1 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
4 When matching the runas user and runas group (-u and -g command line
5 options), keep track of runas group and runas user matches
6 separately. Only return a positive match if we have a match for
7 both runas user and runas group (if specified).
10 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
13 Do not return -1 on error from the display functions; the call
14 expects a return value >= 0.
18 display_bound_defaults now returns a count so make the stub return
22 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
25 It looks like AIX doesn't need to push STREAMS modules for ptys.
28 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
31 Install sudoers file from the build dir not hte src dir.
34 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
37 If runas_pw changes, reset the stashed runas aux group vector.
38 Otherwise, if runas_default is set in a per-command Defaults
39 statement, the command runs with root's aux group vector (i.e. the
40 one that was used when locating the command).
44 Add target to generate sudoers file Remove generated sudoers file as
48 2010-08-23 millert <millert@rh4-x86.home.courtesan.com>
51 When not logging I/O install a handler for SIGCONT and deliver it to
52 the command upon resume. Fixes bugzilla #431
55 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
58 Don't need to fork and wait when compiled with --disable-pam-session
61 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
64 Convert a remaining puts() and putchar() to use the output function.
67 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
70 Replace sudoers with sudoers.in in DISTFILES
74 Set dupcheck to TRUE when setting new HOME value if !env_reset but
75 always_set_home is true. Prevents a duplicate HOME in the
76 environment (old value plus the new one) introduced in 9f97e4b43a4b.
79 * configure, configure.in, sudoers, sudoers.in:
80 Substitute sysconfdir in the installed sudoers file to get the
81 correct path for sudoers.d.
84 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
86 * boottime.c, get_pty.c:
87 Fix typos that prevented compilation on Irix; Friedrich Haubensak
90 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
93 If the user hits ^C while a password is being read, error out before
94 reading any further passwords in the pam conversation function.
95 Otherwise, if multiple PAM auth methods are required, the user will
96 have to hit ^C for each one.
99 2010-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
102 Fix waitpid() loop termination condition.
106 Use sudo_waitpid() instead of bare waitpid()
109 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
112 Set pp_kit_version and strip off patchlevel
116 Better handling of versions with a patchlevel. For rpm and deb, use
117 the patchlevel+1 as the release. For AIX, use the patchlevel as the
118 4th version number. For the rest, just leave the patchlevel in the
122 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
125 For non-standalone auth methods, stop reading the password if the
126 user enters ^C at the prompt.
130 When removing/resetting the timestamp file ignore the tty ticket
134 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
140 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
143 Do not produce a warning for "sudo -k" if the ticket file does not
147 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
149 * aclocal.m4, configure:
150 Add cross-compile defaults for remaining AC_TRY_RUN usage.
153 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
155 * aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
156 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
157 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
160 2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
163 Added tag SUDO_1_7_4 for changeset 2920a3b9d568
167 Debian: Remove dots from decoded release number AIX: looser matching
168 of file command output for AIX 5.1
169 [2920a3b9d568] [SUDO_1_7_4]
172 Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
175 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
178 exec_monitor is static
182 Update to latest version
185 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
188 Let pp determine pp_aix_version itself.
191 * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
192 Add support for Ubuntu admin flag file and enable it when building
197 Add commented out SuSE-like targetpw settings
200 * configure, configure.in:
201 Only try to use +DAportable for non-GCC on hppa Check the value of
202 $pic_flag insteaf of whether the compiler is ANSI C when detecting
203 the HP-UX bundled C compiler.
206 * configure, configure.in:
207 Prevent configure from adding the -g flag unless in devel mode
210 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
213 Go back to sudo-flavor to match existing packages and only use an
214 underscore for those that need it.
218 Use sudo_$flavor instead of sudo-$flavor since that causes the least
219 amount of trouble for the various package managers.
223 Fix handling of the ldap flavor Remove destdir unless --debug was
224 specified Make distclean before running configure if there is a
228 * configure, configure.in:
229 Back out version change in 5baf2187a138
233 Pass extra args on to configure on HP-UX, if we don't have the HP C
234 compiler, disable zlib to prevent gcc from finding it in
238 * configure, configure.in, mkpkg:
239 Use the HP ANSI C compiler on HP-UX if possible
243 Some getline() implementations (FreeBSD 8.0) do not ignore the
244 length pointer when the line pointer is NULL as they should.
248 Don't need to check for *cp being non-zero, isdigit() will do that.
252 Add setlocale() so the command line arguments that use floating
253 point work in different locales. Since sudo now logs the timing
254 data in the C locale we must Parse the seconds in the timing file
255 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
256 the number of seconds with the user's locale so if the decimal point
257 is not '.' try using the locale-specific version.
261 Do I/O logging in the C locale so the floating point numbers in the
262 timing file are not locale-dependent.
266 Use errorx() not error() for thingsthat don't set errno.
269 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
272 Add Tru64 kit support
276 Better support for 1.2.3 style versions in Tru64 kits
280 Remove apparently unnecessary use of sudo
284 Create timedir as part of install-dirs target.
288 Handle ENXIO from read/write which can occur when reading/writing a
289 pty that has gone away. Fixes bugzilla 422
293 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
297 platform is a pp flag not a variable
300 * Makefile.in, mkpkg, sudo.pp:
301 Add simple arg parsing for mkpkg so we can set debug, flavor or
306 Make rpm backend work on AIX 5.x
309 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
312 Add commented out Defaults entry for log_output
315 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
318 Install binary files with -b~ to make a backup. Fixes "text file
319 busy" error on HP-UX during install.
323 "mv -f" on HP-UX doesn't unlink the destination first so add an
324 explicit rm before moving the temporary into place.
327 * configure, configure.in:
328 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
331 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
334 Add missing include of maillock.h for Solaris
337 * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
338 sample.syslog.conf, sudoers.cat:
339 Change the default syslog facility from local2 to authpriv (or auth
340 if the operating system doesn't support authpriv).
343 * Makefile.in, configure, configure.in, sudo.pp:
344 Install sudoers as /etc/sudoers on RPM and debian systems where the
345 package manager will not replace a user-modified configuration file.
346 This fixes upgrades from the vendor sudo packages.
350 RPM: use %config(noreplace) instead of %config for volatile This
351 results in the new file being installed with a .rpmnew suffix
352 instead of the file being replaced and the old one renamed with a
356 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
358 * boottime.c, mkstemps.c:
359 Include time.h for struct timeval.
363 The return value of strsignal() may be const and should be treated
367 * sudoers.cat, sudoers.man.in, sudoers.pod:
368 Mention that 127.0.0.1 will not match, nor will localhost unless
369 that is the actual host name.
376 * Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
377 Rename WHATSNEW -> NEWS
381 Updated pp with latest patches
384 * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
385 If pam is in use, wait until the process has finished before calling
389 * sudoers.cat, sudoers.man.in:
393 * UPGRADE, sudoers, sudoers.pod:
394 Add commented out line to add HOME to env_keep and add a warning to
395 the note about the HOME change in UPGRADE.
398 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
401 Add LINE_MAX define for those without it.
405 Mention that tty_tickets is now the default.
408 * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
409 sudoers.cat, sudoers.man.in, sudoers.pod:
410 The tty_tickets option is now on by default.
414 Mention that AIX authdb support has been fixed.
418 setauthdb() only sets the "old" registry if it was set by a previous
419 call to setauthdb(). To restore the original value, passing NULL
420 (or an empty string) to setauthdb() is sufficient.
423 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
425 * sudoers.cat, sudoers.man.in, sudoers.pod:
426 Mention new handling of HOME in always_set_home and set_home
430 * sudo.cat, sudo.man.in, sudo.pod:
434 * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
435 Reset HOME when env_reset is enabled unless it is in env_keep
438 * sudoers.cat, sudoers.man.in, sudoers.pod:
439 The default for set_logname has been "true" for some time now.
442 * sudoers.cat, sudoers.man.in, sudoers.pod:
443 Document that MAIL it set in env_reset mode.
447 Add missing include of time.h
450 * defaults.c, sudo.c:
451 Check return value of setdefs() but don't stop setting defaults if
452 we hit an unknown one.
456 Fix check for dup2() return value.
460 Treat an unknown defaults entry as a parse error.
464 Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
465 -i and env_reset mode.
469 Add PYTHONUSERBASE to initial_badenv_table
472 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
473 pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
474 If env_reset is enabled, set the MAIL environment variable based on
475 the target user unless MAIL is explicitly preserved in sudoers.
478 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
481 decode debian code names
488 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
491 Add entry about SuSE bash script fix.
495 Restore RLIMIT_NPROC after the uid switch if it appears that
496 runas_setup() did not do it for us. Fixes a bash script problem on
497 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
500 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
502 * mkpkg, pp, sudo.pp:
503 Restore the dot removal in the os version reported by polypkg. Adapt
504 mkpkg and sudo.pp to the change.
507 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
514 Update for sudo 1.7.4
518 document --with-pam-login
521 * sudoers.cat, sudoers.man.in, sudoers.pod:
522 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
525 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
528 Include flavor in solaris package name
532 Older shells don't support IFS= so set explictly to space, tab,
537 Use '=' not '==' in test
541 Fix typo that prevented debian from matching
545 Add missing prefix setting for debian
549 Use tab indents to reduce the chance of problem with <<- Uncomment
550 some env_keep lines for RHEL, SLES and Debian to more closely match
551 the vendor sudoers files.
555 Fix indentation Fix the debian %set section, pp does not set
556 pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
557 to %files for debian Remove the /etc/sudo-ldap.conf symlink on
558 debian for ldap flavor
562 Add commented out env_keep entries, sample Aliases and a %sudo line
566 * configure, configure.in:
567 Remove check for egrep; configure has its own
571 Use enable_zlib instead of enableval for consistency
574 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
577 Enable zlib for linux distros
581 Add ldap flavor to default build
585 Simplify rpm linux distro settings
588 * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
590 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
593 * Makefile.in, mkpkg, sudo.pp:
594 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
595 environment variable.
599 Create sudo group on debian
603 Add debian 4/5/6 and use the dot when doing version matches
606 * sudoers.cat, sudoers.man.in, sudoers.pod:
607 Remove spurious "and"; from debian
610 * aclocal.m4, configure:
611 Use a loop when searching for mv, sendmail and sh
614 * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
615 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
616 Substitute the value of EDITOR into the sudoers and visudo manuals.
619 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
621 * mkpkg, pp, sudo.pp:
622 Initial debian 4.0 support
626 Some platforms need -fPIE instead of -fpie
630 Add packaging bits to DISTFILES
634 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
635 On Linux it causes a DNS lookup via libaudit.
639 We now use pp to generate HP-UX packages
642 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
648 * INSTALL, Makefile.in:
649 isntall-man -> install-doc
652 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
653 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
654 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
655 Bump version to 1.7.4
658 * INSTALL.binary, Makefile.binary.in, Makefile.in:
659 Remove remaining bits of the old binary package
663 Use http://rc.quest.com/topics/polypkg/ for packaging
666 * Makefile.in, mkpkg, pp:
667 Use http://rc.quest.com/topics/polypkg/ for packaging
671 Just ignore the -c option, it is the default Add support for -d
675 * env.c, logging.c, pathnames.h.in:
676 Use _PATH_STDPATH instead of _PATH_DEFPATH
680 Do not strip binaries.
683 * INSTALL, configure, configure.in:
684 Add --insults=disabled configure option to allow people to build in
685 insult support but have the insults disabled unless explicitly
689 2010-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
691 * env.c, sudoreplay.c:
695 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
697 * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
699 Add support for a sudo-i pam.d file to be used for "sudo -i".
700 Adapted from a RedHat patch.
704 Fix installation of sudo_noexec.so
707 * Makefile.in, config.h.in, configure, configure.in, missing.h,
708 mkstemp.c, mkstemps.c, sudo_edit.c:
709 Use mkstemps() instead of mkstemp() in sudoedit. This allows
710 sudoedit to preserve the file extension (if any) which may be used
711 by the editor (like emacs) to choose the editing mode.
714 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
716 * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
717 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
718 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
719 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
720 should avoid disabling TLS_CHECKPEER is possible.
723 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
726 Add suport for negated user/host/command lists in a Defaults entry.
727 E.g. Defaults:!baduser noexec
730 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
736 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
739 Added tag SUDO_1_7_3 for changeset 72fd1f510a08
742 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
743 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
744 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
746 [72fd1f510a08] [SUDO_1_7_3]
748 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
749 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
750 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
751 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
752 defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
753 fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
754 getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
755 iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
756 pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
757 sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
758 tsgetgrpw.c, visudo.c:
759 Include strings.h even if string.h exists since they may define
760 different things. Fixes warnings on AIX and others.
764 Do not rely on env.env_len when unsetting a variable, just use the
769 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
772 2010-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
774 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
775 Mention that multiple URI lines are merged into a single one.
782 2010-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
784 * env.c, sudo.c, sudo.h:
785 For env_init() just use environ not the envp from main().
788 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
790 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
791 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
792 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
793 Update version to 1.7.3rc1
797 fqdn issue is resolved
801 In unsetenv(), assign ep in the for loop instead of doing it
802 earlier. This version of the code does not change env.envp in
803 between when ep is assigned and when it is used but older versions
808 Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
809 getuserattr() when fetching the administrative domain to be used by
810 setauthdb(). This was suggested by AIX support and is consistent
811 with what OpenSSH does.
815 Use warningx() instead of log_error() since the latter is not
816 available to visudo or testsudoers. This does mean that they don't
821 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
822 closed the sudoers sources. From Quest sudo.
826 Ignore case when matching user/group names in the cache. From Quest
830 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
832 * config.h.in, configure, configure.in, selinux.c:
833 Add check for setkeycreatecon() when --with-selinux is specified.
836 * configure, configure.in:
837 Bump version to 1.7.3b5 Error out if libaudit.h is missing or
838 ununable when --with-linux-audit was specified
842 K&R function declaration for aix_setauthdb()
845 * env.c, sudo.c, sudo.h:
846 If env_init() was called implicitly via getenv(), setenv() or
847 putenv() just use the specified envp instead of mallocing a new
848 copy. This prevents an infinite loop on OpenBSD which calls
849 getenv() from malloc() to get MALLOC_OPTIONS.
853 Add support for multiple URI lines by joining the contents and
854 passing the result to ldap_initialize.
857 2010-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
859 * pwutil.c, set_perms.c, sudo_nss.c:
860 Bracket initgroups with calls to aix_setauthdb() and
865 Include compat.h before alloc.h to get __P
869 Include usersec.h for authenticate() prototype
873 Add missing includes Add missing trailing NUL in userinfo string
876 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
878 * HISTORY, history.pod:
879 Mention when LDAP was incorporated.
882 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
885 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
886 not covered by _ALL_SOURCE.
890 Include usersec.h on AIX to get IDtouser() prototype.
894 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
895 not covered by _ALL_SOURCE.
898 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
901 Add a cast to quiet a compiler warning.
905 Use memset() instead of zero_bytes() since we don't include sudo.h
909 getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
912 * getdate.c, getdate.y:
913 Quiet a compiler warning.
916 * defaults.c, sudo.c:
917 Call set_fqdn() after sudoers has parsed instead of inline as a
922 Do not call set_fqdn() until sudoers parses (where is gets run as a
927 Do not call set_fqdn() until sudoers parses (where is gets run as a
928 callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
929 set even if !fqdn is set in sudoers.
932 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
933 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
934 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
935 Bump version to 1.7.3b4
939 mention the change in tty ticket behavior when there is no tty
947 Remove comment; NAME in usrinfo should be user name.
951 Do not update tty ticket if there is no tty.
954 * sudo.cat, sudo.man.in, sudo.pod:
955 No longer need to use -- with the -s flag
959 Add missing $(srcdir) to sudo.man.in target
963 Do not rely on BSD make's $>
966 * configure, configure.in:
967 Set timedir to /var/db/sudo for darwin to match Apple sudo's
971 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
973 * Makefile.in, configure, configure.in:
974 Move aix.o from SUDO_OBJS to COMMON_OBJS
977 * config.h.in, configure, configure.in, defaults.c, iolog.c,
979 Check for zlib.h in addition to libz.
982 * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
983 Move functions and symbols shared between exec.c and exec_pty.c into
988 Add missing prototypes for aix_setauthdb and aix_restoreauthdb
992 Comment out rules to build .man.in and .cat files unless --with-
996 * aix.c, pwutil.c, set_perms.c, sudo.h:
997 Fix AIX compilation problems.
1001 Cast isalnum() arg to unsigned char.
1005 Add Linux audit support.
1009 Quote any non-alphanumeric characters other than '_' or '-' when
1010 passing a command to be run via the shell for the -s and -i options.
1014 Add missing braces that broke -i mode.
1018 Fix linux_audit_command() return value
1021 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
1023 * Makefile.in, linux_audit.c, linux_audit.h:
1024 Add Linux audit support.
1027 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
1029 * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
1030 logging.h, selinux.c:
1031 Add Linux audit support.
1034 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
1036 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
1037 Sync sudoreplay with trunk
1044 * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
1045 Set usrinfo for AIX Set adminstrative domain for the process when
1046 looking up user's password info and when preparing for execve().
1050 Better prefix determination now that we can't rely on len==0 to tell
1051 the beginning on an entry.
1054 * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
1056 Add support for multiple sudoers_base entries in ldap.conf. From
1060 * configure, configure.in:
1061 Remove duplicate setsid check
1064 * Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
1065 logging.c, missing.h, setsid.c:
1066 Move setsid emulation into setsid.c
1069 * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
1070 Check for dup2() failure.
1073 * config.h.in, configure, configure.in:
1074 Remove dup2 check, it is not optional.
1077 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
1080 Add mbr_check_membership support and SELinux fixes
1084 Sync SRCS and DISTFILES with reality
1088 Update OS specific notes. Delete some really ancient ones and move
1089 older ones to the end of the list.
1093 Bump for sudo 1.7.3 Merge some changes from trunk
1096 * selinux.c, sudo.c:
1097 Call selinux_restore_tty() as part of cleanup() so it gets called
1098 from error()/errorx()
1102 No longer use SA_NOCLDSTOP
1105 * interfaces.h, match.c:
1106 Move union sudo_in_addr_un into interfaces.h
1110 Update copyright year
1113 * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
1114 compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
1115 gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
1116 match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
1117 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
1118 sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
1119 visudo.man.in, visudo.pod:
1120 Update copyright year
1124 Remove varsub as part of clean
1128 Quiet a compiler warning.
1131 * getdate.c, getdate.y:
1132 Quiet a compiler warning.
1136 Make the remaining functions in ldap.c static
1140 Make private functions static. Diff from Joachim Henke
1143 * schema.ActiveDirectory:
1144 Updates from Alain Roy to provide better examples for importing the
1145 schema and to fix problems caused by Windows validating attributes
1146 which have not yet been added before committing the changes.
1149 2010-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
1151 * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
1152 Generate .cat files directly from .man.in instead of .man using
1153 default values in configure.in
1156 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
1158 * configure, configure.in, sudo.c, sudo_usage.h.in:
1159 Print configure args with verbose version information.
1163 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
1164 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
1165 Use tq_append to append sudoers entries to the tail queue.
1168 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
1171 Describe tty timestamp improvements
1175 A comment character may not be part of a command line argument
1176 unless it is quoted with a backslash. Fixes parsing of:
1177 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
1180 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
1185 Make this read a little bit better when passwd_timeout is 0.
1189 Use the --file argument to config.status instead of setting
1193 * sudo.man.pl, sudo.pod:
1194 Attempt to handle a default password prompt timeout of zero more
1199 Do not override value of keepopen global, instead restore it to the
1200 value we pushed onto the stack when popping.
1203 * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
1204 Use SA_INTERRUPT in sa_flags
1207 * getdate.c, getdate.y, ldap.c, sudoreplay.c:
1208 Silence some compiler warnings
1211 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
1213 * exec.c, exec_pty.c, sudo.c, sudo.h:
1214 Implement background mode. If I/O logging we use pipes instead of a
1218 * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
1219 Move compat definition of NSIG to compat.h
1223 Ignore SIGPIPE for "sudo -S"
1227 Properly handle TGP_ECHO again. Print a newline if the user
1228 interrupted password input.
1232 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
1235 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
1237 * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
1238 Return an error from selinux_setup() instead of exiting. Call
1239 selinux_setup() from exec_setup().
1243 Add definition of WCOREDUMP for systems without it. This is known
1244 to work on AIX and SunOS 4, but may be incorrect on other systems
1245 that lack WCOREDUMP.
1248 * check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
1249 nanosleep.c, sudo_edit.c, visudo.c:
1250 Replace timerfoo macros with timevalfoo since the timer macros are
1251 known to be busted on some systems.
1255 If a file in a #includedir has improper permissions or owner just
1256 skip it. This prevents packages that incorrectly install a file
1257 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
1258 #includedir files still result in a parse error (for now).
1261 * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
1262 Defer call to pam_close_session() until after the command finishes
1263 if there is a monitor process.
1266 * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
1267 sudoers.man.in, sudoers.pod:
1268 Add use_pty sudoers option to force use of a pty even when not
1272 * env.c, sudo.c, sudo.h:
1273 Instead of trying to keep the global environment in sync with our
1274 private copy, provide our own getenv() that returns values from the
1275 private environment and use env_get() to pass the environment in to
1283 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
1286 Rename pty.c -> get_pty.c
1290 Add #define for maximum session id
1293 * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
1294 selinux.c, sudo.c, sudo.h, sudo_edit.c:
1295 Split exec.c into exec.c and exec_pty.c Pass a flag in to
1296 sudo_execve to indicate whether we need to wait for the command
1297 to finish (fork + execve vs. execve).
1300 * Makefile.in, configure, configure.in, get_pty.c, pty.c:
1301 Rename pty.c -> get_pty.c
1304 * aclocal.m4, configure, configure.in:
1305 Fix --without-iologdir
1308 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
1311 Only use I/O input log file if def_log_input is set and output file
1312 if def_log_output is set.
1315 2010-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
1317 * parse_args.c, sudo.c:
1318 Include sudo_usage.h after sudo.h now that it has function
1319 prototypes to guarantee that __P is defined.
1322 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
1325 Do signal setup after turning off echo, not before. If we are using
1326 a tty but are not the foreground pgrp this will generate SIGTTOU so
1327 we want the default action to be taken (suspend process). Use an
1328 array for signals received instead of a single variable so we don't
1329 lose any when there are multiple different signals.
1332 * defaults.h, lbuf.h, sudo.h:
1333 Reorg function prototypes a bit
1336 * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
1337 Move argument parsing into parse_args.c
1340 * Makefile.in, config.h.in, configure, configure.in, missing.h,
1341 mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
1342 Build our own sys_siglist for systems that lack it.
1345 * exec.c, iolog.c, missing.h, sudo_edit.c:
1349 * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
1350 Log sudoedit sessions as well; adapted from trunk
1357 * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
1358 def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
1359 gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
1360 script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
1361 sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
1362 sudoreplay.pod, term.c:
1363 Merge I/O logging changes from trunk. Disabling I/O log support at
1364 compile time does not currently work. Sudoedit is not yet hooked up
1368 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
1370 * INSTALL, configure, configure.in:
1371 Add --enable-warnings configure option
1374 * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
1375 Fix K&R compilation issues on HP-UX.
1378 * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
1379 Pass in output function to lbuf_init() instead of writing to stdout.
1380 A side effect is that the usage info can now go to stderr as it
1381 should. Add support for embedded newlines in lbuf and use that
1382 instead of multiple calls to lbuf_print.
1385 * configure, configure.in, sudo.man.pl, sudoers.man.pl:
1386 Use numeric registers to handle conditionals instead of trying to do
1387 it all with text processing.
1391 Document per-command SELinux settings
1395 timestamp -> time stamp
1399 Set close on exec flag in private versions of setpwent() and
1404 Make send_mail() take a printf-style argument list
1407 * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
1408 config.guess, config.h.in, config.sub, configure, configure.in,
1409 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
1410 m4/ltversion.m4, m4/lt~obsolete.m4:
1411 Update to autoconf 2.65 and libtool 2.2.6b
1415 Don't use TRUE/FALSE which may not be defined.
1418 * sudo.cat, sudo.man.in, sudo.pod:
1419 Document new tty_ticket behavior
1422 * find_path.c, sudo.c, sudo.h, visudo.c:
1423 Make find_path() a little more generic by not checking def_foo
1424 variables inside it. Instead, pass in ignore_dot as a function
1429 Store info from stat(2)ing the tty in the tty ticket when tty
1430 tickets are in use. If the tty lives on a devpts (Linux) or devices
1431 (Solaris) filesystem, stash the ctime in the tty ticket file, as it
1432 is not updated when the tty is written to. This helps us determine
1433 when a tty has been reused without the user authenticating again
1437 * boottime.c, check.c, sudo.h:
1438 get_boottime() now fills in a timeval struct
1441 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
1443 * check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
1444 gettime.c, sudo.h, sudo_edit.c, visudo.c:
1445 Use timeval directly instead of converting to timespec when dealing
1446 with file times and time of day.
1450 Fix OpenPAM detection for newer versions.
1454 Sync with Quest sudo git repo
1457 * aclocal.m4, configure, configure.in:
1458 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
1459 libvas may need libdl for dlopen() Add missing template for
1460 ENV_DEBUG Adapted from Quest sudo
1464 Fix typos; from Quest Sudo
1467 * Makefile.in, configure.in:
1468 Use value of SHELL from configure in Makefile
1471 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
1474 Handle duplicate variables in the environment. For unsetenv(), keep
1475 looking even after remove the first instance. For sudo_putenv(),
1476 check for and remove dupes after we replace an existing value.
1479 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
1482 Fix a crash when checking a sudoers file that has aliases that
1483 reference themselves. Based on a diff from David Wood.
1486 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1489 Fix use after free in error message when a duplicate alias exists.
1492 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
1495 Set errorfile to the sudoers path if we set parse_error manually.
1496 This prevents a NULL dereference in printf() when checking a sudoers
1497 file in strict mode when alias errors are present.
1500 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1502 * TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
1506 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1509 Qualify the command even if it is in the current working directory,
1510 e.g. "./foo" instead of just returning "foo". This removes an
1511 ambiguity between real commands and possible pseudo-commands in
1515 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
1517 * sudoers.cat, sudoers.man.in, sudoers.pod:
1518 Add a note about the security implications of the fast_glob option.
1522 Remove duplicate includes
1525 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
1527 * configure, configure.in:
1528 Fix installation of sudoers.ldap in "make install" when --with-ldap
1529 was specified without a directory. From Prof. Dr. Andreas Mueller
1532 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
1535 When doing a glob match, short circuit if gl.gl_pathc is 0. From
1539 2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
1542 Use parent process group id instead of parent process id when
1543 checking foreground status and suspending parent. Fixes an issue
1544 when running commands under /usr/bin/time and others.
1548 In setenv(), if the var is empty, return 1 and set errno to EINVAL
1549 instead of returning EINVAL directly.
1552 2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
1555 Check for pseudo-command by looking at the first character of the
1556 command in sudoers instead of checking the user-supplied command for
1560 2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1563 Avoid a duplicate fclose() of the sudoers file.
1567 Fix size arg when realloc()ing include stack. From Daniel Kopecek
1570 2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1572 * aix.c, config.h.in, configure, configure.in:
1573 Use setrlimit64(), if available, instead of setrlimit() when setting
1574 AIX resource limits since rlim_t is 32bits.
1578 Fix use after free when sending error messages. From Timo Juhani
1582 2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
1584 * ChangeLog, Makefile.in:
1585 Generate the ChangeLog as part of "make dist" instead of having it
1589 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1592 Generate correct ChangeLog for 1.7 branch.
1595 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1597 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
1598 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
1599 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
1600 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
1601 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
1602 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
1603 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
1604 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
1605 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
1606 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
1607 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
1608 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
1609 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
1610 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
1611 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
1612 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
1613 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
1614 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
1615 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
1616 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
1617 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
1618 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
1619 Remove CVS $Sudo$ tags.
1622 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
1625 make this match sudoers SYNOPSIS
1629 Print a newline between Runas and Command-specific defaults in sudo
1634 Use SET and CLR macros in term_raw
1638 Set stdin to non-blocking mode early instead of in check_input. Use
1639 term_raw instead of term_cbreak since the data we get has already
1640 been expanded via OPOST.
1643 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
1646 Enable/disable all postprocessing instead of just nl->crnl
1647 processing since things like tab expansion matter too. However, if
1648 stdout is a tty leave postprocessing on in the pty since we run into
1649 problems doing it only on the real stdout with .e.g nvi.
1652 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
1655 If tty_tickets is enabled and there is no tty, prompt for a
1656 password. Do not lecture user for "sudo -k command" if user has a
1661 Document missing options: --with-efence and --with-bsm-audit
1664 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
1665 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
1666 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
1667 visudo.man.in, visudo.pod:
1668 username -> user name groupname -> group name hostname -> host name
1671 * INSTALL, README.LDAP, sudoers.pod:
1672 filename -> file name like the rest of the docs
1675 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
1678 Fix printing of entries with multiple host entries on a single line.
1681 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
1684 Mention that targetpw affects the timestamp file name.
1687 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
1689 Add compress_transcript option.
1692 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
1694 * configure, configure.in:
1698 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
1699 Better split of membership vs. traditional group check in
1700 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
1703 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
1706 Fix pasto and add default return value.
1709 * check.c, match.c, pwutil.c, sudo.h:
1710 refactor group member checking into user_in_group()
1713 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
1715 Add support for mbr_check_membership() as present in darwin.
1718 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
1721 Rename label to be accurate
1724 * Makefile.in, boottime.c, check.c, config.h.in, configure,
1725 configure.in, sudo.h:
1726 Treat timestamp files from before we booted as old. Idea from and
1730 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
1732 * sudo.c, sudo.pod, sudo_usage.h.in:
1733 Allow the -u flag to be used in conjunction with the -v flag as per
1734 older versions of sudo.
1738 fix typo in last commit
1741 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
1744 Convert fmt_first and fmt_confd into macros.
1748 timeouts can be floats now
1751 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
1752 defaults.h, mkdefaults:
1753 Add support for floating point timeout values (e.g. 2.5 minutes).
1756 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
1759 The -L flag will be removed in sudo 1.7.4
1762 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
1765 Fix a bug due to order of operators.
1768 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
1771 cmnd_matches() already deals with negation so _cmndlist_matches()
1772 does not need to do so itself. Fixes a bug with negated entries in
1776 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
1779 Don't exit() from open_sudoers, just return NULL for all errors.
1783 Can't rely on the shell sending us SIGCONT when transitioning from
1784 backgroup to foreground process.
1788 Add missing extern def for parse_error
1791 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
1794 Avoid a parse error when #includedir doesn't find any files. Closes
1799 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
1802 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
1805 Start command out in foreground mode if stdout is a tty. Works
1806 around issues with some curses-based programs that don't handle
1807 tcsetattr getting interrupted by a signal. Still allows us to avoid
1808 hogging the tty if the command is part of a pipeline.
1811 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
1812 Use a socketpair to pass signals from parent to child. Child will
1813 now pass command status change info back via the socketpair. This
1814 allows the parent to distinguish between signals it has been sent
1815 directly and signals the command has received. It also means the
1816 parent can once again print the signal notifications to the tty so
1817 all writes to the pty master occur in the parent. The command is
1818 now always started in background mode with tty signals handled by
1822 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
1824 * configure, configure.in:
1825 Fix a few typos in the descriptions; from Jeff Makey Only do the
1826 check for krb5_get_init_creds_opt_free() taking two arguments if we
1827 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
1828 positive when using our own krb5_get_init_creds_opt_free which takes
1829 only a single argument.
1832 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
1834 * configure, configure.in:
1835 Remove a spurious comma in the kerb5 bits.
1839 Call krb5_get_init_creds_opt_init() in our emulated
1840 krb5_get_init_creds_opt_alloc() for MIT kerberos.
1843 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
1850 Need to ignore SIGTT{IN,OU} in child when running the command in the
1851 background. Also some minor cleanup.
1854 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
1857 Instead of calling sigsuspend when waiting for SIGUSR[12] from
1858 parent, install the signal handlers w/o SA_RESTART and let them
1859 interrupt waitpid().
1863 Pass along SIGHUP and SIGTERM from parent to child.
1867 Close unused bits of script_fds in processes that don't need them.
1868 Restore default SIGCONT handler in child.
1872 Update foreground/background status in SIGCONT handler in parent
1876 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
1879 Defer setting terminal into raw mode until just before we fork() and
1880 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
1881 and sudo is already in the foreground be sure to set raw mode before
1882 continuing the child.
1885 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
1888 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
1889 give the command the controlling tty if the main sudo process is the
1894 Don't bother with sudo_waitpid() here for now.
1901 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
1904 Remove non-wroking code that crept into rev 1.55
1907 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
1909 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
1910 First pass at zlib support for transcript data files
1914 remove vestiges of ZLDFLAGS
1918 Add missing variable declaration for when TIOCSCTTY is not defined.
1919 Need to include sys/termio.h for TIOCSCTTY on some systems.
1923 when resuming command, send SIGCONT to its pgrp not just pid
1927 remove unused variable
1931 include selinux.h for is_selinux_enabled() proto
1935 Don't use log_error() in the child process.
1939 Do I/O in parent instead of child since the parent can have both
1940 /dev/tty as well as the pty fds open. The child just sets things up
1941 and waits for its grandchild and writes the signal description to
1942 the pty master if the command was killed by a signal.
1945 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
1947 * missing.h, sudo.h:
1948 Move two struct forward declarations from sudo.h to missing.h
1952 Make comment at the top of script_exec() match reality.
1956 if neither stdin nor stdout is a tty, check stderr
1960 Add back dependecy of gram.h on gram.y
1964 Make transcript mode work as long as we can figure out our tty, even
1965 if it is not stdin. We'd like to use /dev/tty but that won't be
1966 valid after the setsid().
1969 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
1971 * config.h.in, configure, configure.in, pty.c:
1972 Add support for IRIX-style dynamic ptys
1975 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
1976 Move alloc.c protos into alloc.h
1980 Move prototypes for missing libc functions to missing.h
1983 * Makefile.in, sudo.h, sudoreplay.c:
1984 Move prototypes for missing libc functions to missing.h
1987 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
1989 * config.h.in, configure, configure.in:
1990 Disable transcript support if no tcsetpgrp until we support older
1991 BSD-style job control.
1994 * configure, configure.in, pty.c, script.c:
1995 Break out pty code into pty.c
1998 * compat.h, config.h.in, configure, configure.in:
1999 add killpg macro if no killpg function
2002 * config.h.in, configure, configure.in, script.c:
2003 Push ptem and ldterm for STERAMS-based systems when allocating a
2007 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
2010 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
2014 Call tcgetpgrp() in the parent, not the child and have the child
2015 spin until it is granted. Fixes a race on darwin.
2019 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
2023 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
2026 In script mode, if the command is killed by a signal, print the
2027 signal description as well as a core dump notification like the
2031 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
2033 Add check for strsignal() and a simple implementation if it is not
2034 there but sys_siglist is
2038 Add missing WUNTRACED and store the signal that stopped the
2039 grandchild in suspended, not signo.
2047 Associate the grandchild's pgrp with the tty instead of the child's
2048 and just get suspend notifications via SIGCHLD instead of directly.
2049 This fixes a hang with programs that try to set terminal attributes
2050 and is more consistent with how the shell handles things.
2053 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2056 Move setpgid() of child into the parent side of the fork() where it
2060 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
2067 Run command in its own pgrp (like the shell does) for easier
2068 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
2069 to grandchild. Don't want grandchild stopped events in the child
2070 (only termination). Flush output after suspending grandchild before
2075 Back out revision 1.34; the problem lies elsewhere.
2079 Don't set stdout to blocking mode when flushing remaining output.
2080 It can cause us to hang when trying to exit. Need to investigate
2085 Handle SIGTTOU and remove some debugging.
2089 Back out revision 1.10 as the signal that interrupts us may be
2090 SIGTTOU or SIGTTIN which the caller must handle.
2094 Apparently we need to send SIGSTOP to the command as well as ourself
2095 when we get SIGTSTP, the kernel doesn't automatically stop the
2100 Use an extra process to act as the glue bewteen the sessions
2101 associated with the user's controlling tty (what the shell uses) and
2102 the tty that sudo is using to do its logging. Basically, this means
2103 that if we get, e.g. SIGTSTP from the process sudo is running, we
2104 relay the signal to the parent so it's shell can do the job control.
2108 Handle getting/setting terminal attributes when the fd is in non-
2112 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
2114 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2115 Add support for pausing and changing the speed in interactive mode.
2119 Already define O_NOCTTY in compat.h, don't need it here
2122 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
2128 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
2131 Always update the stashed mtime of the temp file instead of using
2132 what we have for the original because the time resolution of the
2133 filesystem the temporary is on may not match that of the filesystem
2134 that holds the original. Should fix bz #371 found by Philippe Levan.
2138 Use cbreak mode instead of raw mode and add signal handlers to
2139 restore the tty on interrupt.
2142 * script.c, sudo.h, term.c:
2143 Retain NL to NLCR conversion on the real tty and skip it on the pty
2144 we allocate. That way, if stdout is not a pty there are no extra
2149 Fix log_output(); just pass in a string and a length.
2152 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
2155 do not use errno when complaining out lack of a tty
2158 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
2160 * Makefile.in, sudoreplay.c, term.c:
2161 Instead of messing with line endings, just set terminal to raw mode
2166 When copying the terminal attributes to the pty, be sure not to set
2167 ONLCR. This prevents extra carriage returns from ending up in the
2172 Convert a do {} while into a while
2176 Use if then instead of test && when installing binaries that may not
2181 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
2182 old tty before associatng with new one.
2185 * script.c, selinux.c, sudo.c, sudo.h:
2186 First cut at refactoring some of the selinux code so it can be used
2187 in conjunction with sudo's transcript support.
2190 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
2192 * aclocal.m4, configure, configure.in:
2193 Fix default case of transcript_enabled being unset.
2196 * script.c, sudoreplay.c:
2197 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
2200 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
2201 Hook up --disable-transcript and --enable-transcript=DIR
2204 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
2206 * aclocal.m4, configure, configure.in, pathnames.h.in:
2207 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
2208 transcript=DIR option to specify the directory
2211 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
2215 * configure, configure.in, sudoers.man.pl, sudoers.pod:
2216 Substitute in default value for secure_path
2220 Mention that the password must be followed by a newline with the -S
2224 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
2227 Go back to dropping out of the select() loop when the process dies;
2228 Linux ptys apparently don't behave the same as BSD in regards to
2229 select(). No need to flush remaining output to the transcript, only
2230 to stdout. Add back code to check the master pty for additional data
2231 when we exit the main select loop.
2234 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
2237 Add getline.o to COMMON_OBJS
2241 sudoreplay depends on libsudo.a
2245 More pwutil.o into COMMON_OBJS
2248 * pwutil.c, testsudoers.c, tsgetgrpw.c:
2249 Remove my_* redirection in pwutil.c for testsudoers and just use the
2250 normal libc get{pw,gr}* names.
2253 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2254 More time and date examples
2257 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
2258 Move nanosleep() emulation into its own file Check librt.a for
2259 nanosleep if we don't find it in libc
2262 * Makefile.in, configure, configure.in:
2263 Build libsudo with the common bits and link things against that.
2271 Keep reading from the pty master -> log file until read returns <=
2272 0. Do our best to write everything to stdout when flushing any
2277 Use unbuffered I/O when writing to stdout and make sure we write the
2281 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
2284 Only use max_wait if it is non-zero
2287 * getdate.c, getdate.y, getline.c:
2292 Fix nanosleep emulation
2296 Fix comment after #endif
2300 Add protos for missing libc bits
2303 * configure, configure.in:
2304 add missing line continuation char
2307 * config.h.in, configure, configure.in, getline.c:
2308 Implement getline() in terms of fgetln() if we have it.
2312 Print year when formatting log line
2316 Document cwd, attempt to document time/date formats.
2320 Fix getline return value check.
2323 * Makefile.in, config.h.in, configure, configure.in, getline.c,
2325 Use getline() if the system has it, else use provide our own for
2330 Refactor code to update output and timing files.
2333 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
2336 Make sudo_getln() behave more like glibc getline.
2340 When flushing remaining output, also update timing file.
2344 Use get_timestr() and make the -l output look like the regular sudo
2348 * logging.c, sudo.h, timestr.c:
2349 Make get_timestr() take a time_t so we can use it properly in
2354 Create session dir earlier now that we update the seq number early.
2357 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2360 Use fromdate and todate as the keywords instead of from and to; the
2361 short forms will still be accepted.
2365 Fix reading long liensin sudo_getln()
2368 * script.c, sudoreplay.c:
2369 Log the cwd in the script log file. Add sudo_getln() to read
2370 arbitrarily long lines.
2373 * Makefile.in, logging.c, sudo.h, timestr.c:
2374 Move get_timestr() into its own source file so sudoreplay can use
2378 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
2381 Add to and from perdicates (date ranges); needs documentation
2384 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
2386 * Makefile.in, getdate.c, getdate.y:
2387 Fix warning and add generated getdate.c
2390 * Makefile.in, getdate.y:
2391 Add getdate.y to be used for sudoreplay date parsing.
2394 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
2397 Check more than just the first character of a predicate
2400 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2401 Add examples, sort predicates
2404 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
2406 Implement search expressions in sudoreplay similar in concept to
2407 what find or tcpdump uses. TODO: date ranges
2410 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
2413 Remove vhangup as it was hanging up the wrong tty. Should really
2414 vhangup in the child after it as set its tty.
2418 Fix cut at documenting transcript support.
2422 ID= -> TSID= for transcript ID
2425 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
2428 Move fast_glob description to where it belongs in sorted order
2431 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
2432 parse.c, parse.h, sudo.c:
2433 Rename script -> transcript
2436 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
2439 Add timeradd and timersub for those without them
2443 Sanity check sessid before using it.
2447 Only set the session id if we are running a command or editing a
2452 Actually. qsort is fine since most versions fal back to a cheaper
2453 sort when the number of elements to sort is small (like in our
2457 * config.h.in, configure, configure.in, script.c:
2458 Check for dup2 and use dup instead if we don't have it.
2461 * script.c, sudo.c, sudo.h:
2462 Move the code to dup2 the script fds to low numbered descriptors
2463 into script_duplow() and fix the fd sorting.
