1 2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
4 Added tag SUDO_1_7_4 for changeset 2920a3b9d568
8 Debian: Remove dots from decoded release number AIX: looser matching
9 of file command output for AIX 5.1
10 [2920a3b9d568] [SUDO_1_7_4]
13 Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
16 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
19 exec_monitor is static
23 Update to latest version
26 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
29 Let pp determine pp_aix_version itself.
32 * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
33 Add support for Ubuntu admin flag file and enable it when building
38 Add commented out SuSE-like targetpw settings
41 * configure, configure.in:
42 Only try to use +DAportable for non-GCC on hppa Check the value of
43 $pic_flag insteaf of whether the compiler is ANSI C when detecting
44 the HP-UX bundled C compiler.
47 * configure, configure.in:
48 Prevent configure from adding the -g flag unless in devel mode
51 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
54 Go back to sudo-flavor to match existing packages and only use an
55 underscore for those that need it.
59 Use sudo_$flavor instead of sudo-$flavor since that causes the least
60 amount of trouble for the various package managers.
64 Fix handling of the ldap flavor Remove destdir unless --debug was
65 specified Make distclean before running configure if there is a
69 * configure, configure.in:
70 Back out version change in 5baf2187a138
74 Pass extra args on to configure on HP-UX, if we don't have the HP C
75 compiler, disable zlib to prevent gcc from finding it in
79 * configure, configure.in, mkpkg:
80 Use the HP ANSI C compiler on HP-UX if possible
84 Some getline() implementations (FreeBSD 8.0) do not ignore the
85 length pointer when the line pointer is NULL as they should.
89 Don't need to check for *cp being non-zero, isdigit() will do that.
93 Add setlocale() so the command line arguments that use floating
94 point work in different locales. Since sudo now logs the timing
95 data in the C locale we must Parse the seconds in the timing file
96 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
97 the number of seconds with the user's locale so if the decimal point
98 is not '.' try using the locale-specific version.
102 Do I/O logging in the C locale so the floating point numbers in the
103 timing file are not locale-dependent.
107 Use errorx() not error() for thingsthat don't set errno.
110 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
113 Add Tru64 kit support
117 Better support for 1.2.3 style versions in Tru64 kits
121 Remove apparently unnecessary use of sudo
125 Create timedir as part of install-dirs target.
129 Handle ENXIO from read/write which can occur when reading/writing a
130 pty that has gone away. Fixes bugzilla 422
134 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
138 platform is a pp flag not a variable
141 * Makefile.in, mkpkg, sudo.pp:
142 Add simple arg parsing for mkpkg so we can set debug, flavor or
147 Make rpm backend work on AIX 5.x
150 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
153 Add commented out Defaults entry for log_output
156 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
159 Install binary files with -b~ to make a backup. Fixes "text file
160 busy" error on HP-UX during install.
164 "mv -f" on HP-UX doesn't unlink the destination first so add an
165 explicit rm before moving the temporary into place.
168 * configure, configure.in:
169 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
172 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
175 Add missing include of maillock.h for Solaris
178 * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
179 sample.syslog.conf, sudoers.cat:
180 Change the default syslog facility from local2 to authpriv (or auth
181 if the operating system doesn't support authpriv).
184 * Makefile.in, configure, configure.in, sudo.pp:
185 Install sudoers as /etc/sudoers on RPM and debian systems where the
186 package manager will not replace a user-modified configuration file.
187 This fixes upgrades from the vendor sudo packages.
191 RPM: use %config(noreplace) instead of %config for volatile This
192 results in the new file being installed with a .rpmnew suffix
193 instead of the file being replaced and the old one renamed with a
197 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
199 * boottime.c, mkstemps.c:
200 Include time.h for struct timeval.
204 The return value of strsignal() may be const and should be treated
208 * sudoers.cat, sudoers.man.in, sudoers.pod:
209 Mention that 127.0.0.1 will not match, nor will localhost unless
210 that is the actual host name.
217 * Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
218 Rename WHATSNEW -> NEWS
222 Updated pp with latest patches
225 * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
226 If pam is in use, wait until the process has finished before calling
230 * sudoers.cat, sudoers.man.in:
234 * UPGRADE, sudoers, sudoers.pod:
235 Add commented out line to add HOME to env_keep and add a warning to
236 the note about the HOME change in UPGRADE.
239 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
242 Add LINE_MAX define for those without it.
246 Mention that tty_tickets is now the default.
249 * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
250 sudoers.cat, sudoers.man.in, sudoers.pod:
251 The tty_tickets option is now on by default.
255 Mention that AIX authdb support has been fixed.
259 setauthdb() only sets the "old" registry if it was set by a previous
260 call to setauthdb(). To restore the original value, passing NULL
261 (or an empty string) to setauthdb() is sufficient.
264 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
266 * sudoers.cat, sudoers.man.in, sudoers.pod:
267 Mention new handling of HOME in always_set_home and set_home
271 * sudo.cat, sudo.man.in, sudo.pod:
275 * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
276 Reset HOME when env_reset is enabled unless it is in env_keep
279 * sudoers.cat, sudoers.man.in, sudoers.pod:
280 The default for set_logname has been "true" for some time now.
283 * sudoers.cat, sudoers.man.in, sudoers.pod:
284 Document that MAIL it set in env_reset mode.
288 Add missing include of time.h
291 * defaults.c, sudo.c:
292 Check return value of setdefs() but don't stop setting defaults if
293 we hit an unknown one.
297 Fix check for dup2() return value.
301 Treat an unknown defaults entry as a parse error.
305 Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
306 -i and env_reset mode.
310 Add PYTHONUSERBASE to initial_badenv_table
313 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
314 pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
315 If env_reset is enabled, set the MAIL environment variable based on
316 the target user unless MAIL is explicitly preserved in sudoers.
319 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
322 decode debian code names
329 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
332 Add entry about SuSE bash script fix.
336 Restore RLIMIT_NPROC after the uid switch if it appears that
337 runas_setup() did not do it for us. Fixes a bash script problem on
338 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
341 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
343 * mkpkg, pp, sudo.pp:
344 Restore the dot removal in the os version reported by polypkg. Adapt
345 mkpkg and sudo.pp to the change.
348 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
355 Update for sudo 1.7.4
359 document --with-pam-login
362 * sudoers.cat, sudoers.man.in, sudoers.pod:
363 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
366 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
369 Include flavor in solaris package name
373 Older shells don't support IFS= so set explictly to space, tab,
378 Use '=' not '==' in test
382 Fix typo that prevented debian from matching
386 Add missing prefix setting for debian
390 Use tab indents to reduce the chance of problem with <<- Uncomment
391 some env_keep lines for RHEL, SLES and Debian to more closely match
392 the vendor sudoers files.
396 Fix indentation Fix the debian %set section, pp does not set
397 pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
398 to %files for debian Remove the /etc/sudo-ldap.conf symlink on
399 debian for ldap flavor
403 Add commented out env_keep entries, sample Aliases and a %sudo line
407 * configure, configure.in:
408 Remove check for egrep; configure has its own
412 Use enable_zlib instead of enableval for consistency
415 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
418 Enable zlib for linux distros
422 Add ldap flavor to default build
426 Simplify rpm linux distro settings
429 * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
431 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
434 * Makefile.in, mkpkg, sudo.pp:
435 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
436 environment variable.
440 Create sudo group on debian
444 Add debian 4/5/6 and use the dot when doing version matches
447 * sudoers.cat, sudoers.man.in, sudoers.pod:
448 Remove spurious "and"; from debian
451 * aclocal.m4, configure:
452 Use a loop when searching for mv, sendmail and sh
455 * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
456 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
457 Substitute the value of EDITOR into the sudoers and visudo manuals.
460 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
462 * mkpkg, pp, sudo.pp:
463 Initial debian 4.0 support
467 Some platforms need -fPIE instead of -fpie
471 Add packaging bits to DISTFILES
475 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
476 On Linux it causes a DNS lookup via libaudit.
480 We now use pp to generate HP-UX packages
483 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
489 * INSTALL, Makefile.in:
490 isntall-man -> install-doc
493 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
494 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
495 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
496 Bump version to 1.7.4
499 * INSTALL.binary, Makefile.binary.in, Makefile.in:
500 Remove remaining bits of the old binary package
504 Use http://rc.quest.com/topics/polypkg/ for packaging
507 * Makefile.in, mkpkg, pp:
508 Use http://rc.quest.com/topics/polypkg/ for packaging
512 Just ignore the -c option, it is the default Add support for -d
516 * env.c, logging.c, pathnames.h.in:
517 Use _PATH_STDPATH instead of _PATH_DEFPATH
521 Do not strip binaries.
524 * INSTALL, configure, configure.in:
525 Add --insults=disabled configure option to allow people to build in
526 insult support but have the insults disabled unless explicitly
530 2010-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
532 * env.c, sudoreplay.c:
536 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
538 * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
540 Add support for a sudo-i pam.d file to be used for "sudo -i".
541 Adapted from a RedHat patch.
545 Fix installation of sudo_noexec.so
548 * Makefile.in, config.h.in, configure, configure.in, missing.h,
549 mkstemp.c, mkstemps.c, sudo_edit.c:
550 Use mkstemps() instead of mkstemp() in sudoedit. This allows
551 sudoedit to preserve the file extension (if any) which may be used
552 by the editor (like emacs) to choose the editing mode.
555 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
557 * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
558 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
559 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
560 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
561 should avoid disabling TLS_CHECKPEER is possible.
564 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
567 Add suport for negated user/host/command lists in a Defaults entry.
568 E.g. Defaults:!baduser noexec
571 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
577 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
580 Added tag SUDO_1_7_3 for changeset 72fd1f510a08
583 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
584 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
585 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
587 [72fd1f510a08] [SUDO_1_7_3]
589 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
590 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
591 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
592 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
593 defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
594 fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
595 getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
596 iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
597 pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
598 sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
599 tsgetgrpw.c, visudo.c:
600 Include strings.h even if string.h exists since they may define
601 different things. Fixes warnings on AIX and others.
605 Do not rely on env.env_len when unsetting a variable, just use the
610 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
613 2010-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
615 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
616 Mention that multiple URI lines are merged into a single one.
623 2010-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
625 * env.c, sudo.c, sudo.h:
626 For env_init() just use environ not the envp from main().
629 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
631 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
632 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
633 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
634 Update version to 1.7.3rc1
638 fqdn issue is resolved
642 In unsetenv(), assign ep in the for loop instead of doing it
643 earlier. This version of the code does not change env.envp in
644 between when ep is assigned and when it is used but older versions
649 Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
650 getuserattr() when fetching the administrative domain to be used by
651 setauthdb(). This was suggested by AIX support and is consistent
652 with what OpenSSH does.
656 Use warningx() instead of log_error() since the latter is not
657 available to visudo or testsudoers. This does mean that they don't
662 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
663 closed the sudoers sources. From Quest sudo.
667 Ignore case when matching user/group names in the cache. From Quest
671 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
673 * config.h.in, configure, configure.in, selinux.c:
674 Add check for setkeycreatecon() when --with-selinux is specified.
677 * configure, configure.in:
678 Bump version to 1.7.3b5 Error out if libaudit.h is missing or
679 ununable when --with-linux-audit was specified
683 K&R function declaration for aix_setauthdb()
686 * env.c, sudo.c, sudo.h:
687 If env_init() was called implicitly via getenv(), setenv() or
688 putenv() just use the specified envp instead of mallocing a new
689 copy. This prevents an infinite loop on OpenBSD which calls
690 getenv() from malloc() to get MALLOC_OPTIONS.
694 Add support for multiple URI lines by joining the contents and
695 passing the result to ldap_initialize.
698 2010-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
700 * pwutil.c, set_perms.c, sudo_nss.c:
701 Bracket initgroups with calls to aix_setauthdb() and
706 Include compat.h before alloc.h to get __P
710 Include usersec.h for authenticate() prototype
714 Add missing includes Add missing trailing NUL in userinfo string
717 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
719 * HISTORY, history.pod:
720 Mention when LDAP was incorporated.
723 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
726 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
727 not covered by _ALL_SOURCE.
731 Include usersec.h on AIX to get IDtouser() prototype.
735 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
736 not covered by _ALL_SOURCE.
739 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
742 Add a cast to quiet a compiler warning.
746 Use memset() instead of zero_bytes() since we don't include sudo.h
750 getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
753 * getdate.c, getdate.y:
754 Quiet a compiler warning.
757 * defaults.c, sudo.c:
758 Call set_fqdn() after sudoers has parsed instead of inline as a
763 Do not call set_fqdn() until sudoers parses (where is gets run as a
768 Do not call set_fqdn() until sudoers parses (where is gets run as a
769 callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
770 set even if !fqdn is set in sudoers.
773 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
774 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
775 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
776 Bump version to 1.7.3b4
780 mention the change in tty ticket behavior when there is no tty
788 Remove comment; NAME in usrinfo should be user name.
792 Do not update tty ticket if there is no tty.
795 * sudo.cat, sudo.man.in, sudo.pod:
796 No longer need to use -- with the -s flag
800 Add missing $(srcdir) to sudo.man.in target
804 Do not rely on BSD make's $>
807 * configure, configure.in:
808 Set timedir to /var/db/sudo for darwin to match Apple sudo's
812 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
814 * Makefile.in, configure, configure.in:
815 Move aix.o from SUDO_OBJS to COMMON_OBJS
818 * config.h.in, configure, configure.in, defaults.c, iolog.c,
820 Check for zlib.h in addition to libz.
823 * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
824 Move functions and symbols shared between exec.c and exec_pty.c into
829 Add missing prototypes for aix_setauthdb and aix_restoreauthdb
833 Comment out rules to build .man.in and .cat files unless --with-
837 * aix.c, pwutil.c, set_perms.c, sudo.h:
838 Fix AIX compilation problems.
842 Cast isalnum() arg to unsigned char.
846 Add Linux audit support.
850 Quote any non-alphanumeric characters other than '_' or '-' when
851 passing a command to be run via the shell for the -s and -i options.
855 Add missing braces that broke -i mode.
859 Fix linux_audit_command() return value
862 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
864 * Makefile.in, linux_audit.c, linux_audit.h:
865 Add Linux audit support.
868 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
870 * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
871 logging.h, selinux.c:
872 Add Linux audit support.
875 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
877 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
878 Sync sudoreplay with trunk
885 * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
886 Set usrinfo for AIX Set adminstrative domain for the process when
887 looking up user's password info and when preparing for execve().
891 Better prefix determination now that we can't rely on len==0 to tell
892 the beginning on an entry.
895 * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
897 Add support for multiple sudoers_base entries in ldap.conf. From
901 * configure, configure.in:
902 Remove duplicate setsid check
905 * Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
906 logging.c, missing.h, setsid.c:
907 Move setsid emulation into setsid.c
910 * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
911 Check for dup2() failure.
914 * config.h.in, configure, configure.in:
915 Remove dup2 check, it is not optional.
918 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
921 Add mbr_check_membership support and SELinux fixes
925 Sync SRCS and DISTFILES with reality
929 Update OS specific notes. Delete some really ancient ones and move
930 older ones to the end of the list.
934 Bump for sudo 1.7.3 Merge some changes from trunk
938 Call selinux_restore_tty() as part of cleanup() so it gets called
939 from error()/errorx()
943 No longer use SA_NOCLDSTOP
946 * interfaces.h, match.c:
947 Move union sudo_in_addr_un into interfaces.h
951 Update copyright year
954 * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
955 compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
956 gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
957 match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
958 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
959 sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
960 visudo.man.in, visudo.pod:
961 Update copyright year
965 Remove varsub as part of clean
969 Quiet a compiler warning.
972 * getdate.c, getdate.y:
973 Quiet a compiler warning.
977 Make the remaining functions in ldap.c static
981 Make private functions static. Diff from Joachim Henke
984 * schema.ActiveDirectory:
985 Updates from Alain Roy to provide better examples for importing the
986 schema and to fix problems caused by Windows validating attributes
987 which have not yet been added before committing the changes.
990 2010-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
992 * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
993 Generate .cat files directly from .man.in instead of .man using
994 default values in configure.in
997 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
999 * configure, configure.in, sudo.c, sudo_usage.h.in:
1000 Print configure args with verbose version information.
1004 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
1005 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
1006 Use tq_append to append sudoers entries to the tail queue.
1009 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
1012 Describe tty timestamp improvements
1016 A comment character may not be part of a command line argument
1017 unless it is quoted with a backslash. Fixes parsing of:
1018 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
1021 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
1026 Make this read a little bit better when passwd_timeout is 0.
1030 Use the --file argument to config.status instead of setting
1034 * sudo.man.pl, sudo.pod:
1035 Attempt to handle a default password prompt timeout of zero more
1040 Do not override value of keepopen global, instead restore it to the
1041 value we pushed onto the stack when popping.
1044 * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
1045 Use SA_INTERRUPT in sa_flags
1048 * getdate.c, getdate.y, ldap.c, sudoreplay.c:
1049 Silence some compiler warnings
1052 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
1054 * exec.c, exec_pty.c, sudo.c, sudo.h:
1055 Implement background mode. If I/O logging we use pipes instead of a
1059 * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
1060 Move compat definition of NSIG to compat.h
1064 Ignore SIGPIPE for "sudo -S"
1068 Properly handle TGP_ECHO again. Print a newline if the user
1069 interrupted password input.
1073 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
1076 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
1078 * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
1079 Return an error from selinux_setup() instead of exiting. Call
1080 selinux_setup() from exec_setup().
1084 Add definition of WCOREDUMP for systems without it. This is known
1085 to work on AIX and SunOS 4, but may be incorrect on other systems
1086 that lack WCOREDUMP.
1089 * check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
1090 nanosleep.c, sudo_edit.c, visudo.c:
1091 Replace timerfoo macros with timevalfoo since the timer macros are
1092 known to be busted on some systems.
1096 If a file in a #includedir has improper permissions or owner just
1097 skip it. This prevents packages that incorrectly install a file
1098 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
1099 #includedir files still result in a parse error (for now).
1102 * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
1103 Defer call to pam_close_session() until after the command finishes
1104 if there is a monitor process.
1107 * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
1108 sudoers.man.in, sudoers.pod:
1109 Add use_pty sudoers option to force use of a pty even when not
1113 * env.c, sudo.c, sudo.h:
1114 Instead of trying to keep the global environment in sync with our
1115 private copy, provide our own getenv() that returns values from the
1116 private environment and use env_get() to pass the environment in to
1124 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
1127 Rename pty.c -> get_pty.c
1131 Add #define for maximum session id
1134 * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
1135 selinux.c, sudo.c, sudo.h, sudo_edit.c:
1136 Split exec.c into exec.c and exec_pty.c Pass a flag in to
1137 sudo_execve to indicate whether we need to wait for the command
1138 to finish (fork + execve vs. execve).
1141 * Makefile.in, configure, configure.in, get_pty.c, pty.c:
1142 Rename pty.c -> get_pty.c
1145 * aclocal.m4, configure, configure.in:
1146 Fix --without-iologdir
1149 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
1152 Only use I/O input log file if def_log_input is set and output file
1153 if def_log_output is set.
1156 2010-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
1158 * parse_args.c, sudo.c:
1159 Include sudo_usage.h after sudo.h now that it has function
1160 prototypes to guarantee that __P is defined.
1163 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
1166 Do signal setup after turning off echo, not before. If we are using
1167 a tty but are not the foreground pgrp this will generate SIGTTOU so
1168 we want the default action to be taken (suspend process). Use an
1169 array for signals received instead of a single variable so we don't
1170 lose any when there are multiple different signals.
1173 * defaults.h, lbuf.h, sudo.h:
1174 Reorg function prototypes a bit
1177 * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
1178 Move argument parsing into parse_args.c
1181 * Makefile.in, config.h.in, configure, configure.in, missing.h,
1182 mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
1183 Build our own sys_siglist for systems that lack it.
1186 * exec.c, iolog.c, missing.h, sudo_edit.c:
1190 * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
1191 Log sudoedit sessions as well; adapted from trunk
1198 * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
1199 def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
1200 gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
1201 script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
1202 sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
1203 sudoreplay.pod, term.c:
1204 Merge I/O logging changes from trunk. Disabling I/O log support at
1205 compile time does not currently work. Sudoedit is not yet hooked up
1209 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
1211 * INSTALL, configure, configure.in:
1212 Add --enable-warnings configure option
1215 * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
1216 Fix K&R compilation issues on HP-UX.
1219 * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
1220 Pass in output function to lbuf_init() instead of writing to stdout.
1221 A side effect is that the usage info can now go to stderr as it
1222 should. Add support for embedded newlines in lbuf and use that
1223 instead of multiple calls to lbuf_print.
1226 * configure, configure.in, sudo.man.pl, sudoers.man.pl:
1227 Use numeric registers to handle conditionals instead of trying to do
1228 it all with text processing.
1232 Document per-command SELinux settings
1236 timestamp -> time stamp
1240 Set close on exec flag in private versions of setpwent() and
1245 Make send_mail() take a printf-style argument list
1248 * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
1249 config.guess, config.h.in, config.sub, configure, configure.in,
1250 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
1251 m4/ltversion.m4, m4/lt~obsolete.m4:
1252 Update to autoconf 2.65 and libtool 2.2.6b
1256 Don't use TRUE/FALSE which may not be defined.
1259 * sudo.cat, sudo.man.in, sudo.pod:
1260 Document new tty_ticket behavior
1263 * find_path.c, sudo.c, sudo.h, visudo.c:
1264 Make find_path() a little more generic by not checking def_foo
1265 variables inside it. Instead, pass in ignore_dot as a function
1270 Store info from stat(2)ing the tty in the tty ticket when tty
1271 tickets are in use. If the tty lives on a devpts (Linux) or devices
1272 (Solaris) filesystem, stash the ctime in the tty ticket file, as it
1273 is not updated when the tty is written to. This helps us determine
1274 when a tty has been reused without the user authenticating again
1278 * boottime.c, check.c, sudo.h:
1279 get_boottime() now fills in a timeval struct
1282 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
1284 * check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
1285 gettime.c, sudo.h, sudo_edit.c, visudo.c:
1286 Use timeval directly instead of converting to timespec when dealing
1287 with file times and time of day.
1291 Fix OpenPAM detection for newer versions.
1295 Sync with Quest sudo git repo
1298 * aclocal.m4, configure, configure.in:
1299 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
1300 libvas may need libdl for dlopen() Add missing template for
1301 ENV_DEBUG Adapted from Quest sudo
1305 Fix typos; from Quest Sudo
1308 * Makefile.in, configure.in:
1309 Use value of SHELL from configure in Makefile
1312 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
1315 Handle duplicate variables in the environment. For unsetenv(), keep
1316 looking even after remove the first instance. For sudo_putenv(),
1317 check for and remove dupes after we replace an existing value.
1320 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
1323 Fix a crash when checking a sudoers file that has aliases that
1324 reference themselves. Based on a diff from David Wood.
1327 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1330 Fix use after free in error message when a duplicate alias exists.
1333 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
1336 Set errorfile to the sudoers path if we set parse_error manually.
1337 This prevents a NULL dereference in printf() when checking a sudoers
1338 file in strict mode when alias errors are present.
1341 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1343 * TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
1347 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1350 Qualify the command even if it is in the current working directory,
1351 e.g. "./foo" instead of just returning "foo". This removes an
1352 ambiguity between real commands and possible pseudo-commands in
1356 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
1358 * sudoers.cat, sudoers.man.in, sudoers.pod:
1359 Add a note about the security implications of the fast_glob option.
1363 Remove duplicate includes
1366 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
1368 * configure, configure.in:
1369 Fix installation of sudoers.ldap in "make install" when --with-ldap
1370 was specified without a directory. From Prof. Dr. Andreas Mueller
1373 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
1376 When doing a glob match, short circuit if gl.gl_pathc is 0. From
1380 2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
1383 Use parent process group id instead of parent process id when
1384 checking foreground status and suspending parent. Fixes an issue
1385 when running commands under /usr/bin/time and others.
1389 In setenv(), if the var is empty, return 1 and set errno to EINVAL
1390 instead of returning EINVAL directly.
1393 2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
1396 Check for pseudo-command by looking at the first character of the
1397 command in sudoers instead of checking the user-supplied command for
1401 2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1404 Avoid a duplicate fclose() of the sudoers file.
1408 Fix size arg when realloc()ing include stack. From Daniel Kopecek
1411 2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1413 * aix.c, config.h.in, configure, configure.in:
1414 Use setrlimit64(), if available, instead of setrlimit() when setting
1415 AIX resource limits since rlim_t is 32bits.
1419 Fix use after free when sending error messages. From Timo Juhani
1423 2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
1425 * ChangeLog, Makefile.in:
1426 Generate the ChangeLog as part of "make dist" instead of having it
1430 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1433 Generate correct ChangeLog for 1.7 branch.
1436 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1438 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
1439 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
1440 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
1441 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
1442 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
1443 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
1444 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
1445 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
1446 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
1447 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
1448 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
1449 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
1450 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
1451 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
1452 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
1453 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
1454 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
1455 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
1456 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
1457 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
1458 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
1459 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
1460 Remove CVS $Sudo$ tags.
1463 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
1466 make this match sudoers SYNOPSIS
1470 Print a newline between Runas and Command-specific defaults in sudo
1475 Use SET and CLR macros in term_raw
1479 Set stdin to non-blocking mode early instead of in check_input. Use
1480 term_raw instead of term_cbreak since the data we get has already
1481 been expanded via OPOST.
1484 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
1487 Enable/disable all postprocessing instead of just nl->crnl
1488 processing since things like tab expansion matter too. However, if
1489 stdout is a tty leave postprocessing on in the pty since we run into
1490 problems doing it only on the real stdout with .e.g nvi.
1493 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
1496 If tty_tickets is enabled and there is no tty, prompt for a
1497 password. Do not lecture user for "sudo -k command" if user has a
1502 Document missing options: --with-efence and --with-bsm-audit
1505 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
1506 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
1507 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
1508 visudo.man.in, visudo.pod:
1509 username -> user name groupname -> group name hostname -> host name
1512 * INSTALL, README.LDAP, sudoers.pod:
1513 filename -> file name like the rest of the docs
1516 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
1519 Fix printing of entries with multiple host entries on a single line.
1522 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
1525 Mention that targetpw affects the timestamp file name.
1528 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
1530 Add compress_transcript option.
1533 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
1535 * configure, configure.in:
1539 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
1540 Better split of membership vs. traditional group check in
1541 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
1544 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
1547 Fix pasto and add default return value.
1550 * check.c, match.c, pwutil.c, sudo.h:
1551 refactor group member checking into user_in_group()
1554 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
1556 Add support for mbr_check_membership() as present in darwin.
1559 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
1562 Rename label to be accurate
1565 * Makefile.in, boottime.c, check.c, config.h.in, configure,
1566 configure.in, sudo.h:
1567 Treat timestamp files from before we booted as old. Idea from and
1571 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
1573 * sudo.c, sudo.pod, sudo_usage.h.in:
1574 Allow the -u flag to be used in conjunction with the -v flag as per
1575 older versions of sudo.
1579 fix typo in last commit
1582 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
1585 Convert fmt_first and fmt_confd into macros.
1589 timeouts can be floats now
1592 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
1593 defaults.h, mkdefaults:
1594 Add support for floating point timeout values (e.g. 2.5 minutes).
1597 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
1600 The -L flag will be removed in sudo 1.7.4
1603 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
1606 Fix a bug due to order of operators.
1609 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
1612 cmnd_matches() already deals with negation so _cmndlist_matches()
1613 does not need to do so itself. Fixes a bug with negated entries in
1617 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
1620 Don't exit() from open_sudoers, just return NULL for all errors.
1624 Can't rely on the shell sending us SIGCONT when transitioning from
1625 backgroup to foreground process.
1629 Add missing extern def for parse_error
1632 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
1635 Avoid a parse error when #includedir doesn't find any files. Closes
1640 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
1643 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
1646 Start command out in foreground mode if stdout is a tty. Works
1647 around issues with some curses-based programs that don't handle
1648 tcsetattr getting interrupted by a signal. Still allows us to avoid
1649 hogging the tty if the command is part of a pipeline.
1652 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
1653 Use a socketpair to pass signals from parent to child. Child will
1654 now pass command status change info back via the socketpair. This
1655 allows the parent to distinguish between signals it has been sent
1656 directly and signals the command has received. It also means the
1657 parent can once again print the signal notifications to the tty so
1658 all writes to the pty master occur in the parent. The command is
1659 now always started in background mode with tty signals handled by
1663 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
1665 * configure, configure.in:
1666 Fix a few typos in the descriptions; from Jeff Makey Only do the
1667 check for krb5_get_init_creds_opt_free() taking two arguments if we
1668 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
1669 positive when using our own krb5_get_init_creds_opt_free which takes
1670 only a single argument.
1673 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
1675 * configure, configure.in:
1676 Remove a spurious comma in the kerb5 bits.
1680 Call krb5_get_init_creds_opt_init() in our emulated
1681 krb5_get_init_creds_opt_alloc() for MIT kerberos.
1684 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
1691 Need to ignore SIGTT{IN,OU} in child when running the command in the
1692 background. Also some minor cleanup.
1695 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
1698 Instead of calling sigsuspend when waiting for SIGUSR[12] from
1699 parent, install the signal handlers w/o SA_RESTART and let them
1700 interrupt waitpid().
1704 Pass along SIGHUP and SIGTERM from parent to child.
1708 Close unused bits of script_fds in processes that don't need them.
1709 Restore default SIGCONT handler in child.
1713 Update foreground/background status in SIGCONT handler in parent
1717 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
1720 Defer setting terminal into raw mode until just before we fork() and
1721 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
1722 and sudo is already in the foreground be sure to set raw mode before
1723 continuing the child.
1726 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
1729 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
1730 give the command the controlling tty if the main sudo process is the
1735 Don't bother with sudo_waitpid() here for now.
1742 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
1745 Remove non-wroking code that crept into rev 1.55
1748 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
1750 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
1751 First pass at zlib support for transcript data files
1755 remove vestiges of ZLDFLAGS
1759 Add missing variable declaration for when TIOCSCTTY is not defined.
1760 Need to include sys/termio.h for TIOCSCTTY on some systems.
1764 when resuming command, send SIGCONT to its pgrp not just pid
1768 remove unused variable
1772 include selinux.h for is_selinux_enabled() proto
1776 Don't use log_error() in the child process.
1780 Do I/O in parent instead of child since the parent can have both
1781 /dev/tty as well as the pty fds open. The child just sets things up
1782 and waits for its grandchild and writes the signal description to
1783 the pty master if the command was killed by a signal.
1786 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
1788 * missing.h, sudo.h:
1789 Move two struct forward declarations from sudo.h to missing.h
1793 Make comment at the top of script_exec() match reality.
1797 if neither stdin nor stdout is a tty, check stderr
1801 Add back dependecy of gram.h on gram.y
1805 Make transcript mode work as long as we can figure out our tty, even
1806 if it is not stdin. We'd like to use /dev/tty but that won't be
1807 valid after the setsid().
1810 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
1812 * config.h.in, configure, configure.in, pty.c:
1813 Add support for IRIX-style dynamic ptys
1816 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
1817 Move alloc.c protos into alloc.h
1821 Move prototypes for missing libc functions to missing.h
1824 * Makefile.in, sudo.h, sudoreplay.c:
1825 Move prototypes for missing libc functions to missing.h
1828 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
1830 * config.h.in, configure, configure.in:
1831 Disable transcript support if no tcsetpgrp until we support older
1832 BSD-style job control.
1835 * configure, configure.in, pty.c, script.c:
1836 Break out pty code into pty.c
1839 * compat.h, config.h.in, configure, configure.in:
1840 add killpg macro if no killpg function
1843 * config.h.in, configure, configure.in, script.c:
1844 Push ptem and ldterm for STERAMS-based systems when allocating a
1848 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
1851 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
1855 Call tcgetpgrp() in the parent, not the child and have the child
1856 spin until it is granted. Fixes a race on darwin.
1860 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
1864 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
1867 In script mode, if the command is killed by a signal, print the
1868 signal description as well as a core dump notification like the
1872 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
1874 Add check for strsignal() and a simple implementation if it is not
1875 there but sys_siglist is
1879 Add missing WUNTRACED and store the signal that stopped the
1880 grandchild in suspended, not signo.
1888 Associate the grandchild's pgrp with the tty instead of the child's
1889 and just get suspend notifications via SIGCHLD instead of directly.
1890 This fixes a hang with programs that try to set terminal attributes
1891 and is more consistent with how the shell handles things.
1894 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
1897 Move setpgid() of child into the parent side of the fork() where it
1901 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
1908 Run command in its own pgrp (like the shell does) for easier
1909 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
1910 to grandchild. Don't want grandchild stopped events in the child
1911 (only termination). Flush output after suspending grandchild before
1916 Back out revision 1.34; the problem lies elsewhere.
1920 Don't set stdout to blocking mode when flushing remaining output.
1921 It can cause us to hang when trying to exit. Need to investigate
1926 Handle SIGTTOU and remove some debugging.
1930 Back out revision 1.10 as the signal that interrupts us may be
1931 SIGTTOU or SIGTTIN which the caller must handle.
1935 Apparently we need to send SIGSTOP to the command as well as ourself
1936 when we get SIGTSTP, the kernel doesn't automatically stop the
1941 Use an extra process to act as the glue bewteen the sessions
1942 associated with the user's controlling tty (what the shell uses) and
1943 the tty that sudo is using to do its logging. Basically, this means
1944 that if we get, e.g. SIGTSTP from the process sudo is running, we
1945 relay the signal to the parent so it's shell can do the job control.
1949 Handle getting/setting terminal attributes when the fd is in non-
1953 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
1955 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
1956 Add support for pausing and changing the speed in interactive mode.
1960 Already define O_NOCTTY in compat.h, don't need it here
1963 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
1969 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
1972 Always update the stashed mtime of the temp file instead of using
1973 what we have for the original because the time resolution of the
1974 filesystem the temporary is on may not match that of the filesystem
1975 that holds the original. Should fix bz #371 found by Philippe Levan.
1979 Use cbreak mode instead of raw mode and add signal handlers to
1980 restore the tty on interrupt.
1983 * script.c, sudo.h, term.c:
1984 Retain NL to NLCR conversion on the real tty and skip it on the pty
1985 we allocate. That way, if stdout is not a pty there are no extra
1990 Fix log_output(); just pass in a string and a length.
1993 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
1996 do not use errno when complaining out lack of a tty
1999 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
2001 * Makefile.in, sudoreplay.c, term.c:
2002 Instead of messing with line endings, just set terminal to raw mode
2007 When copying the terminal attributes to the pty, be sure not to set
2008 ONLCR. This prevents extra carriage returns from ending up in the
2013 Convert a do {} while into a while
2017 Use if then instead of test && when installing binaries that may not
2022 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
2023 old tty before associatng with new one.
2026 * script.c, selinux.c, sudo.c, sudo.h:
2027 First cut at refactoring some of the selinux code so it can be used
2028 in conjunction with sudo's transcript support.
2031 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
2033 * aclocal.m4, configure, configure.in:
2034 Fix default case of transcript_enabled being unset.
2037 * script.c, sudoreplay.c:
2038 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
2041 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
2042 Hook up --disable-transcript and --enable-transcript=DIR
2045 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
2047 * aclocal.m4, configure, configure.in, pathnames.h.in:
2048 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
2049 transcript=DIR option to specify the directory
2052 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
2056 * configure, configure.in, sudoers.man.pl, sudoers.pod:
2057 Substitute in default value for secure_path
2061 Mention that the password must be followed by a newline with the -S
2065 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
2068 Go back to dropping out of the select() loop when the process dies;
2069 Linux ptys apparently don't behave the same as BSD in regards to
2070 select(). No need to flush remaining output to the transcript, only
2071 to stdout. Add back code to check the master pty for additional data
2072 when we exit the main select loop.
2075 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
2078 Add getline.o to COMMON_OBJS
2082 sudoreplay depends on libsudo.a
2086 More pwutil.o into COMMON_OBJS
2089 * pwutil.c, testsudoers.c, tsgetgrpw.c:
2090 Remove my_* redirection in pwutil.c for testsudoers and just use the
2091 normal libc get{pw,gr}* names.
2094 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2095 More time and date examples
2098 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
2099 Move nanosleep() emulation into its own file Check librt.a for
2100 nanosleep if we don't find it in libc
2103 * Makefile.in, configure, configure.in:
2104 Build libsudo with the common bits and link things against that.
2112 Keep reading from the pty master -> log file until read returns <=
2113 0. Do our best to write everything to stdout when flushing any
2118 Use unbuffered I/O when writing to stdout and make sure we write the
2122 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
2125 Only use max_wait if it is non-zero
2128 * getdate.c, getdate.y, getline.c:
2133 Fix nanosleep emulation
2137 Fix comment after #endif
2141 Add protos for missing libc bits
2144 * configure, configure.in:
2145 add missing line continuation char
2148 * config.h.in, configure, configure.in, getline.c:
2149 Implement getline() in terms of fgetln() if we have it.
2153 Print year when formatting log line
2157 Document cwd, attempt to document time/date formats.
2161 Fix getline return value check.
2164 * Makefile.in, config.h.in, configure, configure.in, getline.c,
2166 Use getline() if the system has it, else use provide our own for
2171 Refactor code to update output and timing files.
2174 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
2177 Make sudo_getln() behave more like glibc getline.
2181 When flushing remaining output, also update timing file.
2185 Use get_timestr() and make the -l output look like the regular sudo
2189 * logging.c, sudo.h, timestr.c:
2190 Make get_timestr() take a time_t so we can use it properly in
2195 Create session dir earlier now that we update the seq number early.
2198 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2201 Use fromdate and todate as the keywords instead of from and to; the
2202 short forms will still be accepted.
2206 Fix reading long liensin sudo_getln()
2209 * script.c, sudoreplay.c:
2210 Log the cwd in the script log file. Add sudo_getln() to read
2211 arbitrarily long lines.
2214 * Makefile.in, logging.c, sudo.h, timestr.c:
2215 Move get_timestr() into its own source file so sudoreplay can use
2219 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
2222 Add to and from perdicates (date ranges); needs documentation
2225 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
2227 * Makefile.in, getdate.c, getdate.y:
2228 Fix warning and add generated getdate.c
2231 * Makefile.in, getdate.y:
2232 Add getdate.y to be used for sudoreplay date parsing.
2235 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
2238 Check more than just the first character of a predicate
2241 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2242 Add examples, sort predicates
2245 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
2247 Implement search expressions in sudoreplay similar in concept to
2248 what find or tcpdump uses. TODO: date ranges
2251 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
2254 Remove vhangup as it was hanging up the wrong tty. Should really
2255 vhangup in the child after it as set its tty.
2259 Fix cut at documenting transcript support.
2263 ID= -> TSID= for transcript ID
2266 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
2269 Move fast_glob description to where it belongs in sorted order
2272 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
2273 parse.c, parse.h, sudo.c:
2274 Rename script -> transcript
2277 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
2280 Add timeradd and timersub for those without them
2284 Sanity check sessid before using it.
2288 Only set the session id if we are running a command or editing a
2293 Actually. qsort is fine since most versions fal back to a cheaper
2294 sort when the number of elements to sort is small (like in our
2298 * config.h.in, configure, configure.in, script.c:
2299 Check for dup2 and use dup instead if we don't have it.
2302 * script.c, sudo.c, sudo.h:
2303 Move the code to dup2 the script fds to low numbered descriptors
2304 into script_duplow() and fix the fd sorting.
2307 * script.c, sudo.c, sudo.h:
2308 Move script_setup() back to immediately before we drop privs and
2309 call the new script_nextid() in its place, which will set
2310 sudo_user.sessid for the logging functions.
2313 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
2320 remove unused variable
2323 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2325 * logging.c, script.c, sudo.c, sudo.h:
2326 Log the session ID, if there is one. Currently logs ID=XXXXXX,
2327 perhaps should be SESSIONID or SESSID.
2330 * Makefile.in, configure, configure.in, sudoreplay.cat,
2331 sudoreplay.man.in, sudoreplay.pod:
2336 add -V (version) flag
2343 * script.c, sudoreplay.c:
2344 Use base36 number for the ID and store script files with paths like
2345 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
2346 (2,176,782,336) unique IDs.
2349 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
2351 * config.h.in, configure.in:
2352 Add check for regcomp
2356 Add support for selecting by pattern and tty when listing.
2359 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2362 The beginnings of a list mode.
2365 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
2371 * Makefile.in, config.h.in, configure.in:
2372 Add scaffolding for building sudoreplay
2376 include error.h first arg to nanotime is const
2380 Initial cut at sudoreplay; replay a sudo session.
2383 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
2386 Fix wait() usage and use correct wait status.
2389 * sudo.c, sudo.h, tgetpass.c:
2390 Add protos for term_* to sudo.h
2394 Fix detection of the child process exiting. Since the child is in
2395 its own session we should only ever get SIGCHLD for that process but
2396 better safe than sorry.
2400 Add UNIX98 pty support.
2403 * configure, configure.in, script.c:
2404 Add UNIX98 pty support.
2407 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
2410 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
2415 Set PAM_RUSER and PAM_RHOST early so they can be used during
2416 authentication. Based on a patch from Jamie Beverly.
2420 Close dir before returning if strlcpy() reports overflow. From
2424 * config.h.in, configure, configure.in, script.c:
2425 On Linux, the openpty proto libes in pty.h
2429 Call vhangup on exit if the system has it Use setpgrp() if no
2433 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
2435 * config.h.in, configure, configure.in:
2436 Add checks for revoke and vhangup if we don't have openpty
2440 Session logging guts that got forgotten in the previous commit.
2443 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
2444 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
2445 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
2447 First cut at session logging for sudo. Still need to write
2448 get_pty() for Unix 98 and old-style BSD ptys. Also needs
2449 documentation and general cleanup.
