yyerror() doesn't stop parsing, pass return values back to
8517 yylex and call yyterminate() on error.
8520 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
8527 Mention PREVENTING SHELL ESCAPES section of sudoers man page
8530 * lex.yy.c, sudo.tab.c:
8535 Add support for #include in sudoers (visudo support TBD)
8539 make yyerror()'s argument const
8542 * testsudoers.c, visudo.c:
8543 Add open_sudoers() stubs.
8547 Rename check_sudoers() open_sudoers() and make it return a FILE *
8550 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
8552 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
8557 * Makefile.in, sudo.psf:
8558 Better HP-UX depot construction
8561 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
8564 o Made children global so check_exec() can lookup a child. o
8565 Replaced uid in struct childinfo with struct passwd * (for runas) o
8566 new_child() now takes a parent pid so the runas info can be
8567 inherited o Added find_child() to lookup a child by its pid o
8568 update_child() now fills in a struct passwd o Converted the big
8569 if/else mess in set_policy to a switch o Syscalls that change uid
8570 are now "ask" so we get SYSTR_MSG_UGID events
8574 Add flag to sudo_pwdup that indicates whether or not to lookup the
8575 shadow password. Will be used to a struct passwd that has the
8576 shadow password already filled in.
8580 add missing increment of addr in read_string()
8584 Remove bogus call to update_child() and some cosmetic fixes
8588 Don't leak /dev/systrace fd to tracee Make initialized global for
8589 simplicity If STRIOCATTACH returns EBUSY we are already being traced
8590 Check for user_args == NULL in setproctitle() call Add missing calls
8595 g/c sudo_pwdup proto
8598 * Makefile.in, sudo.psf:
8599 Add target for building a depot file
8606 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
8608 * lex.yy.c, sudo.tab.c, sudo.tab.h:
8613 document --with-systrace
8616 * config.h.in, configure, configure.in:
8617 Add check for setproctitle
8621 pass struct str_msg_ask in to syscall checker so it can set the
8626 systrace(4) support for sudo. On systems with the systrace(4)
8627 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
8628 intercept exec calls and check the exec args against the sudoers
8629 file. In other words, sudo can now control subcommands and shell
8634 Call systrace_attach() if FLAG_TRACE is set.
8637 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
8638 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
8642 Don't close sudoers_fp, keep it open and set close on exec flag
8646 * def_data.c, def_data.h, def_data.in:
8655 SunOS /bin/sh blows up with configure
8658 * configure, configure.in:
8659 Include sys/param.h before systrace.h
8671 line up options in --help
8674 * config.h.in, configure.in:
8678 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
8684 * aclocal.m4, configure.in:
8685 make this work with autoconf-2.59
8688 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
8691 Simplify logic around open & stat of files and do sanity on edited
8692 file even if we lack fstat (still racable but worth doing).
8695 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
8703 [b84ebfaf1552] [SUDO_1_6_8p1]
8706 more changes for 1.6.8p1
8713 * CHANGES, sudo_edit.c:
8714 Add sanity check so we don't try to edit something other than a
8718 2004-09-15 Aaron Spangler <aaron777@gmail.com>
8725 document --with-ldap-conf-file
8728 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
8730 * CHANGES, ins_csops.h:
8731 political correctness strikes again
8738 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
8740 * Makefile.binary.in, Makefile.in:
8741 Install sudoedit man link
8745 Update PAM note and mention where HP-UX users can download gcc
8750 libtool wants to install stuff from .libs so fake one up for binary
8754 * Makefile.binary.in:
8755 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
8759 Deal with "uname -m" having slashes in it rm -f old sudoedit link
8760 instead of using ln -f
8763 * Makefile.binary, Makefile.binary.in:
8764 Makefile.binary -> Makefile.binary.in for config.status substitution
8765 Add support for installing noexec bits
8769 Copy noexec bits into binary dists too No longer use my old arch
8770 script for making binary dists
8774 Install sudoedit link.
8777 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
8780 avoid __P so there is no need for compat.h to be included
8784 Don't use HAVE_UTIME_H before including config.h.
8787 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
8790 Fix Solatis futimes macro
8793 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
8796 Rename ots -> omtim for improved readability.
8799 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
8802 Redo changes in revision 1.7. Don't really need to keep the temp
8803 file open; re-opening it with the invoking user's euid is
8811 * sudo.cat, sudo.man.in:
8816 back out revision 1.70; it is no long applicable
8820 Let the loader initialize nep
8823 * config.h.in, configure, configure.in:
8824 Removed unneed check for fchown Add check for gettimeofday Move
8825 autoheader template stuff into separate AH_TEMPLATE lines
8828 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
8829 Use timespec throughout.
8837 function to return the current time in a struct timespec
8841 Not a darpa-sponsored file.
8844 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
8846 * compat.h, config.h.in, configure, configure.in:
8847 Add a check for struct timespec and provide it for those without.
8850 * config.h.in, configure, configure.in, sudo_edit.c:
8851 Add checks for st_mtim and st_mtimespec and add macros for pulling
8852 the mtime sec and nsec out of struct stat. These are used in
8853 sudo_edit() to better tell whether or not the file has changed.
8856 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
8857 Add an extra param to touch() for nsec
8861 Call mkstemp() as the in invoking user so we don't have to chown the
8862 file later. Only touch() the temp file if we can do it via the file
8863 descriptor. Don't check for modification of the temp file if we lack
8864 fstat(). Catch errors read()ing the temp file.
8868 If path is NULL and fd == -1 return -1.
8872 closefrom() is overkill, the only extra fds are the ones we opened
8873 so just close those in the child.
8876 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
8877 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
8879 Use utimes() and futimes() instead of utime() in touch(), emulating
8880 as needed. Not all systems are able to support setting the times of
8881 an fd so touch() takes both an fd and a file name as arguments.
8884 2004-09-07 Aaron Spangler <aaron777@gmail.com>
8890 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
8892 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8897 * sudo.pod, sudoers.pod, visudo.pod:
8898 Add SUPPORT section and re-order some of the sections to match the
8899 order we use in OpenBSD.
8902 2004-09-06 Aaron Spangler <aaron777@gmail.com>
8905 Openldap ~/.ldaprc fix
8908 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
8911 Talk about how the editor must write its changes to the original
8912 file and not just use rename(2).
8920 Keep the temp file open instead of re-opening after the editor has
8925 Update for current redhat/fedora core.
8928 2004-09-03 Aaron Spangler <aaron777@gmail.com>
8934 2004-09-02 Aaron Spangler <aaron777@gmail.com>
8937 config tls_* options
8940 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
8942 * configure, configure.in:
8943 No need for -lcrypt when using pam.
8946 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
8952 2004-08-27 Aaron Spangler <aaron777@gmail.com>
8954 * configure.in, ldap.c, pathnames.h.in:
8955 Allow --with-ldap-conf-file option to override LDAP_CONF
8959 cleanup debug message
8962 2004-08-26 Aaron Spangler <aaron777@gmail.com>
8968 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
8970 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
8971 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
8972 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
8973 longer use gross statics in command_matches(). Also rename some
8974 variables for improved clarity.
8977 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
8980 document HP's crippled compiler deficiency.
8984 Fix some thinkos in --with-editor and --with-env-editor
8985 descriptions. Noticed by Norihiko Murase.
8988 * configure, configure.in:
8989 --with-noexec takes an optional PATH argument.
8993 document --with-noexec
8996 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
9000 [f2503bd13373] [SUDO_1_6_8]
9003 Better warning message when sudoedit is unable to write to the
9007 * sudo.cat, sudo.man.in:
9012 Don't italicize the string "sudoedit"
9015 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
9021 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
9028 Reset used_runas to FALSE when re-intializing the parser.
9031 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
9034 Correct OpenBSD mips support
9041 2004-08-07 Aaron Spangler <aaron777@gmail.com>
9048 Updates on current behavior
9051 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
9054 =back does not take an indentlevel (makes no difference to formatted
9059 =back does not take an indentlevel (makes no difference to formatted
9068 Consistency. Use same error for bad -u #uid when targetpw is set as
9069 we do when a bad -u username is specified.
9073 Add checksum idea from Steve Mancini
9076 * sudoers.cat, sudoers.man.in:
9080 * sudo.cat, sudo.man.in:
9084 * sudo.pod, sudoers.pod:
9085 Document the restriction on uids specified via -u when targetpw is
9090 Error out when targetpw is enabled and sudo is run with -u #uid but
9091 #uid does not exist in the passwd database. We can't do target
9092 authentication when the target is not in passwd!
9095 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
9100 Some more todo for the next release.
9104 Make it clear that PAM should be used for DCE support when possible.
9108 o Document problems with wildcards and relative paths. o Make the
9109 order requirements more prominent. o Change a "set" to "reset" for
9113 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
9116 Mention --with-secure-path, not SECURE_PATH.
9119 2004-08-03 Aaron Spangler <aaron777@gmail.com>
9122 reflect changes to parse.c
9125 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
9131 * parse.c, parse.h, testsudoers.c, visudo.c:
9132 Don't pass user_cmnd and user_args to command_matches(), just use
9133 the globals there. Since we keep state with statics anyway it is
9134 misleading to pretend that passing in different cmnd and cmnd_args
9139 Don't pass user_cmnd and user_args to command_matches(), just use
9140 the globals there. Since we keep state with statics anyway it is
9141 misleading to pretend that passing in different cmnd and cmnd_args
9146 Fix a bug introduced in rev. 1.149. When checking for pseudo-
9147 commands check for a '/' anywhere in cmnd, not just the first
9151 2004-07-31 Aaron Spangler <aaron777@gmail.com>
9153 * sudo.man.in, sudo.pod:
9154 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
9157 * sudoers.man.in, sudoers.pod:
9158 Add ignore_local_sudoers
9162 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
9166 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
9172 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
9179 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
9180 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
9183 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
9189 2004-07-08 Aaron Spangler <aaron777@gmail.com>
9192 Better debugging of ALL command
9195 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
9198 When matching for "sudoedit" in sudoers check both the command the
9199 user typed *and* the command that is listed in the sudoers entry.
9202 2004-07-04 Aaron Spangler <aaron777@gmail.com>
9205 Added !command feature
9208 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
9211 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
9214 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
9217 License is ISC-style, not BSD-style
9224 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
9226 * sudo.cat, sudo.man.in:
9231 o Update some out of date bits to reality o Change the shell promt
9232 in examples to bourne-shell style o Clarify some details o Add a
9233 CAVEAT about "sudo cd /foo"
9237 Don't ask for a password if invoking user == target user.
9244 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
9246 * sudoers.cat, sudoers.man.in:
9251 Expand on NOEXEC a little.
9258 * visudo.cat, visudo.man.in:
9267 Add a check in visudo for runas_default being set after it has
9271 * CHANGES, parse.yacc, visudo.c:
9272 Add a check in visudo for runas_default being set after it has
9281 Add a MATCHED macro for testing whether foo_matches has been set to
9282 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
9283 Doesn't change the actual code generated.
9286 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
9297 Correct description of where Defaults specs should go.
9301 Correct description of where Defaults specs should go.
9304 * testsudoers.c, visudo.c:
9324 * auth/bsdauth.c, auth/kerb5.c:
9328 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
9334 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
9335 Remove trailing spaces, no actual code changes.
9339 Remove trailing spaces, no actual code changes.
9342 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
9343 Remove trailing spaces, no actual code changes.
9347 Remove trailing spaces, no actual code changes.
9351 Remove trailing spaces, no actual code changes.
9354 * compat.h, defaults.c, env.c:
9355 Remove trailing spaces, no actual code changes.
9359 Remove trailing spaces, no actual code changes.
9367 Fix a >=0 that should be <0 that was improperly converted when
9372 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
9373 NOMATCH when resetting it.
9377 Fix pastos introduced in SETNMATCH addition.
9380 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
9383 Update for configure changes
9391 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
9392 these in parse.yacc. Also in parse.yacc initialize the *_matches
9393 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
9394 when setting *_matches to a value that may be
9395 NOMATCH/UNSPEC/TRUE/FALSE.
9399 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
9400 these in parse.yacc. Also in parse.yacc initialize the *_matches
9401 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
9402 when setting *_matches to a value that may be
9403 NOMATCH/UNSPEC/TRUE/FALSE.
9407 Initialize runas to -2, not -1 since we need to be able to
9408 distinguish between the initialized value and the value of a non-
9409 match when passing along the runas value to multiple commands.
9411 The result of this is that an unmatched runas is now set to -1, not
9412 0. This is required now that parse.c treats a FALSE value for runas
9413 as being explicitly denied.
9416 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
9419 Error out if argc < 1.
9423 Error out if argc < 1.
9426 * configure, configure.in:
9427 Add tests for what libs we need to link with for ldap and for
9428 whether or not lber.h needs to be explicitly included.
9431 2004-06-03 Aaron Spangler <aaron777@gmail.com>
9434 Solaris native LDAP build fix
9437 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
9440 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
9445 Add prototype for sudo_ldap_list_matches
9448 * configure, configure.in:
9449 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9450 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9451 this is now used to confitionally define the dirfd macro in
9456 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9457 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9458 this is now used to confitionally define the dirfd macro in
9463 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9464 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9465 this is now used to confitionally define the dirfd macro in
9470 Only check /proc/$$/fd if we have the dirfd function/macro.
9473 * compat.h, config.h.in, configure, configure.in:
9474 Add a check for a dirfd() function (like Linux) and add a dirfd
9475 macro in compat.h if there is no dirfd() function or macro.
9478 * closefrom.c, getcwd.c:
9479 dirfd() is now defined in compat.h as needed.
9483 Clarify closefrom() note.
9487 When checking for a command in the directory, only copy the base dir
9492 If there is a /proc/$$/fd directory, behave like the Solaris
9493 closefrom() and only close the descriptors listed therein.
9497 compat.h guarantees INT_MAX is defined.
9501 Add definitions of OPEN_MAX and INT_MAX for those without it and
9502 remove definition of RLIM_INFINITY (now unused).
9505 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
9506 sudo.c, sudo.h, visudo.c:
9507 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
9510 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
9517 Add some entries that were mailed in a while ago
9521 o sysconf returns a long, not an int. o check for negative return
9522 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
9523 define OPEN_MAX to 256 for those without it (a fair guess...)
9526 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
9529 Mention change in parse order for RunAs entries.
9536 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
9538 * INSTALL, README.LDAP, config.h.in, configure.in:
9539 o --with-ldap now takes an optional dir as a parameter o added
9540 check for ldap_initialize() and start_tls_s()
9544 Fix some typos, word choice and formatting issues.
9547 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
9550 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
9551 read/write as it is simpler.
9554 * configure, configure.in:
9555 Remove hack overriding cross-compiler check. It should no longer be
9560 Remove select() compat bits since we no longer use select().
9563 * CHANGES, tgetpass.c:
9564 Use alarm() instead of select() for the timeout for systems that
9565 don't fully/properly implement select().
9568 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
9579 Deal with systems that have no way of setting the effective uid such
9583 * configure, configure.in:
9584 Define NO_SAVED_IDS if we don't find seteuid()
9587 * config.h.in, configure, configure.in:
9588 Add back check for setreuid() since NSK doesn't have it.
9591 * sudoers.cat, sudoers.man.in:
9604 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
9605 explicitly denied and the command matched. This fixes a long-
9606 standing bug and makes: foo machine = (ALL) /usr/bin/blah
9607 foo machine = (!bar) /usr/bin/blah
9609 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
9616 2004-05-20 Aaron Spangler <aaron777@gmail.com>
9619 Missing DESTDIR in make install for sudo_noexec.la
9622 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
9624 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
9634 Remove fastboot/fasthalt (who still remembers these?) and add a
9635 minimal sudoedit example.
9639 Remove fastboot/fasthalt (who still remembers these?) and add a
9640 minimal sudoedit example.
9643 * UPGRADE, sudo.c, visudo.c:
9644 filesystem -> file system
9648 filesystem -> file system
9652 filesystem -> file system
9655 * sudo.pod, sudoers.pod:
9656 Fix some minor typos and formatting goofs
9664 remove my email addr
9667 * sudo.pod, sudoers.pod, visudo.pod:
9668 Use @mansectform@ and @mansectsu@ everywhere Make man page
9669 references links with L<>
9673 Accept quoted globbing characters and pass them verbatim for
9678 Document that /tmp/.odus is gone.
9682 No longer use /tmp/.odus as a possible timestamp dir unless
9683 specifically configured to do so. Instead, if no /var/run exists,
9684 use /var/adm/sudo or /usr/adm/sudo.
9688 No longer use /tmp/.odus as a possible timestamp dir unless
9689 specifically configured to do so. Instead, if no /var/run exists,
9690 use /var/adm/sudo or /usr/adm/sudo.
9694 No longer use /tmp/.odus as a possible timestamp dir unless
9695 specifically configured to do so. Instead, if no /var/run exists,
9696 use /var/adm/sudo or /usr/adm/sudo.
9700 No longer use /tmp/.odus as a possible timestamp dir unless
9701 specifically configured to do so. Instead, if no /var/run exists,
9702 use /var/adm/sudo or /usr/adm/sudo.
9705 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
9706 Preliminary changes to support nsr-tandem-nsk. Based on patches
9711 Preliminary changes to support nsr-tandem-nsk. Based on patches
9715 * check.c, compat.h:
9716 Preliminary changes to support nsr-tandem-nsk. Based on patches
9720 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
9723 There was no 1.6.7p6.
9731 add missing files to DISTFILES
9734 * sudo.cat, sudoers.cat, visudo.cat:
9743 Fix some line wrap and update (c) year
9746 2004-04-28 Aaron Spangler <aaron777@gmail.com>
9752 2004-04-07 Aaron Spangler <aaron777@gmail.com>
9758 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9765 In Exit() when used as a signal handler, emsg is a pointer so
9766 sizeof() is wrong so make it a #define instead. Also avoid using a
9767 negative exit value. Found by Aaron Campbell
9770 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
9773 Remove bogus sentence about uids in a User_List. Document usernames
9774 vs. uid parsing in a Runas_List.
9777 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
9778 If the user specified a uid with the -u flag and the uid exists in
9779 the passwd file, set runas_user to the name, not the uid.
9781 When comparing usernames in sudoers, if a name is really a uid
9782 (starts with '#') compare it numerically to pw_uid.
9785 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
9788 krb5_mcc_ops should be const; Johnny C. Lam
9791 2004-02-28 Aaron Spangler <aaron777@gmail.com>
9793 * CHANGES, config.h.in, ldap.c:
9794 Added start_tls support
9797 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
9800 Clean up libtool stuff for 'make distclean' and add def_data.c,
9801 def_data.h to PARSESRCS.
9804 2004-02-14 Aaron Spangler <aaron777@gmail.com>
9806 * strlcat.c, strlcpy.c:
9807 Un-Fix last license munge
9810 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9816 * CHANGES, RUNSON, TODO:
9820 * lex.yy.c, sudo.tab.c:
9824 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
9825 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
9826 emul/search.h, emul/utime.h:
9827 More to a less restrictive, ISC-style license.
9830 * auth/kerb5.c, auth/pam.c:
9831 More to a less restrictive, ISC-style license.
9834 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
9835 More to a less restrictive, ISC-style license.
9839 More to a less restrictive, ISC-style license.
9842 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
9843 More to a less restrictive, ISC-style license.
9846 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
9847 visudo.man.in, visudo.pod:
9848 More to a less restrictive, ISC-style license.
9852 More to a less restrictive, ISC-style license.
9855 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
9857 More to a less restrictive, ISC-style license.
9860 * sigaction.c, strerror.c:
9861 More to a less restrictive, ISC-style license.
9864 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
9866 More to a less restrictive, ISC-style license.
9869 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
9870 ins_goons.h, insults.h, interfaces.c, interfaces.h:
9871 More to a less restrictive, ISC-style license.
9874 * find_path.c, getprogname.c:
9875 More to a less restrictive, ISC-style license.
9879 More to a less restrictive, ISC-style license.
9883 More to a less restrictive, ISC-style license.
9887 More to a less restrictive, ISC-style license.
9890 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
9892 More to a less restrictive, ISC-style license.
9895 * utime.c, version.h:
9896 More to a less restrictive, ISC-style license.
9899 * parse.lex, parse.yacc:
9900 More to a less restrictive, ISC-style license.
9904 More to a less restrictive, ISC-style license.
9907 2004-02-13 Aaron Spangler <aaron777@gmail.com>
9910 Merged in LDAP Support
9913 * ldap.c, sudo.c, sudo.h:
9914 Merged in LDAP Support
9917 * def_data.c, def_data.h, def_data.in:
9918 Merged in LDAP Support
9921 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
9922 Merged in LDAP Support
9925 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9927 * sudo.h, sudo_noexec.c:
9928 Only do "extern int errno" if errno is not a macro.
9931 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
9934 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
9935 euid first, then just call setuid(0) to set the real uid too.
9939 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
9940 instead of seteuid() which may not exist.
9943 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
9949 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
9950 Add --with-pc-insults configure option
9954 Prefer VISUAL over EDITOR like old vipw did.
9957 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
9959 * sudo.man.in, sudoers.man.in:
9964 Add a note that noexec is not a cure-all.
9968 Mention that disabling "root_sudo" is pretty pointless.
9971 * configure, configure.in:
9972 Substitute for root_sudo in sudoers.pod
9976 Add sudoedit to the NAME section
9980 Document that fact that setting ignore_dot in sudoers has no effect
9981 due to the fact that find_path() is called *before* sudoers is read.
9984 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
9987 Do not require _PATH_USRTMP to be set.
9990 * BUGS, CHANGES, TODO:
9999 Clarify that when sudo is run by root with the SUDO_USER variable
10000 set, the sudoers lookup happens for root and not the SUDO_USER user.
10003 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
10005 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
10006 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
10007 Use the SET, CLR and ISSET macros.
10011 Use the SET, CLR and ISSET macros.
10014 * defaults.c, env.c:
10015 Use the SET, CLR and ISSET macros.
10019 MAIN was replaced with _SUDO_MAIN some time ago.
10023 Don't look at prev_user until after we've parsed sudoers and done
10024 the password check. That way, if sudo/sudoedit is run from a root
10025 process that was invoked by sudo, we check sudoers for root, not the
10026 previous user. This makes sudoedit much more useful and means that
10027 for the sudo case, we get correct logging on who actually ran the
10031 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
10034 Add a comment describing why we need to be notified about our child
10038 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
10040 * def_data.c, def_data.in:
10041 Update the noexec variable descriptions
10044 * sudoers.man.in, sudoers.pod:
10045 noexec now replaces more than just execve()
10049 Alas, all the world does not go through execve(2). Many systems
10050 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
10051 and it is not uncommon for libc to have underscore ('_') versions of
10052 the functions to be used internally by the library. Instead of
10053 stubbing all these out by hand, define a macro and let it do the
10054 work. Extra exec functions pointed out by Reznic Valery.
10057 * sudo.c, sudo_edit.c:
10058 Fix suspending the editor in -e mode. Because we do a fork() first
10059 we need to be notified when the child has been stopped and then send
10060 that same signal to ourself so the shell can do its job control
10065 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
10066 there that want to run sudo that still don't support these we can
10067 try to deal with that later.
10074 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
10075 Document sudo -e / sudoedit
10078 * configure, configure.in:
10082 * config.h.in, configure.in:
10086 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
10089 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
10090 long usage() line to not wrap (assumes 80 char display)
10093 * Makefile.in, sudo.c:
10094 If sudo is invoked as "sudoedit" the -e flag is implied and no other
10095 flags are permitted.
10099 Add a new flag, -e, that makes it possible to give users the ability
10100 to edit files with the editor of their choice as the invoking user,
10101 not the runas user. Temporary files are used for the actual edit
10102 and the temp file is copied over the original after the editor is
10106 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
10107 Add a new flag, -e, that makes it possible to give users the ability
10108 to edit files with the editor of their choice as the invoking user,
10109 not the runas user. Temporary files are used for the actual edit
10110 and the temp file is copied over the original after the editor is
10115 If real uid == 0 and the SUDO_USER environment variables is set, use
10116 that to determine the invoking user's true identity. That way the
10117 proper info gets logged by someone who has done "sudo su" but still
10118 uses sudo to as root. We can't do this for non-root users since
10119 that would open up a security hole, though perhaps it would be
10120 acceptable to use getlogin(2) on OSes where this a system call (and
10121 doesn't just look in the utmp file).
10125 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
10128 * config.h.in, configure, configure.in:
10129 Add check for fchown(2)
10132 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
10135 Back out portions of the -i commit that set NewArgv[0] in
10136 set_runaspw. It is far to late to set NewArgv[0] there and will have
10137 no effect anyway as cmnd and safe_cmnd have already been set.
10140 * visudo.c, visudo.pod:
10141 Prefer VISUAL over EDITOR like old vipw did.
10144 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
10147 In -i mode always set new environment based on the runas user's
10151 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
10153 * sudo.man.in, sudo.pod:
10154 Document the new -i flag and sync SYNOPSIS section with usage() in
10155 sudo.c. Also sort the flags in the OPTIONS section.
10159 o Add -i that acts similar to "su -", based on patches from David J.
10160 MacKenzie o Sort the flags in the usage message
10163 * sudoers.man.in, sudoers.pod:
10164 Add a missing @runas_default@ substitution.
10167 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
10170 Change euid to runas user before calling find_path().
10171 Unfortunately, though runas_user can be modified in sudoers we
10172 haven't parsed sudoers yet.