2466 * script.c, sudo.c, sudo.h:
2467 Move script_setup() back to immediately before we drop privs and
2468 call the new script_nextid() in its place, which will set
2469 sudo_user.sessid for the logging functions.
2472 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
2479 remove unused variable
2482 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2484 * logging.c, script.c, sudo.c, sudo.h:
2485 Log the session ID, if there is one. Currently logs ID=XXXXXX,
2486 perhaps should be SESSIONID or SESSID.
2489 * Makefile.in, configure, configure.in, sudoreplay.cat,
2490 sudoreplay.man.in, sudoreplay.pod:
2495 add -V (version) flag
2502 * script.c, sudoreplay.c:
2503 Use base36 number for the ID and store script files with paths like
2504 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
2505 (2,176,782,336) unique IDs.
2508 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
2510 * config.h.in, configure.in:
2511 Add check for regcomp
2515 Add support for selecting by pattern and tty when listing.
2518 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2521 The beginnings of a list mode.
2524 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
2530 * Makefile.in, config.h.in, configure.in:
2531 Add scaffolding for building sudoreplay
2535 include error.h first arg to nanotime is const
2539 Initial cut at sudoreplay; replay a sudo session.
2542 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
2545 Fix wait() usage and use correct wait status.
2548 * sudo.c, sudo.h, tgetpass.c:
2549 Add protos for term_* to sudo.h
2553 Fix detection of the child process exiting. Since the child is in
2554 its own session we should only ever get SIGCHLD for that process but
2555 better safe than sorry.
2559 Add UNIX98 pty support.
2562 * configure, configure.in, script.c:
2563 Add UNIX98 pty support.
2566 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
2569 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
2574 Set PAM_RUSER and PAM_RHOST early so they can be used during
2575 authentication. Based on a patch from Jamie Beverly.
2579 Close dir before returning if strlcpy() reports overflow. From
2583 * config.h.in, configure, configure.in, script.c:
2584 On Linux, the openpty proto libes in pty.h
2588 Call vhangup on exit if the system has it Use setpgrp() if no
2592 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
2594 * config.h.in, configure, configure.in:
2595 Add checks for revoke and vhangup if we don't have openpty
2599 Session logging guts that got forgotten in the previous commit.
2602 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
2603 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
2604 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
2606 First cut at session logging for sudo. Still need to write
2607 get_pty() for Unix 98 and old-style BSD ptys. Also needs
2608 documentation and general cleanup.
2611 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
2613 * sudo.c, sudo_edit.c:
2614 Fix a bug introduced with def_closefrom. The value of def_closefrom
2615 already includes the +1.
2618 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
2621 Generate sudo distributions with pax in ustar mode. No longer need
2622 to use a temp file or have the source dir name match the version.
2625 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
2628 Fix expansion of %h in #include names. Fixes bugzilla 363
2631 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
2634 If no arg assume def_data.in
2639 [f5ad45f69f05] [SUDO_1_7_2]
2645 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
2647 * sudoers.cat, sudoers.man.in, sudoers.pod:
2648 Add missing single quotes around a colon in Runas_Spec definition.
2652 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
2654 * sudo.man.in, sudoers.man.in:
2659 In rbrepair, re-color the root or the first non-block node we find
2660 to be black. Re-coloring the root is probably not needed but won't
2664 * sudo.cat, sudoers.cat:
2668 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
2671 When repairing the tree, don't touch the root node.
2674 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
2677 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
2678 Reported by Josef Schmid.
2681 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
2684 Document that we accept env_pam-style environment files
2688 Adapt to accept pam_env-style /etc/environment which allows shell-
2689 style lines such as: export EDITOR="/usr/bin/vi"
2693 Make it clear that env_delete only works when !env_reset. From Lo??c
2697 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
2699 * sudo.pod, sudoers.pod:
2700 Add non-unix group bits, adapted from Quest
2704 build the .cat page in the current working dir, not the src dir
2708 Return EINVAL in setenv() if var is NULL or the empty string to
2709 match glibc behavior.
2712 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
2714 * configure, configure.in:
2715 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
2718 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
2720 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
2721 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
2725 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
2728 Document --with-libvas and --with-libvas-rpath
2731 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
2733 * ldap.c, sudoers.ldap.pod:
2734 For netscape-derived LDAP SDKs the cert and key paths may be a
2735 directory or a file. However, version 5.0 of the SDK only seems to
2736 support using a directory. If ldapssl_clientauth_init fails and the
2737 cert or key paths look like they could be files, strip off the last
2738 path element and try again.
2742 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
2745 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
2747 * configure, configure.in, match.c, sudo.c, vasgroups.c:
2748 Update non-Unix group support from Quest, as reworked by me.
2756 Add support for escaped hex chars in names, e.g. \x20 for space.
2759 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
2761 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
2762 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
2763 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
2764 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
2765 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
2766 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
2767 tgetpass.c, toke.l, visudo.c:
2768 Update copyright years.
2771 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
2773 * interfaces.c, lbuf.c:
2774 Minor fixes for Minix-3
2777 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
2780 Handle getgroups() returning 0. Also add missing check for
2784 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
2786 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
2787 version.h, visudo.c:
2788 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
2791 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
2794 Remove group setting code in setusercontext case, we will do it
2795 ourselves later on in runas_setup. Set the gid after
2796 initgroups/setgroups is called, since on Mac OS X it seems to change
2800 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
2802 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
2804 Initial bits of non-unix group support using Quest Authentication
2809 Accept %:foo as a non-Unix group
2813 Allow user/group to be double quoted in the case of non-Unix groups
2814 which contain spaces.
2817 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
2820 Don't allow the user to specify the default runas user if their
2821 sudoers entry only allows them to run as a group.
2824 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
2827 Must call audit_success before we change uids.
2830 * logging.c, set_perms.c, sudo.h, testsudoers.c:
2831 Add option for set_perm to not exit on failure and use this in the
2836 In -l mode, if the user is only allowed to run as a group, display
2837 the user's name, not root's before the allowed group.
2841 Fix -g mode, broken by rev 1.503 which had the side effect of
2842 setting the runas user to root unilaterally.
2845 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
2848 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
2852 Only cache by the method we fetched for pwd and grp lookups.
2853 Previously we cached both by namd and id but this can cause problems
2854 for entries that share the same id. Also add more info in the error
2855 message in case the insert fails (which should now be impossible).
2858 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
2861 Add a clarification from Nick Sieger
2864 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
2867 Inline the setting of the environment string.
2870 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
2873 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
2874 in BSD doesn't return an error if the name has '=' in it, it just
2875 treats the '=' as end of string.
2878 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
2881 Not all systems have d_namlen
2884 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
2887 Fix up some pod2html issues.
2890 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
2893 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
2898 Ignore files ending in '~' in sudo.d (emacs backup files)
2902 Ignore files ending in '~' in sudo.d (emacs backup files)
2905 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
2907 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
2908 For #includedir, ignore any file containing a dot
2911 * Makefile.in, version.h:
2915 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
2916 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
2918 Implement #includedir directive. Files in an includedir are not
2919 edited by visudo unless they contain a syntax error.
2924 [8741ed61a78b] [SUDO_1_7_1]
2927 Forgot umask_override
2934 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
2937 Rewind stream if we fdopen sudoers since it may not be at the
2938 beginning. Set the keepopen flag on already-open files too so the
2939 lexer doesn't close them out from under us.
2943 Print the proper file name when there is a parse error in an include
2947 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
2953 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
2955 * configure, configure.in:
2956 Fix a warning when --without-ldap is specified.
2959 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
2961 * alias.c, parse.h, visudo.c:
2962 Store aliases that we remove during check_aliases in a freelist and
2963 free them at the end so we don't leak memory.
2966 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
2969 Check aliases in -c mode too.
2972 * alias.c, parse.h, visudo.c:
2973 Make alias_remove return the alias struct instead of freeing it
2974 directly. Fixes a use after free in alias_remove_recursive, the only
2978 * alias.c, match.c, parse.c, parse.h, visudo.c:
2979 Rename find_alias -> alias_find for consistency.
2982 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
2985 When checking for unused aliases, recurse if the alias points to
2989 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
2992 Back out rev 1.105 for now. Real ldapux_client.conf support will be
2993 done later after some refactoring.
2996 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
2999 Treat ldap_hostport the same as "host" for ldapux.
3002 * configure, configure.in:
3003 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
3004 Fixes compilation with ldapux.
3007 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
3013 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
3016 remove errant carriage returns
3023 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
3024 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
3028 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
3031 Add missing HAVE_BSM_AUDIT
3039 Mention --with-netsvc
3043 Document netsvc.conf support
3046 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
3048 Add support for AIX netsvc.conf (like nsswitch.conf).
3051 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
3053 * config.h.in, configure, configure.in, env.c:
3054 Add --enable-env-debug flag to enable environment sanity checks.
3057 * sudoers.ldap.pod, sudoers.pod:
3058 Work around some pod2html issue.
3061 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
3064 Only sync environ for putenv, setenv, and unsetenv. We need to make
3065 sure that sudo_putenv and sudo_setenv only modify env.envp, not
3069 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
3072 Really fix UNSETENV_VOID
3076 Fix unsetenv when UNSETENV_VOID
3079 * aclocal.m4, configure:
3080 Fix SUDO_FUNC_PUTENV_CONST
3084 tivoli-based ldap does not have ldapssl_err2string
3091 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
3093 * config.h.in, configure, configure.in, ldap.c:
3094 Add support for Tivoli-based LDAP start TLS as seen in AIX.
3099 Add sanity checks for setenv/unsetenv
3103 Include bsm_audit.h in the tarball
3106 * Makefile.in, version.h:
3107 bump version for sudo 1.7.1
3110 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
3111 env.c, ldap.c, sudo.h:
3112 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
3113 provide our own setenv/unsetenv/putenv that operates on own env
3114 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
3117 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
3120 Make "sudoedit -h" work as expected
3124 Make sure def_prompt is always defined. This is a workaround for
3125 pam configs that prompt for a password in the session but don't have
3126 an auth line. A better fix is to expand the sudo prompt earlier and
3127 set def_prompt to that when initializing.
3131 Mention that the helper for -A may be graphical.
3135 Document what happens if there is no tty.
3147 Fix "sudo -k" with no other args
3150 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
3152 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
3153 Allow the -k flag to be specified in conjunction with a command or
3154 another option that may require authentication.
3157 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
3159 * configure, configure.in:
3160 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
3164 Parallel make fix. From Diego E. 'Flameeyes'
3167 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
3169 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
3170 Implement umask_override
3177 * sudoers.pod, toke.l, visudo.c:
3178 Implement %h escape in sudoers include filenames.
3182 Need to include compat.h
3185 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
3186 Make audit_success and audit_failure generic functions in
3187 preparation for integrating linux audit support.
3191 remove duplicate include
3194 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
3201 May need to update the runas user after parsing command-based
3205 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
3208 Add missing pair of braces introduced with character class support.
3211 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
3213 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
3214 Rename pwstars to pwfeedback
3217 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
3219 * bsm_audit.c, bsm_audit.h:
3220 Add const to make MacOS happy.
3223 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
3224 configure.in, sudo.c:
3225 Add bsm audit support from Christian S.J. Peron
3229 This is new code, no DARPA notice.
3232 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
3234 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
3235 Rename simple_glob -> fast_glob
3242 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
3243 Add simple_glob option to use fnmatch() instead of glob(). This is
3244 useful when you need to specify patterns that reference network file
3256 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
3259 Delete any pwstars we wrote after the user hits return. That way
3260 there is no record on screen as to the user's password length.
3263 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
3266 Move terminal setting bits from tgetpass.c to term.c
3269 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
3271 Add pwstars sudoers option that causes sudo to print a star every
3272 time the user presses a key.
3275 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
3278 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
3281 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
3284 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
3285 indicate no limit. From Mark Janssen.
3288 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
3291 Comments that begin with #- should not be parsed as uids.
3294 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
3297 Do not try to set the close on exec flag if we didn't actually open
3301 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
3305 [e11f0e4c1bdd] [SUDO_1_7_0]
3307 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
3313 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
3316 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
3320 * configure, configure.in:
3321 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
3322 as it cannot generate shared objects.
3325 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
3326 K&R compilation fixes
3330 Use tq_foreach_fwd when checking pseudo-commands to make it clear
3331 that we are not short-circuiting on last match. When pwcheck is
3332 'all', initialize nopass to TRUE and override it with the first non-
3336 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
3339 Do not short circuit pseudo commands when we get a match since,
3340 depending on the settings, we may need to examine all commands for
3344 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
3346 * sudoers.cat, sudoers.man.in:
3351 hostnames may also contain wildcards
3355 remove stamp-* files and linux core files in clean target
3358 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
3360 * auth/sudo_auth.h, config.h.in, configure, configure.in:
3361 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
3364 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
3366 * configure, configure.in:
3367 correctly enable SIA on Digital UNIX
3378 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
3380 * check.c, sudo.h, tgetpass.c:
3381 Even if neither stdin nor stdout are ttys we may still have /dev/tty
3385 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
3387 * sudoers.cat, sudoers.man.in:
3392 fix typos; Markus Lude
3404 Fix matching of a line that only consists of a comment char
3407 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
3410 MacOS pam will retry conversation function if it fails so just treat
3411 ^C as an empty password.
3415 When checking for alias use, also check defaults bindings.
3423 Replace my rbdelete with Emin's version (which actually works ;-)
3426 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
3433 malloc options in devel mode for visudo too
3436 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
3439 fix compilation on non-C99; from Theo
3447 when destroying an alias, free the correct data pointer
3451 add proto for aixauth_cleanup; from Dale King
3454 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
3456 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
3461 * sudo.pod, sudoers.pod, visudo.pod:
3462 standardize on the term 'option' for command line options (not flag)
3465 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
3468 Add note on configuring HP-UX pam
3471 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
3474 Move tty checks into check_user() so we only do them if we actually
3479 Don't error out if no tty or askpass unless we actually need to
3483 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
3489 * pathnames.h.in, sudo.c:
3490 s/overriden/overridden/; from Tobias Stoeckmann
3493 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
3495 * WHATSNEW, visudo.c:
3496 check sudoers owner and mode in strict mode
3503 * sudo.man.in, sudoers.man.in, visudo.man.in:
3504 Update copyright years.
3507 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
3508 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
3509 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
3510 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
3511 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
3512 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
3513 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
3514 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
3515 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
3516 visudo.pod, zero_bytes.c:
3517 Update copyright years.
3520 * emul/charclass.h, fnmatch.c, glob.c:
3524 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
3527 The loop in fill_cmnd() was going one byte too far past the end,
3528 resulting in a NUL being written immediately after the buffer end.
3531 * UPGRADE, WHATSNEW:
3532 add sections on tgetpass changes
3536 Treat EOF w/o newline as an error.
3539 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
3542 Fix "sudo -v" when NOPASSWD is set.
3545 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
3547 No longer treat an empty password at the prompt as special. To quit
3548 out of sudo you now need to hit ^C at the password prompt.
3551 * sudoers.cat, sudoers.man.in:
3555 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
3556 Sudo will now refuse to run if no tty is present unless the new
3557 visiblepw sudoers flag is set.
3560 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
3563 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
3568 fix fallback value for RLIM_SAVED_MAX
3571 * auth/aix_auth.c, auth/sudo_auth.h:
3572 Move clearing of AUTHSTATE into aixauth_cleanup.
3575 * auth/aix_auth.c, env.c:
3576 Unset AUTHSTATE after calling authenticate() as it may not be
3577 correct for the user we are running the command as.
3581 Add isblank() function for systems without it. Needed for POSIX
3582 character class matching in fnmatch.c and glob.c.
3585 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
3588 expound on sudo and cd
3591 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
3597 * sudoers.cat, sudoers.man.in:
3602 mention defauts parse order
3605 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
3607 * Makefile.in, aclocal.m4, compat.h, configure:
3608 Add isblank() function for systems without it. Needed for POSIX
3609 character class matching in fnmatch.c and glob.c.
3613 add emul/charclass.h to HDRS
3616 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
3622 * defaults.c, parse.c, testsudoers.c, visudo.c:
3623 Move update_defaults into defaults.c and call it properly from
3624 visudo and testsudoers.
3627 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
3629 use zero_bytes() instead of memset() for consistency
3632 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
3634 Zero out sigaction_t before use in case it has non-standard entries.
3642 Short circuit glob() checks if basename(pattern) !=
3643 basename(command). Refactor code that checks for a command in a
3644 directory and use it in the glob case if the resolved pattern ends
3648 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
3650 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
3651 Defer setting runas defaults until after runaspw/gr is setup.
3654 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
3656 * match.c, sudo.c, testsudoers.c:
3657 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
3658 systems do not include space for the NUL in the size. Also manually
3659 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
3663 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
3665 * sudo.c, sudoers.pod:
3666 When setting the umask, use the union of the user's umask and the
3667 default value set in sudoers so that we never lower the user's umask
3668 when running a command.
3672 Don't try to read from a zero-length sudoers file. Remove the bogus
3673 Solaris work-around for EAGAIN. Since we now use fgetc() it should
3677 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
3680 In update_defaults() check the return value of user*_matches against
3681 ALLOW so we don't inadvertantly match on UNSPEC.
3684 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
3686 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
3687 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
3688 regen man pages; no more hyphenation
3692 Don't error out on a zero-length sudoers file. With the advent of
3693 #include the user could create a situation where sudo is unusable.
3696 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
3698 * auth/kerb5.c, config.h.in, configure, configure.in:
3699 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
3700 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
3701 all. Add configure tests to handle all the cases.
3704 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
3711 document sudoers_locale
3714 * sudo.pod, sudo_edit.c:
3715 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
3720 In fill_cmnd(), collapse any escaped sudo-specific characters.
3721 Allows character classes to be used in pathnames.
3724 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
3727 fix typo in non-C89 function declaration
3731 Mention POSIX characters classes now that out fnmatch() and glob()
3735 * sample.sudoers, sudoers.pod:
3736 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
3741 use __signed char if we are going to assign a negative value since
3742 on Power, char is unsigned by default
3745 * config.h.in, configure, configure.in:
3746 Add tests for __signed char and signed char.
3750 Fix AIX limit setting. getuserattr() returns values in disk blocks
3751 rather than bytes. The default hard stack size in newer AIX is
3752 RLIM_SAVED_MAX. From Dale King.
3755 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3757 * emul/charclass.h, fnmatch.c, glob.c:
3758 Add character class support to included glob(3) and fnmatch(3).
3761 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3764 Remove UCB advertising clause and some compatibility defines.
3767 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3770 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
3771 or sudo. This allows one to set EDITOR to sudoedit without getting
3772 into an infinite loop of sudoedit running itself until the path gets
3776 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
3777 Add sudoers_locale Defaults option to override the default sudoers
3781 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
3784 Set locale to system default except for during sudoers parse.
3787 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
3790 Redo change in 1.34 to use pointer arithmetic.
3793 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
3796 Fix a dereference (read) of a freed pointer. Reported by Patrick
3800 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
3803 Set locale to "C" to avoid interpretation issues with character
3804 ranges in sudoers. May want to make the locale a sudoers option in
3808 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
3811 we no longer use setproctitle
3818 * LICENSE, mkstemp.c:
3819 Use my replacement mkstemp() from the mktemp package.
3822 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
3825 regen with yacc skeleton bug fixed
3829 Remove duplicate "as root". From Martin Toft.
3832 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
3834 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
3835 Flesh out the fake passwd entry used for running commands as a uid
3836 not listed in the passwd database. Fixes an issue with some PAM
3840 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
3843 Error out in -i mode if the user has no shell. This can happen when
3844 running commands as a uid with no password entry.
3847 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
3850 Better fix for line continuation inside double quotes. Now accepts
3851 whitespace between the backslash and the newline like the main
3855 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
3858 Fix line continuation in strings. It was only being honored if
3859 preceded by whitespace.
3862 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3864 * config.h.in, configure, configure.in, logging.c:
3865 Replace the double fork with a fork + daemonize.
3868 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
3871 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
3874 * logging.c, sudo.c, sudo_edit.c, visudo.c:
3875 Change how the mailer is waited for. Instead of having a SIGCHLD
3876 handler, use the double fork trick to orphan the child that opens
3877 the pipe to sendmail. Fixes a problem running su on some Linux
3881 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
3883 * configure, configure.in:
3884 Fix configure test for dirfd() on Linux where DIR is opaque.
3887 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
3890 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
3891 this problem we'll need to revisit this again.
3894 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
3897 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
3898 we only block the signal it may be delivered later when we unblock.
3899 Also, there is no need to block SIGCHLD since we no longer do the
3900 double fork. The normal SIGCHLD handler is sufficient.
3903 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
3905 * configure, configure.in:
3906 Add description for NO_PAM_SESSION, from a redhat patch.
3909 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
3911 * sudo.cat, sudo.man.in, sudo.pod:
3912 Fix typos in -i usage
3915 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
3917 * configure, configure.in:
3918 Redo the test for dgettext() in a way that hopefully will work
3919 around the libintl_dgettext() undefined problem.
3922 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
3924 * schema.ActiveDirectory:
3925 change filename in comment
3928 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
3930 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
3932 Reference schema.ActiveDirectory
3935 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
3937 * schema.OpenLDAP, schema.iPlanet:
3938 Mark sudoRunAs as deprecated.
3941 * schema.ActiveDirectory:
3942 add sudoRunAsUser and sudoRunAsGroup
3945 * schema.ActiveDirectory:
3946 Active Directory schema by Chantal Paradis and Eric Paquet
3949 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
3952 remove an XXX that was fixed
3960 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
3961 fixes a problem where the tag value printed was influenced by
3962 defaults set in the first pass through the parser.
3965 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
3967 * Makefile.in, sudo.psf:
3968 No point in packaging the TODO file
3975 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
3977 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
3978 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
3979 Add env_file Defaults option that is similar to /etc/environment on
3983 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
3985 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
3986 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
3987 version.h, visudo.cat, visudo.man.in:
3988 change version to 1.7.0
3992 initial valgrind pass done
3995 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
3998 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
4001 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
4004 define LDAPS_PORT if the system headers do not
4007 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
4010 Fix another memory leak in init_parser().
4013 * configure, configure.in:
4014 There was a missing space before the ldap libs in SUDO_LIBS for some
4018 * alias.c, gram.c, gram.y, toke.c, toke.l:
4019 Clean up some memory leaks pointed out by valgrind.
4022 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
4025 fix "sudo -s" broken by mode/flags breakout
4028 * configure, configure.in:
4029 remove duplicate check for dgettext
4032 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
4035 Fall back to default stanza if no user-specific limit is found.
4038 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
4041 include stdint.h if present
4045 Use LLONG_MAX, not the old QUAD_MAX
4048 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
4054 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
4060 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
4066 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
4077 Split MODE_* defines into primary and flags.
4080 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
4083 It turns out the logic for getting AIX limits is more convoluted
4084 than I realized and differs depending on whether the soft and/or
4085 hard limits are defined.
4088 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
4090 * Makefile.in, configure, configure.in:
4091 Back out AIX-specific change to set the sudo_noexec path to the .a
4092 file, we do really want to use the .so file. Since libtool doesn't
4093 do that correctly, just install the .so file ourselves in the
4098 If the file given to install is a path, only use the basename of the
4099 file when building the destination path.
4102 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
4105 parse_args() cleanup: Sort command line options in the getopt()
4106 switch The -U option requires a parameter Normalize a few ISSET
4107 calls Split mode into mode and flags and retire the now-obsolete
4111 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
4113 Add -n (non-interactive) flag.
4117 Move version printing, etc. into a separate function.
4121 Don't try to cleanup nsswitch if it has not been initialized.
4124 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
4127 Block SIGPIPE in send_mail() so sudo is not killed by a problem
4128 executing the mailer.
4131 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
4133 * configure, configure.in:
4134 AIX shared libs end in .a, not .so.
4137 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
4140 Preserve HOME by default too. Matches documentation and previous
4144 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
4147 Use getopt() to parse the command line. We need to be able to
4148 intersperse env variables and options yet still honor "--"" which
4149 complicates things slightly.
4152 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
4158 * acsite.m4, configure, ltmain.sh:
4159 update to libtool-1.5.26
4162 * config.guess, config.sub:
4163 update from libtool-1.5.26 distribution
4167 attempt to fix compilation errors on AIX
4171 fix typo in last commit
4175 Add WHATSNEW file to the distribution
4179 use warningx instead of fprintf(stderr, ...)
4183 add DEBUG to list2tq
4194 * Makefile.in, aix.c, config.h.in, configure, configure.in,
4195 set_perms.c, sudo.h:
4196 Add aix_setlimits() to set resource limits on AIX using a
4197 combination of getuserattr() and setrlimit(). Currently untested.
4200 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
4202 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
4203 sudoers.man.in, sudoers.pod:
4204 Add mailfrom Defaults option that sets the value of the From: field
4205 in the warning/error mail. If unset the login name of the invoking
4210 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
4214 When adding a default, only call list2tq() once to do the list to tq
4215 conversion. It is not legal to call list2tq multiple times on the
4216 same list since list2tq consumes and modifies the list argument.
4219 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4220 comment out XXXs for now
4227 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
4230 Error out if both -A and -S are specified Error out if -A is
4231 specified but no askpass is configured
4234 * configure, configure.in:
4235 we are not going to ship a sudo-specific askpass
4238 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
4241 fix definition of TGP_ASKPASS
4244 * def_data.c, def_data.in:
4245 make askpass boolean-capable
4249 document --with-askpass
4252 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4253 sudoers.man.in, visudo.cat:
4257 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4259 * sudo.pod, sudo_usage.h.in, sudoers.pod:
4260 document -A and askpass
4263 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
4264 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
4265 sudo_usage.h.in, tgetpass.c:
4266 Add support for running a helper program to read the password when
4267 no tty is present (or when specified with the -A flag). TODO: docs.
4270 * def_data.c, def_data.in:
4271 add missing printf format to SELinux role and type strings
4274 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
4276 * INSTALL, configure, configure.in:
4277 Disable use of gss_krb5_ccache_name() by default and add
4278 --enable-gss-krb5-ccache-name configure option to enable it. It
4279 seems that gss_krb5_ccache_name() doesn't work properly with some
4280 combinations of Heimdal and OpenLDAP.
4283 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
4286 Ignore setexeccon() failing in permissive mode. Also add a call to
4287 setkeycreatecon() (though this is probably insufficient). From Dan
4292 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
4293 function may be called for non-password reading purposes so we must
4294 be careful not to use def_prompt in cases where it may not be set.
4297 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
4300 Don't free the new tty context, we need to keep it around when we
4301 restore the tty context after the command completes
4304 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
4310 * sudo.man.pl, sudo.pod:
4311 Only put login_cap(3) in SEE ALSO section if we have login.conf
4315 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
4317 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4318 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4323 Substitute in comment characters for lines partaining to login.conf,
4324 BSD auth and SELinux and only enable them if pertinent.
4328 Substitute in comment characters for lines partaining to login.conf,
4329 BSD auth and SELinux and only enable them if pertinent.
4333 Substitute in comment characters for lines partaining to login.conf,
4334 BSD auth and SELinux and only enable them if pertinent.
4338 Substitute in comment characters for lines partaining to login.conf,
4339 BSD auth and SELinux and only enable them if pertinent.
4342 * Makefile.in, configure, configure.in:
4343 Substitute in comment characters for lines partaining to login.conf,
4344 BSD auth and SELinux and only enable them if pertinent.
4347 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
4348 Remove the =cut on the first line (above the copyright notice) to
4349 quiet pod2man. Also remove the hackery in the FILES section and
4350 just deal with the fact that there will a newline between each
4354 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
4357 run sudo.man.pl when generating sudo.man.in
4360 * configure, configure.in, sudo.man.pl:
4361 comment out SELinux manual bits unless --with-selinux was specified
4365 document role and type defaults for SELinux
4368 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
4369 Document "sudo -ll" and make "sudo -l -l" be equivalent.
4372 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
4374 * configure, configure.in:
4375 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
4376 Debian GNU/kFreeBSD.
4379 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
4382 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
4386 * logging.c, logging.h, sudo.c:
4387 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
4388 log_auth() into log_allowed() and log_denial() Replace mail_auth()
4389 with should_mail() and a call to send_mail()
4392 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
4395 Add debugging so we can tell if the krb5 ccache is accessible
4399 mention --with-selinux
4402 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4412 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
4413 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
4414 testsudoers.c, toke.c, toke.l:
4415 Add support for SELinux RBAC. Sudoers entries may specify a role
4416 and type. There are also role and type defaults that may be used.
4417 To make sure a transition occurs, when using RBAC commands are
4418 executed via the new sesh binary. Based on initial changes from Dan
4423 Add support for SELinux RBAC. Sudoers entries may specify a role
4424 and type. There are also role and type defaults that may be used.
4425 To make sure a transition occurs, when using RBAC commands are
4426 executed via the new sesh binary. Based on initial changes from Dan
4430 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
4431 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
4432 pathnames.h.in, selinux.c:
4433 Add support for SELinux RBAC. Sudoers entries may specify a role
4434 and type. There are also role and type defaults that may be used.
4435 To make sure a transition occurs, when using RBAC commands are
4436 executed via the new sesh binary. Based on initial changes from Dan
4440 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
4442 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
4443 Add long list (sudo -ll) support for printing verbose LDAP and
4444 sudoers file entries. Still need to update manual.
4447 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
4449 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
4450 Unify the -l output for file and ldap based sudoers and use lbufs
4451 for both. The ldap output does not currently include options that
4452 cannot be represented as tags. This will be remedied in a long list
4453 output mode to come.
4456 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
4459 Use a specific error message for errno == EAGAIN when setuid() et al
4460 fails. On Linux systems setuid() will fail with errno set to EAGAIN
4461 if changing to the new uid would result in a resource limit
4466 Unlimit nproc on Linux systems where calling the setuid() family of
4467 syscalls causes the nroc resource limit to be checked. The limits
4468 will be reset by pam_limits.so when PAM is used. In the non-PAM
4469 case the nproc limit will remain unlimited but there doesn't seem to
4470 be a way around that other than having sudo parse
4471 /etc/security/limits.conf directly.
4474 * env.c, sudo.c, sudo.pod:
4475 Only read /etc/environment on Linux and AIX
4478 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
4480 * configure, configure.in:
4481 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
4482 ldap.conf and ldap.secret paths from going into config.h. Avoid
4483 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
4484 since in some versions of bash they will end up literally in the
4488 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
4491 mention --with-nsswitch=no
4494 * configure, configure.in:
4495 ldap_ssl.h depends on ldap.h being included first
4498 * config.h.in, configure, configure.in, ldap.c:
4499 Include ldap_ssl.h if we can find it. Needed for the
4500 ldapssl_set_strength defines on HP-UX at least.
4511 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4512 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4517 Use 78n line length when formatting cat pages.
4521 Remove redundant info that is now in sudoers.ldap.pod
4524 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
4526 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4527 Reorganize the first section a bit. Substitute the proper path for
4531 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4532 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
4533 schema into EXAMPLES
4536 * configure, configure.in:
4537 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
4541 * configure, configure.in:
4542 substitute for sudoers.ldap.man
4546 Fix cut & pasto introduced when adding sudoers.ldap man page.
4549 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4550 Fill in some of the missing pieces. Still needs some reorganization
4554 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
4556 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
4558 Beginnings of a sudoers.ldap man page. Currently, much of the
4559 information is adapted from README.LDAP.
4562 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
4565 When copying gr_mem we must guarantee that the storage space for
4566 gr_mem is properly aligned. The simplest way to do this is to
4567 simply store gr_mem directly after struct group. This is not a
4568 problem for gr_passwd or gr_name as they are simple strings.
4572 Fix a typo/thinko in one of the calls to
4573 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
4576 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
4578 * config.h.in, configure, configure.in, ldap.c:
4579 include <mps/ldap_ssl.h> in ldap.c if available
4582 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
4585 Make sure we define SIZE_MAX for yacc's skeleton.c
4589 Use TCSAFLUSH when restoring terminal settings (and echo) to
4590 guarantee that any pending output is discarded
4593 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
4596 no longer need to specify SETENV when user has sudo ALL
4600 sync user_args size calculation with sudo.c Add -g group option,
4601 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
4606 Make set_runaspw static void
4609 * testsudoers.c, visudo.c:
4610 g/c set_runaspw stub
4613 * configure, configure.in:
4614 Don't add -llber twice.
4617 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
4623 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
4629 * configure, configure.in:
4630 Fix check that determines whether -llber is required.
4633 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
4634 For netscape-based LDAP, use ldapssl_set_strength() to implement the
4635 checkpeer ldap.conf option.
4639 Delay krb5_cc_initialize() until we actually need to use the cred
4640 cache, which is what krb5_verify_user() does. Better cleanup on
4644 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
4647 Rewrite verify_krb_v5_tgt() based on what heimdal's
4648 krb5_verify_user() does.
4651 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
4654 The U suffix on constants is an ANSI feature
4657 * configure, configure.in:
4658 Add check for ber_set_option() in -llber
4661 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
4664 default if no nsswitch.conf is files only
4667 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
4670 don't tell people to mail aaron about LDAP stuff
4674 timelimit and bind_timelimit
4682 Move ldap.secret reading into a separate function.
4686 user_runas -> runas_pw
4689 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
4695 * check.c, sudo.pod, sudoers.pod:
4696 Add and document the %p escape in the password prompt. Based on a
4697 patch from Patrick Schoenfeld.
4701 Check strlcpy() return values.
4705 refactor ldap binding code into sudo_ldap_bind_s()
4709 Make it clear that host and uri can take multiple parameters. URI is
4710 now supported for more than just openldap nsswitch.conf does't
4715 comment cleanup and update (c) year
4718 * parse.c, sudo_nss.c:
4719 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
4720 This should make it possible to build an LDAP-only sudo binary.
4723 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
4724 Improve chaining of multiple sudoers sources by passing in the
4725 previous return value to the next in the chain
4729 Free up parser data structures in sudo_file_close().
4733 Free up parser data structures in sudo_file_close().
4737 Parse uri ourself if no ldap_initialize() is present Use
4738 ldap_create() instead of deprecated ldap_init() Use
4739 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
4742 * config.h.in, configure, configure.in:
4743 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
4747 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
4749 * config.h.in, configure, configure.in:
4750 add check for ldap_create
4753 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
4755 * config.h.in, configure, configure.in, ldap.c:
4756 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
4757 dn using the mechanism appropriate for the LDAP SDK in use. Use
4758 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
4759 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
4766 * config.h.in, configure.in:
4767 fix typo in mtim_getnsec
4770 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
4772 * config.h.in, configure, configure.in:
4773 add check for st__tim in struct stat as used by SCO
4777 use ldap_search_ext_s instead of deprecated ldap_search_s
4780 * Makefile.in, TODO, sudo.cat, sudo.man.in:
4781 add sudo_nss.h to HDRS
4785 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
4789 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
4792 Use ldap_get_values_len()/ldap_value_free_len() instead of the
4793 deprecated ldap_get_values()/ldap_value_free().
4804 * gettime.c, sudo.c:
4805 Remove some already fixed XXXs
4809 Same return value as non-existent sudoers if LDAP was unable to
4814 mention /etc/environment
4817 * README.LDAP, UPGRADE, WHATSNEW:
4818 Update to reflect recent developments.
4822 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
4826 When building up a query don't list groups in the aux group vector
4827 that are the same as the passwd file group. On most systems the
4828 first gid in the group vector is the same as the passwd entry gid.
4832 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
4833 ldaprc and system defaults that could affect how LDAP works.
4836 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
4837 sudo_nss.c, sudo_nss.h:
4838 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
4839 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
4840 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
4841 file and --with-ldap-secret-file
4845 Honor def_ignore_local_sudoers
4848 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
4851 no longer need to check def_ignore_local_sudoers here
4855 Refactor group vector resetting into a function and also call it
4856 from display_cmnd. Stop after the first sucessful match in
4857 display_cmnd. Print a newline between each display_privs method.
4861 fix double free introduced in rev 1.218
4865 belt and suspenders; zero out result after freeing it
4868 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
4869 Refactor line reading into a separate function, sudo_parseln(),
4870 which removes comments, leading/trailing whitespace and newlines.
4871 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
4875 Make the inability to read the sudoers file a non-fatal error if
4876 there are other sudoers sources available. sudoers_file_lookup now
4877 returns "not OK" if sudoers was not present
4881 make it clear that the global options are from LDAP
4885 allocate proper amount of space for error string
4888 * sudo_nss.c, sudo_nss.h:
4889 actual sudo nss code
4892 * ldap.c, parse.c, sudo.c, sudo.h:
4893 nss-ify display_privs and display_cmnd.
4896 * defaults.c, parse.c, testsudoers.c, visudo.c:
4897 move update_defaults() to parse.c
4900 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
4901 Use nsswitch to hide some sudoers vs. ldap implementation details
4902 and reduce the number of #ifdef LDAP TODO: fix display routines and
4906 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
4908 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
4909 First cut at nsswitch.conf support. Further reorganizaton and
4910 related changes are forthcoming.
4913 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
4915 * env.c, pathnames.h.in, sudo.c, sudo.h:
4916 Add support for reading and /etc/environment file. Still needs to
4917 be documented and should probably only applies to OSes that have it
4918 (AIX and Linux, maybe others).
4925 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
4931 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
4938 Add an example sudoRole, clarify netscape vs. openldap a bit more
4942 Be clear on what is OpenLDAP vs. Netscape-derived
4945 * config.h.in, configure, configure.in, ldap.c:
4946 Use ldapssl_init() for ldaps support instead of trying to do it
4947 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
4948 and tls_key for cert7.db and key3.db respectively. Don't print
4949 debugging info for options that are not set. Add warning if
4950 start_tls specified when not supported.
4954 fix compilation on solaris
4958 add missing .h and .c files for missing lib objs
4961 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
4964 fix LDAP_OPT_NETWORK_TIMEOUT setting
4968 fix compilation on Solaris
4971 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
4973 * configure, configure.in:
4978 try to clear up which variables are for OpenLDAP and which are for
4979 netscape-derived SDKs
4982 * config.h.in, configure, configure.in, ldap.c:
4983 Add support for "ssl on" in both netscape and openldap flavors. Only
4984 the OpenLDAP flavor has been tested.
4987 * logging.c, sudo.c, sudo.h:
4988 Call cleanup() before exit in log_error() instead of calling
4989 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
4996 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
4998 * logging.c, sudo.c, sudo.h:
4999 Better ldap cleanup.
5003 Distinguish between LDAP conf settings that are connection-specific
5004 (which take an ld pointer) and those that are default settings
5008 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
5011 Improved warnings on error.
5015 Make ldap config table driven and set the config *after* we open the
5019 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
5022 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
5025 * configure, configure.in:
5026 some operating systems need to link with -lkrb5support when using
5030 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
5036 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
5040 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
5046 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
5047 add -g support for LDAP
5050 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
5052 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
5053 The -i and -s flags can now take an optional command.
5056 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
5058 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
5060 Add passprompt_override flag to sudoers that will cause the prompt
5061 to be overridden in all cases. This flag is also set when the user
5062 specifies the -p flag.
5066 Move setting of login class until after sudoers has been parsed. Set
5067 NewArgv[0] for -i after runas_pw has been set.
5070 * configure, configure.in:
5071 Move the dgettext check.
5074 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
5076 * auth/pam.c, config.h.in, configure, configure.in:
5077 Add basic support for looking up the string "Password: " in the PAM
5078 localized text db. This allows us to determine whether the PAM
5079 prompt is the default "Password: " one even if it has been
5082 TODO: concatenate non-std PAM prompts and user-specified sudo
5086 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
5088 * Makefile.in, config.h.in, configure, configure.in, parse.c,
5089 set_perms.c, sudo.c, sudo.h:
5090 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
5094 * acsite.m4, configure, interfaces.c, memrchr.c:
5095 Fix typos; Martynas Venckus
5098 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
5101 Don't assume runas_pw is set; it may not be in the -g case.
5104 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
5106 * logging.c, set_perms.c:
5107 Set aux group vector for PERM_RUNAS and restore group vector for
5108 PERM_ROOT if we previously changed it. Stash the runas group vector
5109 so we don't have to call initgroups more than once. Also add no-op
5110 check to check_perms.
5113 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
5115 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
5116 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
5117 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
5118 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
5119 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
5120 Add support for runas groups. This allows the user to run a command
5121 with a different effective group. If the -g option is specified
5122 without -u the command will be run as the current user (only the
5123 group will change). the -g and -u options may be used together.
5124 TODO: implement runas group for ldap improve runas group
5125 documentation add testsudoers support
5128 * configure, configure.in:
5129 fix setting of mandir
5132 * sudo.pod, sudoers.pod:
5133 document that ALL implies SETENV
5137 s/setenv_ok/setenv_implied/g
5141 hostname_matches() returns TRUE on match in sudo 1.7.
5145 use strcmp, not strcasecmp when comparing ALL
5149 Make sudo ALL imply setenv. Note that unlike with file-based
5150 sudoers this does affect all the commands in the sudoRole.
5153 * gram.c, gram.y, parse.c, parse.h:
5154 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
5155 it is not passed on to other commands in the list.
5159 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
5160 sudo_getpwuid() instead of getpwuid().
5163 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
5166 Expand on the dangers of not using visudo to edit sudoers.
5169 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5172 Don't quote *?[]! on output since the lexer does not strip off the
5173 backslash when reading those in.
5176 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
5179 expand "u_foo" types to "unsigned foo" to avoid compatibility
5183 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
5186 Refactor log line generation in to new_logline().
5189 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
5195 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
5197 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
5199 Add configure check for struct in6_addr instead of relying on
5200 AF_INET6 since some systems define AF_INET6 but do not include IPv6
5204 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
5206 * configure, configure.in:
5207 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
5211 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
5213 * configure, configure.in:
5214 POSIX states that struct timespec be declared in time.h so check
5215 there regardless of the value of TIME_WITH_SYS_TIME.