2452 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
2454 * sudo.c, sudo_edit.c:
2455 Fix a bug introduced with def_closefrom. The value of def_closefrom
2456 already includes the +1.
2459 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
2462 Generate sudo distributions with pax in ustar mode. No longer need
2463 to use a temp file or have the source dir name match the version.
2466 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
2469 Fix expansion of %h in #include names. Fixes bugzilla 363
2472 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
2475 If no arg assume def_data.in
2480 [f5ad45f69f05] [SUDO_1_7_2]
2486 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
2488 * sudoers.cat, sudoers.man.in, sudoers.pod:
2489 Add missing single quotes around a colon in Runas_Spec definition.
2493 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
2495 * sudo.man.in, sudoers.man.in:
2500 In rbrepair, re-color the root or the first non-block node we find
2501 to be black. Re-coloring the root is probably not needed but won't
2505 * sudo.cat, sudoers.cat:
2509 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
2512 When repairing the tree, don't touch the root node.
2515 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
2518 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
2519 Reported by Josef Schmid.
2522 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
2525 Document that we accept env_pam-style environment files
2529 Adapt to accept pam_env-style /etc/environment which allows shell-
2530 style lines such as: export EDITOR="/usr/bin/vi"
2534 Make it clear that env_delete only works when !env_reset. From Lo??c
2538 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
2540 * sudo.pod, sudoers.pod:
2541 Add non-unix group bits, adapted from Quest
2545 build the .cat page in the current working dir, not the src dir
2549 Return EINVAL in setenv() if var is NULL or the empty string to
2550 match glibc behavior.
2553 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
2555 * configure, configure.in:
2556 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
2559 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
2561 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
2562 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
2566 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
2569 Document --with-libvas and --with-libvas-rpath
2572 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
2574 * ldap.c, sudoers.ldap.pod:
2575 For netscape-derived LDAP SDKs the cert and key paths may be a
2576 directory or a file. However, version 5.0 of the SDK only seems to
2577 support using a directory. If ldapssl_clientauth_init fails and the
2578 cert or key paths look like they could be files, strip off the last
2579 path element and try again.
2583 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
2586 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
2588 * configure, configure.in, match.c, sudo.c, vasgroups.c:
2589 Update non-Unix group support from Quest, as reworked by me.
2597 Add support for escaped hex chars in names, e.g. \x20 for space.
2600 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
2602 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
2603 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
2604 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
2605 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
2606 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
2607 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
2608 tgetpass.c, toke.l, visudo.c:
2609 Update copyright years.
2612 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
2614 * interfaces.c, lbuf.c:
2615 Minor fixes for Minix-3
2618 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
2621 Handle getgroups() returning 0. Also add missing check for
2625 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
2627 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
2628 version.h, visudo.c:
2629 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
2632 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
2635 Remove group setting code in setusercontext case, we will do it
2636 ourselves later on in runas_setup. Set the gid after
2637 initgroups/setgroups is called, since on Mac OS X it seems to change
2641 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
2643 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
2645 Initial bits of non-unix group support using Quest Authentication
2650 Accept %:foo as a non-Unix group
2654 Allow user/group to be double quoted in the case of non-Unix groups
2655 which contain spaces.
2658 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
2661 Don't allow the user to specify the default runas user if their
2662 sudoers entry only allows them to run as a group.
2665 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
2668 Must call audit_success before we change uids.
2671 * logging.c, set_perms.c, sudo.h, testsudoers.c:
2672 Add option for set_perm to not exit on failure and use this in the
2677 In -l mode, if the user is only allowed to run as a group, display
2678 the user's name, not root's before the allowed group.
2682 Fix -g mode, broken by rev 1.503 which had the side effect of
2683 setting the runas user to root unilaterally.
2686 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
2689 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
2693 Only cache by the method we fetched for pwd and grp lookups.
2694 Previously we cached both by namd and id but this can cause problems
2695 for entries that share the same id. Also add more info in the error
2696 message in case the insert fails (which should now be impossible).
2699 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
2702 Add a clarification from Nick Sieger
2705 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
2708 Inline the setting of the environment string.
2711 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
2714 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
2715 in BSD doesn't return an error if the name has '=' in it, it just
2716 treats the '=' as end of string.
2719 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
2722 Not all systems have d_namlen
2725 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
2728 Fix up some pod2html issues.
2731 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
2734 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
2739 Ignore files ending in '~' in sudo.d (emacs backup files)
2743 Ignore files ending in '~' in sudo.d (emacs backup files)
2746 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
2748 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
2749 For #includedir, ignore any file containing a dot
2752 * Makefile.in, version.h:
2756 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
2757 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
2759 Implement #includedir directive. Files in an includedir are not
2760 edited by visudo unless they contain a syntax error.
2765 [8741ed61a78b] [SUDO_1_7_1]
2768 Forgot umask_override
2775 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
2778 Rewind stream if we fdopen sudoers since it may not be at the
2779 beginning. Set the keepopen flag on already-open files too so the
2780 lexer doesn't close them out from under us.
2784 Print the proper file name when there is a parse error in an include
2788 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
2794 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
2796 * configure, configure.in:
2797 Fix a warning when --without-ldap is specified.
2800 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
2802 * alias.c, parse.h, visudo.c:
2803 Store aliases that we remove during check_aliases in a freelist and
2804 free them at the end so we don't leak memory.
2807 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
2810 Check aliases in -c mode too.
2813 * alias.c, parse.h, visudo.c:
2814 Make alias_remove return the alias struct instead of freeing it
2815 directly. Fixes a use after free in alias_remove_recursive, the only
2819 * alias.c, match.c, parse.c, parse.h, visudo.c:
2820 Rename find_alias -> alias_find for consistency.
2823 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
2826 When checking for unused aliases, recurse if the alias points to
2830 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
2833 Back out rev 1.105 for now. Real ldapux_client.conf support will be
2834 done later after some refactoring.
2837 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
2840 Treat ldap_hostport the same as "host" for ldapux.
2843 * configure, configure.in:
2844 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
2845 Fixes compilation with ldapux.
2848 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
2854 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
2857 remove errant carriage returns
2864 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
2865 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
2869 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
2872 Add missing HAVE_BSM_AUDIT
2880 Mention --with-netsvc
2884 Document netsvc.conf support
2887 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
2889 Add support for AIX netsvc.conf (like nsswitch.conf).
2892 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
2894 * config.h.in, configure, configure.in, env.c:
2895 Add --enable-env-debug flag to enable environment sanity checks.
2898 * sudoers.ldap.pod, sudoers.pod:
2899 Work around some pod2html issue.
2902 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
2905 Only sync environ for putenv, setenv, and unsetenv. We need to make
2906 sure that sudo_putenv and sudo_setenv only modify env.envp, not
2910 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
2913 Really fix UNSETENV_VOID
2917 Fix unsetenv when UNSETENV_VOID
2920 * aclocal.m4, configure:
2921 Fix SUDO_FUNC_PUTENV_CONST
2925 tivoli-based ldap does not have ldapssl_err2string
2932 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
2934 * config.h.in, configure, configure.in, ldap.c:
2935 Add support for Tivoli-based LDAP start TLS as seen in AIX.
2940 Add sanity checks for setenv/unsetenv
2944 Include bsm_audit.h in the tarball
2947 * Makefile.in, version.h:
2948 bump version for sudo 1.7.1
2951 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
2952 env.c, ldap.c, sudo.h:
2953 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
2954 provide our own setenv/unsetenv/putenv that operates on own env
2955 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
2958 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
2961 Make "sudoedit -h" work as expected
2965 Make sure def_prompt is always defined. This is a workaround for
2966 pam configs that prompt for a password in the session but don't have
2967 an auth line. A better fix is to expand the sudo prompt earlier and
2968 set def_prompt to that when initializing.
2972 Mention that the helper for -A may be graphical.
2976 Document what happens if there is no tty.
2988 Fix "sudo -k" with no other args
2991 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
2993 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
2994 Allow the -k flag to be specified in conjunction with a command or
2995 another option that may require authentication.
2998 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
3000 * configure, configure.in:
3001 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
3005 Parallel make fix. From Diego E. 'Flameeyes'
3008 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
3010 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
3011 Implement umask_override
3018 * sudoers.pod, toke.l, visudo.c:
3019 Implement %h escape in sudoers include filenames.
3023 Need to include compat.h
3026 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
3027 Make audit_success and audit_failure generic functions in
3028 preparation for integrating linux audit support.
3032 remove duplicate include
3035 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
3042 May need to update the runas user after parsing command-based
3046 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
3049 Add missing pair of braces introduced with character class support.
3052 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
3054 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
3055 Rename pwstars to pwfeedback
3058 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
3060 * bsm_audit.c, bsm_audit.h:
3061 Add const to make MacOS happy.
3064 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
3065 configure.in, sudo.c:
3066 Add bsm audit support from Christian S.J. Peron
3070 This is new code, no DARPA notice.
3073 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
3075 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
3076 Rename simple_glob -> fast_glob
3083 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
3084 Add simple_glob option to use fnmatch() instead of glob(). This is
3085 useful when you need to specify patterns that reference network file
3097 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
3100 Delete any pwstars we wrote after the user hits return. That way
3101 there is no record on screen as to the user's password length.
3104 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
3107 Move terminal setting bits from tgetpass.c to term.c
3110 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
3112 Add pwstars sudoers option that causes sudo to print a star every
3113 time the user presses a key.
3116 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
3119 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
3122 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
3125 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
3126 indicate no limit. From Mark Janssen.
3129 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
3132 Comments that begin with #- should not be parsed as uids.
3135 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
3138 Do not try to set the close on exec flag if we didn't actually open
3142 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
3146 [e11f0e4c1bdd] [SUDO_1_7_0]
3148 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
3154 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
3157 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
3161 * configure, configure.in:
3162 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
3163 as it cannot generate shared objects.
3166 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
3167 K&R compilation fixes
3171 Use tq_foreach_fwd when checking pseudo-commands to make it clear
3172 that we are not short-circuiting on last match. When pwcheck is
3173 'all', initialize nopass to TRUE and override it with the first non-
3177 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
3180 Do not short circuit pseudo commands when we get a match since,
3181 depending on the settings, we may need to examine all commands for
3185 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
3187 * sudoers.cat, sudoers.man.in:
3192 hostnames may also contain wildcards
3196 remove stamp-* files and linux core files in clean target
3199 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
3201 * auth/sudo_auth.h, config.h.in, configure, configure.in:
3202 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
3205 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
3207 * configure, configure.in:
3208 correctly enable SIA on Digital UNIX
3219 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
3221 * check.c, sudo.h, tgetpass.c:
3222 Even if neither stdin nor stdout are ttys we may still have /dev/tty
3226 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
3228 * sudoers.cat, sudoers.man.in:
3233 fix typos; Markus Lude
3245 Fix matching of a line that only consists of a comment char
3248 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
3251 MacOS pam will retry conversation function if it fails so just treat
3252 ^C as an empty password.
3256 When checking for alias use, also check defaults bindings.
3264 Replace my rbdelete with Emin's version (which actually works ;-)
3267 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
3274 malloc options in devel mode for visudo too
3277 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
3280 fix compilation on non-C99; from Theo
3288 when destroying an alias, free the correct data pointer
3292 add proto for aixauth_cleanup; from Dale King
3295 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
3297 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
3302 * sudo.pod, sudoers.pod, visudo.pod:
3303 standardize on the term 'option' for command line options (not flag)
3306 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
3309 Add note on configuring HP-UX pam
3312 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
3315 Move tty checks into check_user() so we only do them if we actually
3320 Don't error out if no tty or askpass unless we actually need to
3324 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
3330 * pathnames.h.in, sudo.c:
3331 s/overriden/overridden/; from Tobias Stoeckmann
3334 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
3336 * WHATSNEW, visudo.c:
3337 check sudoers owner and mode in strict mode
3344 * sudo.man.in, sudoers.man.in, visudo.man.in:
3345 Update copyright years.
3348 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
3349 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
3350 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
3351 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
3352 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
3353 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
3354 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
3355 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
3356 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
3357 visudo.pod, zero_bytes.c:
3358 Update copyright years.
3361 * emul/charclass.h, fnmatch.c, glob.c:
3365 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
3368 The loop in fill_cmnd() was going one byte too far past the end,
3369 resulting in a NUL being written immediately after the buffer end.
3372 * UPGRADE, WHATSNEW:
3373 add sections on tgetpass changes
3377 Treat EOF w/o newline as an error.
3380 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
3383 Fix "sudo -v" when NOPASSWD is set.
3386 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
3388 No longer treat an empty password at the prompt as special. To quit
3389 out of sudo you now need to hit ^C at the password prompt.
3392 * sudoers.cat, sudoers.man.in:
3396 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
3397 Sudo will now refuse to run if no tty is present unless the new
3398 visiblepw sudoers flag is set.
3401 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
3404 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
3409 fix fallback value for RLIM_SAVED_MAX
3412 * auth/aix_auth.c, auth/sudo_auth.h:
3413 Move clearing of AUTHSTATE into aixauth_cleanup.
3416 * auth/aix_auth.c, env.c:
3417 Unset AUTHSTATE after calling authenticate() as it may not be
3418 correct for the user we are running the command as.
3422 Add isblank() function for systems without it. Needed for POSIX
3423 character class matching in fnmatch.c and glob.c.
3426 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
3429 expound on sudo and cd
3432 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
3438 * sudoers.cat, sudoers.man.in:
3443 mention defauts parse order
3446 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
3448 * Makefile.in, aclocal.m4, compat.h, configure:
3449 Add isblank() function for systems without it. Needed for POSIX
3450 character class matching in fnmatch.c and glob.c.
3454 add emul/charclass.h to HDRS
3457 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
3463 * defaults.c, parse.c, testsudoers.c, visudo.c:
3464 Move update_defaults into defaults.c and call it properly from
3465 visudo and testsudoers.
3468 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
3470 use zero_bytes() instead of memset() for consistency
3473 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
3475 Zero out sigaction_t before use in case it has non-standard entries.
3483 Short circuit glob() checks if basename(pattern) !=
3484 basename(command). Refactor code that checks for a command in a
3485 directory and use it in the glob case if the resolved pattern ends
3489 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
3491 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
3492 Defer setting runas defaults until after runaspw/gr is setup.
3495 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
3497 * match.c, sudo.c, testsudoers.c:
3498 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
3499 systems do not include space for the NUL in the size. Also manually
3500 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
3504 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
3506 * sudo.c, sudoers.pod:
3507 When setting the umask, use the union of the user's umask and the
3508 default value set in sudoers so that we never lower the user's umask
3509 when running a command.
3513 Don't try to read from a zero-length sudoers file. Remove the bogus
3514 Solaris work-around for EAGAIN. Since we now use fgetc() it should
3518 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
3521 In update_defaults() check the return value of user*_matches against
3522 ALLOW so we don't inadvertantly match on UNSPEC.
3525 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
3527 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
3528 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
3529 regen man pages; no more hyphenation
3533 Don't error out on a zero-length sudoers file. With the advent of
3534 #include the user could create a situation where sudo is unusable.
3537 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
3539 * auth/kerb5.c, config.h.in, configure, configure.in:
3540 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
3541 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
3542 all. Add configure tests to handle all the cases.
3545 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
3552 document sudoers_locale
3555 * sudo.pod, sudo_edit.c:
3556 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
3561 In fill_cmnd(), collapse any escaped sudo-specific characters.
3562 Allows character classes to be used in pathnames.
3565 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
3568 fix typo in non-C89 function declaration
3572 Mention POSIX characters classes now that out fnmatch() and glob()
3576 * sample.sudoers, sudoers.pod:
3577 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
3582 use __signed char if we are going to assign a negative value since
3583 on Power, char is unsigned by default
3586 * config.h.in, configure, configure.in:
3587 Add tests for __signed char and signed char.
3591 Fix AIX limit setting. getuserattr() returns values in disk blocks
3592 rather than bytes. The default hard stack size in newer AIX is
3593 RLIM_SAVED_MAX. From Dale King.
3596 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3598 * emul/charclass.h, fnmatch.c, glob.c:
3599 Add character class support to included glob(3) and fnmatch(3).
3602 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3605 Remove UCB advertising clause and some compatibility defines.
3608 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3611 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
3612 or sudo. This allows one to set EDITOR to sudoedit without getting
3613 into an infinite loop of sudoedit running itself until the path gets
3617 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
3618 Add sudoers_locale Defaults option to override the default sudoers
3622 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
3625 Set locale to system default except for during sudoers parse.
3628 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
3631 Redo change in 1.34 to use pointer arithmetic.
3634 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
3637 Fix a dereference (read) of a freed pointer. Reported by Patrick
3641 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
3644 Set locale to "C" to avoid interpretation issues with character
3645 ranges in sudoers. May want to make the locale a sudoers option in
3649 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
3652 we no longer use setproctitle
3659 * LICENSE, mkstemp.c:
3660 Use my replacement mkstemp() from the mktemp package.
3663 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
3666 regen with yacc skeleton bug fixed
3670 Remove duplicate "as root". From Martin Toft.
3673 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
3675 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
3676 Flesh out the fake passwd entry used for running commands as a uid
3677 not listed in the passwd database. Fixes an issue with some PAM
3681 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
3684 Error out in -i mode if the user has no shell. This can happen when
3685 running commands as a uid with no password entry.
3688 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
3691 Better fix for line continuation inside double quotes. Now accepts
3692 whitespace between the backslash and the newline like the main
3696 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
3699 Fix line continuation in strings. It was only being honored if
3700 preceded by whitespace.
3703 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3705 * config.h.in, configure, configure.in, logging.c:
3706 Replace the double fork with a fork + daemonize.
3709 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
3712 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
3715 * logging.c, sudo.c, sudo_edit.c, visudo.c:
3716 Change how the mailer is waited for. Instead of having a SIGCHLD
3717 handler, use the double fork trick to orphan the child that opens
3718 the pipe to sendmail. Fixes a problem running su on some Linux
3722 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
3724 * configure, configure.in:
3725 Fix configure test for dirfd() on Linux where DIR is opaque.
3728 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
3731 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
3732 this problem we'll need to revisit this again.
3735 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
3738 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
3739 we only block the signal it may be delivered later when we unblock.
3740 Also, there is no need to block SIGCHLD since we no longer do the
3741 double fork. The normal SIGCHLD handler is sufficient.
3744 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
3746 * configure, configure.in:
3747 Add description for NO_PAM_SESSION, from a redhat patch.
3750 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
3752 * sudo.cat, sudo.man.in, sudo.pod:
3753 Fix typos in -i usage
3756 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
3758 * configure, configure.in:
3759 Redo the test for dgettext() in a way that hopefully will work
3760 around the libintl_dgettext() undefined problem.
3763 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
3765 * schema.ActiveDirectory:
3766 change filename in comment
3769 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
3771 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
3773 Reference schema.ActiveDirectory
3776 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
3778 * schema.OpenLDAP, schema.iPlanet:
3779 Mark sudoRunAs as deprecated.
3782 * schema.ActiveDirectory:
3783 add sudoRunAsUser and sudoRunAsGroup
3786 * schema.ActiveDirectory:
3787 Active Directory schema by Chantal Paradis and Eric Paquet
3790 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
3793 remove an XXX that was fixed
3801 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
3802 fixes a problem where the tag value printed was influenced by
3803 defaults set in the first pass through the parser.
3806 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
3808 * Makefile.in, sudo.psf:
3809 No point in packaging the TODO file
3816 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
3818 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
3819 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
3820 Add env_file Defaults option that is similar to /etc/environment on
3824 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
3826 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
3827 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
3828 version.h, visudo.cat, visudo.man.in:
3829 change version to 1.7.0
3833 initial valgrind pass done
3836 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
3839 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
3842 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
3845 define LDAPS_PORT if the system headers do not
3848 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
3851 Fix another memory leak in init_parser().
3854 * configure, configure.in:
3855 There was a missing space before the ldap libs in SUDO_LIBS for some
3859 * alias.c, gram.c, gram.y, toke.c, toke.l:
3860 Clean up some memory leaks pointed out by valgrind.
3863 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
3866 fix "sudo -s" broken by mode/flags breakout
3869 * configure, configure.in:
3870 remove duplicate check for dgettext
3873 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
3876 Fall back to default stanza if no user-specific limit is found.
3879 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
3882 include stdint.h if present
3886 Use LLONG_MAX, not the old QUAD_MAX
3889 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
3895 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
3901 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
3907 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
3918 Split MODE_* defines into primary and flags.
3921 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
3924 It turns out the logic for getting AIX limits is more convoluted
3925 than I realized and differs depending on whether the soft and/or
3926 hard limits are defined.
3929 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
3931 * Makefile.in, configure, configure.in:
3932 Back out AIX-specific change to set the sudo_noexec path to the .a
3933 file, we do really want to use the .so file. Since libtool doesn't
3934 do that correctly, just install the .so file ourselves in the
3939 If the file given to install is a path, only use the basename of the
3940 file when building the destination path.
3943 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
3946 parse_args() cleanup: Sort command line options in the getopt()
3947 switch The -U option requires a parameter Normalize a few ISSET
3948 calls Split mode into mode and flags and retire the now-obsolete
3952 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
3954 Add -n (non-interactive) flag.
3958 Move version printing, etc. into a separate function.
3962 Don't try to cleanup nsswitch if it has not been initialized.
3965 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
3968 Block SIGPIPE in send_mail() so sudo is not killed by a problem
3969 executing the mailer.
3972 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
3974 * configure, configure.in:
3975 AIX shared libs end in .a, not .so.
3978 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
3981 Preserve HOME by default too. Matches documentation and previous
3985 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
3988 Use getopt() to parse the command line. We need to be able to
3989 intersperse env variables and options yet still honor "--"" which
3990 complicates things slightly.
3993 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
3999 * acsite.m4, configure, ltmain.sh:
4000 update to libtool-1.5.26
4003 * config.guess, config.sub:
4004 update from libtool-1.5.26 distribution
4008 attempt to fix compilation errors on AIX
4012 fix typo in last commit
4016 Add WHATSNEW file to the distribution
4020 use warningx instead of fprintf(stderr, ...)
4024 add DEBUG to list2tq
4035 * Makefile.in, aix.c, config.h.in, configure, configure.in,
4036 set_perms.c, sudo.h:
4037 Add aix_setlimits() to set resource limits on AIX using a
4038 combination of getuserattr() and setrlimit(). Currently untested.
4041 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
4043 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
4044 sudoers.man.in, sudoers.pod:
4045 Add mailfrom Defaults option that sets the value of the From: field
4046 in the warning/error mail. If unset the login name of the invoking
4051 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
4055 When adding a default, only call list2tq() once to do the list to tq
4056 conversion. It is not legal to call list2tq multiple times on the
4057 same list since list2tq consumes and modifies the list argument.
4060 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4061 comment out XXXs for now
4068 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
4071 Error out if both -A and -S are specified Error out if -A is
4072 specified but no askpass is configured
4075 * configure, configure.in:
4076 we are not going to ship a sudo-specific askpass
4079 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
4082 fix definition of TGP_ASKPASS
4085 * def_data.c, def_data.in:
4086 make askpass boolean-capable
4090 document --with-askpass
4093 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4094 sudoers.man.in, visudo.cat:
4098 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4100 * sudo.pod, sudo_usage.h.in, sudoers.pod:
4101 document -A and askpass
4104 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
4105 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
4106 sudo_usage.h.in, tgetpass.c:
4107 Add support for running a helper program to read the password when
4108 no tty is present (or when specified with the -A flag). TODO: docs.
4111 * def_data.c, def_data.in:
4112 add missing printf format to SELinux role and type strings
4115 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
4117 * INSTALL, configure, configure.in:
4118 Disable use of gss_krb5_ccache_name() by default and add
4119 --enable-gss-krb5-ccache-name configure option to enable it. It
4120 seems that gss_krb5_ccache_name() doesn't work properly with some
4121 combinations of Heimdal and OpenLDAP.
4124 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
4127 Ignore setexeccon() failing in permissive mode. Also add a call to
4128 setkeycreatecon() (though this is probably insufficient). From Dan
4133 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
4134 function may be called for non-password reading purposes so we must
4135 be careful not to use def_prompt in cases where it may not be set.
4138 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
4141 Don't free the new tty context, we need to keep it around when we
4142 restore the tty context after the command completes
4145 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
4151 * sudo.man.pl, sudo.pod:
4152 Only put login_cap(3) in SEE ALSO section if we have login.conf
4156 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
4158 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4159 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4164 Substitute in comment characters for lines partaining to login.conf,
4165 BSD auth and SELinux and only enable them if pertinent.
4169 Substitute in comment characters for lines partaining to login.conf,
4170 BSD auth and SELinux and only enable them if pertinent.
4174 Substitute in comment characters for lines partaining to login.conf,
4175 BSD auth and SELinux and only enable them if pertinent.
4179 Substitute in comment characters for lines partaining to login.conf,
4180 BSD auth and SELinux and only enable them if pertinent.
4183 * Makefile.in, configure, configure.in:
4184 Substitute in comment characters for lines partaining to login.conf,
4185 BSD auth and SELinux and only enable them if pertinent.
4188 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
4189 Remove the =cut on the first line (above the copyright notice) to
4190 quiet pod2man. Also remove the hackery in the FILES section and
4191 just deal with the fact that there will a newline between each
4195 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
4198 run sudo.man.pl when generating sudo.man.in
4201 * configure, configure.in, sudo.man.pl:
4202 comment out SELinux manual bits unless --with-selinux was specified
4206 document role and type defaults for SELinux
4209 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
4210 Document "sudo -ll" and make "sudo -l -l" be equivalent.
4213 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
4215 * configure, configure.in:
4216 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
4217 Debian GNU/kFreeBSD.
4220 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
4223 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
4227 * logging.c, logging.h, sudo.c:
4228 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
4229 log_auth() into log_allowed() and log_denial() Replace mail_auth()
4230 with should_mail() and a call to send_mail()
4233 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
4236 Add debugging so we can tell if the krb5 ccache is accessible
4240 mention --with-selinux
4243 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4253 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
4254 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
4255 testsudoers.c, toke.c, toke.l:
4256 Add support for SELinux RBAC. Sudoers entries may specify a role
4257 and type. There are also role and type defaults that may be used.
4258 To make sure a transition occurs, when using RBAC commands are
4259 executed via the new sesh binary. Based on initial changes from Dan
4264 Add support for SELinux RBAC. Sudoers entries may specify a role
4265 and type. There are also role and type defaults that may be used.
4266 To make sure a transition occurs, when using RBAC commands are
4267 executed via the new sesh binary. Based on initial changes from Dan
4271 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
4272 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
4273 pathnames.h.in, selinux.c:
4274 Add support for SELinux RBAC. Sudoers entries may specify a role
4275 and type. There are also role and type defaults that may be used.
4276 To make sure a transition occurs, when using RBAC commands are
4277 executed via the new sesh binary. Based on initial changes from Dan
4281 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
4283 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
4284 Add long list (sudo -ll) support for printing verbose LDAP and
4285 sudoers file entries. Still need to update manual.
4288 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
4290 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
4291 Unify the -l output for file and ldap based sudoers and use lbufs
4292 for both. The ldap output does not currently include options that
4293 cannot be represented as tags. This will be remedied in a long list
4294 output mode to come.
4297 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
4300 Use a specific error message for errno == EAGAIN when setuid() et al
4301 fails. On Linux systems setuid() will fail with errno set to EAGAIN
4302 if changing to the new uid would result in a resource limit
4307 Unlimit nproc on Linux systems where calling the setuid() family of
4308 syscalls causes the nroc resource limit to be checked. The limits
4309 will be reset by pam_limits.so when PAM is used. In the non-PAM
4310 case the nproc limit will remain unlimited but there doesn't seem to
4311 be a way around that other than having sudo parse
4312 /etc/security/limits.conf directly.
4315 * env.c, sudo.c, sudo.pod:
4316 Only read /etc/environment on Linux and AIX
4319 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
4321 * configure, configure.in:
4322 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
4323 ldap.conf and ldap.secret paths from going into config.h. Avoid
4324 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
4325 since in some versions of bash they will end up literally in the
4329 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
4332 mention --with-nsswitch=no
4335 * configure, configure.in:
4336 ldap_ssl.h depends on ldap.h being included first
4339 * config.h.in, configure, configure.in, ldap.c:
4340 Include ldap_ssl.h if we can find it. Needed for the
4341 ldapssl_set_strength defines on HP-UX at least.
4352 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4353 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4358 Use 78n line length when formatting cat pages.
4362 Remove redundant info that is now in sudoers.ldap.pod
4365 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
4367 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4368 Reorganize the first section a bit. Substitute the proper path for
4372 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4373 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
4374 schema into EXAMPLES
4377 * configure, configure.in:
4378 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
4382 * configure, configure.in:
4383 substitute for sudoers.ldap.man
4387 Fix cut & pasto introduced when adding sudoers.ldap man page.
4390 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4391 Fill in some of the missing pieces. Still needs some reorganization
4395 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
4397 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
4399 Beginnings of a sudoers.ldap man page. Currently, much of the
4400 information is adapted from README.LDAP.
4403 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
4406 When copying gr_mem we must guarantee that the storage space for
4407 gr_mem is properly aligned. The simplest way to do this is to
4408 simply store gr_mem directly after struct group. This is not a
4409 problem for gr_passwd or gr_name as they are simple strings.
4413 Fix a typo/thinko in one of the calls to
4414 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
4417 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
4419 * config.h.in, configure, configure.in, ldap.c:
4420 include <mps/ldap_ssl.h> in ldap.c if available
4423 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
4426 Make sure we define SIZE_MAX for yacc's skeleton.c
4430 Use TCSAFLUSH when restoring terminal settings (and echo) to
4431 guarantee that any pending output is discarded
4434 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
4437 no longer need to specify SETENV when user has sudo ALL
4441 sync user_args size calculation with sudo.c Add -g group option,
4442 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
4447 Make set_runaspw static void
4450 * testsudoers.c, visudo.c:
4451 g/c set_runaspw stub
4454 * configure, configure.in:
4455 Don't add -llber twice.
4458 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
4464 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
4470 * configure, configure.in:
4471 Fix check that determines whether -llber is required.
4474 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
4475 For netscape-based LDAP, use ldapssl_set_strength() to implement the
4476 checkpeer ldap.conf option.
4480 Delay krb5_cc_initialize() until we actually need to use the cred
4481 cache, which is what krb5_verify_user() does. Better cleanup on
4485 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
4488 Rewrite verify_krb_v5_tgt() based on what heimdal's
4489 krb5_verify_user() does.
4492 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
4495 The U suffix on constants is an ANSI feature
4498 * configure, configure.in:
4499 Add check for ber_set_option() in -llber
4502 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
4505 default if no nsswitch.conf is files only
4508 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
4511 don't tell people to mail aaron about LDAP stuff
4515 timelimit and bind_timelimit
4523 Move ldap.secret reading into a separate function.
4527 user_runas -> runas_pw
4530 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
4536 * check.c, sudo.pod, sudoers.pod:
4537 Add and document the %p escape in the password prompt. Based on a
4538 patch from Patrick Schoenfeld.
4542 Check strlcpy() return values.
4546 refactor ldap binding code into sudo_ldap_bind_s()
4550 Make it clear that host and uri can take multiple parameters. URI is
4551 now supported for more than just openldap nsswitch.conf does't
4556 comment cleanup and update (c) year
4559 * parse.c, sudo_nss.c:
4560 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
4561 This should make it possible to build an LDAP-only sudo binary.
4564 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
4565 Improve chaining of multiple sudoers sources by passing in the
4566 previous return value to the next in the chain
4570 Free up parser data structures in sudo_file_close().
4574 Free up parser data structures in sudo_file_close().
4578 Parse uri ourself if no ldap_initialize() is present Use
4579 ldap_create() instead of deprecated ldap_init() Use
4580 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
4583 * config.h.in, configure, configure.in:
4584 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
4588 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
4590 * config.h.in, configure, configure.in:
4591 add check for ldap_create
4594 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
4596 * config.h.in, configure, configure.in, ldap.c:
4597 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
4598 dn using the mechanism appropriate for the LDAP SDK in use. Use
4599 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
4600 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
4607 * config.h.in, configure.in:
4608 fix typo in mtim_getnsec
4611 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
4613 * config.h.in, configure, configure.in:
4614 add check for st__tim in struct stat as used by SCO
4618 use ldap_search_ext_s instead of deprecated ldap_search_s
4621 * Makefile.in, TODO, sudo.cat, sudo.man.in:
4622 add sudo_nss.h to HDRS
4626 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
4630 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
4633 Use ldap_get_values_len()/ldap_value_free_len() instead of the
4634 deprecated ldap_get_values()/ldap_value_free().
4645 * gettime.c, sudo.c:
4646 Remove some already fixed XXXs
4650 Same return value as non-existent sudoers if LDAP was unable to
4655 mention /etc/environment
4658 * README.LDAP, UPGRADE, WHATSNEW:
4659 Update to reflect recent developments.
4663 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
4667 When building up a query don't list groups in the aux group vector
4668 that are the same as the passwd file group. On most systems the
4669 first gid in the group vector is the same as the passwd entry gid.
4673 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
4674 ldaprc and system defaults that could affect how LDAP works.
4677 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
4678 sudo_nss.c, sudo_nss.h:
4679 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
4680 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
4681 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
4682 file and --with-ldap-secret-file
4686 Honor def_ignore_local_sudoers
4689 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
4692 no longer need to check def_ignore_local_sudoers here
4696 Refactor group vector resetting into a function and also call it
4697 from display_cmnd. Stop after the first sucessful match in
4698 display_cmnd. Print a newline between each display_privs method.
4702 fix double free introduced in rev 1.218
4706 belt and suspenders; zero out result after freeing it
4709 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
4710 Refactor line reading into a separate function, sudo_parseln(),
4711 which removes comments, leading/trailing whitespace and newlines.
4712 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
4716 Make the inability to read the sudoers file a non-fatal error if
4717 there are other sudoers sources available. sudoers_file_lookup now
4718 returns "not OK" if sudoers was not present
4722 make it clear that the global options are from LDAP
4726 allocate proper amount of space for error string
4729 * sudo_nss.c, sudo_nss.h:
4730 actual sudo nss code
4733 * ldap.c, parse.c, sudo.c, sudo.h:
4734 nss-ify display_privs and display_cmnd.
4737 * defaults.c, parse.c, testsudoers.c, visudo.c:
4738 move update_defaults() to parse.c
4741 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
4742 Use nsswitch to hide some sudoers vs. ldap implementation details
4743 and reduce the number of #ifdef LDAP TODO: fix display routines and
4747 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
4749 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
4750 First cut at nsswitch.conf support. Further reorganizaton and
4751 related changes are forthcoming.
4754 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
4756 * env.c, pathnames.h.in, sudo.c, sudo.h:
4757 Add support for reading and /etc/environment file. Still needs to
4758 be documented and should probably only applies to OSes that have it
4759 (AIX and Linux, maybe others).
4766 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
4772 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
4779 Add an example sudoRole, clarify netscape vs. openldap a bit more
4783 Be clear on what is OpenLDAP vs. Netscape-derived
4786 * config.h.in, configure, configure.in, ldap.c:
4787 Use ldapssl_init() for ldaps support instead of trying to do it
4788 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
4789 and tls_key for cert7.db and key3.db respectively. Don't print
4790 debugging info for options that are not set. Add warning if
4791 start_tls specified when not supported.
4795 fix compilation on solaris
4799 add missing .h and .c files for missing lib objs
4802 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
4805 fix LDAP_OPT_NETWORK_TIMEOUT setting
4809 fix compilation on Solaris
4812 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
4814 * configure, configure.in:
4819 try to clear up which variables are for OpenLDAP and which are for
4820 netscape-derived SDKs
4823 * config.h.in, configure, configure.in, ldap.c:
4824 Add support for "ssl on" in both netscape and openldap flavors. Only
4825 the OpenLDAP flavor has been tested.
4828 * logging.c, sudo.c, sudo.h:
4829 Call cleanup() before exit in log_error() instead of calling
4830 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
4837 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
4839 * logging.c, sudo.c, sudo.h:
4840 Better ldap cleanup.
4844 Distinguish between LDAP conf settings that are connection-specific
4845 (which take an ld pointer) and those that are default settings
4849 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
4852 Improved warnings on error.
4856 Make ldap config table driven and set the config *after* we open the
4860 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
4863 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
4866 * configure, configure.in:
4867 some operating systems need to link with -lkrb5support when using
4871 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
4877 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
4881 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
4887 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
4888 add -g support for LDAP
4891 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
4893 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
4894 The -i and -s flags can now take an optional command.
4897 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
4899 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
4901 Add passprompt_override flag to sudoers that will cause the prompt
4902 to be overridden in all cases. This flag is also set when the user
4903 specifies the -p flag.
4907 Move setting of login class until after sudoers has been parsed. Set
4908 NewArgv[0] for -i after runas_pw has been set.
4911 * configure, configure.in:
4912 Move the dgettext check.
4915 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
4917 * auth/pam.c, config.h.in, configure, configure.in:
4918 Add basic support for looking up the string "Password: " in the PAM
4919 localized text db. This allows us to determine whether the PAM
4920 prompt is the default "Password: " one even if it has been
4923 TODO: concatenate non-std PAM prompts and user-specified sudo
4927 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
4929 * Makefile.in, config.h.in, configure, configure.in, parse.c,
4930 set_perms.c, sudo.c, sudo.h:
4931 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
4935 * acsite.m4, configure, interfaces.c, memrchr.c:
4936 Fix typos; Martynas Venckus
4939 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
4942 Don't assume runas_pw is set; it may not be in the -g case.
4945 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
4947 * logging.c, set_perms.c:
4948 Set aux group vector for PERM_RUNAS and restore group vector for
4949 PERM_ROOT if we previously changed it. Stash the runas group vector
4950 so we don't have to call initgroups more than once. Also add no-op
4951 check to check_perms.
4954 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
4956 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
4957 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
4958 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
4959 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
4960 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
4961 Add support for runas groups. This allows the user to run a command
4962 with a different effective group. If the -g option is specified
4963 without -u the command will be run as the current user (only the
4964 group will change). the -g and -u options may be used together.
4965 TODO: implement runas group for ldap improve runas group
4966 documentation add testsudoers support
4969 * configure, configure.in:
4970 fix setting of mandir
4973 * sudo.pod, sudoers.pod:
4974 document that ALL implies SETENV
4978 s/setenv_ok/setenv_implied/g
4982 hostname_matches() returns TRUE on match in sudo 1.7.
4986 use strcmp, not strcasecmp when comparing ALL
4990 Make sudo ALL imply setenv. Note that unlike with file-based
4991 sudoers this does affect all the commands in the sudoRole.
4994 * gram.c, gram.y, parse.c, parse.h:
4995 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
4996 it is not passed on to other commands in the list.
5000 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
5001 sudo_getpwuid() instead of getpwuid().
5004 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
5007 Expand on the dangers of not using visudo to edit sudoers.
5010 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5013 Don't quote *?[]! on output since the lexer does not strip off the
5014 backslash when reading those in.
5017 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
5020 expand "u_foo" types to "unsigned foo" to avoid compatibility
5024 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
5027 Refactor log line generation in to new_logline().
5030 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
5036 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
5038 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
5040 Add configure check for struct in6_addr instead of relying on
5041 AF_INET6 since some systems define AF_INET6 but do not include IPv6
5045 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
5047 * configure, configure.in:
5048 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
5052 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
5054 * configure, configure.in:
5055 POSIX states that struct timespec be declared in time.h so check
5056 there regardless of the value of TIME_WITH_SYS_TIME.
5059 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
5062 Instead of defining a macro to call the appropriate method for
5063 turning on/off echo, just define tc[gs]etattr() and the related
5064 defines that use the correct terminal ioctls if needed. Also go back
5065 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
5068 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
5078 * INSTALL, auth/pam.c, config.h.in, configure.in:
5079 Add --disable-pam-session configure option to disable calling
5080 pam_{open,close}_session. May work around bugs in some PAM
5084 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
5091 Avoid printing the prompt if we are already backgrounded. E.g. if
5092 the user runs "sudo foo &" from the shell. In this case, the call
5093 to tcsetattr() will cause SIGTTOU to be delivered.
5096 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
5098 * def_data.c, def_data.h, def_data.in:
5099 Reorder things such that the definition of env_reset come right
5100 before the env variable lists.
5104 Shrink type and seqno in struct alias from int to u_short
5107 * alias.c, match.c, parse.c, parse.h:
5108 Add a sequence number in the aliases for loop detection. If we find
5109 an alias with the seqno already set to the current (global) value we
5110 know we've visited it before so ignore it.
5113 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
5115 * TODO, auth/pam.c, sudo.c, sudo.h:
5116 PAM wants the full tty path so add user_ttypath which holds the full
5117 path to the tty or is NULL if no tty was present.
5121 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
5125 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
5131 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
5132 parse.h, testsudoers.c, visudo.c:
5136 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
5139 remove some useless casts
5143 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
5144 predates the final C99 spec and the standard specifies that it shall
5145 include stdint.h anyway
5148 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
5150 * Makefile.in, alloca.c, configure.in:
5151 Since we ship with a pre-generated parser there is no need to ship a
5152 bogus alloca implementation.
5160 remove initial setting of CHECKSIA, we require that it be unset if
5173 only do SIA checks on Digital Unix
5176 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
5178 * sudoers.cat, sudoers.man.in:
5187 Remove call to krb5_cc_register() as it is not needed for modern
5195 * aclocal.m4, configure.in:
5196 New method for setting the default authentication type and avoiding
5197 conflicts in auth types.
5200 * match.c, parse.c, testsudoers.c:
5201 Each entry in a cmndlist now has an associated runaslist so no need
5202 to keep track of the most recent non-NULL one.