10175 * sudoers.man.in, sudoers.pod:
10176 Add missing defintion of Parameter_List and use single pipes in the
10177 Defaults EBNF definition.
10181 Fix a bug when set_runaspw() is used as a callback. We don't want
10182 to reset the contents of runas_pw if the user specified a user via
10185 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
10186 already have the info in runas_pw.
10189 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
10192 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
10196 Update sudo_getepw() proto and add one for set_runaspw()
10200 If we can't stat the command as root, try as the runas user instead.
10203 * testsudoers.c, visudo.c:
10204 Add stub set_runaspw() function
10208 Add set_runaspw() function to fill in runas_pw. This will be used
10209 as a callback to update runas_pw when the runas user changes.
10213 PERM_RUNAS -> PERM_FULL_RUNAS
10216 * set_perms.c, sudo.h:
10217 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
10222 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
10223 one chunk for easy free()ing. Also change it from static to extern.
10226 * defaults.c, defaults.h:
10227 Add callback support
10231 Add a callback field and use it for runas_default
10234 * def_data.c, def_data.in:
10235 Add a callback field and use it for runas_default
10238 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
10241 Add support for chalnecho and display server responses used by fwtk
10245 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
10247 * sudoers.man.in, sudoers.pod:
10248 ld.so is ld.so.1 on solaris
10251 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
10252 Use closefrom() instead of doing the equivalent inline.
10256 closefrom(3) for systems w/o it
10259 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
10262 Update from .pod file.
10265 * configure, configure.in:
10266 Substitute noexec_file for the sudoers man page
10269 * sudo.man.in, sudo.pod:
10273 * sudoers.man.in, sudoers.pod:
10277 * auth/pam.c, config.h.in, configure.in:
10278 Move PAM_CONST macro definition from config.h to pam.c where it
10279 belongs. We can't have this in config.h since that gets included too
10283 * auth/pam.c, config.h.in, configure, configure.in:
10284 Some PAM implementations put their headers in /usr/include/pam
10285 instead of /usr/include/security.
10289 I missed changing the EXEC macro -> EXECV here when I changed this
10290 in config.h.in and sudo.c a while ago.
10294 OpenBSD vax/m88k/hppa don't do shared libs
10297 * configure, configure.in:
10298 o merge the hpux case entries into a single entry w/ its own sub-
10299 case statement. o HP-UX >= 11 support getspnam(), use it in
10300 preference to getprpwuid()
10303 * configure, configure.in:
10304 eval $shrext so that it expands nicely on MacOS X
10308 Don't lie about making a module, it does the wrong thing on mach
10312 Remove requirement that libs must begin with "lib". They don't when
10313 we point directly at the lib using LD_PRELOAD or its equivalent.
10317 Disable support for c++, f77 and java. We don't need it, it takes a
10318 lot of time, and it hosed our check for shared lib support.
10326 Call AC_ENABLE_SHARED and check the status of enable_shared to know
10327 when shared libs are available.
10331 Duh, OpenBSD suports shared libs too
10334 * config.h.in, configure.in:
10335 Only OpenPAM and Linux PAM use const qualifiers.
10338 * configure, configure.in:
10339 o No need to check for sed, libtool config does that for us o move
10340 check for --with-noexec until after libtool magic is run so we can
10341 use $can_build_shared and $shrext
10345 Don't print a bunch of crap about library installs since we are not
10346 really installing a library.
10350 Make format_env() varargs Add noexec support for Darwin, MacOS X,
10354 * acsite.m4, ltconfig, ltmain.sh:
10355 Update to libtool 1.5 with local changes: o no ldconfig in the
10356 finish step o assume no libprefix or version is needed
10360 Fix compilation under K&R
10363 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
10370 stub execve() that just returns EACCES; used for noexec
10375 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
10380 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
10384 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
10386 * def_data.c, def_data.h, def_data.in:
10387 Move the environment defaults to the end and shorten a few of the
10391 * configure, configure.in:
10392 no shared libs on ultris or convexos
10395 * Makefile.in, configure, configure.in:
10396 Build sudo_noexec shared object using libtool; could use some
10400 * acsite.m4, ltconfig, ltmain.sh:
10401 libtool scaffolding
10404 * parse.yacc, sudo.tab.c:
10405 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
10409 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
10410 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
10411 update copyright year
10414 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
10415 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
10416 option. The default value of noexec_file is set to this.
10419 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
10420 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
10422 Add support for preloading a shared object containing a dummy
10423 execve() function that just sets error and returns -1. This adds a
10424 "noexec_file" option to load the filename as well as a "noexec" flag
10425 to enable it unconditionally. There is also a NOEXEC tag that can
10426 be attached to specific commands and an EXEC tag to disable it.
10430 add missing newline to usage statement
10433 * config.h.in, sudo.c:
10434 Rename EXEC macro -> EXECV
10438 Don't truncate usernames to 8 characters in the log message.
10441 * check.c, sudoers.man.in, sudoers.pod:
10442 Update copyright year
10445 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
10447 Add a new option, lecture_file, that can be used to point to a
10448 custom sudo lecture.
10451 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
10453 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
10455 Add a zero_bytes() function to do the equivalent of bzero in such a
10456 way that will heopfully not be optimized away by sneaky compilers.
10460 Add a zero_bytes() function to do the equivalent of bzero in such a
10461 way that will heopfully not be optimized away by sneaky compilers.
10464 * Makefile.in, sudo.h:
10465 Add a zero_bytes() function to do the equivalent of bzero in such a
10466 way that will heopfully not be optimized away by sneaky compilers.
10470 Use #ifdef __STDC__, not #if __STDC__.
10473 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
10476 Always put at least one space between the def_* macro name and its
10480 * configure, configure.in:
10481 Adjust code for --without-lecture to match new values.
10485 regen after pasto fix
10488 * sudoers.man.in, sudoers.pod:
10489 Document that "lecture" has changed from a flag to a tuple.
10492 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
10493 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
10494 Add support for tuples in def_data.in; these are implemented as an
10495 enum type. Currently there is only a single tuple enum but in the
10496 future we may have one tuple enum per T_TUPLE entry in def_data.in.
10497 Currently listpw, verifypw and lecture are tuples. This avoids the
10498 need to have two entries (one ival, one str) for pwflags and syslog
10501 lecture is now a tuple with the following values: never, once,
10504 We no longer use both an int and string entry for syslog facilities
10505 and priorities. Instead, there are logfac2str() and logpri2str()
10506 functions that get used when we need to print the string values.
10509 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
10510 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
10511 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
10512 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
10513 sudo.tab.c, visudo.c:
10514 Create def_* macros for each defaults value so we no longer need the
10515 def_{flag,ival,str,list,mode} macros (which have been removed). This
10516 is a step toward more flexible data types in def_data.in.
10523 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
10526 If we are in -k/-K mode, just spew to stderr. It is not unusual for
10527 users to place "sudo -k" in a .logout file which can cause sudo to
10528 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
10529 Previously, this would result in useless mail and logging.
10532 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
10535 fix pasto in VISUAL description
10538 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
10549 Some OSes (like Solaris) allow export w/ nosuid too
10552 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
10555 We don't use FD_ZERO anymore so just define FD_SET (if not already
10559 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
10562 Fix a core dump on Solaris by preserving the pam_handle_t we used
10563 during authentication for pam_prep_user(). If we didn't
10564 authenticate (ie: ticket still valid), we call pam_init() from
10565 pam_prep_user(). This is something of a hack; it may be better to
10566 change the auth API and add an auth_final() function that acts like
10570 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
10573 Add explicit declaration of printerr variable in function header
10574 (was defaulting to int which is OK but oh so K&R :-). From Theo.
10577 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
10579 * config.h.in, configure.in:
10580 s/HAVE_STOW/USE_STOW/
10584 Also exit waitpid() loop when pid == 0. Fixes a problem where the
10585 sudo process would spin eating up CPU until sendmail finished when
10586 it has to send mail.
10589 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
10592 Remove advertising clause, UCB has disavowed it
10596 Remove advertising clause, UCB has disavowed it
10599 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
10602 Don't assume that getgrnam() calls don't modify contents of struct
10603 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
10604 Based on a patch from Kirk Webb.
10607 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
10614 darwin has a broken setreuid() in at least some versions
10618 Fix an off by one error when reallocating the environment; Kevin Pye
10621 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
10624 Fix User_Spec definition; SEKINE Tatsuo
10627 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
10630 More info on the early days from Coggs.
10633 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
10636 remove errant semicolon that prevented compilation under heimdal
10639 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
10641 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
10642 add DARPA credit on affected files
10646 add DARPA credit on affected files
10649 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
10651 add DARPA credit on affected files
10655 add DARPA credit on affected files
10659 add DARPA credit on affected files
10662 * logging.c, parse.c:
10663 add DARPA credit on affected files
10666 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
10667 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
10668 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
10670 add DARPA credit on affected files
10673 * auth/kerb5.c, auth/pam.c:
10674 add DARPA credit on affected files
10677 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
10678 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
10680 add DARPA credit on affected files
10684 add DARPA credit on affected files
10687 * defaults.c, defaults.h:
10688 add DARPA credit on affected files
10692 add DARPA credit on affected files
10695 * Makefile.in, alloc.c, check.c:
10696 add DARPA credit on affected files
10700 slightly different wording for the darpa credit
10703 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
10709 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
10712 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
10713 Kerberos like we did before I messed things up ;-)
10715 Use krb5_principal_get_comp_string() to do the same thing w/
10716 Heimdal. I'm not sure if the component should be 0 or 1 in this
10719 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
10720 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
10721 should be a configure check for this I guess.
10724 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
10727 builtin -> built-in; Jason McIntyre
10730 * TROUBLESHOOTING, config.h.in, configure, configure.in:
10731 builtin -> built-in; Jason McIntyre
10735 built in -> built-in; Jason McIntyre
10738 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
10741 checkpoint for 1.6.7p3
10745 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
10746 Amazingly, sudo source from 1985 is available via groups.google.com
10750 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
10751 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
10752 RLIMIT_CORE restoration on some OSes.
10755 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
10758 Make this compile on Heimdal and MIT Kerberos 5
10761 * config.h.in, configure, configure.in:
10762 Check for heimdal even if we found krb5-config and define
10767 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
10768 no longer defined by MIT kerb5 (though it used to be and indeed
10769 remains so in Heimdal).
10772 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
10775 Remove newer stuff that passes multiple (possibly duplicate)
10776 directories to "mkdir -p" since that seems to break on Tru64 Unix at
10777 least. This basically brings back what shipped with sudo 1.6.6.
10780 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
10783 Correct number of args to krb5_principal_get_realm() and fix an
10784 unclosed comment that hid the bug.
10811 * CHANGES, version.h:
10820 use krb5-config to determine Kerberos V details if it exists
10823 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
10824 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
10825 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
10826 testsudoers.c, visudo.c:
10827 Use warn/err and getprogname() throughout. The main exception is
10828 openlog(). Since the admin may be filtering logs based on the
10829 program name in the log files, hard code this to "sudo".
10833 Add getprogname.c and err.c
10840 * config.h.in, configure.in:
10841 Add checks for getprognam(), __progname and err.h
10845 For systems withour err/warn functions.
10849 For systems withour err/warn functions.
10853 For systems neither getprogname() nor __progname; uses Argv[0].
10856 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
10859 checkpoint for 1.6.7p1
10862 * sudo.c, testsudoers.c:
10863 fix strlcpy() rval check (innocuous)
10867 oflow detection in expand_prompt() was faulty (false positives). The
10868 count was based on strlcat() return value which includes the length
10869 of the entire string.
10872 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
10875 checkpoint for the sudo 1.6.7 release
10876 [096bab4da29a] [SUDO_1_6_7]
10879 checkpoint for the sudo 1.6.7 release
10882 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
10885 g/c unused variable
10893 use man sections 8 and 5 for csops
10896 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
10903 Add -lskey or -lopie directly to SUDO_LIBS instead of having
10904 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
10912 Add --with-blibpath for AIX. An alternate libpath may be specified
10914 -blibpath support can be disabled. Also change conifgure such that
10915 -blibpath is not specified if no -L libpaths were added to
10920 Add --with-blibpath for AIX. An alternate libpath may be specified
10922 -blibpath support can be disabled. Also change conifgure such that
10923 -blibpath is not specified if no -L libpaths were added to
10928 Add --with-blibpath for AIX. An alternate libpath may be specified
10930 -blibpath support can be disabled. Also change conifgure such that
10931 -blibpath is not specified if no -L libpaths were added to
10936 add AIX blibpath support
10939 * INSTALL, configure.in:
10940 --with-skey and --with-opie now take an option directory argument
10941 This obsoletes a --with-csops hack (/tools/cs/skey)
10943 Also remove the remaining direct uses of "echo"
10946 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
10949 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
10950 for KTH Kerberos IV and V.
10954 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
10955 -R/path/to/dir if $with_rpath) to the specified variable.
10958 * INSTALL, configure.in:
10959 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
10960 option, --with-rpath to control this behavior.
10964 for kerb4 put libdes after libkrb on the link line
10972 fix kerberos lib check when a path is specified
10976 Fix boolean thinko in SIGCHLD reaper and call reapchild after
10977 sending mail instead of doing a conditional sudo_waitpid.
10980 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
10987 replace =DIR with [=DIR] where sensible
10991 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
10992 detection based on openssh's configure.in
10996 --with-kerb4 and --with-kerb5 now take an optional argument.
10999 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
11002 Kill remaining strcpy(), the programmer's guide says username is 32
11007 trat uid_t as unsigned long for printf and use snprintf, not sprintf
11014 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
11016 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
11017 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
11018 auth/rfc1938.c, auth/sudo_auth.c:
11019 update copyright year
11022 * sudo.man.in, sudoers.man.in, visudo.man.in:
11023 update copyright year
11026 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
11027 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
11028 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
11029 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
11030 update copyright year
11033 * check.c, env.c, sudo.c:
11034 Cast [ug]ids to unsigned long and printf with %lu
11042 correct error messages for --with-sudoers-{mode,uid,gid}
11046 make the malloc(0) error specific to each function to aid tracking
11051 deal with platforms where size_t is signed and there is no SIZE_MAX
11056 Make this compile w/ Heimdal and fix some gcc warnings.
11060 Use stat_sudoers macro so --with-stow can work
11063 * INSTALL, config.h.in, configure, configure.in:
11064 Add support for --with-stow based on patches from Robert Uhl
11080 use strlcpy, not strncpy
11084 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
11091 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
11093 * strlcat.c, strlcpy.c:
11094 Make gcc shutup about unused rcsid
11098 Move the n == 0 check for the non-getifaddrs cas
11102 skeychallenge() on NetBSD take a size parameter
11110 put -ldl after -lpam, not before; fixes static linking on Linux
11114 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
11118 * sudo.cat, sudoers.cat, visudo.cat:
11122 * sudo.man.in, sudoers.man.in, visudo.man.in:
11127 Preserve copyright notice from .pod file in .man.in file
11131 Add sudoers(5) to SEE ALSO
11134 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
11141 Don't assume libc can realloc() a NULL string. If malloc/realloc
11142 fails, make sure we just return; yyerror() is not terminal.
11150 simplify fill_args a little and use strlcpy for paranoia
11157 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
11159 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
11160 cases the strings were either pre-allocated to the correct size of
11161 length checks were done before the copy but a little paranoia can go
11166 Add strlc{at,py} protos
11169 * env.c, interfaces.c:
11178 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
11179 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
11183 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
11188 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
11191 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11194 Use snprintf() for paranoia
11198 Use emalloc2 and erealloc3
11202 strlc{at,py} for those w/o it
11205 * strlcat.c, strlcpy.c:
11206 stlc{at,py} for those w/o it.
11209 * config.h.in, configure, configure.in:
11210 Add stlc{at,py} for those w/o it.
11214 Add erealloc3(), a realloc() version of emalloc2().
11217 * interfaces.c, sudo.c:
11218 Use emalloc2() to allocate N things of a certain size.
11222 Add emalloc2() -- like calloc() but w/o the bzero and with
11223 error/oflow checking.
11227 Error out on malloc(0); suggested by theo
11230 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
11232 * configure, configure.in:
11233 fix a typo; David Krause
11236 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
11242 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
11245 Remove DYLD_ from the environment for MacOS X; from bbraun
11248 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
11250 * config.h.in, configure.in:
11251 not not; Anil Madhavapeddy
11254 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
11256 * sudo.pod, sudoers.pod, visudo.pod:
11257 typos; jmc@openbsd.org
11260 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
11263 Add some missing ';' rule terminators that bison warns about.
11267 fix typo I introduced in last merge
11271 regenerate with autoconf 2.57
11275 Add missing "$HOME"
11279 Add some more square backets to make autoconf 2.57 happy
11282 * config.sub, mkinstalldirs:
11283 Updates from autoconf-2.57
11287 Updates from autoconf-2.57
11290 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11296 * lex.yy.c, sudo.tab.c:
11300 * parse.lex, parse.yacc, sudoers.pod:
11301 Add support for Defaults>RunasUser
11304 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11307 fclose() yyin after each yyparse() is done and use fopen() instead
11308 of using freopen().
11312 Better fix for sudoers files w/o a newline before EOF. It looks
11313 like the issue is that yyrestart() does not reset the start
11314 condition to INITIAL which is an issue since we parse sudoers
11318 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
11321 Work around what appears to be a flex bug when dealing with files
11322 that lack a final newline before EOF. This adds a rule to match EOF
11323 in the non-initial states which resets the state to INITIAL and
11328 o The parser needs sudoers to end with a newline but some editors
11329 (emacs) may not add one. Check for a missing newline at EOF and
11330 add one if needed. o Set quiet flag during initial sudoers parse (to
11331 get options) o Move yyrestart() call and always use freopen() to
11332 open yyin after initial sudoers parse.
11335 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
11338 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
11339 effective gid, not real gid, when reading sudoers.
11343 don't compile set_perms_posix if we have setreuid or setresuid
11346 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11348 * sudo.pod, sudoers.pod:
11349 document new prompt escapes
11353 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
11354 collapsed to "%" as was originally intended. This also gets rid of
11355 lastchar (does lookahead instead of lookback) which should simplify
11356 the logic slightly.
11359 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
11362 Write the prompt *after* turning off echo to avoid some password
11363 characters being echoed on heavily-loaded machines with fast
11368 Add support for mipseb; wiz@danbala.tuwien.ac.at
11372 Fix IRIX fallout from name changes in man dir/sect Makefile
11373 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
11377 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
11378 the global copy. Problem noted by Peter Pentchev.
11381 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
11388 Add missing yyerror() calls; YYERROR does not seem to call this for
11392 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
11395 fix typo in comment; Pedro Bastos
11398 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11401 document --disable-setresuid
11404 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
11406 Sprinkle some volatile qualifiers to prevent over-enthusiastic
11407 optimizers from removing memset() calls.
11410 * logging.c, parse.yacc:
11411 minor sign fixes pointed out by gcc -Wsign-compare
11414 * set_perms.c, sudo.c, sudo.h:
11415 Revamp set_perms. We now use a version based on setresuid() or
11416 setreuid() when possible since that allows us to support the
11417 stay_setuid option and we always know exactly what the semantics
11418 will be (various Linux kernels have broken POSIX saved uid support).
11421 * config.h.in, configure:
11422 regen from configure.in
11426 Add checks for setresuid() and a way to disable using it
11430 No long need to emulate set*[ug]id() via setres[ug]id() or
11431 setre[ug]id(). The new set_perms stuff only uses things it knows are
11436 Before exec, restore state of signal handlers to be the same as when
11437 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
11438 a problem when using sudo with nohup. Based on a patch from Paul
11443 o timestamp_uid should be uid_t, not int o clarify error message
11444 when sudo is run by root and no_root_sudo is set
11447 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
11450 update ftp link for bison
11453 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
11456 Error out if setusercontext() fails and the runas user is not root.
11459 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
11466 Fix SecurID API test
11469 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
11476 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
11477 but I don't see a better way at the moment.
11480 * Makefile.in, auth/securid5.c:
11481 SecurID API version 5 support from Michael Stroucken
11485 Add check for SecurID 5.0 API
11488 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
11491 We actually do still need config.h to get the 'const' definition for
11495 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
11498 regen with autoconf 2.5.3
11502 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
11506 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
11507 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
11510 * env.c, sudo.c, sudo.h:
11511 No need for dump_badenv() now that dump_defaults() knows how to dump
11515 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
11521 document timestampowner
11525 Don't call set_perms() when doing timestamp stuff unless
11526 timestamp_uid != 0.
11529 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
11530 sudo.h, testsudoers.c:
11531 g/c second arg to set_perms--it is no longer used
11534 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
11536 * check.c, set_perms.c, sudo.c, sudo.h:
11537 Add support for non-root timestamp dirs. This allows the timestamp
11538 dir to be shared via NFS (though this is not recommended).
11541 * def_data.c, def_data.h, def_data.in:
11542 Add timestampowner, "Owner of the authentication timestamp dir"
11545 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
11548 Don't try to pre-compute the size of the new envp, just allocate
11549 space up front and realloc as needed. Changes to the new env
11550 pointer must all be made through insert_env() which now keeps track
11551 of spaced used and allocates as needed.
11554 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
11561 Fix two typo/pastos; from jrj@purdue.edu
11564 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
11566 * INSTALL.binary, README:
11568 [a1e33027278c] [SUDO_1_6_6]
11570 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
11571 visudo.cat, visudo.man.in:
11575 * CHANGES, RUNSON, TODO:
11580 The the loop used to expand %h and %u, the lastchar variable was not
11581 being initialized. This means that if the last char in the prompt
11582 is '%' and the first char is 'h' or 'u' a extra copy of the host or
11583 user name would be copied, for which space had not been allocated.
11586 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
11588 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
11589 crank version to 1.6.6
11593 #undef VOID to get rid of an AFS warning
11597 Use easprintf instead of emalloc + sprintf for some things.
11600 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
11602 * lex.yy.c, sudo.tab.c:
11606 * parse.c, parse.lex, parse.yacc, testsudoers.c:
11607 Remove Chris Jepeway's email address so people don't bug him ;-)
11610 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11613 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
11614 endgrent() at the same time.
11617 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
11620 Make it clear which configure options take arguments.
11623 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
11626 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
11627 RLIM_INFINITY, just pretend it is -1. This works because we only
11628 check for RLIM_INFINITY and do not set anything to that value.
11631 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
11634 Zero and free allocated memory when there is a conversation error.
11638 Use sigaction() not signal()
11642 Mention that some linux kernels have broken POSIX saved ID support
11646 checkpoint for 1.6.5p2
11654 Add --disable-setreuid flag
11658 Document new --disable-setreuid option and change description for
11659 --disable-saved-ids to match new error message.
11663 fatal() now takes an argument that determines whether or not to call
11668 Update for new error messages from set_perms()
11672 Update for new error messages from set_perms()
11675 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
11678 Make this compile w/o warnings
11682 Mention that we can't use pam_acct_mgmt()
11685 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
11686 The user's password was not zeroed after use when AIX
11687 authentication, BSD authentication, FWTK or PAM was in use.
11690 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
11693 Avoid giving PAM a NULL password response, use the empty string
11694 instead. This avoids a log warning when the user hits ^C at the
11695 password prompt when PAM is in use.
11699 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
11700 pam_setcred() returns the last saved return code, not the return
11701 code for the setcred module. Because we haven't called
11702 pam_authenticate(), this is not set and so pam_setcred() returns
11707 Don't need a '/' between $(DESTDIR) and a directory.
11711 Don't need a '/' between $(DESTDIR) and a directory.
11714 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
11721 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
11722 setreuid() o new NetBSD has a real setreuid() o add check for
11723 freeifaddrs() if getifaddrs() exists.
11726 * config.h.in, interfaces.c:
11727 Older BSDi releases lack freeifaddrs() so add a test for that and if
11728 it is not present just use free().
11731 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11734 Checkpoint for 1.6.5p1
11738 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
11739 to normal passwords, not AUTH_FATAL (which just causes an exit).
11743 Don't use memory after it has been freed.
11747 skeyaccess() wants a struct passwd * not a char *; Patch from
11749 [65a1d3806fcd] [SUDO_1_6_5]
11755 * CHANGES, RUNSON, TODO:
11756 checkpoint for sudo 1.6.5
11759 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
11765 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
11769 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11775 o when invoking the mailer as root use a hard-coded environment that
11776 doesn't include any info from the user's environment. Basically
11779 o Add support for the NO_ROOT_MAILER compile-time option and run the
11780 mailer as the user and not root if NO_ROOT_MAILER is defined.
11783 * set_perms.c, sudo.h:
11784 Bring back PERM_FULL_USER
11795 * INSTALL, config.h.in, configure.in:
11796 Add --disable-root-mailer option to run the mailer as the user and
11801 checkpoint for 1.6.4p2
11805 Mention the "seteuid(0): Operation not permitted" problem here too
11806 just for good measure.
11809 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
11811 * env.c, getspwuid.c, sudo.c:
11812 The SHELL environment variable was preserved from the user's
11813 environment instead of being reset based on the passwd database when
11814 the "env_reset" option was used. Now it is reset as it should be.
11821 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
11823 Add a configure option to turn off use of POSIX saved IDs
11831 add --with-efence option
11835 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
11836 "sudo -l" would not work if always_set_home was set.