5218 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
5221 Instead of defining a macro to call the appropriate method for
5222 turning on/off echo, just define tc[gs]etattr() and the related
5223 defines that use the correct terminal ioctls if needed. Also go back
5224 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
5227 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
5237 * INSTALL, auth/pam.c, config.h.in, configure.in:
5238 Add --disable-pam-session configure option to disable calling
5239 pam_{open,close}_session. May work around bugs in some PAM
5243 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
5250 Avoid printing the prompt if we are already backgrounded. E.g. if
5251 the user runs "sudo foo &" from the shell. In this case, the call
5252 to tcsetattr() will cause SIGTTOU to be delivered.
5255 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
5257 * def_data.c, def_data.h, def_data.in:
5258 Reorder things such that the definition of env_reset come right
5259 before the env variable lists.
5263 Shrink type and seqno in struct alias from int to u_short
5266 * alias.c, match.c, parse.c, parse.h:
5267 Add a sequence number in the aliases for loop detection. If we find
5268 an alias with the seqno already set to the current (global) value we
5269 know we've visited it before so ignore it.
5272 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
5274 * TODO, auth/pam.c, sudo.c, sudo.h:
5275 PAM wants the full tty path so add user_ttypath which holds the full
5276 path to the tty or is NULL if no tty was present.
5280 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
5284 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
5290 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
5291 parse.h, testsudoers.c, visudo.c:
5295 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
5298 remove some useless casts
5302 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
5303 predates the final C99 spec and the standard specifies that it shall
5304 include stdint.h anyway
5307 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
5309 * Makefile.in, alloca.c, configure.in:
5310 Since we ship with a pre-generated parser there is no need to ship a
5311 bogus alloca implementation.
5319 remove initial setting of CHECKSIA, we require that it be unset if
5332 only do SIA checks on Digital Unix
5335 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
5337 * sudoers.cat, sudoers.man.in:
5346 Remove call to krb5_cc_register() as it is not needed for modern
5354 * aclocal.m4, configure.in:
5355 New method for setting the default authentication type and avoiding
5356 conflicts in auth types.
5359 * match.c, parse.c, testsudoers.c:
5360 Each entry in a cmndlist now has an associated runaslist so no need
5361 to keep track of the most recent non-NULL one.
5364 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
5367 back out partial ldaps support mistakenly committed
5371 Add support for unix groups and netgroups in sudoRunas
5374 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
5377 Fix sudoedit of a non-existent file. From Tilo Stritzky.
5380 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
5387 update --passprompt escape info
5391 remove now-bogus comment and update copyright date
5395 Fix up use of with_passwd
5398 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
5399 Update to autoconf-2.61 andf libtool-1.5.24
5403 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
5406 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
5413 move tags and runaslist propagation to be earlier
5417 If -f flag given use the permissions of the original file as a
5422 prevent a double free() when re-initing the parser
5425 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
5431 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
5432 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
5433 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
5434 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
5435 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
5436 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
5437 Remove support for compilers that don't support void *
5444 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
5445 parse.c, parse.h, testsudoers.c, visudo.c:
5446 Move list manipulation macros to list.h and create C versions of the
5447 more complex ones in list.c. The names have been down-cased so they
5448 appear more like normal functions.
5452 Fix cmp command when regenerating parser. Make gram.o the first
5453 dependency for all programs so gram.h will be generated before
5454 anything that needs it.
5458 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
5461 * match.c, parse.c, testsudoers.c:
5462 Use LH_FOREACH_REV when checking permission and short-circuit on the
5463 first non-UNSPEC hit we get for the command. This means that
5464 instead of cycling through the all the parsed sudoers entries we
5465 start at the end and work backwards and quit after the first
5466 positive or negative match.
5473 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
5474 Change list head macros to take a pointer, not a struct.
5482 Propagate the runasspec from one command to the next in a cmndspec.
5485 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
5488 Replace has_meta() with a macro that calls strpbrk().
5494 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
5495 testsudoers.c, visudo.c:
5496 Use a list head struct when storing the semi-circular lists and
5497 convert to tail queues in the process. This will allow us to
5498 reverse foreach loops more easily and it makes it clearer which
5499 functions expect a list as opposed to a single member.
5501 Add macros for manipulating lists. Some of these should become
5504 When freeing up a list, just pop off the last item in the queue
5505 instead of going from head to tail. This is simpler since we don't
5506 have to stash a pointer to the next member, we always just use the
5507 last one in the queue until the queue is empty.
5509 Rename match functions that take a list to have list in the name.
5510 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
5514 Fix pasto, append "!" not negated (which is an int) for sudo -l
5519 Remove the dependency of gram .h on gram.y, the .c dependency is
5520 enough. Only move y.tab.h to gram.h if it is different; avoids
5521 needless rebuilding.
5524 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
5527 Defaults lines may be associated with lists of users, hosts,
5528 commands and runas users, not just single entries.
5531 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
5534 Revert the "cmp" portion of the last diff, it doesn't make sense.
5538 Remove *.lo for clean: When generating the parser, only move the
5539 generated files into place if they differ from the existing ones.
5542 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
5545 Replace IPV6 regexp with a much simpler (readable) one and add an
5546 extra check when it matches to make sure we have a valid address.
5550 Fix thinko introduced when merging IPV6 support.
5553 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
5564 mention #uid vs. comment pitfall
5568 Merge in a patch from the libtool cvs that fixes a problem with the
5569 latest autoconf. From Stepan Kasal.
5573 Back out he XOR swap trick, it is slower than a temp variable on
5582 Convert the tail queue to a semi-circle queue and use the XOR swap
5583 trick to swap the prev pointers during append.
5586 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
5589 remove useless statement
5593 Refactor #include parsing into a separate function and return
5594 unparsed chars (such as newline or comment) back to the lexer.
5597 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
5600 mention better uid support
5604 Users may now consist of a uid.
5607 * gram.c, gram.h, toke.c:
5612 Use lbuf_append_quoted() for sudo -l output to quote characters that
5613 would require quoting in sudoers.
5617 Add lbuf_append_quoted() which takes a set of characters which
5618 should be quoted with a backslash when displayed.
5622 Require that the first character after a comment not be a digit or a
5623 dash. This allows us to remove the GOTRUNAS state and treat
5624 uid/gids similar to other words. It also means that we can now
5625 specify uids in User_Lists and a User_Spec may now contain a uid.
5629 Replace RUNAS token with '(' and ')' tokens to make the runas
5630 portion of the grammar more natural.
5634 The BUGS file is history
5637 * Makefile.in, README:
5638 The BUGS file is history
5641 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
5644 Allow comments after a RunasAlias as long as the character after the
5645 pound sign isn't a digit or a dash.
5649 Glob support was back-ported to 1.6.9
5652 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
5655 remove sudo_usage.h in distclean
5659 If a Defaults value contains a blank, double-quote the string.
5663 Properly deal with Defaults double-quoted strings that span multiple
5664 lines using the line continuation char. Previously, the entire
5665 thing, including the continuation char, newline, and spaces was
5670 Be consistent when using single quotes and backticks.
5673 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
5675 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
5676 sudo.c, sudo_usage.h.in:
5677 Add new linebuf code to do appends of dynamically allocated strings
5678 and word-wrapped output. Currently used for sudo's usage() and sudo
5679 -l output. Sudo usage strings are now in sudo_usage.h which is
5680 generated at configure time.
5683 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
5685 * parse.c, sudo.c, sudo.h:
5686 Fix line wrapping in usage() and use the actual tty width instead of
5690 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
5697 Mentioned Chris Jepeway's parser and also the new one that is in
5701 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
5703 * sudo.pod, visudo.pod:
5704 For the options list, add flag args where appropriate and increase
5705 the indent level so there is room for them.
5708 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
5711 Fix some spacing in "sudo -l" and add a comment about some bogosity
5712 in the line wrapping.
5715 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
5720 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
5721 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
5722 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
5723 testsudoers.c, toke.c, toke.l:
5724 Remove monitor support until there is a versino of systrace that
5725 uses a lookaside buffer (or we have a better mechanism to use).
5728 * config.h.in, configure, configure.in, sudo.c:
5729 use getaddrinfo() instead of gethostbyname() if it is available
5732 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
5735 Deal with OSes where sizeof(gid_t) < sizeof(int).
5739 repair non-getifaddrs() code after ipv6 integration
5743 If we can open sudoers but fail to read the first byte, close the
5744 file stream before trying again.
5747 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
5753 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
5754 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
5757 * sudo.pod, sudoers.pod, visudo.pod:
5758 Add some missing markup Update copyright
5761 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
5763 * configure, configure.in:
5764 fix sudo_noexec extension which got broken in the libtool update
5767 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
5770 explicitly specify -Tascii to nroff
5773 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
5776 remove an ANSI-ism that crept in
5779 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
5782 Adjust list indents Prevent -- from being turned into an em dash Use
5783 a list for the environment instead of a literal paragraph
5787 Use a list for the environment instead of an indented literal
5792 Adjust list indentation
5799 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
5802 mention that when specifying a uid for the -u option the shell may
5803 require that the # be escaped
5806 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
5809 Fix off by one in group matching.
5812 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
5815 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
5818 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
5820 * configure, configure.in:
5821 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
5825 * aclocal.m4, configure, configure.in:
5826 Fix link tests such that new gcc doesn't optimize away the test.
5829 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
5831 * sudo.pod, sudoers.pod, visudo.pod:
5832 add missing over/back
5835 * sudo.pod, sudoers.pod, visudo.pod:
5836 Change FILES section to use =item
5840 Add back allocation of the env struct in rebuild_env but save a copy
5841 of the old pointer and free it before returning.
5845 Don't init the private environment in rebuild_env() since it may
5846 have already been done implicitly sudo_setenv/sudo_unsetenv.
5848 Multiply length by sizeof(char *) in memcpy/memmove when copying the
5849 environment so we copy the full thing.
5851 Add missing set of parens so we deref the right pointer in
5852 sudo_unsetenv when searching for a matching variable.
5855 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
5857 * sudo.pod, sudoers.pod, visudo.pod:
5858 Use file markup for paths in the FILES section
5861 * sudo.pod, sudoers.pod, visudo.pod:
5862 Don't capitalize sudo/visudo
5866 Sort sudoers options; based on a diff from Igor Sobrado.
5869 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
5871 * sudo.pod, sudoers.pod, visudo.pod:
5872 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
5873 latter confuses pod2man. The Makefile rules for the .man.in file
5874 will add @mansectsu@ and @mansectform@ back in after pod2man is done
5878 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
5880 * LICENSE, Makefile.in, license.pod:
5881 Move license info to pod format
5884 * configure, configure.in, sudoers.pod:
5885 Substitute value of path_info into sudoers man page.
5889 remove features that were back-ported to 1.6.9
5892 * sudo.c, sudo.pod, visudo.c, visudo.pod:
5893 Sort SYNOPSIS and sync usage. From Igor Sobrado.
5897 Only need sudo_setenv/sudo_unsetenv if we are going to use
5898 ldap_sasl_interactive_bind_s() but don't have
5899 gss_krb5_ccache_name().
5903 rebuild without branch info
5907 Add ChangeLog target
5911 Run cleanup code if the user hits ^C at the password prompt.
5915 Some versions of pam_lastlog have a bug that will cause a crash if
5916 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
5920 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
5923 ChageLog not Changelog
5938 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
5940 * config.h.in, configure, configure.in, ldap.c:
5941 Add configure hooks for gss_krb5_ccache_name() and the gssapi
5945 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
5948 rebuild_env() and insert_env_vars() no longer return environment
5949 pointer, they set environ directly.
5951 No longer need to pass around an envp pointer since we just operate
5954 Add dosync argument to insert_env() that indicates whether it should
5955 reset environ when realloc()ing env.envp.
5957 Use an initial size of 128 for the environment.
5961 Split sudo_setenv() into an external version and a version only for
5962 use by rebuild_env().
5965 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
5968 Add support for using gss_krb5_ccache_name() instead of setting
5969 KRB5CCNAME. Also use sudo_unsetenv() in the non-
5970 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
5971 original environment. TODO: configure setup for
5972 gss_krb5_ccache_name()
5979 * README.LDAP, ldap.c:
5980 Add support for sasl_secprops in ldap.conf
5984 Add sudo_unsetenv() and refactor private env syncing code into
5988 * README.LDAP, ldap.c:
5989 The ldap.conf variable is sasl_auth_id not sasl_authid.
5992 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
5994 * ldap.c, sudo.c, sudo.h:
5995 Add support for krb5_ccname in ldap.conf. If specified, it will
5996 override the default value of KRB5CCNAME in the environment for the
5997 duration of the call to ldap_sasl_interactive_bind_s().
6001 Remove format_env() Add sudo_setenv() to replace most format_env() +
6002 insert_env() combinations. insert_env() no longer takes a struct
6007 Fix use_sasl vs. rootuse_sasl logic.
6010 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
6011 Add support for SASL auth when connecting to an LDAP server. Adapted
6012 from a diff by Tom McLaughlin.
6015 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
6017 * configure, configure.in:
6018 Only enable AIX or BSD auth if no other exclusive auth method has
6019 been chosen. Allows people to e.g., use PAM on AIX without adding
6020 --without-aixauth. A better solution is needed to deal with default
6021 authentication since if a non-exclusive method is chosen we will
6025 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
6027 * HISTORY, Makefile.in, history.pod:
6028 Generate HISTORY from history.pod (which is also used for web pages)
6031 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
6033 * sudo.man.in, sudoers.man.in:
6038 Better explanation of environment handling in the sudo man page.
6042 Defer setting user-specified env vars until after authentication.
6046 honor def_default_path for PATH set on the command line
6049 * env.c, sudo.c, sudo.pod, sudoers.pod:
6050 Allow user to set environment variables on the command line as long
6051 as they are allowed by env_keep and env_check. Ie: apply the same
6052 restrictions as normal environment variables. TODO: deal with
6056 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
6058 * sudo.c, sudo_edit.c:
6059 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
6060 Don't allow -E or env var setting in sudoedit mode. More accurate
6061 usage() when called as sudoedit.
6069 add -c option to sudoedit synopsis
6077 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
6078 value from {user,host,runas,cmnd}_matches(). Rename *matches
6079 variables -> *match. Purely cosmetic.
6083 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
6091 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
6094 Make pwcheck local to the pwflag block. Use pwcheck even if user
6095 didn't match since Defaults options may still apply.
6099 Do not update timestamp if user not validated by sudoers.
6103 for PERM_RUNAS, set the egid to the runas user's gid and restore to
6104 the user's original in PERM_ROOT
6107 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
6108 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
6113 don't check timestamp mtime if we are just going to remove it
6117 Move sudoers defaults parameters into their own section.
6121 Reduce a level of indent by a few placed continue statements.
6125 Make matching but negated commands/hosts/runas entries override a
6126 previous match as expected. Also reduce some levels of indent by a
6127 few placed continue statements.
6130 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
6133 Print default runas in "sudo -l" if sudoers don't specify one.
6137 Less hacky way of testing whether the domain was set.
6140 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
6143 Mention pam-devel and openldap-devel for Linux
6146 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
6152 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
6155 fix typo in Solaris project support
6163 Make -- on the command line match the manual page. The implied shell
6164 case has been simplified as a result.
6167 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
6170 add simplistic support for sudoRunas; note that if a sudoers entry
6171 contains multiple Runas users, all will apply to the sudoRole
6175 honor SETENV and NOSETENV tags
6178 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
6181 Redo setting of user_args. We now build up a private copy of argv
6182 first and then replace the NULs?with spaces.
6186 getcwd() returns NULL on failure, not 0 on success
6190 allow chunksiz to reach 1 before erroring out
6193 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
6198 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6200 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
6201 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
6203 Add support for setting environment variables on the command line.
6204 This is only allowed if the setenv sudoers options is enabled or if
6205 the command is prefixed with the SETENV tag.
6209 replace Aaron's email address with the sudo-workers list
6216 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
6218 * schema.OpenLDAP, schema.iPlanet:
6219 Break schema out into separate files.
6222 * Makefile.in, README.LDAP:
6223 Break schema out into separate files.
6226 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
6229 free message if set by authenticate()
6233 deal with NULL gr_mem
6236 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
6243 add template for HAVE_PROJECT_H
6250 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
6253 mention --with-project
6256 * config.h.in, configure.in, sudo.c:
6257 Add Solaris 10 "project" support. From Michael Brantley.
6269 Fix preservation of LDFLAGS in the LDAP case.
6273 Remove dependecy on NULL
6280 * aclocal.m4, configure.in:
6281 Can't use the regular autoconf fnmatch() check since we need
6282 FNM_CASEFOLD so go back to our custom one.
6286 Fix preserving of variables in env_keep.
6294 expand upon env resetting and mention that it began in 1.6.9 not
6299 Update descriptions of env_keep and env_check to match current
6303 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
6306 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
6307 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
6311 Treat USERNAME environemnt variable like LOGNAME/USER
6315 Don't need to populate keepenv table with the contents of the
6320 Don't force sudo into the C locale.
6324 Make env_check apply when env_reset it true. Environment variables
6325 are passed through unless they contain '/' or '%'. There is no need
6326 to have a variable in both env_check and env_keep.
6329 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
6332 Remove an duplicate lock_file() call and add a comment.
6336 Add sudo 1.6.9 upgrade note.
6339 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
6342 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
6343 small. From Klaus Wagner.
6346 * logging.c, sudo.h:
6347 Redo the long syslog line splitting based on a patch from Eygene
6348 Ryabinkin. Include memrchr() for systems without it.
6352 Redo the long syslog line splitting based on a patch from Eygene
6353 Ryabinkin. Include memrchr() for systems without it.
6356 * Makefile.in, config.h.in, configure, configure.in:
6357 Redo the long syslog line splitting based on a patch from Eygene
6358 Ryabinkin. Include memrchr() for systems without it.
6362 Since we need to be able to convert timespec to timeval for utimes()
6363 the last 3 digits in the tv_nsec are not significant. This makes the
6364 sudoedit file date comparison work again.
6367 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
6369 * aclocal.m4, configure, configure.in:
6370 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
6371 This deals with exclusive authentication methods in a simple way.
6374 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
6377 mkstemp.c is BSD code too.
6380 * sudo.pod, sudoers.pod, visudo.pod:
6381 No commercial support for now.
6384 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
6387 cleanenv() is no more.
6390 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
6393 Display branch info in Changelog
6397 Include config.h early so we have it for TIME_WITH_SYS_TIME
6401 Fix Changelog generation and update.
6404 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
6407 Use /proc/self/fd instead of /proc/$$/fd
6409 Move old-style fd closing into closefrom_fallback() and call that if
6410 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
6413 * auth/kerb5.c, config.h.in, configure.in:
6414 o use krb5_verify_user() if available instead of doing it by hand o
6415 use krb5_init_secure_context() if we have it o pass an encryption
6416 type of 0 to krb5_kt_read_service_key() instead of
6417 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
6421 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
6425 Fix closefrom() substitution in the Makefile
6429 Mention alternate sudo pronunciation.
6432 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
6435 Remove KRB5_KTNAME from environment. Allow COLORTERM.
6439 If we cannot get a valid service key using the default keytab it is
6440 a fatal error. Fixes a bug where sudo could be tricked into
6441 allowing access when it should not by a fake KDC. From Thor Lancelot
6445 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
6447 * aclocal.m4, configure, configure.in:
6448 Update long long checks to use AC_CHECK_TYPES and to cache values.
6451 * aclocal.m4, configure.in:
6452 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
6453 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
6457 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
6459 * configure, configure.in:
6460 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
6461 need it for visudo now too.
6464 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6467 Attempt to clarify the bit talking about network numbers w/o
6472 Clarify timestamp dir ownership sentence.
6475 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
6478 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
6482 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6485 -i is also one of the mutually exclusive options to list it in the
6486 warning message. Noted by Chris Pepper.
6489 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
6492 The sudoers variable is env_editor, not enveditor. From Jean-
6496 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
6499 I tracked down the original author so credit him and include his
6503 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
6505 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
6507 Fix typos; from Jason McIntyre.
6511 Restore signal mask before calling reapchild(). Fixes a possible
6512 race condition that could prevent sudo from properly waiting for the
6516 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
6519 Don't declare pw_free() if we are not going to use it.
6523 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
6524 LDR_PRELOAD64. The 64-bit version is not currently supported.
6525 Remove zero_env() prototype as it no longer exists.
6528 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
6531 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
6534 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
6537 If the user enters ^C at the password prompt, abort instead of
6538 trying to authenticate with an empty password (which causes an
6542 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6544 * closefrom.c, config.h.in, configure, configure.in:
6545 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
6550 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
6553 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
6555 * config.guess, config.sub:
6556 Update to latest versions from cvs.savannah.gnu.org
6559 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
6561 * pwutil.c, sudo_edit.c:
6562 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
6563 we can close the passwd/group files early.
6566 * config.h.in, configure, configure.in, set_perms.c:
6567 Add seteuid() flavor of set_perms() for systems without setreuid()
6568 or setresuid() that have a working seteuid(). Tested on Darwin.
6571 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
6574 systrace_read() returns ssize_t
6577 * configure, configure.in:
6578 Fix typo, -lldap vs. -ldap; from Tim Knox.
6581 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6584 Fix typo; Matt Ackeret
6587 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
6590 Print sudoers path in -V mode for root.
6593 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
6596 Do a sub tree search instead of a base search (one level in the tree
6597 only) for sudo right objects. This allows system administrators to
6598 categorize the rights in a tree to make them easier to manage.
6601 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
6607 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
6610 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
6611 bind_timelimit support; adapted from gentoo.
6614 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
6617 Support comments that start in the middle of a line
6620 * configure, configure.in:
6621 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
6624 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
6627 Silence gcc -Wsign-compare; djm@openbsd.org
6630 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
6631 cleanup() now takes an int as an arg so it can be used as a signal
6636 Make a copy of the shell field in the passwd struct for NewArgv to
6637 avoid a use after free situation after sudo_endpwent() is called.
6640 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
6642 * config.h.in, configure, configure.in:
6643 Add mkstemp() for those poor souls without it.
6647 Add mkstemp() for those poor souls without it.
6651 Add mkstemp() for those poor souls without it.
6654 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
6657 Add PERL5DB to list of environment variables to remove.
6660 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
6662 * mon_systrace.c, mon_systrace.h:
6663 Instead of calling the check function twice with a state cookie use
6664 separate check/log functions.
6666 Check more ioctl() calls for failure.
6668 systrace_{read,write} now return the number of bytes read/written or
6673 Add more environment variables to remove; from gentoo linux Add some
6674 comments about what bad env variables go to what (more to do)
6677 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
6679 * sudo.c, sudo_edit.c:
6680 Move sudo_end{gr,pw}ent() until just before the exec since they free
6681 up our cached copy of the passwd structs, including sudo_user and
6682 sudo_runas. Fixes a use-after-free bug.
6686 Close all fd's before executing editor.
6690 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
6694 Fix fd leak when lecture file option is enabled. From Jerry Brown
6697 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
6700 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
6701 environment variables to remove. From Charles Morris
6704 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
6707 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
6710 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
6713 add PS4 and SHELLOPTS to initial_badenv_table for bash
6716 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
6719 Fix typo; Toby Peterson
6722 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
6725 Make return buffers static so they don't get clobbered
6728 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6731 Fix securid5 authentication, was not checking for ACM_OK. Also add
6732 default cases for the two switch()es. Problem noted by ccon at
6736 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
6739 Remove ncat() in favor of just counting bytes and pre-allocating
6743 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
6746 Fix up some comments Add missing fclose() for the rootbinddn case
6750 align struct ldap_config
6754 use LINE_MAX for max conf file line size
6758 add _PATH_LDAP_SECRET
6762 Mention rootbinddn Give example ou=SUDOers container
6765 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
6767 * INSTALL, configure, configure.in, ldap.c:
6768 Support rootbinddn in ldap.conf
6771 * env.c, sudo.pod, sudoers.pod:
6772 Preserve DISPLAY environment variable by default.
6775 * acsite.m4, configure:
6776 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
6779 * acsite.m4, configure:
6780 set need_version=no for all cases; this is safe for LD_PRELOAD
6787 * configure, configure.in:
6792 Fix call to pam_end() when pam_open_session() fails.
6800 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
6801 ltsugar.m4 ltversion.m4
6804 * config.guess, config.sub, ltmain.sh:
6805 merge in local changes: config.guess: o better openbsd support
6806 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
6807 libs must begin with "lib" o don't print a bunch of crap about
6808 library installs o don't run ldconfig
6811 * config.guess, config.sub, ltmain.sh:
6816 Update with autoupdate and make minor changes for libtool 1.9f
6819 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6822 don't call sudo_ldap_display_cmnd if ldap not setup
6825 * sudo_edit.c, visudo.c:
6826 Move declatation of struct timespec to its own include files for
6827 systems without it since it needs time_t defined.
6831 Move declatation of struct timespec to its own include files for
6832 systems without it since it needs time_t defined.
6836 Move declatation of struct timespec to its own include files for
6837 systems without it since it needs time_t defined.
6841 Move declatation of struct timespec to its own include files for
6842 systems without it since it needs time_t defined.
6845 * check.c, compat.h:
6846 Move declatation of struct timespec to its own include files for
6847 systems without it since it needs time_t defined.
6851 Don't set safe_cmnd for the "sudo ALL" case.
6854 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
6857 Call pam_open_session() and pam_close_session() to give pam_limits a
6858 chance to run. Idea from Karel Zak.
6861 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6864 Add explicit cast from mode_t -> u_int in printf to silence warnings
6869 include grp.h to silence a warning on Solaris
6872 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
6875 Fix printing of += and -= defaults.
6878 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
6881 Sanity check number of syscall args with argsize. Not really needed
6882 but a little paranoia never hurts.
6885 * mon_systrace.c, mon_systrace.h:
6886 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
6887 for systrace lengths (since it uses int)
6890 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6893 Add some memsets for paranoia Fix namespace collsion w/ error Check
6894 rval of decode_args() and update_env() Remove improper setting of
6898 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
6900 * parse.c, sudo.c, sudo.h:
6901 In -l mode, only check local sudoers file if def_ignore_sudoers is
6902 not set and call LDAP versions from display_privs() and
6903 display_cmnd() instead of directly from main(). Because of this we
6904 need to defer closing the ldap connection until after -l processing
6905 has ocurred and we must pass in the ldap pointer to display_privs()
6910 Reorganize LDAP code to better match normal sudoers parsing.
6911 Instead of storing strings for later printing in -l mode we do
6912 another query since the authenticating user and the user being
6913 listed may not be the same (the new -U flag). Also add support for
6916 There is still a fair bit if duplicated code that can probably be
6920 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
6923 Replace pass variable with do_netgr for better readability.
6934 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
6937 Add macro to test if the tag changed to improve readability.
6941 Avoid printing defaults header if there are no defaults to print...
6945 Fix a warning on systems without strlcpy().
6949 Use macros where possible for sudo_grdup() like sudo_pwdup().
6952 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
6955 It is possible for tv_usec to hold >= 1000000 usecs so add in
6959 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
6962 The component in krb5_principal_get_comp_string() should be 1, not 0
6963 for Heimdal. From Alex Plotnick.
6966 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
6968 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
6969 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
6970 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
6971 Add efree() for consistency with emalloc() et al. Allows us to rely
6972 on C89 behavior (free(NULL) is valid) even on K&R.
6976 Move initgroups() for -U option into display_privs() so group
6977 matching in sudoers works correctly.
6980 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
6983 Removed duplicate call to ldap_unbind_s introduced along with
6988 Add missing space in Defaults printing
6991 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
6994 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
6998 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
7001 Zero old pw_passwd before replacing with version from shadow file.
7004 * configure, configure.in:
7005 Only attempt shadow password detection if PAM is not being used Add
7006 shadow_* variables to make shadow password detection more generic.
7010 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
7013 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
7016 use a non-breaking space to avoid a double space after e.g.
7020 commna, not colon after e.g.
7023 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
7026 Add __ variants of the exec functions. GNU libc at least uses
7027 __execve() internally.
7031 Match reality a bit more.
7035 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
7039 Store shadow password after making a local copy of struct passwd in
7040 case normal and shadow routines use the same internal buffer in
7044 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
7046 * alloc.c, logging.c:
7047 Make varargs usage consistent with the rest of the code.
7050 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
7053 Wrap more of the exec family since on Linux the others do not appear
7054 to go through the normal execve() path.
7058 make print_unused static like proto says
7062 silence a warning on K&R systems
7066 make this build in K&R land
7070 make this build in K&R land
7073 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
7079 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
7082 return(foo) not return foo optimize _atobool() slightly
7090 Reformat to match the rest of sudo's code.
7094 I am the primary author
7097 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
7099 * Makefile.in, README, RUNSON:
7100 The RUNSON file is toast--it confused too many people and really
7101 isn't needed in a configure-oriented world.
7105 alternate -> alternative
7109 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
7114 Allow leading blanks before Defaults and Foo_Alias definitions
7118 fix rules to build toke.o and gram.o in devel mode
7121 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
7124 env_keep overrides set_logname
7128 Fix disabling set_logname and make env_keep override set_logname.
7131 * compat.h, config.h.in, configure, configure.in:
7132 No longer need memmove()
7136 Just clean the environment once. This assumes that any further
7137 setenv/putenv will be able to handle the fact that we replaced
7138 environ with our own malloc'd copy but all the implementations I've
7142 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
7145 In -i mode, base the value of insert_env()'s dupcheck flag on
7146 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
7149 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
7152 Move setting of user_path, user_shell, user_prompt and prev_user
7153 into init_vars() since user_shell at least is needed there.
7156 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
7163 Fix some printf format mismatches on error.
7167 Fix some printf format mismatches on error.
7170 * configure, gram.c, toke.c:
7174 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
7175 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
7176 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
7177 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
7178 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
7179 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
7180 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
7181 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
7182 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
7183 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
7184 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
7185 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
7186 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
7187 visudo.pod, zero_bytes.c:
7188 Update copyright years.
7191 * Makefile.binary.in:
7192 Update copyright years.
7196 Update copyright years.
7199 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
7204 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
7207 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
7209 * compat.h, logging.h, sudo.h:
7210 Add __printflike and use it with gcc to warn about printf-like
7214 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
7216 * CHANGES, ChangeLog:
7217 Replaced CHANGES file with ChangeLog generated from cvs logs
7221 Use warning/error instead of perror/fatal.
7225 Update OpenBSD section
7229 Add upgrading noted for 1.7
7232 * env.c, sudo.c, sudoers.pod:
7233 Instead of zeroing out the environment, just prune out entries based
7234 on the env_delete and env_check lists. Base building up the new
7235 environment on the current environment and the variables we removed
7239 * config.h.in, configure, configure.in, sudo.c:
7240 Set locale to "C" if locales are supported, just to be safe.
7244 Cast?argument to ctype functions to unsigned char.
7247 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
7250 correct value for DID_USER
7253 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
7254 #include <compat.h> not "compat.h"
7258 Reset the environment by default.
7262 Alloc an extra slot in NewArgv. Removes the need to malloc an new
7263 vector if execve() fails.
7266 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
7268 * INSTALL, config.h.in, configure, configure.in, sudo.c:
7269 Use execve(2) and wrap the command in sh if we get ENOEXEC.
7272 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
7275 Only include time.h on systems that lack struct timespec which gets
7276 defind in compat.h (using time_t).
7280 Include time.h for time_t in compat.h for systems w/o struct
7284 * compat.h, config.h.in, configure, configure.in:
7285 use bcopy on systems w/o memmove
7289 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
7294 Add explicit rule to build sudo_noexec.lo
7297 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
7299 * INSTALL.configure, Makefile.in:
7300 No longer depend on VPATH; pointed out a bunch of missed
7305 Help for PAM when account section is missing
7309 Give user a clue when there is a missing "account" section in the
7314 Better error handling.
7317 * config.h.in, configure, configure.in:
7318 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
7319 possible. Silences a warning about isblank() on linux.
7323 Fix typo (missing comma) that caused an incorrect number of args to
7324 be passed to log_error().
7327 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
7330 Don't try to destroy a tree we didn't create.
7333 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
7335 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
7336 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
7337 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
7338 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
7339 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
7340 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
7341 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
7342 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
7343 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
7344 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
7345 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
7346 Add __unused to rcsids
7349 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
7351 * configure, configure.in:
7352 Fix error message when mixing invalid auth types
7356 PAM, AIX auth, BSD auth and login_cap are now on by default if the
7360 * auth/sudo_auth.h, config.h.in:
7361 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
7365 Better checking for conflicting authentication methods Display the
7366 authentication methods used at the end of configure Rename --with-
7367 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
7368 --with-pam, --with-logincap by default on systems that support them
7369 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
7370 OSREV has full version number
7373 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
7375 * def_data.c, def_data.in, sudo.c, sudoers.pod:
7379 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
7382 Replace: test -n "$FOO" || FOO="bar"
7384 With: : ${FOO='bar'}
7387 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
7389 * pwutil.c, testsudoers.c, tsgetgrpw.c:
7390 Use function pointers to only call private passwd/group routines
7391 when using a nonstandard passwd/group file.
7394 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
7401 Can't use strtok() since it doesn't handle empty fields so add
7402 getpwent()/getgrent() functions and call those.
7405 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
7408 Fix dummied out toke.c and gram.c dependencies.
7412 Rename PARSESRCS -> GENERATED since it is only used in the clean
7413 target Add devdir variable and use it to specify the path to parser
7422 Add a devdir variables that defaults to $(srcdir) and is set to . if
7423 --devel was specified. Allows for proper dependecies building the
7428 Add support for custom passwd/group files.
7432 Build private copy of pwutil.o for testsudoers with MYPW defined so
7433 it uses our own passwd/group routines.
7437 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
7438 stubs instead. We can now just use the caching sudo_*{pw,gr}*
7439 functions in pwutil.c Add comment about wanting to call
7440 sudo_endpwent/sudo_endgrent in cleanup()
7444 Remove caching; we will just use what is in pwutil.c Use global
7445 buffers for passwd/group structs Rename functions from sudo_* to
7449 * logging.c, sudo.c:
7450 g/c pwcache_init/pwcache_destroy
7454 Undo last commit and add sudo_setspent and sudo_endspent instead.
7457 * getspwuid.c, pwutil.c:
7458 Move all but the shadow stuff from getspwuid.c to pwutil.c and
7459 pwcache_get and pwcache_put as they are no longer needed. Also add
7460 preprocessor magic to use private versions of the passwd and group
7461 routines if MYPW is defined (for use by testsudoers).
7465 zero out struct passwd/group before filling it in so if there are
7466 fields we don't handle they end up as 0.
7469 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
7474 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
7479 Passwd and group lookup routines for testsudoers that support
7480 alternate passwd and group files.
7483 * getspwuid.c, pwutil.c:
7484 Split off pw/gr cache and dup code into its own file. This allows
7485 visudo and testsudoers to use the pw/gr cache too.
7488 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
7491 Print Defaults info in "sudo -l" output and wrap lines based on the
7495 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
7497 * match.c, testsudoers.c, visudo.c:
7498 Only check group vector in usergr_matches() if we are matching the
7499 invoking or list user. Always check the group members, even if
7500 there was a group vector.
7503 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
7505 * LICENSE, Makefile.in, fnmatch.3:
7506 No longer bundle fnmatch.3
7513 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
7520 Sort command line options
7523 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
7524 sudo.pod, sudoers.pod:
7525 Add closefrom sudoers option to start closing at a point other than
7526 3. Add closefrom_override sudoers option and -C sudo flag to allow
7527 the user to specify a different closefrom starting point.
7531 Add _PATH_DEVNULL for those without it.
7535 no more UCB strcasecmp
7539 replace BSD licensed one with version derived from pdksh
7542 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
7549 Make sure stdin, stdout and stderr are open and dup them to
7553 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
7555 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
7559 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
7560 Use TIME_WITH_SYS_TIME
7563 * config.h.in, configure, configure.in:
7564 Add TIME_WITH_SYS_TIME_H
7567 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
7570 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
7571 unconditionally on darwin. From Toby Peterson.
7575 Check rbinsert() return value. In the case of faked up entries
7576 there is usually a negative response cached that we need to
7579 In pwfree() don't try to zero out a NULL pw_passwd pointer.
7583 Use the double fork trick to avoid the monitor process being waited
7584 for by the main program run through sudo.
7587 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
7590 Call initgroups() in -U mode so group matches work normally.
7593 * def_data.h, mkdefaults:
7594 Don't print a trailing comma for the last entry in enum def_tupple
7597 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
7599 * sudoers.cat, sudoers.man.in, sudoers.pod:
7600 Mention values when lecture, listpw and verifypw are used in boolean
7604 * def_data.c, def_data.in:
7605 verifypw when used in a boolean TRUE context should be "all", not
7609 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
7611 * def_data.in, defaults.c:
7612 Allow tuples that can be used as booleans to be used as boolean
7613 TRUE. In this case the 2nd possible value of the tuple is used for
7617 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
7619 * configure, configure.in:
7620 Correct the test for 2-parameter timespecsub
7624 Add strub struct definitions for passwd, timeval and timespec
7627 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
7628 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
7629 and fix a typo in the gettimeofday check.
7632 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
7634 * match.c, testsudoers.c:
7635 Deal with user_stat being NULL as it is for visudo and testsudoers.
7638 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
7639 Add -U option to use in conjunction with -l instead of -u. Add
7640 support for "sudo -l command" to test a specific command.
7643 * gram.c, gram.y, sudo.c:
7644 Set safe_cmnd after sudoers_lookup() if it has not been set.
7645 Previously it was set by sudo "ALL" in the parser but at that point
7646 the fully-qualified pathname has not yet been found.
7649 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
7651 * parse.c, testsudoers.c:
7652 Correctly handle multiple privileges per userspec and runas
7656 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
7659 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
7662 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
7665 make per-command defaults work with sudoedit
7668 * ldap.c, parse.c, sudo.c, sudo.h:
7669 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
7670 Instead, we just set the approriate defaults variable.
7673 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
7674 Document per-command Defaults.
7677 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
7678 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
7679 Add support for command-specific Defaults entries. E.g.
7680 Defaults!/usr/bin/vi noexec
7683 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
7684 Change an occurence of user_matches() -> runas_matches() missed
7685 previously runas_matches(), host_matches() and cmnd_matches() only
7686 really need to pass in a list of members. user_matches() still
7687 needs to pass in a passwd struct because of "sudo -l"
7691 Check def_authenticate, def_noexec and def_monitor when setting
7692 return flags. XXX May be better to just set the defaults directly
7693 and get rid of those flags.
7696 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
7697 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
7698 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
7699 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
7700 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
7701 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
7702 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
7703 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
7704 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
7705 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
7706 visudo.c, zero_bytes.c:
7707 Use: #include <config.h> Not: #include "config.h" That way we get
7708 the correct config.h when build dir != src dir
7712 Back out part of rev 1.263; fix -I order
7716 More robust parsing if #include; could be much better still.
7719 * sudo_edit.c, visudo.c:
7720 Make arg splitting in visudo and sudoedit consistent.
7723 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
7724 Split alias routines out into their own file.
7728 __attribute__ is already defined in compat.h
7732 quit() should not be __noreturn__ as it is non-void on some
7736 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
7737 Add local error/warning functions like err/warn but that call an
7738 additional cleanup routine in the error case. This means we no
7739 longer need to compile a special version of alloc.o for visudo.
7743 Clarify comments about the data structures
7746 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
7749 Add support for VISUAL and EDITOR containing command line args. If
7750 env_editor is not set any args in VISUAL and EDITOR are ignored.
7751 Arguments are also now supported in def_editor.
7754 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
7757 alias_matches() is no more
7765 When regenerating the parser, don't replace gram.h unless it has
7770 remove Makefile.binary for distclean
7774 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
7775 sure we can't overflow new_env.
7779 paranoia when stripping trailing slashes from tempdir.
7783 Set user_ngroups to 0 if getgroups() returns an error.
7786 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
7788 * config.h.in, configure, configure.in, sudo.c:
7789 Add configure check for getgroups()
7793 Use supplementary group vector in struct sudo_user.
7797 Only do string comparisons on the group members if there is no
7798 supplemental group list.
7806 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
7807 chop off any trailing slashes we see and add an explicit one.
7811 remove bogus XXX comment
7815 Get rid of alias_matches and correctly fall through to the non-alias
7816 cases when there is no alias with the specified name.
7820 Cache non-existent passwd/group entries too.
7831 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
7832 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
7833 Implement group caching and use the passwd and group caches
7837 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
7840 Properly negate the return value of alias_matches() when
7845 Make hostname_matches() return TRUE for a match, else FALSE like the
7850 Add missing dependencies on gram.h
7854 Use runas_matches in alias_matches() now that we have it.
7858 Expand aliases in "sudo -l" mode
7862 Use ALIAS for the member type when storing an alias instead of
7863 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
7864 more generic type. Expand runas_matches instead of calling
7865 user_matches() inside of it since user_matches() looks up
7866 USERALIASes, not RUNASALIASes.
7869 * CHANGES, getspwuid.c:
7870 Paranoia; zero out pw_passwd before freeing passwd entry.
7873 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
7874 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
7875 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
7876 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
7877 Add local error/warning functions like err/warn but that call an
7878 additional cleanup routine in the error case. This means we no
7879 longer need to compile a special version of alloc.o for visudo.
7883 Use userpw_matches() to compare usernames, not strcmp(), since the
7884 latter checks for "#uid".
7887 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
7888 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
7889 the other by user name. The data returned from the cache should be
7890 considered read-only and is destroyed by sudo_endpwent().
7898 missing free in alias_destroy
7902 Can't use rbapply() for rbdestroy since the destructor is passed a
7903 data pointer, not a node pointer.
7906 * getspwuid.c, logging.c, sudo.c, sudo.h:
7907 Create and use private versions of setpwent() and endpwent() that
7908 set/end the shadow password file too.
7911 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
7912 Store aliases in a red-black tree.
7915 * Makefile.in, redblack.c, redblack.h:
7916 red-black tree implementation
7920 Edit all sudoers file if there were unused or undefined aliases and
7921 we are in strict mode.