5205 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
5208 back out partial ldaps support mistakenly committed
5212 Add support for unix groups and netgroups in sudoRunas
5215 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
5218 Fix sudoedit of a non-existent file. From Tilo Stritzky.
5221 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
5228 update --passprompt escape info
5232 remove now-bogus comment and update copyright date
5236 Fix up use of with_passwd
5239 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
5240 Update to autoconf-2.61 andf libtool-1.5.24
5244 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
5247 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
5254 move tags and runaslist propagation to be earlier
5258 If -f flag given use the permissions of the original file as a
5263 prevent a double free() when re-initing the parser
5266 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
5272 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
5273 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
5274 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
5275 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
5276 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
5277 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
5278 Remove support for compilers that don't support void *
5285 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
5286 parse.c, parse.h, testsudoers.c, visudo.c:
5287 Move list manipulation macros to list.h and create C versions of the
5288 more complex ones in list.c. The names have been down-cased so they
5289 appear more like normal functions.
5293 Fix cmp command when regenerating parser. Make gram.o the first
5294 dependency for all programs so gram.h will be generated before
5295 anything that needs it.
5299 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
5302 * match.c, parse.c, testsudoers.c:
5303 Use LH_FOREACH_REV when checking permission and short-circuit on the
5304 first non-UNSPEC hit we get for the command. This means that
5305 instead of cycling through the all the parsed sudoers entries we
5306 start at the end and work backwards and quit after the first
5307 positive or negative match.
5314 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
5315 Change list head macros to take a pointer, not a struct.
5323 Propagate the runasspec from one command to the next in a cmndspec.
5326 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
5329 Replace has_meta() with a macro that calls strpbrk().
5335 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
5336 testsudoers.c, visudo.c:
5337 Use a list head struct when storing the semi-circular lists and
5338 convert to tail queues in the process. This will allow us to
5339 reverse foreach loops more easily and it makes it clearer which
5340 functions expect a list as opposed to a single member.
5342 Add macros for manipulating lists. Some of these should become
5345 When freeing up a list, just pop off the last item in the queue
5346 instead of going from head to tail. This is simpler since we don't
5347 have to stash a pointer to the next member, we always just use the
5348 last one in the queue until the queue is empty.
5350 Rename match functions that take a list to have list in the name.
5351 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
5355 Fix pasto, append "!" not negated (which is an int) for sudo -l
5360 Remove the dependency of gram .h on gram.y, the .c dependency is
5361 enough. Only move y.tab.h to gram.h if it is different; avoids
5362 needless rebuilding.
5365 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
5368 Defaults lines may be associated with lists of users, hosts,
5369 commands and runas users, not just single entries.
5372 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
5375 Revert the "cmp" portion of the last diff, it doesn't make sense.
5379 Remove *.lo for clean: When generating the parser, only move the
5380 generated files into place if they differ from the existing ones.
5383 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
5386 Replace IPV6 regexp with a much simpler (readable) one and add an
5387 extra check when it matches to make sure we have a valid address.
5391 Fix thinko introduced when merging IPV6 support.
5394 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
5405 mention #uid vs. comment pitfall
5409 Merge in a patch from the libtool cvs that fixes a problem with the
5410 latest autoconf. From Stepan Kasal.
5414 Back out he XOR swap trick, it is slower than a temp variable on
5423 Convert the tail queue to a semi-circle queue and use the XOR swap
5424 trick to swap the prev pointers during append.
5427 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
5430 remove useless statement
5434 Refactor #include parsing into a separate function and return
5435 unparsed chars (such as newline or comment) back to the lexer.
5438 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
5441 mention better uid support
5445 Users may now consist of a uid.
5448 * gram.c, gram.h, toke.c:
5453 Use lbuf_append_quoted() for sudo -l output to quote characters that
5454 would require quoting in sudoers.
5458 Add lbuf_append_quoted() which takes a set of characters which
5459 should be quoted with a backslash when displayed.
5463 Require that the first character after a comment not be a digit or a
5464 dash. This allows us to remove the GOTRUNAS state and treat
5465 uid/gids similar to other words. It also means that we can now
5466 specify uids in User_Lists and a User_Spec may now contain a uid.
5470 Replace RUNAS token with '(' and ')' tokens to make the runas
5471 portion of the grammar more natural.
5475 The BUGS file is history
5478 * Makefile.in, README:
5479 The BUGS file is history
5482 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
5485 Allow comments after a RunasAlias as long as the character after the
5486 pound sign isn't a digit or a dash.
5490 Glob support was back-ported to 1.6.9
5493 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
5496 remove sudo_usage.h in distclean
5500 If a Defaults value contains a blank, double-quote the string.
5504 Properly deal with Defaults double-quoted strings that span multiple
5505 lines using the line continuation char. Previously, the entire
5506 thing, including the continuation char, newline, and spaces was
5511 Be consistent when using single quotes and backticks.
5514 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
5516 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
5517 sudo.c, sudo_usage.h.in:
5518 Add new linebuf code to do appends of dynamically allocated strings
5519 and word-wrapped output. Currently used for sudo's usage() and sudo
5520 -l output. Sudo usage strings are now in sudo_usage.h which is
5521 generated at configure time.
5524 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
5526 * parse.c, sudo.c, sudo.h:
5527 Fix line wrapping in usage() and use the actual tty width instead of
5531 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
5538 Mentioned Chris Jepeway's parser and also the new one that is in
5542 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
5544 * sudo.pod, visudo.pod:
5545 For the options list, add flag args where appropriate and increase
5546 the indent level so there is room for them.
5549 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
5552 Fix some spacing in "sudo -l" and add a comment about some bogosity
5553 in the line wrapping.
5556 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
5561 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
5562 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
5563 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
5564 testsudoers.c, toke.c, toke.l:
5565 Remove monitor support until there is a versino of systrace that
5566 uses a lookaside buffer (or we have a better mechanism to use).
5569 * config.h.in, configure, configure.in, sudo.c:
5570 use getaddrinfo() instead of gethostbyname() if it is available
5573 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
5576 Deal with OSes where sizeof(gid_t) < sizeof(int).
5580 repair non-getifaddrs() code after ipv6 integration
5584 If we can open sudoers but fail to read the first byte, close the
5585 file stream before trying again.
5588 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
5594 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
5595 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
5598 * sudo.pod, sudoers.pod, visudo.pod:
5599 Add some missing markup Update copyright
5602 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
5604 * configure, configure.in:
5605 fix sudo_noexec extension which got broken in the libtool update
5608 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
5611 explicitly specify -Tascii to nroff
5614 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
5617 remove an ANSI-ism that crept in
5620 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
5623 Adjust list indents Prevent -- from being turned into an em dash Use
5624 a list for the environment instead of a literal paragraph
5628 Use a list for the environment instead of an indented literal
5633 Adjust list indentation
5640 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
5643 mention that when specifying a uid for the -u option the shell may
5644 require that the # be escaped
5647 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
5650 Fix off by one in group matching.
5653 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
5656 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
5659 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
5661 * configure, configure.in:
5662 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
5666 * aclocal.m4, configure, configure.in:
5667 Fix link tests such that new gcc doesn't optimize away the test.
5670 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
5672 * sudo.pod, sudoers.pod, visudo.pod:
5673 add missing over/back
5676 * sudo.pod, sudoers.pod, visudo.pod:
5677 Change FILES section to use =item
5681 Add back allocation of the env struct in rebuild_env but save a copy
5682 of the old pointer and free it before returning.
5686 Don't init the private environment in rebuild_env() since it may
5687 have already been done implicitly sudo_setenv/sudo_unsetenv.
5689 Multiply length by sizeof(char *) in memcpy/memmove when copying the
5690 environment so we copy the full thing.
5692 Add missing set of parens so we deref the right pointer in
5693 sudo_unsetenv when searching for a matching variable.
5696 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
5698 * sudo.pod, sudoers.pod, visudo.pod:
5699 Use file markup for paths in the FILES section
5702 * sudo.pod, sudoers.pod, visudo.pod:
5703 Don't capitalize sudo/visudo
5707 Sort sudoers options; based on a diff from Igor Sobrado.
5710 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
5712 * sudo.pod, sudoers.pod, visudo.pod:
5713 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
5714 latter confuses pod2man. The Makefile rules for the .man.in file
5715 will add @mansectsu@ and @mansectform@ back in after pod2man is done
5719 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
5721 * LICENSE, Makefile.in, license.pod:
5722 Move license info to pod format
5725 * configure, configure.in, sudoers.pod:
5726 Substitute value of path_info into sudoers man page.
5730 remove features that were back-ported to 1.6.9
5733 * sudo.c, sudo.pod, visudo.c, visudo.pod:
5734 Sort SYNOPSIS and sync usage. From Igor Sobrado.
5738 Only need sudo_setenv/sudo_unsetenv if we are going to use
5739 ldap_sasl_interactive_bind_s() but don't have
5740 gss_krb5_ccache_name().
5744 rebuild without branch info
5748 Add ChangeLog target
5752 Run cleanup code if the user hits ^C at the password prompt.
5756 Some versions of pam_lastlog have a bug that will cause a crash if
5757 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
5761 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
5764 ChageLog not Changelog
5779 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
5781 * config.h.in, configure, configure.in, ldap.c:
5782 Add configure hooks for gss_krb5_ccache_name() and the gssapi
5786 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
5789 rebuild_env() and insert_env_vars() no longer return environment
5790 pointer, they set environ directly.
5792 No longer need to pass around an envp pointer since we just operate
5795 Add dosync argument to insert_env() that indicates whether it should
5796 reset environ when realloc()ing env.envp.
5798 Use an initial size of 128 for the environment.
5802 Split sudo_setenv() into an external version and a version only for
5803 use by rebuild_env().
5806 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
5809 Add support for using gss_krb5_ccache_name() instead of setting
5810 KRB5CCNAME. Also use sudo_unsetenv() in the non-
5811 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
5812 original environment. TODO: configure setup for
5813 gss_krb5_ccache_name()
5820 * README.LDAP, ldap.c:
5821 Add support for sasl_secprops in ldap.conf
5825 Add sudo_unsetenv() and refactor private env syncing code into
5829 * README.LDAP, ldap.c:
5830 The ldap.conf variable is sasl_auth_id not sasl_authid.
5833 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
5835 * ldap.c, sudo.c, sudo.h:
5836 Add support for krb5_ccname in ldap.conf. If specified, it will
5837 override the default value of KRB5CCNAME in the environment for the
5838 duration of the call to ldap_sasl_interactive_bind_s().
5842 Remove format_env() Add sudo_setenv() to replace most format_env() +
5843 insert_env() combinations. insert_env() no longer takes a struct
5848 Fix use_sasl vs. rootuse_sasl logic.
5851 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
5852 Add support for SASL auth when connecting to an LDAP server. Adapted
5853 from a diff by Tom McLaughlin.
5856 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
5858 * configure, configure.in:
5859 Only enable AIX or BSD auth if no other exclusive auth method has
5860 been chosen. Allows people to e.g., use PAM on AIX without adding
5861 --without-aixauth. A better solution is needed to deal with default
5862 authentication since if a non-exclusive method is chosen we will
5866 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
5868 * HISTORY, Makefile.in, history.pod:
5869 Generate HISTORY from history.pod (which is also used for web pages)
5872 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
5874 * sudo.man.in, sudoers.man.in:
5879 Better explanation of environment handling in the sudo man page.
5883 Defer setting user-specified env vars until after authentication.
5887 honor def_default_path for PATH set on the command line
5890 * env.c, sudo.c, sudo.pod, sudoers.pod:
5891 Allow user to set environment variables on the command line as long
5892 as they are allowed by env_keep and env_check. Ie: apply the same
5893 restrictions as normal environment variables. TODO: deal with
5897 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
5899 * sudo.c, sudo_edit.c:
5900 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
5901 Don't allow -E or env var setting in sudoedit mode. More accurate
5902 usage() when called as sudoedit.
5910 add -c option to sudoedit synopsis
5918 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
5919 value from {user,host,runas,cmnd}_matches(). Rename *matches
5920 variables -> *match. Purely cosmetic.
5924 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
5932 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
5935 Make pwcheck local to the pwflag block. Use pwcheck even if user
5936 didn't match since Defaults options may still apply.
5940 Do not update timestamp if user not validated by sudoers.
5944 for PERM_RUNAS, set the egid to the runas user's gid and restore to
5945 the user's original in PERM_ROOT
5948 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
5949 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
5954 don't check timestamp mtime if we are just going to remove it
5958 Move sudoers defaults parameters into their own section.
5962 Reduce a level of indent by a few placed continue statements.
5966 Make matching but negated commands/hosts/runas entries override a
5967 previous match as expected. Also reduce some levels of indent by a
5968 few placed continue statements.
5971 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
5974 Print default runas in "sudo -l" if sudoers don't specify one.
5978 Less hacky way of testing whether the domain was set.
5981 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
5984 Mention pam-devel and openldap-devel for Linux
5987 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
5993 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
5996 fix typo in Solaris project support
6004 Make -- on the command line match the manual page. The implied shell
6005 case has been simplified as a result.
6008 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
6011 add simplistic support for sudoRunas; note that if a sudoers entry
6012 contains multiple Runas users, all will apply to the sudoRole
6016 honor SETENV and NOSETENV tags
6019 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
6022 Redo setting of user_args. We now build up a private copy of argv
6023 first and then replace the NULs?with spaces.
6027 getcwd() returns NULL on failure, not 0 on success
6031 allow chunksiz to reach 1 before erroring out
6034 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
6039 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6041 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
6042 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
6044 Add support for setting environment variables on the command line.
6045 This is only allowed if the setenv sudoers options is enabled or if
6046 the command is prefixed with the SETENV tag.
6050 replace Aaron's email address with the sudo-workers list
6057 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
6059 * schema.OpenLDAP, schema.iPlanet:
6060 Break schema out into separate files.
6063 * Makefile.in, README.LDAP:
6064 Break schema out into separate files.
6067 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
6070 free message if set by authenticate()
6074 deal with NULL gr_mem
6077 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
6084 add template for HAVE_PROJECT_H
6091 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
6094 mention --with-project
6097 * config.h.in, configure.in, sudo.c:
6098 Add Solaris 10 "project" support. From Michael Brantley.
6110 Fix preservation of LDFLAGS in the LDAP case.
6114 Remove dependecy on NULL
6121 * aclocal.m4, configure.in:
6122 Can't use the regular autoconf fnmatch() check since we need
6123 FNM_CASEFOLD so go back to our custom one.
6127 Fix preserving of variables in env_keep.
6135 expand upon env resetting and mention that it began in 1.6.9 not
6140 Update descriptions of env_keep and env_check to match current
6144 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
6147 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
6148 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
6152 Treat USERNAME environemnt variable like LOGNAME/USER
6156 Don't need to populate keepenv table with the contents of the
6161 Don't force sudo into the C locale.
6165 Make env_check apply when env_reset it true. Environment variables
6166 are passed through unless they contain '/' or '%'. There is no need
6167 to have a variable in both env_check and env_keep.
6170 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
6173 Remove an duplicate lock_file() call and add a comment.
6177 Add sudo 1.6.9 upgrade note.
6180 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
6183 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
6184 small. From Klaus Wagner.
6187 * logging.c, sudo.h:
6188 Redo the long syslog line splitting based on a patch from Eygene
6189 Ryabinkin. Include memrchr() for systems without it.
6193 Redo the long syslog line splitting based on a patch from Eygene
6194 Ryabinkin. Include memrchr() for systems without it.
6197 * Makefile.in, config.h.in, configure, configure.in:
6198 Redo the long syslog line splitting based on a patch from Eygene
6199 Ryabinkin. Include memrchr() for systems without it.
6203 Since we need to be able to convert timespec to timeval for utimes()
6204 the last 3 digits in the tv_nsec are not significant. This makes the
6205 sudoedit file date comparison work again.
6208 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
6210 * aclocal.m4, configure, configure.in:
6211 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
6212 This deals with exclusive authentication methods in a simple way.
6215 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
6218 mkstemp.c is BSD code too.
6221 * sudo.pod, sudoers.pod, visudo.pod:
6222 No commercial support for now.
6225 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
6228 cleanenv() is no more.
6231 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
6234 Display branch info in Changelog
6238 Include config.h early so we have it for TIME_WITH_SYS_TIME
6242 Fix Changelog generation and update.
6245 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
6248 Use /proc/self/fd instead of /proc/$$/fd
6250 Move old-style fd closing into closefrom_fallback() and call that if
6251 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
6254 * auth/kerb5.c, config.h.in, configure.in:
6255 o use krb5_verify_user() if available instead of doing it by hand o
6256 use krb5_init_secure_context() if we have it o pass an encryption
6257 type of 0 to krb5_kt_read_service_key() instead of
6258 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
6262 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
6266 Fix closefrom() substitution in the Makefile
6270 Mention alternate sudo pronunciation.
6273 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
6276 Remove KRB5_KTNAME from environment. Allow COLORTERM.
6280 If we cannot get a valid service key using the default keytab it is
6281 a fatal error. Fixes a bug where sudo could be tricked into
6282 allowing access when it should not by a fake KDC. From Thor Lancelot
6286 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
6288 * aclocal.m4, configure, configure.in:
6289 Update long long checks to use AC_CHECK_TYPES and to cache values.
6292 * aclocal.m4, configure.in:
6293 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
6294 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
6298 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
6300 * configure, configure.in:
6301 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
6302 need it for visudo now too.
6305 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6308 Attempt to clarify the bit talking about network numbers w/o
6313 Clarify timestamp dir ownership sentence.
6316 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
6319 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
6323 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6326 -i is also one of the mutually exclusive options to list it in the
6327 warning message. Noted by Chris Pepper.
6330 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
6333 The sudoers variable is env_editor, not enveditor. From Jean-
6337 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
6340 I tracked down the original author so credit him and include his
6344 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
6346 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
6348 Fix typos; from Jason McIntyre.
6352 Restore signal mask before calling reapchild(). Fixes a possible
6353 race condition that could prevent sudo from properly waiting for the
6357 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
6360 Don't declare pw_free() if we are not going to use it.
6364 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
6365 LDR_PRELOAD64. The 64-bit version is not currently supported.
6366 Remove zero_env() prototype as it no longer exists.
6369 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
6372 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
6375 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
6378 If the user enters ^C at the password prompt, abort instead of
6379 trying to authenticate with an empty password (which causes an
6383 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6385 * closefrom.c, config.h.in, configure, configure.in:
6386 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
6391 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
6394 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
6396 * config.guess, config.sub:
6397 Update to latest versions from cvs.savannah.gnu.org
6400 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
6402 * pwutil.c, sudo_edit.c:
6403 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
6404 we can close the passwd/group files early.
6407 * config.h.in, configure, configure.in, set_perms.c:
6408 Add seteuid() flavor of set_perms() for systems without setreuid()
6409 or setresuid() that have a working seteuid(). Tested on Darwin.
6412 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
6415 systrace_read() returns ssize_t
6418 * configure, configure.in:
6419 Fix typo, -lldap vs. -ldap; from Tim Knox.
6422 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6425 Fix typo; Matt Ackeret
6428 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
6431 Print sudoers path in -V mode for root.
6434 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
6437 Do a sub tree search instead of a base search (one level in the tree
6438 only) for sudo right objects. This allows system administrators to
6439 categorize the rights in a tree to make them easier to manage.
6442 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
6448 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
6451 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
6452 bind_timelimit support; adapted from gentoo.
6455 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
6458 Support comments that start in the middle of a line
6461 * configure, configure.in:
6462 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
6465 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
6468 Silence gcc -Wsign-compare; djm@openbsd.org
6471 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
6472 cleanup() now takes an int as an arg so it can be used as a signal
6477 Make a copy of the shell field in the passwd struct for NewArgv to
6478 avoid a use after free situation after sudo_endpwent() is called.
6481 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
6483 * config.h.in, configure, configure.in:
6484 Add mkstemp() for those poor souls without it.
6488 Add mkstemp() for those poor souls without it.
6492 Add mkstemp() for those poor souls without it.
6495 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
6498 Add PERL5DB to list of environment variables to remove.
6501 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
6503 * mon_systrace.c, mon_systrace.h:
6504 Instead of calling the check function twice with a state cookie use
6505 separate check/log functions.
6507 Check more ioctl() calls for failure.
6509 systrace_{read,write} now return the number of bytes read/written or
6514 Add more environment variables to remove; from gentoo linux Add some
6515 comments about what bad env variables go to what (more to do)
6518 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
6520 * sudo.c, sudo_edit.c:
6521 Move sudo_end{gr,pw}ent() until just before the exec since they free
6522 up our cached copy of the passwd structs, including sudo_user and
6523 sudo_runas. Fixes a use-after-free bug.
6527 Close all fd's before executing editor.
6531 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
6535 Fix fd leak when lecture file option is enabled. From Jerry Brown
6538 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
6541 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
6542 environment variables to remove. From Charles Morris
6545 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
6548 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
6551 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
6554 add PS4 and SHELLOPTS to initial_badenv_table for bash
6557 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
6560 Fix typo; Toby Peterson
6563 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
6566 Make return buffers static so they don't get clobbered
6569 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6572 Fix securid5 authentication, was not checking for ACM_OK. Also add
6573 default cases for the two switch()es. Problem noted by ccon at
6577 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
6580 Remove ncat() in favor of just counting bytes and pre-allocating
6584 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
6587 Fix up some comments Add missing fclose() for the rootbinddn case
6591 align struct ldap_config
6595 use LINE_MAX for max conf file line size
6599 add _PATH_LDAP_SECRET
6603 Mention rootbinddn Give example ou=SUDOers container
6606 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
6608 * INSTALL, configure, configure.in, ldap.c:
6609 Support rootbinddn in ldap.conf
6612 * env.c, sudo.pod, sudoers.pod:
6613 Preserve DISPLAY environment variable by default.
6616 * acsite.m4, configure:
6617 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
6620 * acsite.m4, configure:
6621 set need_version=no for all cases; this is safe for LD_PRELOAD
6628 * configure, configure.in:
6633 Fix call to pam_end() when pam_open_session() fails.
6641 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
6642 ltsugar.m4 ltversion.m4
6645 * config.guess, config.sub, ltmain.sh:
6646 merge in local changes: config.guess: o better openbsd support
6647 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
6648 libs must begin with "lib" o don't print a bunch of crap about
6649 library installs o don't run ldconfig
6652 * config.guess, config.sub, ltmain.sh:
6657 Update with autoupdate and make minor changes for libtool 1.9f
6660 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6663 don't call sudo_ldap_display_cmnd if ldap not setup
6666 * sudo_edit.c, visudo.c:
6667 Move declatation of struct timespec to its own include files for
6668 systems without it since it needs time_t defined.
6672 Move declatation of struct timespec to its own include files for
6673 systems without it since it needs time_t defined.
6677 Move declatation of struct timespec to its own include files for
6678 systems without it since it needs time_t defined.
6682 Move declatation of struct timespec to its own include files for
6683 systems without it since it needs time_t defined.
6686 * check.c, compat.h:
6687 Move declatation of struct timespec to its own include files for
6688 systems without it since it needs time_t defined.
6692 Don't set safe_cmnd for the "sudo ALL" case.
6695 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
6698 Call pam_open_session() and pam_close_session() to give pam_limits a
6699 chance to run. Idea from Karel Zak.
6702 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6705 Add explicit cast from mode_t -> u_int in printf to silence warnings
6710 include grp.h to silence a warning on Solaris
6713 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
6716 Fix printing of += and -= defaults.
6719 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
6722 Sanity check number of syscall args with argsize. Not really needed
6723 but a little paranoia never hurts.
6726 * mon_systrace.c, mon_systrace.h:
6727 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
6728 for systrace lengths (since it uses int)
6731 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6734 Add some memsets for paranoia Fix namespace collsion w/ error Check
6735 rval of decode_args() and update_env() Remove improper setting of
6739 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
6741 * parse.c, sudo.c, sudo.h:
6742 In -l mode, only check local sudoers file if def_ignore_sudoers is
6743 not set and call LDAP versions from display_privs() and
6744 display_cmnd() instead of directly from main(). Because of this we
6745 need to defer closing the ldap connection until after -l processing
6746 has ocurred and we must pass in the ldap pointer to display_privs()
6751 Reorganize LDAP code to better match normal sudoers parsing.
6752 Instead of storing strings for later printing in -l mode we do
6753 another query since the authenticating user and the user being
6754 listed may not be the same (the new -U flag). Also add support for
6757 There is still a fair bit if duplicated code that can probably be
6761 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
6764 Replace pass variable with do_netgr for better readability.
6775 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
6778 Add macro to test if the tag changed to improve readability.
6782 Avoid printing defaults header if there are no defaults to print...
6786 Fix a warning on systems without strlcpy().
6790 Use macros where possible for sudo_grdup() like sudo_pwdup().
6793 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
6796 It is possible for tv_usec to hold >= 1000000 usecs so add in
6800 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
6803 The component in krb5_principal_get_comp_string() should be 1, not 0
6804 for Heimdal. From Alex Plotnick.
6807 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
6809 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
6810 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
6811 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
6812 Add efree() for consistency with emalloc() et al. Allows us to rely
6813 on C89 behavior (free(NULL) is valid) even on K&R.
6817 Move initgroups() for -U option into display_privs() so group
6818 matching in sudoers works correctly.
6821 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
6824 Removed duplicate call to ldap_unbind_s introduced along with
6829 Add missing space in Defaults printing
6832 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
6835 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
6839 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
6842 Zero old pw_passwd before replacing with version from shadow file.
6845 * configure, configure.in:
6846 Only attempt shadow password detection if PAM is not being used Add
6847 shadow_* variables to make shadow password detection more generic.
6851 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
6854 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
6857 use a non-breaking space to avoid a double space after e.g.
6861 commna, not colon after e.g.
6864 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
6867 Add __ variants of the exec functions. GNU libc at least uses
6868 __execve() internally.
6872 Match reality a bit more.
6876 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
6880 Store shadow password after making a local copy of struct passwd in
6881 case normal and shadow routines use the same internal buffer in
6885 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
6887 * alloc.c, logging.c:
6888 Make varargs usage consistent with the rest of the code.
6891 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
6894 Wrap more of the exec family since on Linux the others do not appear
6895 to go through the normal execve() path.
6899 make print_unused static like proto says
6903 silence a warning on K&R systems
6907 make this build in K&R land
6911 make this build in K&R land
6914 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
6920 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
6923 return(foo) not return foo optimize _atobool() slightly
6931 Reformat to match the rest of sudo's code.
6935 I am the primary author
6938 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
6940 * Makefile.in, README, RUNSON:
6941 The RUNSON file is toast--it confused too many people and really
6942 isn't needed in a configure-oriented world.
6946 alternate -> alternative
6950 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
6955 Allow leading blanks before Defaults and Foo_Alias definitions
6959 fix rules to build toke.o and gram.o in devel mode
6962 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
6965 env_keep overrides set_logname
6969 Fix disabling set_logname and make env_keep override set_logname.
6972 * compat.h, config.h.in, configure, configure.in:
6973 No longer need memmove()
6977 Just clean the environment once. This assumes that any further
6978 setenv/putenv will be able to handle the fact that we replaced
6979 environ with our own malloc'd copy but all the implementations I've
6983 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
6986 In -i mode, base the value of insert_env()'s dupcheck flag on
6987 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
6990 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
6993 Move setting of user_path, user_shell, user_prompt and prev_user
6994 into init_vars() since user_shell at least is needed there.
6997 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
7004 Fix some printf format mismatches on error.
7008 Fix some printf format mismatches on error.
7011 * configure, gram.c, toke.c:
7015 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
7016 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
7017 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
7018 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
7019 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
7020 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
7021 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
7022 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
7023 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
7024 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
7025 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
7026 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
7027 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
7028 visudo.pod, zero_bytes.c:
7029 Update copyright years.
7032 * Makefile.binary.in:
7033 Update copyright years.
7037 Update copyright years.
7040 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
7045 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
7048 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
7050 * compat.h, logging.h, sudo.h:
7051 Add __printflike and use it with gcc to warn about printf-like
7055 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
7057 * CHANGES, ChangeLog:
7058 Replaced CHANGES file with ChangeLog generated from cvs logs
7062 Use warning/error instead of perror/fatal.
7066 Update OpenBSD section
7070 Add upgrading noted for 1.7
7073 * env.c, sudo.c, sudoers.pod:
7074 Instead of zeroing out the environment, just prune out entries based
7075 on the env_delete and env_check lists. Base building up the new
7076 environment on the current environment and the variables we removed
7080 * config.h.in, configure, configure.in, sudo.c:
7081 Set locale to "C" if locales are supported, just to be safe.
7085 Cast?argument to ctype functions to unsigned char.
7088 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
7091 correct value for DID_USER
7094 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
7095 #include <compat.h> not "compat.h"
7099 Reset the environment by default.
7103 Alloc an extra slot in NewArgv. Removes the need to malloc an new
7104 vector if execve() fails.
7107 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
7109 * INSTALL, config.h.in, configure, configure.in, sudo.c:
7110 Use execve(2) and wrap the command in sh if we get ENOEXEC.
7113 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
7116 Only include time.h on systems that lack struct timespec which gets
7117 defind in compat.h (using time_t).
7121 Include time.h for time_t in compat.h for systems w/o struct
7125 * compat.h, config.h.in, configure, configure.in:
7126 use bcopy on systems w/o memmove
7130 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
7135 Add explicit rule to build sudo_noexec.lo
7138 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
7140 * INSTALL.configure, Makefile.in:
7141 No longer depend on VPATH; pointed out a bunch of missed
7146 Help for PAM when account section is missing
7150 Give user a clue when there is a missing "account" section in the
7155 Better error handling.
7158 * config.h.in, configure, configure.in:
7159 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
7160 possible. Silences a warning about isblank() on linux.
7164 Fix typo (missing comma) that caused an incorrect number of args to
7165 be passed to log_error().
7168 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
7171 Don't try to destroy a tree we didn't create.
7174 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
7176 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
7177 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
7178 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
7179 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
7180 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
7181 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
7182 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
7183 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
7184 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
7185 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
7186 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
7187 Add __unused to rcsids
7190 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
7192 * configure, configure.in:
7193 Fix error message when mixing invalid auth types
7197 PAM, AIX auth, BSD auth and login_cap are now on by default if the
7201 * auth/sudo_auth.h, config.h.in:
7202 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
7206 Better checking for conflicting authentication methods Display the
7207 authentication methods used at the end of configure Rename --with-
7208 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
7209 --with-pam, --with-logincap by default on systems that support them
7210 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
7211 OSREV has full version number
7214 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
7216 * def_data.c, def_data.in, sudo.c, sudoers.pod:
7220 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
7223 Replace: test -n "$FOO" || FOO="bar"
7225 With: : ${FOO='bar'}
7228 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
7230 * pwutil.c, testsudoers.c, tsgetgrpw.c:
7231 Use function pointers to only call private passwd/group routines
7232 when using a nonstandard passwd/group file.
7235 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
7242 Can't use strtok() since it doesn't handle empty fields so add
7243 getpwent()/getgrent() functions and call those.
7246 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
7249 Fix dummied out toke.c and gram.c dependencies.
7253 Rename PARSESRCS -> GENERATED since it is only used in the clean
7254 target Add devdir variable and use it to specify the path to parser
7263 Add a devdir variables that defaults to $(srcdir) and is set to . if
7264 --devel was specified. Allows for proper dependecies building the
7269 Add support for custom passwd/group files.
7273 Build private copy of pwutil.o for testsudoers with MYPW defined so
7274 it uses our own passwd/group routines.
7278 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
7279 stubs instead. We can now just use the caching sudo_*{pw,gr}*
7280 functions in pwutil.c Add comment about wanting to call
7281 sudo_endpwent/sudo_endgrent in cleanup()
7285 Remove caching; we will just use what is in pwutil.c Use global
7286 buffers for passwd/group structs Rename functions from sudo_* to
7290 * logging.c, sudo.c:
7291 g/c pwcache_init/pwcache_destroy
7295 Undo last commit and add sudo_setspent and sudo_endspent instead.
7298 * getspwuid.c, pwutil.c:
7299 Move all but the shadow stuff from getspwuid.c to pwutil.c and
7300 pwcache_get and pwcache_put as they are no longer needed. Also add
7301 preprocessor magic to use private versions of the passwd and group
7302 routines if MYPW is defined (for use by testsudoers).
7306 zero out struct passwd/group before filling it in so if there are
7307 fields we don't handle they end up as 0.
7310 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
7315 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
7320 Passwd and group lookup routines for testsudoers that support
7321 alternate passwd and group files.
7324 * getspwuid.c, pwutil.c:
7325 Split off pw/gr cache and dup code into its own file. This allows
7326 visudo and testsudoers to use the pw/gr cache too.
7329 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
7332 Print Defaults info in "sudo -l" output and wrap lines based on the
7336 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
7338 * match.c, testsudoers.c, visudo.c:
7339 Only check group vector in usergr_matches() if we are matching the
7340 invoking or list user. Always check the group members, even if
7341 there was a group vector.
7344 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
7346 * LICENSE, Makefile.in, fnmatch.3:
7347 No longer bundle fnmatch.3
7354 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
7361 Sort command line options
7364 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
7365 sudo.pod, sudoers.pod:
7366 Add closefrom sudoers option to start closing at a point other than
7367 3. Add closefrom_override sudoers option and -C sudo flag to allow
7368 the user to specify a different closefrom starting point.
7372 Add _PATH_DEVNULL for those without it.
7376 no more UCB strcasecmp
7380 replace BSD licensed one with version derived from pdksh
7383 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
7390 Make sure stdin, stdout and stderr are open and dup them to
7394 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
7396 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
7400 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
7401 Use TIME_WITH_SYS_TIME
7404 * config.h.in, configure, configure.in:
7405 Add TIME_WITH_SYS_TIME_H
7408 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
7411 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
7412 unconditionally on darwin. From Toby Peterson.
7416 Check rbinsert() return value. In the case of faked up entries
7417 there is usually a negative response cached that we need to
7420 In pwfree() don't try to zero out a NULL pw_passwd pointer.
7424 Use the double fork trick to avoid the monitor process being waited
7425 for by the main program run through sudo.
7428 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
7431 Call initgroups() in -U mode so group matches work normally.
7434 * def_data.h, mkdefaults:
7435 Don't print a trailing comma for the last entry in enum def_tupple
7438 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
7440 * sudoers.cat, sudoers.man.in, sudoers.pod:
7441 Mention values when lecture, listpw and verifypw are used in boolean
7445 * def_data.c, def_data.in:
7446 verifypw when used in a boolean TRUE context should be "all", not
7450 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
7452 * def_data.in, defaults.c:
7453 Allow tuples that can be used as booleans to be used as boolean
7454 TRUE. In this case the 2nd possible value of the tuple is used for
7458 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
7460 * configure, configure.in:
7461 Correct the test for 2-parameter timespecsub
7465 Add strub struct definitions for passwd, timeval and timespec
7468 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
7469 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
7470 and fix a typo in the gettimeofday check.
7473 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
7475 * match.c, testsudoers.c:
7476 Deal with user_stat being NULL as it is for visudo and testsudoers.
7479 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
7480 Add -U option to use in conjunction with -l instead of -u. Add
7481 support for "sudo -l command" to test a specific command.
7484 * gram.c, gram.y, sudo.c:
7485 Set safe_cmnd after sudoers_lookup() if it has not been set.
7486 Previously it was set by sudo "ALL" in the parser but at that point
7487 the fully-qualified pathname has not yet been found.
7490 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
7492 * parse.c, testsudoers.c:
7493 Correctly handle multiple privileges per userspec and runas
7497 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
7500 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
7503 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
7506 make per-command defaults work with sudoedit
7509 * ldap.c, parse.c, sudo.c, sudo.h:
7510 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
7511 Instead, we just set the approriate defaults variable.
7514 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
7515 Document per-command Defaults.
7518 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
7519 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
7520 Add support for command-specific Defaults entries. E.g.
7521 Defaults!/usr/bin/vi noexec
7524 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
7525 Change an occurence of user_matches() -> runas_matches() missed
7526 previously runas_matches(), host_matches() and cmnd_matches() only
7527 really need to pass in a list of members. user_matches() still
7528 needs to pass in a passwd struct because of "sudo -l"
7532 Check def_authenticate, def_noexec and def_monitor when setting
7533 return flags. XXX May be better to just set the defaults directly
7534 and get rid of those flags.
7537 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
7538 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
7539 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
7540 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
7541 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
7542 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
7543 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
7544 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
7545 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
7546 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
7547 visudo.c, zero_bytes.c:
7548 Use: #include <config.h> Not: #include "config.h" That way we get
7549 the correct config.h when build dir != src dir
7553 Back out part of rev 1.263; fix -I order
7557 More robust parsing if #include; could be much better still.
7560 * sudo_edit.c, visudo.c:
7561 Make arg splitting in visudo and sudoedit consistent.
7564 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
7565 Split alias routines out into their own file.
7569 __attribute__ is already defined in compat.h
7573 quit() should not be __noreturn__ as it is non-void on some
7577 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
7578 Add local error/warning functions like err/warn but that call an
7579 additional cleanup routine in the error case. This means we no
7580 longer need to compile a special version of alloc.o for visudo.
7584 Clarify comments about the data structures
7587 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
7590 Add support for VISUAL and EDITOR containing command line args. If
7591 env_editor is not set any args in VISUAL and EDITOR are ignored.
7592 Arguments are also now supported in def_editor.
7595 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
7598 alias_matches() is no more
7606 When regenerating the parser, don't replace gram.h unless it has
7611 remove Makefile.binary for distclean
7615 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
7616 sure we can't overflow new_env.
7620 paranoia when stripping trailing slashes from tempdir.
7624 Set user_ngroups to 0 if getgroups() returns an error.
7627 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
7629 * config.h.in, configure, configure.in, sudo.c:
7630 Add configure check for getgroups()
7634 Use supplementary group vector in struct sudo_user.
7638 Only do string comparisons on the group members if there is no
7639 supplemental group list.
7647 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
7648 chop off any trailing slashes we see and add an explicit one.
7652 remove bogus XXX comment
7656 Get rid of alias_matches and correctly fall through to the non-alias
7657 cases when there is no alias with the specified name.
7661 Cache non-existent passwd/group entries too.
7672 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
7673 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
7674 Implement group caching and use the passwd and group caches
7678 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
7681 Properly negate the return value of alias_matches() when
7686 Make hostname_matches() return TRUE for a match, else FALSE like the
7691 Add missing dependencies on gram.h
7695 Use runas_matches in alias_matches() now that we have it.
7699 Expand aliases in "sudo -l" mode
7703 Use ALIAS for the member type when storing an alias instead of
7704 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
7705 more generic type. Expand runas_matches instead of calling
7706 user_matches() inside of it since user_matches() looks up
7707 USERALIASes, not RUNASALIASes.
7710 * CHANGES, getspwuid.c:
7711 Paranoia; zero out pw_passwd before freeing passwd entry.
7714 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
7715 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
7716 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
7717 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
7718 Add local error/warning functions like err/warn but that call an
7719 additional cleanup routine in the error case. This means we no
7720 longer need to compile a special version of alloc.o for visudo.
7724 Use userpw_matches() to compare usernames, not strcmp(), since the
7725 latter checks for "#uid".
7728 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
7729 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
7730 the other by user name. The data returned from the cache should be
7731 considered read-only and is destroyed by sudo_endpwent().
7739 missing free in alias_destroy
7743 Can't use rbapply() for rbdestroy since the destructor is passed a
7744 data pointer, not a node pointer.
7747 * getspwuid.c, logging.c, sudo.c, sudo.h:
7748 Create and use private versions of setpwent() and endpwent() that
7749 set/end the shadow password file too.
7752 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
7753 Store aliases in a red-black tree.
7756 * Makefile.in, redblack.c, redblack.h:
7757 red-black tree implementation
7761 Edit all sudoers file if there were unused or undefined aliases and
7762 we are in strict mode.
7765 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
7767 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
7768 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
7769 Bring back the "secure_path" Defaults option now that Defaults take
7770 effect before the path is searched.
7773 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
7775 * logging.c, parse.c:
7776 A user can always list their own entries, even with -u. Better error
7777 message when failing to list another user's entries.
7780 * parse.c, sudo.c, sudo.h:
7781 The syntax to list another user's entries is now "-u otheruser -l".
7782 Only root or users with sudo "ALL" may list other user's entries.
7785 * sudo.cat, sudo.man.in, sudo.pod:
7786 Update env variable info in SECURITY NOTES
7794 strip exported bash functions from the environment.
7797 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
7800 Only reset sudo_user.pw based on SUDO_USER environment variables for
7801 real commands and sudoedit. This avoids a confusing message when a
7802 user tries "sudo -l" or "sudo -v" and is denied.
7805 * gram.c, gram.y, parse.h:
7806 Extend LIST_APPEND to deal with appending lists too
7809 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
7812 Convert some bitwise AND to ISSET
7816 toke.c replaces lex.yy.c
7824 new parser fixes most of the outstanding bugs
7832 Rework for the new parser. Now checks for unused aliases in sudoers.
7836 Rewrite for the new parser. Now supports a -d flag (dump) and adds
7837 a -h flag (host). It now defaults to the local hostname unless
7838 otherwise specified.
7842 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
7846 Update for new parse. We now call find_path() *after* we have
7847 updated the global defaults based on sudoers. Also adds support for
7848 listing other user's privs if you are root.
7852 Working LDAP support; also remove a now-unneeded rewind().
7855 * logging.c, logging.h:
7860 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
7861 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
7862 connecto to LDAP, apply the default options, find the command in the
7863 user's path, and then check whether the user is allowed to run it.
7864 The important thing here is that the default runas user may be
7865 specified as a default option and that needs to be set before we
7866 search for the command.