11844 Quoted commas were not being treated correctly in command line
11849 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
11850 Otherwise, the set_home option has no effect.
11852 o Fix use of freed memory when the "fqdn" flag is set. This was
11853 introduced by the fix for the "segv when gethostbynam() fails" bug.
11854 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
11855 there is no need to check the "fqdn" flag in set_fqdn() itself.
11859 Add 'continue' statements to optimize the switch statement. From
11863 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
11865 * sudoers.cat, sudoers.man.in:
11866 Regen from new sudoers.pod
11867 [6ecc07b3d0e1] [SUDO_1_6_4]
11870 Add caveat about stay_setuid flag
11874 If set_perms == set_perms_posix and the stay_setuid flag is not set,
11875 set all uids to 0 and use set_perms_fallback().
11878 * set_perms.c, sudo.h:
11879 Remove PERM_FULL_USER (which is no longer used) and add
11880 PERM_FULL_ROOT (used when exec'ing the mailer).
11884 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
11885 never want to run the mailer setuid.
11888 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
11890 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
11892 Use sudo.ws instead of courtesan.com in URLs
11895 * Makefile.binary, Makefile.in:
11896 Fix mansect substitution
11900 Substitute man sections in Makefile.binary
11904 Sync install targets with Makefile.in and substitute in man
11908 * INSTALL, INSTALL.binary:
11913 Repair bindist target
11920 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
11923 Fix case where neither whoami nor id are found
11926 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11929 If neither whoami nor id exists, just assume we are root.
11933 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
11934 on AIX which for some reason isn't pulling in the malloc prototype.
11937 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
11939 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
11948 Defer assigning new environment until right before the exec.
11952 kill extra blank line
11955 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11962 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
11963 compiler doesn't recognise -O2.
11967 Clarify origins of Root Group sudo a bit based on info from
11968 billp@rootgroup.com
11971 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
11978 checkpoint for 1.6.4rc1
11981 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
11984 now generated via autoheader
11992 Move in some stuff that was previously in config.h.
11995 * aclocal.m4, configure.in:
11996 Add info for autoheader.
11999 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
12002 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
12003 -g to facilitate non-root installs
12007 Add -M option (like -m but only for root) If we can't find "whoami",
12008 use "id" w/ some sed.
12016 allow user to always override mansectsu and mansectform
12019 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
12022 update from autoconf 2.52
12025 * config.guess, config.sub:
12026 Update from autoconf 2.52
12030 regen with autoconf 2.52
12034 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
12035 mode o Remove compiler-specific checks for HP-UX now that we use
12044 o Add pam_prep_user function to call pam_setcred() for the target
12045 user; on Linux this often sets resource limits. o When calling
12046 pam_end(), try to convert the auth->result to a PAM_FOO value.
12047 This is a hack--we really need to stash the last PAM_FOO value
12048 received and use that instead.
12051 * set_perms.c, sudo.h:
12052 o Add pam_prep_user function to call pam_setcred() for the target
12053 user; on Linux this often sets resource limits.
12057 Fix off by one error in number of bytes allocated via malloc (does
12058 not affected any released version of sudo).
12061 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
12068 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
12069 requiring that they be quoted.
12072 * sudoers.cat, sudoers.man.in, sudoers.pod:
12073 Mention that no double quotes are needed when
12074 adding/deleting/assigning a single value to a list.
12078 Don't rely on mkdefaults being executable, call perl explicitly.
12086 Remove some XXX that are no longer relevant.
12090 o Roll our own loop instead of using strpbrk() for better
12091 grokability o When adding to a list we must malloc() and use
12092 memcpy(), not strdup() since we must only copy len bytes from str.
12095 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
12105 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
12116 avoid the -g flag unless --with-devel was specified
12120 mkdefaults, def_data.in and sigaction.c were missing from the
12125 def_data.c was missing
12128 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
12131 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
12132 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
12140 Add comment for Default section so folks know where it should go.
12143 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
12146 Use TCSETAF, not TCSETA to set terminal in termio case
12149 * sudoers.cat, sudoers.man.in:
12150 regen from sudoers.pod
12154 o Typo, Runas_User_List should be Runas_List o a User_List can not
12155 contain a uid o mention that the Defaults section should come after
12156 Alias definitions but before the user specifications
12159 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
12161 * sudoers.cat, sudoers.man.in:
12166 Fix listpw and verifypw sections, they were not being formatted
12170 * sudoers.cat, sudoers.man.in:
12182 * config.h.in, configure.in:
12183 use AC_SYS_POSIX_TERMIOS instead of rolling our own
12187 Reference sudo.ws not courtesan.com
12191 Add notes on shadow passwords
12195 In list mode (sudo -l), characters escaped with a backslash are
12196 shown verbatim with the backslash.
12200 Add simple examples from OpenBSD (Marc Espie)
12204 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
12208 minor prettyification
12216 Fix CIDR handling here too.
12220 Apparently a NULL response is OK
12224 Checkpoint for upcoming beta release
12228 Many people believe that adding a runas spec should obviate the need
12229 for the -u flag. It does not.
12233 checkpoint update for upcoming 1.6.4 beta
12237 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
12238 if HAVE_STRING_H is defined -- this is safe now
12242 Add signals section
12250 Fix check for sigaction_t
12254 XXX - should call find_path() as runas user, not root. Can't do
12255 that until the parser changes though.
12259 If find_path() fails as root, try again as the invoking user (useful
12260 for NFS). Idea from Chip Capelik.
12263 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
12264 Regenerate after pod file changes
12267 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
12268 sudo.pod, sudoers.pod:
12269 Add new sudoers option "preserve_groups". Previously sudo would not
12270 call initgroups() if the target user was root. Now it always calls
12271 initgroups() unless the -P command line option or the
12272 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
12275 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
12277 * compat.h, config.h.in:
12278 Use new HAVE_SIGACTION_T define
12282 Fix compilation on K&C
12290 Add check for sigaction_t -- IRIX already defines this so don't
12299 need stdlib.h here too
12307 Remove redundant checks for string.h, strings.h and unistd.h
12310 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
12312 Regen from pod files
12319 * configure, lex.yy.c, sudo.tab.c:
12324 Return EINVAL if errnum > sys_nerr
12327 * auth/sudo_auth.h:
12328 o Update copyright year
12331 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
12332 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
12334 o Update copyright year
12338 o Don't define STDC_HEADERS unconditionally for IRIX o Update
12346 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
12347 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12348 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
12349 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
12350 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
12352 o Reorder some headers and use STDC_HEADERS define properly o Update
12357 o Reorder some headers and use STDC_HEADERS define properly o Update
12361 * getspwuid.c, goodpath.c, interfaces.c:
12362 o Reorder some headers and use STDC_HEADERS define properly o Update
12367 o Reorder some headers and use STDC_HEADERS define properly o Update
12371 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
12373 o Reorder some headers and use STDC_HEADERS define properly o Update
12382 flags set in signal handlers should be volatile sig_atomic_t
12385 * config.h.in, configure.in:
12386 Add checks for volatile and sig_atomic_t
12389 * configure, lex.yy.c:
12393 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
12394 sudo.c, sudoers.pod:
12395 Remove "secure_path" Defaults option since it cannot work with the
12399 * find_path.c, sudo.c:
12400 Unset "secure_path" if user_is_exempt()
12403 * env.c, pathnames.h.in:
12404 o Remove assumption that PATH and TERM are not listed in env_keep o
12405 If no PATH is in the environment use a default value o If TERM is
12406 not set in the non-reset case also give it a default value.
12409 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
12410 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
12411 systems that define in paths.h
12414 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
12415 Add support for skeyaccess(3) if it is present in libskey.
12418 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
12421 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
12425 '\\' is a perfectly legal character to have in a command line
12430 o Defer call to set_fqdn() until it is safe to use log_error() o
12431 Don't print errno string value if gethostbyname fails, it is not
12436 Fix CIDR -> in_addr_t conversion.
12439 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
12442 Remove an extra "User_List" in the User_Spec definition From
12443 ybertrand AT snoopymail.com
12447 Make 'listpw=never' work for users who are not explicitly mentioned
12452 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
12456 Document new list Defaults type and convert env_keep and env_delete
12457 to lists. Document new env_check option.
12460 * lex.yy.c, sudo.tab.c, sudo.tab.h:
12465 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
12474 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
12477 * config.h.in, configure.in:
12478 Add check for skeyaccess(3)
12482 Document new -c, -f, and -q options
12486 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
12493 * aclocal.m4, config.h.in, configure.in:
12494 Add check for isblank and a replacement macro if it doesn't exist.
12497 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
12500 In check-only mode, don't create sudoers if it does not already
12505 o Add a new token, DEFVAR, to indicate a Defaults variable name o
12506 Add support for "+=" and "-=" list operators o replace some 1 and 0
12507 with TRUE and FALSE for greater legibility.
12511 o Use exclusive start conditions to remove some ambiguity in the
12512 lexer. Also reorder some things for clarity. o Add support for
12513 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
12514 a Defaults variable name.
12518 Prototype init_envtables()
12522 o Convert environment handling to use lists instead of strings.
12523 This greatly simplifies routines that need to do "foreach" type
12524 operations. o Add new init_envtables() function to set env_check
12525 and env_delete defaults based on initial_badenv_table and
12526 initial_checkenv_table (formerly sudo_badenv_table).
12529 * defaults.c, defaults.h:
12530 o Add a new LIST type and functions to manipulate it. o This is for
12531 use with environment handling variables. o Call new
12532 init_envtables() routine inside init_defaults() to initialize the
12536 * def_data.c, def_data.h, def_data.in:
12537 Convert environment options to use the new LIST type and add a new
12538 one, env_check that only deletes if the sanity check fails.
12542 Add dummy version of init_envtables()
12550 Add check-only mode
12554 Fix generation of entries with NULL descriptions.
12557 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
12560 Use sigaction_t and quiet a gcc warning.
12564 Must reset signal handlers before we exec
12567 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
12569 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
12570 version needs testing. Set SIGTSTP to SIG_DFL during password entry
12571 so user can suspend us.
12575 Add support for interrupting/suspending tgetpass via keyboard input.
12576 If you suspend sudo from the password prompt and resume it will re-
12581 Don't block keyboard interrupt signals, just set them to SIG_IGN.
12584 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
12587 add back HAVE_SIGACTION
12594 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
12595 Kill POSIX_SIGNALS define and old signal support now that we emulate
12596 POSIX ones Also be sure to correctly initialize struct sigaction.
12600 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
12604 Add scaffolding for POSIX signal emulation
12608 o Add missing ';' so this compiles o Can't use NULL since we don't
12613 Emulate sigaction() using sigvec()
12616 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
12619 Document new behavior of negative values of timestamp_timeout Fix a
12624 Add security note about command not being logged after 'sudo su' and
12629 Mention that -V prints default values when run as root, including
12630 the list of environment variables to clear.
12634 Run pod2man with --quotes=none to avoid stupid quoting of C<>
12638 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
12640 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
12641 Add mail_badpass option Also modify mail_always behavior to also
12642 send mail when the password is wrong
12645 * env.c, sudo.c, sudo.h:
12646 Dump default bad env table when 'sudo -V' is run by root.
12650 document env_delete
12654 Add support for '*' in env_keep when not resetting the environment
12655 (ie: the normal case).
12659 Add env_delete variable that lets the user replace/add to the
12660 bad_env_table. Allow '*' wildcard in env_keep entries.
12663 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
12666 Force umask to 022 to guarantee sane directory permissions.
12669 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
12672 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
12676 fix breakage in last commit
12680 acsite.m4 -> aclocal.m4
12684 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
12688 regenerated from def_data.in
12691 * check.c, defaults.c, defaults.h:
12692 Add new T_UINT type that most things use instead of T_INT If
12693 timestamp_timeout is < 0 then treat the ticket as never expiring (to
12694 be expired manually by the user).
12698 change most T_INT -> T_UINT
12702 fix warning when no args
12706 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
12707 we are a signal handler. We no longer print the signal number but
12708 the user can just check the exit value for that.
12711 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
12714 when setting up pipes in child process check for case where stdin ==
12718 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
12721 Ignore editor exit value since XPG4 says vi's exit value is the
12722 count of editing errors made (failed searches, etc).
12725 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
12732 sco now is identified by config.guess as *-sco-*
12736 Check for getspnam() in -lgen if not in -lc for UnixWare.
12739 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
12741 * sudoers.pod, visudo.pod:
12742 "upper case" -> "uppercase"
12746 fix typos and grammar; pjanzen@foatdi.harvard.edu
12749 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
12752 Missing word (specify); krapht@secureops.com
12755 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
12758 If we fail to lookup a login class, apply the default one.
12762 In log_error() free message, not logline unconditionally, then free
12763 logline if it is not the same as message. No function change but
12764 this mirrors how they are allocated.
12767 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
12774 remove some backslash quotes that are unneeded
12778 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
12779 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
12780 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
12781 to AC_DEFINE things manually.
12784 * config.guess, config.sub:
12785 Updated from autoconf-2.50
12788 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
12791 Update mailing list section. We use mailman now, not majordomo.
12794 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12796 * getspwuid.c, logging.c, sudo.c:
12797 Use setpwent()/endpwent() + all the shadow variants to make sure we
12798 don't inadvertantly leak an fd to the child. Apparently Linux's
12799 shadow routines leave the fd open even if you don't call setspent().
12800 Reported by mike@gistnet.com; different patch used.
12803 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
12810 select() may return EAGAIN. If so, continue like we do for EINTR.
12814 Fix a non-exploitable buffer overflow in the word splitting code.
12815 This should really be rewritten.
12823 Tell people to look in sample.syslog.conf for examples, not FAQ
12827 Update list of env vars that are cleared
12831 remove struct env_table decl since that stuff has all moved to env.c
12834 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
12837 Fix a pasto in flock-style unlocking and include <sys/file.h> for
12838 flock on older systems; twetzel@gwdg.de
12842 regen to get NeXT lockf/flock fix
12846 force NeXT to use flock since lockf is broken
12849 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12852 Use stashed user_gid when checking against exempt gid since sudo
12853 sets its gid to a a value that makes sudoers readable. Previously
12854 if you used gid 0 as the exempt group everyone would be exempt. From
12855 Paul Kranenburg <pk@cs.few.eur.nl>
12858 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12865 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
12866 some types (such as ssize_t) therein.
12869 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
12872 Fix negation of paths in a boolean context. Problem found by
12876 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12882 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
12885 SA_RESETHAND means the opposite of what I was thinking--oops To
12886 block all signals in old-style signals use ~0, not 0xffffffff
12889 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
12892 coerce difference of pointers to int when used in a string length
12893 printf format; deraadt@openbsd.org
12896 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12899 Block all signals in Exit() to avoid a signal race. There is still
12900 a tiny window but I'm not going to worry about it.
12903 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
12906 glibc uses the LANGUAGE env var so clear that too; Solar Designer
12910 Regenerate with a fix to flex.skl that preserves errno from
12911 clobbering by isatty().
12914 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
12916 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
12917 auth/sia.c, auth/sudo_auth.c:
12918 Some defaults I_ defines got renamed.
12921 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
12922 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
12923 set_perms.c, sudo.c, sudo.tab.c:
12924 Move defaults info into its own files from which we generate .h and
12925 .c files. This makes adding or rearranging variables much simpler.
12928 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
12930 * configure, configure.in:
12931 fix typo in last commit
12934 * compat.h, config.h.in, configure, configure.in:
12935 Add check + emulation for setegid (like seteuid).
12939 Make env_keep override badenv_table as documented Fix traversal of
12940 badenv_table (broken in last commit)
12943 * set_perms.c, sudo.c, sudo.h:
12944 Don't try and build saved uid version of set_perms on systems w/o
12945 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
12946 set_perms_setreuid simply be set_perms_fallback() and simply include
12947 the appropriate function at compile time (setreuid() vs. setuid()).
12950 * sudoers.cat, sudoers.man.in, sudoers.pod:
12951 PATH is also preserved when env_reset is in effect
12954 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
12955 configure.in, defaults.c, defaults.h, env.c, find_path.c,
12956 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
12957 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
12958 visudo.c, visudo.cat, visudo.man.in:
12959 New Defaults options: o stay_setuid - sudo will remain setuid if
12960 system has saved uids or setreuid(2) o env_reset - reset the
12961 environment to a sane default o env_keep - preserve environment
12962 variables that would otherwise be cleared
12964 No longer use getenv/putenv/setenv functions--do environment munging
12965 by hand. Potentially dangerous environment variables can be cleared
12966 only if they contain '/' pr '%' characters to protect buggy
12967 programs. Moved environment routines into env.c (new file)
12971 Clear up --without-passwd description
12974 * putenv.c, sudo_setenv.c:
12975 We now build up a new environment from scratch and assign it to
12979 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
12981 * sudo.pod, visudo.pod:
12982 Grammatical fixes from Paul Janzen
12985 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
12988 If there was a syntax error and the user just wants to quit, unlink
12989 sudoers if it is zero length.
12993 'Q' means ignore parse error, not 'q'
12997 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
13001 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
13004 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
13007 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
13009 * config.guess, config.sub:
13010 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
13013 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
13015 * sudo.c, visudo.c:
13016 Use exit(127), not exit(-1)
13019 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
13020 Move set_perms() to its own file and use POSIX saved uid or
13021 setreuid() if available.
13023 Added stay_setuid option for systems that have libraries that
13024 perform extra paranoia checks in system libraries for setuid
13025 programs (ie: anything with issetugid(2)).
13029 strip more bits from the environment and add a facility for
13030 stripping things only if they contain '/' or '%' to address printf
13031 format string vulnerabilities in other programs.
13034 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
13041 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
13050 Check for strcasecmp(3) in -lc89 for NCR Unix
13053 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
13056 Define HAVE_INNETGR #ifdef HAVE__INNETGR
13063 * compat.h, config.h.in, configure.in:
13064 Add check for _innetgr(3) since NCR systems have that instead of
13068 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
13071 check return value of creadcfg() call sd_close() after sd_auth()
13072 store username in sd->username so we don't rely on the USER env
13076 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
13079 document --with-bsdauth
13087 --with-bsdauth assumes --with-logincap
13090 * auth/bsdauth.c, auth/fwtk.c:
13091 When prompting for a response to a challenge, if the user just hits
13092 return then reprompt with echo turned on.
13095 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
13098 Remove debugging code that should not have been committed, oops.
13102 Use lower-level routines and get the password ourselves. Checks for
13103 a challenge and if there is one echo is not turned off.
13106 * auth/pam.c, auth/sudo_auth.h:
13107 minor housekeeping, no real code changes
13110 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
13113 Fix a coredump in the logging functions if gethostname(2) fails by
13114 deferring the call to log_error() until things are better setup.
13116 Fix return value of set_loginclass() in non-BSD-auth case.
13118 Hard-code 'sudo' in the usage message so we can fit more options on
13123 Fix errant ';' (typo) that broken MSG_ONLY
13126 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13128 * sudo.cat, sudo.man.in:
13136 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
13137 configure, configure.in, getspwuid.c, sudo.c:
13138 Add support for BSD authentication.
13141 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
13144 Fix typo; from sato@complex.eng.hokudai.ac.jp
13147 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
13150 Mention negating umask
13154 Allow user to specify umask of 0777 (same as !umask)
13157 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
13159 * sudo.pod, visudo.pod:
13160 Fix a typo and give a URL for the sudo history.
13163 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
13165 * defaults.c, sudo.pod:
13166 fix typos; pepper@reppep.com
13169 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
13171 * sudo.c, sudo.h, sudo_setenv.c:
13172 sudo_setenv() now exits on memory alloc failure instead of returning
13176 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
13179 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
13180 and possibly others.
13184 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
13185 that "%m" won't be expanded but we don't use that anyway since the
13186 logging routines may splat to stderr as well.
13189 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
13191 Add always_set_home variable
13194 * configure, configure.in:
13195 Have to hard code default values in help since the defaults are set
13196 _after_ the help stuff.
13199 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
13201 * lex.yy.c, parse.lex:
13202 Allow special characters (including '#') to be embedded in pathnames
13203 if quoted by a '\\'. The quoted chars will be dealt with by
13204 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
13207 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
13210 Better path searching for programs we need.
13214 Add section on "C compiler cannot create executables" errors.
13217 * Makefile.binary, Makefile.in, version.h:
13221 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
13222 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
13223 visudo.man.in, visudo.pod:
13224 Substitute values from configure into man pages.
13227 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
13230 The listpw and verifypw sudoers options would not take effect
13231 because the value of the default was checked *before* sudoers was
13232 parsed. Instead of passing in the value of PWCHECK_* to
13233 sudoers_lookup(), pass in the arg for def_ival() so the check can be
13234 deferred until after sudoers is parsed.
13237 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
13240 When writing prompt, no need to write the NUL as well;
13244 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
13247 When looking for chown, check in /sbin too
13250 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
13253 Remove extraneous call to init_defaults() and set runas_user to NULL
13254 betweem parses so init_defaults will reset it each time, thus
13255 avoiding a reference to free()d data.
13258 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
13260 * config.h.in, interfaces.c, interfaces.h, sudo.c:
13261 Add support for using getifaddrs() to get the list of ip addr /
13262 netmask pairs. Currently IPv4-only.
13266 Add a missing check for UserEditor == NULL Add missing '+' before
13267 line number when invoking editor to fix a syntax error
13270 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
13273 Call clean_env very early in main() for paranoia's sake. Idea from
13277 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
13280 Update proto for evasprintf and easprintf
13284 Make easprintf() and evasprintf() return an int.
13288 If the targetpw flag is set, use target username as part of the
13289 timestamp path. If tty tickets are in effect cat the tty and the
13290 target username with a ':' as the separator.
13293 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
13296 Backout part of last change; setting PAM_USER to the invoking user
13297 breaks things like targetpw.
13301 set tty and username via pam_set_item
13304 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
13305 Fix root, runas, and target authentication for non-passwd file auth
13309 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
13311 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
13312 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
13313 Use B<-Z> not C<-Z> for command line flags in all places. This is
13314 more consistent and works around a bug in Pod::Man.
13317 * sudoers.cat, sudoers.man.in, sudoers.pod:
13318 Fix an occurence of 'semicolon' that should be 'colon'
13321 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
13323 * configure, configure.in:
13324 Fix --with-badpri help line
13327 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
13329 * defaults.c, logging.c, sudo.c:
13330 Bracket calls to syslog with an openlog() and closelog() since some
13331 authentication methods (like PAM) may do their own logging via
13332 syslog. Since we don't use syslog much (usually just once per
13333 session) this doesn't really incur a performance penalty. It also
13334 Fixes a SEGV with pam_kafs.
13337 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
13340 Fix -H flag. runas_homedir is only valid after
13341 set_perms(PERM_RUNAS, mode)
13344 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
13347 Clarify the fact that insults are not enabled just by including them
13351 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
13353 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13355 Regenerated with perl 5.6.0 pod2man
13359 Give date string to pod2man since its default is ugly and it ain't
13364 Do section substitution on the output of pod2man and remove hack
13365 needed for old pod2man.
13368 * sudo.pod, sudoers.pod, visudo.pod:
13369 Put back real man sections, we will do the substitution later.
13372 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
13374 * configure, configure.in:
13375 Don't bother checking for the path to vi if user specified --with-
13379 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
13381 * CHANGES, visudo.c:
13382 Visudo now does its own fork/exec instead of calling system(3).
13385 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
13386 sudoers.pod, visudo.c:
13387 Visudo now checks for the existence of an editor and gives a
13388 sensible error if it does not exist.
13390 The path to the editor for visudo is now a colon-separated list of
13391 allowable editors. If the user has $EDITOR set and it matches one
13392 of the allowed editors that editor will be used. If not, the first
13393 editor in the list that actually exists is used.
13396 * sudo.cat, sudo.man.in, sudo.pod:
13397 Clear up confusion wrt sudo's return value.
13400 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
13403 Strip sudo and visudo for bindist target
13406 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
13407 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
13408 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
13409 [5eb9e60a726f] [SUDO_1_6_3]
13411 * visudo.cat, visudo.man.in, visudo.pod:
13412 Typo: @sysconf@ -> @sysconfdir@
13416 'make dist' should not cause any files to be modified so remove its
13421 Whoops, forgot to add release marker
13424 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
13427 Final change for 1.6.3 (or so I hope)
13430 * sudo.cat, sudoers.cat, visudo.cat:
13431 Use SYSV man sections since BSD systems will have nroff...
13434 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
13436 * parse.yacc, sudo.tab.c:
13437 When checking to see if the host/user matches in a defaults spec,
13438 check against TRUE, not just non-zero since it might be -1.
13441 * configure, configure.in:
13442 OSF/1 puts file formats in section 4, not 5.
13445 * CHANGES, INSTALL, sudo.c:
13446 Make login class support work on BSD/OS
13453 * configure, configure.in:
13454 If there is no inet_addr but there *is* an __inet_addr that's ok
13455 since inet_addr is probably just a macro then. The better thing to
13456 do would be to look for the macro, but this is fine for now.
13459 * configure, configure.in:
13460 Don't use shlicc for BSD/OS 4.x
13463 * Makefile.in, configure, configure.in:
13464 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
13465 configure variable so we can deal with this. Also, only remove *.man
13466 for 'distclean' not 'clean'.
13470 set_loginclass() should be static like the proto says
13473 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
13476 Add #ifdef __STDC__ around the rangematch function header to avoid
13477 promotion of test to int, thus violating the prototype. Gcc handles
13478 this gracefully but more std ANSI compilers will complain.