7924 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
7926 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
7927 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
7928 Bring back the "secure_path" Defaults option now that Defaults take
7929 effect before the path is searched.
7932 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
7934 * logging.c, parse.c:
7935 A user can always list their own entries, even with -u. Better error
7936 message when failing to list another user's entries.
7939 * parse.c, sudo.c, sudo.h:
7940 The syntax to list another user's entries is now "-u otheruser -l".
7941 Only root or users with sudo "ALL" may list other user's entries.
7944 * sudo.cat, sudo.man.in, sudo.pod:
7945 Update env variable info in SECURITY NOTES
7953 strip exported bash functions from the environment.
7956 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
7959 Only reset sudo_user.pw based on SUDO_USER environment variables for
7960 real commands and sudoedit. This avoids a confusing message when a
7961 user tries "sudo -l" or "sudo -v" and is denied.
7964 * gram.c, gram.y, parse.h:
7965 Extend LIST_APPEND to deal with appending lists too
7968 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
7971 Convert some bitwise AND to ISSET
7975 toke.c replaces lex.yy.c
7983 new parser fixes most of the outstanding bugs
7991 Rework for the new parser. Now checks for unused aliases in sudoers.
7995 Rewrite for the new parser. Now supports a -d flag (dump) and adds
7996 a -h flag (host). It now defaults to the local hostname unless
7997 otherwise specified.
8001 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
8005 Update for new parse. We now call find_path() *after* we have
8006 updated the global defaults based on sudoers. Also adds support for
8007 listing other user's privs if you are root.
8011 Working LDAP support; also remove a now-unneeded rewind().
8014 * logging.c, logging.h:
8019 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
8020 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
8021 connecto to LDAP, apply the default options, find the command in the
8022 user's path, and then check whether the user is allowed to run it.
8023 The important thing here is that the default runas user may be
8024 specified as a default option and that needs to be set before we
8025 search for the command.
8029 Add casts to unsigned char for isspace() to quiet a gcc warning.
8033 Add prototype for update_defaults()
8037 Don't warn about line numbers now that we operate on a set of data
8038 structures (or LDAP) and not a file.
8042 No long use lsearch()
8046 Update for new and changed file names.
8050 no more BSD lsearch.c
8054 foo_matches() routines now live in match.c Added user_matches(),
8055 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
8056 that operate on the parsed sudoers file.
8059 * parse.lex, toke.l:
8060 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
8061 WORD no longer needs to exclude '@' kill yywrap()
8064 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
8066 Rewritten parser that converts sudoers into a set of data
8067 structures. This eliminates ordering issues and makes it possible to
8068 apply sudoers Defaults entries before searching for the command.
8071 * configure.in, emul/search.h, lsearch.c:
8072 We won't be using lsearch() any longer.
8076 sudo should not send mail if someone who runs 'sudo -l' has no
8080 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8086 Update warnings to match new visudo
8090 The new parser doesn't have the old ordering constraints.
8094 Document that -l now takes an optional username argument
8097 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
8104 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
8105 a compilation problem with Solaris 9's native LDAP.
8107 Set FLAG_MONITOR when needed.
8110 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
8113 Call sudo_goodpath() *after* changing the cwd to match the traced
8114 process. Fixes relative paths.
8117 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
8120 Kill set_perms() stub--it is no longer needed.
8123 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
8125 * sudoers.cat, sudoers.man.in, sudoers.pod:
8126 stay_setuid now requires set_reuid() or setresuid()
8129 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
8130 configure.in, set_perms.c, sudo.c, sudo.h:
8131 Kill use of POSIX saved uids; they aren't worth bothering with.
8134 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
8137 remove call to issetugid()
8140 * sudoers.cat, sudoers.man.in, sudoers.pod:
8141 Remove warning about wildcards. Now that we use glob() the bug is
8146 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
8147 each result that matches the basename of the user's command. This
8148 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
8149 /usr/bin/blah. Fixes bug #143.
8152 * config.h.in, configure, configure.in:
8153 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
8157 * config.h.in, configure, configure.in:
8158 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
8166 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
8171 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
8175 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
8178 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
8179 means we are out of space in the stack gap...
8187 Take a stab at ldap sudoers support here.
8190 * mon_systrace.c, mon_systrace.h:
8191 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
8192 doesn't cause reboot to inadvertanly kill itself.
8196 put "monitor" in the proctitle, not "systrace"
8200 When modifying the environment, don't replace envp when we can get
8201 away with just rewriting pointers in the traced process.
8204 * mon_systrace.c, mon_systrace.h:
8205 Add environment updating via STRIOCINJECT (if available).
8208 * sudoers.cat, sudoers.man.in:
8212 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
8219 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
8223 Include file is now mon_systrace.h
8226 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
8227 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
8228 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
8229 No longer call it tracing, it is now "monitoring" which should be
8230 more a obvious name to non-hackers.
8233 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
8235 * mon_systrace.c, mon_systrace.h:
8239 * mon_systrace.c, mon_systrace.h:
8240 No need to include syscall.h, use 1024 as the max # of entries (the
8241 max that systrace(4) allows).
8243 Only need to use SYSTR_POLICY_ASSIGN once
8245 Change check_syscall() -> find_handler() and have it return the
8246 handler instead of just running it. We need this since handler now
8247 have two parts: one part that generates and answer and another that
8248 gets called after the answer is accepted (to do logging).
8250 Add some missing check_exec for emul execv
8253 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
8258 Add missing HAVE_LINUX_SYSTRACE_H
8262 add trace_systrace.o dependency
8265 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
8267 * configure, configure.in:
8268 Also look for systrace.h in /usr/include/linux
8271 * mon_systrace.c, mon_systrace.h:
8272 Move all struct defs and prototypes into trace_systrace.h and mark
8273 all but systace_attach() static.
8276 * mon_systrace.c, mon_systrace.h:
8277 Add support for tracing emulations. At the moment, all emulations
8278 are compiled in. It might make sense to #ifdef them in the future,
8279 though this impeeds readability.
8282 * Makefile.in, configure, configure.in:
8283 rename systrace.c -> trace_systrace.c
8286 * parse.yacc, sudo.tab.c:
8287 Allow this to build with a K&R compiler again
8294 * compat.h, sudo.c, visudo.c:
8295 Use __attribute__((__noreturn__))
8299 Exit() takes a negative value to indicate it was not called via
8303 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8308 * Makefile.in, visudo.c:
8309 Define Err() and Errx() that are like err() and errx() but call
8310 Exit() instead of exit(). Build private copy of alloc.o for visudo
8311 that calls Err() and Errx().
8314 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
8316 * lex.yy.c, sudo.tab.c:
8325 Overhaul visudo for editing multiple files: o visudo has been
8326 broken out into functions (more work needed here) o each file is
8327 now edited before sudoers is re-parsed o if a #include line is
8328 added that file will be edited too
8330 TODO: o cleanup temp files when exiting via err() or errx() o
8331 continue breaking things out into separate functions
8334 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
8335 Add keepopen arg to open_sudoers that open_sudoers can use to
8336 indicate to the caller that the fd should not be closed when it is
8337 done with it. To be used by visudo to keep locked fds from being
8338 closed prematurely (and thus losing the lock).
8341 * parse.yacc, sudo.c:
8342 Add errorfile global that contains the name of the file that caused
8347 return COMMENT to yacc grammar for a #include line
8351 Remove us of unput() in favor of yyless() which is cheaper.
8355 Allow an empty sudoers file.
8358 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
8361 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
8364 * lex.yy.c, sudo.tab.c:
8369 Do signal setup before calling edit_sudoers(). Don't shadow the
8374 If a sudoers file includes other files, edit those too. Does not yes
8375 deal with creating the new includes files itself.
8379 init_parser now takes a path
8382 * parse.c, parse.h, parse.lex, parse.yacc:
8383 More scaffolding for dealing with multiple sudoers files: o
8384 init_parser() now takes a path used to populate the sudoers global
8385 o the sudoers global is used to print the correct file in yyerror()
8386 o when switching to a new sudoers file, perserve old file name and
8390 * Makefile.in, pathnames.h.in:
8391 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
8392 multiple sudoers files.
8396 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
8397 we start at the right file position when reading include files.
8409 Add max depth of 128 for the include stack to avoid loops.
8411 Since yyerror() doesn't stop parsing, pass return values back to
8412 yylex and call yyterminate() on error.
8415 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
8422 Mention PREVENTING SHELL ESCAPES section of sudoers man page
8425 * lex.yy.c, sudo.tab.c:
8430 Add support for #include in sudoers (visudo support TBD)
8434 make yyerror()'s argument const
8437 * testsudoers.c, visudo.c:
8438 Add open_sudoers() stubs.
8442 Rename check_sudoers() open_sudoers() and make it return a FILE *
8445 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
8447 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
8452 * Makefile.in, sudo.psf:
8453 Better HP-UX depot construction
8456 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
8459 o Made children global so check_exec() can lookup a child. o
8460 Replaced uid in struct childinfo with struct passwd * (for runas) o
8461 new_child() now takes a parent pid so the runas info can be
8462 inherited o Added find_child() to lookup a child by its pid o
8463 update_child() now fills in a struct passwd o Converted the big
8464 if/else mess in set_policy to a switch o Syscalls that change uid
8465 are now "ask" so we get SYSTR_MSG_UGID events
8469 Add flag to sudo_pwdup that indicates whether or not to lookup the
8470 shadow password. Will be used to a struct passwd that has the
8471 shadow password already filled in.
8475 add missing increment of addr in read_string()
8479 Remove bogus call to update_child() and some cosmetic fixes
8483 Don't leak /dev/systrace fd to tracee Make initialized global for
8484 simplicity If STRIOCATTACH returns EBUSY we are already being traced
8485 Check for user_args == NULL in setproctitle() call Add missing calls
8490 g/c sudo_pwdup proto
8493 * Makefile.in, sudo.psf:
8494 Add target for building a depot file
8501 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
8503 * lex.yy.c, sudo.tab.c, sudo.tab.h:
8508 document --with-systrace
8511 * config.h.in, configure, configure.in:
8512 Add check for setproctitle
8516 pass struct str_msg_ask in to syscall checker so it can set the
8521 systrace(4) support for sudo. On systems with the systrace(4)
8522 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
8523 intercept exec calls and check the exec args against the sudoers
8524 file. In other words, sudo can now control subcommands and shell
8529 Call systrace_attach() if FLAG_TRACE is set.
8532 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
8533 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
8537 Don't close sudoers_fp, keep it open and set close on exec flag
8541 * def_data.c, def_data.h, def_data.in:
8550 SunOS /bin/sh blows up with configure
8553 * configure, configure.in:
8554 Include sys/param.h before systrace.h
8566 line up options in --help
8569 * config.h.in, configure.in:
8573 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
8579 * aclocal.m4, configure.in:
8580 make this work with autoconf-2.59
8583 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
8586 Simplify logic around open & stat of files and do sanity on edited
8587 file even if we lack fstat (still racable but worth doing).
8590 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
8598 [b84ebfaf1552] [SUDO_1_6_8p1]
8601 more changes for 1.6.8p1
8608 * CHANGES, sudo_edit.c:
8609 Add sanity check so we don't try to edit something other than a
8613 2004-09-15 Aaron Spangler <aaron777@gmail.com>
8620 document --with-ldap-conf-file
8623 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
8625 * CHANGES, ins_csops.h:
8626 political correctness strikes again
8633 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
8635 * Makefile.binary.in, Makefile.in:
8636 Install sudoedit man link
8640 Update PAM note and mention where HP-UX users can download gcc
8645 libtool wants to install stuff from .libs so fake one up for binary
8649 * Makefile.binary.in:
8650 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
8654 Deal with "uname -m" having slashes in it rm -f old sudoedit link
8655 instead of using ln -f
8658 * Makefile.binary, Makefile.binary.in:
8659 Makefile.binary -> Makefile.binary.in for config.status substitution
8660 Add support for installing noexec bits
8664 Copy noexec bits into binary dists too No longer use my old arch
8665 script for making binary dists
8669 Install sudoedit link.
8672 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
8675 avoid __P so there is no need for compat.h to be included
8679 Don't use HAVE_UTIME_H before including config.h.
8682 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
8685 Fix Solatis futimes macro
8688 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
8691 Rename ots -> omtim for improved readability.
8694 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
8697 Redo changes in revision 1.7. Don't really need to keep the temp
8698 file open; re-opening it with the invoking user's euid is
8706 * sudo.cat, sudo.man.in:
8711 back out revision 1.70; it is no long applicable
8715 Let the loader initialize nep
8718 * config.h.in, configure, configure.in:
8719 Removed unneed check for fchown Add check for gettimeofday Move
8720 autoheader template stuff into separate AH_TEMPLATE lines
8723 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
8724 Use timespec throughout.
8732 function to return the current time in a struct timespec
8736 Not a darpa-sponsored file.
8739 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
8741 * compat.h, config.h.in, configure, configure.in:
8742 Add a check for struct timespec and provide it for those without.
8745 * config.h.in, configure, configure.in, sudo_edit.c:
8746 Add checks for st_mtim and st_mtimespec and add macros for pulling
8747 the mtime sec and nsec out of struct stat. These are used in
8748 sudo_edit() to better tell whether or not the file has changed.
8751 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
8752 Add an extra param to touch() for nsec
8756 Call mkstemp() as the in invoking user so we don't have to chown the
8757 file later. Only touch() the temp file if we can do it via the file
8758 descriptor. Don't check for modification of the temp file if we lack
8759 fstat(). Catch errors read()ing the temp file.
8763 If path is NULL and fd == -1 return -1.
8767 closefrom() is overkill, the only extra fds are the ones we opened
8768 so just close those in the child.
8771 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
8772 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
8774 Use utimes() and futimes() instead of utime() in touch(), emulating
8775 as needed. Not all systems are able to support setting the times of
8776 an fd so touch() takes both an fd and a file name as arguments.
8779 2004-09-07 Aaron Spangler <aaron777@gmail.com>
8785 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
8787 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8792 * sudo.pod, sudoers.pod, visudo.pod:
8793 Add SUPPORT section and re-order some of the sections to match the
8794 order we use in OpenBSD.
8797 2004-09-06 Aaron Spangler <aaron777@gmail.com>
8800 Openldap ~/.ldaprc fix
8803 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
8806 Talk about how the editor must write its changes to the original
8807 file and not just use rename(2).
8815 Keep the temp file open instead of re-opening after the editor has
8820 Update for current redhat/fedora core.
8823 2004-09-03 Aaron Spangler <aaron777@gmail.com>
8829 2004-09-02 Aaron Spangler <aaron777@gmail.com>
8832 config tls_* options
8835 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
8837 * configure, configure.in:
8838 No need for -lcrypt when using pam.
8841 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
8847 2004-08-27 Aaron Spangler <aaron777@gmail.com>
8849 * configure.in, ldap.c, pathnames.h.in:
8850 Allow --with-ldap-conf-file option to override LDAP_CONF
8854 cleanup debug message
8857 2004-08-26 Aaron Spangler <aaron777@gmail.com>
8863 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
8865 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
8866 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
8867 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
8868 longer use gross statics in command_matches(). Also rename some
8869 variables for improved clarity.
8872 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
8875 document HP's crippled compiler deficiency.
8879 Fix some thinkos in --with-editor and --with-env-editor
8880 descriptions. Noticed by Norihiko Murase.
8883 * configure, configure.in:
8884 --with-noexec takes an optional PATH argument.
8888 document --with-noexec
8891 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
8895 [f2503bd13373] [SUDO_1_6_8]
8898 Better warning message when sudoedit is unable to write to the
8902 * sudo.cat, sudo.man.in:
8907 Don't italicize the string "sudoedit"
8910 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
8916 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
8923 Reset used_runas to FALSE when re-intializing the parser.
8926 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
8929 Correct OpenBSD mips support
8936 2004-08-07 Aaron Spangler <aaron777@gmail.com>
8943 Updates on current behavior
8946 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
8949 =back does not take an indentlevel (makes no difference to formatted
8954 =back does not take an indentlevel (makes no difference to formatted
8963 Consistency. Use same error for bad -u #uid when targetpw is set as
8964 we do when a bad -u username is specified.
8968 Add checksum idea from Steve Mancini
8971 * sudoers.cat, sudoers.man.in:
8975 * sudo.cat, sudo.man.in:
8979 * sudo.pod, sudoers.pod:
8980 Document the restriction on uids specified via -u when targetpw is
8985 Error out when targetpw is enabled and sudo is run with -u #uid but
8986 #uid does not exist in the passwd database. We can't do target
8987 authentication when the target is not in passwd!
8990 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
8995 Some more todo for the next release.
8999 Make it clear that PAM should be used for DCE support when possible.
9003 o Document problems with wildcards and relative paths. o Make the
9004 order requirements more prominent. o Change a "set" to "reset" for
9008 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
9011 Mention --with-secure-path, not SECURE_PATH.
9014 2004-08-03 Aaron Spangler <aaron777@gmail.com>
9017 reflect changes to parse.c
9020 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
9026 * parse.c, parse.h, testsudoers.c, visudo.c:
9027 Don't pass user_cmnd and user_args to command_matches(), just use
9028 the globals there. Since we keep state with statics anyway it is
9029 misleading to pretend that passing in different cmnd and cmnd_args
9034 Don't pass user_cmnd and user_args to command_matches(), just use
9035 the globals there. Since we keep state with statics anyway it is
9036 misleading to pretend that passing in different cmnd and cmnd_args
9041 Fix a bug introduced in rev. 1.149. When checking for pseudo-
9042 commands check for a '/' anywhere in cmnd, not just the first
9046 2004-07-31 Aaron Spangler <aaron777@gmail.com>
9048 * sudo.man.in, sudo.pod:
9049 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
9052 * sudoers.man.in, sudoers.pod:
9053 Add ignore_local_sudoers
9057 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
9061 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
9067 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
9074 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
9075 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
9078 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
9084 2004-07-08 Aaron Spangler <aaron777@gmail.com>
9087 Better debugging of ALL command
9090 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
9093 When matching for "sudoedit" in sudoers check both the command the
9094 user typed *and* the command that is listed in the sudoers entry.
9097 2004-07-04 Aaron Spangler <aaron777@gmail.com>
9100 Added !command feature
9103 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
9106 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
9109 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
9112 License is ISC-style, not BSD-style
9119 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
9121 * sudo.cat, sudo.man.in:
9126 o Update some out of date bits to reality o Change the shell promt
9127 in examples to bourne-shell style o Clarify some details o Add a
9128 CAVEAT about "sudo cd /foo"
9132 Don't ask for a password if invoking user == target user.
9139 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
9141 * sudoers.cat, sudoers.man.in:
9146 Expand on NOEXEC a little.
9153 * visudo.cat, visudo.man.in:
9162 Add a check in visudo for runas_default being set after it has
9166 * CHANGES, parse.yacc, visudo.c:
9167 Add a check in visudo for runas_default being set after it has
9176 Add a MATCHED macro for testing whether foo_matches has been set to
9177 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
9178 Doesn't change the actual code generated.
9181 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
9192 Correct description of where Defaults specs should go.
9196 Correct description of where Defaults specs should go.
9199 * testsudoers.c, visudo.c:
9219 * auth/bsdauth.c, auth/kerb5.c:
9223 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
9229 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
9230 Remove trailing spaces, no actual code changes.
9234 Remove trailing spaces, no actual code changes.
9237 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
9238 Remove trailing spaces, no actual code changes.
9242 Remove trailing spaces, no actual code changes.
9246 Remove trailing spaces, no actual code changes.
9249 * compat.h, defaults.c, env.c:
9250 Remove trailing spaces, no actual code changes.
9254 Remove trailing spaces, no actual code changes.
9262 Fix a >=0 that should be <0 that was improperly converted when
9267 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
9268 NOMATCH when resetting it.
9272 Fix pastos introduced in SETNMATCH addition.
9275 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
9278 Update for configure changes
9286 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
9287 these in parse.yacc. Also in parse.yacc initialize the *_matches
9288 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
9289 when setting *_matches to a value that may be
9290 NOMATCH/UNSPEC/TRUE/FALSE.
9294 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
9295 these in parse.yacc. Also in parse.yacc initialize the *_matches
9296 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
9297 when setting *_matches to a value that may be
9298 NOMATCH/UNSPEC/TRUE/FALSE.
9302 Initialize runas to -2, not -1 since we need to be able to
9303 distinguish between the initialized value and the value of a non-
9304 match when passing along the runas value to multiple commands.
9306 The result of this is that an unmatched runas is now set to -1, not
9307 0. This is required now that parse.c treats a FALSE value for runas
9308 as being explicitly denied.
9311 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
9314 Error out if argc < 1.
9318 Error out if argc < 1.
9321 * configure, configure.in:
9322 Add tests for what libs we need to link with for ldap and for
9323 whether or not lber.h needs to be explicitly included.
9326 2004-06-03 Aaron Spangler <aaron777@gmail.com>
9329 Solaris native LDAP build fix
9332 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
9335 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
9340 Add prototype for sudo_ldap_list_matches
9343 * configure, configure.in:
9344 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9345 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9346 this is now used to confitionally define the dirfd macro in
9351 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9352 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9353 this is now used to confitionally define the dirfd macro in
9358 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9359 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9360 this is now used to confitionally define the dirfd macro in
9365 Only check /proc/$$/fd if we have the dirfd function/macro.
9368 * compat.h, config.h.in, configure, configure.in:
9369 Add a check for a dirfd() function (like Linux) and add a dirfd
9370 macro in compat.h if there is no dirfd() function or macro.
9373 * closefrom.c, getcwd.c:
9374 dirfd() is now defined in compat.h as needed.
9378 Clarify closefrom() note.
9382 When checking for a command in the directory, only copy the base dir
9387 If there is a /proc/$$/fd directory, behave like the Solaris
9388 closefrom() and only close the descriptors listed therein.
9392 compat.h guarantees INT_MAX is defined.
9396 Add definitions of OPEN_MAX and INT_MAX for those without it and
9397 remove definition of RLIM_INFINITY (now unused).
9400 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
9401 sudo.c, sudo.h, visudo.c:
9402 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
9405 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
9412 Add some entries that were mailed in a while ago
9416 o sysconf returns a long, not an int. o check for negative return
9417 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
9418 define OPEN_MAX to 256 for those without it (a fair guess...)
9421 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
9424 Mention change in parse order for RunAs entries.
9431 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
9433 * INSTALL, README.LDAP, config.h.in, configure.in:
9434 o --with-ldap now takes an optional dir as a parameter o added
9435 check for ldap_initialize() and start_tls_s()
9439 Fix some typos, word choice and formatting issues.
9442 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
9445 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
9446 read/write as it is simpler.
9449 * configure, configure.in:
9450 Remove hack overriding cross-compiler check. It should no longer be
9455 Remove select() compat bits since we no longer use select().
9458 * CHANGES, tgetpass.c:
9459 Use alarm() instead of select() for the timeout for systems that
9460 don't fully/properly implement select().
9463 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
9474 Deal with systems that have no way of setting the effective uid such
9478 * configure, configure.in:
9479 Define NO_SAVED_IDS if we don't find seteuid()
9482 * config.h.in, configure, configure.in:
9483 Add back check for setreuid() since NSK doesn't have it.
9486 * sudoers.cat, sudoers.man.in:
9499 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
9500 explicitly denied and the command matched. This fixes a long-
9501 standing bug and makes: foo machine = (ALL) /usr/bin/blah
9502 foo machine = (!bar) /usr/bin/blah
9504 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
9511 2004-05-20 Aaron Spangler <aaron777@gmail.com>
9514 Missing DESTDIR in make install for sudo_noexec.la
9517 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
9519 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
9529 Remove fastboot/fasthalt (who still remembers these?) and add a
9530 minimal sudoedit example.
9534 Remove fastboot/fasthalt (who still remembers these?) and add a
9535 minimal sudoedit example.
9538 * UPGRADE, sudo.c, visudo.c:
9539 filesystem -> file system
9543 filesystem -> file system
9547 filesystem -> file system
9550 * sudo.pod, sudoers.pod:
9551 Fix some minor typos and formatting goofs
9559 remove my email addr
9562 * sudo.pod, sudoers.pod, visudo.pod:
9563 Use @mansectform@ and @mansectsu@ everywhere Make man page
9564 references links with L<>
9568 Accept quoted globbing characters and pass them verbatim for
9573 Document that /tmp/.odus is gone.
9577 No longer use /tmp/.odus as a possible timestamp dir unless
9578 specifically configured to do so. Instead, if no /var/run exists,
9579 use /var/adm/sudo or /usr/adm/sudo.
9583 No longer use /tmp/.odus as a possible timestamp dir unless
9584 specifically configured to do so. Instead, if no /var/run exists,
9585 use /var/adm/sudo or /usr/adm/sudo.
9589 No longer use /tmp/.odus as a possible timestamp dir unless
9590 specifically configured to do so. Instead, if no /var/run exists,
9591 use /var/adm/sudo or /usr/adm/sudo.
9595 No longer use /tmp/.odus as a possible timestamp dir unless
9596 specifically configured to do so. Instead, if no /var/run exists,
9597 use /var/adm/sudo or /usr/adm/sudo.
9600 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
9601 Preliminary changes to support nsr-tandem-nsk. Based on patches
9606 Preliminary changes to support nsr-tandem-nsk. Based on patches
9610 * check.c, compat.h:
9611 Preliminary changes to support nsr-tandem-nsk. Based on patches
9615 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
9618 There was no 1.6.7p6.
9626 add missing files to DISTFILES
9629 * sudo.cat, sudoers.cat, visudo.cat:
9638 Fix some line wrap and update (c) year
9641 2004-04-28 Aaron Spangler <aaron777@gmail.com>
9647 2004-04-07 Aaron Spangler <aaron777@gmail.com>
9653 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9660 In Exit() when used as a signal handler, emsg is a pointer so
9661 sizeof() is wrong so make it a #define instead. Also avoid using a
9662 negative exit value. Found by Aaron Campbell
9665 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
9668 Remove bogus sentence about uids in a User_List. Document usernames
9669 vs. uid parsing in a Runas_List.
9672 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
9673 If the user specified a uid with the -u flag and the uid exists in
9674 the passwd file, set runas_user to the name, not the uid.
9676 When comparing usernames in sudoers, if a name is really a uid
9677 (starts with '#') compare it numerically to pw_uid.
9680 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
9683 krb5_mcc_ops should be const; Johnny C. Lam
9686 2004-02-28 Aaron Spangler <aaron777@gmail.com>
9688 * CHANGES, config.h.in, ldap.c:
9689 Added start_tls support
9692 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
9695 Clean up libtool stuff for 'make distclean' and add def_data.c,
9696 def_data.h to PARSESRCS.
9699 2004-02-14 Aaron Spangler <aaron777@gmail.com>
9701 * strlcat.c, strlcpy.c:
9702 Un-Fix last license munge
9705 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9711 * CHANGES, RUNSON, TODO:
9715 * lex.yy.c, sudo.tab.c:
9719 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
9720 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
9721 emul/search.h, emul/utime.h:
9722 More to a less restrictive, ISC-style license.
9725 * auth/kerb5.c, auth/pam.c:
9726 More to a less restrictive, ISC-style license.
9729 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
9730 More to a less restrictive, ISC-style license.
9734 More to a less restrictive, ISC-style license.
9737 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
9738 More to a less restrictive, ISC-style license.
9741 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
9742 visudo.man.in, visudo.pod:
9743 More to a less restrictive, ISC-style license.
9747 More to a less restrictive, ISC-style license.
9750 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
9752 More to a less restrictive, ISC-style license.
9755 * sigaction.c, strerror.c:
9756 More to a less restrictive, ISC-style license.
9759 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
9761 More to a less restrictive, ISC-style license.
9764 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
9765 ins_goons.h, insults.h, interfaces.c, interfaces.h:
9766 More to a less restrictive, ISC-style license.
9769 * find_path.c, getprogname.c:
9770 More to a less restrictive, ISC-style license.
9774 More to a less restrictive, ISC-style license.
9778 More to a less restrictive, ISC-style license.
9782 More to a less restrictive, ISC-style license.
9785 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
9787 More to a less restrictive, ISC-style license.
9790 * utime.c, version.h:
9791 More to a less restrictive, ISC-style license.
9794 * parse.lex, parse.yacc:
9795 More to a less restrictive, ISC-style license.
9799 More to a less restrictive, ISC-style license.
9802 2004-02-13 Aaron Spangler <aaron777@gmail.com>
9805 Merged in LDAP Support
9808 * ldap.c, sudo.c, sudo.h:
9809 Merged in LDAP Support
9812 * def_data.c, def_data.h, def_data.in:
9813 Merged in LDAP Support
9816 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
9817 Merged in LDAP Support
9820 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9822 * sudo.h, sudo_noexec.c:
9823 Only do "extern int errno" if errno is not a macro.
9826 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
9829 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
9830 euid first, then just call setuid(0) to set the real uid too.
9834 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
9835 instead of seteuid() which may not exist.
9838 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
9844 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
9845 Add --with-pc-insults configure option
9849 Prefer VISUAL over EDITOR like old vipw did.
9852 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
9854 * sudo.man.in, sudoers.man.in:
9859 Add a note that noexec is not a cure-all.
9863 Mention that disabling "root_sudo" is pretty pointless.
9866 * configure, configure.in:
9867 Substitute for root_sudo in sudoers.pod
9871 Add sudoedit to the NAME section
9875 Document that fact that setting ignore_dot in sudoers has no effect
9876 due to the fact that find_path() is called *before* sudoers is read.
9879 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
9882 Do not require _PATH_USRTMP to be set.
9885 * BUGS, CHANGES, TODO:
9894 Clarify that when sudo is run by root with the SUDO_USER variable
9895 set, the sudoers lookup happens for root and not the SUDO_USER user.
9898 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
9900 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
9901 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
9902 Use the SET, CLR and ISSET macros.
9906 Use the SET, CLR and ISSET macros.
9909 * defaults.c, env.c:
9910 Use the SET, CLR and ISSET macros.
9914 MAIN was replaced with _SUDO_MAIN some time ago.
9918 Don't look at prev_user until after we've parsed sudoers and done
9919 the password check. That way, if sudo/sudoedit is run from a root
9920 process that was invoked by sudo, we check sudoers for root, not the
9921 previous user. This makes sudoedit much more useful and means that
9922 for the sudo case, we get correct logging on who actually ran the
9926 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
9929 Add a comment describing why we need to be notified about our child
9933 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
9935 * def_data.c, def_data.in:
9936 Update the noexec variable descriptions
9939 * sudoers.man.in, sudoers.pod:
9940 noexec now replaces more than just execve()
9944 Alas, all the world does not go through execve(2). Many systems
9945 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
9946 and it is not uncommon for libc to have underscore ('_') versions of
9947 the functions to be used internally by the library. Instead of
9948 stubbing all these out by hand, define a macro and let it do the
9949 work. Extra exec functions pointed out by Reznic Valery.
9952 * sudo.c, sudo_edit.c:
9953 Fix suspending the editor in -e mode. Because we do a fork() first
9954 we need to be notified when the child has been stopped and then send
9955 that same signal to ourself so the shell can do its job control
9960 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
9961 there that want to run sudo that still don't support these we can
9962 try to deal with that later.
9969 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
9970 Document sudo -e / sudoedit
9973 * configure, configure.in:
9977 * config.h.in, configure.in:
9981 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
9984 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
9985 long usage() line to not wrap (assumes 80 char display)
9988 * Makefile.in, sudo.c:
9989 If sudo is invoked as "sudoedit" the -e flag is implied and no other
9990 flags are permitted.
9994 Add a new flag, -e, that makes it possible to give users the ability
9995 to edit files with the editor of their choice as the invoking user,
9996 not the runas user. Temporary files are used for the actual edit
9997 and the temp file is copied over the original after the editor is
10001 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
10002 Add a new flag, -e, that makes it possible to give users the ability
10003 to edit files with the editor of their choice as the invoking user,
10004 not the runas user. Temporary files are used for the actual edit
10005 and the temp file is copied over the original after the editor is
10010 If real uid == 0 and the SUDO_USER environment variables is set, use
10011 that to determine the invoking user's true identity. That way the
10012 proper info gets logged by someone who has done "sudo su" but still
10013 uses sudo to as root. We can't do this for non-root users since
10014 that would open up a security hole, though perhaps it would be
10015 acceptable to use getlogin(2) on OSes where this a system call (and
10016 doesn't just look in the utmp file).
10020 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
10023 * config.h.in, configure, configure.in:
10024 Add check for fchown(2)
10027 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
10030 Back out portions of the -i commit that set NewArgv[0] in
10031 set_runaspw. It is far to late to set NewArgv[0] there and will have
10032 no effect anyway as cmnd and safe_cmnd have already been set.
10035 * visudo.c, visudo.pod:
10036 Prefer VISUAL over EDITOR like old vipw did.
10039 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
10042 In -i mode always set new environment based on the runas user's
10046 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
10048 * sudo.man.in, sudo.pod:
10049 Document the new -i flag and sync SYNOPSIS section with usage() in
10050 sudo.c. Also sort the flags in the OPTIONS section.
10054 o Add -i that acts similar to "su -", based on patches from David J.
10055 MacKenzie o Sort the flags in the usage message
10058 * sudoers.man.in, sudoers.pod:
10059 Add a missing @runas_default@ substitution.
10062 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
10065 Change euid to runas user before calling find_path().
10066 Unfortunately, though runas_user can be modified in sudoers we
10067 haven't parsed sudoers yet.
10070 * sudoers.man.in, sudoers.pod:
10071 Add missing defintion of Parameter_List and use single pipes in the
10072 Defaults EBNF definition.
10076 Fix a bug when set_runaspw() is used as a callback. We don't want
10077 to reset the contents of runas_pw if the user specified a user via
10080 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
10081 already have the info in runas_pw.
10084 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
10087 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
10091 Update sudo_getepw() proto and add one for set_runaspw()
10095 If we can't stat the command as root, try as the runas user instead.
10098 * testsudoers.c, visudo.c:
10099 Add stub set_runaspw() function
10103 Add set_runaspw() function to fill in runas_pw. This will be used
10104 as a callback to update runas_pw when the runas user changes.
10108 PERM_RUNAS -> PERM_FULL_RUNAS
10111 * set_perms.c, sudo.h:
10112 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
10117 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
10118 one chunk for easy free()ing. Also change it from static to extern.
10121 * defaults.c, defaults.h:
10122 Add callback support
10126 Add a callback field and use it for runas_default
10129 * def_data.c, def_data.in:
10130 Add a callback field and use it for runas_default
10133 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
10136 Add support for chalnecho and display server responses used by fwtk
10140 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
10142 * sudoers.man.in, sudoers.pod:
10143 ld.so is ld.so.1 on solaris
10146 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
10147 Use closefrom() instead of doing the equivalent inline.
10151 closefrom(3) for systems w/o it
10154 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
10157 Update from .pod file.
10160 * configure, configure.in:
10161 Substitute noexec_file for the sudoers man page
10164 * sudo.man.in, sudo.pod:
10168 * sudoers.man.in, sudoers.pod:
10172 * auth/pam.c, config.h.in, configure.in:
10173 Move PAM_CONST macro definition from config.h to pam.c where it
10174 belongs. We can't have this in config.h since that gets included too
10178 * auth/pam.c, config.h.in, configure, configure.in:
10179 Some PAM implementations put their headers in /usr/include/pam
10180 instead of /usr/include/security.
10184 I missed changing the EXEC macro -> EXECV here when I changed this
10185 in config.h.in and sudo.c a while ago.
10189 OpenBSD vax/m88k/hppa don't do shared libs
10192 * configure, configure.in:
10193 o merge the hpux case entries into a single entry w/ its own sub-
10194 case statement. o HP-UX >= 11 support getspnam(), use it in
10195 preference to getprpwuid()
10198 * configure, configure.in:
10199 eval $shrext so that it expands nicely on MacOS X
10203 Don't lie about making a module, it does the wrong thing on mach
10207 Remove requirement that libs must begin with "lib". They don't when
10208 we point directly at the lib using LD_PRELOAD or its equivalent.
10212 Disable support for c++, f77 and java. We don't need it, it takes a
10213 lot of time, and it hosed our check for shared lib support.
10221 Call AC_ENABLE_SHARED and check the status of enable_shared to know
10222 when shared libs are available.
10226 Duh, OpenBSD suports shared libs too
10229 * config.h.in, configure.in:
10230 Only OpenPAM and Linux PAM use const qualifiers.
10233 * configure, configure.in:
10234 o No need to check for sed, libtool config does that for us o move
10235 check for --with-noexec until after libtool magic is run so we can
10236 use $can_build_shared and $shrext
10240 Don't print a bunch of crap about library installs since we are not
10241 really installing a library.
10245 Make format_env() varargs Add noexec support for Darwin, MacOS X,
10249 * acsite.m4, ltconfig, ltmain.sh:
10250 Update to libtool 1.5 with local changes: o no ldconfig in the
10251 finish step o assume no libprefix or version is needed
10255 Fix compilation under K&R
10258 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
10265 stub execve() that just returns EACCES; used for noexec
10270 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
10275 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
10279 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
10281 * def_data.c, def_data.h, def_data.in:
10282 Move the environment defaults to the end and shorten a few of the
10286 * configure, configure.in:
10287 no shared libs on ultris or convexos
10290 * Makefile.in, configure, configure.in:
10291 Build sudo_noexec shared object using libtool; could use some
10295 * acsite.m4, ltconfig, ltmain.sh:
10296 libtool scaffolding
10299 * parse.yacc, sudo.tab.c:
10300 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
10304 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
10305 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
10306 update copyright year
10309 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
10310 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
10311 option. The default value of noexec_file is set to this.
10314 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
10315 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
10317 Add support for preloading a shared object containing a dummy
10318 execve() function that just sets error and returns -1. This adds a
10319 "noexec_file" option to load the filename as well as a "noexec" flag
10320 to enable it unconditionally. There is also a NOEXEC tag that can
10321 be attached to specific commands and an EXEC tag to disable it.
10325 add missing newline to usage statement
10328 * config.h.in, sudo.c:
10329 Rename EXEC macro -> EXECV
10333 Don't truncate usernames to 8 characters in the log message.
10336 * check.c, sudoers.man.in, sudoers.pod:
10337 Update copyright year
10340 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
10342 Add a new option, lecture_file, that can be used to point to a
10343 custom sudo lecture.
10346 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
10348 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
10350 Add a zero_bytes() function to do the equivalent of bzero in such a
10351 way that will heopfully not be optimized away by sneaky compilers.
10355 Add a zero_bytes() function to do the equivalent of bzero in such a
10356 way that will heopfully not be optimized away by sneaky compilers.
10359 * Makefile.in, sudo.h:
10360 Add a zero_bytes() function to do the equivalent of bzero in such a
10361 way that will heopfully not be optimized away by sneaky compilers.
10365 Use #ifdef __STDC__, not #if __STDC__.
10368 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
10371 Always put at least one space between the def_* macro name and its
10375 * configure, configure.in:
10376 Adjust code for --without-lecture to match new values.
10380 regen after pasto fix
10383 * sudoers.man.in, sudoers.pod:
10384 Document that "lecture" has changed from a flag to a tuple.
10387 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
10388 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
10389 Add support for tuples in def_data.in; these are implemented as an
10390 enum type. Currently there is only a single tuple enum but in the
10391 future we may have one tuple enum per T_TUPLE entry in def_data.in.
10392 Currently listpw, verifypw and lecture are tuples. This avoids the
10393 need to have two entries (one ival, one str) for pwflags and syslog
10396 lecture is now a tuple with the following values: never, once,
10399 We no longer use both an int and string entry for syslog facilities
10400 and priorities. Instead, there are logfac2str() and logpri2str()
10401 functions that get used when we need to print the string values.
10404 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
10405 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
10406 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
10407 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
10408 sudo.tab.c, visudo.c:
10409 Create def_* macros for each defaults value so we no longer need the
10410 def_{flag,ival,str,list,mode} macros (which have been removed). This
10411 is a step toward more flexible data types in def_data.in.
10418 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
10421 If we are in -k/-K mode, just spew to stderr. It is not unusual for
10422 users to place "sudo -k" in a .logout file which can cause sudo to
10423 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
10424 Previously, this would result in useless mail and logging.
10427 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
10430 fix pasto in VISUAL description
10433 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
10444 Some OSes (like Solaris) allow export w/ nosuid too
10447 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
10450 We don't use FD_ZERO anymore so just define FD_SET (if not already
10454 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
10457 Fix a core dump on Solaris by preserving the pam_handle_t we used
10458 during authentication for pam_prep_user(). If we didn't
10459 authenticate (ie: ticket still valid), we call pam_init() from
10460 pam_prep_user(). This is something of a hack; it may be better to
10461 change the auth API and add an auth_final() function that acts like
10465 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
10468 Add explicit declaration of printerr variable in function header
10469 (was defaulting to int which is OK but oh so K&R :-). From Theo.
10472 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
10474 * config.h.in, configure.in:
10475 s/HAVE_STOW/USE_STOW/
10479 Also exit waitpid() loop when pid == 0. Fixes a problem where the
10480 sudo process would spin eating up CPU until sendmail finished when
10481 it has to send mail.
10484 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
10487 Remove advertising clause, UCB has disavowed it
10491 Remove advertising clause, UCB has disavowed it
10494 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
10497 Don't assume that getgrnam() calls don't modify contents of struct
10498 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
10499 Based on a patch from Kirk Webb.
10502 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
10509 darwin has a broken setreuid() in at least some versions
10513 Fix an off by one error when reallocating the environment; Kevin Pye
10516 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
10519 Fix User_Spec definition; SEKINE Tatsuo
10522 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
10525 More info on the early days from Coggs.
10528 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
10531 remove errant semicolon that prevented compilation under heimdal
10534 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
10536 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
10537 add DARPA credit on affected files
10541 add DARPA credit on affected files
10544 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
10546 add DARPA credit on affected files
10550 add DARPA credit on affected files
10554 add DARPA credit on affected files
10557 * logging.c, parse.c:
10558 add DARPA credit on affected files
10561 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
10562 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
10563 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
10565 add DARPA credit on affected files
10568 * auth/kerb5.c, auth/pam.c:
10569 add DARPA credit on affected files
10572 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
10573 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
10575 add DARPA credit on affected files
10579 add DARPA credit on affected files
10582 * defaults.c, defaults.h:
10583 add DARPA credit on affected files
10587 add DARPA credit on affected files
10590 * Makefile.in, alloc.c, check.c:
10591 add DARPA credit on affected files
10595 slightly different wording for the darpa credit
10598 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
10604 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
10607 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
10608 Kerberos like we did before I messed things up ;-)
10610 Use krb5_principal_get_comp_string() to do the same thing w/
10611 Heimdal. I'm not sure if the component should be 0 or 1 in this
10614 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
10615 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
10616 should be a configure check for this I guess.