7870 Add casts to unsigned char for isspace() to quiet a gcc warning.
7874 Add prototype for update_defaults()
7878 Don't warn about line numbers now that we operate on a set of data
7879 structures (or LDAP) and not a file.
7883 No long use lsearch()
7887 Update for new and changed file names.
7891 no more BSD lsearch.c
7895 foo_matches() routines now live in match.c Added user_matches(),
7896 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
7897 that operate on the parsed sudoers file.
7900 * parse.lex, toke.l:
7901 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
7902 WORD no longer needs to exclude '@' kill yywrap()
7905 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
7907 Rewritten parser that converts sudoers into a set of data
7908 structures. This eliminates ordering issues and makes it possible to
7909 apply sudoers Defaults entries before searching for the command.
7912 * configure.in, emul/search.h, lsearch.c:
7913 We won't be using lsearch() any longer.
7917 sudo should not send mail if someone who runs 'sudo -l' has no
7921 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
7927 Update warnings to match new visudo
7931 The new parser doesn't have the old ordering constraints.
7935 Document that -l now takes an optional username argument
7938 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
7945 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
7946 a compilation problem with Solaris 9's native LDAP.
7948 Set FLAG_MONITOR when needed.
7951 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
7954 Call sudo_goodpath() *after* changing the cwd to match the traced
7955 process. Fixes relative paths.
7958 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
7961 Kill set_perms() stub--it is no longer needed.
7964 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
7966 * sudoers.cat, sudoers.man.in, sudoers.pod:
7967 stay_setuid now requires set_reuid() or setresuid()
7970 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
7971 configure.in, set_perms.c, sudo.c, sudo.h:
7972 Kill use of POSIX saved uids; they aren't worth bothering with.
7975 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
7978 remove call to issetugid()
7981 * sudoers.cat, sudoers.man.in, sudoers.pod:
7982 Remove warning about wildcards. Now that we use glob() the bug is
7987 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
7988 each result that matches the basename of the user's command. This
7989 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
7990 /usr/bin/blah. Fixes bug #143.
7993 * config.h.in, configure, configure.in:
7994 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
7998 * config.h.in, configure, configure.in:
7999 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
8007 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
8012 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
8016 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
8019 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
8020 means we are out of space in the stack gap...
8028 Take a stab at ldap sudoers support here.
8031 * mon_systrace.c, mon_systrace.h:
8032 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
8033 doesn't cause reboot to inadvertanly kill itself.
8037 put "monitor" in the proctitle, not "systrace"
8041 When modifying the environment, don't replace envp when we can get
8042 away with just rewriting pointers in the traced process.
8045 * mon_systrace.c, mon_systrace.h:
8046 Add environment updating via STRIOCINJECT (if available).
8049 * sudoers.cat, sudoers.man.in:
8053 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
8060 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
8064 Include file is now mon_systrace.h
8067 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
8068 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
8069 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
8070 No longer call it tracing, it is now "monitoring" which should be
8071 more a obvious name to non-hackers.
8074 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
8076 * mon_systrace.c, mon_systrace.h:
8080 * mon_systrace.c, mon_systrace.h:
8081 No need to include syscall.h, use 1024 as the max # of entries (the
8082 max that systrace(4) allows).
8084 Only need to use SYSTR_POLICY_ASSIGN once
8086 Change check_syscall() -> find_handler() and have it return the
8087 handler instead of just running it. We need this since handler now
8088 have two parts: one part that generates and answer and another that
8089 gets called after the answer is accepted (to do logging).
8091 Add some missing check_exec for emul execv
8094 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
8099 Add missing HAVE_LINUX_SYSTRACE_H
8103 add trace_systrace.o dependency
8106 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
8108 * configure, configure.in:
8109 Also look for systrace.h in /usr/include/linux
8112 * mon_systrace.c, mon_systrace.h:
8113 Move all struct defs and prototypes into trace_systrace.h and mark
8114 all but systace_attach() static.
8117 * mon_systrace.c, mon_systrace.h:
8118 Add support for tracing emulations. At the moment, all emulations
8119 are compiled in. It might make sense to #ifdef them in the future,
8120 though this impeeds readability.
8123 * Makefile.in, configure, configure.in:
8124 rename systrace.c -> trace_systrace.c
8127 * parse.yacc, sudo.tab.c:
8128 Allow this to build with a K&R compiler again
8135 * compat.h, sudo.c, visudo.c:
8136 Use __attribute__((__noreturn__))
8140 Exit() takes a negative value to indicate it was not called via
8144 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8149 * Makefile.in, visudo.c:
8150 Define Err() and Errx() that are like err() and errx() but call
8151 Exit() instead of exit(). Build private copy of alloc.o for visudo
8152 that calls Err() and Errx().
8155 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
8157 * lex.yy.c, sudo.tab.c:
8166 Overhaul visudo for editing multiple files: o visudo has been
8167 broken out into functions (more work needed here) o each file is
8168 now edited before sudoers is re-parsed o if a #include line is
8169 added that file will be edited too
8171 TODO: o cleanup temp files when exiting via err() or errx() o
8172 continue breaking things out into separate functions
8175 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
8176 Add keepopen arg to open_sudoers that open_sudoers can use to
8177 indicate to the caller that the fd should not be closed when it is
8178 done with it. To be used by visudo to keep locked fds from being
8179 closed prematurely (and thus losing the lock).
8182 * parse.yacc, sudo.c:
8183 Add errorfile global that contains the name of the file that caused
8188 return COMMENT to yacc grammar for a #include line
8192 Remove us of unput() in favor of yyless() which is cheaper.
8196 Allow an empty sudoers file.
8199 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
8202 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
8205 * lex.yy.c, sudo.tab.c:
8210 Do signal setup before calling edit_sudoers(). Don't shadow the
8215 If a sudoers file includes other files, edit those too. Does not yes
8216 deal with creating the new includes files itself.
8220 init_parser now takes a path
8223 * parse.c, parse.h, parse.lex, parse.yacc:
8224 More scaffolding for dealing with multiple sudoers files: o
8225 init_parser() now takes a path used to populate the sudoers global
8226 o the sudoers global is used to print the correct file in yyerror()
8227 o when switching to a new sudoers file, perserve old file name and
8231 * Makefile.in, pathnames.h.in:
8232 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
8233 multiple sudoers files.
8237 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
8238 we start at the right file position when reading include files.
8250 Add max depth of 128 for the include stack to avoid loops.
8252 Since yyerror() doesn't stop parsing, pass return values back to
8253 yylex and call yyterminate() on error.
8256 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
8263 Mention PREVENTING SHELL ESCAPES section of sudoers man page
8266 * lex.yy.c, sudo.tab.c:
8271 Add support for #include in sudoers (visudo support TBD)
8275 make yyerror()'s argument const
8278 * testsudoers.c, visudo.c:
8279 Add open_sudoers() stubs.
8283 Rename check_sudoers() open_sudoers() and make it return a FILE *
8286 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
8288 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
8293 * Makefile.in, sudo.psf:
8294 Better HP-UX depot construction
8297 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
8300 o Made children global so check_exec() can lookup a child. o
8301 Replaced uid in struct childinfo with struct passwd * (for runas) o
8302 new_child() now takes a parent pid so the runas info can be
8303 inherited o Added find_child() to lookup a child by its pid o
8304 update_child() now fills in a struct passwd o Converted the big
8305 if/else mess in set_policy to a switch o Syscalls that change uid
8306 are now "ask" so we get SYSTR_MSG_UGID events
8310 Add flag to sudo_pwdup that indicates whether or not to lookup the
8311 shadow password. Will be used to a struct passwd that has the
8312 shadow password already filled in.
8316 add missing increment of addr in read_string()
8320 Remove bogus call to update_child() and some cosmetic fixes
8324 Don't leak /dev/systrace fd to tracee Make initialized global for
8325 simplicity If STRIOCATTACH returns EBUSY we are already being traced
8326 Check for user_args == NULL in setproctitle() call Add missing calls
8331 g/c sudo_pwdup proto
8334 * Makefile.in, sudo.psf:
8335 Add target for building a depot file
8342 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
8344 * lex.yy.c, sudo.tab.c, sudo.tab.h:
8349 document --with-systrace
8352 * config.h.in, configure, configure.in:
8353 Add check for setproctitle
8357 pass struct str_msg_ask in to syscall checker so it can set the
8362 systrace(4) support for sudo. On systems with the systrace(4)
8363 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
8364 intercept exec calls and check the exec args against the sudoers
8365 file. In other words, sudo can now control subcommands and shell
8370 Call systrace_attach() if FLAG_TRACE is set.
8373 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
8374 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
8378 Don't close sudoers_fp, keep it open and set close on exec flag
8382 * def_data.c, def_data.h, def_data.in:
8391 SunOS /bin/sh blows up with configure
8394 * configure, configure.in:
8395 Include sys/param.h before systrace.h
8407 line up options in --help
8410 * config.h.in, configure.in:
8414 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
8420 * aclocal.m4, configure.in:
8421 make this work with autoconf-2.59
8424 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
8427 Simplify logic around open & stat of files and do sanity on edited
8428 file even if we lack fstat (still racable but worth doing).
8431 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
8439 [b84ebfaf1552] [SUDO_1_6_8p1]
8442 more changes for 1.6.8p1
8449 * CHANGES, sudo_edit.c:
8450 Add sanity check so we don't try to edit something other than a
8454 2004-09-15 Aaron Spangler <aaron777@gmail.com>
8461 document --with-ldap-conf-file
8464 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
8466 * CHANGES, ins_csops.h:
8467 political correctness strikes again
8474 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
8476 * Makefile.binary.in, Makefile.in:
8477 Install sudoedit man link
8481 Update PAM note and mention where HP-UX users can download gcc
8486 libtool wants to install stuff from .libs so fake one up for binary
8490 * Makefile.binary.in:
8491 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
8495 Deal with "uname -m" having slashes in it rm -f old sudoedit link
8496 instead of using ln -f
8499 * Makefile.binary, Makefile.binary.in:
8500 Makefile.binary -> Makefile.binary.in for config.status substitution
8501 Add support for installing noexec bits
8505 Copy noexec bits into binary dists too No longer use my old arch
8506 script for making binary dists
8510 Install sudoedit link.
8513 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
8516 avoid __P so there is no need for compat.h to be included
8520 Don't use HAVE_UTIME_H before including config.h.
8523 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
8526 Fix Solatis futimes macro
8529 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
8532 Rename ots -> omtim for improved readability.
8535 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
8538 Redo changes in revision 1.7. Don't really need to keep the temp
8539 file open; re-opening it with the invoking user's euid is
8547 * sudo.cat, sudo.man.in:
8552 back out revision 1.70; it is no long applicable
8556 Let the loader initialize nep
8559 * config.h.in, configure, configure.in:
8560 Removed unneed check for fchown Add check for gettimeofday Move
8561 autoheader template stuff into separate AH_TEMPLATE lines
8564 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
8565 Use timespec throughout.
8573 function to return the current time in a struct timespec
8577 Not a darpa-sponsored file.
8580 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
8582 * compat.h, config.h.in, configure, configure.in:
8583 Add a check for struct timespec and provide it for those without.
8586 * config.h.in, configure, configure.in, sudo_edit.c:
8587 Add checks for st_mtim and st_mtimespec and add macros for pulling
8588 the mtime sec and nsec out of struct stat. These are used in
8589 sudo_edit() to better tell whether or not the file has changed.
8592 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
8593 Add an extra param to touch() for nsec
8597 Call mkstemp() as the in invoking user so we don't have to chown the
8598 file later. Only touch() the temp file if we can do it via the file
8599 descriptor. Don't check for modification of the temp file if we lack
8600 fstat(). Catch errors read()ing the temp file.
8604 If path is NULL and fd == -1 return -1.
8608 closefrom() is overkill, the only extra fds are the ones we opened
8609 so just close those in the child.
8612 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
8613 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
8615 Use utimes() and futimes() instead of utime() in touch(), emulating
8616 as needed. Not all systems are able to support setting the times of
8617 an fd so touch() takes both an fd and a file name as arguments.
8620 2004-09-07 Aaron Spangler <aaron777@gmail.com>
8626 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
8628 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8633 * sudo.pod, sudoers.pod, visudo.pod:
8634 Add SUPPORT section and re-order some of the sections to match the
8635 order we use in OpenBSD.
8638 2004-09-06 Aaron Spangler <aaron777@gmail.com>
8641 Openldap ~/.ldaprc fix
8644 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
8647 Talk about how the editor must write its changes to the original
8648 file and not just use rename(2).
8656 Keep the temp file open instead of re-opening after the editor has
8661 Update for current redhat/fedora core.
8664 2004-09-03 Aaron Spangler <aaron777@gmail.com>
8670 2004-09-02 Aaron Spangler <aaron777@gmail.com>
8673 config tls_* options
8676 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
8678 * configure, configure.in:
8679 No need for -lcrypt when using pam.
8682 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
8688 2004-08-27 Aaron Spangler <aaron777@gmail.com>
8690 * configure.in, ldap.c, pathnames.h.in:
8691 Allow --with-ldap-conf-file option to override LDAP_CONF
8695 cleanup debug message
8698 2004-08-26 Aaron Spangler <aaron777@gmail.com>
8704 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
8706 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
8707 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
8708 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
8709 longer use gross statics in command_matches(). Also rename some
8710 variables for improved clarity.
8713 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
8716 document HP's crippled compiler deficiency.
8720 Fix some thinkos in --with-editor and --with-env-editor
8721 descriptions. Noticed by Norihiko Murase.
8724 * configure, configure.in:
8725 --with-noexec takes an optional PATH argument.
8729 document --with-noexec
8732 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
8736 [f2503bd13373] [SUDO_1_6_8]
8739 Better warning message when sudoedit is unable to write to the
8743 * sudo.cat, sudo.man.in:
8748 Don't italicize the string "sudoedit"
8751 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
8757 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
8764 Reset used_runas to FALSE when re-intializing the parser.
8767 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
8770 Correct OpenBSD mips support
8777 2004-08-07 Aaron Spangler <aaron777@gmail.com>
8784 Updates on current behavior
8787 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
8790 =back does not take an indentlevel (makes no difference to formatted
8795 =back does not take an indentlevel (makes no difference to formatted
8804 Consistency. Use same error for bad -u #uid when targetpw is set as
8805 we do when a bad -u username is specified.
8809 Add checksum idea from Steve Mancini
8812 * sudoers.cat, sudoers.man.in:
8816 * sudo.cat, sudo.man.in:
8820 * sudo.pod, sudoers.pod:
8821 Document the restriction on uids specified via -u when targetpw is
8826 Error out when targetpw is enabled and sudo is run with -u #uid but
8827 #uid does not exist in the passwd database. We can't do target
8828 authentication when the target is not in passwd!
8831 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
8836 Some more todo for the next release.
8840 Make it clear that PAM should be used for DCE support when possible.
8844 o Document problems with wildcards and relative paths. o Make the
8845 order requirements more prominent. o Change a "set" to "reset" for
8849 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
8852 Mention --with-secure-path, not SECURE_PATH.
8855 2004-08-03 Aaron Spangler <aaron777@gmail.com>
8858 reflect changes to parse.c
8861 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
8867 * parse.c, parse.h, testsudoers.c, visudo.c:
8868 Don't pass user_cmnd and user_args to command_matches(), just use
8869 the globals there. Since we keep state with statics anyway it is
8870 misleading to pretend that passing in different cmnd and cmnd_args
8875 Don't pass user_cmnd and user_args to command_matches(), just use
8876 the globals there. Since we keep state with statics anyway it is
8877 misleading to pretend that passing in different cmnd and cmnd_args
8882 Fix a bug introduced in rev. 1.149. When checking for pseudo-
8883 commands check for a '/' anywhere in cmnd, not just the first
8887 2004-07-31 Aaron Spangler <aaron777@gmail.com>
8889 * sudo.man.in, sudo.pod:
8890 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
8893 * sudoers.man.in, sudoers.pod:
8894 Add ignore_local_sudoers
8898 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
8902 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
8908 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
8915 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
8916 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
8919 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
8925 2004-07-08 Aaron Spangler <aaron777@gmail.com>
8928 Better debugging of ALL command
8931 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
8934 When matching for "sudoedit" in sudoers check both the command the
8935 user typed *and* the command that is listed in the sudoers entry.
8938 2004-07-04 Aaron Spangler <aaron777@gmail.com>
8941 Added !command feature
8944 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
8947 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
8950 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
8953 License is ISC-style, not BSD-style
8960 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
8962 * sudo.cat, sudo.man.in:
8967 o Update some out of date bits to reality o Change the shell promt
8968 in examples to bourne-shell style o Clarify some details o Add a
8969 CAVEAT about "sudo cd /foo"
8973 Don't ask for a password if invoking user == target user.
8980 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
8982 * sudoers.cat, sudoers.man.in:
8987 Expand on NOEXEC a little.
8994 * visudo.cat, visudo.man.in:
9003 Add a check in visudo for runas_default being set after it has
9007 * CHANGES, parse.yacc, visudo.c:
9008 Add a check in visudo for runas_default being set after it has
9017 Add a MATCHED macro for testing whether foo_matches has been set to
9018 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
9019 Doesn't change the actual code generated.
9022 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
9033 Correct description of where Defaults specs should go.
9037 Correct description of where Defaults specs should go.
9040 * testsudoers.c, visudo.c:
9060 * auth/bsdauth.c, auth/kerb5.c:
9064 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
9070 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
9071 Remove trailing spaces, no actual code changes.
9075 Remove trailing spaces, no actual code changes.
9078 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
9079 Remove trailing spaces, no actual code changes.
9083 Remove trailing spaces, no actual code changes.
9087 Remove trailing spaces, no actual code changes.
9090 * compat.h, defaults.c, env.c:
9091 Remove trailing spaces, no actual code changes.
9095 Remove trailing spaces, no actual code changes.
9103 Fix a >=0 that should be <0 that was improperly converted when
9108 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
9109 NOMATCH when resetting it.
9113 Fix pastos introduced in SETNMATCH addition.
9116 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
9119 Update for configure changes
9127 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
9128 these in parse.yacc. Also in parse.yacc initialize the *_matches
9129 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
9130 when setting *_matches to a value that may be
9131 NOMATCH/UNSPEC/TRUE/FALSE.
9135 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
9136 these in parse.yacc. Also in parse.yacc initialize the *_matches
9137 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
9138 when setting *_matches to a value that may be
9139 NOMATCH/UNSPEC/TRUE/FALSE.
9143 Initialize runas to -2, not -1 since we need to be able to
9144 distinguish between the initialized value and the value of a non-
9145 match when passing along the runas value to multiple commands.
9147 The result of this is that an unmatched runas is now set to -1, not
9148 0. This is required now that parse.c treats a FALSE value for runas
9149 as being explicitly denied.
9152 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
9155 Error out if argc < 1.
9159 Error out if argc < 1.
9162 * configure, configure.in:
9163 Add tests for what libs we need to link with for ldap and for
9164 whether or not lber.h needs to be explicitly included.
9167 2004-06-03 Aaron Spangler <aaron777@gmail.com>
9170 Solaris native LDAP build fix
9173 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
9176 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
9181 Add prototype for sudo_ldap_list_matches
9184 * configure, configure.in:
9185 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9186 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9187 this is now used to confitionally define the dirfd macro in
9192 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9193 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9194 this is now used to confitionally define the dirfd macro in
9199 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9200 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9201 this is now used to confitionally define the dirfd macro in
9206 Only check /proc/$$/fd if we have the dirfd function/macro.
9209 * compat.h, config.h.in, configure, configure.in:
9210 Add a check for a dirfd() function (like Linux) and add a dirfd
9211 macro in compat.h if there is no dirfd() function or macro.
9214 * closefrom.c, getcwd.c:
9215 dirfd() is now defined in compat.h as needed.
9219 Clarify closefrom() note.
9223 When checking for a command in the directory, only copy the base dir
9228 If there is a /proc/$$/fd directory, behave like the Solaris
9229 closefrom() and only close the descriptors listed therein.
9233 compat.h guarantees INT_MAX is defined.
9237 Add definitions of OPEN_MAX and INT_MAX for those without it and
9238 remove definition of RLIM_INFINITY (now unused).
9241 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
9242 sudo.c, sudo.h, visudo.c:
9243 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
9246 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
9253 Add some entries that were mailed in a while ago
9257 o sysconf returns a long, not an int. o check for negative return
9258 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
9259 define OPEN_MAX to 256 for those without it (a fair guess...)
9262 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
9265 Mention change in parse order for RunAs entries.
9272 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
9274 * INSTALL, README.LDAP, config.h.in, configure.in:
9275 o --with-ldap now takes an optional dir as a parameter o added
9276 check for ldap_initialize() and start_tls_s()
9280 Fix some typos, word choice and formatting issues.
9283 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
9286 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
9287 read/write as it is simpler.
9290 * configure, configure.in:
9291 Remove hack overriding cross-compiler check. It should no longer be
9296 Remove select() compat bits since we no longer use select().
9299 * CHANGES, tgetpass.c:
9300 Use alarm() instead of select() for the timeout for systems that
9301 don't fully/properly implement select().
9304 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
9315 Deal with systems that have no way of setting the effective uid such
9319 * configure, configure.in:
9320 Define NO_SAVED_IDS if we don't find seteuid()
9323 * config.h.in, configure, configure.in:
9324 Add back check for setreuid() since NSK doesn't have it.
9327 * sudoers.cat, sudoers.man.in:
9340 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
9341 explicitly denied and the command matched. This fixes a long-
9342 standing bug and makes: foo machine = (ALL) /usr/bin/blah
9343 foo machine = (!bar) /usr/bin/blah
9345 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
9352 2004-05-20 Aaron Spangler <aaron777@gmail.com>
9355 Missing DESTDIR in make install for sudo_noexec.la
9358 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
9360 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
9370 Remove fastboot/fasthalt (who still remembers these?) and add a
9371 minimal sudoedit example.
9375 Remove fastboot/fasthalt (who still remembers these?) and add a
9376 minimal sudoedit example.
9379 * UPGRADE, sudo.c, visudo.c:
9380 filesystem -> file system
9384 filesystem -> file system
9388 filesystem -> file system
9391 * sudo.pod, sudoers.pod:
9392 Fix some minor typos and formatting goofs
9400 remove my email addr
9403 * sudo.pod, sudoers.pod, visudo.pod:
9404 Use @mansectform@ and @mansectsu@ everywhere Make man page
9405 references links with L<>
9409 Accept quoted globbing characters and pass them verbatim for
9414 Document that /tmp/.odus is gone.
9418 No longer use /tmp/.odus as a possible timestamp dir unless
9419 specifically configured to do so. Instead, if no /var/run exists,
9420 use /var/adm/sudo or /usr/adm/sudo.
9424 No longer use /tmp/.odus as a possible timestamp dir unless
9425 specifically configured to do so. Instead, if no /var/run exists,
9426 use /var/adm/sudo or /usr/adm/sudo.
9430 No longer use /tmp/.odus as a possible timestamp dir unless
9431 specifically configured to do so. Instead, if no /var/run exists,
9432 use /var/adm/sudo or /usr/adm/sudo.
9436 No longer use /tmp/.odus as a possible timestamp dir unless
9437 specifically configured to do so. Instead, if no /var/run exists,
9438 use /var/adm/sudo or /usr/adm/sudo.
9441 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
9442 Preliminary changes to support nsr-tandem-nsk. Based on patches
9447 Preliminary changes to support nsr-tandem-nsk. Based on patches
9451 * check.c, compat.h:
9452 Preliminary changes to support nsr-tandem-nsk. Based on patches
9456 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
9459 There was no 1.6.7p6.
9467 add missing files to DISTFILES
9470 * sudo.cat, sudoers.cat, visudo.cat:
9479 Fix some line wrap and update (c) year
9482 2004-04-28 Aaron Spangler <aaron777@gmail.com>
9488 2004-04-07 Aaron Spangler <aaron777@gmail.com>
9494 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9501 In Exit() when used as a signal handler, emsg is a pointer so
9502 sizeof() is wrong so make it a #define instead. Also avoid using a
9503 negative exit value. Found by Aaron Campbell
9506 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
9509 Remove bogus sentence about uids in a User_List. Document usernames
9510 vs. uid parsing in a Runas_List.
9513 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
9514 If the user specified a uid with the -u flag and the uid exists in
9515 the passwd file, set runas_user to the name, not the uid.
9517 When comparing usernames in sudoers, if a name is really a uid
9518 (starts with '#') compare it numerically to pw_uid.
9521 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
9524 krb5_mcc_ops should be const; Johnny C. Lam
9527 2004-02-28 Aaron Spangler <aaron777@gmail.com>
9529 * CHANGES, config.h.in, ldap.c:
9530 Added start_tls support
9533 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
9536 Clean up libtool stuff for 'make distclean' and add def_data.c,
9537 def_data.h to PARSESRCS.
9540 2004-02-14 Aaron Spangler <aaron777@gmail.com>
9542 * strlcat.c, strlcpy.c:
9543 Un-Fix last license munge
9546 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9552 * CHANGES, RUNSON, TODO:
9556 * lex.yy.c, sudo.tab.c:
9560 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
9561 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
9562 emul/search.h, emul/utime.h:
9563 More to a less restrictive, ISC-style license.
9566 * auth/kerb5.c, auth/pam.c:
9567 More to a less restrictive, ISC-style license.
9570 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
9571 More to a less restrictive, ISC-style license.
9575 More to a less restrictive, ISC-style license.
9578 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
9579 More to a less restrictive, ISC-style license.
9582 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
9583 visudo.man.in, visudo.pod:
9584 More to a less restrictive, ISC-style license.
9588 More to a less restrictive, ISC-style license.
9591 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
9593 More to a less restrictive, ISC-style license.
9596 * sigaction.c, strerror.c:
9597 More to a less restrictive, ISC-style license.
9600 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
9602 More to a less restrictive, ISC-style license.
9605 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
9606 ins_goons.h, insults.h, interfaces.c, interfaces.h:
9607 More to a less restrictive, ISC-style license.
9610 * find_path.c, getprogname.c:
9611 More to a less restrictive, ISC-style license.
9615 More to a less restrictive, ISC-style license.
9619 More to a less restrictive, ISC-style license.
9623 More to a less restrictive, ISC-style license.
9626 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
9628 More to a less restrictive, ISC-style license.
9631 * utime.c, version.h:
9632 More to a less restrictive, ISC-style license.
9635 * parse.lex, parse.yacc:
9636 More to a less restrictive, ISC-style license.
9640 More to a less restrictive, ISC-style license.
9643 2004-02-13 Aaron Spangler <aaron777@gmail.com>
9646 Merged in LDAP Support
9649 * ldap.c, sudo.c, sudo.h:
9650 Merged in LDAP Support
9653 * def_data.c, def_data.h, def_data.in:
9654 Merged in LDAP Support
9657 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
9658 Merged in LDAP Support
9661 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9663 * sudo.h, sudo_noexec.c:
9664 Only do "extern int errno" if errno is not a macro.
9667 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
9670 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
9671 euid first, then just call setuid(0) to set the real uid too.
9675 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
9676 instead of seteuid() which may not exist.
9679 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
9685 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
9686 Add --with-pc-insults configure option
9690 Prefer VISUAL over EDITOR like old vipw did.
9693 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
9695 * sudo.man.in, sudoers.man.in:
9700 Add a note that noexec is not a cure-all.
9704 Mention that disabling "root_sudo" is pretty pointless.
9707 * configure, configure.in:
9708 Substitute for root_sudo in sudoers.pod
9712 Add sudoedit to the NAME section
9716 Document that fact that setting ignore_dot in sudoers has no effect
9717 due to the fact that find_path() is called *before* sudoers is read.
9720 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
9723 Do not require _PATH_USRTMP to be set.
9726 * BUGS, CHANGES, TODO:
9735 Clarify that when sudo is run by root with the SUDO_USER variable
9736 set, the sudoers lookup happens for root and not the SUDO_USER user.
9739 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
9741 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
9742 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
9743 Use the SET, CLR and ISSET macros.
9747 Use the SET, CLR and ISSET macros.
9750 * defaults.c, env.c:
9751 Use the SET, CLR and ISSET macros.
9755 MAIN was replaced with _SUDO_MAIN some time ago.
9759 Don't look at prev_user until after we've parsed sudoers and done
9760 the password check. That way, if sudo/sudoedit is run from a root
9761 process that was invoked by sudo, we check sudoers for root, not the
9762 previous user. This makes sudoedit much more useful and means that
9763 for the sudo case, we get correct logging on who actually ran the
9767 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
9770 Add a comment describing why we need to be notified about our child
9774 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
9776 * def_data.c, def_data.in:
9777 Update the noexec variable descriptions
9780 * sudoers.man.in, sudoers.pod:
9781 noexec now replaces more than just execve()
9785 Alas, all the world does not go through execve(2). Many systems
9786 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
9787 and it is not uncommon for libc to have underscore ('_') versions of
9788 the functions to be used internally by the library. Instead of
9789 stubbing all these out by hand, define a macro and let it do the
9790 work. Extra exec functions pointed out by Reznic Valery.
9793 * sudo.c, sudo_edit.c:
9794 Fix suspending the editor in -e mode. Because we do a fork() first
9795 we need to be notified when the child has been stopped and then send
9796 that same signal to ourself so the shell can do its job control
9801 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
9802 there that want to run sudo that still don't support these we can
9803 try to deal with that later.
9810 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
9811 Document sudo -e / sudoedit
9814 * configure, configure.in:
9818 * config.h.in, configure.in:
9822 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
9825 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
9826 long usage() line to not wrap (assumes 80 char display)
9829 * Makefile.in, sudo.c:
9830 If sudo is invoked as "sudoedit" the -e flag is implied and no other
9831 flags are permitted.
9835 Add a new flag, -e, that makes it possible to give users the ability
9836 to edit files with the editor of their choice as the invoking user,
9837 not the runas user. Temporary files are used for the actual edit
9838 and the temp file is copied over the original after the editor is
9842 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
9843 Add a new flag, -e, that makes it possible to give users the ability
9844 to edit files with the editor of their choice as the invoking user,
9845 not the runas user. Temporary files are used for the actual edit
9846 and the temp file is copied over the original after the editor is
9851 If real uid == 0 and the SUDO_USER environment variables is set, use
9852 that to determine the invoking user's true identity. That way the
9853 proper info gets logged by someone who has done "sudo su" but still
9854 uses sudo to as root. We can't do this for non-root users since
9855 that would open up a security hole, though perhaps it would be
9856 acceptable to use getlogin(2) on OSes where this a system call (and
9857 doesn't just look in the utmp file).
9861 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
9864 * config.h.in, configure, configure.in:
9865 Add check for fchown(2)
9868 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
9871 Back out portions of the -i commit that set NewArgv[0] in
9872 set_runaspw. It is far to late to set NewArgv[0] there and will have
9873 no effect anyway as cmnd and safe_cmnd have already been set.
9876 * visudo.c, visudo.pod:
9877 Prefer VISUAL over EDITOR like old vipw did.
9880 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
9883 In -i mode always set new environment based on the runas user's
9887 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
9889 * sudo.man.in, sudo.pod:
9890 Document the new -i flag and sync SYNOPSIS section with usage() in
9891 sudo.c. Also sort the flags in the OPTIONS section.
9895 o Add -i that acts similar to "su -", based on patches from David J.
9896 MacKenzie o Sort the flags in the usage message
9899 * sudoers.man.in, sudoers.pod:
9900 Add a missing @runas_default@ substitution.
9903 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
9906 Change euid to runas user before calling find_path().
9907 Unfortunately, though runas_user can be modified in sudoers we
9908 haven't parsed sudoers yet.
9911 * sudoers.man.in, sudoers.pod:
9912 Add missing defintion of Parameter_List and use single pipes in the
9913 Defaults EBNF definition.
9917 Fix a bug when set_runaspw() is used as a callback. We don't want
9918 to reset the contents of runas_pw if the user specified a user via
9921 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
9922 already have the info in runas_pw.
9925 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
9928 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
9932 Update sudo_getepw() proto and add one for set_runaspw()
9936 If we can't stat the command as root, try as the runas user instead.
9939 * testsudoers.c, visudo.c:
9940 Add stub set_runaspw() function
9944 Add set_runaspw() function to fill in runas_pw. This will be used
9945 as a callback to update runas_pw when the runas user changes.
9949 PERM_RUNAS -> PERM_FULL_RUNAS
9952 * set_perms.c, sudo.h:
9953 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
9958 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
9959 one chunk for easy free()ing. Also change it from static to extern.
9962 * defaults.c, defaults.h:
9963 Add callback support
9967 Add a callback field and use it for runas_default
9970 * def_data.c, def_data.in:
9971 Add a callback field and use it for runas_default
9974 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
9977 Add support for chalnecho and display server responses used by fwtk
9981 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
9983 * sudoers.man.in, sudoers.pod:
9984 ld.so is ld.so.1 on solaris
9987 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
9988 Use closefrom() instead of doing the equivalent inline.
9992 closefrom(3) for systems w/o it
9995 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
9998 Update from .pod file.
10001 * configure, configure.in:
10002 Substitute noexec_file for the sudoers man page
10005 * sudo.man.in, sudo.pod:
10009 * sudoers.man.in, sudoers.pod:
10013 * auth/pam.c, config.h.in, configure.in:
10014 Move PAM_CONST macro definition from config.h to pam.c where it
10015 belongs. We can't have this in config.h since that gets included too
10019 * auth/pam.c, config.h.in, configure, configure.in:
10020 Some PAM implementations put their headers in /usr/include/pam
10021 instead of /usr/include/security.
10025 I missed changing the EXEC macro -> EXECV here when I changed this
10026 in config.h.in and sudo.c a while ago.
10030 OpenBSD vax/m88k/hppa don't do shared libs
10033 * configure, configure.in:
10034 o merge the hpux case entries into a single entry w/ its own sub-
10035 case statement. o HP-UX >= 11 support getspnam(), use it in
10036 preference to getprpwuid()
10039 * configure, configure.in:
10040 eval $shrext so that it expands nicely on MacOS X
10044 Don't lie about making a module, it does the wrong thing on mach
10048 Remove requirement that libs must begin with "lib". They don't when
10049 we point directly at the lib using LD_PRELOAD or its equivalent.
10053 Disable support for c++, f77 and java. We don't need it, it takes a
10054 lot of time, and it hosed our check for shared lib support.
10062 Call AC_ENABLE_SHARED and check the status of enable_shared to know
10063 when shared libs are available.
10067 Duh, OpenBSD suports shared libs too
10070 * config.h.in, configure.in:
10071 Only OpenPAM and Linux PAM use const qualifiers.
10074 * configure, configure.in:
10075 o No need to check for sed, libtool config does that for us o move
10076 check for --with-noexec until after libtool magic is run so we can
10077 use $can_build_shared and $shrext
10081 Don't print a bunch of crap about library installs since we are not
10082 really installing a library.
10086 Make format_env() varargs Add noexec support for Darwin, MacOS X,
10090 * acsite.m4, ltconfig, ltmain.sh:
10091 Update to libtool 1.5 with local changes: o no ldconfig in the
10092 finish step o assume no libprefix or version is needed
10096 Fix compilation under K&R
10099 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
10106 stub execve() that just returns EACCES; used for noexec
10111 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
10116 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
10120 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
10122 * def_data.c, def_data.h, def_data.in:
10123 Move the environment defaults to the end and shorten a few of the
10127 * configure, configure.in:
10128 no shared libs on ultris or convexos
10131 * Makefile.in, configure, configure.in:
10132 Build sudo_noexec shared object using libtool; could use some
10136 * acsite.m4, ltconfig, ltmain.sh:
10137 libtool scaffolding
10140 * parse.yacc, sudo.tab.c:
10141 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
10145 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
10146 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
10147 update copyright year
10150 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
10151 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
10152 option. The default value of noexec_file is set to this.
10155 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
10156 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
10158 Add support for preloading a shared object containing a dummy
10159 execve() function that just sets error and returns -1. This adds a
10160 "noexec_file" option to load the filename as well as a "noexec" flag
10161 to enable it unconditionally. There is also a NOEXEC tag that can
10162 be attached to specific commands and an EXEC tag to disable it.
10166 add missing newline to usage statement
10169 * config.h.in, sudo.c:
10170 Rename EXEC macro -> EXECV
10174 Don't truncate usernames to 8 characters in the log message.
10177 * check.c, sudoers.man.in, sudoers.pod:
10178 Update copyright year
10181 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
10183 Add a new option, lecture_file, that can be used to point to a
10184 custom sudo lecture.
10187 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
10189 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
10191 Add a zero_bytes() function to do the equivalent of bzero in such a
10192 way that will heopfully not be optimized away by sneaky compilers.
10196 Add a zero_bytes() function to do the equivalent of bzero in such a
10197 way that will heopfully not be optimized away by sneaky compilers.
10200 * Makefile.in, sudo.h:
10201 Add a zero_bytes() function to do the equivalent of bzero in such a
10202 way that will heopfully not be optimized away by sneaky compilers.
10206 Use #ifdef __STDC__, not #if __STDC__.
10209 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
10212 Always put at least one space between the def_* macro name and its
10216 * configure, configure.in:
10217 Adjust code for --without-lecture to match new values.
10221 regen after pasto fix
10224 * sudoers.man.in, sudoers.pod:
10225 Document that "lecture" has changed from a flag to a tuple.
10228 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
10229 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
10230 Add support for tuples in def_data.in; these are implemented as an
10231 enum type. Currently there is only a single tuple enum but in the
10232 future we may have one tuple enum per T_TUPLE entry in def_data.in.
10233 Currently listpw, verifypw and lecture are tuples. This avoids the
10234 need to have two entries (one ival, one str) for pwflags and syslog
10237 lecture is now a tuple with the following values: never, once,
10240 We no longer use both an int and string entry for syslog facilities
10241 and priorities. Instead, there are logfac2str() and logpri2str()
10242 functions that get used when we need to print the string values.
10245 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
10246 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
10247 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
10248 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
10249 sudo.tab.c, visudo.c:
10250 Create def_* macros for each defaults value so we no longer need the
10251 def_{flag,ival,str,list,mode} macros (which have been removed). This
10252 is a step toward more flexible data types in def_data.in.
10259 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
10262 If we are in -k/-K mode, just spew to stderr. It is not unusual for
10263 users to place "sudo -k" in a .logout file which can cause sudo to
10264 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
10265 Previously, this would result in useless mail and logging.
10268 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
10271 fix pasto in VISUAL description
10274 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
10285 Some OSes (like Solaris) allow export w/ nosuid too
10288 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
10291 We don't use FD_ZERO anymore so just define FD_SET (if not already
10295 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
10298 Fix a core dump on Solaris by preserving the pam_handle_t we used
10299 during authentication for pam_prep_user(). If we didn't
10300 authenticate (ie: ticket still valid), we call pam_init() from
10301 pam_prep_user(). This is something of a hack; it may be better to
10302 change the auth API and add an auth_final() function that acts like
10306 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
10309 Add explicit declaration of printerr variable in function header
10310 (was defaulting to int which is OK but oh so K&R :-). From Theo.
10313 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
10315 * config.h.in, configure.in:
10316 s/HAVE_STOW/USE_STOW/
10320 Also exit waitpid() loop when pid == 0. Fixes a problem where the
10321 sudo process would spin eating up CPU until sendmail finished when
10322 it has to send mail.
10325 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
10328 Remove advertising clause, UCB has disavowed it
10332 Remove advertising clause, UCB has disavowed it
10335 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
10338 Don't assume that getgrnam() calls don't modify contents of struct
10339 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
10340 Based on a patch from Kirk Webb.
10343 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
10350 darwin has a broken setreuid() in at least some versions
10354 Fix an off by one error when reallocating the environment; Kevin Pye
10357 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
10360 Fix User_Spec definition; SEKINE Tatsuo
10363 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
10366 More info on the early days from Coggs.
10369 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
10372 remove errant semicolon that prevented compilation under heimdal
10375 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
10377 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
10378 add DARPA credit on affected files
10382 add DARPA credit on affected files
10385 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
10387 add DARPA credit on affected files
10391 add DARPA credit on affected files
10395 add DARPA credit on affected files
10398 * logging.c, parse.c:
10399 add DARPA credit on affected files
10402 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
10403 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
10404 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
10406 add DARPA credit on affected files
10409 * auth/kerb5.c, auth/pam.c:
10410 add DARPA credit on affected files
10413 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
10414 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
10416 add DARPA credit on affected files
10420 add DARPA credit on affected files
10423 * defaults.c, defaults.h:
10424 add DARPA credit on affected files
10428 add DARPA credit on affected files
10431 * Makefile.in, alloc.c, check.c:
10432 add DARPA credit on affected files
10436 slightly different wording for the darpa credit
10439 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
10445 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
10448 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
10449 Kerberos like we did before I messed things up ;-)
10451 Use krb5_principal_get_comp_string() to do the same thing w/
10452 Heimdal. I'm not sure if the component should be 0 or 1 in this
10455 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
10456 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
10457 should be a configure check for this I guess.
10460 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
10463 builtin -> built-in; Jason McIntyre
10466 * TROUBLESHOOTING, config.h.in, configure, configure.in:
10467 builtin -> built-in; Jason McIntyre
10471 built in -> built-in; Jason McIntyre
10474 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
10477 checkpoint for 1.6.7p3
10481 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
10482 Amazingly, sudo source from 1985 is available via groups.google.com
10486 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
10487 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
10488 RLIMIT_CORE restoration on some OSes.
10491 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
10494 Make this compile on Heimdal and MIT Kerberos 5
10497 * config.h.in, configure, configure.in:
10498 Check for heimdal even if we found krb5-config and define
10503 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
10504 no longer defined by MIT kerb5 (though it used to be and indeed
10505 remains so in Heimdal).