13482 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
13485 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
13486 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
13487 FNM_CASEFOLD in configure
13494 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
13495 Fully qualified hosts w/ wildcards were not matching the FQHOST
13496 token type. There's really no need for a separate token for fully-
13497 qualified vs. unqualified anymore so FQHOST is now history and
13498 hostname_matches now decides which hostname (short or long) to check
13499 based on whether or not the pattern contains a '.'.
13503 Fully qualified hosts w/ wildcards were not matching the FQHOST
13504 token type. There's really no need for a separate token for fully-
13505 qualified vs. unqualified anymore so FQHOST is now history and
13506 hostname_matches now decides which hostname (short or long) to check
13507 based on whether or not the pattern contains a '.'.
13510 * lex.yy.c, parse.c, parse.lex, parse.yacc:
13511 Fully qualified hosts w/ wildcards were not matching the FQHOST
13512 token type. There's really no need for a separate token for fully-
13513 qualified vs. unqualified anymore so FQHOST is now history and
13514 hostname_matches now decides which hostname (short or long) to check
13515 based on whether or not the pattern contains a '.'.
13518 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
13519 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
13520 Add support for wildcards in the hostname.
13524 Add targets for *.man.in, using config.status to generate *.man from
13528 * sudoers.cat, sudoers.man.in, sudoers.pod:
13529 Document set_logname option and enbolden refs to sudo and visudo.
13532 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
13533 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
13534 visudo.cat, visudo.man.in, visudo.pod:
13535 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
13536 from Michael D. Marchionna. configure now does substitution on the
13537 man pages, allowing us to fix up the paths and set the section
13538 correctly. Based on an idea from Michael D. Marchionna.
13542 Better fix for handling HP-UX aging info.
13546 Add support for set_logname run-time default
13549 * sudo.man.in, sudoers.man.in, visudo.man.in:
13550 configure does substitution on these to produce *.man
13553 * sudo.man, sudoers.man, visudo.man:
13554 These files now get generated from *.man.in at configure time.
13557 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
13559 * defaults.c, defaults.h:
13560 Add set_logname option so users can turn off setting of LOGNAME/USER
13561 environment variables.
13564 * lsearch.c, parse.c, testsudoers.c:
13568 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
13571 HP-UX adds extra info at the end for password aging so when
13572 comparing the result of crypt to pw_passwd we only compare the first
13573 len(epass) bytes *unless* the user entered an empty string for a
13578 Get rid of grandchild hack, it was causing problems and there is
13579 really no need for it. This fixes a bug where we spin eating up CPU
13580 when the user runs a long-running process like a shell.
13583 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
13586 User can always specify a login class if he/she is already root.
13589 * config.h.in, configure, configure.in, defaults.c, defaults.h,
13591 FreeBSD login class (login.conf) support.
13594 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13596 * auth/sudo_auth.c:
13597 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
13600 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
13603 Truncate unencrypted password to 8 chars if encrypted password is
13604 exactly 13 characters (indicateing standard a DES password). Many
13605 versions of crypt() do this for you, but not all (like HP-UX's).
13608 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
13611 Mention that gcc on dynix may have problems
13614 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
13617 Link visudo with NET_LIBS since we now call syslog via defaults.c
13621 Use Argv[0] as the first arg to openlog() since visudo uses this
13625 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
13628 Stash coredumpsize resource limit and retsore it before the exec()
13629 Otherwise the child ends up with a coredumpsize of 0.
13632 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
13634 * sudo.cat, sudo.man, sudo.pod:
13642 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
13643 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
13644 Added -S flag (read passwd from stdin) and tgetpass_flags global
13645 that holds flags to be passed in to tgetpass(). Change echo_off
13646 param to tgetpass() into a flags field. There are currently 2
13647 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
13648 tgetpass(), abstract the echo set/clear via macros and if (flags &
13649 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
13653 Fixed a bug that caused an infinite loop when the password timeout
13657 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
13659 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
13660 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
13661 Add rootpw, runaspw, and targetpw options.
13664 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
13666 enveditor -> env_editor
13669 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
13671 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
13672 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
13674 crank versino to 1.6.3
13677 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
13678 sudoers.pod, visudo.c:
13679 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
13680 them. This means that visudo will now parse the sudoers file
13681 *before* it is edited so a bogus sudoers file will cause a warning
13682 to go to stderr. Also, visudo checks the variables once--it does not
13683 check them after each editor run since that could be confusing.
13686 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
13692 * check.c, sudo.c, sudo.h:
13693 Move user_is_exempt prototype into sudo.h
13696 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
13698 * configure, configure.in:
13699 Fix thinko, some && should have been || in the last commit
13702 * configure, configure.in:
13703 Don't initialized Makefile variables to be NULL since the user may
13704 want to import variables from their environment.
13707 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
13709 * configure, configure.in:
13713 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
13716 fix a yacc (skeleton.c) warning
13719 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
13721 * INSTALL, RUNSON, configure, configure.in:
13722 Make pam work on HP-UX 11.0;jaearick@colby.edu
13726 recent changes; prepare for 1.6.2p1
13730 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
13733 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
13736 Regen with yacc that has a memory leak plugged.
13739 * sudoers.cat, sudoers.man, sudoers.pod:
13740 Expanded docs on sudoers 'defaults' options based on INSTALL file
13745 Fix some while lies
13748 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
13751 When making a bindist, link FAQ to TROUBLESHOOTING instead of
13755 * sudoers.cat, sudoers.man, sudoers.pod:
13756 Add netgroup caveat
13757 [28d119f466e3] [SUDO_1_6_2]
13760 Last minute updates
13776 Better detection of PAM errors and fix custom prompts with PAM.
13777 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
13780 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
13783 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
13787 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
13789 * CHANGES, config.h.in, configure, configure.in, visudo.c:
13790 Fix sudoers locking in visudo. We now lock the sudoers file itself,
13791 not the temp file (since locking the temp file can foul up editors).
13792 The previous locking scheme didn't work because the fd was closed
13796 * config.h.in, configure, configure.in:
13797 Don't need test for ftruncate() any more.
13800 * configure, configure.in:
13801 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
13802 the unbundled HP-UX cc.
13805 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
13807 * sudoers.cat, sudoers.man, sudoers.pod:
13808 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
13811 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
13813 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
13814 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
13815 version.h, visudo.c:
13816 update copyright year on changed files
13828 Crank version to 1.6.2
13832 Crank version to 1.6.2
13836 When using rlimit check for RLIM_INFINITY When computing the value
13837 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
13844 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
13845 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
13846 Crank version to 1.6.2
13849 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
13850 Add 'shell_noargs' runtime option back in. We have to defer
13851 checking until after the sudoers file has been parsed but since
13852 there are now other options that operate that way this one can too.
13853 Based on a patch from bguillory@email.com.
13856 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
13857 Add "listpw" and "verifypw" options.
13860 * sudoers.cat, sudoers.man, sudoers.pod:
13861 o Fix some typos/omissions o Add section on verifypw and listpw o
13862 Define how NOPASSWD interacts with the -v and -l flags
13865 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
13867 * configure, configure.in:
13868 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
13869 -D_HPUX_SOURCE to CPPFLAGS.
13872 * defaults.c, defaults.h:
13873 In struct sudo_defs_types, move the union to the end and don't
13874 initialize the union member since that only works with an ANSI
13875 compiler. We set the value of the union by hand in init_defaults()
13876 anyway. This allows sudo to compile on a K&R compiler again.
13879 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
13881 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
13882 netgr_matches needs to check shost as well as host since they may be
13887 End on \r as well as \n
13890 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
13893 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
13894 from 0400 to whatever SUDOERS_MODE is (converting from the old
13895 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
13896 0400 which should always be the case.
13899 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
13900 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
13901 w/o a passwd if there is *any* entry for the user on the host with a
13902 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
13903 the user on the host w/ the specified runas user have the NOPASSWD
13911 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
13914 Treat EOF at whatnow prompt like 'x' instead of looping.
13917 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13921 [5836a9452568] [SUDO_1_6_1]
13923 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
13925 * config.h.in, configure, configure.in, sudo.c:
13926 Add check for initgroups() since old SYSV lacks this.
13929 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
13930 parse.c, testsudoers.c:
13931 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
13935 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
13937 * auth/sudo_auth.c:
13938 Don't allow insults to be enabled if the insults[] array is empty.
13939 Otherwise there would be division by zero.
13943 Don't allow insults to be enabled if the insults[] array is empty.
13944 Otherwise there would be division by zero.
13948 Don't allow insults to be enabled if the insults[] array is empty.
13949 Otherwise there would be division by zero.
13953 Don't care about USE_INSULTS #define since the insult stuff may be
13954 overridden at runtime.
13957 * auth/sudo_auth.c:
13958 Honor insults flag.
13961 * CHANGES, parse.c:
13962 Don't ask the user for a password if the user is not allowed to run
13963 the command and the authenticate flag (in sudoers) is false.
13966 * CHANGES, RUNSON, lex.yy.c, parse.lex:
13967 o Whenever we get a bare newline we change to the INITIAL state. o
13968 Enter GOTRUNAS when we see Runas_Alias
13970 This allows #uid to work in a RunasAlias.
13973 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
13975 * CHANGES, parse.yacc, sudo.tab.c:
13976 fix parsing of runas lists: o oprunasuser and runaslist now return a
13977 value o in a runasspec, if a runaslist does not return TRUE, set
13978 runas_matches to FALSE. Normally, a runaslist only returns FALSE
13979 for explicitly denied users. o since runaslist does not modify the
13980 stack there is no need for a push/pop in runasalias.
13984 Don't kill the user's tickets until after sudoers has been parsed
13985 since tty_tickets and ticket_dir could be set in sudoers.
13988 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
13989 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
13990 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
13991 crank version to 1.6
13995 add set_fqdn() stub
13998 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
14000 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
14001 sudoers.man, sudoers.pod, visudo.c:
14002 o Kill shell_noargs option, it cannot work since the command needs
14003 to be set before sudoers is parsed. o Fix the "set_home" sudoers
14004 option (only worked at compile time). o Fix "fqdn" sudoers option.
14005 We now set host/shost via set_fqdn which gets called when the
14006 "fqdn" option is set in sudoers. o Move the openlog() to
14007 store_syslogfac() so this gets overridden correctly from the
14012 SecurID support should compile now.
14015 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
14017 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
14018 visudo.man, visudo.pod:
14019 fix some syntactic goofs
14022 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
14024 * Makefile.in, sudo.html, sudoers.html, visudo.html:
14025 No longer need the .html files as they are generated automatically
14029 * CHANGES, LICENSE:
14030 kill characters that made wml unhappy
14037 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
14040 majordomo@cs.colorado.edu -> majordomo@courtesan.com
14043 * Makefile.in, configure:
14044 Wrap script execution w/ /bin/sh for the benefit of ctm
14047 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
14050 Make the -s flag be exclusive too. Also reorder the flags in the
14051 exclusive usage message so they are alphabetical.
14054 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
14057 make pam errors other than PAM_PERM_DENIED fatal
14065 make it clear that /etc/pam.d/sudo is required on linux
14069 fix a warning on redhat and spew an error if pam_authenticate()
14070 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
14073 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14074 Be very clear that the password required is the user's not root's
14077 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
14080 add sample.syslog.conf to DISTFILES and BINFILES
14083 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
14086 updates from Brian Jackson + some formatting
14089 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
14091 * INSTALL.binary, Makefile.binary, README, RUNSON:
14092 o One RUNSon update o Changes for automating real binary releases
14099 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
14102 talk about run-time options in addition to compile-time options
14103 [1eb813ff0a9a] [SUDO_1_6_0]
14110 need sys/time.h if HAVE_SETRLIMIT
14113 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
14114 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
14115 get rid of references to sudo-bugs. Now mention the web site or the
14120 repair pod2html damage
14124 Update for 1.6 release
14127 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14128 Add warning about using ALL in a command context.
14131 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
14134 Call yyrestart() on a parse error to reset the lexer state.
14137 * lex.yy.c, parse.lex:
14138 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
14139 since it might not get called in yywrap if we get a parse error
14140 (and we only reread the file on error anyway).
14143 * lex.yy.c, parse.lex:
14144 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
14145 might still exist. Call yyrestart() instead of using the deprecated
14149 * lex.yy.c, parse.lex:
14150 flex doesn't need %N table size declarations
14153 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14154 Mention what characters need to be escaped in names.
14157 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
14164 clarify Mac OS X entry
14172 o Use AC_MSG_ERROR throughout o Check syslog configure options for
14176 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
14179 Fix printing of type T_MODE in dump_defaults()
14183 missing sys/types.h
14187 Break out options that may be overridden at run time into their own
14188 section. Add a not about Max OS X and correct some lies.
14191 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
14193 * CHANGES, config.h.in, configure, configure.in, sudo.c:
14194 o Now use getrlimit to find the highest fd when closing all non-std
14195 fd's o Turn off core dumps via setrlimit for the sake of paranoia
14202 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
14209 When read()'ing, do a single character at a time to be sure we don't
14210 go oast the newline.
14214 For the sudo_root option, check against user_uid, not getuid() since
14215 at this point, ruid == euid == 0.
14223 Fix compilation problem when --with-logging=file was specified.
14224 This means that syslog is now required to build sudo but that should
14225 not be a problem. If it is it can be fixed trivially with a
14226 configure check for syslog() or syslog.h.
14230 Make this work again for things like "sudo echo hi | more" where the
14231 tty gets put into character at a time mode. We read until we read
14232 end of line or we run out of space (similar to fgets(3)).
14235 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
14237 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14238 change ital to bold
14245 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
14248 Error out if syslog parameters are given without a value. For
14249 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
14250 no facilities in the 4.2BSD syslog.
14253 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
14256 Ignore the syslog facility for systems w/ old syslog like Ultrix.
14260 people with "." early in their path can have problems running sudo
14261 from the build dir ;-)
14264 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
14266 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14267 Remove -r realm option
14270 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
14271 configure.in, sudo.c:
14272 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
14279 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
14282 include <auth.h> to get function prototypes.
14285 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14289 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
14292 in set_perms(), always call setuid(0) before changing the ruid/euid
14293 so we always know it will succeed.
14297 #undef T_FOO to avoid conflicts with system defines (like on
14301 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
14303 Docuement "Defaults" lines in /etc/sudoers. Still needs some
14304 fleshing out but this is a start.
14307 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
14309 * use strtol, not strtoul since not everyone has not strtoul
14313 use strtol, not strtoul since not everyone has not strtoul
14316 * lex.yy.c, parse.lex:
14317 last {WORD} rule should only apply in the INITIAL state
14320 * lex.yy.c, parse.lex:
14321 o Add support for escaped characters in the WORD macro o Modify
14322 fill() to squash escape chars
14325 * defaults.c, defaults.h:
14326 o Add T_PATH flag to allow simple sanity checks for default values
14327 that are supposed to be pathnames. o Fix a duplicate free when
14328 visudo finds an error.
14331 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
14333 * defaults.c, defaults.h, logging.c:
14334 mail_if_foo -> mail_foo
14337 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
14339 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
14340 o Add requiretty option o Move O_NOCTTY to compat.h
14344 The exit() in log_error() was mistakenly removed in a previous
14345 version. Put it back...
14348 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
14350 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
14351 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
14352 configure, configure.in, defaults.c, defaults.h, find_path.c,
14353 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
14354 o Change defaults stuff to put the value right in the struct. o
14355 Implement mailer_flags o Store syslog stuff both in int and string
14356 form. Setting the string form magically updates the int version.
14357 o Add boolean attribute to strings where it makes sense to say !foo
14361 add O_NOCTTY when opening /dev/tty just in case
14364 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
14367 cleanup function no longer takes a status arg
14374 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14376 * TODO, config.h.in, configure, configure.in, logging.c:
14377 Use strftime() instead of ctime() if it is available.
14380 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14387 update ReliantUNIX entry
14390 * defaults.c, defaults.h, logging.c:
14391 add log_year option
14394 * configure, configure.in:
14395 add --without-sendmail to help output
14398 * configure, configure.in:
14399 enforce an otctal arg for --with-suoders-mode
14402 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
14404 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
14405 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
14406 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
14407 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
14408 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
14409 testsudoers.c, version.c, visudo.c:
14410 Add support for "Defaults" line in sudoers to make configuration
14411 variables changable at runtime (and on a global, per-host and per-
14412 user basis). Both the names and the internal representation are
14413 still subject to change. It was necessary to make sudo_user.runas
14414 but a char ** instead of a char * since this value can be changed by
14415 a Defaults line. There is a similar (but more complicated) issue
14416 with sudo_user.prompt but it is handled differently at the moment.
14418 Add a "-L" flag to list the name of options with their descriptions.
14419 This may only be temporary.
14421 Move some prototypes to parse.h
14423 Be much less restrictive on what is allowed for a username.
14426 * sample.syslog.conf:
14430 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
14432 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
14434 UCB has dropped the advertising clause from their license.
14437 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
14439 * auth/sudo_auth.h:
14440 move dce_verofy proto to correct section
14447 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
14450 Add fnmatch() prototype
14453 * fnmatch.c, parse.c, testsudoers.c:
14454 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
14458 add strcasecmp proto
14461 * auth/sudo_auth.c:
14462 add check for case where there are no auth methods
14465 * configure, configure.in:
14466 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
14470 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
14471 include strings.h everywhere we include string.h
14475 nicer output when showing auth methods
14479 Add support for SEND_MAIL_WHEN_NO_HOST
14482 * config.h.in, configure, configure.in:
14483 Add _GNU_SOURCE for Linux
14486 * lex.yy.c, parse.lex:
14487 fix definition of OCTECT
14490 * configure, configure.in:
14491 aix_auth.o not authenticate.o
14494 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
14497 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
14498 keyboard). Since we run with ruid/euid == 0 the user can't really
14499 signal us in nasty ways.
14503 Don't need to worry about catching too many signals since we do
14504 locking on the tmp file. If a lockfile is really stale, it will be
14505 detected and overwritten.
14508 * INSTALL, Makefile.in:
14509 include auth/API in tarball
14512 * auth/sudo_auth.c:
14513 move memset() of plaintext pw outside of verify loop and only do the
14514 memset if we are *not* in standalone mode.
14517 * auth/sudo_auth.c, auth/sudo_auth.h:
14518 DCE is not a standalone method
14522 fix --enable-noargs-shell
14526 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
14529 * auth/fwtk.c, auth/sia.c:
14530 _cleanup() function returns an int.
14534 there were still some return(0)'s hanging around, make them
14543 add missing semicolon
14546 * auth/sudo_auth.h:
14550 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
14552 * CHANGES, config.h.in, configure, configure.in:
14553 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
14557 add parse.h to HDRS
14560 * Makefile.in, configure, configure.in:
14561 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
14562 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
14563 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
14564 testsudoers to build on Solaris and is a bit cleaner in general.
14568 mention ptmp -> sudoers.tmp
14571 * config.h.in, configure, configure.in:
14572 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
14580 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
14581 return a value more like a system function
14593 update based on what is in the man page
14596 * parse.yacc, sudo.tab.c:
14597 minor change to first line printed in -l mode
14600 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14601 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
14602 standard and add "EXAMPLES" section
14605 * visudo.cat, visudo.html, visudo.man, visudo.pod:
14606 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
14610 * logging.c, parse.c, sudo.h:
14614 * lex.yy.c, parse.lex:
14615 make an OCTET really be limited to 0-255
14619 mention timestamp changes
14626 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14627 new sudoers(8) man page
14630 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
14633 Update comments about syslog name tables
14636 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
14637 strcasecmp.c, sudo.tab.c:
14638 include strcasecmp() for those without it
14642 Use the : operator some more and fix a typo
14646 update the history of sudo
14649 * parse.c, parse.lex, testsudoers.c:
14650 CIDR-style netmask support
14657 * sudo.tab.c, sudo.tab.h:
14658 these should be generated with byacc, not bison
14665 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
14666 In "sudo -l" mode, the type of the stored (expanded) alias was not
14667 stored with the contents. This could lead to incorrect output if
14668 the sudoers file had different alias types with the same name.
14669 Normal parsing (ie: not in '-l' mode) is unaffected.
14672 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
14674 * configure, configure.in:
14675 define _XOPEN_SOURCE to get at crypt() proto on some systems
14678 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
14685 don't need limits.h
14689 kill bogus reference to vfprintf
14692 * sample.sudoers, sudoers:
14697 Add some const in the K&R defs. This is safe since we define const
14698 away if the compiler doesn't grok it.
14701 * aclocal.m4, configure:
14702 Better test for working long long support. Ultrix compiler supports
14703 basic long long but not all operations on them.
14706 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
14707 snprintf.c, sudo.c:
14708 Add check for LONG_IS_QUAD #undef MAXINT before including
14709 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
14710 in snprintf.c and use LONG_IS_QUAD
14713 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
14715 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
14717 UCB-derived snprintf + asprintf support. Supports quads if the
14718 compiler does. No floating point yet, perhaps later...
14721 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
14723 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
14724 goodpath.c, logging.c, parse.c, sudo.c:
14725 Run most of the code as root, not the invoking user. It doesn't
14726 really gain us anything to run as the user since an attacker can
14727 just have an setuid(0) in their egg. Running as root solves
14728 potential problems wrt signalling.
14735 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
14737 * logging.c, sudo.c:
14738 Don't wait for child to finish in log_error(), let the signal
14739 handler get it if we are still running, else let init reap it for
14740 us. The extra time it takes to wait lets the user know that mail is
14743 Install SIGCHLD handler in main() and for POSIX signals, block
14748 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
14749 parse.yacc, sudo.c, sudo.h:
14750 sudoers_lookup() now returns a bitmap instead of an int. This makes
14751 it possible to express things like "failed to validate because user
14752 not listed for this host". Some thigns that were previously
14753 VALIDATE_FOO are now FLAG_FOO. This may change later on.
14755 Reorganized code in log_auth() and sudo.c to deal with above
14758 Safer versions of push/pushcp with in the do { ... } while (0) style
14760 parse.yacc now saves info on the stack to allow parse.c to determine
14761 if a user was listed, but not for the host he/she tried to run on.
14763 Added --with-mail-if-no-host option
14766 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14768 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
14769 visudo.man, visudo.pod:
14770 o NewArgv and NewArgc don't need to be externally visible. o If
14771 pedantic > 1, it is a parse error. o Add -s (strict) option to
14772 visudo which sets pedantic to 2.
14775 * HISTORY, INSTALL:
14776 Just have sudo-bugs contact info in one place
14779 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14783 * Makefile.in, configure, configure.in:
14784 Add testsudoers to default build target if --with-devel Don't clean
14785 generated parser files unless "distclean".
14788 * parse.yacc, sudo.tab.c:
14789 In pedantic mode we need to save *all* the aliases, not just those
14790 that match, or we get spurious warnings.
14794 reference samples.sylog.conf
14797 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
14799 * sample.syslog.conf:
14800 Sample entries for syslog.conf
14807 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
14808 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
14809 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
14810 auth/sudo_auth.c, auth/sudo_auth.h:
14811 In struct sudo_auth, turn need_root and configured into flags and
14812 add a flag to specify an auth method is running alone (the only
14813 one). Pass auth methods their sudo_auth pointer, not the data
14814 pointer. This allows us to get at the flags and tell if we are the
14815 only auth method. That, in turn, allows the method to be able to
14816 decide what should/should not be a fatal error. Currently only
14817 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
14818 define and te hackery that went with it. With access to the
14819 sudo_auth struct, methods can also get at a string holding their
14820 cannonical name (useful in error messages).
14823 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
14824 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
14826 o --with-otp deprecated, use --without-passwd instead o real
14827 dependencies in the Makefile o --with-devel option to enable yacc,
14828 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
14829 back to being a token, not a string but don't leak memory o rename
14830 hsotspec -> host in parse.yacc
14833 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
14839 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
14841 o Digital UNIX needs to check for *snprintf() before -ldb is added
14842 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
14843 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
14844 functions in snprintf.c to fix -Wall o Add missing includes to fix
14848 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
14849 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
14851 o Add a "pedentic" flag to the parser. This makes sudo warn in
14852 cases where an alias may be used before it is defined. Only turned
14853 on for visudo and testsudoers. o Add --disable-authentication option
14854 that makes sudo not require authentication by default. The PASSWD
14855 tag can be used to require authentication for an entry. We no
14856 longer overload --without-passwd.
14859 * lex.yy.c, parse.lex:
14860 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
14861 username can contain just about anything so be very permissive. Also
14862 drop the unused \. punctuation.
14865 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
14867 * parse.yacc, sudo.tab.c:
14868 o add a 'val' element to aliasinfo struct and move -> parse.h o
14869 find_alias() now returns an aliasinfo * instead of boolean o
14870 add_alias() now takes a value parameter to store in the
14871 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
14872 return: 1) positive match 0) negative match (due to '!')
14873 -1) no match This means setting $$ explicitly in all cases, which I
14874 should have done in the first place. It also means that we always
14875 store a value that is != -1 and when we see a '!' we can set
14876 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
14877 now works the way it should in lists and some of the rules are more
14878 uniform and sensible.
14882 add parse.h dependency
14886 kill unused *_matched macros
14890 Allow a list of users as the first thing in a user spec, not just a
14891 single entry. This makes things more uniform, though it does allow
14892 you to write user specs that are hard to read.