10619 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
10622 builtin -> built-in; Jason McIntyre
10625 * TROUBLESHOOTING, config.h.in, configure, configure.in:
10626 builtin -> built-in; Jason McIntyre
10630 built in -> built-in; Jason McIntyre
10633 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
10636 checkpoint for 1.6.7p3
10640 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
10641 Amazingly, sudo source from 1985 is available via groups.google.com
10645 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
10646 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
10647 RLIMIT_CORE restoration on some OSes.
10650 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
10653 Make this compile on Heimdal and MIT Kerberos 5
10656 * config.h.in, configure, configure.in:
10657 Check for heimdal even if we found krb5-config and define
10662 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
10663 no longer defined by MIT kerb5 (though it used to be and indeed
10664 remains so in Heimdal).
10667 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
10670 Remove newer stuff that passes multiple (possibly duplicate)
10671 directories to "mkdir -p" since that seems to break on Tru64 Unix at
10672 least. This basically brings back what shipped with sudo 1.6.6.
10675 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
10678 Correct number of args to krb5_principal_get_realm() and fix an
10679 unclosed comment that hid the bug.
10706 * CHANGES, version.h:
10715 use krb5-config to determine Kerberos V details if it exists
10718 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
10719 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
10720 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
10721 testsudoers.c, visudo.c:
10722 Use warn/err and getprogname() throughout. The main exception is
10723 openlog(). Since the admin may be filtering logs based on the
10724 program name in the log files, hard code this to "sudo".
10728 Add getprogname.c and err.c
10735 * config.h.in, configure.in:
10736 Add checks for getprognam(), __progname and err.h
10740 For systems withour err/warn functions.
10744 For systems withour err/warn functions.
10748 For systems neither getprogname() nor __progname; uses Argv[0].
10751 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
10754 checkpoint for 1.6.7p1
10757 * sudo.c, testsudoers.c:
10758 fix strlcpy() rval check (innocuous)
10762 oflow detection in expand_prompt() was faulty (false positives). The
10763 count was based on strlcat() return value which includes the length
10764 of the entire string.
10767 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
10770 checkpoint for the sudo 1.6.7 release
10771 [096bab4da29a] [SUDO_1_6_7]
10774 checkpoint for the sudo 1.6.7 release
10777 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
10780 g/c unused variable
10788 use man sections 8 and 5 for csops
10791 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
10798 Add -lskey or -lopie directly to SUDO_LIBS instead of having
10799 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
10807 Add --with-blibpath for AIX. An alternate libpath may be specified
10809 -blibpath support can be disabled. Also change conifgure such that
10810 -blibpath is not specified if no -L libpaths were added to
10815 Add --with-blibpath for AIX. An alternate libpath may be specified
10817 -blibpath support can be disabled. Also change conifgure such that
10818 -blibpath is not specified if no -L libpaths were added to
10823 Add --with-blibpath for AIX. An alternate libpath may be specified
10825 -blibpath support can be disabled. Also change conifgure such that
10826 -blibpath is not specified if no -L libpaths were added to
10831 add AIX blibpath support
10834 * INSTALL, configure.in:
10835 --with-skey and --with-opie now take an option directory argument
10836 This obsoletes a --with-csops hack (/tools/cs/skey)
10838 Also remove the remaining direct uses of "echo"
10841 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
10844 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
10845 for KTH Kerberos IV and V.
10849 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
10850 -R/path/to/dir if $with_rpath) to the specified variable.
10853 * INSTALL, configure.in:
10854 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
10855 option, --with-rpath to control this behavior.
10859 for kerb4 put libdes after libkrb on the link line
10867 fix kerberos lib check when a path is specified
10871 Fix boolean thinko in SIGCHLD reaper and call reapchild after
10872 sending mail instead of doing a conditional sudo_waitpid.
10875 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
10882 replace =DIR with [=DIR] where sensible
10886 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
10887 detection based on openssh's configure.in
10891 --with-kerb4 and --with-kerb5 now take an optional argument.
10894 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
10897 Kill remaining strcpy(), the programmer's guide says username is 32
10902 trat uid_t as unsigned long for printf and use snprintf, not sprintf
10909 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
10911 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
10912 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
10913 auth/rfc1938.c, auth/sudo_auth.c:
10914 update copyright year
10917 * sudo.man.in, sudoers.man.in, visudo.man.in:
10918 update copyright year
10921 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
10922 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
10923 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
10924 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
10925 update copyright year
10928 * check.c, env.c, sudo.c:
10929 Cast [ug]ids to unsigned long and printf with %lu
10937 correct error messages for --with-sudoers-{mode,uid,gid}
10941 make the malloc(0) error specific to each function to aid tracking
10946 deal with platforms where size_t is signed and there is no SIZE_MAX
10951 Make this compile w/ Heimdal and fix some gcc warnings.
10955 Use stat_sudoers macro so --with-stow can work
10958 * INSTALL, config.h.in, configure, configure.in:
10959 Add support for --with-stow based on patches from Robert Uhl
10975 use strlcpy, not strncpy
10979 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
10986 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
10988 * strlcat.c, strlcpy.c:
10989 Make gcc shutup about unused rcsid
10993 Move the n == 0 check for the non-getifaddrs cas
10997 skeychallenge() on NetBSD take a size parameter
11005 put -ldl after -lpam, not before; fixes static linking on Linux
11009 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
11013 * sudo.cat, sudoers.cat, visudo.cat:
11017 * sudo.man.in, sudoers.man.in, visudo.man.in:
11022 Preserve copyright notice from .pod file in .man.in file
11026 Add sudoers(5) to SEE ALSO
11029 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
11036 Don't assume libc can realloc() a NULL string. If malloc/realloc
11037 fails, make sure we just return; yyerror() is not terminal.
11045 simplify fill_args a little and use strlcpy for paranoia
11052 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
11054 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
11055 cases the strings were either pre-allocated to the correct size of
11056 length checks were done before the copy but a little paranoia can go
11061 Add strlc{at,py} protos
11064 * env.c, interfaces.c:
11073 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
11074 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
11078 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
11083 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
11086 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11089 Use snprintf() for paranoia
11093 Use emalloc2 and erealloc3
11097 strlc{at,py} for those w/o it
11100 * strlcat.c, strlcpy.c:
11101 stlc{at,py} for those w/o it.
11104 * config.h.in, configure, configure.in:
11105 Add stlc{at,py} for those w/o it.
11109 Add erealloc3(), a realloc() version of emalloc2().
11112 * interfaces.c, sudo.c:
11113 Use emalloc2() to allocate N things of a certain size.
11117 Add emalloc2() -- like calloc() but w/o the bzero and with
11118 error/oflow checking.
11122 Error out on malloc(0); suggested by theo
11125 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
11127 * configure, configure.in:
11128 fix a typo; David Krause
11131 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
11137 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
11140 Remove DYLD_ from the environment for MacOS X; from bbraun
11143 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
11145 * config.h.in, configure.in:
11146 not not; Anil Madhavapeddy
11149 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
11151 * sudo.pod, sudoers.pod, visudo.pod:
11152 typos; jmc@openbsd.org
11155 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
11158 Add some missing ';' rule terminators that bison warns about.
11162 fix typo I introduced in last merge
11166 regenerate with autoconf 2.57
11170 Add missing "$HOME"
11174 Add some more square backets to make autoconf 2.57 happy
11177 * config.sub, mkinstalldirs:
11178 Updates from autoconf-2.57
11182 Updates from autoconf-2.57
11185 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11191 * lex.yy.c, sudo.tab.c:
11195 * parse.lex, parse.yacc, sudoers.pod:
11196 Add support for Defaults>RunasUser
11199 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11202 fclose() yyin after each yyparse() is done and use fopen() instead
11203 of using freopen().
11207 Better fix for sudoers files w/o a newline before EOF. It looks
11208 like the issue is that yyrestart() does not reset the start
11209 condition to INITIAL which is an issue since we parse sudoers
11213 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
11216 Work around what appears to be a flex bug when dealing with files
11217 that lack a final newline before EOF. This adds a rule to match EOF
11218 in the non-initial states which resets the state to INITIAL and
11223 o The parser needs sudoers to end with a newline but some editors
11224 (emacs) may not add one. Check for a missing newline at EOF and
11225 add one if needed. o Set quiet flag during initial sudoers parse (to
11226 get options) o Move yyrestart() call and always use freopen() to
11227 open yyin after initial sudoers parse.
11230 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
11233 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
11234 effective gid, not real gid, when reading sudoers.
11238 don't compile set_perms_posix if we have setreuid or setresuid
11241 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11243 * sudo.pod, sudoers.pod:
11244 document new prompt escapes
11248 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
11249 collapsed to "%" as was originally intended. This also gets rid of
11250 lastchar (does lookahead instead of lookback) which should simplify
11251 the logic slightly.
11254 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
11257 Write the prompt *after* turning off echo to avoid some password
11258 characters being echoed on heavily-loaded machines with fast
11263 Add support for mipseb; wiz@danbala.tuwien.ac.at
11267 Fix IRIX fallout from name changes in man dir/sect Makefile
11268 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
11272 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
11273 the global copy. Problem noted by Peter Pentchev.
11276 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
11283 Add missing yyerror() calls; YYERROR does not seem to call this for
11287 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
11290 fix typo in comment; Pedro Bastos
11293 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11296 document --disable-setresuid
11299 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
11301 Sprinkle some volatile qualifiers to prevent over-enthusiastic
11302 optimizers from removing memset() calls.
11305 * logging.c, parse.yacc:
11306 minor sign fixes pointed out by gcc -Wsign-compare
11309 * set_perms.c, sudo.c, sudo.h:
11310 Revamp set_perms. We now use a version based on setresuid() or
11311 setreuid() when possible since that allows us to support the
11312 stay_setuid option and we always know exactly what the semantics
11313 will be (various Linux kernels have broken POSIX saved uid support).
11316 * config.h.in, configure:
11317 regen from configure.in
11321 Add checks for setresuid() and a way to disable using it
11325 No long need to emulate set*[ug]id() via setres[ug]id() or
11326 setre[ug]id(). The new set_perms stuff only uses things it knows are
11331 Before exec, restore state of signal handlers to be the same as when
11332 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
11333 a problem when using sudo with nohup. Based on a patch from Paul
11338 o timestamp_uid should be uid_t, not int o clarify error message
11339 when sudo is run by root and no_root_sudo is set
11342 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
11345 update ftp link for bison
11348 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
11351 Error out if setusercontext() fails and the runas user is not root.
11354 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
11361 Fix SecurID API test
11364 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
11371 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
11372 but I don't see a better way at the moment.
11375 * Makefile.in, auth/securid5.c:
11376 SecurID API version 5 support from Michael Stroucken
11380 Add check for SecurID 5.0 API
11383 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
11386 We actually do still need config.h to get the 'const' definition for
11390 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
11393 regen with autoconf 2.5.3
11397 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
11401 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
11402 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
11405 * env.c, sudo.c, sudo.h:
11406 No need for dump_badenv() now that dump_defaults() knows how to dump
11410 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
11416 document timestampowner
11420 Don't call set_perms() when doing timestamp stuff unless
11421 timestamp_uid != 0.
11424 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
11425 sudo.h, testsudoers.c:
11426 g/c second arg to set_perms--it is no longer used
11429 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
11431 * check.c, set_perms.c, sudo.c, sudo.h:
11432 Add support for non-root timestamp dirs. This allows the timestamp
11433 dir to be shared via NFS (though this is not recommended).
11436 * def_data.c, def_data.h, def_data.in:
11437 Add timestampowner, "Owner of the authentication timestamp dir"
11440 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
11443 Don't try to pre-compute the size of the new envp, just allocate
11444 space up front and realloc as needed. Changes to the new env
11445 pointer must all be made through insert_env() which now keeps track
11446 of spaced used and allocates as needed.
11449 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
11456 Fix two typo/pastos; from jrj@purdue.edu
11459 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
11461 * INSTALL.binary, README:
11463 [a1e33027278c] [SUDO_1_6_6]
11465 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
11466 visudo.cat, visudo.man.in:
11470 * CHANGES, RUNSON, TODO:
11475 The the loop used to expand %h and %u, the lastchar variable was not
11476 being initialized. This means that if the last char in the prompt
11477 is '%' and the first char is 'h' or 'u' a extra copy of the host or
11478 user name would be copied, for which space had not been allocated.
11481 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
11483 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
11484 crank version to 1.6.6
11488 #undef VOID to get rid of an AFS warning
11492 Use easprintf instead of emalloc + sprintf for some things.
11495 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
11497 * lex.yy.c, sudo.tab.c:
11501 * parse.c, parse.lex, parse.yacc, testsudoers.c:
11502 Remove Chris Jepeway's email address so people don't bug him ;-)
11505 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11508 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
11509 endgrent() at the same time.
11512 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
11515 Make it clear which configure options take arguments.
11518 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
11521 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
11522 RLIM_INFINITY, just pretend it is -1. This works because we only
11523 check for RLIM_INFINITY and do not set anything to that value.
11526 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
11529 Zero and free allocated memory when there is a conversation error.
11533 Use sigaction() not signal()
11537 Mention that some linux kernels have broken POSIX saved ID support
11541 checkpoint for 1.6.5p2
11549 Add --disable-setreuid flag
11553 Document new --disable-setreuid option and change description for
11554 --disable-saved-ids to match new error message.
11558 fatal() now takes an argument that determines whether or not to call
11563 Update for new error messages from set_perms()
11567 Update for new error messages from set_perms()
11570 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
11573 Make this compile w/o warnings
11577 Mention that we can't use pam_acct_mgmt()
11580 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
11581 The user's password was not zeroed after use when AIX
11582 authentication, BSD authentication, FWTK or PAM was in use.
11585 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
11588 Avoid giving PAM a NULL password response, use the empty string
11589 instead. This avoids a log warning when the user hits ^C at the
11590 password prompt when PAM is in use.
11594 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
11595 pam_setcred() returns the last saved return code, not the return
11596 code for the setcred module. Because we haven't called
11597 pam_authenticate(), this is not set and so pam_setcred() returns
11602 Don't need a '/' between $(DESTDIR) and a directory.
11606 Don't need a '/' between $(DESTDIR) and a directory.
11609 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
11616 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
11617 setreuid() o new NetBSD has a real setreuid() o add check for
11618 freeifaddrs() if getifaddrs() exists.
11621 * config.h.in, interfaces.c:
11622 Older BSDi releases lack freeifaddrs() so add a test for that and if
11623 it is not present just use free().
11626 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11629 Checkpoint for 1.6.5p1
11633 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
11634 to normal passwords, not AUTH_FATAL (which just causes an exit).
11638 Don't use memory after it has been freed.
11642 skeyaccess() wants a struct passwd * not a char *; Patch from
11644 [65a1d3806fcd] [SUDO_1_6_5]
11650 * CHANGES, RUNSON, TODO:
11651 checkpoint for sudo 1.6.5
11654 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
11660 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
11664 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11670 o when invoking the mailer as root use a hard-coded environment that
11671 doesn't include any info from the user's environment. Basically
11674 o Add support for the NO_ROOT_MAILER compile-time option and run the
11675 mailer as the user and not root if NO_ROOT_MAILER is defined.
11678 * set_perms.c, sudo.h:
11679 Bring back PERM_FULL_USER
11690 * INSTALL, config.h.in, configure.in:
11691 Add --disable-root-mailer option to run the mailer as the user and
11696 checkpoint for 1.6.4p2
11700 Mention the "seteuid(0): Operation not permitted" problem here too
11701 just for good measure.
11704 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
11706 * env.c, getspwuid.c, sudo.c:
11707 The SHELL environment variable was preserved from the user's
11708 environment instead of being reset based on the passwd database when
11709 the "env_reset" option was used. Now it is reset as it should be.
11716 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
11718 Add a configure option to turn off use of POSIX saved IDs
11726 add --with-efence option
11730 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
11731 "sudo -l" would not work if always_set_home was set.
11739 Quoted commas were not being treated correctly in command line
11744 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
11745 Otherwise, the set_home option has no effect.
11747 o Fix use of freed memory when the "fqdn" flag is set. This was
11748 introduced by the fix for the "segv when gethostbynam() fails" bug.
11749 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
11750 there is no need to check the "fqdn" flag in set_fqdn() itself.
11754 Add 'continue' statements to optimize the switch statement. From
11758 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
11760 * sudoers.cat, sudoers.man.in:
11761 Regen from new sudoers.pod
11762 [6ecc07b3d0e1] [SUDO_1_6_4]
11765 Add caveat about stay_setuid flag
11769 If set_perms == set_perms_posix and the stay_setuid flag is not set,
11770 set all uids to 0 and use set_perms_fallback().
11773 * set_perms.c, sudo.h:
11774 Remove PERM_FULL_USER (which is no longer used) and add
11775 PERM_FULL_ROOT (used when exec'ing the mailer).
11779 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
11780 never want to run the mailer setuid.
11783 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
11785 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
11787 Use sudo.ws instead of courtesan.com in URLs
11790 * Makefile.binary, Makefile.in:
11791 Fix mansect substitution
11795 Substitute man sections in Makefile.binary
11799 Sync install targets with Makefile.in and substitute in man
11803 * INSTALL, INSTALL.binary:
11808 Repair bindist target
11815 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
11818 Fix case where neither whoami nor id are found
11821 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11824 If neither whoami nor id exists, just assume we are root.
11828 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
11829 on AIX which for some reason isn't pulling in the malloc prototype.
11832 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
11834 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
11843 Defer assigning new environment until right before the exec.
11847 kill extra blank line
11850 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11857 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
11858 compiler doesn't recognise -O2.
11862 Clarify origins of Root Group sudo a bit based on info from
11863 billp@rootgroup.com
11866 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
11873 checkpoint for 1.6.4rc1
11876 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
11879 now generated via autoheader
11887 Move in some stuff that was previously in config.h.
11890 * aclocal.m4, configure.in:
11891 Add info for autoheader.
11894 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
11897 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
11898 -g to facilitate non-root installs
11902 Add -M option (like -m but only for root) If we can't find "whoami",
11903 use "id" w/ some sed.
11911 allow user to always override mansectsu and mansectform
11914 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
11917 update from autoconf 2.52
11920 * config.guess, config.sub:
11921 Update from autoconf 2.52
11925 regen with autoconf 2.52
11929 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
11930 mode o Remove compiler-specific checks for HP-UX now that we use
11939 o Add pam_prep_user function to call pam_setcred() for the target
11940 user; on Linux this often sets resource limits. o When calling
11941 pam_end(), try to convert the auth->result to a PAM_FOO value.
11942 This is a hack--we really need to stash the last PAM_FOO value
11943 received and use that instead.
11946 * set_perms.c, sudo.h:
11947 o Add pam_prep_user function to call pam_setcred() for the target
11948 user; on Linux this often sets resource limits.
11952 Fix off by one error in number of bytes allocated via malloc (does
11953 not affected any released version of sudo).
11956 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
11963 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
11964 requiring that they be quoted.
11967 * sudoers.cat, sudoers.man.in, sudoers.pod:
11968 Mention that no double quotes are needed when
11969 adding/deleting/assigning a single value to a list.
11973 Don't rely on mkdefaults being executable, call perl explicitly.
11981 Remove some XXX that are no longer relevant.
11985 o Roll our own loop instead of using strpbrk() for better
11986 grokability o When adding to a list we must malloc() and use
11987 memcpy(), not strdup() since we must only copy len bytes from str.
11990 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
12000 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
12011 avoid the -g flag unless --with-devel was specified
12015 mkdefaults, def_data.in and sigaction.c were missing from the
12020 def_data.c was missing
12023 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
12026 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
12027 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
12035 Add comment for Default section so folks know where it should go.
12038 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
12041 Use TCSETAF, not TCSETA to set terminal in termio case
12044 * sudoers.cat, sudoers.man.in:
12045 regen from sudoers.pod
12049 o Typo, Runas_User_List should be Runas_List o a User_List can not
12050 contain a uid o mention that the Defaults section should come after
12051 Alias definitions but before the user specifications
12054 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
12056 * sudoers.cat, sudoers.man.in:
12061 Fix listpw and verifypw sections, they were not being formatted
12065 * sudoers.cat, sudoers.man.in:
12077 * config.h.in, configure.in:
12078 use AC_SYS_POSIX_TERMIOS instead of rolling our own
12082 Reference sudo.ws not courtesan.com
12086 Add notes on shadow passwords
12090 In list mode (sudo -l), characters escaped with a backslash are
12091 shown verbatim with the backslash.
12095 Add simple examples from OpenBSD (Marc Espie)
12099 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
12103 minor prettyification
12111 Fix CIDR handling here too.
12115 Apparently a NULL response is OK
12119 Checkpoint for upcoming beta release
12123 Many people believe that adding a runas spec should obviate the need
12124 for the -u flag. It does not.
12128 checkpoint update for upcoming 1.6.4 beta
12132 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
12133 if HAVE_STRING_H is defined -- this is safe now
12137 Add signals section
12145 Fix check for sigaction_t
12149 XXX - should call find_path() as runas user, not root. Can't do
12150 that until the parser changes though.
12154 If find_path() fails as root, try again as the invoking user (useful
12155 for NFS). Idea from Chip Capelik.
12158 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
12159 Regenerate after pod file changes
12162 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
12163 sudo.pod, sudoers.pod:
12164 Add new sudoers option "preserve_groups". Previously sudo would not
12165 call initgroups() if the target user was root. Now it always calls
12166 initgroups() unless the -P command line option or the
12167 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
12170 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
12172 * compat.h, config.h.in:
12173 Use new HAVE_SIGACTION_T define
12177 Fix compilation on K&C
12185 Add check for sigaction_t -- IRIX already defines this so don't
12194 need stdlib.h here too
12202 Remove redundant checks for string.h, strings.h and unistd.h
12205 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
12207 Regen from pod files
12214 * configure, lex.yy.c, sudo.tab.c:
12219 Return EINVAL if errnum > sys_nerr
12222 * auth/sudo_auth.h:
12223 o Update copyright year
12226 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
12227 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
12229 o Update copyright year
12233 o Don't define STDC_HEADERS unconditionally for IRIX o Update
12241 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
12242 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12243 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
12244 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
12245 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
12247 o Reorder some headers and use STDC_HEADERS define properly o Update
12252 o Reorder some headers and use STDC_HEADERS define properly o Update
12256 * getspwuid.c, goodpath.c, interfaces.c:
12257 o Reorder some headers and use STDC_HEADERS define properly o Update
12262 o Reorder some headers and use STDC_HEADERS define properly o Update
12266 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
12268 o Reorder some headers and use STDC_HEADERS define properly o Update
12277 flags set in signal handlers should be volatile sig_atomic_t
12280 * config.h.in, configure.in:
12281 Add checks for volatile and sig_atomic_t
12284 * configure, lex.yy.c:
12288 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
12289 sudo.c, sudoers.pod:
12290 Remove "secure_path" Defaults option since it cannot work with the
12294 * find_path.c, sudo.c:
12295 Unset "secure_path" if user_is_exempt()
12298 * env.c, pathnames.h.in:
12299 o Remove assumption that PATH and TERM are not listed in env_keep o
12300 If no PATH is in the environment use a default value o If TERM is
12301 not set in the non-reset case also give it a default value.
12304 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
12305 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
12306 systems that define in paths.h
12309 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
12310 Add support for skeyaccess(3) if it is present in libskey.
12313 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
12316 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
12320 '\\' is a perfectly legal character to have in a command line
12325 o Defer call to set_fqdn() until it is safe to use log_error() o
12326 Don't print errno string value if gethostbyname fails, it is not
12331 Fix CIDR -> in_addr_t conversion.
12334 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
12337 Remove an extra "User_List" in the User_Spec definition From
12338 ybertrand AT snoopymail.com
12342 Make 'listpw=never' work for users who are not explicitly mentioned
12347 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
12351 Document new list Defaults type and convert env_keep and env_delete
12352 to lists. Document new env_check option.
12355 * lex.yy.c, sudo.tab.c, sudo.tab.h:
12360 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
12369 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
12372 * config.h.in, configure.in:
12373 Add check for skeyaccess(3)
12377 Document new -c, -f, and -q options
12381 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
12388 * aclocal.m4, config.h.in, configure.in:
12389 Add check for isblank and a replacement macro if it doesn't exist.
12392 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
12395 In check-only mode, don't create sudoers if it does not already
12400 o Add a new token, DEFVAR, to indicate a Defaults variable name o
12401 Add support for "+=" and "-=" list operators o replace some 1 and 0
12402 with TRUE and FALSE for greater legibility.
12406 o Use exclusive start conditions to remove some ambiguity in the
12407 lexer. Also reorder some things for clarity. o Add support for
12408 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
12409 a Defaults variable name.
12413 Prototype init_envtables()
12417 o Convert environment handling to use lists instead of strings.
12418 This greatly simplifies routines that need to do "foreach" type
12419 operations. o Add new init_envtables() function to set env_check
12420 and env_delete defaults based on initial_badenv_table and
12421 initial_checkenv_table (formerly sudo_badenv_table).
12424 * defaults.c, defaults.h:
12425 o Add a new LIST type and functions to manipulate it. o This is for
12426 use with environment handling variables. o Call new
12427 init_envtables() routine inside init_defaults() to initialize the
12431 * def_data.c, def_data.h, def_data.in:
12432 Convert environment options to use the new LIST type and add a new
12433 one, env_check that only deletes if the sanity check fails.
12437 Add dummy version of init_envtables()
12445 Add check-only mode
12449 Fix generation of entries with NULL descriptions.
12452 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
12455 Use sigaction_t and quiet a gcc warning.
12459 Must reset signal handlers before we exec
12462 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
12464 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
12465 version needs testing. Set SIGTSTP to SIG_DFL during password entry
12466 so user can suspend us.
12470 Add support for interrupting/suspending tgetpass via keyboard input.
12471 If you suspend sudo from the password prompt and resume it will re-
12476 Don't block keyboard interrupt signals, just set them to SIG_IGN.
12479 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
12482 add back HAVE_SIGACTION
12489 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
12490 Kill POSIX_SIGNALS define and old signal support now that we emulate
12491 POSIX ones Also be sure to correctly initialize struct sigaction.
12495 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
12499 Add scaffolding for POSIX signal emulation
12503 o Add missing ';' so this compiles o Can't use NULL since we don't
12508 Emulate sigaction() using sigvec()
12511 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
12514 Document new behavior of negative values of timestamp_timeout Fix a
12519 Add security note about command not being logged after 'sudo su' and
12524 Mention that -V prints default values when run as root, including
12525 the list of environment variables to clear.
12529 Run pod2man with --quotes=none to avoid stupid quoting of C<>
12533 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
12535 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
12536 Add mail_badpass option Also modify mail_always behavior to also
12537 send mail when the password is wrong
12540 * env.c, sudo.c, sudo.h:
12541 Dump default bad env table when 'sudo -V' is run by root.
12545 document env_delete
12549 Add support for '*' in env_keep when not resetting the environment
12550 (ie: the normal case).
12554 Add env_delete variable that lets the user replace/add to the
12555 bad_env_table. Allow '*' wildcard in env_keep entries.
12558 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
12561 Force umask to 022 to guarantee sane directory permissions.
12564 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
12567 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
12571 fix breakage in last commit
12575 acsite.m4 -> aclocal.m4
12579 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
12583 regenerated from def_data.in
12586 * check.c, defaults.c, defaults.h:
12587 Add new T_UINT type that most things use instead of T_INT If
12588 timestamp_timeout is < 0 then treat the ticket as never expiring (to
12589 be expired manually by the user).
12593 change most T_INT -> T_UINT
12597 fix warning when no args
12601 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
12602 we are a signal handler. We no longer print the signal number but
12603 the user can just check the exit value for that.
12606 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
12609 when setting up pipes in child process check for case where stdin ==
12613 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
12616 Ignore editor exit value since XPG4 says vi's exit value is the
12617 count of editing errors made (failed searches, etc).
12620 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
12627 sco now is identified by config.guess as *-sco-*
12631 Check for getspnam() in -lgen if not in -lc for UnixWare.
12634 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
12636 * sudoers.pod, visudo.pod:
12637 "upper case" -> "uppercase"
12641 fix typos and grammar; pjanzen@foatdi.harvard.edu
12644 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
12647 Missing word (specify); krapht@secureops.com
12650 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
12653 If we fail to lookup a login class, apply the default one.
12657 In log_error() free message, not logline unconditionally, then free
12658 logline if it is not the same as message. No function change but
12659 this mirrors how they are allocated.
12662 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
12669 remove some backslash quotes that are unneeded
12673 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
12674 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
12675 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
12676 to AC_DEFINE things manually.
12679 * config.guess, config.sub:
12680 Updated from autoconf-2.50
12683 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
12686 Update mailing list section. We use mailman now, not majordomo.
12689 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12691 * getspwuid.c, logging.c, sudo.c:
12692 Use setpwent()/endpwent() + all the shadow variants to make sure we
12693 don't inadvertantly leak an fd to the child. Apparently Linux's
12694 shadow routines leave the fd open even if you don't call setspent().
12695 Reported by mike@gistnet.com; different patch used.
12698 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
12705 select() may return EAGAIN. If so, continue like we do for EINTR.
12709 Fix a non-exploitable buffer overflow in the word splitting code.
12710 This should really be rewritten.
12718 Tell people to look in sample.syslog.conf for examples, not FAQ
12722 Update list of env vars that are cleared
12726 remove struct env_table decl since that stuff has all moved to env.c
12729 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
12732 Fix a pasto in flock-style unlocking and include <sys/file.h> for
12733 flock on older systems; twetzel@gwdg.de
12737 regen to get NeXT lockf/flock fix
12741 force NeXT to use flock since lockf is broken
12744 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12747 Use stashed user_gid when checking against exempt gid since sudo
12748 sets its gid to a a value that makes sudoers readable. Previously
12749 if you used gid 0 as the exempt group everyone would be exempt. From
12750 Paul Kranenburg <pk@cs.few.eur.nl>
12753 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12760 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
12761 some types (such as ssize_t) therein.
12764 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
12767 Fix negation of paths in a boolean context. Problem found by
12771 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12777 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
12780 SA_RESETHAND means the opposite of what I was thinking--oops To
12781 block all signals in old-style signals use ~0, not 0xffffffff
12784 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
12787 coerce difference of pointers to int when used in a string length
12788 printf format; deraadt@openbsd.org
12791 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12794 Block all signals in Exit() to avoid a signal race. There is still
12795 a tiny window but I'm not going to worry about it.
12798 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
12801 glibc uses the LANGUAGE env var so clear that too; Solar Designer
12805 Regenerate with a fix to flex.skl that preserves errno from
12806 clobbering by isatty().
12809 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
12811 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
12812 auth/sia.c, auth/sudo_auth.c:
12813 Some defaults I_ defines got renamed.
12816 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
12817 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
12818 set_perms.c, sudo.c, sudo.tab.c:
12819 Move defaults info into its own files from which we generate .h and
12820 .c files. This makes adding or rearranging variables much simpler.
12823 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
12825 * configure, configure.in:
12826 fix typo in last commit
12829 * compat.h, config.h.in, configure, configure.in:
12830 Add check + emulation for setegid (like seteuid).
12834 Make env_keep override badenv_table as documented Fix traversal of
12835 badenv_table (broken in last commit)
12838 * set_perms.c, sudo.c, sudo.h:
12839 Don't try and build saved uid version of set_perms on systems w/o
12840 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
12841 set_perms_setreuid simply be set_perms_fallback() and simply include
12842 the appropriate function at compile time (setreuid() vs. setuid()).
12845 * sudoers.cat, sudoers.man.in, sudoers.pod:
12846 PATH is also preserved when env_reset is in effect
12849 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
12850 configure.in, defaults.c, defaults.h, env.c, find_path.c,
12851 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
12852 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
12853 visudo.c, visudo.cat, visudo.man.in:
12854 New Defaults options: o stay_setuid - sudo will remain setuid if
12855 system has saved uids or setreuid(2) o env_reset - reset the
12856 environment to a sane default o env_keep - preserve environment
12857 variables that would otherwise be cleared
12859 No longer use getenv/putenv/setenv functions--do environment munging
12860 by hand. Potentially dangerous environment variables can be cleared
12861 only if they contain '/' pr '%' characters to protect buggy
12862 programs. Moved environment routines into env.c (new file)
12866 Clear up --without-passwd description
12869 * putenv.c, sudo_setenv.c:
12870 We now build up a new environment from scratch and assign it to
12874 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
12876 * sudo.pod, visudo.pod:
12877 Grammatical fixes from Paul Janzen
12880 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
12883 If there was a syntax error and the user just wants to quit, unlink
12884 sudoers if it is zero length.
12888 'Q' means ignore parse error, not 'q'
12892 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
12896 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
12899 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
12902 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
12904 * config.guess, config.sub:
12905 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
12908 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
12910 * sudo.c, visudo.c:
12911 Use exit(127), not exit(-1)
12914 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
12915 Move set_perms() to its own file and use POSIX saved uid or
12916 setreuid() if available.
12918 Added stay_setuid option for systems that have libraries that
12919 perform extra paranoia checks in system libraries for setuid
12920 programs (ie: anything with issetugid(2)).
12924 strip more bits from the environment and add a facility for
12925 stripping things only if they contain '/' or '%' to address printf
12926 format string vulnerabilities in other programs.
12929 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
12936 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
12945 Check for strcasecmp(3) in -lc89 for NCR Unix
12948 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
12951 Define HAVE_INNETGR #ifdef HAVE__INNETGR
12958 * compat.h, config.h.in, configure.in:
12959 Add check for _innetgr(3) since NCR systems have that instead of
12963 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
12966 check return value of creadcfg() call sd_close() after sd_auth()
12967 store username in sd->username so we don't rely on the USER env
12971 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
12974 document --with-bsdauth
12982 --with-bsdauth assumes --with-logincap
12985 * auth/bsdauth.c, auth/fwtk.c:
12986 When prompting for a response to a challenge, if the user just hits
12987 return then reprompt with echo turned on.
12990 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
12993 Remove debugging code that should not have been committed, oops.
12997 Use lower-level routines and get the password ourselves. Checks for
12998 a challenge and if there is one echo is not turned off.
13001 * auth/pam.c, auth/sudo_auth.h:
13002 minor housekeeping, no real code changes
13005 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
13008 Fix a coredump in the logging functions if gethostname(2) fails by
13009 deferring the call to log_error() until things are better setup.
13011 Fix return value of set_loginclass() in non-BSD-auth case.
13013 Hard-code 'sudo' in the usage message so we can fit more options on
13018 Fix errant ';' (typo) that broken MSG_ONLY
13021 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13023 * sudo.cat, sudo.man.in:
13031 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
13032 configure, configure.in, getspwuid.c, sudo.c:
13033 Add support for BSD authentication.
13036 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
13039 Fix typo; from sato@complex.eng.hokudai.ac.jp
13042 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
13045 Mention negating umask
13049 Allow user to specify umask of 0777 (same as !umask)
13052 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
13054 * sudo.pod, visudo.pod:
13055 Fix a typo and give a URL for the sudo history.
13058 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
13060 * defaults.c, sudo.pod:
13061 fix typos; pepper@reppep.com
13064 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
13066 * sudo.c, sudo.h, sudo_setenv.c:
13067 sudo_setenv() now exits on memory alloc failure instead of returning
13071 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
13074 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
13075 and possibly others.
13079 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
13080 that "%m" won't be expanded but we don't use that anyway since the
13081 logging routines may splat to stderr as well.
13084 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
13086 Add always_set_home variable
13089 * configure, configure.in:
13090 Have to hard code default values in help since the defaults are set
13091 _after_ the help stuff.
13094 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
13096 * lex.yy.c, parse.lex:
13097 Allow special characters (including '#') to be embedded in pathnames
13098 if quoted by a '\\'. The quoted chars will be dealt with by
13099 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
13102 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
13105 Better path searching for programs we need.
13109 Add section on "C compiler cannot create executables" errors.
13112 * Makefile.binary, Makefile.in, version.h:
13116 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
13117 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
13118 visudo.man.in, visudo.pod:
13119 Substitute values from configure into man pages.
13122 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
13125 The listpw and verifypw sudoers options would not take effect
13126 because the value of the default was checked *before* sudoers was
13127 parsed. Instead of passing in the value of PWCHECK_* to
13128 sudoers_lookup(), pass in the arg for def_ival() so the check can be
13129 deferred until after sudoers is parsed.
13132 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
13135 When writing prompt, no need to write the NUL as well;
13139 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
13142 When looking for chown, check in /sbin too
13145 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
13148 Remove extraneous call to init_defaults() and set runas_user to NULL
13149 betweem parses so init_defaults will reset it each time, thus
13150 avoiding a reference to free()d data.
13153 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
13155 * config.h.in, interfaces.c, interfaces.h, sudo.c:
13156 Add support for using getifaddrs() to get the list of ip addr /
13157 netmask pairs. Currently IPv4-only.
13161 Add a missing check for UserEditor == NULL Add missing '+' before
13162 line number when invoking editor to fix a syntax error
13165 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
13168 Call clean_env very early in main() for paranoia's sake. Idea from
13172 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
13175 Update proto for evasprintf and easprintf
13179 Make easprintf() and evasprintf() return an int.
13183 If the targetpw flag is set, use target username as part of the
13184 timestamp path. If tty tickets are in effect cat the tty and the
13185 target username with a ':' as the separator.
13188 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
13191 Backout part of last change; setting PAM_USER to the invoking user
13192 breaks things like targetpw.
13196 set tty and username via pam_set_item
13199 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
13200 Fix root, runas, and target authentication for non-passwd file auth
13204 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
13206 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
13207 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
13208 Use B<-Z> not C<-Z> for command line flags in all places. This is
13209 more consistent and works around a bug in Pod::Man.
13212 * sudoers.cat, sudoers.man.in, sudoers.pod:
13213 Fix an occurence of 'semicolon' that should be 'colon'
13216 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
13218 * configure, configure.in:
13219 Fix --with-badpri help line
13222 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
13224 * defaults.c, logging.c, sudo.c:
13225 Bracket calls to syslog with an openlog() and closelog() since some
13226 authentication methods (like PAM) may do their own logging via
13227 syslog. Since we don't use syslog much (usually just once per
13228 session) this doesn't really incur a performance penalty. It also
13229 Fixes a SEGV with pam_kafs.
13232 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
13235 Fix -H flag. runas_homedir is only valid after
13236 set_perms(PERM_RUNAS, mode)
13239 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
13242 Clarify the fact that insults are not enabled just by including them
13246 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
13248 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13250 Regenerated with perl 5.6.0 pod2man
13254 Give date string to pod2man since its default is ugly and it ain't
13259 Do section substitution on the output of pod2man and remove hack
13260 needed for old pod2man.
13263 * sudo.pod, sudoers.pod, visudo.pod:
13264 Put back real man sections, we will do the substitution later.
13267 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
13269 * configure, configure.in:
13270 Don't bother checking for the path to vi if user specified --with-
13274 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
13276 * CHANGES, visudo.c:
13277 Visudo now does its own fork/exec instead of calling system(3).
13280 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
13281 sudoers.pod, visudo.c:
13282 Visudo now checks for the existence of an editor and gives a
13283 sensible error if it does not exist.
13285 The path to the editor for visudo is now a colon-separated list of
13286 allowable editors. If the user has $EDITOR set and it matches one
13287 of the allowed editors that editor will be used. If not, the first
13288 editor in the list that actually exists is used.
13291 * sudo.cat, sudo.man.in, sudo.pod:
13292 Clear up confusion wrt sudo's return value.
13295 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
13298 Strip sudo and visudo for bindist target
13301 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
13302 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
13303 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
13304 [5eb9e60a726f] [SUDO_1_6_3]
13306 * visudo.cat, visudo.man.in, visudo.pod:
13307 Typo: @sysconf@ -> @sysconfdir@
13311 'make dist' should not cause any files to be modified so remove its
13316 Whoops, forgot to add release marker
13319 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
13322 Final change for 1.6.3 (or so I hope)
13325 * sudo.cat, sudoers.cat, visudo.cat:
13326 Use SYSV man sections since BSD systems will have nroff...
13329 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
13331 * parse.yacc, sudo.tab.c:
13332 When checking to see if the host/user matches in a defaults spec,
13333 check against TRUE, not just non-zero since it might be -1.
13336 * configure, configure.in:
13337 OSF/1 puts file formats in section 4, not 5.
13340 * CHANGES, INSTALL, sudo.c:
13341 Make login class support work on BSD/OS
13348 * configure, configure.in:
13349 If there is no inet_addr but there *is* an __inet_addr that's ok
13350 since inet_addr is probably just a macro then. The better thing to
13351 do would be to look for the macro, but this is fine for now.
13354 * configure, configure.in:
13355 Don't use shlicc for BSD/OS 4.x
13358 * Makefile.in, configure, configure.in:
13359 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
13360 configure variable so we can deal with this. Also, only remove *.man
13361 for 'distclean' not 'clean'.
13365 set_loginclass() should be static like the proto says
13368 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
13371 Add #ifdef __STDC__ around the rangematch function header to avoid
13372 promotion of test to int, thus violating the prototype. Gcc handles
13373 this gracefully but more std ANSI compilers will complain.
13377 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
13380 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
13381 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
13382 FNM_CASEFOLD in configure
13389 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
13390 Fully qualified hosts w/ wildcards were not matching the FQHOST
13391 token type. There's really no need for a separate token for fully-
13392 qualified vs. unqualified anymore so FQHOST is now history and
13393 hostname_matches now decides which hostname (short or long) to check
13394 based on whether or not the pattern contains a '.'.