10508 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
10511 Remove newer stuff that passes multiple (possibly duplicate)
10512 directories to "mkdir -p" since that seems to break on Tru64 Unix at
10513 least. This basically brings back what shipped with sudo 1.6.6.
10516 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
10519 Correct number of args to krb5_principal_get_realm() and fix an
10520 unclosed comment that hid the bug.
10547 * CHANGES, version.h:
10556 use krb5-config to determine Kerberos V details if it exists
10559 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
10560 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
10561 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
10562 testsudoers.c, visudo.c:
10563 Use warn/err and getprogname() throughout. The main exception is
10564 openlog(). Since the admin may be filtering logs based on the
10565 program name in the log files, hard code this to "sudo".
10569 Add getprogname.c and err.c
10576 * config.h.in, configure.in:
10577 Add checks for getprognam(), __progname and err.h
10581 For systems withour err/warn functions.
10585 For systems withour err/warn functions.
10589 For systems neither getprogname() nor __progname; uses Argv[0].
10592 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
10595 checkpoint for 1.6.7p1
10598 * sudo.c, testsudoers.c:
10599 fix strlcpy() rval check (innocuous)
10603 oflow detection in expand_prompt() was faulty (false positives). The
10604 count was based on strlcat() return value which includes the length
10605 of the entire string.
10608 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
10611 checkpoint for the sudo 1.6.7 release
10612 [096bab4da29a] [SUDO_1_6_7]
10615 checkpoint for the sudo 1.6.7 release
10618 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
10621 g/c unused variable
10629 use man sections 8 and 5 for csops
10632 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
10639 Add -lskey or -lopie directly to SUDO_LIBS instead of having
10640 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
10648 Add --with-blibpath for AIX. An alternate libpath may be specified
10650 -blibpath support can be disabled. Also change conifgure such that
10651 -blibpath is not specified if no -L libpaths were added to
10656 Add --with-blibpath for AIX. An alternate libpath may be specified
10658 -blibpath support can be disabled. Also change conifgure such that
10659 -blibpath is not specified if no -L libpaths were added to
10664 Add --with-blibpath for AIX. An alternate libpath may be specified
10666 -blibpath support can be disabled. Also change conifgure such that
10667 -blibpath is not specified if no -L libpaths were added to
10672 add AIX blibpath support
10675 * INSTALL, configure.in:
10676 --with-skey and --with-opie now take an option directory argument
10677 This obsoletes a --with-csops hack (/tools/cs/skey)
10679 Also remove the remaining direct uses of "echo"
10682 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
10685 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
10686 for KTH Kerberos IV and V.
10690 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
10691 -R/path/to/dir if $with_rpath) to the specified variable.
10694 * INSTALL, configure.in:
10695 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
10696 option, --with-rpath to control this behavior.
10700 for kerb4 put libdes after libkrb on the link line
10708 fix kerberos lib check when a path is specified
10712 Fix boolean thinko in SIGCHLD reaper and call reapchild after
10713 sending mail instead of doing a conditional sudo_waitpid.
10716 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
10723 replace =DIR with [=DIR] where sensible
10727 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
10728 detection based on openssh's configure.in
10732 --with-kerb4 and --with-kerb5 now take an optional argument.
10735 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
10738 Kill remaining strcpy(), the programmer's guide says username is 32
10743 trat uid_t as unsigned long for printf and use snprintf, not sprintf
10750 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
10752 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
10753 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
10754 auth/rfc1938.c, auth/sudo_auth.c:
10755 update copyright year
10758 * sudo.man.in, sudoers.man.in, visudo.man.in:
10759 update copyright year
10762 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
10763 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
10764 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
10765 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
10766 update copyright year
10769 * check.c, env.c, sudo.c:
10770 Cast [ug]ids to unsigned long and printf with %lu
10778 correct error messages for --with-sudoers-{mode,uid,gid}
10782 make the malloc(0) error specific to each function to aid tracking
10787 deal with platforms where size_t is signed and there is no SIZE_MAX
10792 Make this compile w/ Heimdal and fix some gcc warnings.
10796 Use stat_sudoers macro so --with-stow can work
10799 * INSTALL, config.h.in, configure, configure.in:
10800 Add support for --with-stow based on patches from Robert Uhl
10816 use strlcpy, not strncpy
10820 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
10827 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
10829 * strlcat.c, strlcpy.c:
10830 Make gcc shutup about unused rcsid
10834 Move the n == 0 check for the non-getifaddrs cas
10838 skeychallenge() on NetBSD take a size parameter
10846 put -ldl after -lpam, not before; fixes static linking on Linux
10850 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
10854 * sudo.cat, sudoers.cat, visudo.cat:
10858 * sudo.man.in, sudoers.man.in, visudo.man.in:
10863 Preserve copyright notice from .pod file in .man.in file
10867 Add sudoers(5) to SEE ALSO
10870 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
10877 Don't assume libc can realloc() a NULL string. If malloc/realloc
10878 fails, make sure we just return; yyerror() is not terminal.
10886 simplify fill_args a little and use strlcpy for paranoia
10893 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
10895 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
10896 cases the strings were either pre-allocated to the correct size of
10897 length checks were done before the copy but a little paranoia can go
10902 Add strlc{at,py} protos
10905 * env.c, interfaces.c:
10914 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
10915 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
10919 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
10924 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
10927 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
10930 Use snprintf() for paranoia
10934 Use emalloc2 and erealloc3
10938 strlc{at,py} for those w/o it
10941 * strlcat.c, strlcpy.c:
10942 stlc{at,py} for those w/o it.
10945 * config.h.in, configure, configure.in:
10946 Add stlc{at,py} for those w/o it.
10950 Add erealloc3(), a realloc() version of emalloc2().
10953 * interfaces.c, sudo.c:
10954 Use emalloc2() to allocate N things of a certain size.
10958 Add emalloc2() -- like calloc() but w/o the bzero and with
10959 error/oflow checking.
10963 Error out on malloc(0); suggested by theo
10966 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
10968 * configure, configure.in:
10969 fix a typo; David Krause
10972 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
10978 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
10981 Remove DYLD_ from the environment for MacOS X; from bbraun
10984 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
10986 * config.h.in, configure.in:
10987 not not; Anil Madhavapeddy
10990 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
10992 * sudo.pod, sudoers.pod, visudo.pod:
10993 typos; jmc@openbsd.org
10996 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
10999 Add some missing ';' rule terminators that bison warns about.
11003 fix typo I introduced in last merge
11007 regenerate with autoconf 2.57
11011 Add missing "$HOME"
11015 Add some more square backets to make autoconf 2.57 happy
11018 * config.sub, mkinstalldirs:
11019 Updates from autoconf-2.57
11023 Updates from autoconf-2.57
11026 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11032 * lex.yy.c, sudo.tab.c:
11036 * parse.lex, parse.yacc, sudoers.pod:
11037 Add support for Defaults>RunasUser
11040 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11043 fclose() yyin after each yyparse() is done and use fopen() instead
11044 of using freopen().
11048 Better fix for sudoers files w/o a newline before EOF. It looks
11049 like the issue is that yyrestart() does not reset the start
11050 condition to INITIAL which is an issue since we parse sudoers
11054 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
11057 Work around what appears to be a flex bug when dealing with files
11058 that lack a final newline before EOF. This adds a rule to match EOF
11059 in the non-initial states which resets the state to INITIAL and
11064 o The parser needs sudoers to end with a newline but some editors
11065 (emacs) may not add one. Check for a missing newline at EOF and
11066 add one if needed. o Set quiet flag during initial sudoers parse (to
11067 get options) o Move yyrestart() call and always use freopen() to
11068 open yyin after initial sudoers parse.
11071 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
11074 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
11075 effective gid, not real gid, when reading sudoers.
11079 don't compile set_perms_posix if we have setreuid or setresuid
11082 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11084 * sudo.pod, sudoers.pod:
11085 document new prompt escapes
11089 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
11090 collapsed to "%" as was originally intended. This also gets rid of
11091 lastchar (does lookahead instead of lookback) which should simplify
11092 the logic slightly.
11095 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
11098 Write the prompt *after* turning off echo to avoid some password
11099 characters being echoed on heavily-loaded machines with fast
11104 Add support for mipseb; wiz@danbala.tuwien.ac.at
11108 Fix IRIX fallout from name changes in man dir/sect Makefile
11109 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
11113 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
11114 the global copy. Problem noted by Peter Pentchev.
11117 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
11124 Add missing yyerror() calls; YYERROR does not seem to call this for
11128 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
11131 fix typo in comment; Pedro Bastos
11134 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11137 document --disable-setresuid
11140 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
11142 Sprinkle some volatile qualifiers to prevent over-enthusiastic
11143 optimizers from removing memset() calls.
11146 * logging.c, parse.yacc:
11147 minor sign fixes pointed out by gcc -Wsign-compare
11150 * set_perms.c, sudo.c, sudo.h:
11151 Revamp set_perms. We now use a version based on setresuid() or
11152 setreuid() when possible since that allows us to support the
11153 stay_setuid option and we always know exactly what the semantics
11154 will be (various Linux kernels have broken POSIX saved uid support).
11157 * config.h.in, configure:
11158 regen from configure.in
11162 Add checks for setresuid() and a way to disable using it
11166 No long need to emulate set*[ug]id() via setres[ug]id() or
11167 setre[ug]id(). The new set_perms stuff only uses things it knows are
11172 Before exec, restore state of signal handlers to be the same as when
11173 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
11174 a problem when using sudo with nohup. Based on a patch from Paul
11179 o timestamp_uid should be uid_t, not int o clarify error message
11180 when sudo is run by root and no_root_sudo is set
11183 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
11186 update ftp link for bison
11189 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
11192 Error out if setusercontext() fails and the runas user is not root.
11195 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
11202 Fix SecurID API test
11205 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
11212 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
11213 but I don't see a better way at the moment.
11216 * Makefile.in, auth/securid5.c:
11217 SecurID API version 5 support from Michael Stroucken
11221 Add check for SecurID 5.0 API
11224 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
11227 We actually do still need config.h to get the 'const' definition for
11231 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
11234 regen with autoconf 2.5.3
11238 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
11242 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
11243 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
11246 * env.c, sudo.c, sudo.h:
11247 No need for dump_badenv() now that dump_defaults() knows how to dump
11251 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
11257 document timestampowner
11261 Don't call set_perms() when doing timestamp stuff unless
11262 timestamp_uid != 0.
11265 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
11266 sudo.h, testsudoers.c:
11267 g/c second arg to set_perms--it is no longer used
11270 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
11272 * check.c, set_perms.c, sudo.c, sudo.h:
11273 Add support for non-root timestamp dirs. This allows the timestamp
11274 dir to be shared via NFS (though this is not recommended).
11277 * def_data.c, def_data.h, def_data.in:
11278 Add timestampowner, "Owner of the authentication timestamp dir"
11281 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
11284 Don't try to pre-compute the size of the new envp, just allocate
11285 space up front and realloc as needed. Changes to the new env
11286 pointer must all be made through insert_env() which now keeps track
11287 of spaced used and allocates as needed.
11290 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
11297 Fix two typo/pastos; from jrj@purdue.edu
11300 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
11302 * INSTALL.binary, README:
11304 [a1e33027278c] [SUDO_1_6_6]
11306 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
11307 visudo.cat, visudo.man.in:
11311 * CHANGES, RUNSON, TODO:
11316 The the loop used to expand %h and %u, the lastchar variable was not
11317 being initialized. This means that if the last char in the prompt
11318 is '%' and the first char is 'h' or 'u' a extra copy of the host or
11319 user name would be copied, for which space had not been allocated.
11322 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
11324 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
11325 crank version to 1.6.6
11329 #undef VOID to get rid of an AFS warning
11333 Use easprintf instead of emalloc + sprintf for some things.
11336 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
11338 * lex.yy.c, sudo.tab.c:
11342 * parse.c, parse.lex, parse.yacc, testsudoers.c:
11343 Remove Chris Jepeway's email address so people don't bug him ;-)
11346 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11349 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
11350 endgrent() at the same time.
11353 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
11356 Make it clear which configure options take arguments.
11359 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
11362 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
11363 RLIM_INFINITY, just pretend it is -1. This works because we only
11364 check for RLIM_INFINITY and do not set anything to that value.
11367 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
11370 Zero and free allocated memory when there is a conversation error.
11374 Use sigaction() not signal()
11378 Mention that some linux kernels have broken POSIX saved ID support
11382 checkpoint for 1.6.5p2
11390 Add --disable-setreuid flag
11394 Document new --disable-setreuid option and change description for
11395 --disable-saved-ids to match new error message.
11399 fatal() now takes an argument that determines whether or not to call
11404 Update for new error messages from set_perms()
11408 Update for new error messages from set_perms()
11411 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
11414 Make this compile w/o warnings
11418 Mention that we can't use pam_acct_mgmt()
11421 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
11422 The user's password was not zeroed after use when AIX
11423 authentication, BSD authentication, FWTK or PAM was in use.
11426 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
11429 Avoid giving PAM a NULL password response, use the empty string
11430 instead. This avoids a log warning when the user hits ^C at the
11431 password prompt when PAM is in use.
11435 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
11436 pam_setcred() returns the last saved return code, not the return
11437 code for the setcred module. Because we haven't called
11438 pam_authenticate(), this is not set and so pam_setcred() returns
11443 Don't need a '/' between $(DESTDIR) and a directory.
11447 Don't need a '/' between $(DESTDIR) and a directory.
11450 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
11457 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
11458 setreuid() o new NetBSD has a real setreuid() o add check for
11459 freeifaddrs() if getifaddrs() exists.
11462 * config.h.in, interfaces.c:
11463 Older BSDi releases lack freeifaddrs() so add a test for that and if
11464 it is not present just use free().
11467 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11470 Checkpoint for 1.6.5p1
11474 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
11475 to normal passwords, not AUTH_FATAL (which just causes an exit).
11479 Don't use memory after it has been freed.
11483 skeyaccess() wants a struct passwd * not a char *; Patch from
11485 [65a1d3806fcd] [SUDO_1_6_5]
11491 * CHANGES, RUNSON, TODO:
11492 checkpoint for sudo 1.6.5
11495 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
11501 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
11505 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11511 o when invoking the mailer as root use a hard-coded environment that
11512 doesn't include any info from the user's environment. Basically
11515 o Add support for the NO_ROOT_MAILER compile-time option and run the
11516 mailer as the user and not root if NO_ROOT_MAILER is defined.
11519 * set_perms.c, sudo.h:
11520 Bring back PERM_FULL_USER
11531 * INSTALL, config.h.in, configure.in:
11532 Add --disable-root-mailer option to run the mailer as the user and
11537 checkpoint for 1.6.4p2
11541 Mention the "seteuid(0): Operation not permitted" problem here too
11542 just for good measure.
11545 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
11547 * env.c, getspwuid.c, sudo.c:
11548 The SHELL environment variable was preserved from the user's
11549 environment instead of being reset based on the passwd database when
11550 the "env_reset" option was used. Now it is reset as it should be.
11557 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
11559 Add a configure option to turn off use of POSIX saved IDs
11567 add --with-efence option
11571 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
11572 "sudo -l" would not work if always_set_home was set.
11580 Quoted commas were not being treated correctly in command line
11585 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
11586 Otherwise, the set_home option has no effect.
11588 o Fix use of freed memory when the "fqdn" flag is set. This was
11589 introduced by the fix for the "segv when gethostbynam() fails" bug.
11590 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
11591 there is no need to check the "fqdn" flag in set_fqdn() itself.
11595 Add 'continue' statements to optimize the switch statement. From
11599 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
11601 * sudoers.cat, sudoers.man.in:
11602 Regen from new sudoers.pod
11603 [6ecc07b3d0e1] [SUDO_1_6_4]
11606 Add caveat about stay_setuid flag
11610 If set_perms == set_perms_posix and the stay_setuid flag is not set,
11611 set all uids to 0 and use set_perms_fallback().
11614 * set_perms.c, sudo.h:
11615 Remove PERM_FULL_USER (which is no longer used) and add
11616 PERM_FULL_ROOT (used when exec'ing the mailer).
11620 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
11621 never want to run the mailer setuid.
11624 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
11626 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
11628 Use sudo.ws instead of courtesan.com in URLs
11631 * Makefile.binary, Makefile.in:
11632 Fix mansect substitution
11636 Substitute man sections in Makefile.binary
11640 Sync install targets with Makefile.in and substitute in man
11644 * INSTALL, INSTALL.binary:
11649 Repair bindist target
11656 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
11659 Fix case where neither whoami nor id are found
11662 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11665 If neither whoami nor id exists, just assume we are root.
11669 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
11670 on AIX which for some reason isn't pulling in the malloc prototype.
11673 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
11675 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
11684 Defer assigning new environment until right before the exec.
11688 kill extra blank line
11691 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11698 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
11699 compiler doesn't recognise -O2.
11703 Clarify origins of Root Group sudo a bit based on info from
11704 billp@rootgroup.com
11707 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
11714 checkpoint for 1.6.4rc1
11717 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
11720 now generated via autoheader
11728 Move in some stuff that was previously in config.h.
11731 * aclocal.m4, configure.in:
11732 Add info for autoheader.
11735 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
11738 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
11739 -g to facilitate non-root installs
11743 Add -M option (like -m but only for root) If we can't find "whoami",
11744 use "id" w/ some sed.
11752 allow user to always override mansectsu and mansectform
11755 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
11758 update from autoconf 2.52
11761 * config.guess, config.sub:
11762 Update from autoconf 2.52
11766 regen with autoconf 2.52
11770 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
11771 mode o Remove compiler-specific checks for HP-UX now that we use
11780 o Add pam_prep_user function to call pam_setcred() for the target
11781 user; on Linux this often sets resource limits. o When calling
11782 pam_end(), try to convert the auth->result to a PAM_FOO value.
11783 This is a hack--we really need to stash the last PAM_FOO value
11784 received and use that instead.
11787 * set_perms.c, sudo.h:
11788 o Add pam_prep_user function to call pam_setcred() for the target
11789 user; on Linux this often sets resource limits.
11793 Fix off by one error in number of bytes allocated via malloc (does
11794 not affected any released version of sudo).
11797 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
11804 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
11805 requiring that they be quoted.
11808 * sudoers.cat, sudoers.man.in, sudoers.pod:
11809 Mention that no double quotes are needed when
11810 adding/deleting/assigning a single value to a list.
11814 Don't rely on mkdefaults being executable, call perl explicitly.
11822 Remove some XXX that are no longer relevant.
11826 o Roll our own loop instead of using strpbrk() for better
11827 grokability o When adding to a list we must malloc() and use
11828 memcpy(), not strdup() since we must only copy len bytes from str.
11831 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
11841 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
11852 avoid the -g flag unless --with-devel was specified
11856 mkdefaults, def_data.in and sigaction.c were missing from the
11861 def_data.c was missing
11864 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
11867 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
11868 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
11876 Add comment for Default section so folks know where it should go.
11879 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
11882 Use TCSETAF, not TCSETA to set terminal in termio case
11885 * sudoers.cat, sudoers.man.in:
11886 regen from sudoers.pod
11890 o Typo, Runas_User_List should be Runas_List o a User_List can not
11891 contain a uid o mention that the Defaults section should come after
11892 Alias definitions but before the user specifications
11895 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
11897 * sudoers.cat, sudoers.man.in:
11902 Fix listpw and verifypw sections, they were not being formatted
11906 * sudoers.cat, sudoers.man.in:
11918 * config.h.in, configure.in:
11919 use AC_SYS_POSIX_TERMIOS instead of rolling our own
11923 Reference sudo.ws not courtesan.com
11927 Add notes on shadow passwords
11931 In list mode (sudo -l), characters escaped with a backslash are
11932 shown verbatim with the backslash.
11936 Add simple examples from OpenBSD (Marc Espie)
11940 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
11944 minor prettyification
11952 Fix CIDR handling here too.
11956 Apparently a NULL response is OK
11960 Checkpoint for upcoming beta release
11964 Many people believe that adding a runas spec should obviate the need
11965 for the -u flag. It does not.
11969 checkpoint update for upcoming 1.6.4 beta
11973 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
11974 if HAVE_STRING_H is defined -- this is safe now
11978 Add signals section
11986 Fix check for sigaction_t
11990 XXX - should call find_path() as runas user, not root. Can't do
11991 that until the parser changes though.
11995 If find_path() fails as root, try again as the invoking user (useful
11996 for NFS). Idea from Chip Capelik.
11999 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
12000 Regenerate after pod file changes
12003 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
12004 sudo.pod, sudoers.pod:
12005 Add new sudoers option "preserve_groups". Previously sudo would not
12006 call initgroups() if the target user was root. Now it always calls
12007 initgroups() unless the -P command line option or the
12008 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
12011 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
12013 * compat.h, config.h.in:
12014 Use new HAVE_SIGACTION_T define
12018 Fix compilation on K&C
12026 Add check for sigaction_t -- IRIX already defines this so don't
12035 need stdlib.h here too
12043 Remove redundant checks for string.h, strings.h and unistd.h
12046 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
12048 Regen from pod files
12055 * configure, lex.yy.c, sudo.tab.c:
12060 Return EINVAL if errnum > sys_nerr
12063 * auth/sudo_auth.h:
12064 o Update copyright year
12067 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
12068 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
12070 o Update copyright year
12074 o Don't define STDC_HEADERS unconditionally for IRIX o Update
12082 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
12083 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12084 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
12085 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
12086 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
12088 o Reorder some headers and use STDC_HEADERS define properly o Update
12093 o Reorder some headers and use STDC_HEADERS define properly o Update
12097 * getspwuid.c, goodpath.c, interfaces.c:
12098 o Reorder some headers and use STDC_HEADERS define properly o Update
12103 o Reorder some headers and use STDC_HEADERS define properly o Update
12107 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
12109 o Reorder some headers and use STDC_HEADERS define properly o Update
12118 flags set in signal handlers should be volatile sig_atomic_t
12121 * config.h.in, configure.in:
12122 Add checks for volatile and sig_atomic_t
12125 * configure, lex.yy.c:
12129 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
12130 sudo.c, sudoers.pod:
12131 Remove "secure_path" Defaults option since it cannot work with the
12135 * find_path.c, sudo.c:
12136 Unset "secure_path" if user_is_exempt()
12139 * env.c, pathnames.h.in:
12140 o Remove assumption that PATH and TERM are not listed in env_keep o
12141 If no PATH is in the environment use a default value o If TERM is
12142 not set in the non-reset case also give it a default value.
12145 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
12146 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
12147 systems that define in paths.h
12150 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
12151 Add support for skeyaccess(3) if it is present in libskey.
12154 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
12157 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
12161 '\\' is a perfectly legal character to have in a command line
12166 o Defer call to set_fqdn() until it is safe to use log_error() o
12167 Don't print errno string value if gethostbyname fails, it is not
12172 Fix CIDR -> in_addr_t conversion.
12175 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
12178 Remove an extra "User_List" in the User_Spec definition From
12179 ybertrand AT snoopymail.com
12183 Make 'listpw=never' work for users who are not explicitly mentioned
12188 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
12192 Document new list Defaults type and convert env_keep and env_delete
12193 to lists. Document new env_check option.
12196 * lex.yy.c, sudo.tab.c, sudo.tab.h:
12201 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
12210 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
12213 * config.h.in, configure.in:
12214 Add check for skeyaccess(3)
12218 Document new -c, -f, and -q options
12222 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
12229 * aclocal.m4, config.h.in, configure.in:
12230 Add check for isblank and a replacement macro if it doesn't exist.
12233 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
12236 In check-only mode, don't create sudoers if it does not already
12241 o Add a new token, DEFVAR, to indicate a Defaults variable name o
12242 Add support for "+=" and "-=" list operators o replace some 1 and 0
12243 with TRUE and FALSE for greater legibility.
12247 o Use exclusive start conditions to remove some ambiguity in the
12248 lexer. Also reorder some things for clarity. o Add support for
12249 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
12250 a Defaults variable name.
12254 Prototype init_envtables()
12258 o Convert environment handling to use lists instead of strings.
12259 This greatly simplifies routines that need to do "foreach" type
12260 operations. o Add new init_envtables() function to set env_check
12261 and env_delete defaults based on initial_badenv_table and
12262 initial_checkenv_table (formerly sudo_badenv_table).
12265 * defaults.c, defaults.h:
12266 o Add a new LIST type and functions to manipulate it. o This is for
12267 use with environment handling variables. o Call new
12268 init_envtables() routine inside init_defaults() to initialize the
12272 * def_data.c, def_data.h, def_data.in:
12273 Convert environment options to use the new LIST type and add a new
12274 one, env_check that only deletes if the sanity check fails.
12278 Add dummy version of init_envtables()
12286 Add check-only mode
12290 Fix generation of entries with NULL descriptions.
12293 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
12296 Use sigaction_t and quiet a gcc warning.
12300 Must reset signal handlers before we exec
12303 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
12305 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
12306 version needs testing. Set SIGTSTP to SIG_DFL during password entry
12307 so user can suspend us.
12311 Add support for interrupting/suspending tgetpass via keyboard input.
12312 If you suspend sudo from the password prompt and resume it will re-
12317 Don't block keyboard interrupt signals, just set them to SIG_IGN.
12320 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
12323 add back HAVE_SIGACTION
12330 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
12331 Kill POSIX_SIGNALS define and old signal support now that we emulate
12332 POSIX ones Also be sure to correctly initialize struct sigaction.
12336 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
12340 Add scaffolding for POSIX signal emulation
12344 o Add missing ';' so this compiles o Can't use NULL since we don't
12349 Emulate sigaction() using sigvec()
12352 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
12355 Document new behavior of negative values of timestamp_timeout Fix a
12360 Add security note about command not being logged after 'sudo su' and
12365 Mention that -V prints default values when run as root, including
12366 the list of environment variables to clear.
12370 Run pod2man with --quotes=none to avoid stupid quoting of C<>
12374 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
12376 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
12377 Add mail_badpass option Also modify mail_always behavior to also
12378 send mail when the password is wrong
12381 * env.c, sudo.c, sudo.h:
12382 Dump default bad env table when 'sudo -V' is run by root.
12386 document env_delete
12390 Add support for '*' in env_keep when not resetting the environment
12391 (ie: the normal case).
12395 Add env_delete variable that lets the user replace/add to the
12396 bad_env_table. Allow '*' wildcard in env_keep entries.
12399 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
12402 Force umask to 022 to guarantee sane directory permissions.
12405 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
12408 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
12412 fix breakage in last commit
12416 acsite.m4 -> aclocal.m4
12420 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
12424 regenerated from def_data.in
12427 * check.c, defaults.c, defaults.h:
12428 Add new T_UINT type that most things use instead of T_INT If
12429 timestamp_timeout is < 0 then treat the ticket as never expiring (to
12430 be expired manually by the user).
12434 change most T_INT -> T_UINT
12438 fix warning when no args
12442 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
12443 we are a signal handler. We no longer print the signal number but
12444 the user can just check the exit value for that.
12447 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
12450 when setting up pipes in child process check for case where stdin ==
12454 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
12457 Ignore editor exit value since XPG4 says vi's exit value is the
12458 count of editing errors made (failed searches, etc).
12461 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
12468 sco now is identified by config.guess as *-sco-*
12472 Check for getspnam() in -lgen if not in -lc for UnixWare.
12475 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
12477 * sudoers.pod, visudo.pod:
12478 "upper case" -> "uppercase"
12482 fix typos and grammar; pjanzen@foatdi.harvard.edu
12485 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
12488 Missing word (specify); krapht@secureops.com
12491 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
12494 If we fail to lookup a login class, apply the default one.
12498 In log_error() free message, not logline unconditionally, then free
12499 logline if it is not the same as message. No function change but
12500 this mirrors how they are allocated.
12503 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
12510 remove some backslash quotes that are unneeded
12514 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
12515 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
12516 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
12517 to AC_DEFINE things manually.
12520 * config.guess, config.sub:
12521 Updated from autoconf-2.50
12524 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
12527 Update mailing list section. We use mailman now, not majordomo.
12530 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12532 * getspwuid.c, logging.c, sudo.c:
12533 Use setpwent()/endpwent() + all the shadow variants to make sure we
12534 don't inadvertantly leak an fd to the child. Apparently Linux's
12535 shadow routines leave the fd open even if you don't call setspent().
12536 Reported by mike@gistnet.com; different patch used.
12539 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
12546 select() may return EAGAIN. If so, continue like we do for EINTR.
12550 Fix a non-exploitable buffer overflow in the word splitting code.
12551 This should really be rewritten.
12559 Tell people to look in sample.syslog.conf for examples, not FAQ
12563 Update list of env vars that are cleared
12567 remove struct env_table decl since that stuff has all moved to env.c
12570 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
12573 Fix a pasto in flock-style unlocking and include <sys/file.h> for
12574 flock on older systems; twetzel@gwdg.de
12578 regen to get NeXT lockf/flock fix
12582 force NeXT to use flock since lockf is broken
12585 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12588 Use stashed user_gid when checking against exempt gid since sudo
12589 sets its gid to a a value that makes sudoers readable. Previously
12590 if you used gid 0 as the exempt group everyone would be exempt. From
12591 Paul Kranenburg <pk@cs.few.eur.nl>
12594 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12601 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
12602 some types (such as ssize_t) therein.
12605 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
12608 Fix negation of paths in a boolean context. Problem found by
12612 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12618 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
12621 SA_RESETHAND means the opposite of what I was thinking--oops To
12622 block all signals in old-style signals use ~0, not 0xffffffff
12625 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
12628 coerce difference of pointers to int when used in a string length
12629 printf format; deraadt@openbsd.org
12632 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12635 Block all signals in Exit() to avoid a signal race. There is still
12636 a tiny window but I'm not going to worry about it.
12639 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
12642 glibc uses the LANGUAGE env var so clear that too; Solar Designer
12646 Regenerate with a fix to flex.skl that preserves errno from
12647 clobbering by isatty().
12650 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
12652 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
12653 auth/sia.c, auth/sudo_auth.c:
12654 Some defaults I_ defines got renamed.
12657 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
12658 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
12659 set_perms.c, sudo.c, sudo.tab.c:
12660 Move defaults info into its own files from which we generate .h and
12661 .c files. This makes adding or rearranging variables much simpler.
12664 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
12666 * configure, configure.in:
12667 fix typo in last commit
12670 * compat.h, config.h.in, configure, configure.in:
12671 Add check + emulation for setegid (like seteuid).
12675 Make env_keep override badenv_table as documented Fix traversal of
12676 badenv_table (broken in last commit)
12679 * set_perms.c, sudo.c, sudo.h:
12680 Don't try and build saved uid version of set_perms on systems w/o
12681 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
12682 set_perms_setreuid simply be set_perms_fallback() and simply include
12683 the appropriate function at compile time (setreuid() vs. setuid()).
12686 * sudoers.cat, sudoers.man.in, sudoers.pod:
12687 PATH is also preserved when env_reset is in effect
12690 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
12691 configure.in, defaults.c, defaults.h, env.c, find_path.c,
12692 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
12693 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
12694 visudo.c, visudo.cat, visudo.man.in:
12695 New Defaults options: o stay_setuid - sudo will remain setuid if
12696 system has saved uids or setreuid(2) o env_reset - reset the
12697 environment to a sane default o env_keep - preserve environment
12698 variables that would otherwise be cleared
12700 No longer use getenv/putenv/setenv functions--do environment munging
12701 by hand. Potentially dangerous environment variables can be cleared
12702 only if they contain '/' pr '%' characters to protect buggy
12703 programs. Moved environment routines into env.c (new file)
12707 Clear up --without-passwd description
12710 * putenv.c, sudo_setenv.c:
12711 We now build up a new environment from scratch and assign it to
12715 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
12717 * sudo.pod, visudo.pod:
12718 Grammatical fixes from Paul Janzen
12721 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
12724 If there was a syntax error and the user just wants to quit, unlink
12725 sudoers if it is zero length.
12729 'Q' means ignore parse error, not 'q'
12733 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
12737 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
12740 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
12743 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
12745 * config.guess, config.sub:
12746 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
12749 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
12751 * sudo.c, visudo.c:
12752 Use exit(127), not exit(-1)
12755 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
12756 Move set_perms() to its own file and use POSIX saved uid or
12757 setreuid() if available.
12759 Added stay_setuid option for systems that have libraries that
12760 perform extra paranoia checks in system libraries for setuid
12761 programs (ie: anything with issetugid(2)).
12765 strip more bits from the environment and add a facility for
12766 stripping things only if they contain '/' or '%' to address printf
12767 format string vulnerabilities in other programs.
12770 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
12777 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
12786 Check for strcasecmp(3) in -lc89 for NCR Unix
12789 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
12792 Define HAVE_INNETGR #ifdef HAVE__INNETGR
12799 * compat.h, config.h.in, configure.in:
12800 Add check for _innetgr(3) since NCR systems have that instead of
12804 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
12807 check return value of creadcfg() call sd_close() after sd_auth()
12808 store username in sd->username so we don't rely on the USER env
12812 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
12815 document --with-bsdauth
12823 --with-bsdauth assumes --with-logincap
12826 * auth/bsdauth.c, auth/fwtk.c:
12827 When prompting for a response to a challenge, if the user just hits
12828 return then reprompt with echo turned on.
12831 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
12834 Remove debugging code that should not have been committed, oops.
12838 Use lower-level routines and get the password ourselves. Checks for
12839 a challenge and if there is one echo is not turned off.
12842 * auth/pam.c, auth/sudo_auth.h:
12843 minor housekeeping, no real code changes
12846 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
12849 Fix a coredump in the logging functions if gethostname(2) fails by
12850 deferring the call to log_error() until things are better setup.
12852 Fix return value of set_loginclass() in non-BSD-auth case.
12854 Hard-code 'sudo' in the usage message so we can fit more options on
12859 Fix errant ';' (typo) that broken MSG_ONLY
12862 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
12864 * sudo.cat, sudo.man.in:
12872 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
12873 configure, configure.in, getspwuid.c, sudo.c:
12874 Add support for BSD authentication.
12877 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
12880 Fix typo; from sato@complex.eng.hokudai.ac.jp
12883 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
12886 Mention negating umask
12890 Allow user to specify umask of 0777 (same as !umask)
12893 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
12895 * sudo.pod, visudo.pod:
12896 Fix a typo and give a URL for the sudo history.
12899 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
12901 * defaults.c, sudo.pod:
12902 fix typos; pepper@reppep.com
12905 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
12907 * sudo.c, sudo.h, sudo_setenv.c:
12908 sudo_setenv() now exits on memory alloc failure instead of returning
12912 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
12915 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
12916 and possibly others.
12920 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
12921 that "%m" won't be expanded but we don't use that anyway since the
12922 logging routines may splat to stderr as well.
12925 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
12927 Add always_set_home variable
12930 * configure, configure.in:
12931 Have to hard code default values in help since the defaults are set
12932 _after_ the help stuff.
12935 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
12937 * lex.yy.c, parse.lex:
12938 Allow special characters (including '#') to be embedded in pathnames
12939 if quoted by a '\\'. The quoted chars will be dealt with by
12940 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
12943 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
12946 Better path searching for programs we need.
12950 Add section on "C compiler cannot create executables" errors.
12953 * Makefile.binary, Makefile.in, version.h:
12957 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
12958 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
12959 visudo.man.in, visudo.pod:
12960 Substitute values from configure into man pages.
12963 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
12966 The listpw and verifypw sudoers options would not take effect
12967 because the value of the default was checked *before* sudoers was
12968 parsed. Instead of passing in the value of PWCHECK_* to
12969 sudoers_lookup(), pass in the arg for def_ival() so the check can be
12970 deferred until after sudoers is parsed.
12973 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
12976 When writing prompt, no need to write the NUL as well;
12980 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
12983 When looking for chown, check in /sbin too
12986 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
12989 Remove extraneous call to init_defaults() and set runas_user to NULL
12990 betweem parses so init_defaults will reset it each time, thus
12991 avoiding a reference to free()d data.
12994 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
12996 * config.h.in, interfaces.c, interfaces.h, sudo.c:
12997 Add support for using getifaddrs() to get the list of ip addr /
12998 netmask pairs. Currently IPv4-only.
13002 Add a missing check for UserEditor == NULL Add missing '+' before
13003 line number when invoking editor to fix a syntax error
13006 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
13009 Call clean_env very early in main() for paranoia's sake. Idea from
13013 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
13016 Update proto for evasprintf and easprintf
13020 Make easprintf() and evasprintf() return an int.
13024 If the targetpw flag is set, use target username as part of the
13025 timestamp path. If tty tickets are in effect cat the tty and the
13026 target username with a ':' as the separator.
13029 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
13032 Backout part of last change; setting PAM_USER to the invoking user
13033 breaks things like targetpw.
13037 set tty and username via pam_set_item
13040 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
13041 Fix root, runas, and target authentication for non-passwd file auth
13045 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
13047 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
13048 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
13049 Use B<-Z> not C<-Z> for command line flags in all places. This is
13050 more consistent and works around a bug in Pod::Man.
13053 * sudoers.cat, sudoers.man.in, sudoers.pod:
13054 Fix an occurence of 'semicolon' that should be 'colon'
13057 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
13059 * configure, configure.in:
13060 Fix --with-badpri help line
13063 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
13065 * defaults.c, logging.c, sudo.c:
13066 Bracket calls to syslog with an openlog() and closelog() since some
13067 authentication methods (like PAM) may do their own logging via
13068 syslog. Since we don't use syslog much (usually just once per
13069 session) this doesn't really incur a performance penalty. It also
13070 Fixes a SEGV with pam_kafs.
13073 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
13076 Fix -H flag. runas_homedir is only valid after
13077 set_perms(PERM_RUNAS, mode)
13080 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
13083 Clarify the fact that insults are not enabled just by including them
13087 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
13089 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13091 Regenerated with perl 5.6.0 pod2man
13095 Give date string to pod2man since its default is ugly and it ain't
13100 Do section substitution on the output of pod2man and remove hack
13101 needed for old pod2man.
13104 * sudo.pod, sudoers.pod, visudo.pod:
13105 Put back real man sections, we will do the substitution later.
13108 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
13110 * configure, configure.in:
13111 Don't bother checking for the path to vi if user specified --with-
13115 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
13117 * CHANGES, visudo.c:
13118 Visudo now does its own fork/exec instead of calling system(3).
13121 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
13122 sudoers.pod, visudo.c:
13123 Visudo now checks for the existence of an editor and gives a
13124 sensible error if it does not exist.
13126 The path to the editor for visudo is now a colon-separated list of
13127 allowable editors. If the user has $EDITOR set and it matches one
13128 of the allowed editors that editor will be used. If not, the first
13129 editor in the list that actually exists is used.
13132 * sudo.cat, sudo.man.in, sudo.pod:
13133 Clear up confusion wrt sudo's return value.
13136 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
13139 Strip sudo and visudo for bindist target
13142 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
13143 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
13144 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
13145 [5eb9e60a726f] [SUDO_1_6_3]
13147 * visudo.cat, visudo.man.in, visudo.pod:
13148 Typo: @sysconf@ -> @sysconfdir@
13152 'make dist' should not cause any files to be modified so remove its
13157 Whoops, forgot to add release marker
13160 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
13163 Final change for 1.6.3 (or so I hope)
13166 * sudo.cat, sudoers.cat, visudo.cat:
13167 Use SYSV man sections since BSD systems will have nroff...
13170 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
13172 * parse.yacc, sudo.tab.c:
13173 When checking to see if the host/user matches in a defaults spec,
13174 check against TRUE, not just non-zero since it might be -1.
13177 * configure, configure.in:
13178 OSF/1 puts file formats in section 4, not 5.
13181 * CHANGES, INSTALL, sudo.c:
13182 Make login class support work on BSD/OS
13189 * configure, configure.in:
13190 If there is no inet_addr but there *is* an __inet_addr that's ok
13191 since inet_addr is probably just a macro then. The better thing to
13192 do would be to look for the macro, but this is fine for now.
13195 * configure, configure.in:
13196 Don't use shlicc for BSD/OS 4.x
13199 * Makefile.in, configure, configure.in:
13200 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
13201 configure variable so we can deal with this. Also, only remove *.man
13202 for 'distclean' not 'clean'.
13206 set_loginclass() should be static like the proto says
13209 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
13212 Add #ifdef __STDC__ around the rangematch function header to avoid
13213 promotion of test to int, thus violating the prototype. Gcc handles
13214 this gracefully but more std ANSI compilers will complain.
13218 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
13221 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
13222 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
13223 FNM_CASEFOLD in configure
13230 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
13231 Fully qualified hosts w/ wildcards were not matching the FQHOST
13232 token type. There's really no need for a separate token for fully-
13233 qualified vs. unqualified anymore so FQHOST is now history and
13234 hostname_matches now decides which hostname (short or long) to check
13235 based on whether or not the pattern contains a '.'.
13239 Fully qualified hosts w/ wildcards were not matching the FQHOST
13240 token type. There's really no need for a separate token for fully-
13241 qualified vs. unqualified anymore so FQHOST is now history and
13242 hostname_matches now decides which hostname (short or long) to check
13243 based on whether or not the pattern contains a '.'.
13246 * lex.yy.c, parse.c, parse.lex, parse.yacc:
13247 Fully qualified hosts w/ wildcards were not matching the FQHOST
13248 token type. There's really no need for a separate token for fully-
13249 qualified vs. unqualified anymore so FQHOST is now history and
13250 hostname_matches now decides which hostname (short or long) to check
13251 based on whether or not the pattern contains a '.'.
13254 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
13255 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
13256 Add support for wildcards in the hostname.
13260 Add targets for *.man.in, using config.status to generate *.man from
13264 * sudoers.cat, sudoers.man.in, sudoers.pod:
13265 Document set_logname option and enbolden refs to sudo and visudo.
13268 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
13269 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
13270 visudo.cat, visudo.man.in, visudo.pod:
13271 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
13272 from Michael D. Marchionna. configure now does substitution on the
13273 man pages, allowing us to fix up the paths and set the section
13274 correctly. Based on an idea from Michael D. Marchionna.