14904 fix check for crypt() in libufc
14907 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
14910 sudo-users list now exists
14913 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
14917 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
14918 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
14919 version.c, visudo.c:
14920 o Move lock_file() and touch() into fileops.c so visudo can use them
14921 o Visudo now locks the sudoers temp file instead of bailing when the
14922 temp file already exists. This fixes the problem of stale temp
14923 files but it does *require* that you not try to put the temp file in
14924 a world-writable directory. This shoud not be an issue as the temp
14925 file should live in the same dir as sudoers. o Visudo now only
14926 installs the temp file as sudoers if it changed.
14929 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14935 * config.h.in, configure, configure.in, logging.c:
14939 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
14940 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
14941 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
14942 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
14943 -> _PATH_SUDOERS_TMP
14946 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14948 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
14949 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
14950 root sudo -V config reporting
14953 * configure, configure.in:
14954 aix_auth.o not authenticate.o
14958 Add --with-goodpri and --with-badpri configure options to specify
14959 the syslog priority to use.
14962 * INSTALL, configure, configure.in, logging.h:
14963 Add --with-goodpri and --with-badpri configure options to specify
14964 the syslog priority to use.
14968 kill crufty AIX stuff
14972 Sigh, some versions of make (like Solaris's) don't deal with $< like
14973 I would expect. Both GNU and BSD makes get this right but... So, we
14974 just expand $< inline at the cost of some ugliness.
14978 If the invoking user is root, sudo will now print configure info in
14979 -V mode. Currently just prints logging info, to be expanded later.
14982 * logging.c, logging.h, sudo.c, sudo.h:
14983 o new defines for syslog facility and priority o use new
14984 print_version() functino for -V mode
14988 Don't need version.c
14991 * aclocal.m4, config.h.in, configure, configure.in:
14992 Add check for syslog facilities and priorities tables in syslog.h
14996 o authenticate -> aix_auth o add version.c
14999 * auth/sudo_auth.c:
15000 Missed a prompt -> user_prompt conversion
15003 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
15006 sudo should lock its logfile
15009 * parse.yacc, sudo.tab.c:
15010 o Add '!' correctly when expanding Aliases. o Add shortcut macros
15011 for append() to make things more readable. o The separator in
15012 append() is now a string instead of a char. o In append(), only
15013 prepend the separator if the last char is not a '!'. This is a
15014 hack but it greatly simplifies '!' handling. o In -l mode, Runas
15015 lists and NOPASSWD/PASSWD tags are now inherited across entries in
15016 a list (matches current behavior). o Fix formatting in -l mode such
15017 that items in a list are separated by a space. Greatlt improves
15018 readability. o Space for name field in struct aliasinfo is now
15019 allocated dyanically instead of using a (big) buffer. o In
15020 add_alias(), only search the list once (lsearch instead of lfind +
15024 * lex.yy.c, sudo.tab.c, sudo.tab.h:
15028 * configure, configure.in:
15029 Solais pam doesn't require anye xtra setup
15033 o Simpler '!' support now that the lexer deals with multiple !'s for
15034 us. o In the case of opFOO, have FOO give a boolean return value and
15035 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
15036 it gets fill()'d in parse.lex--fixes a small memory leak. In the
15037 long run it may be better to just fix parse.lex and make ALL back
15038 into a token. However, having it be a string is useful since it
15039 can be easily passed back to the parent rule if we so desire.
15043 o Remove some unnecessary backslashes o collapse multiple !'s by
15044 using !+ and checking if yyleng is even or odd. this allows us to
15045 simplify ! handling in parse.yacc
15049 -u flag was being ignored
15052 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
15059 work around pod2man stupididy
15063 correct dependencies for .cat
15066 * sudo.cat, sudo.man, visudo.cat, visudo.man:
15070 * sudo.pod, visudo.pod:
15071 Add copyright Update to reality
15074 * parse.c, sudo.c, sudo.h:
15075 rename validate() to the more descriptive sudoers_lookup()
15082 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
15088 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
15089 configure, configure.in, sudo.c:
15094 add 4th term to license similar to term 5 in the apache license
15097 * emul/search.h, emul/utime.h:
15098 add 4th term to license similar to term 5 in the apache license
15101 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
15102 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
15103 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
15104 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
15105 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
15106 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
15107 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
15109 add 4th term to license similar to term 5 in the apache license
15112 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
15113 add 4th term to license similar to term 5 in the apache license
15116 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
15117 getspwuid.c, goodpath.c:
15118 add 4th term to license similar to term 5 in the apache license
15121 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
15122 insults.h, logging.c, sudo.c, sudo.h:
15123 there was a 1995 release too
15126 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
15133 Use dirs instead of files for timestamp. This allows tty and non-
15134 tty schemes to coexist reasonably. Note, however, that when you
15135 update a tty ticket, the mtime on the user dir gets updated as well.
15138 * configure, configure.in:
15139 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
15140 when linking test program, not just -lprot. Also add check for
15141 getspnam(). The SCO docs indicate that /etc/shadow can be used but
15145 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
15148 first cut at auth API description
15151 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
15153 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
15154 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
15156 auth API change. There is now an init method that gets run before
15157 the main loop. This allows auth routines to differentiate between
15158 initialization that happens once vs. setup that needs to run each
15159 time through the loop.
15162 * auth/kerb5.c, logging.c:
15163 use easprintf() and evasprintf()
15167 add easprintf() and evasprintf(), error checking versions of
15168 asprintf() and vasprintf()
15172 remove 2 items. One done, one won't do.
15175 * lex.yy.c, sudo.tab.c:
15179 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
15180 visudo.html, visudo.man:
15189 o Document -K flag and update meaning of -k flag. o BSD-style
15190 copyright o Document clearing of BIND resolver environment variables
15191 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
15192 if your OS gives away files
15200 BSD-style copyright
15204 o BSD copyright o no need to block signals, we now do that in main()
15208 * testsudoers.c, visudo.c:
15209 o BSD-style copyright o Use "struct sudo_user" instead of old
15210 globals. o some cometic cleanup
15214 BSD-style copyright
15218 o BSD copyright o logging and parser bits moved to their own .h
15219 files o new "struct sudo_user" to encapsulate many of the old
15224 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
15225 logging routines o simplified flow of control o BIND resolver
15226 additions to badenv_table
15230 BSD-style copyright
15234 Now compiles on more K&R compilers
15238 BSD-style copyright, cosmetic changes
15242 BSD-style copyright
15245 * parse.c, parse.h, parse.lex, parse.yacc:
15246 BSD-style copyright. Move parser-specific defines and structs into
15247 parse.h + other cosmetic changes
15251 defines for logging routines
15254 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
15255 BSD-style copyright, cosmetic changes
15258 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
15260 BSD-style copyright
15264 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
15265 kill --disable-tgetpass o add --without-passwd o changes to fill in
15266 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
15267 v?asprintf() o replace --with-AuthSRV with --with-fwtk
15271 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
15272 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
15273 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
15277 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
15281 BSD-style copyright
15285 no more --with-getpass
15289 Take out things I've done...
15297 --with-getpass no longer exists
15301 BSD-style copyright. Update to reflect reality wrt new files and
15306 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
15311 Update history a bit
15314 * COPYING, LICENSE:
15315 Now distributed under a BSD-style license
15318 * auth/sudo_auth.c:
15319 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
15320 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
15324 * auth/pam.c, auth/sia.c:
15325 BSD-style copyright and use new log functions
15329 o BSD-style copyright o Use new log functiongs o Use asprintf() and
15330 snprintf() where sensible.
15334 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
15335 done more reasonably--better sanity checks and tty-based stamps are
15336 now done as files in a directory with the same name as the invoking
15337 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
15338 to mix tty and non-tty based ticket schemes but this may change in
15339 the future (it requires sudo to use a directory instead of a file in
15340 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
15341 the epoch and ``sudo -K'' really deletes the file. That way you
15342 don't get the lecture again just because you killed your ticket in
15343 .logout. BSD-style copyright now.
15347 o rewritten logging routines. log_error() now takes printf-style
15348 varargs and log_auth() for the return value of validate(). o BSD-
15352 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
15353 superceded by new auth API
15357 BSD-style copyright
15361 Use snprintf() where it makes sense and add a BSD-style copyright
15364 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
15365 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
15366 BSD-style copyright
15369 * emul/utime.h, utime.c:
15370 BSD-style copyright
15374 this has been rewritten so use my BSD-style copyright
15377 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
15380 include malloc.h if no stdlib.h
15384 KTH snprintf()/asprintf() for systems w/o them
15388 strerror() for systems w/o it
15391 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
15397 * parse.c, parse.lex, parse.yacc:
15398 Add contribution info in the main comment
15401 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
15404 remove missed ref to PAM_nullpw
15407 * auth/sudo_auth.h:
15412 more or less complete now--still untested
15415 * auth/afs.c, auth/pam.c:
15416 don't use user_name macro, it will go away
15419 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
15420 combine skey/opie code into rfc1938.c
15423 * auth/dce.c, auth/sudo_auth.h:
15424 DCE authentication method; basically unchanged from dce_pwent.c
15427 * auth/aix_auth.c, auth/sudo_auth.h:
15428 AIX authenticate() support. Could probably be much better
15432 Fix an uninitialized variable and some cleanup. Now works (tested)
15435 * auth/sia.c, auth/sudo_auth.h:
15436 SIA support for digital unix
15440 don't use prompt global, it will go away
15443 * auth/secureware.c:
15444 correct copyright years
15447 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
15448 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
15449 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
15450 New authentication API and methods
15453 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
15460 only save an entry if user_matches && host_matches, even if the
15461 stack is empty (fix for previous commit)
15469 1) Always save an entry on the stack if it is empty. This fixes the
15470 -l and -v flags that were broken by earlier parser changes.
15472 2) In a Runas list, don't negate FALSE -> TRUE since that would make
15473 !foo match any time the user specified a runas user (via -u) other
15478 interfaces and num_interfaces are now auto, not extern
15481 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
15484 use a static global to keep stae about empty passwords
15488 make PASSWORD_NOT_CORRECT logging consistent with other modules
15491 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
15494 PAM prompt code was wrong, looks like we have to kludge it after
15499 In the PAM code, when a user hits return at the first password
15500 prompt, exit without a warning just like the normal auth code
15503 * configure, configure.in:
15504 kludge around cross-compiler false positives
15507 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
15508 New (correct) PAM code Tgetpass now takes an echo flag for use with
15509 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
15510 useless umask setting Change error from BAD_ALLOCATION ->
15511 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
15516 Some -Wall and kill some trailing spaces
15520 define -D__EXTENSIONS__ for solaris so we get crypt() proto
15523 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
15529 * INSTALL, config.h.in, configure, configure.in:
15530 for kerberos V < version, fall back on old kerb4 auth code
15534 clarify some things
15537 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
15541 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
15544 mention why DONT_LEAK_PATH_INFO is not the default
15547 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
15550 Fix open(2) return value checking, was NULL for fopen, should be -1
15559 better wording for solaris pam notice
15563 document recent changes
15567 Update shadow password section
15571 move authentication code from check.c to auth.c
15574 * Makefile.in, check.c, sudo.h:
15575 move authentication code to auth.c
15578 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
15580 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
15581 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
15582 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
15583 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
15585 Move interface-related defines to interfaces.h so we don't have to
15586 include <netinet/in.h> everywhere.
15589 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
15591 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
15592 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
15593 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
15594 turns out the old DES crypt does the right thing with passwords
15595 longert than 8 characters. o Fix common typo (necesary ->
15596 necessary) o Update TODO list
15599 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
15602 set $LOGNAME when we set $USER
15605 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
15608 add comment about digital unix and interfaces.c warning with gcc
15611 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
15614 use modern paths and give examples for some of the new parser
15618 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15624 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
15625 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
15626 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
15627 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
15628 Function names should be flush with the start of the line so they
15629 can be found trivially in an editor and with grep
15632 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
15633 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
15634 free(3) is already void, no need to cast it
15637 * logging.c, sudo.c, sudo.h:
15638 catch case where cmnd_safe is not set (this should not be possible)
15641 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
15642 testsudoers.c, visudo.c:
15643 Stash the "safe" path (ie: the one listed in sudoers) to the command
15644 instead of stashing the struct stat. Should be safer.
15647 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
15649 * INSTALL, Makefile.in, UPGRADE:
15650 notes on updating from an earlier release
15657 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
15659 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
15660 sudoers.man, sudoers.pod:
15661 You can now specifiy a host list instead of just a host or alias.
15662 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
15669 * parse.yacc, sudo.tab.c:
15670 Move the push from the beginning of cmndspec to the end. This means
15671 we no longer have to do a push at the end of privilege, just reset
15675 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
15676 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
15677 use "!" most everywhere
15680 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
15683 modernize paths and update su example based on sample.sudoers one
15687 New runas semantics
15690 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
15692 In estrdup(), do the malloc ourselves so we don't need to rely on
15693 the system strdup(3) which may or may not exist. There is now no
15694 need to provide strdup() for those w/o it. Also, the prototype for
15695 estrdup() was wrong, it returns char * and its param is const.
15703 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
15706 * CHANGES, TODO, parse.yacc, sudo.tab.c:
15707 It is now possible to use the '!' operator in a runas list as well
15708 as in a Cmnd_Alias, Host_Alias and User_Alias.
15711 * logging.c, sudo.h:
15712 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
15716 Definitions of *_matched were wrong--user top, not top-2 as
15720 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
15721 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
15722 command but the NOPASSWD flag was set. Make runasspec, runaslist,
15723 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
15724 in the runas list Fix double printing of '%' and '+' for groups and
15725 netgroups respectively Add *_matched macros (no need for local stack
15726 variable). Should only be used directly after a pop (since top must
15730 * aclocal.m4, configure.in:
15731 Add copyright, somewhat silly
15734 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15736 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
15737 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
15738 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
15739 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
15740 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
15741 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
15742 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
15743 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
15745 Crank version to 1.6 and combine copyright statements
15749 Use ! not ^ to do negation
15752 * lex.yy.c, sudo.tab.c:
15756 * parse.lex, parse.yacc:
15757 Make runas and NOPASSWD tags persistent across entris in a command
15758 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
15759 runas or *PASSWD tag the value given becomes the new default for the
15760 rest of the command list.
15763 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
15767 [a1ae9d4a7d54] [SUDO_1_5_9]
15770 Shift return value of system(3) by 8 to get real exit value and if
15771 it is not 1 or 0 print the retval along with the error message.
15774 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15777 testsudoers needs LIBOBJS too
15780 * parse.c, parse.yacc, sudo.tab.c:
15781 Fix another parser bug. For a sudoers entry like this: millert
15782 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
15790 * parse.yacc, sudo.tab.c:
15791 Save entries that match a ! command on the matching stack too
15795 Make sudo's usage info better when mutually exclusive args are given
15796 and don't rely on argument order to detect this; nick@zeta.org.au
15799 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
15801 * CHANGES, Makefile.in, RUNSON:
15809 * parse.yacc, sudo.tab.c:
15810 Fix off by one error introduced in *alloc changes
15813 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
15814 check_sia.c, compat.h, config.h.in, configure, configure.in,
15815 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
15816 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
15817 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
15818 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
15819 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
15820 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
15821 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
15825 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
15826 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
15827 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
15828 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
15829 Use emalloc/erealloc/estrdup
15833 error checking memory allocation routines
15836 * parse.yacc, sudo.tab.c:
15837 Still not right, this fixes it for real
15840 * parse.yacc, sudo.tab.c:
15841 Fix for previous commit
15844 * CHANGES, INSTALL, parse.yacc:
15845 Fix a parser bug that was exposed when mixing different runas specs
15846 and ! commands. For example: millert ALL=(daemon)
15847 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
15848 as well as daemon when it should just allow daemon. The problem was
15849 that comma-separated commands in a list shared the same entry on the
15850 matching stack. Now they get their own entry iff there is a full
15851 match. It may be better to just make the runas spec persistent
15852 across all commands in a list like the user and host entries of the
15853 matching stack. However, since that is a fairly major change it
15854 should gets its own minor rev increase.
15857 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
15859 * check.c, config.h.in:
15860 Simplify PAM code and fix a PAM-related warning on Linux
15863 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
15877 * check.c, configure.in:
15878 new pam code that works on solaris, should work on linux too;
15882 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15889 only include strings.h if there is no string.h
15892 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
15895 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
15898 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15901 shost must be set before log functions are called #ifdef HOST_IN_LOG
15904 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
15906 * CHANGES, lex.yy.c, parse.lex:
15907 Fix a bug wrt quoting characters in command args. Stop processing
15908 an arg when you hit a backslash so the quoted-character detection
15912 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
15915 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
15918 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
15920 * configure, configure.in:
15921 add missing case statement so --without-sendmail works
15924 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15930 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
15932 * configure, configure.in:
15933 only search for -lsun in irix <= 4.x
15936 * configure, configure.in:
15937 back out last configure.in change now that I've hacked autoconf to
15938 fix the real problem and add a missing newline
15946 add def of dirfd() for those without it
15949 * configure, configure.in:
15950 When falling back to checking for socket() when linking with
15951 "-lsocket -lnsl" check for main() instead since autoconf has already
15952 cached the results of checking for socket() in -lsocket. This is
15953 really an autoconf bug as it should use the extra libs as part of
15954 the cache variable name.
15961 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
15964 fix occurrence of $with_timeout that should be
15965 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
15969 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
15971 * sudo.cat, sudo.html, sudo.man, sudo.pod:
15972 fix grammar; espie@openbsd.org
15973 [7031d9dfbc3e] [SUDO_1_5_8]
15975 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15977 * parse.yacc, sudo.c, testsudoers.c:
15978 add cast for strdup in places it does not have it
15981 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
15983 * configure, configure.in:
15984 define for_BSD_TYPES irix
15987 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
15989 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
15990 Make it clear that it is the user's password, not root's, that we
15995 If the user enters an empty password and really has no password,
15996 accept the empty password they entered. Perviously, they could
15998 *but* an empty password. Also, add GETPASS macro that calls either
15999 tgetpass() or getpass() depending on how sudo was configured.
16000 Problem noted by jdg@maths.qmw.ac.uk
16003 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
16005 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
16006 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
16007 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
16008 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
16009 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
16010 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
16012 add explicate copyright
16016 mention -lsocket, -lnsl configure changes
16019 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
16022 Don't clobber errno after calling check_sudoers().
16025 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
16027 * configure, configure.in:
16028 When linking with both -lsocket and -lnsl be sure to do so in that
16029 order. Also, when we can't find socket() or inet_addr() and have to
16030 try linking with both libs, issue a warning.
16033 * sudo.cat, sudo.man, sudo.pod:
16034 clarify bad timestamp and fmt
16037 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16040 be clear that pam is linux-only and add a RUNSON entry
16043 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
16045 * CHANGES, INSTALL, configure, configure.in:
16046 fix and correctly document --with-umask; problem noted by
16050 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16052 * configure, configure.in:
16053 only use /usr/{man,catman}/local to store man pages if suer didn't
16054 override prefix or mandir
16057 * INSTALL, configure, configure.in:
16058 fix typo, make --with-SecurID take an arg
16061 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
16067 * CHANGES, INSTALL, check.c, configure, configure.in:
16068 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
16071 * configure, configure.in:
16072 better fix for the problem of unresolved symbols in -lnsl or
16076 * configure, configure.in:
16077 when checking for functions in -lnsl and -lsocket link with both of
16078 them to avoid unresolved symbols on some weirdo systems
16081 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
16083 * BUGS, CHANGES, RUNSON, TODO:
16084 old changes that didn't make it into RCS before the RCS->CVS switch
16087 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16089 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
16090 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
16091 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
16092 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
16093 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
16094 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
16095 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
16108 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
16109 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
16110 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
16111 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
16112 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
16113 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
16114 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
16115 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
16116 crank version and regen files
16120 kill rcs goop in update_version and fix now that version is a const
16123 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
16124 sudo.c, sudo.h, sudo.pod:
16125 kerb5 support from fcusack@iconnet.net
16128 * realpath.c, sudo_realpath.c:
16129 we no longer use realpath
16133 replaced by find_path.c
16137 all options are now configure flags
16145 superceded by getcwd.c
16149 superceded by tgetpass.c
16153 superceded by RUNSON
16157 No longer used now that we have configure options for everything.
16161 regen based on configure.in
16164 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
16165 sudoers.man, visudo.cat, visudo.html, visudo.man:
16166 regen based on sudo.pod, sudoers.pod, and visudo.pod
16169 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
16172 fix tty tickets in remove_timestamp (didn't use ':')
16175 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
16178 close sock when we are done with it
16181 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
16184 never say "error on line -1"
16187 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
16190 check for -lnsl before -lsocket
16194 quote '[', ']' used in ranges correctly
16197 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
16200 add missing NO_ROOT_SUDO noted by drno@tsd.edu
16203 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
16210 more info for 1.5.7
16218 make increases of cm_list_size and ga_list_size be similar to
16219 increases of stacksize (ie: >= not > in initial compare).
16223 when we get a syntax error, report it for the previous line since
16224 that's generally where the error occurred.
16227 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
16229 * config.h.in, configure.in, interfaces.c:
16230 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
16232 [d197f31fd1e4] [SUDO_1_5_7]
16235 define BSD_COMP for svr4
16238 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
16239 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
16240 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
16241 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16246 kill check for sockio,h
16250 no more HAVE_SYS_SOCKIO_H
16253 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
16254 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
16255 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
16256 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16260 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
16263 add missing inform_user()
16266 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
16269 return NOT_FOUND if given fully qualified path and it does not exist
16270 previously it would perror(ENOENT) which bypasses the option to not
16275 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
16279 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
16282 tty tickets are user:tty now
16286 when using tty tickets make it user:tty not user.tty as a username
16287 could have a '.' in it
16290 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
16293 add "ignoring foo found in ." for auth successful case
16296 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
16299 add missing printf param
16302 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
16304 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
16305 go back to printing "command not found" unless --disable-path-info
16306 specified. Also, tell user when we ignore '.' in their path and it
16307 would have been used but for --with-ignore-dot.
16311 Only one space after a colon, not two, in printf's
16314 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
16317 document setting $USER
16321 fix bugs with prompt expansion
16325 set $USER for root too
16328 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
16335 HP-UX's iscomsec is in -lsec, not libc
16339 remove some entries in the OS case statement that did nothing
16343 add "cd" section and flush out syslog section
16347 no more sudo-lex.yy.c
16351 add custom prompt support
16355 kill perror("malloc") since we already have a good error messages
16356 pw_ent -> pw for brevity
16360 kill perror("malloc") since we already have a good error messages
16361 pw_ent -> pw for brevity set $USER if -u specified
16365 kill perror("malloc") since we already have a good error messages
16369 kill perror("malloc") since we already have a good error messages
16370 pw_ent -> pw for brevity when checking if %group matches, look up
16371 user in password file so that %groups works in a RunAs spec.
16375 kill perror("malloc") since we already have a good error messages
16378 * check.c, getspwuid.c, interfaces.c:
16379 kill perror("malloc") since we already have a good error messages
16380 pw_ent -> pw for brevity
16383 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
16386 the prompt is expanded before tgetpass is called
16390 tgetpass now has the same args as getpass again
16394 add iscomsec, issecure support
16398 we now expand any %h or %u in the prompt before passing to tgetpass
16402 add check for syslog(3) in -lsocket, -lnsl, -linet
16406 add HAVE_ISCOMSEC and HAVE_ISSECURE
16410 add check for iscomsec in HP-UX
16414 check for issecure if we have getpwanam on SunOS some options are
16415 incompatible with DUNIX SIA check for dispcrypt on DUNIX
16418 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16425 add back support for non-dispcrypt based checking for older DUNIX
16433 SIA becomes the default on Digital UNIX now havbe --disable-sia to
16438 move local includes after system ones
16441 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
16443 * check.c, check_sia.c, sudo.h:
16444 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
16449 fix while loop in sia_attempt_auth() that checks the password. Only
16450 the first iteration was working.
16453 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
16456 don't trust UID_MAX or MAXUID
16467 * getspwuid.c, secureware.c:
16468 init crypt_type to INT_MAX since it is legal to be negative in DUNX
16473 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
16474 -ldb since DUNX < 4.0 lacks it
16477 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
16479 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
16480 secureware.c, sudo.c, tgetpass.c:
16481 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
16482 minutes if the shadow files don't exist).
16485 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
16488 updated --with-editor blurb
16492 tell how to put sudoers in a different dir
16496 add missing quotes around $with_editor
16500 typo in --with-editor bits
16504 I don't expect it to work on Solaris
16508 add back security/pam_misc.h
16511 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
16514 remove dunix note since configure checks for this now
16518 add check for broken dunix prot.h (4.0 < 4.0D is bad)
16521 * getspwuid.c, secureware.c, tgetpass.c:
16522 new dunix shadow code, use dispcrypt(3)
16530 call initprivs() if we have it for getprpwuid later on
16534 clean pathnames.h too
16538 quote "Sorry, try again." with [] since it has a comma in it set
16539 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
16540 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
16545 update Digital UNIX note about acl.h
16550 --without-root-sudo -> --disable-root-sudo some reordering
16557 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
16565 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
16568 when checking for -lsocket, -lnsl, and -linet, check for the
16569 specific functions we need from them.