13398 Fully qualified hosts w/ wildcards were not matching the FQHOST
13399 token type. There's really no need for a separate token for fully-
13400 qualified vs. unqualified anymore so FQHOST is now history and
13401 hostname_matches now decides which hostname (short or long) to check
13402 based on whether or not the pattern contains a '.'.
13405 * lex.yy.c, parse.c, parse.lex, parse.yacc:
13406 Fully qualified hosts w/ wildcards were not matching the FQHOST
13407 token type. There's really no need for a separate token for fully-
13408 qualified vs. unqualified anymore so FQHOST is now history and
13409 hostname_matches now decides which hostname (short or long) to check
13410 based on whether or not the pattern contains a '.'.
13413 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
13414 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
13415 Add support for wildcards in the hostname.
13419 Add targets for *.man.in, using config.status to generate *.man from
13423 * sudoers.cat, sudoers.man.in, sudoers.pod:
13424 Document set_logname option and enbolden refs to sudo and visudo.
13427 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
13428 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
13429 visudo.cat, visudo.man.in, visudo.pod:
13430 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
13431 from Michael D. Marchionna. configure now does substitution on the
13432 man pages, allowing us to fix up the paths and set the section
13433 correctly. Based on an idea from Michael D. Marchionna.
13437 Better fix for handling HP-UX aging info.
13441 Add support for set_logname run-time default
13444 * sudo.man.in, sudoers.man.in, visudo.man.in:
13445 configure does substitution on these to produce *.man
13448 * sudo.man, sudoers.man, visudo.man:
13449 These files now get generated from *.man.in at configure time.
13452 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
13454 * defaults.c, defaults.h:
13455 Add set_logname option so users can turn off setting of LOGNAME/USER
13456 environment variables.
13459 * lsearch.c, parse.c, testsudoers.c:
13463 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
13466 HP-UX adds extra info at the end for password aging so when
13467 comparing the result of crypt to pw_passwd we only compare the first
13468 len(epass) bytes *unless* the user entered an empty string for a
13473 Get rid of grandchild hack, it was causing problems and there is
13474 really no need for it. This fixes a bug where we spin eating up CPU
13475 when the user runs a long-running process like a shell.
13478 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
13481 User can always specify a login class if he/she is already root.
13484 * config.h.in, configure, configure.in, defaults.c, defaults.h,
13486 FreeBSD login class (login.conf) support.
13489 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13491 * auth/sudo_auth.c:
13492 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
13495 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
13498 Truncate unencrypted password to 8 chars if encrypted password is
13499 exactly 13 characters (indicateing standard a DES password). Many
13500 versions of crypt() do this for you, but not all (like HP-UX's).
13503 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
13506 Mention that gcc on dynix may have problems
13509 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
13512 Link visudo with NET_LIBS since we now call syslog via defaults.c
13516 Use Argv[0] as the first arg to openlog() since visudo uses this
13520 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
13523 Stash coredumpsize resource limit and retsore it before the exec()
13524 Otherwise the child ends up with a coredumpsize of 0.
13527 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
13529 * sudo.cat, sudo.man, sudo.pod:
13537 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
13538 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
13539 Added -S flag (read passwd from stdin) and tgetpass_flags global
13540 that holds flags to be passed in to tgetpass(). Change echo_off
13541 param to tgetpass() into a flags field. There are currently 2
13542 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
13543 tgetpass(), abstract the echo set/clear via macros and if (flags &
13544 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
13548 Fixed a bug that caused an infinite loop when the password timeout
13552 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
13554 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
13555 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
13556 Add rootpw, runaspw, and targetpw options.
13559 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
13561 enveditor -> env_editor
13564 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
13566 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
13567 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
13569 crank versino to 1.6.3
13572 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
13573 sudoers.pod, visudo.c:
13574 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
13575 them. This means that visudo will now parse the sudoers file
13576 *before* it is edited so a bogus sudoers file will cause a warning
13577 to go to stderr. Also, visudo checks the variables once--it does not
13578 check them after each editor run since that could be confusing.
13581 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
13587 * check.c, sudo.c, sudo.h:
13588 Move user_is_exempt prototype into sudo.h
13591 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
13593 * configure, configure.in:
13594 Fix thinko, some && should have been || in the last commit
13597 * configure, configure.in:
13598 Don't initialized Makefile variables to be NULL since the user may
13599 want to import variables from their environment.
13602 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
13604 * configure, configure.in:
13608 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
13611 fix a yacc (skeleton.c) warning
13614 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
13616 * INSTALL, RUNSON, configure, configure.in:
13617 Make pam work on HP-UX 11.0;jaearick@colby.edu
13621 recent changes; prepare for 1.6.2p1
13625 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
13628 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
13631 Regen with yacc that has a memory leak plugged.
13634 * sudoers.cat, sudoers.man, sudoers.pod:
13635 Expanded docs on sudoers 'defaults' options based on INSTALL file
13640 Fix some while lies
13643 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
13646 When making a bindist, link FAQ to TROUBLESHOOTING instead of
13650 * sudoers.cat, sudoers.man, sudoers.pod:
13651 Add netgroup caveat
13652 [28d119f466e3] [SUDO_1_6_2]
13655 Last minute updates
13671 Better detection of PAM errors and fix custom prompts with PAM.
13672 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
13675 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
13678 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
13682 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
13684 * CHANGES, config.h.in, configure, configure.in, visudo.c:
13685 Fix sudoers locking in visudo. We now lock the sudoers file itself,
13686 not the temp file (since locking the temp file can foul up editors).
13687 The previous locking scheme didn't work because the fd was closed
13691 * config.h.in, configure, configure.in:
13692 Don't need test for ftruncate() any more.
13695 * configure, configure.in:
13696 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
13697 the unbundled HP-UX cc.
13700 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
13702 * sudoers.cat, sudoers.man, sudoers.pod:
13703 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
13706 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
13708 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
13709 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
13710 version.h, visudo.c:
13711 update copyright year on changed files
13723 Crank version to 1.6.2
13727 Crank version to 1.6.2
13731 When using rlimit check for RLIM_INFINITY When computing the value
13732 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
13739 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
13740 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
13741 Crank version to 1.6.2
13744 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
13745 Add 'shell_noargs' runtime option back in. We have to defer
13746 checking until after the sudoers file has been parsed but since
13747 there are now other options that operate that way this one can too.
13748 Based on a patch from bguillory@email.com.
13751 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
13752 Add "listpw" and "verifypw" options.
13755 * sudoers.cat, sudoers.man, sudoers.pod:
13756 o Fix some typos/omissions o Add section on verifypw and listpw o
13757 Define how NOPASSWD interacts with the -v and -l flags
13760 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
13762 * configure, configure.in:
13763 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
13764 -D_HPUX_SOURCE to CPPFLAGS.
13767 * defaults.c, defaults.h:
13768 In struct sudo_defs_types, move the union to the end and don't
13769 initialize the union member since that only works with an ANSI
13770 compiler. We set the value of the union by hand in init_defaults()
13771 anyway. This allows sudo to compile on a K&R compiler again.
13774 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
13776 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
13777 netgr_matches needs to check shost as well as host since they may be
13782 End on \r as well as \n
13785 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
13788 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
13789 from 0400 to whatever SUDOERS_MODE is (converting from the old
13790 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
13791 0400 which should always be the case.
13794 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
13795 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
13796 w/o a passwd if there is *any* entry for the user on the host with a
13797 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
13798 the user on the host w/ the specified runas user have the NOPASSWD
13806 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
13809 Treat EOF at whatnow prompt like 'x' instead of looping.
13812 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13816 [5836a9452568] [SUDO_1_6_1]
13818 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
13820 * config.h.in, configure, configure.in, sudo.c:
13821 Add check for initgroups() since old SYSV lacks this.
13824 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
13825 parse.c, testsudoers.c:
13826 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
13830 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
13832 * auth/sudo_auth.c:
13833 Don't allow insults to be enabled if the insults[] array is empty.
13834 Otherwise there would be division by zero.
13838 Don't allow insults to be enabled if the insults[] array is empty.
13839 Otherwise there would be division by zero.
13843 Don't allow insults to be enabled if the insults[] array is empty.
13844 Otherwise there would be division by zero.
13848 Don't care about USE_INSULTS #define since the insult stuff may be
13849 overridden at runtime.
13852 * auth/sudo_auth.c:
13853 Honor insults flag.
13856 * CHANGES, parse.c:
13857 Don't ask the user for a password if the user is not allowed to run
13858 the command and the authenticate flag (in sudoers) is false.
13861 * CHANGES, RUNSON, lex.yy.c, parse.lex:
13862 o Whenever we get a bare newline we change to the INITIAL state. o
13863 Enter GOTRUNAS when we see Runas_Alias
13865 This allows #uid to work in a RunasAlias.
13868 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
13870 * CHANGES, parse.yacc, sudo.tab.c:
13871 fix parsing of runas lists: o oprunasuser and runaslist now return a
13872 value o in a runasspec, if a runaslist does not return TRUE, set
13873 runas_matches to FALSE. Normally, a runaslist only returns FALSE
13874 for explicitly denied users. o since runaslist does not modify the
13875 stack there is no need for a push/pop in runasalias.
13879 Don't kill the user's tickets until after sudoers has been parsed
13880 since tty_tickets and ticket_dir could be set in sudoers.
13883 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
13884 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
13885 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
13886 crank version to 1.6
13890 add set_fqdn() stub
13893 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
13895 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
13896 sudoers.man, sudoers.pod, visudo.c:
13897 o Kill shell_noargs option, it cannot work since the command needs
13898 to be set before sudoers is parsed. o Fix the "set_home" sudoers
13899 option (only worked at compile time). o Fix "fqdn" sudoers option.
13900 We now set host/shost via set_fqdn which gets called when the
13901 "fqdn" option is set in sudoers. o Move the openlog() to
13902 store_syslogfac() so this gets overridden correctly from the
13907 SecurID support should compile now.
13910 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
13912 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
13913 visudo.man, visudo.pod:
13914 fix some syntactic goofs
13917 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
13919 * Makefile.in, sudo.html, sudoers.html, visudo.html:
13920 No longer need the .html files as they are generated automatically
13924 * CHANGES, LICENSE:
13925 kill characters that made wml unhappy
13932 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13935 majordomo@cs.colorado.edu -> majordomo@courtesan.com
13938 * Makefile.in, configure:
13939 Wrap script execution w/ /bin/sh for the benefit of ctm
13942 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
13945 Make the -s flag be exclusive too. Also reorder the flags in the
13946 exclusive usage message so they are alphabetical.
13949 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
13952 make pam errors other than PAM_PERM_DENIED fatal
13960 make it clear that /etc/pam.d/sudo is required on linux
13964 fix a warning on redhat and spew an error if pam_authenticate()
13965 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
13968 * sudo.cat, sudo.html, sudo.man, sudo.pod:
13969 Be very clear that the password required is the user's not root's
13972 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
13975 add sample.syslog.conf to DISTFILES and BINFILES
13978 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
13981 updates from Brian Jackson + some formatting
13984 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
13986 * INSTALL.binary, Makefile.binary, README, RUNSON:
13987 o One RUNSon update o Changes for automating real binary releases
13994 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
13997 talk about run-time options in addition to compile-time options
13998 [1eb813ff0a9a] [SUDO_1_6_0]
14005 need sys/time.h if HAVE_SETRLIMIT
14008 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
14009 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
14010 get rid of references to sudo-bugs. Now mention the web site or the
14015 repair pod2html damage
14019 Update for 1.6 release
14022 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14023 Add warning about using ALL in a command context.
14026 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
14029 Call yyrestart() on a parse error to reset the lexer state.
14032 * lex.yy.c, parse.lex:
14033 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
14034 since it might not get called in yywrap if we get a parse error
14035 (and we only reread the file on error anyway).
14038 * lex.yy.c, parse.lex:
14039 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
14040 might still exist. Call yyrestart() instead of using the deprecated
14044 * lex.yy.c, parse.lex:
14045 flex doesn't need %N table size declarations
14048 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14049 Mention what characters need to be escaped in names.
14052 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
14059 clarify Mac OS X entry
14067 o Use AC_MSG_ERROR throughout o Check syslog configure options for
14071 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
14074 Fix printing of type T_MODE in dump_defaults()
14078 missing sys/types.h
14082 Break out options that may be overridden at run time into their own
14083 section. Add a not about Max OS X and correct some lies.
14086 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
14088 * CHANGES, config.h.in, configure, configure.in, sudo.c:
14089 o Now use getrlimit to find the highest fd when closing all non-std
14090 fd's o Turn off core dumps via setrlimit for the sake of paranoia
14097 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
14104 When read()'ing, do a single character at a time to be sure we don't
14105 go oast the newline.
14109 For the sudo_root option, check against user_uid, not getuid() since
14110 at this point, ruid == euid == 0.
14118 Fix compilation problem when --with-logging=file was specified.
14119 This means that syslog is now required to build sudo but that should
14120 not be a problem. If it is it can be fixed trivially with a
14121 configure check for syslog() or syslog.h.
14125 Make this work again for things like "sudo echo hi | more" where the
14126 tty gets put into character at a time mode. We read until we read
14127 end of line or we run out of space (similar to fgets(3)).
14130 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
14132 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14133 change ital to bold
14140 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
14143 Error out if syslog parameters are given without a value. For
14144 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
14145 no facilities in the 4.2BSD syslog.
14148 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
14151 Ignore the syslog facility for systems w/ old syslog like Ultrix.
14155 people with "." early in their path can have problems running sudo
14156 from the build dir ;-)
14159 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
14161 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14162 Remove -r realm option
14165 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
14166 configure.in, sudo.c:
14167 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
14174 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
14177 include <auth.h> to get function prototypes.
14180 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14184 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
14187 in set_perms(), always call setuid(0) before changing the ruid/euid
14188 so we always know it will succeed.
14192 #undef T_FOO to avoid conflicts with system defines (like on
14196 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
14198 Docuement "Defaults" lines in /etc/sudoers. Still needs some
14199 fleshing out but this is a start.
14202 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
14204 * use strtol, not strtoul since not everyone has not strtoul
14208 use strtol, not strtoul since not everyone has not strtoul
14211 * lex.yy.c, parse.lex:
14212 last {WORD} rule should only apply in the INITIAL state
14215 * lex.yy.c, parse.lex:
14216 o Add support for escaped characters in the WORD macro o Modify
14217 fill() to squash escape chars
14220 * defaults.c, defaults.h:
14221 o Add T_PATH flag to allow simple sanity checks for default values
14222 that are supposed to be pathnames. o Fix a duplicate free when
14223 visudo finds an error.
14226 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
14228 * defaults.c, defaults.h, logging.c:
14229 mail_if_foo -> mail_foo
14232 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
14234 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
14235 o Add requiretty option o Move O_NOCTTY to compat.h
14239 The exit() in log_error() was mistakenly removed in a previous
14240 version. Put it back...
14243 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
14245 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
14246 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
14247 configure, configure.in, defaults.c, defaults.h, find_path.c,
14248 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
14249 o Change defaults stuff to put the value right in the struct. o
14250 Implement mailer_flags o Store syslog stuff both in int and string
14251 form. Setting the string form magically updates the int version.
14252 o Add boolean attribute to strings where it makes sense to say !foo
14256 add O_NOCTTY when opening /dev/tty just in case
14259 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
14262 cleanup function no longer takes a status arg
14269 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14271 * TODO, config.h.in, configure, configure.in, logging.c:
14272 Use strftime() instead of ctime() if it is available.
14275 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14282 update ReliantUNIX entry
14285 * defaults.c, defaults.h, logging.c:
14286 add log_year option
14289 * configure, configure.in:
14290 add --without-sendmail to help output
14293 * configure, configure.in:
14294 enforce an otctal arg for --with-suoders-mode
14297 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
14299 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
14300 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
14301 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
14302 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
14303 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
14304 testsudoers.c, version.c, visudo.c:
14305 Add support for "Defaults" line in sudoers to make configuration
14306 variables changable at runtime (and on a global, per-host and per-
14307 user basis). Both the names and the internal representation are
14308 still subject to change. It was necessary to make sudo_user.runas
14309 but a char ** instead of a char * since this value can be changed by
14310 a Defaults line. There is a similar (but more complicated) issue
14311 with sudo_user.prompt but it is handled differently at the moment.
14313 Add a "-L" flag to list the name of options with their descriptions.
14314 This may only be temporary.
14316 Move some prototypes to parse.h
14318 Be much less restrictive on what is allowed for a username.
14321 * sample.syslog.conf:
14325 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
14327 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
14329 UCB has dropped the advertising clause from their license.
14332 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
14334 * auth/sudo_auth.h:
14335 move dce_verofy proto to correct section
14342 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
14345 Add fnmatch() prototype
14348 * fnmatch.c, parse.c, testsudoers.c:
14349 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
14353 add strcasecmp proto
14356 * auth/sudo_auth.c:
14357 add check for case where there are no auth methods
14360 * configure, configure.in:
14361 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
14365 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
14366 include strings.h everywhere we include string.h
14370 nicer output when showing auth methods
14374 Add support for SEND_MAIL_WHEN_NO_HOST
14377 * config.h.in, configure, configure.in:
14378 Add _GNU_SOURCE for Linux
14381 * lex.yy.c, parse.lex:
14382 fix definition of OCTECT
14385 * configure, configure.in:
14386 aix_auth.o not authenticate.o
14389 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
14392 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
14393 keyboard). Since we run with ruid/euid == 0 the user can't really
14394 signal us in nasty ways.
14398 Don't need to worry about catching too many signals since we do
14399 locking on the tmp file. If a lockfile is really stale, it will be
14400 detected and overwritten.
14403 * INSTALL, Makefile.in:
14404 include auth/API in tarball
14407 * auth/sudo_auth.c:
14408 move memset() of plaintext pw outside of verify loop and only do the
14409 memset if we are *not* in standalone mode.
14412 * auth/sudo_auth.c, auth/sudo_auth.h:
14413 DCE is not a standalone method
14417 fix --enable-noargs-shell
14421 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
14424 * auth/fwtk.c, auth/sia.c:
14425 _cleanup() function returns an int.
14429 there were still some return(0)'s hanging around, make them
14438 add missing semicolon
14441 * auth/sudo_auth.h:
14445 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
14447 * CHANGES, config.h.in, configure, configure.in:
14448 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
14452 add parse.h to HDRS
14455 * Makefile.in, configure, configure.in:
14456 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
14457 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
14458 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
14459 testsudoers to build on Solaris and is a bit cleaner in general.
14463 mention ptmp -> sudoers.tmp
14466 * config.h.in, configure, configure.in:
14467 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
14475 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
14476 return a value more like a system function
14488 update based on what is in the man page
14491 * parse.yacc, sudo.tab.c:
14492 minor change to first line printed in -l mode
14495 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14496 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
14497 standard and add "EXAMPLES" section
14500 * visudo.cat, visudo.html, visudo.man, visudo.pod:
14501 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
14505 * logging.c, parse.c, sudo.h:
14509 * lex.yy.c, parse.lex:
14510 make an OCTET really be limited to 0-255
14514 mention timestamp changes
14521 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14522 new sudoers(8) man page
14525 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
14528 Update comments about syslog name tables
14531 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
14532 strcasecmp.c, sudo.tab.c:
14533 include strcasecmp() for those without it
14537 Use the : operator some more and fix a typo
14541 update the history of sudo
14544 * parse.c, parse.lex, testsudoers.c:
14545 CIDR-style netmask support
14552 * sudo.tab.c, sudo.tab.h:
14553 these should be generated with byacc, not bison
14560 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
14561 In "sudo -l" mode, the type of the stored (expanded) alias was not
14562 stored with the contents. This could lead to incorrect output if
14563 the sudoers file had different alias types with the same name.
14564 Normal parsing (ie: not in '-l' mode) is unaffected.
14567 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
14569 * configure, configure.in:
14570 define _XOPEN_SOURCE to get at crypt() proto on some systems
14573 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
14580 don't need limits.h
14584 kill bogus reference to vfprintf
14587 * sample.sudoers, sudoers:
14592 Add some const in the K&R defs. This is safe since we define const
14593 away if the compiler doesn't grok it.
14596 * aclocal.m4, configure:
14597 Better test for working long long support. Ultrix compiler supports
14598 basic long long but not all operations on them.
14601 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
14602 snprintf.c, sudo.c:
14603 Add check for LONG_IS_QUAD #undef MAXINT before including
14604 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
14605 in snprintf.c and use LONG_IS_QUAD
14608 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
14610 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
14612 UCB-derived snprintf + asprintf support. Supports quads if the
14613 compiler does. No floating point yet, perhaps later...
14616 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
14618 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
14619 goodpath.c, logging.c, parse.c, sudo.c:
14620 Run most of the code as root, not the invoking user. It doesn't
14621 really gain us anything to run as the user since an attacker can
14622 just have an setuid(0) in their egg. Running as root solves
14623 potential problems wrt signalling.
14630 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
14632 * logging.c, sudo.c:
14633 Don't wait for child to finish in log_error(), let the signal
14634 handler get it if we are still running, else let init reap it for
14635 us. The extra time it takes to wait lets the user know that mail is
14638 Install SIGCHLD handler in main() and for POSIX signals, block
14643 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
14644 parse.yacc, sudo.c, sudo.h:
14645 sudoers_lookup() now returns a bitmap instead of an int. This makes
14646 it possible to express things like "failed to validate because user
14647 not listed for this host". Some thigns that were previously
14648 VALIDATE_FOO are now FLAG_FOO. This may change later on.
14650 Reorganized code in log_auth() and sudo.c to deal with above
14653 Safer versions of push/pushcp with in the do { ... } while (0) style
14655 parse.yacc now saves info on the stack to allow parse.c to determine
14656 if a user was listed, but not for the host he/she tried to run on.
14658 Added --with-mail-if-no-host option
14661 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14663 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
14664 visudo.man, visudo.pod:
14665 o NewArgv and NewArgc don't need to be externally visible. o If
14666 pedantic > 1, it is a parse error. o Add -s (strict) option to
14667 visudo which sets pedantic to 2.
14670 * HISTORY, INSTALL:
14671 Just have sudo-bugs contact info in one place
14674 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14678 * Makefile.in, configure, configure.in:
14679 Add testsudoers to default build target if --with-devel Don't clean
14680 generated parser files unless "distclean".
14683 * parse.yacc, sudo.tab.c:
14684 In pedantic mode we need to save *all* the aliases, not just those
14685 that match, or we get spurious warnings.
14689 reference samples.sylog.conf
14692 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
14694 * sample.syslog.conf:
14695 Sample entries for syslog.conf
14702 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
14703 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
14704 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
14705 auth/sudo_auth.c, auth/sudo_auth.h:
14706 In struct sudo_auth, turn need_root and configured into flags and
14707 add a flag to specify an auth method is running alone (the only
14708 one). Pass auth methods their sudo_auth pointer, not the data
14709 pointer. This allows us to get at the flags and tell if we are the
14710 only auth method. That, in turn, allows the method to be able to
14711 decide what should/should not be a fatal error. Currently only
14712 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
14713 define and te hackery that went with it. With access to the
14714 sudo_auth struct, methods can also get at a string holding their
14715 cannonical name (useful in error messages).
14718 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
14719 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
14721 o --with-otp deprecated, use --without-passwd instead o real
14722 dependencies in the Makefile o --with-devel option to enable yacc,
14723 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
14724 back to being a token, not a string but don't leak memory o rename
14725 hsotspec -> host in parse.yacc
14728 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
14734 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
14736 o Digital UNIX needs to check for *snprintf() before -ldb is added
14737 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
14738 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
14739 functions in snprintf.c to fix -Wall o Add missing includes to fix
14743 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
14744 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
14746 o Add a "pedentic" flag to the parser. This makes sudo warn in
14747 cases where an alias may be used before it is defined. Only turned
14748 on for visudo and testsudoers. o Add --disable-authentication option
14749 that makes sudo not require authentication by default. The PASSWD
14750 tag can be used to require authentication for an entry. We no
14751 longer overload --without-passwd.
14754 * lex.yy.c, parse.lex:
14755 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
14756 username can contain just about anything so be very permissive. Also
14757 drop the unused \. punctuation.
14760 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
14762 * parse.yacc, sudo.tab.c:
14763 o add a 'val' element to aliasinfo struct and move -> parse.h o
14764 find_alias() now returns an aliasinfo * instead of boolean o
14765 add_alias() now takes a value parameter to store in the
14766 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
14767 return: 1) positive match 0) negative match (due to '!')
14768 -1) no match This means setting $$ explicitly in all cases, which I
14769 should have done in the first place. It also means that we always
14770 store a value that is != -1 and when we see a '!' we can set
14771 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
14772 now works the way it should in lists and some of the rules are more
14773 uniform and sensible.
14777 add parse.h dependency
14781 kill unused *_matched macros
14785 Allow a list of users as the first thing in a user spec, not just a
14786 single entry. This makes things more uniform, though it does allow
14787 you to write user specs that are hard to read.
14799 fix check for crypt() in libufc
14802 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
14805 sudo-users list now exists
14808 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
14812 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
14813 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
14814 version.c, visudo.c:
14815 o Move lock_file() and touch() into fileops.c so visudo can use them
14816 o Visudo now locks the sudoers temp file instead of bailing when the
14817 temp file already exists. This fixes the problem of stale temp
14818 files but it does *require* that you not try to put the temp file in
14819 a world-writable directory. This shoud not be an issue as the temp
14820 file should live in the same dir as sudoers. o Visudo now only
14821 installs the temp file as sudoers if it changed.
14824 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14830 * config.h.in, configure, configure.in, logging.c:
14834 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
14835 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
14836 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
14837 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
14838 -> _PATH_SUDOERS_TMP
14841 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14843 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
14844 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
14845 root sudo -V config reporting
14848 * configure, configure.in:
14849 aix_auth.o not authenticate.o
14853 Add --with-goodpri and --with-badpri configure options to specify
14854 the syslog priority to use.
14857 * INSTALL, configure, configure.in, logging.h:
14858 Add --with-goodpri and --with-badpri configure options to specify
14859 the syslog priority to use.
14863 kill crufty AIX stuff
14867 Sigh, some versions of make (like Solaris's) don't deal with $< like
14868 I would expect. Both GNU and BSD makes get this right but... So, we
14869 just expand $< inline at the cost of some ugliness.
14873 If the invoking user is root, sudo will now print configure info in
14874 -V mode. Currently just prints logging info, to be expanded later.
14877 * logging.c, logging.h, sudo.c, sudo.h:
14878 o new defines for syslog facility and priority o use new
14879 print_version() functino for -V mode
14883 Don't need version.c
14886 * aclocal.m4, config.h.in, configure, configure.in:
14887 Add check for syslog facilities and priorities tables in syslog.h
14891 o authenticate -> aix_auth o add version.c
14894 * auth/sudo_auth.c:
14895 Missed a prompt -> user_prompt conversion
14898 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
14901 sudo should lock its logfile
14904 * parse.yacc, sudo.tab.c:
14905 o Add '!' correctly when expanding Aliases. o Add shortcut macros
14906 for append() to make things more readable. o The separator in
14907 append() is now a string instead of a char. o In append(), only
14908 prepend the separator if the last char is not a '!'. This is a
14909 hack but it greatly simplifies '!' handling. o In -l mode, Runas
14910 lists and NOPASSWD/PASSWD tags are now inherited across entries in
14911 a list (matches current behavior). o Fix formatting in -l mode such
14912 that items in a list are separated by a space. Greatlt improves
14913 readability. o Space for name field in struct aliasinfo is now
14914 allocated dyanically instead of using a (big) buffer. o In
14915 add_alias(), only search the list once (lsearch instead of lfind +
14919 * lex.yy.c, sudo.tab.c, sudo.tab.h:
14923 * configure, configure.in:
14924 Solais pam doesn't require anye xtra setup
14928 o Simpler '!' support now that the lexer deals with multiple !'s for
14929 us. o In the case of opFOO, have FOO give a boolean return value and
14930 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
14931 it gets fill()'d in parse.lex--fixes a small memory leak. In the
14932 long run it may be better to just fix parse.lex and make ALL back
14933 into a token. However, having it be a string is useful since it
14934 can be easily passed back to the parent rule if we so desire.
14938 o Remove some unnecessary backslashes o collapse multiple !'s by
14939 using !+ and checking if yyleng is even or odd. this allows us to
14940 simplify ! handling in parse.yacc
14944 -u flag was being ignored
14947 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
14954 work around pod2man stupididy
14958 correct dependencies for .cat
14961 * sudo.cat, sudo.man, visudo.cat, visudo.man:
14965 * sudo.pod, visudo.pod:
14966 Add copyright Update to reality
14969 * parse.c, sudo.c, sudo.h:
14970 rename validate() to the more descriptive sudoers_lookup()
14977 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
14983 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
14984 configure, configure.in, sudo.c:
14989 add 4th term to license similar to term 5 in the apache license
14992 * emul/search.h, emul/utime.h:
14993 add 4th term to license similar to term 5 in the apache license
14996 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
14997 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
14998 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
14999 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
15000 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
15001 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
15002 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
15004 add 4th term to license similar to term 5 in the apache license
15007 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
15008 add 4th term to license similar to term 5 in the apache license
15011 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
15012 getspwuid.c, goodpath.c:
15013 add 4th term to license similar to term 5 in the apache license
15016 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
15017 insults.h, logging.c, sudo.c, sudo.h:
15018 there was a 1995 release too
15021 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
15028 Use dirs instead of files for timestamp. This allows tty and non-
15029 tty schemes to coexist reasonably. Note, however, that when you
15030 update a tty ticket, the mtime on the user dir gets updated as well.
15033 * configure, configure.in:
15034 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
15035 when linking test program, not just -lprot. Also add check for
15036 getspnam(). The SCO docs indicate that /etc/shadow can be used but
15040 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
15043 first cut at auth API description
15046 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
15048 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
15049 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
15051 auth API change. There is now an init method that gets run before
15052 the main loop. This allows auth routines to differentiate between
15053 initialization that happens once vs. setup that needs to run each
15054 time through the loop.
15057 * auth/kerb5.c, logging.c:
15058 use easprintf() and evasprintf()
15062 add easprintf() and evasprintf(), error checking versions of
15063 asprintf() and vasprintf()
15067 remove 2 items. One done, one won't do.
15070 * lex.yy.c, sudo.tab.c:
15074 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
15075 visudo.html, visudo.man:
15084 o Document -K flag and update meaning of -k flag. o BSD-style
15085 copyright o Document clearing of BIND resolver environment variables
15086 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
15087 if your OS gives away files
15095 BSD-style copyright
15099 o BSD copyright o no need to block signals, we now do that in main()
15103 * testsudoers.c, visudo.c:
15104 o BSD-style copyright o Use "struct sudo_user" instead of old
15105 globals. o some cometic cleanup
15109 BSD-style copyright
15113 o BSD copyright o logging and parser bits moved to their own .h
15114 files o new "struct sudo_user" to encapsulate many of the old
15119 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
15120 logging routines o simplified flow of control o BIND resolver
15121 additions to badenv_table
15125 BSD-style copyright
15129 Now compiles on more K&R compilers
15133 BSD-style copyright, cosmetic changes
15137 BSD-style copyright
15140 * parse.c, parse.h, parse.lex, parse.yacc:
15141 BSD-style copyright. Move parser-specific defines and structs into
15142 parse.h + other cosmetic changes
15146 defines for logging routines
15149 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
15150 BSD-style copyright, cosmetic changes
15153 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
15155 BSD-style copyright
15159 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
15160 kill --disable-tgetpass o add --without-passwd o changes to fill in
15161 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
15162 v?asprintf() o replace --with-AuthSRV with --with-fwtk
15166 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
15167 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
15168 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
15172 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
15176 BSD-style copyright
15180 no more --with-getpass
15184 Take out things I've done...
15192 --with-getpass no longer exists
15196 BSD-style copyright. Update to reflect reality wrt new files and
15201 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
15206 Update history a bit
15209 * COPYING, LICENSE:
15210 Now distributed under a BSD-style license
15213 * auth/sudo_auth.c:
15214 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
15215 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
15219 * auth/pam.c, auth/sia.c:
15220 BSD-style copyright and use new log functions
15224 o BSD-style copyright o Use new log functiongs o Use asprintf() and
15225 snprintf() where sensible.
15229 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
15230 done more reasonably--better sanity checks and tty-based stamps are
15231 now done as files in a directory with the same name as the invoking
15232 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
15233 to mix tty and non-tty based ticket schemes but this may change in
15234 the future (it requires sudo to use a directory instead of a file in
15235 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
15236 the epoch and ``sudo -K'' really deletes the file. That way you
15237 don't get the lecture again just because you killed your ticket in
15238 .logout. BSD-style copyright now.
15242 o rewritten logging routines. log_error() now takes printf-style
15243 varargs and log_auth() for the return value of validate(). o BSD-
15247 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
15248 superceded by new auth API
15252 BSD-style copyright
15256 Use snprintf() where it makes sense and add a BSD-style copyright
15259 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
15260 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
15261 BSD-style copyright
15264 * emul/utime.h, utime.c:
15265 BSD-style copyright
15269 this has been rewritten so use my BSD-style copyright
15272 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
15275 include malloc.h if no stdlib.h
15279 KTH snprintf()/asprintf() for systems w/o them
15283 strerror() for systems w/o it
15286 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
15292 * parse.c, parse.lex, parse.yacc:
15293 Add contribution info in the main comment
15296 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
15299 remove missed ref to PAM_nullpw
15302 * auth/sudo_auth.h:
15307 more or less complete now--still untested
15310 * auth/afs.c, auth/pam.c:
15311 don't use user_name macro, it will go away
15314 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
15315 combine skey/opie code into rfc1938.c
15318 * auth/dce.c, auth/sudo_auth.h:
15319 DCE authentication method; basically unchanged from dce_pwent.c
15322 * auth/aix_auth.c, auth/sudo_auth.h:
15323 AIX authenticate() support. Could probably be much better
15327 Fix an uninitialized variable and some cleanup. Now works (tested)
15330 * auth/sia.c, auth/sudo_auth.h:
15331 SIA support for digital unix
15335 don't use prompt global, it will go away
15338 * auth/secureware.c:
15339 correct copyright years
15342 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
15343 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
15344 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
15345 New authentication API and methods
15348 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
15355 only save an entry if user_matches && host_matches, even if the
15356 stack is empty (fix for previous commit)
15364 1) Always save an entry on the stack if it is empty. This fixes the
15365 -l and -v flags that were broken by earlier parser changes.
15367 2) In a Runas list, don't negate FALSE -> TRUE since that would make
15368 !foo match any time the user specified a runas user (via -u) other
15373 interfaces and num_interfaces are now auto, not extern
15376 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
15379 use a static global to keep stae about empty passwords
15383 make PASSWORD_NOT_CORRECT logging consistent with other modules
15386 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
15389 PAM prompt code was wrong, looks like we have to kludge it after
15394 In the PAM code, when a user hits return at the first password
15395 prompt, exit without a warning just like the normal auth code
15398 * configure, configure.in:
15399 kludge around cross-compiler false positives
15402 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
15403 New (correct) PAM code Tgetpass now takes an echo flag for use with
15404 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
15405 useless umask setting Change error from BAD_ALLOCATION ->
15406 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
15411 Some -Wall and kill some trailing spaces
15415 define -D__EXTENSIONS__ for solaris so we get crypt() proto
15418 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
15424 * INSTALL, config.h.in, configure, configure.in:
15425 for kerberos V < version, fall back on old kerb4 auth code
15429 clarify some things
15432 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
15436 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
15439 mention why DONT_LEAK_PATH_INFO is not the default
15442 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
15445 Fix open(2) return value checking, was NULL for fopen, should be -1
15454 better wording for solaris pam notice
15458 document recent changes
15462 Update shadow password section
15466 move authentication code from check.c to auth.c
15469 * Makefile.in, check.c, sudo.h:
15470 move authentication code to auth.c
15473 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
15475 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
15476 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
15477 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
15478 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
15480 Move interface-related defines to interfaces.h so we don't have to
15481 include <netinet/in.h> everywhere.
15484 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
15486 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
15487 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
15488 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
15489 turns out the old DES crypt does the right thing with passwords
15490 longert than 8 characters. o Fix common typo (necesary ->
15491 necessary) o Update TODO list
15494 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
15497 set $LOGNAME when we set $USER
15500 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
15503 add comment about digital unix and interfaces.c warning with gcc
15506 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
15509 use modern paths and give examples for some of the new parser
15513 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15519 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
15520 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
15521 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
15522 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
15523 Function names should be flush with the start of the line so they
15524 can be found trivially in an editor and with grep
15527 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
15528 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
15529 free(3) is already void, no need to cast it
15532 * logging.c, sudo.c, sudo.h:
15533 catch case where cmnd_safe is not set (this should not be possible)
15536 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
15537 testsudoers.c, visudo.c:
15538 Stash the "safe" path (ie: the one listed in sudoers) to the command
15539 instead of stashing the struct stat. Should be safer.
15542 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
15544 * INSTALL, Makefile.in, UPGRADE:
15545 notes on updating from an earlier release
15552 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
15554 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
15555 sudoers.man, sudoers.pod:
15556 You can now specifiy a host list instead of just a host or alias.
15557 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
15564 * parse.yacc, sudo.tab.c:
15565 Move the push from the beginning of cmndspec to the end. This means
15566 we no longer have to do a push at the end of privilege, just reset
15570 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
15571 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
15572 use "!" most everywhere
15575 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
15578 modernize paths and update su example based on sample.sudoers one
15582 New runas semantics
15585 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
15587 In estrdup(), do the malloc ourselves so we don't need to rely on
15588 the system strdup(3) which may or may not exist. There is now no
15589 need to provide strdup() for those w/o it. Also, the prototype for
15590 estrdup() was wrong, it returns char * and its param is const.
15598 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
15601 * CHANGES, TODO, parse.yacc, sudo.tab.c:
15602 It is now possible to use the '!' operator in a runas list as well
15603 as in a Cmnd_Alias, Host_Alias and User_Alias.
15606 * logging.c, sudo.h:
15607 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
15611 Definitions of *_matched were wrong--user top, not top-2 as
15615 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
15616 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
15617 command but the NOPASSWD flag was set. Make runasspec, runaslist,
15618 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
15619 in the runas list Fix double printing of '%' and '+' for groups and
15620 netgroups respectively Add *_matched macros (no need for local stack
15621 variable). Should only be used directly after a pop (since top must
15625 * aclocal.m4, configure.in:
15626 Add copyright, somewhat silly
15629 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15631 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
15632 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
15633 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
15634 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
15635 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
15636 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
15637 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
15638 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
15640 Crank version to 1.6 and combine copyright statements
15644 Use ! not ^ to do negation
15647 * lex.yy.c, sudo.tab.c:
15651 * parse.lex, parse.yacc:
15652 Make runas and NOPASSWD tags persistent across entris in a command
15653 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
15654 runas or *PASSWD tag the value given becomes the new default for the
15655 rest of the command list.
15658 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
15662 [a1ae9d4a7d54] [SUDO_1_5_9]
15665 Shift return value of system(3) by 8 to get real exit value and if
15666 it is not 1 or 0 print the retval along with the error message.
15669 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15672 testsudoers needs LIBOBJS too
15675 * parse.c, parse.yacc, sudo.tab.c:
15676 Fix another parser bug. For a sudoers entry like this: millert
15677 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
15685 * parse.yacc, sudo.tab.c:
15686 Save entries that match a ! command on the matching stack too
15690 Make sudo's usage info better when mutually exclusive args are given
15691 and don't rely on argument order to detect this; nick@zeta.org.au
15694 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
15696 * CHANGES, Makefile.in, RUNSON:
15704 * parse.yacc, sudo.tab.c:
15705 Fix off by one error introduced in *alloc changes
15708 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
15709 check_sia.c, compat.h, config.h.in, configure, configure.in,
15710 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
15711 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
15712 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
15713 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
15714 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
15715 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
15716 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
15720 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
15721 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
15722 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
15723 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
15724 Use emalloc/erealloc/estrdup
15728 error checking memory allocation routines
15731 * parse.yacc, sudo.tab.c:
15732 Still not right, this fixes it for real
15735 * parse.yacc, sudo.tab.c:
15736 Fix for previous commit
15739 * CHANGES, INSTALL, parse.yacc:
15740 Fix a parser bug that was exposed when mixing different runas specs
15741 and ! commands. For example: millert ALL=(daemon)
15742 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
15743 as well as daemon when it should just allow daemon. The problem was
15744 that comma-separated commands in a list shared the same entry on the
15745 matching stack. Now they get their own entry iff there is a full
15746 match. It may be better to just make the runas spec persistent
15747 across all commands in a list like the user and host entries of the
15748 matching stack. However, since that is a fairly major change it
15749 should gets its own minor rev increase.
15752 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
15754 * check.c, config.h.in:
15755 Simplify PAM code and fix a PAM-related warning on Linux
15758 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
15772 * check.c, configure.in:
15773 new pam code that works on solaris, should work on linux too;
15777 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15784 only include strings.h if there is no string.h
15787 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
15790 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
15793 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15796 shost must be set before log functions are called #ifdef HOST_IN_LOG
15799 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
15801 * CHANGES, lex.yy.c, parse.lex:
15802 Fix a bug wrt quoting characters in command args. Stop processing
15803 an arg when you hit a backslash so the quoted-character detection
15807 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
15810 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
15813 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
15815 * configure, configure.in:
15816 add missing case statement so --without-sendmail works
15819 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15825 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
15827 * configure, configure.in:
15828 only search for -lsun in irix <= 4.x
15831 * configure, configure.in:
15832 back out last configure.in change now that I've hacked autoconf to
15833 fix the real problem and add a missing newline
15841 add def of dirfd() for those without it
15844 * configure, configure.in:
15845 When falling back to checking for socket() when linking with
15846 "-lsocket -lnsl" check for main() instead since autoconf has already
15847 cached the results of checking for socket() in -lsocket. This is
15848 really an autoconf bug as it should use the extra libs as part of
15849 the cache variable name.