13278 Better fix for handling HP-UX aging info.
13282 Add support for set_logname run-time default
13285 * sudo.man.in, sudoers.man.in, visudo.man.in:
13286 configure does substitution on these to produce *.man
13289 * sudo.man, sudoers.man, visudo.man:
13290 These files now get generated from *.man.in at configure time.
13293 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
13295 * defaults.c, defaults.h:
13296 Add set_logname option so users can turn off setting of LOGNAME/USER
13297 environment variables.
13300 * lsearch.c, parse.c, testsudoers.c:
13304 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
13307 HP-UX adds extra info at the end for password aging so when
13308 comparing the result of crypt to pw_passwd we only compare the first
13309 len(epass) bytes *unless* the user entered an empty string for a
13314 Get rid of grandchild hack, it was causing problems and there is
13315 really no need for it. This fixes a bug where we spin eating up CPU
13316 when the user runs a long-running process like a shell.
13319 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
13322 User can always specify a login class if he/she is already root.
13325 * config.h.in, configure, configure.in, defaults.c, defaults.h,
13327 FreeBSD login class (login.conf) support.
13330 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13332 * auth/sudo_auth.c:
13333 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
13336 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
13339 Truncate unencrypted password to 8 chars if encrypted password is
13340 exactly 13 characters (indicateing standard a DES password). Many
13341 versions of crypt() do this for you, but not all (like HP-UX's).
13344 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
13347 Mention that gcc on dynix may have problems
13350 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
13353 Link visudo with NET_LIBS since we now call syslog via defaults.c
13357 Use Argv[0] as the first arg to openlog() since visudo uses this
13361 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
13364 Stash coredumpsize resource limit and retsore it before the exec()
13365 Otherwise the child ends up with a coredumpsize of 0.
13368 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
13370 * sudo.cat, sudo.man, sudo.pod:
13378 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
13379 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
13380 Added -S flag (read passwd from stdin) and tgetpass_flags global
13381 that holds flags to be passed in to tgetpass(). Change echo_off
13382 param to tgetpass() into a flags field. There are currently 2
13383 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
13384 tgetpass(), abstract the echo set/clear via macros and if (flags &
13385 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
13389 Fixed a bug that caused an infinite loop when the password timeout
13393 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
13395 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
13396 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
13397 Add rootpw, runaspw, and targetpw options.
13400 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
13402 enveditor -> env_editor
13405 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
13407 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
13408 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
13410 crank versino to 1.6.3
13413 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
13414 sudoers.pod, visudo.c:
13415 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
13416 them. This means that visudo will now parse the sudoers file
13417 *before* it is edited so a bogus sudoers file will cause a warning
13418 to go to stderr. Also, visudo checks the variables once--it does not
13419 check them after each editor run since that could be confusing.
13422 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
13428 * check.c, sudo.c, sudo.h:
13429 Move user_is_exempt prototype into sudo.h
13432 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
13434 * configure, configure.in:
13435 Fix thinko, some && should have been || in the last commit
13438 * configure, configure.in:
13439 Don't initialized Makefile variables to be NULL since the user may
13440 want to import variables from their environment.
13443 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
13445 * configure, configure.in:
13449 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
13452 fix a yacc (skeleton.c) warning
13455 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
13457 * INSTALL, RUNSON, configure, configure.in:
13458 Make pam work on HP-UX 11.0;jaearick@colby.edu
13462 recent changes; prepare for 1.6.2p1
13466 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
13469 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
13472 Regen with yacc that has a memory leak plugged.
13475 * sudoers.cat, sudoers.man, sudoers.pod:
13476 Expanded docs on sudoers 'defaults' options based on INSTALL file
13481 Fix some while lies
13484 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
13487 When making a bindist, link FAQ to TROUBLESHOOTING instead of
13491 * sudoers.cat, sudoers.man, sudoers.pod:
13492 Add netgroup caveat
13493 [28d119f466e3] [SUDO_1_6_2]
13496 Last minute updates
13512 Better detection of PAM errors and fix custom prompts with PAM.
13513 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
13516 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
13519 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
13523 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
13525 * CHANGES, config.h.in, configure, configure.in, visudo.c:
13526 Fix sudoers locking in visudo. We now lock the sudoers file itself,
13527 not the temp file (since locking the temp file can foul up editors).
13528 The previous locking scheme didn't work because the fd was closed
13532 * config.h.in, configure, configure.in:
13533 Don't need test for ftruncate() any more.
13536 * configure, configure.in:
13537 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
13538 the unbundled HP-UX cc.
13541 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
13543 * sudoers.cat, sudoers.man, sudoers.pod:
13544 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
13547 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
13549 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
13550 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
13551 version.h, visudo.c:
13552 update copyright year on changed files
13564 Crank version to 1.6.2
13568 Crank version to 1.6.2
13572 When using rlimit check for RLIM_INFINITY When computing the value
13573 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
13580 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
13581 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
13582 Crank version to 1.6.2
13585 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
13586 Add 'shell_noargs' runtime option back in. We have to defer
13587 checking until after the sudoers file has been parsed but since
13588 there are now other options that operate that way this one can too.
13589 Based on a patch from bguillory@email.com.
13592 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
13593 Add "listpw" and "verifypw" options.
13596 * sudoers.cat, sudoers.man, sudoers.pod:
13597 o Fix some typos/omissions o Add section on verifypw and listpw o
13598 Define how NOPASSWD interacts with the -v and -l flags
13601 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
13603 * configure, configure.in:
13604 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
13605 -D_HPUX_SOURCE to CPPFLAGS.
13608 * defaults.c, defaults.h:
13609 In struct sudo_defs_types, move the union to the end and don't
13610 initialize the union member since that only works with an ANSI
13611 compiler. We set the value of the union by hand in init_defaults()
13612 anyway. This allows sudo to compile on a K&R compiler again.
13615 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
13617 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
13618 netgr_matches needs to check shost as well as host since they may be
13623 End on \r as well as \n
13626 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
13629 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
13630 from 0400 to whatever SUDOERS_MODE is (converting from the old
13631 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
13632 0400 which should always be the case.
13635 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
13636 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
13637 w/o a passwd if there is *any* entry for the user on the host with a
13638 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
13639 the user on the host w/ the specified runas user have the NOPASSWD
13647 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
13650 Treat EOF at whatnow prompt like 'x' instead of looping.
13653 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13657 [5836a9452568] [SUDO_1_6_1]
13659 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
13661 * config.h.in, configure, configure.in, sudo.c:
13662 Add check for initgroups() since old SYSV lacks this.
13665 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
13666 parse.c, testsudoers.c:
13667 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
13671 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
13673 * auth/sudo_auth.c:
13674 Don't allow insults to be enabled if the insults[] array is empty.
13675 Otherwise there would be division by zero.
13679 Don't allow insults to be enabled if the insults[] array is empty.
13680 Otherwise there would be division by zero.
13684 Don't allow insults to be enabled if the insults[] array is empty.
13685 Otherwise there would be division by zero.
13689 Don't care about USE_INSULTS #define since the insult stuff may be
13690 overridden at runtime.
13693 * auth/sudo_auth.c:
13694 Honor insults flag.
13697 * CHANGES, parse.c:
13698 Don't ask the user for a password if the user is not allowed to run
13699 the command and the authenticate flag (in sudoers) is false.
13702 * CHANGES, RUNSON, lex.yy.c, parse.lex:
13703 o Whenever we get a bare newline we change to the INITIAL state. o
13704 Enter GOTRUNAS when we see Runas_Alias
13706 This allows #uid to work in a RunasAlias.
13709 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
13711 * CHANGES, parse.yacc, sudo.tab.c:
13712 fix parsing of runas lists: o oprunasuser and runaslist now return a
13713 value o in a runasspec, if a runaslist does not return TRUE, set
13714 runas_matches to FALSE. Normally, a runaslist only returns FALSE
13715 for explicitly denied users. o since runaslist does not modify the
13716 stack there is no need for a push/pop in runasalias.
13720 Don't kill the user's tickets until after sudoers has been parsed
13721 since tty_tickets and ticket_dir could be set in sudoers.
13724 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
13725 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
13726 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
13727 crank version to 1.6
13731 add set_fqdn() stub
13734 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
13736 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
13737 sudoers.man, sudoers.pod, visudo.c:
13738 o Kill shell_noargs option, it cannot work since the command needs
13739 to be set before sudoers is parsed. o Fix the "set_home" sudoers
13740 option (only worked at compile time). o Fix "fqdn" sudoers option.
13741 We now set host/shost via set_fqdn which gets called when the
13742 "fqdn" option is set in sudoers. o Move the openlog() to
13743 store_syslogfac() so this gets overridden correctly from the
13748 SecurID support should compile now.
13751 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
13753 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
13754 visudo.man, visudo.pod:
13755 fix some syntactic goofs
13758 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
13760 * Makefile.in, sudo.html, sudoers.html, visudo.html:
13761 No longer need the .html files as they are generated automatically
13765 * CHANGES, LICENSE:
13766 kill characters that made wml unhappy
13773 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13776 majordomo@cs.colorado.edu -> majordomo@courtesan.com
13779 * Makefile.in, configure:
13780 Wrap script execution w/ /bin/sh for the benefit of ctm
13783 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
13786 Make the -s flag be exclusive too. Also reorder the flags in the
13787 exclusive usage message so they are alphabetical.
13790 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
13793 make pam errors other than PAM_PERM_DENIED fatal
13801 make it clear that /etc/pam.d/sudo is required on linux
13805 fix a warning on redhat and spew an error if pam_authenticate()
13806 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
13809 * sudo.cat, sudo.html, sudo.man, sudo.pod:
13810 Be very clear that the password required is the user's not root's
13813 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
13816 add sample.syslog.conf to DISTFILES and BINFILES
13819 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
13822 updates from Brian Jackson + some formatting
13825 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
13827 * INSTALL.binary, Makefile.binary, README, RUNSON:
13828 o One RUNSon update o Changes for automating real binary releases
13835 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
13838 talk about run-time options in addition to compile-time options
13839 [1eb813ff0a9a] [SUDO_1_6_0]
13846 need sys/time.h if HAVE_SETRLIMIT
13849 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
13850 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
13851 get rid of references to sudo-bugs. Now mention the web site or the
13856 repair pod2html damage
13860 Update for 1.6 release
13863 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
13864 Add warning about using ALL in a command context.
13867 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
13870 Call yyrestart() on a parse error to reset the lexer state.
13873 * lex.yy.c, parse.lex:
13874 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
13875 since it might not get called in yywrap if we get a parse error
13876 (and we only reread the file on error anyway).
13879 * lex.yy.c, parse.lex:
13880 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
13881 might still exist. Call yyrestart() instead of using the deprecated
13885 * lex.yy.c, parse.lex:
13886 flex doesn't need %N table size declarations
13889 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
13890 Mention what characters need to be escaped in names.
13893 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
13900 clarify Mac OS X entry
13908 o Use AC_MSG_ERROR throughout o Check syslog configure options for
13912 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
13915 Fix printing of type T_MODE in dump_defaults()
13919 missing sys/types.h
13923 Break out options that may be overridden at run time into their own
13924 section. Add a not about Max OS X and correct some lies.
13927 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
13929 * CHANGES, config.h.in, configure, configure.in, sudo.c:
13930 o Now use getrlimit to find the highest fd when closing all non-std
13931 fd's o Turn off core dumps via setrlimit for the sake of paranoia
13938 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
13945 When read()'ing, do a single character at a time to be sure we don't
13946 go oast the newline.
13950 For the sudo_root option, check against user_uid, not getuid() since
13951 at this point, ruid == euid == 0.
13959 Fix compilation problem when --with-logging=file was specified.
13960 This means that syslog is now required to build sudo but that should
13961 not be a problem. If it is it can be fixed trivially with a
13962 configure check for syslog() or syslog.h.
13966 Make this work again for things like "sudo echo hi | more" where the
13967 tty gets put into character at a time mode. We read until we read
13968 end of line or we run out of space (similar to fgets(3)).
13971 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
13973 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
13974 change ital to bold
13981 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
13984 Error out if syslog parameters are given without a value. For
13985 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
13986 no facilities in the 4.2BSD syslog.
13989 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
13992 Ignore the syslog facility for systems w/ old syslog like Ultrix.
13996 people with "." early in their path can have problems running sudo
13997 from the build dir ;-)
14000 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
14002 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14003 Remove -r realm option
14006 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
14007 configure.in, sudo.c:
14008 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
14015 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
14018 include <auth.h> to get function prototypes.
14021 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14025 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
14028 in set_perms(), always call setuid(0) before changing the ruid/euid
14029 so we always know it will succeed.
14033 #undef T_FOO to avoid conflicts with system defines (like on
14037 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
14039 Docuement "Defaults" lines in /etc/sudoers. Still needs some
14040 fleshing out but this is a start.
14043 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
14045 * use strtol, not strtoul since not everyone has not strtoul
14049 use strtol, not strtoul since not everyone has not strtoul
14052 * lex.yy.c, parse.lex:
14053 last {WORD} rule should only apply in the INITIAL state
14056 * lex.yy.c, parse.lex:
14057 o Add support for escaped characters in the WORD macro o Modify
14058 fill() to squash escape chars
14061 * defaults.c, defaults.h:
14062 o Add T_PATH flag to allow simple sanity checks for default values
14063 that are supposed to be pathnames. o Fix a duplicate free when
14064 visudo finds an error.
14067 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
14069 * defaults.c, defaults.h, logging.c:
14070 mail_if_foo -> mail_foo
14073 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
14075 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
14076 o Add requiretty option o Move O_NOCTTY to compat.h
14080 The exit() in log_error() was mistakenly removed in a previous
14081 version. Put it back...
14084 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
14086 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
14087 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
14088 configure, configure.in, defaults.c, defaults.h, find_path.c,
14089 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
14090 o Change defaults stuff to put the value right in the struct. o
14091 Implement mailer_flags o Store syslog stuff both in int and string
14092 form. Setting the string form magically updates the int version.
14093 o Add boolean attribute to strings where it makes sense to say !foo
14097 add O_NOCTTY when opening /dev/tty just in case
14100 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
14103 cleanup function no longer takes a status arg
14110 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14112 * TODO, config.h.in, configure, configure.in, logging.c:
14113 Use strftime() instead of ctime() if it is available.
14116 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14123 update ReliantUNIX entry
14126 * defaults.c, defaults.h, logging.c:
14127 add log_year option
14130 * configure, configure.in:
14131 add --without-sendmail to help output
14134 * configure, configure.in:
14135 enforce an otctal arg for --with-suoders-mode
14138 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
14140 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
14141 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
14142 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
14143 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
14144 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
14145 testsudoers.c, version.c, visudo.c:
14146 Add support for "Defaults" line in sudoers to make configuration
14147 variables changable at runtime (and on a global, per-host and per-
14148 user basis). Both the names and the internal representation are
14149 still subject to change. It was necessary to make sudo_user.runas
14150 but a char ** instead of a char * since this value can be changed by
14151 a Defaults line. There is a similar (but more complicated) issue
14152 with sudo_user.prompt but it is handled differently at the moment.
14154 Add a "-L" flag to list the name of options with their descriptions.
14155 This may only be temporary.
14157 Move some prototypes to parse.h
14159 Be much less restrictive on what is allowed for a username.
14162 * sample.syslog.conf:
14166 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
14168 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
14170 UCB has dropped the advertising clause from their license.
14173 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
14175 * auth/sudo_auth.h:
14176 move dce_verofy proto to correct section
14183 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
14186 Add fnmatch() prototype
14189 * fnmatch.c, parse.c, testsudoers.c:
14190 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
14194 add strcasecmp proto
14197 * auth/sudo_auth.c:
14198 add check for case where there are no auth methods
14201 * configure, configure.in:
14202 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
14206 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
14207 include strings.h everywhere we include string.h
14211 nicer output when showing auth methods
14215 Add support for SEND_MAIL_WHEN_NO_HOST
14218 * config.h.in, configure, configure.in:
14219 Add _GNU_SOURCE for Linux
14222 * lex.yy.c, parse.lex:
14223 fix definition of OCTECT
14226 * configure, configure.in:
14227 aix_auth.o not authenticate.o
14230 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
14233 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
14234 keyboard). Since we run with ruid/euid == 0 the user can't really
14235 signal us in nasty ways.
14239 Don't need to worry about catching too many signals since we do
14240 locking on the tmp file. If a lockfile is really stale, it will be
14241 detected and overwritten.
14244 * INSTALL, Makefile.in:
14245 include auth/API in tarball
14248 * auth/sudo_auth.c:
14249 move memset() of plaintext pw outside of verify loop and only do the
14250 memset if we are *not* in standalone mode.
14253 * auth/sudo_auth.c, auth/sudo_auth.h:
14254 DCE is not a standalone method
14258 fix --enable-noargs-shell
14262 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
14265 * auth/fwtk.c, auth/sia.c:
14266 _cleanup() function returns an int.
14270 there were still some return(0)'s hanging around, make them
14279 add missing semicolon
14282 * auth/sudo_auth.h:
14286 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
14288 * CHANGES, config.h.in, configure, configure.in:
14289 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
14293 add parse.h to HDRS
14296 * Makefile.in, configure, configure.in:
14297 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
14298 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
14299 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
14300 testsudoers to build on Solaris and is a bit cleaner in general.
14304 mention ptmp -> sudoers.tmp
14307 * config.h.in, configure, configure.in:
14308 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
14316 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
14317 return a value more like a system function
14329 update based on what is in the man page
14332 * parse.yacc, sudo.tab.c:
14333 minor change to first line printed in -l mode
14336 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14337 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
14338 standard and add "EXAMPLES" section
14341 * visudo.cat, visudo.html, visudo.man, visudo.pod:
14342 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
14346 * logging.c, parse.c, sudo.h:
14350 * lex.yy.c, parse.lex:
14351 make an OCTET really be limited to 0-255
14355 mention timestamp changes
14362 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14363 new sudoers(8) man page
14366 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
14369 Update comments about syslog name tables
14372 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
14373 strcasecmp.c, sudo.tab.c:
14374 include strcasecmp() for those without it
14378 Use the : operator some more and fix a typo
14382 update the history of sudo
14385 * parse.c, parse.lex, testsudoers.c:
14386 CIDR-style netmask support
14393 * sudo.tab.c, sudo.tab.h:
14394 these should be generated with byacc, not bison
14401 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
14402 In "sudo -l" mode, the type of the stored (expanded) alias was not
14403 stored with the contents. This could lead to incorrect output if
14404 the sudoers file had different alias types with the same name.
14405 Normal parsing (ie: not in '-l' mode) is unaffected.
14408 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
14410 * configure, configure.in:
14411 define _XOPEN_SOURCE to get at crypt() proto on some systems
14414 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
14421 don't need limits.h
14425 kill bogus reference to vfprintf
14428 * sample.sudoers, sudoers:
14433 Add some const in the K&R defs. This is safe since we define const
14434 away if the compiler doesn't grok it.
14437 * aclocal.m4, configure:
14438 Better test for working long long support. Ultrix compiler supports
14439 basic long long but not all operations on them.
14442 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
14443 snprintf.c, sudo.c:
14444 Add check for LONG_IS_QUAD #undef MAXINT before including
14445 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
14446 in snprintf.c and use LONG_IS_QUAD
14449 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
14451 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
14453 UCB-derived snprintf + asprintf support. Supports quads if the
14454 compiler does. No floating point yet, perhaps later...
14457 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
14459 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
14460 goodpath.c, logging.c, parse.c, sudo.c:
14461 Run most of the code as root, not the invoking user. It doesn't
14462 really gain us anything to run as the user since an attacker can
14463 just have an setuid(0) in their egg. Running as root solves
14464 potential problems wrt signalling.
14471 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
14473 * logging.c, sudo.c:
14474 Don't wait for child to finish in log_error(), let the signal
14475 handler get it if we are still running, else let init reap it for
14476 us. The extra time it takes to wait lets the user know that mail is
14479 Install SIGCHLD handler in main() and for POSIX signals, block
14484 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
14485 parse.yacc, sudo.c, sudo.h:
14486 sudoers_lookup() now returns a bitmap instead of an int. This makes
14487 it possible to express things like "failed to validate because user
14488 not listed for this host". Some thigns that were previously
14489 VALIDATE_FOO are now FLAG_FOO. This may change later on.
14491 Reorganized code in log_auth() and sudo.c to deal with above
14494 Safer versions of push/pushcp with in the do { ... } while (0) style
14496 parse.yacc now saves info on the stack to allow parse.c to determine
14497 if a user was listed, but not for the host he/she tried to run on.
14499 Added --with-mail-if-no-host option
14502 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14504 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
14505 visudo.man, visudo.pod:
14506 o NewArgv and NewArgc don't need to be externally visible. o If
14507 pedantic > 1, it is a parse error. o Add -s (strict) option to
14508 visudo which sets pedantic to 2.
14511 * HISTORY, INSTALL:
14512 Just have sudo-bugs contact info in one place
14515 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14519 * Makefile.in, configure, configure.in:
14520 Add testsudoers to default build target if --with-devel Don't clean
14521 generated parser files unless "distclean".
14524 * parse.yacc, sudo.tab.c:
14525 In pedantic mode we need to save *all* the aliases, not just those
14526 that match, or we get spurious warnings.
14530 reference samples.sylog.conf
14533 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
14535 * sample.syslog.conf:
14536 Sample entries for syslog.conf
14543 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
14544 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
14545 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
14546 auth/sudo_auth.c, auth/sudo_auth.h:
14547 In struct sudo_auth, turn need_root and configured into flags and
14548 add a flag to specify an auth method is running alone (the only
14549 one). Pass auth methods their sudo_auth pointer, not the data
14550 pointer. This allows us to get at the flags and tell if we are the
14551 only auth method. That, in turn, allows the method to be able to
14552 decide what should/should not be a fatal error. Currently only
14553 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
14554 define and te hackery that went with it. With access to the
14555 sudo_auth struct, methods can also get at a string holding their
14556 cannonical name (useful in error messages).
14559 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
14560 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
14562 o --with-otp deprecated, use --without-passwd instead o real
14563 dependencies in the Makefile o --with-devel option to enable yacc,
14564 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
14565 back to being a token, not a string but don't leak memory o rename
14566 hsotspec -> host in parse.yacc
14569 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
14575 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
14577 o Digital UNIX needs to check for *snprintf() before -ldb is added
14578 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
14579 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
14580 functions in snprintf.c to fix -Wall o Add missing includes to fix
14584 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
14585 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
14587 o Add a "pedentic" flag to the parser. This makes sudo warn in
14588 cases where an alias may be used before it is defined. Only turned
14589 on for visudo and testsudoers. o Add --disable-authentication option
14590 that makes sudo not require authentication by default. The PASSWD
14591 tag can be used to require authentication for an entry. We no
14592 longer overload --without-passwd.
14595 * lex.yy.c, parse.lex:
14596 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
14597 username can contain just about anything so be very permissive. Also
14598 drop the unused \. punctuation.
14601 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
14603 * parse.yacc, sudo.tab.c:
14604 o add a 'val' element to aliasinfo struct and move -> parse.h o
14605 find_alias() now returns an aliasinfo * instead of boolean o
14606 add_alias() now takes a value parameter to store in the
14607 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
14608 return: 1) positive match 0) negative match (due to '!')
14609 -1) no match This means setting $$ explicitly in all cases, which I
14610 should have done in the first place. It also means that we always
14611 store a value that is != -1 and when we see a '!' we can set
14612 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
14613 now works the way it should in lists and some of the rules are more
14614 uniform and sensible.
14618 add parse.h dependency
14622 kill unused *_matched macros
14626 Allow a list of users as the first thing in a user spec, not just a
14627 single entry. This makes things more uniform, though it does allow
14628 you to write user specs that are hard to read.
14640 fix check for crypt() in libufc
14643 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
14646 sudo-users list now exists
14649 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
14653 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
14654 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
14655 version.c, visudo.c:
14656 o Move lock_file() and touch() into fileops.c so visudo can use them
14657 o Visudo now locks the sudoers temp file instead of bailing when the
14658 temp file already exists. This fixes the problem of stale temp
14659 files but it does *require* that you not try to put the temp file in
14660 a world-writable directory. This shoud not be an issue as the temp
14661 file should live in the same dir as sudoers. o Visudo now only
14662 installs the temp file as sudoers if it changed.
14665 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14671 * config.h.in, configure, configure.in, logging.c:
14675 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
14676 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
14677 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
14678 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
14679 -> _PATH_SUDOERS_TMP
14682 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14684 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
14685 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
14686 root sudo -V config reporting
14689 * configure, configure.in:
14690 aix_auth.o not authenticate.o
14694 Add --with-goodpri and --with-badpri configure options to specify
14695 the syslog priority to use.
14698 * INSTALL, configure, configure.in, logging.h:
14699 Add --with-goodpri and --with-badpri configure options to specify
14700 the syslog priority to use.
14704 kill crufty AIX stuff
14708 Sigh, some versions of make (like Solaris's) don't deal with $< like
14709 I would expect. Both GNU and BSD makes get this right but... So, we
14710 just expand $< inline at the cost of some ugliness.
14714 If the invoking user is root, sudo will now print configure info in
14715 -V mode. Currently just prints logging info, to be expanded later.
14718 * logging.c, logging.h, sudo.c, sudo.h:
14719 o new defines for syslog facility and priority o use new
14720 print_version() functino for -V mode
14724 Don't need version.c
14727 * aclocal.m4, config.h.in, configure, configure.in:
14728 Add check for syslog facilities and priorities tables in syslog.h
14732 o authenticate -> aix_auth o add version.c
14735 * auth/sudo_auth.c:
14736 Missed a prompt -> user_prompt conversion
14739 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
14742 sudo should lock its logfile
14745 * parse.yacc, sudo.tab.c:
14746 o Add '!' correctly when expanding Aliases. o Add shortcut macros
14747 for append() to make things more readable. o The separator in
14748 append() is now a string instead of a char. o In append(), only
14749 prepend the separator if the last char is not a '!'. This is a
14750 hack but it greatly simplifies '!' handling. o In -l mode, Runas
14751 lists and NOPASSWD/PASSWD tags are now inherited across entries in
14752 a list (matches current behavior). o Fix formatting in -l mode such
14753 that items in a list are separated by a space. Greatlt improves
14754 readability. o Space for name field in struct aliasinfo is now
14755 allocated dyanically instead of using a (big) buffer. o In
14756 add_alias(), only search the list once (lsearch instead of lfind +
14760 * lex.yy.c, sudo.tab.c, sudo.tab.h:
14764 * configure, configure.in:
14765 Solais pam doesn't require anye xtra setup
14769 o Simpler '!' support now that the lexer deals with multiple !'s for
14770 us. o In the case of opFOO, have FOO give a boolean return value and
14771 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
14772 it gets fill()'d in parse.lex--fixes a small memory leak. In the
14773 long run it may be better to just fix parse.lex and make ALL back
14774 into a token. However, having it be a string is useful since it
14775 can be easily passed back to the parent rule if we so desire.
14779 o Remove some unnecessary backslashes o collapse multiple !'s by
14780 using !+ and checking if yyleng is even or odd. this allows us to
14781 simplify ! handling in parse.yacc
14785 -u flag was being ignored
14788 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
14795 work around pod2man stupididy
14799 correct dependencies for .cat
14802 * sudo.cat, sudo.man, visudo.cat, visudo.man:
14806 * sudo.pod, visudo.pod:
14807 Add copyright Update to reality
14810 * parse.c, sudo.c, sudo.h:
14811 rename validate() to the more descriptive sudoers_lookup()
14818 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
14824 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
14825 configure, configure.in, sudo.c:
14830 add 4th term to license similar to term 5 in the apache license
14833 * emul/search.h, emul/utime.h:
14834 add 4th term to license similar to term 5 in the apache license
14837 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
14838 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
14839 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
14840 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
14841 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
14842 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
14843 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
14845 add 4th term to license similar to term 5 in the apache license
14848 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
14849 add 4th term to license similar to term 5 in the apache license
14852 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
14853 getspwuid.c, goodpath.c:
14854 add 4th term to license similar to term 5 in the apache license
14857 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
14858 insults.h, logging.c, sudo.c, sudo.h:
14859 there was a 1995 release too
14862 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
14869 Use dirs instead of files for timestamp. This allows tty and non-
14870 tty schemes to coexist reasonably. Note, however, that when you
14871 update a tty ticket, the mtime on the user dir gets updated as well.
14874 * configure, configure.in:
14875 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
14876 when linking test program, not just -lprot. Also add check for
14877 getspnam(). The SCO docs indicate that /etc/shadow can be used but
14881 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
14884 first cut at auth API description
14887 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
14889 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
14890 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
14892 auth API change. There is now an init method that gets run before
14893 the main loop. This allows auth routines to differentiate between
14894 initialization that happens once vs. setup that needs to run each
14895 time through the loop.
14898 * auth/kerb5.c, logging.c:
14899 use easprintf() and evasprintf()
14903 add easprintf() and evasprintf(), error checking versions of
14904 asprintf() and vasprintf()
14908 remove 2 items. One done, one won't do.
14911 * lex.yy.c, sudo.tab.c:
14915 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
14916 visudo.html, visudo.man:
14925 o Document -K flag and update meaning of -k flag. o BSD-style
14926 copyright o Document clearing of BIND resolver environment variables
14927 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
14928 if your OS gives away files
14936 BSD-style copyright
14940 o BSD copyright o no need to block signals, we now do that in main()
14944 * testsudoers.c, visudo.c:
14945 o BSD-style copyright o Use "struct sudo_user" instead of old
14946 globals. o some cometic cleanup
14950 BSD-style copyright
14954 o BSD copyright o logging and parser bits moved to their own .h
14955 files o new "struct sudo_user" to encapsulate many of the old
14960 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
14961 logging routines o simplified flow of control o BIND resolver
14962 additions to badenv_table
14966 BSD-style copyright
14970 Now compiles on more K&R compilers
14974 BSD-style copyright, cosmetic changes
14978 BSD-style copyright
14981 * parse.c, parse.h, parse.lex, parse.yacc:
14982 BSD-style copyright. Move parser-specific defines and structs into
14983 parse.h + other cosmetic changes
14987 defines for logging routines
14990 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
14991 BSD-style copyright, cosmetic changes
14994 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
14996 BSD-style copyright
15000 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
15001 kill --disable-tgetpass o add --without-passwd o changes to fill in
15002 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
15003 v?asprintf() o replace --with-AuthSRV with --with-fwtk
15007 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
15008 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
15009 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
15013 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
15017 BSD-style copyright
15021 no more --with-getpass
15025 Take out things I've done...
15033 --with-getpass no longer exists
15037 BSD-style copyright. Update to reflect reality wrt new files and
15042 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
15047 Update history a bit
15050 * COPYING, LICENSE:
15051 Now distributed under a BSD-style license
15054 * auth/sudo_auth.c:
15055 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
15056 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
15060 * auth/pam.c, auth/sia.c:
15061 BSD-style copyright and use new log functions
15065 o BSD-style copyright o Use new log functiongs o Use asprintf() and
15066 snprintf() where sensible.
15070 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
15071 done more reasonably--better sanity checks and tty-based stamps are
15072 now done as files in a directory with the same name as the invoking
15073 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
15074 to mix tty and non-tty based ticket schemes but this may change in
15075 the future (it requires sudo to use a directory instead of a file in
15076 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
15077 the epoch and ``sudo -K'' really deletes the file. That way you
15078 don't get the lecture again just because you killed your ticket in
15079 .logout. BSD-style copyright now.
15083 o rewritten logging routines. log_error() now takes printf-style
15084 varargs and log_auth() for the return value of validate(). o BSD-
15088 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
15089 superceded by new auth API
15093 BSD-style copyright
15097 Use snprintf() where it makes sense and add a BSD-style copyright
15100 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
15101 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
15102 BSD-style copyright
15105 * emul/utime.h, utime.c:
15106 BSD-style copyright
15110 this has been rewritten so use my BSD-style copyright
15113 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
15116 include malloc.h if no stdlib.h
15120 KTH snprintf()/asprintf() for systems w/o them
15124 strerror() for systems w/o it
15127 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
15133 * parse.c, parse.lex, parse.yacc:
15134 Add contribution info in the main comment
15137 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
15140 remove missed ref to PAM_nullpw
15143 * auth/sudo_auth.h:
15148 more or less complete now--still untested
15151 * auth/afs.c, auth/pam.c:
15152 don't use user_name macro, it will go away
15155 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
15156 combine skey/opie code into rfc1938.c
15159 * auth/dce.c, auth/sudo_auth.h:
15160 DCE authentication method; basically unchanged from dce_pwent.c
15163 * auth/aix_auth.c, auth/sudo_auth.h:
15164 AIX authenticate() support. Could probably be much better
15168 Fix an uninitialized variable and some cleanup. Now works (tested)
15171 * auth/sia.c, auth/sudo_auth.h:
15172 SIA support for digital unix
15176 don't use prompt global, it will go away
15179 * auth/secureware.c:
15180 correct copyright years
15183 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
15184 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
15185 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
15186 New authentication API and methods
15189 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
15196 only save an entry if user_matches && host_matches, even if the
15197 stack is empty (fix for previous commit)
15205 1) Always save an entry on the stack if it is empty. This fixes the
15206 -l and -v flags that were broken by earlier parser changes.
15208 2) In a Runas list, don't negate FALSE -> TRUE since that would make
15209 !foo match any time the user specified a runas user (via -u) other
15214 interfaces and num_interfaces are now auto, not extern
15217 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
15220 use a static global to keep stae about empty passwords
15224 make PASSWORD_NOT_CORRECT logging consistent with other modules
15227 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
15230 PAM prompt code was wrong, looks like we have to kludge it after
15235 In the PAM code, when a user hits return at the first password
15236 prompt, exit without a warning just like the normal auth code
15239 * configure, configure.in:
15240 kludge around cross-compiler false positives
15243 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
15244 New (correct) PAM code Tgetpass now takes an echo flag for use with
15245 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
15246 useless umask setting Change error from BAD_ALLOCATION ->
15247 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
15252 Some -Wall and kill some trailing spaces
15256 define -D__EXTENSIONS__ for solaris so we get crypt() proto
15259 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
15265 * INSTALL, config.h.in, configure, configure.in:
15266 for kerberos V < version, fall back on old kerb4 auth code
15270 clarify some things
15273 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
15277 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
15280 mention why DONT_LEAK_PATH_INFO is not the default
15283 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
15286 Fix open(2) return value checking, was NULL for fopen, should be -1
15295 better wording for solaris pam notice
15299 document recent changes
15303 Update shadow password section
15307 move authentication code from check.c to auth.c
15310 * Makefile.in, check.c, sudo.h:
15311 move authentication code to auth.c
15314 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
15316 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
15317 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
15318 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
15319 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
15321 Move interface-related defines to interfaces.h so we don't have to
15322 include <netinet/in.h> everywhere.
15325 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
15327 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
15328 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
15329 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
15330 turns out the old DES crypt does the right thing with passwords
15331 longert than 8 characters. o Fix common typo (necesary ->
15332 necessary) o Update TODO list
15335 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
15338 set $LOGNAME when we set $USER
15341 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
15344 add comment about digital unix and interfaces.c warning with gcc
15347 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
15350 use modern paths and give examples for some of the new parser
15354 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15360 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
15361 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
15362 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
15363 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
15364 Function names should be flush with the start of the line so they
15365 can be found trivially in an editor and with grep
15368 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
15369 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
15370 free(3) is already void, no need to cast it
15373 * logging.c, sudo.c, sudo.h:
15374 catch case where cmnd_safe is not set (this should not be possible)
15377 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
15378 testsudoers.c, visudo.c:
15379 Stash the "safe" path (ie: the one listed in sudoers) to the command
15380 instead of stashing the struct stat. Should be safer.
15383 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
15385 * INSTALL, Makefile.in, UPGRADE:
15386 notes on updating from an earlier release
15393 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
15395 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
15396 sudoers.man, sudoers.pod:
15397 You can now specifiy a host list instead of just a host or alias.
15398 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
15405 * parse.yacc, sudo.tab.c:
15406 Move the push from the beginning of cmndspec to the end. This means
15407 we no longer have to do a push at the end of privilege, just reset
15411 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
15412 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
15413 use "!" most everywhere
15416 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
15419 modernize paths and update su example based on sample.sudoers one
15423 New runas semantics
15426 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
15428 In estrdup(), do the malloc ourselves so we don't need to rely on
15429 the system strdup(3) which may or may not exist. There is now no
15430 need to provide strdup() for those w/o it. Also, the prototype for
15431 estrdup() was wrong, it returns char * and its param is const.
15439 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
15442 * CHANGES, TODO, parse.yacc, sudo.tab.c:
15443 It is now possible to use the '!' operator in a runas list as well
15444 as in a Cmnd_Alias, Host_Alias and User_Alias.
15447 * logging.c, sudo.h:
15448 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
15452 Definitions of *_matched were wrong--user top, not top-2 as
15456 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
15457 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
15458 command but the NOPASSWD flag was set. Make runasspec, runaslist,
15459 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
15460 in the runas list Fix double printing of '%' and '+' for groups and
15461 netgroups respectively Add *_matched macros (no need for local stack
15462 variable). Should only be used directly after a pop (since top must
15466 * aclocal.m4, configure.in:
15467 Add copyright, somewhat silly
15470 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15472 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
15473 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
15474 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
15475 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
15476 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
15477 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
15478 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
15479 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
15481 Crank version to 1.6 and combine copyright statements
15485 Use ! not ^ to do negation
15488 * lex.yy.c, sudo.tab.c:
15492 * parse.lex, parse.yacc:
15493 Make runas and NOPASSWD tags persistent across entris in a command
15494 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
15495 runas or *PASSWD tag the value given becomes the new default for the
15496 rest of the command list.
15499 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
15503 [a1ae9d4a7d54] [SUDO_1_5_9]
15506 Shift return value of system(3) by 8 to get real exit value and if
15507 it is not 1 or 0 print the retval along with the error message.
15510 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15513 testsudoers needs LIBOBJS too
15516 * parse.c, parse.yacc, sudo.tab.c:
15517 Fix another parser bug. For a sudoers entry like this: millert
15518 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
15526 * parse.yacc, sudo.tab.c:
15527 Save entries that match a ! command on the matching stack too
15531 Make sudo's usage info better when mutually exclusive args are given
15532 and don't rely on argument order to detect this; nick@zeta.org.au
15535 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
15537 * CHANGES, Makefile.in, RUNSON:
15545 * parse.yacc, sudo.tab.c:
15546 Fix off by one error introduced in *alloc changes
15549 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
15550 check_sia.c, compat.h, config.h.in, configure, configure.in,
15551 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
15552 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
15553 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
15554 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
15555 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
15556 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
15557 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
15561 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
15562 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
15563 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
15564 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
15565 Use emalloc/erealloc/estrdup
15569 error checking memory allocation routines
15572 * parse.yacc, sudo.tab.c:
15573 Still not right, this fixes it for real
15576 * parse.yacc, sudo.tab.c:
15577 Fix for previous commit
15580 * CHANGES, INSTALL, parse.yacc:
15581 Fix a parser bug that was exposed when mixing different runas specs
15582 and ! commands. For example: millert ALL=(daemon)
15583 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
15584 as well as daemon when it should just allow daemon. The problem was
15585 that comma-separated commands in a list shared the same entry on the
15586 matching stack. Now they get their own entry iff there is a full
15587 match. It may be better to just make the runas spec persistent
15588 across all commands in a list like the user and host entries of the
15589 matching stack. However, since that is a fairly major change it
15590 should gets its own minor rev increase.
15593 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
15595 * check.c, config.h.in:
15596 Simplify PAM code and fix a PAM-related warning on Linux
15599 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
15613 * check.c, configure.in:
15614 new pam code that works on solaris, should work on linux too;
15618 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15625 only include strings.h if there is no string.h
15628 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
15631 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
15634 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15637 shost must be set before log functions are called #ifdef HOST_IN_LOG
15640 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
15642 * CHANGES, lex.yy.c, parse.lex:
15643 Fix a bug wrt quoting characters in command args. Stop processing
15644 an arg when you hit a backslash so the quoted-character detection
15648 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
15651 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
15654 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
15656 * configure, configure.in:
15657 add missing case statement so --without-sendmail works
15660 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15666 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
15668 * configure, configure.in:
15669 only search for -lsun in irix <= 4.x
15672 * configure, configure.in:
15673 back out last configure.in change now that I've hacked autoconf to
15674 fix the real problem and add a missing newline
15682 add def of dirfd() for those without it
15685 * configure, configure.in:
15686 When falling back to checking for socket() when linking with
15687 "-lsocket -lnsl" check for main() instead since autoconf has already
15688 cached the results of checking for socket() in -lsocket. This is
15689 really an autoconf bug as it should use the extra libs as part of
15690 the cache variable name.
15697 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
15700 fix occurrence of $with_timeout that should be
15701 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
15705 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
15707 * sudo.cat, sudo.html, sudo.man, sudo.pod:
15708 fix grammar; espie@openbsd.org
15709 [7031d9dfbc3e] [SUDO_1_5_8]
15711 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15713 * parse.yacc, sudo.c, testsudoers.c:
15714 add cast for strdup in places it does not have it
15717 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
15719 * configure, configure.in:
15720 define for_BSD_TYPES irix
15723 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
15725 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
15726 Make it clear that it is the user's password, not root's, that we
15731 If the user enters an empty password and really has no password,
15732 accept the empty password they entered. Perviously, they could
15734 *but* an empty password. Also, add GETPASS macro that calls either
15735 tgetpass() or getpass() depending on how sudo was configured.