16572 * config.h.in, sudo.h:
16573 move Syslog_* defs into sudo.h
16576 * Makefile.in, sudo.h:
16577 added check_secureware
16581 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
16585 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
16586 defined. configure now does that for us
16590 move some --with options around change a bunch of echo's to
16591 AC_MSG_CHECKING, AC_MSG_RESULT pairs
16595 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
16596 syntax error add some echo verbage
16599 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
16602 moved SecureWare stuff into secureware.c
16610 update url to solaris gcc bins
16614 change option formatter and flesh out someentries
16617 * TROUBLESHOOTING, sudo.pod, visudo.pod:
16618 environmental variable -> environment variable
16622 everything is now done via configure
16630 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
16634 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
16638 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
16639 sudoers_mode from configure
16643 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
16644 the Makefile, not config.h
16648 document all --with/--enable options
16651 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
16654 options.h is no more
16658 assimilated options.h
16662 moved options from options.h to configure
16665 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
16666 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
16667 sudo_setenv.c, visudo.c:
16671 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
16672 remove references to options.h
16675 * dce_pwent.c, interfaces.c, sudo.c:
16680 if select return < -1 still prompt for pw
16684 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
16689 FAST_MATCH is no longer an optino
16693 remove_timestamp() if timestamp is preposterous
16697 convert more options to --with/--enable
16700 * INSTALL, aclocal.m4:
16705 convert more options into --with and --enable
16709 catch EINTR in select and restart
16716 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
16719 UMASK -> SUDO_UMASK.
16722 * check.c, logging.c:
16723 time.h, not sys/time.h
16726 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
16729 MAILER -> _PATH_SENDMAIL
16732 * INSTALL, configure.in:
16733 no more --with-C2, now it is --disable-shadow
16736 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
16737 getspwuid.c, sudo.c, tgetpass.c:
16738 new shadow password scheme. Always include shadow support if the
16739 platform supports it and the user did not disable it via configure
16742 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
16745 --with-getpass -> --{enable,disable}-tgetpass
16749 pathnames.h -> pathnames.h.in
16757 move pam_conv to be static to auth function remove pam_misc.h
16758 (solaris doesn't have one)
16762 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
16766 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
16770 convert to pathnames.h.in
16773 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16776 fix typo in sysv4 matching case /.
16779 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
16782 pam stuff needs to run as root, not user, for shadow passwords
16785 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
16787 * BUGS, INSTALL, README, configure.in:
16791 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
16792 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
16793 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
16794 logging.c, options.h, parse.c, parse.lex, parse.yacc,
16795 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
16796 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16801 user version.h for long message
16805 this is version 1.5.6
16808 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
16811 remove errant backslash
16814 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
16816 * options.h, parse.yacc, pathnames.h.in:
16818 [fdee73255d64] [SUDO_1_5_6]
16820 * BUGS, CHANGES, TODO:
16828 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
16831 kill unused localhost_mask var copy if name to ifr_tmp after we zero
16835 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
16838 Better description of new vs. old sudoers modes fix some typos
16839 better description of /usr/ucb/cc gotchas on slowaris
16847 set NewArgv[0] to user_shell, not basename(user_shell)
16850 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
16853 mention TROUBLESHOOTING more fix some typos
16857 move --enable/--disable to be after --with
16861 document --enable/--disable
16865 document --with-pam
16868 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
16871 Add message for pam users
16882 * check.c, config.h.in, configure.in:
16883 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
16886 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
16889 add HOST_IN_LOG and WRAP_LOG
16893 add WRAP_LOG and HOST_IN_LOG
16897 add --enable-log-host and --enable-log-wrap
16901 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
16904 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
16911 include sys/param.h to get howmany macro
16914 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
16916 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
16920 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
16923 bring in stdio.h for NULL
16927 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
16931 use HAVE_SET_AUTH_PARAMETERS
16935 add HAVE_SET_AUTH_PARAMETERS
16939 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
16943 add support for HI-UX/MPP SR220001 02-03 0 SR2201
16947 initialize previfname
16951 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
16952 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
16961 don't need special build line for sudo.tab.o
16965 don't clean sudo.tab.[ch]
16969 Sudo should prompt for a password before telling the user that a
16970 command could not be found.
16978 no longer require yacc
16986 y.tab -> sudo.tab include pre-yacc'd parse.yacc
16990 include sudo.tab.h, not y.tab.h don't break out of command args if
16998 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
17007 getcwd(3) from OpenBSD for those without it.
17011 HAVE_GETWD -> HAVE_GETCWD
17015 pretend sunos doesn't have getcwd(3) since it opens a pipe to
17024 remove duplicate include of string.h
17028 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
17032 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
17036 add dev_t and ino_t
17039 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
17042 fix OTP_ONLY for opie
17045 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
17047 * testsudoers.c, tgetpass.c:
17048 include stdlib.h for malloc proto
17051 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
17054 make update_version saner
17058 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
17062 check for waitpid and wait3 or no waitpid
17066 used waitpid or wait3 if we have 'em
17069 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
17072 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
17075 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
17078 don't need to explicately mention -lsocket -lnsl for sequent
17081 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
17084 dynix should not link with -linet
17087 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
17090 mention that HP-UX doesn't ship with yacc
17093 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
17096 ignore kerberos if we can't get the local realm
17099 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
17101 * BUGS, INSTALL, README, configure.in:
17109 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
17110 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
17111 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
17112 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
17121 don't use popen/pclose. Do it inline.
17132 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
17133 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
17138 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
17143 getwd.c -> getcwd.c
17155 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
17159 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
17161 * OPTIONS, options.h:
17162 add STUB_LOAD_INTERFACES
17165 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17166 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17167 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17168 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17169 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17170 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17175 support *-ccur-sysv4 and fix two typos
17178 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
17181 don't echo about with_logfile and with_timedir
17185 document --with-logfile and --with-timedir
17189 support --with-logfile and --with-timedir
17193 Add --with-logfile and --with-timedir
17197 change size computation of NewArgv for UNICOS
17200 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
17203 treate -*-sysv4* like *-*-svr4
17206 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
17209 fix spacing for --with-authenticate help
17212 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17213 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17214 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17215 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17216 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17217 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17222 fix off by one error in push macro
17225 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
17228 removed bogus alloca hack
17232 added AIX 4.x authenticate() support
17236 include alloca.h if using bison and not gcc and it exists. fixes an
17237 alloca problem on hpux 10.x
17241 mention --with-authenticate
17245 added AIX authenticate() support
17249 add HAVE_AUTHENTICATE
17253 dynamically size ifconf buffer
17260 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17261 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17262 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17263 logging.c, options.h, parse.c, parse.lex, parse.yacc,
17264 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17265 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17273 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
17276 add busy stmp file explanation
17279 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
17282 the name of the cached var that signals whether or not you are cross
17283 compiling changed. It is now ac_cv_prog_cc_cross
17286 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
17289 mention glibc 2.07 is fixed wrt lsearch()\.
17292 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
17294 * sample.sudoers, sudoers.pod:
17295 better example of su but not root su
17298 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
17300 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17301 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17302 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17303 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17304 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17305 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17310 correct regexp for updating version
17314 remove bogus flush of stderr spew prompt before turning off echo.
17315 Seems to fix a weird problem where if sudo complained about a bogus
17316 stamp file the user would sometimes not have a chance to enter a
17321 fix bogus flush of stderr
17325 close fd's <=2 not <=3 and move that chunk of code up
17329 support hpux1[0-9] not just hpux10
17332 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
17335 set sudoers_fp to nil after closing
17338 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
17340 * config.guess, config.sub:
17341 updated from autoconf 2.12
17348 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
17351 fix select usage for high fd's (dynamically allocate readfds)
17355 kill extra whitespace
17359 do an initgroups() before running a command, unless the target user
17363 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
17366 tell people to use tabs, not spaces, in syslog.conf
17369 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
17371 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
17372 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
17376 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
17377 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
17381 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17382 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
17387 more tweaks to update_version
17391 fixed up update_version rule
17399 removed supe of check.c
17410 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17411 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
17412 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17413 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
17414 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
17415 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
17425 add rules to update version stuff in files so I don't need to do it
17430 sudoers_fp is now extern
17434 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
17435 don't have to open it again in the parse. This may help with weird
17436 solaris problems where EAGAIN sometime occurrs.
17440 sudoers file open is now done only in check_sudoers() so we just do
17441 a rewind() instead of an open. May help people on solaris who were
17445 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17448 mention that newer glibc is fixed
17451 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
17454 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
17455 _RLD* instead of _RLD_*
17463 fix that bug for real
17467 document Linux's libc6 brokenness.
17476 [4949a1bbd0a9] [SUDO_1_5_4]
17479 remind people to HUP syslogd
17495 remove author's email addr. people should mail sudo-bugs
17502 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
17503 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
17504 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
17505 logging.c, options.h, parse.c, parse.lex, parse.yacc,
17506 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17507 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
17515 * INSTALL, Makefile.in:
17524 exit(1) if user enters no passwd
17532 commands can start with ./* not just /* -- fixes a serious security
17536 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17539 Don't set the tty variable to NULL when we lack a tty, leave it as
17543 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17546 fix usage of (username) in conjunction with , and !
17550 catch the case where the user is not in the passwd file
17554 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
17559 define tty global to an initial value to avoid dumping core in
17560 logging functions when passwd file is unavailable.
17564 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
17569 talk about problem of ALL
17572 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
17579 fdesc bug is fixed in Open/Net BSD
17583 updates from Nieusma
17586 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17589 move compat.h after the system includes
17592 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17595 save errno from being clobbered by wait(). From Theo
17598 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
17601 fix an occurence of setresuid -> setreuid (typo)
17604 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
17607 check for path to strip
17610 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17613 deal with maxfilelen < 0 case
17620 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
17623 correct error message if mode/owner wrong and not statable by owner
17624 but is statable by root.
17627 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17629 * config.guess, config.sub:
17633 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
17635 * CHANGES, RUNSON, TODO:
17639 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
17641 * parse.yacc, sudo.h:
17642 command_alias -> generic_alias
17643 [c404ca8c510d] [SUDO_1_5_3]
17646 added Runas_Alias example and fixed syntax errors
17649 * OPTIONS, options.h:
17650 updated MAILSUBJECT
17657 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17658 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
17659 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17660 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
17661 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
17662 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
17667 * BUGS, emul/utime.h:
17672 document Runas_Alias
17680 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
17685 add size params to sprintf
17689 allow trailing space after '\\' but before '\n'
17693 off by one error in path size check
17700 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17707 now warns if killed by signal ./
17710 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
17713 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
17718 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
17722 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
17726 Add Runas_Alias and simplify a rule.
17730 always store User_Alias's since they can be used inside of a runas
17731 list. Sigh. Really need a Runas_Alias instead.
17734 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
17737 deal with case where there is no sudoers file
17740 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
17746 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
17748 * HISTORY, testsudoers.c:
17749 developement -> development
17764 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
17767 removed seteuid() notes
17768 [1010a60f281d] [SUDO_1_5_2]
17770 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17773 better seteuid() emulatino
17777 added check for seteuid
17784 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
17787 first stab at sequent support
17791 added HAVE_SYS_SELECT_H
17795 sequent -> _SEQUENT_
17799 added seteuid() macro for DYNIX
17803 _AIX -> HAVE_SYS_SELECT_H
17806 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
17808 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
17809 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
17810 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17814 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
17815 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
17816 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
17817 pathnames.h.in, version.h:
17822 added -H and SUDO_PS1
17826 use SUDO_FUNC_FNMATCH
17830 added SUDO_FUNC_FNMATCH
17838 added MODE_RESET_HOME /
17841 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
17855 * compat.h, config.h.in:
17860 added HAVE_OPIE and changed to *_OTP_*
17867 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
17870 moved fclose() in skey stuff.
17873 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
17876 index -> strchr remove unnecesary stuff
17880 now call skeychallenge() to get challenge instead of making one up
17881 ourselves. this way, we get extra goodies in the prompt.
17884 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
17888 [3f5149357e2a] [SUDO_1_5_1]
17891 allow logins to start with a number (YUCK!)
17894 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
17897 added soalris 2.5 vs 2.4 note
17901 DUNIX doesn't need -lnsl
17905 *** empty log message ***
17908 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
17909 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
17910 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
17911 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
17912 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
17913 utime.c, version.h, visudo.c:
17917 * PORTING, README, RUNSON:
17921 * INSTALL, Makefile.in, TROUBLESHOOTING:
17926 *** empty log message ***
17929 * sudo.pod, visudo.pod:
17933 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
17939 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
17942 added $SUDO_PROMPT support
17945 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
17948 print long skey challemged to stderr, not stdout
17951 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
17961 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
17967 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
17970 use shost, not host for tgetpass
17974 documented %u and %h
17978 documented %u and %h
17985 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17986 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17987 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17988 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17989 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17990 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
17998 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
18000 * Makefile.in, configure.in, version.h:
18005 new tgetpass() params
18009 pass use and host to tgetpass
18013 added %u and %h escapes
18016 * OPTIONS, check.c, options.h:
18021 added cray (unicos) support
18024 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
18026 * OPTIONS, options.h, sudo.c:
18027 added SHELL_SETS_HOME
18030 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
18033 added note about "make install"
18037 changed length/size params from int to size_t
18041 now get CSOPS insults as well by default
18045 use csops insults too by default
18048 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
18053 added runas_homedir
18069 added "upgrading" notes
18072 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
18075 now do chmod and chown after edit of temp file and before rename
18076 [de174e34faa7] [SUDO_1_5_0]
18078 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
18081 ++version added INSTALL.configure
18084 * configure.in, version.h:
18089 *** empty log message ***
18097 sets $HOME to pw_dir of runas user
18101 document $HOME change
18104 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
18107 fixed up some wording
18110 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
18111 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
18112 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
18117 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
18118 insults.h, options.h, pathnames.h.in, sudo.h:
18127 name nad type changes
18131 now works with new sudo
18139 some variable name changes + comment headers for functions.
18143 added extra paren's to make compilers happy
18147 *** empty log message ***
18151 now uses init_parser() if not in sudoers and tries "list" or
18152 "validate" scold but don't be nasty.
18156 now can use upper case login names
18160 now uses init_parser()
18168 added info about PASSWORD_TIMEOUT
18171 * INSTALL.configure:
18180 now dynamically allocates memory for the stacks -- no more
18185 -l now explands command aliases
18189 hacks to expand command aliases for `sudo -l'
18193 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
18197 added struct command_alias
18205 in compar() key should be first arg
18208 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
18215 can now deal with upcase HOST and USER names
18219 don't yell too loudly at non-sudoers if they do "sudo -l"
18230 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
18232 * parse.c, parse.yacc:
18233 added support for new `sudo -l' stuff
18237 now uses list_matches()
18241 added struct sudo_match
18245 now more -lgnumalloc
18248 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
18251 added more paths for chown and whoami
18254 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
18260 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
18263 fixed DUNIX check for shadow pw
18267 now only turn off echo if it is already on. this fixes a race when
18268 you use sudo in a pipelin
18276 changed "test -z $foo && do_this" to if; then construct
18279 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
18282 added missing defines of SHADOW_TYPE
18285 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
18288 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
18293 added AUTH_CRYPT_C1CRYPT support
18297 no longer return VALIDATE_NOT_OK if there was a runas that didn't
18298 match. Now we can have runas stuff on more than one line.
18301 * getspwuid.c, sudo.c, tgetpass.c:
18302 use SHADOW_TYPE instead of HAVE_C2_SECURITY
18306 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
18311 removed HAVE_C2_SECURITY added SPW_BSD
18315 use SHADOW_TYPE instead of HAVE_C2_SECURITY
18319 SHADOW_TYPE is always defined so just against its value
18323 added SUDO_CHECK_SHADOW_DUNIX
18326 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
18329 * -> ?* in one example added another instance of (runas) and one of
18333 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
18336 added back check for config.cache from other host type
18340 removed an instance of \"
18348 updated wrt new wildcard matching
18352 new check for shadow passwords if we don't know anything
18356 new SUDO_CHECK_SHADOW_GENERIC
18360 added back check for -lsocket (oops)
18364 better (working) check for shadow passwd type if we know to use C2.
18368 now uses AC_CANONICAL_HOST to figure out os type
18372 added config.{guess,sub}
18376 removed unused stuff to figure out os type
18392 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
18393 pathname. need to check against sudoers_args even if user_args is
18398 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
18399 pathname need to check against sudoers_args even if user_args is nil
18402 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
18405 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
18409 now takes command line args and uses cmnd_args
18413 fill_args was adding an extra leading space
18416 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
18419 fixed dummy command_matches()
18431 now uses flat args string
18434 * parse.c, parse.lex:
18435 now uses flat arg string
18439 added cmnd_args def
18443 now sets cmnd_args global
18447 cmnd_args is now exported from sudo.[ch]
18450 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
18453 can't rely on cmnd_matches as much as I thought -- added some $$
18454 stuff back in to prevent namespace pollution problems.
18458 Simplified parse rules wrt runas and NOPASSWD (more consistent).
18461 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
18464 NOPASSWD may now have blanks before the ':' '(' only starts a
18465 'runas' if in the initial state to avoid collision with command args
18469 added checks for specific shadow passwd schemes
18473 added routines to check for specific shadow passwd types
18476 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
18479 added support for ncr boxen
18483 added support for detecting ncr boxen
18486 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
18489 added sinix support
18492 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
18495 added info about "config.cache from other other" error.
18499 now makes sure you don't have a config.cache file from another OS
18503 now sets $LIBS when needed to configure links with libs when doing
18504 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
18505 bigcrypt(3) if SPW_SECUREWARE
18513 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
18521 no more SPW_HPUX10 added HAVE_BIGCRYPT
18525 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
18529 SPW_SECUREWARE now uses bigcrypt
18532 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
18535 fixed 2 syntax errors
18539 root may now run ALL as ALL
18542 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
18545 fixed a typo/thinko that broke BSD's with sa_len
18548 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
18550 * check.c, configure.in:
18551 updated AFS support
18555 added entry about /usr/ucb/cc
18559 prep no longer holds gcc binaries
18571 AFS allows long passwords
18575 fixed -u user support
18579 sudo -v now groks VALIDATE_OK_NOPASS
18583 fixed no_passwd vs. runas_matched
18587 took out stuff about NFS-mounting since it is no longer an issue
18591 added --with-libraries > --with-libpath --with-incpath
18595 was setting runas_matches to -1 in wrong place
18599 removed usersec.h which is not present in new AFS versions
18603 now deals with timeout <= 0
18611 BSD/OS >= 2.0 now uses shlicc instead of just gcc
18615 fixed backwards compatibility with sudo 1.4 sudoers mode for root
18616 readable/writable filesystems
18620 now gives INSTALL -c flag
18624 slightly simpler initialization of no_passwd and runas_matches
18628 added -u username support
18632 improved --with-libraries support
18635 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
18638 added --with-incpath, --with-libpath, --with-libraries
18642 now initializes some fields that weren't getting set to -1 pretty
18643 gross -- need a rewrite.
18646 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
18653 no longer add -lPW to *_LIBS since we include alloca.c
18657 added HAVE_ALLOCA_H
18672 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
18675 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
18676 not always set to a valid uid.
18680 fixed entry for SUDO_MODE
18684 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
18685 being set to -2. Now beat NFS to the punch and set uid to "nobody"
18686 ourselves, preserving group 0 to read sudoers.
18690 moved set_perms(PERM_ROOT) to be before yyparse()
18698 no longer need AC_PROG_INSTALL
18702 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
18706 make clean -> make distclean
18709 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
18712 removed some unnecsary if's
18715 * Makefile.in, version.h:
18719 * parse.c, testsudoers.c:
18720 now includes netgroup.h
18724 removed cats of ioctl to int since they didn't shut up -Wall
18728 explicately cast ioctl() to int since it it not always declared
18732 added declarations for yyparse() and yylex()
18736 fixed an occurence of '==' -> '='
18739 * config.h.in, configure.in:
18740 added check for netgroup.h
18744 fixed 2 compiler warnings
18748 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
18752 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
18758 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
18761 fixed a formatting thingie
18764 * parse.c, parse.yacc:
18765 fixed -u support with multiple user lists on a line
18769 unixware needs -lgen
18773 updated ftp location
18777 add net_addr/netmask support
18781 added net_addr/mask example
18784 * parse.c, parse.lex:
18785 added support for net_addr/netmask
18788 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
18794 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
18804 * BUGS, TODO, TROUBLESHOOTING:
18809 updated with examples of new stuff
18817 updated wrt -u and NOPASSWD
18821 updated wrt -u and CAVEATS
18824 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18831 now use :foo: character classes (makes no diff for generated lexer)
18834 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
18837 fixed LONG_SKEY_PROMPT stuff
18840 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
18847 make more like NetBSD one -- now compiles w/o warnings
18851 fixed decls of lsearch()
18854 * config.h.in, configure.in, getspwuid.c:
18859 hpux 10 uses bigcrypt() if C2
18862 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
18865 now always uses fnmatch to match args
18869 back to using stdio instead of raw i/o since that caused some
18873 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
18876 now give usage warning if use -l,-v,-k with args
18879 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
18882 NewArgc is now set to 1 for -l, -v, -k
18886 now sets sudoers to correct group if mode is 0400
18890 updated to version used by inn and bind
18894 now uses -lgnumalloc if it exists
18898 "make install" now sets uid/gid and mode on sudoers if it exists
18902 rmeoved debugging statements
18906 added a missing free()
18910 now uses user_gid instead of getegid (which was wrong anyway) to set
18911 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
18912 (logging.c depends on args being in the environment)
18916 now uses SUDO_COMMAND envariable to get command args rather than
18917 building it up again.
18925 fixed off by one error in allocation NewArgv
18929 in sudoers, 'command ""' now means command with no args
18933 added check for fnmatch(3) and fnmatch.h
18941 replaced wildcat.* with fnmatch.*
18948 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
18951 now uses fnmatch() instead of wildmat a trailing star (*) by itself
18952 now matches multiple args added support for wildcards in the
18953 pathname in sudoers
18956 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
18959 now includes compat.h and config.h
18963 added HAVE_FNMATCH_H
18967 now checks for alloca() (if needed by bison or dce) and links with
18968 -lPW if it contains alloca() and libv and compiler do not.
18971 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
18975 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
18978 now fixes mode on sudoers if set to 0400 to aid in upgrade
18981 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
18984 fixed pod2man usage
18987 * Makefile.in, configure.in, version.h:
18991 * testsudoers.c, visudo.c:
18992 runas_user is now initialized to "root"
18996 removed PERM_FULL_ROOT
19000 runas_user defaults to "root" so no more need to PERM_RUNAS
19004 will now only running commands as root if there was no runas list
19005 (or if root is in the runas list)
19013 runas_matches is now set to false if we get a negative match
19017 make #uid work + some minor cleanup
19021 added support for NOPASSWD and "runas" from garp@opustel.com /
19025 added support for "runas" from garp@opustel.com replaced
19026 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
19031 added support for "runas" from garp@opustel.com
19035 added support for NO_PASSWD and runas from garp@opustel.com replaced
19036 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
19041 added support for NO_PASSWD and runas from garp@opustel.com replaced
19042 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
19047 added support for NO_PASSWD and runas from garp@opustel.com
19050 * parse.c, parse.lex:
19051 added support for NO_PASSWD and runas from garp@opustel.com
19055 added support for SUDOERS_WRONG_MODE and "runas"
19059 added --with-CC only link with -lshadow on linux (with shadow pw) if
19060 libc lacks getspnam()
19063 * OPTIONS, options.h:
19064 removed NO_PASSWD since it is not possible to do this in the sudoers
19065 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
19066 SUDOERS_GID. Added SUDOERS_MODE.
19070 now uses SUDOERS_UID and SUDOERS_GID
19073 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
19079 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
19082 added double quote support
19086 documented double quoting
19089 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
19096 fixed some indentation
19104 added install-dirs .
19107 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
19110 new version from "Jeff A. Earickson" <jaearick@colby.edu>
19113 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
19116 $CSOPS -> $with_csops (whoops, missed one)
19124 FQHOST now has same constraints as non-FQHOST
19128 added note about OS's w/ shadow passwords turned on by default
19131 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
19138 added support for --without-THING sanitized shadow pw situtation by
19144 fixed a typo wrt placement of an end paren
19148 was closing an fd that may not have been opened
19151 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
19153 * OPTIONS, options.h, sudo.c:
19157 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
19160 now always use shadow pw on some arches
19163 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
19166 added pyramid support
19170 no longer check for C2 if alternate passwd method is used no longer
19171 check for some libs twice
19175 moved fqdn stuff into parse.lex (FQHOST)
19183 now define TCSASOFT in necesary
19187 now uses read/write instead of stdio string goop to avoid problems
19191 * OPTIONS, find_path.c, options.h:
19192 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
19195 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
19198 added note about no shadow auto-detect if using alternate auth
19203 don't check for C2 if AFS or DCE (unless they said --with-C2)
19210 * OPTIONS, find_path.c, options.h:
19214 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
19217 checkdot now works correctly
19220 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19223 can't have DCE and C2 passwords both...