15856 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
15859 fix occurrence of $with_timeout that should be
15860 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
15864 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
15866 * sudo.cat, sudo.html, sudo.man, sudo.pod:
15867 fix grammar; espie@openbsd.org
15868 [7031d9dfbc3e] [SUDO_1_5_8]
15870 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15872 * parse.yacc, sudo.c, testsudoers.c:
15873 add cast for strdup in places it does not have it
15876 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
15878 * configure, configure.in:
15879 define for_BSD_TYPES irix
15882 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
15884 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
15885 Make it clear that it is the user's password, not root's, that we
15890 If the user enters an empty password and really has no password,
15891 accept the empty password they entered. Perviously, they could
15893 *but* an empty password. Also, add GETPASS macro that calls either
15894 tgetpass() or getpass() depending on how sudo was configured.
15895 Problem noted by jdg@maths.qmw.ac.uk
15898 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
15900 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
15901 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
15902 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
15903 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
15904 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
15905 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
15907 add explicate copyright
15911 mention -lsocket, -lnsl configure changes
15914 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
15917 Don't clobber errno after calling check_sudoers().
15920 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
15922 * configure, configure.in:
15923 When linking with both -lsocket and -lnsl be sure to do so in that
15924 order. Also, when we can't find socket() or inet_addr() and have to
15925 try linking with both libs, issue a warning.
15928 * sudo.cat, sudo.man, sudo.pod:
15929 clarify bad timestamp and fmt
15932 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
15935 be clear that pam is linux-only and add a RUNSON entry
15938 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
15940 * CHANGES, INSTALL, configure, configure.in:
15941 fix and correctly document --with-umask; problem noted by
15945 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15947 * configure, configure.in:
15948 only use /usr/{man,catman}/local to store man pages if suer didn't
15949 override prefix or mandir
15952 * INSTALL, configure, configure.in:
15953 fix typo, make --with-SecurID take an arg
15956 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
15962 * CHANGES, INSTALL, check.c, configure, configure.in:
15963 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
15966 * configure, configure.in:
15967 better fix for the problem of unresolved symbols in -lnsl or
15971 * configure, configure.in:
15972 when checking for functions in -lnsl and -lsocket link with both of
15973 them to avoid unresolved symbols on some weirdo systems
15976 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15978 * BUGS, CHANGES, RUNSON, TODO:
15979 old changes that didn't make it into RCS before the RCS->CVS switch
15982 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15984 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
15985 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
15986 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
15987 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
15988 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
15989 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
15990 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
16003 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
16004 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
16005 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
16006 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
16007 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
16008 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
16009 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
16010 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
16011 crank version and regen files
16015 kill rcs goop in update_version and fix now that version is a const
16018 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
16019 sudo.c, sudo.h, sudo.pod:
16020 kerb5 support from fcusack@iconnet.net
16023 * realpath.c, sudo_realpath.c:
16024 we no longer use realpath
16028 replaced by find_path.c
16032 all options are now configure flags
16040 superceded by getcwd.c
16044 superceded by tgetpass.c
16048 superceded by RUNSON
16052 No longer used now that we have configure options for everything.
16056 regen based on configure.in
16059 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
16060 sudoers.man, visudo.cat, visudo.html, visudo.man:
16061 regen based on sudo.pod, sudoers.pod, and visudo.pod
16064 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
16067 fix tty tickets in remove_timestamp (didn't use ':')
16070 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
16073 close sock when we are done with it
16076 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
16079 never say "error on line -1"
16082 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
16085 check for -lnsl before -lsocket
16089 quote '[', ']' used in ranges correctly
16092 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
16095 add missing NO_ROOT_SUDO noted by drno@tsd.edu
16098 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
16105 more info for 1.5.7
16113 make increases of cm_list_size and ga_list_size be similar to
16114 increases of stacksize (ie: >= not > in initial compare).
16118 when we get a syntax error, report it for the previous line since
16119 that's generally where the error occurred.
16122 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
16124 * config.h.in, configure.in, interfaces.c:
16125 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
16127 [d197f31fd1e4] [SUDO_1_5_7]
16130 define BSD_COMP for svr4
16133 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
16134 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
16135 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
16136 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16141 kill check for sockio,h
16145 no more HAVE_SYS_SOCKIO_H
16148 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
16149 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
16150 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
16151 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16155 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
16158 add missing inform_user()
16161 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
16164 return NOT_FOUND if given fully qualified path and it does not exist
16165 previously it would perror(ENOENT) which bypasses the option to not
16170 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
16174 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
16177 tty tickets are user:tty now
16181 when using tty tickets make it user:tty not user.tty as a username
16182 could have a '.' in it
16185 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
16188 add "ignoring foo found in ." for auth successful case
16191 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
16194 add missing printf param
16197 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
16199 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
16200 go back to printing "command not found" unless --disable-path-info
16201 specified. Also, tell user when we ignore '.' in their path and it
16202 would have been used but for --with-ignore-dot.
16206 Only one space after a colon, not two, in printf's
16209 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
16212 document setting $USER
16216 fix bugs with prompt expansion
16220 set $USER for root too
16223 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
16230 HP-UX's iscomsec is in -lsec, not libc
16234 remove some entries in the OS case statement that did nothing
16238 add "cd" section and flush out syslog section
16242 no more sudo-lex.yy.c
16246 add custom prompt support
16250 kill perror("malloc") since we already have a good error messages
16251 pw_ent -> pw for brevity
16255 kill perror("malloc") since we already have a good error messages
16256 pw_ent -> pw for brevity set $USER if -u specified
16260 kill perror("malloc") since we already have a good error messages
16264 kill perror("malloc") since we already have a good error messages
16265 pw_ent -> pw for brevity when checking if %group matches, look up
16266 user in password file so that %groups works in a RunAs spec.
16270 kill perror("malloc") since we already have a good error messages
16273 * check.c, getspwuid.c, interfaces.c:
16274 kill perror("malloc") since we already have a good error messages
16275 pw_ent -> pw for brevity
16278 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
16281 the prompt is expanded before tgetpass is called
16285 tgetpass now has the same args as getpass again
16289 add iscomsec, issecure support
16293 we now expand any %h or %u in the prompt before passing to tgetpass
16297 add check for syslog(3) in -lsocket, -lnsl, -linet
16301 add HAVE_ISCOMSEC and HAVE_ISSECURE
16305 add check for iscomsec in HP-UX
16309 check for issecure if we have getpwanam on SunOS some options are
16310 incompatible with DUNIX SIA check for dispcrypt on DUNIX
16313 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16320 add back support for non-dispcrypt based checking for older DUNIX
16328 SIA becomes the default on Digital UNIX now havbe --disable-sia to
16333 move local includes after system ones
16336 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
16338 * check.c, check_sia.c, sudo.h:
16339 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
16344 fix while loop in sia_attempt_auth() that checks the password. Only
16345 the first iteration was working.
16348 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
16351 don't trust UID_MAX or MAXUID
16362 * getspwuid.c, secureware.c:
16363 init crypt_type to INT_MAX since it is legal to be negative in DUNX
16368 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
16369 -ldb since DUNX < 4.0 lacks it
16372 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
16374 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
16375 secureware.c, sudo.c, tgetpass.c:
16376 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
16377 minutes if the shadow files don't exist).
16380 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
16383 updated --with-editor blurb
16387 tell how to put sudoers in a different dir
16391 add missing quotes around $with_editor
16395 typo in --with-editor bits
16399 I don't expect it to work on Solaris
16403 add back security/pam_misc.h
16406 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
16409 remove dunix note since configure checks for this now
16413 add check for broken dunix prot.h (4.0 < 4.0D is bad)
16416 * getspwuid.c, secureware.c, tgetpass.c:
16417 new dunix shadow code, use dispcrypt(3)
16425 call initprivs() if we have it for getprpwuid later on
16429 clean pathnames.h too
16433 quote "Sorry, try again." with [] since it has a comma in it set
16434 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
16435 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
16440 update Digital UNIX note about acl.h
16445 --without-root-sudo -> --disable-root-sudo some reordering
16452 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
16460 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
16463 when checking for -lsocket, -lnsl, and -linet, check for the
16464 specific functions we need from them.
16467 * config.h.in, sudo.h:
16468 move Syslog_* defs into sudo.h
16471 * Makefile.in, sudo.h:
16472 added check_secureware
16476 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
16480 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
16481 defined. configure now does that for us
16485 move some --with options around change a bunch of echo's to
16486 AC_MSG_CHECKING, AC_MSG_RESULT pairs
16490 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
16491 syntax error add some echo verbage
16494 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
16497 moved SecureWare stuff into secureware.c
16505 update url to solaris gcc bins
16509 change option formatter and flesh out someentries
16512 * TROUBLESHOOTING, sudo.pod, visudo.pod:
16513 environmental variable -> environment variable
16517 everything is now done via configure
16525 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
16529 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
16533 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
16534 sudoers_mode from configure
16538 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
16539 the Makefile, not config.h
16543 document all --with/--enable options
16546 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
16549 options.h is no more
16553 assimilated options.h
16557 moved options from options.h to configure
16560 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
16561 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
16562 sudo_setenv.c, visudo.c:
16566 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
16567 remove references to options.h
16570 * dce_pwent.c, interfaces.c, sudo.c:
16575 if select return < -1 still prompt for pw
16579 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
16584 FAST_MATCH is no longer an optino
16588 remove_timestamp() if timestamp is preposterous
16592 convert more options to --with/--enable
16595 * INSTALL, aclocal.m4:
16600 convert more options into --with and --enable
16604 catch EINTR in select and restart
16611 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
16614 UMASK -> SUDO_UMASK.
16617 * check.c, logging.c:
16618 time.h, not sys/time.h
16621 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
16624 MAILER -> _PATH_SENDMAIL
16627 * INSTALL, configure.in:
16628 no more --with-C2, now it is --disable-shadow
16631 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
16632 getspwuid.c, sudo.c, tgetpass.c:
16633 new shadow password scheme. Always include shadow support if the
16634 platform supports it and the user did not disable it via configure
16637 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
16640 --with-getpass -> --{enable,disable}-tgetpass
16644 pathnames.h -> pathnames.h.in
16652 move pam_conv to be static to auth function remove pam_misc.h
16653 (solaris doesn't have one)
16657 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
16661 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
16665 convert to pathnames.h.in
16668 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16671 fix typo in sysv4 matching case /.
16674 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
16677 pam stuff needs to run as root, not user, for shadow passwords
16680 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
16682 * BUGS, INSTALL, README, configure.in:
16686 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
16687 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
16688 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
16689 logging.c, options.h, parse.c, parse.lex, parse.yacc,
16690 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
16691 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16696 user version.h for long message
16700 this is version 1.5.6
16703 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
16706 remove errant backslash
16709 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
16711 * options.h, parse.yacc, pathnames.h.in:
16713 [fdee73255d64] [SUDO_1_5_6]
16715 * BUGS, CHANGES, TODO:
16723 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
16726 kill unused localhost_mask var copy if name to ifr_tmp after we zero
16730 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
16733 Better description of new vs. old sudoers modes fix some typos
16734 better description of /usr/ucb/cc gotchas on slowaris
16742 set NewArgv[0] to user_shell, not basename(user_shell)
16745 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
16748 mention TROUBLESHOOTING more fix some typos
16752 move --enable/--disable to be after --with
16756 document --enable/--disable
16760 document --with-pam
16763 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
16766 Add message for pam users
16777 * check.c, config.h.in, configure.in:
16778 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
16781 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
16784 add HOST_IN_LOG and WRAP_LOG
16788 add WRAP_LOG and HOST_IN_LOG
16792 add --enable-log-host and --enable-log-wrap
16796 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
16799 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
16806 include sys/param.h to get howmany macro
16809 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
16811 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
16815 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
16818 bring in stdio.h for NULL
16822 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
16826 use HAVE_SET_AUTH_PARAMETERS
16830 add HAVE_SET_AUTH_PARAMETERS
16834 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
16838 add support for HI-UX/MPP SR220001 02-03 0 SR2201
16842 initialize previfname
16846 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
16847 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
16856 don't need special build line for sudo.tab.o
16860 don't clean sudo.tab.[ch]
16864 Sudo should prompt for a password before telling the user that a
16865 command could not be found.
16873 no longer require yacc
16881 y.tab -> sudo.tab include pre-yacc'd parse.yacc
16885 include sudo.tab.h, not y.tab.h don't break out of command args if
16893 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
16902 getcwd(3) from OpenBSD for those without it.
16906 HAVE_GETWD -> HAVE_GETCWD
16910 pretend sunos doesn't have getcwd(3) since it opens a pipe to
16919 remove duplicate include of string.h
16923 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
16927 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
16931 add dev_t and ino_t
16934 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
16937 fix OTP_ONLY for opie
16940 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
16942 * testsudoers.c, tgetpass.c:
16943 include stdlib.h for malloc proto
16946 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
16949 make update_version saner
16953 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
16957 check for waitpid and wait3 or no waitpid
16961 used waitpid or wait3 if we have 'em
16964 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
16967 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
16970 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
16973 don't need to explicately mention -lsocket -lnsl for sequent
16976 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
16979 dynix should not link with -linet
16982 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
16985 mention that HP-UX doesn't ship with yacc
16988 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
16991 ignore kerberos if we can't get the local realm
16994 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
16996 * BUGS, INSTALL, README, configure.in:
17004 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
17005 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
17006 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
17007 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
17016 don't use popen/pclose. Do it inline.
17027 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
17028 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
17033 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
17038 getwd.c -> getcwd.c
17050 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
17054 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
17056 * OPTIONS, options.h:
17057 add STUB_LOAD_INTERFACES
17060 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17061 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17062 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17063 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17064 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17065 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17070 support *-ccur-sysv4 and fix two typos
17073 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
17076 don't echo about with_logfile and with_timedir
17080 document --with-logfile and --with-timedir
17084 support --with-logfile and --with-timedir
17088 Add --with-logfile and --with-timedir
17092 change size computation of NewArgv for UNICOS
17095 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
17098 treate -*-sysv4* like *-*-svr4
17101 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
17104 fix spacing for --with-authenticate help
17107 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17108 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17109 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17110 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17111 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17112 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17117 fix off by one error in push macro
17120 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
17123 removed bogus alloca hack
17127 added AIX 4.x authenticate() support
17131 include alloca.h if using bison and not gcc and it exists. fixes an
17132 alloca problem on hpux 10.x
17136 mention --with-authenticate
17140 added AIX authenticate() support
17144 add HAVE_AUTHENTICATE
17148 dynamically size ifconf buffer
17155 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17156 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17157 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17158 logging.c, options.h, parse.c, parse.lex, parse.yacc,
17159 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17160 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17168 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
17171 add busy stmp file explanation
17174 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
17177 the name of the cached var that signals whether or not you are cross
17178 compiling changed. It is now ac_cv_prog_cc_cross
17181 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
17184 mention glibc 2.07 is fixed wrt lsearch()\.
17187 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
17189 * sample.sudoers, sudoers.pod:
17190 better example of su but not root su
17193 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
17195 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17196 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17197 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17198 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17199 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17200 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17205 correct regexp for updating version
17209 remove bogus flush of stderr spew prompt before turning off echo.
17210 Seems to fix a weird problem where if sudo complained about a bogus
17211 stamp file the user would sometimes not have a chance to enter a
17216 fix bogus flush of stderr
17220 close fd's <=2 not <=3 and move that chunk of code up
17224 support hpux1[0-9] not just hpux10
17227 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
17230 set sudoers_fp to nil after closing
17233 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
17235 * config.guess, config.sub:
17236 updated from autoconf 2.12
17243 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
17246 fix select usage for high fd's (dynamically allocate readfds)
17250 kill extra whitespace
17254 do an initgroups() before running a command, unless the target user
17258 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
17261 tell people to use tabs, not spaces, in syslog.conf
17264 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
17266 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
17267 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
17271 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
17272 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
17276 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17277 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
17282 more tweaks to update_version
17286 fixed up update_version rule
17294 removed supe of check.c
17305 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17306 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
17307 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17308 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
17309 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
17310 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
17320 add rules to update version stuff in files so I don't need to do it
17325 sudoers_fp is now extern
17329 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
17330 don't have to open it again in the parse. This may help with weird
17331 solaris problems where EAGAIN sometime occurrs.
17335 sudoers file open is now done only in check_sudoers() so we just do
17336 a rewind() instead of an open. May help people on solaris who were
17340 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17343 mention that newer glibc is fixed
17346 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
17349 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
17350 _RLD* instead of _RLD_*
17358 fix that bug for real
17362 document Linux's libc6 brokenness.
17371 [4949a1bbd0a9] [SUDO_1_5_4]
17374 remind people to HUP syslogd
17390 remove author's email addr. people should mail sudo-bugs
17397 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
17398 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
17399 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
17400 logging.c, options.h, parse.c, parse.lex, parse.yacc,
17401 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17402 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
17410 * INSTALL, Makefile.in:
17419 exit(1) if user enters no passwd
17427 commands can start with ./* not just /* -- fixes a serious security
17431 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17434 Don't set the tty variable to NULL when we lack a tty, leave it as
17438 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17441 fix usage of (username) in conjunction with , and !
17445 catch the case where the user is not in the passwd file
17449 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
17454 define tty global to an initial value to avoid dumping core in
17455 logging functions when passwd file is unavailable.
17459 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
17464 talk about problem of ALL
17467 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
17474 fdesc bug is fixed in Open/Net BSD
17478 updates from Nieusma
17481 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17484 move compat.h after the system includes
17487 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17490 save errno from being clobbered by wait(). From Theo
17493 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
17496 fix an occurence of setresuid -> setreuid (typo)
17499 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
17502 check for path to strip
17505 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17508 deal with maxfilelen < 0 case
17515 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
17518 correct error message if mode/owner wrong and not statable by owner
17519 but is statable by root.
17522 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17524 * config.guess, config.sub:
17528 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
17530 * CHANGES, RUNSON, TODO:
17534 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
17536 * parse.yacc, sudo.h:
17537 command_alias -> generic_alias
17538 [c404ca8c510d] [SUDO_1_5_3]
17541 added Runas_Alias example and fixed syntax errors
17544 * OPTIONS, options.h:
17545 updated MAILSUBJECT
17552 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17553 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
17554 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17555 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
17556 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
17557 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
17562 * BUGS, emul/utime.h:
17567 document Runas_Alias
17575 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
17580 add size params to sprintf
17584 allow trailing space after '\\' but before '\n'
17588 off by one error in path size check
17595 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17602 now warns if killed by signal ./
17605 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
17608 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
17613 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
17617 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
17621 Add Runas_Alias and simplify a rule.
17625 always store User_Alias's since they can be used inside of a runas
17626 list. Sigh. Really need a Runas_Alias instead.
17629 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
17632 deal with case where there is no sudoers file
17635 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
17641 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
17643 * HISTORY, testsudoers.c:
17644 developement -> development
17659 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
17662 removed seteuid() notes
17663 [1010a60f281d] [SUDO_1_5_2]
17665 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17668 better seteuid() emulatino
17672 added check for seteuid
17679 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
17682 first stab at sequent support
17686 added HAVE_SYS_SELECT_H
17690 sequent -> _SEQUENT_
17694 added seteuid() macro for DYNIX
17698 _AIX -> HAVE_SYS_SELECT_H
17701 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
17703 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
17704 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
17705 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17709 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
17710 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
17711 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
17712 pathnames.h.in, version.h:
17717 added -H and SUDO_PS1
17721 use SUDO_FUNC_FNMATCH
17725 added SUDO_FUNC_FNMATCH
17733 added MODE_RESET_HOME /
17736 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
17750 * compat.h, config.h.in:
17755 added HAVE_OPIE and changed to *_OTP_*
17762 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
17765 moved fclose() in skey stuff.
17768 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
17771 index -> strchr remove unnecesary stuff
17775 now call skeychallenge() to get challenge instead of making one up
17776 ourselves. this way, we get extra goodies in the prompt.
17779 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
17783 [3f5149357e2a] [SUDO_1_5_1]
17786 allow logins to start with a number (YUCK!)
17789 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
17792 added soalris 2.5 vs 2.4 note
17796 DUNIX doesn't need -lnsl
17800 *** empty log message ***
17803 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
17804 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
17805 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
17806 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
17807 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
17808 utime.c, version.h, visudo.c:
17812 * PORTING, README, RUNSON:
17816 * INSTALL, Makefile.in, TROUBLESHOOTING:
17821 *** empty log message ***
17824 * sudo.pod, visudo.pod:
17828 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
17834 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
17837 added $SUDO_PROMPT support
17840 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
17843 print long skey challemged to stderr, not stdout
17846 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
17856 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
17862 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
17865 use shost, not host for tgetpass
17869 documented %u and %h
17873 documented %u and %h
17880 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17881 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17882 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17883 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17884 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17885 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
17893 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
17895 * Makefile.in, configure.in, version.h:
17900 new tgetpass() params
17904 pass use and host to tgetpass
17908 added %u and %h escapes
17911 * OPTIONS, check.c, options.h:
17916 added cray (unicos) support
17919 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
17921 * OPTIONS, options.h, sudo.c:
17922 added SHELL_SETS_HOME
17925 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
17928 added note about "make install"
17932 changed length/size params from int to size_t
17936 now get CSOPS insults as well by default
17940 use csops insults too by default
17943 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
17948 added runas_homedir
17964 added "upgrading" notes
17967 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
17970 now do chmod and chown after edit of temp file and before rename
17971 [de174e34faa7] [SUDO_1_5_0]
17973 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
17976 ++version added INSTALL.configure
17979 * configure.in, version.h:
17984 *** empty log message ***
17992 sets $HOME to pw_dir of runas user
17996 document $HOME change
17999 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
18002 fixed up some wording
18005 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
18006 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
18007 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
18012 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
18013 insults.h, options.h, pathnames.h.in, sudo.h:
18022 name nad type changes
18026 now works with new sudo
18034 some variable name changes + comment headers for functions.
18038 added extra paren's to make compilers happy
18042 *** empty log message ***
18046 now uses init_parser() if not in sudoers and tries "list" or
18047 "validate" scold but don't be nasty.
18051 now can use upper case login names
18055 now uses init_parser()
18063 added info about PASSWORD_TIMEOUT
18066 * INSTALL.configure:
18075 now dynamically allocates memory for the stacks -- no more
18080 -l now explands command aliases
18084 hacks to expand command aliases for `sudo -l'
18088 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
18092 added struct command_alias
18100 in compar() key should be first arg
18103 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
18110 can now deal with upcase HOST and USER names
18114 don't yell too loudly at non-sudoers if they do "sudo -l"
18125 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
18127 * parse.c, parse.yacc:
18128 added support for new `sudo -l' stuff
18132 now uses list_matches()
18136 added struct sudo_match
18140 now more -lgnumalloc
18143 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
18146 added more paths for chown and whoami
18149 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
18155 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
18158 fixed DUNIX check for shadow pw
18162 now only turn off echo if it is already on. this fixes a race when
18163 you use sudo in a pipelin
18171 changed "test -z $foo && do_this" to if; then construct
18174 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
18177 added missing defines of SHADOW_TYPE
18180 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
18183 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
18188 added AUTH_CRYPT_C1CRYPT support
18192 no longer return VALIDATE_NOT_OK if there was a runas that didn't
18193 match. Now we can have runas stuff on more than one line.
18196 * getspwuid.c, sudo.c, tgetpass.c:
18197 use SHADOW_TYPE instead of HAVE_C2_SECURITY
18201 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
18206 removed HAVE_C2_SECURITY added SPW_BSD
18210 use SHADOW_TYPE instead of HAVE_C2_SECURITY
18214 SHADOW_TYPE is always defined so just against its value
18218 added SUDO_CHECK_SHADOW_DUNIX
18221 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
18224 * -> ?* in one example added another instance of (runas) and one of
18228 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
18231 added back check for config.cache from other host type
18235 removed an instance of \"
18243 updated wrt new wildcard matching
18247 new check for shadow passwords if we don't know anything
18251 new SUDO_CHECK_SHADOW_GENERIC
18255 added back check for -lsocket (oops)
18259 better (working) check for shadow passwd type if we know to use C2.
18263 now uses AC_CANONICAL_HOST to figure out os type
18267 added config.{guess,sub}
18271 removed unused stuff to figure out os type
18287 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
18288 pathname. need to check against sudoers_args even if user_args is
18293 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
18294 pathname need to check against sudoers_args even if user_args is nil
18297 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
18300 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
18304 now takes command line args and uses cmnd_args
18308 fill_args was adding an extra leading space
18311 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
18314 fixed dummy command_matches()
18326 now uses flat args string
18329 * parse.c, parse.lex:
18330 now uses flat arg string
18334 added cmnd_args def
18338 now sets cmnd_args global
18342 cmnd_args is now exported from sudo.[ch]
18345 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
18348 can't rely on cmnd_matches as much as I thought -- added some $$
18349 stuff back in to prevent namespace pollution problems.
18353 Simplified parse rules wrt runas and NOPASSWD (more consistent).
18356 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
18359 NOPASSWD may now have blanks before the ':' '(' only starts a
18360 'runas' if in the initial state to avoid collision with command args
18364 added checks for specific shadow passwd schemes
18368 added routines to check for specific shadow passwd types
18371 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
18374 added support for ncr boxen
18378 added support for detecting ncr boxen
18381 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
18384 added sinix support
18387 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
18390 added info about "config.cache from other other" error.
18394 now makes sure you don't have a config.cache file from another OS
18398 now sets $LIBS when needed to configure links with libs when doing
18399 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
18400 bigcrypt(3) if SPW_SECUREWARE
18408 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
18416 no more SPW_HPUX10 added HAVE_BIGCRYPT
18420 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
18424 SPW_SECUREWARE now uses bigcrypt
18427 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
18430 fixed 2 syntax errors
18434 root may now run ALL as ALL
18437 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
18440 fixed a typo/thinko that broke BSD's with sa_len
18443 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
18445 * check.c, configure.in:
18446 updated AFS support
18450 added entry about /usr/ucb/cc
18454 prep no longer holds gcc binaries
18466 AFS allows long passwords
18470 fixed -u user support
18474 sudo -v now groks VALIDATE_OK_NOPASS
18478 fixed no_passwd vs. runas_matched
18482 took out stuff about NFS-mounting since it is no longer an issue
18486 added --with-libraries > --with-libpath --with-incpath
18490 was setting runas_matches to -1 in wrong place
18494 removed usersec.h which is not present in new AFS versions
18498 now deals with timeout <= 0
18506 BSD/OS >= 2.0 now uses shlicc instead of just gcc
18510 fixed backwards compatibility with sudo 1.4 sudoers mode for root
18511 readable/writable filesystems
18515 now gives INSTALL -c flag
18519 slightly simpler initialization of no_passwd and runas_matches
18523 added -u username support
18527 improved --with-libraries support
18530 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
18533 added --with-incpath, --with-libpath, --with-libraries
18537 now initializes some fields that weren't getting set to -1 pretty
18538 gross -- need a rewrite.
18541 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
18548 no longer add -lPW to *_LIBS since we include alloca.c
18552 added HAVE_ALLOCA_H
18567 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
18570 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
18571 not always set to a valid uid.
18575 fixed entry for SUDO_MODE
18579 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
18580 being set to -2. Now beat NFS to the punch and set uid to "nobody"
18581 ourselves, preserving group 0 to read sudoers.
18585 moved set_perms(PERM_ROOT) to be before yyparse()
18593 no longer need AC_PROG_INSTALL
18597 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
18601 make clean -> make distclean
18604 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
18607 removed some unnecsary if's
18610 * Makefile.in, version.h:
18614 * parse.c, testsudoers.c:
18615 now includes netgroup.h
18619 removed cats of ioctl to int since they didn't shut up -Wall
18623 explicately cast ioctl() to int since it it not always declared
18627 added declarations for yyparse() and yylex()
18631 fixed an occurence of '==' -> '='
18634 * config.h.in, configure.in:
18635 added check for netgroup.h
18639 fixed 2 compiler warnings
18643 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
18647 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
18653 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
18656 fixed a formatting thingie
18659 * parse.c, parse.yacc:
18660 fixed -u support with multiple user lists on a line
18664 unixware needs -lgen
18668 updated ftp location
18672 add net_addr/netmask support
18676 added net_addr/mask example
18679 * parse.c, parse.lex:
18680 added support for net_addr/netmask
18683 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
18689 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
18699 * BUGS, TODO, TROUBLESHOOTING:
18704 updated with examples of new stuff
18712 updated wrt -u and NOPASSWD
18716 updated wrt -u and CAVEATS
18719 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18726 now use :foo: character classes (makes no diff for generated lexer)
18729 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
18732 fixed LONG_SKEY_PROMPT stuff
18735 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
18742 make more like NetBSD one -- now compiles w/o warnings
18746 fixed decls of lsearch()
18749 * config.h.in, configure.in, getspwuid.c:
18754 hpux 10 uses bigcrypt() if C2
18757 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
18760 now always uses fnmatch to match args
18764 back to using stdio instead of raw i/o since that caused some
18768 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
18771 now give usage warning if use -l,-v,-k with args
18774 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
18777 NewArgc is now set to 1 for -l, -v, -k
18781 now sets sudoers to correct group if mode is 0400
18785 updated to version used by inn and bind
18789 now uses -lgnumalloc if it exists
18793 "make install" now sets uid/gid and mode on sudoers if it exists
18797 rmeoved debugging statements
18801 added a missing free()
18805 now uses user_gid instead of getegid (which was wrong anyway) to set
18806 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
18807 (logging.c depends on args being in the environment)
18811 now uses SUDO_COMMAND envariable to get command args rather than
18812 building it up again.
18820 fixed off by one error in allocation NewArgv
18824 in sudoers, 'command ""' now means command with no args
18828 added check for fnmatch(3) and fnmatch.h
18836 replaced wildcat.* with fnmatch.*
18843 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
18846 now uses fnmatch() instead of wildmat a trailing star (*) by itself
18847 now matches multiple args added support for wildcards in the
18848 pathname in sudoers
18851 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
18854 now includes compat.h and config.h
18858 added HAVE_FNMATCH_H
18862 now checks for alloca() (if needed by bison or dce) and links with
18863 -lPW if it contains alloca() and libv and compiler do not.
18866 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
18870 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
18873 now fixes mode on sudoers if set to 0400 to aid in upgrade
18876 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
18879 fixed pod2man usage
18882 * Makefile.in, configure.in, version.h:
18886 * testsudoers.c, visudo.c:
18887 runas_user is now initialized to "root"
18891 removed PERM_FULL_ROOT
18895 runas_user defaults to "root" so no more need to PERM_RUNAS
18899 will now only running commands as root if there was no runas list
18900 (or if root is in the runas list)
18908 runas_matches is now set to false if we get a negative match
18912 make #uid work + some minor cleanup
18916 added support for NOPASSWD and "runas" from garp@opustel.com /
18920 added support for "runas" from garp@opustel.com replaced
18921 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
18926 added support for "runas" from garp@opustel.com
18930 added support for NO_PASSWD and runas from garp@opustel.com replaced
18931 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
18936 added support for NO_PASSWD and runas from garp@opustel.com replaced
18937 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
18942 added support for NO_PASSWD and runas from garp@opustel.com
18945 * parse.c, parse.lex:
18946 added support for NO_PASSWD and runas from garp@opustel.com
18950 added support for SUDOERS_WRONG_MODE and "runas"
18954 added --with-CC only link with -lshadow on linux (with shadow pw) if
18955 libc lacks getspnam()
18958 * OPTIONS, options.h:
18959 removed NO_PASSWD since it is not possible to do this in the sudoers
18960 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
18961 SUDOERS_GID. Added SUDOERS_MODE.
18965 now uses SUDOERS_UID and SUDOERS_GID
18968 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
18974 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
18977 added double quote support
18981 documented double quoting
18984 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
18991 fixed some indentation
18999 added install-dirs .
19002 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
19005 new version from "Jeff A. Earickson" <jaearick@colby.edu>
19008 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
19011 $CSOPS -> $with_csops (whoops, missed one)
19019 FQHOST now has same constraints as non-FQHOST
19023 added note about OS's w/ shadow passwords turned on by default
19026 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
19033 added support for --without-THING sanitized shadow pw situtation by
19039 fixed a typo wrt placement of an end paren
19043 was closing an fd that may not have been opened
19046 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
19048 * OPTIONS, options.h, sudo.c:
19052 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
19055 now always use shadow pw on some arches
19058 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
19061 added pyramid support
19065 no longer check for C2 if alternate passwd method is used no longer
19066 check for some libs twice
19070 moved fqdn stuff into parse.lex (FQHOST)
19078 now define TCSASOFT in necesary
19082 now uses read/write instead of stdio string goop to avoid problems
19086 * OPTIONS, find_path.c, options.h:
19087 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
19090 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
19093 added note about no shadow auto-detect if using alternate auth
19098 don't check for C2 if AFS or DCE (unless they said --with-C2)
19105 * OPTIONS, find_path.c, options.h:
19109 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
19112 checkdot now works correctly
19115 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19118 can't have DCE and C2 passwords both...
19121 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
19123 * parse.yacc, sudo.c, sudo.h, visudo.c:
19124 now uses shost even if not FQDN
19128 now looks for skey in /usr/lib and doesn't require libskey to be in
19129 /usr/local/lib just because skey.h is (for my netbsd box :-)
19132 * aclocal.m4, config.h.in, pathnames.h.in:
19133 _SUDO_PATH_ -> _CONFIG_PATH_
19136 * aclocal.m4, sudo.pod:
19137 /var/run/.odus -> /var/run/sudo
19141 now uses _SUDO_PATH_TIMEDIR
19148 * aclocal.m4, configure.in:
19153 added _SUDO_PATH_TIMEDIR
19157 updated wrt /var/run/sudo
19161 added support for shost if FQDN
19164 * parse.yacc, visudo.c:
19165 now uses shost if FQDN
19169 Now use skeylookup() instead off skeychallenge()
19172 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
19175 mail_argv should not contain ALERTMAIL as it includes "-t"
19178 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
19180 * INSTALL, Makefile.in, README, configure.in, version.h:
19185 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
19189 now includes limits.h moved _PASSWD_LEN -> compat.h
19192 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19210 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
19217 done for 1.4.1 (I hope)
19221 added info on wildcards
19225 added wildcard example
19229 now uses *.pod to build *.man and *.cat & *.html
19233 addedSUDO_PROG_BSHELL !ll
19237 fixed up some formatting
19241 redid section describing sample sudoers stuff
19245 fixed some formatting
19249 now treats "" as bourne shell
19253 TESTOBJS nwo includes wildmat.o
19257 now works with NewArg[cv]
19261 removed an XXX (fixed it in getspwuid.c)
19265 added check for bourne shell
19273 added _SUDO_PATH_BSHELL
19276 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19279 unixware vi returns 256 instead of 0
19287 fixed up some XXX's. file log format now looks a little more like
19288 real syslog(3) format.
19291 * README, TROUBLESHOOTING:
19292 updated wrt lex/flex
19296 commented out rule to build lex.yy.c from parse.lex since we ship
19297 with a pre-flex'd parser
19300 * parse.c, parse.yacc, visudo.c:
19301 path_matches -> command_matches
19305 eliminated some strcat()'s
19309 no longer checks for lex/flex (now assumes flex)
19313 now checks for $kerb_dir_candidate/krb.h instead of just
19317 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
19320 now use a 'hook' expression instead of an iffy one :-)
19323 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
19326 now works with new sudo arg stuff
19330 fixed dereferencing deadbeef
19334 changed an occurrence of Argv to NewArgv
19338 took out support for quoted commands since there is no need...
19342 fixed a typo in a for() loop
19346 protected against dereferencing rogue pointers
19350 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
19351 also allows us to eliminate some kludges in parse_args() and
19352 eliminate superfluous code.
19356 no longer uses cmnd_args, now uses NewArgv instead.
19360 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
19365 added wildmat.c to SRCS & SUDOBJS
19369 COMMAND is now a struct containing the path and args
19373 replaced append() with fill_cmnd() and fill_args. command args from
19374 a sudoers entry are now stored in an arrary for easy matching.
19378 command line args from sudoers file are now in an array like ones
19379 passed in from the command line
19382 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
19385 wildwat stuff now works
19388 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
19395 ++version added wildmat.*
19398 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
19401 added support for quoted commands (w/ or w/o args)
19404 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
19406 * sudo.pod, visudo.pod:
19407 cleaned up formatting
19410 * sudo.pod, visudo.pod:
19414 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19417 looks reasonable, could be mroe readable
19424 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19431 updated NO_ROOT_SUDO entry
19434 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19437 *** empty log message ***
19438 [5b63de579ff7] [SUDO_1_4_0]
19449 AIX aixcrypt.exp now uses $(srcdir)
19453 added entry for anal ansi compilers
19456 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19459 added info on libcrypt_i for SCO
19463 *** empty log message ***
19478 * INSTALL, OPTIONS, README, config.h.in, configure.in:
19483 ++version and fixed ISC
19486 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
19487 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
19488 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
19489 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19495 added STUB_LOAD_INTERFACES ++version
19498 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
19504 added info about fd_set in tgetpass added info on interfaces.c
19507 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
19518 tgetpass.o is now only linked in with sudo (not visudo)
19521 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19523 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
19529 added copyright notice
19532 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
19533 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
19534 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
19535 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
19536 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
19541 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
19545 ISC now gets -lcrypt now check for sys/bsdtypes.h
19549 added check for sys/bsdtypes.h
19552 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19555 removed debugging stuff (setting freed ptr to NULL)
19567 added section on syslog
19571 added AC_ISC_POSIX for better ISC support
19579 added define for _POSIX_SOURCE
19582 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
19585 fixed check for lsearch()
19588 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
19591 fixed for AIX now deal if num_interfaces == 0 (should not happen)
19594 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
19597 now only define HAVE_LSEARCH if there is a corresponding search.h
19604 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
19607 now define HAVE_LSEARCH if we find lsearch() in libcompat
19611 char * -> const char *
19615 now looks in -lcompat for lsearch()
19619 remove sudo.core visudo.core for clan target
19623 added UID_MAX support in check for MAX_UID_T_LEN
19627 fixed another occurence of sudo_getpwuid.*
19630 * Makefile.in, getspwuid.c:
19631 sudo_getpwuid.c -> getspwuid.c
19638 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
19639 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
19640 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
19641 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
19642 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
19643 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19644 version.h, visudo.c:
19649 added group support
19657 documented group support
19660 * parse.c, parse.lex, parse.yacc, visudo.c:
19661 added group support
19664 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
19667 tkfile was too short and overflowed the kerberos realm
19670 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
19673 now copy command args directly from Argv
19677 replaced code to copy cmnd_args so that is does not use realloc
19678 since most realloc()'s really stink
19681 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
19684 syslog() fixed in hpux 10.01
19687 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
19690 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
19694 better error if cannot find skey incs or libs
19698 now use a temp file for determining max len of uid_t in string form.
19699 the old hacky way broke on netbsd
19703 added set of parens and a space
19706 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
19709 fixes from Jeff Earickson <jaearick@colby.edu> ,
19717 fixed up testsudoers target
19721 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
19722 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
19726 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
19730 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19733 fix for C2 on hpux 10 now uses -linet if it exists
19737 LONG_SKEY_PROMPT is less of a klusge /
19741 fixed typos w/ dce stuff
19748 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19751 amended section on combining authentication mechanisms
19755 minor updates for 1.3.6
19759 added 2 more entries
19771 rewrote for sudo 1.3.6
19778 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19780 * find_path.c, getspwuid.c, sudo.c:
19781 added explict casts for strdup since many includes don't prototype
19786 removed prototype for sudo_getpwuid() since convex C compiler choked
19791 added prototype for sudo_getpwuid()
19795 now compiles on strict ANSI compilers
19799 added LONG_SKEY_PROMPT support
19803 added extra $'s for make to eat up, yum.
19806 * OPTIONS, options.h:
19807 added LONG_SKEY_PROMPT
19810 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19813 s/key support now works with normal s/key as well as logdaemon
19816 * OPTIONS, options.h:
19821 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
19825 added DCE note added more AIX notes
19829 now include pthread.h for DCE support
19833 dce_pwent() is ok after all .,
19837 now uses SYSLOG() macro that equates to either syslog() or
19842 minor formatting changes. renamed check() to somthing less generic
19845 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
19847 now uses user_pw_ent and simple macros to get at the contents
19850 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19853 simpler dec unix C2 support
19857 now sets crypt_type for DEC unix C2
19860 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
19863 added csops paths for skey
19867 now includes string.h for strdup() prototype
19875 now includes skey.h
19883 moved a lot of the shadow passwd crap to sudo_getpwuid()
19887 now uses sudo_pw_ent
19891 now uses sudo_pw_ent
19895 now sets sudo_pw_ent
19903 moved dce stuff into compat.h
19906 * logging.c, sudo.h:
19907 now uses sudo_pw_ent
19911 added sudo_getpwuid.c
19919 now uses sudo_pw_ent
19922 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
19925 fixed exempt_group stuff for OS's that don't put base gid in group
19930 S/Key support now works with sunos4 shadow passwords
19937 * config.h.in, configure.in:
19946 first stab at dce support
19950 now smells like sudo
19958 skey'd sudo now works w/ normal password as well
19961 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
19963 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
19964 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
19965 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
19966 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
19967 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19968 version.h, visudo.c:
19969 updated version number
19973 updated to reflect version change
19977 --with options now line up ++version
19981 removed unecesary S/Key stuff
19985 fixed S/Key support
19989 -I stuff now goes in CPPFLAGS
20001 fixed description of EXEMPTGROUP
20005 more people use _RLD_ than just alphas...