15736 Problem noted by jdg@maths.qmw.ac.uk
15739 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
15741 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
15742 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
15743 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
15744 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
15745 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
15746 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
15748 add explicate copyright
15752 mention -lsocket, -lnsl configure changes
15755 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
15758 Don't clobber errno after calling check_sudoers().
15761 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
15763 * configure, configure.in:
15764 When linking with both -lsocket and -lnsl be sure to do so in that
15765 order. Also, when we can't find socket() or inet_addr() and have to
15766 try linking with both libs, issue a warning.
15769 * sudo.cat, sudo.man, sudo.pod:
15770 clarify bad timestamp and fmt
15773 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
15776 be clear that pam is linux-only and add a RUNSON entry
15779 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
15781 * CHANGES, INSTALL, configure, configure.in:
15782 fix and correctly document --with-umask; problem noted by
15786 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15788 * configure, configure.in:
15789 only use /usr/{man,catman}/local to store man pages if suer didn't
15790 override prefix or mandir
15793 * INSTALL, configure, configure.in:
15794 fix typo, make --with-SecurID take an arg
15797 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
15803 * CHANGES, INSTALL, check.c, configure, configure.in:
15804 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
15807 * configure, configure.in:
15808 better fix for the problem of unresolved symbols in -lnsl or
15812 * configure, configure.in:
15813 when checking for functions in -lnsl and -lsocket link with both of
15814 them to avoid unresolved symbols on some weirdo systems
15817 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15819 * BUGS, CHANGES, RUNSON, TODO:
15820 old changes that didn't make it into RCS before the RCS->CVS switch
15823 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15825 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
15826 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
15827 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
15828 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
15829 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
15830 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
15831 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
15844 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
15845 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
15846 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
15847 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
15848 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
15849 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
15850 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
15851 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
15852 crank version and regen files
15856 kill rcs goop in update_version and fix now that version is a const
15859 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
15860 sudo.c, sudo.h, sudo.pod:
15861 kerb5 support from fcusack@iconnet.net
15864 * realpath.c, sudo_realpath.c:
15865 we no longer use realpath
15869 replaced by find_path.c
15873 all options are now configure flags
15881 superceded by getcwd.c
15885 superceded by tgetpass.c
15889 superceded by RUNSON
15893 No longer used now that we have configure options for everything.
15897 regen based on configure.in
15900 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
15901 sudoers.man, visudo.cat, visudo.html, visudo.man:
15902 regen based on sudo.pod, sudoers.pod, and visudo.pod
15905 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
15908 fix tty tickets in remove_timestamp (didn't use ':')
15911 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
15914 close sock when we are done with it
15917 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
15920 never say "error on line -1"
15923 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
15926 check for -lnsl before -lsocket
15930 quote '[', ']' used in ranges correctly
15933 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
15936 add missing NO_ROOT_SUDO noted by drno@tsd.edu
15939 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
15946 more info for 1.5.7
15954 make increases of cm_list_size and ga_list_size be similar to
15955 increases of stacksize (ie: >= not > in initial compare).
15959 when we get a syntax error, report it for the previous line since
15960 that's generally where the error occurred.
15963 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
15965 * config.h.in, configure.in, interfaces.c:
15966 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
15968 [d197f31fd1e4] [SUDO_1_5_7]
15971 define BSD_COMP for svr4
15974 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
15975 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
15976 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
15977 testsudoers.c, tgetpass.c, utime.c, visudo.c:
15982 kill check for sockio,h
15986 no more HAVE_SYS_SOCKIO_H
15989 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
15990 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
15991 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
15992 testsudoers.c, tgetpass.c, utime.c, visudo.c:
15996 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
15999 add missing inform_user()
16002 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
16005 return NOT_FOUND if given fully qualified path and it does not exist
16006 previously it would perror(ENOENT) which bypasses the option to not
16011 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
16015 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
16018 tty tickets are user:tty now
16022 when using tty tickets make it user:tty not user.tty as a username
16023 could have a '.' in it
16026 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
16029 add "ignoring foo found in ." for auth successful case
16032 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
16035 add missing printf param
16038 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
16040 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
16041 go back to printing "command not found" unless --disable-path-info
16042 specified. Also, tell user when we ignore '.' in their path and it
16043 would have been used but for --with-ignore-dot.
16047 Only one space after a colon, not two, in printf's
16050 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
16053 document setting $USER
16057 fix bugs with prompt expansion
16061 set $USER for root too
16064 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
16071 HP-UX's iscomsec is in -lsec, not libc
16075 remove some entries in the OS case statement that did nothing
16079 add "cd" section and flush out syslog section
16083 no more sudo-lex.yy.c
16087 add custom prompt support
16091 kill perror("malloc") since we already have a good error messages
16092 pw_ent -> pw for brevity
16096 kill perror("malloc") since we already have a good error messages
16097 pw_ent -> pw for brevity set $USER if -u specified
16101 kill perror("malloc") since we already have a good error messages
16105 kill perror("malloc") since we already have a good error messages
16106 pw_ent -> pw for brevity when checking if %group matches, look up
16107 user in password file so that %groups works in a RunAs spec.
16111 kill perror("malloc") since we already have a good error messages
16114 * check.c, getspwuid.c, interfaces.c:
16115 kill perror("malloc") since we already have a good error messages
16116 pw_ent -> pw for brevity
16119 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
16122 the prompt is expanded before tgetpass is called
16126 tgetpass now has the same args as getpass again
16130 add iscomsec, issecure support
16134 we now expand any %h or %u in the prompt before passing to tgetpass
16138 add check for syslog(3) in -lsocket, -lnsl, -linet
16142 add HAVE_ISCOMSEC and HAVE_ISSECURE
16146 add check for iscomsec in HP-UX
16150 check for issecure if we have getpwanam on SunOS some options are
16151 incompatible with DUNIX SIA check for dispcrypt on DUNIX
16154 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16161 add back support for non-dispcrypt based checking for older DUNIX
16169 SIA becomes the default on Digital UNIX now havbe --disable-sia to
16174 move local includes after system ones
16177 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
16179 * check.c, check_sia.c, sudo.h:
16180 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
16185 fix while loop in sia_attempt_auth() that checks the password. Only
16186 the first iteration was working.
16189 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
16192 don't trust UID_MAX or MAXUID
16203 * getspwuid.c, secureware.c:
16204 init crypt_type to INT_MAX since it is legal to be negative in DUNX
16209 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
16210 -ldb since DUNX < 4.0 lacks it
16213 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
16215 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
16216 secureware.c, sudo.c, tgetpass.c:
16217 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
16218 minutes if the shadow files don't exist).
16221 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
16224 updated --with-editor blurb
16228 tell how to put sudoers in a different dir
16232 add missing quotes around $with_editor
16236 typo in --with-editor bits
16240 I don't expect it to work on Solaris
16244 add back security/pam_misc.h
16247 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
16250 remove dunix note since configure checks for this now
16254 add check for broken dunix prot.h (4.0 < 4.0D is bad)
16257 * getspwuid.c, secureware.c, tgetpass.c:
16258 new dunix shadow code, use dispcrypt(3)
16266 call initprivs() if we have it for getprpwuid later on
16270 clean pathnames.h too
16274 quote "Sorry, try again." with [] since it has a comma in it set
16275 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
16276 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
16281 update Digital UNIX note about acl.h
16286 --without-root-sudo -> --disable-root-sudo some reordering
16293 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
16301 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
16304 when checking for -lsocket, -lnsl, and -linet, check for the
16305 specific functions we need from them.
16308 * config.h.in, sudo.h:
16309 move Syslog_* defs into sudo.h
16312 * Makefile.in, sudo.h:
16313 added check_secureware
16317 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
16321 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
16322 defined. configure now does that for us
16326 move some --with options around change a bunch of echo's to
16327 AC_MSG_CHECKING, AC_MSG_RESULT pairs
16331 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
16332 syntax error add some echo verbage
16335 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
16338 moved SecureWare stuff into secureware.c
16346 update url to solaris gcc bins
16350 change option formatter and flesh out someentries
16353 * TROUBLESHOOTING, sudo.pod, visudo.pod:
16354 environmental variable -> environment variable
16358 everything is now done via configure
16366 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
16370 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
16374 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
16375 sudoers_mode from configure
16379 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
16380 the Makefile, not config.h
16384 document all --with/--enable options
16387 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
16390 options.h is no more
16394 assimilated options.h
16398 moved options from options.h to configure
16401 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
16402 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
16403 sudo_setenv.c, visudo.c:
16407 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
16408 remove references to options.h
16411 * dce_pwent.c, interfaces.c, sudo.c:
16416 if select return < -1 still prompt for pw
16420 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
16425 FAST_MATCH is no longer an optino
16429 remove_timestamp() if timestamp is preposterous
16433 convert more options to --with/--enable
16436 * INSTALL, aclocal.m4:
16441 convert more options into --with and --enable
16445 catch EINTR in select and restart
16452 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
16455 UMASK -> SUDO_UMASK.
16458 * check.c, logging.c:
16459 time.h, not sys/time.h
16462 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
16465 MAILER -> _PATH_SENDMAIL
16468 * INSTALL, configure.in:
16469 no more --with-C2, now it is --disable-shadow
16472 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
16473 getspwuid.c, sudo.c, tgetpass.c:
16474 new shadow password scheme. Always include shadow support if the
16475 platform supports it and the user did not disable it via configure
16478 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
16481 --with-getpass -> --{enable,disable}-tgetpass
16485 pathnames.h -> pathnames.h.in
16493 move pam_conv to be static to auth function remove pam_misc.h
16494 (solaris doesn't have one)
16498 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
16502 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
16506 convert to pathnames.h.in
16509 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16512 fix typo in sysv4 matching case /.
16515 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
16518 pam stuff needs to run as root, not user, for shadow passwords
16521 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
16523 * BUGS, INSTALL, README, configure.in:
16527 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
16528 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
16529 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
16530 logging.c, options.h, parse.c, parse.lex, parse.yacc,
16531 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
16532 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16537 user version.h for long message
16541 this is version 1.5.6
16544 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
16547 remove errant backslash
16550 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
16552 * options.h, parse.yacc, pathnames.h.in:
16554 [fdee73255d64] [SUDO_1_5_6]
16556 * BUGS, CHANGES, TODO:
16564 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
16567 kill unused localhost_mask var copy if name to ifr_tmp after we zero
16571 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
16574 Better description of new vs. old sudoers modes fix some typos
16575 better description of /usr/ucb/cc gotchas on slowaris
16583 set NewArgv[0] to user_shell, not basename(user_shell)
16586 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
16589 mention TROUBLESHOOTING more fix some typos
16593 move --enable/--disable to be after --with
16597 document --enable/--disable
16601 document --with-pam
16604 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
16607 Add message for pam users
16618 * check.c, config.h.in, configure.in:
16619 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
16622 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
16625 add HOST_IN_LOG and WRAP_LOG
16629 add WRAP_LOG and HOST_IN_LOG
16633 add --enable-log-host and --enable-log-wrap
16637 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
16640 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
16647 include sys/param.h to get howmany macro
16650 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
16652 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
16656 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
16659 bring in stdio.h for NULL
16663 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
16667 use HAVE_SET_AUTH_PARAMETERS
16671 add HAVE_SET_AUTH_PARAMETERS
16675 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
16679 add support for HI-UX/MPP SR220001 02-03 0 SR2201
16683 initialize previfname
16687 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
16688 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
16697 don't need special build line for sudo.tab.o
16701 don't clean sudo.tab.[ch]
16705 Sudo should prompt for a password before telling the user that a
16706 command could not be found.
16714 no longer require yacc
16722 y.tab -> sudo.tab include pre-yacc'd parse.yacc
16726 include sudo.tab.h, not y.tab.h don't break out of command args if
16734 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
16743 getcwd(3) from OpenBSD for those without it.
16747 HAVE_GETWD -> HAVE_GETCWD
16751 pretend sunos doesn't have getcwd(3) since it opens a pipe to
16760 remove duplicate include of string.h
16764 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
16768 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
16772 add dev_t and ino_t
16775 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
16778 fix OTP_ONLY for opie
16781 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
16783 * testsudoers.c, tgetpass.c:
16784 include stdlib.h for malloc proto
16787 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
16790 make update_version saner
16794 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
16798 check for waitpid and wait3 or no waitpid
16802 used waitpid or wait3 if we have 'em
16805 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
16808 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
16811 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
16814 don't need to explicately mention -lsocket -lnsl for sequent
16817 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
16820 dynix should not link with -linet
16823 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
16826 mention that HP-UX doesn't ship with yacc
16829 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
16832 ignore kerberos if we can't get the local realm
16835 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
16837 * BUGS, INSTALL, README, configure.in:
16845 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
16846 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
16847 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
16848 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
16857 don't use popen/pclose. Do it inline.
16868 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
16869 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
16874 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
16879 getwd.c -> getcwd.c
16891 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
16895 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
16897 * OPTIONS, options.h:
16898 add STUB_LOAD_INTERFACES
16901 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
16902 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
16903 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
16904 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
16905 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
16906 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16911 support *-ccur-sysv4 and fix two typos
16914 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
16917 don't echo about with_logfile and with_timedir
16921 document --with-logfile and --with-timedir
16925 support --with-logfile and --with-timedir
16929 Add --with-logfile and --with-timedir
16933 change size computation of NewArgv for UNICOS
16936 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
16939 treate -*-sysv4* like *-*-svr4
16942 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
16945 fix spacing for --with-authenticate help
16948 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
16949 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
16950 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
16951 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
16952 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
16953 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16958 fix off by one error in push macro
16961 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
16964 removed bogus alloca hack
16968 added AIX 4.x authenticate() support
16972 include alloca.h if using bison and not gcc and it exists. fixes an
16973 alloca problem on hpux 10.x
16977 mention --with-authenticate
16981 added AIX authenticate() support
16985 add HAVE_AUTHENTICATE
16989 dynamically size ifconf buffer
16996 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
16997 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
16998 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
16999 logging.c, options.h, parse.c, parse.lex, parse.yacc,
17000 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17001 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17009 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
17012 add busy stmp file explanation
17015 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
17018 the name of the cached var that signals whether or not you are cross
17019 compiling changed. It is now ac_cv_prog_cc_cross
17022 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
17025 mention glibc 2.07 is fixed wrt lsearch()\.
17028 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
17030 * sample.sudoers, sudoers.pod:
17031 better example of su but not root su
17034 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
17036 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17037 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17038 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17039 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17040 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17041 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17046 correct regexp for updating version
17050 remove bogus flush of stderr spew prompt before turning off echo.
17051 Seems to fix a weird problem where if sudo complained about a bogus
17052 stamp file the user would sometimes not have a chance to enter a
17057 fix bogus flush of stderr
17061 close fd's <=2 not <=3 and move that chunk of code up
17065 support hpux1[0-9] not just hpux10
17068 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
17071 set sudoers_fp to nil after closing
17074 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
17076 * config.guess, config.sub:
17077 updated from autoconf 2.12
17084 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
17087 fix select usage for high fd's (dynamically allocate readfds)
17091 kill extra whitespace
17095 do an initgroups() before running a command, unless the target user
17099 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
17102 tell people to use tabs, not spaces, in syslog.conf
17105 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
17107 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
17108 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
17112 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
17113 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
17117 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17118 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
17123 more tweaks to update_version
17127 fixed up update_version rule
17135 removed supe of check.c
17146 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17147 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
17148 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17149 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
17150 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
17151 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
17161 add rules to update version stuff in files so I don't need to do it
17166 sudoers_fp is now extern
17170 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
17171 don't have to open it again in the parse. This may help with weird
17172 solaris problems where EAGAIN sometime occurrs.
17176 sudoers file open is now done only in check_sudoers() so we just do
17177 a rewind() instead of an open. May help people on solaris who were
17181 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17184 mention that newer glibc is fixed
17187 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
17190 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
17191 _RLD* instead of _RLD_*
17199 fix that bug for real
17203 document Linux's libc6 brokenness.
17212 [4949a1bbd0a9] [SUDO_1_5_4]
17215 remind people to HUP syslogd
17231 remove author's email addr. people should mail sudo-bugs
17238 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
17239 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
17240 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
17241 logging.c, options.h, parse.c, parse.lex, parse.yacc,
17242 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17243 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
17251 * INSTALL, Makefile.in:
17260 exit(1) if user enters no passwd
17268 commands can start with ./* not just /* -- fixes a serious security
17272 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17275 Don't set the tty variable to NULL when we lack a tty, leave it as
17279 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17282 fix usage of (username) in conjunction with , and !
17286 catch the case where the user is not in the passwd file
17290 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
17295 define tty global to an initial value to avoid dumping core in
17296 logging functions when passwd file is unavailable.
17300 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
17305 talk about problem of ALL
17308 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
17315 fdesc bug is fixed in Open/Net BSD
17319 updates from Nieusma
17322 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17325 move compat.h after the system includes
17328 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17331 save errno from being clobbered by wait(). From Theo
17334 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
17337 fix an occurence of setresuid -> setreuid (typo)
17340 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
17343 check for path to strip
17346 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17349 deal with maxfilelen < 0 case
17356 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
17359 correct error message if mode/owner wrong and not statable by owner
17360 but is statable by root.
17363 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17365 * config.guess, config.sub:
17369 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
17371 * CHANGES, RUNSON, TODO:
17375 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
17377 * parse.yacc, sudo.h:
17378 command_alias -> generic_alias
17379 [c404ca8c510d] [SUDO_1_5_3]
17382 added Runas_Alias example and fixed syntax errors
17385 * OPTIONS, options.h:
17386 updated MAILSUBJECT
17393 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17394 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
17395 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17396 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
17397 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
17398 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
17403 * BUGS, emul/utime.h:
17408 document Runas_Alias
17416 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
17421 add size params to sprintf
17425 allow trailing space after '\\' but before '\n'
17429 off by one error in path size check
17436 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17443 now warns if killed by signal ./
17446 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
17449 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
17454 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
17458 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
17462 Add Runas_Alias and simplify a rule.
17466 always store User_Alias's since they can be used inside of a runas
17467 list. Sigh. Really need a Runas_Alias instead.
17470 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
17473 deal with case where there is no sudoers file
17476 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
17482 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
17484 * HISTORY, testsudoers.c:
17485 developement -> development
17500 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
17503 removed seteuid() notes
17504 [1010a60f281d] [SUDO_1_5_2]
17506 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17509 better seteuid() emulatino
17513 added check for seteuid
17520 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
17523 first stab at sequent support
17527 added HAVE_SYS_SELECT_H
17531 sequent -> _SEQUENT_
17535 added seteuid() macro for DYNIX
17539 _AIX -> HAVE_SYS_SELECT_H
17542 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
17544 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
17545 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
17546 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17550 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
17551 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
17552 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
17553 pathnames.h.in, version.h:
17558 added -H and SUDO_PS1
17562 use SUDO_FUNC_FNMATCH
17566 added SUDO_FUNC_FNMATCH
17574 added MODE_RESET_HOME /
17577 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
17591 * compat.h, config.h.in:
17596 added HAVE_OPIE and changed to *_OTP_*
17603 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
17606 moved fclose() in skey stuff.
17609 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
17612 index -> strchr remove unnecesary stuff
17616 now call skeychallenge() to get challenge instead of making one up
17617 ourselves. this way, we get extra goodies in the prompt.
17620 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
17624 [3f5149357e2a] [SUDO_1_5_1]
17627 allow logins to start with a number (YUCK!)
17630 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
17633 added soalris 2.5 vs 2.4 note
17637 DUNIX doesn't need -lnsl
17641 *** empty log message ***
17644 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
17645 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
17646 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
17647 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
17648 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
17649 utime.c, version.h, visudo.c:
17653 * PORTING, README, RUNSON:
17657 * INSTALL, Makefile.in, TROUBLESHOOTING:
17662 *** empty log message ***
17665 * sudo.pod, visudo.pod:
17669 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
17675 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
17678 added $SUDO_PROMPT support
17681 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
17684 print long skey challemged to stderr, not stdout
17687 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
17697 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
17703 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
17706 use shost, not host for tgetpass
17710 documented %u and %h
17714 documented %u and %h
17721 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17722 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17723 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17724 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17725 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17726 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
17734 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
17736 * Makefile.in, configure.in, version.h:
17741 new tgetpass() params
17745 pass use and host to tgetpass
17749 added %u and %h escapes
17752 * OPTIONS, check.c, options.h:
17757 added cray (unicos) support
17760 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
17762 * OPTIONS, options.h, sudo.c:
17763 added SHELL_SETS_HOME
17766 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
17769 added note about "make install"
17773 changed length/size params from int to size_t
17777 now get CSOPS insults as well by default
17781 use csops insults too by default
17784 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
17789 added runas_homedir
17805 added "upgrading" notes
17808 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
17811 now do chmod and chown after edit of temp file and before rename
17812 [de174e34faa7] [SUDO_1_5_0]
17814 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
17817 ++version added INSTALL.configure
17820 * configure.in, version.h:
17825 *** empty log message ***
17833 sets $HOME to pw_dir of runas user
17837 document $HOME change
17840 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
17843 fixed up some wording
17846 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17847 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
17848 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
17853 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17854 insults.h, options.h, pathnames.h.in, sudo.h:
17863 name nad type changes
17867 now works with new sudo
17875 some variable name changes + comment headers for functions.
17879 added extra paren's to make compilers happy
17883 *** empty log message ***
17887 now uses init_parser() if not in sudoers and tries "list" or
17888 "validate" scold but don't be nasty.
17892 now can use upper case login names
17896 now uses init_parser()
17904 added info about PASSWORD_TIMEOUT
17907 * INSTALL.configure:
17916 now dynamically allocates memory for the stacks -- no more
17921 -l now explands command aliases
17925 hacks to expand command aliases for `sudo -l'
17929 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
17933 added struct command_alias
17941 in compar() key should be first arg
17944 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
17951 can now deal with upcase HOST and USER names
17955 don't yell too loudly at non-sudoers if they do "sudo -l"
17966 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
17968 * parse.c, parse.yacc:
17969 added support for new `sudo -l' stuff
17973 now uses list_matches()
17977 added struct sudo_match
17981 now more -lgnumalloc
17984 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
17987 added more paths for chown and whoami
17990 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
17996 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
17999 fixed DUNIX check for shadow pw
18003 now only turn off echo if it is already on. this fixes a race when
18004 you use sudo in a pipelin
18012 changed "test -z $foo && do_this" to if; then construct
18015 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
18018 added missing defines of SHADOW_TYPE
18021 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
18024 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
18029 added AUTH_CRYPT_C1CRYPT support
18033 no longer return VALIDATE_NOT_OK if there was a runas that didn't
18034 match. Now we can have runas stuff on more than one line.
18037 * getspwuid.c, sudo.c, tgetpass.c:
18038 use SHADOW_TYPE instead of HAVE_C2_SECURITY
18042 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
18047 removed HAVE_C2_SECURITY added SPW_BSD
18051 use SHADOW_TYPE instead of HAVE_C2_SECURITY
18055 SHADOW_TYPE is always defined so just against its value
18059 added SUDO_CHECK_SHADOW_DUNIX
18062 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
18065 * -> ?* in one example added another instance of (runas) and one of
18069 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
18072 added back check for config.cache from other host type
18076 removed an instance of \"
18084 updated wrt new wildcard matching
18088 new check for shadow passwords if we don't know anything
18092 new SUDO_CHECK_SHADOW_GENERIC
18096 added back check for -lsocket (oops)
18100 better (working) check for shadow passwd type if we know to use C2.
18104 now uses AC_CANONICAL_HOST to figure out os type
18108 added config.{guess,sub}
18112 removed unused stuff to figure out os type
18128 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
18129 pathname. need to check against sudoers_args even if user_args is
18134 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
18135 pathname need to check against sudoers_args even if user_args is nil
18138 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
18141 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
18145 now takes command line args and uses cmnd_args
18149 fill_args was adding an extra leading space
18152 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
18155 fixed dummy command_matches()
18167 now uses flat args string
18170 * parse.c, parse.lex:
18171 now uses flat arg string
18175 added cmnd_args def
18179 now sets cmnd_args global
18183 cmnd_args is now exported from sudo.[ch]
18186 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
18189 can't rely on cmnd_matches as much as I thought -- added some $$
18190 stuff back in to prevent namespace pollution problems.
18194 Simplified parse rules wrt runas and NOPASSWD (more consistent).
18197 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
18200 NOPASSWD may now have blanks before the ':' '(' only starts a
18201 'runas' if in the initial state to avoid collision with command args
18205 added checks for specific shadow passwd schemes
18209 added routines to check for specific shadow passwd types
18212 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
18215 added support for ncr boxen
18219 added support for detecting ncr boxen
18222 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
18225 added sinix support
18228 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
18231 added info about "config.cache from other other" error.
18235 now makes sure you don't have a config.cache file from another OS
18239 now sets $LIBS when needed to configure links with libs when doing
18240 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
18241 bigcrypt(3) if SPW_SECUREWARE
18249 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
18257 no more SPW_HPUX10 added HAVE_BIGCRYPT
18261 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
18265 SPW_SECUREWARE now uses bigcrypt
18268 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
18271 fixed 2 syntax errors
18275 root may now run ALL as ALL
18278 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
18281 fixed a typo/thinko that broke BSD's with sa_len
18284 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
18286 * check.c, configure.in:
18287 updated AFS support
18291 added entry about /usr/ucb/cc
18295 prep no longer holds gcc binaries
18307 AFS allows long passwords
18311 fixed -u user support
18315 sudo -v now groks VALIDATE_OK_NOPASS
18319 fixed no_passwd vs. runas_matched
18323 took out stuff about NFS-mounting since it is no longer an issue
18327 added --with-libraries > --with-libpath --with-incpath
18331 was setting runas_matches to -1 in wrong place
18335 removed usersec.h which is not present in new AFS versions
18339 now deals with timeout <= 0
18347 BSD/OS >= 2.0 now uses shlicc instead of just gcc
18351 fixed backwards compatibility with sudo 1.4 sudoers mode for root
18352 readable/writable filesystems
18356 now gives INSTALL -c flag
18360 slightly simpler initialization of no_passwd and runas_matches
18364 added -u username support
18368 improved --with-libraries support
18371 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
18374 added --with-incpath, --with-libpath, --with-libraries
18378 now initializes some fields that weren't getting set to -1 pretty
18379 gross -- need a rewrite.
18382 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
18389 no longer add -lPW to *_LIBS since we include alloca.c
18393 added HAVE_ALLOCA_H
18408 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
18411 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
18412 not always set to a valid uid.
18416 fixed entry for SUDO_MODE
18420 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
18421 being set to -2. Now beat NFS to the punch and set uid to "nobody"
18422 ourselves, preserving group 0 to read sudoers.
18426 moved set_perms(PERM_ROOT) to be before yyparse()
18434 no longer need AC_PROG_INSTALL
18438 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
18442 make clean -> make distclean
18445 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
18448 removed some unnecsary if's
18451 * Makefile.in, version.h:
18455 * parse.c, testsudoers.c:
18456 now includes netgroup.h
18460 removed cats of ioctl to int since they didn't shut up -Wall
18464 explicately cast ioctl() to int since it it not always declared
18468 added declarations for yyparse() and yylex()
18472 fixed an occurence of '==' -> '='
18475 * config.h.in, configure.in:
18476 added check for netgroup.h
18480 fixed 2 compiler warnings
18484 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
18488 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
18494 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
18497 fixed a formatting thingie
18500 * parse.c, parse.yacc:
18501 fixed -u support with multiple user lists on a line
18505 unixware needs -lgen
18509 updated ftp location
18513 add net_addr/netmask support
18517 added net_addr/mask example
18520 * parse.c, parse.lex:
18521 added support for net_addr/netmask
18524 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
18530 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
18540 * BUGS, TODO, TROUBLESHOOTING:
18545 updated with examples of new stuff
18553 updated wrt -u and NOPASSWD
18557 updated wrt -u and CAVEATS
18560 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18567 now use :foo: character classes (makes no diff for generated lexer)
18570 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
18573 fixed LONG_SKEY_PROMPT stuff
18576 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
18583 make more like NetBSD one -- now compiles w/o warnings
18587 fixed decls of lsearch()
18590 * config.h.in, configure.in, getspwuid.c:
18595 hpux 10 uses bigcrypt() if C2
18598 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
18601 now always uses fnmatch to match args
18605 back to using stdio instead of raw i/o since that caused some
18609 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
18612 now give usage warning if use -l,-v,-k with args
18615 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
18618 NewArgc is now set to 1 for -l, -v, -k
18622 now sets sudoers to correct group if mode is 0400
18626 updated to version used by inn and bind
18630 now uses -lgnumalloc if it exists
18634 "make install" now sets uid/gid and mode on sudoers if it exists
18638 rmeoved debugging statements
18642 added a missing free()
18646 now uses user_gid instead of getegid (which was wrong anyway) to set
18647 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
18648 (logging.c depends on args being in the environment)
18652 now uses SUDO_COMMAND envariable to get command args rather than
18653 building it up again.
18661 fixed off by one error in allocation NewArgv
18665 in sudoers, 'command ""' now means command with no args
18669 added check for fnmatch(3) and fnmatch.h
18677 replaced wildcat.* with fnmatch.*
18684 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
18687 now uses fnmatch() instead of wildmat a trailing star (*) by itself
18688 now matches multiple args added support for wildcards in the
18689 pathname in sudoers
18692 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
18695 now includes compat.h and config.h
18699 added HAVE_FNMATCH_H
18703 now checks for alloca() (if needed by bison or dce) and links with
18704 -lPW if it contains alloca() and libv and compiler do not.
18707 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
18711 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
18714 now fixes mode on sudoers if set to 0400 to aid in upgrade
18717 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
18720 fixed pod2man usage
18723 * Makefile.in, configure.in, version.h:
18727 * testsudoers.c, visudo.c:
18728 runas_user is now initialized to "root"
18732 removed PERM_FULL_ROOT
18736 runas_user defaults to "root" so no more need to PERM_RUNAS
18740 will now only running commands as root if there was no runas list
18741 (or if root is in the runas list)
18749 runas_matches is now set to false if we get a negative match
18753 make #uid work + some minor cleanup
18757 added support for NOPASSWD and "runas" from garp@opustel.com /
18761 added support for "runas" from garp@opustel.com replaced
18762 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
18767 added support for "runas" from garp@opustel.com
18771 added support for NO_PASSWD and runas from garp@opustel.com replaced
18772 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
18777 added support for NO_PASSWD and runas from garp@opustel.com replaced
18778 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
18783 added support for NO_PASSWD and runas from garp@opustel.com
18786 * parse.c, parse.lex:
18787 added support for NO_PASSWD and runas from garp@opustel.com
18791 added support for SUDOERS_WRONG_MODE and "runas"
18795 added --with-CC only link with -lshadow on linux (with shadow pw) if
18796 libc lacks getspnam()
18799 * OPTIONS, options.h:
18800 removed NO_PASSWD since it is not possible to do this in the sudoers
18801 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
18802 SUDOERS_GID. Added SUDOERS_MODE.
18806 now uses SUDOERS_UID and SUDOERS_GID
18809 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
18815 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
18818 added double quote support
18822 documented double quoting
18825 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
18832 fixed some indentation
18840 added install-dirs .
18843 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
18846 new version from "Jeff A. Earickson" <jaearick@colby.edu>
18849 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
18852 $CSOPS -> $with_csops (whoops, missed one)
18860 FQHOST now has same constraints as non-FQHOST
18864 added note about OS's w/ shadow passwords turned on by default
18867 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18874 added support for --without-THING sanitized shadow pw situtation by
18880 fixed a typo wrt placement of an end paren
18884 was closing an fd that may not have been opened
18887 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
18889 * OPTIONS, options.h, sudo.c:
18893 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
18896 now always use shadow pw on some arches
18899 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
18902 added pyramid support
18906 no longer check for C2 if alternate passwd method is used no longer
18907 check for some libs twice
18911 moved fqdn stuff into parse.lex (FQHOST)
18919 now define TCSASOFT in necesary
18923 now uses read/write instead of stdio string goop to avoid problems
18927 * OPTIONS, find_path.c, options.h:
18928 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
18931 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
18934 added note about no shadow auto-detect if using alternate auth
18939 don't check for C2 if AFS or DCE (unless they said --with-C2)
18946 * OPTIONS, find_path.c, options.h:
18950 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
18953 checkdot now works correctly
18956 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
18959 can't have DCE and C2 passwords both...
18962 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
18964 * parse.yacc, sudo.c, sudo.h, visudo.c:
18965 now uses shost even if not FQDN
18969 now looks for skey in /usr/lib and doesn't require libskey to be in
18970 /usr/local/lib just because skey.h is (for my netbsd box :-)
18973 * aclocal.m4, config.h.in, pathnames.h.in:
18974 _SUDO_PATH_ -> _CONFIG_PATH_
18977 * aclocal.m4, sudo.pod:
18978 /var/run/.odus -> /var/run/sudo
18982 now uses _SUDO_PATH_TIMEDIR
18989 * aclocal.m4, configure.in:
18994 added _SUDO_PATH_TIMEDIR
18998 updated wrt /var/run/sudo
19002 added support for shost if FQDN
19005 * parse.yacc, visudo.c:
19006 now uses shost if FQDN
19010 Now use skeylookup() instead off skeychallenge()
19013 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
19016 mail_argv should not contain ALERTMAIL as it includes "-t"
19019 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
19021 * INSTALL, Makefile.in, README, configure.in, version.h:
19026 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
19030 now includes limits.h moved _PASSWD_LEN -> compat.h
19033 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19051 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
19058 done for 1.4.1 (I hope)
19062 added info on wildcards
19066 added wildcard example
19070 now uses *.pod to build *.man and *.cat & *.html
19074 addedSUDO_PROG_BSHELL !ll
19078 fixed up some formatting
19082 redid section describing sample sudoers stuff
19086 fixed some formatting
19090 now treats "" as bourne shell
19094 TESTOBJS nwo includes wildmat.o
19098 now works with NewArg[cv]
19102 removed an XXX (fixed it in getspwuid.c)
19106 added check for bourne shell
19114 added _SUDO_PATH_BSHELL
19117 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19120 unixware vi returns 256 instead of 0
19128 fixed up some XXX's. file log format now looks a little more like
19129 real syslog(3) format.
19132 * README, TROUBLESHOOTING:
19133 updated wrt lex/flex
19137 commented out rule to build lex.yy.c from parse.lex since we ship
19138 with a pre-flex'd parser
19141 * parse.c, parse.yacc, visudo.c:
19142 path_matches -> command_matches
19146 eliminated some strcat()'s
19150 no longer checks for lex/flex (now assumes flex)
19154 now checks for $kerb_dir_candidate/krb.h instead of just
19158 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
19161 now use a 'hook' expression instead of an iffy one :-)
19164 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
19167 now works with new sudo arg stuff
19171 fixed dereferencing deadbeef
19175 changed an occurrence of Argv to NewArgv
19179 took out support for quoted commands since there is no need...
19183 fixed a typo in a for() loop
19187 protected against dereferencing rogue pointers
19191 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
19192 also allows us to eliminate some kludges in parse_args() and
19193 eliminate superfluous code.
19197 no longer uses cmnd_args, now uses NewArgv instead.
19201 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
19206 added wildmat.c to SRCS & SUDOBJS
19210 COMMAND is now a struct containing the path and args
19214 replaced append() with fill_cmnd() and fill_args. command args from
19215 a sudoers entry are now stored in an arrary for easy matching.
19219 command line args from sudoers file are now in an array like ones
19220 passed in from the command line
19223 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
19226 wildwat stuff now works
19229 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
19236 ++version added wildmat.*
19239 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
19242 added support for quoted commands (w/ or w/o args)
19245 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
19247 * sudo.pod, visudo.pod:
19248 cleaned up formatting
19251 * sudo.pod, visudo.pod:
19255 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19258 looks reasonable, could be mroe readable
19265 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19272 updated NO_ROOT_SUDO entry
19275 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19278 *** empty log message ***
19279 [5b63de579ff7] [SUDO_1_4_0]
19290 AIX aixcrypt.exp now uses $(srcdir)
19294 added entry for anal ansi compilers
19297 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19300 added info on libcrypt_i for SCO
19304 *** empty log message ***
19319 * INSTALL, OPTIONS, README, config.h.in, configure.in:
19324 ++version and fixed ISC
19327 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
19328 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
19329 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
19330 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19336 added STUB_LOAD_INTERFACES ++version
19339 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
19345 added info about fd_set in tgetpass added info on interfaces.c
19348 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
19359 tgetpass.o is now only linked in with sudo (not visudo)
19362 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19364 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
19370 added copyright notice
19373 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
19374 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
19375 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
19376 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
19377 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
19382 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
19386 ISC now gets -lcrypt now check for sys/bsdtypes.h
19390 added check for sys/bsdtypes.h
19393 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19396 removed debugging stuff (setting freed ptr to NULL)
19408 added section on syslog
19412 added AC_ISC_POSIX for better ISC support
19420 added define for _POSIX_SOURCE
19423 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
19426 fixed check for lsearch()
19429 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
19432 fixed for AIX now deal if num_interfaces == 0 (should not happen)
19435 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
19438 now only define HAVE_LSEARCH if there is a corresponding search.h
19445 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
19448 now define HAVE_LSEARCH if we find lsearch() in libcompat
19452 char * -> const char *
19456 now looks in -lcompat for lsearch()
19460 remove sudo.core visudo.core for clan target
19464 added UID_MAX support in check for MAX_UID_T_LEN
19468 fixed another occurence of sudo_getpwuid.*
19471 * Makefile.in, getspwuid.c:
19472 sudo_getpwuid.c -> getspwuid.c
19479 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
19480 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
19481 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
19482 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
19483 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
19484 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19485 version.h, visudo.c:
19490 added group support
19498 documented group support
19501 * parse.c, parse.lex, parse.yacc, visudo.c:
19502 added group support
19505 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
19508 tkfile was too short and overflowed the kerberos realm
19511 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
19514 now copy command args directly from Argv
19518 replaced code to copy cmnd_args so that is does not use realloc
19519 since most realloc()'s really stink
19522 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
19525 syslog() fixed in hpux 10.01
19528 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
19531 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
19535 better error if cannot find skey incs or libs
19539 now use a temp file for determining max len of uid_t in string form.
19540 the old hacky way broke on netbsd
19544 added set of parens and a space
19547 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
19550 fixes from Jeff Earickson <jaearick@colby.edu> ,
19558 fixed up testsudoers target
19562 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
19563 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
19567 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
19571 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19574 fix for C2 on hpux 10 now uses -linet if it exists
19578 LONG_SKEY_PROMPT is less of a klusge /
19582 fixed typos w/ dce stuff
19589 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19592 amended section on combining authentication mechanisms
19596 minor updates for 1.3.6
19600 added 2 more entries
19612 rewrote for sudo 1.3.6
19619 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19621 * find_path.c, getspwuid.c, sudo.c:
19622 added explict casts for strdup since many includes don't prototype
19627 removed prototype for sudo_getpwuid() since convex C compiler choked
19632 added prototype for sudo_getpwuid()
19636 now compiles on strict ANSI compilers
19640 added LONG_SKEY_PROMPT support
19644 added extra $'s for make to eat up, yum.
19647 * OPTIONS, options.h:
19648 added LONG_SKEY_PROMPT
19651 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19654 s/key support now works with normal s/key as well as logdaemon
19657 * OPTIONS, options.h:
19662 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
19666 added DCE note added more AIX notes
19670 now include pthread.h for DCE support
19674 dce_pwent() is ok after all .,
19678 now uses SYSLOG() macro that equates to either syslog() or
19683 minor formatting changes. renamed check() to somthing less generic
19686 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
19688 now uses user_pw_ent and simple macros to get at the contents
19691 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19694 simpler dec unix C2 support
19698 now sets crypt_type for DEC unix C2
19701 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
19704 added csops paths for skey
19708 now includes string.h for strdup() prototype
19716 now includes skey.h
19724 moved a lot of the shadow passwd crap to sudo_getpwuid()
19728 now uses sudo_pw_ent
19732 now uses sudo_pw_ent
19736 now sets sudo_pw_ent
19744 moved dce stuff into compat.h
19747 * logging.c, sudo.h:
19748 now uses sudo_pw_ent
19752 added sudo_getpwuid.c
19760 now uses sudo_pw_ent
19763 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
19766 fixed exempt_group stuff for OS's that don't put base gid in group
19771 S/Key support now works with sunos4 shadow passwords
19778 * config.h.in, configure.in:
19787 first stab at dce support
19791 now smells like sudo
19799 skey'd sudo now works w/ normal password as well
19802 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
19804 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
19805 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
19806 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
19807 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
19808 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19809 version.h, visudo.c:
19810 updated version number
19814 updated to reflect version change
19818 --with options now line up ++version
19822 removed unecesary S/Key stuff
19826 fixed S/Key support
19830 -I stuff now goes in CPPFLAGS
19842 fixed description of EXEMPTGROUP
19846 more people use _RLD_ than just alphas...