19226 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
19228 * parse.yacc, sudo.c, sudo.h, visudo.c:
19229 now uses shost even if not FQDN
19233 now looks for skey in /usr/lib and doesn't require libskey to be in
19234 /usr/local/lib just because skey.h is (for my netbsd box :-)
19237 * aclocal.m4, config.h.in, pathnames.h.in:
19238 _SUDO_PATH_ -> _CONFIG_PATH_
19241 * aclocal.m4, sudo.pod:
19242 /var/run/.odus -> /var/run/sudo
19246 now uses _SUDO_PATH_TIMEDIR
19253 * aclocal.m4, configure.in:
19258 added _SUDO_PATH_TIMEDIR
19262 updated wrt /var/run/sudo
19266 added support for shost if FQDN
19269 * parse.yacc, visudo.c:
19270 now uses shost if FQDN
19274 Now use skeylookup() instead off skeychallenge()
19277 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
19280 mail_argv should not contain ALERTMAIL as it includes "-t"
19283 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
19285 * INSTALL, Makefile.in, README, configure.in, version.h:
19290 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
19294 now includes limits.h moved _PASSWD_LEN -> compat.h
19297 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19315 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
19322 done for 1.4.1 (I hope)
19326 added info on wildcards
19330 added wildcard example
19334 now uses *.pod to build *.man and *.cat & *.html
19338 addedSUDO_PROG_BSHELL !ll
19342 fixed up some formatting
19346 redid section describing sample sudoers stuff
19350 fixed some formatting
19354 now treats "" as bourne shell
19358 TESTOBJS nwo includes wildmat.o
19362 now works with NewArg[cv]
19366 removed an XXX (fixed it in getspwuid.c)
19370 added check for bourne shell
19378 added _SUDO_PATH_BSHELL
19381 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19384 unixware vi returns 256 instead of 0
19392 fixed up some XXX's. file log format now looks a little more like
19393 real syslog(3) format.
19396 * README, TROUBLESHOOTING:
19397 updated wrt lex/flex
19401 commented out rule to build lex.yy.c from parse.lex since we ship
19402 with a pre-flex'd parser
19405 * parse.c, parse.yacc, visudo.c:
19406 path_matches -> command_matches
19410 eliminated some strcat()'s
19414 no longer checks for lex/flex (now assumes flex)
19418 now checks for $kerb_dir_candidate/krb.h instead of just
19422 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
19425 now use a 'hook' expression instead of an iffy one :-)
19428 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
19431 now works with new sudo arg stuff
19435 fixed dereferencing deadbeef
19439 changed an occurrence of Argv to NewArgv
19443 took out support for quoted commands since there is no need...
19447 fixed a typo in a for() loop
19451 protected against dereferencing rogue pointers
19455 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
19456 also allows us to eliminate some kludges in parse_args() and
19457 eliminate superfluous code.
19461 no longer uses cmnd_args, now uses NewArgv instead.
19465 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
19470 added wildmat.c to SRCS & SUDOBJS
19474 COMMAND is now a struct containing the path and args
19478 replaced append() with fill_cmnd() and fill_args. command args from
19479 a sudoers entry are now stored in an arrary for easy matching.
19483 command line args from sudoers file are now in an array like ones
19484 passed in from the command line
19487 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
19490 wildwat stuff now works
19493 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
19500 ++version added wildmat.*
19503 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
19506 added support for quoted commands (w/ or w/o args)
19509 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
19511 * sudo.pod, visudo.pod:
19512 cleaned up formatting
19515 * sudo.pod, visudo.pod:
19519 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19522 looks reasonable, could be mroe readable
19529 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19536 updated NO_ROOT_SUDO entry
19539 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19542 *** empty log message ***
19543 [5b63de579ff7] [SUDO_1_4_0]
19554 AIX aixcrypt.exp now uses $(srcdir)
19558 added entry for anal ansi compilers
19561 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19564 added info on libcrypt_i for SCO
19568 *** empty log message ***
19583 * INSTALL, OPTIONS, README, config.h.in, configure.in:
19588 ++version and fixed ISC
19591 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
19592 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
19593 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
19594 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19600 added STUB_LOAD_INTERFACES ++version
19603 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
19609 added info about fd_set in tgetpass added info on interfaces.c
19612 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
19623 tgetpass.o is now only linked in with sudo (not visudo)
19626 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19628 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
19634 added copyright notice
19637 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
19638 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
19639 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
19640 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
19641 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
19646 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
19650 ISC now gets -lcrypt now check for sys/bsdtypes.h
19654 added check for sys/bsdtypes.h
19657 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19660 removed debugging stuff (setting freed ptr to NULL)
19672 added section on syslog
19676 added AC_ISC_POSIX for better ISC support
19684 added define for _POSIX_SOURCE
19687 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
19690 fixed check for lsearch()
19693 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
19696 fixed for AIX now deal if num_interfaces == 0 (should not happen)
19699 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
19702 now only define HAVE_LSEARCH if there is a corresponding search.h
19709 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
19712 now define HAVE_LSEARCH if we find lsearch() in libcompat
19716 char * -> const char *
19720 now looks in -lcompat for lsearch()
19724 remove sudo.core visudo.core for clan target
19728 added UID_MAX support in check for MAX_UID_T_LEN
19732 fixed another occurence of sudo_getpwuid.*
19735 * Makefile.in, getspwuid.c:
19736 sudo_getpwuid.c -> getspwuid.c
19743 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
19744 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
19745 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
19746 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
19747 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
19748 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19749 version.h, visudo.c:
19754 added group support
19762 documented group support
19765 * parse.c, parse.lex, parse.yacc, visudo.c:
19766 added group support
19769 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
19772 tkfile was too short and overflowed the kerberos realm
19775 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
19778 now copy command args directly from Argv
19782 replaced code to copy cmnd_args so that is does not use realloc
19783 since most realloc()'s really stink
19786 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
19789 syslog() fixed in hpux 10.01
19792 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
19795 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
19799 better error if cannot find skey incs or libs
19803 now use a temp file for determining max len of uid_t in string form.
19804 the old hacky way broke on netbsd
19808 added set of parens and a space
19811 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
19814 fixes from Jeff Earickson <jaearick@colby.edu> ,
19822 fixed up testsudoers target
19826 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
19827 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
19831 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
19835 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19838 fix for C2 on hpux 10 now uses -linet if it exists
19842 LONG_SKEY_PROMPT is less of a klusge /
19846 fixed typos w/ dce stuff
19853 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19856 amended section on combining authentication mechanisms
19860 minor updates for 1.3.6
19864 added 2 more entries
19876 rewrote for sudo 1.3.6
19883 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19885 * find_path.c, getspwuid.c, sudo.c:
19886 added explict casts for strdup since many includes don't prototype
19891 removed prototype for sudo_getpwuid() since convex C compiler choked
19896 added prototype for sudo_getpwuid()
19900 now compiles on strict ANSI compilers
19904 added LONG_SKEY_PROMPT support
19908 added extra $'s for make to eat up, yum.
19911 * OPTIONS, options.h:
19912 added LONG_SKEY_PROMPT
19915 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19918 s/key support now works with normal s/key as well as logdaemon
19921 * OPTIONS, options.h:
19926 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
19930 added DCE note added more AIX notes
19934 now include pthread.h for DCE support
19938 dce_pwent() is ok after all .,
19942 now uses SYSLOG() macro that equates to either syslog() or
19947 minor formatting changes. renamed check() to somthing less generic
19950 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
19952 now uses user_pw_ent and simple macros to get at the contents
19955 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19958 simpler dec unix C2 support
19962 now sets crypt_type for DEC unix C2
19965 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
19968 added csops paths for skey
19972 now includes string.h for strdup() prototype
19980 now includes skey.h
19988 moved a lot of the shadow passwd crap to sudo_getpwuid()
19992 now uses sudo_pw_ent
19996 now uses sudo_pw_ent
20000 now sets sudo_pw_ent
20008 moved dce stuff into compat.h
20011 * logging.c, sudo.h:
20012 now uses sudo_pw_ent
20016 added sudo_getpwuid.c
20024 now uses sudo_pw_ent
20027 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
20030 fixed exempt_group stuff for OS's that don't put base gid in group
20035 S/Key support now works with sunos4 shadow passwords
20042 * config.h.in, configure.in:
20051 first stab at dce support
20055 now smells like sudo
20063 skey'd sudo now works w/ normal password as well
20066 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
20068 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
20069 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
20070 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
20071 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
20072 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
20073 version.h, visudo.c:
20074 updated version number
20078 updated to reflect version change
20082 --with options now line up ++version
20086 removed unecesary S/Key stuff
20090 fixed S/Key support
20094 -I stuff now goes in CPPFLAGS
20106 fixed description of EXEMPTGROUP
20110 more people use _RLD_ than just alphas...
20114 replaced $man_prefix with $mandir
20122 now use more GNU'ish dir names
20126 now set *dir correctly (can override from command line)
20130 now deal with situations where we getwd() fails
20133 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
20136 added etc_dir, bin_dir, sbin_dir
20144 now ship a flex-generated lex.yy.c
20148 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
20152 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
20156 no more error for redefining SUDOERS_OWNER
20160 expanded SUDOERS_OWNER section
20163 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
20166 now warn if chown(2) failed
20170 better default warning for NO_SUDOERS_FILE
20174 added missing set_perms() no more cryptic message if the sudoers
20175 file is zero length, now just give a parse error
20179 better diagnostics if NO_SUDOERS_FILE
20183 check_sudoers() now catches sudoers files that are not readable (but
20187 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
20190 now add -D__STDC__ for convex cc (not gcc)
20194 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
20198 now uses exec_prefix & prefix from configure
20201 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
20202 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
20204 options.h is now <> instead of "" so shadow build trees can have a
20205 custom copy of options.h
20209 user_is_exempt() is no longer a hack, it now uses getgrnam()
20213 EXEMPTGROUP is now "sudo"
20217 MAN_POSTINSTALL now contains a leading space
20221 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
20222 testsudoers in clean:
20226 includes pwd.h to get _PASSWD_LEN definition
20229 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
20232 unset the KRB_CONF envariable if using kerberos so we don't get
20233 spoofed into using a bogus server
20236 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
20239 now explicately initialize match[] tp be FALSE
20242 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
20245 removed unused variable now passes -Wall
20249 yyerror and dumpaliases are now void's now passes -Wall
20253 added prototype for yyerror
20256 * check.c, logging.c, parse.c:
20261 rmeoved unused cruft now passes -Wall
20265 fixed headers that moved to emul dir
20269 fixed deref of nil pointer if no args
20272 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
20275 added a caveat to FQDN section
20278 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
20281 more $srcdir support for install targets
20284 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
20285 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
20286 don't include malloc.h if we include stdlib.h
20290 local search.h now lives in emul
20293 * check.c, utime.c:
20294 local utime.h now lives in emul dir
20298 local search.h now lives in emul
20302 added support for building in other than the sourcedir
20305 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
20308 annotated CSOPS_INSULTS option
20312 updated shadow passwords blurb
20316 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
20317 passes along foo as the arguments
20320 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
20323 collapsed pathname and dir sections into one -- its now less
20328 fixed spacing quoting [,:\\=] now works correctly append() and
20329 fill() now take args to make the above work
20333 fixed a typo that caused commands with no tty on fd 0 but a tty on
20334 fd 1 to erroneously have "none" as their tty
20337 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
20340 timestampfile is now a global static removed decl of timestampfile
20341 in remove_timestamp since we can just use the global one
20345 created touch() to update timestamps added USE_TTY_TICKETS support
20350 added _S_IFDIR and S_ISDIR
20353 * OPTIONS, options.h:
20354 added USE_TTY_TICKETS
20358 removed const from casts for lsearch() & lfind() to placate irix 4.x
20362 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
20365 now only strip '/dev/' off of a tty if it starts with '/dev/'
20373 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
20378 fixed incorrect #ifdef termio uses "unsigned short" not int for
20382 * parse.lex, parse.yacc:
20383 fixed a spelling error
20390 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
20397 added dotcat() to cat 2 strings w/ a dot effeciently now that we
20398 dynamically allocate strings they need to be free()'d
20402 dynamically allocates space for strings
20406 no more MAXCOMMANDLENGTH
20413 * logging.c, sudo.c:
20414 moved tty stuff into sudo.c
20417 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
20420 fixed a logic bug. Was denying a command if user gave command line
20421 args but there were none in the sudoers file which is wrong.
20425 MAXCOMMMANDLEN dropped down to 1K
20429 return foo; -> return(foo);
20433 fixed netgr_matches() prototype
20437 added support for escaping "termination" characters
20441 buf is now of size MAXPATHLEN+1 since it never holds command args
20449 fixed negation problem (doh!)
20453 fixed 2nd parameter to lfind()
20457 now do bounds checking in fill() and append()
20461 include netdb.h as we should added a missing void cast added
20462 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
20463 realloc actually moved the string instead of shrinking it
20467 updated with examples of new features
20471 now set errno to EACCES if not a regular file or not executable
20475 if given a fully-qualified or relative path we now check it with
20476 sudo_goodpath() and error out with the appropriate error message if
20477 the file does not exist or is not executable
20480 * emul/search.h, lsearch.c:
20481 now use correct args for lfind
20489 added in CSOps insults
20501 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
20505 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
20509 fixed -k load_interfaces() now gets called if FQDN is set
20510 -p now works with -s
20514 don't try to stat() "pseudo commands" like "validate"
20518 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
20522 added SecurID support added other insults to --with-csops
20530 added clobber target added ins_csops.h now gets CFLAGS from
20535 relaxed SUDO_FULL_VOID
20539 function comment blocks are now in same style as rest of code
20543 added support for command line args in /etc/sudoers
20547 updated to have command args in the sudoers file
20551 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
20554 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20557 PATH renamed to COMMAND
20561 it is now a parse error for directories to have args attached to
20566 now say command args if telling user to buzz off
20570 -s no longer indicates end of args sped up loading on cmnd_args in
20575 removed an unreachable statement
20579 made more efficient by pulling out the terminators when in GOTCMND
20580 state and making them their own rule
20583 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
20586 removed MAXLOGLEN since it is no longer used
20590 now allows command args
20594 now groks command arguments
20598 now sets tty correctly when piped input
20602 fixed loading of cmnd_args (was including command name too)
20606 fixed a core dump due to incorrect if construct
20609 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
20612 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
20616 fixed check for ISC
20620 now sets cmnd_args used by log_error() and that will be used by the
20621 parse to check against command args
20629 now dynamically allocate logline since we can guess at its size
20632 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20635 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
20636 "register" since the compiler knows more than I do now do a
20637 "basename" of the tty
20640 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20647 added shell extern changed MODE_* to be bit masks to allow for
20648 several options together
20652 added -s (shell) option made MODE_* masks so we can do bitwise & and
20653 | to see if multiple flags are set.
20657 added securid support
20660 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
20663 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
20666 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
20668 * Makefile.in, version.h:
20672 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
20675 fixed free() of an uninitialized pointer (yuck)
20679 added netgr_matches
20683 cleaned up netgr_matches
20686 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
20692 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
20695 now installs sudoers.man -- really should clean this up though.
20699 added sudoers.cat and sudoers.man
20703 pulled out stuff on the sudoers file format into a separate man page
20711 fixed up my email address
20715 added checks for innetgr and getdomainname
20719 added dummy netgr_matches function
20723 added netgr_matches
20726 * parse.lex, parse.yacc:
20727 added NETGROUP support
20731 added HAVE_INNETGR & HAVE_GETDOMAINNAME
20734 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
20737 rewrote clean_env() that has rm_env() builtin
20740 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
20743 now cast uid to long in sprintf
20747 added _INSULTS suffix to HAL & GOONS end
20751 added _INSULTS suffix to HAL & GOONS
20754 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
20755 converted to new scheme of insult "unions" end
20759 now uses MAX_UID_T_LEN
20763 added SUDO_UID_T_LEN !l
20767 added MAX_UID_T_LEN
20771 now use MAX_UID_T_LEN
20775 added check for max len of uid_t fixed sco vs. isc check
20778 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
20789 hack to check for sco
20793 removed #include <net/route.h> since it was hosing some OS's
20796 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
20799 fixed prreadlink() prototype
20803 added parens in #if's
20811 moved SPW_* to config.h.in
20815 added a set of parens
20823 added SPW_* reordered error codes
20827 moved SPW_* to sudo.h
20830 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
20833 SPW_AUTH -> SPW_SECUREWARE
20837 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
20845 SPW_AUTH -> SPW_SECUREWARE
20849 now uses SHADOW_TYPE to make shadow pw support more readable and
20850 modular. It's a start...
20854 added autodetection of shadow passwords
20858 now uses SHADOW_TYPE define
20862 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
20866 added SUDO_CHECK_SHADOW
20869 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
20872 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
20873 memmove() since we dno longer use it...
20881 added BROKEN_SYSLOG support
20885 added BROKEN_SYSLOG
20889 now only bitch it timestamp > time_now + 2 * timeout to allow for a
20890 machine udpating its time from a server
20894 added 2 security notes updated Nieusma's email addr
20898 changed a memmove() to memcpy() since we don't have to worry about
20899 overlapping segments.
20902 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20905 cleanup up the loop when interfaces are groped in so that it is
20909 * Makefile.in, version.h:
20913 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
20919 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
20922 fixed permissions check on /tmp/.odus
20925 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
20928 fixed some comments
20932 now checks owner & mode of timedir also checks for bogus dates on
20937 updated TIMEOUT info
20940 * logging.c, sudo.h:
20941 added BAD_STAMPDIR and BAD_STAMPFILE
20945 added definition of S_IRWXU
20952 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
20955 added #ifdef to make it compile on strange arches
20958 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
20961 fixed check for fulkl void impl.
20965 added mssing "static"
20969 replaced #elif with #else #if constructs for ancient C compilers
20973 updated irix c2 & kerb5 info
20977 added shadow pw support for irix
20980 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
20987 last changes for sudo 1.3.3
20991 now calls SUDO_SOCK_SA_LEN
20999 added SUDO_SOCK_SA_LEN
21003 now works with ip implementations that use sa_len in sockaddr
21007 added note about buggy AIX compiler
21011 now include sys/time.h for AIX
21014 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
21021 now works for ISC and others. yay.
21024 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
21026 * Makefile.in, version.h:
21030 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
21033 fixed test for full void impl
21037 now check to see that st_dev is non-zero before assuming that we are
21041 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
21043 * aclocal.m4, configure.in:
21044 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
21047 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
21050 fixed include file order for SUDO_FUNC_UTIME_POSIX
21054 added cast for ttyname()
21062 now deal correctly with all known variation of utime() -- yippe
21066 added SUDO_FUNC_UTIME_POSIX
21070 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
21074 added HAVE_UTIME_POSIX
21082 no longer assume !HAVE_UTIME_NULL means old BSD utime()
21086 fixed fascist C compiler warning
21090 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
21091 to 0 (just to be anal)
21094 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
21097 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
21105 reworked the ISC code
21108 * Makefile.in, version.h:
21113 now expect old-style utime(3) if utime() can't take NULL as an arg
21117 added check for utime.h
21125 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
21129 now search for kerb libs and includes
21133 added support for utime(2)'s that can't take a NULL parameter
21137 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
21141 added utime(s) stuff
21149 added HAVE_UTIME and HAVE_UTIME_NULL
21152 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
21155 now use HAVE_UTIME_NULL
21158 * emul/utime.h, utime.c:
21163 need to setuid(0) to make kerb4 stuff work.
21167 no more special case for kerberos
21171 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
21176 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
21181 now use private ticket file for kerberos support to avoid trouncing
21185 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
21188 added SPOOF_ATTEMPT & cmnd_st
21192 added anti-spoofing support
21196 now use global cmnd_st
21200 added SPOOF_ATTEMPT suypport
21203 * testsudoers.c, visudo.c:
21204 added void casts where appropriate
21208 fixed up spacing and added void casts where appropriate
21212 fixed problem with "-p prompt" but no args
21215 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
21218 added BUGS and annotated -l description
21222 validate() now takes a flag
21226 validate() now takes a flag added -l
21230 added support for -l
21234 validate() now takes a flag that says whether or not to check the
21238 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
21241 now deals with Argv == 1
21249 added prompt support reworked parse_args()
21261 now use BUFSIZ as length of kerb password added kpass so pass is
21262 always a char * now use prompt global when asking for a password
21266 now use BUFSIZ as _PASSWD_LEN if using kerberos
21273 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
21276 only look for -lufc or -lcrypt if crypt() not in libc
21280 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
21281 (unknown user) silently fail
21289 HAVE_KERBEROS -> HAVE_KERB4
21293 removed debugging printf
21297 KERBEROS -> KERB4 added checks for setreuid & setresuid
21301 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
21305 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
21306 with setresuid if applic
21310 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
21311 no setreuid() or a broken one
21314 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
21317 added kerberos support
21321 added HAVE_KERBEROS
21325 added KERBEROS support (long passwords)
21329 added kerberos support
21332 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
21335 added MODE_BACKGROUND
21339 escaped dashes added -b option
21347 added crypt() for osf/1 3.x enhanced secuiry
21351 now check for -lcrypt
21355 added ENXIO like EADDRNOTAVAIL
21358 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
21361 now emulate getwd(), not getcwd()
21365 getcwd() -> getwd()
21372 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
21374 * ins_2001.h, ins_classic.h, ins_goons.h:
21379 broke out insults into separate include files
21382 * OPTIONS, options.h:
21387 added ins_2001.h ins_classic.h ins_goons.h
21390 * Makefile.in, version.h:
21395 moved signal handler setup to setup_signals()
21399 added load_interfaces()
21403 moved load_interfaces to interfaces.c
21410 * OPTIONS, options.h:
21415 now uses clearaliases variable
21423 added interfaces.[co]
21427 now uses ip addrs and netmasks via load_interfaces()
21431 now remove IFS instead of setting to "sane" value
21434 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
21440 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
21443 sudo_goodpath.c-> goodpath.c
21447 added Andy's new ISC changes
21450 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
21453 added a sentence to SECURE_PATH info
21468 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
21474 * Makefile.in, version.h:
21479 sendmail is now looked for in
\17/usr/ucblib
21495 added unixware case
21499 user_is_exempt is no longer hidden
21507 isc and riscos changes
21511 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
21515 fixed a typo and added testsudoers stuff
21522 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
21525 applied fixed patch from Chris
21528 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
21535 added a set of braces for bison
21539 merged in Chris' changes to dekludge the parser.
21543 send_mail() was calling find_path() which is wrong since find_path()
21544 stores cmnd in a static var. Anyhow, it doesn't make much sense
21545 since MAILER should always be fully qualified
21548 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
21551 added User_Alias stuff
21555 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
21559 added DEC UNIX 3.0 w/ gcc
21563 Exit was being used in places where exit should be used
21567 added "User alias specification"
21571 fixed probs caused by making nslots and naliases a size_t
21575 added KSR, upped rev to 1.3.1b2
21578 * logging.c, parse.yacc:
21583 void * -> VOID * naliases and nslots are now size_t to appease
21584 lsearch on 64-bit machines
21587 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
21590 did a bunch of things and added a bunch :-)
21598 closer to BSD manpage style
21602 closer to standard BSD man format
21605 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
21606 pathnames.h.in, sudo.h, version.h:
21611 removed crufty #defines that are no longer used
21619 updated based on sudo changes
21623 now allow ALL keyword in User_Aliases now allow ALL keyword as well
21632 now sets SUDO_COMMAND and SUDO_GID envariables.
21636 fixed bug with full void impl check
21640 fixed User_Alias supoprt
21644 added stubs for User_Alias support
21648 now sets removes # bogus interfaces from num_interfaces
21652 added User_Alias support
21655 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
21658 removed extraneous TODO
21661 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
21664 ntwk_matches -> addr_matches
21668 ntwk_matches -> addr_matches
21672 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
21673 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
21678 took out debugging info
21682 OS was being set to unknown before non-uname based host checks.
21683 This caused no checks to happen since $OS was not zero-length.
21687 fixed loading of interfaces struct still has debugging info in
21695 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
21706 removed extraneous extern decl of "top
21714 removed parser_cleanup (no need for it now)
21718 now calls reset_aliases() directly
21721 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
21724 added a sentence to SECURE_PATH description
21728 fixed my stupid bug where I used NAMLEN on something I wanted to
21729 just get the name from. argh.
21732 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
21735 fixed argument order of memmove() that i hosed when converting from
21740 finally fixed DISTFILES line
21748 added missing files to DISTFILES
21752 SUPPORTED -> RUNSON
21755 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
21762 updated for pl5b1 release
21770 fixed bug where if you hit return at first sudo prompt it would
21771 still log as a failure
21779 better test for bogus void * implementation
21783 added PASSWORDS_NOT_CORRECT
21787 added PASSWORDS_NOT_CORRECT stuff]
21791 added PASSWORDS_NOT_CORRECT
21799 removed some unused vars and fixed up uid2str
21806 * getcwd.c, getwd.c:
21810 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
21813 fixed a typo I introduced in the last checkin :-(
21817 can't have #ifdef's where N is defined so just do this the broken
21822 better hack from Chris (but still a hack)
21826 stupid hack for broken aix lex
21830 now includes compat.h
\ 6
21834 now includes fcntl.h
21838 added FD_SET and FD_ZERO for 4.2BSD
21842 dirty hack to fix parser bug. i don't really like this but it works
21847 uid2str is now static like the prototype says
21850 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
21852 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
21861 check_sudoers now returns an error code and sudo calls inform_user
21862 and log_error based on the return value.