20009 replaced $man_prefix with $mandir
20017 now use more GNU'ish dir names
20021 now set *dir correctly (can override from command line)
20025 now deal with situations where we getwd() fails
20028 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
20031 added etc_dir, bin_dir, sbin_dir
20039 now ship a flex-generated lex.yy.c
20043 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
20047 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
20051 no more error for redefining SUDOERS_OWNER
20055 expanded SUDOERS_OWNER section
20058 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
20061 now warn if chown(2) failed
20065 better default warning for NO_SUDOERS_FILE
20069 added missing set_perms() no more cryptic message if the sudoers
20070 file is zero length, now just give a parse error
20074 better diagnostics if NO_SUDOERS_FILE
20078 check_sudoers() now catches sudoers files that are not readable (but
20082 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
20085 now add -D__STDC__ for convex cc (not gcc)
20089 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
20093 now uses exec_prefix & prefix from configure
20096 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
20097 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
20099 options.h is now <> instead of "" so shadow build trees can have a
20100 custom copy of options.h
20104 user_is_exempt() is no longer a hack, it now uses getgrnam()
20108 EXEMPTGROUP is now "sudo"
20112 MAN_POSTINSTALL now contains a leading space
20116 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
20117 testsudoers in clean:
20121 includes pwd.h to get _PASSWD_LEN definition
20124 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
20127 unset the KRB_CONF envariable if using kerberos so we don't get
20128 spoofed into using a bogus server
20131 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
20134 now explicately initialize match[] tp be FALSE
20137 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
20140 removed unused variable now passes -Wall
20144 yyerror and dumpaliases are now void's now passes -Wall
20148 added prototype for yyerror
20151 * check.c, logging.c, parse.c:
20156 rmeoved unused cruft now passes -Wall
20160 fixed headers that moved to emul dir
20164 fixed deref of nil pointer if no args
20167 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
20170 added a caveat to FQDN section
20173 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
20176 more $srcdir support for install targets
20179 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
20180 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
20181 don't include malloc.h if we include stdlib.h
20185 local search.h now lives in emul
20188 * check.c, utime.c:
20189 local utime.h now lives in emul dir
20193 local search.h now lives in emul
20197 added support for building in other than the sourcedir
20200 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
20203 annotated CSOPS_INSULTS option
20207 updated shadow passwords blurb
20211 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
20212 passes along foo as the arguments
20215 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
20218 collapsed pathname and dir sections into one -- its now less
20223 fixed spacing quoting [,:\\=] now works correctly append() and
20224 fill() now take args to make the above work
20228 fixed a typo that caused commands with no tty on fd 0 but a tty on
20229 fd 1 to erroneously have "none" as their tty
20232 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
20235 timestampfile is now a global static removed decl of timestampfile
20236 in remove_timestamp since we can just use the global one
20240 created touch() to update timestamps added USE_TTY_TICKETS support
20245 added _S_IFDIR and S_ISDIR
20248 * OPTIONS, options.h:
20249 added USE_TTY_TICKETS
20253 removed const from casts for lsearch() & lfind() to placate irix 4.x
20257 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
20260 now only strip '/dev/' off of a tty if it starts with '/dev/'
20268 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
20273 fixed incorrect #ifdef termio uses "unsigned short" not int for
20277 * parse.lex, parse.yacc:
20278 fixed a spelling error
20285 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
20292 added dotcat() to cat 2 strings w/ a dot effeciently now that we
20293 dynamically allocate strings they need to be free()'d
20297 dynamically allocates space for strings
20301 no more MAXCOMMANDLENGTH
20308 * logging.c, sudo.c:
20309 moved tty stuff into sudo.c
20312 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
20315 fixed a logic bug. Was denying a command if user gave command line
20316 args but there were none in the sudoers file which is wrong.
20320 MAXCOMMMANDLEN dropped down to 1K
20324 return foo; -> return(foo);
20328 fixed netgr_matches() prototype
20332 added support for escaping "termination" characters
20336 buf is now of size MAXPATHLEN+1 since it never holds command args
20344 fixed negation problem (doh!)
20348 fixed 2nd parameter to lfind()
20352 now do bounds checking in fill() and append()
20356 include netdb.h as we should added a missing void cast added
20357 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
20358 realloc actually moved the string instead of shrinking it
20362 updated with examples of new features
20366 now set errno to EACCES if not a regular file or not executable
20370 if given a fully-qualified or relative path we now check it with
20371 sudo_goodpath() and error out with the appropriate error message if
20372 the file does not exist or is not executable
20375 * emul/search.h, lsearch.c:
20376 now use correct args for lfind
20384 added in CSOps insults
20396 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
20400 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
20404 fixed -k load_interfaces() now gets called if FQDN is set
20405 -p now works with -s
20409 don't try to stat() "pseudo commands" like "validate"
20413 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
20417 added SecurID support added other insults to --with-csops
20425 added clobber target added ins_csops.h now gets CFLAGS from
20430 relaxed SUDO_FULL_VOID
20434 function comment blocks are now in same style as rest of code
20438 added support for command line args in /etc/sudoers
20442 updated to have command args in the sudoers file
20446 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
20449 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20452 PATH renamed to COMMAND
20456 it is now a parse error for directories to have args attached to
20461 now say command args if telling user to buzz off
20465 -s no longer indicates end of args sped up loading on cmnd_args in
20470 removed an unreachable statement
20474 made more efficient by pulling out the terminators when in GOTCMND
20475 state and making them their own rule
20478 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
20481 removed MAXLOGLEN since it is no longer used
20485 now allows command args
20489 now groks command arguments
20493 now sets tty correctly when piped input
20497 fixed loading of cmnd_args (was including command name too)
20501 fixed a core dump due to incorrect if construct
20504 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
20507 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
20511 fixed check for ISC
20515 now sets cmnd_args used by log_error() and that will be used by the
20516 parse to check against command args
20524 now dynamically allocate logline since we can guess at its size
20527 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20530 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
20531 "register" since the compiler knows more than I do now do a
20532 "basename" of the tty
20535 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20542 added shell extern changed MODE_* to be bit masks to allow for
20543 several options together
20547 added -s (shell) option made MODE_* masks so we can do bitwise & and
20548 | to see if multiple flags are set.
20552 added securid support
20555 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
20558 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
20561 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
20563 * Makefile.in, version.h:
20567 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
20570 fixed free() of an uninitialized pointer (yuck)
20574 added netgr_matches
20578 cleaned up netgr_matches
20581 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
20587 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
20590 now installs sudoers.man -- really should clean this up though.
20594 added sudoers.cat and sudoers.man
20598 pulled out stuff on the sudoers file format into a separate man page
20606 fixed up my email address
20610 added checks for innetgr and getdomainname
20614 added dummy netgr_matches function
20618 added netgr_matches
20621 * parse.lex, parse.yacc:
20622 added NETGROUP support
20626 added HAVE_INNETGR & HAVE_GETDOMAINNAME
20629 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
20632 rewrote clean_env() that has rm_env() builtin
20635 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
20638 now cast uid to long in sprintf
20642 added _INSULTS suffix to HAL & GOONS end
20646 added _INSULTS suffix to HAL & GOONS
20649 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
20650 converted to new scheme of insult "unions" end
20654 now uses MAX_UID_T_LEN
20658 added SUDO_UID_T_LEN !l
20662 added MAX_UID_T_LEN
20666 now use MAX_UID_T_LEN
20670 added check for max len of uid_t fixed sco vs. isc check
20673 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
20684 hack to check for sco
20688 removed #include <net/route.h> since it was hosing some OS's
20691 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
20694 fixed prreadlink() prototype
20698 added parens in #if's
20706 moved SPW_* to config.h.in
20710 added a set of parens
20718 added SPW_* reordered error codes
20722 moved SPW_* to sudo.h
20725 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
20728 SPW_AUTH -> SPW_SECUREWARE
20732 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
20740 SPW_AUTH -> SPW_SECUREWARE
20744 now uses SHADOW_TYPE to make shadow pw support more readable and
20745 modular. It's a start...
20749 added autodetection of shadow passwords
20753 now uses SHADOW_TYPE define
20757 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
20761 added SUDO_CHECK_SHADOW
20764 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
20767 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
20768 memmove() since we dno longer use it...
20776 added BROKEN_SYSLOG support
20780 added BROKEN_SYSLOG
20784 now only bitch it timestamp > time_now + 2 * timeout to allow for a
20785 machine udpating its time from a server
20789 added 2 security notes updated Nieusma's email addr
20793 changed a memmove() to memcpy() since we don't have to worry about
20794 overlapping segments.
20797 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20800 cleanup up the loop when interfaces are groped in so that it is
20804 * Makefile.in, version.h:
20808 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
20814 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
20817 fixed permissions check on /tmp/.odus
20820 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
20823 fixed some comments
20827 now checks owner & mode of timedir also checks for bogus dates on
20832 updated TIMEOUT info
20835 * logging.c, sudo.h:
20836 added BAD_STAMPDIR and BAD_STAMPFILE
20840 added definition of S_IRWXU
20847 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
20850 added #ifdef to make it compile on strange arches
20853 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
20856 fixed check for fulkl void impl.
20860 added mssing "static"
20864 replaced #elif with #else #if constructs for ancient C compilers
20868 updated irix c2 & kerb5 info
20872 added shadow pw support for irix
20875 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
20882 last changes for sudo 1.3.3
20886 now calls SUDO_SOCK_SA_LEN
20894 added SUDO_SOCK_SA_LEN
20898 now works with ip implementations that use sa_len in sockaddr
20902 added note about buggy AIX compiler
20906 now include sys/time.h for AIX
20909 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
20916 now works for ISC and others. yay.
20919 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
20921 * Makefile.in, version.h:
20925 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
20928 fixed test for full void impl
20932 now check to see that st_dev is non-zero before assuming that we are
20936 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
20938 * aclocal.m4, configure.in:
20939 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
20942 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
20945 fixed include file order for SUDO_FUNC_UTIME_POSIX
20949 added cast for ttyname()
20957 now deal correctly with all known variation of utime() -- yippe
20961 added SUDO_FUNC_UTIME_POSIX
20965 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
20969 added HAVE_UTIME_POSIX
20977 no longer assume !HAVE_UTIME_NULL means old BSD utime()
20981 fixed fascist C compiler warning
20985 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
20986 to 0 (just to be anal)
20989 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
20992 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
21000 reworked the ISC code
21003 * Makefile.in, version.h:
21008 now expect old-style utime(3) if utime() can't take NULL as an arg
21012 added check for utime.h
21020 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
21024 now search for kerb libs and includes
21028 added support for utime(2)'s that can't take a NULL parameter
21032 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
21036 added utime(s) stuff
21044 added HAVE_UTIME and HAVE_UTIME_NULL
21047 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
21050 now use HAVE_UTIME_NULL
21053 * emul/utime.h, utime.c:
21058 need to setuid(0) to make kerb4 stuff work.
21062 no more special case for kerberos
21066 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
21071 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
21076 now use private ticket file for kerberos support to avoid trouncing
21080 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
21083 added SPOOF_ATTEMPT & cmnd_st
21087 added anti-spoofing support
21091 now use global cmnd_st
21095 added SPOOF_ATTEMPT suypport
21098 * testsudoers.c, visudo.c:
21099 added void casts where appropriate
21103 fixed up spacing and added void casts where appropriate
21107 fixed problem with "-p prompt" but no args
21110 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
21113 added BUGS and annotated -l description
21117 validate() now takes a flag
21121 validate() now takes a flag added -l
21125 added support for -l
21129 validate() now takes a flag that says whether or not to check the
21133 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
21136 now deals with Argv == 1
21144 added prompt support reworked parse_args()
21156 now use BUFSIZ as length of kerb password added kpass so pass is
21157 always a char * now use prompt global when asking for a password
21161 now use BUFSIZ as _PASSWD_LEN if using kerberos
21168 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
21171 only look for -lufc or -lcrypt if crypt() not in libc
21175 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
21176 (unknown user) silently fail
21184 HAVE_KERBEROS -> HAVE_KERB4
21188 removed debugging printf
21192 KERBEROS -> KERB4 added checks for setreuid & setresuid
21196 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
21200 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
21201 with setresuid if applic
21205 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
21206 no setreuid() or a broken one
21209 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
21212 added kerberos support
21216 added HAVE_KERBEROS
21220 added KERBEROS support (long passwords)
21224 added kerberos support
21227 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
21230 added MODE_BACKGROUND
21234 escaped dashes added -b option
21242 added crypt() for osf/1 3.x enhanced secuiry
21246 now check for -lcrypt
21250 added ENXIO like EADDRNOTAVAIL
21253 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
21256 now emulate getwd(), not getcwd()
21260 getcwd() -> getwd()
21267 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
21269 * ins_2001.h, ins_classic.h, ins_goons.h:
21274 broke out insults into separate include files
21277 * OPTIONS, options.h:
21282 added ins_2001.h ins_classic.h ins_goons.h
21285 * Makefile.in, version.h:
21290 moved signal handler setup to setup_signals()
21294 added load_interfaces()
21298 moved load_interfaces to interfaces.c
21305 * OPTIONS, options.h:
21310 now uses clearaliases variable
21318 added interfaces.[co]
21322 now uses ip addrs and netmasks via load_interfaces()
21326 now remove IFS instead of setting to "sane" value
21329 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
21335 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
21338 sudo_goodpath.c-> goodpath.c
21342 added Andy's new ISC changes
21345 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
21348 added a sentence to SECURE_PATH info
21363 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
21369 * Makefile.in, version.h:
21374 sendmail is now looked for in
\17/usr/ucblib
21390 added unixware case
21394 user_is_exempt is no longer hidden
21402 isc and riscos changes
21406 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
21410 fixed a typo and added testsudoers stuff
21417 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
21420 applied fixed patch from Chris
21423 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
21430 added a set of braces for bison
21434 merged in Chris' changes to dekludge the parser.
21438 send_mail() was calling find_path() which is wrong since find_path()
21439 stores cmnd in a static var. Anyhow, it doesn't make much sense
21440 since MAILER should always be fully qualified
21443 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
21446 added User_Alias stuff
21450 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
21454 added DEC UNIX 3.0 w/ gcc
21458 Exit was being used in places where exit should be used
21462 added "User alias specification"
21466 fixed probs caused by making nslots and naliases a size_t
21470 added KSR, upped rev to 1.3.1b2
21473 * logging.c, parse.yacc:
21478 void * -> VOID * naliases and nslots are now size_t to appease
21479 lsearch on 64-bit machines
21482 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
21485 did a bunch of things and added a bunch :-)
21493 closer to BSD manpage style
21497 closer to standard BSD man format
21500 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
21501 pathnames.h.in, sudo.h, version.h:
21506 removed crufty #defines that are no longer used
21514 updated based on sudo changes
21518 now allow ALL keyword in User_Aliases now allow ALL keyword as well
21527 now sets SUDO_COMMAND and SUDO_GID envariables.
21531 fixed bug with full void impl check
21535 fixed User_Alias supoprt
21539 added stubs for User_Alias support
21543 now sets removes # bogus interfaces from num_interfaces
21547 added User_Alias support
21550 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
21553 removed extraneous TODO
21556 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
21559 ntwk_matches -> addr_matches
21563 ntwk_matches -> addr_matches
21567 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
21568 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
21573 took out debugging info
21577 OS was being set to unknown before non-uname based host checks.
21578 This caused no checks to happen since $OS was not zero-length.
21582 fixed loading of interfaces struct still has debugging info in
21590 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
21601 removed extraneous extern decl of "top
21609 removed parser_cleanup (no need for it now)
21613 now calls reset_aliases() directly
21616 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
21619 added a sentence to SECURE_PATH description
21623 fixed my stupid bug where I used NAMLEN on something I wanted to
21624 just get the name from. argh.
21627 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
21630 fixed argument order of memmove() that i hosed when converting from
21635 finally fixed DISTFILES line
21643 added missing files to DISTFILES
21647 SUPPORTED -> RUNSON
21650 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
21657 updated for pl5b1 release
21665 fixed bug where if you hit return at first sudo prompt it would
21666 still log as a failure
21674 better test for bogus void * implementation
21678 added PASSWORDS_NOT_CORRECT
21682 added PASSWORDS_NOT_CORRECT stuff]
21686 added PASSWORDS_NOT_CORRECT
21694 removed some unused vars and fixed up uid2str
21701 * getcwd.c, getwd.c:
21705 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
21708 fixed a typo I introduced in the last checkin :-(
21712 can't have #ifdef's where N is defined so just do this the broken
21717 better hack from Chris (but still a hack)
21721 stupid hack for broken aix lex
21725 now includes compat.h
\ 6
21729 now includes fcntl.h
21733 added FD_SET and FD_ZERO for 4.2BSD
21737 dirty hack to fix parser bug. i don't really like this but it works
21742 uid2str is now static like the prototype says
21745 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
21747 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
21756 check_sudoers now returns an error code and sudo calls inform_user
21757 and log_error based on the return value.
21760 * logging.c, sudo.h:
21761 added entries for new errors
21765 now set uid to that of SUDOERS_OWNER while parsing sudoers file
21769 took out testsudoers
\ 6
21773 now explicately checks that it is setuid root
21777 If a user has no passwd entry sudo would segv (writing to a garbage
21778 pointer). Now allocate space before writing :-)
21782 reordered AC_CHECK_FUNCS
21789 * tgetpass.c, visudo.c:
21794 bzero -> memset when a parse error is logged the line number of the
21795 error is now logged too
21799 added Sunos to blurb about c2 security
21803 added a SUN4 define for C2 security
21807 bcopy -> memmove bzero -> memset
21811 bcopy -> memmove char * -> VOID *
21815 added support for sunos with C2 security
21818 * OPTIONS, options.h:
21823 _PATH_SUDO_LOGFILE now set based on configure
21827 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
21831 added _SUDO_PATH_LOGFILE
21835 added SUDO_LOGFILE to find where to put sudo.log added
21836 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
21837 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
21840 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21847 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
21848 to work around a problem is trusted hpux shadow passwords. yuck.
21852 backed out a change in malloc/realloc
21856 now include stdlib.h
21860 now do an freopen() of the stmp file so that yyin will always point
21861 to the same thing. This is important for flex since we are doing a
21866 replaced yywrap() with parser_cleanup() since yywrap() needs to be
21867 in parse.lex to be able to use YY_NEW_FILE. sigh.
21871 now have a rule that matches anything that doesn't match an
21872 explicite rule. well, you know what i mean (. matches anything not
21873 yet matched). However, this means that there is input still queued
21874 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
21875 into parse.lex and it calls parser_cleanup() which is most of the
21883 * getcwd.c, getwd.c:
21884 moved compat.h to be the last include file
21888 fixed type of aliascmp() args
21896 added casts to lfind and lsearch args for irix
21900 bsdinstall -> install-sh
21904 added info about make realclean
21908 updated VERSION added dependencies for visudo.cat
21920 now there is a real visudo.man and visudo.cat
21924 took out visudo stuff
21931 * parse.c, parse.lex, parse.yacc:
21940 updated Nieusma & Hieb email addresses
21944 updated to include options.h and OPTIONS
21952 eliminated bug #1 (yay)
21956 sunos no longer gets linked statically
21959 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
21962 prototype now uses __P()
21966 make fill() non-ansi
21970 made -v (validate) work
21978 don't check for execute/statable if fq or relative path given
21986 now include ctype.h for islower and tolower macros
21990 moved _S_IFMT & _S_ISREG to compat.h
21994 moved a set of parens
21998 now include compat.h
22006 now cast malloc & realloc return vals added search for HAVE_LSEARCH
22007 now use strcmp if no strcasecmp available
22015 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
22016 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
22020 added _S_IFMT, _S_IFREG, and S_ISREG
22024 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
22025 to most SUDO_* macros
22033 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
22034 AC_INSTALL_PROG instead of custom one added check for fully woorking
22035 void implementation
22039 added lsearch & search.h visudo links into $(LIBOBJS)
22043 partial 1.x to 2.x changes added SUDO_FULL_VOID
22047 whatnow_help was prototyped to be static be was not declared as
22052 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
22053 for dirent/dir/ndir.h
22057 now use groovy gnu autoconf macro AC_HEADER_DIRENT
22060 * getcwd.c, getwd.c:
22061 MAXPATHLEN -> MAXPATHLEN+1
22064 * emul/search.h, lsearch.c:
22068 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
22071 eliminated bison warnings
22079 now iincludes signal.h
22083 only clear data structures on a parse error
22087 whatnow() now gives help on invalid input
22091 added a whatnow() function (sort of like mh)
22095 kill_aliases -> reset_aliases yywrap() now cleans up by calling
22096 reset_aliases() and clearing top took reset stuff out of yyerror()
22097 since it doesn't beling there (and doesn't work anyway). errorlineno
22098 is now initially set to -1 so we can set it to the first error that
22099 occurrs (it was getting set to the last)
22107 rewrote from scratch based on 4.3BSD vipw.c
22110 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
22117 no more sudo_realpath() and find_path() changed params
22121 find_path() changed since no more realpath()
22125 on error, errorlineno is set to the line where the error occurred
22126 added kill_aliases() to free the aliases struct now clean up in
22127 yyerror() so we can reparse cleanly
22130 * options.h, parse.c:
22131 no more USE_REALPATH
22135 changed to use new find_path()
22139 removed all the realpath() stuff
22143 sudo_realpath.c -> sudo_goodpath.c
22147 now works correctly with utk parser
22155 eliminated a compiler warning
22159 elinated compiler warning
22163 added sudo_goodpath()
22167 added prototype for sudo_goodpath
22171 added support for /sys/dir.h
22175 USE_REALPATH turned off
22179 added calls to sudo_goodpath()
22183 added check for dirent.h
22187 added HAVE_DIRENT_H
22191 added in linux shadow pass stuff
\ 6
22194 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
22197 added back host, user, cmnd, parse_error
22201 added in utk changes plus some minor cosmetic changes
22204 * sudo.c, sudo_realpath.c:
22205 added void casts for printf's
22209 added a define of USE_REALPATH
22213 there is no more visudoers/Makefile
22217 added in utk changes (visudo is now built from the toplevel)
22221 added (void) casts to printf's
22224 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
22225 merged in utk changes
22228 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
22231 now check to see that what we are trying to run is a file (or a link
22232 to a file, we do a stat(2) so there is no diff)
22235 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
22242 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
22246 added myself as maintainer
22249 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22252 changed setegid -> setgid
22255 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22258 fixed the test for irix 5.x to skip bad libs
22262 now initialize OS and OSREV
22265 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
22272 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
22276 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
22279 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
22280 thing wrt yyrestart (grrrr)
22283 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22286 added visudoers/compat.h to DISTFILES
22294 added ocmnd declaration adjusted for find_path()'s new parameters
22298 added ocmnd extern adjusted find_path() prototype
22302 cmndcmp() now takes 3 arguments and checks against the qualified as
22303 well as the unqualified pathname. more code that should use
22304 cmndcmp() but did not, now does
22312 changed to use new find_path() parameter passing
22316 find_path() now takes 2 copyout parameters (one for the qualified
22317 pathname and one for the unqualified pathname). The third parameter
22322 no longer munge pathnames.h
22326 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
22327 as a result, pathnames.h does not need to be run through configure
22328 and the user can override the configured values easily.
22332 added _SUDO_PATH_* entries
22336 _PATH* -> _SUDO_PATH_*
22340 updated DISTFILES and HDRS .o's now depend on config.h
22343 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
22346 removed extraneous #endif
22354 added SUDO_PROG_MV added riscos and isc os types took out
22355 -DSHORT_MESSAGE from --with-csops since it is now the default
22359 move the include of id.h to compat.h now includes options.h
22363 moved compatibility #defines to compat.h
22371 move __P to compat.h
22374 * getcwd.c, getwd.c, putenv.c:
22375 now includes compat.h
22382 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
22385 pull user-configurable stuff out and put in options.h
22388 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
22390 * parse.lex, parse.yacc, visudo.c:
22391 now includes options.h
22394 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
22396 now includes options.h
22400 added visudoers/options.h
22403 * OPTIONS, options.h:
22408 added OPTIONS and options.h
22412 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
22416 changed PASSWORD_TIMEOUT to minutes
22419 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
22422 now only do Editor +line_num if line_num != 0
22425 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
22428 now use mv if rename(2) fails
22439 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
22442 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
22445 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
22448 added mips & isc support
22452 added support for non-root owned sudoers file
22456 added exempt group support
22460 added set_perms() support added SUDOERS_OWNER so can have non-root
22461 own sudoers file added exempt group support added isc support
22465 now copy sudoers to temp file via read/write (not stdio) now chown
22466 new sudoers file to SUDOERS_OWNER
22469 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
22480 fixed typo added set_perms support added skey support added
22481 seteuid()/setegid() emulation for AIX
22485 be_* -> setperms() now check to make sure sudoers file is owned by
22486 root nread/write by only root
22489 * logging.c, parse.c:
22494 be_* -> set_perms() added skey support
22497 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
22507 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
22517 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
22523 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
22538 now bail if ARgv[1] > MAXPATHLEN
22542 added function check for tcgetattr(3)
22546 only define HAVE_TERMIOS_H if you have tcgetattr(3)
22550 added check for tcgetattr
22553 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
22559 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
22562 now only include unistd.h for linux
22565 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
22568 added visudo.8 generation
22572 added -Wl,-bI:./aixcrypt.exp to aix flags
22575 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
22586 added mailing list info
22590 now use sudolineno instead of yylineno fixed bison warnings
22594 now use -no_library_replacement for osf don't make a static binary
22599 added string.h/strings.h inclusion
22607 added inclusion of string.h/strings.h
22611 fixed uname | sed (needed to quote the '[')
22615 replaced yylineno with sudolineno fixed bison syntax errors
22619 changed yylineno to sudolineno since yylineno cannot be counted
22628 added code to support command listings
22632 added code for -l flag
22636 fixed typo added info for -l flag
22640 AC_SSIZE_T -> SUDO_SSIZE_T
22655 * find_path.c, sudo_realpath.c:
22656 readlink() is now declared as returning ssize~_t
22660 added -laud for OSF c2
22663 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
22665 * Makefile.in, visudo.c:
22666 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
22669 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
22670 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
22673 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
22674 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
22675 sudo_setenv.c, tgetpass.c, version.h:
22676 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
22679 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
22690 added host to alertmail messages
22698 fixed logging problem where mail would not say which user it was
22702 added -laud for gcc if osf & c2
22706 moved set_auth_parameters to sudo.c
22710 added set_auth_parameters for osf
22714 cleaned up -static stuff
22726 changed setenv() to sudo_setenv()
22742 added osf auth support & removed some extra spaces
22745 * INSTALL, SUPPORTED:
22749 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22752 added 2 suggestions
22756 removed README.v1.3.1 and added VERSION stuff
22763 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
22774 mention HISTPRY file
22778 use sizeof instead of a constant in 1 place
22797 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
22801 [7dfbb4a810bb] [SUDO_1_3_1]
22808 added unistd.h include
22811 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
22814 added sys/time.h for AIX
22817 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
22820 added check for -lsocket and sys/sockio.h
22824 took out libshadow check and added in sys/sockio.h check
22828 now include sockio.h instead of ioctl.h if it exists "sudo -" now
22829 gets a better error message
22833 now has a dir and subnet entry
22836 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
22847 added network and ip addresses to man page
22851 no error if can't get interfaces or netmask since networking may not
22856 nwo check for interfaces == NULL
22860 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
22861 the last entry in the spec failed (ie: it was only looking at the
22862 last entry). CLeaned things up by adding the cmndcmp() function--all
22870 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22873 now do two passes to skip bogus interfaces (lo0, etc)
22876 * parse.lex, parse.yacc, visudo.c:
22877 added include of netinet/in.h
22880 * logging.c, sudo_realpath.c, sudo_setenv.c:
22881 added ninclude of netinet/in.h
22884 * check.c, find_path.c, getcwd.c, getwd.c:
22885 added include of netinet/in.h
22893 added interfaces global
22897 now uses new interfaces global
22901 now ip addresses are gleaned fw/o dns
22904 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
22907 added load_ip_addrs() to load the ip_addrs global var
22911 added hostcmp() to compare hostnames, ip addrs, and network addrs
22915 added ip_addrs def added load_ip_addrs prototype
22918 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
22925 removed multiple entries in DISTFILES
22929 ansified the !STDC_HEADERS decls
22932 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
22933 don't do malloc decl if gnuc
22937 can't use getopt(3) since it munges args to the command to be run as
22938 root don't do malloc decl if gnuc
22941 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
22942 sudo_realpath.c, sudo_setenv.c:
22943 ansi-fied !STDC_HEADER function prottypes
22946 * getcwd.c, getwd.c:
22947 added missing paren
22951 added putenv.c to DISTFILES
22955 added params to func decls when STDC_HEADERS is not defined now can
22956 count on putenv() being there
22960 took out errno decl since sudo.h does it for us fixed up a next cc
22961 warning added params to func decls when STDC_HEADERS is not defined
22965 took out environ extern added local declaratio of putenv() if local
22969 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
22970 added params to func decls when STDC_HEADERS is not defined
22974 added memcpy check check to see that ansi vs bsd macros are ntot
22975 already defiend before defining (ie: avoid redefinition)
22979 removed fluff setenv check plus check w/ replace for putenv if also
22987 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22994 rm'd s realp[ath added sudo_realpath and sudo_setenv
22998 now use sudo_setenvc
23002 added puteenv and setenv, removed realpath
23006 added putenv & setenv
23017 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
23020 added MAN_POSTINSTALL and /usr/share/catman for irix
23024 added MAN_POSTINSTALL
23032 added SUDO_* plus new options
23040 took out shadow lib
23048 now use yyrestart() if flex now reset yylineno to 0
23052 support for installing a cat page instead of a man page if no nroff
23056 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
23057 to determine whether or not to install a cat or man page
23065 not set ret to MODE_RUN initially
23069 made command (and therefor cmnd dynamically allocated)
23081 changed bufs from MAXPATHLEN to MAXPATHLEN+1
23085 added MODE_ removed validate_only and added remove_timestamp()
23089 usage() now takes an int (exit value) added parse_args() to parse
23090 command line arguments moved call to find_path() from load_globals
23091 to new function load_cmnd() removed validate_only global -- now use
23092 the concept of "modes" added -h and -k options
23096 no longer use global validate_only now checks for command called
23097 "validate" removed check for non-fully qualified commands since that
23098 is done by find_path
23102 changed MAXPATHLEN r to MAXPATHLEN+1
23106 fixed off by one error with MAXPATHLEN and fixed a comment
23110 check_timestamp no longer runs reminder(), it is implied in the
23111 return val added remove_timestamp()
23118 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
23132 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
23135 moved send_mail to after syslog
23139 now set SUDO_ envariables
23142 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23149 now print error if chdir fails
23156 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
23163 no more static binaries for aix
23166 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
23173 took out stuff not needed for sudo now does be_root/be_user itself
23174 now uses cwd global
23181 * logging.c, sudo.c:
23182 be_root/be_user is now down in sudo_realpath()
23185 * logging.c, sudo.h:
23186 now works with 4.2BSD syslog (blech)
23190 now use sudo_realpath()
23194 took out realpth() stuff since we now use sudo_realpath()
23198 ultrix enhanced sec
23202 added ultrix enhanced sec.
23210 ultrix enhanced security suport
23214 added sudo_realpath.c
23222 increased passwd len to 24 for c2 security
23229 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
23232 now use user global var
23239 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
23246 user is now a char * added epasswd
23250 added tzset() to load_globals added epasswd (encrypted password)
23251 global made user dynamically allocated
23263 cleaned up encrypted passwd grab somewhat
23279 can now log to both syslog & a file
23303 removed AFS stuff :-)
23307 include sys/select for AIX
23318 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23320 * CHANGES, SUPPORTED:
23325 can now have MAILER undefined
23329 new sub-note about MAILER
23333 added blurb about password timeout
23341 took out duplicate define of _CONVEX_SOURCE
23353 added a goto if fgets fails
23357 use __hpux not hpux convex c2 stuff
23361 use __hpux not hpux
23369 define ansi-ish cpp os defines if non-ansi are defined for hpux &
23374 updated to say we support sonvex C2
23378 added convex c2 support
23381 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
23384 no more ioctl never returns NULL uses fgets() and select() to
23388 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
23391 things were testing -n "$GCC" instead of -z "$GCC"
23395 now works + uses fgets()
23398 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
23401 select doesn't seem to recognize a single '\n' as input waiting so
23402 we can;t use it, sigh.
23405 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
23408 updated tgetpass() blurb
23412 added --with-getpass
23416 added tgetpass stuff
23427 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
23434 added USE_GETPASS && HAVE_C2_SECURITY
23438 fixed a test aded --with-C2 and --with-tgetpass
23446 took out tgetpass.*
23453 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
23456 no termio(s) for ultrix since it is broken
23460 added a space (yeah, anal)
23463 * realpath.c, sudo_realpath.c:
23464 fixed it (duh, rtfm)
23467 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
23470 took out bsd signal stuff for irix
23478 don't define BSD signals for irix
23489 * realpath.c, sudo_realpath.c:
23490 took out unneeded code by changing where a strings was terminated
23493 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
23495 * realpath.c, sudo_realpath.c:
23496 fix bug where /dirname would return NULL
23500 move __P to config.h
23503 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
23504 added errno definition
23519 * realpath.c, sudo_realpath.c:
23520 now works if no fchdir
23524 define SA_RESETHAND to null if not defined
23528 added check & replace
23532 took out -static for nextstep -- it doesn't work
23535 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
23538 moved #endif to where it belongs
23546 now checks for strdup realpath getcwd bzero
23554 added posic signals
23562 added posix signals
23566 removed BROKEN_GETPASS added new srcs toreplace missing functions
23570 added posix signal stuff
23582 now uses posix signals
23586 updated sto reflect major changes
23594 uses sysconf() if available
23598 added PASSWORD_TIMEOUT + prototypes for new functions
23601 * realpath.c, sudo_realpath.c:
23602 for those w/o this in libc
23605 * getcwd.c, getwd.c:
23610 rewrote to use realpath(3) - nis now all my code
23614 added HAVE_REALPATH
23622 added LIBOBJS use tgetpass.c
23625 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
23639 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
23650 added check for getwd
23654 replace strdup & realpath & getcwd if missing
23662 added SUDO_PROG_PWD
23669 * realpath.c, sudo_realpath.c:
23673 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
23676 quoted quare brackets
23679 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
23682 no need to strdup() a constant
23697 * parse.c, sudo.c, sudo.h:
23698 added validate_only stuff
23701 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
23708 $OSREV is now an int
23711 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
23714 added mtxinu to caser
23722 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
23726 changed mail_argv[] def now use EXEC() macro
23730 took out crypt() definition
23738 always look for -lnsl
23746 SHORT_MESSAGE is now the default
23754 added missing AC_DEFINE(SVR4) for solaris
23758 documented the -v flag
23770 added LIBSHADOW undef
23774 nwo set OS to be lowercase
23777 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
23780 now use SUDO_OSTYPE to set $OS
23784 now use uname to determine os
23788 added prototypes & moved sig handler around
23795 * check.c, logging.c, sudo.c:
23804 nwo use _BSD_SIGNALS not _BSD_COMPAT
23815 * parse.lex, parse.yacc:
23816 moved config.h to top of includes
23819 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
23822 now don't bitch if get EACCESS (treat like EPERM)
23826 added -v flag and usage()
23834 cast Argv to a const for exec added -v flag
23838 mail_argv is now a const
23842 only set RETSIGTYPE if it is not set already
23846 now defines & STDC_HEADERS for Irix
23853 * insults.h, sudo.h:
23854 prevent multiple inclusion
23861 * parse.lex, parse.yacc:
23862 now includes config.h
23866 now talks about sunos 4.x
23870 calls to Exit now pass an arg
23873 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
23876 signal handler now takes an int argument
23884 ok, the getcwd() is now *really* done as the user
23888 changed AIX STATIC_FLAGS
23892 solaris now defines SVR4
23896 added cwd and fixed stupid core dump that makes no sense. sigh.
23900 moved getcwd stuff into load_globals
23904 took out externs that are in suod.h
23908 moved cwd into load_globals
23916 fixed make distclean & realclean
23924 added solaris changes
23928 added solaris changes, need to rework
23932 cleaned up for solaris
23936 reinstall reapchild signal handler for non-bsd signals
23940 took out getdtablesize() emulation for HP-UX (no longer needed)
23944 support for HAVE_SYSCONF
23948 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
23956 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
23959 now tells you what os you are running /.
23966 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
23981 uid seinitialized to -2
23984 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
23987 now removes LIBPATH for AIX
23990 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
23993 now uses ufc if it finds it
23996 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
23999 no longer define yyval & yylval since yacc does it
24003 now defines yylval as extenr
24007 BROKEN_GETPASS is now an OPTION
24011 took out BROKEN_GETPASS
24015 took out big comment
24023 took out README.beta
24031 now reference SUPPORTED .,
24035 now check for convex OR __convex__
24039 now check for convex or __convex__
24051 now use _S_* stat stuff to be ansi-like
24055 updated for configure directions
24059 distclean now removes config.h and pathnames.h
24078 * config.h.in, pathnames.h.in:
24079 added copyright header
24082 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
24083 parse.yacc, sudo.c, sudo.h:
24088 udpated to use configure + pathnames.h
24095 * Makefile.in, config.h.in, configure.in:
24100 now works with configure
24103 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
24104 updated to work with configure + pathnames.h
24111 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
24114 updated gnu general licence to versio 2
24117 * config.h.in, pathnames.h.in:
24122 changed to work with configure
24125 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
24127 * Makefile.in, aclocal.m4, configure.in:
24132 now uses defines used by configure
24135 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
24138 sudo won't bitch about EPERM now, for real
24141 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
24144 renamed exec_argv to eliminate a libc name clash with ksros
24151 * logging.c, sudo.c, sudo.h:
24168 added UMASK and mode_t declaration
24176 now opens log file with mode 077
24180 saved current umask ans restores it
24184 added MAXLOGFILELEN
24188 split long log lines. FOr syslog, split into multiple entries, for
24189 a log file, indent the extra for readability
24192 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
24199 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
24202 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
24205 added input from Brett M Hogden <hogden@rge.com>
24208 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
24211 added rmenv() to remove stuff from environ. can now uses execvp()
24212 OR execve() becuase of this.
24216 now uses execvp() OR execve()
24232 moved some func decls out of sudo.h and into sudo.c as statics /.
24243 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
24249 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
24264 added sample.sudoers note
24271 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
24278 took out SAVED_UID garbage
24279 [b7c2d3469661] [SUDO_1_3_0]
24298 more verbose error if mailer not found
24302 now do getpwent as root for soem shadow password systems (bsdi)
24305 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
24308 took out SAVED_UID garbade
24312 took out SAVED_UID garbage since it don't work
24315 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24322 added a missing space :-)
24326 took out multimax cruft
24338 fixed a typo + indentation
24341 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
24344 took outumoved some defines to the config file ,. ,.
24356 added HAS_SAVED_UID
24363 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24369 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24375 * check.c, logging.c, parse.c, sudo.c, sudo.h:
24376 now is only root when abs necesary
24383 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
24398 now removed _RLD_* for alphas
24402 updated for new config scheme
24406 more verbose eror messages
24409 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
24416 define __svr4__ for SOLARIS
24420 added svr4 junk for shadow pws for solaris 2.x
24424 took out setuid(0) and setreuid(udi) garbage. Its not needed since
24425 we start out setuid with the correct perms.
24428 * check.c, sudo.c, sudo.h:
24432 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
24435 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
24440 now uses ENV_EDITOR if you want to use the EDITOR envar
24444 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
24447 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
24450 rewrote most of this
24454 minor update + spell fix
24458 added all options that are in the Makefile
24462 now use USE_TERMIO #define for sgi & hpux
24469 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
24471 * check.c, find_path.c:
24472 always include strings.h
24480 sgi has vi in /usr/bin too
24487 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
24490 sue /usr/bin/vi on some systems
24494 fixed warning (include strings.h)
24498 added John_Rouillard@dl5000.bc.edu's changes (new features)
24502 changes from John_Rouillard@dl5000.bc.edu
24509 * check.c, find_path.c, parse.c, sudo.c:
24510 added patches from John_Rouillard directory spec
24514 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
24517 added flush for hpux
24520 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
24523 no longer assume malloc returns a char *
24527 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
24528 gets removed correctly
24532 added STD_HEADERS macro
24536 now uses STD_HEADERS macor for ansi
24540 now uses STD_HEADERS macro
24544 niceties for C compiler bitches -- no real change
24547 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
24550 now doesn't fclose a file never opened.
24553 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
24560 added error stuff added me in there...
24568 added blurb about reading stuff
24576 corrected somments and removed newlines
24588 added dec syslog note
24592 added real stuff in there
24603 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
24610 updated with changes
24621 * CHANGES, COPYING, INSTALL, README, TODO:
24626 updated version number and took out jeff's old addr since it is no
24630 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
24632 updated version number and took out jeff's email (since it is
24636 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
24642 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
24645 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
24648 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
24655 now sudo.h gets included first
24658 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
24669 hpux 9 fix, removes SHLIB_PATH linux patch
24676 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
24679 stat now ignores EINVAL
24682 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
24684 * find_path.c, sudo.c:
24685 now declare strdup as extern
24688 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
24691 reformatted with indent + by hand
24694 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
24695 used indent to "fix" coding style
24699 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
24700 move the code that does this into the loop body. makes it messier
24704 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
24707 redid the fix for non-executable files in an easier to read way plus
24708 some minor aethetic changes
24712 fixed bug with non-executable tings of same name in path introduced
24713 by checkig errno after stat(2).
24716 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
24719 fixed off by one error
24723 now handles decending below '/' correctly
24727 now actually builds Envp instead of munging envp
24730 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
24733 now includes sys/param.h
24737 now includes sys/param.h
24741 fixed ifndef -> ifdef
24745 make more like find_path.c
24749 rewritten by millert
24753 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
24754 about new defines in the comment
24762 added delc for clean_envp() and Envp
24766 now rips LD_* env vars out of envp and passed sanitized Envp to exec
24774 ENOTDIR is ok now too (in case part of the path is bogus)
24778 now works correctly (ttaltotal rewrite)
24782 now includes sys/param.h didn't match trailing / -- fix from
24786 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
24789 moved around the #ifndef _AIX
24792 * check.c, logging.c, parse.c:
24796 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
24802 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
24805 now works if you do sudo bin/test
24812 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
24822 * parse.lex, parse.yacc:
24826 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
24833 now spews error if exec fails and exits with -1
24841 now only execs files with (an) executable bit set.
24848 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>