19850 replaced $man_prefix with $mandir
19858 now use more GNU'ish dir names
19862 now set *dir correctly (can override from command line)
19866 now deal with situations where we getwd() fails
19869 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
19872 added etc_dir, bin_dir, sbin_dir
19880 now ship a flex-generated lex.yy.c
19884 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
19888 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
19892 no more error for redefining SUDOERS_OWNER
19896 expanded SUDOERS_OWNER section
19899 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
19902 now warn if chown(2) failed
19906 better default warning for NO_SUDOERS_FILE
19910 added missing set_perms() no more cryptic message if the sudoers
19911 file is zero length, now just give a parse error
19915 better diagnostics if NO_SUDOERS_FILE
19919 check_sudoers() now catches sudoers files that are not readable (but
19923 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
19926 now add -D__STDC__ for convex cc (not gcc)
19930 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
19934 now uses exec_prefix & prefix from configure
19937 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
19938 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
19940 options.h is now <> instead of "" so shadow build trees can have a
19941 custom copy of options.h
19945 user_is_exempt() is no longer a hack, it now uses getgrnam()
19949 EXEMPTGROUP is now "sudo"
19953 MAN_POSTINSTALL now contains a leading space
19957 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
19958 testsudoers in clean:
19962 includes pwd.h to get _PASSWD_LEN definition
19965 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
19968 unset the KRB_CONF envariable if using kerberos so we don't get
19969 spoofed into using a bogus server
19972 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
19975 now explicately initialize match[] tp be FALSE
19978 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
19981 removed unused variable now passes -Wall
19985 yyerror and dumpaliases are now void's now passes -Wall
19989 added prototype for yyerror
19992 * check.c, logging.c, parse.c:
19997 rmeoved unused cruft now passes -Wall
20001 fixed headers that moved to emul dir
20005 fixed deref of nil pointer if no args
20008 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
20011 added a caveat to FQDN section
20014 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
20017 more $srcdir support for install targets
20020 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
20021 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
20022 don't include malloc.h if we include stdlib.h
20026 local search.h now lives in emul
20029 * check.c, utime.c:
20030 local utime.h now lives in emul dir
20034 local search.h now lives in emul
20038 added support for building in other than the sourcedir
20041 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
20044 annotated CSOPS_INSULTS option
20048 updated shadow passwords blurb
20052 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
20053 passes along foo as the arguments
20056 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
20059 collapsed pathname and dir sections into one -- its now less
20064 fixed spacing quoting [,:\\=] now works correctly append() and
20065 fill() now take args to make the above work
20069 fixed a typo that caused commands with no tty on fd 0 but a tty on
20070 fd 1 to erroneously have "none" as their tty
20073 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
20076 timestampfile is now a global static removed decl of timestampfile
20077 in remove_timestamp since we can just use the global one
20081 created touch() to update timestamps added USE_TTY_TICKETS support
20086 added _S_IFDIR and S_ISDIR
20089 * OPTIONS, options.h:
20090 added USE_TTY_TICKETS
20094 removed const from casts for lsearch() & lfind() to placate irix 4.x
20098 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
20101 now only strip '/dev/' off of a tty if it starts with '/dev/'
20109 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
20114 fixed incorrect #ifdef termio uses "unsigned short" not int for
20118 * parse.lex, parse.yacc:
20119 fixed a spelling error
20126 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
20133 added dotcat() to cat 2 strings w/ a dot effeciently now that we
20134 dynamically allocate strings they need to be free()'d
20138 dynamically allocates space for strings
20142 no more MAXCOMMANDLENGTH
20149 * logging.c, sudo.c:
20150 moved tty stuff into sudo.c
20153 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
20156 fixed a logic bug. Was denying a command if user gave command line
20157 args but there were none in the sudoers file which is wrong.
20161 MAXCOMMMANDLEN dropped down to 1K
20165 return foo; -> return(foo);
20169 fixed netgr_matches() prototype
20173 added support for escaping "termination" characters
20177 buf is now of size MAXPATHLEN+1 since it never holds command args
20185 fixed negation problem (doh!)
20189 fixed 2nd parameter to lfind()
20193 now do bounds checking in fill() and append()
20197 include netdb.h as we should added a missing void cast added
20198 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
20199 realloc actually moved the string instead of shrinking it
20203 updated with examples of new features
20207 now set errno to EACCES if not a regular file or not executable
20211 if given a fully-qualified or relative path we now check it with
20212 sudo_goodpath() and error out with the appropriate error message if
20213 the file does not exist or is not executable
20216 * emul/search.h, lsearch.c:
20217 now use correct args for lfind
20225 added in CSOps insults
20237 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
20241 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
20245 fixed -k load_interfaces() now gets called if FQDN is set
20246 -p now works with -s
20250 don't try to stat() "pseudo commands" like "validate"
20254 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
20258 added SecurID support added other insults to --with-csops
20266 added clobber target added ins_csops.h now gets CFLAGS from
20271 relaxed SUDO_FULL_VOID
20275 function comment blocks are now in same style as rest of code
20279 added support for command line args in /etc/sudoers
20283 updated to have command args in the sudoers file
20287 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
20290 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20293 PATH renamed to COMMAND
20297 it is now a parse error for directories to have args attached to
20302 now say command args if telling user to buzz off
20306 -s no longer indicates end of args sped up loading on cmnd_args in
20311 removed an unreachable statement
20315 made more efficient by pulling out the terminators when in GOTCMND
20316 state and making them their own rule
20319 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
20322 removed MAXLOGLEN since it is no longer used
20326 now allows command args
20330 now groks command arguments
20334 now sets tty correctly when piped input
20338 fixed loading of cmnd_args (was including command name too)
20342 fixed a core dump due to incorrect if construct
20345 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
20348 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
20352 fixed check for ISC
20356 now sets cmnd_args used by log_error() and that will be used by the
20357 parse to check against command args
20365 now dynamically allocate logline since we can guess at its size
20368 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20371 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
20372 "register" since the compiler knows more than I do now do a
20373 "basename" of the tty
20376 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20383 added shell extern changed MODE_* to be bit masks to allow for
20384 several options together
20388 added -s (shell) option made MODE_* masks so we can do bitwise & and
20389 | to see if multiple flags are set.
20393 added securid support
20396 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
20399 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
20402 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
20404 * Makefile.in, version.h:
20408 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
20411 fixed free() of an uninitialized pointer (yuck)
20415 added netgr_matches
20419 cleaned up netgr_matches
20422 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
20428 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
20431 now installs sudoers.man -- really should clean this up though.
20435 added sudoers.cat and sudoers.man
20439 pulled out stuff on the sudoers file format into a separate man page
20447 fixed up my email address
20451 added checks for innetgr and getdomainname
20455 added dummy netgr_matches function
20459 added netgr_matches
20462 * parse.lex, parse.yacc:
20463 added NETGROUP support
20467 added HAVE_INNETGR & HAVE_GETDOMAINNAME
20470 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
20473 rewrote clean_env() that has rm_env() builtin
20476 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
20479 now cast uid to long in sprintf
20483 added _INSULTS suffix to HAL & GOONS end
20487 added _INSULTS suffix to HAL & GOONS
20490 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
20491 converted to new scheme of insult "unions" end
20495 now uses MAX_UID_T_LEN
20499 added SUDO_UID_T_LEN !l
20503 added MAX_UID_T_LEN
20507 now use MAX_UID_T_LEN
20511 added check for max len of uid_t fixed sco vs. isc check
20514 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
20525 hack to check for sco
20529 removed #include <net/route.h> since it was hosing some OS's
20532 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
20535 fixed prreadlink() prototype
20539 added parens in #if's
20547 moved SPW_* to config.h.in
20551 added a set of parens
20559 added SPW_* reordered error codes
20563 moved SPW_* to sudo.h
20566 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
20569 SPW_AUTH -> SPW_SECUREWARE
20573 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
20581 SPW_AUTH -> SPW_SECUREWARE
20585 now uses SHADOW_TYPE to make shadow pw support more readable and
20586 modular. It's a start...
20590 added autodetection of shadow passwords
20594 now uses SHADOW_TYPE define
20598 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
20602 added SUDO_CHECK_SHADOW
20605 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
20608 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
20609 memmove() since we dno longer use it...
20617 added BROKEN_SYSLOG support
20621 added BROKEN_SYSLOG
20625 now only bitch it timestamp > time_now + 2 * timeout to allow for a
20626 machine udpating its time from a server
20630 added 2 security notes updated Nieusma's email addr
20634 changed a memmove() to memcpy() since we don't have to worry about
20635 overlapping segments.
20638 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20641 cleanup up the loop when interfaces are groped in so that it is
20645 * Makefile.in, version.h:
20649 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
20655 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
20658 fixed permissions check on /tmp/.odus
20661 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
20664 fixed some comments
20668 now checks owner & mode of timedir also checks for bogus dates on
20673 updated TIMEOUT info
20676 * logging.c, sudo.h:
20677 added BAD_STAMPDIR and BAD_STAMPFILE
20681 added definition of S_IRWXU
20688 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
20691 added #ifdef to make it compile on strange arches
20694 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
20697 fixed check for fulkl void impl.
20701 added mssing "static"
20705 replaced #elif with #else #if constructs for ancient C compilers
20709 updated irix c2 & kerb5 info
20713 added shadow pw support for irix
20716 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
20723 last changes for sudo 1.3.3
20727 now calls SUDO_SOCK_SA_LEN
20735 added SUDO_SOCK_SA_LEN
20739 now works with ip implementations that use sa_len in sockaddr
20743 added note about buggy AIX compiler
20747 now include sys/time.h for AIX
20750 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
20757 now works for ISC and others. yay.
20760 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
20762 * Makefile.in, version.h:
20766 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
20769 fixed test for full void impl
20773 now check to see that st_dev is non-zero before assuming that we are
20777 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
20779 * aclocal.m4, configure.in:
20780 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
20783 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
20786 fixed include file order for SUDO_FUNC_UTIME_POSIX
20790 added cast for ttyname()
20798 now deal correctly with all known variation of utime() -- yippe
20802 added SUDO_FUNC_UTIME_POSIX
20806 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
20810 added HAVE_UTIME_POSIX
20818 no longer assume !HAVE_UTIME_NULL means old BSD utime()
20822 fixed fascist C compiler warning
20826 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
20827 to 0 (just to be anal)
20830 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
20833 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
20841 reworked the ISC code
20844 * Makefile.in, version.h:
20849 now expect old-style utime(3) if utime() can't take NULL as an arg
20853 added check for utime.h
20861 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
20865 now search for kerb libs and includes
20869 added support for utime(2)'s that can't take a NULL parameter
20873 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
20877 added utime(s) stuff
20885 added HAVE_UTIME and HAVE_UTIME_NULL
20888 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
20891 now use HAVE_UTIME_NULL
20894 * emul/utime.h, utime.c:
20899 need to setuid(0) to make kerb4 stuff work.
20903 no more special case for kerberos
20907 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
20912 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
20917 now use private ticket file for kerberos support to avoid trouncing
20921 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
20924 added SPOOF_ATTEMPT & cmnd_st
20928 added anti-spoofing support
20932 now use global cmnd_st
20936 added SPOOF_ATTEMPT suypport
20939 * testsudoers.c, visudo.c:
20940 added void casts where appropriate
20944 fixed up spacing and added void casts where appropriate
20948 fixed problem with "-p prompt" but no args
20951 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
20954 added BUGS and annotated -l description
20958 validate() now takes a flag
20962 validate() now takes a flag added -l
20966 added support for -l
20970 validate() now takes a flag that says whether or not to check the
20974 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
20977 now deals with Argv == 1
20985 added prompt support reworked parse_args()
20997 now use BUFSIZ as length of kerb password added kpass so pass is
20998 always a char * now use prompt global when asking for a password
21002 now use BUFSIZ as _PASSWD_LEN if using kerberos
21009 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
21012 only look for -lufc or -lcrypt if crypt() not in libc
21016 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
21017 (unknown user) silently fail
21025 HAVE_KERBEROS -> HAVE_KERB4
21029 removed debugging printf
21033 KERBEROS -> KERB4 added checks for setreuid & setresuid
21037 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
21041 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
21042 with setresuid if applic
21046 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
21047 no setreuid() or a broken one
21050 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
21053 added kerberos support
21057 added HAVE_KERBEROS
21061 added KERBEROS support (long passwords)
21065 added kerberos support
21068 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
21071 added MODE_BACKGROUND
21075 escaped dashes added -b option
21083 added crypt() for osf/1 3.x enhanced secuiry
21087 now check for -lcrypt
21091 added ENXIO like EADDRNOTAVAIL
21094 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
21097 now emulate getwd(), not getcwd()
21101 getcwd() -> getwd()
21108 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
21110 * ins_2001.h, ins_classic.h, ins_goons.h:
21115 broke out insults into separate include files
21118 * OPTIONS, options.h:
21123 added ins_2001.h ins_classic.h ins_goons.h
21126 * Makefile.in, version.h:
21131 moved signal handler setup to setup_signals()
21135 added load_interfaces()
21139 moved load_interfaces to interfaces.c
21146 * OPTIONS, options.h:
21151 now uses clearaliases variable
21159 added interfaces.[co]
21163 now uses ip addrs and netmasks via load_interfaces()
21167 now remove IFS instead of setting to "sane" value
21170 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
21176 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
21179 sudo_goodpath.c-> goodpath.c
21183 added Andy's new ISC changes
21186 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
21189 added a sentence to SECURE_PATH info
21204 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
21210 * Makefile.in, version.h:
21215 sendmail is now looked for in
\17/usr/ucblib
21231 added unixware case
21235 user_is_exempt is no longer hidden
21243 isc and riscos changes
21247 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
21251 fixed a typo and added testsudoers stuff
21258 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
21261 applied fixed patch from Chris
21264 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
21271 added a set of braces for bison
21275 merged in Chris' changes to dekludge the parser.
21279 send_mail() was calling find_path() which is wrong since find_path()
21280 stores cmnd in a static var. Anyhow, it doesn't make much sense
21281 since MAILER should always be fully qualified
21284 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
21287 added User_Alias stuff
21291 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
21295 added DEC UNIX 3.0 w/ gcc
21299 Exit was being used in places where exit should be used
21303 added "User alias specification"
21307 fixed probs caused by making nslots and naliases a size_t
21311 added KSR, upped rev to 1.3.1b2
21314 * logging.c, parse.yacc:
21319 void * -> VOID * naliases and nslots are now size_t to appease
21320 lsearch on 64-bit machines
21323 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
21326 did a bunch of things and added a bunch :-)
21334 closer to BSD manpage style
21338 closer to standard BSD man format
21341 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
21342 pathnames.h.in, sudo.h, version.h:
21347 removed crufty #defines that are no longer used
21355 updated based on sudo changes
21359 now allow ALL keyword in User_Aliases now allow ALL keyword as well
21368 now sets SUDO_COMMAND and SUDO_GID envariables.
21372 fixed bug with full void impl check
21376 fixed User_Alias supoprt
21380 added stubs for User_Alias support
21384 now sets removes # bogus interfaces from num_interfaces
21388 added User_Alias support
21391 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
21394 removed extraneous TODO
21397 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
21400 ntwk_matches -> addr_matches
21404 ntwk_matches -> addr_matches
21408 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
21409 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
21414 took out debugging info
21418 OS was being set to unknown before non-uname based host checks.
21419 This caused no checks to happen since $OS was not zero-length.
21423 fixed loading of interfaces struct still has debugging info in
21431 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
21442 removed extraneous extern decl of "top
21450 removed parser_cleanup (no need for it now)
21454 now calls reset_aliases() directly
21457 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
21460 added a sentence to SECURE_PATH description
21464 fixed my stupid bug where I used NAMLEN on something I wanted to
21465 just get the name from. argh.
21468 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
21471 fixed argument order of memmove() that i hosed when converting from
21476 finally fixed DISTFILES line
21484 added missing files to DISTFILES
21488 SUPPORTED -> RUNSON
21491 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
21498 updated for pl5b1 release
21506 fixed bug where if you hit return at first sudo prompt it would
21507 still log as a failure
21515 better test for bogus void * implementation
21519 added PASSWORDS_NOT_CORRECT
21523 added PASSWORDS_NOT_CORRECT stuff]
21527 added PASSWORDS_NOT_CORRECT
21535 removed some unused vars and fixed up uid2str
21542 * getcwd.c, getwd.c:
21546 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
21549 fixed a typo I introduced in the last checkin :-(
21553 can't have #ifdef's where N is defined so just do this the broken
21558 better hack from Chris (but still a hack)
21562 stupid hack for broken aix lex
21566 now includes compat.h
\ 6
21570 now includes fcntl.h
21574 added FD_SET and FD_ZERO for 4.2BSD
21578 dirty hack to fix parser bug. i don't really like this but it works
21583 uid2str is now static like the prototype says
21586 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
21588 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
21597 check_sudoers now returns an error code and sudo calls inform_user
21598 and log_error based on the return value.
21601 * logging.c, sudo.h:
21602 added entries for new errors
21606 now set uid to that of SUDOERS_OWNER while parsing sudoers file
21610 took out testsudoers
\ 6
21614 now explicately checks that it is setuid root
21618 If a user has no passwd entry sudo would segv (writing to a garbage
21619 pointer). Now allocate space before writing :-)
21623 reordered AC_CHECK_FUNCS
21630 * tgetpass.c, visudo.c:
21635 bzero -> memset when a parse error is logged the line number of the
21636 error is now logged too
21640 added Sunos to blurb about c2 security
21644 added a SUN4 define for C2 security
21648 bcopy -> memmove bzero -> memset
21652 bcopy -> memmove char * -> VOID *
21656 added support for sunos with C2 security
21659 * OPTIONS, options.h:
21664 _PATH_SUDO_LOGFILE now set based on configure
21668 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
21672 added _SUDO_PATH_LOGFILE
21676 added SUDO_LOGFILE to find where to put sudo.log added
21677 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
21678 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
21681 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21688 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
21689 to work around a problem is trusted hpux shadow passwords. yuck.
21693 backed out a change in malloc/realloc
21697 now include stdlib.h
21701 now do an freopen() of the stmp file so that yyin will always point
21702 to the same thing. This is important for flex since we are doing a
21707 replaced yywrap() with parser_cleanup() since yywrap() needs to be
21708 in parse.lex to be able to use YY_NEW_FILE. sigh.
21712 now have a rule that matches anything that doesn't match an
21713 explicite rule. well, you know what i mean (. matches anything not
21714 yet matched). However, this means that there is input still queued
21715 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
21716 into parse.lex and it calls parser_cleanup() which is most of the
21724 * getcwd.c, getwd.c:
21725 moved compat.h to be the last include file
21729 fixed type of aliascmp() args
21737 added casts to lfind and lsearch args for irix
21741 bsdinstall -> install-sh
21745 added info about make realclean
21749 updated VERSION added dependencies for visudo.cat
21761 now there is a real visudo.man and visudo.cat
21765 took out visudo stuff
21772 * parse.c, parse.lex, parse.yacc:
21781 updated Nieusma & Hieb email addresses
21785 updated to include options.h and OPTIONS
21793 eliminated bug #1 (yay)
21797 sunos no longer gets linked statically
21800 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
21803 prototype now uses __P()
21807 make fill() non-ansi
21811 made -v (validate) work
21819 don't check for execute/statable if fq or relative path given
21827 now include ctype.h for islower and tolower macros
21831 moved _S_IFMT & _S_ISREG to compat.h
21835 moved a set of parens
21839 now include compat.h
21847 now cast malloc & realloc return vals added search for HAVE_LSEARCH
21848 now use strcmp if no strcasecmp available
21856 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
21857 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
21861 added _S_IFMT, _S_IFREG, and S_ISREG
21865 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
21866 to most SUDO_* macros
21874 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
21875 AC_INSTALL_PROG instead of custom one added check for fully woorking
21876 void implementation
21880 added lsearch & search.h visudo links into $(LIBOBJS)
21884 partial 1.x to 2.x changes added SUDO_FULL_VOID
21888 whatnow_help was prototyped to be static be was not declared as
21893 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
21894 for dirent/dir/ndir.h
21898 now use groovy gnu autoconf macro AC_HEADER_DIRENT
21901 * getcwd.c, getwd.c:
21902 MAXPATHLEN -> MAXPATHLEN+1
21905 * emul/search.h, lsearch.c:
21909 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
21912 eliminated bison warnings
21920 now iincludes signal.h
21924 only clear data structures on a parse error
21928 whatnow() now gives help on invalid input
21932 added a whatnow() function (sort of like mh)
21936 kill_aliases -> reset_aliases yywrap() now cleans up by calling
21937 reset_aliases() and clearing top took reset stuff out of yyerror()
21938 since it doesn't beling there (and doesn't work anyway). errorlineno
21939 is now initially set to -1 so we can set it to the first error that
21940 occurrs (it was getting set to the last)
21948 rewrote from scratch based on 4.3BSD vipw.c
21951 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
21958 no more sudo_realpath() and find_path() changed params
21962 find_path() changed since no more realpath()
21966 on error, errorlineno is set to the line where the error occurred
21967 added kill_aliases() to free the aliases struct now clean up in
21968 yyerror() so we can reparse cleanly
21971 * options.h, parse.c:
21972 no more USE_REALPATH
21976 changed to use new find_path()
21980 removed all the realpath() stuff
21984 sudo_realpath.c -> sudo_goodpath.c
21988 now works correctly with utk parser
21996 eliminated a compiler warning
22000 elinated compiler warning
22004 added sudo_goodpath()
22008 added prototype for sudo_goodpath
22012 added support for /sys/dir.h
22016 USE_REALPATH turned off
22020 added calls to sudo_goodpath()
22024 added check for dirent.h
22028 added HAVE_DIRENT_H
22032 added in linux shadow pass stuff
\ 6
22035 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
22038 added back host, user, cmnd, parse_error
22042 added in utk changes plus some minor cosmetic changes
22045 * sudo.c, sudo_realpath.c:
22046 added void casts for printf's
22050 added a define of USE_REALPATH
22054 there is no more visudoers/Makefile
22058 added in utk changes (visudo is now built from the toplevel)
22062 added (void) casts to printf's
22065 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
22066 merged in utk changes
22069 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
22072 now check to see that what we are trying to run is a file (or a link
22073 to a file, we do a stat(2) so there is no diff)
22076 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
22083 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
22087 added myself as maintainer
22090 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22093 changed setegid -> setgid
22096 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22099 fixed the test for irix 5.x to skip bad libs
22103 now initialize OS and OSREV
22106 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
22113 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
22117 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
22120 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
22121 thing wrt yyrestart (grrrr)
22124 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22127 added visudoers/compat.h to DISTFILES
22135 added ocmnd declaration adjusted for find_path()'s new parameters
22139 added ocmnd extern adjusted find_path() prototype
22143 cmndcmp() now takes 3 arguments and checks against the qualified as
22144 well as the unqualified pathname. more code that should use
22145 cmndcmp() but did not, now does
22153 changed to use new find_path() parameter passing
22157 find_path() now takes 2 copyout parameters (one for the qualified
22158 pathname and one for the unqualified pathname). The third parameter
22163 no longer munge pathnames.h
22167 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
22168 as a result, pathnames.h does not need to be run through configure
22169 and the user can override the configured values easily.
22173 added _SUDO_PATH_* entries
22177 _PATH* -> _SUDO_PATH_*
22181 updated DISTFILES and HDRS .o's now depend on config.h
22184 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
22187 removed extraneous #endif
22195 added SUDO_PROG_MV added riscos and isc os types took out
22196 -DSHORT_MESSAGE from --with-csops since it is now the default
22200 move the include of id.h to compat.h now includes options.h
22204 moved compatibility #defines to compat.h
22212 move __P to compat.h
22215 * getcwd.c, getwd.c, putenv.c:
22216 now includes compat.h
22223 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
22226 pull user-configurable stuff out and put in options.h
22229 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
22231 * parse.lex, parse.yacc, visudo.c:
22232 now includes options.h
22235 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
22237 now includes options.h
22241 added visudoers/options.h
22244 * OPTIONS, options.h:
22249 added OPTIONS and options.h
22253 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
22257 changed PASSWORD_TIMEOUT to minutes
22260 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
22263 now only do Editor +line_num if line_num != 0
22266 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
22269 now use mv if rename(2) fails
22280 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
22283 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
22286 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
22289 added mips & isc support
22293 added support for non-root owned sudoers file
22297 added exempt group support
22301 added set_perms() support added SUDOERS_OWNER so can have non-root
22302 own sudoers file added exempt group support added isc support
22306 now copy sudoers to temp file via read/write (not stdio) now chown
22307 new sudoers file to SUDOERS_OWNER
22310 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
22321 fixed typo added set_perms support added skey support added
22322 seteuid()/setegid() emulation for AIX
22326 be_* -> setperms() now check to make sure sudoers file is owned by
22327 root nread/write by only root
22330 * logging.c, parse.c:
22335 be_* -> set_perms() added skey support
22338 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
22348 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
22358 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
22364 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
22379 now bail if ARgv[1] > MAXPATHLEN
22383 added function check for tcgetattr(3)
22387 only define HAVE_TERMIOS_H if you have tcgetattr(3)
22391 added check for tcgetattr
22394 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
22400 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
22403 now only include unistd.h for linux
22406 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
22409 added visudo.8 generation
22413 added -Wl,-bI:./aixcrypt.exp to aix flags
22416 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
22427 added mailing list info
22431 now use sudolineno instead of yylineno fixed bison warnings
22435 now use -no_library_replacement for osf don't make a static binary
22440 added string.h/strings.h inclusion
22448 added inclusion of string.h/strings.h
22452 fixed uname | sed (needed to quote the '[')
22456 replaced yylineno with sudolineno fixed bison syntax errors
22460 changed yylineno to sudolineno since yylineno cannot be counted
22469 added code to support command listings
22473 added code for -l flag
22477 fixed typo added info for -l flag
22481 AC_SSIZE_T -> SUDO_SSIZE_T
22496 * find_path.c, sudo_realpath.c:
22497 readlink() is now declared as returning ssize~_t
22501 added -laud for OSF c2
22504 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
22506 * Makefile.in, visudo.c:
22507 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
22510 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
22511 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
22514 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
22515 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
22516 sudo_setenv.c, tgetpass.c, version.h:
22517 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
22520 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
22531 added host to alertmail messages
22539 fixed logging problem where mail would not say which user it was
22543 added -laud for gcc if osf & c2
22547 moved set_auth_parameters to sudo.c
22551 added set_auth_parameters for osf
22555 cleaned up -static stuff
22567 changed setenv() to sudo_setenv()
22583 added osf auth support & removed some extra spaces
22586 * INSTALL, SUPPORTED:
22590 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22593 added 2 suggestions
22597 removed README.v1.3.1 and added VERSION stuff
22604 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
22615 mention HISTPRY file
22619 use sizeof instead of a constant in 1 place
22638 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
22642 [7dfbb4a810bb] [SUDO_1_3_1]
22649 added unistd.h include
22652 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
22655 added sys/time.h for AIX
22658 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
22661 added check for -lsocket and sys/sockio.h
22665 took out libshadow check and added in sys/sockio.h check
22669 now include sockio.h instead of ioctl.h if it exists "sudo -" now
22670 gets a better error message
22674 now has a dir and subnet entry
22677 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
22688 added network and ip addresses to man page
22692 no error if can't get interfaces or netmask since networking may not
22697 nwo check for interfaces == NULL
22701 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
22702 the last entry in the spec failed (ie: it was only looking at the
22703 last entry). CLeaned things up by adding the cmndcmp() function--all
22711 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22714 now do two passes to skip bogus interfaces (lo0, etc)
22717 * parse.lex, parse.yacc, visudo.c:
22718 added include of netinet/in.h
22721 * logging.c, sudo_realpath.c, sudo_setenv.c:
22722 added ninclude of netinet/in.h
22725 * check.c, find_path.c, getcwd.c, getwd.c:
22726 added include of netinet/in.h
22734 added interfaces global
22738 now uses new interfaces global
22742 now ip addresses are gleaned fw/o dns
22745 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
22748 added load_ip_addrs() to load the ip_addrs global var
22752 added hostcmp() to compare hostnames, ip addrs, and network addrs
22756 added ip_addrs def added load_ip_addrs prototype
22759 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
22766 removed multiple entries in DISTFILES
22770 ansified the !STDC_HEADERS decls
22773 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
22774 don't do malloc decl if gnuc
22778 can't use getopt(3) since it munges args to the command to be run as
22779 root don't do malloc decl if gnuc
22782 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
22783 sudo_realpath.c, sudo_setenv.c:
22784 ansi-fied !STDC_HEADER function prottypes
22787 * getcwd.c, getwd.c:
22788 added missing paren
22792 added putenv.c to DISTFILES
22796 added params to func decls when STDC_HEADERS is not defined now can
22797 count on putenv() being there
22801 took out errno decl since sudo.h does it for us fixed up a next cc
22802 warning added params to func decls when STDC_HEADERS is not defined
22806 took out environ extern added local declaratio of putenv() if local
22810 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
22811 added params to func decls when STDC_HEADERS is not defined
22815 added memcpy check check to see that ansi vs bsd macros are ntot
22816 already defiend before defining (ie: avoid redefinition)
22820 removed fluff setenv check plus check w/ replace for putenv if also
22828 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22835 rm'd s realp[ath added sudo_realpath and sudo_setenv
22839 now use sudo_setenvc
22843 added puteenv and setenv, removed realpath
22847 added putenv & setenv
22858 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
22861 added MAN_POSTINSTALL and /usr/share/catman for irix
22865 added MAN_POSTINSTALL
22873 added SUDO_* plus new options
22881 took out shadow lib
22889 now use yyrestart() if flex now reset yylineno to 0
22893 support for installing a cat page instead of a man page if no nroff
22897 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
22898 to determine whether or not to install a cat or man page
22906 not set ret to MODE_RUN initially
22910 made command (and therefor cmnd dynamically allocated)
22922 changed bufs from MAXPATHLEN to MAXPATHLEN+1
22926 added MODE_ removed validate_only and added remove_timestamp()
22930 usage() now takes an int (exit value) added parse_args() to parse
22931 command line arguments moved call to find_path() from load_globals
22932 to new function load_cmnd() removed validate_only global -- now use
22933 the concept of "modes" added -h and -k options
22937 no longer use global validate_only now checks for command called
22938 "validate" removed check for non-fully qualified commands since that
22939 is done by find_path
22943 changed MAXPATHLEN r to MAXPATHLEN+1
22947 fixed off by one error with MAXPATHLEN and fixed a comment
22951 check_timestamp no longer runs reminder(), it is implied in the
22952 return val added remove_timestamp()
22959 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
22973 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
22976 moved send_mail to after syslog
22980 now set SUDO_ envariables
22983 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
22990 now print error if chdir fails
22997 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
23004 no more static binaries for aix
23007 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
23014 took out stuff not needed for sudo now does be_root/be_user itself
23015 now uses cwd global
23022 * logging.c, sudo.c:
23023 be_root/be_user is now down in sudo_realpath()
23026 * logging.c, sudo.h:
23027 now works with 4.2BSD syslog (blech)
23031 now use sudo_realpath()
23035 took out realpth() stuff since we now use sudo_realpath()
23039 ultrix enhanced sec
23043 added ultrix enhanced sec.
23051 ultrix enhanced security suport
23055 added sudo_realpath.c
23063 increased passwd len to 24 for c2 security
23070 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
23073 now use user global var
23080 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
23087 user is now a char * added epasswd
23091 added tzset() to load_globals added epasswd (encrypted password)
23092 global made user dynamically allocated
23104 cleaned up encrypted passwd grab somewhat
23120 can now log to both syslog & a file
23144 removed AFS stuff :-)
23148 include sys/select for AIX
23159 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23161 * CHANGES, SUPPORTED:
23166 can now have MAILER undefined
23170 new sub-note about MAILER
23174 added blurb about password timeout
23182 took out duplicate define of _CONVEX_SOURCE
23194 added a goto if fgets fails
23198 use __hpux not hpux convex c2 stuff
23202 use __hpux not hpux
23210 define ansi-ish cpp os defines if non-ansi are defined for hpux &
23215 updated to say we support sonvex C2
23219 added convex c2 support
23222 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
23225 no more ioctl never returns NULL uses fgets() and select() to
23229 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
23232 things were testing -n "$GCC" instead of -z "$GCC"
23236 now works + uses fgets()
23239 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
23242 select doesn't seem to recognize a single '\n' as input waiting so
23243 we can;t use it, sigh.
23246 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
23249 updated tgetpass() blurb
23253 added --with-getpass
23257 added tgetpass stuff
23268 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
23275 added USE_GETPASS && HAVE_C2_SECURITY
23279 fixed a test aded --with-C2 and --with-tgetpass
23287 took out tgetpass.*
23294 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
23297 no termio(s) for ultrix since it is broken
23301 added a space (yeah, anal)
23304 * realpath.c, sudo_realpath.c:
23305 fixed it (duh, rtfm)
23308 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
23311 took out bsd signal stuff for irix
23319 don't define BSD signals for irix
23330 * realpath.c, sudo_realpath.c:
23331 took out unneeded code by changing where a strings was terminated
23334 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
23336 * realpath.c, sudo_realpath.c:
23337 fix bug where /dirname would return NULL
23341 move __P to config.h
23344 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
23345 added errno definition
23360 * realpath.c, sudo_realpath.c:
23361 now works if no fchdir
23365 define SA_RESETHAND to null if not defined
23369 added check & replace
23373 took out -static for nextstep -- it doesn't work
23376 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
23379 moved #endif to where it belongs
23387 now checks for strdup realpath getcwd bzero
23395 added posic signals
23403 added posix signals
23407 removed BROKEN_GETPASS added new srcs toreplace missing functions
23411 added posix signal stuff
23423 now uses posix signals
23427 updated sto reflect major changes
23435 uses sysconf() if available
23439 added PASSWORD_TIMEOUT + prototypes for new functions
23442 * realpath.c, sudo_realpath.c:
23443 for those w/o this in libc
23446 * getcwd.c, getwd.c:
23451 rewrote to use realpath(3) - nis now all my code
23455 added HAVE_REALPATH
23463 added LIBOBJS use tgetpass.c
23466 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
23480 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
23491 added check for getwd
23495 replace strdup & realpath & getcwd if missing
23503 added SUDO_PROG_PWD
23510 * realpath.c, sudo_realpath.c:
23514 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
23517 quoted quare brackets
23520 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
23523 no need to strdup() a constant
23538 * parse.c, sudo.c, sudo.h:
23539 added validate_only stuff
23542 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
23549 $OSREV is now an int
23552 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
23555 added mtxinu to caser
23563 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
23567 changed mail_argv[] def now use EXEC() macro
23571 took out crypt() definition
23579 always look for -lnsl
23587 SHORT_MESSAGE is now the default
23595 added missing AC_DEFINE(SVR4) for solaris
23599 documented the -v flag
23611 added LIBSHADOW undef
23615 nwo set OS to be lowercase
23618 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
23621 now use SUDO_OSTYPE to set $OS
23625 now use uname to determine os
23629 added prototypes & moved sig handler around
23636 * check.c, logging.c, sudo.c:
23645 nwo use _BSD_SIGNALS not _BSD_COMPAT
23656 * parse.lex, parse.yacc:
23657 moved config.h to top of includes
23660 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
23663 now don't bitch if get EACCESS (treat like EPERM)
23667 added -v flag and usage()
23675 cast Argv to a const for exec added -v flag
23679 mail_argv is now a const
23683 only set RETSIGTYPE if it is not set already
23687 now defines & STDC_HEADERS for Irix
23694 * insults.h, sudo.h:
23695 prevent multiple inclusion
23702 * parse.lex, parse.yacc:
23703 now includes config.h
23707 now talks about sunos 4.x
23711 calls to Exit now pass an arg
23714 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
23717 signal handler now takes an int argument
23725 ok, the getcwd() is now *really* done as the user
23729 changed AIX STATIC_FLAGS
23733 solaris now defines SVR4
23737 added cwd and fixed stupid core dump that makes no sense. sigh.
23741 moved getcwd stuff into load_globals
23745 took out externs that are in suod.h
23749 moved cwd into load_globals
23757 fixed make distclean & realclean
23765 added solaris changes
23769 added solaris changes, need to rework
23773 cleaned up for solaris
23777 reinstall reapchild signal handler for non-bsd signals
23781 took out getdtablesize() emulation for HP-UX (no longer needed)
23785 support for HAVE_SYSCONF
23789 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
23797 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
23800 now tells you what os you are running /.
23807 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
23822 uid seinitialized to -2
23825 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
23828 now removes LIBPATH for AIX
23831 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
23834 now uses ufc if it finds it
23837 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
23840 no longer define yyval & yylval since yacc does it
23844 now defines yylval as extenr
23848 BROKEN_GETPASS is now an OPTION
23852 took out BROKEN_GETPASS
23856 took out big comment
23864 took out README.beta
23872 now reference SUPPORTED .,
23876 now check for convex OR __convex__
23880 now check for convex or __convex__
23892 now use _S_* stat stuff to be ansi-like
23896 updated for configure directions
23900 distclean now removes config.h and pathnames.h
23919 * config.h.in, pathnames.h.in:
23920 added copyright header
23923 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
23924 parse.yacc, sudo.c, sudo.h:
23929 udpated to use configure + pathnames.h
23936 * Makefile.in, config.h.in, configure.in:
23941 now works with configure
23944 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
23945 updated to work with configure + pathnames.h
23952 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
23955 updated gnu general licence to versio 2
23958 * config.h.in, pathnames.h.in:
23963 changed to work with configure
23966 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
23968 * Makefile.in, aclocal.m4, configure.in:
23973 now uses defines used by configure
23976 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
23979 sudo won't bitch about EPERM now, for real
23982 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
23985 renamed exec_argv to eliminate a libc name clash with ksros
23992 * logging.c, sudo.c, sudo.h:
24009 added UMASK and mode_t declaration
24017 now opens log file with mode 077
24021 saved current umask ans restores it
24025 added MAXLOGFILELEN
24029 split long log lines. FOr syslog, split into multiple entries, for
24030 a log file, indent the extra for readability
24033 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
24040 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
24043 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
24046 added input from Brett M Hogden <hogden@rge.com>
24049 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
24052 added rmenv() to remove stuff from environ. can now uses execvp()
24053 OR execve() becuase of this.
24057 now uses execvp() OR execve()
24073 moved some func decls out of sudo.h and into sudo.c as statics /.
24084 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
24090 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
24105 added sample.sudoers note
24112 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
24119 took out SAVED_UID garbage
24120 [b7c2d3469661] [SUDO_1_3_0]
24139 more verbose error if mailer not found
24143 now do getpwent as root for soem shadow password systems (bsdi)
24146 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
24149 took out SAVED_UID garbade
24153 took out SAVED_UID garbage since it don't work
24156 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24163 added a missing space :-)
24167 took out multimax cruft
24179 fixed a typo + indentation
24182 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
24185 took outumoved some defines to the config file ,. ,.
24197 added HAS_SAVED_UID
24204 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24210 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24216 * check.c, logging.c, parse.c, sudo.c, sudo.h:
24217 now is only root when abs necesary
24224 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
24239 now removed _RLD_* for alphas
24243 updated for new config scheme
24247 more verbose eror messages
24250 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
24257 define __svr4__ for SOLARIS
24261 added svr4 junk for shadow pws for solaris 2.x
24265 took out setuid(0) and setreuid(udi) garbage. Its not needed since
24266 we start out setuid with the correct perms.
24269 * check.c, sudo.c, sudo.h:
24273 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
24276 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
24281 now uses ENV_EDITOR if you want to use the EDITOR envar
24285 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
24288 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
24291 rewrote most of this
24295 minor update + spell fix
24299 added all options that are in the Makefile
24303 now use USE_TERMIO #define for sgi & hpux
24310 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
24312 * check.c, find_path.c:
24313 always include strings.h
24321 sgi has vi in /usr/bin too
24328 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
24331 sue /usr/bin/vi on some systems
24335 fixed warning (include strings.h)
24339 added John_Rouillard@dl5000.bc.edu's changes (new features)
24343 changes from John_Rouillard@dl5000.bc.edu
24350 * check.c, find_path.c, parse.c, sudo.c:
24351 added patches from John_Rouillard directory spec
24355 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
24358 added flush for hpux
24361 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
24364 no longer assume malloc returns a char *
24368 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
24369 gets removed correctly
24373 added STD_HEADERS macro
24377 now uses STD_HEADERS macor for ansi
24381 now uses STD_HEADERS macro
24385 niceties for C compiler bitches -- no real change
24388 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
24391 now doesn't fclose a file never opened.
24394 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
24401 added error stuff added me in there...
24409 added blurb about reading stuff
24417 corrected somments and removed newlines
24429 added dec syslog note
24433 added real stuff in there
24444 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
24451 updated with changes
24462 * CHANGES, COPYING, INSTALL, README, TODO:
24467 updated version number and took out jeff's old addr since it is no
24471 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
24473 updated version number and took out jeff's email (since it is
24477 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
24483 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
24486 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
24489 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
24496 now sudo.h gets included first
24499 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
24510 hpux 9 fix, removes SHLIB_PATH linux patch
24517 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
24520 stat now ignores EINVAL
24523 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
24525 * find_path.c, sudo.c:
24526 now declare strdup as extern
24529 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
24532 reformatted with indent + by hand
24535 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
24536 used indent to "fix" coding style
24540 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
24541 move the code that does this into the loop body. makes it messier
24545 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
24548 redid the fix for non-executable files in an easier to read way plus
24549 some minor aethetic changes
24553 fixed bug with non-executable tings of same name in path introduced
24554 by checkig errno after stat(2).
24557 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
24560 fixed off by one error
24564 now handles decending below '/' correctly
24568 now actually builds Envp instead of munging envp
24571 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
24574 now includes sys/param.h
24578 now includes sys/param.h
24582 fixed ifndef -> ifdef
24586 make more like find_path.c
24590 rewritten by millert
24594 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
24595 about new defines in the comment
24603 added delc for clean_envp() and Envp
24607 now rips LD_* env vars out of envp and passed sanitized Envp to exec
24615 ENOTDIR is ok now too (in case part of the path is bogus)
24619 now works correctly (ttaltotal rewrite)
24623 now includes sys/param.h didn't match trailing / -- fix from
24627 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
24630 moved around the #ifndef _AIX
24633 * check.c, logging.c, parse.c:
24637 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
24643 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
24646 now works if you do sudo bin/test
24653 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
24663 * parse.lex, parse.yacc:
24667 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
24674 now spews error if exec fails and exits with -1
24682 now only execs files with (an) executable bit set.
24689 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>