21865 * logging.c, sudo.h:
21866 added entries for new errors
21870 now set uid to that of SUDOERS_OWNER while parsing sudoers file
21874 took out testsudoers
\ 6
21878 now explicately checks that it is setuid root
21882 If a user has no passwd entry sudo would segv (writing to a garbage
21883 pointer). Now allocate space before writing :-)
21887 reordered AC_CHECK_FUNCS
21894 * tgetpass.c, visudo.c:
21899 bzero -> memset when a parse error is logged the line number of the
21900 error is now logged too
21904 added Sunos to blurb about c2 security
21908 added a SUN4 define for C2 security
21912 bcopy -> memmove bzero -> memset
21916 bcopy -> memmove char * -> VOID *
21920 added support for sunos with C2 security
21923 * OPTIONS, options.h:
21928 _PATH_SUDO_LOGFILE now set based on configure
21932 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
21936 added _SUDO_PATH_LOGFILE
21940 added SUDO_LOGFILE to find where to put sudo.log added
21941 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
21942 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
21945 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21952 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
21953 to work around a problem is trusted hpux shadow passwords. yuck.
21957 backed out a change in malloc/realloc
21961 now include stdlib.h
21965 now do an freopen() of the stmp file so that yyin will always point
21966 to the same thing. This is important for flex since we are doing a
21971 replaced yywrap() with parser_cleanup() since yywrap() needs to be
21972 in parse.lex to be able to use YY_NEW_FILE. sigh.
21976 now have a rule that matches anything that doesn't match an
21977 explicite rule. well, you know what i mean (. matches anything not
21978 yet matched). However, this means that there is input still queued
21979 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
21980 into parse.lex and it calls parser_cleanup() which is most of the
21988 * getcwd.c, getwd.c:
21989 moved compat.h to be the last include file
21993 fixed type of aliascmp() args
22001 added casts to lfind and lsearch args for irix
22005 bsdinstall -> install-sh
22009 added info about make realclean
22013 updated VERSION added dependencies for visudo.cat
22025 now there is a real visudo.man and visudo.cat
22029 took out visudo stuff
22036 * parse.c, parse.lex, parse.yacc:
22045 updated Nieusma & Hieb email addresses
22049 updated to include options.h and OPTIONS
22057 eliminated bug #1 (yay)
22061 sunos no longer gets linked statically
22064 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
22067 prototype now uses __P()
22071 make fill() non-ansi
22075 made -v (validate) work
22083 don't check for execute/statable if fq or relative path given
22091 now include ctype.h for islower and tolower macros
22095 moved _S_IFMT & _S_ISREG to compat.h
22099 moved a set of parens
22103 now include compat.h
22111 now cast malloc & realloc return vals added search for HAVE_LSEARCH
22112 now use strcmp if no strcasecmp available
22120 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
22121 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
22125 added _S_IFMT, _S_IFREG, and S_ISREG
22129 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
22130 to most SUDO_* macros
22138 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
22139 AC_INSTALL_PROG instead of custom one added check for fully woorking
22140 void implementation
22144 added lsearch & search.h visudo links into $(LIBOBJS)
22148 partial 1.x to 2.x changes added SUDO_FULL_VOID
22152 whatnow_help was prototyped to be static be was not declared as
22157 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
22158 for dirent/dir/ndir.h
22162 now use groovy gnu autoconf macro AC_HEADER_DIRENT
22165 * getcwd.c, getwd.c:
22166 MAXPATHLEN -> MAXPATHLEN+1
22169 * emul/search.h, lsearch.c:
22173 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
22176 eliminated bison warnings
22184 now iincludes signal.h
22188 only clear data structures on a parse error
22192 whatnow() now gives help on invalid input
22196 added a whatnow() function (sort of like mh)
22200 kill_aliases -> reset_aliases yywrap() now cleans up by calling
22201 reset_aliases() and clearing top took reset stuff out of yyerror()
22202 since it doesn't beling there (and doesn't work anyway). errorlineno
22203 is now initially set to -1 so we can set it to the first error that
22204 occurrs (it was getting set to the last)
22212 rewrote from scratch based on 4.3BSD vipw.c
22215 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
22222 no more sudo_realpath() and find_path() changed params
22226 find_path() changed since no more realpath()
22230 on error, errorlineno is set to the line where the error occurred
22231 added kill_aliases() to free the aliases struct now clean up in
22232 yyerror() so we can reparse cleanly
22235 * options.h, parse.c:
22236 no more USE_REALPATH
22240 changed to use new find_path()
22244 removed all the realpath() stuff
22248 sudo_realpath.c -> sudo_goodpath.c
22252 now works correctly with utk parser
22260 eliminated a compiler warning
22264 elinated compiler warning
22268 added sudo_goodpath()
22272 added prototype for sudo_goodpath
22276 added support for /sys/dir.h
22280 USE_REALPATH turned off
22284 added calls to sudo_goodpath()
22288 added check for dirent.h
22292 added HAVE_DIRENT_H
22296 added in linux shadow pass stuff
\ 6
22299 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
22302 added back host, user, cmnd, parse_error
22306 added in utk changes plus some minor cosmetic changes
22309 * sudo.c, sudo_realpath.c:
22310 added void casts for printf's
22314 added a define of USE_REALPATH
22318 there is no more visudoers/Makefile
22322 added in utk changes (visudo is now built from the toplevel)
22326 added (void) casts to printf's
22329 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
22330 merged in utk changes
22333 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
22336 now check to see that what we are trying to run is a file (or a link
22337 to a file, we do a stat(2) so there is no diff)
22340 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
22347 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
22351 added myself as maintainer
22354 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22357 changed setegid -> setgid
22360 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22363 fixed the test for irix 5.x to skip bad libs
22367 now initialize OS and OSREV
22370 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
22377 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
22381 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
22384 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
22385 thing wrt yyrestart (grrrr)
22388 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22391 added visudoers/compat.h to DISTFILES
22399 added ocmnd declaration adjusted for find_path()'s new parameters
22403 added ocmnd extern adjusted find_path() prototype
22407 cmndcmp() now takes 3 arguments and checks against the qualified as
22408 well as the unqualified pathname. more code that should use
22409 cmndcmp() but did not, now does
22417 changed to use new find_path() parameter passing
22421 find_path() now takes 2 copyout parameters (one for the qualified
22422 pathname and one for the unqualified pathname). The third parameter
22427 no longer munge pathnames.h
22431 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
22432 as a result, pathnames.h does not need to be run through configure
22433 and the user can override the configured values easily.
22437 added _SUDO_PATH_* entries
22441 _PATH* -> _SUDO_PATH_*
22445 updated DISTFILES and HDRS .o's now depend on config.h
22448 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
22451 removed extraneous #endif
22459 added SUDO_PROG_MV added riscos and isc os types took out
22460 -DSHORT_MESSAGE from --with-csops since it is now the default
22464 move the include of id.h to compat.h now includes options.h
22468 moved compatibility #defines to compat.h
22476 move __P to compat.h
22479 * getcwd.c, getwd.c, putenv.c:
22480 now includes compat.h
22487 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
22490 pull user-configurable stuff out and put in options.h
22493 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
22495 * parse.lex, parse.yacc, visudo.c:
22496 now includes options.h
22499 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
22501 now includes options.h
22505 added visudoers/options.h
22508 * OPTIONS, options.h:
22513 added OPTIONS and options.h
22517 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
22521 changed PASSWORD_TIMEOUT to minutes
22524 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
22527 now only do Editor +line_num if line_num != 0
22530 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
22533 now use mv if rename(2) fails
22544 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
22547 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
22550 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
22553 added mips & isc support
22557 added support for non-root owned sudoers file
22561 added exempt group support
22565 added set_perms() support added SUDOERS_OWNER so can have non-root
22566 own sudoers file added exempt group support added isc support
22570 now copy sudoers to temp file via read/write (not stdio) now chown
22571 new sudoers file to SUDOERS_OWNER
22574 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
22585 fixed typo added set_perms support added skey support added
22586 seteuid()/setegid() emulation for AIX
22590 be_* -> setperms() now check to make sure sudoers file is owned by
22591 root nread/write by only root
22594 * logging.c, parse.c:
22599 be_* -> set_perms() added skey support
22602 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
22612 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
22622 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
22628 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
22643 now bail if ARgv[1] > MAXPATHLEN
22647 added function check for tcgetattr(3)
22651 only define HAVE_TERMIOS_H if you have tcgetattr(3)
22655 added check for tcgetattr
22658 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
22664 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
22667 now only include unistd.h for linux
22670 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
22673 added visudo.8 generation
22677 added -Wl,-bI:./aixcrypt.exp to aix flags
22680 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
22691 added mailing list info
22695 now use sudolineno instead of yylineno fixed bison warnings
22699 now use -no_library_replacement for osf don't make a static binary
22704 added string.h/strings.h inclusion
22712 added inclusion of string.h/strings.h
22716 fixed uname | sed (needed to quote the '[')
22720 replaced yylineno with sudolineno fixed bison syntax errors
22724 changed yylineno to sudolineno since yylineno cannot be counted
22733 added code to support command listings
22737 added code for -l flag
22741 fixed typo added info for -l flag
22745 AC_SSIZE_T -> SUDO_SSIZE_T
22760 * find_path.c, sudo_realpath.c:
22761 readlink() is now declared as returning ssize~_t
22765 added -laud for OSF c2
22768 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
22770 * Makefile.in, visudo.c:
22771 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
22774 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
22775 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
22778 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
22779 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
22780 sudo_setenv.c, tgetpass.c, version.h:
22781 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
22784 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
22795 added host to alertmail messages
22803 fixed logging problem where mail would not say which user it was
22807 added -laud for gcc if osf & c2
22811 moved set_auth_parameters to sudo.c
22815 added set_auth_parameters for osf
22819 cleaned up -static stuff
22831 changed setenv() to sudo_setenv()
22847 added osf auth support & removed some extra spaces
22850 * INSTALL, SUPPORTED:
22854 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22857 added 2 suggestions
22861 removed README.v1.3.1 and added VERSION stuff
22868 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
22879 mention HISTPRY file
22883 use sizeof instead of a constant in 1 place
22902 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
22906 [7dfbb4a810bb] [SUDO_1_3_1]
22913 added unistd.h include
22916 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
22919 added sys/time.h for AIX
22922 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
22925 added check for -lsocket and sys/sockio.h
22929 took out libshadow check and added in sys/sockio.h check
22933 now include sockio.h instead of ioctl.h if it exists "sudo -" now
22934 gets a better error message
22938 now has a dir and subnet entry
22941 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
22952 added network and ip addresses to man page
22956 no error if can't get interfaces or netmask since networking may not
22961 nwo check for interfaces == NULL
22965 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
22966 the last entry in the spec failed (ie: it was only looking at the
22967 last entry). CLeaned things up by adding the cmndcmp() function--all
22975 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22978 now do two passes to skip bogus interfaces (lo0, etc)
22981 * parse.lex, parse.yacc, visudo.c:
22982 added include of netinet/in.h
22985 * logging.c, sudo_realpath.c, sudo_setenv.c:
22986 added ninclude of netinet/in.h
22989 * check.c, find_path.c, getcwd.c, getwd.c:
22990 added include of netinet/in.h
22998 added interfaces global
23002 now uses new interfaces global
23006 now ip addresses are gleaned fw/o dns
23009 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
23012 added load_ip_addrs() to load the ip_addrs global var
23016 added hostcmp() to compare hostnames, ip addrs, and network addrs
23020 added ip_addrs def added load_ip_addrs prototype
23023 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
23030 removed multiple entries in DISTFILES
23034 ansified the !STDC_HEADERS decls
23037 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
23038 don't do malloc decl if gnuc
23042 can't use getopt(3) since it munges args to the command to be run as
23043 root don't do malloc decl if gnuc
23046 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
23047 sudo_realpath.c, sudo_setenv.c:
23048 ansi-fied !STDC_HEADER function prottypes
23051 * getcwd.c, getwd.c:
23052 added missing paren
23056 added putenv.c to DISTFILES
23060 added params to func decls when STDC_HEADERS is not defined now can
23061 count on putenv() being there
23065 took out errno decl since sudo.h does it for us fixed up a next cc
23066 warning added params to func decls when STDC_HEADERS is not defined
23070 took out environ extern added local declaratio of putenv() if local
23074 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
23075 added params to func decls when STDC_HEADERS is not defined
23079 added memcpy check check to see that ansi vs bsd macros are ntot
23080 already defiend before defining (ie: avoid redefinition)
23084 removed fluff setenv check plus check w/ replace for putenv if also
23092 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
23099 rm'd s realp[ath added sudo_realpath and sudo_setenv
23103 now use sudo_setenvc
23107 added puteenv and setenv, removed realpath
23111 added putenv & setenv
23122 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
23125 added MAN_POSTINSTALL and /usr/share/catman for irix
23129 added MAN_POSTINSTALL
23137 added SUDO_* plus new options
23145 took out shadow lib
23153 now use yyrestart() if flex now reset yylineno to 0
23157 support for installing a cat page instead of a man page if no nroff
23161 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
23162 to determine whether or not to install a cat or man page
23170 not set ret to MODE_RUN initially
23174 made command (and therefor cmnd dynamically allocated)
23186 changed bufs from MAXPATHLEN to MAXPATHLEN+1
23190 added MODE_ removed validate_only and added remove_timestamp()
23194 usage() now takes an int (exit value) added parse_args() to parse
23195 command line arguments moved call to find_path() from load_globals
23196 to new function load_cmnd() removed validate_only global -- now use
23197 the concept of "modes" added -h and -k options
23201 no longer use global validate_only now checks for command called
23202 "validate" removed check for non-fully qualified commands since that
23203 is done by find_path
23207 changed MAXPATHLEN r to MAXPATHLEN+1
23211 fixed off by one error with MAXPATHLEN and fixed a comment
23215 check_timestamp no longer runs reminder(), it is implied in the
23216 return val added remove_timestamp()
23223 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
23237 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
23240 moved send_mail to after syslog
23244 now set SUDO_ envariables
23247 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23254 now print error if chdir fails
23261 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
23268 no more static binaries for aix
23271 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
23278 took out stuff not needed for sudo now does be_root/be_user itself
23279 now uses cwd global
23286 * logging.c, sudo.c:
23287 be_root/be_user is now down in sudo_realpath()
23290 * logging.c, sudo.h:
23291 now works with 4.2BSD syslog (blech)
23295 now use sudo_realpath()
23299 took out realpth() stuff since we now use sudo_realpath()
23303 ultrix enhanced sec
23307 added ultrix enhanced sec.
23315 ultrix enhanced security suport
23319 added sudo_realpath.c
23327 increased passwd len to 24 for c2 security
23334 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
23337 now use user global var
23344 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
23351 user is now a char * added epasswd
23355 added tzset() to load_globals added epasswd (encrypted password)
23356 global made user dynamically allocated
23368 cleaned up encrypted passwd grab somewhat
23384 can now log to both syslog & a file
23408 removed AFS stuff :-)
23412 include sys/select for AIX
23423 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23425 * CHANGES, SUPPORTED:
23430 can now have MAILER undefined
23434 new sub-note about MAILER
23438 added blurb about password timeout
23446 took out duplicate define of _CONVEX_SOURCE
23458 added a goto if fgets fails
23462 use __hpux not hpux convex c2 stuff
23466 use __hpux not hpux
23474 define ansi-ish cpp os defines if non-ansi are defined for hpux &
23479 updated to say we support sonvex C2
23483 added convex c2 support
23486 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
23489 no more ioctl never returns NULL uses fgets() and select() to
23493 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
23496 things were testing -n "$GCC" instead of -z "$GCC"
23500 now works + uses fgets()
23503 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
23506 select doesn't seem to recognize a single '\n' as input waiting so
23507 we can;t use it, sigh.
23510 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
23513 updated tgetpass() blurb
23517 added --with-getpass
23521 added tgetpass stuff
23532 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
23539 added USE_GETPASS && HAVE_C2_SECURITY
23543 fixed a test aded --with-C2 and --with-tgetpass
23551 took out tgetpass.*
23558 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
23561 no termio(s) for ultrix since it is broken
23565 added a space (yeah, anal)
23568 * realpath.c, sudo_realpath.c:
23569 fixed it (duh, rtfm)
23572 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
23575 took out bsd signal stuff for irix
23583 don't define BSD signals for irix
23594 * realpath.c, sudo_realpath.c:
23595 took out unneeded code by changing where a strings was terminated
23598 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
23600 * realpath.c, sudo_realpath.c:
23601 fix bug where /dirname would return NULL
23605 move __P to config.h
23608 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
23609 added errno definition
23624 * realpath.c, sudo_realpath.c:
23625 now works if no fchdir
23629 define SA_RESETHAND to null if not defined
23633 added check & replace
23637 took out -static for nextstep -- it doesn't work
23640 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
23643 moved #endif to where it belongs
23651 now checks for strdup realpath getcwd bzero
23659 added posic signals
23667 added posix signals
23671 removed BROKEN_GETPASS added new srcs toreplace missing functions
23675 added posix signal stuff
23687 now uses posix signals
23691 updated sto reflect major changes
23699 uses sysconf() if available
23703 added PASSWORD_TIMEOUT + prototypes for new functions
23706 * realpath.c, sudo_realpath.c:
23707 for those w/o this in libc
23710 * getcwd.c, getwd.c:
23715 rewrote to use realpath(3) - nis now all my code
23719 added HAVE_REALPATH
23727 added LIBOBJS use tgetpass.c
23730 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
23744 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
23755 added check for getwd
23759 replace strdup & realpath & getcwd if missing
23767 added SUDO_PROG_PWD
23774 * realpath.c, sudo_realpath.c:
23778 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
23781 quoted quare brackets
23784 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
23787 no need to strdup() a constant
23802 * parse.c, sudo.c, sudo.h:
23803 added validate_only stuff
23806 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
23813 $OSREV is now an int
23816 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
23819 added mtxinu to caser
23827 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
23831 changed mail_argv[] def now use EXEC() macro
23835 took out crypt() definition
23843 always look for -lnsl
23851 SHORT_MESSAGE is now the default
23859 added missing AC_DEFINE(SVR4) for solaris
23863 documented the -v flag
23875 added LIBSHADOW undef
23879 nwo set OS to be lowercase
23882 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
23885 now use SUDO_OSTYPE to set $OS
23889 now use uname to determine os
23893 added prototypes & moved sig handler around
23900 * check.c, logging.c, sudo.c:
23909 nwo use _BSD_SIGNALS not _BSD_COMPAT
23920 * parse.lex, parse.yacc:
23921 moved config.h to top of includes
23924 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
23927 now don't bitch if get EACCESS (treat like EPERM)
23931 added -v flag and usage()
23939 cast Argv to a const for exec added -v flag
23943 mail_argv is now a const
23947 only set RETSIGTYPE if it is not set already
23951 now defines & STDC_HEADERS for Irix
23958 * insults.h, sudo.h:
23959 prevent multiple inclusion
23966 * parse.lex, parse.yacc:
23967 now includes config.h
23971 now talks about sunos 4.x
23975 calls to Exit now pass an arg
23978 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
23981 signal handler now takes an int argument
23989 ok, the getcwd() is now *really* done as the user
23993 changed AIX STATIC_FLAGS
23997 solaris now defines SVR4
24001 added cwd and fixed stupid core dump that makes no sense. sigh.
24005 moved getcwd stuff into load_globals
24009 took out externs that are in suod.h
24013 moved cwd into load_globals
24021 fixed make distclean & realclean
24029 added solaris changes
24033 added solaris changes, need to rework
24037 cleaned up for solaris
24041 reinstall reapchild signal handler for non-bsd signals
24045 took out getdtablesize() emulation for HP-UX (no longer needed)
24049 support for HAVE_SYSCONF
24053 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
24061 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
24064 now tells you what os you are running /.
24071 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
24086 uid seinitialized to -2
24089 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
24092 now removes LIBPATH for AIX
24095 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
24098 now uses ufc if it finds it
24101 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
24104 no longer define yyval & yylval since yacc does it
24108 now defines yylval as extenr
24112 BROKEN_GETPASS is now an OPTION
24116 took out BROKEN_GETPASS
24120 took out big comment
24128 took out README.beta
24136 now reference SUPPORTED .,
24140 now check for convex OR __convex__
24144 now check for convex or __convex__
24156 now use _S_* stat stuff to be ansi-like
24160 updated for configure directions
24164 distclean now removes config.h and pathnames.h
24183 * config.h.in, pathnames.h.in:
24184 added copyright header
24187 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
24188 parse.yacc, sudo.c, sudo.h:
24193 udpated to use configure + pathnames.h
24200 * Makefile.in, config.h.in, configure.in:
24205 now works with configure
24208 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
24209 updated to work with configure + pathnames.h
24216 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
24219 updated gnu general licence to versio 2
24222 * config.h.in, pathnames.h.in:
24227 changed to work with configure
24230 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
24232 * Makefile.in, aclocal.m4, configure.in:
24237 now uses defines used by configure
24240 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
24243 sudo won't bitch about EPERM now, for real
24246 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
24249 renamed exec_argv to eliminate a libc name clash with ksros
24256 * logging.c, sudo.c, sudo.h:
24273 added UMASK and mode_t declaration
24281 now opens log file with mode 077
24285 saved current umask ans restores it
24289 added MAXLOGFILELEN
24293 split long log lines. FOr syslog, split into multiple entries, for
24294 a log file, indent the extra for readability
24297 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
24304 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
24307 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
24310 added input from Brett M Hogden <hogden@rge.com>
24313 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
24316 added rmenv() to remove stuff from environ. can now uses execvp()
24317 OR execve() becuase of this.
24321 now uses execvp() OR execve()
24337 moved some func decls out of sudo.h and into sudo.c as statics /.
24348 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
24354 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
24369 added sample.sudoers note
24376 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
24383 took out SAVED_UID garbage
24384 [b7c2d3469661] [SUDO_1_3_0]
24403 more verbose error if mailer not found
24407 now do getpwent as root for soem shadow password systems (bsdi)
24410 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
24413 took out SAVED_UID garbade
24417 took out SAVED_UID garbage since it don't work
24420 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24427 added a missing space :-)
24431 took out multimax cruft
24443 fixed a typo + indentation
24446 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
24449 took outumoved some defines to the config file ,. ,.
24461 added HAS_SAVED_UID
24468 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24474 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24480 * check.c, logging.c, parse.c, sudo.c, sudo.h:
24481 now is only root when abs necesary
24488 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
24503 now removed _RLD_* for alphas
24507 updated for new config scheme
24511 more verbose eror messages
24514 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
24521 define __svr4__ for SOLARIS
24525 added svr4 junk for shadow pws for solaris 2.x
24529 took out setuid(0) and setreuid(udi) garbage. Its not needed since
24530 we start out setuid with the correct perms.
24533 * check.c, sudo.c, sudo.h:
24537 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
24540 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
24545 now uses ENV_EDITOR if you want to use the EDITOR envar
24549 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
24552 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
24555 rewrote most of this
24559 minor update + spell fix
24563 added all options that are in the Makefile
24567 now use USE_TERMIO #define for sgi & hpux
24574 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
24576 * check.c, find_path.c:
24577 always include strings.h
24585 sgi has vi in /usr/bin too
24592 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
24595 sue /usr/bin/vi on some systems
24599 fixed warning (include strings.h)
24603 added John_Rouillard@dl5000.bc.edu's changes (new features)
24607 changes from John_Rouillard@dl5000.bc.edu
24614 * check.c, find_path.c, parse.c, sudo.c:
24615 added patches from John_Rouillard directory spec
24619 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
24622 added flush for hpux
24625 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
24628 no longer assume malloc returns a char *
24632 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
24633 gets removed correctly
24637 added STD_HEADERS macro
24641 now uses STD_HEADERS macor for ansi
24645 now uses STD_HEADERS macro
24649 niceties for C compiler bitches -- no real change
24652 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
24655 now doesn't fclose a file never opened.
24658 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
24665 added error stuff added me in there...
24673 added blurb about reading stuff
24681 corrected somments and removed newlines
24693 added dec syslog note
24697 added real stuff in there
24708 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
24715 updated with changes
24726 * CHANGES, COPYING, INSTALL, README, TODO:
24731 updated version number and took out jeff's old addr since it is no
24735 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
24737 updated version number and took out jeff's email (since it is
24741 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
24747 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
24750 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
24753 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
24760 now sudo.h gets included first
24763 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
24774 hpux 9 fix, removes SHLIB_PATH linux patch
24781 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
24784 stat now ignores EINVAL
24787 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
24789 * find_path.c, sudo.c:
24790 now declare strdup as extern
24793 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
24796 reformatted with indent + by hand
24799 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
24800 used indent to "fix" coding style
24804 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
24805 move the code that does this into the loop body. makes it messier
24809 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
24812 redid the fix for non-executable files in an easier to read way plus
24813 some minor aethetic changes
24817 fixed bug with non-executable tings of same name in path introduced
24818 by checkig errno after stat(2).
24821 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
24824 fixed off by one error
24828 now handles decending below '/' correctly
24832 now actually builds Envp instead of munging envp
24835 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
24838 now includes sys/param.h
24842 now includes sys/param.h
24846 fixed ifndef -> ifdef
24850 make more like find_path.c
24854 rewritten by millert
24858 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
24859 about new defines in the comment
24867 added delc for clean_envp() and Envp
24871 now rips LD_* env vars out of envp and passed sanitized Envp to exec
24879 ENOTDIR is ok now too (in case part of the path is bogus)
24883 now works correctly (ttaltotal rewrite)
24887 now includes sys/param.h didn't match trailing / -- fix from
24891 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
24894 moved around the #ifndef _AIX
24897 * check.c, logging.c, parse.c:
24901 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
24907 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
24910 now works if you do sudo bin/test
24917 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
24927 * parse.lex, parse.yacc:
24931 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
24938 now spews error if exec fails and exits with -1
24946 now only execs files with (an) executable bit set.
24953 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>